From 44ee2cb9418444cfc082013eeb3e7474045049de Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Tue, 25 Jan 2022 13:00:05 +0100 Subject: [PATCH] Update to 2022-01-25 13:00 --- roles/postgresql_server/defaults/main.yml | 4 ++++ roles/postgresql_server/tasks/main.yml | 20 ++++++++++++++++++++ roles/ssh/tasks/cleanup.yml | 1 + 3 files changed, 25 insertions(+) diff --git a/roles/postgresql_server/defaults/main.yml b/roles/postgresql_server/defaults/main.yml index db2f2a8..3720998 100644 --- a/roles/postgresql_server/defaults/main.yml +++ b/roles/postgresql_server/defaults/main.yml @@ -39,6 +39,10 @@ pg_base_conf: pg_extra_conf: {} pg_conf: "{{ pg_base_conf | combine(pg_extra_conf, recursive=True) }}" +# If pg_monitoring_user and pg_monitoring_pass are defined, a user will be created +# Made for Zabbix +# pg_monitoring_user: zbx +# pg_monitoring_pass: S3cr3t. # Databases and roles to create # Eg diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index a13cdb3..43e830f 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -108,6 +108,26 @@ with_items: "{{ pg_roles }}" tags: pg +- when: pg_monitoring_user is defined and pg_monitoring_pass is defined + block: + - name: Create monitoring user + postgresql_user: + name: "{{ pg_monitoring_user }}" + password: "{{ pg_monitoring_pass }}" + + - name: Grant privileges for monitoring user + postgresql_privs: + type: function + state: present + privs: EXECUTE + schema: pg_catalog + objs: pg_ls_dir(text),pg_stat_file(text),pg_ls_waldir() + role: "{{ pg_monitoring_user }}" + database: postgres + + become_user: postgres + tags: pg,zabbix + - name: Create databases postgresql_db: name: "{{ item.name }}" diff --git a/roles/ssh/tasks/cleanup.yml b/roles/ssh/tasks/cleanup.yml index 89ce3e2..826e43b 100644 --- a/roles/ssh/tasks/cleanup.yml +++ b/roles/ssh/tasks/cleanup.yml @@ -4,6 +4,7 @@ shell: ls -1 /etc/ssh/authorized_keys | xargs -n1 basename register: existing_ssh_keys changed_when: False + failed_when: False # The task can fail if there's no key yet tags: ssh - name: Remove unmanaged ssh keys