diff --git a/salt/postgres/config.sls b/salt/postgres/config.sls index efa9dba93..11ca52649 100644 --- a/salt/postgres/config.sls +++ b/salt/postgres/config.sls @@ -21,7 +21,8 @@ postgressecretsdir: - user: 939 - group: 939 - mode: 700 - - makedirs: True + - require: + - file: postgresconfdir postgresdatadir: file.directory: @@ -42,7 +43,8 @@ postgresinitdir: - name: /opt/so/conf/postgres/init - user: 939 - group: 939 - - makedirs: True + - require: + - file: postgresconfdir postgresinitusers: file.managed: diff --git a/salt/postgres/soc_postgres.yaml b/salt/postgres/soc_postgres.yaml index d111e6923..4b25cd4f5 100644 --- a/salt/postgres/soc_postgres.yaml +++ b/salt/postgres/soc_postgres.yaml @@ -8,17 +8,17 @@ postgres: retention_days: description: Number of days of Telegraf metrics to keep in the so_telegraf database. Older partitions are dropped hourly by pg_partman. forcedType: int - helpLink: influxdb + helpLink: postgres config: max_connections: description: Maximum number of concurrent PostgreSQL connections. forcedType: int global: True - helpLink: influxdb + helpLink: postgres shared_buffers: description: Amount of memory PostgreSQL uses for shared buffers (e.g. 256MB, 1GB). Raising this improves read cache hit rate at the cost of system RAM. global: True - helpLink: influxdb + helpLink: postgres log_min_messages: description: Minimum severity of server messages written to the PostgreSQL log. options: @@ -30,60 +30,60 @@ postgres: - log - fatal global: True - helpLink: influxdb + helpLink: postgres listen_addresses: description: Interfaces PostgreSQL listens on. Must remain '*' so clients on the docker bridge network can connect. global: True advanced: True - helpLink: influxdb + helpLink: postgres port: description: TCP port PostgreSQL listens on inside the container. Firewall rules and container port mapping assume 5432. forcedType: int global: True advanced: True - helpLink: influxdb + helpLink: postgres ssl: description: Whether PostgreSQL accepts TLS connections. Must remain 'on' — pg_hba.conf requires hostssl for TCP. global: True advanced: True - helpLink: influxdb + helpLink: postgres ssl_cert_file: description: Path (inside the container) to the TLS server certificate. Salt-managed. global: True advanced: True - helpLink: influxdb + helpLink: postgres ssl_key_file: description: Path (inside the container) to the TLS server private key. Salt-managed. global: True advanced: True - helpLink: influxdb + helpLink: postgres ssl_ca_file: description: Path (inside the container) to the CA bundle PostgreSQL uses to verify client certificates. Salt-managed. global: True advanced: True - helpLink: influxdb + helpLink: postgres hba_file: description: Path (inside the container) to the pg_hba.conf authentication file. Salt-managed — edit salt/postgres/files/pg_hba.conf. global: True advanced: True - helpLink: influxdb + helpLink: postgres log_destination: description: Where PostgreSQL writes its server log. 'stderr' routes to the container log stream. global: True advanced: True - helpLink: influxdb + helpLink: postgres logging_collector: description: Whether to run a separate logging collector process. Disabled because the docker log stream already captures stderr. global: True advanced: True - helpLink: influxdb + helpLink: postgres shared_preload_libraries: description: Comma-separated list of extensions loaded at server start. Required for pg_cron which drives pg_partman maintenance — do not remove. global: True advanced: True - helpLink: influxdb + helpLink: postgres cron.database_name: description: Database pg_cron schedules jobs in. Must be so_telegraf so partman maintenance runs in the right database context. global: True advanced: True - helpLink: influxdb + helpLink: postgres