jens
/
ansible-role-postgresql
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixes #17: Ensure this role uses normal HBA defaults.

This commit is contained in:
Jeff Geerling 2017-06-02 16:32:34 -05:00
parent 45f9fbfc0b
commit 31d15f6a3c
2 changed files with 22 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
README.md
View File

@ -38,16 +38,23 @@ The directories (usually one, but can be multiple) where PostgreSQL's socket wil
Global configuration options that will be set in `postgresql.conf`. Note that for RHEL/CentOS 6 (or very old versions of PostgreSQL), you need to at least override this variable and set the `option` to `unix_socket_directory`.
postgresql_hba_entries:
- type: host # required; local, host, hostssl or hostnossl
database: exampledb # required
user: jdoe # required
address: 192.0.2.0/24 # either this or ip_address / ip_mask are required unless type is 'local'
ip_address: # alternative to 'address'
ip_mask: # alternative to 'address'
auth_method: # required
auth_options: # optional
- { type: local, database: all, user: postgres, auth_method: peer }
- { type: local, database: all, user: all, auth_method: peer }
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
Configure [host based authentication](https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html) entries to be set in the `pg_hba.conf`.
Configure [host based authentication](https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html) entries to be set in the `pg_hba.conf`. Options for entries include:
- `type` (required)
- `database` (required)
- `user` (required)
- `address` (one of this or the following two are required)
- `ip_address`
- `ip_mask`
- `auth_method` (required)
- `auth_options` (optional)
If overriding, make sure you copy all of the existing entries from `defaults/main.yml` if you need to preserve existing entries.
postgresql_locales:
- 'en_US.UTF-8'

11
defaults/main.yml
View File

@ -13,12 +13,13 @@ postgresql_global_config_options:
- option: unix_socket_directories
value: '{{ postgresql_unix_socket_directories | join(",") }}'
# Host based authentication (hba) entries to be added to the pg_hba.conf.
# Host based authentication (hba) entries to be added to the pg_hba.conf. This
# variable's defaults reflect the defaults that come with a fresh installation.
postgresql_hba_entries:
- type: local
database: all
user: all
auth_method: trust
- { type: local, database: all, user: postgres, auth_method: peer }
- { type: local, database: all, user: all, auth_method: peer }
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
# Debian only. Used to generate the locales used by PostgreSQL databases.
postgresql_locales: