105 lines
2.4 KiB
HCL
105 lines
2.4 KiB
HCL
job "[[ .instance ]]-manage" {
|
|
|
|
[[- $c := merge .pg.manage .pg . ]]
|
|
|
|
[[- if and (has $c "cron") (ne $c.cron "") ]]
|
|
type = "service"
|
|
[[- else ]]
|
|
type = "batch"
|
|
|
|
meta {
|
|
# Force job to run each time
|
|
run = "${uuidv4()}"
|
|
}
|
|
[[- end ]]
|
|
|
|
[[ template "common/job_start" $c ]]
|
|
|
|
group "manage" {
|
|
network {
|
|
mode = "bridge"
|
|
}
|
|
|
|
ephemeral_disk {
|
|
size = 101
|
|
}
|
|
|
|
service {
|
|
name = "[[ .instance ]]-manage[[ $c.consul.suffix ]]"
|
|
[[ template "common/connect" $c ]]
|
|
}
|
|
|
|
[[ template "common/task.wait_for" $c ]]
|
|
|
|
task "postgres-manage" {
|
|
driver = "[[ $c.nomad.driver ]]"
|
|
|
|
config {
|
|
image = "[[ $c.image ]]"
|
|
readonly_rootfs = true
|
|
pids_limit = 20
|
|
}
|
|
|
|
[[ template "common/vault.policies" $c ]]
|
|
|
|
env {
|
|
[[- range $idx, $db := $c.databases ]]
|
|
PG_DB_[[ $idx ]] = [[ $db.name | toJSON ]]
|
|
[[- if has $db "owner" ]]
|
|
PG_DB_[[ $idx ]]_OWNER = [[ $db.owner | toJSON ]]
|
|
[[- end ]]
|
|
[[- if has $db "encoding" ]]
|
|
PG_DB_[[ $idx ]]_ENCODING = [[ $db.encoding | toJSON ]]
|
|
[[- end ]]
|
|
[[- if has $db "locale" ]]
|
|
PG_DB_[[ $idx ]]_LOCALE = [[ $db.locale | toJSON ]]
|
|
[[- end ]]
|
|
[[- if has $db "template" ]]
|
|
PG_DB_[[ $idx ]]_TEMPLATE = [[ $db.template | toJSON ]]
|
|
[[- end ]]
|
|
[[- if has $db "extensions" ]]
|
|
PG_DB_[[ $idx ]]_EXTENSIONS = "[[ join $db.extensions "," ]]"
|
|
[[- end ]]
|
|
[[- end ]]
|
|
LDAP2PG_CONFIG = "/secrets/ldap2pg.yml"
|
|
LDAP2PG_MODE = [[ $c.mode | toJSON ]]
|
|
[[- if and (has $c "cron") (ne $c.cron "") ]]
|
|
LDAP2PG_CRON = [[ $c.cron | toJSON ]]
|
|
[[- end ]]
|
|
}
|
|
|
|
[[ template "common/file_env" $c ]]
|
|
|
|
template {
|
|
data =<<_EOF
|
|
PGHOST=localhost
|
|
PGPORT=5432
|
|
PGUSER=postgres
|
|
PGPASSWORD={{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.pg_pwd | sprig_squote }}{{ end }}
|
|
_EOF
|
|
destination = "secrets/pg-manage.env"
|
|
uid = 100000
|
|
gid = 100000
|
|
perms = 0400
|
|
env = true
|
|
}
|
|
|
|
template {
|
|
data =<<_EOF
|
|
[[ (merge $c.config $c.default_config) | toYAML ]]
|
|
|
|
rules:
|
|
[[ (coll.Slice $c.rules $c.default_rules) | flatten | toYAML | strings.Indent 2]]
|
|
_EOF
|
|
destination = "secrets/ldap2pg.yml"
|
|
uid = 100000
|
|
gid = 100000
|
|
perms = 0400
|
|
}
|
|
|
|
[[ template "common/resources" $c ]]
|
|
}
|
|
}
|
|
}
|
|
|