Add a databse service
This commit is contained in:
parent
78176c9aa7
commit
4c2ae32143
@ -0,0 +1 @@
|
|||||||
|
{{ services[service_name].password }}
|
@ -0,0 +1,21 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Podman container-database-postgres.service
|
||||||
|
Documentation=man:podman-generate-systemd(1)
|
||||||
|
Wants=network.target
|
||||||
|
After=network-online.target
|
||||||
|
BindsTo=pod-database.service
|
||||||
|
After=pod-database.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
|
Restart=on-failure
|
||||||
|
TimeoutStopSec=70
|
||||||
|
ExecStartPre=/bin/rm -f %t/container-database-postgres.pid %t/container-database-postgres.ctr-id
|
||||||
|
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-database-postgres.pid --cidfile %t/container-database-postgres.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-database.pod-id --replace --label "io.containers.autoupdate=image" -dt -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-database/database.password:/run/secrets/database.password:ro -e POSTGRES_PASSWORD_FILE=/run/secrets/database.password -v var_lib_postgresql-waldir:/var/lib/postgresql-waldir -e POSTGRES_INITDB_WALDIR=/var/lib/postgresql-waldir -v /var/lib/yggdrasil/data/pod-database-data:/var/lib/postgresql/data -e PGDATA=/var/lib/postgresql/data/pgdata --name=pod-database-postgres docker.io/library/postgres:15.0
|
||||||
|
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-database-postgres.ctr-id -t 10
|
||||||
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-database-postgres.ctr-id
|
||||||
|
PIDFile=%t/container-database-postgres.pid
|
||||||
|
Type=forking
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target default.target
|
@ -0,0 +1,23 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Podman pod-database.service
|
||||||
|
Documentation=man:podman-generate-systemd(1)
|
||||||
|
Wants=network.target
|
||||||
|
After=network-online.target
|
||||||
|
Requires=container-database-postgres.service
|
||||||
|
Before=container-database-postgres.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
|
Restart=on-failure
|
||||||
|
TimeoutStopSec=70
|
||||||
|
ExecStartPre=/bin/rm -f %t/pod-database.pid %t/pod-database.pod-id
|
||||||
|
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-database.pid --pod-id-file %t/pod-database.pod-id --name=database --network=none --replace
|
||||||
|
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-database.pod-id
|
||||||
|
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" database) > /var/lib/{{ ansible_hostname }}/containers/pod-database/pidfile'
|
||||||
|
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-database.pod-id -t 10
|
||||||
|
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-database.pod-id
|
||||||
|
PIDFile=%t/pod-database.pid
|
||||||
|
Type=forking
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target default.target
|
@ -0,0 +1,7 @@
|
|||||||
|
- name: Create volume data directory for user {{ service_user_name }}
|
||||||
|
file:
|
||||||
|
path: "/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ service_user_name }}"
|
||||||
|
group: "{{ service_user_name }}"
|
||||||
|
mode: 0755
|
@ -0,0 +1,15 @@
|
|||||||
|
- name: Create volume data directory for user {{ service_user_name }}
|
||||||
|
file:
|
||||||
|
path: "/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ service_user_name }}"
|
||||||
|
group: "{{ service_user_name }}"
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: Create data directory for user {{ service_user_name }}
|
||||||
|
file:
|
||||||
|
path: "/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}-data"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ service_user_name }}"
|
||||||
|
group: "{{ service_user_name }}"
|
||||||
|
mode: 0755
|
@ -0,0 +1,4 @@
|
|||||||
|
- name: Set default shell for for {{ service_user_name }}
|
||||||
|
user:
|
||||||
|
name: "{{ service_user_name }}"
|
||||||
|
shell: "/usr/sbin/nologin"
|
@ -0,0 +1,4 @@
|
|||||||
|
- name: Set default shell for for {{ service_user_name }}
|
||||||
|
user:
|
||||||
|
name: "{{ service_user_name }}"
|
||||||
|
shell: "/usr/bin/rbash"
|
@ -6,10 +6,11 @@
|
|||||||
system: yes
|
system: yes
|
||||||
register: user_create
|
register: user_create
|
||||||
|
|
||||||
- name: Set default shell for for {{ service_user_name }}
|
- include_tasks: "{{ item }}"
|
||||||
user:
|
with_first_found:
|
||||||
name: "{{ service_user_name }}"
|
- files:
|
||||||
shell: "{{ '/usr/bin/rbash' if service_name=='rproxy' else '/usr/sbin/nologin' }}"
|
- "01-user.d/shell/{{ service_name }}.yml"
|
||||||
|
- "01-user.d/shell/_default.yml"
|
||||||
|
|
||||||
- name: Ensure the home directory belongs to the user {{ service_user_name }}
|
- name: Ensure the home directory belongs to the user {{ service_user_name }}
|
||||||
file:
|
file:
|
||||||
@ -49,13 +50,11 @@
|
|||||||
group: "{{ service_user_name }}"
|
group: "{{ service_user_name }}"
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
- name: Create volume data directory for user {{ service_user_name }}
|
- include_tasks: "{{ item }}"
|
||||||
file:
|
with_first_found:
|
||||||
path: "/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}"
|
- files:
|
||||||
state: directory
|
- "01-user.d/data/{{ service_name }}.yml"
|
||||||
owner: "{{ service_user_name }}"
|
- "01-user.d/data/_default.yml"
|
||||||
group: "{{ service_user_name }}"
|
|
||||||
mode: 0755
|
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: Create configuration directory for user {{ service_user_name }}
|
- name: Create configuration directory for user {{ service_user_name }}
|
||||||
|
@ -0,0 +1,4 @@
|
|||||||
|
- name: Create volume data dataset for user {{ service_user_name }}
|
||||||
|
zfs:
|
||||||
|
name: rpool/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}
|
||||||
|
state: present
|
@ -0,0 +1,14 @@
|
|||||||
|
- name: Create volume data dataset for user {{ service_user_name }}
|
||||||
|
zfs:
|
||||||
|
name: rpool/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}
|
||||||
|
state: present
|
||||||
|
extra_zfs_properties:
|
||||||
|
recordsize: "8K"
|
||||||
|
|
||||||
|
- name: Create data dataset for user {{ service_user_name }}
|
||||||
|
zfs:
|
||||||
|
name: rpool/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}-data
|
||||||
|
state: present
|
||||||
|
extra_zfs_properties:
|
||||||
|
recordsize: "8K"
|
||||||
|
logbias: "throughput"
|
@ -12,7 +12,8 @@
|
|||||||
when:
|
when:
|
||||||
user_zfs_home is changed
|
user_zfs_home is changed
|
||||||
|
|
||||||
- name: Create volume data dataset for user {{ service_user_name }}
|
- include_tasks: "{{ item }}"
|
||||||
zfs:
|
with_first_found:
|
||||||
name: rpool/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}
|
- files:
|
||||||
state: present
|
- "01-zfs-datasets.d/{{ service_name }}.yml"
|
||||||
|
- "01-zfs-datasets.d/_default.yml"
|
||||||
|
@ -0,0 +1,21 @@
|
|||||||
|
- block:
|
||||||
|
- name: Create service configuration directory for {{ service_user_name }}
|
||||||
|
file:
|
||||||
|
path: "{{ service_home }}/.config/{{ service_user_name }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: Create database password
|
||||||
|
template:
|
||||||
|
src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/database.password.j2"
|
||||||
|
dest: "{{ service_home }}/.config/{{ service_user_name }}/database.password"
|
||||||
|
mode: 0600
|
||||||
|
register: database_password_file
|
||||||
|
|
||||||
|
- name: Record changes
|
||||||
|
set_fact:
|
||||||
|
service_changed: true
|
||||||
|
when:
|
||||||
|
database_password_file is changed
|
||||||
|
|
||||||
|
become_user: "{{ service_user_name }}"
|
Loading…
Reference in New Issue
Block a user