125 lines
2.8 KiB
HCL
125 lines
2.8 KiB
HCL
job "[[ .instance ]]-manage" {
|
|
type = "batch"
|
|
|
|
[[- $c := merge .mariadb.manage . ]]
|
|
[[ template "common/job_start" $c ]]
|
|
|
|
meta {
|
|
# Force job to run each time
|
|
run = "${uuidv4()}"
|
|
}
|
|
|
|
group "manage" {
|
|
network {
|
|
mode = "bridge"
|
|
}
|
|
|
|
service {
|
|
name = "[[ .instance ]]-manage[[ .consul.suffix ]]"
|
|
[[ template "common/connect" $c ]]
|
|
}
|
|
|
|
[[ template "common/task.wait_for" $c ]]
|
|
|
|
task "manage" {
|
|
driver = "[[ $c.nomad.driver ]]"
|
|
|
|
config {
|
|
image = "[[ .mariadb.manage.image ]]"
|
|
pids_limit = 50
|
|
readonly_rootfs = true
|
|
command = "/local/manage.sh"
|
|
volumes = [
|
|
"secrets/my.cnf:/root/.my.cnf:ro"
|
|
]
|
|
}
|
|
|
|
[[ template "common/vault.policies" merge .mariadb . ]]
|
|
|
|
env {
|
|
[[ template "common/env" $c.env ]]
|
|
}
|
|
|
|
template {
|
|
data = <<_EOT
|
|
# Databases
|
|
[[- $idx := 0 ]]
|
|
[[- range $name, $db := .mariadb.manage.databases ]]
|
|
MY_DB_[[ $idx ]]=[[ $name ]]
|
|
[[- if has $db "charset" ]]
|
|
MY_DB_[[ $idx ]]_CHARSET=[[ $db.charset ]]
|
|
[[- end ]]
|
|
[[- if has $db "collate" ]]
|
|
MY_DB_[[ $idx ]]_COLLATE=[[ $db.collate ]]
|
|
[[- end ]]
|
|
[[- $idx = add $idx 1 ]]
|
|
[[- end ]]
|
|
# Users
|
|
[[- $idx := 0 ]]
|
|
[[- range $name, $user := .mariadb.manage.users ]]
|
|
MY_USER_[[ $idx ]]=[[ $name ]]
|
|
[[- if has $user "host" ]]
|
|
MY_USER_[[ $idx ]]_HOST=[[ $user.host ]]
|
|
[[- else ]]
|
|
MY_USER_[[ $idx ]]_HOST=%
|
|
[[- end ]]
|
|
[[- if has $user "password" ]]
|
|
MY_USER_[[ $idx ]]_PASSWORD=[[ $user.password ]]
|
|
[[- end ]]
|
|
[[- if has $user "grants" ]]
|
|
[[- range $gidx, $grant := $user.grants ]]
|
|
MY_USER_[[ $idx ]]_GRANT_[[ $gidx ]]=[[ $grant ]]
|
|
[[- end ]]
|
|
[[- end ]]
|
|
[[ $idx = add $idx 1 ]]
|
|
[[- end ]]
|
|
_EOT
|
|
destination = "secrets/userdb.env"
|
|
uid = 100000
|
|
gid = 100000
|
|
perms = 0400
|
|
env = true
|
|
}
|
|
|
|
template {
|
|
data = <<_EOT
|
|
[[ template "mariadb/manage.sh.tpl" $c ]]
|
|
_EOT
|
|
destination = "local/manage.sh"
|
|
uid = 100000
|
|
gid = 100000
|
|
perms = 755
|
|
}
|
|
|
|
template {
|
|
data = <<_EOT
|
|
[client]
|
|
host = 127.0.0.1
|
|
user = root
|
|
password = {{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.root_pwd }}{{ end }}
|
|
_EOT
|
|
destination = "secrets/my.cnf"
|
|
uid = 100100
|
|
gid = 100101
|
|
perms = 640
|
|
}
|
|
|
|
template {
|
|
data = <<_EOT
|
|
{{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}
|
|
VAULT_INITIAL_PASSWORD={{ .Data.data.vault_initial_pwd }}
|
|
BACKUP_PASSWORD={{ .Data.data.backup_pwd }}
|
|
{{ end }}
|
|
_EOT
|
|
destination = "secrets/manage.env"
|
|
uid = 100000
|
|
gid = 100000
|
|
perms = 400
|
|
env = true
|
|
}
|
|
|
|
[[ template "common/resources" $c ]]
|
|
}
|
|
}
|
|
}
|