Skip to content

Enable SSL by default #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 11, 2025
Merged

Enable SSL by default #27

merged 2 commits into from
Jul 11, 2025

Conversation

davidassigbi
Copy link
Contributor

Description

This update enables SSL by default within the Ansible role, including automatic generation of self-signed certificates. Additionally, it changes the default value of the postgresql_config_change_allow_restart variable to false, preventing automatic restarts on configuration changes by default.

closes #6

Motivation and Context

These changes improve the default security posture of PostgreSQL by enabling SSL out of the box. They also help avoid unnecessary restarts during configuration updates unless explicitly allowed, aligning better with production deployment expectations.

How Has This Been Tested?

Tests performed with Molecule both locally and using Github Actions

Screenshots (if appropriate):

Types of Changes

  • Breaking change: feat(ssl): Enable SSL by default with support for generating self signed certificates
  • Breaking change: feat(config): Change default value of postgresql_config_change_allow_restart to false
  • chore(ci): Switch ansible lint action to ansible/ansible-lint@main

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.

@davidassigbi davidassigbi added this to the 3.0.0 milestone Jul 11, 2025
@davidassigbi davidassigbi merged commit 4693f16 into main Jul 11, 2025
60 checks passed
@davidassigbi davidassigbi deleted the ssl_by_default_2 branch July 11, 2025 12:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ElieDeloumeau ElieDeloumeau ElieDeloumeau approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.0.0
Development

Successfully merging this pull request may close these issues.

Add support for generating a self signed certificate for the postgresql user.
3 participants
@davidassigbi @ElieDeloumeau @nathaliereslou