From 131182cdd907e204c6f0549936b76b7eee4393b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Herv=C3=A9=20=20MENAGER?= <herve.menager@pasteur.fr>
Date: Mon, 23 Jul 2018 21:50:14 +0200
Subject: [PATCH] add PostGreSQL conf setup to ansible

Former-commit-id: 480e23ffaa55fea2d42e885a01f027a324e27e97
---
 ansible/deploy.yaml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/ansible/deploy.yaml b/ansible/deploy.yaml
index 9716c8f9..d5db168b 100644
--- a/ansible/deploy.yaml
+++ b/ansible/deploy.yaml
@@ -72,6 +72,25 @@
                   insertbefore=BOF
     - name: restart postgresql service
       systemd: state=restarted name=postgresql enabled=yes
+    - become: yes
+      become_user: ippidb
+      gather_facts: no
+      vars:
+        dbname: ippidb
+        dbuser: ippidb
+        dbpassword: 'LeroyMerlin'
+      tasks:
+      - name: ensure database is created
+        postgresql_db: name={{dbname}}
+    
+      - name: ensure user has access to database
+        postgresql_user: db={{dbname}} name={{dbuser}} password={{dbpassword}} priv=ALL
+    
+      - name: ensure user does not have unnecessary privilege
+        postgresql_user: name={{dbuser}} role_attr_flags=NOSUPERUSER,NOCREATEDB
+      
+      - name: ensure no other user can access the database
+postgresql_privs: db={{dbname}} role=PUBLIC type=database priv=ALL state=absent
     #
     # Stop web server(s)
     #
-- 
GitLab