From 58951873b23624332bde25fa88099e02203277a7 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 1 Mar 2023 21:18:40 +0100 Subject: reorg operations --- content/operations/deploiement/grappe/_index.md | 19 ----- content/operations/deploiement/grappe/stolon.md | 95 ------------------------- 2 files changed, 114 deletions(-) delete mode 100644 content/operations/deploiement/grappe/_index.md delete mode 100644 content/operations/deploiement/grappe/stolon.md (limited to 'content/operations/deploiement/grappe') diff --git a/content/operations/deploiement/grappe/_index.md b/content/operations/deploiement/grappe/_index.md deleted file mode 100644 index 80de97d..0000000 --- a/content/operations/deploiement/grappe/_index.md +++ /dev/null @@ -1,19 +0,0 @@ -+++ -title = "Grappe" -description = "Grappe" -weight = 20 -date = 2022-12-22 -sort_by = "weight" -+++ - -# Installation - -Pointer vers le dépot nixcfg (précédemment le ansible de Deuxfleurs/infrastructure). - -Passer sur Wireguard, Nomad, Consul, Diplonat, (Tricot, Garage), etc. - -# Les secrets - -# Découverte des noeuds - - diff --git a/content/operations/deploiement/grappe/stolon.md b/content/operations/deploiement/grappe/stolon.md deleted file mode 100644 index 4a683f4..0000000 --- a/content/operations/deploiement/grappe/stolon.md +++ /dev/null @@ -1,95 +0,0 @@ -+++ -title = "Stolon" -description = "Comment déployer Stolon" -date = 2022-12-22 -dateCreated = 2022-12-22 -weight = 11 -+++ - -Spawn container: - -```bash -docker run \ - -ti --rm \ - --name stolon-config \ - --user root \ - -v /var/lib/consul/pki/:/certs \ - superboum/amd64_postgres:v11 -``` - - -Init with: - -``` -stolonctl \ - --cluster-name chelidoine \ - --store-backend=consul \ - --store-endpoints https://consul.service.prod.consul:8501 \ - --store-ca-file /certs/consul-ca.crt \ - --store-cert-file /certs/consul2022-client.crt \ - --store-key /certs/consul2022-client.key \ - init \ - '{ "initMode": "new", - "usePgrewind" : true, - "proxyTimeout" : "120s", - "pgHBA": [ - "host all postgres all md5", - "host replication replicator all md5", - "host all all all ldap ldapserver=bottin.service.prod.consul ldapbasedn=\"ou=users,dc=deuxfleurs, dc=fr\" ldapbinddn=\"\" ldapbindpasswd=\"\" ldapsearchattribute=\"cn\"" - ] - }' - -``` - -Then set appropriate permission on host: - -``` -mkdir -p /mnt/{ssd,storage}/postgres/ -chown -R 999:999 /mnt/{ssd,storage}/postgres/ -``` - -(102 is the id of the postgres user used in Docker) -It might be improved by staying with root, then chmoding in an entrypoint and finally switching to user 102 before executing user's command. -Moreover it would enable the usage of the user namespace that shift the UIDs. - - - -## Upgrading the cluster - -To retrieve the current stolon config: - -``` -stolonctl spec --cluster-name chelidoine --store-backend consul --store-ca-file ... --store-cert-file ... --store-endpoints https://consul.service.prod.consul:8501 -``` - -The important part for the LDAP: - -``` -{ - "pgHBA": [ - "host all postgres all md5", - "host replication replicator all md5", - "host all all all ldap ldapserver=bottin.service.2.cluster.deuxfleurs.fr ldapbasedn=\"ou=users,dc=deuxfleurs,dc=fr\" ldapbinddn=\"cn=admin,dc=deuxfleurs,dc=fr\" ldapbindpasswd=\"\" ldapsearchattribute=\"cn\"" - ] -} -``` - -Once a patch is writen: - -``` -stolonctl --cluster-name pissenlit --store-backend consul --store-endpoints http://consul.service.2.cluster.deuxfleurs.fr:8500 update --patch -f /tmp/patch.json -``` - -## Log - -- 2020-12-18 Activate pg\_rewind in stolon - -``` -stolonctl --cluster-name pissenlit --store-backend consul --store-endpoints http://consul.service.2.cluster.deuxfleurs.fr:8500 update --patch '{ "usePgrewind" : true }' -``` - -- 2021-03-14 Increase proxy timeout to cope with consul latency spikes - -``` -stolonctl --cluster-name pissenlit --store-backend consul --store-endpoints http://consul.service.2.cluster.deuxfleurs.fr:8500 update --patch '{ "proxyTimeout" : "120s" }' -``` -- cgit v1.2.3