Ansible create postgresql user with access to all tables?
What I had to do was first create the user and then grant the privileges separately. It's working like a charm.
- name: Create postgres user for my app become: yes become_user: postgres postgresql_user: name: "myappuser" password: "supersecretpassword" - name: Ensure we have access from the new user become: yes become_user: postgres postgresql_privs: db: mydatabase role: myappuser objs: ALL_IN_SCHEMA privs: SELECT,INSERT,UPDATE,DELETE
Here is the playbook I use, using debian and setting up user and db, as well as giving user access to all databases:
- hosts: all become: yes vars: ansible_ssh_pipelining: true tasks: - name: install postgresql server apt: pkg: postgresql state: present - name: change postgres network binding lineinfile: path: /etc/postgresql/9.6/main/postgresql.conf regexp: '# listen_addresses' line: "listen_addresses = '*'" - name: change postgres pg hba access lineinfile: path: /etc/postgresql/9.6/main/pg_hba.conf regexp: 'host all all 0.0.0.0/0 md5' line: 'host all all 0.0.0.0/0 md5' - name: start postgresql server service: enabled: yes name: postgresql state: restarted # psycopg2 needed for user, db creation - pip: name: psycopg2-binary - name: create postgresql user postgresql_user: user: "root" password: "root" role_attr_flags: "CREATEDB,NOSUPERUSER" become: true become_user: postgres - name: create postgresql db postgresql_db: name: "your-db-name" state: present become: true become_user: postgres
Your paths may vary so adjust accordingly.
And for bonus here is my Vagrantfile, using virtualbox:
# -*- mode: ruby -*-# vi: set ft=ruby :# Brings up a vm with es and mongodbVagrant.configure("2") do |config| config.vm.box = "geerlingguy/debian9" config.vm.network "private_network", ip: "192.168.33.44" config.vm.provider "virtualbox" do |vb| vb.memory = "2048" end config.vm.provision "ansible_local" do |ansible| ansible.playbook = "ansible_playbook.yml" ansible.install = "true" ansible.install_mode = "pip" endend
Cheers!
From ansible documentation postgressql module, priv should be "PostgreSQL privileges string in the format: table:priv1,priv2"So your task should be
- name: Create postgres user for my app become: yes become_user: postgres postgresql_user: db: "mydatabase" name: "myappuser" password: "supersecretpassword" priv: ALL:SELECT,INSERT,UPDATE,DELETE,CONNECT