redeploy bagage

2023-04-05 15:50:46 +02:00 · 2023-04-05 15:50:46 +02:00 · 0e4c641db7
commit 0e4c641db7
parent c9f122bcd3
3 changed files with 91 additions and 1 deletions
--- a/cluster/prod/app/bagage/deploy/bagage.hcl
+++ b/cluster/prod/app/bagage/deploy/bagage.hcl
@ -0,0 +1,86 @@
+job "bagage" {
+  datacenters = ["orion", "neptune"]
+  type = "service"
+  priority = 90
+
+  constraint {
+    attribute = "${attr.cpu.arch}"
+    value     = "amd64"
+  }
+
+  group "main" {
+    count = 1
+
+    network {
+      port "web_port" { 
+        static = 8080
+        to = 8080 
+      }
+      port "ssh_port" { 
+        static = 2222
+        to = 2222
+      }
+    }
+
+    task "server" {
+      driver = "docker"
+      config {
+        image = "superboum/amd64_bagage:v11"
+        readonly_rootfs = false
+        network_mode = "host"
+        volumes = [
+          "secrets/id_rsa:/id_rsa"
+        ]
+        ports = [ "web_port", "ssh_port" ]
+      }
+
+      env {
+        BAGAGE_LDAP_ENDPOINT = "bottin.service.prod.consul:389"
+      }
+
+      resources {
+        memory = 200
+        cpu = 100
+      }
+
+      template {
+        data = "{{ key \"secrets/bagage/id_rsa\" }}"
+        destination = "secrets/id_rsa"
+      }
+
+      service {
+        name = "bagage-ssh"
+        port = "ssh_port"
+        address_mode = "host"
+        tags = [
+          "bagage",
+          "(diplonat (tcp_port 2222))"
+        ]
+      }
+
+      service {
+        name = "bagage-webdav"
+        tags = [
+          "bagage",
+          "tricot bagage.deuxfleurs.fr",
+          "d53-cname bagage.deuxfleurs.fr",
+        ]
+        port = "web_port"
+        address_mode = "host"
+        check {
+          type = "tcp"
+          port = "web_port"
+          address_mode = "host"
+          interval = "60s"
+          timeout = "5s"
+          check_restart {
+            limit = 3
+            grace = "90s"
+            ignore_warnings = false
+          }
+        }
+      }
+    }
+  }
+}
+
--- a/cluster/prod/app/bagage/secrets.toml
+++ b/cluster/prod/app/bagage/secrets.toml
@ -0,0 +1,4 @@
+[secrets."bagage/id_rsa"]
+type = 'command'
+rotate = true
+command = 'ssh-keygen -q -f >(cat) -N "" <<< y  2>/dev/null 1>&2 ; true'
--- a/cluster/staging/app/ci/deploy/albatros.hcl
+++ b/cluster/staging/app/ci/deploy/albatros.hcl
@ -22,7 +22,7 @@ job "albatros" {
    task "controller" {
      driver = "docker"
      config {
-        image = "dxflrs/albatros:750015b3fff91af8b9b86869411216a06bd13614"
+        image = "dxflrs/albatros:76c59221d171eb56a2ce2bfa630502ff78eeae74"
        ports = [ "http" ]
        volumes = [
          "secrets/certs:/var/run/secrets/albatros"