Add a databse service

This commit is contained in:
Wojciech Kozlowski 2022-10-24 00:45:52 +02:00
parent 78176c9aa7
commit 4c2ae32143
12 changed files with 129 additions and 15 deletions

View File

@ -0,0 +1 @@
{{ services[service_name].password }}

View File

@ -0,0 +1,21 @@
[Unit]
Description=Podman container-database-postgres.service
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo=pod-database.service
After=pod-database.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/container-database-postgres.pid %t/container-database-postgres.ctr-id
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-database-postgres.pid --cidfile %t/container-database-postgres.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-database.pod-id --replace --label "io.containers.autoupdate=image" -dt -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-database/database.password:/run/secrets/database.password:ro -e POSTGRES_PASSWORD_FILE=/run/secrets/database.password -v var_lib_postgresql-waldir:/var/lib/postgresql-waldir -e POSTGRES_INITDB_WALDIR=/var/lib/postgresql-waldir -v /var/lib/yggdrasil/data/pod-database-data:/var/lib/postgresql/data -e PGDATA=/var/lib/postgresql/data/pgdata --name=pod-database-postgres docker.io/library/postgres:15.0
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-database-postgres.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-database-postgres.ctr-id
PIDFile=%t/container-database-postgres.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

View File

@ -0,0 +1,23 @@
[Unit]
Description=Podman pod-database.service
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
Requires=container-database-postgres.service
Before=container-database-postgres.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-database.pid %t/pod-database.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-database.pid --pod-id-file %t/pod-database.pod-id --name=database --network=none --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-database.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" database) > /var/lib/{{ ansible_hostname }}/containers/pod-database/pidfile'
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-database.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-database.pod-id
PIDFile=%t/pod-database.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

View File

@ -0,0 +1,7 @@
- name: Create volume data directory for user {{ service_user_name }}
file:
path: "/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}"
state: directory
owner: "{{ service_user_name }}"
group: "{{ service_user_name }}"
mode: 0755

View File

@ -0,0 +1,15 @@
- name: Create volume data directory for user {{ service_user_name }}
file:
path: "/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}"
state: directory
owner: "{{ service_user_name }}"
group: "{{ service_user_name }}"
mode: 0755
- name: Create data directory for user {{ service_user_name }}
file:
path: "/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}-data"
state: directory
owner: "{{ service_user_name }}"
group: "{{ service_user_name }}"
mode: 0755

View File

@ -0,0 +1,4 @@
- name: Set default shell for for {{ service_user_name }}
user:
name: "{{ service_user_name }}"
shell: "/usr/sbin/nologin"

View File

@ -0,0 +1,4 @@
- name: Set default shell for for {{ service_user_name }}
user:
name: "{{ service_user_name }}"
shell: "/usr/bin/rbash"

View File

@ -6,10 +6,11 @@
system: yes
register: user_create
- name: Set default shell for for {{ service_user_name }}
user:
name: "{{ service_user_name }}"
shell: "{{ '/usr/bin/rbash' if service_name=='rproxy' else '/usr/sbin/nologin' }}"
- include_tasks: "{{ item }}"
with_first_found:
- files:
- "01-user.d/shell/{{ service_name }}.yml"
- "01-user.d/shell/_default.yml"
- name: Ensure the home directory belongs to the user {{ service_user_name }}
file:
@ -49,13 +50,11 @@
group: "{{ service_user_name }}"
mode: 0755
- name: Create volume data directory for user {{ service_user_name }}
file:
path: "/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}"
state: directory
owner: "{{ service_user_name }}"
group: "{{ service_user_name }}"
mode: 0755
- include_tasks: "{{ item }}"
with_first_found:
- files:
- "01-user.d/data/{{ service_name }}.yml"
- "01-user.d/data/_default.yml"
- block:
- name: Create configuration directory for user {{ service_user_name }}

View File

@ -0,0 +1,4 @@
- name: Create volume data dataset for user {{ service_user_name }}
zfs:
name: rpool/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}
state: present

View File

@ -0,0 +1,14 @@
- name: Create volume data dataset for user {{ service_user_name }}
zfs:
name: rpool/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}
state: present
extra_zfs_properties:
recordsize: "8K"
- name: Create data dataset for user {{ service_user_name }}
zfs:
name: rpool/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}-data
state: present
extra_zfs_properties:
recordsize: "8K"
logbias: "throughput"

View File

@ -12,7 +12,8 @@
when:
user_zfs_home is changed
- name: Create volume data dataset for user {{ service_user_name }}
zfs:
name: rpool/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}
state: present
- include_tasks: "{{ item }}"
with_first_found:
- files:
- "01-zfs-datasets.d/{{ service_name }}.yml"
- "01-zfs-datasets.d/_default.yml"

View File

@ -0,0 +1,21 @@
- block:
- name: Create service configuration directory for {{ service_user_name }}
file:
path: "{{ service_home }}/.config/{{ service_user_name }}"
state: directory
mode: 0755
- name: Create database password
template:
src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/database.password.j2"
dest: "{{ service_home }}/.config/{{ service_user_name }}/database.password"
mode: 0600
register: database_password_file
- name: Record changes
set_fact:
service_changed: true
when:
database_password_file is changed
become_user: "{{ service_user_name }}"