nomad
/
postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleanup

This commit is contained in:
Daniel Berteaud 2024-01-29 14:45:10 +01:00
parent b340ce4972
commit 655e4a3389
9 changed files with 42 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
example/images/patroni/Dockerfile
View File

@ -1,4 +1,4 @@
FROM danielberteaud/postgres:15.24.1-3
FROM danielberteaud/postgres:15.24.1-5
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
ARG PATRONI_VERSION=3.2.2

13
example/manage.nomad.hcl
View File

@ -31,6 +31,18 @@ job "postgres-manage" {
}
}
sidecar_task {
config {
args = [
"-c",
"${NOMAD_SECRETS_DIR}/envoy_bootstrap.json",
"-l",
"${meta.connect.log_level}",
"--concurrency",
"${meta.connect.proxy_concurrency}",
"--disable-hot-restart"
]
}
resources {
cpu = 50
memory = 64
@ -220,6 +232,7 @@ _EOF
perms = 0400
}
resources {
cpu = 50
memory = 32

13
example/postgres.nomad.hcl
View File

@ -45,6 +45,18 @@ job "postgres" {
sidecar_service {
}
sidecar_task {
config {
args = [
"-c",
"${NOMAD_SECRETS_DIR}/envoy_bootstrap.json",
"-l",
"${meta.connect.log_level}",
"--concurrency",
"${meta.connect.proxy_concurrency}",
"--disable-hot-restart"
]
}
resources {
cpu = 50
memory = 64
@ -464,6 +476,7 @@ _EOT
destination = "/backup"
}
resources {
cpu = 1000
memory = 1024

1
example/upgrade.nomad.hcl
View File

@ -53,6 +53,7 @@ _EOT
destination = "/data"
}
resources {
cpu = 1000
memory = 1024

6
init/passwords
View File

@ -1,11 +1,11 @@
#!/bin/sh
for USER in pg monitor replicator rewind api vault_initial; do
vault kv get -field ${USER}_pwd [[ .vault.prefix ]]kv/service/[[ .instance ]] > /dev/null 2>&1
vault kv get -field ${USER}_pwd [[ .vault.kv.path ]] > /dev/null 2>&1
RES=$?
if [ "${RES}" = "1" ]; then
vault kv patch [[ .vault.prefix ]]kv/service/[[ .instance ]] ${USER}_pwd=$(pwgen -s -y -r\\\`\'\"\#\^\| -n 50 1)
vault kv patch [[ .vault.kv.path ]] ${USER}_pwd=$(pwgen -s -y -r\\\`\'\"\#\^\| -n 50 1)
elif [ "${RES}" = "2" ]; then
vault kv put [[ .vault.prefix ]]kv/service/[[ .instance ]] ${USER}_pwd=$(pwgen -s -y -r\\\`\'\"\#\^\| -n 50 1)
vault kv put [[ .vault.kv.path ]] ${USER}_pwd=$(pwgen -s -y -r\\\`\'\"\#\^\| -n 50 1)
fi
done

18
postgres.nomad.hcl
View File

@ -51,11 +51,11 @@ job "[[ .instance ]]" {
[[- if $c.traefik.enabled ]]
# Note : we don't add traefik.enable=true
# This will be done dynamically only on the current master node using the update_tags.sh script
"[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ $c.consul.suffix ]].rule=HostSNI(`[[ if has .pg.server "public_url" ]][[ (urlParse .pg.server.public_url).Hostname ]][[ else ]]*[[ end ]]`)",
"[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ $c.consul.suffix ]].tls=true",
"[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ $c.consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
[[- if gt (len $c.traefik.middlewares) 0 ]]
"[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ $c.consul.suffix ]].middlewares=[[ join $c.traefik.middlewares "," ]]",
"[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ .consul.suffix ]].rule=HostSNI(`[[ if has .pg.server "public_url" ]][[ (urlParse .pg.server.public_url).Hostname ]][[ else ]]*[[ end ]]`)",
"[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ .consul.suffix ]].tls=true",
"[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
[[- if gt (len $c.traefik.tcp_middlewares) 0 ]]
"[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ range $k, $v := $c.traefik.tcp_middlewares ]][[ $v ]][[ end ]]",
[[- end ]]
[[- end ]]
]
@ -161,7 +161,7 @@ _EOT
# with either master or replica
template {
data =<<_EOT
[[ template "postgres/serviceformat.jq.tpl" . ]]
[[ template "postgres/serviceformat.jq.tpl" $c ]]
_EOT
destination = "local/serviceformat.jq"
change_mode = "noop"
@ -169,7 +169,7 @@ _EOT
template {
data =<<_EOT
[[ template "postgres/update_tags.sh.tpl" . ]]
[[ template "postgres/update_tags.sh.tpl" $c ]]
_EOT
destination = "local/update_tags.sh"
perms = 755
@ -191,7 +191,7 @@ _EOT
# Patroni main configuration file
template {
data =<<_EOT
[[ template "postgres/patroni.yml.tpl" . ]]
[[ template "postgres/patroni.yml.tpl" $c ]]
_EOT
destination = "secrets/patroni.yml"
perms = "0400"
@ -204,7 +204,7 @@ _EOT
# Post bootstrap script, to create users
template {
data =<<_EOT
[[ template "postgres/create_users.sh.tpl" . ]]
[[ template "postgres/create_users.sh.tpl" $c ]]
_EOT
destination = "secrets/create_users.sh"
perms = "0750"

1
prep.d/mv_conf.sh
View File

@ -1 +0,0 @@
[[ template "common/mv_conf.sh.tpl" dict "ctx" . "services" (dict "postgres" .instance) ]]

2
templates/serviceformat.jq.tpl
View File

@ -11,7 +11,7 @@ def create_svc_txn:
# Add needed tags
| .ServiceTags -= ["master", "replica", "uninitialized"]
| .ServiceTags += [$role]
[[- if .pg.server.traefik.enabled ]]
[[- if .traefik.enabled ]]
| if $role == "master" then .ServiceTags += ["[[ .traefik.instance ]].enable=true"] else .ServiceTags -= ["[[ .traefik.instance ]].enable=true"] end
[[- end ]]

6
variables.yml
View File

@ -123,16 +123,12 @@ pg:
traefik:
# If the postgres service (the master) should be exposed by Traefik
enabled: True
proto: tcp
# List of entrypoint the service will listen to
entrypoints:
- postgres
# List of Traefik middleware to apply
middlewares: []
prometheus:
metrics_url: http://localhost:9187