From 0e4c641db741c91dd95934b61e70a2f5268b3c7e Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 5 Apr 2023 15:50:46 +0200 Subject: redeploy bagage --- cluster/prod/app/bagage/deploy/bagage.hcl | 86 +++++++++++++++++++++++++++++++ cluster/prod/app/bagage/secrets.toml | 4 ++ 2 files changed, 90 insertions(+) create mode 100644 cluster/prod/app/bagage/deploy/bagage.hcl create mode 100644 cluster/prod/app/bagage/secrets.toml (limited to 'cluster/prod/app') diff --git a/cluster/prod/app/bagage/deploy/bagage.hcl b/cluster/prod/app/bagage/deploy/bagage.hcl new file mode 100644 index 0000000..c9b7781 --- /dev/null +++ b/cluster/prod/app/bagage/deploy/bagage.hcl @@ -0,0 +1,86 @@ +job "bagage" { + datacenters = ["orion", "neptune"] + type = "service" + priority = 90 + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "main" { + count = 1 + + network { + port "web_port" { + static = 8080 + to = 8080 + } + port "ssh_port" { + static = 2222 + to = 2222 + } + } + + task "server" { + driver = "docker" + config { + image = "superboum/amd64_bagage:v11" + readonly_rootfs = false + network_mode = "host" + volumes = [ + "secrets/id_rsa:/id_rsa" + ] + ports = [ "web_port", "ssh_port" ] + } + + env { + BAGAGE_LDAP_ENDPOINT = "bottin.service.prod.consul:389" + } + + resources { + memory = 200 + cpu = 100 + } + + template { + data = "{{ key \"secrets/bagage/id_rsa\" }}" + destination = "secrets/id_rsa" + } + + service { + name = "bagage-ssh" + port = "ssh_port" + address_mode = "host" + tags = [ + "bagage", + "(diplonat (tcp_port 2222))" + ] + } + + service { + name = "bagage-webdav" + tags = [ + "bagage", + "tricot bagage.deuxfleurs.fr", + "d53-cname bagage.deuxfleurs.fr", + ] + port = "web_port" + address_mode = "host" + check { + type = "tcp" + port = "web_port" + address_mode = "host" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} + diff --git a/cluster/prod/app/bagage/secrets.toml b/cluster/prod/app/bagage/secrets.toml new file mode 100644 index 0000000..71b760a --- /dev/null +++ b/cluster/prod/app/bagage/secrets.toml @@ -0,0 +1,4 @@ +[secrets."bagage/id_rsa"] +type = 'command' +rotate = true +command = 'ssh-keygen -q -f >(cat) -N "" <<< y 2>/dev/null 1>&2 ; true' -- cgit v1.2.3