From 655e4a3389617c57bedcc7b5facf6b82de842d65 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Mon, 29 Jan 2024 14:45:10 +0100
Subject: [PATCH] Cleanup

---
 example/images/patroni/Dockerfile |  2 +-
 example/manage.nomad.hcl          | 13 +++++++++++++
 example/postgres.nomad.hcl        | 13 +++++++++++++
 example/upgrade.nomad.hcl         |  1 +
 init/passwords                    |  6 +++---
 postgres.nomad.hcl                | 18 +++++++++---------
 prep.d/mv_conf.sh                 |  1 -
 templates/serviceformat.jq.tpl    |  2 +-
 variables.yml                     |  6 +-----
 9 files changed, 42 insertions(+), 20 deletions(-)
 delete mode 100755 prep.d/mv_conf.sh

diff --git a/example/images/patroni/Dockerfile b/example/images/patroni/Dockerfile
index f87e6ce..18f0ac3 100644
--- a/example/images/patroni/Dockerfile
+++ b/example/images/patroni/Dockerfile
@@ -1,4 +1,4 @@
-FROM danielberteaud/postgres:15.24.1-3
+FROM danielberteaud/postgres:15.24.1-5
 MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
 
 ARG PATRONI_VERSION=3.2.2
diff --git a/example/manage.nomad.hcl b/example/manage.nomad.hcl
index a7227ba..c86f346 100644
--- a/example/manage.nomad.hcl
+++ b/example/manage.nomad.hcl
@@ -31,6 +31,18 @@ job "postgres-manage" {
           }
         }
         sidecar_task {
+          config {
+            args = [
+              "-c",
+              "${NOMAD_SECRETS_DIR}/envoy_bootstrap.json",
+              "-l",
+              "${meta.connect.log_level}",
+              "--concurrency",
+              "${meta.connect.proxy_concurrency}",
+              "--disable-hot-restart"
+            ]
+          }
+
           resources {
             cpu    = 50
             memory = 64
@@ -220,6 +232,7 @@ _EOF
         perms       = 0400
       }
 
+
       resources {
         cpu    = 50
         memory = 32
diff --git a/example/postgres.nomad.hcl b/example/postgres.nomad.hcl
index 910ee0d..00749f6 100644
--- a/example/postgres.nomad.hcl
+++ b/example/postgres.nomad.hcl
@@ -45,6 +45,18 @@ job "postgres" {
         sidecar_service {
         }
         sidecar_task {
+          config {
+            args = [
+              "-c",
+              "${NOMAD_SECRETS_DIR}/envoy_bootstrap.json",
+              "-l",
+              "${meta.connect.log_level}",
+              "--concurrency",
+              "${meta.connect.proxy_concurrency}",
+              "--disable-hot-restart"
+            ]
+          }
+
           resources {
             cpu    = 50
             memory = 64
@@ -464,6 +476,7 @@ _EOT
         destination = "/backup"
       }
 
+
       resources {
         cpu    = 1000
         memory = 1024
diff --git a/example/upgrade.nomad.hcl b/example/upgrade.nomad.hcl
index beaa390..62c17f3 100644
--- a/example/upgrade.nomad.hcl
+++ b/example/upgrade.nomad.hcl
@@ -53,6 +53,7 @@ _EOT
         destination = "/data"
       }
 
+
       resources {
         cpu    = 1000
         memory = 1024
diff --git a/init/passwords b/init/passwords
index c639f5a..0df1768 100755
--- a/init/passwords
+++ b/init/passwords
@@ -1,11 +1,11 @@
 #!/bin/sh
 
 for USER in pg monitor replicator rewind api vault_initial; do
-  vault kv get -field ${USER}_pwd [[ .vault.prefix ]]kv/service/[[ .instance ]] > /dev/null 2>&1
+  vault kv get -field ${USER}_pwd [[ .vault.kv.path ]] > /dev/null 2>&1
   RES=$?
   if [ "${RES}" = "1" ]; then
-    vault kv patch [[ .vault.prefix ]]kv/service/[[ .instance ]] ${USER}_pwd=$(pwgen -s -y -r\\\`\'\"\#\^\| -n 50 1)
+    vault kv patch [[ .vault.kv.path ]] ${USER}_pwd=$(pwgen -s -y -r\\\`\'\"\#\^\| -n 50 1)
   elif [ "${RES}" = "2" ]; then
-    vault kv put [[ .vault.prefix ]]kv/service/[[ .instance ]] ${USER}_pwd=$(pwgen -s -y -r\\\`\'\"\#\^\| -n 50 1)
+    vault kv put [[ .vault.kv.path ]] ${USER}_pwd=$(pwgen -s -y -r\\\`\'\"\#\^\| -n 50 1)
   fi
 done
diff --git a/postgres.nomad.hcl b/postgres.nomad.hcl
index 92add08..a868c3d 100644
--- a/postgres.nomad.hcl
+++ b/postgres.nomad.hcl
@@ -51,11 +51,11 @@ job "[[ .instance ]]" {
   [[- if $c.traefik.enabled ]]
         # Note : we don't add traefik.enable=true
         # This will be done dynamically only on the current master node using the update_tags.sh script
-        "[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ $c.consul.suffix ]].rule=HostSNI(`[[ if has .pg.server "public_url" ]][[ (urlParse .pg.server.public_url).Hostname ]][[ else ]]*[[ end ]]`)",
-        "[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ $c.consul.suffix ]].tls=true",
-        "[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ $c.consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
-    [[- if gt (len $c.traefik.middlewares) 0 ]]
-        "[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ $c.consul.suffix ]].middlewares=[[ join $c.traefik.middlewares "," ]]",
+        "[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ .consul.suffix ]].rule=HostSNI(`[[ if has .pg.server "public_url" ]][[ (urlParse .pg.server.public_url).Hostname ]][[ else ]]*[[ end ]]`)",
+        "[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ .consul.suffix ]].tls=true",
+        "[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
+    [[- if gt (len $c.traefik.tcp_middlewares) 0 ]]
+        "[[ $c.traefik.instance ]].tcp.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ range $k, $v := $c.traefik.tcp_middlewares ]][[ $v ]][[ end ]]",
     [[- end ]]
   [[- end ]]
       ]
@@ -161,7 +161,7 @@ _EOT
       # with either master or replica
       template {
         data =<<_EOT
-[[ template "postgres/serviceformat.jq.tpl" . ]]
+[[ template "postgres/serviceformat.jq.tpl" $c ]]
 _EOT
         destination = "local/serviceformat.jq"
         change_mode = "noop"
@@ -169,7 +169,7 @@ _EOT
 
       template {
         data =<<_EOT
-[[ template "postgres/update_tags.sh.tpl" . ]]
+[[ template "postgres/update_tags.sh.tpl" $c ]]
 _EOT
         destination = "local/update_tags.sh"
         perms       = 755
@@ -191,7 +191,7 @@ _EOT
       # Patroni main configuration file
       template {
         data          =<<_EOT
-[[ template "postgres/patroni.yml.tpl" . ]]
+[[ template "postgres/patroni.yml.tpl" $c ]]
 _EOT
         destination   = "secrets/patroni.yml"
         perms         = "0400"
@@ -204,7 +204,7 @@ _EOT
       # Post bootstrap script, to create users
       template {
         data          =<<_EOT
-[[ template "postgres/create_users.sh.tpl" . ]]
+[[ template "postgres/create_users.sh.tpl" $c ]]
 _EOT
         destination   = "secrets/create_users.sh"
         perms         = "0750"
diff --git a/prep.d/mv_conf.sh b/prep.d/mv_conf.sh
deleted file mode 100755
index 5bbd949..0000000
--- a/prep.d/mv_conf.sh
+++ /dev/null
@@ -1 +0,0 @@
-[[ template "common/mv_conf.sh.tpl" dict "ctx" . "services" (dict "postgres" .instance) ]]
diff --git a/templates/serviceformat.jq.tpl b/templates/serviceformat.jq.tpl
index f9f1c7a..c88afa9 100644
--- a/templates/serviceformat.jq.tpl
+++ b/templates/serviceformat.jq.tpl
@@ -11,7 +11,7 @@ def create_svc_txn:
   # Add needed tags
   | .ServiceTags -= ["master", "replica", "uninitialized"]
   | .ServiceTags += [$role]
-[[- if .pg.server.traefik.enabled ]]
+[[- if .traefik.enabled ]]
   | if $role == "master" then .ServiceTags += ["[[ .traefik.instance ]].enable=true"] else .ServiceTags -= ["[[ .traefik.instance ]].enable=true"] end
 [[- end ]]
 
diff --git a/variables.yml b/variables.yml
index 2022585..b9f3ae6 100644
--- a/variables.yml
+++ b/variables.yml
@@ -123,16 +123,12 @@ pg:
 
     traefik:
 
-      # If the postgres service (the master) should be exposed by Traefik      
-      enabled: True
+      proto: tcp
 
       # List of entrypoint the service will listen to
       entrypoints:
         - postgres
 
-      # List of Traefik middleware to apply
-      middlewares: []
-
     prometheus:
       metrics_url: http://localhost:9187