You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57 lines
1.4 KiB
57 lines
1.4 KiB
2 years ago
|
- name: include optional tls config in default postgres config
|
||
|
lineinfile:
|
||
|
path: "{{ postgresql_conf_dir }}/postgresql.conf"
|
||
|
line: "include_if_exists 'tls.conf'"
|
||
|
create: no
|
||
|
notify: restart postgresql
|
||
|
|
||
|
|
||
|
- name: create tls directory for holding certs
|
||
|
file:
|
||
|
path: "{{ postgresql_tls_dir }}"
|
||
|
state: directory
|
||
|
mode: 0700
|
||
|
owner: "{{ postgresql_user }}"
|
||
|
group: "{{ postgresql_group }}"
|
||
|
|
||
|
|
||
|
- name: deploy ecc384 cert
|
||
|
include_role:
|
||
|
name: certs
|
||
|
vars:
|
||
|
certs:
|
||
|
cert: "{{ postgresql_tls_dir }}/ecc384.crt"
|
||
|
key: "{{ postgresql_tls_dir }}/ecc384.key"
|
||
|
chain: "{{ postgresql_tls_dir }}/root.crt"
|
||
|
ecc: yes
|
||
|
post_hook: service postgresql restart
|
||
|
owner: "{{ postgresql_user }}"
|
||
|
group: "{{ postgresql_group }}"
|
||
|
|
||
|
|
||
|
- name: generate dh params
|
||
|
include_role:
|
||
|
name: ca
|
||
|
vars:
|
||
|
function: dhparams
|
||
|
dh_params:
|
||
|
path: "{{ postgresql_tls_dir }}/{{ postgresql_dhparam_file }}"
|
||
|
mode: '0400'
|
||
|
owner: "{{ postgresql_user }}"
|
||
|
group: "{{ postgresql_group }}"
|
||
|
remote_gen: no
|
||
|
|
||
|
|
||
|
- name: template tls config
|
||
|
template:
|
||
|
src: postgresql.j2
|
||
|
dest: "{{ postgresql_conf_dir }}/tls.conf"
|
||
|
force: yes
|
||
|
mode: 0400
|
||
|
owner: "{{ postgresql_user }}"
|
||
|
group: "{{ postgresql_group }}"
|
||
|
lstrip_blocks: yes
|
||
|
notify: restart postgresql
|
||
|
vars:
|
||
|
config: "{{ postgresql_tls_config }}"
|