# kosmos-postgresql

## Custom resources

### `postgresql_custom_server`

Usage:

When the `tls` attribute is set to true, a TLS certificate for the FQDN
(`node['fqdn']`, for example `andromeda.kosmos.org`) is generated using Let's
Encrypt and copied to the PostgreSQL data directory and added to the
`postgresql.conf` file

#### On the primary:

```ruby
postgresql_custom_server "12" do
  role "primary"
  tls true
end
```

#### On a replica:

```ruby
postgresql_custom_server "12" do
  role "primary"
  tls true
end
```

After the initial Chef run on the replica, run Chef on the primary to add the
firewall rules and PostgreSQL access rules, then run Chef again on the replica
to set up replication.

#### Caveat

[`firewall_rules`](https://github.com/chef-cookbooks/firewall/issues/134) and
[`postgresql_access`](https://github.com/sous-chefs/postgresql/issues/648) need
to be declared in recipes, not resources because of the way custom resources
work currently in Chef