diff options
Diffstat (limited to 'roles/postgresql_server/tasks/freeipa.yml')
-rw-r--r-- | roles/postgresql_server/tasks/freeipa.yml | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/roles/postgresql_server/tasks/freeipa.yml b/roles/postgresql_server/tasks/freeipa.yml new file mode 100644 index 0000000..50ea678 --- /dev/null +++ b/roles/postgresql_server/tasks/freeipa.yml @@ -0,0 +1,49 @@ +- name: create postgres service principal + ipaservice: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: 'postgres/{{ ansible_fqdn }}' + state: present + +- name: retrieve postgres service keytab + include_role: + name: freeipa_keytab + vars: + keytab_principal: 'postgres/{{ ansible_fqdn }}' + keytab_path: '{{ postgresql_keytab }}' + +- name: create SELinux policy for postgres to access gssproxy + include_role: + name: selinux_policy + apply: + tags: selinux + vars: + selinux_policy_name: postrgres_gssproxy + selinux_policy_te: '{{ postgresql_selinux_policy_te }}' + tags: selinux + +- name: create systemd override directory + file: + path: /etc/systemd/system/postgresql.service.d/ + state: directory + +- name: create systemd unit override + copy: + src: etc/systemd/system/postgresql.service.d/override.conf + dest: /etc/systemd/system/postgresql.service.d/override.conf + register: postgresql_systemd_override + +- name: reload systemd units + systemd: + daemon_reload: yes + when: postgresql_systemd_override.changed + +- name: configure gssproxy + include_role: + name: gssproxy_client + vars: + gssproxy_name: postgres + gssproxy_section: service/postgresql + gssproxy_keytab: '{{ postgresql_keytab }}' + gssproxy_cred_usage: accept + gssproxy_euid: postgres |