nomad
/
mariadb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update rendered example

This commit is contained in:
Daniel Berteaud 2024-03-05 14:50:33 +01:00
parent 049e7ec333
commit 918ba4253f
6 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
example/images/mariadb-backup/Dockerfile
View File

@ -1,4 +1,4 @@
FROM danielberteaud/mariadb-client:24.2-1 FROM danielberteaud/mariadb-client:24.3-1
MAINTAINER Daniel Berteaud <dbd@ehtrace.com> MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
RUN set -eux &&\ RUN set -eux &&\

12
example/init/vault-database
View File

@ -3,21 +3,21 @@
set -euo pipefail set -euo pipefail
if [ "$(vault secrets list -format json | jq -r '.["database/"].type')" != "database" ]; then if [ "$(vault secrets list -format json | jq -r '.["database/"].type')" != "database" ]; then
vault secrets enable -path /database database vault secrets enable -path database database
fi fi
if [ "$(vault list -format json /database/config | jq '.[] | test("^mariadb$")')" = "false" ]; then if [ "$(vault list -format json database/config | jq '.[] | test("^mariadb$")')" = "false" ]; then
vault write /database/config/mariadb \ vault write database/config/mariadb \
plugin_name="mysql-database-plugin" \ plugin_name="mysql-database-plugin" \
connection_url="{{username}}:{{password}}@tcp(mariadb.example.org:3306)/" \ connection_url="{{username}}:{{password}}@tcp(mariadb.example.org:3306)/" \
allowed_roles="*" \ allowed_roles="*" \
username=vault \ username=vault \
password="$(vault kv get -field vault_initial_pwd /kv/service/mariadb)" \ password="$(vault kv get -field vault_initial_pwd kv/service/mariadb)" \
disable_escaping=true disable_escaping=true
vault write -force /database/rotate-root/mariadb vault write -force database/rotate-root/mariadb
fi fi
vault write /database/roles/mariadb-admin \ vault write database/roles/mariadb-admin \
db_name="mariadb" \ db_name="mariadb" \
creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}'; \ creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}'; \
GRANT ALL PRIVILEGES ON *.* TO '{{name}}'@'%' WITH GRANT OPTION; \ GRANT ALL PRIVILEGES ON *.* TO '{{name}}'@'%' WITH GRANT OPTION; \

8
example/manage.nomad.hcl
View File

@ -58,7 +58,7 @@ job "mariadb-manage" {
user = 1053 user = 1053
config { config {
image = "danielberteaud/wait-for:24.2-1" image = "danielberteaud/wait-for:24.3-1"
readonly_rootfs = true readonly_rootfs = true
pids_limit = 20 pids_limit = 20
} }
@ -84,7 +84,7 @@ job "mariadb-manage" {
driver = "docker" driver = "docker"
config { config {
image = "danielberteaud/mariadb-client:24.2-1" image = "danielberteaud/mariadb-client:24.3-1"
pids_limit = 50 pids_limit = 50
readonly_rootfs = true readonly_rootfs = true
command = "/local/manage.sh" command = "/local/manage.sh"
@ -183,7 +183,7 @@ _EOT
[client] [client]
host = 127.0.0.1 host = 127.0.0.1
user = root user = root
password = {{ with secret "/kv/service/mariadb" }}{{ .Data.data.root_pwd }}{{ end }} password = {{ with secret "kv/service/mariadb" }}{{ .Data.data.root_pwd }}{{ end }}
_EOT _EOT
destination = "secrets/my.cnf" destination = "secrets/my.cnf"
uid = 100100 uid = 100100
@ -193,7 +193,7 @@ _EOT
template { template {
data = <<_EOT data = <<_EOT
{{ with secret "/kv/service/mariadb" }} {{ with secret "kv/service/mariadb" }}
VAULT_INITIAL_PASSWORD={{ .Data.data.vault_initial_pwd }} VAULT_INITIAL_PASSWORD={{ .Data.data.vault_initial_pwd }}
BACKUP_PASSWORD={{ .Data.data.backup_pwd }} BACKUP_PASSWORD={{ .Data.data.backup_pwd }}
{{ end }} {{ end }}

10
example/mariadb.nomad.hcl
View File

@ -77,7 +77,7 @@ job "mariadb" {
} }
config { config {
image = "danielberteaud/mariadb:24.2-1" image = "danielberteaud/mariadb:24.3-1"
pids_limit = 100 pids_limit = 100
command = "/local/mysql_upgrade.sh" command = "/local/mysql_upgrade.sh"
} }
@ -96,7 +96,7 @@ job "mariadb" {
[client] [client]
user = root user = root
host = 127.0.0.1 host = 127.0.0.1
password = {{ with secret "/kv/service/mariadb" }}{{ .Data.data.root_pwd }}{{ end }} password = {{ with secret "kv/service/mariadb" }}{{ .Data.data.root_pwd }}{{ end }}
_EOT _EOT
destination = "secrets/.my.cnf" destination = "secrets/.my.cnf"
uid = 100100 uid = 100100
@ -149,7 +149,7 @@ _EOT
kill_timeout = "5m" kill_timeout = "5m"
config { config {
image = "danielberteaud/mariadb:24.2-1" image = "danielberteaud/mariadb:24.3-1"
volumes = [ volumes = [
"secrets/:/etc/my.cnf.d", "secrets/:/etc/my.cnf.d",
"secrets/my.conf:/var/lib/mysql/.my.cnf:ro", "secrets/my.conf:/var/lib/mysql/.my.cnf:ro",
@ -177,7 +177,7 @@ _EOT
template { template {
data = <<_EOT data = <<_EOT
{{ with secret "/kv/service/mariadb" }} {{ with secret "kv/service/mariadb" }}
MYSQL_ROOT_PASSWORD={{ .Data.data.root_pwd }} MYSQL_ROOT_PASSWORD={{ .Data.data.root_pwd }}
{{ end }} {{ end }}
_EOT _EOT
@ -192,7 +192,7 @@ _EOT
data = <<_EOT data = <<_EOT
[client] [client]
user = root user = root
password = {{ with secret "/kv/service/mariadb" }}{{ .Data.data.root_pwd }}{{ end }} password = {{ with secret "kv/service/mariadb" }}{{ .Data.data.root_pwd }}{{ end }}
_EOT _EOT
destination = "secrets/my.conf" destination = "secrets/my.conf"
uid = 100100 uid = 100100

2
example/prep.d/10-rand-pwd.sh
View File

@ -5,7 +5,7 @@ set -euo pipefail
# vim: syntax=sh # vim: syntax=sh
export LC_ALL=C export LC_ALL=C
VAULT_KV_PATH=/kv/service/mariadb VAULT_KV_PATH=kv/service/mariadb
RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50" RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50"
if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then
vault kv put ${VAULT_KV_PATH} \ vault kv put ${VAULT_KV_PATH} \

2
example/vault/policies/mariadb.hcl
View File

@ -1,3 +1,3 @@
path "/kv/data/service/mariadb" { path "kv/data/service/mariadb" {
capabilities = ["read"] capabilities = ["read"]
} }