iklim.co/Environment_Infrastructure
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Environment_Infrastructure/setup/04-test-db-docker-setup.md
Murat ÖZDEMİR 67dc2986dd docs(infra): restructure and update infrastructure setup documentation 
- Anglicized setup and facts markdown file names for better consistency.

- Updated 01-swarm-init-multinode.md to highlight Ansible automation of Swarm initialization and labeling.

- Overhauled 03-infra-stack-changes.md to describe the single monolithic file strategy and reflect current Redis, RabbitMQ, and etcd cluster configurations.

- Fixed minor overrides and typos in Patroni templates and Ansible bootstrap documents.

- Restructured README and roadmap mapping to align with the renamed setup documents.
2026-06-15 16:42:18 +03:00

88 lines
3.6 KiB
Markdown
Raw Blame History

# 04 - Test DB Docker Setup (Swarm Worker)
The purpose of this phase is to add the `iklim-db-01` node to Swarm as a worker and prepare the host for PostgreSQL and MongoDB Swarm services.
## Architecture Decision
The roadmap states that DBs will be installed "manually". In the test environment, this "manual" process will be implemented by starting the DBs as Docker containers on the **Swarm Worker**, instead of installing them directly on the operating system.
The installation has **two phases:**
1. **Preparation (Ansible):** The `test-db-post-stack.yml` playbook sets up DB directories, the `mongod.conf` configuration, and the WireGuard VPN service.
2. **Deploy (Gitea CI/CD):** The test deploy workflow deploys PostgreSQL and MongoDB services as part of the environment stack.
**Why?**
1. **Ease of management:** Version transitions and configuration management are much faster with Docker.
2. **Overlay Network:** Application services (`iklim-app-01`) can access DBs through the `iklimco-net` overlay network in an encrypted and isolated way.
3. **Data persistence:** Runtime data is kept on the DB node. StorageBox is used for shared configuration, operational files, and backup-related paths, not as the primary DB data path.
## Prerequisites
- `03-test-ansible-bootstrap.md` must be completed on both nodes.
- Docker must be installed on `iklim-db-01`; the Bootstrap role does this.
- `vault_postgres_root_user`, `vault_postgres_password`, `vault_mongo_root_user`, and `vault_mongo_root_password` must be defined in the Ansible vault.
## 1. Firewall Update
Rules must be added to `terraform/hetzner/test/firewall.tf` so `iklim-db-01` can join Swarm and accept application traffic.
### Swarm Communication (App Subnet <-> DB Subnet)
For Swarm management, ports `2377/tcp`, `7946/tcp/udp`, and `4789/udp` must be open mutually between both subnets.
### DB Access (App Subnet -> DB Subnet)
- **PostgreSQL:** `5432/tcp`
- **MongoDB:** `27017/tcp`
After making the update:
```bash
cd terraform/hetzner/test
terraform apply
```
## 2. Vault Update
```bash
cd ansible/test
ansible-vault edit group_vars/all/vault.yml
```
Add these variables:
```yaml
vault_postgres_root_user: "postgres"
vault_postgres_password: "STRONG_PASSWORD"
vault_mongo_root_user: "mongoadmin"
vault_mongo_root_password: "STRONG_PASSWORD"
```
## 3. Installation with Ansible
```bash
cd ansible/test
ansible-playbook -i inventory/generated/test.yml test-db-post-stack.yml --ask-vault-pass
```
**What does the playbook do?**
On `iklim-db-01`, through the `db_stack` and `wireguard` roles:
- Creates the `/opt/iklimco/db/mongodb/config/` directory
- Places the `mongod.conf` file
- Installs and configures the WireGuard VPN server (`51820/udp`)
> Deploying DB services (PostgreSQL, MongoDB) to Swarm is the responsibility of the Gitea CI/CD workflow, not Ansible. The Ansible playbook prepares host directories, configuration, and WireGuard.
## 4. Volume and Data Structure
DB data is stored on `iklim-db-01` through the stack's configured volume or bind-mount layout. The Ansible `db_stack` role prepares MongoDB configuration at:
```text
/opt/iklimco/db/mongodb/config/mongod.conf
```
MongoDB logs are written to stdout and can be watched with `docker logs`.
## 5. Acceptance Criteria
- `iklim-db-01` appears as Ready and Active in the `docker node ls` command.
- `docker stack services iklimco` shows both services with 1/1 replicas.
- Access from the application node is available through the `iklim-db_postgresql` and `iklim-db_mongodb` DNS names.
- Data is preserved after reboot according to the stack's configured DB volume/bind-mount layout.
Reference in New Issue View Git Blame Copy Permalink