Skip to main content

PostgreSQL

[edit on GitHub]

You can configure Chef Automate to use external PostgreSQL clusters that are not deployed via Chef Automate itself.

Configuring an External PostgreSQL Database

These configuration directions are intended for in the initial deployment of Chef Automate.

Add the following settings to your config.toml:

Warning

The following characters aren’t allowed in passwords:

  • `
  • "
  • '
  • \
  • ;
  • $
[global.v1.external.postgresql]
enable = true
nodes = ["<pghostname1>:<port1>", "<pghostname2>:<port2>", "..."]

# To use PostgreSQL with SSL, Set enable = true then, uncomment root_cert and fill out the certificate value. 
[global.v1.external.postgresql.ssl]
enable = false
# root_cert = """$(cat </path/to/root/cert.pem>)"""

[global.v1.external.postgresql.auth]
scheme = "password"

# Create these PostgreSQL users before starting the Automate deployment;
# Automate assumes they already exist.
[global.v1.external.postgresql.auth.password.superuser]
username = "<admin username>"
password = "<admin password>"
[global.v1.external.postgresql.auth.password.dbuser]
username = "<dbuser username>"
password = "<dbuser password>"

[global.v1.external.postgresql.backup]
enable = true

Adding Resolvers for PostgreSQL Database

In case you want to resolve the PostgreSQL cluster node IPs dynamically using DNS servers, you can add resolvers/nameservers to the configuration.

Name Servers can be added in two ways:

  1. Add nameserver IPs: If you are aware of the nameservers which should resolve the PostgreSQL nodes, the nameservers can be added to your config.toml file.

    [pg_gateway.v1.sys.resolvers]
      # Multiple resolvers can be specified by adding the resolvers in the list.
      nameservers = ["127.0.0.53:53"]
    
  2. Set system DNS entries: To use existing system nameserver entries from /etc/resolv.conf, add the following setting to config.toml:

    [pg_gateway.v1.sys.resolvers]
      enable_system_nameservers = true
    

If both options are set, nameserver IPs takes precedence over the system nameserver entries.

Apply the changes:

sudo chef-automate config patch config.toml

If you wish to reset to the default configuration or to modify the configuration:

  1. Run chef-automate config show config.toml.
  2. Edit config.toml to replace/edit the pg_gateway.v1.sys.resolvers section with the configuration values.
  3. Run chef-automate config set config.toml to apply your changes.

Thank you for your feedback!

×