kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Compare commits

base: kosmos:bb4b9195482e4af78c2342cd49534b06b1c6dd09
Branches Tags
kosmos:master kosmos:feature/237-gitea_ssh_signing kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg kosmos:jammy_jellyfish
...
compare: kosmos:c71d243c40f21fdf704cbd82b662069ce8af0a67
Branches Tags
kosmos:feature/237-gitea_ssh_signing kosmos:master kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg kosmos:jammy_jellyfish

4 Commits
bb4b919548 ... c71d243c40

Author SHA1 Message Date
greg
c71d243c40 Merge pull request 'Add a firewall rule to allow PostgreSQL clients to connect' (#269) from bugfix/postgresql_client_firewall into master 
Reviewed-on: #269
 2020-12-22 22:15:06 +00:00
greg
7d0490f3da Merge branch 'master' into bugfix/postgresql_client_firewall 2020-12-22 17:16:49 +00:00
Greg Karékinian
87388ac69d Add the postgresql_client role to the mastodon role 
This will add the firewall rule and pg_hba access rule on the PostgreSQL
servers
 2020-12-18 17:54:31 +01:00
Greg Karékinian
c700f98976 Add a firewall rule to allow clients to connect 
Previously it was not an issue because services that connected to the
PostgreSQL primary were also on the same server as a standby server.
 2020-12-18 17:53:28 +01:00
3 changed files with 10 additions and 3 deletions
Expand all files Collapse all files

5
nodes/andromeda.kosmos.org.json
View File

@@ -24,9 +24,9 @@
"ipaddress": "46.4.18.160",
"roles": [
"base",
"postgresql_primary",
"mastodon",
"ejabberd"
"ejabberd",
"postgresql_client"
],
"recipes": [
"kosmos-base",
@@ -130,7 +130,6 @@
"recipe[kosmos-base::andromeda_firewall]",
"recipe[kosmos-ipfs]",
"recipe[kosmos-ipfs::public_gateway]",
"role[postgresql_primary]",
"recipe[kosmos-btcpayserver::proxy]",
"role[mastodon]",
"role[ejabberd]",

1
roles/mastodon.rb
View File

@@ -3,4 +3,5 @@ name "mastodon"
run_list %w(
kosmos-mastodon
kosmos-mastodon::nginx
role[postgresql_client]
)

7
site-cookbooks/kosmos-postgresql/recipes/default.rb
View File

@@ -64,6 +64,13 @@ postgresql_clients.each do |client|
access_method "md5"
notifies :reload, "service[#{postgresql_service}]", :immediately
end
firewall_rule "postgresql #{hostname}" do
port 5432
protocol :tcp
command :allow
source ip
end
end
postgresql_replicas.each do |replica|