Some fixes regarding startup of postgres
There were some issues with setting mount dependencies for postgresql. Now however that is solved. What didn't work was when the disk-mapping.json file depended on vault-agent. As that file is not secret by any means, I moved it to /var/lib. The only thing left to do, is to make postgresql start up when the server is first created, and the /var/lib file does not exist.
This commit is contained in:
parent
1ca3a407f2
commit
0ff2b12fb0
GPG key ID:
C7D890804F01E9F0
3 changed files with 42 additions and 6 deletions
|
|
@ -24,8 +24,8 @@ let
|
||||||
text = ''
|
text = ''
|
||||||
df -h
|
df -h
|
||||||
lsblk
|
lsblk
|
||||||
${lib.getExe' pkgs.uutils-coreutils-noprefix "mkdir"} -p /run/secret
|
${lib.getExe' pkgs.uutils-coreutils-noprefix "mkdir"} -p /var/lib/vault-agent
|
||||||
echo ${lib.escapeShellArg (builtins.toJSON diskMapping)} > /run/secret/disk-mapping.json
|
echo ${lib.escapeShellArg (builtins.toJSON diskMapping)} > /var/lib/vault-agent/disk-mapping.json
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
diskMappingModule = {
|
diskMappingModule = {
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,16 @@ let
|
||||||
cfg = config.khscodes.fs.zfs;
|
cfg = config.khscodes.fs.zfs;
|
||||||
isTest = cfg.test;
|
isTest = cfg.test;
|
||||||
zpoolSetup = lib.getExe pkgs.khscodes.zpool-setup;
|
zpoolSetup = lib.getExe pkgs.khscodes.zpool-setup;
|
||||||
|
allDatasets = lib.lists.flatten (
|
||||||
|
lib.lists.map (
|
||||||
|
{ name, value }:
|
||||||
|
lib.lists.map (ds: {
|
||||||
|
zpool = name;
|
||||||
|
datasetName = ds.name;
|
||||||
|
datasetConfig = ds.value;
|
||||||
|
}) (lib.attrsToList value.datasets)
|
||||||
|
) (lib.attrsToList cfg.zpools)
|
||||||
|
);
|
||||||
setupZpool =
|
setupZpool =
|
||||||
{ name, value }:
|
{ name, value }:
|
||||||
let
|
let
|
||||||
|
|
@ -83,14 +93,14 @@ in
|
||||||
BAO_ADDR = config.khscodes.services.vault-agent.vault.address;
|
BAO_ADDR = config.khscodes.services.vault-agent.vault.address;
|
||||||
VAULT_ROLE_ID_FILE = "/var/lib/vault-agent/role-id";
|
VAULT_ROLE_ID_FILE = "/var/lib/vault-agent/role-id";
|
||||||
VAULT_SECRET_ID_FILE = "/var/lib/vault-agent/secret-id";
|
VAULT_SECRET_ID_FILE = "/var/lib/vault-agent/secret-id";
|
||||||
DISK_MAPPING_FILE = "/run/secret/disk-mapping.json";
|
DISK_MAPPING_FILE = "/var/lib/vault-agent/disk-mapping.json";
|
||||||
LOGLEVEL = "trace";
|
LOGLEVEL = "trace";
|
||||||
}
|
}
|
||||||
// (lib.attrsets.optionalAttrs isTest {
|
// (lib.attrsets.optionalAttrs isTest {
|
||||||
ZFS_TEST = "true";
|
ZFS_TEST = "true";
|
||||||
});
|
});
|
||||||
unitConfig.ConditionPathExists = [
|
unitConfig.ConditionPathExists = [
|
||||||
"/run/secret/disk-mapping.json"
|
"/var/lib/vault-agent/disk-mapping.json"
|
||||||
]
|
]
|
||||||
++ lib.lists.optionals (!isTest) [
|
++ lib.lists.optionals (!isTest) [
|
||||||
"/var/lib/vault-agent/role-id"
|
"/var/lib/vault-agent/role-id"
|
||||||
|
|
@ -104,6 +114,28 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
# Make sure mount units exists, such that RequiresMountsFor works as intended.
|
||||||
|
systemd.mounts = lib.lists.foldl (
|
||||||
|
acc:
|
||||||
|
{
|
||||||
|
zpool,
|
||||||
|
datasetName,
|
||||||
|
datasetConfig,
|
||||||
|
}:
|
||||||
|
acc
|
||||||
|
++ (lib.lists.optional (datasetConfig.mountpoint != null) {
|
||||||
|
description = "Mount ${datasetConfig.mountpoint} from zpool ${zpool}";
|
||||||
|
what = "${zpool}/${datasetName}";
|
||||||
|
where = "${datasetConfig.mountpoint}";
|
||||||
|
type = "zfs-non-legacy";
|
||||||
|
unitConfig = {
|
||||||
|
Requires = [ "khscodes-zpool-setup.service" ];
|
||||||
|
After = [ "khscodes-zpool-setup.service" ];
|
||||||
|
Conflicts = [ "umount.target" ];
|
||||||
|
Before = [ "umount.target" ];
|
||||||
|
};
|
||||||
|
})
|
||||||
|
) [ ] allDatasets;
|
||||||
khscodes.infrastructure.vault-server-approle.policy = lib.mapAttrs' (name: value: {
|
khscodes.infrastructure.vault-server-approle.policy = lib.mapAttrs' (name: value: {
|
||||||
name = "${value.encryptionKeyOpenbao.mount}/data/${value.encryptionKeyOpenbao.name}";
|
name = "${value.encryptionKeyOpenbao.mount}/data/${value.encryptionKeyOpenbao.name}";
|
||||||
value = {
|
value = {
|
||||||
|
|
@ -119,7 +151,7 @@ in
|
||||||
{{ .Data.data | toUnescapedJSON }}
|
{{ .Data.data | toUnescapedJSON }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
'';
|
'';
|
||||||
destination = "/run/secret/disk-mapping.json";
|
destination = "/var/lib/vault-agent/disk-mapping.json";
|
||||||
owner = "root";
|
owner = "root";
|
||||||
group = "root";
|
group = "root";
|
||||||
perms = "0644";
|
perms = "0644";
|
||||||
|
|
|
||||||
|
|
@ -51,6 +51,7 @@ in
|
||||||
khscodes.fs.zfs.zpools."${cfg.pool}".datasets."${cfg.datasetName}" = cfg.datasetConfig;
|
khscodes.fs.zfs.zpools."${cfg.pool}".datasets."${cfg.datasetName}" = cfg.datasetConfig;
|
||||||
systemd.services.postgresql = {
|
systemd.services.postgresql = {
|
||||||
after = [ "khscodes-zpool-setup.service" ];
|
after = [ "khscodes-zpool-setup.service" ];
|
||||||
|
requires = [ "khscodes-zpool-setup.service" ];
|
||||||
unitConfig = {
|
unitConfig = {
|
||||||
RequiresMountsFor = [ cfg.datasetConfig.mountpoint ];
|
RequiresMountsFor = [ cfg.datasetConfig.mountpoint ];
|
||||||
};
|
};
|
||||||
|
|
@ -68,7 +69,10 @@ in
|
||||||
lib.lists.map (db: {
|
lib.lists.map (db: {
|
||||||
name = "postgresqlBackup-${db}";
|
name = "postgresqlBackup-${db}";
|
||||||
value = {
|
value = {
|
||||||
after = [ "khscodes-zpool-setup.service" ];
|
after = [
|
||||||
|
"khscodes-zpool-setup.service"
|
||||||
|
];
|
||||||
|
requires = [ "khscodes-zpool-setup.service" ];
|
||||||
unitConfig = {
|
unitConfig = {
|
||||||
RequiresMountsFor = [ cfg.backupDatasetConfig.mountpoint ];
|
RequiresMountsFor = [ cfg.backupDatasetConfig.mountpoint ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue