Some fixes in prefix/suffix handling
This commit is contained in:
parent
d92d2f09a2
commit
998ed40314
|
@ -1,10 +1,10 @@
|
|||
node_prefix "" {
|
||||
policy = "read"
|
||||
}
|
||||
service "[[ .instance ]]" {
|
||||
service "[[ .instance ]][[ .consul.suffix ]]" {
|
||||
policy = "write"
|
||||
}
|
||||
service "[[ .instance ]]-sidecar-proxy" {
|
||||
service "[[ .instance ]][[ .consul.suffix ]]-sidecar-proxy" {
|
||||
policy = "write"
|
||||
}
|
||||
key_prefix "[[ .consul.kv.root ]]service/[[ .instance ]]" {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
#!/bin/sh
|
||||
# vim: syntax=sh
|
||||
|
||||
vault write [[ .vault.root ]]consul/roles/[[ .instance ]] ttl=720h max_ttl=720h consul_policies="[[ .instance ]]"
|
||||
vault write consul/roles/[[ .instance ]][[ .consul.suffix ]] ttl=720h max_ttl=720h consul_policies="[[ .instance ]][[ .consul.suffix ]]"
|
||||
|
|
|
@ -127,7 +127,7 @@ job "[[ .instance ]]-server" {
|
|||
template {
|
||||
data = <<_EOT
|
||||
# Get a Consul token from vault, so we're able to update the tags in Consul from the containers
|
||||
CONSUL_HTTP_TOKEN={{ with secret "[[ .vault.root ]]consul/creds/[[ .instance ]]" }}{{ .Data.token }}{{ end }}
|
||||
CONSUL_HTTP_TOKEN={{ with secret "consul/creds/[[ .instance ]][[ .consul.suffix ]]" }}{{ .Data.token }}{{ end }}
|
||||
PATRONICTL_CONFIG_FILE=/secrets/patroni.yml
|
||||
_EOT
|
||||
destination = "secrets/pg.env"
|
||||
|
|
|
@ -26,11 +26,11 @@ CURL_OPTS="--connect-timeout 5 --max-time 10 --retry 5 --retry-delay 1 --retry-m
|
|||
# Update tags on the main service
|
||||
SERVICE_HAS_TAG=$(curl ${CURL_OPTS} \
|
||||
-H "X-Consul-Token: ${CONSUL_HTTP_TOKEN}" \
|
||||
http://{{ sockaddr "GetInterfaceIP \"nomad\"" }}:8500/v1/catalog/service/[[ .instance ]] |\
|
||||
http://{{ sockaddr "GetInterfaceIP \"nomad\"" }}:8500/v1/catalog/service/[[ .instance ]][[ .consul.suffix ]] |\
|
||||
jq ".[] | select( .ServiceTags as \$tags | \"postgres-{{ env "NOMAD_ALLOC_INDEX" }}\" | IN(\$tags[]) ) | .ServiceTags | any(.==\"${NEW_ROLE}\")")
|
||||
if [ "${SERVICE_HAS_TAG}" = "false" ]; then
|
||||
echo "Updating tags for the main service"
|
||||
curl ${CURL_OPTS} -H "X-Consul-Token: ${CONSUL_HTTP_TOKEN}" http://{{ sockaddr "GetInterfaceIP \"nomad\"" }}:8500/v1/catalog/service/[[ .instance ]] |\
|
||||
curl ${CURL_OPTS} -H "X-Consul-Token: ${CONSUL_HTTP_TOKEN}" http://{{ sockaddr "GetInterfaceIP \"nomad\"" }}:8500/v1/catalog/service/[[ .instance ]][[ .consul.suffix ]] |\
|
||||
jq --from-file /local/serviceformat.jq --arg role "${NEW_ROLE}" --arg mytag postgres-{{ env "NOMAD_ALLOC_INDEX" }} |\
|
||||
curl ${CORL_OPTS} -H "X-Consul-Token: ${CONSUL_HTTP_TOKEN}" -X PUT -d @- http://{{ sockaddr "GetInterfaceIP \"nomad\"" }}:8500/v1/txn > /dev/null
|
||||
else
|
||||
|
@ -40,11 +40,11 @@ fi
|
|||
# Update tags on the sidecar service (connect-proxy)
|
||||
SIDECAR_HAS_TAG=$(curl ${CURL_OPTS} \
|
||||
-H "X-Consul-Token: ${CONSUL_HTTP_TOKEN}" \
|
||||
http://{{ sockaddr "GetInterfaceIP \"nomad\"" }}:8500/v1/catalog/service/[[ .instance ]]-sidecar-proxy |\
|
||||
http://{{ sockaddr "GetInterfaceIP \"nomad\"" }}:8500/v1/catalog/service/[[ .instance ]][[ .consul.suffix ]]-sidecar-proxy |\
|
||||
jq ".[] | select( .ServiceTags as \$tags | \"postgres-{{ env "NOMAD_ALLOC_INDEX" }}\" | IN(\$tags[]) ) | .ServiceTags | any(.==\"${NEW_ROLE}\")")
|
||||
if [ "${SIDECAR_HAS_TAG}" = "false" ]; then
|
||||
echo "Updating tags for the sidecar"
|
||||
curl ${CURL_OPTS} -H "X-Consul-Token: ${CONSUL_HTTP_TOKEN}" http://{{ sockaddr "GetInterfaceIP \"nomad\"" }}:8500/v1/catalog/service/[[ .instance ]]-sidecar-proxy |\
|
||||
curl ${CURL_OPTS} -H "X-Consul-Token: ${CONSUL_HTTP_TOKEN}" http://{{ sockaddr "GetInterfaceIP \"nomad\"" }}:8500/v1/catalog/service/[[ .instance ]][[ .consul.suffix ]]-sidecar-proxy |\
|
||||
jq --from-file /local/serviceformat.jq --arg role "${NEW_ROLE}" --arg mytag postgres-{{ env "NOMAD_ALLOC_INDEX" }} |\
|
||||
curl ${CURL_OPTS} -H "X-Consul-Token: ${CONSUL_HTTP_TOKEN}" -X PUT -d @- http://{{ sockaddr "GetInterfaceIP \"nomad\"" }}:8500/v1/txn > /dev/null
|
||||
else
|
||||
|
|
Loading…
Reference in New Issue
Block a user