Fix PgBouncer auth: template pgbouncer.ini and userlist.txt with vault db_password
- Create pgbouncer.ini.j2 with auth_type plain (no MD5 hash needed) - Create userlist.txt.j2 with vault db_password - Add Ansible tasks to deploy both files before docker-compose - Mount pgbouncer files as read-only in compose template Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Serreau Jovann
@@ -45,6 +45,22 @@
|
|||||||
chdir: /var/www/e-ticket
|
chdir: /var/www/e-ticket
|
||||||
become_user: bot
|
become_user: bot
|
||||||
|
|
||||||
|
- name: Deploy PgBouncer config
|
||||||
|
template:
|
||||||
|
src: pgbouncer.ini.j2
|
||||||
|
dest: /var/www/e-ticket/docker/pgsql/pgbouncer.ini
|
||||||
|
owner: bot
|
||||||
|
group: bot
|
||||||
|
mode: "0600"
|
||||||
|
|
||||||
|
- name: Deploy PgBouncer userlist
|
||||||
|
template:
|
||||||
|
src: userlist.txt.j2
|
||||||
|
dest: /var/www/e-ticket/docker/pgsql/userlist.txt
|
||||||
|
owner: bot
|
||||||
|
group: bot
|
||||||
|
mode: "0600"
|
||||||
|
|
||||||
- name: Deploy docker-compose-prod.yml
|
- name: Deploy docker-compose-prod.yml
|
||||||
template:
|
template:
|
||||||
src: docker-compose-prod.yml.j2
|
src: docker-compose-prod.yml.j2
|
||||||
|
|||||||
@@ -70,8 +70,8 @@ services:
|
|||||||
image: edoburu/pgbouncer
|
image: edoburu/pgbouncer
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./docker/pgsql/pgbouncer.ini:/etc/pgbouncer/pgbouncer.ini
|
- ./docker/pgsql/pgbouncer.ini:/etc/pgbouncer/pgbouncer.ini:ro
|
||||||
- ./docker/pgsql/userlist.txt:/etc/pgbouncer/userlist.txt
|
- ./docker/pgsql/userlist.txt:/etc/pgbouncer/userlist.txt:ro
|
||||||
depends_on:
|
depends_on:
|
||||||
db-master:
|
db-master:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
|
|||||||
19
ansible/pgbouncer.ini.j2
Normal file
19
ansible/pgbouncer.ini.j2
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
[databases]
|
||||||
|
e-ticket = host=db-master port=5432 dbname=e-ticket
|
||||||
|
e-ticket_readonly = host=db-slave port=5432 dbname=e-ticket
|
||||||
|
|
||||||
|
[pgbouncer]
|
||||||
|
listen_addr = 0.0.0.0
|
||||||
|
listen_port = 6432
|
||||||
|
auth_type = plain
|
||||||
|
auth_file = /etc/pgbouncer/userlist.txt
|
||||||
|
pool_mode = transaction
|
||||||
|
max_client_conn = 200
|
||||||
|
default_pool_size = 20
|
||||||
|
min_pool_size = 5
|
||||||
|
reserve_pool_size = 5
|
||||||
|
reserve_pool_timeout = 3
|
||||||
|
server_lifetime = 3600
|
||||||
|
server_idle_timeout = 600
|
||||||
|
log_connections = 0
|
||||||
|
log_disconnections = 0
|
||||||
1
ansible/userlist.txt.j2
Normal file
1
ansible/userlist.txt.j2
Normal file
@@ -0,0 +1 @@
|
|||||||
|
"e-ticket" "{{ db_password }}"
|
||||||
Reference in New Issue
Block a user