Update postgresql role to latest version.

Author: geerlingguy

provisioning/requirements.yml

@@ -67,7 +67,7 @@ roles:
   - name: geerlingguy.postfix
     version: 2.0.0
   - name: geerlingguy.postgresql
-    version: 3.0.0
+    version: 3.1.1
   - name: geerlingguy.redis
     version: 1.7.0
   - name: geerlingguy.repo-epel

provisioning/roles/geerlingguy.postgresql/.ansible-lint

@@ -1,4 +1,4 @@
 skip_list:
-  - '405'
-  - '503'
-  - '106'
+  - 'yaml'
+  - 'no-handler'
+  - 'role-name'

provisioning/roles/geerlingguy.postgresql/.github/workflows/ci.yml

@@ -29,12 +29,11 @@ jobs:
           python-version: '3.x'
 
       - name: Install test dependencies.
-        run: pip3 install yamllint ansible-lint
+        run: pip3 install yamllint
 
       - name: Lint code.
         run: |
           yamllint .
-          ansible-lint
 
   molecule:
     name: Molecule

provisioning/roles/geerlingguy.postgresql/.gitignore

@@ -1,3 +1,5 @@
 *.retry
 */__pycache__
 *.pyc
+.cache
+

provisioning/roles/geerlingguy.postgresql/defaults/main.yml

@@ -10,6 +10,9 @@ postgresql_python_library: python-psycopg2
 postgresql_user: postgres
 postgresql_group: postgres
 
+# `md5` or `scram-sha-256` (https://www.postgresql.org/docs/10/auth-methods.html)
+postgresql_auth_method: "{{ ansible_fips  | ternary('scram-sha-256', 'md5') }}"
+
 postgresql_unix_socket_directories:
   - /var/run/postgresql
 
@@ -26,8 +29,8 @@ postgresql_global_config_options:
 postgresql_hba_entries:
   - {type: local, database: all, user: postgres, auth_method: peer}
   - {type: local, database: all, user: all, auth_method: peer}
-  - {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5}
-  - {type: host, database: all, user: all, address: '::1/128', auth_method: md5}
+  - {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: "{{ postgresql_auth_method }}"}
+  - {type: host, database: all, user: all, address: '::1/128', auth_method: "{{ postgresql_auth_method }}"}
 
 # Debian only. Used to generate the locales used by PostgreSQL databases.
 postgresql_locales:

provisioning/roles/geerlingguy.postgresql/meta/main.yml

@@ -11,15 +11,14 @@ galaxy_info:
   platforms:
     - name: EL
       versions:
-        - 6
         - 7
         - 8
     - name: Fedora
       versions:
-        - 29
         - 30
         - 31
         - 32
+        - 33
     - name: Ubuntu
       versions:
         - xenial

provisioning/roles/geerlingguy.postgresql/molecule/default/converge.yml

@@ -26,16 +26,6 @@
       changed_when: false
       when: ansible_os_family == 'Debian'
 
-    - name: Set custom variables for old CentOS 6 PostgreSQL install.
-      set_fact:
-        postgresql_hba_entries: []
-        postgresql_global_config_options:
-          - option: unix_socket_directory
-            value: '{{ postgresql_unix_socket_directories[0] }}'
-      when:
-        - ansible_os_family == 'RedHat'
-        - ansible_distribution_version.split('.')[0] == '6'
-
   roles:
     - role: geerlingguy.postgresql
 

provisioning/roles/geerlingguy.postgresql/tasks/users.yml

@@ -2,10 +2,18 @@
 - name: Ensure PostgreSQL users are present.
   postgresql_user:
     name: "{{ item.name }}"
+    password: "{{ item.password | default(omit) }}"
+    login_host: "{{ item.login_host | default('localhost') }}"
+    login_password: "{{ item.login_password | default(omit) }}"
+    login_user: "{{ item.login_user | default(postgresql_user) }}"
+    login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
+    port: "{{ item.port | default(omit) }}"
   with_items: "{{ postgresql_users }}"
   no_log: "{{ postgres_users_no_log }}"
   become: true
   become_user: "{{ postgresql_user }}"
   # See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509
   vars:
     ansible_ssh_pipelining: true
+  environment:
+    PGOPTIONS: "{{ (postgresql_auth_method == 'scram-sha-256') | ternary('-c password_encryption=scram-sha-256', '') }}"

provisioning/roles/geerlingguy.postgresql/tasks/users_props.yml

@@ -20,3 +20,5 @@
   # See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509
   vars:
     ansible_ssh_pipelining: true
+  environment:
+    PGOPTIONS: "{{ (postgresql_auth_method == 'scram-sha-256') | ternary('-c password_encryption=scram-sha-256', '') }}"