Parameter |
Choices/Defaults |
Comments |
conn_limit
(added in 2.4) |
|
Specifies the user connection limit.
|
db
|
|
Name of database where permissions will be granted.
|
encrypted
bool
(added in 1.4) |
|
Whether the password is stored hashed in the database. Passwords can be passed already hashed or unhashed, and postgresql ensures the stored password is hashed when encrypted is set.
Note: Postgresql 10 and newer doesn't support unhashed passwords.
Previous to Ansible 2.6, this was no by default.
|
expires
(added in 1.4) |
|
The date at which the user's password is to expire.
If set to 'infinity' , user's password never expire.
Note that this value should be a valid SQL date and time type.
|
fail_on_user
bool |
|
If yes , fail when user can't be removed. Otherwise just log and continue.
|
login_host
|
Default:
"localhost"
|
Host running PostgreSQL.
|
login_password
|
|
Password used to authenticate with PostgreSQL.
|
login_unix_socket
|
|
Path to a Unix domain socket for local connections.
|
login_user
|
Default:
"postgres"
|
User (role) used to authenticate with PostgreSQL.
|
name
required |
|
Name of the user (role) to add or remove.
|
no_password_changes
bool
(added in 2.0) |
|
If yes , don't inspect database for password changes. Effective when pg_authid is not accessible (such as AWS RDS). Otherwise, make password changes as necessary.
|
password
|
|
Set the user's password, before 1.4 this was required.
Password can be passed unhashed or hashed (MD5-hashed).
Unhashed password will automatically be hashed when saved into the database if encrypted parameter is set, otherwise it will be save in plain text format.
When passing a hashed password it must be generated with the format 'str["md5"] + md5[ password + username ]' , resulting in a total of 35 characters. An easy way to do this is echo "md5$(echo -n 'verysecretpasswordJOE' | md5sum ").
Note that if the provided password string is already in MD5-hashed format, then it is used as-is, regardless of encrypted parameter.
|
port
|
Default:
5432
|
Database port to connect to.
|
priv
|
|
PostgreSQL privileges string in the format: table:priv1,priv2 .
|
role_attr_flags
|
Choices:
- [NO]SUPERUSER
- [NO]CREATEROLE
- [NO]CREATEDB
- [NO]INHERIT
- [NO]LOGIN
- [NO]REPLICATION
- [NO]BYPASSRLS
|
PostgreSQL role attributes string in the format: CREATEDB,CREATEROLE,SUPERUSER.
Note that '[NO]CREATEUSER' is deprecated.
|
ssl_mode
(added in 2.3) |
Choices:
- disable
- allow
prefer ←
- require
- verify-ca
- verify-full
|
Determines whether or with what priority a secure SSL TCP/IP connection will be negotiated with the server.
Default of prefer matches libpq default.
|
ssl_rootcert
(added in 2.3) |
|
Specifies the name of a file containing SSL certificate authority (CA) certificate(s). If the file exists, the server's certificate will be verified to be signed by one of these authorities.
|
state
|
Choices:
present ←
- absent
|
The user (role) state.
|