Add a databse service
This commit is contained in:
parent
78176c9aa7
commit
4c2ae32143
@ -0,0 +1 @@
|
||||
{{ services[service_name].password }}
|
@ -0,0 +1,21 @@
|
||||
[Unit]
|
||||
Description=Podman container-database-postgres.service
|
||||
Documentation=man:podman-generate-systemd(1)
|
||||
Wants=network.target
|
||||
After=network-online.target
|
||||
BindsTo=pod-database.service
|
||||
After=pod-database.service
|
||||
|
||||
[Service]
|
||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||
Restart=on-failure
|
||||
TimeoutStopSec=70
|
||||
ExecStartPre=/bin/rm -f %t/container-database-postgres.pid %t/container-database-postgres.ctr-id
|
||||
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-database-postgres.pid --cidfile %t/container-database-postgres.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-database.pod-id --replace --label "io.containers.autoupdate=image" -dt -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-database/database.password:/run/secrets/database.password:ro -e POSTGRES_PASSWORD_FILE=/run/secrets/database.password -v var_lib_postgresql-waldir:/var/lib/postgresql-waldir -e POSTGRES_INITDB_WALDIR=/var/lib/postgresql-waldir -v /var/lib/yggdrasil/data/pod-database-data:/var/lib/postgresql/data -e PGDATA=/var/lib/postgresql/data/pgdata --name=pod-database-postgres docker.io/library/postgres:15.0
|
||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-database-postgres.ctr-id -t 10
|
||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-database-postgres.ctr-id
|
||||
PIDFile=%t/container-database-postgres.pid
|
||||
Type=forking
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target default.target
|
@ -0,0 +1,23 @@
|
||||
[Unit]
|
||||
Description=Podman pod-database.service
|
||||
Documentation=man:podman-generate-systemd(1)
|
||||
Wants=network.target
|
||||
After=network-online.target
|
||||
Requires=container-database-postgres.service
|
||||
Before=container-database-postgres.service
|
||||
|
||||
[Service]
|
||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||
Restart=on-failure
|
||||
TimeoutStopSec=70
|
||||
ExecStartPre=/bin/rm -f %t/pod-database.pid %t/pod-database.pod-id
|
||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-database.pid --pod-id-file %t/pod-database.pod-id --name=database --network=none --replace
|
||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-database.pod-id
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" database) > /var/lib/{{ ansible_hostname }}/containers/pod-database/pidfile'
|
||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-database.pod-id -t 10
|
||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-database.pod-id
|
||||
PIDFile=%t/pod-database.pid
|
||||
Type=forking
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target default.target
|
@ -0,0 +1,7 @@
|
||||
- name: Create volume data directory for user {{ service_user_name }}
|
||||
file:
|
||||
path: "/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}"
|
||||
state: directory
|
||||
owner: "{{ service_user_name }}"
|
||||
group: "{{ service_user_name }}"
|
||||
mode: 0755
|
@ -0,0 +1,15 @@
|
||||
- name: Create volume data directory for user {{ service_user_name }}
|
||||
file:
|
||||
path: "/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}"
|
||||
state: directory
|
||||
owner: "{{ service_user_name }}"
|
||||
group: "{{ service_user_name }}"
|
||||
mode: 0755
|
||||
|
||||
- name: Create data directory for user {{ service_user_name }}
|
||||
file:
|
||||
path: "/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}-data"
|
||||
state: directory
|
||||
owner: "{{ service_user_name }}"
|
||||
group: "{{ service_user_name }}"
|
||||
mode: 0755
|
@ -0,0 +1,4 @@
|
||||
- name: Set default shell for for {{ service_user_name }}
|
||||
user:
|
||||
name: "{{ service_user_name }}"
|
||||
shell: "/usr/sbin/nologin"
|
@ -0,0 +1,4 @@
|
||||
- name: Set default shell for for {{ service_user_name }}
|
||||
user:
|
||||
name: "{{ service_user_name }}"
|
||||
shell: "/usr/bin/rbash"
|
@ -6,10 +6,11 @@
|
||||
system: yes
|
||||
register: user_create
|
||||
|
||||
- name: Set default shell for for {{ service_user_name }}
|
||||
user:
|
||||
name: "{{ service_user_name }}"
|
||||
shell: "{{ '/usr/bin/rbash' if service_name=='rproxy' else '/usr/sbin/nologin' }}"
|
||||
- include_tasks: "{{ item }}"
|
||||
with_first_found:
|
||||
- files:
|
||||
- "01-user.d/shell/{{ service_name }}.yml"
|
||||
- "01-user.d/shell/_default.yml"
|
||||
|
||||
- name: Ensure the home directory belongs to the user {{ service_user_name }}
|
||||
file:
|
||||
@ -49,13 +50,11 @@
|
||||
group: "{{ service_user_name }}"
|
||||
mode: 0755
|
||||
|
||||
- name: Create volume data directory for user {{ service_user_name }}
|
||||
file:
|
||||
path: "/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}"
|
||||
state: directory
|
||||
owner: "{{ service_user_name }}"
|
||||
group: "{{ service_user_name }}"
|
||||
mode: 0755
|
||||
- include_tasks: "{{ item }}"
|
||||
with_first_found:
|
||||
- files:
|
||||
- "01-user.d/data/{{ service_name }}.yml"
|
||||
- "01-user.d/data/_default.yml"
|
||||
|
||||
- block:
|
||||
- name: Create configuration directory for user {{ service_user_name }}
|
||||
|
@ -0,0 +1,4 @@
|
||||
- name: Create volume data dataset for user {{ service_user_name }}
|
||||
zfs:
|
||||
name: rpool/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}
|
||||
state: present
|
@ -0,0 +1,14 @@
|
||||
- name: Create volume data dataset for user {{ service_user_name }}
|
||||
zfs:
|
||||
name: rpool/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}
|
||||
state: present
|
||||
extra_zfs_properties:
|
||||
recordsize: "8K"
|
||||
|
||||
- name: Create data dataset for user {{ service_user_name }}
|
||||
zfs:
|
||||
name: rpool/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}-data
|
||||
state: present
|
||||
extra_zfs_properties:
|
||||
recordsize: "8K"
|
||||
logbias: "throughput"
|
@ -12,7 +12,8 @@
|
||||
when:
|
||||
user_zfs_home is changed
|
||||
|
||||
- name: Create volume data dataset for user {{ service_user_name }}
|
||||
zfs:
|
||||
name: rpool/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}
|
||||
state: present
|
||||
- include_tasks: "{{ item }}"
|
||||
with_first_found:
|
||||
- files:
|
||||
- "01-zfs-datasets.d/{{ service_name }}.yml"
|
||||
- "01-zfs-datasets.d/_default.yml"
|
||||
|
@ -0,0 +1,21 @@
|
||||
- block:
|
||||
- name: Create service configuration directory for {{ service_user_name }}
|
||||
file:
|
||||
path: "{{ service_home }}/.config/{{ service_user_name }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: Create database password
|
||||
template:
|
||||
src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/database.password.j2"
|
||||
dest: "{{ service_home }}/.config/{{ service_user_name }}/database.password"
|
||||
mode: 0600
|
||||
register: database_password_file
|
||||
|
||||
- name: Record changes
|
||||
set_fact:
|
||||
service_changed: true
|
||||
when:
|
||||
database_password_file is changed
|
||||
|
||||
become_user: "{{ service_user_name }}"
|
Loading…
Reference in New Issue
Block a user