Update rendered example
This commit is contained in:
parent
049e7ec333
commit
918ba4253f
|
|
@ -1,4 +1,4 @@
|
|||
FROM danielberteaud/mariadb-client:24.2-1
|
||||
FROM danielberteaud/mariadb-client:24.3-1
|
||||
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
|
||||
|
||||
RUN set -eux &&\
|
||||
|
|
|
|||
|
|
@ -3,21 +3,21 @@
|
|||
set -euo pipefail
|
||||
|
||||
if [ "$(vault secrets list -format json | jq -r '.["database/"].type')" != "database" ]; then
|
||||
vault secrets enable -path /database database
|
||||
vault secrets enable -path database database
|
||||
fi
|
||||
|
||||
if [ "$(vault list -format json /database/config | jq '.[] | test("^mariadb$")')" = "false" ]; then
|
||||
vault write /database/config/mariadb \
|
||||
if [ "$(vault list -format json database/config | jq '.[] | test("^mariadb$")')" = "false" ]; then
|
||||
vault write database/config/mariadb \
|
||||
plugin_name="mysql-database-plugin" \
|
||||
connection_url="{{username}}:{{password}}@tcp(mariadb.example.org:3306)/" \
|
||||
allowed_roles="*" \
|
||||
username=vault \
|
||||
password="$(vault kv get -field vault_initial_pwd /kv/service/mariadb)" \
|
||||
password="$(vault kv get -field vault_initial_pwd kv/service/mariadb)" \
|
||||
disable_escaping=true
|
||||
vault write -force /database/rotate-root/mariadb
|
||||
vault write -force database/rotate-root/mariadb
|
||||
fi
|
||||
|
||||
vault write /database/roles/mariadb-admin \
|
||||
vault write database/roles/mariadb-admin \
|
||||
db_name="mariadb" \
|
||||
creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}'; \
|
||||
GRANT ALL PRIVILEGES ON *.* TO '{{name}}'@'%' WITH GRANT OPTION; \
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ job "mariadb-manage" {
|
|||
user = 1053
|
||||
|
||||
config {
|
||||
image = "danielberteaud/wait-for:24.2-1"
|
||||
image = "danielberteaud/wait-for:24.3-1"
|
||||
readonly_rootfs = true
|
||||
pids_limit = 20
|
||||
}
|
||||
|
|
@ -84,7 +84,7 @@ job "mariadb-manage" {
|
|||
driver = "docker"
|
||||
|
||||
config {
|
||||
image = "danielberteaud/mariadb-client:24.2-1"
|
||||
image = "danielberteaud/mariadb-client:24.3-1"
|
||||
pids_limit = 50
|
||||
readonly_rootfs = true
|
||||
command = "/local/manage.sh"
|
||||
|
|
@ -183,7 +183,7 @@ _EOT
|
|||
[client]
|
||||
host = 127.0.0.1
|
||||
user = root
|
||||
password = {{ with secret "/kv/service/mariadb" }}{{ .Data.data.root_pwd }}{{ end }}
|
||||
password = {{ with secret "kv/service/mariadb" }}{{ .Data.data.root_pwd }}{{ end }}
|
||||
_EOT
|
||||
destination = "secrets/my.cnf"
|
||||
uid = 100100
|
||||
|
|
@ -193,7 +193,7 @@ _EOT
|
|||
|
||||
template {
|
||||
data = <<_EOT
|
||||
{{ with secret "/kv/service/mariadb" }}
|
||||
{{ with secret "kv/service/mariadb" }}
|
||||
VAULT_INITIAL_PASSWORD={{ .Data.data.vault_initial_pwd }}
|
||||
BACKUP_PASSWORD={{ .Data.data.backup_pwd }}
|
||||
{{ end }}
|
||||
|
|
|
|||
|
|
@ -77,7 +77,7 @@ job "mariadb" {
|
|||
}
|
||||
|
||||
config {
|
||||
image = "danielberteaud/mariadb:24.2-1"
|
||||
image = "danielberteaud/mariadb:24.3-1"
|
||||
pids_limit = 100
|
||||
command = "/local/mysql_upgrade.sh"
|
||||
}
|
||||
|
|
@ -96,7 +96,7 @@ job "mariadb" {
|
|||
[client]
|
||||
user = root
|
||||
host = 127.0.0.1
|
||||
password = {{ with secret "/kv/service/mariadb" }}{{ .Data.data.root_pwd }}{{ end }}
|
||||
password = {{ with secret "kv/service/mariadb" }}{{ .Data.data.root_pwd }}{{ end }}
|
||||
_EOT
|
||||
destination = "secrets/.my.cnf"
|
||||
uid = 100100
|
||||
|
|
@ -149,7 +149,7 @@ _EOT
|
|||
kill_timeout = "5m"
|
||||
|
||||
config {
|
||||
image = "danielberteaud/mariadb:24.2-1"
|
||||
image = "danielberteaud/mariadb:24.3-1"
|
||||
volumes = [
|
||||
"secrets/:/etc/my.cnf.d",
|
||||
"secrets/my.conf:/var/lib/mysql/.my.cnf:ro",
|
||||
|
|
@ -177,7 +177,7 @@ _EOT
|
|||
|
||||
template {
|
||||
data = <<_EOT
|
||||
{{ with secret "/kv/service/mariadb" }}
|
||||
{{ with secret "kv/service/mariadb" }}
|
||||
MYSQL_ROOT_PASSWORD={{ .Data.data.root_pwd }}
|
||||
{{ end }}
|
||||
_EOT
|
||||
|
|
@ -192,7 +192,7 @@ _EOT
|
|||
data = <<_EOT
|
||||
[client]
|
||||
user = root
|
||||
password = {{ with secret "/kv/service/mariadb" }}{{ .Data.data.root_pwd }}{{ end }}
|
||||
password = {{ with secret "kv/service/mariadb" }}{{ .Data.data.root_pwd }}{{ end }}
|
||||
_EOT
|
||||
destination = "secrets/my.conf"
|
||||
uid = 100100
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ set -euo pipefail
|
|||
# vim: syntax=sh
|
||||
|
||||
export LC_ALL=C
|
||||
VAULT_KV_PATH=/kv/service/mariadb
|
||||
VAULT_KV_PATH=kv/service/mariadb
|
||||
RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50"
|
||||
if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then
|
||||
vault kv put ${VAULT_KV_PATH} \
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
path "/kv/data/service/mariadb" {
|
||||
path "kv/data/service/mariadb" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue