nomad
/
postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleanup and replace supercronic with minit

This commit is contained in:
Daniel Berteaud 2024-01-19 23:31:00 +01:00
parent 5124031188
commit a1987e1910
15 changed files with 71 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
example/images/ldap2pg/Dockerfile
View File

@ -12,12 +12,10 @@ RUN set -eux &&\
chown root:root ldap2pg &&\
chmod 755 ldap2pg
FROM danielberteaud/alpine:24.1-5
FROM danielberteaud/alpine:24.1-7
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
ENV LANG=fr_FR.utf8 \
TZ=Europe/Paris \
PGHOST=localhost \
ENV PGHOST=localhost \
PGPORT=5432 \
PGUSER=postgres \
LDAP2PG_MODE=dry \
@ -26,7 +24,7 @@ ENV LANG=fr_FR.utf8 \
COPY --from=ldap2pg /tmp/ldap2pg /usr/local/bin/ldap2pg
RUN set -eux &&\
apk --no-cache upgrade &&\
apk --no-cache add postgresql15-client ca-certificates supercronic
apk --no-cache add postgresql16-client ca-certificates
COPY root/ /
CMD ["run.sh"]

7
example/images/ldap2pg/root/usr/local/bin/run.sh
View File

@ -14,7 +14,10 @@ if [ -e "${LDAP2PG_CONFIG}" ]; then
# Run cron if needed
if [ -n "${LDAP2PG_CRON}" ]; then
echo "Running ldap2pg as a cron job (${LDAP2PG_CRON})"
echo "${LDAP2PG_CRON} ldap2pg --real --config ${LDAP2PG_CONFIG}" > /dev/shm/cron
supercronic /dev/shm/cron
export MINIT_MAIN="ldap2pg --real --config ${LDAP2PG_CONFIG}"
export MINIT_MAIN_NAME=ldap2pg
export MINIT_MAIN_KIND=cron
export MINIT_MAIN_CRON="${LDAP2PG_CRON}"
minit
fi
fi

2
example/images/patroni/Dockerfile
View File

@ -1,4 +1,4 @@
FROM danielberteaud/postgres:15.24.1-2
FROM danielberteaud/postgres:15.24.1-3
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
ARG PATRONI_VERSION=3.2.2

2
example/images/pg-upgrade/Dockerfile
View File

@ -1,4 +1,4 @@
FROM danielberteaud/alpine:24.1-5
FROM danielberteaud/alpine:24.1-7
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
ARG PG_FROM= \

2
example/images/postgres-major-upgrade/Dockerfile
View File

@ -1,4 +1,4 @@
FROM danielberteaud/alma:9.24.1-3
FROM danielberteaud/alma:9.24.1-5
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
ENV PG_BASE_DATA=/data/db/

0
example/prep.d/20-pki.sh → example/init/pki
View File

4
example/manage.nomad.hcl
View File

@ -74,17 +74,19 @@ job "postgres-manage" {
driver = "docker"
config {
image = "danielberteaud/ldap2pg:6.0-8"
image = "danielberteaud/ldap2pg:6.0-9"
readonly_rootfs = true
pids_limit = 20
}
vault {
policies = ["postgres"]
env = false
disable_file = true
}
env {
LDAP2PG_CONFIG = "/secrets/ldap2pg.yml"
LDAP2PG_MODE = "dry"

2
example/postgres.nomad.hcl
View File

@ -124,7 +124,7 @@ job "postgres" {
kill_timeout = "10m"
config {
image = "danielberteaud/patroni:15.24.1-1"
image = "danielberteaud/patroni:15.24.1-2"
# Set shm_size to half of the total size
shm_size = 536870912
volumes = ["local/mkdir-socket.sh:/entrypoint.d/70-mkdir-socket.sh"]

6
images/ldap2pg/Dockerfile
View File

@ -15,9 +15,7 @@ RUN set -eux &&\
FROM [[ .docker.repo ]][[ .docker.base_images.alpine.image ]]
MAINTAINER [[ .docker.maintainer ]]
ENV LANG=[[ .locale.lang ]] \
TZ=[[ .locale.tz ]] \
PGHOST=localhost \
ENV PGHOST=localhost \
PGPORT=5432 \
PGUSER=postgres \
LDAP2PG_MODE=dry \
@ -26,7 +24,7 @@ ENV LANG=[[ .locale.lang ]] \
COPY --from=ldap2pg /tmp/ldap2pg /usr/local/bin/ldap2pg
RUN set -eux &&\
apk --no-cache upgrade &&\
apk --no-cache add postgresql15-client ca-certificates supercronic
apk --no-cache add postgresql16-client ca-certificates
COPY root/ /
CMD ["run.sh"]

7
images/ldap2pg/root/usr/local/bin/run.sh
View File

@ -14,7 +14,10 @@ if [ -e "${LDAP2PG_CONFIG}" ]; then
# Run cron if needed
if [ -n "${LDAP2PG_CRON}" ]; then
echo "Running ldap2pg as a cron job (${LDAP2PG_CRON})"
echo "${LDAP2PG_CRON} ldap2pg --real --config ${LDAP2PG_CONFIG}" > /dev/shm/cron
supercronic /dev/shm/cron
export MINIT_MAIN="ldap2pg --real --config ${LDAP2PG_CONFIG}"
export MINIT_MAIN_NAME=ldap2pg
export MINIT_MAIN_KIND=cron
export MINIT_MAIN_CRON="${LDAP2PG_CRON}"
minit
fi
fi

16
manage.nomad.hcl
View File

@ -1,6 +1,6 @@
[[ $c := merge .pg.manage . -]]
job "[[ .instance ]]-manage" {
job "[[ .instance ]]-manage[[ $c.consul.suffix ]]" {
[[- $c := merge .pg.manage .pg . ]]
[[- if and (has $c "cron") (ne $c.cron "") ]]
type = "service"
@ -32,19 +32,15 @@ job "[[ .instance ]]-manage[[ $c.consul.suffix ]]" {
[[ template "common/task.wait_for" $c ]]
task "postgres-manage" {
driver = [[ $c.nomad.driver | toJSON ]]
driver = "[[ $c.nomad.driver ]]"
config {
image = [[ $c.image | toJSON ]]
image = "[[ $c.image ]]"
readonly_rootfs = true
pids_limit = 20
}
vault {
policies = ["[[ .instance ]][[ $c.consul.suffix ]]"]
env = false
disable_file = true
}
[[ template "common/vault.policies" $c ]]
env {
[[- range $idx, $db := $c.databases ]]
@ -101,7 +97,7 @@ _EOF
perms = 0400
}
[[ template "common/resources" $c.resources ]]
[[ template "common/resources" $c ]]
}
}
}

10
postgres.nomad.hcl
View File

@ -280,8 +280,7 @@ _EOT
config {
image = "[[ $c.image ]]"
command = "supercronic"
args = ["/secrets/backup.cron"]
command = "minit"
readonly_rootfs = true
pids_limit = 100
}
@ -293,16 +292,17 @@ _EOT
env {
# Use the socket from the shared dir
PGHOST = "/alloc/data/postgres"
PGHOST = "/alloc/data/postgres"
MINIT_UNIT_DIR = "/local/minit.d"
}
[[- template "common/file_env" $c ]]
template {
data =<<_EOT
[[ template "postgres/backup.cron.tpl" . ]]
[[ template "postgres/backup.minit.yml.tpl" . ]]
_EOT
destination = "secrets/backup.cron"
destination = "local/minit.d/backup.yml"
}
template {

12
templates/backup.cron.tpl
View File

@ -1,12 +0,0 @@
[[- if ne .pg.backup.pgbackrest.cron.full "" ]]
[[ .pg.backup.pgbackrest.cron.full ]] run-if-master.sh pgbackrest backup --delta --type=full
[[- end ]]
[[- if ne .pg.backup.pgbackrest.cron.incr "" ]]
[[ .pg.backup.pgbackrest.cron.incr ]] run-if-master.sh pgbackrest backup --delta --type=incr
[[- end ]]
[[- if ne .pg.backup.pgbackrest.cron.diff "" ]]
[[ .pg.backup.pgbackrest.cron.diff ]] run-if-master.sh pgbackrest backup --delta --type=diff
[[- end ]]
[[- if ne .pg.backup.dumps.cron "" ]]
[[ .pg.backup.dumps.cron ]] run-if-master.sh /local/dump.sh
[[- end ]]

32
templates/backup.minit.yml.tpl Normal file
View File

@ -0,0 +1,32 @@
[[- if ne .pg.backup.pgbackrest.cron.full "" ]]
---
kind: cron
name: pgbackrest-full
command: ["run-if-master.sh", "pgbackrest", "backup", "--delta", "--type=full"]
cron: '[[ .pg.backup.pgbackrest.cron.full ]]'
[[- end ]]
[[- if ne .pg.backup.pgbackrest.cron.incr "" ]]
---
kind: cron
name: pgbackrest-incr
command: ["run-if-master.sh", "pgbackrest", "backup", "--delta", "--type=incr"]
cron: '[[ .pg.backup.pgbackrest.cron.incr ]]'
[[- end ]]
[[- if ne .pg.backup.pgbackrest.cron.diff "" ]]
---
kind: cron
name: pgbackrest-diff
command: ["run-if-master.sh", "pgbackrest", "backup", "--delta", "--type=diff"]
cron: '[[ .pg.backup.pgbackrest.cron.diff ]]'
[[- end ]]
[[- if ne .pg.backup.dumps.cron "" ]]
---
kind: cron
name: dump
command: ["run-if-master.sh", "/local/dump.sh"]
cron: '[[ .pg.backup.dumps.cron ]]'
[[- end ]]

13
variables.yml
View File

@ -12,10 +12,14 @@ pg:
ou: Postgres
issuer: '[[ .vault.prefix ]]pki/root'
# List of vault policies to attach to the task
policies:
- '[[ .instance ]][[ .consul.suffix ]]'
# Postgres server settings
server:
# The image to use
image: '[[ .docker.repo ]]patroni:15.24.1-1'
image: '[[ .docker.repo ]]patroni:15.24.1-2'
# Number of postgres instance. Patroni will handle leader election and replication
count: 1
@ -38,11 +42,6 @@ pg:
env:
PGBACKREST_STANZA: '[[ .instance ]]'
vault:
# List of vault policies to attach to the task
policies:
- '[[ .instance ]][[ .consul.suffix ]]'
# Set higher priority for the postgres job
nomad:
priority: 100
@ -183,7 +182,7 @@ pg:
# manage can create database, users and sync permissions from LDAP (using ldap2pg)
manage:
# Image to use
image: '[[ .docker.repo ]]ldap2pg:6.0-8'
image: '[[ .docker.repo ]]ldap2pg:6.0-9'
# Resource allocation
resources: