job "[[ .instance ]]" { [[- $c := merge .mariadb.server .mariadb . ]] [[ template "common/job_start" $c ]] group "server" { network { mode = "bridge" } [[ template "common/volumes" $c ]] service { name = "[[ .instance ]][[ .consul.suffix ]]" port = 3306 [[ template "common/service_meta" $c ]] [[ template "common/connect" $c ]] check { name = "alive" type = "script" task = "mariadb" command = "mysqladmin" args = [ "ping" ] timeout = "10s" interval = "5s" } tags = [ [[ template "common/traefik_tags" $c ]] ] } # Run mysql_upgrade task "upgrade" { driver = "[[ $c.nomad.driver ]]" lifecycle { hook = "poststart" } config { image = "[[ .mariadb.server.image ]]" pids_limit = 100 command = "/local/mysql_upgrade.sh" } [[ template "common/vault.policies" $c ]] template { data = <<_EOT [client] user = root host = 127.0.0.1 password = {{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.root_pwd }}{{ end }} _EOT destination = "secrets/.my.cnf" uid = 100100 gid = 100101 perms = 640 } template { data = <<_EOT [[ template "mariadb/mysql_upgrade.sh.tpl" $c ]] _EOT destination = "local/mysql_upgrade.sh" perms = 755 } volume_mount { volume = "data" destination = "/data" } resources { cpu = 10 memory = 32 memory_max = 64 } } task "mariadb" { driver = "[[ $c.nomad.driver ]]" leader = true kill_timeout = "5m" config { image = "[[ .mariadb.server.image ]]" volumes = [ "secrets/:/etc/my.cnf.d", "secrets/my.conf:/var/lib/mysql/.my.cnf:ro", ] pids_limit = 300 #readonly_rootfs = true } [[ template "common/vault.policies" $c ]] env { MYSQL_CONF_11_bind-address = "127.0.0.1" [[ template "common/env" $c.env ]] } template { data = <<_EOT {{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }} MYSQL_ROOT_PASSWORD={{ .Data.data.root_pwd }} {{ end }} _EOT destination = "secrets/mariadb.env" uid = 100000 gid = 100000 perms = 400 env = true } template { data = <<_EOT [client] user = root password = {{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.root_pwd }}{{ end }} _EOT destination = "secrets/my.conf" uid = 100100 gid = 100101 perms = 640 } volume_mount { volume = "data" destination = "/data" } [[ template "common/resources" $c ]] } } [[- if .mariadb.backup.dumps.enabled ]] [[- $c := merge .mariadb.backup .mariadb . ]] group "backup" { network { mode = "bridge" } [[ template "common/volumes" $c ]] service { name = "[[ .instance ]]-backup[[ $c.consul.suffix ]]" [[ template "common/connect" $c ]] } [[ template "common/task.wait_for" $c ]] task "backup" { driver = "[[ $c.nomad.driver ]]" config { image = "[[ .mariadb.backup.image ]]" pids_limit = 100 readonly_rootfs = true command = "minit" } [[ template "common/vault.policies" $c ]] env { MINIT_UNIT_DIR = "/local/minit.d" } template { data = <<_EOT [client] user = root host = 127.0.0.1 password = {{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.root_pwd }}{{ end }} _EOT destination = "secrets/.my.cnf" uid = 100000 gid = 100000 perms = 400 } template { data =<<_EOT [[ template "mariadb/dump.sh.tpl" $c ]] _EOT destination = "local/dump.sh" perms = 755 } template { data =<<_EOT [[ template "mariadb/backup.minit.yml.tpl" $c ]] _EOT destination = "local/minit.d/backup.yml" } volume_mount { volume = "backup" destination = "/backup" } [[ template "common/resources" $c ]] } } [[- end ]] }