Store mysql root password in a Nomad variable.

2024-01-15 06:34:04 +00:00
parent 5e25d5f858
commit 093c91151a
4 changed files with 60 additions and 8 deletions
--- a/secrets/mysql_root_password
+++ b/secrets/mysql_root_password
@@ -0,0 +1 @@
+wiochohv8foR9eDo5ol5
--- a/services/mysql.hcl
+++ b/services/mysql.hcl
@@ -14,13 +14,16 @@ job "mysql" {
      driver = "docker"

      config {
-        image = "mysql:8.1"
+        image = "mysql:8.2"
        ports = ["db"]
-        volumes = [ "/data/compute/appdata/mysql:/var/lib/mysql" ]
+        volumes = [
+          "/data/compute/appdata/mysql:/var/lib/mysql",
+          "/data/compute/db-backups/mysql:/backup",
+        ]
      }

      env {
-        MYSQL_ROOT_PASSWORD = "${var.mysql_root_password}"
+        MYSQL_ROOT_PASSWORD = "{{ with nomadVar \"nomad/jobs/mysql\" }}{{ .root_password }}{{ end }}"
      }

      service {
@@ -61,8 +64,3 @@ job "mysql" {
    }
  }
 }
-
-variable "mysql_root_password" {
-  type = string
-  default = "wiochohv8foR9eDo5ol5"
-}
--- a/stateful-commands.txt
+++ b/stateful-commands.txt
@@ -22,3 +22,6 @@ glusterfs tweaking for wordpress performance:
  * gluster volume set compute server.event-threads 8
  * gluster volume set compute cluster.readdir-optimize on
  * gluster volume set compute server.outstanding-rpc-limit 256
+
+mysql credentials
+  * ./utils/file_to_nomad_var.sh secrets/mysql_root_password jobs/mysql root_password
--- a/utils/file_to_nomad_var.sh
+++ b/utils/file_to_nomad_var.sh
@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+# 
+# Loads file contents into a nomad variable.
+# 
+# Usage: file_to_nomad_var.sh <filename> <variablename> <var_key>
+# 
+# filename can be - for stdin.
+# 
+# read the var back out with:
+#  - nomad var get <variablename>
+#
+# From https://github.com/gerrowadat/nomad-homelab/blob/main/utilities/file_to_nomad_var.sh
+
+function print_usage() {
+  echo "Usage: ${0} <file or -> <nomad var> <var key>"
+}
+
+filename=$1
+nomad_var=$2
+var_key=$3
+
+if [ "${filename}" !=  "-" ];
+then
+  if [ ! -f "${filename}" ]
+  then
+    echo "${filename} does not exist"
+    exit
+  fi
+fi
+
+var_contents=$(cat ${filename})
+
+if [[ "${nomad_var}" == "" || "${var_key}" == "" ]];
+then
+  print_usage
+  exit
+fi
+
+echo "Copying ${filename} to ${nomad_var}:${var_key}..."
+
+nomad var put -force -in hcl - <<EOF
+path = "${nomad_var}"
+
+items {
+    ${var_key} = <<OMGUNIQUETOKEN
+${var_contents}
+OMGUNIQUETOKEN
+}
+EOF
+