From 33ea62e32aeeae7b920e513fa2b85873f046ee1c Mon Sep 17 00:00:00 2001 From: Daniel Matthews Date: Fri, 28 Apr 2023 14:25:12 +0100 Subject: [PATCH 1/3] Remove default for `subnet_mask`. --- templates/pg_hba.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/pg_hba.conf.j2 b/templates/pg_hba.conf.j2 index afcb697..a07a2f3 100644 --- a/templates/pg_hba.conf.j2 +++ b/templates/pg_hba.conf.j2 @@ -79,7 +79,7 @@ local all all peer # IPv4 local connections: {% if postgresql_use_ssl %} -hostssl {{ postgresql_database.database_name }} {{ postgresql_database.user_name }} {{ postgresql_connection.client_ip }} {{ postgresql_connection.subnet_mask|default('255.255.255.255') }} md5 clientcert=1 +hostssl {{ postgresql_database.database_name }} {{ postgresql_database.user_name }} {{ postgresql_connection.client_ip }} {{ postgresql_connection.subnet_mask }} md5 clientcert=1 {% else %} -host {{ postgresql_database.database_name }} {{ postgresql_database.user_name }} {{ postgresql_connection.client_ip }} {{ postgresql_connection.subnet_mask|default('255.255.255.255') }} md5 +host {{ postgresql_database.database_name }} {{ postgresql_database.user_name }} {{ postgresql_connection.client_ip }} {{ postgresql_connection.subnet_mask }} md5 {% endif %} From 96988422c857dd3f5c6ae1b9c757cb3acc978b9a Mon Sep 17 00:00:00 2001 From: Daniel Matthews Date: Fri, 28 Apr 2023 14:25:39 +0100 Subject: [PATCH 2/3] Remove default for `listen_addresses`. --- templates/postgresql.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/postgresql.conf.j2 b/templates/postgresql.conf.j2 index 022f194..0d70952 100644 --- a/templates/postgresql.conf.j2 +++ b/templates/postgresql.conf.j2 @@ -56,7 +56,7 @@ # - Connection Settings - -listen_addresses = {{ postgresql_connection.listen_addresses|default('localhost, ' + postgresql_connection.host) }} +listen_addresses = {{ postgresql_connection.listen_addresses }} #listen_addresses = '*' # comma-separated list of addresses; # defaults to 'localhost'; use '*' for all From 599ea0005a6fdd5d1a40a473cd0c41d421c2acb7 Mon Sep 17 00:00:00 2001 From: Daniel Matthews Date: Fri, 28 Apr 2023 14:37:45 +0100 Subject: [PATCH 3/3] Add `subnet_mask` to molecule group vars. --- molecule/resources/inventory/host_vars/db/vars | 1 + 1 file changed, 1 insertion(+) diff --git a/molecule/resources/inventory/host_vars/db/vars b/molecule/resources/inventory/host_vars/db/vars index 0a4e0b1..5853f87 100644 --- a/molecule/resources/inventory/host_vars/db/vars +++ b/molecule/resources/inventory/host_vars/db/vars @@ -12,6 +12,7 @@ postgresql_connection: client_ip: "{{ web_vm.ip }}" client_certificate_filename: "/var/lib/pgsql/certs/root.crt" # required if using SSL, where to copy the client certificate to on the server listen_addresses: "'*'" + subnet_mask: 255.255.255.255 # mirsg.ssl_certificates - postgresql server postgresql_ssl_certificate: