Enable firewall rules to allow primary/replica to connect

2020-05-12 12:10:10 +02:00
parent 80c7263a72
commit 254f9020ae
3 changed files with 26 additions and 42 deletions
--- a/site-cookbooks/kosmos-postgresql/recipes/replica.rb
+++ b/site-cookbooks/kosmos-postgresql/recipes/replica.rb
@@ -71,6 +71,18 @@ systemctl start #{postgresql_service}

  # On the next Chef run the replica will be set up
  node.normal['kosmos-postgresql']['ready_to_set_up_replica'] = true
+
+  unless node.chef_environment == "development"
+    include_recipe "firewall"
+
+    firewall_rule "postgresql" do
+      port        5432
+      protocol    :tcp
+      command     :allow
+      destination primary[:ipaddress]
+    end
+  end
 end

-include_recipe "kosmos-postgresql::firewall"
+# TODO: We need to set up firewall rules and access rules for clients too
+# (Mastodon, ejabberd, etc)