ansible-roles/postgresql
1
0
Fork 0
mirror of https://github.com/geerlingguy/ansible-role-postgresql.git synced 2025-03-10 17:26:20 -04:00
Code Releases Activity

Merge pull request #4 from robyoung/add-pg_hba

Browse source 
Add support for host based authentication
This commit is contained in:
Jeff Geerling 2017-06-01 14:00:18 -05:00 committed by GitHub
commit 8b94191ee8
4 changed files with 37 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
README.md
View file

@ -37,6 +37,18 @@ The directories (usually one, but can be multiple) where PostgreSQL's socket wil
Global configuration options that will be set in `postgresql.conf`. Note that for RHEL/CentOS 6 (or very old versions of PostgreSQL), you need to at least override this variable and set the `option` to `unix_socket_directory`. Global configuration options that will be set in `postgresql.conf`. Note that for RHEL/CentOS 6 (or very old versions of PostgreSQL), you need to at least override this variable and set the `option` to `unix_socket_directory`.
postgresql_hba_entries:
- type: host # required; local, host, hostssl or hostnossl
database: exampledb # required
user: jdoe # required
address: 192.0.2.0/24 # either this or ip_address / ip_mask are required unless type is 'local'
ip_address: # alternative to 'address'
ip_mask: # alternative to 'address'
auth_method: # required
auth_options: # optional
Configure [host based authentication](https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html) entries to be set in the `pg_hba.conf`.
postgresql_locales: postgresql_locales:
- 'en_US.UTF-8' - 'en_US.UTF-8'

7
defaults/main.yml
View file

@ -13,6 +13,13 @@ postgresql_global_config_options:
- option: unix_socket_directories - option: unix_socket_directories
value: '{{ postgresql_unix_socket_directories | join(",") }}' value: '{{ postgresql_unix_socket_directories | join(",") }}'
# Host based authentication (hba) entries to be added to the pg_hba.conf.
postgresql_hba_entries:
- type: local
database: all
user: all
auth_method: trust
# Debian only. Used to generate the locales used by PostgreSQL databases. # Debian only. Used to generate the locales used by PostgreSQL databases.
postgresql_locales: postgresql_locales:
- 'en_US.UTF-8' - 'en_US.UTF-8'

9
tasks/configure.yml
View file

@ -8,6 +8,15 @@
with_items: "{{ postgresql_global_config_options }}" with_items: "{{ postgresql_global_config_options }}"
notify: restart postgresql notify: restart postgresql
- name: Configure host based authentication.
template:
src: "templates/pg_hba.conf.j2"
dest: "{{ postgresql_config_path }}/pg_hba.conf"
owner: "{{ postgresql_user }}"
group: "{{ postgresql_group }}"
mode: 0600
notify: restart postgresql
- name: Ensure PostgreSQL unix socket dirs exist. - name: Ensure PostgreSQL unix socket dirs exist.
file: file:
path: "{{ item }}" path: "{{ item }}"

9
templates/pg_hba.conf.j2 Normal file
View file

@ -0,0 +1,9 @@
{{ ansible_managed | comment }}
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# See: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
{% for client in postgresql_hba_entries %}
{{ client.type }} {{ client.database }} {{ client.user }} {{ client.address|default('') }} {{ client.ip_address|default('') }} {{ client.ip_mask|default('') }} {{ client.auth_method }} {{ client.auth_options|default("") }}
{% endfor %}