Run the backup-metadata service in a container

9e28385c · ale · c2c4ad89 · 9e28385c · 9e28385c · c2c4ad89
Commit 9e28385c authored 3 years ago by ale
--- a/roles/float-base-backup-metadata/handlers/main.yml
+++ b/roles/float-base-backup-metadata/handlers/main.yml
@@ -2,5 +2,5 @@

 - name: restart tabacco-metadb
  systemd:
-    name: tabacco-metadb.service
+    name: docker-backup-metadata-http.service
    state: restarted
--- a/roles/float-base-backup-metadata/tasks/main.yml
+++ b/roles/float-base-backup-metadata/tasks/main.yml
 ---

-# The tabacco package and /etc/tabacco directory have already been set
-# up by the "base" role.
-
-# The metadata server runs as its own dedicated user, it needs no
-# special privileges.
-
- name: Create backup metadata user
-  user:
-    name: backup-metadata
-    groups: tabacco,backup-metadata-credentials
-    system: yes
-    state: present
-
-# The directory is already created by the dataset, but we need
-# to ensure the permissions are correct or the first ansible run
-# will fail (breaking tests).
- name: Create backup metadata server database dir
-  file:
-    path: /var/lib/tabacco-metadb
-    state: directory
-    owner: backup-metadata
-    mode: 0700
-
 - name: Configure the backup metadata server
  template:
    src: metadb.yml.j2
@@ -30,16 +7,14 @@
  notify:
    - restart tabacco-metadb

- name: Setup the backup-metadata systemd unit
-  template:
-    src: metadb.service.j2
-    dest: /etc/systemd/system/tabacco-metadb.service
-  notify:
-    - restart tabacco-metadb
-
- name: Enable the backup metadata server
+# Remove legacy systemd service.
+- name: Disable the legacy backup metadata server systemd unit
  systemd:
    name: tabacco-metadb.service
    masked: no
-    enabled: yes
-    daemon_reload: yes
+    enabled: no
+
+- name: Remove legacy backup metadata server systemd unit
+  file:
+    path: "/etc/systemd/system/tabacco-metadb.service"
+    state: absent
--- a/roles/float-base-backup-metadata/templates/metadb.service.j2
+++ b/roles/float-base-backup-metadata/templates/metadb.service.j2
-[Unit]
-Description=Backup Agent
-After=network.target
-
-[Service]
-Type=simple
-ExecStart=/usr/bin/tabacco metadb
-ExecReload=/bin/kill -HUP $MAINPID
-Restart=always
-RestartSec=3
-User=backup-metadata
-NoNewPrivileges=true
-
-[Install]
-WantedBy=multi-user.target
--- a/services.yml.no-elasticsearch
+++ b/services.yml.no-elasticsearch
@@ -257,24 +257,26 @@ backup-metadata:
  service_credentials:
    - name: backup-metadata
      enable_client: false
+  containers:
+    - name: http
+      image: registry.git.autistici.org/ai3/tools/tabacco:master
+      port: 5332
+      volumes:
+        - /etc/tabacco/metadb.yml: /etc/tabacco/metadb.yml
+        - /var/lib/tabacco-metadb: /var/lib/tabacco-metadb
  monitoring_endpoints:
-    - port: 5332
+    - job_name: backup-metadata
+      port: 5332
      scheme: https
  public_endpoints:
    - name: backups
      port: 5332
      scheme: https
      enable_sso_proxy: true
-  ports:
-    - 5332
-  systemd_services:
-    - tabacco-metadb.service
  datasets:
    - name: db
-      type: litestream
      path: /var/lib/tabacco-metadb
-      filename: meta.db
-      owner: backup-metadata
+      owner: docker-backup-metadata

 acme:
  num_instances: 1