add postgres

2025-02-20 12:54:28 +01:00 · 2019-07-29 16:40:27 -07:00 · 2019-07-29 16:40:27 -07:00 · afe47159a1
commit afe47159a1
parent 1a3fe74e5f
6 changed files with 94 additions and 20 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -85,6 +85,8 @@ plan_satapi:
         -var "public_bucket_url=$PUBLIC_BUCKET_URL"
         -var "letsencrypt_email=$LE_EMAIL"
         -var "lb_svc_acct=$LB_SA_STAGING"
+         -var "pguser=$PGUSER"
+         -var "pgpass=$PGPASS"
         -input=false)
         
 # This plan gets triggered only for miscellaneous branches/tags (i.e. tor, prometheus, etc), so make sure the branch/tag name starts with misc_
@ -160,6 +162,8 @@ deploy_staging:
         -var "rpcpass=$RPCPASS"
         -var "public_bucket_url=$PUBLIC_BUCKET_URL"
         -var "letsencrypt_email=$LE_EMAIL"
+         -var "pguser=$PGUSER"
+         -var "pgpass=$PGPASS"
         -input=false -auto-approve)

 # Tag with production_v.* to deploy mainnet production (e.g. prod_v0.1.1)
@ -185,6 +189,8 @@ deploy_production:
         -var "rpcpass=$RPCPASS"
         -var "public_bucket_url=$PUBLIC_BUCKET_URL"
         -var "letsencrypt_email=$LE_EMAIL"
+         -var "pguser=$PGUSER"
+         -var "pgpass=$PGPASS"
         -input=false -auto-approve)

 # Tag with testnet_staging_v.* to deploy testnet staging (e.g. testnet_staging_v0.1.1)
@ -211,6 +217,8 @@ deploy_staging_testnet:
         -var "public_bucket_url=$PUBLIC_BUCKET_URL"
         -var "letsencrypt_email=$LE_EMAIL"
         -var "lb_svc_acct=$LB_SA_STAGING"
+         -var "pguser=$PGUSER"
+         -var "pgpass=$PGPASS"
         -input=false -auto-approve)

 # Tag with production_v.* to deploy testnet production (e.g. testnet_prod_v0.1.1)
@ -237,6 +245,8 @@ deploy_production_testnet:
         -var "public_bucket_url=$PUBLIC_BUCKET_URL"
         -var "letsencrypt_email=$LE_EMAIL"
         -var "lb_svc_acct=$LB_SA"
+         -var "pguser=$PGUSER"
+         -var "pgpass=$PGPASS"
         -input=false -auto-approve)

 # Pushing to this branch destroys the staging infrastructure
--- a/terraform/main.tf
+++ b/terraform/main.tf
@ -27,6 +27,7 @@ module "blc-mainnet" {
  ionosphere_docker     = var.ionosphere_docker
  ionosphere_sse_docker = var.ionosphere_sse_docker
  node_exporter_docker  = var.node_exporter_docker
+  postgres_docker       = var.postgres_docker
  net                   = "mainnet"
  env                   = local.env
  lb_svc_acct           = module.lb.lb_svc_acct
@ -42,6 +43,8 @@ module "blc-mainnet" {
  opsgenie_key      = var.opsgenie_key
  rpcuser           = var.rpcuser
  rpcpass           = var.rpcpass
+  pguser            = var.pguser
+  pgpass            = var.pgpass
 }

 module "blc-testnet" {
@ -56,6 +59,7 @@ module "blc-testnet" {
  ionosphere_docker     = var.ionosphere_docker
  ionosphere_sse_docker = var.ionosphere_sse_docker
  node_exporter_docker  = var.node_exporter_docker
+  postgres_docker       = var.postgres_docker
  net                   = "testnet"
  env                   = local.env

@ -71,6 +75,8 @@ module "blc-testnet" {
  rpcuser           = var.rpcuser
  rpcpass           = var.rpcpass
  lb_svc_acct       = var.lb_svc_acct
+  pguser            = var.pguser
+  pgpass            = var.pgpass
 }

 module "lb" {
--- a/terraform/modules/blc/cloud-init/blc.yaml
+++ b/terraform/modules/blc/cloud-init/blc.yaml
@ -9,26 +9,6 @@ users:
    uid: 2000

 write_files:
-  - path: /home/bs/bitcoin.conf
-    permissions: 0644
-    owner: root
-    content: |
-        rpcuser=${rpcuser}
-        rpcpassword=${rpcpass}
-        txindex=1
-        dbcache=4000
-
-  - path: /home/bs/lightning.conf
-    permissions: 0644
-    owner: root
-    content: |
-        alias=ionosphere-${net}
-        bitcoin-rpcuser=${rpcuser}
-        bitcoin-rpcpassword=${rpcpass}
-        announce-addr=${announce_addr}
-        bind-addr=0.0.0.0
-
-
  - path: /home/bs/check_containers.sh
    permissions: 0744
    owner: root
@ -114,6 +94,42 @@ write_files:
        ExecStopPost=/usr/bin/docker rm node-exporter
        ExecStopPost=/sbin/iptables -D INPUT -m tcp -p tcp --dport 9100 -j ACCEPT

+  - path: /etc/systemd/system/postgres.service
+    permissions: 0644
+    owner: root
+    content: |
+        [Unit]
+        Description=PostgreSQL Server
+        Wants=gcr-online.target docker.service
+        After=gcr-online.service docker.service
+
+        [Service]
+        Restart=always
+        RestartSec=3
+        Environment=HOME=/home/bs
+        ExecStartPre=/usr/bin/docker pull ${postgres_docker}
+        ExecStartPre=/sbin/iptables -A INPUT -p tcp -s localhost --dport 5432 -j ACCEPT
+        ExecStart=/usr/bin/docker run \
+            --name=postgres \
+            --network=host \
+            -v /mnt/disks/data/postgres:/var/lib/postgresql/data/pgdata \
+            -e "PGDATA=/var/lib/postgresql/data/pgdata" \
+            -e "POSTGRES_USER=${pguser}" \
+            -e "POSTGRES_PASSWORD=${pgpass}" \
+            "${postgres_docker}" postgres
+        ExecStop=/usr/bin/docker stop postgres
+        ExecStopPost=/usr/bin/docker rm postgres
+        ExecStopPost=/sbin/iptables -D INPUT -p tcp -s localhost --dport 5432 -j ACCEPT
+
+  - path: /home/bs/bitcoin.conf
+    permissions: 0644
+    owner: root
+    content: |
+        rpcuser=${rpcuser}
+        rpcpassword=${rpcpass}
+        txindex=1
+        dbcache=4000
+
  - path: /etc/systemd/system/bitcoin.service
    permissions: 0644
    owner: root
@ -140,6 +156,16 @@ write_files:
        ExecStopPost=/usr/bin/sleep 3
        ExecStopPost=/usr/bin/docker rm -f bitcoin

+  - path: /home/bs/lightning.conf
+    permissions: 0644
+    owner: root
+    content: |
+        alias=ionosphere-${net}
+        bitcoin-rpcuser=${rpcuser}
+        bitcoin-rpcpassword=${rpcpass}
+        announce-addr=${announce_addr}
+        bind-addr=0.0.0.0        
+
  - path: /etc/systemd/system/lightning.service
    permissions: 0644
    owner: root
@ -313,6 +339,8 @@ runcmd:
  - systemctl enable bitcoin.service
  - systemctl start lightning.service
  - systemctl enable lightning.service
+  - systemctl start postgres.service
+  - systemctl enable postgres.service  
  - systemctl start redis.service
  - systemctl enable redis.service
  - systemctl start ionosphere.service
--- a/terraform/modules/blc/data.tf
+++ b/terraform/modules/blc/data.tf
@ -29,6 +29,9 @@ data "template_file" "blc" {
    ionosphere_docker     = var.ionosphere_docker
    ionosphere_sse_docker = var.ionosphere_sse_docker
    node_exporter_docker  = var.node_exporter_docker
+    postgres_docker       = var.postgres_docker
+    pguser                = var.pguser
+    pgpass                = var.pgpass
    opsgenie_key          = var.opsgenie_key
  }
 }
--- a/terraform/modules/blc/variables.tf
+++ b/terraform/modules/blc/variables.tf
@ -64,6 +64,14 @@ variable "lb_svc_acct" {
  type = string
 }

+variable "pguser" {
+  type = string
+}
+
+variable "pgpass" {
+  type = string
+}
+
 variable "bitcoin_docker" {
  type = string
 }
@ -86,4 +94,8 @@ variable "ionosphere_sse_docker" {

 variable "node_exporter_docker" {
  type = string
+}
+
+variable "postgres_docker" {
+  type = string
 }
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@ -148,6 +148,16 @@ variable "health_check" {
  default = ""
 }

+variable "pguser" {
+  type    = string
+  default = ""
+}
+
+variable "pgpass" {
+  type    = string
+  default = ""
+}
+
 # Overwritten by CI
 variable "public_bucket_url" {
  type    = string
@ -209,3 +219,8 @@ variable "certbot_docker" {
  type    = string
  default = "blockstream/certbot-gcs@sha256:516ba43a03f558c73cd3807dc2b31a3ad123205dd53682a5da70396b75b53881"
 }
+
+variable "postgres_docker" {
+  type    = string
+  default = "postgres@sha256:077793cc0ed31fd0568ce468d85d0843b8dea37c9ef74eb81b4ccf0fe9539e2e"
+}