Initial commit

2025-07-27 23:21:22 -07:00 · 2020-03-09 09:11:07 +00:00 · 2020-03-09 09:11:07 +00:00 · aebc1b03fd
commit aebc1b03fd
4861 changed files with 812621 additions and 0 deletions
--- a/tests/integration/targets/setup_postgresql_db/tasks/ssl.yml
+++ b/tests/integration/targets/setup_postgresql_db/tasks/ssl.yml
@ -0,0 +1,57 @@
+- name: postgresql SSL - create database
+  become_user: '{{ pg_user }}'
+  become: true
+  postgresql_db:
+    name: '{{ ssl_db }}'
+- name: postgresql SSL - create role
+  become_user: '{{ pg_user }}'
+  become: true
+  postgresql_user:
+    name: '{{ ssl_user }}'
+    role_attr_flags: SUPERUSER
+    password: '{{ ssl_pass }}'
+- name: postgresql SSL - install openssl
+  become: true
+  package: name=openssl state=present
+- name: postgresql SSL - create certs 1
+  become_user: root
+  become: true
+  shell: openssl req -new -nodes -text -out ~{{ pg_user }}/root.csr \ -keyout ~{{ pg_user }}/root.key -subj "/CN=localhost.local"
+- name: postgresql SSL - create certs 2
+  become_user: root
+  become: true
+  shell: openssl x509 -req -in ~{{ pg_user }}/root.csr -text -days 3650 \ -extensions v3_ca -signkey ~{{ pg_user }}/root.key -out ~{{ pg_user }}/root.crt
+- name: postgresql SSL - create certs 3
+  become_user: root
+  become: true
+  shell: openssl req -new -nodes -text -out ~{{ pg_user }}/server.csr \ -keyout ~{{ pg_user }}/server.key -subj "/CN=localhost.local"
+- name: postgresql SSL - create certs 4
+  become_user: root
+  become: true
+  shell: openssl x509 -req -in ~{{ pg_user }}/server.csr -text -days 365 \ -CA ~{{ pg_user }}/root.crt -CAkey ~{{ pg_user }}/root.key -CAcreateserial -out server.crt
+- name: postgresql SSL - set right permissions to files
+  become_user: root
+  become: true
+  file:
+    path: '{{ item }}'
+    mode: '0600'
+    owner: '{{ pg_user }}'
+    group: '{{ pg_user }}'
+  with_items:
+  - ~{{ pg_user }}/root.key
+  - ~{{ pg_user }}/server.key
+  - ~{{ pg_user }}/root.crt
+  - ~{{ pg_user }}/server.csr
+- name: postgresql SSL - enable SSL
+  become_user: '{{ pg_user }}'
+  become: true
+  postgresql_set:
+    login_user: '{{ pg_user }}'
+    db: postgres
+    name: ssl
+    value: true
+- name: postgresql SSL - reload PostgreSQL to enable ssl on
+  become: true
+  service:
+    name: '{{ postgresql_service }}'
+    state: reloaded