From a5d0558082fe2874942f1758f6ea1130272195ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Herv=C3=A9=20=20MENAGER?= <herve.menager@pasteur.fr>
Date: Tue, 24 Jul 2018 11:39:25 +0200
Subject: [PATCH] postgresql ansible wip

(with help from @bbrancot)

Former-commit-id: 17ca1fd4ddd424433338097b58951fd52887d0b7
---
 ansible/deploy.yaml | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/ansible/deploy.yaml b/ansible/deploy.yaml
index 2e706093..64e31fc8 100644
--- a/ansible/deploy.yaml
+++ b/ansible/deploy.yaml
@@ -71,7 +71,7 @@
     - name: Ensure PostgreSQL is listening on all localhost
       lineinfile: dest=/var/lib/pgsql/data/postgresql.conf
         regexp='^#?listen_addresses\s*='
-        line="listen_addresses = '127.0.0.1'"
+        line="listen_addresses = '*'"
         state=present
     - lineinfile: dest=/var/lib/pgsql/data/pg_hba.conf
                   regexp='host\s+all\s+all\s+127.0.0.1/32\s+md5'
@@ -79,14 +79,10 @@
                   insertbefore=BOF
     - name: restart postgresql service
       systemd: state=restarted name=postgresql enabled=yes
-    - name: ensure database is created
-      postgresql_db: name={{dbname}}
-    - name: ensure user has access to database
-      postgresql_user: db={{dbname}} name={{dbuser}} password={{dbpassword}} priv=ALL
-    - name: ensure user does not have unnecessary privilege
-      postgresql_user: name={{dbuser}} role_attr_flags=NOSUPERUSER,NOCREATEDB
-    - name: ensure no other user can access the database
-      postgresql_privs: db={{dbname}} role=PUBLIC type=database priv=ALL state=absent
+    - postgresql_user:
+        name: {{dbuser}}
+        password: {{dbpassword}}
+        role_attr_flags: CREATEDB,NOSUPERUSER
     #
     # Stop web server(s)
     #
-- 
GitLab