You might want to allow remote PostgreSQL for various reason (development, monitoring, backup…) but if you modify pg_hba.conf yourself foreman-installer will overwrite it on next upgrade.
The proper way to do this is to overload generated puppet config by foreman-installer using /etc/foreman-installer/custom-hiera.yaml
Add the following configuration:
# PostgreSQL access for debugging/development postgresql::server::listen_addresses: - '*' postgresql::server::pg_hba_rules: allow_subnet_1: description: Allow subnet 1 type: host address: 192.168.122.0/24 database: foreman user: foreman auth_method: md5 order: 201 allow_subnet_2: description: Allow subnet 2 type: host address: 192.168.123.0/24 database: foreman user: foreman auth_method: md5 order: 202
Then, run foreman-installer again.
In postgresql.conf, listen_address will be set to * so PostgreSQL is bound on all network interface and in pg_hba.conf you will see the following rules being added:
# Rule Name: allow_subnet_1 # Description: Allow subnet 1 # Order: 201 host foreman foreman 192.168.122.0/24 md5 # Rule Name: allow_subnet_2 # Description: Allow subnet 2 # Order: 202 host foreman foreman 192.168.123.0/24 md5