21119fff08
Supports both primary and replica. The access rules and firewall have to be set up outside of the custom resource, so they are part of the recipes instead Refs #160
42 lines
975 B
Markdown
42 lines
975 B
Markdown
# kosmos-postgresql
|
|
|
|
## Custom resources
|
|
|
|
### `postgresql_custom_server`
|
|
|
|
Usage:
|
|
|
|
When the `tls` attribute is set to true, a TLS certificate for the FQDN
|
|
(`node['fqdn']`, for example `andromeda.kosmos.org`) is generated using Let's
|
|
Encrypt and copied to the PostgreSQL data directory and added to the
|
|
`postgresql.conf` file
|
|
|
|
#### On the primary:
|
|
|
|
```ruby
|
|
postgresql_custom_server "12" do
|
|
role "primary"
|
|
tls true
|
|
end
|
|
```
|
|
|
|
#### On a replica:
|
|
|
|
```ruby
|
|
postgresql_custom_server "12" do
|
|
role "primary"
|
|
tls true
|
|
end
|
|
```
|
|
|
|
After the initial Chef run on the replica, run Chef on the primary to add the
|
|
firewall rules and PostgreSQL access rules, then run Chef again on the replica
|
|
to set up replication.
|
|
|
|
#### Caveat
|
|
|
|
[`firewall_rules`](https://github.com/chef-cookbooks/firewall/issues/134) and
|
|
[`postgresql_access`](https://github.com/sous-chefs/postgresql/issues/648) need
|
|
to be declared in recipes, not resources because of the way custom resources
|
|
work currently in Chef
|