From 250e9e6a43d6e912b9d4560f2d4609f7d1165bb3 Mon Sep 17 00:00:00 2001
From: Antoine SCHILDKNECHT <antoine.schildknecht@ubicast.eu>
Date: Wed, 8 Jun 2022 06:35:12 +0000
Subject: [PATCH] Force SSL for DB communications | refs #35260
---
roles/postgres-ha/tasks/main.yml | 16 ++++++++--------
roles/postgres/defaults/main.yml | 8 ++++----
2 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/roles/postgres-ha/tasks/main.yml b/roles/postgres-ha/tasks/main.yml
index b1bd12c6..15e2d51d 100644
--- a/roles/postgres-ha/tasks/main.yml
+++ b/roles/postgres-ha/tasks/main.yml
@@ -18,27 +18,27 @@
pg_hba:
- type: local
method: peer
- - type: host
+ - type: hostssl
address: 127.0.0.1/32
- - type: host
+ - type: hostssl
address: ::1/128
- - type: host
+ - type: hostssl
address: 0.0.0.0/0
- - type: host
+ - type: hostssl
address: ::/0
- type: local
database: replication
method: peer
- - type: host
+ - type: hostssl
database: replication
address: 127.0.0.1/32
- - type: host
+ - type: hostssl
database: replication
address: ::1/128
- - type: host
+ - type: hostssl
database: replication
address: 0.0.0.0/0
- - type: host
+ - type: hostssl
database: replication
address: ::/0
pg_conf:
diff --git a/roles/postgres/defaults/main.yml b/roles/postgres/defaults/main.yml
index b1ef40b9..50dcd0ec 100644
--- a/roles/postgres/defaults/main.yml
+++ b/roles/postgres/defaults/main.yml
@@ -18,17 +18,17 @@ pg_conf:
pg_hba:
- type: local
method: peer
- - type: host
+ - type: hostssl
address: 127.0.0.1/32
- - type: host
+ - type: hostssl
address: ::1/128
- type: local
database: replication
method: peer
- - type: host
+ - type: hostssl
database: replication
address: 127.0.0.1/32
- - type: host
+ - type: hostssl
database: replication
address: ::1/128
--
GitLab