PostgreSQL
You can configure Chef Automate to use external PostgreSQL clusters that are not deployed via Chef Automate itself.
Configuring an External PostgreSQL Database
These configuration directions are intended for in the initial deployment of Chef Automate.
Add the following settings to your config.toml
:
Warning
[global.v1.external.postgresql]
enable = true
nodes = ["<pghostname1>:<port1>", "<pghostname2>:<port2>", "..."]
# To use postgres with SSL, Set enable = true then, uncomment root_cert and fill out the certificate value.
[global.v1.external.postgresql.ssl]
enable = false
# root_cert = """$(cat </path/to/root/cert.pem>)"""
[global.v1.external.postgresql.auth]
scheme = "password"
# Create these postgres users before starting the Automate deployment;
# Automate assumes they already exist.
[global.v1.external.postgresql.auth.password.superuser]
username = "<admin username>"
password = "<admin password>"
[global.v1.external.postgresql.auth.password.dbuser]
username = "<dbuser username>"
password = "<dbuser password>"
[global.v1.external.postgresql.backup]
enable = true
Adding Resolvers for PostgreSQL Database
In case you want to resolve the PostgreSQL cluster node IPs dynamically using DNS servers, you can add resolvers/nameservers to the configuration.
Name Servers can be added in two ways:
Add nameserver IPs: If you are aware of the nameservers which should resolve the PostgreSQL nodes, the nameservers can be added to your
config.toml
file.[pg_gateway.v1.sys.resolvers] # Multiple resolvers can be specified by adding the resolvers in the list. nameservers = ["127.0.0.53:53"]
Set system DNS entries: To use existing system nameserver entries from
/etc/resolv.conf
, add the following setting toconfig.toml
:[pg_gateway.v1.sys.resolvers] enable_system_nameservers = true
If both options are set, nameserver IPs takes precedence over the system nameserver entries.
Apply the changes:
sudo chef-automate config patch config.toml
If you wish to reset to the default configuration or to modify the configuration:
- Run
chef-automate config show config.toml
. - Edit
config.toml
to replace/edit thepg_gateway.v1.sys.resolvers
section with the configuration values. - Run
chef-automate config set config.toml
to apply your changes.