v2.0.0
This commit is contained in:
@@ -1,31 +1,87 @@
|
||||
- name: Wait for PostgreSQL socket
|
||||
---
|
||||
# Tworzenie bazy danych i użytkownika dla MailArchiver
|
||||
# Ta rola uruchamia się TYLKO na primary
|
||||
|
||||
- name: Wait for PostgreSQL to be ready
|
||||
wait_for:
|
||||
path: "/var/run/postgresql/{{ pg_version }}-{{ pg_cluster }}/.s.PGSQL.5432"
|
||||
path: "/var/run/postgresql/.s.PGSQL.5432"
|
||||
timeout: 60
|
||||
|
||||
- name: Create db user
|
||||
become: true
|
||||
become_user: postgres
|
||||
# --- Utworzenie użytkownika mailuser ---
|
||||
- name: Create mailuser database user
|
||||
postgresql_user:
|
||||
name: mailuser
|
||||
password: "{{ mailuser_password }}"
|
||||
login_host: "/var/run/postgresql/{{ pg_version }}-{{ pg_cluster }}/.s.PGSQL.5432"
|
||||
|
||||
- name: Create database
|
||||
role_attr_flags: CREATEDB
|
||||
login_unix_socket_directory: /var/run/postgresql
|
||||
db: postgres
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
# --- Utworzenie bazy mailarchiver ---
|
||||
- name: Create mailarchiver database
|
||||
postgresql_db:
|
||||
name: mailarchiver
|
||||
owner: mailuser
|
||||
login_host: "/var/run/postgresql/{{ pg_version }}-{{ pg_cluster }}/.s.PGSQL.5432"
|
||||
|
||||
- name: Grant schema rights
|
||||
encoding: UTF-8
|
||||
lc_collate: en_US.UTF-8
|
||||
lc_ctype: en_US.UTF-8
|
||||
login_unix_socket_directory: /var/run/postgresql
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
# --- Przyznanie uprawnień ---
|
||||
- name: Grant privileges on schema public
|
||||
postgresql_query:
|
||||
db: mailarchiver
|
||||
query: |
|
||||
GRANT USAGE ON SCHEMA public TO mailuser;
|
||||
GRANT CREATE ON SCHEMA public TO mailuser;
|
||||
login_unix_socket_directory: /var/run/postgresql
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
# --- Default privileges dla tabel ---
|
||||
- name: Set default privileges for tables
|
||||
postgresql_query:
|
||||
db: mailarchiver
|
||||
query: |
|
||||
GRANT ALL ON SCHEMA public TO mailuser;
|
||||
ALTER DEFAULT PRIVILEGES IN SCHEMA public
|
||||
GRANT ALL ON TABLES TO mailuser;
|
||||
login_host: "/var/run/postgresql/{{ pg_version }}-{{ pg_cluster }}/.s.PGSQL.5432"
|
||||
|
||||
ALTER DEFAULT PRIVILEGES IN SCHEMA public
|
||||
GRANT ALL ON SEQUENCES TO mailuser;
|
||||
|
||||
ALTER DEFAULT PRIVILEGES IN SCHEMA public
|
||||
GRANT ALL ON FUNCTIONS TO mailuser;
|
||||
login_unix_socket_directory: /var/run/postgresql
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
# --- Sprawdzenie ---
|
||||
- name: Verify mailarchiver database creation
|
||||
postgresql_query:
|
||||
db: mailarchiver
|
||||
query: "SELECT datname, pg_database.datdba::regrole FROM pg_database WHERE datname = 'mailarchiver'"
|
||||
login_unix_socket_directory: /var/run/postgresql
|
||||
become: true
|
||||
become_user: postgres
|
||||
register: db_verify
|
||||
|
||||
- name: Display database info
|
||||
debug:
|
||||
msg: "Database mailarchiver created: {{ db_verify.query_result }}"
|
||||
|
||||
- name: Verify mailuser permissions
|
||||
postgresql_query:
|
||||
db: mailarchiver
|
||||
query: "SELECT * FROM information_schema.role_table_grants WHERE grantee='mailuser' LIMIT 5"
|
||||
login_unix_socket_directory: /var/run/postgresql
|
||||
become: true
|
||||
become_user: postgres
|
||||
register: user_perms
|
||||
ignore_errors: true
|
||||
|
||||
- name: Display user permissions
|
||||
debug:
|
||||
msg: "Mailuser permissions: {{ user_perms.query_result | default('No permissions yet') }}"
|
||||
|
||||
Reference in New Issue
Block a user