gitea works with Postgre which is not exposed publicly, thanks to Consul Connect - the bug was that Nomad could not reach Consul's gRPC due to IPv4/6 mis-configuration

2021-06-06 18:59:20 +02:00 · 2021-06-06 18:59:20 +02:00 · 1beced4c65
parent 213e42f4ad
commit 1beced4c65
4 changed files with 55 additions and 19 deletions
--- a/hammerhead/app/gitea/deploy/gitea.hcl
+++ b/hammerhead/app/gitea/deploy/gitea.hcl
@ -12,7 +12,10 @@ job "gitea" {

    network {
      mode = "bridge"
-      port "http" { to = 3000 }
+      port "http" { 
+        static = 3000
+        to = 3000 
+      }
      port "ssh" { to = 22 }
    }

@ -51,7 +54,7 @@ job "gitea" {
              destination_name = "postgres"
              local_bind_port = "5432"
              # Optional
-              # local_bind_address = "127.0.0.1"
+              local_bind_address = "127.0.0.1"
            }
          }
        }
@ -99,9 +102,9 @@ EOH
      }

      env {
-        DOMAIN = "gitea.hammerhead.luxeylab.net"
+        DOMAIN     = "gitea.hammerhead.luxeylab.net"
        SSH_DOMAIN = "gitea.hammerhead.luxeylab.net"
-        DB_HOST   = "${NOMAD_UPSTREAM_ADDR_postgres}"
+        DB_HOST    = "${NOMAD_UPSTREAM_ADDR_postgres}"
      }
    }
  }
--- a/hammerhead/os/config/consul.json
+++ b/hammerhead/os/config/consul.json
@ -4,29 +4,20 @@
  "advertise_addr": "2001:41d0:8:ba0b::1",
  "addresses": {
    "dns": "[::]",
-    "http": "[::]"
+    "http": "[::]",
+    "grpc": "[::]"
  },
-  "retry_join": [
-        "2001:41d0:8:ba0b::1" 
-     ],
  "bootstrap_expect": 1,
  "server": true,
-  "ui": true,
+  "ui_config": {
+    "enabled": true
+  },
  "ports": {
     "dns": 53,
     "grpc": 8502
  },
-  "recursors": [
-    "213.186.33.99",
-    "172.104.136.243"
-  ],
  "encrypt": "2B2vxbfCRzu3Q29LEJAZBg==",
  "domain": "hammerhead.deuxfleurs.fr",
-  "performance": {
-    "raft_multiplier": 10,
-    "rpc_hold_timeout": "30s",
-    "leave_drain_time": "30s"
-  },
  "connect": {
    "enabled": true
  }
--- a/hammerhead/os/config/consul.old.json
+++ b/hammerhead/os/config/consul.old.json
@ -0,0 +1,40 @@
+{
+  "data_dir": "/var/lib/consul",
+  "bind_addr": "[::]",
+  "advertise_addr": "2001:41d0:8:ba0b::1",
+  "addresses": {
+    "dns": "[::]",
+    "http": "[::]"
+  },
+  "retry_join": [
+        "2001:41d0:8:ba0b::1" 
+     ],
+  "bootstrap_expect": 1,
+  "server": true,
+  "ui": {
+    "enabled": true
+  },
+  "acl": {
+    "enabled": true,
+    "default_policy": "deny",
+    "enable_token_persistence": true,
+  },
+  "ports": {
+     "dns": 53,
+     "grpc": 8502
+  },
+  "recursors": [
+    "213.186.33.99",
+    "172.104.136.243"
+  ],
+  "encrypt": "2B2vxbfCRzu3Q29LEJAZBg==",
+  "domain": "hammerhead.deuxfleurs.fr",
+  "performance": {
+    "raft_multiplier": 10,
+    "rpc_hold_timeout": "30s",
+    "leave_drain_time": "30s"
+  },
+  "connect": {
+    "enabled": true
+  }
+}
--- a/hammerhead/os/config/nomad.hcl
+++ b/hammerhead/os/config/nomad.hcl
@ -10,6 +10,8 @@ advertise {
  serf = "2001:41d0:8:ba0b::1"
 }

+bind_addr = "[::]"
+
 data_dir = "/var/lib/nomad"

 server {
@ -19,11 +21,11 @@ server {

 consul {
  address = "[::1]:8500"
+  grpc_address = "[::1]:8502"
 }

 client {
  enabled = true
-  #cpu_total_compute = 4000
  servers = ["[::1]:4648"]
  network_interface = "eno1"
  options {