From 6149198f614a9780f1b499ce0f073e288cc7a4ff Mon Sep 17 00:00:00 2001 From: ace Date: Tue, 19 Mar 2024 14:04:46 +0300 Subject: [PATCH] rewrite ssl cert generation --- defaults/main.yaml | 9 +- tasks/main.yaml | 7 +- tasks/restore.yaml | 7 -- tasks/ssl/ca.yaml | 142 ++++++++++++++++++++++++++++++ tasks/ssl/certs.yaml | 181 ++++++++++++++++++++++++++++++++++++++ tasks/ssl/main.yaml | 26 ++++++ templates/patroni.yaml.j2 | 24 ++--- vars/Debian-11.yaml | 6 +- vars/Debian-12.yaml | 6 +- vars/RedHat.yaml | 4 +- vars/Ubuntu-20.04.yaml | 6 +- vars/Ubuntu-22.04.yaml | 6 +- 12 files changed, 384 insertions(+), 40 deletions(-) delete mode 100644 tasks/restore.yaml create mode 100644 tasks/ssl/ca.yaml create mode 100644 tasks/ssl/certs.yaml create mode 100644 tasks/ssl/main.yaml diff --git a/defaults/main.yaml b/defaults/main.yaml index ac75bf5..214762a 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -1,14 +1,16 @@ # Patroni common options -patroni_version: "3.0.4" +patroni_version: "3.2.2" patroni_install_official_repo: true patroni_play_group: "patroni" +patroni_user: "postgres" +patroni_group: "postgres" # Patroni cluster options patroni_cluster_name: "patroni-cluster" patroni_namespace: "/service/" # Patroni PostgreSQL common options -patroni_postgresql_version: "15.4" +patroni_postgresql_version: "16.2" patroni_postgresql_install_repo: true patroni_postgresql_system_locale: "en_US.UTF-8" patroni_postgresql_system_language: "{{ patroni_postgresql_system_locale }}" @@ -35,6 +37,9 @@ patroni_self_signed_cert_name: "cert" patroni_cacert_multiple_default_gw_workaround: false patroni_cacert_force_append_ips: [] patroni_cacert_force_append_names: [] +patroni_cacert_ca_host_group: "patroni_cacert_ca_host" +patroni_cacert_clients_group: "patroni_cacert_clients" +patroni_cacert_ca_trust_anchors_update: true ## DCS options. Consul or Etcd patroni_dcs_exists: false diff --git a/tasks/main.yaml b/tasks/main.yaml index d6e8f34..2979159 100644 --- a/tasks/main.yaml +++ b/tasks/main.yaml @@ -43,7 +43,8 @@ tags: patroni_postgresql_install - name: "Manage TLS/SSL certificates" - include_tasks: cacert.yaml + #include_tasks: cacert.yaml + include_tasks: ssl/main.yaml when: patroni_ssl - name: "Check if patroni.yaml exist" @@ -70,10 +71,6 @@ register: patroni_enable_and_start tags: patroni, patroni_start -#- name: Patroni cluster reconfiguration after restore from backup -# include_tasks: restore.yaml -# when: patroni_wal_g_restore_from_backup - - name: Dynamic Patroni configuration include_tasks: dynamic_config.yaml tags: patroni_dynamic_configure diff --git a/tasks/restore.yaml b/tasks/restore.yaml deleted file mode 100644 index b49b68f..0000000 --- a/tasks/restore.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Copy walg-backup to walg-restore after restore - copy: - src: "{{ patroni_postgresql_home_dir ~ '/' ~ patroni_wal_g_backup_config_name }}" - dest: "{{ patroni_postgresql_home_dir ~ '/' ~ patroni_wal_g_restore_config_name }}" - remote_src: true - when: patroni_wal_g_backup diff --git a/tasks/ssl/ca.yaml b/tasks/ssl/ca.yaml new file mode 100644 index 0000000..4bd8c99 --- /dev/null +++ b/tasks/ssl/ca.yaml @@ -0,0 +1,142 @@ +- name: Create CA + when: inventory_hostname in groups[patroni_cacert_ca_host_group] + block: + - name: CA and certs | Install cryptography library + package: + name: python3-cryptography + state: present + + - name: CA and certs | Check if ssl gen dir exist + file: + name: "{{ patroni_ssl_path }}" + state: directory + + - name: Generate an OpenSSL private CA key with the default values (4096 bits, RSA) + community.crypto.openssl_privatekey: + path: "{{ patroni_ssl_path }}/CA-{{ patroni_self_signed_cert_name }}.key" + register: patroni_cacert_ca_key_gen + + - name: Generate an OpenSSL Certificate Signing Request + community.crypto.openssl_csr: + path: "{{ patroni_ssl_path }}/CA-{{ patroni_self_signed_cert_name }}.csr" + privatekey_path: "{{ patroni_ssl_path }}/CA-{{ patroni_self_signed_cert_name }}.key" + use_common_name_for_san: false + basic_constraints: + - 'CA:TRUE' + basic_constraints_critical: yes + key_usage: + - keyCertSign + key_usage_critical: true + common_name: "CA-{{ patroni_self_signed_cert_name }}" + register: patroni_cacert_ca_csr + + - name: Generate a Self Signed OpenSSL CA certificate + community.crypto.x509_certificate: + path: "{{ patroni_ssl_path }}/CA-{{ patroni_self_signed_cert_name }}.crt" + csr_path: "{{ patroni_ssl_path }}/CA-{{ patroni_self_signed_cert_name }}.csr" + privatekey_path: "{{ patroni_ssl_path }}/CA-{{ patroni_self_signed_cert_name }}.key" + provider: selfsigned + register: patroni_cacert_ca_cert_gen + + - name: Get CA cert content + slurp: + src: "{{ patroni_ssl_path }}/CA-{{ patroni_self_signed_cert_name }}.crt" + register: patroni_cacert_ca_cert_b64 + + - name: Get CA csr content + slurp: + src: "{{ patroni_ssl_path }}/CA-{{ patroni_self_signed_cert_name }}.csr" + register: patroni_cacert_ca_csr_b64 + + - name: Get CA key content + slurp: + src: "{{ patroni_ssl_path }}/CA-{{ patroni_self_signed_cert_name }}.key" + register: patroni_cacert_ca_key_b64 + + - name: Set facts about key and cert + set_fact: + patroni_cacert_ca_key: "{{ patroni_cacert_ca_key_b64.content | b64decode }}" + patroni_cacert_ca_csr: "{{ patroni_cacert_ca_csr_b64.content | b64decode }}" + patroni_cacert_ca_cert: "{{ patroni_cacert_ca_cert_b64.content | b64decode }}" + delegate_to: "{{ fact_item }}" + delegate_facts: true + with_items: + - "{{ groups[patroni_cacert_ca_host_group] | default([]) }}" + - "{{ groups[patroni_cacert_clients_group] | default([]) }}" + loop_control: + loop_var: fact_item + +- name: Distribute CA certificates + become: true + block: + - name: CA and cert | Check if dest dir exist on remote host + file: + name: "{{ patroni_ssl_path }}" + state: directory + loop: + - "{{ groups[patroni_cacert_ca_host_group] | default([]) }}" + - "{{ groups[patroni_cacert_clients_group] | default([]) }}" + loop_control: + loop_var: host_item + + - name: Put CA key + copy: + content: "{{ patroni_cacert_ca_key }}" + dest: "{{ patroni_ssl_path }}/CA-{{ patroni_self_signed_cert_name }}.key" + mode: 0600 + owner: "{{ patroni_user }}" + group: "{{ patroni_group }}" + loop: + - "{{ groups[patroni_cacert_ca_host_group] | default([]) }}" + - "{{ groups[patroni_cacert_clients_group] | default([]) }}" + loop_control: + loop_var: host_item + + - name: Put CA csr + copy: + content: "{{ patroni_cacert_ca_csr }}" + dest: "{{ patroni_ssl_path }}/CA-{{ patroni_self_signed_cert_name }}.csr" + mode: 0644 + owner: "{{ patroni_user }}" + group: "{{ patroni_group }}" + loop: + - "{{ groups[patroni_cacert_ca_host_group] | default([]) }}" + - "{{ groups[patroni_cacert_clients_group] | default([]) }}" + loop_control: + loop_var: host_item + + - name: Put CA cert + copy: + content: "{{ patroni_cacert_ca_cert }}" + dest: "{{ patroni_ssl_path }}/CA-{{ patroni_self_signed_cert_name }}.crt" + mode: 0644 + owner: "{{ patroni_user }}" + group: "{{ patroni_group }}" + loop: + - "{{ groups[patroni_cacert_ca_host_group] | default([]) }}" + - "{{ groups[patroni_cacert_clients_group] | default([]) }}" + loop_control: + loop_var: host_item + + - name: Put CA OpenSSL cert to PKI + copy: + content: "{{ patroni_cacert_ca_cert }}" + dest: "{{ patroni_cacert_ca_trust_dir }}/CA-{{ patroni_self_signed_cert_name }}.crt" + mode: 0644 + loop: + - "{{ groups[patroni_cacert_ca_host_group] | default([]) }}" + - "{{ groups[patroni_cacert_clients_group] | default([]) }}" + loop_control: + loop_var: host_item + register: patroni_ca_trust_anchors + + - name: Update CA trust + shell: "{{ patroni_cacert_update_ca_trust_command }}" + loop: + - "{{ groups[patroni_cacert_ca_host_group] | default([]) }}" + - "{{ groups[patroni_cacert_clients_group] | default([]) }}" + loop_control: + loop_var: host_item + when: + - patroni_ca_trust_anchors.changed + - patroni_cacert_ca_trust_anchors_update diff --git a/tasks/ssl/certs.yaml b/tasks/ssl/certs.yaml new file mode 100644 index 0000000..a261924 --- /dev/null +++ b/tasks/ssl/certs.yaml @@ -0,0 +1,181 @@ +- name: CA and certs | Generate CN certs and keys + when: inventory_hostname in groups[patroni_cacert_ca_host_group] + block: + - name: Generate an OpenSSL private client key {{ item }} with the default values (4096 bits, RSA) + community.crypto.openssl_privatekey: + path: "{{ patroni_ssl_path }}/{{ item }}.key" + register: patroni_cacert_client_key_gen + + - name: Generate Patroni subject_alt_ips from ansible_host + set_fact: + patroni_server_subject_alt_ips_from_ansible_host: "{{ hostvars[item]['ansible_host'] | regex_replace('^', 'IP:') }}" + when: hostvars[item]['ansible_host'] is defined + + - name: Generate Patroni subject_alt_ips from default ipv4 address + set_fact: + patroni_server_subject_alt_ips: "{{ hostvars[item]['ansible_default_ipv4']['address'] | regex_replace('^', 'IP:') }}" + when: + - hostvars[item]['ansible_default_ipv4']['address'] is defined + - not patroni_cacert_multiple_default_gw_workaround + + - name: Generate Patroni subject_alt_names from inventory_hostname + set_fact: + patroni_server_subject_alt_names: "{{ item | regex_replace('^', 'DNS:') }}" + + - name: Generate Patroni subject_alt_ips from ansible_all_ipv4_addresses + set_fact: + patroni_server_subject_alt_ips_all_ipv4: "{{ hostvars[item]['ansible_all_ipv4_addresses'] | map('regex_replace', '^', 'IP:') | join(',') }}" + when: hostvars[item]['ansible_all_ipv4_addresses'] is defined + + - name: Generate Patroni subject_alt_ips from patroni_cacert_force_append_ips + set_fact: + patroni_server_subject_alt_ips_force_append: "{{ patroni_cacert_force_append_ips | map('regex_replace', '^', 'IP:') | join(',') }}" + when: + - patroni_cacert_force_append_ips is defined + - patroni_cacert_force_append_ips | length > 0 + + - name: Generate Patroni subject_alt_names from patroni_cacert_force_append_names + set_fact: + patroni_server_subject_alt_names_force_append: "{{ patroni_cacert_force_append_names | map('regex_replace', '^', 'DNS:') | join(',') }}" + when: + - patroni_cacert_force_append_names is defined + - patroni_cacert_force_append_names | length > 0 + + - name: Construct subject_alt_name + set_fact: + subject_alt_name: + - "{{ patroni_server_subject_alt_names }}" + - "{{ patroni_server_subject_alt_ips_from_ansible_host }}" + - "{{ patroni_server_subject_alt_ips_all_ipv4 }}" + + - name: Construct base subject_alt_name + set_fact: + subject_alt_name: + - "{{ subject_alt_name | join(',') }}" + - "{{ patroni_server_subject_alt_ips }}" + when: patroni_server_subject_alt_ips is defined + + - name: Construct subject_alt_name with patroni_server_subject_alt_ips_force_append + set_fact: + subject_alt_name: + - "{{ subject_alt_name | join(',') }}" + - "{{ patroni_server_subject_alt_ips_force_append }}" + when: patroni_server_subject_alt_ips_force_append is defined + + - name: Construct subject_alt_name with patroni_server_subject_alt_names_force_append + set_fact: + subject_alt_name: + - "{{ subject_alt_name | join(',') }}" + - "{{ patroni_server_subject_alt_names_force_append }}" + when: patroni_server_subject_alt_names_force_append is defined + + - debug: + msg: "{{ subject_alt_name }}" + + - name: Generate an OpenSSL Certificate Signing Request for client + community.crypto.openssl_csr: + path: "{{ patroni_ssl_path }}/{{ item }}.csr" + privatekey_path: "{{ patroni_ssl_path }}/{{ item }}.key" + common_name: "{{ item }}" + subject_alt_name: "{{ subject_alt_name | join(',') }}" + owner: "{{ patroni_user }}" + group: "{{ patroni_group }}" + register: patroni_csr + + - name: Generate an OpenSSL certificate for client signed with your own CA certificate + community.crypto.x509_certificate: + path: "{{ patroni_ssl_path }}/{{ item }}.crt" + csr_path: "{{ patroni_ssl_path }}/{{ item }}.csr" + ownca_path: "{{ patroni_ssl_path }}/CA-{{ patroni_self_signed_cert_name }}.crt" + ownca_privatekey_path: "{{ patroni_ssl_path }}/CA-{{ patroni_self_signed_cert_name }}.key" + provider: ownca + owner: "{{ patroni_user }}" + group: "{{ patroni_group }}" + register: patroni_cert + + - name: Get {{ item }} OpenSSL crt and key content + ansible.builtin.shell: | + cat {{ patroni_ssl_path }}/{{ item }}.crt {{ patroni_ssl_path }}/{{ item }}.key + register: concated_crt_key + changed_when: false + + - name: Concatenate and save {{ item }} OpenSSL crt and key to single file + copy: + content: "{{ concated_crt_key.stdout }}" + dest: "{{ patroni_ssl_path }}/{{ item }}.pem" + + - name: Get CN key {{ item }} content + slurp: + src: "{{ patroni_ssl_path }}/{{ item }}.key" + register: patroni_cacert_cn_certs_key_b64 + + - name: Get CN csr {{ item }} content + slurp: + src: "{{ patroni_ssl_path }}/{{ item }}.csr" + register: patroni_cacert_cn_certs_csr_b64 + + - name: Get CN cert {{ item }} content + slurp: + src: "{{ patroni_ssl_path }}/{{ item }}.crt" + register: patroni_cacert_cn_certs_cert_b64 + + - name: Get CN cert and key concat {{ item }} content + slurp: + src: "{{ patroni_ssl_path }}/{{ item }}.pem" + register: patroni_cacert_cn_certs_concat_b64 + + - name: Set facts about {{ item }} key and cert and delegate + set_fact: + patroni_cacert_cn_certs_key: "{{ patroni_cacert_cn_certs_key_b64.content | b64decode }}" + patroni_cacert_cn_certs_csr: "{{ patroni_cacert_cn_certs_csr_b64.content | b64decode }}" + patroni_cacert_cn_certs_cert: "{{ patroni_cacert_cn_certs_cert_b64.content | b64decode }}" + patroni_cacert_cn_certs_concat: "{{ patroni_cacert_cn_certs_concat_b64.content | b64decode }}" + delegate_to: "{{ fact_item }}" + delegate_facts: true + with_items: + - "{{ groups[patroni_cacert_ca_host_group] | default([]) }}" + - "{{ groups[patroni_cacert_clients_group] | default([]) }}" + loop_control: + loop_var: fact_item + +- name: Distribute CN certificates + become: true + when: + - inventory_hostname in groups[patroni_cacert_clients_group] + block: + - name: CA and cert | Check if dest dir exist on remote host + file: + name: "{{ patroni_ssl_path }}" + state: directory + + - name: Put CN key + copy: + content: "{{ patroni_cacert_cn_certs_key }}" + dest: "{{ patroni_ssl_path }}/{{ item }}.key" + mode: 0600 + owner: "{{ patroni_user }}" + group: "{{ patroni_group }}" + + - name: Put CN csr + copy: + content: "{{ patroni_cacert_cn_certs_csr }}" + dest: "{{ patroni_ssl_path }}/{{ item }}.csr" + mode: 0644 + owner: "{{ patroni_user }}" + group: "{{ patroni_group }}" + + - name: Put CN cert + copy: + content: "{{ patroni_cacert_cn_certs_cert }}" + dest: "{{ patroni_ssl_path }}/{{ item }}.crt" + mode: 0644 + owner: "{{ patroni_user }}" + group: "{{ patroni_group }}" + + - name: Put CN key and cert concat + copy: + content: "{{ patroni_cacert_cn_certs_concat }}" + dest: "{{ patroni_ssl_path }}/{{ item }}.pem" + mode: 0644 + owner: "{{ patroni_user }}" + group: "{{ patroni_group }}" diff --git a/tasks/ssl/main.yaml b/tasks/ssl/main.yaml new file mode 100644 index 0000000..d60adcf --- /dev/null +++ b/tasks/ssl/main.yaml @@ -0,0 +1,26 @@ +- name: Add host to {{ patroni_cacert_ca_host_group }} + add_host: + groups: "{{ patroni_cacert_ca_host_group }}" + hostname: "{{ hostvars[item]['ansible_hostname'] }}" + ansible_host: "{{ hostvars[item]['ansible_host'] }}" + with_items: + - "{{ ansible_play_hosts[0] }}" + changed_when: false + when: groups[patroni_cacert_ca_host_group] is not defined + +- name: Add all hosts to {{ patroni_cacert_clients_group }} + add_host: + groups: "{{ patroni_cacert_clients_group }}" + hostname: "{{ hostvars[item]['ansible_hostname'] }}" + ansible_host: "{{ hostvars[item]['ansible_host'] }}" + with_items: + - "{{ ansible_play_hosts }}" + changed_when: false + when: groups[patroni_cacert_clients_group] is not defined + +- name: CA and certs | Include CA + include_tasks: ca.yaml + +- name: CA and certs | Include Certificates + include_tasks: certs.yaml + loop: "{{ groups[patroni_cacert_clients_group] }}" diff --git a/templates/patroni.yaml.j2 b/templates/patroni.yaml.j2 index a4d1c8f..9189a8e 100644 --- a/templates/patroni.yaml.j2 +++ b/templates/patroni.yaml.j2 @@ -20,17 +20,17 @@ log: {% endif %} ctl: - certfile: {{ patroni_ssl_path }}/{{ patroni_self_signed_cert_name }}.crt - keyfile: {{ patroni_ssl_path }}/{{ patroni_self_signed_cert_name }}.key - cafile: {{ patroni_ssl_path }}/CA-cert.crt + certfile: {{ patroni_ssl_path }}/{{ inventory_hostname }}.crt + keyfile: {{ patroni_ssl_path }}/{{ inventory_hostname }}.key + cafile: {{ patroni_ssl_path }}/CA-{{ patroni_self_signed_cert_name }}.crt restapi: listen: {{ patroni_restapi_listen_address }}:{{ patroni_restapi_listen_port }} connect_address: {{ hostvars[inventory_hostname]['ansible_host'] }}:{{ patroni_restapi_listen_port }} {% if patroni_ssl|bool %} - certfile: {{ patroni_ssl_path }}/{{ patroni_self_signed_cert_name }}.crt - keyfile: {{ patroni_ssl_path }}/{{ patroni_self_signed_cert_name }}.key - cafile: {{ patroni_ssl_path }}/CA-cert.crt + certfile: {{ patroni_ssl_path }}/{{ inventory_hostname }}.crt + keyfile: {{ patroni_ssl_path }}/{{ inventory_hostname }}.key + cafile: {{ patroni_ssl_path }}/CA-{{ patroni_self_signed_cert_name }}.crt authentication: username: {{ patroni_restapi_username }} password: {{ patroni_restapi_password }} @@ -135,22 +135,22 @@ postgresql: username: {{ patroni_replication_username }} password: {{ patroni_replication_password }} {% if patroni_ssl|bool %} - sslcert: {{ patroni_ssl_path }}/{{ patroni_self_signed_cert_name }}.crt - sslkey: {{ patroni_ssl_path }}/{{ patroni_self_signed_cert_name}}.key + sslcert: {{ patroni_ssl_path }}/{{ inventory_hostname }}.crt + sslkey: {{ patroni_ssl_path }}/{{ inventory_hostname }}.key {% endif %} superuser: username: {{ patroni_superuser_username }} password: {{ patroni_superuser_password }} {% if patroni_ssl|bool %} - sslcert: {{ patroni_ssl_path }}/{{ patroni_self_signed_cert_name }}.crt - sslkey: {{ patroni_ssl_path }}/{{ patroni_self_signed_cert_name}}.key + sslcert: {{ patroni_ssl_path }}/{{ inventory_hostname }}.crt + sslkey: {{ patroni_ssl_path }}/{{ inventory_hostname }}.key {% endif %} parameters: unix_socket_directories: {{ patroni_postgresql_unix_socket_dir }} {% if patroni_ssl|bool %} ssl: on - ssl_cert_file: {{ patroni_ssl_path }}/{{ patroni_self_signed_cert_name }}.crt - ssl_key_file: {{ patroni_ssl_path }}/{{ patroni_self_signed_cert_name}}.key + ssl_cert_file: {{ patroni_ssl_path }}/{{ inventory_hostname }}.crt + ssl_key_file: {{ patroni_ssl_path }}/{{ inventory_hostname }}.key {% endif %} diff --git a/vars/Debian-11.yaml b/vars/Debian-11.yaml index d364730..d38e8dd 100644 --- a/vars/Debian-11.yaml +++ b/vars/Debian-11.yaml @@ -16,7 +16,7 @@ patroni_deps_packages: # Patroni variables patroni_package_name: "patroni" patroni_package: "{{ patroni_package_name }}={{ patroni_version }}-{{ patroni_version_build }}" -patroni_version_build: "1.pgdg{{ ansible_distribution_version}}0+1" +patroni_version_build: "2.pgdg{{ ansible_distribution_version}}0+1" patroni_unit_name: "patroni" patroni_config_name: "config.yml" @@ -35,5 +35,5 @@ patroni_postgresql_bin_dir: "/usr/lib/postgresql/{{ patroni_postgresql_major_ver patroni_postgresql_unit_name: "postgresql@{{ patroni_postgresql_major_version}}-{{ patroni_postgresql_cluster_name }}" # SSL variables -patroni_ssl_update_ca_command: "update-ca-certificates --fresh" -patroni_ssl_ca_trust_dir: "/usr/local/share/ca-certificates" +patroni_cacert_update_ca_trust_command: "update-ca-certificates --fresh" +patroni_cacert_ca_trust_dir: "/usr/local/share/ca-certificates" diff --git a/vars/Debian-12.yaml b/vars/Debian-12.yaml index d364730..d38e8dd 100644 --- a/vars/Debian-12.yaml +++ b/vars/Debian-12.yaml @@ -16,7 +16,7 @@ patroni_deps_packages: # Patroni variables patroni_package_name: "patroni" patroni_package: "{{ patroni_package_name }}={{ patroni_version }}-{{ patroni_version_build }}" -patroni_version_build: "1.pgdg{{ ansible_distribution_version}}0+1" +patroni_version_build: "2.pgdg{{ ansible_distribution_version}}0+1" patroni_unit_name: "patroni" patroni_config_name: "config.yml" @@ -35,5 +35,5 @@ patroni_postgresql_bin_dir: "/usr/lib/postgresql/{{ patroni_postgresql_major_ver patroni_postgresql_unit_name: "postgresql@{{ patroni_postgresql_major_version}}-{{ patroni_postgresql_cluster_name }}" # SSL variables -patroni_ssl_update_ca_command: "update-ca-certificates --fresh" -patroni_ssl_ca_trust_dir: "/usr/local/share/ca-certificates" +patroni_cacert_update_ca_trust_command: "update-ca-certificates --fresh" +patroni_cacert_ca_trust_dir: "/usr/local/share/ca-certificates" diff --git a/vars/RedHat.yaml b/vars/RedHat.yaml index 479e58f..d5c611a 100644 --- a/vars/RedHat.yaml +++ b/vars/RedHat.yaml @@ -32,5 +32,5 @@ patroni_postgresql_bin_dir: "/usr/pgsql-{{ patroni_postgresql_major_version }}/b patroni_postgresql_unit_name: "postgresql-{{ patroni_postgresql_major_version }}" # SSL variables -patroni_ssl_update_ca_command: "update-ca-trust extract" -patroni_ssl_ca_trust_dir: "/etc/pki/ca-trust/source/anchors" +patroni_cacert_update_ca_trust_command: "update-ca-trust extract" +patroni_cacert_ca_trust_dir: "/etc/pki/ca-trust/source/anchors" diff --git a/vars/Ubuntu-20.04.yaml b/vars/Ubuntu-20.04.yaml index 3072347..5403c4b 100644 --- a/vars/Ubuntu-20.04.yaml +++ b/vars/Ubuntu-20.04.yaml @@ -16,7 +16,7 @@ patroni_deps_packages: # Patroni variables patroni_package_name: "patroni" patroni_package: "{{ patroni_package_name }}={{ patroni_version }}-{{ patroni_version_build }}" -patroni_version_build: "1.pgdg{{ ansible_distribution_version}}+1" +patroni_version_build: "2.pgdg{{ ansible_distribution_version}}+1" patroni_unit_name: "patroni" patroni_config_name: "config.yml" @@ -35,5 +35,5 @@ patroni_postgresql_bin_dir: "/usr/lib/postgresql/{{ patroni_postgresql_major_ver patroni_postgresql_unit_name: "postgresql@{{ patroni_postgresql_major_version}}-{{ patroni_postgresql_cluster_name }}" # SSL variables -patroni_ssl_update_ca_command: "update-ca-certificates --fresh" -patroni_ssl_ca_trust_dir: "/usr/local/share/ca-certificates" +patroni_cacert_update_ca_trust_command: "update-ca-certificates --fresh" +patroni_cacert_ca_trust_dir: "/usr/local/share/ca-certificates" diff --git a/vars/Ubuntu-22.04.yaml b/vars/Ubuntu-22.04.yaml index 3072347..5403c4b 100644 --- a/vars/Ubuntu-22.04.yaml +++ b/vars/Ubuntu-22.04.yaml @@ -16,7 +16,7 @@ patroni_deps_packages: # Patroni variables patroni_package_name: "patroni" patroni_package: "{{ patroni_package_name }}={{ patroni_version }}-{{ patroni_version_build }}" -patroni_version_build: "1.pgdg{{ ansible_distribution_version}}+1" +patroni_version_build: "2.pgdg{{ ansible_distribution_version}}+1" patroni_unit_name: "patroni" patroni_config_name: "config.yml" @@ -35,5 +35,5 @@ patroni_postgresql_bin_dir: "/usr/lib/postgresql/{{ patroni_postgresql_major_ver patroni_postgresql_unit_name: "postgresql@{{ patroni_postgresql_major_version}}-{{ patroni_postgresql_cluster_name }}" # SSL variables -patroni_ssl_update_ca_command: "update-ca-certificates --fresh" -patroni_ssl_ca_trust_dir: "/usr/local/share/ca-certificates" +patroni_cacert_update_ca_trust_command: "update-ca-certificates --fresh" +patroni_cacert_ca_trust_dir: "/usr/local/share/ca-certificates"