AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Configure PostgreSQL with Ansible: User Access and Service Management

By Luca Berton · Published 2024-01-01 · Category: installation

Learn how to automate PostgreSQL configuration with Ansible. This guide shows how to set user access with md5 authentication and manage PostgreSQL services.

Configure PostgreSQL with Ansible: User Access and Service Management

How to Allow md5 Connection for a PostgreSQL User / Role with Ansible?

I'm going to show you a live Playbook with some simple Ansible code. I'm Luca Berton and welcome to today's episode of Ansible Pilot

See also: community.postgresql.postgresql_user: Create & Manage PostgreSQL Users

Ansible Allow md5 Connection for a PostgreSQL User / Role

community.postgresql.postgresql_pg_hba • Add, remove or modify a rule in a pg_hba file

Let's talk about the Ansible module postgresql_pg_hba. The full name is community.postgresql.postgresql_pg_hba, which means that is part of the collection of modules "community.postgresql" maintained by the Ansible Community to interact with PostgreSQL. The collection is tested with ansible-core version 2.11+, prior versions such as 2.9 or 2.10 are not supported. The purpose of the module is to Add, remove or modify a rule in a pg_hba file. This module uses psycopg2, a Python PostgreSQL User library. You must ensure that python3-psycopg2 is installed on the host before using this module.

Links

community.postgresql.postgresql_pg_hba

See also: Ansible Change Windows User Password: win_user Module (Examples)

Playbook

Let's jump into a real-life Ansible Playbook to Allow md5 Connection for a PostgreSQL User / Role now called Role. I'm going to show you how to create a pg_hba.conffile to allow themyuser user/role to connect to the current PostgreSQL server using md5 authentication.

code

---
- name: postgresql Playbook
  hosts: all
  become: true
  vars:
    db_user: myuser

tasks:
    - name: Utility present
      ansible.builtin.package:
        name: python3-psycopg2
        state: present


- name: Allow md5 connection for the db user
      community.postgresql.postgresql_pg_hba:
        dest: "~/data/pg_hba.conf"
        contype: host
        databases: all
        method: md5
        users: "{{ db_user }}"
        create: true
      become: true
      become_user: postgres
      notify: Restart service


handlers:
    - name: Restart service
      ansible.builtin.service:
        name: postgresql
        state: restarted

execution

$ ansible-playbook -i virtualmachines/demo/inventory postgresql/user_md5.yml
PLAY [postgresql Playbook] ************************************************************************************
TASK [Gathering Facts] ************************************************************************************
ok: [demo.example.com]
TASK [Utility present] ************************************************************************************
ok: [demo.example.com]
TASK [Allow md5 connection for the db user] ***************************************************************
changed: [demo.example.com]
RUNNING HANDLER [Restart service] *************************************************************************
changed: [demo.example.com]
PLAY RECAP ************************************************************************************************
demo.example.com           : ok=4    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

idempotency

$ ansible-playbook -i virtualmachines/demo/inventory postgresql/user_md5.yml
PLAY [postgresql Playbook] ************************************************************************************
TASK [Gathering Facts] ************************************************************************************
ok: [demo.example.com]
TASK [Utility present] ************************************************************************************
ok: [demo.example.com]
TASK [Allow md5 connection for the db user] ***************************************************************
ok: [demo.example.com]
PLAY RECAP ************************************************************************************************
demo.example.com           : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

before execution

$ ssh devops@demo.example.com
[devops@demo ~]$ sudo su
[root@demo devops]# su - postgres
Last login: Thu Jun  9 15:19:14 UTC 2022 on pts/0
[postgres@Playbook ~]$ psql -h localhost -U myuser
psql: FATAL:  Ident authentication failed for user "myuser"
[postgres@Playbook ~]$

after execution

$ ssh devops@demo.example.com
[devops@demo ~]$ sudo su
[root@demo devops]# su - postgres
[postgres@Playbook ~]$ psql -h localhost -U myuser
Password for user myuser: 
psql: FATAL:  database "myuser" does not exist
[postgres@Playbook ~]$

code with ❤️ in GitHub

Conclusion

Now you know how to Allow md5 Connection for a PostgreSQL User / Role with Ansible.

See also: Ansible Create Windows Local User: win_user Module (Complete Guide)

Related Articles

Ansible Become Guidestatic and dynamic Ansible inventoryrestarting services with Ansible handlers

Category: installation

Watch the video: Configure PostgreSQL with Ansible: User Access and Service Management — Video Tutorial

Browse all Ansible tutorials · AnsiblePilot Home