postgresql ansible wip

(with help from @bbrancot) Former-commit-id: 17ca1fd4ddd424433338097b58951fd52887d0b7

postgresql ansible wip
(with help from @bbrancot) Former-commit-id: 17ca1fd4ddd424433338097b58951fd52887d0b7
a5d05580 · Hervé MENAGER · 5eca3b34 · a5d05580
Commit a5d05580 authored 6 years ago by Hervé MENAGER
--- a/ansible/deploy.yaml
+++ b/ansible/deploy.yaml
@@ -71,7 +71,7 @@
    - name: Ensure PostgreSQL is listening on all localhost
      lineinfile: dest=/var/lib/pgsql/data/postgresql.conf
        regexp='^#?listen_addresses\s*='
-        line="listen_addresses = '127.0.0.1'"
+        line="listen_addresses = '*'"
        state=present
    - lineinfile: dest=/var/lib/pgsql/data/pg_hba.conf
                  regexp='host\s+all\s+all\s+127.0.0.1/32\s+md5'
@@ -79,14 +79,10 @@
                  insertbefore=BOF
    - name: restart postgresql service
      systemd: state=restarted name=postgresql enabled=yes
-    - name: ensure database is created
+    - postgresql_user:
-      postgresql_db: name={{dbname}}
+        name: {{dbuser}}
-    - name: ensure user has access to database
+        password: {{dbpassword}}
-      postgresql_user: db={{dbname}} name={{dbuser}} password={{dbpassword}} priv=ALL
+        role_attr_flags: CREATEDB,NOSUPERUSER
-    - name: ensure user does not have unnecessary privilege
-      postgresql_user: name={{dbuser}} role_attr_flags=NOSUPERUSER,NOCREATEDB
-    - name: ensure no other user can access the database
-      postgresql_privs: db={{dbname}} role=PUBLIC type=database priv=ALL state=absent
    #
    # Stop web server(s)
    #