Skip to content

Commit

Permalink
pgsql: Split out permissions
Browse files Browse the repository at this point in the history 
Coming up in community.postgresql 4.0.0 using priv with the
postgresql_user be removed, and we are encouraged already now to
start using the postgresql_privs module.

This works atleast down to community.postgresql 2.0.0, possibly
lower. Seems like a good time to pin a minimum requirement for this
dependency.

This should also take care of some outstanding issues with
installing on postgres-15 (ansible-collections#928)
  • Loading branch information
@eb4x
eb4x committed May 16, 2024
1 parent 6619481 commit 7941782
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 5 deletions.
2 changes: 1 addition & 1 deletion galaxy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,4 +24,4 @@ dependencies:
ansible.posix: "*"
community.general: "*"
community.mysql: "*"
community.postgresql: "*"
community.postgresql: ">=2.0.0"
16 changes: 12 additions & 4 deletions roles/zabbix_server/tasks/initialize-pgsql.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@
port: "{{ zabbix_server_dbport }}"
login_unix_socket: "{{ zabbix_server_pgsql_login_unix_socket | default(omit) }}"
name: "{{ zabbix_server_dbname }}"
state: present

- name: "PostgreSQL | Create database user"
community.postgresql.postgresql_user:
Expand All @@ -43,10 +42,19 @@
login_unix_socket: "{{ zabbix_server_pgsql_login_unix_socket | default(omit) }}"
name: "{{ zabbix_server_dbuser }}"
password: "{{ ('md5' + (zabbix_server_dbpassword + zabbix_server_dbuser)|hash('md5')) if zabbix_server_dbpassword_hash_method == 'md5' else zabbix_server_dbpassword }}"

- name: "PostgreSQL | Set database/user permissions"
community.postgresql.postgresql_privs:
login_user: "{{ zabbix_server_pgsql_login_user | default(omit) }}"
login_password: "{{ zabbix_server_pgsql_login_password | default(omit) }}"
login_host: "{{ zabbix_server_pgsql_login_host | default(omit) }}"
port: "{{ zabbix_server_dbport }}"
login_unix_socket: "{{ zabbix_server_pgsql_login_unix_socket | default(omit) }}"
db: "{{ zabbix_server_dbname }}"
priv: ALL
state: present
encrypted: true
privs: ALL
type: schema
objs: public
role: "{{ zabbix_server_dbuser }}"

- name: "PostgreSQL | Create timescaledb extension"
when: zabbix_server_database_timescaledb
Expand Down

0 comments on commit 7941782

Please sign in to comment.