diff --git a/services/service/service_template.nomad b/services/service/service_template.nomad index 554fce1..172b6b4 100644 --- a/services/service/service_template.nomad +++ b/services/service/service_template.nomad @@ -10,84 +10,82 @@ job "${name}" { network { mode = "bridge" - %{ if service_port != null ~} + %{~ if service_port != null } port "main" { %{~ if use_wesher ~} host_network = "wesher" %{~ endif ~} - %{ if service_port_static ~} + %{~ if service_port_static ~} static = ${service_port} - %{ else ~} + %{~ else ~} to = ${service_port} - %{~ endif } + %{~ endif ~} } - %{ endif ~} - %{ for port in ports ~} + %{~ endif ~} + %{~ for port in ports } port "${port.name}" { %{ if port.host_network != null }host_network = "${port.host_network}"%{ endif ~} %{ if port.from != null }to = ${port.from}%{ endif ~} %{ if port.to != null }to = ${port.to}%{ endif ~} %{ if port.static != null }static = ${port.static}%{ endif ~} } - %{ endfor } + %{~ endfor ~} } - - %{ for constraint in constraints ~} + %{~ for constraint in constraints } constraint { attribute = "${constraint.attribute}" operator = "${constraint.operator}" value = "${constraint.value}" } - - %{ endfor ~} - %{ if length(group_meta) > 0 } + %{~ endfor ~} + %{~ if length(group_meta) > 0 } meta = { - %{ for k, v in group_meta } + %{~ for k, v in group_meta ~} ${k} = ${jsonencode(v)} - %{ endfor } + %{~ endfor ~} } - %{~ endif } - %{ if sticky_disk } + %{~ endif ~} + %{~ if sticky_disk } ephemeral_disk { migrate = true sticky = true } - %{~ endif } - %{ for host_volume in host_volumes } + %{~ endif ~} + %{~ for host_volume in host_volumes } volume "${host_volume.name}" { type = "host" read_only = ${host_volume.read_only} source = "${host_volume.name}" } - %{ endfor } - %{ if service_port != null ~} + %{~ endfor ~} + %{~ if service_port != null } service { name = "${replace(name, "_", "-")}" provider = "nomad" port = "main" tags = [ - %{ if prometheus == true } + %{~ if prometheus == true ~} "prometheus.scrape", - %{ endif } - %{ if ingress } + %{~ endif ~} + %{~ if ingress ~} "traefik.enable=true", "traefik.http.routers.${name}.entryPoints=websecure", - %{ if try(ingress_rule, null) != null ~} + %{~ if try(ingress_rule, null) != null ~} "traefik.http.routers.${name}.rule=${ingress_rule}", - %{ endif ~} - %{ for middleware in ingress_middlewares ~} + %{~ endif ~} + %{~ for middleware in ingress_middlewares ~} "traefik.http.routers.${name}.middlewares=${middleware}", - %{ endfor ~} - %{ endif ~} - %{ for tag in service_tags ~} + %{~ endfor ~} + %{~ endif ~} + %{~ for tag in service_tags ~} "${tag}", - %{ endfor ~} + %{~ endfor ~} ] } + %{~ endif ~} - %{ endif ~} - %{ for custom_service in custom_services } + %{~ for custom_service in custom_services ~} service { name = "${custom_service.name}" provider = "nomad" @@ -96,91 +94,96 @@ job "${name}" { tags = ${jsonencode(custom_service.tags)} } - %{ endfor } + %{~ endfor ~} task "${name}" { driver = "docker" - - %{ if length(meta) > 0 ~} + %{~ if length(meta) > 0 } meta = { %{ for k, v in meta ~} ${k} = ${jsonencode(v)} %{ endfor ~} } + %{~ endif ~} - %{ endif ~} config { image = "${image}" - %{if image_pull_timeout != null ~} + %{~if image_pull_timeout != null ~} image_pull_timeout = "${image_pull_timeout}" - %{ endif ~} - %{ if service_port != null ~} + %{~ endif ~} + %{~ if service_port != null ~} ports = ["main"] - %{ endif ~} - %{ if length(try(args, [])) > 0 ~} + %{~ endif ~} + %{~ if length(try(args, [])) > 0 ~} args = ${jsonencode(args)} - %{ endif ~} - %{ if length(docker_devices) > 0 ~} + %{~ endif ~} + %{~ if length(docker_devices) > 0 ~} devices = [ - %{ for dev in docker_devices } + %{~ for dev in docker_devices ~} { host_path = "${dev.host_path}" container_path = "${dev.container_path}" }, - %{ endfor } + %{~ endfor ~} ] - %{ endif ~} - %{ for template in templates ~} - %{ if template.mount && !template.env ~} - + %{~ endif ~} + %{~ for template in templates ~} + %{~ if template.mount && !template.env } mount { type = "bind" target = "${template.dest}" source = "${template.dest_prefix}/${template.dest}" } - %{ endif ~} - %{ endfor ~} + %{~ endif ~} + %{~ endfor ~} } - %{ if length(env) > 0 ~} - + %{~ if length(env) > 0 } env = { - %{ for k, v in env ~} - "${k}" = "${v}" - %{ endfor } + %{~ for k, v in env ~} + "${k}" = ${jsonencode(v)} + %{~ endfor ~} } - %{ endif ~} - %{ for volume in host_volumes ~} - + %{~ endif ~} + %{~ for volume in host_volumes } volume_mount { volume = "${volume.name}" destination = "${volume.dest}" read_only = ${volume.read_only} } - %{ endfor ~} - %{ for template in templates ~} - + %{~ endfor ~} + %{~ for template in templates } template { data = < 0 } -%{ for db_name in postgres_bootstrap.databases ~} +%{ if length(postgres_bootstrap.databases) > 0 ~} +%{ for db_name in postgres_bootstrap.databases } /usr/bin/createdb ${db_name} -%{ endfor } -%{ else } +%{ endfor ~} +%{ else ~} {{ with nomadVar "nomad/jobs/${name}" }}/usr/bin/createdb {{ .${postgres_bootstrap.db_name_key} }}{{ end }} -%{ endif } +%{ endif ~} /usr/bin/psql -X -f $${NOMAD_SECRETS_DIR}/bootstrap.sql EOF destination = "$${NOMAD_TASK_DIR}/bootstrap.sh" @@ -299,13 +301,13 @@ PGPASSWORD={{ .superuser_pass }} DO $$ BEGIN CREATE ROLE {{ .${postgres_bootstrap.db_user_key} }} LOGIN PASSWORD '{{ .${postgres_bootstrap.db_pass_key} }}'; -%{ if length(postgres_bootstrap.databases) > 0 } +%{ if length(postgres_bootstrap.databases) > 0 ~} %{ for db_name in postgres_bootstrap.databases } GRANT ALL ON DATABASE "${db_name}" TO {{ .${postgres_bootstrap.db_user_key} }}; -%{ endfor } -%{ else } +%{ endfor ~} +%{ else ~} GRANT ALL ON DATABASE "{{ .${postgres_bootstrap.db_name_key} }}" TO {{ .${postgres_bootstrap.db_user_key} }}; -%{ endif } +%{ endif ~} EXCEPTION WHEN duplicate_object THEN RAISE NOTICE '%, skipping', SQLERRM USING ERRCODE = SQLSTATE; END $$; @@ -319,9 +321,8 @@ $$; memory = 50 } } - %{ endif } - - %{ if use_mysql || use_redis || use_ldap || use_postgres ~} + %{~ endif ~} + %{~ if use_mysql || use_redis || use_ldap || use_postgres } task "stunnel" { driver = "docker" @@ -338,7 +339,9 @@ $$; resources { cpu = ${stunnel_resources.cpu} memory = ${stunnel_resources.memory} - %{ if stunnel_resources.memory_max != null }memory_max = ${stunnel_resources.memory_max}%{ endif } + %{~ if stunnel_resources.memory_max != null ~} + memory_max = ${stunnel_resources.memory_max} + %{~ endif ~} } template { @@ -355,50 +358,45 @@ exec stunnel {{ env "NOMAD_TASK_DIR" }}/stunnel.conf syslog = no foreground = yes delay = yes - -%{~ if use_mysql } +%{ if use_mysql } [mysql_client] client = yes accept = 127.0.0.1:3306 -{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "mysql-tls" -}} +{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "mysql-tls" }} connect = {{ .Address }}:{{ .Port }} -{{- end }} +{{ end }} PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/mysql_stunnel_psk.txt -%{~ endif } - -%{~ if use_redis } +%{ endif ~} +%{ if use_redis } [redis_client] client = yes accept = 127.0.0.1:6379 -{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-${name}" -}} +{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-${name}" }} connect = {{ .Address }}:{{ .Port }} -{{- end }} +{{ end }} PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/redis_stunnel_psk.txt -%{~ endif } - -%{~ if use_ldap } +%{ endif } +%{ if use_ldap } [ldap_client] client = yes accept = 127.0.0.1:389 -{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "lldap-tls" -}} +{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "lldap-tls" }} connect = {{ .Address }}:{{ .Port }} -{{- end }} +{{ end }} PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/ldap_stunnel_psk.txt -%{~ endif } - -%{~ if use_postgres } +%{ endif ~} +%{ if use_postgres ~} [postgres_client] client = yes accept = 127.0.0.1:5432 -{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "postgres-tls" -}} +{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "postgres-tls" }} connect = {{ .Address }}:{{ .Port }} -{{- end }} +{{ end }} PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/postgres_stunnel_psk.txt -%{~ endif } +%{ endif ~} EOF destination = "$${NOMAD_TASK_DIR}/stunnel.conf" } - %{~ if use_mysql } template { data = <