gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c28f5cdfe8'
${ noResults }
hetzner-ansible/roles/postgres/tasks/_postgres-acls.yml

76 lines
2.3 KiB
YAML
Raw Blame History

---
### properties:
### postgres_acls:
### - name
### - password
### - trusted_cidr_entry [default_private_network]
- name: "Add pg_hba.conf entries for users/nodes/schemas"
lineinfile:
state: present
regex: '^host[ ]+{{ item.name }}[ ]+{{ item.name }}'
line: 'host {{ item.name }} {{ item.name }} {{ item.trusted_cidr_entry | default(default_private_network) }} md5'
path: /etc/postgresql/{{ default_postgres_version }}/main/pg_hba.conf
with_items: "{{ postgres_acls }}"
- name: "Check roles exist"
become: yes
become_user: postgres
shell: "/usr/bin/psql -Atc \"SELECT count(rolname) FROM pg_roles where rolname='{{ item.name }}'\""
with_items: "{{ postgres_acls }}"
register: role_check
changed_when: "role_check.stdout == '0'"
- name: "Check roles exist result"
debug:
msg: "{{ role_check }}"
when:
- debug
- name: "Create roles if necessary"
become: yes
become_user: postgres
shell: "/usr/bin/psql -c 'CREATE ROLE {{ item.item.name }} LOGIN;'"
when: item.stdout == '0'
with_items: "{{ role_check.results }}"
- name: "Check databases exist"
become: yes
become_user: postgres
shell: "/usr/bin/psql -Atc \"SELECT count(*) FROM pg_database WHERE datname = '{{ item.name }}'\""
with_items: "{{ postgres_acls }}"
register: database_check
changed_when: "database_check.stdout == '0'"
- name: "Check databases exist result"
debug:
msg: "{{ database_check }}"
when:
- debug
- name: "Create Databases if necessary"
become: yes
become_user: postgres
shell: "/usr/bin/psql -c \"CREATE DATABASE {{ item.item.name }};\""
when: item.stdout == '0'
with_items: "{{ database_check.results }}"
- name: "Change password with scram-sha-256! for users and set password"
become: yes
become_user: postgres
shell: "/usr/bin/psql -c \"set password_encryption = 'scram-sha-256';ALTER ROLE {{ item.name }} WITH PASSWORD '{{ item.password }}';\""
with_items: "{{ postgres_acls }}"
- name: "Change owners for databases"
become: yes
become_user: postgres
shell: "/usr/bin/psql -c \"ALTER DATABASE {{ item.name }} OWNER TO {{ item.name }};\""
with_items: "{{ postgres_acls }}"
# TODO: -> factor out as handler
- name: "Reload pg_hba.conf"
become: yes
become_user: postgres
shell: "/usr/bin/psql -c \"SELECT pg_reload_conf();\""
Reference in New Issue View Git Blame Copy Permalink