39 lines
1.6 KiB
YAML
39 lines
1.6 KiB
YAML
---
|
|
- name: Manage the pg_hba.conf file
|
|
block:
|
|
- name: Give access to the remote postgresql client
|
|
lineinfile: name={{ psql_conf_base_dir }}/{{ item.0.pgsql_version }}/main/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
|
|
with_subelements:
|
|
- '{{ psql_db_data | default([]) }}'
|
|
- allowed_hosts
|
|
when:
|
|
- psql_db_data is defined
|
|
- item.1 is defined
|
|
- not psql_force_ssl_client_connection
|
|
notify: Reload postgresql
|
|
|
|
- name: Give access to the remote postgresql client, enforce ssl
|
|
lineinfile: name={{ psql_conf_base_dir }}/{{ item.0.pgsql_version }}/main/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
|
|
with_subelements:
|
|
- '{{ psql_db_data | default([]) }}'
|
|
- allowed_hosts
|
|
when:
|
|
- psql_db_data is defined
|
|
- item.1 is defined
|
|
- psql_force_ssl_client_connection
|
|
notify: Reload postgresql
|
|
|
|
delegate_to: "{{ item.0.db_host }}"
|
|
when: item.0.db_host is defined
|
|
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]
|
|
|
|
- name: Manage the permissions of the pg_hba.conf file
|
|
block:
|
|
- name: Set the correct permissions to the pg_hba.conf file
|
|
file: dest={{ psql_conf_base_dir }}/{{ item.pgsql_version }}/main/pg_hba.conf owner=root group=postgres mode=0640
|
|
with_items: '{{ psql_db_data | default([]) }}'
|
|
|
|
delegate_to: "{{ item.db_host }}"
|
|
when: item.db_host is defined
|
|
tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf', 'pg_db' ]
|