Define access rules in the PostgreSQL primary recipe

Access is done for the IP of a server for all users and all databases for ejabberd and gitea
2020-06-11 18:20:04 +02:00
parent 26097a7584
commit 6f696d7634
3 changed files with 23 additions and 41 deletions
--- a/site-cookbooks/kosmos-ejabberd/recipes/pg_db.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/pg_db.rb
@@ -27,12 +27,6 @@

 postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')

-postgresql_service = "service[#{postgresql_service_name}]"
-
-service postgresql_service do
-  supports restart: true, status: true, reload: true
-end
-
 postgresql_user 'ejabberd' do
  action :create
  password postgresql_data_bag_item['ejabberd_user_password']
@@ -40,8 +34,6 @@ end

 databases = ["ejabberd", "ejabberd_5apps"]

-ejabberd_servers = search(:node, "role:ejabberd AND chef_environment:#{node.chef_environment}")
-
 databases.each do |database|
  postgresql_database database do
    owner 'ejabberd'
@@ -60,17 +52,4 @@ databases.each do |database|
    action :nothing
  end

-  ejabberd_servers.each do |ejabberd_server|
-    ip = ip_for(ejabberd_server)
-    hostname = ejabberd_server[:hostname]
-
-    postgresql_access "#{database} #{hostname}" do
-      access_type "host"
-      access_db database
-      access_user "ejabberd"
-      access_addr "#{ip}/32"
-      access_method "md5"
-      notifies :reload, postgresql_service, :delayed
-    end
-  end
 end