nomad/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleanup and replace supercronic with minit

Browse Source
This commit is contained in:
Daniel Berteaud 2024-01-19 23:31:00 +01:00
parent 5124031188
commit a1987e1910
15 changed files with 71 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
example/images/ldap2pg/Dockerfile
View File

@ -12,12 +12,10 @@ RUN set -eux &&\
chown root:root ldap2pg &&\ chown root:root ldap2pg &&\
chmod 755 ldap2pg chmod 755 ldap2pg
FROM danielberteaud/alpine:24.1-5 FROM danielberteaud/alpine:24.1-7
MAINTAINER Daniel Berteaud <dbd@ehtrace.com> MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
ENV LANG=fr_FR.utf8 \ ENV PGHOST=localhost \
TZ=Europe/Paris \
PGHOST=localhost \
PGPORT=5432 \ PGPORT=5432 \
PGUSER=postgres \ PGUSER=postgres \
LDAP2PG_MODE=dry \ LDAP2PG_MODE=dry \
@ -26,7 +24,7 @@ ENV LANG=fr_FR.utf8 \
COPY --from=ldap2pg /tmp/ldap2pg /usr/local/bin/ldap2pg COPY --from=ldap2pg /tmp/ldap2pg /usr/local/bin/ldap2pg
RUN set -eux &&\ RUN set -eux &&\
apk --no-cache upgrade &&\ apk --no-cache upgrade &&\
apk --no-cache add postgresql15-client ca-certificates supercronic apk --no-cache add postgresql16-client ca-certificates
COPY root/ / COPY root/ /
CMD ["run.sh"] CMD ["run.sh"]

7
example/images/ldap2pg/root/usr/local/bin/run.sh
View File

@ -14,7 +14,10 @@ if [ -e "${LDAP2PG_CONFIG}" ]; then
# Run cron if needed # Run cron if needed
if [ -n "${LDAP2PG_CRON}" ]; then if [ -n "${LDAP2PG_CRON}" ]; then
echo "Running ldap2pg as a cron job (${LDAP2PG_CRON})" echo "Running ldap2pg as a cron job (${LDAP2PG_CRON})"
echo "${LDAP2PG_CRON} ldap2pg --real --config ${LDAP2PG_CONFIG}" > /dev/shm/cron export MINIT_MAIN="ldap2pg --real --config ${LDAP2PG_CONFIG}"
supercronic /dev/shm/cron export MINIT_MAIN_NAME=ldap2pg
export MINIT_MAIN_KIND=cron
export MINIT_MAIN_CRON="${LDAP2PG_CRON}"
minit
fi fi
fi fi

2
example/images/patroni/Dockerfile
View File

@ -1,4 +1,4 @@
FROM danielberteaud/postgres:15.24.1-2 FROM danielberteaud/postgres:15.24.1-3
MAINTAINER Daniel Berteaud <dbd@ehtrace.com> MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
ARG PATRONI_VERSION=3.2.2 ARG PATRONI_VERSION=3.2.2

2
example/images/pg-upgrade/Dockerfile
View File

@ -1,4 +1,4 @@
FROM danielberteaud/alpine:24.1-5 FROM danielberteaud/alpine:24.1-7
MAINTAINER Daniel Berteaud <dbd@ehtrace.com> MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
ARG PG_FROM= \ ARG PG_FROM= \

2
example/images/postgres-major-upgrade/Dockerfile
View File

@ -1,4 +1,4 @@
FROM danielberteaud/alma:9.24.1-3 FROM danielberteaud/alma:9.24.1-5
MAINTAINER Daniel Berteaud <dbd@ehtrace.com> MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
ENV PG_BASE_DATA=/data/db/ ENV PG_BASE_DATA=/data/db/

0
example/prep.d/20-pki.sh → example/init/pki
View File

4
example/manage.nomad.hcl
View File

@ -74,17 +74,19 @@ job "postgres-manage" {
driver = "docker" driver = "docker"
config { config {
image = "danielberteaud/ldap2pg:6.0-8" image = "danielberteaud/ldap2pg:6.0-9"
readonly_rootfs = true readonly_rootfs = true
pids_limit = 20 pids_limit = 20
} }
vault { vault {
policies = ["postgres"] policies = ["postgres"]
env = false env = false
disable_file = true disable_file = true
} }
env { env {
LDAP2PG_CONFIG = "/secrets/ldap2pg.yml" LDAP2PG_CONFIG = "/secrets/ldap2pg.yml"
LDAP2PG_MODE = "dry" LDAP2PG_MODE = "dry"

2
example/postgres.nomad.hcl
View File

@ -124,7 +124,7 @@ job "postgres" {
kill_timeout = "10m" kill_timeout = "10m"
config { config {
image = "danielberteaud/patroni:15.24.1-1" image = "danielberteaud/patroni:15.24.1-2"
# Set shm_size to half of the total size # Set shm_size to half of the total size
shm_size = 536870912 shm_size = 536870912
volumes = ["local/mkdir-socket.sh:/entrypoint.d/70-mkdir-socket.sh"] volumes = ["local/mkdir-socket.sh:/entrypoint.d/70-mkdir-socket.sh"]

6
images/ldap2pg/Dockerfile
View File

@ -15,9 +15,7 @@ RUN set -eux &&\
FROM [[ .docker.repo ]][[ .docker.base_images.alpine.image ]] FROM [[ .docker.repo ]][[ .docker.base_images.alpine.image ]]
MAINTAINER [[ .docker.maintainer ]] MAINTAINER [[ .docker.maintainer ]]
ENV LANG=[[ .locale.lang ]] \ ENV PGHOST=localhost \
TZ=[[ .locale.tz ]] \
PGHOST=localhost \
PGPORT=5432 \ PGPORT=5432 \
PGUSER=postgres \ PGUSER=postgres \
LDAP2PG_MODE=dry \ LDAP2PG_MODE=dry \
@ -26,7 +24,7 @@ ENV LANG=[[ .locale.lang ]] \
COPY --from=ldap2pg /tmp/ldap2pg /usr/local/bin/ldap2pg COPY --from=ldap2pg /tmp/ldap2pg /usr/local/bin/ldap2pg
RUN set -eux &&\ RUN set -eux &&\
apk --no-cache upgrade &&\ apk --no-cache upgrade &&\
apk --no-cache add postgresql15-client ca-certificates supercronic apk --no-cache add postgresql16-client ca-certificates
COPY root/ / COPY root/ /
CMD ["run.sh"] CMD ["run.sh"]

7
images/ldap2pg/root/usr/local/bin/run.sh
View File

@ -14,7 +14,10 @@ if [ -e "${LDAP2PG_CONFIG}" ]; then
# Run cron if needed # Run cron if needed
if [ -n "${LDAP2PG_CRON}" ]; then if [ -n "${LDAP2PG_CRON}" ]; then
echo "Running ldap2pg as a cron job (${LDAP2PG_CRON})" echo "Running ldap2pg as a cron job (${LDAP2PG_CRON})"
echo "${LDAP2PG_CRON} ldap2pg --real --config ${LDAP2PG_CONFIG}" > /dev/shm/cron export MINIT_MAIN="ldap2pg --real --config ${LDAP2PG_CONFIG}"
supercronic /dev/shm/cron export MINIT_MAIN_NAME=ldap2pg
export MINIT_MAIN_KIND=cron
export MINIT_MAIN_CRON="${LDAP2PG_CRON}"
minit
fi fi
fi fi

16
manage.nomad.hcl
View File

@ -1,6 +1,6 @@
[[ $c := merge .pg.manage . -]] job "[[ .instance ]]-manage" {
job "[[ .instance ]]-manage[[ $c.consul.suffix ]]" { [[- $c := merge .pg.manage .pg . ]]
[[- if and (has $c "cron") (ne $c.cron "") ]] [[- if and (has $c "cron") (ne $c.cron "") ]]
type = "service" type = "service"
@ -32,19 +32,15 @@ job "[[ .instance ]]-manage[[ $c.consul.suffix ]]" {
[[ template "common/task.wait_for" $c ]] [[ template "common/task.wait_for" $c ]]
task "postgres-manage" { task "postgres-manage" {
driver = [[ $c.nomad.driver | toJSON ]] driver = "[[ $c.nomad.driver ]]"
config { config {
image = [[ $c.image | toJSON ]] image = "[[ $c.image ]]"
readonly_rootfs = true readonly_rootfs = true
pids_limit = 20 pids_limit = 20
} }
vault { [[ template "common/vault.policies" $c ]]
policies = ["[[ .instance ]][[ $c.consul.suffix ]]"]
env = false
disable_file = true
}
env { env {
[[- range $idx, $db := $c.databases ]] [[- range $idx, $db := $c.databases ]]
@ -101,7 +97,7 @@ _EOF
perms = 0400 perms = 0400
} }
[[ template "common/resources" $c.resources ]] [[ template "common/resources" $c ]]
} }
} }
} }

10
postgres.nomad.hcl
View File

@ -280,8 +280,7 @@ _EOT
config { config {
image = "[[ $c.image ]]" image = "[[ $c.image ]]"
command = "supercronic" command = "minit"
args = ["/secrets/backup.cron"]
readonly_rootfs = true readonly_rootfs = true
pids_limit = 100 pids_limit = 100
} }
@ -293,16 +292,17 @@ _EOT
env { env {
# Use the socket from the shared dir # Use the socket from the shared dir
PGHOST = "/alloc/data/postgres" PGHOST = "/alloc/data/postgres"
MINIT_UNIT_DIR = "/local/minit.d"
} }
[[- template "common/file_env" $c ]] [[- template "common/file_env" $c ]]
template { template {
data =<<_EOT data =<<_EOT
[[ template "postgres/backup.cron.tpl" . ]] [[ template "postgres/backup.minit.yml.tpl" . ]]
_EOT _EOT
destination = "secrets/backup.cron" destination = "local/minit.d/backup.yml"
} }
template { template {

12
templates/backup.cron.tpl
View File

@ -1,12 +0,0 @@
[[- if ne .pg.backup.pgbackrest.cron.full "" ]]
[[ .pg.backup.pgbackrest.cron.full ]] run-if-master.sh pgbackrest backup --delta --type=full
[[- end ]]
[[- if ne .pg.backup.pgbackrest.cron.incr "" ]]
[[ .pg.backup.pgbackrest.cron.incr ]] run-if-master.sh pgbackrest backup --delta --type=incr
[[- end ]]
[[- if ne .pg.backup.pgbackrest.cron.diff "" ]]
[[ .pg.backup.pgbackrest.cron.diff ]] run-if-master.sh pgbackrest backup --delta --type=diff
[[- end ]]
[[- if ne .pg.backup.dumps.cron "" ]]
[[ .pg.backup.dumps.cron ]] run-if-master.sh /local/dump.sh
[[- end ]]

32
templates/backup.minit.yml.tpl Normal file
View File

@ -0,0 +1,32 @@
[[- if ne .pg.backup.pgbackrest.cron.full "" ]]
---
kind: cron
name: pgbackrest-full
command: ["run-if-master.sh", "pgbackrest", "backup", "--delta", "--type=full"]
cron: '[[ .pg.backup.pgbackrest.cron.full ]]'
[[- end ]]
[[- if ne .pg.backup.pgbackrest.cron.incr "" ]]
---
kind: cron
name: pgbackrest-incr
command: ["run-if-master.sh", "pgbackrest", "backup", "--delta", "--type=incr"]
cron: '[[ .pg.backup.pgbackrest.cron.incr ]]'
[[- end ]]
[[- if ne .pg.backup.pgbackrest.cron.diff "" ]]
---
kind: cron
name: pgbackrest-diff
command: ["run-if-master.sh", "pgbackrest", "backup", "--delta", "--type=diff"]
cron: '[[ .pg.backup.pgbackrest.cron.diff ]]'
[[- end ]]
[[- if ne .pg.backup.dumps.cron "" ]]
---
kind: cron
name: dump
command: ["run-if-master.sh", "/local/dump.sh"]
cron: '[[ .pg.backup.dumps.cron ]]'
[[- end ]]

13
variables.yml
View File

@ -12,10 +12,14 @@ pg:
ou: Postgres ou: Postgres
issuer: '[[ .vault.prefix ]]pki/root' issuer: '[[ .vault.prefix ]]pki/root'
# List of vault policies to attach to the task
policies:
- '[[ .instance ]][[ .consul.suffix ]]'
# Postgres server settings # Postgres server settings
server: server:
# The image to use # The image to use
image: '[[ .docker.repo ]]patroni:15.24.1-1' image: '[[ .docker.repo ]]patroni:15.24.1-2'
# Number of postgres instance. Patroni will handle leader election and replication # Number of postgres instance. Patroni will handle leader election and replication
count: 1 count: 1
@ -38,11 +42,6 @@ pg:
env: env:
PGBACKREST_STANZA: '[[ .instance ]]' PGBACKREST_STANZA: '[[ .instance ]]'
vault:
# List of vault policies to attach to the task
policies:
- '[[ .instance ]][[ .consul.suffix ]]'
# Set higher priority for the postgres job # Set higher priority for the postgres job
nomad: nomad:
priority: 100 priority: 100
@ -183,7 +182,7 @@ pg:
# manage can create database, users and sync permissions from LDAP (using ldap2pg) # manage can create database, users and sync permissions from LDAP (using ldap2pg)
manage: manage:
# Image to use # Image to use
image: '[[ .docker.repo ]]ldap2pg:6.0-8' image: '[[ .docker.repo ]]ldap2pg:6.0-9'
# Resource allocation # Resource allocation
resources: resources: