aboutsummaryrefslogtreecommitdiff
path: root/content/operations/deploiement/grappe
diff options
context:
space:
mode:
authorAlex <alex@adnab.me>2022-12-25 10:39:17 +0000
committerAlex <alex@adnab.me>2022-12-25 10:39:17 +0000
commit8364e4bcb54bfa265fc55c57adcf7bcb4e5f5869 (patch)
treed96310296cb80212b2d781c185a2ccb4e0367668 /content/operations/deploiement/grappe
parent4831ac27871e44064dc55946c5ae10b8cda32b37 (diff)
parent0a37d155dda915f80cc70d5bbd223d820f996511 (diff)
downloadguide.deuxfleurs.fr-8364e4bcb54bfa265fc55c57adcf7bcb4e5f5869.tar.gz
guide.deuxfleurs.fr-8364e4bcb54bfa265fc55c57adcf7bcb4e5f5869.zip
Merge pull request 'MàJ générale' (#18) from maj-generale-2022 into main
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/guide.deuxfleurs.fr/pulls/18
Diffstat (limited to 'content/operations/deploiement/grappe')
-rw-r--r--content/operations/deploiement/grappe/_index.md19
-rw-r--r--content/operations/deploiement/grappe/stolon.md95
2 files changed, 114 insertions, 0 deletions
diff --git a/content/operations/deploiement/grappe/_index.md b/content/operations/deploiement/grappe/_index.md
new file mode 100644
index 0000000..80de97d
--- /dev/null
+++ b/content/operations/deploiement/grappe/_index.md
@@ -0,0 +1,19 @@
++++
+title = "Grappe"
+description = "Grappe"
+weight = 20
+date = 2022-12-22
+sort_by = "weight"
++++
+
+# Installation
+
+Pointer vers le dépot nixcfg (précédemment le ansible de Deuxfleurs/infrastructure).
+
+Passer sur Wireguard, Nomad, Consul, Diplonat, (Tricot, Garage), etc.
+
+# Les secrets
+
+# Découverte des noeuds
+
+
diff --git a/content/operations/deploiement/grappe/stolon.md b/content/operations/deploiement/grappe/stolon.md
new file mode 100644
index 0000000..4a683f4
--- /dev/null
+++ b/content/operations/deploiement/grappe/stolon.md
@@ -0,0 +1,95 @@
++++
+title = "Stolon"
+description = "Comment déployer Stolon"
+date = 2022-12-22
+dateCreated = 2022-12-22
+weight = 11
++++
+
+Spawn container:
+
+```bash
+docker run \
+ -ti --rm \
+ --name stolon-config \
+ --user root \
+ -v /var/lib/consul/pki/:/certs \
+ superboum/amd64_postgres:v11
+```
+
+
+Init with:
+
+```
+stolonctl \
+ --cluster-name chelidoine \
+ --store-backend=consul \
+ --store-endpoints https://consul.service.prod.consul:8501 \
+ --store-ca-file /certs/consul-ca.crt \
+ --store-cert-file /certs/consul2022-client.crt \
+ --store-key /certs/consul2022-client.key \
+ init \
+ '{ "initMode": "new",
+ "usePgrewind" : true,
+ "proxyTimeout" : "120s",
+ "pgHBA": [
+ "host all postgres all md5",
+ "host replication replicator all md5",
+ "host all all all ldap ldapserver=bottin.service.prod.consul ldapbasedn=\"ou=users,dc=deuxfleurs, dc=fr\" ldapbinddn=\"<bind_dn>\" ldapbindpasswd=\"<bind_pwd>\" ldapsearchattribute=\"cn\""
+ ]
+ }'
+
+```
+
+Then set appropriate permission on host:
+
+```
+mkdir -p /mnt/{ssd,storage}/postgres/
+chown -R 999:999 /mnt/{ssd,storage}/postgres/
+```
+
+(102 is the id of the postgres user used in Docker)
+It might be improved by staying with root, then chmoding in an entrypoint and finally switching to user 102 before executing user's command.
+Moreover it would enable the usage of the user namespace that shift the UIDs.
+
+
+
+## Upgrading the cluster
+
+To retrieve the current stolon config:
+
+```
+stolonctl spec --cluster-name chelidoine --store-backend consul --store-ca-file ... --store-cert-file ... --store-endpoints https://consul.service.prod.consul:8501
+```
+
+The important part for the LDAP:
+
+```
+{
+ "pgHBA": [
+ "host all postgres all md5",
+ "host replication replicator all md5",
+ "host all all all ldap ldapserver=bottin.service.2.cluster.deuxfleurs.fr ldapbasedn=\"ou=users,dc=deuxfleurs,dc=fr\" ldapbinddn=\"cn=admin,dc=deuxfleurs,dc=fr\" ldapbindpasswd=\"<REDACTED>\" ldapsearchattribute=\"cn\""
+ ]
+}
+```
+
+Once a patch is writen:
+
+```
+stolonctl --cluster-name pissenlit --store-backend consul --store-endpoints http://consul.service.2.cluster.deuxfleurs.fr:8500 update --patch -f /tmp/patch.json
+```
+
+## Log
+
+- 2020-12-18 Activate pg\_rewind in stolon
+
+```
+stolonctl --cluster-name pissenlit --store-backend consul --store-endpoints http://consul.service.2.cluster.deuxfleurs.fr:8500 update --patch '{ "usePgrewind" : true }'
+```
+
+- 2021-03-14 Increase proxy timeout to cope with consul latency spikes
+
+```
+stolonctl --cluster-name pissenlit --store-backend consul --store-endpoints http://consul.service.2.cluster.deuxfleurs.fr:8500 update --patch '{ "proxyTimeout" : "120s" }'
+```