rename variable password_encryption to postgresql_password_encryption…

…_algorithm
vitabaks · Dec 27, 2021 · 7b86d03 · 7b86d03
1 parent 3c08f52
commit 7b86d03
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 10 deletions.
diff --git a/roles/patroni/templates/pg_hba.conf.j2 b/roles/patroni/templates/pg_hba.conf.j2
@@ -88,11 +88,11 @@
   {{ client.type.ljust(10) |default('host') }}{{ client.database.ljust(25) |default('all') }}{{ client.user.ljust(25) |default('all') }}{{ client.address.ljust(25) |default('') }}{{ client.method |default('md5') }} {{ client.options |default(None) }}
 {% endfor %}
 {% for patroni in groups['postgres_cluster'] %}
-  host      all                      all                      {{ hostvars[patroni]['inventory_hostname'] }}/32         md5
+  host      all                      all                      {{ hostvars[patroni]['inventory_hostname'] }}/32         {{ postgresql_password_encryption_algorithm }}
 {% endfor %}
 # Allow replication connections from localhost, by a user with the
 # replication privilege.
   host      replication              {{ patroni_replication_username }}               localhost                trust
 {% for host in groups['postgres_cluster'] %}
-  host      replication              {{ patroni_replication_username }}               {{ hostvars[host]['inventory_hostname'] }}/32         md5
+  host      replication              {{ patroni_replication_username }}               {{ hostvars[host]['inventory_hostname'] }}/32         {{ postgresql_password_encryption_algorithm }}
 {% endfor %}
diff --git a/vars/main.yml b/vars/main.yml
@@ -25,9 +25,6 @@ synchronous_mode: false  # or 'true' for enable synchronous database replication
 synchronous_mode_strict: false  # if 'true' then block all client writes to the master, when a synchronous replica is not available
 synchronous_node_count: 1  # number of synchronous standby databases
 
-# Password encryption
-password_encryption: "scram-sha-256"  # or "md5" if your clients do not work with passwords encrypted with SCRAM-SHA-256
-
 # Load Balancing
 with_haproxy_load_balancing: false  # or 'true' if you want to install and configure the load-balancing
 haproxy_listen_port:
@@ -81,6 +78,7 @@ postgresql_port: "5432"
 postgresql_encoding: "UTF8"  # for bootstrap only (initdb)
 postgresql_locale: "en_US.UTF-8"  # for bootstrap only (initdb)
 postgresql_data_checksums: true  # for bootstrap only (initdb)
+postgresql_password_encryption_algorithm: "scram-sha-256"  # or "md5" if your clients do not work with passwords encrypted with SCRAM-SHA-256
 
 # (optional) list of users to be created (if not already exists)
 postgresql_users: []
@@ -111,7 +109,7 @@ postgresql_extensions: []
 postgresql_parameters:
   - {option: "max_connections", value: "500"}
   - {option: "superuser_reserved_connections", value: "5"}
-  - {option: "password_encryption", value: "{{ password_encryption }}"}
+  - {option: "password_encryption", value: "{{ postgresql_password_encryption_algorithm }}"}
   - {option: "max_locks_per_transaction", value: "64"}  # raise this value (ex. 512) if you have queries that touch many different tables (partitioning)
   - {option: "max_prepared_transactions", value: "0"}
   - {option: "huge_pages", value: "try"}  # or "on" if you set "vm_nr_hugepages" in kernel parameters
@@ -193,9 +191,9 @@ postgresql_parameters:
 postgresql_pg_hba:
   - {type: "local", database: "all", user: "postgres", address: "", method: "trust"}  # "local=trust" required for ansible modules "postgresql_(user,db,ext)"
   - {type: "local", database: "all", user: "all", address: "", method: "peer"}
-  - {type: "host", database: "all", user: "all", address: "127.0.0.1/32", method: "{{ password_encryption }}"}
-  - {type: "host", database: "all", user: "all", address: "::1/128", method: "{{ password_encryption }}"}
-#  - {type: "host", database: "mydatabase", user: "mydb-user", address: "192.168.0.0/24", method: "{{ password_encryption }}"}
+  - {type: "host", database: "all", user: "all", address: "127.0.0.1/32", method: "{{ postgresql_password_encryption_algorithm }}"}
+  - {type: "host", database: "all", user: "all", address: "::1/128", method: "{{ postgresql_password_encryption_algorithm }}"}
+#  - {type: "host", database: "mydatabase", user: "mydb-user", address: "192.168.0.0/24", method: "{{ postgresql_password_encryption_algorithm }}"}
 #  - {type: "host", database: "all", user: "all", address: "192.168.0.0/24", method: "ident", options: "map=main"}  # use pg_ident
 
 # list of lines that Patroni will use to generate pg_ident.conf
@@ -214,7 +212,7 @@ pgbouncer_max_db_connections: 1000
 pgbouncer_default_pool_size: 20
 pgbouncer_default_pool_mode: "session"
 pgbouncer_generate_userlist: true  # generate the authentication file (userlist.txt) from the pg_shadow system table
-pgbouncer_auth_type: "{{ password_encryption }}"
+pgbouncer_auth_type: "{{ postgresql_password_encryption_algorithm }}"
 
 pgbouncer_pools:
   - {name: "postgres", dbname: "postgres", pool_parameters: ""}