mariadb/mariadb.nomad.hcl

job "[[ .instance ]]" {

[[- $c := merge .mariadb.server .mariadb . ]]
[[ template "common/job_start" $c ]]

  group "server" {

    network {
      mode = "bridge"
    }

[[ template "common/volumes" $c ]]

    service {
      name = "[[ .instance ]][[ .consul.suffix ]]"
      port = 3306

[[ template "common/service_meta" $c ]]
[[ template "common/connect" $c ]]

      check {
        name     = "alive"
        type     = "script"
        task     = "mariadb"
        command  = "mysqladmin"
        args     = [
          "ping"
        ]
        timeout  = "10s"
        interval = "5s"
      }

      tags = [
[[ template "common/traefik_tags" $c ]]
      ]
    }

    # Run mysql_upgrade
    task "upgrade" {
      driver = "[[ $c.nomad.driver ]]"

      lifecycle {
        hook = "poststart"
      }

      config {
        image      = "[[ .mariadb.server.image ]]"
        pids_limit = 100
        command    = "/local/mysql_upgrade.sh"
      }

[[ template "common/vault.policies" $c ]]

      template {
        data = <<_EOT
[client]
user = root
host = 127.0.0.1
password = {{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.root_pwd }}{{ end }}
_EOT
        destination = "secrets/.my.cnf"
        uid = 100100
        gid = 100101
        perms = 640
      }

      template {
        data        = <<_EOT
[[ template "mariadb/mysql_upgrade.sh.tpl" $c ]]
_EOT
        destination = "local/mysql_upgrade.sh"
        perms       = 755
      }

      volume_mount {
        volume      = "data"
        destination = "/data"
      }

      resources {
        cpu = 10
        memory = 32
        memory_max = 64
      }
    }

    task "mariadb" {
      driver = "[[ $c.nomad.driver ]]"
      leader = true

      kill_timeout = "5m"

      config {
        image      = "[[ .mariadb.server.image ]]"
        volumes    = [
          "secrets/:/etc/my.cnf.d",
          "secrets/my.conf:/var/lib/mysql/.my.cnf:ro",
        ]
        pids_limit = 300
        #readonly_rootfs = true
      }

[[ template "common/vault.policies" $c ]]

      env {
        MYSQL_CONF_11_bind-address = "127.0.0.1"
[[ template "common/env" $c.env ]]
      }

      template {
        data = <<_EOT
{{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}
MYSQL_ROOT_PASSWORD={{ .Data.data.root_pwd }}
{{ end }}
_EOT
        destination = "secrets/mariadb.env"
        uid         = 100000
        gid         = 100000
        perms       = 400
        env         = true
      }

      template {
        data = <<_EOT
[client]
user = root
password = {{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.root_pwd }}{{ end }}
_EOT
        destination = "secrets/my.conf"
        uid = 100100
        gid = 100101
        perms = 640
      }

      volume_mount {
        volume      = "data"
        destination = "/data"
      }

[[ template "common/resources" $c ]]

    }
  }

[[- if .mariadb.backup.dumps.enabled ]]
[[- $c := merge .mariadb.backup .mariadb . ]]

  group "backup" {

    network {
      mode = "bridge"
    }

[[ template "common/volumes" $c ]]

    service {
      name = "[[ .instance ]]-backup[[ $c.consul.suffix ]]"
[[ template "common/connect" $c ]]
    }

[[ template "common/task.wait_for" $c ]]

    task "backup" {
      driver = "[[ $c.nomad.driver ]]"

      config {
        image           = "[[ .mariadb.backup.image ]]"
        pids_limit      = 100
        readonly_rootfs = true
        command         = "minit"
      }

[[ template "common/vault.policies" $c ]]

      env {
        MINIT_UNIT_DIR = "/local/minit.d"
      }

      template {
        data = <<_EOT
[client]
user = root
host = 127.0.0.1
password = {{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.root_pwd }}{{ end }}
_EOT
        destination = "secrets/.my.cnf"
        uid = 100000
        gid = 100000
        perms = 400
      }

      template {
        data =<<_EOT
[[ template "mariadb/dump.sh.tpl" $c ]]
_EOT
        destination = "local/dump.sh"
        perms = 755
      }

      template {
        data =<<_EOT
[[ template "mariadb/backup.minit.yml.tpl" $c ]]
_EOT
        destination = "local/minit.d/backup.yml"
      }

      volume_mount {
        volume      = "backup"
        destination = "/backup"
      }

[[ template "common/resources" $c ]]

    }
  }
[[- end ]]
}
Replace supercronic with minit 2024-01-19 23:31:41 +01:00			`job "[[ .instance ]]" {`

Cleanup 2024-01-31 14:06:09 +01:00			`[[- $c := merge .mariadb.server .mariadb . ]]`
Cleanup 2023-12-21 22:47:19 +01:00			`[[ template "common/job_start" $c ]]`
Start working on MariaDB 2023-10-25 23:00:31 +02:00
			`group "server" {`

			`network {`
			`mode = "bridge"`
			`}`

Replace supercronic with minit 2024-01-19 23:31:41 +01:00			`[[ template "common/volumes" $c ]]`
Start working on MariaDB 2023-10-25 23:00:31 +02:00
			`service {`
Cleanup 2024-01-31 14:06:09 +01:00			`name = "[[ .instance ]][[ .consul.suffix ]]"`
Start working on MariaDB 2023-10-25 23:00:31 +02:00			`port = 3306`

Cleanup 2024-05-12 22:03:09 +02:00			`[[ template "common/service_meta" $c ]]`
Cleanup 2023-12-21 22:47:19 +01:00			`[[ template "common/connect" $c ]]`
Start working on MariaDB 2023-10-25 23:00:31 +02:00
			`check {`
			`name = "alive"`
			`type = "script"`
			`task = "mariadb"`
			`command = "mysqladmin"`
			`args = [`
			`"ping"`
			`]`
			`timeout = "10s"`
			`interval = "5s"`
			`}`

			`tags = [`
Cleanup 2024-01-31 14:06:09 +01:00			`[[ template "common/traefik_tags" $c ]]`
Start working on MariaDB 2023-10-25 23:00:31 +02:00			`]`
			`}`

			`# Run mysql_upgrade`
Fix upgrade task 2023-10-25 23:08:38 +02:00			`task "upgrade" {`
Replace supercronic with minit 2024-01-19 23:31:41 +01:00			`driver = "[[ $c.nomad.driver ]]"`
Start working on MariaDB 2023-10-25 23:00:31 +02:00
			`lifecycle {`
			`hook = "poststart"`
			`}`

			`config {`
Cleanup 2024-01-31 14:06:09 +01:00			`image = "[[ .mariadb.server.image ]]"`
Fix upgrade task 2023-10-25 23:08:38 +02:00			`pids_limit = 100`
Cleanup 2024-01-31 14:06:09 +01:00			`command = "/local/mysql_upgrade.sh"`
Start working on MariaDB 2023-10-25 23:00:31 +02:00			`}`

Replace supercronic with minit 2024-01-19 23:31:41 +01:00			`[[ template "common/vault.policies" $c ]]`
Start working on MariaDB 2023-10-25 23:00:31 +02:00
			`template {`
			`data = <<_EOT`
			`[client]`
			`user = root`
Fix upgrade task 2023-10-25 23:08:38 +02:00			`host = 127.0.0.1`
Cleanup 2024-01-31 14:06:09 +01:00			`password = {{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.root_pwd }}{{ end }}`
Start working on MariaDB 2023-10-25 23:00:31 +02:00			`_EOT`
More work, including cron based backups 2023-10-27 00:03:31 +02:00			`destination = "secrets/.my.cnf"`
Start working on MariaDB 2023-10-25 23:00:31 +02:00			`uid = 100100`
			`gid = 100101`
			`perms = 640`
			`}`

			`template {`
			`data = <<_EOT`
			`[[ template "mariadb/mysql_upgrade.sh.tpl" $c ]]`
			`_EOT`
			`destination = "local/mysql_upgrade.sh"`
			`perms = 755`
			`}`

Fix upgrade task 2023-10-25 23:08:38 +02:00			`volume_mount {`
Replace supercronic with minit 2024-01-19 23:31:41 +01:00			`volume = "data"`
Fix upgrade task 2023-10-25 23:08:38 +02:00			`destination = "/data"`
			`}`

Start working on MariaDB 2023-10-25 23:00:31 +02:00			`resources {`
			`cpu = 10`
			`memory = 32`
			`memory_max = 64`
			`}`
			`}`

			`task "mariadb" {`
Replace supercronic with minit 2024-01-19 23:31:41 +01:00			`driver = "[[ $c.nomad.driver ]]"`
Start working on MariaDB 2023-10-25 23:00:31 +02:00			`leader = true`

			`kill_timeout = "5m"`

			`config {`
Replace supercronic with minit 2024-01-19 23:31:41 +01:00			`image = "[[ .mariadb.server.image ]]"`
Start working on MariaDB 2023-10-25 23:00:31 +02:00			`volumes = [`
			`"secrets/:/etc/my.cnf.d",`
			`"secrets/my.conf:/var/lib/mysql/.my.cnf:ro",`
			`]`
			`pids_limit = 300`
			`#readonly_rootfs = true`
			`}`

Replace supercronic with minit 2024-01-19 23:31:41 +01:00			`[[ template "common/vault.policies" $c ]]`
Start working on MariaDB 2023-10-25 23:00:31 +02:00
			`env {`
			`MYSQL_CONF_11_bind-address = "127.0.0.1"`
Cleanup 2023-12-21 22:47:19 +01:00			`[[ template "common/env" $c.env ]]`
Start working on MariaDB 2023-10-25 23:00:31 +02:00			`}`

			`template {`
			`data = <<_EOT`
Cleanup 2024-01-31 14:06:09 +01:00			`{{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}`
Start working on MariaDB 2023-10-25 23:00:31 +02:00			`MYSQL_ROOT_PASSWORD={{ .Data.data.root_pwd }}`
			`{{ end }}`
			`_EOT`
			`destination = "secrets/mariadb.env"`
			`uid = 100000`
			`gid = 100000`
			`perms = 400`
			`env = true`
			`}`

			`template {`
			`data = <<_EOT`
			`[client]`
			`user = root`
Cleanup 2024-01-31 14:06:09 +01:00			`password = {{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.root_pwd }}{{ end }}`
Start working on MariaDB 2023-10-25 23:00:31 +02:00			`_EOT`
			`destination = "secrets/my.conf"`
			`uid = 100100`
			`gid = 100101`
			`perms = 640`
			`}`

			`volume_mount {`
Replace supercronic with minit 2024-01-19 23:31:41 +01:00			`volume = "data"`
Start working on MariaDB 2023-10-25 23:00:31 +02:00			`destination = "/data"`
			`}`

Replace supercronic with minit 2024-01-19 23:31:41 +01:00			`[[ template "common/resources" $c ]]`
Start working on MariaDB 2023-10-25 23:00:31 +02:00
			`}`
			`}`
More work, including cron based backups 2023-10-27 00:03:31 +02:00
			`[[- if .mariadb.backup.dumps.enabled ]]`
Replace supercronic with minit 2024-01-19 23:31:41 +01:00			`[[- $c := merge .mariadb.backup .mariadb . ]]`
More work, including cron based backups 2023-10-27 00:03:31 +02:00
			`group "backup" {`
Replace supercronic with minit 2024-01-19 23:31:41 +01:00
More work, including cron based backups 2023-10-27 00:03:31 +02:00			`network {`
			`mode = "bridge"`
			`}`

Replace supercronic with minit 2024-01-19 23:31:41 +01:00			`[[ template "common/volumes" $c ]]`
More work, including cron based backups 2023-10-27 00:03:31 +02:00
			`service {`
Cleanup 2023-12-21 22:47:19 +01:00			`name = "[[ .instance ]]-backup[[ $c.consul.suffix ]]"`
			`[[ template "common/connect" $c ]]`
More work, including cron based backups 2023-10-27 00:03:31 +02:00			`}`

Cleanup 2023-12-21 22:47:19 +01:00			`[[ template "common/task.wait_for" $c ]]`
More work, including cron based backups 2023-10-27 00:03:31 +02:00
			`task "backup" {`
Replace supercronic with minit 2024-01-19 23:31:41 +01:00			`driver = "[[ $c.nomad.driver ]]"`
More work, including cron based backups 2023-10-27 00:03:31 +02:00
			`config {`
Replace supercronic with minit 2024-01-19 23:31:41 +01:00			`image = "[[ .mariadb.backup.image ]]"`
			`pids_limit = 100`
More work, including cron based backups 2023-10-27 00:03:31 +02:00			`readonly_rootfs = true`
Replace supercronic with minit 2024-01-19 23:31:41 +01:00			`command = "minit"`
More work, including cron based backups 2023-10-27 00:03:31 +02:00			`}`

Replace supercronic with minit 2024-01-19 23:31:41 +01:00			`[[ template "common/vault.policies" $c ]]`

			`env {`
			`MINIT_UNIT_DIR = "/local/minit.d"`
More work, including cron based backups 2023-10-27 00:03:31 +02:00			`}`

			`template {`
			`data = <<_EOT`
			`[client]`
			`user = root`
			`host = 127.0.0.1`
Cleanup 2024-01-31 14:06:09 +01:00			`password = {{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.root_pwd }}{{ end }}`
More work, including cron based backups 2023-10-27 00:03:31 +02:00			`_EOT`
			`destination = "secrets/.my.cnf"`
			`uid = 100000`
			`gid = 100000`
			`perms = 400`
			`}`

			`template {`
			`data =<<_EOT`
			`[[ template "mariadb/dump.sh.tpl" $c ]]`
			`_EOT`
			`destination = "local/dump.sh"`
			`perms = 755`
			`}`

			`template {`
			`data =<<_EOT`
Replace supercronic with minit 2024-01-19 23:31:41 +01:00			`[[ template "mariadb/backup.minit.yml.tpl" $c ]]`
More work, including cron based backups 2023-10-27 00:03:31 +02:00			`_EOT`
Replace supercronic with minit 2024-01-19 23:31:41 +01:00			`destination = "local/minit.d/backup.yml"`
More work, including cron based backups 2023-10-27 00:03:31 +02:00			`}`

			`volume_mount {`
			`volume = "backup"`
			`destination = "/backup"`
			`}`

Replace supercronic with minit 2024-01-19 23:31:41 +01:00			`[[ template "common/resources" $c ]]`
More work, including cron based backups 2023-10-27 00:03:31 +02:00
			`}`
			`}`
			`[[- end ]]`
Start working on MariaDB 2023-10-25 23:00:31 +02:00			`}`