Skip to content
This repository has been archived by the owner on Jan 15, 2024. It is now read-only.

Set clientcert=verify-ca in pg_hba.conf when using SSL #12

Closed
wants to merge 3 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,6 @@ repos:
hooks:
- id: shellcheck
- repo: https://github.com/ansible-community/ansible-lint.git
rev: v6.3.0
rev: v6.17.2
hooks:
- id: ansible-lint
3 changes: 3 additions & 0 deletions handlers/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,6 @@

- name: Restore selinux contexts
ansible.builtin.command: restorecon -R -v {{ postgresql.base_directory }}
register: restore_selinux_contexts
changed_when:
- "'restorecon reset' in restore_selinux_contexts.stdout"
2 changes: 1 addition & 1 deletion molecule/resources/prepare.yml
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@
ansible.builtin.include_role:
name: "mirsg.ssl_certificates"
vars:
ssl_certificate: "{{ postgresql_client_ssl_certificate }}"
ssl_certificate: "{{ postgresql_client_ssl_certificate }}" # noqa: var-naming[no-role-prefix]

- name: Prepare - install and start crontabs on the db
hosts: db
Expand Down
2 changes: 1 addition & 1 deletion tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,7 @@
ansible.builtin.include_role:
name: mirsg.ssl_certificates
vars:
ssl_certificate: "{{ postgresql_ssl_certificate }}"
ssl_certificate: "{{ postgresql_ssl_certificate }}" # noqa: var-naming[no-role-prefix]

- name: Get postgresql client certificate from cache
ansible.builtin.copy:
Expand Down
2 changes: 1 addition & 1 deletion templates/pg_hba.conf.j2
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ local all all peer

# IPv4 local connections:
{% if postgresql_use_ssl %}
hostssl {{ postgresql_database.database_name }} {{ postgresql_database.user_name }} {{ postgresql_connection.client_ip }} {{ postgresql_connection.subnet_mask }} md5 clientcert=1
hostssl {{ postgresql_database.database_name }} {{ postgresql_database.user_name }} {{ postgresql_connection.client_ip }} {{ postgresql_connection.subnet_mask }} md5 clientcert=verify-ca
{% else %}
host {{ postgresql_database.database_name }} {{ postgresql_database.user_name }} {{ postgresql_connection.client_ip }} {{ postgresql_connection.subnet_mask }} md5
{% endif %}