prod: deploy d53

This commit is contained in:
Alex 2023-01-04 09:35:40 +01:00
parent 6478560087
commit c11b6499b8
Signed by untrusted user: lx
GPG key ID: 0E496D15096376BE
9 changed files with 178 additions and 197 deletions

View file

@ -0,0 +1,64 @@
job "core-service" {
datacenters = ["neptune", "orion", "bespin"]
type = "service"
priority = 90
group "D53" {
count = 1
task "d53" {
driver = "docker"
config {
image = "lxpz/amd64_d53:2"
network_mode = "host"
readonly_rootfs = true
volumes = [
"secrets:/etc/d53",
]
}
resources {
cpu = 100
memory = 100
}
restart {
interval = "3m"
attempts = 10
delay = "15s"
mode = "delay"
}
template {
data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
destination = "secrets/consul-ca.crt"
}
template {
data = "{{ key \"secrets/consul/consul-client.crt\" }}"
destination = "secrets/consul-client.crt"
}
template {
data = "{{ key \"secrets/consul/consul-client.key\" }}"
destination = "secrets/consul-client.key"
}
template {
data = <<EOH
D53_CONSUL_HOST=https://localhost:8501
D53_CONSUL_CA_CERT=/etc/d53/consul-ca.crt
D53_CONSUL_CLIENT_CERT=/etc/d53/consul-client.crt
D53_CONSUL_CLIENT_KEY=/etc/d53/consul-client.key
D53_PROVIDERS=deuxfleurs.fr:gandi
D53_GANDI_API_KEY={{ key "secrets/d53/gandi_api_key" }}
D53_ALLOWED_DOMAINS=deuxfleurs.fr
RUST_LOG=d53=info
EOH
destination = "secrets/env"
env = true
}
}
}
}

View file

@ -147,7 +147,13 @@ EOH
service { service {
name = "tricot-https" name = "tricot-https"
port = "https_port" port = "https_port"
tags = [ "(diplonat (tcp_port 443))", "${meta.site}" ] tags = [
"(diplonat (tcp_port 443))",
"${meta.site}",
"d53-aaaa ${meta.site}.site.deuxfleurs.fr",
"d53-a global.site.deuxfleurs.fr",
"d53-aaaa global.site.deuxfleurs.fr",
]
address_mode = "host" address_mode = "host"
} }

View file

@ -1,5 +1,5 @@
job "drone-ci" { job "drone-ci" {
datacenters = ["neptune"] datacenters = ["neptune", "orion"]
type = "service" type = "service"
group "server" { group "server" {
@ -89,6 +89,7 @@ EOH
tags = [ tags = [
"drone", "drone",
"tricot drone.deuxfleurs.fr", "tricot drone.deuxfleurs.fr",
"d53-cname drone.deuxfleurs.fr",
] ]
port = "web_port" port = "web_port"
address_mode = "host" address_mode = "host"

View file

@ -1,97 +0,0 @@
job "garage-light" {
datacenters = ["neptune", "bespin"]
type = "system"
priority = 80
update {
max_parallel = 1
min_healthy_time = "60s"
}
group "garage" {
network {
port "s3" { static = 3900 }
port "rpc" { static = 3901 }
port "web" { static = 3902 }
port "admin" { static = 3903 }
}
update {
max_parallel = 1
min_healthy_time = "30s"
healthy_deadline = "5m"
}
task "server" {
driver = "docker"
config {
advertise_ipv6_address = true
image = "dxflrs/garage:v0.8-rc2"
command = "/garage"
args = [ "server" ]
network_mode = "host"
volumes = [
"/mnt/storage/garage/data:/data",
"/mnt/ssd/garage/meta:/meta",
"secrets/garage.toml:/etc/garage.toml",
"secrets:/etc/garage",
]
logging {
type = "journald"
}
}
template {
data = file("../config/garage.toml")
destination = "secrets/garage.toml"
}
template {
data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
destination = "secrets/consul-ca.crt"
}
template {
data = "{{ key \"secrets/consul/consul-client.crt\" }}"
destination = "secrets/consul-client.crt"
}
template {
data = "{{ key \"secrets/consul/consul-client.key\" }}"
destination = "secrets/consul-client.key"
}
resources {
memory = 1000
cpu = 1000
}
kill_timeout = "20s"
service {
port = 3903
address_mode = "driver"
name = "garage-admin"
check {
type = "tcp"
port = 3903
address_mode = "driver"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
restart {
interval = "30m"
attempts = 10
delay = "15s"
mode = "delay"
}
}
}
}

View file

@ -1,5 +1,5 @@
job "garage" { job "garage" {
datacenters = [ "orion" ] datacenters = [ "neptune", "bespin", "orion" ]
type = "system" type = "system"
priority = 80 priority = 80

View file

@ -1,5 +1,5 @@
job "guichet" { job "guichet" {
datacenters = [ "neptune" ] datacenters = [ "neptune", "orion" ]
type = "service" type = "service"
priority = 90 priority = 90
@ -35,6 +35,7 @@ job "guichet" {
tags = [ tags = [
"guichet", "guichet",
"tricot guichet.deuxfleurs.fr", "tricot guichet.deuxfleurs.fr",
"d53-cname guichet.deuxfleurs.fr",
] ]
port = "web_port" port = "web_port"
address_mode = "host" address_mode = "host"

View file

@ -1,5 +1,5 @@
job "jitsi" { job "jitsi" {
datacenters = ["neptune"] datacenters = ["neptune", "orion"]
type = "service" type = "service"
priority = "10" priority = "10"
@ -142,6 +142,7 @@ EOF
tags = [ tags = [
"jitsi", "jitsi",
"tricot jitsi.deuxfleurs.fr", "tricot jitsi.deuxfleurs.fr",
"d53-cname jitsi.deuxfleurs.fr",
] ]
port = "https_port" port = "https_port"
address_mode = "host" address_mode = "host"

View file

@ -1,100 +1,7 @@
job "telemetry-service" { job "telemetry-service" {
datacenters = ["neptune", "bespin"] datacenters = ["neptune", "orion"]
type = "service" type = "service"
group "prometheus" {
count = 2
network {
port "prometheus" {
static = 9090
}
}
constraint {
attribute = "${attr.unique.hostname}"
operator = "set_contains_any"
value = "concombre,df-ymk"
}
task "prometheus" {
driver = "docker"
config {
image = "prom/prometheus:v2.39.0"
network_mode = "host"
ports = [ "prometheus" ]
args = [
"--config.file=/etc/prometheus/prometheus.yml",
"--storage.tsdb.path=/data",
"--storage.tsdb.retention.size=20GB",
]
volumes = [
"secrets:/etc/prometheus",
"/mnt/ssd/prometheus:/data"
]
}
template {
data = file("../config/prometheus.yml")
destination = "secrets/prometheus.yml"
}
template {
data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
destination = "secrets/consul-ca.crt"
}
template {
data = "{{ key \"secrets/consul/consul-client.crt\" }}"
destination = "secrets/consul-client.crt"
}
template {
data = "{{ key \"secrets/consul/consul-client.key\" }}"
destination = "secrets/consul-client.key"
}
template {
data = "{{ key \"secrets/nomad/nomad-ca.crt\" }}"
destination = "secrets/nomad-ca.crt"
}
template {
data = "{{ key \"secrets/nomad/nomad-client.crt\" }}"
destination = "secrets/nomad-client.crt"
}
template {
data = "{{ key \"secrets/nomad/nomad-client.key\" }}"
destination = "secrets/nomad-client.key"
}
resources {
memory = 1000
cpu = 1000
}
service {
port = 9090
address_mode = "driver"
name = "prometheus"
check {
type = "http"
path = "/"
port = 9090
address_mode = "driver"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
}
}
group "grafana" { group "grafana" {
count = 1 count = 1
@ -137,7 +44,7 @@ job "telemetry-service" {
task "grafana" { task "grafana" {
driver = "docker" driver = "docker"
config { config {
image = "grafana/grafana:9.2.0" image = "grafana/grafana:9.3.2"
network_mode = "host" network_mode = "host"
ports = [ "grafana" ] ports = [ "grafana" ]
volumes = [ volumes = [
@ -176,6 +83,7 @@ EOH
tags = [ tags = [
"grafana", "grafana",
"tricot grafana.deuxfleurs.fr", "tricot grafana.deuxfleurs.fr",
"d53-cname grafana.deuxfleurs.fr",
] ]
port = 3719 port = 3719
address_mode = "driver" address_mode = "driver"

View file

@ -0,0 +1,97 @@
job "telemetry-storage" {
datacenters = ["neptune", "bespin"]
type = "service"
group "prometheus" {
count = 2
network {
port "prometheus" {
static = 9090
}
}
constraint {
attribute = "${attr.unique.hostname}"
operator = "set_contains_any"
value = "concombre,df-ymk"
}
task "prometheus" {
driver = "docker"
config {
image = "prom/prometheus:v2.41.0"
network_mode = "host"
ports = [ "prometheus" ]
args = [
"--config.file=/etc/prometheus/prometheus.yml",
"--storage.tsdb.path=/data",
"--storage.tsdb.retention.size=20GB",
]
volumes = [
"secrets:/etc/prometheus",
"/mnt/ssd/prometheus:/data"
]
}
template {
data = file("../config/prometheus.yml")
destination = "secrets/prometheus.yml"
}
template {
data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
destination = "secrets/consul-ca.crt"
}
template {
data = "{{ key \"secrets/consul/consul-client.crt\" }}"
destination = "secrets/consul-client.crt"
}
template {
data = "{{ key \"secrets/consul/consul-client.key\" }}"
destination = "secrets/consul-client.key"
}
template {
data = "{{ key \"secrets/nomad/nomad-ca.crt\" }}"
destination = "secrets/nomad-ca.crt"
}
template {
data = "{{ key \"secrets/nomad/nomad-client.crt\" }}"
destination = "secrets/nomad-client.crt"
}
template {
data = "{{ key \"secrets/nomad/nomad-client.key\" }}"
destination = "secrets/nomad-client.key"
}
resources {
memory = 1000
cpu = 1000
}
service {
port = 9090
address_mode = "driver"
name = "prometheus"
check {
type = "http"
path = "/"
port = 9090
address_mode = "driver"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
}
}
}