Closed morgangraphics closed 6 months ago
In thinking about this further. Perhaps it might be a little easier for the role to have a default pg_hba.conf
file added before user creation which allows for unobstructed user creation and then the pg_hba.conf
configurations are applied after user creation is successful.
@morgangraphics, can you just use the postgresql_pg_hba_default
parameter to include what you want?
postgresql_pg_hba_default:
- comment: "Local postgresql Unix user"
type: local
database: all
user: postgres
address: ""
method: "md5"
I'm no longer involved in the project where this came up. If the above proposal this really the "correct" way to solve this issue, then I think the only thing would be to update the documentation accordingly pointing out that like in #473 order is important.
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
Setting the postgresql_default_auth_method: "md5" on a fresh install tells postgres that the default postgres user requires password authentication without first having set up an initial password before hand. This is a order of execution issue where:
Ideally the order should be
Minimum test case for generating issue
current work around is to accept the default postgresql_default_auth_method: "peer"
and after the posgres role has run, edit the /etc/postgresql/12/main/pg_hba.conf file
from
to
in another task.