job "postgres14" {
datacenters = ["orion"]
type = "system"
priority = 90
update {
max_parallel = 1
min_healthy_time = "2m"
healthy_deadline = "5m"
auto_revert = true
}
group "postgres" {
network {
port "psql_proxy_port" { static = 5432 }
port "psql_port" { static = 5433 }
}
task "sentinel" {
driver = "docker"
config {
image = "superboum/amd64_postgres:v11"
network_mode = "host"
readonly_rootfs = false
command = "/usr/local/bin/stolon-sentinel"
args = [
"--cluster-name", "chelidoine",
"--store-backend", "consul",
"--store-endpoints", "https://consul.service.prod.consul:8501",
"--store-ca-file", "/certs/consul-ca.crt",
"--store-cert-file", "/certs/consul-client.crt",
"--store-key", "/certs/consul-client.key",
]
volumes = [
"secrets/certs:/certs",
]
}
resources {
memory = 100
}
template {
data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
destination = "secrets/certs/consul-ca.crt"
}
template {
data = "{{ key \"secrets/consul/consul-client.crt\" }}"
destination = "secrets/certs/consul-client.crt"
}
template {
data = "{{ key \"secrets/consul/consul-client.key\" }}"
destination = "secrets/certs/consul-client.key"
}
}
task "proxy" {
driver = "docker"
config {
image = "superboum/amd64_postgres:v11"
network_mode = "host"
readonly_rootfs = false
command = "/usr/local/bin/stolon-proxy"
args = [
"--cluster-name", "chelidoine",
"--store-backend", "consul",
"--store-endpoints", "https://consul.service.prod.consul:8501",
"--store-ca-file", "/certs/consul-ca.crt",
"--store-cert-file", "/certs/consul-client.crt",
"--store-key", "/certs/consul-client.key",
"--port", "${NOMAD_PORT_psql_proxy_port}",
"--listen-address", "0.0.0.0",
"--log-level", "info"
]
volumes = [
"secrets/certs:/certs",
]
ports = [ "psql_proxy_port" ]
}
resources {
memory = 100
}
template {
data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
destination = "secrets/certs/consul-ca.crt"
}
template {
data = "{{ key \"secrets/consul/consul-client.crt\" }}"
destination = "secrets/certs/consul-client.crt"
}
template {
data = "{{ key \"secrets/consul/consul-client.key\" }}"
destination = "secrets/certs/consul-client.key"
}
service {
tags = ["sql"]
port = "psql_proxy_port"
address_mode = "host"
name = "psql-proxy"
check {
type = "tcp"
port = "psql_proxy_port"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "10m"
ignore_warnings = false
}
}
}
}
task "keeper" {
driver = "docker"
config {
image = "superboum/amd64_postgres:v11"
network_mode = "host"
readonly_rootfs = false
command = "/usr/local/bin/stolon-keeper"
args = [
"--cluster-name", "chelidoine",
"--store-backend", "consul",
"--store-endpoints", "https://consul.service.prod.consul:8501",
"--store-ca-file", "/certs/consul-ca.crt",
"--store-cert-file", "/certs/consul-client.crt",
"--store-key", "/certs/consul-client.key",
"--data-dir", "/mnt/persist",
"--pg-su-password", "${PG_SU_PWD}",
"--pg-repl-username", "${PG_REPL_USER}",
"--pg-repl-password", "${PG_REPL_PWD}",
/*
The postgres daemon accepts 0.0.0.0, ::, and * here but not Stolon.
Otherwise you will have the following error and your cluster will be broken (no replication)
WARN cmd/keeper.go:1979 provided --pg-listen-address "*": is not an ip address but a hostname. This will be advertized to the other components and may have undefined behaviors if resolved differently by other hosts
WARN cmd/keeper.go:1984 cannot resolve provided --pg-listen-address "*": lookup *: no such host
*/
"--pg-listen-address", "${attr.unique.network.ip-address}",
"--pg-port", "${NOMAD_PORT_psql_port}",
"--pg-bin-path", "/usr/lib/postgresql/14/bin/"
]
ports = [ "psql_port" ]
volumes = [
"/mnt/ssd/postgres:/mnt/persist",
"/mnt/storage/postgres_extended:/mnt/slow",
"secrets/certs:/certs"
]
}
template {
data = file("../config/keeper/env.tpl")
destination = "secrets/env"
env = true
}
template {
data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
destination = "secrets/certs/consul-ca.crt"
}
template {
data = "{{ key \"secrets/consul/consul-client.crt\" }}"
destination = "secrets/certs/consul-client.crt"
}
template {
data = "{{ key \"secrets/consul/consul-client.key\" }}"
destination = "secrets/certs/consul-client.key"
}
resources {
memory = 600
}
service {
tags = ["sql"]
port = "psql_port"
address_mode = "host"
name = "psql-keeper"
check {
type = "tcp"
port = "psql_port"
interval = "60s"
timeout = "5s"
}
}
}
}
}