๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
ansible-playbooks/roles/postgres/tasks/install_tls.yml

56 lines
1.4 KiB

- name: include optional tls config in default postgres config
lineinfile:
path: "{{ postgresql_conf_dir }}/postgresql.conf"
line: "include_if_exists 'tls.conf'"
create: no
notify: restart postgresql
- name: create tls directory for holding certs
file:
path: "{{ postgresql_tls_dir }}"
state: directory
mode: 0700
owner: "{{ postgresql_user }}"
group: "{{ postgresql_group }}"
- name: deploy ecc384 cert
include_role:
name: certs
vars:
certs:
cert: "{{ postgresql_tls_dir }}/ecc384.crt"
key: "{{ postgresql_tls_dir }}/ecc384.key"
chain: "{{ postgresql_tls_dir }}/root.crt"
ecc: yes
post_hook: service postgresql restart
owner: "{{ postgresql_user }}"
group: "{{ postgresql_group }}"
- name: generate dh params
include_role:
name: ca
vars:
function: dhparams
dh_params:
path: "{{ postgresql_tls_dir }}/{{ postgresql_dhparam_file }}"
mode: '0400'
owner: "{{ postgresql_user }}"
group: "{{ postgresql_group }}"
remote_gen: no
- name: template tls config
template:
src: postgresql.j2
dest: "{{ postgresql_conf_dir }}/tls.conf"
force: yes
mode: 0400
owner: "{{ postgresql_user }}"
group: "{{ postgresql_group }}"
lstrip_blocks: yes
notify: restart postgresql
vars:
config: "{{ postgresql_tls_config }}"