kosmos-postgresql
Custom resources
postgresql_custom_server
Usage:
When the tls attribute is set to true, a TLS certificate for the FQDN
(node['fqdn'], for example andromeda.kosmos.org) is generated using Let's
Encrypt and copied to the PostgreSQL data directory and added to the
postgresql.conf file
On the primary:
postgresql_custom_server "12" do
role "primary"
tls true
end
On a replica:
postgresql_custom_server "12" do
role "replica"
tls true
end
After the initial Chef run on the replica, run Chef on the primary to add the firewall rules and PostgreSQL access rules, then run Chef again on the replica to set up replication.
Caveat
firewall_rules and
postgresql_access are
declared in recipes, not resources because of the way custom resources
work currently in Chef. See the default.rb and replica.rb recipes.
The primary gives access to the replication db to the replication user
connecting from a replica, and replicas to the primary. For more information
about PostgreSQL client authentication, see the
official docs
The primary opens up the PostgreSQL port (5432 TCP) to replicas, and replicas to the primary.