You can set the version of the PostgreSQL server to 10, 12, or 13.

Optionally, you can set a password for the postgres database superuser. By default, no password is set, and a datababase is accessible from the postgres system account through a UNIX socket. It is recommended to encrypt the password by using Ansible Vault.

The content of the postgresql_pg_hba_conf variable replaces the default upstream configuration in the /var/lib/pgsql/data/pg_hba.conf file.

The content of the postgresql_server_conf variable is added to the end of the /var/lib/pgsql/data/postgresql.conf file. As a result, the default settings are overwritten.

To set up an SSL/TLS connection, set the postgresql_ssl_enable variable to true and provide a server certificate and a private key.

If you want to use your own certificate and private key, use the postgresql_cert_name variable to specify the certificate name. You must keep both certificate and key files in the same directory and under the same name with the .crt and .key suffixes.

For example, if your certificate file is located in /etc/certs/server.crt and your private key in /etc/certs/server.key, set the postgresql_cert_name value to:

The postgresql_certificates variable requires a list of dict in the same format as used by the redhat.rhel_system_roles.certificate role. Specify the postgresql_certificates variable if you want the certificate role to generate certificates for the PostgreSQL server configured by the PostgreSQL role. In the following example, a self-signed certificate postgresql_cert.crt is generated in the /etc/pki/tls/certs/ directory. By default, no certificates are automatically generated ([]).

To run an SQL script, define a path to your SQL file by using the postgresql_input_file variable:

By default, the PostgreSQL system role enables server settings optimization based on system resources. To disabe the tuning, set the postgresql_server_tuning variable to false.

See the examples/ for details.

Once you set the password by using the postgresql_password variable, it is impossible to change the password by setting another value. You must use the postgresql_password variable for every database acces under the superuser, including running an SQL script (the functionality of the postgresql_input_file variable).

Configuration files generated from postgresql_pg_hba_conf and postgresql_conf are regenerated within each single run. Therefore, every change rewrites the previous configuration.

Once the PostgreSQL server is installed, it is impossible to upgrade or downgrade the server by increasing or decreasing the version number in the postgresql_version variable.

This option reflects the setup of the latest run of the role.

This option reflects the setup of the latest run of the role. The PostgreSQL server needs properly defined certificates and keys to run with enabled SSL/TLS.