2024-01-19 23:31:00 +01:00
|
|
|
job "[[ .instance ]]-manage" {
|
2023-09-11 23:01:05 +02:00
|
|
|
|
2024-01-19 23:31:00 +01:00
|
|
|
[[- $c := merge .pg.manage .pg . ]]
|
2023-10-25 23:25:15 +02:00
|
|
|
|
2023-10-31 14:39:26 +01:00
|
|
|
[[- if and (has $c "cron") (ne $c.cron "") ]]
|
|
|
|
type = "service"
|
2023-10-25 23:25:15 +02:00
|
|
|
[[- else ]]
|
2023-10-31 14:39:26 +01:00
|
|
|
type = "batch"
|
|
|
|
|
2023-10-25 23:25:15 +02:00
|
|
|
meta {
|
|
|
|
# Force job to run each time
|
|
|
|
run = "${uuidv4()}"
|
|
|
|
}
|
|
|
|
[[- end ]]
|
|
|
|
|
2023-12-18 14:15:06 +01:00
|
|
|
[[ template "common/job_start" $c ]]
|
2023-10-25 23:25:15 +02:00
|
|
|
|
|
|
|
group "manage" {
|
2023-09-11 23:01:05 +02:00
|
|
|
network {
|
|
|
|
mode = "bridge"
|
|
|
|
}
|
|
|
|
|
2023-09-17 17:21:17 +02:00
|
|
|
ephemeral_disk {
|
|
|
|
size = 101
|
|
|
|
}
|
|
|
|
|
2023-09-11 23:01:05 +02:00
|
|
|
service {
|
2023-12-21 23:15:47 +01:00
|
|
|
name = "[[ .instance ]]-manage[[ $c.consul.suffix ]]"
|
2023-12-18 14:15:06 +01:00
|
|
|
[[ template "common/connect" $c ]]
|
2023-09-11 23:01:05 +02:00
|
|
|
}
|
|
|
|
|
2023-12-18 14:15:06 +01:00
|
|
|
[[ template "common/task.wait_for" $c ]]
|
2023-09-11 23:54:10 +02:00
|
|
|
|
2023-12-11 16:47:54 +01:00
|
|
|
task "postgres-manage" {
|
2024-01-19 23:31:00 +01:00
|
|
|
driver = "[[ $c.nomad.driver ]]"
|
2023-09-11 23:01:05 +02:00
|
|
|
|
|
|
|
config {
|
2024-01-19 23:31:00 +01:00
|
|
|
image = "[[ $c.image ]]"
|
2023-09-11 23:01:05 +02:00
|
|
|
readonly_rootfs = true
|
|
|
|
pids_limit = 20
|
|
|
|
}
|
|
|
|
|
2024-01-19 23:31:00 +01:00
|
|
|
[[ template "common/vault.policies" $c ]]
|
2023-09-11 23:01:05 +02:00
|
|
|
|
|
|
|
env {
|
2023-10-31 14:39:26 +01:00
|
|
|
[[- range $idx, $db := $c.databases ]]
|
2023-09-11 23:01:05 +02:00
|
|
|
PG_DB_[[ $idx ]] = [[ $db.name | toJSON ]]
|
|
|
|
[[- if has $db "owner" ]]
|
|
|
|
PG_DB_[[ $idx ]]_OWNER = [[ $db.owner | toJSON ]]
|
|
|
|
[[- end ]]
|
|
|
|
[[- if has $db "encoding" ]]
|
|
|
|
PG_DB_[[ $idx ]]_ENCODING = [[ $db.encoding | toJSON ]]
|
|
|
|
[[- end ]]
|
|
|
|
[[- if has $db "locale" ]]
|
2023-10-22 21:45:49 +02:00
|
|
|
PG_DB_[[ $idx ]]_LOCALE = [[ $db.locale | toJSON ]]
|
2023-09-11 23:01:05 +02:00
|
|
|
[[- end ]]
|
2023-12-15 22:45:16 +01:00
|
|
|
[[- if has $db "template" ]]
|
|
|
|
PG_DB_[[ $idx ]]_TEMPLATE = [[ $db.template | toJSON ]]
|
|
|
|
[[- end ]]
|
2023-12-01 14:57:55 +01:00
|
|
|
[[- if has $db "extensions" ]]
|
|
|
|
PG_DB_[[ $idx ]]_EXTENSIONS = "[[ join $db.extensions "," ]]"
|
|
|
|
[[- end ]]
|
2023-09-11 23:01:05 +02:00
|
|
|
[[- end ]]
|
|
|
|
LDAP2PG_CONFIG = "/secrets/ldap2pg.yml"
|
2023-10-31 14:39:26 +01:00
|
|
|
LDAP2PG_MODE = [[ $c.mode | toJSON ]]
|
|
|
|
[[- if and (has $c "cron") (ne $c.cron "") ]]
|
|
|
|
LDAP2PG_CRON = [[ $c.cron | toJSON ]]
|
|
|
|
[[- end ]]
|
2023-09-11 23:01:05 +02:00
|
|
|
}
|
|
|
|
|
2024-03-05 14:14:22 +01:00
|
|
|
[[ template "common/file_env" $c ]]
|
2023-10-30 21:50:28 +01:00
|
|
|
|
2023-09-11 23:01:05 +02:00
|
|
|
template {
|
|
|
|
data =<<_EOF
|
|
|
|
PGHOST=localhost
|
|
|
|
PGPORT=5432
|
|
|
|
PGUSER=postgres
|
2024-01-31 15:58:44 +01:00
|
|
|
PGPASSWORD={{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.pg_pwd | sprig_squote }}{{ end }}
|
2023-09-11 23:01:05 +02:00
|
|
|
_EOF
|
2023-10-30 21:50:28 +01:00
|
|
|
destination = "secrets/pg-manage.env"
|
2023-12-18 14:15:06 +01:00
|
|
|
uid = 100000
|
|
|
|
gid = 100000
|
|
|
|
perms = 0400
|
|
|
|
env = true
|
2023-09-11 23:01:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
template {
|
|
|
|
data =<<_EOF
|
2023-10-31 14:39:26 +01:00
|
|
|
[[ (merge $c.config $c.default_config) | toYAML ]]
|
2023-09-11 23:01:05 +02:00
|
|
|
|
|
|
|
rules:
|
2023-10-31 14:39:26 +01:00
|
|
|
[[ (coll.Slice $c.rules $c.default_rules) | flatten | toYAML | strings.Indent 2]]
|
2023-09-11 23:01:05 +02:00
|
|
|
_EOF
|
|
|
|
destination = "secrets/ldap2pg.yml"
|
2023-12-18 14:15:06 +01:00
|
|
|
uid = 100000
|
|
|
|
gid = 100000
|
|
|
|
perms = 0400
|
2023-09-11 23:01:05 +02:00
|
|
|
}
|
|
|
|
|
2024-01-19 23:31:00 +01:00
|
|
|
[[ template "common/resources" $c ]]
|
2023-09-11 23:01:05 +02:00
|
|
|
}
|
|
|
|
}
|
2023-10-25 23:25:15 +02:00
|
|
|
}
|
2023-09-11 23:01:05 +02:00
|
|
|
|