diff options
author | Alex <alex@adnab.me> | 2022-12-25 10:39:17 +0000 |
---|---|---|
committer | Alex <alex@adnab.me> | 2022-12-25 10:39:17 +0000 |
commit | 8364e4bcb54bfa265fc55c57adcf7bcb4e5f5869 (patch) | |
tree | d96310296cb80212b2d781c185a2ccb4e0367668 /content/operations/deploiement/grappe | |
parent | 4831ac27871e44064dc55946c5ae10b8cda32b37 (diff) | |
parent | 0a37d155dda915f80cc70d5bbd223d820f996511 (diff) | |
download | guide.deuxfleurs.fr-8364e4bcb54bfa265fc55c57adcf7bcb4e5f5869.tar.gz guide.deuxfleurs.fr-8364e4bcb54bfa265fc55c57adcf7bcb4e5f5869.zip |
Merge pull request 'MàJ générale' (#18) from maj-generale-2022 into main
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/guide.deuxfleurs.fr/pulls/18
Diffstat (limited to 'content/operations/deploiement/grappe')
-rw-r--r-- | content/operations/deploiement/grappe/_index.md | 19 | ||||
-rw-r--r-- | content/operations/deploiement/grappe/stolon.md | 95 |
2 files changed, 114 insertions, 0 deletions
diff --git a/content/operations/deploiement/grappe/_index.md b/content/operations/deploiement/grappe/_index.md new file mode 100644 index 0000000..80de97d --- /dev/null +++ b/content/operations/deploiement/grappe/_index.md @@ -0,0 +1,19 @@ ++++ +title = "Grappe" +description = "Grappe" +weight = 20 +date = 2022-12-22 +sort_by = "weight" ++++ + +# Installation + +Pointer vers le dépot nixcfg (précédemment le ansible de Deuxfleurs/infrastructure). + +Passer sur Wireguard, Nomad, Consul, Diplonat, (Tricot, Garage), etc. + +# Les secrets + +# Découverte des noeuds + + diff --git a/content/operations/deploiement/grappe/stolon.md b/content/operations/deploiement/grappe/stolon.md new file mode 100644 index 0000000..4a683f4 --- /dev/null +++ b/content/operations/deploiement/grappe/stolon.md @@ -0,0 +1,95 @@ ++++ +title = "Stolon" +description = "Comment déployer Stolon" +date = 2022-12-22 +dateCreated = 2022-12-22 +weight = 11 ++++ + +Spawn container: + +```bash +docker run \ + -ti --rm \ + --name stolon-config \ + --user root \ + -v /var/lib/consul/pki/:/certs \ + superboum/amd64_postgres:v11 +``` + + +Init with: + +``` +stolonctl \ + --cluster-name chelidoine \ + --store-backend=consul \ + --store-endpoints https://consul.service.prod.consul:8501 \ + --store-ca-file /certs/consul-ca.crt \ + --store-cert-file /certs/consul2022-client.crt \ + --store-key /certs/consul2022-client.key \ + init \ + '{ "initMode": "new", + "usePgrewind" : true, + "proxyTimeout" : "120s", + "pgHBA": [ + "host all postgres all md5", + "host replication replicator all md5", + "host all all all ldap ldapserver=bottin.service.prod.consul ldapbasedn=\"ou=users,dc=deuxfleurs, dc=fr\" ldapbinddn=\"<bind_dn>\" ldapbindpasswd=\"<bind_pwd>\" ldapsearchattribute=\"cn\"" + ] + }' + +``` + +Then set appropriate permission on host: + +``` +mkdir -p /mnt/{ssd,storage}/postgres/ +chown -R 999:999 /mnt/{ssd,storage}/postgres/ +``` + +(102 is the id of the postgres user used in Docker) +It might be improved by staying with root, then chmoding in an entrypoint and finally switching to user 102 before executing user's command. +Moreover it would enable the usage of the user namespace that shift the UIDs. + + + +## Upgrading the cluster + +To retrieve the current stolon config: + +``` +stolonctl spec --cluster-name chelidoine --store-backend consul --store-ca-file ... --store-cert-file ... --store-endpoints https://consul.service.prod.consul:8501 +``` + +The important part for the LDAP: + +``` +{ + "pgHBA": [ + "host all postgres all md5", + "host replication replicator all md5", + "host all all all ldap ldapserver=bottin.service.2.cluster.deuxfleurs.fr ldapbasedn=\"ou=users,dc=deuxfleurs,dc=fr\" ldapbinddn=\"cn=admin,dc=deuxfleurs,dc=fr\" ldapbindpasswd=\"<REDACTED>\" ldapsearchattribute=\"cn\"" + ] +} +``` + +Once a patch is writen: + +``` +stolonctl --cluster-name pissenlit --store-backend consul --store-endpoints http://consul.service.2.cluster.deuxfleurs.fr:8500 update --patch -f /tmp/patch.json +``` + +## Log + +- 2020-12-18 Activate pg\_rewind in stolon + +``` +stolonctl --cluster-name pissenlit --store-backend consul --store-endpoints http://consul.service.2.cluster.deuxfleurs.fr:8500 update --patch '{ "usePgrewind" : true }' +``` + +- 2021-03-14 Increase proxy timeout to cope with consul latency spikes + +``` +stolonctl --cluster-name pissenlit --store-backend consul --store-endpoints http://consul.service.2.cluster.deuxfleurs.fr:8500 update --patch '{ "proxyTimeout" : "120s" }' +``` |