Ansible 创建可以访问所有表的 postgresql 用户?
Ansible create postgresql user with access to all tables?
这个应该很简单。我想创建一个 Ansible 语句来创建一个 Postgres 用户,该用户具有特定数据库的连接权限和该特定数据库中所有表的 select/insert/update/delete 权限。我尝试了以下方法:
- name: Create postgres user for my app
become: yes
become_user: postgres
postgresql_user:
db: "mydatabase"
name: "myappuser"
password: "supersecretpassword"
priv: CONNECT/ALL:SELECT,INSERT,UPDATE,DELETE
我得到relation \"ALL\" does not exist
如果我删除 ALL:
,我会得到 Invalid privs specified for database: INSERT UPDATE SELECT DELETE
根据 ansible 文档 postgressql module,priv 应该是 "PostgreSQL privileges string in the format: table:priv1,priv2"
所以你的任务应该是
- name: Create postgres user for my app
become: yes
become_user: postgres
postgresql_user:
db: "mydatabase"
name: "myappuser"
password: "supersecretpassword"
priv: ALL:SELECT,INSERT,UPDATE,DELETE,CONNECT
我要做的就是先创建用户,然后单独授予权限。它就像一个魅力。
- name: Create postgres user for my app
become: yes
become_user: postgres
postgresql_user:
name: "myappuser"
password: "supersecretpassword"
- name: Ensure we have access from the new user
become: yes
become_user: postgres
postgresql_privs:
db: mydatabase
role: myappuser
objs: ALL_IN_SCHEMA
privs: SELECT,INSERT,UPDATE,DELETE
这是我使用的剧本,使用 debian 并设置用户和数据库,以及授予用户访问所有数据库的权限:
- hosts: all
become: yes
vars:
ansible_ssh_pipelining: true
tasks:
- name: install postgresql server
apt:
pkg: postgresql
state: present
- name: change postgres network binding
lineinfile:
path: /etc/postgresql/9.6/main/postgresql.conf
regexp: '# listen_addresses'
line: "listen_addresses = '*'"
- name: change postgres pg hba access
lineinfile:
path: /etc/postgresql/9.6/main/pg_hba.conf
regexp: 'host all all 0.0.0.0/0 md5'
line: 'host all all 0.0.0.0/0 md5'
- name: start postgresql server
service:
enabled: yes
name: postgresql
state: restarted
# psycopg2 needed for user, db creation
- pip:
name: psycopg2-binary
- name: create postgresql user
postgresql_user:
user: "root"
password: "root"
role_attr_flags: "CREATEDB,NOSUPERUSER"
become: true
become_user: postgres
- name: create postgresql db
postgresql_db:
name: "your-db-name"
state: present
become: true
become_user: postgres
您的路径可能会有所不同,因此请相应地进行调整。
作为奖励,这里是我的 Vagrantfile,使用 virtualbox:
# -*- mode: ruby -*-
# vi: set ft=ruby :
# Brings up a vm with es and mongodb
Vagrant.configure("2") do |config|
config.vm.box = "geerlingguy/debian9"
config.vm.network "private_network", ip: "192.168.33.44"
config.vm.provider "virtualbox" do |vb|
vb.memory = "2048"
end
config.vm.provision "ansible_local" do |ansible|
ansible.playbook = "ansible_playbook.yml"
ansible.install = "true"
ansible.install_mode = "pip"
end
end
干杯!
这个应该很简单。我想创建一个 Ansible 语句来创建一个 Postgres 用户,该用户具有特定数据库的连接权限和该特定数据库中所有表的 select/insert/update/delete 权限。我尝试了以下方法:
- name: Create postgres user for my app
become: yes
become_user: postgres
postgresql_user:
db: "mydatabase"
name: "myappuser"
password: "supersecretpassword"
priv: CONNECT/ALL:SELECT,INSERT,UPDATE,DELETE
我得到relation \"ALL\" does not exist
如果我删除 ALL:
,我会得到 Invalid privs specified for database: INSERT UPDATE SELECT DELETE
根据 ansible 文档 postgressql module,priv 应该是 "PostgreSQL privileges string in the format: table:priv1,priv2" 所以你的任务应该是
- name: Create postgres user for my app
become: yes
become_user: postgres
postgresql_user:
db: "mydatabase"
name: "myappuser"
password: "supersecretpassword"
priv: ALL:SELECT,INSERT,UPDATE,DELETE,CONNECT
我要做的就是先创建用户,然后单独授予权限。它就像一个魅力。
- name: Create postgres user for my app
become: yes
become_user: postgres
postgresql_user:
name: "myappuser"
password: "supersecretpassword"
- name: Ensure we have access from the new user
become: yes
become_user: postgres
postgresql_privs:
db: mydatabase
role: myappuser
objs: ALL_IN_SCHEMA
privs: SELECT,INSERT,UPDATE,DELETE
这是我使用的剧本,使用 debian 并设置用户和数据库,以及授予用户访问所有数据库的权限:
- hosts: all
become: yes
vars:
ansible_ssh_pipelining: true
tasks:
- name: install postgresql server
apt:
pkg: postgresql
state: present
- name: change postgres network binding
lineinfile:
path: /etc/postgresql/9.6/main/postgresql.conf
regexp: '# listen_addresses'
line: "listen_addresses = '*'"
- name: change postgres pg hba access
lineinfile:
path: /etc/postgresql/9.6/main/pg_hba.conf
regexp: 'host all all 0.0.0.0/0 md5'
line: 'host all all 0.0.0.0/0 md5'
- name: start postgresql server
service:
enabled: yes
name: postgresql
state: restarted
# psycopg2 needed for user, db creation
- pip:
name: psycopg2-binary
- name: create postgresql user
postgresql_user:
user: "root"
password: "root"
role_attr_flags: "CREATEDB,NOSUPERUSER"
become: true
become_user: postgres
- name: create postgresql db
postgresql_db:
name: "your-db-name"
state: present
become: true
become_user: postgres
您的路径可能会有所不同,因此请相应地进行调整。
作为奖励,这里是我的 Vagrantfile,使用 virtualbox:
# -*- mode: ruby -*-
# vi: set ft=ruby :
# Brings up a vm with es and mongodb
Vagrant.configure("2") do |config|
config.vm.box = "geerlingguy/debian9"
config.vm.network "private_network", ip: "192.168.33.44"
config.vm.provider "virtualbox" do |vb|
vb.memory = "2048"
end
config.vm.provision "ansible_local" do |ansible|
ansible.playbook = "ansible_playbook.yml"
ansible.install = "true"
ansible.install_mode = "pip"
end
end
干杯!