Step 2: Configuring system.yaml

ARTIFACTORY: Connecting to Google Cloud PostgreSQL

AuthorFullName__c
Ashraf Kherbawy
articleNumber
000005146
ft:sourceType
Salesforce
FirstPublishedDate
2021-10-03T20:15:40Z
lastModifiedDate
2022-12-06
VersionNumber
8
We will be using the following system.yaml:
metadata:

  database:

    type: postgresql

    driver: org.postgresql.Driver

    url: go:user=<db-username> password='${shared.database.password}' dbname=<db-name> host=<db-hostname> port=5432 sslmode=verify-ca sslrootcert=/etc/ssl/certs/server-ca.cer sslcert=/etc/ssl/certs/client-cert.cer sslkey=/etc/ssl/certs/client-key.cer

shared:

    database:

        type: postgresql

        driver: org.postgresql.Driver

        url: jdbc:postgresql://<db-hostname>:5432/<db-name>?sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-ca&sslrootcert=/etc/ssl/certs/server-ca.cer&sslcert=/etc/ssl/certs/client-cert.cer&sslkey=/etc/ssl/certs/postgresql.key

        username: <db-username>

        password: <db-password>

As seen above, both connection strings use the same two certificates and two different formats of the same private key.

Additionally, the Metadata password is set to a variable for security purposes (encryption).

We need to make sure we change all values between the “< >” signes (which should be removed). Here is an example where the hostname is ‘googlesql’, database name is ‘artdb’, username is ‘joey’ and password is ‘hello’:
metadata:

  database:

    type: postgresql

    driver: org.postgresql.Driver

    url: go:user=joey password='${shared.database.password}' dbname=artdb host=googlesql port=5432 sslmode=verify-ca sslrootcert=/etc/ssl/certs/server-ca.cer sslcert=/etc/ssl/certs/client-cert.cer sslkey=/etc/ssl/certs/client-key.cer

shared:

    database:

        type: postgresql

        driver: org.postgresql.Driver

        url: jdbc:postgresql://googlesql:5432/artdb?sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-ca&sslrootcert=/etc/ssl/certs/server-ca.cer&sslcert=/etc/ssl/certs/client-cert.cer&sslkey=/etc/ssl/certs/postgresql.key

        username: joey

        password: hello

For Helm users:
Custom Metadata DB configuration is yet to be supported via Helm variables. Therefore, we will need to load our full system.yaml file using systemYamlOverride or systemYaml. A couple of notes for Helm installations:
  • Make sure you set ‘postgresql.enabled=false’, otherwise a random DB password will be used.
  • Make sure that in system.yaml, ‘metadata.database’ is declared before ‘shared.database’
Here’s a values.yaml example of the above system.yaml:
postgresql:

  enabled: false

global:

  customVolumes: |

      - name: gcp-certs

        secret:

          secretName: gcp-certs

  customVolumeMounts: |

     - name: gcp-certs

       mountPath: /etc/ssl/certs/

artifactory:

  systemYaml: |

    metadata:

      database:

        type: postgresql

        driver: org.postgresql.Driver

        url: go:user=joey password='${shared.database.password}' dbname=artdb host=googlesql port=5432 sslmode=verify-ca sslrootcert=/etc/ssl/certs/server-ca.cer sslcert=/etc/ssl/certs/client-cert.cer sslkey=/etc/ssl/certs/client-key.cer

      shared:

          database:

              type: postgresql

              driver: org.postgresql.Driver

              url: jdbc:postgresql://googlesql:5432/artdb?sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-ca&sslrootcert=/etc/ssl/certs/server-ca.cer&sslcert=/etc/ssl/certs/client-cert.cer&sslkey=/etc/ssl/certs/postgresql.key

              username: joey

              password: hello