2022-07-28 00:02:29 +00:00
|
|
|
job "backup%{ if batch_node != null }-oneoff-${batch_node}%{ endif }" {
|
2022-05-18 21:23:28 +00:00
|
|
|
datacenters = ["dc1"]
|
2022-11-18 16:58:38 +00:00
|
|
|
priority = 90
|
2022-07-28 00:02:29 +00:00
|
|
|
%{ if batch_node == null ~}
|
2022-06-23 16:49:57 +00:00
|
|
|
type = "system"
|
2022-07-28 00:02:29 +00:00
|
|
|
%{ else ~}
|
|
|
|
type = "batch"
|
2022-05-18 21:23:28 +00:00
|
|
|
|
2022-07-28 00:02:29 +00:00
|
|
|
parameterized {
|
|
|
|
meta_required = ["job_name"]
|
|
|
|
meta_optional = ["task", "snapshot"]
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
meta {
|
|
|
|
task = "backup"
|
|
|
|
snapshot = "latest"
|
|
|
|
}
|
|
|
|
%{ endif ~}
|
|
|
|
|
2023-08-03 04:33:16 +00:00
|
|
|
%{ if batch_node != null ~}
|
2022-06-23 16:49:57 +00:00
|
|
|
constraint {
|
2022-07-28 00:02:29 +00:00
|
|
|
attribute = "$${node.unique.name}"
|
|
|
|
value = "${batch_node}"
|
2022-06-23 16:49:57 +00:00
|
|
|
}
|
2022-07-28 00:02:29 +00:00
|
|
|
%{ endif ~}
|
2022-06-23 16:49:57 +00:00
|
|
|
|
|
|
|
group "backup" {
|
2022-05-18 21:23:28 +00:00
|
|
|
|
|
|
|
network {
|
|
|
|
mode = "bridge"
|
|
|
|
|
|
|
|
port "metrics" {
|
2023-08-24 19:36:47 +00:00
|
|
|
%{~ if use_wesher ~}
|
2023-05-03 04:14:36 +00:00
|
|
|
host_network = "wesher"
|
2023-08-24 19:36:47 +00:00
|
|
|
%{~ endif ~}
|
2022-05-18 21:23:28 +00:00
|
|
|
to = 8080
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-06-23 16:49:57 +00:00
|
|
|
volume "all-volumes" {
|
2022-05-18 21:23:28 +00:00
|
|
|
type = "host"
|
2022-07-28 05:04:22 +00:00
|
|
|
read_only = false
|
2022-06-23 16:49:57 +00:00
|
|
|
source = "all-volumes"
|
2022-05-18 21:23:28 +00:00
|
|
|
}
|
|
|
|
|
2023-10-23 15:54:05 +00:00
|
|
|
ephemeral_disk {
|
|
|
|
# Try to keep restic cache intact
|
|
|
|
sticky = true
|
|
|
|
}
|
|
|
|
|
2022-05-18 21:23:28 +00:00
|
|
|
service {
|
2023-03-24 23:32:37 +00:00
|
|
|
name = "backup"
|
2023-03-24 18:24:36 +00:00
|
|
|
provider = "nomad"
|
2022-05-18 21:23:28 +00:00
|
|
|
port = "metrics"
|
|
|
|
|
2023-03-24 18:24:36 +00:00
|
|
|
tags = [
|
|
|
|
"prometheus.scrape"
|
|
|
|
]
|
2022-05-18 21:23:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
task "backup" {
|
|
|
|
driver = "docker"
|
|
|
|
|
|
|
|
volume_mount {
|
2022-06-23 16:49:57 +00:00
|
|
|
volume = "all-volumes"
|
|
|
|
destination = "/data"
|
2022-07-28 05:04:22 +00:00
|
|
|
read_only = false
|
2022-05-18 21:23:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
config {
|
2024-01-07 00:22:20 +00:00
|
|
|
image = "iamthefij/resticscheduler:0.4.0"
|
2022-05-18 21:23:28 +00:00
|
|
|
ports = ["metrics"]
|
|
|
|
args = [
|
2022-07-28 00:02:29 +00:00
|
|
|
%{ if batch_node != null ~}
|
|
|
|
"-once",
|
|
|
|
"-$${NOMAD_META_task}",
|
|
|
|
"$${NOMAD_META_job_name}",
|
2023-05-09 22:56:53 +00:00
|
|
|
"--snapshot",
|
|
|
|
"$${NOMAD_META_snapshot}",
|
|
|
|
"--push-gateway",
|
|
|
|
"http://pushgateway.nomad:9091",
|
2022-07-28 00:02:29 +00:00
|
|
|
%{ endif ~}
|
2022-11-04 05:17:26 +00:00
|
|
|
"$${NOMAD_TASK_DIR}/node-jobs.hcl",
|
2022-05-18 21:23:28 +00:00
|
|
|
]
|
|
|
|
}
|
|
|
|
|
2024-01-07 00:22:20 +00:00
|
|
|
action "unlock" {
|
|
|
|
command = "/bin/resticscheduler"
|
|
|
|
args = ["-once", "-unlock", "all", "$${NOMAD_TASK_DIR}/node-jobs.hcl"]
|
|
|
|
}
|
|
|
|
|
2022-05-18 21:23:28 +00:00
|
|
|
env = {
|
2023-11-08 00:48:57 +00:00
|
|
|
RCLONE_CHECKERS = "2"
|
|
|
|
RCLONE_TRANSFERS = "2"
|
|
|
|
RCLONE_FTP_CONCURRENCY = "5"
|
|
|
|
RESTIC_CACHE_DIR = "$${NOMAD_ALLOC_DIR}/data"
|
|
|
|
TZ = "America/Los_Angeles"
|
2022-07-22 02:03:40 +00:00
|
|
|
}
|
2022-05-18 21:23:28 +00:00
|
|
|
|
2022-07-22 02:03:40 +00:00
|
|
|
template {
|
|
|
|
data = <<EOF
|
2023-05-09 20:20:36 +00:00
|
|
|
MYSQL_HOST=127.0.0.1
|
|
|
|
MYSQL_PORT=3306
|
2023-08-29 19:48:48 +00:00
|
|
|
{{ with nomadVar "secrets/mysql" }}
|
2022-11-03 03:30:04 +00:00
|
|
|
MYSQL_USER=root
|
2023-03-24 18:24:36 +00:00
|
|
|
MYSQL_PASSWORD={{ .mysql_root_password }}
|
2022-11-03 22:10:09 +00:00
|
|
|
{{ end -}}
|
2023-08-29 19:48:48 +00:00
|
|
|
{{ with nomadVar "secrets/postgres" }}
|
|
|
|
POSTGRES_HOST=127.0.0.1
|
|
|
|
POSTGRES_PORT=5432
|
|
|
|
POSTGRES_USER={{ .superuser }}
|
|
|
|
POSTGRES_PASSWORD={{ .superuser_password }}
|
|
|
|
{{ end -}}
|
2023-08-26 22:56:21 +00:00
|
|
|
{{ with nomadVar (print "nomad/jobs/" (index (env "NOMAD_JOB_ID" | split "/") 0)) -}}
|
2023-03-24 18:24:36 +00:00
|
|
|
BACKUP_PASSPHRASE={{ .backup_passphrase }}
|
|
|
|
RCLONE_FTP_HOST={{ .nas_ftp_host }}
|
|
|
|
RCLONE_FTP_USER={{ .nas_ftp_user }}
|
|
|
|
RCLONE_FTP_PASS={{ .nas_ftp_pass.Value | toJSON }}
|
2022-07-28 05:04:22 +00:00
|
|
|
RCLONE_FTP_EXPLICIT_TLS=true
|
|
|
|
RCLONE_FTP_NO_CHECK_CERTIFICATE=true
|
2023-11-07 00:35:02 +00:00
|
|
|
AWS_ACCESS_KEY_ID={{ .nas_minio_access_key_id }}
|
|
|
|
AWS_SECRET_ACCESS_KEY={{ .nas_minio_secret_access_key }}
|
2022-07-28 05:04:22 +00:00
|
|
|
{{ end -}}
|
2022-07-22 02:03:40 +00:00
|
|
|
EOF
|
|
|
|
destination = "secrets/db.env"
|
|
|
|
env = true
|
2022-05-18 21:23:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
template {
|
2022-07-22 02:03:40 +00:00
|
|
|
# Build jobs based on node
|
2022-06-23 16:49:57 +00:00
|
|
|
data = <<EOF
|
2023-03-25 06:34:23 +00:00
|
|
|
# Current node is {{ env "node.unique.name" }} {{ env "node.unique.id" }}
|
2022-10-27 21:28:34 +00:00
|
|
|
|
2023-08-24 18:53:08 +00:00
|
|
|
%{ for job_file in fileset(module_path, "jobs/*.hcl") ~}
|
|
|
|
{{ range nomadService 1 "backups" "${trimsuffix(basename(job_file), ".hcl")}" -}}
|
2023-08-03 17:33:11 +00:00
|
|
|
# ${trimsuffix(basename(job_file), ".hcl")} .Node {{ .Node }}
|
2023-03-25 06:34:23 +00:00
|
|
|
{{ if eq .Node (env "node.unique.id") -}}
|
2023-08-03 17:33:11 +00:00
|
|
|
${file("${module_path}/${job_file}")}
|
2023-08-24 18:53:08 +00:00
|
|
|
|
|
|
|
{{ end -}}
|
|
|
|
{{ end -}}
|
2023-08-03 17:33:11 +00:00
|
|
|
%{ endfor ~}
|
2023-11-16 20:18:01 +00:00
|
|
|
|
|
|
|
# Dummy job to keep task healthy on node without any stateful services
|
|
|
|
job "Dummy" {
|
|
|
|
schedule = "0 0 1 1 0"
|
|
|
|
|
|
|
|
config {
|
|
|
|
repo = "/local/dummy-repo"
|
|
|
|
passphrase = env("BACKUP_PASSPHRASE")
|
|
|
|
}
|
|
|
|
|
|
|
|
backup {
|
|
|
|
paths = ["/local/node-jobs.hcl"]
|
|
|
|
}
|
|
|
|
|
|
|
|
forget {
|
|
|
|
KeepLast = 1
|
|
|
|
}
|
|
|
|
}
|
2022-06-23 16:49:57 +00:00
|
|
|
EOF
|
2022-11-04 05:17:26 +00:00
|
|
|
destination = "local/node-jobs.hcl"
|
2022-05-18 21:23:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
resources {
|
|
|
|
cpu = 50
|
2023-11-08 00:49:27 +00:00
|
|
|
memory = 500
|
2022-05-18 21:23:28 +00:00
|
|
|
}
|
|
|
|
}
|
2023-05-09 20:20:36 +00:00
|
|
|
|
|
|
|
task "stunnel" {
|
|
|
|
driver = "docker"
|
|
|
|
|
|
|
|
lifecycle {
|
|
|
|
hook = "prestart"
|
|
|
|
sidecar = true
|
|
|
|
}
|
|
|
|
|
|
|
|
config {
|
2024-01-03 21:50:49 +00:00
|
|
|
image = "iamthefij/stunnel:latest"
|
|
|
|
args = ["$${NOMAD_TASK_DIR}/stunnel.conf"]
|
2023-05-09 20:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
resources {
|
|
|
|
cpu = 100
|
|
|
|
memory = 100
|
|
|
|
}
|
|
|
|
|
|
|
|
template {
|
|
|
|
data = <<EOF
|
|
|
|
syslog = no
|
|
|
|
foreground = yes
|
|
|
|
delay = yes
|
|
|
|
|
|
|
|
[mysql_client]
|
|
|
|
client = yes
|
|
|
|
accept = 127.0.0.1:3306
|
2023-08-29 19:48:48 +00:00
|
|
|
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "mysql-tls" }}
|
2023-05-09 20:20:36 +00:00
|
|
|
connect = {{ .Address }}:{{ .Port }}
|
2023-08-29 19:48:48 +00:00
|
|
|
{{ end }}
|
2023-05-09 20:20:36 +00:00
|
|
|
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/mysql_stunnel_psk.txt
|
2023-08-29 19:48:48 +00:00
|
|
|
|
|
|
|
[postgres_client]
|
|
|
|
client = yes
|
|
|
|
accept = 127.0.0.1:5432
|
|
|
|
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "postgres-tls" }}
|
|
|
|
connect = {{ .Address }}:{{ .Port }}
|
|
|
|
{{ end }}
|
|
|
|
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/postgres_stunnel_psk.txt
|
2023-05-09 20:20:36 +00:00
|
|
|
EOF
|
|
|
|
destination = "$${NOMAD_TASK_DIR}/stunnel.conf"
|
|
|
|
}
|
|
|
|
|
|
|
|
template {
|
|
|
|
data = <<EOF
|
2023-08-29 19:48:48 +00:00
|
|
|
{{- with nomadVar "secrets/mysql/allowed_psks/backups" }}{{ .psk }}{{ end -}}
|
2023-05-09 20:20:36 +00:00
|
|
|
EOF
|
|
|
|
destination = "$${NOMAD_SECRETS_DIR}/mysql_stunnel_psk.txt"
|
|
|
|
}
|
2023-08-29 19:48:48 +00:00
|
|
|
|
|
|
|
template {
|
|
|
|
data = <<EOF
|
|
|
|
{{- with nomadVar "secrets/postgres/allowed_psks/backups" }}{{ .psk }}{{ end -}}
|
|
|
|
EOF
|
|
|
|
destination = "$${NOMAD_SECRETS_DIR}/postgres_stunnel_psk.txt"
|
|
|
|
}
|
2023-05-09 20:20:36 +00:00
|
|
|
}
|
2022-05-18 21:23:28 +00:00
|
|
|
}
|
|
|
|
}
|