From 22fc589988426cabad7f618177b8f234b74af8e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20-=20Le=20Filament?= <remi@le-filament.com> Date: Thu, 1 Dec 2022 12:34:27 +0100 Subject: [PATCH] [FIX] add userns in path --- tasks/main.yml | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 8de04d4..5d39262 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -603,20 +603,38 @@ # -------------------------------------------------- # Postgres Readonly user # -------------------------------------------------- -- name: PROD Allow readonly user connection to prod db +- name: PROD Allow readonly user connection to prod db (with userns_remap) + blockinfile: + path: /var/lib/docker/{{ dockremap_subuid }}.{{ dockremap_subgid }}/volumes/odoo_db/_data/pg_hba.conf + block: | + host {{ odoo_prod.db }} {{ odoo_prod.db_user }} 172.16.0.0/12 md5 + host postgres {{ odoo_prod.db_user }} 172.16.0.0/12 md5 + host {{ odoo_prod.db }} {{ odoo_db_rouser }} all md5 + when: odoo_remote_db_access and odoo_prod is defined and docker_userns_remap + tags: odoo_prod + +- name: PROD Allow readonly user connection to prod db (no userns_remap) blockinfile: path: /var/lib/docker/volumes/odoo_db/_data/pg_hba.conf block: | host {{ odoo_prod.db }} {{ odoo_prod.db_user }} 172.16.0.0/12 md5 host postgres {{ odoo_prod.db_user }} 172.16.0.0/12 md5 host {{ odoo_prod.db }} {{ odoo_db_rouser }} all md5 - when: odoo_remote_db_access and odoo_prod is defined + when: odoo_remote_db_access and odoo_prod is defined and not docker_userns_remap + tags: odoo_prod + +- name: PROD Disable access all rights (with userns_remap) + lineinfile: + name: /var/lib/docker/{{ dockremap_subuid }}.{{ dockremap_subgid }}/volumes/odoo_db/_data/pg_hba.conf + regexp: "^host all all all md5" + line: "#host all all all md5" + when: odoo_remote_db_access and odoo_prod is defined and docker_userns_remap tags: odoo_prod -- name: PROD Disable access all rights +- name: PROD Disable access all rights (no userns_remap) lineinfile: name: /var/lib/docker/volumes/odoo_db/_data/pg_hba.conf regexp: "^host all all all md5" line: "#host all all all md5" - when: odoo_remote_db_access and odoo_prod is defined + when: odoo_remote_db_access and odoo_prod is defined and not docker_userns_remap tags: odoo_prod -- GitLab