From 10066189566b4b55cf2727b75e79d527cd79cded Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Herv=C3=A9=20=20MENAGER?= <herve.menager@pasteur.fr>
Date: Mon, 23 Jul 2018 22:32:07 +0200
Subject: [PATCH] more postgreSQL ansible WIP
Former-commit-id: 70427797cdda9c19a8386a9425f40aa162dd1a2e
---
ansible/deploy.yaml | 28 ++++++++++++----------------
1 file changed, 12 insertions(+), 16 deletions(-)
diff --git a/ansible/deploy.yaml b/ansible/deploy.yaml
index adbfe27c..1a00b8a8 100644
--- a/ansible/deploy.yaml
+++ b/ansible/deploy.yaml
@@ -2,6 +2,10 @@
- hosts: all
become: yes
gather_facts: yes
+ vars:
+ dbname: ippidb
+ dbuser: ippidb
+ dbpassword: 'LeroyMerlin'
tasks:
#
# Install basic non-virtualenv requirements
@@ -72,22 +76,14 @@
insertbefore=BOF
- name: restart postgresql service
systemd: state=restarted name=postgresql enabled=yes
- - become: yes
- become_user: ippidb
- gather_facts: no
- vars:
- dbname: ippidb
- dbuser: ippidb
- dbpassword: 'LeroyMerlin'
- tasks:
- - name: ensure database is created
- postgresql_db: name={{dbname}}
- - name: ensure user has access to database
- postgresql_user: db={{dbname}} name={{dbuser}} password={{dbpassword}} priv=ALL
- - name: ensure user does not have unnecessary privilege
- postgresql_user: name={{dbuser}} role_attr_flags=NOSUPERUSER,NOCREATEDB
- - name: ensure no other user can access the database
- postgresql_privs: db={{dbname}} role=PUBLIC type=database priv=ALL state=absent
+ - name: ensure database is created
+ postgresql_db: name={{dbname}}
+ - name: ensure user has access to database
+ postgresql_user: db={{dbname}} name={{dbuser}} password={{dbpassword}} priv=ALL
+ - name: ensure user does not have unnecessary privilege
+ postgresql_user: name={{dbuser}} role_attr_flags=NOSUPERUSER,NOCREATEDB
+ - name: ensure no other user can access the database
+ postgresql_privs: db={{dbname}} role=PUBLIC type=database priv=ALL state=absent
#
# Stop web server(s)
#
--
GitLab