Merge pull request 'Add a firewall rule to allow PostgreSQL clients to connect' (#269) from bugfix/postgresql_client_firewall into master
Reviewed-on: #269
This commit is contained in:
commit
c71d243c40
|
@ -24,9 +24,9 @@
|
|||
"ipaddress": "46.4.18.160",
|
||||
"roles": [
|
||||
"base",
|
||||
"postgresql_primary",
|
||||
"mastodon",
|
||||
"ejabberd"
|
||||
"ejabberd",
|
||||
"postgresql_client"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
|
@ -130,7 +130,6 @@
|
|||
"recipe[kosmos-base::andromeda_firewall]",
|
||||
"recipe[kosmos-ipfs]",
|
||||
"recipe[kosmos-ipfs::public_gateway]",
|
||||
"role[postgresql_primary]",
|
||||
"recipe[kosmos-btcpayserver::proxy]",
|
||||
"role[mastodon]",
|
||||
"role[ejabberd]",
|
||||
|
|
|
@ -3,4 +3,5 @@ name "mastodon"
|
|||
run_list %w(
|
||||
kosmos-mastodon
|
||||
kosmos-mastodon::nginx
|
||||
role[postgresql_client]
|
||||
)
|
||||
|
|
|
@ -64,6 +64,13 @@ postgresql_clients.each do |client|
|
|||
access_method "md5"
|
||||
notifies :reload, "service[#{postgresql_service}]", :immediately
|
||||
end
|
||||
|
||||
firewall_rule "postgresql #{hostname}" do
|
||||
port 5432
|
||||
protocol :tcp
|
||||
command :allow
|
||||
source ip
|
||||
end
|
||||
end
|
||||
|
||||
postgresql_replicas.each do |replica|
|
||||
|
|
Loading…
Reference in New Issue