Skip to main content

PostgreSQL

You can configure Chef Automate to use external PostgreSQL clusters that aren’t deployed with Chef Automate itself.

Configuring an External PostgreSQL Database

These configuration directions are intended for in the initial deployment of Chef Automate.

Add the following settings to your config.toml:

The following characters aren’t allowed in passwords:

  • ` (backtick)
  • ' (single quote)
  • " (double quote)
  • \ (backslash)
  • ; (semicolon)
  • $ (dollar sign)
[global.v1.external.postgresql]
enable = true
nodes = ["<pghostname1>:<port1>", "<pghostname2>:<port2>", "..."]

# To use PostgreSQL with SSL, Set enable = true then, uncomment root_cert and fill out the certificate value. 
[global.v1.external.postgresql.ssl]
enable = false
# root_cert = """$(cat </path/to/root/cert.pem>)"""

[global.v1.external.postgresql.auth]
scheme = "password"

# Create these PostgreSQL users before starting the Automate deployment;
# Automate assumes they already exist.
[global.v1.external.postgresql.auth.password.superuser]
username = "<admin username>"
password = "<admin password>"
[global.v1.external.postgresql.auth.password.dbuser]
username = "<dbuser username>"
password = "<dbuser password>"

[global.v1.external.postgresql.backup]
enable = true

Adding Resolvers for PostgreSQL Database

In case you want to resolve the PostgreSQL cluster node IPs dynamically using DNS servers, you can add resolvers/name servers to the configuration.

Name servers can be added in two ways:

  1. Add name server IPs: If you are aware of the name servers which should resolve the PostgreSQL nodes, the name servers can be added to your config.toml file.

    [pg_gateway.v1.sys.resolvers]
  # Multiple resolvers can be specified by adding the resolvers in the list.
  nameservers = ["127.0.0.53:53"]

  2. Set system DNS entries: To use existing system name server entries from /etc/resolv.conf, add the following setting to config.toml:

    [pg_gateway.v1.sys.resolvers]
  enable_system_nameservers = true

If both options are set, name server IPs takes precedence over the system name server entries.

Apply the changes:

sudo chef-automate config patch config.toml

If you wish to reset to the default configuration or to modify the configuration:

  1. Run chef-automate config show config.toml.
  2. Edit config.toml to replace/edit the pg_gateway.v1.sys.resolvers section with the configuration values.
  3. Run chef-automate config set config.toml to apply your changes.

Thank you for your feedback!

×