From 9e28385c405cbb040361399f8c63df856bc64214 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Mon, 22 Nov 2021 18:25:00 +0000
Subject: [PATCH] Run the backup-metadata service in a container
---
.../handlers/main.yml | 2 +-
.../float-base-backup-metadata/tasks/main.yml | 41 ++++---------------
.../templates/metadb.service.j2 | 15 -------
services.yml.no-elasticsearch | 18 ++++----
4 files changed, 19 insertions(+), 57 deletions(-)
delete mode 100644 roles/float-base-backup-metadata/templates/metadb.service.j2
diff --git a/roles/float-base-backup-metadata/handlers/main.yml b/roles/float-base-backup-metadata/handlers/main.yml
index 34aab05f..a891da0e 100644
--- a/roles/float-base-backup-metadata/handlers/main.yml
+++ b/roles/float-base-backup-metadata/handlers/main.yml
@@ -2,5 +2,5 @@
- name: restart tabacco-metadb
systemd:
- name: tabacco-metadb.service
+ name: docker-backup-metadata-http.service
state: restarted
diff --git a/roles/float-base-backup-metadata/tasks/main.yml b/roles/float-base-backup-metadata/tasks/main.yml
index 0eee23e0..0f74f7c7 100644
--- a/roles/float-base-backup-metadata/tasks/main.yml
+++ b/roles/float-base-backup-metadata/tasks/main.yml
@@ -1,28 +1,5 @@
---
-# The tabacco package and /etc/tabacco directory have already been set
-# up by the "base" role.
-
-# The metadata server runs as its own dedicated user, it needs no
-# special privileges.
-
-- name: Create backup metadata user
- user:
- name: backup-metadata
- groups: tabacco,backup-metadata-credentials
- system: yes
- state: present
-
-# The directory is already created by the dataset, but we need
-# to ensure the permissions are correct or the first ansible run
-# will fail (breaking tests).
-- name: Create backup metadata server database dir
- file:
- path: /var/lib/tabacco-metadb
- state: directory
- owner: backup-metadata
- mode: 0700
-
- name: Configure the backup metadata server
template:
src: metadb.yml.j2
@@ -30,16 +7,14 @@
notify:
- restart tabacco-metadb
-- name: Setup the backup-metadata systemd unit
- template:
- src: metadb.service.j2
- dest: /etc/systemd/system/tabacco-metadb.service
- notify:
- - restart tabacco-metadb
-
-- name: Enable the backup metadata server
+# Remove legacy systemd service.
+- name: Disable the legacy backup metadata server systemd unit
systemd:
name: tabacco-metadb.service
masked: no
- enabled: yes
- daemon_reload: yes
+ enabled: no
+
+- name: Remove legacy backup metadata server systemd unit
+ file:
+ path: "/etc/systemd/system/tabacco-metadb.service"
+ state: absent
diff --git a/roles/float-base-backup-metadata/templates/metadb.service.j2 b/roles/float-base-backup-metadata/templates/metadb.service.j2
deleted file mode 100644
index a4202a76..00000000
--- a/roles/float-base-backup-metadata/templates/metadb.service.j2
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=Backup Agent
-After=network.target
-
-[Service]
-Type=simple
-ExecStart=/usr/bin/tabacco metadb
-ExecReload=/bin/kill -HUP $MAINPID
-Restart=always
-RestartSec=3
-User=backup-metadata
-NoNewPrivileges=true
-
-[Install]
-WantedBy=multi-user.target
diff --git a/services.yml.no-elasticsearch b/services.yml.no-elasticsearch
index 3665352d..81ae0ac9 100644
--- a/services.yml.no-elasticsearch
+++ b/services.yml.no-elasticsearch
@@ -257,24 +257,26 @@ backup-metadata:
service_credentials:
- name: backup-metadata
enable_client: false
+ containers:
+ - name: http
+ image: registry.git.autistici.org/ai3/tools/tabacco:master
+ port: 5332
+ volumes:
+ - /etc/tabacco/metadb.yml: /etc/tabacco/metadb.yml
+ - /var/lib/tabacco-metadb: /var/lib/tabacco-metadb
monitoring_endpoints:
- - port: 5332
+ - job_name: backup-metadata
+ port: 5332
scheme: https
public_endpoints:
- name: backups
port: 5332
scheme: https
enable_sso_proxy: true
- ports:
- - 5332
- systemd_services:
- - tabacco-metadb.service
datasets:
- name: db
- type: litestream
path: /var/lib/tabacco-metadb
- filename: meta.db
- owner: backup-metadata
+ owner: docker-backup-metadata
acme:
num_instances: 1
--
GitLab