the postgresql server does not restart when it should have

[MaxiReglisse]

Hello,

I'm trying to install a Zabbix server with a Postgresql database. The installation requires a zabbix user with md5 authentication, which implies a modification of pg_hba.conf and therefore a restart of postgresql during the Ansible deployment phase to allow the new pg_hba.conf to be taken into account. But alas, the postgresql server doesn't restart and the installation fails... You just need to restart the remote postgresql server for everything to be back in order, but the Ansible role should do this on its own.

This is all the more surprising given that the geerlingguy.postgresql role contains the instructions that should trigger the restart of the postgresql server (see the geerlingguy.postgresql/tasks/configure.yml file).

Here is my playbook.

- name: Deploy Zabbix and PostgreSQL
  hosts: zabbix.inframshe.univ-fcomte.fr
  become: true
  collections:
    - community.zabbix

  vars:
    ansible_python_interpreter: /usr/bin/python3
    postgresql_databases:
      - name: zabbix
    postgresql_users:
      - name: zabbix
        password: zabbix
        db: zabbix
    zabbix_agent_server: zabbix.inframshe.univ-fcomte.fr
    zabbix_server_database: pgsql
    zabbix_server_database_long: postgresql
    zabbix_server_dbport: 5432
    zabbix_server_dbname: zabbix
    zabbix_server_dbuser: zabbix
    zabbix_server_dbpassword: zabbix
    postgresql_hba_entries:
      - { type: local, database: all, user: postgres, auth_method: peer }
      - { type: local, database: all, user: zabbix, auth_method: md5 }
      - { type: host, database: all, user: zabbix, address: '127.0.0.1/32', auth_method: md5 }

  roles:
    - role: geerlingguy.postgresql
    - role: zabbix_agent
    - role: zabbix_server

By launching the playbook with otopn -vvv, you can see that the landler has been informed of the need to restart the postgresql server:

TASK [geerlingguy.postgresql : Configure host based authentication (if entries are configured).] ***
...
Notification for handler restart postgresql has been saved.
changed: [zabbix.inframshe.univ-fcomte.fr] => {

But the new pg_hba.conf file is not taken into account... And restarting the service allows the zabbix user to connect.

root@zabbix:~ # psql -U zabbix zabbix -W
Mot de passe : 
psql: erreur : la connexion au serveur sur le socket « /var/run/postgresql/.s.PGSQL.5432 » a échoué : FATAL:  authentification peer échouée pour l'utilisateur « zabbix »

root@zabbix:~ # systemctl restart postgresql.service 

root@zabbix:~ # psql -U zabbix zabbix -W
Mot de passe : 
psql (15.8 (Debian 15.8-0+deb12u1))
Saisissez « help » pour l'aide.
zabbix=> \q

some information about my Ansible environment:

• geerlingguy.postgresql (3.5.2)
• ansible [core 2.16.11]
• python version = 3.11.2
• jinja version = 3.1.2
• Debian GNU/Linux 12

Thank you in advance for your feedback.

Ernest.

[hgresa]

I'm experiencing the same issue.

I'm adding the following entry to postgresql_global_config_options to configure PostgreSQL to listen on all interfaces (which requires a service restart). However, the service isn't restarting automatically(via the handler), and PostgreSQL continues to listen only on 127.0.0.1. I have to restart the service manually for the change to take effect.

• option: listen_addresses
  value: "*"