Cleanup, use supercronic instead of nomad cron, and quote passwords in
env
This commit is contained in:
parent
269b3213c4
commit
7e7eb131b4
|
@ -1,16 +1,12 @@
|
|||
[[ $c := merge .pg.manage . -]]
|
||||
|
||||
job "[[ .pg.instance ]]-manage[[ .consul.suffix ]]" {
|
||||
job "[[ .pg.instance ]]-manage[[ $c.consul.suffix ]]" {
|
||||
|
||||
type = "batch"
|
||||
[[- if and (has .pg.manage "cron") (ne .pg.manage.cron "") ]]
|
||||
periodic {
|
||||
crons = [
|
||||
[[ .pg.manage.cron | toJSON ]]
|
||||
]
|
||||
prohibit_overlap = true
|
||||
}
|
||||
[[- if and (has $c "cron") (ne $c.cron "") ]]
|
||||
type = "service"
|
||||
[[- else ]]
|
||||
type = "batch"
|
||||
|
||||
meta {
|
||||
# Force job to run each time
|
||||
run = "${uuidv4()}"
|
||||
|
@ -29,29 +25,29 @@ job "[[ .pg.instance ]]-manage[[ .consul.suffix ]]" {
|
|||
}
|
||||
|
||||
service {
|
||||
name = "[[ .pg.instance ]]-manage[[ .consul.suffix ]]"
|
||||
name = "[[ .pg.instance ]]-manage[[ $c.consul.suffix ]]"
|
||||
[[ template "common/connect.tpl" $c ]]
|
||||
}
|
||||
|
||||
[[ template "common/task.wait_for.tpl" $c ]]
|
||||
|
||||
task "ldap2pg" {
|
||||
driver = [[ .nomad.driver | toJSON ]]
|
||||
driver = [[ $c.nomad.driver | toJSON ]]
|
||||
|
||||
config {
|
||||
image = [[ .pg.manage.image | toJSON ]]
|
||||
image = [[ $c.image | toJSON ]]
|
||||
readonly_rootfs = true
|
||||
pids_limit = 20
|
||||
}
|
||||
|
||||
vault {
|
||||
policies = ["[[ .pg.instance ]][[ .consul.suffix ]]"]
|
||||
policies = ["[[ .pg.instance ]][[ $c.consul.suffix ]]"]
|
||||
env = false
|
||||
disable_file = true
|
||||
}
|
||||
|
||||
env {
|
||||
[[- range $idx, $db := .pg.manage.databases ]]
|
||||
[[- range $idx, $db := $c.databases ]]
|
||||
PG_DB_[[ $idx ]] = [[ $db.name | toJSON ]]
|
||||
[[- if has $db "owner" ]]
|
||||
PG_DB_[[ $idx ]]_OWNER = [[ $db.owner | toJSON ]]
|
||||
|
@ -64,17 +60,20 @@ job "[[ .pg.instance ]]-manage[[ .consul.suffix ]]" {
|
|||
[[- end ]]
|
||||
[[- end ]]
|
||||
LDAP2PG_CONFIG = "/secrets/ldap2pg.yml"
|
||||
LDAP2PG_MODE = [[ .pg.manage.mode | toJSON ]]
|
||||
LDAP2PG_MODE = [[ $c.mode | toJSON ]]
|
||||
[[- if and (has $c "cron") (ne $c.cron "") ]]
|
||||
LDAP2PG_CRON = [[ $c.cron | toJSON ]]
|
||||
[[- end ]]
|
||||
}
|
||||
|
||||
[[ template "common/file_env.tpl" .pg.manage.env ]]
|
||||
[[ template "common/file_env.tpl" $c.env ]]
|
||||
|
||||
template {
|
||||
data =<<_EOF
|
||||
PGHOST=localhost
|
||||
PGPORT=5432
|
||||
PGUSER=postgres
|
||||
PGPASSWORD={{ with secret "[[ .vault.prefix ]]kv/service/[[ .pg.instance ]]" }}{{ .Data.data.pg_pwd }}{{ end }}
|
||||
PGPASSWORD={{ with secret "[[ .vault.prefix ]]kv/service/[[ .pg.instance ]]" }}{{ .Data.data.pg_pwd | sprig_squote }}{{ end }}
|
||||
_EOF
|
||||
destination = "secrets/pg-manage.env"
|
||||
uid = 100000
|
||||
|
@ -85,10 +84,10 @@ _EOF
|
|||
|
||||
template {
|
||||
data =<<_EOF
|
||||
[[ (merge .pg.manage.config .pg.manage.default_config) | toYAML ]]
|
||||
[[ (merge $c.config $c.default_config) | toYAML ]]
|
||||
|
||||
rules:
|
||||
[[ (coll.Slice .pg.manage.rules .pg.manage.default_rules) | flatten | toYAML | strings.Indent 2]]
|
||||
[[ (coll.Slice $c.rules $c.default_rules) | flatten | toYAML | strings.Indent 2]]
|
||||
_EOF
|
||||
destination = "secrets/ldap2pg.yml"
|
||||
uid = 100000
|
||||
|
@ -96,7 +95,7 @@ _EOF
|
|||
perms = 0400
|
||||
}
|
||||
|
||||
[[ template "common/resources.tpl" .pg.manage.resources ]]
|
||||
[[ template "common/resources.tpl" $c.resources ]]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -372,7 +372,7 @@ _EOT
|
|||
PG_EXPORTER_AUTO_DISCOVER_DATABASES=true
|
||||
DATA_SOURCE_URI=127.0.0.1:5432/postgres
|
||||
DATA_SOURCE_USER=monitor
|
||||
DATA_SOURCE_PASS={{ with secret "[[ .vault.prefix ]]kv/service/[[ .pg.instance ]]" }}{{ .Data.data.monitor_pwd }}{{ end }}
|
||||
DATA_SOURCE_PASS={{ with secret "[[ .vault.prefix ]]kv/service/[[ .pg.instance ]]" }}{{ .Data.data.monitor_pwd | sprig_squote }}{{ end }}
|
||||
_EOT
|
||||
destination = "secrets/env"
|
||||
perms = "0400"
|
||||
|
|
Loading…
Reference in New Issue
Block a user