Merge branch '17-hba-defaults'
This commit is contained in:
commit
67bb83f964
25
README.md
25
README.md
|
@ -38,16 +38,23 @@ The directories (usually one, but can be multiple) where PostgreSQL's socket wil
|
|||
Global configuration options that will be set in `postgresql.conf`. Note that for RHEL/CentOS 6 (or very old versions of PostgreSQL), you need to at least override this variable and set the `option` to `unix_socket_directory`.
|
||||
|
||||
postgresql_hba_entries:
|
||||
- type: host # required; local, host, hostssl or hostnossl
|
||||
database: exampledb # required
|
||||
user: jdoe # required
|
||||
address: 192.0.2.0/24 # either this or ip_address / ip_mask are required unless type is 'local'
|
||||
ip_address: # alternative to 'address'
|
||||
ip_mask: # alternative to 'address'
|
||||
auth_method: # required
|
||||
auth_options: # optional
|
||||
- { type: local, database: all, user: postgres, auth_method: peer }
|
||||
- { type: local, database: all, user: all, auth_method: peer }
|
||||
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
|
||||
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
|
||||
|
||||
Configure [host based authentication](https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html) entries to be set in the `pg_hba.conf`.
|
||||
Configure [host based authentication](https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html) entries to be set in the `pg_hba.conf`. Options for entries include:
|
||||
|
||||
- `type` (required)
|
||||
- `database` (required)
|
||||
- `user` (required)
|
||||
- `address` (one of this or the following two are required)
|
||||
- `ip_address`
|
||||
- `ip_mask`
|
||||
- `auth_method` (required)
|
||||
- `auth_options` (optional)
|
||||
|
||||
If overriding, make sure you copy all of the existing entries from `defaults/main.yml` if you need to preserve existing entries.
|
||||
|
||||
postgresql_locales:
|
||||
- 'en_US.UTF-8'
|
||||
|
|
|
@ -13,12 +13,13 @@ postgresql_global_config_options:
|
|||
- option: unix_socket_directories
|
||||
value: '{{ postgresql_unix_socket_directories | join(",") }}'
|
||||
|
||||
# Host based authentication (hba) entries to be added to the pg_hba.conf.
|
||||
# Host based authentication (hba) entries to be added to the pg_hba.conf. This
|
||||
# variable's defaults reflect the defaults that come with a fresh installation.
|
||||
postgresql_hba_entries:
|
||||
- type: local
|
||||
database: all
|
||||
user: all
|
||||
auth_method: trust
|
||||
- { type: local, database: all, user: postgres, auth_method: peer }
|
||||
- { type: local, database: all, user: all, auth_method: peer }
|
||||
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
|
||||
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
|
||||
|
||||
# Debian only. Used to generate the locales used by PostgreSQL databases.
|
||||
postgresql_locales:
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
with_items: "{{ postgresql_global_config_options }}"
|
||||
notify: restart postgresql
|
||||
|
||||
- name: Configure host based authentication.
|
||||
- name: Configure host based authentication (if entries are configured).
|
||||
template:
|
||||
src: "templates/pg_hba.conf.j2"
|
||||
dest: "{{ postgresql_config_path }}/pg_hba.conf"
|
||||
|
@ -16,6 +16,7 @@
|
|||
group: "{{ postgresql_group }}"
|
||||
mode: 0600
|
||||
notify: restart postgresql
|
||||
when: postgresql_hba_entries
|
||||
|
||||
- name: Ensure PostgreSQL unix socket dirs exist.
|
||||
file:
|
||||
|
|
|
@ -12,8 +12,9 @@
|
|||
apt: update_cache=yes cache_valid_time=600
|
||||
when: ansible_os_family == 'Debian'
|
||||
|
||||
- name: Set custom variable name for old CentOS 6 PostgreSQL install.
|
||||
- name: Set custom variables for old CentOS 6 PostgreSQL install.
|
||||
set_fact:
|
||||
postgresql_hba_entries: []
|
||||
postgresql_global_config_options:
|
||||
- option: unix_socket_directory
|
||||
value: '{{ postgresql_unix_socket_directories[0] }}'
|
||||
|
|
Loading…
Reference in New Issue