kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity

Add a firewall rule to allow PostgreSQL clients to connect #269

Merged
greg merged 3 commits from bugfix/postgresql_client_firewall into master 2020-12-22 22:15:07 +00:00
Conversation 3 Commits 3 Files Changed 3 +10 -3
3 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nodes/andromeda.kosmos.org.json
View File

@ -24,9 +24,9 @@
"ipaddress": "46.4.18.160", "ipaddress": "46.4.18.160",
"roles": [ "roles": [
"base", "base",
"postgresql_primary",
"mastodon", "mastodon",
"ejabberd" "ejabberd",
"postgresql_client"
], ],
"recipes": [ "recipes": [
"kosmos-base", "kosmos-base",
@ -130,7 +130,6 @@
"recipe[kosmos-base::andromeda_firewall]", "recipe[kosmos-base::andromeda_firewall]",
"recipe[kosmos-ipfs]", "recipe[kosmos-ipfs]",
"recipe[kosmos-ipfs::public_gateway]", "recipe[kosmos-ipfs::public_gateway]",
"role[postgresql_primary]",
"recipe[kosmos-btcpayserver::proxy]", "recipe[kosmos-btcpayserver::proxy]",
"role[mastodon]", "role[mastodon]",
"role[ejabberd]", "role[ejabberd]",

1
roles/mastodon.rb
View File

@ -3,4 +3,5 @@ name "mastodon"
run_list %w( run_list %w(
kosmos-mastodon kosmos-mastodon
kosmos-mastodon::nginx kosmos-mastodon::nginx
role[postgresql_client]
) )

7
site-cookbooks/kosmos-postgresql/recipes/default.rb
View File

@ -64,6 +64,13 @@ postgresql_clients.each do |client|
access_method "md5" access_method "md5"
notifies :reload, "service[#{postgresql_service}]", :immediately notifies :reload, "service[#{postgresql_service}]", :immediately
end end
firewall_rule "postgresql #{hostname}" do
port 5432
protocol :tcp
command :allow
source ip
end
end end
postgresql_replicas.each do |replica| postgresql_replicas.each do |replica|