blob: 433a1cfe3cd902b6f97f040a9381136d00f20d40 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
---
- name: Install packages
apt:
name:
- postgresql
- postgresql-contrib
- postgresql-client
- python3-psycopg2
update_cache: yes
become: yes
- name: Server configuration
template:
src: pgsql.conf.j2
dest: '/etc/postgresql/{{ pg_ver }}/{{ pg_ins }}/conf.d/deployment.conf'
become: yes
notify:
- restart pgsql
- name: Server configuration
template:
src: pg_hba.conf.j2
dest: '/etc/postgresql/{{ pg_ver }}/{{ pg_ins }}/pg_hba.conf'
become: yes
notify:
- restart pgsql
- name: Generate SSL Certificates
include_role:
name: signed_certificate
vars:
owner: postgres
- name: Check for changed cert
command: /bin/true
when:
- cert_changed
notify:
- restart pgsql
- name: Flush handlers
meta: flush_handlers
- name: Database configuration
community.postgresql.postgresql_db:
name: '{{ item }}'
state: present
encoding: UTF-8
template: template0
login_unix_socket: '/var/run/postgresql/'
loop: '{{ pg_dbs }}'
become_user: postgres
become: yes
- name: User configuration
community.postgresql.postgresql_user:
name: '{{ item.key }}'
password: '{{ vault_pg_db_users_pw[ ansible_facts.fqdn ][ item.key ] }}'
login_unix_socket: '/var/run/postgresql/'
args: '{{ item.value }}'
environment:
PGOPTIONS: "-c password_encryption=scram-sha-256"
with_dict: '{{ pg_db_users }}'
become_user: postgres
become: yes
- name: Privilege configuration
community.postgresql.postgresql_privs:
db: postgres
roles: PUBLIC
privs: ALL
type: database
objs: 'postgres,{{ pg_dbs | join(",") }}'
state: absent
login_unix_socket: '/var/run/postgresql/'
become_user: postgres
become: yes
|