
245 lines
5.6 KiB

[[- $c := merge .mariadb.server . -]]
job [[ .mariadb.instance | toJSON ]] {
[[ template "common/job_start.tpl" $c ]]
group "server" {
network {
mode = "bridge"
volume "mariadb" {
type = [[ | toJSON ]]
source = [[ | toJSON ]]
access_mode = "single-node-writer"
attachment_mode = "file-system"
per_alloc = true
service {
name = "[[ .mariadb.instance ]][[ $c.consul.suffix ]]"
port = 3306
[[ template "common/connect.tpl" $c ]]
check {
name = "alive"
type = "script"
task = "mariadb"
command = "mysqladmin"
args = [
timeout = "10s"
interval = "5s"
[[- if $c.traefik.enabled ]]
tags = [
"[[ $c.traefik.instance ]].enable=true",
"[[ $c.traefik.instance ]].tcp.routers.[[ .mariadb.instance ]][[ $c.consul.suffix ]].rule=HostSNI(`*`)",
"[[ $c.traefik.instance ]].tcp.routers.[[ .mariadb.instance ]][[ $c.consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
"[[ $c.traefik.instance ]].tcp.routers.[[ .mariadb.instance ]][[ $c.consul.suffix ]].middlewares=[[ join $c.traefik.middlewares "," ]]"
[[- end ]]
# Run mysql_upgrade
task "upgrade" {
driver = [[ $c.nomad.driver | toJSON ]]
lifecycle {
hook = "poststart"
config {
image = [[ .mariadb.server.image | toJSON ]]
pids_limit = 100
command = "/local/"
vault {
policies = ["[[ .mariadb.instance ]][[ .consul.suffix ]]"]
env = false
disable_file = true
template {
data = <<_EOT
user = root
host =
password = {{ with secret "[[ .vault.prefix ]]kv/service/[[ .mariadb.instance ]]" }}{{ }}{{ end }}
destination = "secrets/.my.cnf"
uid = 100100
gid = 100101
perms = 640
template {
data = <<_EOT
[[ template "mariadb/" $c ]]
destination = "local/"
perms = 755
volume_mount {
volume = "mariadb"
destination = "/data"
resources {
cpu = 10
memory = 32
memory_max = 64
task "mariadb" {
driver = [[ $c.nomad.driver | toJSON ]]
leader = true
kill_timeout = "5m"
config {
image = [[ .mariadb.server.image | toJSON ]]
volumes = [
pids_limit = 300
#readonly_rootfs = true
vault {
policies = ["[[ .mariadb.instance ]][[ .consul.suffix ]]"]
env = false
disable_file = true
env {
MYSQL_CONF_11_bind-address = ""
[[ template "common/env.tpl" $c.env ]]
template {
data = <<_EOT
{{ with secret "[[ .vault.prefix ]]kv/service/[[ .mariadb.instance ]]" }}
{{ end }}
destination = "secrets/mariadb.env"
uid = 100000
gid = 100000
perms = 400
env = true
template {
data = <<_EOT
user = root
password = {{ with secret "[[ .vault.prefix ]]kv/service/[[ .mariadb.instance ]]" }}{{ }}{{ end }}
destination = "secrets/my.conf"
uid = 100100
gid = 100101
perms = 640
volume_mount {
volume = "mariadb"
destination = "/data"
[[ template "common/resources.tpl" .mariadb.server.resources ]]
[[- if .mariadb.backup.dumps.enabled ]]
[[- $c := merge .mariadb.backup . ]]
group "backup" {
network {
mode = "bridge"
volume "backup" {
type = [[ .mariadb.volumes.backup.type | toJSON ]]
source = [[ .mariadb.volumes.backup.source | toJSON ]]
access_mode = "multi-node-multi-writer"
attachment_mode = "file-system"
service {
name = "[[ .mariadb.instance ]]-backup[[ $c.consul.suffix ]]"
[[ template "common/connect.tpl" $c ]]
[[ template "common/task.wait_for.tpl" dict
"ctx" .
"wait_for" (coll.Slice (dict "service" .mariadb.instance)) ]]
task "backup" {
driver = [[ $c.nomad.driver | toJSON ]]
config {
image = [[ .mariadb.backup.image | toJSON ]]
pids_limit = 100
readonly_rootfs = true
command = "supercronic"
args = [
vault {
policies = ["[[ .mariadb.instance ]][[ $c.consul.suffix ]]"]
env = false
disable_file = true
template {
data = <<_EOT
user = root
host =
password = {{ with secret "[[ .vault.prefix ]]kv/service/[[ .mariadb.instance ]]" }}{{ }}{{ end }}
destination = "secrets/.my.cnf"
uid = 100000
gid = 100000
perms = 400
template {
data =<<_EOT
[[ template "mariadb/" $c ]]
destination = "local/"
perms = 755
template {
data =<<_EOT
[[ template "mariadb/backup.cron.tpl" $c ]]
destination = "secrets/backup.cron"
volume_mount {
volume = "backup"
destination = "/backup"
[[ template "common/resources.tpl" .mariadb.server.resources ]]
[[- end ]]