iklim.co/Environment_Infrastructure
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Environment_Infrastructure/ansible/prod/roles/db_stack/tasks/db_node.yml
Murat ÖZDEMİR 6f9d0d1588 feat(infra): Standardize StorageBox permissions and refactor DB stack name 
- Ensure consistent directory and file permissions on StorageBox mounts for improved container access across application and database services.
- Introduce application-specific `storagebox_uid`/`gid` variables for more granular ownership control.
- Enhance StorageBox mount reliability by adding systemd reload and remount handlers for configuration changes.
- Add root credentials to Patroni's etcd configuration for authenticated communication.
- Update all relevant documentation and deployment scripts to use the `iklimco` Docker stack name for database services.
- Re-encrypt production vault secrets to include the new etcd password.
2026-05-23 18:11:01 +03:00

44 lines
1.7 KiB
YAML
Raw Blame History

---
- name: Create StorageBox MongoDB config directory
ansible.builtin.file:
path: "{{ storagebox_mount_point }}/db/mongodb-{{ inventory_hostname.split('-')[-1] }}/config"
state: directory
mode: '0777'
- name: Create StorageBox PostgreSQL config directory
ansible.builtin.file:
path: "{{ storagebox_mount_point }}/db/postgresql-{{ inventory_hostname.split('-')[-1] }}/config"
state: directory
mode: '0777'
- name: Deploy mongod.conf to StorageBox
ansible.builtin.template:
src: mongod.conf.j2
dest: "{{ storagebox_mount_point }}/db/mongodb-{{ inventory_hostname.split('-')[-1] }}/config/mongod.conf"
mode: '0666'
- name: Deploy patroni.yml to StorageBox
ansible.builtin.template:
src: patroni.yml.j2
dest: "{{ storagebox_mount_point }}/db/postgresql-{{ inventory_hostname.split('-')[-1] }}/config/patroni.yml"
mode: '0666'
- name: Generate MongoDB replica set keyfile on db-01
when: inventory_hostname == 'iklim-db-01'
ansible.builtin.shell: |
openssl rand -base64 756 > {{ storagebox_mount_point }}/db/mongodb-01/config/rs-auth.key
cp {{ storagebox_mount_point }}/db/mongodb-01/config/rs-auth.key \
{{ storagebox_mount_point }}/db/mongodb-02/config/rs-auth.key
cp {{ storagebox_mount_point }}/db/mongodb-01/config/rs-auth.key \
{{ storagebox_mount_point }}/db/mongodb-03/config/rs-auth.key
sync
args:
creates: "{{ storagebox_mount_point }}/db/mongodb-01/config/rs-auth.key"
- name: Fix MongoDB keyfile permissions on this node
ansible.builtin.file:
path: "{{ storagebox_mount_point }}/db/mongodb-{{ inventory_hostname.split('-')[-1] }}/config/rs-auth.key"
mode: '0400'
owner: "{{ storagebox_uid }}"
group: "{{ storagebox_gid }}"
Reference in New Issue View Git Blame Copy Permalink