Merge branch 'master' into feature/pg_encfs

site-cookbooks/kosmos-postgresql/libraries/helpers.rb

@@ -29,5 +29,11 @@ class Chef
         server_node['ipaddress']
       end
     end
+
+    def postgresql_service_name
+      postgresql_version = "12"
+
+      "postgresql@#{postgresql_version}-main"
+    end
   end
 end

site-cookbooks/kosmos-postgresql/recipes/default.rb

@@ -62,11 +62,11 @@ postgresql_replicas.each do |replica|
   unless node.chef_environment == "development"
     include_recipe "firewall"
 
-    firewall_rule "postgresql" do
+    firewall_rule "postgresql replica #{replica[:hostname]}" do
       port        5432
       protocol    :tcp
       command     :allow
-      destination replica[:ipaddress]
+      source replica[:ipaddress]
     end
   end
 end

site-cookbooks/kosmos-postgresql/recipes/replica.rb

@@ -49,10 +49,11 @@ unless primary.nil?
       command <<-EOF
 systemctl stop #{postgresql_service}
 mv #{postgresql_data_dir} #{postgresql_data_dir}.old
-PGPASSWORD=#{postgresql_data_bag_item['replication_password']} pg_basebackup -h #{primary[:ipaddress]} -U replication -D #{postgresql_data_dir} -R
+pg_basebackup -h #{primary[:ipaddress]} -U replication -D #{postgresql_data_dir} -R
 chown -R postgres:postgres #{postgresql_data_dir}
 systemctl start #{postgresql_service}
       EOF
+      environment 'PGPASSWORD' => postgresql_data_bag_item['replication_password']
       sensitive true
       not_if { ::File.exist? "#{postgresql_data_dir}/standby.signal" }
     end
@@ -73,11 +74,11 @@ systemctl start #{postgresql_service}
   unless node.chef_environment == "development"
     include_recipe "firewall"
 
-    firewall_rule "postgresql" do
+    firewall_rule "postgresql primary #{primary[:hostname]}" do
       port        5432
       protocol    :tcp
       command     :allow
-      destination primary[:ipaddress]
+      source primary[:ipaddress]
     end
   end
 end