mirror of
https://github.com/geerlingguy/ansible-role-postgresql.git
synced 2024-11-11 13:50:50 -05:00
Fixes #17: Ensure this role uses normal HBA defaults.
This commit is contained in:
Jeff Geerling
parent
45f9fbfc0b
commit
31d15f6a3c
2 changed files with 22 additions and 14 deletions
25
README.md
25
README.md
|
|
@ -38,16 +38,23 @@ The directories (usually one, but can be multiple) where PostgreSQL's socket wil
|
|||
Global configuration options that will be set in `postgresql.conf`. Note that for RHEL/CentOS 6 (or very old versions of PostgreSQL), you need to at least override this variable and set the `option` to `unix_socket_directory`.
|
||||
|
||||
postgresql_hba_entries:
|
||||
- type: host # required; local, host, hostssl or hostnossl
|
||||
database: exampledb # required
|
||||
user: jdoe # required
|
||||
address: 192.0.2.0/24 # either this or ip_address / ip_mask are required unless type is 'local'
|
||||
ip_address: # alternative to 'address'
|
||||
ip_mask: # alternative to 'address'
|
||||
auth_method: # required
|
||||
auth_options: # optional
|
||||
- { type: local, database: all, user: postgres, auth_method: peer }
|
||||
- { type: local, database: all, user: all, auth_method: peer }
|
||||
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
|
||||
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
|
||||
|
||||
Configure [host based authentication](https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html) entries to be set in the `pg_hba.conf`.
|
||||
Configure [host based authentication](https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html) entries to be set in the `pg_hba.conf`. Options for entries include:
|
||||
|
||||
- `type` (required)
|
||||
- `database` (required)
|
||||
- `user` (required)
|
||||
- `address` (one of this or the following two are required)
|
||||
- `ip_address`
|
||||
- `ip_mask`
|
||||
- `auth_method` (required)
|
||||
- `auth_options` (optional)
|
||||
|
||||
If overriding, make sure you copy all of the existing entries from `defaults/main.yml` if you need to preserve existing entries.
|
||||
|
||||
postgresql_locales:
|
||||
- 'en_US.UTF-8'
|
||||
|
|
|
|||
|
|
@ -13,12 +13,13 @@ postgresql_global_config_options:
|
|||
- option: unix_socket_directories
|
||||
value: '{{ postgresql_unix_socket_directories | join(",") }}'
|
||||
|
||||
# Host based authentication (hba) entries to be added to the pg_hba.conf.
|
||||
# Host based authentication (hba) entries to be added to the pg_hba.conf. This
|
||||
# variable's defaults reflect the defaults that come with a fresh installation.
|
||||
postgresql_hba_entries:
|
||||
- type: local
|
||||
database: all
|
||||
user: all
|
||||
auth_method: trust
|
||||
- { type: local, database: all, user: postgres, auth_method: peer }
|
||||
- { type: local, database: all, user: all, auth_method: peer }
|
||||
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
|
||||
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
|
||||
|
||||
# Debian only. Used to generate the locales used by PostgreSQL databases.
|
||||
postgresql_locales:
|
||||
|
|
|
|||
Loading…
Reference in a new issue