From 31dc14e88c8bd17e49b63a479e426a9e06fc1378 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Fri, 15 May 2020 18:44:42 +0200 Subject: [PATCH 1/2] Fix the firewall rules for PostgreSQL I got the source and destination mixed up. --- site-cookbooks/kosmos-postgresql/recipes/default.rb | 4 ++-- site-cookbooks/kosmos-postgresql/recipes/replica.rb | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/site-cookbooks/kosmos-postgresql/recipes/default.rb b/site-cookbooks/kosmos-postgresql/recipes/default.rb index d4bef39..7841577 100644 --- a/site-cookbooks/kosmos-postgresql/recipes/default.rb +++ b/site-cookbooks/kosmos-postgresql/recipes/default.rb @@ -62,11 +62,11 @@ postgresql_replicas.each do |replica| unless node.chef_environment == "development" include_recipe "firewall" - firewall_rule "postgresql" do + firewall_rule "postgresql replica #{replica[:hostname]}" do port 5432 protocol :tcp command :allow - destination replica[:ipaddress] + source replica[:ipaddress] end end end diff --git a/site-cookbooks/kosmos-postgresql/recipes/replica.rb b/site-cookbooks/kosmos-postgresql/recipes/replica.rb index 6bbcb75..926ef9b 100644 --- a/site-cookbooks/kosmos-postgresql/recipes/replica.rb +++ b/site-cookbooks/kosmos-postgresql/recipes/replica.rb @@ -72,11 +72,11 @@ systemctl start #{postgresql_service} unless node.chef_environment == "development" include_recipe "firewall" - firewall_rule "postgresql" do + firewall_rule "postgresql primary #{primary[:hostname]}" do port 5432 protocol :tcp command :allow - destination primary[:ipaddress] + source primary[:ipaddress] end end end From d79cdf087bba8aaa97c86b4ac816a136d7d91417 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Fri, 15 May 2020 18:45:12 +0200 Subject: [PATCH 2/2] Move the PGPASS environment variable to the execute resource That way it does not appear in the list of running processes while the command is running --- site-cookbooks/kosmos-postgresql/recipes/replica.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-postgresql/recipes/replica.rb b/site-cookbooks/kosmos-postgresql/recipes/replica.rb index 926ef9b..8a3f7d5 100644 --- a/site-cookbooks/kosmos-postgresql/recipes/replica.rb +++ b/site-cookbooks/kosmos-postgresql/recipes/replica.rb @@ -48,10 +48,11 @@ unless primary.nil? command <<-EOF systemctl stop #{postgresql_service} mv #{postgresql_data_dir} #{postgresql_data_dir}.old -PGPASSWORD=#{postgresql_data_bag_item['replication_password']} pg_basebackup -h #{primary[:ipaddress]} -U replication -D #{postgresql_data_dir} -R +pg_basebackup -h #{primary[:ipaddress]} -U replication -D #{postgresql_data_dir} -R chown -R postgres:postgres #{postgresql_data_dir} systemctl start #{postgresql_service} EOF + environment 'PGPASSWORD' => postgresql_data_bag_item['replication_password'] sensitive true not_if { ::File.exist? "#{postgresql_data_dir}/standby.signal" } end