Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Sébastien Luttringer
infrastructure
Commits
a0025830
Verified
Commit
a0025830
authored
Mar 24, 2019
by
Florian Pritz
Browse files
postgres: Install SSL certs before starting postgres
Signed-off-by:
Florian Pritz
<
bluewind@xinu.at
>
parent
f6870347
Changes
1
Hide whitespace changes
Inline
Side-by-side
roles/postgres/tasks/main.yml
View file @
a0025830
...
...
@@ -22,19 +22,6 @@
notify
:
-
restart postgres
-
name
:
start and enable postgres
service
:
name=postgresql enabled=yes state=started
-
name
:
set postgres user password
postgresql_user
:
name=postgres password={{ vault_postgres_users.postgres }} encrypted=yes
become
:
yes
become_user
:
postgres
become_method
:
su
-
name
:
install postgres cert renewal hook
template
:
src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/postgres owner=root group=root mode=0755
when
:
postgres_ssl == 'on'
-
name
:
install postgres certificate
copy
:
src=/etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem dest={{ postgres_ssl_cert_file }}
remote_src=true owner=postgres group=postgres mode=0400
...
...
@@ -50,6 +37,19 @@
remote_src=true owner=postgres group=postgres mode=0400
when
:
postgres_ssl == 'on'
-
name
:
start and enable postgres
service
:
name=postgresql enabled=yes state=started
-
name
:
set postgres user password
postgresql_user
:
name=postgres password={{ vault_postgres_users.postgres }} encrypted=yes
become
:
yes
become_user
:
postgres
become_method
:
su
-
name
:
install postgres cert renewal hook
template
:
src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/postgres owner=root group=root mode=0755
when
:
postgres_ssl == 'on'
-
name
:
open firewall holes to known postgresql ipv4 clients
firewalld
:
permanent=true state=enabled immediate=yes
rich_rule="rule family=ipv4 source address={{item}} port protocol=tcp port=5432 accept"
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment