rewrite ssl cert generation

2025-06-29 02:13:06 +00:00 · 2024-03-19 14:05:41 +03:00
parent 7b924b24dd
commit 5fe171c8b0
25 changed files with 396 additions and 266 deletions
--- a/tasks/Debian/config.yaml
+++ b/tasks/Debian/config.yaml
@ -2,15 +2,15 @@
 - name: Create data directory
  file:
    path: "{{ postgresql_data_dir }}"
-    owner: "postgres"
-    group: "postgres"
+    owner: "{{ postgresql_user }}"
+    group: "{{ postgresql_group }}"
    state: directory

 - name: Create configuration directory
  file:
    path: "{{ postgresql_config_dir }}/{{ postgresql_major_version }}/{{ postgresql_cluster_name }}"
-    owner: "postgres"
-    group: "postgres"
+    owner: "{{ postgresql_user }}"
+    group: "{{ postgresql_group }}"
    state: directory

 - name: Merge user options for PostgreSQL config
@ -29,33 +29,33 @@
  block:
    - name: Template PostgreSQL pg_hba configuration
      template:
-        src: "{{ postgresql_major_version }}-pg_hba.conf.j2"
+        src: "pg_hba.conf.j2"
        dest: "{{ postgresql_config_dir }}/{{ postgresql_major_version }}/{{ postgresql_cluster_name }}/pg_hba.conf"
        mode: 0600
-        owner: postgres
-        group: postgres
+        owner: "{{ postgresql_user }}"
+        group: "{{ postgresql_group }}"
      register: pg_hba_config_file
      notify:
        - Reload PostgreSQL
        - Restart PostgreSQL
    - name: Template PostgreSQL configuration
      template:
-        src: "{{ postgresql_major_version }}-postgresql.conf.j2"
+        src: "postgresql.conf.j2"
        dest: "{{ postgresql_config_dir }}/{{ postgresql_major_version }}/{{ postgresql_cluster_name }}/postgresql.conf"
        mode: 0600
-        owner: postgres
-        group: postgres
+        owner: "{{ postgresql_user }}"
+        group: "{{ postgresql_group }}"
      register: postgresql_config_file
      notify:
        - Reload PostgreSQL
        - Restart PostgreSQL
    - name: Template PostgreSQL SSL configuration
      template:
-        src: "{{ postgresql_major_version }}-postgresql.ssl.conf.j2"
+        src: "postgresql.ssl.conf.j2"
        dest: "{{ postgresql_config_dir }}/{{ postgresql_major_version }}/{{ postgresql_cluster_name }}/postgresql.ssl.conf"
        mode: 0600
-        owner: postgres
-        group: postgres
+        owner: "{{ postgresql_user }}"
+        group: "{{ postgresql_group }}"
      register: postgresql_ssl_config_file
      notify:
        - Reload PostgreSQL
--- a/tasks/Debian/main.yaml
+++ b/tasks/Debian/main.yaml
@ -7,7 +7,8 @@
  tags: postgresql_configuration

 - name: "Manage TLS/SSL certificates"
-  include_tasks: cacert.yaml
+  #include_tasks: cacert.yaml
+  include_tasks: ssl/main.yaml
  when: postgresql_ssl

 - name: Include WAL-G role