gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e03c7b8ea4'
${ noResults }
hetzner-ansible/roles/postgres/tasks/postgres-acls.yml

80 lines
2.3 KiB
YAML
Raw Blame History

---
### properties:
### postgres_acls:
### - name
### - user
### - password
### - trusted_cidr_entry [default_private_network]
- debug:
msg: "{{ postgres_acls }}"
tags:
- postgres_acls
:1
- name: "Add pg_hba entries for users/nodes/schemas .."
lineinfile:
state: present
regex: '^host[ ]+{{ item.name }}[ ]+{{ item.user }}'
line: 'host {{ item.name }} {{ item.user }} {{ item.trusted_cidr_entry | default(default_private_network) }} md5'
path: /etc/postgresql/{{ default_postgres_version }}/main/pg_hba.conf
with_items: "{{ postgres_acls }}"
tags:
- postgres_acls
- name: Check role exists
become: yes
become_user: postgres
shell: "/usr/bin/psql -Atc \"SELECT count(rolname) FROM pg_roles where rolname='{{ item.user }}'\""
with_items: "{{ postgres_acls }}"
register: role_check
changed_when: "role_check.stdout == '0'"
tags:
- postgres_acls
- name: Create role if necessary
become: yes
become_user: postgres
shell: "/usr/bin/psql -c 'CREATE ROLE {{ item.item.name }} LOGIN;'"
when: item.stdout == '0'
with_items: "{{ role_check.results }}"
tags:
- postgres_acls
- name: "check databases exists"
become: yes
become_user: postgres
shell: "/usr/bin/psql -Atc \"SELECT count(*) FROM pg_database WHERE datname = '{{ item.name }}'\""
with_items: "{{ postgres_acls }}"
register: database_check
changed_when: "database_check.stdout == '0'"
tags:
- postgres_acls
- name: "Create Databases if necessary"
become: yes
become_user: postgres
shell: "/usr/bin/psql -c \"CREATE DATABASE {{ item.item.name }};\""
when: item.stdout == '0'
with_items: "{{ database_check.results }}"
tags:
- postgres_acls
- name: Change password with scram-sha-256! for users and set password
become: yes
become_user: postgres
shell: "/usr/bin/psql -c \"set password_encryption = 'scram-sha-256';ALTER ROLE {{ item.user }} WITH PASSWORD '{{ item.password }}';\""
with_items: "{{ postgres_acls }}"
register: role_check
tags:
- postgres_acls
- name: "Change owners for databases"
become: yes
become_user: postgres
shell: "/usr/bin/psql -c \"ALTER DATABASE {{ item.name }} OWNER TO {{ item.user }};\""
with_items: "{{ postgres_acls }}"
register: role_check
tags:
- postgres_acls
Reference in New Issue View Git Blame Copy Permalink