Added offline mode for xray. Added option to configure pg_hba.conf.

2026-01-21 12:06:56 -06:00 · 2020-09-27 10:53:12 -07:00
parent cd8e0debde b3413d6266
commit f4b9f13ea0
111 changed files with 9069 additions and 599 deletions
--- a/Ansible/ansible_collections/jfrog/installers/roles/postgres/README.md
+++ b/Ansible/ansible_collections/jfrog/installers/roles/postgres/README.md
@@ -5,6 +5,17 @@ The postgres role will install Postgresql software and configure a database and
 * _db_users_: This is a list of database users to create. eg. db_users: - { db_user: "artifactory", db_password: "Art1fAct0ry" }
 * _dbs_: This is the database to create. eg. dbs: - { db_name: "artifactory", db_owner: "artifactory" }

+By default, the [_pg_hba.conf_](https://www.postgresql.org/docs/9.1/auth-pg-hba-conf.html) client authentication file is configured for open access for development purposes through the _postgres_allowed_hosts_ variable:
+
+```
+postgres_allowed_hosts:
+  - { type: "host", database: "all", user: "all", address: "0.0.0.0/0", method: "trust"}
+```
+
+**THIS SHOULD NOT BE USED FOR PRODUCTION.**
+
+**Update this variable to only allow access from Artifactory and Xray.**
+
 ## Example Playbook
 ```
 ---
--- a/Ansible/ansible_collections/jfrog/installers/roles/postgres/defaults/main.yml
+++ b/Ansible/ansible_collections/jfrog/installers/roles/postgres/defaults/main.yml
@@ -82,3 +82,8 @@ postgres_server_auto_explain_log_min_duration: -1

 # Whether or not to use EXPLAIN ANALYZE.
 postgres_server_auto_explain_log_analyze: true
+
+# Sets the hosts that can access the database
+postgres_allowed_hosts:
+  - { type: "host", database: "all", user: "all", address: "0.0.0.0/0", method: "trust"}
+
--- a/Ansible/ansible_collections/jfrog/installers/roles/postgres/templates/pg_hba.conf.j2
+++ b/Ansible/ansible_collections/jfrog/installers/roles/postgres/templates/pg_hba.conf.j2
@@ -4,4 +4,8 @@ local   all             all                                     peer
 host    all             all             127.0.0.1/32            md5
 host    all             all             ::1/128                 md5
 ## remote connections IPv4
-host    all             all             0.0.0.0/0               trust
+{% if postgres_allowed_hosts and postgres_allowed_hosts is iterable %}
+    {% for host in postgres_allowed_hosts %}
+        {{ host.type | default('host') }}         {{ host.database | default('all') }}        {{ host.user | default('all') }}             {{ host.address | default('0.0.0.0/0') }}            {{ item.auth | default('trust') }}
+    {% endfor %}
+{% endif %}