internet/community.general
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-05-07 22:02:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Ansible Core Team
2020-03-09 09:11:07 +00:00
commit aebc1b03fd
4861 changed files with 812621 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
tests/integration/targets/setup_postgresql_db/tasks/ssl.yml Normal file
View File

@@ -0,0 +1,57 @@
- name: postgresql SSL - create database
become_user: '{{ pg_user }}'
become: true
postgresql_db:
name: '{{ ssl_db }}'
- name: postgresql SSL - create role
become_user: '{{ pg_user }}'
become: true
postgresql_user:
name: '{{ ssl_user }}'
role_attr_flags: SUPERUSER
password: '{{ ssl_pass }}'
- name: postgresql SSL - install openssl
become: true
package: name=openssl state=present
- name: postgresql SSL - create certs 1
become_user: root
become: true
shell: openssl req -new -nodes -text -out ~{{ pg_user }}/root.csr \ -keyout ~{{ pg_user }}/root.key -subj "/CN=localhost.local"
- name: postgresql SSL - create certs 2
become_user: root
become: true
shell: openssl x509 -req -in ~{{ pg_user }}/root.csr -text -days 3650 \ -extensions v3_ca -signkey ~{{ pg_user }}/root.key -out ~{{ pg_user }}/root.crt
- name: postgresql SSL - create certs 3
become_user: root
become: true
shell: openssl req -new -nodes -text -out ~{{ pg_user }}/server.csr \ -keyout ~{{ pg_user }}/server.key -subj "/CN=localhost.local"
- name: postgresql SSL - create certs 4
become_user: root
become: true
shell: openssl x509 -req -in ~{{ pg_user }}/server.csr -text -days 365 \ -CA ~{{ pg_user }}/root.crt -CAkey ~{{ pg_user }}/root.key -CAcreateserial -out server.crt
- name: postgresql SSL - set right permissions to files
become_user: root
become: true
file:
path: '{{ item }}'
mode: '0600'
owner: '{{ pg_user }}'
group: '{{ pg_user }}'
with_items:
- ~{{ pg_user }}/root.key
- ~{{ pg_user }}/server.key
- ~{{ pg_user }}/root.crt
- ~{{ pg_user }}/server.csr
- name: postgresql SSL - enable SSL
become_user: '{{ pg_user }}'
become: true
postgresql_set:
login_user: '{{ pg_user }}'
db: postgres
name: ssl
value: true
- name: postgresql SSL - reload PostgreSQL to enable ssl on
become: true
service:
name: '{{ postgresql_service }}'
state: reloaded