Cleanup
This commit is contained in:
parent
b340ce4972
commit
655e4a3389
|
@ -1,4 +1,4 @@
|
|||
FROM danielberteaud/postgres:15.24.1-3
|
||||
FROM danielberteaud/postgres:15.24.1-5
|
||||
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
|
||||
|
||||
ARG PATRONI_VERSION=3.2.2
|
||||
|
|
|
@ -31,6 +31,18 @@ job "postgres-manage" {
|
|||
}
|
||||
}
|
||||
sidecar_task {
|
||||
config {
|
||||
args = [
|
||||
"-c",
|
||||
"${NOMAD_SECRETS_DIR}/envoy_bootstrap.json",
|
||||
"-l",
|
||||
"${meta.connect.log_level}",
|
||||
"--concurrency",
|
||||
"${meta.connect.proxy_concurrency}",
|
||||
"--disable-hot-restart"
|
||||
]
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 50
|
||||
memory = 64
|
||||
|
@ -220,6 +232,7 @@ _EOF
|
|||
perms = 0400
|
||||
}
|
||||
|
||||
|
||||
resources {
|
||||
cpu = 50
|
||||
memory = 32
|
||||
|
|
|
@ -45,6 +45,18 @@ job "postgres" {
|
|||
sidecar_service {
|
||||
}
|
||||
sidecar_task {
|
||||
config {
|
||||
args = [
|
||||
"-c",
|
||||
"${NOMAD_SECRETS_DIR}/envoy_bootstrap.json",
|
||||
"-l",
|
||||
"${meta.connect.log_level}",
|
||||
"--concurrency",
|
||||
"${meta.connect.proxy_concurrency}",
|
||||
"--disable-hot-restart"
|
||||
]
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 50
|
||||
memory = 64
|
||||
|
@ -464,6 +476,7 @@ _EOT
|
|||
destination = "/backup"
|
||||
}
|
||||
|
||||
|
||||
resources {
|
||||
cpu = 1000
|
||||
memory = 1024
|
||||
|
|
|
@ -53,6 +53,7 @@ _EOT
|
|||
destination = "/data"
|
||||
}
|
||||
|
||||
|
||||
resources {
|
||||
cpu = 1000
|
||||
memory = 1024
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
#!/bin/sh
|
||||
|
||||
for USER in pg monitor replicator rewind api vault_initial; do
|
||||
vault kv get -field ${USER}_pwd [[ .vault.prefix ]]kv/service/[[ .instance ]] > /dev/null 2>&1
|
||||
vault kv get -field ${USER}_pwd [[ .vault.kv.path ]] > /dev/null 2>&1
|
||||
RES=$?
|
||||
if [ "${RES}" = "1" ]; then
|
||||
vault kv patch [[ .vault.prefix ]]kv/service/[[ .instance ]] ${USER}_pwd=$(pwgen -s -y -r\\\`\'\"\#\^\| -n 50 1)
|
||||
vault kv patch [[ .vault.kv.path ]] ${USER}_pwd=$(pwgen -s -y -r\\\`\'\"\#\^\| -n 50 1)
|
||||
elif [ "${RES}" = "2" ]; then
|
||||
vault kv put [[ .vault.prefix ]]kv/service/[[ .instance ]] ${USER}_pwd=$(pwgen -s -y -r\\\`\'\"\#\^\| -n 50 1)
|
||||
vault kv put [[ .vault.kv.path ]] ${USER}_pwd=$(pwgen -s -y -r\\\`\'\"\#\^\| -n 50 1)
|
||||
fi
|
||||
done
|
||||
|
|
|
@ -51,11 +51,11 @@ job "[[ .instance ]]" {
|
|||
[[- if $c.traefik.enabled ]]
|
||||
# Note : we don't add traefik.enable=true
|
||||
# This will be done dynamically only on the current master node using the update_tags.sh script
|
||||
"[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ $c.consul.suffix ]].rule=HostSNI(`[[ if has .pg.server "public_url" ]][[ (urlParse .pg.server.public_url).Hostname ]][[ else ]]*[[ end ]]`)",
|
||||
"[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ $c.consul.suffix ]].tls=true",
|
||||
"[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ $c.consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
|
||||
[[- if gt (len $c.traefik.middlewares) 0 ]]
|
||||
"[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ $c.consul.suffix ]].middlewares=[[ join $c.traefik.middlewares "," ]]",
|
||||
"[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ .consul.suffix ]].rule=HostSNI(`[[ if has .pg.server "public_url" ]][[ (urlParse .pg.server.public_url).Hostname ]][[ else ]]*[[ end ]]`)",
|
||||
"[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ .consul.suffix ]].tls=true",
|
||||
"[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
|
||||
[[- if gt (len $c.traefik.tcp_middlewares) 0 ]]
|
||||
"[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ range $k, $v := $c.traefik.tcp_middlewares ]][[ $v ]][[ end ]]",
|
||||
[[- end ]]
|
||||
[[- end ]]
|
||||
]
|
||||
|
@ -161,7 +161,7 @@ _EOT
|
|||
# with either master or replica
|
||||
template {
|
||||
data =<<_EOT
|
||||
[[ template "postgres/serviceformat.jq.tpl" . ]]
|
||||
[[ template "postgres/serviceformat.jq.tpl" $c ]]
|
||||
_EOT
|
||||
destination = "local/serviceformat.jq"
|
||||
change_mode = "noop"
|
||||
|
@ -169,7 +169,7 @@ _EOT
|
|||
|
||||
template {
|
||||
data =<<_EOT
|
||||
[[ template "postgres/update_tags.sh.tpl" . ]]
|
||||
[[ template "postgres/update_tags.sh.tpl" $c ]]
|
||||
_EOT
|
||||
destination = "local/update_tags.sh"
|
||||
perms = 755
|
||||
|
@ -191,7 +191,7 @@ _EOT
|
|||
# Patroni main configuration file
|
||||
template {
|
||||
data =<<_EOT
|
||||
[[ template "postgres/patroni.yml.tpl" . ]]
|
||||
[[ template "postgres/patroni.yml.tpl" $c ]]
|
||||
_EOT
|
||||
destination = "secrets/patroni.yml"
|
||||
perms = "0400"
|
||||
|
@ -204,7 +204,7 @@ _EOT
|
|||
# Post bootstrap script, to create users
|
||||
template {
|
||||
data =<<_EOT
|
||||
[[ template "postgres/create_users.sh.tpl" . ]]
|
||||
[[ template "postgres/create_users.sh.tpl" $c ]]
|
||||
_EOT
|
||||
destination = "secrets/create_users.sh"
|
||||
perms = "0750"
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
[[ template "common/mv_conf.sh.tpl" dict "ctx" . "services" (dict "postgres" .instance) ]]
|
|
@ -11,7 +11,7 @@ def create_svc_txn:
|
|||
# Add needed tags
|
||||
| .ServiceTags -= ["master", "replica", "uninitialized"]
|
||||
| .ServiceTags += [$role]
|
||||
[[- if .pg.server.traefik.enabled ]]
|
||||
[[- if .traefik.enabled ]]
|
||||
| if $role == "master" then .ServiceTags += ["[[ .traefik.instance ]].enable=true"] else .ServiceTags -= ["[[ .traefik.instance ]].enable=true"] end
|
||||
[[- end ]]
|
||||
|
||||
|
|
|
@ -123,16 +123,12 @@ pg:
|
|||
|
||||
traefik:
|
||||
|
||||
# If the postgres service (the master) should be exposed by Traefik
|
||||
enabled: True
|
||||
proto: tcp
|
||||
|
||||
# List of entrypoint the service will listen to
|
||||
entrypoints:
|
||||
- postgres
|
||||
|
||||
# List of Traefik middleware to apply
|
||||
middlewares: []
|
||||
|
||||
prometheus:
|
||||
metrics_url: http://localhost:9187
|
||||
|
||||
|
|
Loading…
Reference in New Issue