f75aeaf9b5
Only setting it for standby servers isn't useful, as we need to be able to touch this file to trigger the promotion of a new primary server after running Chef on it.
117 lines
3.2 KiB
Ruby
117 lines
3.2 KiB
Ruby
resource_name :postgresql_custom_server
|
|
|
|
property :postgresql_version, String, required: true, name_property: true
|
|
property :role, String, required: true # Can be primary or replica
|
|
|
|
action :create do
|
|
encfs_data_dir = node["kosmos_encfs"]["data_directory"]
|
|
postgresql_version = new_resource.postgresql_version
|
|
postgresql_data_dir = "#{encfs_data_dir}/postgresql/#{postgresql_version}/main"
|
|
postgresql_service = "postgresql@#{postgresql_version}-main"
|
|
|
|
node.override['build-essential']['compile_time'] = true
|
|
include_recipe 'build-essential::default'
|
|
|
|
user "postgres" do
|
|
manage_home false
|
|
end
|
|
|
|
directory "#{encfs_data_dir}/postgresql" do
|
|
owner "postgres"
|
|
group "postgres"
|
|
mode "0750"
|
|
end
|
|
|
|
package("libpq-dev") { action :nothing }.run_action(:install)
|
|
|
|
chef_gem 'pg' do
|
|
compile_time true
|
|
end
|
|
|
|
postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
|
|
|
|
postgresql_server_install "main" do
|
|
version postgresql_version
|
|
setup_repo true
|
|
password postgresql_data_bag_item['server_password']
|
|
data_directory postgresql_data_dir
|
|
action :install
|
|
end
|
|
|
|
service postgresql_service do
|
|
supports restart: true, status: true, reload: true
|
|
action :start
|
|
end
|
|
|
|
# Activates the postgres service when encrypted data dir is mounted
|
|
encfs_path_activation_unit postgresql_service
|
|
|
|
# This service is a dependency that will auto-start our cluster service on
|
|
# boot if it's enabled, so we disable it explicitly
|
|
service "postgresql" do
|
|
action :disable
|
|
end
|
|
|
|
shared_buffers = if node['memory']['total'].to_i / 1024 < 1024 # > 1GB RAM
|
|
"128MB"
|
|
else # >= 1GB RAM, use 25% of total RAM
|
|
"#{node['memory']['total'].to_i / 1024 / 4}MB"
|
|
end
|
|
|
|
additional_config = {
|
|
max_connections: 100, # default
|
|
shared_buffers: shared_buffers,
|
|
unix_socket_directories: "/var/run/postgresql",
|
|
dynamic_shared_memory_type: "posix",
|
|
timezone: "UTC", # default is GMT
|
|
listen_addresses: "0.0.0.0"
|
|
}
|
|
|
|
additional_config[:promote_trigger_file] = "#{postgresql_data_dir}/failover.trigger"
|
|
|
|
ssl_cert = postgresql_data_bag_item['ssl_cert']
|
|
ssl_cert_path = "#{postgresql_data_dir}/server.crt"
|
|
ssl_key = postgresql_data_bag_item['ssl_key']
|
|
ssl_key_path = "#{postgresql_data_dir}/server.key"
|
|
|
|
file ssl_cert_path do
|
|
content ssl_cert
|
|
owner "postgres"
|
|
group "postgres"
|
|
mode "0640"
|
|
sensitive true
|
|
end
|
|
|
|
file ssl_key_path do
|
|
content ssl_key
|
|
owner "postgres"
|
|
group "postgres"
|
|
mode "0600"
|
|
sensitive true
|
|
end
|
|
|
|
additional_config[:ssl] = "on"
|
|
additional_config[:ssl_cert_file] = ssl_cert_path
|
|
additional_config[:ssl_key_file] = ssl_key_path
|
|
# ejabberd does not support 1.3 yet
|
|
additional_config[:ssl_min_protocol_version] = "TLSv1.2"
|
|
|
|
postgresql_server_conf "main" do
|
|
version postgresql_version
|
|
data_directory postgresql_data_dir
|
|
additional_config additional_config
|
|
notifies :reload, "service[#{postgresql_service}]", :delayed
|
|
end
|
|
|
|
postgresql_user "replication" do
|
|
action :create
|
|
replication true
|
|
password postgresql_data_bag_item['replication_password']
|
|
end
|
|
end
|
|
|
|
action_class do
|
|
# to use the data_dir helper
|
|
include PostgresqlCookbook::Helpers
|
|
end
|