Support postgres pooler
This commit is contained in:
parent
aa8d1db44f
commit
823d10f6b3
|
@ -42,7 +42,7 @@ job "lemonldap-ng" {
|
|||
"traefik.http.routers.lemonldap-ng-portal.middlewares=rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file",
|
||||
"traefik.http.routers.lemonldap-ng-manager.rule=Host(`manager.example.org`)",
|
||||
"traefik.http.routers.lemonldap-ng-manager.entrypoints=https",
|
||||
"traefik.http.routers.lemonldap-ng-manager.middlewares=rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,compression@file",
|
||||
"traefik.http.routers.lemonldap-ng-manager.middlewares=rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,compression@file,map[]",
|
||||
|
||||
]
|
||||
}
|
||||
|
@ -76,6 +76,8 @@ job "lemonldap-ng" {
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
task "lemonldap-ng" {
|
||||
driver = "docker"
|
||||
|
||||
|
@ -99,6 +101,7 @@ job "lemonldap-ng" {
|
|||
|
||||
}
|
||||
|
||||
|
||||
vault {
|
||||
policies = ["lemonldap-ng"]
|
||||
env = false
|
||||
|
@ -106,6 +109,7 @@ job "lemonldap-ng" {
|
|||
}
|
||||
|
||||
|
||||
|
||||
artifact {
|
||||
source = "git::https://git.lapiole.org/nomad/lemonldap-ng.git//files/assets"
|
||||
destination = "local/assets/static/common"
|
||||
|
@ -129,12 +133,6 @@ job "lemonldap-ng" {
|
|||
data = <<_EOT
|
||||
LANG=fr_FR.utf8
|
||||
LLNG_WORKERS=6
|
||||
PGDATABASE=lemonldap-ng
|
||||
PGHOST=127.0.0.1
|
||||
PGPASSWORD={{ with secret "database/creds/lemonldap-ng" }}{{ .Data.password }}{{ end }}
|
||||
PGPORT=5432
|
||||
PGSSLMODE=disable
|
||||
PGUSER={{ with secret "database/creds/lemonldap-ng" }}{{ .Data.username }}{{ end }}
|
||||
TZ=Europe/Paris
|
||||
_EOT
|
||||
destination = "secrets/.env"
|
||||
|
@ -249,6 +247,23 @@ _EOT
|
|||
destination = "local/init.ini"
|
||||
}
|
||||
|
||||
# Database settings
|
||||
template {
|
||||
data = <<_EOT
|
||||
PGHOST=127.0.0.1
|
||||
PGDATABASE=lemonldap-ng
|
||||
PGSSLMODE=disable
|
||||
PGPORT=5432
|
||||
PGUSER={{ with secret "database/creds/lemonldap-ng" }}{{ .Data.username }}{{ end }}
|
||||
PGPASSWORD={{ with secret "database/creds/lemonldap-ng" }}{{ .Data.password }}{{ end }}
|
||||
_EOT
|
||||
destination = "secrets/.db.env"
|
||||
uid = 100000
|
||||
gid = 100000
|
||||
perms = 400
|
||||
env = true
|
||||
}
|
||||
|
||||
# A small script to handle initialization (create tables, indexes, load initial config in the DB)
|
||||
template {
|
||||
data = <<_EOT
|
||||
|
|
|
@ -3,7 +3,7 @@ job "[[ .instance ]]" {
|
|||
[[ template "common/job_start" merge .llng . ]]
|
||||
|
||||
group "lemonldap-ng" {
|
||||
[[- $c := merge .llng.engine . ]]
|
||||
[[- $c := merge .llng.engine .llng . ]]
|
||||
|
||||
count = [[ $c.count ]]
|
||||
|
||||
|
@ -53,6 +53,7 @@ job "[[ .instance ]]" {
|
|||
}
|
||||
|
||||
[[ template "common/task.wait_for" $c ]]
|
||||
[[ template "common/postgres_pooler" $c ]]
|
||||
|
||||
task "lemonldap-ng" {
|
||||
driver = [[ $c.nomad.driver | toJSON ]]
|
||||
|
@ -68,11 +69,7 @@ job "[[ .instance ]]" {
|
|||
[[ template "common/tmpfs" dict "size" "5000000" "target" "/tmp" ]]
|
||||
}
|
||||
|
||||
vault {
|
||||
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
|
||||
env = false
|
||||
disable_file = true
|
||||
}
|
||||
[[ template "common/vault.policies" $c ]]
|
||||
|
||||
[[ template "common/artifacts" $c ]]
|
||||
|
||||
|
@ -107,6 +104,31 @@ _EOT
|
|||
destination = "local/init.ini"
|
||||
}
|
||||
|
||||
# Database settings
|
||||
template {
|
||||
data =<<_EOT
|
||||
PGHOST=[[ $c.postgres.host ]]
|
||||
PGDATABASE=[[ $c.postgres.database ]]
|
||||
[[- if ne $c.postgres.pooler.engine "none" ]]
|
||||
PGPORT=6432
|
||||
PGUSER=[[ .instance ]]
|
||||
PGPASSWORD={{ env "NOMAD_ALLOC_ID" }}
|
||||
[[- else ]]
|
||||
[[- if and (not (has $c.env "PGSSLMODE")) (regexp.Match "^(127\\.0\\.0\\.1|localhost)$" .postgres.host) ]]
|
||||
PGSSLMODE=disable
|
||||
[[- end ]]
|
||||
PGPORT=[[ $c.postgres.port ]]
|
||||
PGUSER=[[ $c.postgres.user ]]
|
||||
PGPASSWORD=[[ $c.postgres.password ]]
|
||||
[[- end ]]
|
||||
_EOT
|
||||
destination = "secrets/.db.env"
|
||||
uid = 100000
|
||||
gid = 100000
|
||||
perms = 400
|
||||
env = true
|
||||
}
|
||||
|
||||
# A small script to handle initialization (create tables, indexes, load initial config in the DB)
|
||||
template {
|
||||
data = <<_EOT
|
||||
|
|
|
@ -29,16 +29,19 @@ llng:
|
|||
wait_for:
|
||||
- service: postgres[[ .consul.suffix ]]
|
||||
|
||||
# Vault policices
|
||||
vault:
|
||||
policies:
|
||||
- '[[ .instance ]][[ .consul.suffix ]]'
|
||||
|
||||
# Database settings
|
||||
postgres:
|
||||
database: '[[ .instance ]]'
|
||||
user: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}'
|
||||
password: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}'
|
||||
|
||||
# Additional env vars to pass to the container
|
||||
env:
|
||||
# Database settings
|
||||
PGHOST: 127.0.0.1
|
||||
PGPORT: 5432
|
||||
PGUSER: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}'
|
||||
PGPASSWORD: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}'
|
||||
PGDATABASE: '[[ .instance ]]'
|
||||
# No need for SSL if postgres is accessed from the mesh
|
||||
PGSSLMODE: disable
|
||||
# Max number of uwsgi workers. You might need to allocation more memory
|
||||
# if you need to rise this value (or you can just run several instances instead)
|
||||
LLNG_WORKERS: 6
|
||||
|
@ -81,7 +84,7 @@ llng:
|
|||
#- compression@file
|
||||
|
||||
# List of middlewares to apply
|
||||
middlewares: {}
|
||||
middlewares: []
|
||||
|
||||
# Cron jobs
|
||||
cron:
|
||||
|
|
Loading…
Reference in New Issue