diff options
Diffstat (limited to 'cluster/prod/app/core/deploy/core-system.hcl')
-rw-r--r-- | cluster/prod/app/core/deploy/core-system.hcl | 257 |
1 files changed, 0 insertions, 257 deletions
diff --git a/cluster/prod/app/core/deploy/core-system.hcl b/cluster/prod/app/core/deploy/core-system.hcl deleted file mode 100644 index 004a2ef..0000000 --- a/cluster/prod/app/core/deploy/core-system.hcl +++ /dev/null @@ -1,257 +0,0 @@ -job "core" { - datacenters = ["orion", "neptune", "scorpio"] - type = "system" - priority = 90 - - update { - max_parallel = 1 - stagger = "5m" - } - - group "diplonat" { - task "diplonat" { - driver = "docker" - - config { - image = "lxpz/amd64_diplonat:5" - network_mode = "host" - readonly_rootfs = true - privileged = true - volumes = [ - "secrets:/etc/diplonat", - ] - } - - restart { - interval = "5m" - attempts = 10 - delay = "15s" - mode = "delay" - } - - template { - data = "{{ key \"secrets/consul/consul.crt\" }}" - destination = "secrets/consul.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.crt\" }}" - destination = "secrets/consul-client.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.key\" }}" - destination = "secrets/consul-client.key" - } - - template { - data = <<EOH -DIPLONAT_REFRESH_TIME=60 -DIPLONAT_EXPIRATION_TIME=300 -DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }} -DIPLONAT_CONSUL_URL=https://consul.service.prod.consul:8501 -DIPLONAT_CONSUL_TLS_SKIP_VERIFY=true -DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt -DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key -RUST_LOG=debug -EOH - destination = "secrets/env" - env = true - } - - resources { - memory = 100 - memory_max = 200 - } - } - } - - group "tricot" { - constraint { - distinct_property = "${meta.site}" - value = "1" - } - - network { - port "http_port" { static = 80 } - port "https_port" { static = 443 } - port "metrics_port" { static = 9334 } - } - - task "server" { - driver = "docker" - - config { - image = "lxpz/amd64_tricot:47" - network_mode = "host" - readonly_rootfs = true - ports = [ "http_port", "https_port" ] - volumes = [ - "secrets:/etc/tricot", - ] - } - - resources { - cpu = 1000 - memory = 200 - memory_max = 500 - } - - restart { - interval = "5m" - attempts = 10 - delay = "15s" - mode = "delay" - } - - template { - data = "{{ key \"secrets/consul/consul-ca.crt\" }}" - destination = "secrets/consul-ca.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.crt\" }}" - destination = "secrets/consul-client.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.key\" }}" - destination = "secrets/consul-client.key" - } - - template { - data = <<EOH -TRICOT_NODE_NAME={{ env "attr.unique.hostname" }} -TRICOT_LETSENCRYPT_EMAIL=prod-sysadmin@deuxfleurs.fr -TRICOT_ENABLE_COMPRESSION=true -TRICOT_CONSUL_HOST=https://consul.service.prod.consul:8501 -TRICOT_CONSUL_TLS_SKIP_VERIFY=true -TRICOT_CONSUL_CLIENT_CERT=/etc/tricot/consul-client.crt -TRICOT_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key -TRICOT_HTTP_BIND_ADDR=[::]:80 -TRICOT_HTTPS_BIND_ADDR=[::]:443 -TRICOT_METRICS_BIND_ADDR=[::]:9334 -RUST_LOG=tricot=debug -EOH - destination = "secrets/env" - env = true - } - - service { - name = "tricot-http" - port = "http_port" - tags = [ "(diplonat (tcp_port 80))", "${meta.site}" ] - address_mode = "host" - } - - service { - name = "tricot-https" - port = "https_port" - tags = [ - "(diplonat (tcp_port 443))", - "${meta.site}", - "d53-aaaa ${meta.site}.site.deuxfleurs.fr", - "d53-a global.site.deuxfleurs.fr", - "d53-aaaa global.site.deuxfleurs.fr", - ] - address_mode = "host" - } - - service { - name = "tricot-metrics" - port = "metrics_port" - address_mode = "host" - } - } - } - - group "bottin" { - constraint { - distinct_property = "${meta.site}" - value = "1" - } - - network { - port "ldap_port" { - static = 389 - to = 389 - } - } - - task "bottin" { - driver = "docker" - config { - image = "dxflrs/bottin:7h18i30cckckaahv87d3c86pn4a7q41z" - network_mode = "host" - readonly_rootfs = true - ports = [ "ldap_port" ] - volumes = [ - "secrets/config.json:/config.json", - "secrets:/etc/bottin", - ] - } - - restart { - interval = "5m" - attempts = 10 - delay = "15s" - mode = "delay" - } - - resources { - memory = 100 - memory_max = 200 - } - - template { - data = file("../config/bottin/config.json.tpl") - destination = "secrets/config.json" - } - - template { - data = "{{ key \"secrets/consul/consul.crt\" }}" - destination = "secrets/consul.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.crt\" }}" - destination = "secrets/consul-client.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.key\" }}" - destination = "secrets/consul-client.key" - } - - template { - data = <<EOH -CONSUL_HTTP_ADDR=https://consul.service.prod.consul:8501 -CONSUL_HTTP_SSL=true -CONSUL_CACERT=/etc/bottin/consul.crt -CONSUL_CLIENT_CERT=/etc/bottin/consul-client.crt -CONSUL_CLIENT_KEY=/etc/bottin/consul-client.key -EOH - destination = "secrets/env" - env = true - } - - service { - tags = [ "${meta.site}" ] - port = "ldap_port" - address_mode = "host" - name = "bottin" - check { - type = "tcp" - port = "ldap_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } -} |