From c700f9897620fb408706504f0e166614622b9d5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Fri, 18 Dec 2020 17:53:28 +0100
Subject: [PATCH] Add a firewall rule to allow clients to connect

Previously it was not an issue because services that connected to the
PostgreSQL primary were also on the same server as a standby server.
---
 site-cookbooks/kosmos-postgresql/recipes/default.rb | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/site-cookbooks/kosmos-postgresql/recipes/default.rb b/site-cookbooks/kosmos-postgresql/recipes/default.rb
index b3c9f4f..8055b8b 100644
--- a/site-cookbooks/kosmos-postgresql/recipes/default.rb
+++ b/site-cookbooks/kosmos-postgresql/recipes/default.rb
@@ -64,6 +64,13 @@ postgresql_clients.each do |client|
     access_method "md5"
     notifies :reload, "service[#{postgresql_service}]", :immediately
   end
+
+  firewall_rule "postgresql #{hostname}" do
+    port        5432
+    protocol    :tcp
+    command     :allow
+    source ip
+  end
 end
 
 postgresql_replicas.each do |replica|