chef/site-cookbooks/kosmos-postgresql/resources/server.rb

resource_name :postgresql_custom_server

property :postgresql_version, String, required: true, name_property: true
property :role, String, required: true # Can be primary or replica

action :create do
  postgresql_version = new_resource.postgresql_version
  postgresql_data_dir = "/mnt/data/postgresql/#{postgresql_version}/main"
  postgresql_service = "postgresql@#{postgresql_version}-main"

  node.override['build-essential']['compile_time'] = true
  include_recipe 'build-essential::default'

  directory postgresql_data_dir do
    owner "postgres"
    group "postgres"
    mode "0750"
    recursive true
    action :create
  end

  package("libpq-dev") { action :nothing }.run_action(:install)

  chef_gem 'pg' do
    compile_time true
  end

  postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')

  postgresql_server_install "main" do
    version postgresql_version
    setup_repo true
    password postgresql_data_bag_item['server_password']
    action :install
  end

  service postgresql_service do
    supports restart: true, status: true, reload: true
    # action [:enable, :start]
  end

  postgresql_client_install "main" do
    version postgresql_version
    setup_repo true
    action :install
  end

  shared_buffers = if node['memory']['total'].to_i / 1024 < 1024 # > 1GB RAM
                     "128MB"
                   else # >= 1GB RAM, use 25% of total RAM
                     "#{node['memory']['total'].to_i / 1024 / 4}MB"
                   end

  additional_config = {
    max_connections: 100, # default
    shared_buffers: shared_buffers,
    unix_socket_directories: "/var/run/postgresql",
    dynamic_shared_memory_type: "posix",
    timezone: "UTC", # default is GMT
    listen_addresses: "0.0.0.0",
    data_directory: postgresql_data_dir
  }

  if new_resource.role == "replica"
    additional_config[:promote_trigger_file] = "#{postgresql_data_dir}/failover.trigger"
  end

  ssl_cert = postgresql_data_bag_item['ssl_cert']
  ssl_cert_path = "#{postgresql_data_dir}/server.crt"
  ssl_key = postgresql_data_bag_item['ssl_key']
  ssl_key_path = "#{postgresql_data_dir}/server.key"

  file ssl_cert_path do
    content ssl_cert
    owner "postgres"
    group "postgres"
    mode "0640"
    sensitive true
  end

  file ssl_key_path do
    content ssl_key
    owner "postgres"
    group "postgres"
    mode "0600"
    sensitive true
  end

  additional_config[:ssl]           = "on"
  additional_config[:ssl_cert_file] = ssl_cert_path
  additional_config[:ssl_key_file]  = ssl_key_path
  # ejabberd does not support 1.3 yet
  additional_config[:ssl_min_protocol_version]  = "TLSv1.2"

  postgresql_server_conf "main" do
    version postgresql_version
    additional_config additional_config
    notifies :reload, "service[#{postgresql_service}]"
  end

  postgresql_user "replication" do
    action :create
    replication true
    password postgresql_data_bag_item['replication_password']
  end

end

action_class do
  # to use the data_dir helper
  include PostgresqlCookbook::Helpers
end