Patroni: add pg_ident.conf support

New variable "postgresql_pg_ident"; Added support for map options in the postgresql_pg_hba variable. #55
vitabaks · Sep 3, 2020 · d7f3536 · d7f3536
1 parent d684b22
commit d7f3536
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 1 deletion.
diff --git a/roles/patroni/templates/patroni.yml.j2 b/roles/patroni/templates/patroni.yml.j2
@@ -101,6 +101,13 @@ postgresql:
     stats_temp_directory: {{ postgresql_stats_temp_directory_path }}
 {% endif %}
 
+{% if postgresql_pg_ident is defined and postgresql_pg_ident | length > 0 %}
+  pg_ident:
+  {% for ident in postgresql_pg_ident %}
+    - {{ ident.mapname }} {{ ident.system_username }} {{ ident.pg_username }}
+  {% endfor %}
+{% endif %}
+
   remove_data_directory_on_rewind_failure: {{ patroni_remove_data_directory_on_rewind_failure |string |d(false, true) |lower }}
   remove_data_directory_on_diverged_timelines: {{ patroni_remove_data_directory_on_diverged_timelines |string |d(false, true) |lower }}
 

diff --git a/roles/patroni/templates/pg_hba.conf.j2 b/roles/patroni/templates/pg_hba.conf.j2
@@ -85,7 +85,7 @@
 
 # TYPE      DATABASE                 USER                     ADDRESS                  METHOD
 {% for client in postgresql_pg_hba %}
-  {{ client.type.ljust(10) |default('host') }}{{ client.database.ljust(25) |default('all') }}{{ client.user.ljust(25) |default('all') }}{{ client.address.ljust(25) |default('') }}{{ client.method |default('md5') }}
+  {{ client.type.ljust(10) |default('host') }}{{ client.database.ljust(25) |default('all') }}{{ client.user.ljust(25) |default('all') }}{{ client.address.ljust(25) |default('') }}{{ client.method |default('md5') }} {{ client.options |default(None) }}
 {% endfor %}
 {% for patroni in groups['postgres_cluster'] %}
   host      all                      all                      {{ hostvars[patroni]['inventory_hostname'] }}/32         md5

diff --git a/vars/main.yml b/vars/main.yml
@@ -176,6 +176,12 @@ postgresql_pg_hba:
   - {type: "host", database: "all", user: "all", address: "127.0.0.1/32", method: "md5"}
   - {type: "host", database: "all", user: "all", address: "::1/128", method: "md5"}
 #  - {type: "host", database: "mydatabase", user: "mydb-user", address: "192.168.0.0/24", method: "md5"}
+#  - {type: "host", database: "all", user: "all", address: "192.168.0.0/24", method: "ident", options: "map=main"}  # use pg_ident
+
+# list of lines that Patroni will use to generate pg_ident.conf
+postgresql_pg_ident: []
+#  - {mapname: "main", system_username: "postgres", pg_username: "backup"}
+#  - {mapname: "", system_username: "", pg_username: ""}
 
 
 # PgBouncer parameters