From 95c334a0656ed77a6b29454dcbf36184c7d6bd4a Mon Sep 17 00:00:00 2001 From: Alex Date: Sat, 16 May 2020 23:37:59 +0200 Subject: [PATCH] Initial commit --- tasks/main.yml | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 tasks/main.yml diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..c10daf8 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,50 @@ +- name: PostgreSQL listen on private subnet + replace: + path: /etc/postgresql/12/main/postgresql.conf + regexp: "(#?)listen_addresses = '.*'" + replace: "listen_addresses = '{{ ansible_ens10.ipv4.address }},localhost'" + notify: Run service actions + tags: + - postgres +- name: Set root user password + become: yes + become_user: postgres + postgresql_user: + port: '{{ services.postgres.port }}' + db: postgres + name: "{{ postgres.user }}" + password: "{{ postgres.password }}" + tags: + - postgres + - vault +- name: Create users + become: yes + become_user: postgres + postgresql_user: + port: '{{ services.postgres.port }}' + db: postgres + name: '{{ item }}' + role_attr_flags: "LOGIN,NOSUPERUSER,NOCREATEROLE,NOCREATEDB,NOREPLICATION,NOINHERIT" + password: "{{ postgres.dbpass[item] }}" + loop: "{{ services.postgres.databases }}" + tags: + - postgres + - vault +- name: Create databases + become: yes + become_user: postgres + postgresql_db: + name: '{{ item }}' + owner: '{{ item }}' + loop: "{{ services.postgres.databases }}" + tags: + - postgres + - vault +- name: Allow users on the private IP subnet to connect to PGSQL + postgresql_pg_hba: + contype: host + dest: '/etc/postgresql/12/main/pg_hba.conf' + source: "{{(ansible_ens10.ipv4.address + '/' + '8')}}" # NOTE: Using ansible_ens10.ipv4.netmask and converting it will result in a /32 mask because the interface doesn't offer information about the mask + notify: Run service actions + tags: + - postgres