2020-03-09 09:11:07 +00:00
|
|
|
- name: postgresql SSL - create database
|
|
|
|
become_user: '{{ pg_user }}'
|
|
|
|
become: true
|
|
|
|
postgresql_db:
|
|
|
|
name: '{{ ssl_db }}'
|
2020-06-18 12:11:40 +03:00
|
|
|
|
2020-03-09 09:11:07 +00:00
|
|
|
- name: postgresql SSL - create role
|
|
|
|
become_user: '{{ pg_user }}'
|
|
|
|
become: true
|
|
|
|
postgresql_user:
|
|
|
|
name: '{{ ssl_user }}'
|
|
|
|
role_attr_flags: SUPERUSER
|
|
|
|
password: '{{ ssl_pass }}'
|
2020-06-18 12:11:40 +03:00
|
|
|
|
2020-03-09 09:11:07 +00:00
|
|
|
- name: postgresql SSL - install openssl
|
|
|
|
become: true
|
|
|
|
package: name=openssl state=present
|
2020-06-18 12:11:40 +03:00
|
|
|
|
2020-03-09 09:11:07 +00:00
|
|
|
- name: postgresql SSL - create certs 1
|
|
|
|
become_user: root
|
|
|
|
become: true
|
|
|
|
shell: openssl req -new -nodes -text -out ~{{ pg_user }}/root.csr \ -keyout ~{{ pg_user }}/root.key -subj "/CN=localhost.local"
|
2020-06-18 12:11:40 +03:00
|
|
|
|
2020-03-09 09:11:07 +00:00
|
|
|
- name: postgresql SSL - create certs 2
|
|
|
|
become_user: root
|
|
|
|
become: true
|
|
|
|
shell: openssl x509 -req -in ~{{ pg_user }}/root.csr -text -days 3650 \ -extensions v3_ca -signkey ~{{ pg_user }}/root.key -out ~{{ pg_user }}/root.crt
|
2020-06-18 12:11:40 +03:00
|
|
|
|
2020-03-09 09:11:07 +00:00
|
|
|
- name: postgresql SSL - create certs 3
|
|
|
|
become_user: root
|
|
|
|
become: true
|
|
|
|
shell: openssl req -new -nodes -text -out ~{{ pg_user }}/server.csr \ -keyout ~{{ pg_user }}/server.key -subj "/CN=localhost.local"
|
2020-06-18 12:11:40 +03:00
|
|
|
|
2020-03-09 09:11:07 +00:00
|
|
|
- name: postgresql SSL - create certs 4
|
|
|
|
become_user: root
|
|
|
|
become: true
|
|
|
|
shell: openssl x509 -req -in ~{{ pg_user }}/server.csr -text -days 365 \ -CA ~{{ pg_user }}/root.crt -CAkey ~{{ pg_user }}/root.key -CAcreateserial -out server.crt
|
2020-06-18 12:11:40 +03:00
|
|
|
|
2020-03-09 09:11:07 +00:00
|
|
|
- name: postgresql SSL - set right permissions to files
|
|
|
|
become_user: root
|
|
|
|
become: true
|
|
|
|
file:
|
|
|
|
path: '{{ item }}'
|
|
|
|
mode: '0600'
|
|
|
|
owner: '{{ pg_user }}'
|
|
|
|
group: '{{ pg_user }}'
|
|
|
|
with_items:
|
|
|
|
- ~{{ pg_user }}/root.key
|
|
|
|
- ~{{ pg_user }}/server.key
|
|
|
|
- ~{{ pg_user }}/root.crt
|
|
|
|
- ~{{ pg_user }}/server.csr
|
2020-06-18 12:11:40 +03:00
|
|
|
|
2020-03-09 09:11:07 +00:00
|
|
|
- name: postgresql SSL - enable SSL
|
|
|
|
become_user: '{{ pg_user }}'
|
|
|
|
become: true
|
|
|
|
postgresql_set:
|
|
|
|
login_user: '{{ pg_user }}'
|
|
|
|
db: postgres
|
|
|
|
name: ssl
|
|
|
|
value: true
|
2020-06-18 12:11:40 +03:00
|
|
|
|
2020-03-09 09:11:07 +00:00
|
|
|
- name: postgresql SSL - reload PostgreSQL to enable ssl on
|
|
|
|
become: true
|
|
|
|
service:
|
|
|
|
name: '{{ postgresql_service }}'
|
|
|
|
state: reloaded
|