I want to create pg_hba.conf entries with the
community.postgresql.postgresql_pg_hba module. I think generally my issue here
is not releated to how that module works though
I can do this with a TASK like the below ...
*******************************************************************************************************
name: create pg_hba entries
community.postgresql.postgresql_pg_hba:
state: present
address: "{{ item.address }}"
databases: "{{ item.databases }}"
contype: "{{ item.contype }}"
users: "{{ item.users }}"
method: "{{ item.method }}"
comment: "{{ item.comment }}"
backup: true
backup_file: /opt/db/data/postgres/data/pg_hba.conf.bak
dest: /opt/db/data/postgres/data/pg_hba.conf
keep_comments_at_rules: true
become: true
loop:
- { address: "10.250.111.53/32", databases: 'keycloak', contype: "host",
users: "keycloak", method: "scram-sha-256", comment: " Keycloak @10.250.111.53
- created by Ansible" }
- { address: "10.250.111.54/32", databases: 'keycloak', contype: "host",
users: "someone_else", method: "scram-sha-256", comment: " someonle else
@10.250.111.54 - created by Ansible" }
*******************************************************************************************************
... but need to make this more abstract, so I do not have to provide all those
values (there will be n amount of entries in the same manner) in the TASK
itself but get this gathered into a centralized defaults file. ALso the amount
of entries to be created can be 2, or 5 or n.
I try to achive this with 2 components
*** 1. a defaults file
********************************************************************************
kcl_ip:
- "10.4.253.146/32"
kcl_fqdn: VM-413426-0045.step.zrz.dvz.cn-mv.de
kcl_pw_crypt: scram-sha-256
kcl_conntype: host
kcl_db: keycloak
kcl_role:
- keycloak
kcl_comment:
- "keycloak - {{ kcl_fqdn.0 }}"
kcl_hba_entries:
- { address: "{{ kcl_ip.0 }}", databases: "{{ kcl_db }}", contype:
"{{ kcl_conntype }}", users: "{{ kcl_role.0 }}", method: "{{ kcl_pw_crypt }}",
comment: "{{ kcl_comment.0 }}" }
*** 2. an adjusted TASK
*******************************************************************************
- name: create pg_hba entries
community.postgresql.postgresql_pg_hba:
state: present
address: "{{ kcl_hba_entries.address }}"
databases: "{{ kcl_hba_entries.databases }}"
contype: "{{ kcl_hba_entries.contype }}"
users: "{{ kcl_hba_entries.users }}"
method: "{{ kcl_hba_entries.method }}"
comment: "{{ kcl_hba_entries.comment }}"
backup: true
backup_file: /opt/db/data/postgres/data/pg_hba.conf.bak
dest: /opt/db/data/postgres/data/pg_hba.conf
keep_comments_at_rules: true
become: true
*******************************************************************************************************
So I wanted to add a couple of lines to kcl_hba_entries and hope that
(depending on the amount of entries I have in kcl_ip, kcl_role, ... ) it shoudl
produce one, or 4 or n entries to the pg_hba.conf file
this does not work unfortunately
*******************************************************************************************************
TASK [eakte_postgres_config : create pg_hba entries]
**************************************************
task path:
/home/gwagner/repos/automation_postgres/roles/eakte_postgres_config/tasks/config_keycloak.yml:55
fatal: [VM-413426-0048.step.zrz.dvz.cn-mv.de]: FAILED! => {
"msg": "The task includes an option with an undefined variable. The error
was: 'list object' has no attribute 'address'\n\nThe error appears to be in
'/home/gwagner/repos/automation_postgres/roles/eakte_postgres_config/tasks/config_keycloak.yml':
line 55, column 3, but may\nbe elsewhere in the file depending on the exact
syntax problem.\n\nThe offending line appears to be:\n\n\n- name: create pg_hba
entries\n ^ here\n"
}
*******************************************************************************************************
I am probably having some sort of problem with the logic in general. Can
anybody kindly advise, what my problem may be caused by?
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1490227659.63357.1687848669763%40office.mailbox.org.
