NAV Navbar
Logo
Switch version:

Add-on configuration reference

This section will help you configure the add-on with details about the Postgres instance it needs to connect to and use. Optionally, you can set it to use SSL for its communication with the Postgres server.

The configuration file for the GoCD PostgreSQL add-on is called “postgresqldb.properties” and it should be created in GoCD’s configuration directory. A sample configuration file could look like this:

db.host=localhost
db.port=5432
db.name=cruise
db.user=postgres
db.password=postgres

The valid keys in the configuration file are mentioned below:

Key Mandatory Default Description
db.host Yes - The value should be the IP address or the hostname of the Postgres server that is to be used.
db.port No 5432 The value should be the port that the Postgres server is using and listening on.
db.name No cruise The database schema name that the GoCD Server should use.
db.user Yes - The database user which GoCD should use to connect to the schema.
db.password No - The password for the user specified by “db.user” property which GoCD should use to connect to the schema.
db.passwordEncrypted No false This property should be set to “true” if the “db.password” property contains an encrypted value that the add-on should decrypt using the GoCD cipher file, before using.
db.maxActive No 32 Maximum number of active connections that should be established with the Postgres server.
db.maxIdle No 32 Maximum number of idle connections that should be maintained with the Postgres server.
db.ssl No false This property should be set to “true” to enable SSL connections to the Postgres server. If this is set to “true”, then the other SSL and certificate related properties (below) should also be set.
db.ssl.mode No verify-full Indicates the verification level of the server certificate when SSL is used. In order to prevent spoofing, SSL certificate verification must be used. However, for evaluation or test environments, this can be set to lower security levels. This flag corresponds to “sslmode” connection parameter which is passed on to “libpq” library used by Postgres. For more details, take a look at libpq SSL support documentation.
db.root.cert No root.pem Filename of the root certificate file. This property needs to be configured if SSL connection is used. This file should be placed in the GoCD Server’s configuration directory. This property corresponds to “sslrootcert” connection parameter which is passed on to “libpq” library used by Postgres. GoCD uses Postgres’ JDBC driver to connect to the database, and pg_dump to perform backups. The former requires either PEM or DER encoded certificates, while the latter could work with either CRT file or PEM. Hence, only PEM encoded certificates can be used with GoCD as of now.
db.client.cert No client.crt Client certificate filename. The certificate in this file will be provided when Postgres server requests a trusted client certificate. This file should be placed in the GoCD Server’s configuration directory. This property corresponds to “sslcert” connection parameter which is passed on to “libpq” library used by Postgres.
db.client.key No client.key RSA private key file for the client certificate. The key file should be placed in the GoCD Server’s configuration directory and must not allow any access to world or group (can be done using: chmod 600 client.key). This property corresponds to “sslkey” connection parameters which is passed on to “libpq” library used by Postgres. If this file is not provided, “One Click Backup” from GoCD will not work.
db.client.pkcs8.key No client_pkcs8.key PKCS8 encoded client key file. This should be placed in the GoCD Server’s configuration directory. This file is required for a successful connection to be established when trusted client certificates are used for authentication. OpenSSL can be used to create a PKCS8 encoded file from a RSA key file by executing openssl pkcs8 -topk8 -outform DER -in client.key -nocrypt > client_pkcs8.key
db.backup.format No custom One Click Backup feature of GoCD backs up both the configuration and database. By default, for servers using Postgres, the custom backup strategy provided by pg_dump is used. The add-on can also be configured to take plaintext backups by configuring setting the value of this property to “plain”. In this case, pg_dump will be invoked with --format=plain --compress=6 as arguments. That causes it to take a plain text backup and compress it.