Encrypt PostgreSQL data directory #166
@ -27,13 +27,13 @@
|
||||
postgresql_version = "12"
|
||||
postgresql_service = "postgresql@#{postgresql_version}-main"
|
||||
|
||||
postgresql_custom_server postgresql_version do
|
||||
role "primary"
|
||||
# TODO check if still necessary
|
||||
user "postgres" do
|
||||
manage_home false
|
||||
end
|
||||
|
||||
service postgresql_service do
|
||||
supports restart: true, status: true, reload: true
|
||||
action [:enable]
|
||||
postgresql_custom_server postgresql_version do
|
||||
role "primary"
|
||||
end
|
||||
|
||||
# This will only be run once, if the /var/lib/postgresql/10/main directory
|
||||
|
||||
@ -11,12 +11,15 @@ action :create do
|
||||
node.override['build-essential']['compile_time'] = true
|
||||
include_recipe 'build-essential::default'
|
||||
|
||||
directory postgresql_data_dir do
|
||||
# TODO should likely go in the encfs cookbook somewhere
|
||||
directory "/mnt/data" do
|
||||
mode "0755"
|
||||
end
|
||||
|
||||
directory "/mnt/data/postgresql" do
|
||||
owner "postgres"
|
||||
group "postgres"
|
||||
mode "0750"
|
||||
recursive true
|
||||
action :create
|
||||
end
|
||||
|
||||
package("libpq-dev") { action :nothing }.run_action(:install)
|
||||
@ -31,18 +34,19 @@ action :create do
|
||||
version postgresql_version
|
||||
setup_repo true
|
||||
password postgresql_data_bag_item['server_password']
|
||||
data_directory postgresql_data_dir
|
||||
action :install
|
||||
end
|
||||
|
||||
service postgresql_service do
|
||||
supports restart: true, status: true, reload: true
|
||||
# action [:enable, :start]
|
||||
action :start
|
||||
end
|
||||
|
||||
postgresql_client_install "main" do
|
||||
version postgresql_version
|
||||
setup_repo true
|
||||
action :install
|
||||
# This service is a dependency that will auto-start our cluster service on
|
||||
# boot if it's enabled, so we disable it explicitly
|
||||
service "postgresql" do
|
||||
action :disable
|
||||
|
|
||||
end
|
||||
|
||||
shared_buffers = if node['memory']['total'].to_i / 1024 < 1024 # > 1GB RAM
|
||||
@ -95,7 +99,7 @@ action :create do
|
||||
postgresql_server_conf "main" do
|
||||
version postgresql_version
|
||||
additional_config additional_config
|
||||
notifies :reload, "service[#{postgresql_service}]"
|
||||
notifies :reload, "service[#{postgresql_service}]", :delayed
|
||||
end
|
||||
|
||||
postgresql_user "replication" do
|
||||
@ -103,7 +107,6 @@ action :create do
|
||||
replication true
|
||||
password postgresql_data_bag_item['replication_password']
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
action_class do
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user
postgresqlis a dummy service, it only runs/bin/true. The service to disable is the content of thepostgresql_servicevariable (postgresql@12-main), so this can be moved above