a0db6adaf2
Previously we were passing it as an additional config, but it is set by default. The last value was used, the custom one, so the server still used the correct file
119 lines
3.3 KiB
Ruby
119 lines
3.3 KiB
Ruby
resource_name :postgresql_custom_server
|
|
|
|
property :postgresql_version, String, required: true, name_property: true
|
|
property :role, String, required: true # Can be primary or replica
|
|
|
|
action :create do
|
|
encfs_data_dir = node["kosmos_encfs"]["data_directory"]
|
|
postgresql_version = new_resource.postgresql_version
|
|
postgresql_data_dir = "#{encfs_data_dir}/postgresql/#{postgresql_version}/main"
|
|
postgresql_service = "postgresql@#{postgresql_version}-main"
|
|
|
|
node.override['build-essential']['compile_time'] = true
|
|
include_recipe 'build-essential::default'
|
|
|
|
user "postgres" do
|
|
manage_home false
|
|
end
|
|
|
|
directory "#{encfs_data_dir}/postgresql" do
|
|
owner "postgres"
|
|
group "postgres"
|
|
mode "0750"
|
|
end
|
|
|
|
package("libpq-dev") { action :nothing }.run_action(:install)
|
|
|
|
chef_gem 'pg' do
|
|
compile_time true
|
|
end
|
|
|
|
postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
|
|
|
|
postgresql_server_install "main" do
|
|
version postgresql_version
|
|
setup_repo true
|
|
password postgresql_data_bag_item['server_password']
|
|
data_directory postgresql_data_dir
|
|
action :install
|
|
end
|
|
|
|
service postgresql_service do
|
|
supports restart: true, status: true, reload: true
|
|
action :start
|
|
end
|
|
|
|
# Activates the postgres service when encrypted data dir is mounted
|
|
encfs_path_activation_unit postgresql_service
|
|
|
|
# This service is a dependency that will auto-start our cluster service on
|
|
# boot if it's enabled, so we disable it explicitly
|
|
service "postgresql" do
|
|
action :disable
|
|
end
|
|
|
|
shared_buffers = if node['memory']['total'].to_i / 1024 < 1024 # > 1GB RAM
|
|
"128MB"
|
|
else # >= 1GB RAM, use 25% of total RAM
|
|
"#{node['memory']['total'].to_i / 1024 / 4}MB"
|
|
end
|
|
|
|
additional_config = {
|
|
max_connections: 100, # default
|
|
shared_buffers: shared_buffers,
|
|
unix_socket_directories: "/var/run/postgresql",
|
|
dynamic_shared_memory_type: "posix",
|
|
timezone: "UTC", # default is GMT
|
|
listen_addresses: "0.0.0.0"
|
|
}
|
|
|
|
if new_resource.role == "replica"
|
|
additional_config[:promote_trigger_file] = "#{postgresql_data_dir}/failover.trigger"
|
|
end
|
|
|
|
ssl_cert = postgresql_data_bag_item['ssl_cert']
|
|
ssl_cert_path = "#{postgresql_data_dir}/server.crt"
|
|
ssl_key = postgresql_data_bag_item['ssl_key']
|
|
ssl_key_path = "#{postgresql_data_dir}/server.key"
|
|
|
|
file ssl_cert_path do
|
|
content ssl_cert
|
|
owner "postgres"
|
|
group "postgres"
|
|
mode "0640"
|
|
sensitive true
|
|
end
|
|
|
|
file ssl_key_path do
|
|
content ssl_key
|
|
owner "postgres"
|
|
group "postgres"
|
|
mode "0600"
|
|
sensitive true
|
|
end
|
|
|
|
additional_config[:ssl] = "on"
|
|
additional_config[:ssl_cert_file] = ssl_cert_path
|
|
additional_config[:ssl_key_file] = ssl_key_path
|
|
# ejabberd does not support 1.3 yet
|
|
additional_config[:ssl_min_protocol_version] = "TLSv1.2"
|
|
|
|
postgresql_server_conf "main" do
|
|
version postgresql_version
|
|
data_directory postgresql_data_dir
|
|
additional_config additional_config
|
|
notifies :reload, "service[#{postgresql_service}]", :delayed
|
|
end
|
|
|
|
postgresql_user "replication" do
|
|
action :create
|
|
replication true
|
|
password postgresql_data_bag_item['replication_password']
|
|
end
|
|
end
|
|
|
|
action_class do
|
|
# to use the data_dir helper
|
|
include PostgresqlCookbook::Helpers
|
|
end
|