job "postgres14" { datacenters = ["orion"] type = "system" priority = 90 update { max_parallel = 1 min_healthy_time = "2m" healthy_deadline = "5m" auto_revert = true } group "postgres" { network { port "psql_proxy_port" { static = 5432 } port "psql_port" { static = 5433 } } task "sentinel" { driver = "docker" config { image = "superboum/amd64_postgres:v11" network_mode = "host" readonly_rootfs = false command = "/usr/local/bin/stolon-sentinel" args = [ "--cluster-name", "chelidoine", "--store-backend", "consul", "--store-endpoints", "https://consul.service.prod.consul:8501", "--store-ca-file", "/certs/consul-ca.crt", "--store-cert-file", "/certs/consul-client.crt", "--store-key", "/certs/consul-client.key", ] volumes = [ "secrets/certs:/certs", ] } resources { memory = 100 } template { data = "{{ key \"secrets/consul/consul-ca.crt\" }}" destination = "secrets/certs/consul-ca.crt" } template { data = "{{ key \"secrets/consul/consul-client.crt\" }}" destination = "secrets/certs/consul-client.crt" } template { data = "{{ key \"secrets/consul/consul-client.key\" }}" destination = "secrets/certs/consul-client.key" } } task "proxy" { driver = "docker" config { image = "superboum/amd64_postgres:v11" network_mode = "host" readonly_rootfs = false command = "/usr/local/bin/stolon-proxy" args = [ "--cluster-name", "chelidoine", "--store-backend", "consul", "--store-endpoints", "https://consul.service.prod.consul:8501", "--store-ca-file", "/certs/consul-ca.crt", "--store-cert-file", "/certs/consul-client.crt", "--store-key", "/certs/consul-client.key", "--port", "${NOMAD_PORT_psql_proxy_port}", "--listen-address", "0.0.0.0", "--log-level", "info" ] volumes = [ "secrets/certs:/certs", ] ports = [ "psql_proxy_port" ] } resources { memory = 100 } template { data = "{{ key \"secrets/consul/consul-ca.crt\" }}" destination = "secrets/certs/consul-ca.crt" } template { data = "{{ key \"secrets/consul/consul-client.crt\" }}" destination = "secrets/certs/consul-client.crt" } template { data = "{{ key \"secrets/consul/consul-client.key\" }}" destination = "secrets/certs/consul-client.key" } service { tags = ["sql"] port = "psql_proxy_port" address_mode = "host" name = "psql-proxy" check { type = "tcp" port = "psql_proxy_port" interval = "60s" timeout = "5s" check_restart { limit = 3 grace = "10m" ignore_warnings = false } } } } task "keeper" { driver = "docker" config { image = "superboum/amd64_postgres:v11" network_mode = "host" readonly_rootfs = false command = "/usr/local/bin/stolon-keeper" args = [ "--cluster-name", "chelidoine", "--store-backend", "consul", "--store-endpoints", "https://consul.service.prod.consul:8501", "--store-ca-file", "/certs/consul-ca.crt", "--store-cert-file", "/certs/consul-client.crt", "--store-key", "/certs/consul-client.key", "--data-dir", "/mnt/persist", "--pg-su-password", "${PG_SU_PWD}", "--pg-repl-username", "${PG_REPL_USER}", "--pg-repl-password", "${PG_REPL_PWD}", /* The postgres daemon accepts 0.0.0.0, ::, and * here but not Stolon. Otherwise you will have the following error and your cluster will be broken (no replication) WARN cmd/keeper.go:1979 provided --pg-listen-address "*": is not an ip address but a hostname. This will be advertized to the other components and may have undefined behaviors if resolved differently by other hosts WARN cmd/keeper.go:1984 cannot resolve provided --pg-listen-address "*": lookup *: no such host */ "--pg-listen-address", "${attr.unique.network.ip-address}", "--pg-port", "${NOMAD_PORT_psql_port}", "--pg-bin-path", "/usr/lib/postgresql/14/bin/" ] ports = [ "psql_port" ] volumes = [ "/mnt/ssd/postgres:/mnt/persist", "/mnt/storage/postgres_extended:/mnt/slow", "secrets/certs:/certs" ] } template { data = file("../config/keeper/env.tpl") destination = "secrets/env" env = true } template { data = "{{ key \"secrets/consul/consul-ca.crt\" }}" destination = "secrets/certs/consul-ca.crt" } template { data = "{{ key \"secrets/consul/consul-client.crt\" }}" destination = "secrets/certs/consul-client.crt" } template { data = "{{ key \"secrets/consul/consul-client.key\" }}" destination = "secrets/certs/consul-client.key" } resources { memory = 600 } service { tags = ["sql"] port = "psql_port" address_mode = "host" name = "psql-keeper" check { type = "tcp" port = "psql_port" interval = "60s" timeout = "5s" } } } } }