91 lines
3.1 KiB
Ruby
91 lines
3.1 KiB
Ruby
#
|
|
# Cookbook:: kosmos-postgresql
|
|
# Recipe:: default
|
|
#
|
|
# The MIT License (MIT)
|
|
#
|
|
# Copyright:: 2019, Kosmos Developers
|
|
#
|
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
# of this software and associated documentation files (the "Software"), to deal
|
|
# in the Software without restriction, including without limitation the rights
|
|
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
# copies of the Software, and to permit persons to whom the Software is
|
|
# furnished to do so, subject to the following conditions:
|
|
#
|
|
# The above copyright notice and this permission notice shall be included in
|
|
# all copies or substantial portions of the Software.
|
|
#
|
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
# THE SOFTWARE.
|
|
|
|
postgresql_version = "12"
|
|
postgresql_service = "postgresql@#{postgresql_version}-main"
|
|
|
|
service postgresql_service do
|
|
supports restart: true, status: true, reload: true
|
|
end
|
|
|
|
postgresql_custom_server postgresql_version do
|
|
role "primary"
|
|
end
|
|
|
|
# This will only be run once, if the /var/lib/postgresql/10/main directory
|
|
# exists. The old data directory is then moved.
|
|
execute "upgrade postgresql to 12" do
|
|
command <<-EOF
|
|
systemctl stop postgresql@12-main
|
|
systemctl stop postgresql@10-main
|
|
su - postgres -c "/usr/lib/postgresql/12/bin/pg_upgrade --old-bindir=/usr/lib/postgresql/10/bin/ --new-bindir=/usr/lib/postgresql/12/bin/ --old-datadir=/etc/postgresql/10/main/ --new-datadir=/etc/postgresql/12/main/"
|
|
mv /var/lib/postgresql/10/main /var/lib/postgresql/10/main.old
|
|
systemctl start postgresql@12-main
|
|
EOF
|
|
only_if { ::File.exist? "/var/lib/postgresql/10/main" }
|
|
end
|
|
|
|
# Services that connect to PostgreSQL need to have the postgresql_client role
|
|
# as part of their run list. See the gitea and ejabberd roles.
|
|
postgresql_clients = search(:node, "roles:postgresql_client AND chef_environment:#{node.chef_environment}") || []
|
|
|
|
postgresql_clients.each do |client|
|
|
ip = ip_for(client)
|
|
hostname = client[:hostname]
|
|
|
|
postgresql_access "#{hostname} all" do
|
|
access_type "host"
|
|
access_db "all"
|
|
access_user "all"
|
|
access_addr "#{ip}/32"
|
|
access_method "md5"
|
|
notifies :reload, "service[#{postgresql_service}]", :immediately
|
|
end
|
|
|
|
firewall_rule "postgresql #{hostname}" do
|
|
port 5432
|
|
protocol :tcp
|
|
command :allow
|
|
source ip
|
|
end
|
|
end
|
|
|
|
postgresql_replicas.each do |replica|
|
|
postgresql_access "#{replica[:hostname]} replication" do
|
|
access_type "host"
|
|
access_db "replication"
|
|
access_user "replication"
|
|
access_addr "#{replica[:ipaddress]}/32"
|
|
access_method "md5"
|
|
notifies :reload, "service[#{postgresql_service}]", :immediately
|
|
end
|
|
|
|
end
|
|
|
|
unless node.chef_environment == "development"
|
|
include_recipe "kosmos-postgresql::firewall_replicas"
|
|
end
|