Ansible创建可以访问所有表的postgresql用户?

【问题标题】:Ansible create postgresql user with access to all tables?Ansible创建可以访问所有表的postgresql用户?
【发布时间】:2017-03-10 12:07:57
【问题描述】:

这应该很简单。我想创建一个 Ansible 语句来创建一个 Postgres 用户,该用户具有与特定数据库的连接权限以及对该特定数据库中所有表的选择/插入/更新/删除权限。我尝试了以下方法:

  - name: Create postgres user for my app
    become: yes
    become_user: postgres
    postgresql_user:
      db: "mydatabase"
      name: "myappuser"
      password: "supersecretpassword"
      priv: CONNECT/ALL:SELECT,INSERT,UPDATE,DELETE

我收到relation \"ALL\" does not exist

如果我删除ALL:,我会得到Invalid privs specified for database: INSERT UPDATE SELECT DELETE

【问题讨论】:

    标签: postgresql ansible ansible-playbook


    【解决方案1】:

    我要做的是首先创建用户,然后分别授予权限。它就像一个魅力。

     - name: Create postgres user for my app
    become: yes
    become_user: postgres
    postgresql_user:
      name: "myappuser"
      password: "supersecretpassword"

  - name: Ensure we have access from the new user
    become: yes
    become_user: postgres
    postgresql_privs:
      db: mydatabase
      role: myappuser
      objs: ALL_IN_SCHEMA
      privs: SELECT,INSERT,UPDATE,DELETE

    【讨论】:

      【解决方案2】:

      这是我使用的剧本,使用 debian 并设置用户和数据库,以及授予用户对所有数据库的访问权限:

      - hosts: all
  become: yes

  vars:
    ansible_ssh_pipelining: true

  tasks:
    - name: install postgresql server
      apt:
        pkg: postgresql
        state: present

    - name: change postgres network binding
      lineinfile:
        path: /etc/postgresql/9.6/main/postgresql.conf
        regexp: '# listen_addresses'
        line: "listen_addresses = '*'"

    - name: change postgres pg hba access
      lineinfile:
        path: /etc/postgresql/9.6/main/pg_hba.conf
        regexp: 'host  all  all 0.0.0.0/0 md5'
        line: 'host  all  all 0.0.0.0/0 md5'

    - name: start postgresql server
      service:
        enabled: yes
        name: postgresql
        state: restarted

    # psycopg2 needed for user, db creation
    - pip:
        name: psycopg2-binary

    - name: create postgresql user
      postgresql_user:
        user: "root"
        password: "root"
        role_attr_flags: "CREATEDB,NOSUPERUSER"
      become: true
      become_user: postgres

    - name: create postgresql db
      postgresql_db:
        name: "your-db-name"
        state: present
      become: true
      become_user: postgres

      您的路径可能会有所不同,因此请进行相应调整。

      还有我的 Vagrantfile,使用 virtualbox:

      # -*- mode: ruby -*-
# vi: set ft=ruby :

# Brings up a vm with es and mongodb
Vagrant.configure("2") do |config|
  config.vm.box = "geerlingguy/debian9"
  config.vm.network "private_network", ip: "192.168.33.44"

  config.vm.provider "virtualbox" do |vb|
    vb.memory = "2048"
  end

  config.vm.provision "ansible_local" do |ansible|
      ansible.playbook = "ansible_playbook.yml"
      ansible.install = "true"
      ansible.install_mode = "pip"
  end
end

      干杯!

      【讨论】:

        【解决方案3】:

        来自 ansible 文档postgressql module,priv 应该是“PostgreSQL 权限字符串,格式为:table:priv1,priv2” 所以你的任务应该是 

         - name: Create postgres user for my app
    become: yes
    become_user: postgres
    postgresql_user:
      db: "mydatabase"
      name: "myappuser"
      password: "supersecretpassword"
      priv: ALL:SELECT,INSERT,UPDATE,DELETE,CONNECT

        【讨论】:

        • 这对我不起作用。我收到一个错误psycopg2.ProgrammingError: relation \"ALL\" does not exist
        猜你喜欢
        • 2016-03-14
        • 2015-08-25
        • 1970-01-01
        • 2021-10-31
        • 2019-02-02
        • 2017-10-22
        • 1970-01-01
        • 2015-05-07
        • 1970-01-01
        相关资源
        最近更新 更多
        热门标签
        Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode