ansible-collection-famedly-.../roles/postgresql_client_access/README.md
2022-10-10 15:54:55 +02:00

3.3 KiB

famedly.base.postgresql_client_access ansible role for configuring users, databases and pg_hba entries of an PostgreSQL instance

This convenience role creates and updates users, databases and pg_hba entries. It's designed to work with PostgreSQL servers running inside a docker container deployed by famedly.base.postgresql.

Requirements

  • psycopg2

Role Variables

See defaults/main.yml.

The postgresql_superuser_password variable must contain the password for the default user postgres if the authentication method in pg_hba.conf is not trust.

When postgresql_connect_socket is set to true, the role tries to connect to the server via UNIX socket specified in postgresql_socket_path. If it is set to false, the connection will be established via TCP socket. If postgresql_host_port is set, it will try to connect to this port on 127.0.0.1, otherwise it will try to find out the container's IP and connect to it on the standard port 5432.

postgresql_client_access_users list

Here you specify the users you want present or absent. The following features from the postgresql_user module are supported:

postgresql_client_access_users:
  - name: user1
    password: "{{ vault_user1_postgresql_password }}"
  - name: user2
    state: absent  # defaults to present

postgresql_client_access_databases list

Here you specify the database you want to be present or absent. The following features from the postgresql_db module are supported:

postgresql_client_access_databases:
  - name: db1
    owner: user1
    lc_collate: "en_US.utf8"  # defaults to 'C'
    lc_ctype: "en_US.utf8"  # defaults to 'C'
  - name: db2
    state: absent  # defaults to present, only present and absent supported

postgresql_client_access_databases list

Here you specify the pg_hba entries you want to be present or absent. The following features from the postgresql_pg_hba module are supported:

postgresql_client_access_hba_entries:
  - contype: local
    databases: db1
    users: user1
    method: trust
  - contype: host
    databases: "db1,db2"
    users: user2
    method: md5
    address: "172.17.0.0/16"
    state: absent

Dependencies

Docker needs to be installed and configured.

Example Playbook

---
- name: Configure db1 for user1
  hosts: [ all ]
  become: true
  roles:
    - famedly.base.postgresql_client_access
  vars:
    postgresql_client_access_users:
      - name: user1
        password: "{{ vault_user1_postgresql_password }}"
    postgresql_client_access_databases:
      - name: db1
        owner: user1
    postgresql_client_access_hba_entries:
      - contype: local
        databases: db1
        users: user1
        method: trust
    postgresql_host_port: "2345"
    postgresql_superuser_password: "{{ vault_postgresql_superuser_password }}"
    postgresql_connect_socket: "false"

License

GNU Affero General Public License v3

Author Information

Famedly GmbH, famedly.de