more postgreSQL ansible WIP

Former-commit-id: 70427797cdda9c19a8386a9425f40aa162dd1a2e

more postgreSQL ansible WIP
Former-commit-id: 70427797cdda9c19a8386a9425f40aa162dd1a2e
10066189 · Hervé MENAGER · 3fc75696 · 10066189
Commit 10066189 authored 6 years ago by Hervé MENAGER
--- a/ansible/deploy.yaml
+++ b/ansible/deploy.yaml
@@ -2,6 +2,10 @@
 - hosts: all
  become: yes
  gather_facts: yes
+  vars:
+    dbname: ippidb
+    dbuser: ippidb
+    dbpassword: 'LeroyMerlin'
  tasks:
    #
    # Install basic non-virtualenv requirements
@@ -72,22 +76,14 @@
                  insertbefore=BOF
    - name: restart postgresql service
      systemd: state=restarted name=postgresql enabled=yes
-    - become: yes
+    - name: ensure database is created
-      become_user: ippidb
+      postgresql_db: name={{dbname}}
-      gather_facts: no
+    - name: ensure user has access to database
-      vars:
+      postgresql_user: db={{dbname}} name={{dbuser}} password={{dbpassword}} priv=ALL
-        dbname: ippidb
+    - name: ensure user does not have unnecessary privilege
-        dbuser: ippidb
+      postgresql_user: name={{dbuser}} role_attr_flags=NOSUPERUSER,NOCREATEDB
-        dbpassword: 'LeroyMerlin'
+    - name: ensure no other user can access the database
-      tasks:
+      postgresql_privs: db={{dbname}} role=PUBLIC type=database priv=ALL state=absent
-      - name: ensure database is created
-        postgresql_db: name={{dbname}}
-      - name: ensure user has access to database
-        postgresql_user: db={{dbname}} name={{dbuser}} password={{dbpassword}} priv=ALL
-      - name: ensure user does not have unnecessary privilege
-        postgresql_user: name={{dbuser}} role_attr_flags=NOSUPERUSER,NOCREATEDB
-      - name: ensure no other user can access the database
-        postgresql_privs: db={{dbname}} role=PUBLIC type=database priv=ALL state=absent
    #
    # Stop web server(s)
    #