Migration des derniers documents depuis op_guide (dépôt infrastructure)

4 files changed, 132 insertions, 0 deletions

diff --git a/content/operations/deploiement/app.md b/content/operations/deploiement/app/_index.md
index 664b0b0..710e2e5 100644
--- a/content/operations/deploiement/app.md
+++ b/content/operations/deploiement/app/_index.md
@@ -2,6 +2,7 @@
 title = "Applications"
 description = "Déploiement d'une application"
 sort_by = "weight"
+date = 2022-12-22
 weight = 30
 +++
 
diff --git a/content/operations/deploiement/app/create_database.md b/content/operations/deploiement/app/create_database.md
new file mode 100644
index 0000000..e5f8a72
--- /dev/null
+++ b/content/operations/deploiement/app/create_database.md
@@ -0,0 +1,34 @@
++++
+title = "Créer une BDD"
+description = "Création d'une base de données pour une nouvelle application"
+date = 2022-12-22
+dateCreated = 2022-12-22
+weight = 11
++++
+
+## 1. Create a LDAP user and assign a password for your service
+
+Go to guichet.deuxfleurs.fr
+
+  1. Everything takes place in `ou=services,ou=users,dc=deuxfleurs,dc=fr`
+  2. Create a new user, like `johny`
+  3. Generate a random password with `openssl rand -base64 32`
+  4. Hash it with `slappasswd`
+  5. Add a `userpassword` entry with the hash
+
+This step can also be done using the automated tool `secretmgr.py` in the app folder.
+
+## 2. Connect to postgres with the admin users
+
+```bash
+# 1. Launch ssh tunnel given in the README 
+# 2. Make sure you have postregsql client installed locally
+psql -h localhost -U postgres -W postgres
+```
+
+## 3. Create the binded users with LDAP in postgres + the database
+
+```sql
+CREATE USER sogo;
+Create database sogodb with owner sogo encoding 'utf8' LC_COLLATE = 'C' LC_CTYPE = 'C' TEMPLATE template0;
+```
diff --git a/content/operations/deploiement/grappe.md b/content/operations/deploiement/grappe/_index.md
index b917005..80de97d 100644
--- a/content/operations/deploiement/grappe.md
+++ b/content/operations/deploiement/grappe/_index.md
@@ -2,6 +2,8 @@
 title = "Grappe"
 description = "Grappe"
 weight = 20
+date = 2022-12-22
+sort_by = "weight"
 +++
 
 # Installation
diff --git a/content/operations/deploiement/grappe/stolon.md b/content/operations/deploiement/grappe/stolon.md
new file mode 100644
index 0000000..4a683f4
--- /dev/null
+++ b/content/operations/deploiement/grappe/stolon.md
@@ -0,0 +1,95 @@
++++
+title = "Stolon"
+description = "Comment déployer Stolon"
+date = 2022-12-22
+dateCreated = 2022-12-22
+weight = 11
++++
+
+Spawn container:
+
+```bash
+docker run \
+  -ti --rm \
+  --name stolon-config \
+  --user root \
+  -v /var/lib/consul/pki/:/certs \
+  superboum/amd64_postgres:v11
+```
+
+
+Init with:
+
+```
+stolonctl \
+  --cluster-name chelidoine \
+  --store-backend=consul \
+  --store-endpoints https://consul.service.prod.consul:8501 \
+  --store-ca-file /certs/consul-ca.crt \
+  --store-cert-file /certs/consul2022-client.crt \
+  --store-key /certs/consul2022-client.key \
+  init \
+  '{ "initMode": "new",
+     "usePgrewind" : true,
+     "proxyTimeout" : "120s",
+     "pgHBA": [ 
+       "host all postgres all md5", 
+       "host replication replicator all md5", 
+       "host all all all ldap ldapserver=bottin.service.prod.consul ldapbasedn=\"ou=users,dc=deuxfleurs, dc=fr\" ldapbinddn=\"<bind_dn>\" ldapbindpasswd=\"<bind_pwd>\" ldapsearchattribute=\"cn\"" 
+      ] 
+   }'
+
+```
+
+Then set appropriate permission on host:
+
+```
+mkdir -p /mnt/{ssd,storage}/postgres/
+chown -R 999:999 /mnt/{ssd,storage}/postgres/
+```
+
+(102 is the id of the postgres user used in Docker)
+It might be improved by staying with root, then chmoding in an entrypoint and finally switching to user 102 before executing user's command.
+Moreover it would enable the usage of the user namespace that shift the UIDs.
+
+
+
+## Upgrading the cluster
+
+To retrieve the current stolon config:
+
+```
+stolonctl spec --cluster-name chelidoine --store-backend consul --store-ca-file ... --store-cert-file ... --store-endpoints https://consul.service.prod.consul:8501
+```
+
+The important part for the LDAP:
+
+```
+{
+	"pgHBA": [
+		"host all postgres all md5",
+		"host replication replicator all md5",
+		"host all all all ldap ldapserver=bottin.service.2.cluster.deuxfleurs.fr ldapbasedn=\"ou=users,dc=deuxfleurs,dc=fr\" ldapbinddn=\"cn=admin,dc=deuxfleurs,dc=fr\" ldapbindpasswd=\"<REDACTED>\" ldapsearchattribute=\"cn\""
+	]
+}
+```
+
+Once a patch is writen:
+
+```
+stolonctl --cluster-name pissenlit --store-backend consul --store-endpoints http://consul.service.2.cluster.deuxfleurs.fr:8500 update --patch -f /tmp/patch.json
+```
+
+## Log
+
+- 2020-12-18 Activate pg\_rewind in stolon
+
+```
+stolonctl --cluster-name pissenlit --store-backend consul --store-endpoints http://consul.service.2.cluster.deuxfleurs.fr:8500 update --patch '{ "usePgrewind" : true }'
+```
+
+- 2021-03-14 Increase proxy timeout to cope with consul latency spikes
+
+```
+stolonctl --cluster-name pissenlit --store-backend consul --store-endpoints http://consul.service.2.cluster.deuxfleurs.fr:8500 update --patch '{ "proxyTimeout" : "120s" }'
+```