Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tSkRw-001EKI-Ux
	for pgsql-general@arkaria.postgresql.org; Tue, 31 Dec 2024 22:10:53 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tSkRv-005RAk-2W
	for pgsql-general@arkaria.postgresql.org; Tue, 31 Dec 2024 22:10:50 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <xof@thebuild.com>)
	id 1tSkRu-005RAb-NT
	for pgsql-general@lists.postgresql.org; Tue, 31 Dec 2024 22:10:50 +0000
Received: from smtp97.ord1d.emailsrvr.com ([184.106.54.97])
	by magus.postgresql.org with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <xof@thebuild.com>)
	id 1tSkRn-002ZKG-Rx
	for pgsql-general@lists.postgresql.org; Tue, 31 Dec 2024 22:10:49 +0000
X-Auth-ID: xof@thebuild.com
Received: by smtp21.relay.ord1d.emailsrvr.com (Authenticated sender: xof-AT-thebuild.com) with ESMTPSA id C8DC76012F;
	Tue, 31 Dec 2024 17:10:41 -0500 (EST)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51\))
Subject: Re: Initial Postgres admin account setup using Ansible?
From: Christophe Pettus <xof@thebuild.com>
In-Reply-To: <75b177a0f2627519419009a2134fe050f3f623cb.camel@ageofdream.com>
Date: Tue, 31 Dec 2024 14:10:11 -0800
Cc: pgsql-general@lists.postgresql.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <DB47A2EB-C060-4AE7-842A-D10C6CF68FC4@thebuild.com>
References: <75b177a0f2627519419009a2134fe050f3f623cb.camel@ageofdream.com>
To: Nick <lists2@ageofdream.com>
X-Mailer: Apple Mail (2.3776.700.51)
X-Classification-ID: fa501c97-c6f2-4a74-98f4-edb7d5cb970f-1-1
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/DB47A2EB-C060-4AE7-842A-D10C6CF68FC4%40thebuild.com>
Precedence: bulk

On Dec 31, 2024, at 13:31, Nick <lists2@ageofdream.com> wrote:
> What is the proper (secure) way to let the Ansible POSIX user manage
> postgres? It seems there should be a fully automated way to bootstrap
> an Ansible user for `postgres`.

This is generally done with "become" and "become_user" in a shell =
command, something like:

- name: Do something as the postgres user
  ansible.builtin.shell: "psql ..."
  register: pgbackrest_which_output
  become: true
  become_user: postgres