Compare commits
7 Commits
e6fe7dcf0c
...
3e7b0afaad
Author | SHA1 | Date |
---|---|---|
Yann Autissier | 3e7b0afaad | |
Yann Autissier | 39bd503fff | |
Yann Autissier | ba3727c5cd | |
Yann Autissier | 027c39c367 | |
Yann Autissier | 87a194c446 | |
Yann Autissier | 15e846e3a4 | |
Yann Autissier | 5809878004 |
24
Makefile
24
Makefile
|
@ -3,15 +3,33 @@ include make/include.mk
|
||||||
##
|
##
|
||||||
# APP
|
# APP
|
||||||
|
|
||||||
app-bootstrap: setup-docker-group setup-nfsd setup-sysctl
|
app-bootstrap: bootstrap-docker bootstrap-host bootstrap-user
|
||||||
|
|
||||||
app-build: base install-build-config
|
app-build: user install-build-config
|
||||||
$(call make,docker-compose-build docker-compose-up)
|
$(call make,docker-compose-build docker-compose-up)
|
||||||
$(foreach service,$(or $(SERVICE),$(SERVICES)),$(call make,app-build-$(service)))
|
$(foreach service,$(or $(SERVICE),$(SERVICES)),$(call make,app-build-$(service)))
|
||||||
$(call make,docker-commit)
|
$(call make,docker-commit)
|
||||||
|
|
||||||
app-install: ansible-run base node
|
app-install: ansible-run
|
||||||
|
|
||||||
app-tests: ansible-tests
|
app-tests: ansible-tests
|
||||||
|
|
||||||
app-start: ssh-add
|
app-start: ssh-add
|
||||||
|
|
||||||
|
##
|
||||||
|
# BOOTSTRAP
|
||||||
|
|
||||||
|
# target bootstrap-docker: Install and configure docker
|
||||||
|
# on local host
|
||||||
|
.PHONY: bootstrap-docker
|
||||||
|
bootstrap-docker: install-bin-docker setup-docker-group setup-binfmt setup-nfsd setup-sysctl
|
||||||
|
|
||||||
|
# target bootstrap-host: Fire node target
|
||||||
|
# on local host
|
||||||
|
.PHONY: bootstrap-host
|
||||||
|
bootstrap-host: node
|
||||||
|
|
||||||
|
# target bootstrap-user: Fire User target
|
||||||
|
# on local host
|
||||||
|
.PHONY: bootstrap-user
|
||||||
|
bootstrap-user: User
|
||||||
|
|
|
@ -1,17 +1,17 @@
|
||||||
---
|
---
|
||||||
# file: tasks/packages.yml
|
# file: tasks/packages.yml
|
||||||
|
|
||||||
|
- import_tasks: packages_debian.yml
|
||||||
|
when: ansible_os_family|lower == "debian"
|
||||||
|
tags:
|
||||||
|
- debian
|
||||||
|
|
||||||
- name: packages - install/remove docker packages
|
- name: packages - install/remove docker packages
|
||||||
when: docker_packages is defined
|
when: docker_packages is defined
|
||||||
with_items: "{{ docker_packages|default([]) }}"
|
with_items: "{{ docker_packages|default([]) }}"
|
||||||
package: name="{{item.name}}" state="{{item.state}}"
|
package: name="{{item.name}}" state="{{item.state}}"
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
- import_tasks: packages_debian.yml
|
|
||||||
when: ansible_os_family|lower == "debian"
|
|
||||||
tags:
|
|
||||||
- debian
|
|
||||||
|
|
||||||
- name: packages - add docker package
|
- name: packages - add docker package
|
||||||
when: docker_package|length > 0
|
when: docker_package|length > 0
|
||||||
package: name="{{docker_package}}" state=present
|
package: name="{{docker_package}}" state=present
|
||||||
|
|
|
@ -27,7 +27,7 @@ aws-ecr-get-login:
|
||||||
|
|
||||||
# target aws-iam-create-role-%: Call aws iam create-role with role-name % and role-policy file aws/policies/%-trust.json
|
# target aws-iam-create-role-%: Call aws iam create-role with role-name % and role-policy file aws/policies/%-trust.json
|
||||||
.PHONY: aws-iam-create-role-%
|
.PHONY: aws-iam-create-role-%
|
||||||
aws-iam-create-role-%: base docker-build-aws
|
aws-iam-create-role-%: user docker-build-aws
|
||||||
$(eval IGNORE_DRYRUN := true)
|
$(eval IGNORE_DRYRUN := true)
|
||||||
$(eval json := $(shell $(call exec,sh -c 'envsubst < aws/policies/$*-trust.json')))
|
$(eval json := $(shell $(call exec,sh -c 'envsubst < aws/policies/$*-trust.json')))
|
||||||
$(eval IGNORE_DRYRUN := false)
|
$(eval IGNORE_DRYRUN := false)
|
||||||
|
@ -35,7 +35,7 @@ aws-iam-create-role-%: base docker-build-aws
|
||||||
|
|
||||||
# target aws-iam-put-role-policy-%: Call aws iam put-role-policy with policy-name % and policy-document file aws/policies/%.json
|
# target aws-iam-put-role-policy-%: Call aws iam put-role-policy with policy-name % and policy-document file aws/policies/%.json
|
||||||
.PHONY: aws-iam-put-role-policy-%
|
.PHONY: aws-iam-put-role-policy-%
|
||||||
aws-iam-put-role-policy-%: base docker-build-aws
|
aws-iam-put-role-policy-%: user docker-build-aws
|
||||||
$(eval IGNORE_DRYRUN := true)
|
$(eval IGNORE_DRYRUN := true)
|
||||||
$(eval json := $(shell $(call exec,sh -c 'envsubst < aws/policies/$*.json')))
|
$(eval json := $(shell $(call exec,sh -c 'envsubst < aws/policies/$*.json')))
|
||||||
$(eval IGNORE_DRYRUN := false)
|
$(eval IGNORE_DRYRUN := false)
|
||||||
|
@ -81,7 +81,7 @@ aws-s3api-get-head-object-lastmodified: docker-build-aws
|
||||||
|
|
||||||
# target aws-ec2-import-snapshot: Call aws ec2 import-snapshot with S3Bucket AWS_S3_BUCKET and S3Key AWS_S3_KEY
|
# target aws-ec2-import-snapshot: Call aws ec2 import-snapshot with S3Bucket AWS_S3_BUCKET and S3Key AWS_S3_KEY
|
||||||
.PHONY: aws-ec2-import-snapshot
|
.PHONY: aws-ec2-import-snapshot
|
||||||
aws-ec2-import-snapshot: base docker-build-aws aws-s3api-get-head-object-etag aws-s3api-get-head-object-lastmodified
|
aws-ec2-import-snapshot: user docker-build-aws aws-s3api-get-head-object-etag aws-s3api-get-head-object-lastmodified
|
||||||
$(eval IGNORE_DRYRUN := true)
|
$(eval IGNORE_DRYRUN := true)
|
||||||
$(eval json := $(shell $(call exec,sh -c 'envsubst < aws/import-snapshot.json')))
|
$(eval json := $(shell $(call exec,sh -c 'envsubst < aws/import-snapshot.json')))
|
||||||
$(eval IGNORE_DRYRUN := false)
|
$(eval IGNORE_DRYRUN := false)
|
||||||
|
@ -189,7 +189,7 @@ aws-ec2-wait-snapshot-completed-%: docker-build-aws
|
||||||
|
|
||||||
# target aws-ec2-register-image: Fire aws-ec2-get-import-snapshot-tasks-id, Eval AWS_AMI_ID with Name AWS_AMI_NAME, Echo 'ImageId: AWS_AMI_ID'
|
# target aws-ec2-register-image: Fire aws-ec2-get-import-snapshot-tasks-id, Eval AWS_AMI_ID with Name AWS_AMI_NAME, Echo 'ImageId: AWS_AMI_ID'
|
||||||
.PHONY: aws-ec2-register-image
|
.PHONY: aws-ec2-register-image
|
||||||
aws-ec2-register-image: base docker-build-aws aws-ec2-get-import-snapshot-tasks-id
|
aws-ec2-register-image: user docker-build-aws aws-ec2-get-import-snapshot-tasks-id
|
||||||
$(eval IGNORE_DRYRUN := true)
|
$(eval IGNORE_DRYRUN := true)
|
||||||
$(eval json := $(shell $(call exec,sh -c 'envsubst < aws/register-image-device-mappings.json')))
|
$(eval json := $(shell $(call exec,sh -c 'envsubst < aws/register-image-device-mappings.json')))
|
||||||
$(eval IGNORE_DRYRUN := false)
|
$(eval IGNORE_DRYRUN := false)
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
FROM alpine:3.15 as dist
|
||||||
|
LABEL maintainer aynic.os <support+docker@asycn.io>
|
||||||
|
ARG DOCKER_BUILD_DIR
|
||||||
|
|
||||||
|
ARG COMPOSE_REMOTE=https://github.com/docker/compose
|
||||||
|
ARG COMPOSE_VERSION=2.5.0
|
||||||
|
ARG OPERATING_SYSTEM=Linux
|
||||||
|
ARG PROCESSOR_ARCHITECTURE=x86_64
|
||||||
|
|
||||||
|
RUN apk update \
|
||||||
|
&& apk add --no-cache ca-certificates \
|
||||||
|
&& OS="$(echo ${OPERATING_SYSTEM} |awk '{print tolower($0)}')"; \
|
||||||
|
ARCH="$(echo ${PROCESSOR_ARCHITECTURE})"; \
|
||||||
|
wget -qO /usr/bin/docker-compose ${COMPOSE_REMOTE}/releases/download/v${COMPOSE_VERSION}/docker-compose-${OS}-${ARCH} \
|
||||||
|
&& chmod +x /usr/bin/docker-compose
|
||||||
|
|
||||||
|
ENTRYPOINT ["/usr/bin/docker-compose"]
|
||||||
|
|
||||||
|
FROM dist as master
|
||||||
|
ARG DOCKER_BUILD_DIR
|
|
@ -1,4 +1,5 @@
|
||||||
FROM consul:1.11.1 as dist
|
ARG CONSUL_VERSION=1.11.1
|
||||||
|
FROM consul:${CONSUL_VERSION} as dist
|
||||||
LABEL maintainer aynic.os <support+docker@asycn.io>
|
LABEL maintainer aynic.os <support+docker@asycn.io>
|
||||||
ARG DOCKER_BUILD_DIR
|
ARG DOCKER_BUILD_DIR
|
||||||
ARG DOCKER_GID=999
|
ARG DOCKER_GID=999
|
||||||
|
|
|
@ -1,24 +1,22 @@
|
||||||
FROM golang:1.15-alpine AS build
|
FROM alpine:3.15 as dist
|
||||||
LABEL maintainer aynic.os <support+docker@asycn.io>
|
LABEL maintainer aynic.os <support+docker@asycn.io>
|
||||||
ARG DOCKER_BUILD_DIR
|
ARG DOCKER_BUILD_DIR
|
||||||
ARG GIT_AUTHOR_NAME
|
|
||||||
ARG GIT_AUTHOR_EMAIL
|
|
||||||
|
|
||||||
ENV GIT_AUTHOR_NAME=${GIT_AUTHOR_NAME}
|
ARG FABIO_REMOTE=https://github.com/fabiolb/fabio
|
||||||
ENV GIT_AUTHOR_EMAIL=${GIT_AUTHOR_EMAIL}
|
ARG FABIO_VERSION=1.6.0
|
||||||
ENV GIT_COMMITTER_NAME=${GIT_AUTHOR_NAME}
|
ARG OPERATING_SYSTEM=Linux
|
||||||
ENV GIT_COMMITTER_EMAIL=${GIT_AUTHOR_EMAIL}
|
ARG PROCESSOR_ARCHITECTURE=x86_64
|
||||||
|
|
||||||
WORKDIR /go/src/github.com/fabiolb/fabio
|
RUN apk update \
|
||||||
COPY . .
|
&& apk add --no-cache ca-certificates \
|
||||||
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go test -mod=vendor -trimpath -ldflags "-s -w" ./...
|
&& OS="$(echo ${OPERATING_SYSTEM} |awk '{print tolower($0)}')"; \
|
||||||
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -mod=vendor -trimpath -ldflags "-s -w"
|
ARCH="$(echo ${PROCESSOR_ARCHITECTURE} |awk '/x86_64/ {print "amd64"}; /aarch64/ {print "arm64"}')"; \
|
||||||
|
wget -qO /usr/bin/fabio ${FABIO_REMOTE}/releases/download/v${FABIO_VERSION}/fabio-${FABIO_VERSION}-${OS}_${ARCH} \
|
||||||
|
&& chmod +x /usr/bin/fabio
|
||||||
|
|
||||||
FROM alpine:3.12 as master
|
|
||||||
RUN apk update && apk add --no-cache ca-certificates
|
|
||||||
COPY --from=build /src/fabio /usr/bin
|
|
||||||
|
|
||||||
ADD fabio.properties /etc/fabio/fabio.properties
|
|
||||||
EXPOSE 9998 9999
|
EXPOSE 9998 9999
|
||||||
ENTRYPOINT ["/usr/bin/fabio"]
|
ENTRYPOINT ["/usr/bin/fabio"]
|
||||||
CMD ["-cfg", "/etc/fabio/fabio.properties"]
|
CMD ["-cfg", "/etc/fabio/fabio.properties"]
|
||||||
|
|
||||||
|
FROM dist as master
|
||||||
|
ARG DOCKER_BUILD_DIR
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
ARG IPFS_VERSION=0.13.0-rc1
|
||||||
|
FROM ipfs/go-ipfs:v${IPFS_VERSION} as dist
|
||||||
|
LABEL maintainer aynic.os <support+docker@asycn.io>
|
||||||
|
ARG DOCKER_BUILD_DIR
|
||||||
|
|
||||||
|
COPY ${DOCKER_BUILD_DIR}/*.sh /container-init.d/
|
||||||
|
RUN chmod +rx /container-init.d/*.sh
|
||||||
|
|
||||||
|
FROM dist as master
|
||||||
|
ARG DOCKER_BUILD_DIR
|
|
@ -0,0 +1,11 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
## fix following error on arm64/linux with 2Gb RAM
|
||||||
|
# ERROR p2pnode libp2p/rcmgr_defaults.go:107 ===> OOF! go-libp2p changed DefaultServiceLimits
|
||||||
|
# => changes ('test' represents the old value):
|
||||||
|
# {"op":"test","path":"/SystemLimits/Memory","value":1073741824}
|
||||||
|
# {"op":"replace","path":"/SystemLimits/Memory","value":256560128}
|
||||||
|
# => go-libp2p SetDefaultServiceLimits update needs a review:
|
||||||
|
# Please inspect if changes impact go-ipfs users, and update expectedDefaultServiceLimits in rcmgr_defaults.go to remove this message
|
||||||
|
# FATAL p2pnode libp2p/rcmgr_defaults.go:115 daemon will refuse to run with the resource manager until this is resolved
|
||||||
|
ipfs config --json Swarm.ResourceMgr.Enabled false
|
|
@ -32,6 +32,7 @@ RUN \
|
||||||
&& curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh \
|
&& curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh \
|
||||||
&& dep ensure -vendor-only \
|
&& dep ensure -vendor-only \
|
||||||
&& go mod init \
|
&& go mod init \
|
||||||
|
&& go mod tidy \
|
||||||
&& go mod vendor \
|
&& go mod vendor \
|
||||||
&& CGO_ENABLED=0 GOOS=linux go build \
|
&& CGO_ENABLED=0 GOOS=linux go build \
|
||||||
-a -installsuffix cgo \
|
-a -installsuffix cgo \
|
||||||
|
|
|
@ -10,25 +10,23 @@ PASSPHRASE="${ECRYPTFS_PASSPHRASE:-$(/usr/bin/base64 /dev/urandom |/usr/bin/head
|
||||||
KEY="${ECRYPTFS_KEY:-passphrase:passphrase_passwd=${PASSPHRASE}}"
|
KEY="${ECRYPTFS_KEY:-passphrase:passphrase_passwd=${PASSPHRASE}}"
|
||||||
FNEK_SIG="${ECRYPTFS_FNEK_SIG:-$(printf "%s" "${PASSPHRASE}" |/usr/bin/ecryptfs-add-passphrase --fnek - |/usr/bin/awk '$5 == "sig" && NR == 2 {print substr($6,2,16)}')}"
|
FNEK_SIG="${ECRYPTFS_FNEK_SIG:-$(printf "%s" "${PASSPHRASE}" |/usr/bin/ecryptfs-add-passphrase --fnek - |/usr/bin/awk '$5 == "sig" && NR == 2 {print substr($6,2,16)}')}"
|
||||||
|
|
||||||
# ecryptfs already mounted ?
|
# if not already mounted
|
||||||
grep -q "${LOWER_DIR} ${UPPER_DIR} ecryptfs " /proc/mounts 2>/dev/null && break
|
if ! grep -q "${LOWER_DIR} ${UPPER_DIR} ecryptfs " /proc/mounts 2>/dev/null; then
|
||||||
|
|
||||||
mkdir -p "${LOWER_DIR}" "${UPPER_DIR}"
|
# create mount point
|
||||||
|
mkdir -p "${LOWER_DIR}" "${UPPER_DIR}"
|
||||||
|
|
||||||
/bin/mount -t ecryptfs -o \
|
# mount ecryptfs
|
||||||
|
/bin/mount -t ecryptfs -o \
|
||||||
key="${KEY}",\
|
key="${KEY}",\
|
||||||
no_sig_cache,\
|
no_sig_cache,\
|
||||||
ecryptfs_cipher="${CIPHER}",\
|
ecryptfs_cipher="${CIPHER}",\
|
||||||
ecryptfs_enable_filename=y,\
|
|
||||||
ecryptfs_enable_filename_crypto=y,\
|
|
||||||
ecryptfs_fnek_sig="${FNEK_SIG}",\
|
ecryptfs_fnek_sig="${FNEK_SIG}",\
|
||||||
ecryptfs_key_bytes="${KEY_BYTES}",\
|
ecryptfs_key_bytes="${KEY_BYTES}",\
|
||||||
ecryptfs_passthrough=n,\
|
|
||||||
ecryptfs_unlink_sigs\
|
ecryptfs_unlink_sigs\
|
||||||
"${LOWER_DIR}" "${UPPER_DIR}" 1>/dev/null
|
"${LOWER_DIR}" "${UPPER_DIR}" >/dev/null
|
||||||
|
|
||||||
# Overwrite sensible variables with random data
|
# Overwrite sensible variables with random data
|
||||||
ECRYPTFS_KEY="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
|
KEY="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
|
||||||
ECRYPTFS_PASSPHRASE="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
|
PASSPHRASE="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
|
||||||
KEY="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
|
fi
|
||||||
PASSPHRASE="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
|
|
||||||
|
|
|
@ -1,50 +1,69 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
[ -n "${DEBUG}" ] && set -x
|
[ -n "${DEBUG}" ] && set -x
|
||||||
|
|
||||||
[ ! -f "${HOME}/.ecryptfs/auto-mount" ] && break
|
|
||||||
|
|
||||||
LOWER_DIR="${1:-${ECRYPTFS_LOWER_DIR:-${HOME}/Secure}}"
|
LOWER_DIR="${1:-${ECRYPTFS_LOWER_DIR:-${HOME}/Secure}}"
|
||||||
UPPER_DIR="${ECRYPTFS_UPPER_DIR:-${LOWER_DIR}}"
|
UPPER_DIR="${ECRYPTFS_UPPER_DIR:-${LOWER_DIR}}"
|
||||||
ALIAS="${ECRYPTFS_ALIAS:-${LOWER_DIR##*/}}"
|
ALIAS="${ECRYPTFS_ALIAS:-${LOWER_DIR##*/}}"
|
||||||
mkdir -p "${LOWER_DIR}" "${UPPER_DIR}"
|
|
||||||
|
|
||||||
# ecryptfs already mounted ?
|
# if not already mounted
|
||||||
grep -q "${LOWER_DIR} ${UPPER_DIR} ecryptfs " /proc/mounts 2>/dev/null && break
|
if ! grep -q "${LOWER_DIR} ${UPPER_DIR} ecryptfs " /proc/mounts 2>/dev/null; then
|
||||||
|
|
||||||
# we should always use the same key when multiple keys are loaded in ssh-agent
|
# create mount point
|
||||||
if [ -f "${HOME}/.ecryptfs/${ALIAS}.key" ]; then
|
mkdir -p "${LOWER_DIR}" "${UPPER_DIR}"
|
||||||
ssh_key_fingerprint=$(cat "${HOME}/.ecryptfs/${ALIAS}.key")
|
|
||||||
else
|
# we should always use the same key when multiple keys are loaded in ssh-agent
|
||||||
ssh_key_fingerprint=$(/usr/bin/ssh-add -l 2>/dev/null |awk '{print $2; exit;}')
|
if [ -f "${HOME}/.ecryptfs/${ALIAS}.key" ]; then
|
||||||
[ -n "${ssh_key_fingerprint}" ] && printf "%s\n" "${ssh_key_fingerprint}" > "${HOME}/.ecryptfs/${ALIAS}.key"
|
ssh_key_fingerprint=$(cat "${HOME}/.ecryptfs/${ALIAS}.key")
|
||||||
|
# first time, select the first key and write fingerprint to file
|
||||||
|
else
|
||||||
|
ssh_key_fingerprint=$(/usr/bin/ssh-add -l 2>/dev/null |awk '{print $2; exit;}')
|
||||||
|
[ -n "${ssh_key_fingerprint}" ] && printf "%s\n" "${ssh_key_fingerprint}" > "${HOME}/.ecryptfs/${ALIAS}.key"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# select ssh key name matching fingerprint
|
||||||
|
ssh_key=$(/usr/bin/ssh-add -l 2>/dev/null |awk '$2 == "'"${ssh_key_fingerprint:-undef}"'" {print $3}')
|
||||||
|
# if ssh key
|
||||||
|
if [ -n "${ssh_key}" ]; then
|
||||||
|
# decrypt encrypted passphrase
|
||||||
|
if [ -f "${HOME}/.ecryptfs/${ALIAS}.ssh" ]; then
|
||||||
|
PASSPHRASE=$(/usr/local/bin/ssh-crypt -b -d -k "${ssh_key}" -i "${HOME}/.ecryptfs/${ALIAS}.ssh")
|
||||||
|
# first time, generate random passphrase and write encrypted passphrase to file
|
||||||
|
else
|
||||||
|
PASSPHRASE="${ECRYPTFS_PASSPHRASE:-$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)}"
|
||||||
|
printf "%s" "${PASSPHRASE}" |/usr/local/bin/ssh-crypt -b -e -k "${ssh_key}" -o "${HOME}/.ecryptfs/${ALIAS}.ssh"
|
||||||
|
fi
|
||||||
|
# load authentication token signature (fekek)
|
||||||
|
SIG="${ECRYPTFS_SIG:-$(printf "%s" "${PASSPHRASE}" |/usr/bin/ecryptfs-add-passphrase - |/usr/bin/awk '$5 == "sig" {print substr($6,2,16); exit;}')}"
|
||||||
|
# load filename authentication token signature (fnek)
|
||||||
|
FNEK_SIG="${ECRYPTFS_FNEK_SIG:-$(printf "%s" "${PASSPHRASE}" |/usr/bin/ecryptfs-add-passphrase --fnek - |/usr/bin/awk '$5 == "sig" && NR == 2 {print substr($6,2,16)}')}"
|
||||||
|
|
||||||
|
# Overwrite sensible variables with random data
|
||||||
|
ECRYPTFS_PASSPHRASE="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
|
||||||
|
PASSPHRASE="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
|
||||||
|
|
||||||
|
# first time, write ecryptfs_private config to file
|
||||||
|
if [ ! -f "${HOME}/.ecryptfs/${ALIAS}.conf" ]; then
|
||||||
|
printf "%s %s ecryptfs\n" "${LOWER_DIR}" "${UPPER_DIR}" > "${HOME}/.ecryptfs/${ALIAS}.conf"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# first time, write authentication token signatures to file
|
||||||
|
if [ ! -f "${HOME}/.ecryptfs/${ALIAS}.sig" ]; then
|
||||||
|
printf "%s\n" "${SIG}" > "${HOME}/.ecryptfs/${ALIAS}.sig"
|
||||||
|
printf "%s\n" "${FNEK_SIG}" >> "${HOME}/.ecryptfs/${ALIAS}.sig"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# check authentication tokens to prevent mounting with bad ones
|
||||||
|
if grep "${SIG}" "${HOME}/.ecryptfs/${ALIAS}.sig" >/dev/null \
|
||||||
|
&& grep "${FNEK_SIG}" "${HOME}/.ecryptfs/${ALIAS}.sig" >/dev/null; then
|
||||||
|
# mount ecryptfs
|
||||||
|
/sbin/mount.ecryptfs_private "${ALIAS}"
|
||||||
|
else
|
||||||
|
echo "WARNING: Bad authentication token ${SIG} for ecryptfs mount ${ALIAS}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
else
|
||||||
|
echo "WARNING: Unable to find ssh key ${ssh_key} in ssh agent ${SSH_AUTH_SOCK}"
|
||||||
|
# if ssh key
|
||||||
|
fi
|
||||||
|
# if not already mounted
|
||||||
fi
|
fi
|
||||||
# select ssh key
|
|
||||||
ssh_key=$(/usr/bin/ssh-add -l 2>/dev/null |awk '$2 == "'${ssh_key_fingerprint:-undef}'" {print $3}')
|
|
||||||
[ -z "${ssh_key}" ] && echo "WARNING: Unable to find ssh key ${ssh_key} in ssh agent ${SSH_AUTH_SOCK}" && break
|
|
||||||
|
|
||||||
if [ -f "${HOME}/.ecryptfs/${ALIAS}.ssh" ]; then
|
|
||||||
PASSPHRASE=$(/usr/local/bin/ssh-crypt -b -d -k "${ssh_key}" -i "${HOME}/.ecryptfs/${ALIAS}.ssh")
|
|
||||||
else
|
|
||||||
PASSPHRASE="${ECRYPTFS_PASSPHRASE:-$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)}"
|
|
||||||
printf "%s" "${PASSPHRASE}" |/usr/local/bin/ssh-crypt -b -e -k "${ssh_key}" -o "${HOME}/.ecryptfs/${ALIAS}.ssh"
|
|
||||||
fi
|
|
||||||
SIG="${ECRYPTFS_SIG:-$(printf "%s" "${PASSPHRASE}" |/usr/bin/ecryptfs-add-passphrase - |/usr/bin/awk '$5 == "sig" {print substr($6,2,16); exit;}')}"
|
|
||||||
FNEK_SIG="${ECRYPTFS_FNEK_SIG:-$(printf "%s" "${PASSPHRASE}" |/usr/bin/ecryptfs-add-passphrase --fnek - |/usr/bin/awk '$5 == "sig" && NR == 2 {print substr($6,2,16)}')}"
|
|
||||||
|
|
||||||
# Overwrite sensible variables with random data
|
|
||||||
ECRYPTFS_PASSPHRASE="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
|
|
||||||
PASSPHRASE="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
|
|
||||||
|
|
||||||
if [ ! -f "${HOME}/.ecryptfs/${ALIAS}.conf" ]; then
|
|
||||||
printf "%s %s ecryptfs\n" "${LOWER_DIR}" "${UPPER_DIR}" > "${HOME}/.ecryptfs/${ALIAS}.conf"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -f "${HOME}/.ecryptfs/${ALIAS}.sig" ]; then
|
|
||||||
printf "%s\n" "${SIG}" > "${HOME}/.ecryptfs/${ALIAS}.sig"
|
|
||||||
printf "%s\n" "${FNEK_SIG}" >> "${HOME}/.ecryptfs/${ALIAS}.sig"
|
|
||||||
else
|
|
||||||
grep "${SIG}" "${HOME}/.ecryptfs/${ALIAS}.sig" >/dev/null
|
|
||||||
grep "${FNEK_SIG}" "${HOME}/.ecryptfs/${ALIAS}.sig" >/dev/null
|
|
||||||
fi
|
|
||||||
|
|
||||||
/sbin/mount.ecryptfs_private "${ALIAS}"
|
|
||||||
|
|
|
@ -3,17 +3,12 @@
|
||||||
|
|
||||||
# target bootstrap: Update application files and start dockers
|
# target bootstrap: Update application files and start dockers
|
||||||
# on local host
|
# on local host
|
||||||
.PHONY: bootstrap
|
.PHONY: bootstrap app-bootstrap
|
||||||
bootstrap: bootstrap-git bootstrap-docker app-bootstrap ## Update application files and start dockers
|
bootstrap: bootstrap-app app-bootstrap ## Update application files and start dockers
|
||||||
|
|
||||||
# target bootstrap-docker: Build and start application dockers
|
# target bootstrap-app: Fire install-bin-git
|
||||||
# on local host
|
.PHONY: bootstrap-app
|
||||||
.PHONY: bootstrap-docker
|
bootstrap-app: install-bin-git
|
||||||
bootstrap-docker: install-bin-docker setup-docker-group
|
|
||||||
|
|
||||||
# target bootstrap-git: Fire update-app
|
|
||||||
.PHONY: bootstrap-git
|
|
||||||
bootstrap-git: install-bin-git
|
|
||||||
|
|
||||||
# target build: Build application docker images to run
|
# target build: Build application docker images to run
|
||||||
# on local host
|
# on local host
|
||||||
|
@ -23,7 +18,7 @@ build: docker-compose-build ## Build application docker images
|
||||||
# target build@%: Build application docker images of % ENV
|
# target build@%: Build application docker images of % ENV
|
||||||
# on local host
|
# on local host
|
||||||
.PHONY: build@% app-build
|
.PHONY: build@% app-build
|
||||||
build@%: myos-base
|
build@%: myos-user
|
||||||
$(eval docker_images += $(foreach service,$(SERVICES),$(if $(shell docker images -q $(DOCKER_REPOSITORY)/$(service):$(DOCKER_IMAGE_TAG) 2>/dev/null),$(service))))
|
$(eval docker_images += $(foreach service,$(SERVICES),$(if $(shell docker images -q $(DOCKER_REPOSITORY)/$(service):$(DOCKER_IMAGE_TAG) 2>/dev/null),$(service))))
|
||||||
$(eval build_app := $(or $(filter $(DOCKER_BUILD_CACHE),false),$(filter-out $(docker_images),$(SERVICES))))
|
$(eval build_app := $(or $(filter $(DOCKER_BUILD_CACHE),false),$(filter-out $(docker_images),$(SERVICES))))
|
||||||
$(if $(build_app), \
|
$(if $(build_app), \
|
||||||
|
@ -170,14 +165,14 @@ stack:
|
||||||
# target stack-%: Call docker-compose-% target on STACK
|
# target stack-%: Call docker-compose-% target on STACK
|
||||||
## it splits % on dashes and extracts stack from the beginning and command from
|
## it splits % on dashes and extracts stack from the beginning and command from
|
||||||
## the last part of %
|
## the last part of %
|
||||||
## ex: stack-base-up will fire the docker-compose-up target in the base stack
|
## ex: stack-node-up will fire the docker-compose-up target in the node stack
|
||||||
.PHONY: stack-%
|
.PHONY: stack-%
|
||||||
stack-%:
|
stack-%:
|
||||||
$(eval stack := $(subst -$(lastword $(subst -, ,$*)),,$*))
|
$(eval stack := $(subst -$(lastword $(subst -, ,$*)),,$*))
|
||||||
$(eval command := $(lastword $(subst -, ,$*)))
|
$(eval command := $(lastword $(subst -, ,$*)))
|
||||||
$(if $(findstring -,$*), \
|
$(if $(findstring -,$*), \
|
||||||
$(if $(filter $(command),$(filter-out %-%,$(patsubst docker-compose-%,%,$(filter docker-compose-%,$(MAKE_TARGETS))))), \
|
$(if $(filter $(command),$(filter-out %-%,$(patsubst docker-compose-%,%,$(filter docker-compose-%,$(MAKE_TARGETS))))), \
|
||||||
$(call make,docker-compose-$(command) STACK="$(stack)" $(if $(filter node,$(stack)),COMPOSE_PROJECT_NAME=$(COMPOSE_PROJECT_NAME_NODE)),,ARGS COMPOSE_IGNORE_ORPHANS SERVICE)))
|
$(call make,docker-compose-$(command) STACK="$(stack)" $(if $(filter $(COMPOSE_PROJECT_NAME_NODE),$(stack)),COMPOSE_PROJECT_NAME=$(COMPOSE_PROJECT_NAME_NODE)),,ARGS COMPOSE_IGNORE_ORPHANS SERVICE)))
|
||||||
|
|
||||||
# target start app-start: Start application dockers
|
# target start app-start: Start application dockers
|
||||||
# on local host
|
# on local host
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
CMDS += docker-compose-exec docker-run docker-run-%
|
CMDS += docker-compose-exec docker-run docker-run-%
|
||||||
|
COMPOSE_ARGS ?= --ansi auto
|
||||||
COMPOSE_FILE ?= $(wildcard docker/docker-compose.yml $(foreach file,$(patsubst docker/docker-compose.%,%,$(basename $(wildcard docker/docker-compose.*.yml))),$(if $(filter true,$(COMPOSE_FILE_$(file)) $(COMPOSE_FILE_$(call UPPERCASE,$(file)))),docker/docker-compose.$(file).yml)))
|
COMPOSE_FILE ?= $(wildcard docker/docker-compose.yml $(foreach file,$(patsubst docker/docker-compose.%,%,$(basename $(wildcard docker/docker-compose.*.yml))),$(if $(filter true,$(COMPOSE_FILE_$(file)) $(COMPOSE_FILE_$(call UPPERCASE,$(file)))),docker/docker-compose.$(file).yml)))
|
||||||
COMPOSE_FILE_$(ENV) ?= true
|
COMPOSE_FILE_$(ENV) ?= true
|
||||||
COMPOSE_FILE_DEBUG ?= $(if $(DEBUG),true)
|
COMPOSE_FILE_DEBUG ?= $(if $(DEBUG),true)
|
||||||
|
@ -10,9 +11,9 @@ else
|
||||||
COMPOSE_FILE_APP ?= true
|
COMPOSE_FILE_APP ?= true
|
||||||
endif
|
endif
|
||||||
COMPOSE_IGNORE_ORPHANS ?= false
|
COMPOSE_IGNORE_ORPHANS ?= false
|
||||||
COMPOSE_PROJECT_NAME ?= $(APP_ENV)$(subst /,,$(subst -,,$(APP_PATH)))
|
COMPOSE_PROJECT_NAME ?= $(PROJECT_ENV)$(subst /,,$(subst -,,$(APP_PATH)))
|
||||||
COMPOSE_SERVICE_NAME ?= $(subst _,-,$(COMPOSE_PROJECT_NAME))
|
COMPOSE_SERVICE_NAME ?= $(subst _,-,$(COMPOSE_PROJECT_NAME))
|
||||||
COMPOSE_VERSION ?= 1.29.2
|
COMPOSE_VERSION ?= 2.5.0
|
||||||
CONTEXT += COMPOSE_FILE DOCKER_REPOSITORY
|
CONTEXT += COMPOSE_FILE DOCKER_REPOSITORY
|
||||||
CONTEXT_DEBUG += DOCKER_BUILD_TARGET DOCKER_IMAGE_TAG DOCKER_REGISTRY DOCKER_SERVICE DOCKER_SERVICES
|
CONTEXT_DEBUG += DOCKER_BUILD_TARGET DOCKER_IMAGE_TAG DOCKER_REGISTRY DOCKER_SERVICE DOCKER_SERVICES
|
||||||
DOCKER_AUTHOR ?= $(DOCKER_AUTHOR_NAME) <$(DOCKER_AUTHOR_EMAIL)>
|
DOCKER_AUTHOR ?= $(DOCKER_AUTHOR_NAME) <$(DOCKER_AUTHOR_EMAIL)>
|
||||||
|
@ -25,8 +26,8 @@ DOCKER_BUILD_NO_CACHE ?= false
|
||||||
DOCKER_BUILD_TARGET ?= $(if $(filter $(ENV),$(DOCKER_BUILD_TARGETS)),$(ENV),$(DOCKER_BUILD_TARGET_DEFAULT))
|
DOCKER_BUILD_TARGET ?= $(if $(filter $(ENV),$(DOCKER_BUILD_TARGETS)),$(ENV),$(DOCKER_BUILD_TARGET_DEFAULT))
|
||||||
DOCKER_BUILD_TARGET_DEFAULT ?= master
|
DOCKER_BUILD_TARGET_DEFAULT ?= master
|
||||||
DOCKER_BUILD_TARGETS ?= $(ENV_DEPLOY)
|
DOCKER_BUILD_TARGETS ?= $(ENV_DEPLOY)
|
||||||
DOCKER_BUILD_VARS ?= APP BRANCH DOCKER_GID DOCKER_REPOSITORY GID GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME SSH_BASTION_HOSTNAME SSH_BASTION_USERNAME SSH_PRIVATE_IP_RANGE SSH_PUBLIC_HOST_KEYS SSH_REMOTE_HOSTS UID USER VERSION
|
DOCKER_BUILD_VARS ?= APP BRANCH COMPOSE_VERSION DOCKER_GID DOCKER_REPOSITORY GID GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME SSH_BASTION_HOSTNAME SSH_BASTION_USERNAME SSH_PRIVATE_IP_RANGE SSH_PUBLIC_HOST_KEYS SSH_REMOTE_HOSTS UID USER VERSION
|
||||||
DOCKER_COMPOSE ?= $(if $(DOCKER_RUN),docker/compose:$(COMPOSE_VERSION),$(or $(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n'),docker-compose))
|
DOCKER_COMPOSE ?= $(if $(DOCKER_RUN),docker/compose:$(COMPOSE_VERSION),$(or $(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n'),docker-compose)) $(COMPOSE_ARGS)
|
||||||
DOCKER_COMPOSE_DOWN_OPTIONS ?=
|
DOCKER_COMPOSE_DOWN_OPTIONS ?=
|
||||||
DOCKER_COMPOSE_UP_OPTIONS ?= -d
|
DOCKER_COMPOSE_UP_OPTIONS ?= -d
|
||||||
DOCKER_IMAGE_TAG ?= $(if $(filter $(ENV),$(ENV_DEPLOY)),$(VERSION),$(if $(DRONE_BUILD_NUMBER),$(DRONE_BUILD_NUMBER),latest))
|
DOCKER_IMAGE_TAG ?= $(if $(filter $(ENV),$(ENV_DEPLOY)),$(VERSION),$(if $(DRONE_BUILD_NUMBER),$(DRONE_BUILD_NUMBER),latest))
|
||||||
|
@ -71,11 +72,13 @@ endif
|
||||||
# function docker-compose: Run docker-compose with arg 1
|
# function docker-compose: Run docker-compose with arg 1
|
||||||
define docker-compose
|
define docker-compose
|
||||||
$(call INFO,docker-compose,$(1))
|
$(call INFO,docker-compose,$(1))
|
||||||
|
$(if $(DOCKER_RUN),$(call docker-build,docker/compose,docker/compose:$(COMPOSE_VERSION)))
|
||||||
$(call run,$(DOCKER_COMPOSE) $(patsubst %,-f %,$(COMPOSE_FILE)) -p $(COMPOSE_PROJECT_NAME) $(1))
|
$(call run,$(DOCKER_COMPOSE) $(patsubst %,-f %,$(COMPOSE_FILE)) -p $(COMPOSE_PROJECT_NAME) $(1))
|
||||||
endef
|
endef
|
||||||
# function docker-compose-exec: Run docker-compose-exec with arg 2 in service 1
|
# function docker-compose-exec: Run docker-compose-exec with arg 2 in service 1
|
||||||
define docker-compose-exec
|
define docker-compose-exec
|
||||||
$(call INFO,docker-compose-exec,$(1)$(comma) $(2))
|
$(call INFO,docker-compose-exec,$(1)$(comma) $(2))
|
||||||
|
$(if $(DOCKER_RUN),$(call docker-build,docker/compose,docker/compose:$(COMPOSE_VERSION)))
|
||||||
$(call run,$(DOCKER_COMPOSE) $(patsubst %,-f %,$(COMPOSE_FILE)) -p $(COMPOSE_PROJECT_NAME) exec -T $(1) sh -c '$(2)')
|
$(call run,$(DOCKER_COMPOSE) $(patsubst %,-f %,$(COMPOSE_FILE)) -p $(COMPOSE_PROJECT_NAME) exec -T $(1) sh -c '$(2)')
|
||||||
endef
|
endef
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
APP_DIR ?= $(CURDIR)
|
APP_DIR ?= $(CURDIR)
|
||||||
APP_DOMAIN ?= $(ENV)$(addprefix .,$(DOMAIN))
|
APP_DOMAIN ?= $(addsuffix .,$(filter-out master,$(ENV)))$(DOMAIN)
|
||||||
APP_ENV ?= $(USER_ENV)_$(APP)
|
APP_HOST ?= $(addsuffix .,$(APP))$(APP_DOMAIN)
|
||||||
APP_HOST ?= $(APP)$(addprefix .,$(APP_DOMAIN))
|
|
||||||
APP_INSTALLED ?= $(APPS)
|
APP_INSTALLED ?= $(APPS)
|
||||||
APP_PARENT ?= $(MONOREPO)
|
APP_PARENT ?= $(MONOREPO)
|
||||||
APP_PARENT_DIR ?= $(MONOREPO_DIR)
|
APP_PARENT_DIR ?= $(MONOREPO_DIR)
|
||||||
|
@ -24,7 +23,7 @@ ENV_VARS += APP_DIR APP_DOMAIN APP_HOST APP_PATH APP_URL
|
||||||
MOUNT_NFS ?= false
|
MOUNT_NFS ?= false
|
||||||
NFS_CONFIG ?= addr=$(NFS_HOST),actimeo=3,intr,noacl,noatime,nocto,nodiratime,nolock,soft,rsize=32768,wsize=32768,tcp,rw,vers=3
|
NFS_CONFIG ?= addr=$(NFS_HOST),actimeo=3,intr,noacl,noatime,nocto,nodiratime,nolock,soft,rsize=32768,wsize=32768,tcp,rw,vers=3
|
||||||
NFS_HOST ?= host.docker.internal
|
NFS_HOST ?= host.docker.internal
|
||||||
SERVICE_ENV ?= $(subst _,-,$(APP_ENV))
|
PROJECT_ENV ?= $(USER)_$(APP)_$(ENV)
|
||||||
SERVICE_NAME ?= $(COMPOSE_SERVICE_NAME)
|
SERVICE_NAME ?= $(COMPOSE_SERVICE_NAME)
|
||||||
SERVICE_VERSION ?= $(BUILD_DATE)-$(VERSION)
|
SERVICE_VERSION ?= $(BUILD_DATE)-$(VERSION)
|
||||||
SERVICES ?= $(DOCKER_SERVICES)
|
SERVICES ?= $(DOCKER_SERVICES)
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
## it runs ansible-pull on hosts to pull docker images from the registry
|
## it runs ansible-pull on hosts to pull docker images from the registry
|
||||||
## it tags and pushes docker images as latest to docker registry
|
## it tags and pushes docker images as latest to docker registry
|
||||||
.PHONY: deploy@%
|
.PHONY: deploy@%
|
||||||
deploy@%: myos-base build@% ## Deploy application docker images
|
deploy@%: myos-user build@% ## Deploy application docker images
|
||||||
$(call make,docker-login docker-tag docker-push)
|
$(call make,docker-login docker-tag docker-push)
|
||||||
$(call make,myos-ansible-pull@$(ENV) ANSIBLE_DOCKER_IMAGE_TAG=$(VERSION) ANSIBLE_TAGS=deploy AWS_ACCESS_KEY_ID=$(AWS_ACCESS_KEY_ID) AWS_SECRET_ACCESS_KEY=$(AWS_SECRET_ACCESS_KEY),,APP)
|
$(call make,myos-ansible-pull@$(ENV) ANSIBLE_DOCKER_IMAGE_TAG=$(VERSION) ANSIBLE_TAGS=deploy AWS_ACCESS_KEY_ID=$(AWS_ACCESS_KEY_ID) AWS_SECRET_ACCESS_KEY=$(AWS_SECRET_ACCESS_KEY),,APP)
|
||||||
$(call make,docker-tag-latest docker-push-latest)
|
$(call make,docker-tag-latest docker-push-latest)
|
||||||
|
@ -33,7 +33,7 @@ deploy-hook-ping-curl:
|
||||||
## it runs ansible-pull on localhost to pull docker images from the registry
|
## it runs ansible-pull on localhost to pull docker images from the registry
|
||||||
## it tags and pushes docker images as latest to docker registry
|
## it tags and pushes docker images as latest to docker registry
|
||||||
.PHONY: deploy-localhost
|
.PHONY: deploy-localhost
|
||||||
deploy-localhost: myos-base build@$(ENV) ## Deploy application docker images
|
deploy-localhost: myos-user build@$(ENV) ## Deploy application docker images
|
||||||
$(call make,docker-login docker-tag docker-push)
|
$(call make,docker-login docker-tag docker-push)
|
||||||
$(call make,myos-ansible-pull ANSIBLE_DOCKER_IMAGE_TAG=$(VERSION) ANSIBLE_TAGS=deploy,,APP MYOS_TAGS_JSON)
|
$(call make,myos-ansible-pull ANSIBLE_DOCKER_IMAGE_TAG=$(VERSION) ANSIBLE_TAGS=deploy,,APP MYOS_TAGS_JSON)
|
||||||
$(call make,docker-tag-latest docker-push-latest)
|
$(call make,docker-tag-latest docker-push-latest)
|
||||||
|
|
|
@ -9,7 +9,7 @@ docker-build: docker-images-myos
|
||||||
# target docker-build-%: Call docker-build for each Dockerfile in docker/% folder
|
# target docker-build-%: Call docker-build for each Dockerfile in docker/% folder
|
||||||
.PHONY: docker-build-%
|
.PHONY: docker-build-%
|
||||||
docker-build-%:
|
docker-build-%:
|
||||||
if grep -q DOCKER_REPOSITORY docker/$*/Dockerfile 2>/dev/null; then $(eval DOCKER_BUILD_ARGS:=$(subst $(DOCKER_REPOSITORY),$(DOCKER_REPOSITORY_MYOS),$(DOCKER_BUILD_ARGS))) true; fi
|
if grep -q DOCKER_REPOSITORY docker/$*/Dockerfile 2>/dev/null; then $(eval DOCKER_BUILD_ARGS:=$(subst $(DOCKER_REPOSITORY),$(DOCKER_REPOSITORY_USER),$(DOCKER_BUILD_ARGS))) true; fi
|
||||||
$(if $(wildcard docker/$*/Dockerfile),$(call docker-build,docker/$*))
|
$(if $(wildcard docker/$*/Dockerfile),$(call docker-build,docker/$*))
|
||||||
$(if $(findstring :,$*),$(eval DOCKERFILES := $(wildcard docker/$(subst :,/,$*)/Dockerfile)),$(eval DOCKERFILES := $(wildcard docker/$*/*/Dockerfile)))
|
$(if $(findstring :,$*),$(eval DOCKERFILES := $(wildcard docker/$(subst :,/,$*)/Dockerfile)),$(eval DOCKERFILES := $(wildcard docker/$*/*/Dockerfile)))
|
||||||
$(foreach dockerfile,$(DOCKERFILES),$(call docker-build,$(dir $(dockerfile)),$(DOCKER_REPOSITORY)/$(word 2,$(subst /, ,$(dir $(dockerfile)))):$(lastword $(subst /, ,$(dir $(dockerfile)))),"") && true)
|
$(foreach dockerfile,$(DOCKERFILES),$(call docker-build,$(dir $(dockerfile)),$(DOCKER_REPOSITORY)/$(word 2,$(subst /, ,$(dir $(dockerfile)))):$(lastword $(subst /, ,$(dir $(dockerfile)))),"") && true)
|
||||||
|
@ -124,7 +124,7 @@ docker-images-rm-%:
|
||||||
|
|
||||||
# target docker-login: Run 'docker login'
|
# target docker-login: Run 'docker login'
|
||||||
.PHONY: docker-login
|
.PHONY: docker-login
|
||||||
docker-login: myos-base
|
docker-login: myos-user
|
||||||
$(RUN) docker login
|
$(RUN) docker login
|
||||||
|
|
||||||
# target docker-network-create: Fire docker-network-create-% for DOCKER_NETWORK
|
# target docker-network-create: Fire docker-network-create-% for DOCKER_NETWORK
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
|
|
||||||
# target git-branch-create-upstream-%: Create git BRANCH from upstream/% branch
|
# target git-branch-create-upstream-%: Create git BRANCH from upstream/% branch
|
||||||
.PHONY: git-branch-create-upstream-%
|
.PHONY: git-branch-create-upstream-%
|
||||||
git-branch-create-upstream-%: $(if $(DOCKER_RUN),myos-base) update-upstream
|
git-branch-create-upstream-%: myos-user update-upstream
|
||||||
$(RUN) git fetch --prune upstream
|
$(RUN) git fetch --prune upstream
|
||||||
git rev-parse --verify $(BRANCH) >/dev/null 2>&1 \
|
git rev-parse --verify $(BRANCH) >/dev/null 2>&1 \
|
||||||
&& $(or $(call WARNING,present branch,$(BRANCH)), true) \
|
&& $(or $(call WARNING,present branch,$(BRANCH)), true) \
|
||||||
|
@ -15,7 +15,7 @@ git-branch-create-upstream-%: $(if $(DOCKER_RUN),myos-base) update-upstream
|
||||||
|
|
||||||
# target git-branch-delete: Delete git BRANCH
|
# target git-branch-delete: Delete git BRANCH
|
||||||
.PHONY: git-branch-delete
|
.PHONY: git-branch-delete
|
||||||
git-branch-delete: $(if $(DOCKER_RUN),myos-base) update-upstream
|
git-branch-delete: myos-user update-upstream
|
||||||
git rev-parse --verify $(BRANCH) >/dev/null 2>&1 \
|
git rev-parse --verify $(BRANCH) >/dev/null 2>&1 \
|
||||||
&& $(RUN) git branch -d $(BRANCH) \
|
&& $(RUN) git branch -d $(BRANCH) \
|
||||||
|| $(or $(call WARNING,no branch,$(BRANCH)), true)
|
|| $(or $(call WARNING,no branch,$(BRANCH)), true)
|
||||||
|
@ -26,7 +26,7 @@ git-branch-delete: $(if $(DOCKER_RUN),myos-base) update-upstream
|
||||||
|
|
||||||
# target git-branch-merge-upstream-%: Merge git BRANCH into upstream/% branch
|
# target git-branch-merge-upstream-%: Merge git BRANCH into upstream/% branch
|
||||||
.PHONY: git-branch-merge-upstream-%
|
.PHONY: git-branch-merge-upstream-%
|
||||||
git-branch-merge-upstream-%: $(if $(DOCKER_RUN),myos-base) update-upstream
|
git-branch-merge-upstream-%: myos-user update-upstream
|
||||||
git rev-parse --verify $(BRANCH) >/dev/null 2>&1
|
git rev-parse --verify $(BRANCH) >/dev/null 2>&1
|
||||||
$(RUN) git checkout $(BRANCH)
|
$(RUN) git checkout $(BRANCH)
|
||||||
$(RUN) git pull --ff-only upstream $(BRANCH)
|
$(RUN) git pull --ff-only upstream $(BRANCH)
|
||||||
|
@ -38,12 +38,12 @@ git-branch-merge-upstream-%: $(if $(DOCKER_RUN),myos-base) update-upstream
|
||||||
|
|
||||||
# target git-stash: git stash
|
# target git-stash: git stash
|
||||||
.PHONY: git-stash
|
.PHONY: git-stash
|
||||||
git-stash: $(if $(DOCKER_RUN),myos-base)
|
git-stash: myos-user
|
||||||
$(if $(filter-out 0,$(STATUS)),$(RUN) git stash)
|
$(if $(filter-out 0,$(STATUS)),$(RUN) git stash)
|
||||||
|
|
||||||
# target git-tag-create-upstream-%: Create git TAG to reference upstream/% branch
|
# target git-tag-create-upstream-%: Create git TAG to reference upstream/% branch
|
||||||
.PHONY: git-tag-create-upstream-%
|
.PHONY: git-tag-create-upstream-%
|
||||||
git-tag-create-upstream-%: $(if $(DOCKER_RUN),myos-base) update-upstream
|
git-tag-create-upstream-%: myos-user update-upstream
|
||||||
ifneq ($(words $(TAG)),0)
|
ifneq ($(words $(TAG)),0)
|
||||||
$(RUN) git checkout $*
|
$(RUN) git checkout $*
|
||||||
$(RUN) git pull --tags --prune upstream $*
|
$(RUN) git pull --tags --prune upstream $*
|
||||||
|
@ -60,7 +60,7 @@ endif
|
||||||
|
|
||||||
# target git-tag-merge-upstream-%: Merge git TAG into upstream/% branch
|
# target git-tag-merge-upstream-%: Merge git TAG into upstream/% branch
|
||||||
.PHONY: git-tag-merge-upstream-%
|
.PHONY: git-tag-merge-upstream-%
|
||||||
git-tag-merge-upstream-%: $(if $(DOCKER_RUN),myos-base) update-upstream
|
git-tag-merge-upstream-%: myos-user update-upstream
|
||||||
ifneq ($(words $(TAG)),0)
|
ifneq ($(words $(TAG)),0)
|
||||||
$(RUN) git fetch --tags -u --prune upstream $*:$*
|
$(RUN) git fetch --tags -u --prune upstream $*:$*
|
||||||
$(RUN) git checkout $*
|
$(RUN) git checkout $*
|
||||||
|
@ -70,5 +70,5 @@ endif
|
||||||
|
|
||||||
# target git-unstash: git stash pop
|
# target git-unstash: git stash pop
|
||||||
.PHONY: git-unstash
|
.PHONY: git-unstash
|
||||||
git-unstash: $(if $(DOCKER_RUN),myos-base)
|
git-unstash: myos-user
|
||||||
$(if $(filter-out 0,$(STATUS)),$(RUN) git stash pop)
|
$(if $(filter-out 0,$(STATUS)),$(RUN) git stash pop)
|
||||||
|
|
|
@ -22,7 +22,7 @@ install-config-%:
|
||||||
## it creates user % with password % and all privileges on database %
|
## it creates user % with password % and all privileges on database %
|
||||||
## it imports %.mysql.gz file in database %
|
## it imports %.mysql.gz file in database %
|
||||||
.PHONY: install-mysql-database-%
|
.PHONY: install-mysql-database-%
|
||||||
install-mysql-database-%: $(if $(DOCKER_RUN),myos-base)
|
install-mysql-database-%: myos-user
|
||||||
$(call exec,mysql -h mysql -u root -proot $* -e "use $*" >/dev/null 2>&1) \
|
$(call exec,mysql -h mysql -u root -proot $* -e "use $*" >/dev/null 2>&1) \
|
||||||
|| $(call exec,$(RUN) mysql -h mysql -u root -proot mysql -e "create database $* character set utf8 collate utf8_unicode_ci;")
|
|| $(call exec,$(RUN) mysql -h mysql -u root -proot mysql -e "create database $* character set utf8 collate utf8_unicode_ci;")
|
||||||
$(call exec,mysql -h mysql -u $* -p$* $* -e "use $*" >/dev/null 2>&1) \
|
$(call exec,mysql -h mysql -u $* -p$* $* -e "use $*" >/dev/null 2>&1) \
|
||||||
|
@ -37,7 +37,7 @@ install-mysql-database-%: $(if $(DOCKER_RUN),myos-base)
|
||||||
## it creates user % with password % and all privileges on database %
|
## it creates user % with password % and all privileges on database %
|
||||||
## it imports %.pgsql.gz file in database %
|
## it imports %.pgsql.gz file in database %
|
||||||
.PHONY: install-pgsql-database-%
|
.PHONY: install-pgsql-database-%
|
||||||
install-pgsql-database-%: myos-base
|
install-pgsql-database-%: myos-user
|
||||||
$(call exec,PGPASSWORD=$* psql -h postgres -U $* template1 -c "\q" >/dev/null 2>&1) \
|
$(call exec,PGPASSWORD=$* psql -h postgres -U $* template1 -c "\q" >/dev/null 2>&1) \
|
||||||
|| $(call exec,$(RUN) PGPASSWORD=postgres psql -h postgres -U postgres -c "create user $* with createdb password '$*';")
|
|| $(call exec,$(RUN) PGPASSWORD=postgres psql -h postgres -U postgres -c "create user $* with createdb password '$*';")
|
||||||
$(call exec,PGPASSWORD=$* psql -h postgres -U $* -d $* -c "" >/dev/null 2>&1) \
|
$(call exec,PGPASSWORD=$* psql -h postgres -U $* -d $* -c "" >/dev/null 2>&1) \
|
||||||
|
|
|
@ -9,7 +9,7 @@ NFS_DISK ?= $(NFS_HOST):/$(notdir $(SHARED))
|
||||||
NFS_OPTIONS ?= rw,rsize=8192,wsize=8192,bg,hard,intr,nfsvers=3,noatime,nodiratime,actimeo=3
|
NFS_OPTIONS ?= rw,rsize=8192,wsize=8192,bg,hard,intr,nfsvers=3,noatime,nodiratime,actimeo=3
|
||||||
NFS_PATH ?= /dns/$(subst $(space),/,$(strip $(call reverse,$(subst ., ,$(NFS_HOST)))))$(subst ..,,$(SHARED))
|
NFS_PATH ?= /dns/$(subst $(space),/,$(strip $(call reverse,$(subst ., ,$(NFS_HOST)))))$(subst ..,,$(SHARED))
|
||||||
SHELL ?= /bin/sh
|
SHELL ?= /bin/sh
|
||||||
STACK ?= base
|
STACK ?= User
|
||||||
|
|
||||||
env ?= $(ENV)
|
env ?= $(ENV)
|
||||||
user ?= $(USER)
|
user ?= $(USER)
|
||||||
|
|
|
@ -1,7 +1,10 @@
|
||||||
|
ENV_VARS += SETUP_SYSCTL_CONFIG
|
||||||
|
SETUP_BINFMT ?= $(if $(filter-out amd64 x86_64,$(PROCESSOR_ARCHITECTURE)),true,false)
|
||||||
|
SETUP_BINFMT_ARCH ?= all
|
||||||
SETUP_NFSD ?= false
|
SETUP_NFSD ?= false
|
||||||
SETUP_NFSD_OSX_CONFIG ?= nfs.server.bonjour=0 nfs.server.mount.regular_files=1 nfs.server.mount.require_resv_port=0 nfs.server.nfsd_threads=16 nfs.server.async=1
|
SETUP_NFSD_OSX_CONFIG ?= nfs.server.bonjour=0 nfs.server.mount.regular_files=1 nfs.server.mount.require_resv_port=0 nfs.server.nfsd_threads=16 nfs.server.async=1
|
||||||
SETUP_SYSCTL ?= false
|
SETUP_SYSCTL ?= false
|
||||||
SETUP_SYSCTL_CONFIG ?= vm.max_map_count=262144 vm.overcommit_memory=1 fs.file-max=8388608 net.core.somaxconn=1024
|
SETUP_SYSCTL_CONFIG ?= vm.max_map_count=262144 vm.overcommit_memory=1 fs.file-max=8388608 net.core.rmem_max=2500000
|
||||||
|
|
||||||
define setup-nfsd-osx
|
define setup-nfsd-osx
|
||||||
$(call INFO,setup-nfsd-osx,$(1)$(comma) $(2)$(comma) $(3))
|
$(call INFO,setup-nfsd-osx,$(1)$(comma) $(2)$(comma) $(3))
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
##
|
||||||
|
# NODE
|
||||||
|
|
||||||
|
# target node-ssl-certs: Create ${DOMAIN}.key.pem and ${DOMAIN}.crt.pem files
|
||||||
|
.PHONY: node-ssl-certs
|
||||||
|
node-ssl-certs:
|
||||||
|
docker run --rm --mount source=$(COMPOSE_PROJECT_NAME_NODE)_ssl-certs,target=/certs alpine [ -f /certs/$(DOMAIN).crt.pem -a -f /certs/$(DOMAIN).key.pem ] \
|
||||||
|
|| $(RUN) docker run --rm -e DOMAIN=$(DOMAIN) --mount source=$(COMPOSE_PROJECT_NAME_NODE)_ssl-certs,target=/certs alpine sh -c "\
|
||||||
|
apk --no-cache add openssl \
|
||||||
|
&& { [ -f /certs/${DOMAIN}.key.pem ] || openssl genrsa -out /certs/${DOMAIN}.key.pem 2048; } \
|
||||||
|
&& openssl req -key /certs/${DOMAIN}.key.pem -out /certs/${DOMAIN}.crt.pem \
|
||||||
|
-addext extendedKeyUsage=serverAuth \
|
||||||
|
-addext subjectAltName=DNS:${DOMAIN} \
|
||||||
|
-subj \"/C=/ST=/L=/O=/CN=${DOMAIN}\" \
|
||||||
|
-x509 -days 365"
|
||||||
|
|
|
@ -27,5 +27,12 @@ endif
|
||||||
.PHONY: setup-sysctl
|
.PHONY: setup-sysctl
|
||||||
setup-sysctl:
|
setup-sysctl:
|
||||||
ifeq ($(SETUP_SYSCTL),true)
|
ifeq ($(SETUP_SYSCTL),true)
|
||||||
$(foreach config,$(SETUP_SYSCTL_CONFIG),$(call docker-run,sysctl -q -w $(config),--privileged alpine) &&) true
|
$(RUN) $(SUDO) sysctl -q -w $(SETUP_SYSCTL_CONFIG)
|
||||||
|
endif
|
||||||
|
|
||||||
|
# target setup-binfmt: Install binfmt abstraction layer
|
||||||
|
.PHONY: setup-binfmt
|
||||||
|
setup-binfmt:
|
||||||
|
ifeq ($(SETUP_BINFMT),true)
|
||||||
|
$(call docker-run,--install $(SETUP_BINFMT_ARCH),--privileged tonistiigi/binfmt)
|
||||||
endif
|
endif
|
||||||
|
|
|
@ -34,7 +34,7 @@ ssh-get-PrivateIpAddress-%: aws-ec2-get-instances-PrivateIpAddress-%;
|
||||||
|
|
||||||
# target ssh-key: Add ssh private key SSH_KEY to SSH_DIR
|
# target ssh-key: Add ssh private key SSH_KEY to SSH_DIR
|
||||||
.PHONY: ssh-key
|
.PHONY: ssh-key
|
||||||
ssh-key: $(if $(DOCKER_RUN),stack-base-up)
|
ssh-key: $(if $(DOCKER_RUN),stack-User-up)
|
||||||
ifneq (,$(filter true,$(DRONE)))
|
ifneq (,$(filter true,$(DRONE)))
|
||||||
$(call exec,sh -c '[ ! -d $(SSH_DIR) ] && mkdir -p $(SSH_DIR) && chown $(UID) $(SSH_DIR) && chmod 0700 $(SSH_DIR) ||:')
|
$(call exec,sh -c '[ ! -d $(SSH_DIR) ] && mkdir -p $(SSH_DIR) && chown $(UID) $(SSH_DIR) && chmod 0700 $(SSH_DIR) ||:')
|
||||||
endif
|
endif
|
||||||
|
@ -44,16 +44,3 @@ endif
|
||||||
.PHONY: ssh-run
|
.PHONY: ssh-run
|
||||||
ssh-run: ssh-get-PrivateIpAddress-$(SERVER_NAME)
|
ssh-run: ssh-get-PrivateIpAddress-$(SERVER_NAME)
|
||||||
$(call ssh-exec,$(AWS_INSTANCE_IP),make run $(if $(SERVICE),SERVICE=$(SERVICE)) $(if $(ARGS),ARGS='\''"$(ARGS)"'\''))
|
$(call ssh-exec,$(AWS_INSTANCE_IP),make run $(if $(SERVICE),SERVICE=$(SERVICE)) $(if $(ARGS),ARGS='\''"$(ARGS)"'\''))
|
||||||
|
|
||||||
# target ssl-certs: Create ${DOMAIN}.key.pem and ${DOMAIN}.crt.pem files
|
|
||||||
.PHONY: ssl-certs
|
|
||||||
ssl-certs:
|
|
||||||
docker run --rm --mount source=$(COMPOSE_PROJECT_NAME_NODE)_ssl-certs,target=/certs alpine [ -f /certs/$(DOMAIN).crt.pem -a -f /certs/$(DOMAIN).key.pem ] \
|
|
||||||
|| $(RUN) docker run --rm -e DOMAIN=$(DOMAIN) --mount source=$(COMPOSE_PROJECT_NAME_NODE)_ssl-certs,target=/certs alpine sh -c "\
|
|
||||||
apk --no-cache add openssl \
|
|
||||||
&& { [ -f /certs/${DOMAIN}.key.pem ] || openssl genrsa -out /certs/${DOMAIN}.key.pem 2048; } \
|
|
||||||
&& openssl req -key /certs/${DOMAIN}.key.pem -out /certs/${DOMAIN}.crt.pem \
|
|
||||||
-addext extendedKeyUsage=serverAuth \
|
|
||||||
-addext subjectAltName=DNS:${DOMAIN} \
|
|
||||||
-subj \"/C=/ST=/L=/O=/CN=${DOMAIN}\" \
|
|
||||||
-x509 -days 365"
|
|
||||||
|
|
|
@ -16,6 +16,6 @@ subrepo-push subrepos-push:
|
||||||
subrepo-tag-create-% subrepos-tag-create-%:
|
subrepo-tag-create-% subrepos-tag-create-%:
|
||||||
$(call make,subrepo-tag-create-$*,..,SUBREPO TAG)
|
$(call make,subrepo-tag-create-$*,..,SUBREPO TAG)
|
||||||
|
|
||||||
# target subrepo-update subrepos-update: Fire bootstrap-git git-stash subrepo-push git-unstash
|
# target subrepo-update subrepos-update: Fire bootstrap-app git-stash subrepo-push git-unstash
|
||||||
.PHONY: subrepo-update subrepos-update
|
.PHONY: subrepo-update subrepos-update
|
||||||
subrepo-update subrepos-update: bootstrap-git git-stash subrepo-push git-unstash
|
subrepo-update subrepos-update: bootstrap-app git-stash subrepo-push git-unstash
|
||||||
|
|
|
@ -4,17 +4,17 @@
|
||||||
# target $(APP): Call update-app
|
# target $(APP): Call update-app
|
||||||
.PHONY: $(APP)
|
.PHONY: $(APP)
|
||||||
$(APP): APP_DIR := $(RELATIVE)$(APP)
|
$(APP): APP_DIR := $(RELATIVE)$(APP)
|
||||||
$(APP): myos-base
|
$(APP): myos-user
|
||||||
$(call update-app)
|
$(call update-app)
|
||||||
|
|
||||||
# target install-app install-apps: Call install-app for each ARGS
|
# target install-app install-apps: Call install-app for each ARGS
|
||||||
.PHONY: install-app install-apps
|
.PHONY: install-app install-apps
|
||||||
install-app install-apps: myos-base install-app-required
|
install-app install-apps: myos-user install-app-required
|
||||||
$(foreach url,$(ARGS),$(call install-app,$(url)))
|
$(foreach url,$(ARGS),$(call install-app,$(url)))
|
||||||
|
|
||||||
# target install-app-required: Call install-app for each APP_REQUIRED
|
# target install-app-required: Call install-app for each APP_REQUIRED
|
||||||
.PHONY: install-app-required
|
.PHONY: install-app-required
|
||||||
install-app-required: myos-base
|
install-app-required: myos-user
|
||||||
$(foreach url,$(APP_REQUIRED),$(call install-app,$(url)))
|
$(foreach url,$(APP_REQUIRED),$(call install-app,$(url)))
|
||||||
|
|
||||||
# target install-bin-%; Call ansible-run-localhost when bin % is not available
|
# target install-bin-%; Call ansible-run-localhost when bin % is not available
|
||||||
|
@ -41,7 +41,7 @@ update-app-%: % ;
|
||||||
|
|
||||||
# target update-config: Update config files
|
# target update-config: Update config files
|
||||||
.PHONY: update-config
|
.PHONY: update-config
|
||||||
update-config: myos-base
|
update-config: myos-user
|
||||||
$(call update-app,$(CONFIG_REPOSITORY),$(CONFIG))
|
$(call update-app,$(CONFIG_REPOSITORY),$(CONFIG))
|
||||||
|
|
||||||
# target update-hosts: Update /etc/hosts
|
# target update-hosts: Update /etc/hosts
|
||||||
|
@ -60,17 +60,17 @@ endif
|
||||||
|
|
||||||
# target update-remote-%: fetch git remote %
|
# target update-remote-%: fetch git remote %
|
||||||
.PHONY: update-remote-%
|
.PHONY: update-remote-%
|
||||||
update-remote-%: myos-base
|
update-remote-%: myos-user
|
||||||
$(RUN) git fetch --prune --tags $*
|
$(RUN) git fetch --prune --tags $*
|
||||||
|
|
||||||
# target update-remotes: fetch all git remotes
|
# target update-remotes: fetch all git remotes
|
||||||
.PHONY: update-remotes
|
.PHONY: update-remotes
|
||||||
update-remotes: myos-base
|
update-remotes: myos-user
|
||||||
$(RUN) git fetch --all --prune --tags
|
$(RUN) git fetch --all --prune --tags
|
||||||
|
|
||||||
# target update-upstream: fetch git remote upstream
|
# target update-upstream: fetch git remote upstream
|
||||||
.PHONY: update-upstream
|
.PHONY: update-upstream
|
||||||
update-upstream: myos-base .git/refs/remotes/upstream/master
|
update-upstream: myos-user .git/refs/remotes/upstream/master
|
||||||
$(RUN) git fetch --prune --tags upstream
|
$(RUN) git fetch --prune --tags upstream
|
||||||
|
|
||||||
# target .git/refs/remotes/upstream/master: add git upstream APP_UPSTREAM_REPOSITORY
|
# target .git/refs/remotes/upstream/master: add git upstream APP_UPSTREAM_REPOSITORY
|
||||||
|
|
|
@ -1,18 +1,18 @@
|
||||||
COMPOSE_PROJECT_NAME_MYOS ?= $(USER_ENV)_myos
|
|
||||||
COMPOSE_PROJECT_NAME_NODE ?= node
|
COMPOSE_PROJECT_NAME_NODE ?= node
|
||||||
|
COMPOSE_PROJECT_NAME_USER ?= $(USER)_myos_$(ENV)
|
||||||
DOCKER_ENV_ARGS ?= $(docker_env_args)
|
DOCKER_ENV_ARGS ?= $(docker_env_args)
|
||||||
DOCKER_EXEC_OPTIONS ?=
|
DOCKER_EXEC_OPTIONS ?=
|
||||||
DOCKER_GID ?= $(call gid,docker)
|
DOCKER_GID ?= $(call gid,docker)
|
||||||
DOCKER_IMAGE ?= $(DOCKER_IMAGE_CLI)
|
DOCKER_IMAGE ?= $(DOCKER_IMAGE_CLI)
|
||||||
DOCKER_IMAGE_CLI ?= $(DOCKER_REPOSITORY_MYOS)/cli
|
DOCKER_IMAGE_CLI ?= $(DOCKER_REPOSITORY_USER)/cli
|
||||||
DOCKER_IMAGE_SSH ?= $(DOCKER_REPOSITORY_MYOS)/ssh
|
DOCKER_IMAGE_SSH ?= $(DOCKER_REPOSITORY_USER)/ssh
|
||||||
DOCKER_NAME ?= $(DOCKER_NAME_CLI)
|
DOCKER_NAME ?= $(DOCKER_NAME_CLI)
|
||||||
DOCKER_NAME_CLI ?= $(COMPOSE_PROJECT_NAME_MYOS)_cli
|
DOCKER_NAME_CLI ?= $(COMPOSE_PROJECT_NAME_USER)_cli
|
||||||
DOCKER_NAME_SSH ?= $(COMPOSE_PROJECT_NAME_MYOS)_ssh
|
DOCKER_NAME_SSH ?= $(COMPOSE_PROJECT_NAME_USER)_ssh
|
||||||
DOCKER_NETWORK ?= $(DOCKER_NETWORK_PRIVATE)
|
DOCKER_NETWORK ?= $(DOCKER_NETWORK_PRIVATE)
|
||||||
DOCKER_NETWORK_PRIVATE ?= $(USER_ENV)
|
DOCKER_NETWORK_PRIVATE ?= $(USER_ENV)
|
||||||
DOCKER_NETWORK_PUBLIC ?= node
|
DOCKER_NETWORK_PUBLIC ?= $(COMPOSE_PROJECT_NAME_NODE)
|
||||||
DOCKER_REPOSITORY_MYOS ?= $(subst _,/,$(COMPOSE_PROJECT_NAME_MYOS))
|
DOCKER_REPOSITORY_USER ?= $(subst _,/,$(COMPOSE_PROJECT_NAME_USER))
|
||||||
DOCKER_REPOSITORY_NODE ?= $(subst _,/,$(COMPOSE_PROJECT_NAME_NODE))
|
DOCKER_REPOSITORY_NODE ?= $(subst _,/,$(COMPOSE_PROJECT_NAME_NODE))
|
||||||
# DOCKER_RUN: if empty, run system command, else run it in a docker
|
# DOCKER_RUN: if empty, run system command, else run it in a docker
|
||||||
DOCKER_RUN ?= $(if $(filter-out false False FALSE,$(DOCKER)),$(DOCKER))
|
DOCKER_RUN ?= $(if $(filter-out false False FALSE,$(DOCKER)),$(DOCKER))
|
||||||
|
@ -21,8 +21,8 @@ DOCKER_RUN_OPTIONS += --rm -it
|
||||||
# DOCKER_RUN_VOLUME: options -v of `docker run` command to mount additionnal volumes
|
# DOCKER_RUN_VOLUME: options -v of `docker run` command to mount additionnal volumes
|
||||||
DOCKER_RUN_VOLUME += -v /var/run/docker.sock:/var/run/docker.sock
|
DOCKER_RUN_VOLUME += -v /var/run/docker.sock:/var/run/docker.sock
|
||||||
DOCKER_RUN_WORKDIR ?= -w $(PWD)
|
DOCKER_RUN_WORKDIR ?= -w $(PWD)
|
||||||
DOCKER_VOLUME_SSH ?= $(COMPOSE_PROJECT_NAME_MYOS)_ssh
|
DOCKER_VOLUME_SSH ?= $(COMPOSE_PROJECT_NAME_USER)_ssh
|
||||||
ENV_VARS += DOCKER_IMAGE_CLI DOCKER_IMAGE_SSH DOCKER_NAME_CLI DOCKER_NAME_SSH DOCKER_NETWORK_PRIVATE DOCKER_NETWORK_PUBLIC DOCKER_REPOSITORY_MYOS DOCKER_REPOSITORY_NODE DOCKER_VOLUME_SSH
|
ENV_VARS += DOCKER_IMAGE_CLI DOCKER_IMAGE_SSH DOCKER_NAME_CLI DOCKER_NAME_SSH DOCKER_NETWORK_PRIVATE DOCKER_NETWORK_PUBLIC DOCKER_REPOSITORY_USER DOCKER_REPOSITORY_NODE DOCKER_VOLUME_SSH
|
||||||
|
|
||||||
ifeq ($(DRONE), true)
|
ifeq ($(DRONE), true)
|
||||||
DOCKER_RUN_OPTIONS := --rm --network $(DOCKER_NETWORK)
|
DOCKER_RUN_OPTIONS := --rm --network $(DOCKER_NETWORK)
|
||||||
|
|
15
make/def.mk
15
make/def.mk
|
@ -53,7 +53,7 @@ ENV_ARGS ?= $(env_args)
|
||||||
ENV_FILE ?= $(wildcard $(CONFIG)/$(ENV)/$(APP)/.env .env)
|
ENV_FILE ?= $(wildcard $(CONFIG)/$(ENV)/$(APP)/.env .env)
|
||||||
ENV_LIST ?= $(shell ls .git/refs/heads/ 2>/dev/null)
|
ENV_LIST ?= $(shell ls .git/refs/heads/ 2>/dev/null)
|
||||||
ENV_RESET ?= false
|
ENV_RESET ?= false
|
||||||
ENV_VARS ?= APP BRANCH DOMAIN ENV HOSTNAME GID GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME MONOREPO MONOREPO_DIR TAG UID USER VERSION
|
ENV_VARS ?= APP BRANCH DOMAIN ENV HOSTNAME GID GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME MONOREPO MONOREPO_DIR OPERATING_SYSTEM PROCESSOR_ARCHITECTURE TAG UID USER VERSION
|
||||||
GID ?= $(shell id -g 2>/dev/null)
|
GID ?= $(shell id -g 2>/dev/null)
|
||||||
GIT_AUTHOR_EMAIL ?= $(or $(shell git config user.email 2>/dev/null),$(USER)@my.os)
|
GIT_AUTHOR_EMAIL ?= $(or $(shell git config user.email 2>/dev/null),$(USER)@my.os)
|
||||||
GIT_AUTHOR_NAME ?= $(or $(shell git config user.name 2>/dev/null),$(USER))
|
GIT_AUTHOR_NAME ?= $(or $(shell git config user.name 2>/dev/null),$(USER))
|
||||||
|
@ -69,7 +69,7 @@ GIT_VERSION ?= $(shell git describe --tags $(BRANCH) 2>/dev/
|
||||||
HOSTNAME ?= $(shell hostname 2>/dev/null |sed 's/\..*//')
|
HOSTNAME ?= $(shell hostname 2>/dev/null |sed 's/\..*//')
|
||||||
IGNORE_DRYRUN ?= false
|
IGNORE_DRYRUN ?= false
|
||||||
IGNORE_VERBOSE ?= false
|
IGNORE_VERBOSE ?= false
|
||||||
INSTALL ?= $(SUDO) $(subst &&,&& $(SUDO),$(INSTALL_CMD))
|
INSTALL ?= $(RUN) $(SUDO) $(subst &&,&& $(RUN) $(SUDO),$(INSTALL_CMD))
|
||||||
INSTALL_CMDS ?= APK_INSTALL APT_INSTALL
|
INSTALL_CMDS ?= APK_INSTALL APT_INSTALL
|
||||||
$(foreach cmd,$(INSTALL_CMDS),$(if $(CMD_$(cmd)),$(eval INSTALL_CMD ?= $(CMD_$(cmd)))))
|
$(foreach cmd,$(INSTALL_CMDS),$(if $(CMD_$(cmd)),$(eval INSTALL_CMD ?= $(CMD_$(cmd)))))
|
||||||
LOG_LEVEL ?= $(if $(DEBUG),debug,$(if $(VERBOSE),info,error))
|
LOG_LEVEL ?= $(if $(DEBUG),debug,$(if $(VERBOSE),info,error))
|
||||||
|
@ -82,7 +82,7 @@ MAKE_ENV_VARS ?= $(strip $(foreach var, $(filter-out .VARIABLE
|
||||||
MAKE_FILE_ARGS ?= $(foreach var,$(filter $(ENV_VARS),$(MAKE_FILE_VARS)),$(var)='$($(var))')
|
MAKE_FILE_ARGS ?= $(foreach var,$(filter $(ENV_VARS),$(MAKE_FILE_VARS)),$(var)='$($(var))')
|
||||||
MAKE_FILE_VARS ?= $(strip $(foreach var, $(filter-out .VARIABLES,$(.VARIABLES)), $(if $(filter file,$(origin $(var))),$(var))))
|
MAKE_FILE_VARS ?= $(strip $(foreach var, $(filter-out .VARIABLES,$(.VARIABLES)), $(if $(filter file,$(origin $(var))),$(var))))
|
||||||
MAKE_OLDFILE ?= $@
|
MAKE_OLDFILE ?= $@
|
||||||
MAKE_TARGETS ?= $(filter-out $(.VARIABLES),$(shell $(MAKE) -qp 2>/dev/null |awk -F':' '/^[a-zA-Z0-9][^$$\#\/\t=]*:([^=]|$$)/ {print $$1}' |sort -u))
|
MAKE_TARGETS ?= $(filter-out $(.VARIABLES),$(shell $(MAKE) -qp 2>/dev/null |awk -F':' '/^[a-zA-Z0-9][^$$#\/\t=]*:([^=]|$$)/ {print $$1}' |sort -u))
|
||||||
MAKE_UNIXTIME_START := $(shell date -u +'%s' 2>/dev/null)
|
MAKE_UNIXTIME_START := $(shell date -u +'%s' 2>/dev/null)
|
||||||
MAKE_UNIXTIME_CURRENT = $(shell date -u "+%s" 2>/dev/null)
|
MAKE_UNIXTIME_CURRENT = $(shell date -u "+%s" 2>/dev/null)
|
||||||
MAKE_VARS ?= ENV
|
MAKE_VARS ?= ENV
|
||||||
|
@ -126,13 +126,8 @@ OPERATING_SYSTEM := cygwin
|
||||||
else ifeq ($(OS),Windows_NT)
|
else ifeq ($(OS),Windows_NT)
|
||||||
OPERATING_SYSTEM := Windows_NT
|
OPERATING_SYSTEM := Windows_NT
|
||||||
else
|
else
|
||||||
UNAME_S := $(shell uname -s 2>/dev/null)
|
PROCESSOR_ARCHITECTURE := $(shell uname -m 2>/dev/null)
|
||||||
ifeq ($(UNAME_S),Linux)
|
OPERATING_SYSTEM := $(shell uname -s 2>/dev/null)
|
||||||
OPERATING_SYSTEM := Linux
|
|
||||||
endif
|
|
||||||
ifeq ($(UNAME_S),Darwin)
|
|
||||||
OPERATING_SYSTEM := Darwin
|
|
||||||
endif
|
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifeq ($(OPERATING_SYSTEM),Darwin)
|
ifeq ($(OPERATING_SYSTEM),Darwin)
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
# target .env-clean: Remove .env
|
# target .env-clean: Remove .env
|
||||||
.PHONY: .env-clean
|
.PHONY: .env-clean
|
||||||
.env-clean:
|
.env-clean:
|
||||||
rm -f .env || true
|
rm -i .env || true
|
||||||
|
|
||||||
# include .env file
|
# include .env file
|
||||||
-include .env
|
-include .env
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
|
|
||||||
# target subrepo-branch-delete: Delete branch $(BRANCH) on remote $(SUBREPO)
|
# target subrepo-branch-delete: Delete branch $(BRANCH) on remote $(SUBREPO)
|
||||||
.PHONY: subrepo-branch-delete
|
.PHONY: subrepo-branch-delete
|
||||||
subrepo-branch-delete: myos-base subrepo-check
|
subrepo-branch-delete: myos-user subrepo-check
|
||||||
ifneq ($(words $(BRANCH)),0)
|
ifneq ($(words $(BRANCH)),0)
|
||||||
[ $$(git ls-remote --heads $(REMOTE) $(BRANCH) 2>/dev/null |wc -l) -eq 1 ] \
|
[ $$(git ls-remote --heads $(REMOTE) $(BRANCH) 2>/dev/null |wc -l) -eq 1 ] \
|
||||||
&& $(RUN) git push $(REMOTE) :$(BRANCH)
|
&& $(RUN) git push $(REMOTE) :$(BRANCH)
|
||||||
|
@ -26,19 +26,19 @@ endif
|
||||||
## it gets child of parent commit : git rev-list --ancestry-path parent..HEAD |tail -n 1
|
## it gets child of parent commit : git rev-list --ancestry-path parent..HEAD |tail -n 1
|
||||||
## it compares child commit with our tree : git diff --quiet child -- subrepo
|
## it compares child commit with our tree : git diff --quiet child -- subrepo
|
||||||
.PHONY: subrepo-git-diff
|
.PHONY: subrepo-git-diff
|
||||||
subrepo-git-diff: myos-base subrepo-check
|
subrepo-git-diff: myos-user subrepo-check
|
||||||
$(eval IGNORE_DRYRUN := true)
|
$(eval IGNORE_DRYRUN := true)
|
||||||
$(eval DIFF = $(shell git diff --quiet $(shell git rev-list --ancestry-path $(shell awk '$$1 == "parent" {print $$3}' $(SUBREPO)/.gitrepo)..HEAD |tail -n 1) -- $(SUBREPO); printf '$$?\n') )
|
$(eval DIFF = $(shell git diff --quiet $(shell git rev-list --ancestry-path $(shell awk '$$1 == "parent" {print $$3}' $(SUBREPO)/.gitrepo)..HEAD |tail -n 1) -- $(SUBREPO); printf '$$?\n') )
|
||||||
$(eval IGNORE_DRYRUN := false)
|
$(eval IGNORE_DRYRUN := false)
|
||||||
|
|
||||||
# target subrepo-git-fetch: Fetch git remote
|
# target subrepo-git-fetch: Fetch git remote
|
||||||
.PHONY: subrepo-git-fetch
|
.PHONY: subrepo-git-fetch
|
||||||
subrepo-git-fetch: myos-base subrepo-check
|
subrepo-git-fetch: myos-user subrepo-check
|
||||||
$(RUN) git fetch --prune $(REMOTE)
|
$(RUN) git fetch --prune $(REMOTE)
|
||||||
|
|
||||||
# target subrepo-tag-create-%: Create tag TAG to reference branch REMOTE/%
|
# target subrepo-tag-create-%: Create tag TAG to reference branch REMOTE/%
|
||||||
.PHONY: subrepo-tag-create-%
|
.PHONY: subrepo-tag-create-%
|
||||||
subrepo-tag-create-%: myos-base subrepo-check subrepo-git-fetch
|
subrepo-tag-create-%: myos-user subrepo-check subrepo-git-fetch
|
||||||
ifneq ($(words $(TAG)),0)
|
ifneq ($(words $(TAG)),0)
|
||||||
[ $$(git ls-remote --tags $(REMOTE) $(TAG) |wc -l) -eq 0 ] \
|
[ $$(git ls-remote --tags $(REMOTE) $(TAG) |wc -l) -eq 0 ] \
|
||||||
|| $(call exec,$(RUN) git push $(REMOTE) :refs/tags/$(TAG))
|
|| $(call exec,$(RUN) git push $(REMOTE) :refs/tags/$(TAG))
|
||||||
|
@ -47,7 +47,7 @@ endif
|
||||||
|
|
||||||
# target subrepo-push: Push to subrepo
|
# target subrepo-push: Push to subrepo
|
||||||
.PHONY: subrepo-push
|
.PHONY: subrepo-push
|
||||||
subrepo-push: myos-base subrepo-check subrepo-git-fetch subrepo-git-diff
|
subrepo-push: myos-user subrepo-check subrepo-git-fetch subrepo-git-diff
|
||||||
# update .gitrepo only on master branch
|
# update .gitrepo only on master branch
|
||||||
ifeq ($(BRANCH),master)
|
ifeq ($(BRANCH),master)
|
||||||
$(eval UPDATE_SUBREPO_OPTIONS += -u)
|
$(eval UPDATE_SUBREPO_OPTIONS += -u)
|
||||||
|
@ -82,7 +82,7 @@ subrepos-tag-create-%: $(APPS) ;
|
||||||
|
|
||||||
# target subrepos-update: Fire APPS target and push updates to upstream
|
# target subrepos-update: Fire APPS target and push updates to upstream
|
||||||
.PHONY: subrepos-update
|
.PHONY: subrepos-update
|
||||||
subrepos-update: myos-base git-stash $(APPS) git-unstash ## Update subrepos
|
subrepos-update: myos-user git-stash $(APPS) git-unstash ## Update subrepos
|
||||||
$(RUN) git push upstream $(BRANCH)
|
$(RUN) git push upstream $(BRANCH)
|
||||||
|
|
||||||
# target subrepo-update-%: Call subrepo-update target in folder %
|
# target subrepo-update-%: Call subrepo-update target in folder %
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
# target user: Fire ssh-add
|
||||||
|
.PHONY: User user
|
||||||
|
User user: bootstrap-docker docker-network-create $(if $(DOCKER_RUN),stack-User-up) ssh-add
|
|
@ -1 +0,0 @@
|
||||||
SYSCTL_CONFIG=vm.max_map_count=262144 vm.overcommit_memory=1 fs.file-max=8388608 net.core.somaxconn=1024
|
|
|
@ -1,14 +0,0 @@
|
||||||
version: '3.6'
|
|
||||||
|
|
||||||
services:
|
|
||||||
sysctl:
|
|
||||||
command: sh -c 'sysctl -q -w ${SYSCTL_CONFIG} ||:'
|
|
||||||
image: alpine:latest
|
|
||||||
networks:
|
|
||||||
- private
|
|
||||||
privileged: true
|
|
||||||
|
|
||||||
networks:
|
|
||||||
private:
|
|
||||||
external: true
|
|
||||||
name: ${DOCKER_NETWORK_PRIVATE}
|
|
|
@ -1,3 +0,0 @@
|
||||||
# target base: Fire ssh-add
|
|
||||||
.PHONY: base
|
|
||||||
base: $(if $(DOCKER_RUN),bootstrap-docker docker-network-create stack-base-up) ssh-add
|
|
|
@ -17,9 +17,8 @@ services:
|
||||||
- DRONE_USER_CREATE=${DRONE_USER_CREATE}
|
- DRONE_USER_CREATE=${DRONE_USER_CREATE}
|
||||||
- DRONE_USER_FILTER=${DRONE_USER_FILTER}
|
- DRONE_USER_FILTER=${DRONE_USER_FILTER}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-drone-80
|
|
||||||
- SERVICE_80_CHECK_TCP=true
|
- SERVICE_80_CHECK_TCP=true
|
||||||
- SERVICE_80_CHECK_INITIAL_STATUS=passing
|
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-drone:80
|
||||||
- SERVICE_80_TAGS=${DRONE_SERVER_SERVICE_80_TAGS}
|
- SERVICE_80_TAGS=${DRONE_SERVER_SERVICE_80_TAGS}
|
||||||
- SERVICE_443_IGNORE=true
|
- SERVICE_443_IGNORE=true
|
||||||
networks:
|
networks:
|
||||||
|
|
|
@ -3,9 +3,9 @@ ELASTICSEARCH_PORT ?= 9200
|
||||||
ELASTICSEARCH_PROTOCOL ?= http
|
ELASTICSEARCH_PROTOCOL ?= http
|
||||||
ENV_VARS += ELASTICSEARCH_HOST ELASTICSEARCH_PASSWORD ELASTICSEARCH_PORT ELASTICSEARCH_PROTOCOL ELASTICSEARCH_USERNAME
|
ENV_VARS += ELASTICSEARCH_HOST ELASTICSEARCH_PASSWORD ELASTICSEARCH_PORT ELASTICSEARCH_PROTOCOL ELASTICSEARCH_USERNAME
|
||||||
|
|
||||||
elastic ?= elastic/curator elastic/elasticsearch elastic/kibana alpine/sysctl
|
elastic ?= elastic/curator elastic/elasticsearch elastic/kibana
|
||||||
|
|
||||||
# target elasticsearch-delete-%: delete elasticsearch index %
|
# target elasticsearch-delete-%: delete elasticsearch index %
|
||||||
.PHONY: elasticsearch-delete-%
|
.PHONY: elasticsearch-delete-%
|
||||||
elasticsearch-delete-%:
|
elasticsearch-delete-%:
|
||||||
docker ps |awk '$$NF ~ /myos_elasticsearch/' |sed 's/^.*:\([0-9]*\)->9200\/tcp.*$$/\1/' |while read port; do echo -e "DELETE /$* HTTP/1.0\n\n" |nc localhost $$port; done
|
docker ps |awk '$$NF ~ /myos_$(ENV)_elasticsearch/' |sed 's/^.*:\([0-9]*\)->9200\/tcp.*$$/\1/' |while read port; do echo -e "DELETE /$* HTTP/1.0\n\n" |nc localhost $$port; done
|
||||||
|
|
|
@ -11,7 +11,7 @@ services:
|
||||||
command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD} -E apm-server.register.ingest.pipeline.enabled=false
|
command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD} -E apm-server.register.ingest.pipeline.enabled=false
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_8200_CHECK_HTTP=/
|
- SERVICE_8200_CHECK_HTTP=/
|
||||||
- SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-oss-8200
|
- SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-oss:8200
|
||||||
- SERVICE_8200_TAGS=${APM_SERVER_SERVICE_8200_TAGS}
|
- SERVICE_8200_TAGS=${APM_SERVER_SERVICE_8200_TAGS}
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
|
|
|
@ -6,7 +6,7 @@ services:
|
||||||
command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD}
|
command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_8200_CHECK_HTTP=/
|
- SERVICE_8200_CHECK_HTTP=/
|
||||||
- SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-8200
|
- SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server:8200
|
||||||
- SERVICE_8200_TAGS=${APM_SERVER_SERVICE_8200_TAGS}
|
- SERVICE_8200_TAGS=${APM_SERVER_SERVICE_8200_TAGS}
|
||||||
networks:
|
networks:
|
||||||
private:
|
private:
|
||||||
|
|
|
@ -2,8 +2,6 @@ version: '3.6'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
elasticsearch:
|
elasticsearch:
|
||||||
depends_on:
|
|
||||||
- sysctl
|
|
||||||
environment:
|
environment:
|
||||||
- ES_JAVA_OPTS=-Xmx1024m -Xms1024m
|
- ES_JAVA_OPTS=-Xmx1024m -Xms1024m
|
||||||
- xpack.security.enabled=false
|
- xpack.security.enabled=false
|
||||||
|
@ -20,10 +18,10 @@ services:
|
||||||
- http.cors.allow-headers=X-Requested-With,X-Auth-Token,Content-Type,Content-Length
|
- http.cors.allow-headers=X-Requested-With,X-Auth-Token,Content-Type,Content-Length
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_9200_CHECK_HTTP=/
|
- SERVICE_9200_CHECK_HTTP=/
|
||||||
- SERVICE_9200_NAME=${COMPOSE_SERVICE_NAME}-elasticsearch-9200
|
- SERVICE_9200_NAME=${COMPOSE_SERVICE_NAME}-elasticsearch:9200
|
||||||
- SERVICE_9200_TAGS=${ELASTICSEARCH_SERVICE_9200_TAGS}
|
- SERVICE_9200_TAGS=${ELASTICSEARCH_SERVICE_9200_TAGS}
|
||||||
- SERVICE_9300_CHECK_TCP=true
|
- SERVICE_9300_CHECK_TCP=true
|
||||||
- SERVICE_9300_NAME=${COMPOSE_SERVICE_NAME}-elasticsearch-9300
|
- SERVICE_9300_NAME=${COMPOSE_SERVICE_NAME}-elasticsearch:9300
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
- public
|
- public
|
||||||
|
|
|
@ -4,7 +4,7 @@ services:
|
||||||
kibana-oss:
|
kibana-oss:
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_5601_CHECK_HTTP=/app/kibana
|
- SERVICE_5601_CHECK_HTTP=/app/kibana
|
||||||
- SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana-oss-5601
|
- SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana-oss:5601
|
||||||
- SERVICE_5601_TAGS=${KIBANA_SERVICE_5601_TAGS}
|
- SERVICE_5601_TAGS=${KIBANA_SERVICE_5601_TAGS}
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
|
|
|
@ -4,7 +4,7 @@ services:
|
||||||
kibana:
|
kibana:
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_5601_CHECK_HTTP=/app/kibana
|
- SERVICE_5601_CHECK_HTTP=/app/kibana
|
||||||
- SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana-5601
|
- SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana:5601
|
||||||
- SERVICE_5601_TAGS=${KIBANA_SERVICE_5601_TAGS}
|
- SERVICE_5601_TAGS=${KIBANA_SERVICE_5601_TAGS}
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
|
|
|
@ -16,9 +16,8 @@ services:
|
||||||
- GF_INSTALL_PLUGINS=grafana-clock-panel,grafana-simple-json-datasource
|
- GF_INSTALL_PLUGINS=grafana-clock-panel,grafana-simple-json-datasource
|
||||||
image: ${DOCKER_REPOSITORY}/grafana:${DOCKER_IMAGE_TAG}
|
image: ${DOCKER_REPOSITORY}/grafana:${DOCKER_IMAGE_TAG}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_3000_NAME=${COMPOSE_SERVICE_NAME}-grafana-3000
|
|
||||||
- SERVICE_3000_CHECK_TCP=true
|
- SERVICE_3000_CHECK_TCP=true
|
||||||
- SERVICE_3000_CHECK_INITIAL_STATUS=passing
|
- SERVICE_3000_NAME=${COMPOSE_SERVICE_NAME}-grafana:3000
|
||||||
- SERVICE_3000_TAGS=${GRAFANA_SERVICE_3000_TAGS}
|
- SERVICE_3000_TAGS=${GRAFANA_SERVICE_3000_TAGS}
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
|
|
|
@ -5,7 +5,7 @@ services:
|
||||||
image: memcached:alpine
|
image: memcached:alpine
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_11211_CHECK_TCP=true
|
- SERVICE_11211_CHECK_TCP=true
|
||||||
- SERVICE_11211_NAME=${COMPOSE_SERVICE_NAME}-memcached-11211
|
- SERVICE_11211_NAME=${COMPOSE_SERVICE_NAME}-memcached:11211
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
ports:
|
ports:
|
||||||
|
|
|
@ -5,8 +5,8 @@ services:
|
||||||
environment:
|
environment:
|
||||||
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
|
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
|
||||||
labels:
|
labels:
|
||||||
|
- SERVICE_3306_NAME=${COMPOSE_SERVICE_NAME}-mysql:3306
|
||||||
- SERVICE_CHECK_SCRIPT=docker-healthcheck $$SERVICE_IP
|
- SERVICE_CHECK_SCRIPT=docker-healthcheck $$SERVICE_IP
|
||||||
- SERVICE_3306_NAME=${COMPOSE_SERVICE_NAME}-mysql-3306
|
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
ports:
|
ports:
|
||||||
|
|
|
@ -5,9 +5,8 @@ services:
|
||||||
image: newrelic/php-daemon:latest
|
image: newrelic/php-daemon:latest
|
||||||
# command: "/usr/bin/newrelic-daemon --loglevel debug"
|
# command: "/usr/bin/newrelic-daemon --loglevel debug"
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_31339_NAME=${COMPOSE_SERVICE_NAME}-php-daemon-31339
|
|
||||||
- SERVICE_31339_CHECK_TCP=true
|
- SERVICE_31339_CHECK_TCP=true
|
||||||
- SERVICE_31339_CHECK_INITIAL_STATUS=passing
|
- SERVICE_31339_NAME=${COMPOSE_SERVICE_NAME}-php-daemon:31339
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
ports:
|
ports:
|
||||||
|
|
|
@ -5,9 +5,8 @@ services:
|
||||||
image: nginx:alpine
|
image: nginx:alpine
|
||||||
command: /bin/sh -c "grep autoindex /etc/nginx/conf.d/default.conf >/dev/null 2>&1 || sed -i 's|index index.html index.htm;|index index.html index.htm;\n autoindex on;|' /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
|
command: /bin/sh -c "grep autoindex /etc/nginx/conf.d/default.conf >/dev/null 2>&1 || sed -i 's|index index.html index.htm;|index index.html index.htm;\n autoindex on;|' /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-nginx-80
|
|
||||||
- SERVICE_80_CHECK_TCP=true
|
- SERVICE_80_CHECK_TCP=true
|
||||||
- SERVICE_80_CHECK_INITIAL_STATUS=passing
|
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-nginx:80
|
||||||
- SERVICE_80_TAGS=${STATIC_SERVICE_80_TAGS}
|
- SERVICE_80_TAGS=${STATIC_SERVICE_80_TAGS}
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET
|
ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET IPFS_PROFILE
|
||||||
|
|
||||||
# target node: Fire docker-network-create-% for DOCKER_NETWORK_PUBLIC ssl-certs stack-node-up
|
IPFS_PROFILE ?= $(if $(filter-out amd64 x86_64,$(PROCESSOR_ARCHITECTURE)),lowpower,server)
|
||||||
|
|
||||||
|
# target node: Fire docker-network-create-% for DOCKER_NETWORK_PUBLIC node-ssl-certs stack-node-up
|
||||||
.PHONY: node
|
.PHONY: node
|
||||||
node: bootstrap-docker docker-network-create-$(DOCKER_NETWORK_PUBLIC) ssl-certs stack-node-up
|
node: bootstrap-docker docker-network-create-$(DOCKER_NETWORK_PUBLIC) node-ssl-certs stack-node-up
|
||||||
|
|
|
@ -3,5 +3,6 @@ CONSUL_CONSUL_HTTP_TOKEN=01234567-89AB-CDEF-0123-456789ABCDEF
|
||||||
CONSUL_SERVICE_8500_TAGS=urlprefix-consul.${APP_DOMAIN}/
|
CONSUL_SERVICE_8500_TAGS=urlprefix-consul.${APP_DOMAIN}/
|
||||||
FABIO_CONSUL_HTTP_TOKEN=01234567-89AB-CDEF-0123-456789ABCDEF
|
FABIO_CONSUL_HTTP_TOKEN=01234567-89AB-CDEF-0123-456789ABCDEF
|
||||||
FABIO_SERVICE_9998_TAGS=urlprefix-fabio.${APP_DOMAIN}/
|
FABIO_SERVICE_9998_TAGS=urlprefix-fabio.${APP_DOMAIN}/
|
||||||
|
IPFS_SERVICE_8080_TAGS=urlprefix-ipfs.${APP_DOMAIN}/
|
||||||
PORTAINER_SERVICE_9000_TAGS=urlprefix-portainer.${APP_DOMAIN}/
|
PORTAINER_SERVICE_9000_TAGS=urlprefix-portainer.${APP_DOMAIN}/
|
||||||
REGISTRATOR_CONSUL_HTTP_TOKEN=01234567-89AB-CDEF-0123-456789ABCDEF
|
REGISTRATOR_CONSUL_HTTP_TOKEN=01234567-89AB-CDEF-0123-456789ABCDEF
|
||||||
|
|
|
@ -5,9 +5,8 @@ services:
|
||||||
image: google/cadvisor:latest
|
image: google/cadvisor:latest
|
||||||
hostname: ${HOSTNAME}
|
hostname: ${HOSTNAME}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_8080_NAME=${COMPOSE_SERVICE_NAME}-cadvisor-exporter-8080
|
|
||||||
- SERVICE_8080_CHECK_TCP=true
|
- SERVICE_8080_CHECK_TCP=true
|
||||||
- SERVICE_8080_CHECK_INITIAL_STATUS=passing
|
- SERVICE_8080_NAME=${COMPOSE_SERVICE_NAME}-cadvisor-exporter:8080
|
||||||
- SERVICE_8080_TAGS=${CADVISOR_SERVICE_EXPORTER_8080_TAGS}
|
- SERVICE_8080_TAGS=${CADVISOR_SERVICE_EXPORTER_8080_TAGS}
|
||||||
- SERVICE_9200_IGNORE=true
|
- SERVICE_9200_IGNORE=true
|
||||||
networks:
|
networks:
|
||||||
|
@ -29,9 +28,8 @@ services:
|
||||||
image: prom/node-exporter:latest
|
image: prom/node-exporter:latest
|
||||||
hostname: ${HOSTNAME}
|
hostname: ${HOSTNAME}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_9100_NAME=${COMPOSE_SERVICE_NAME}-node-exporter-9100
|
|
||||||
- SERVICE_9100_CHECK_TCP=true
|
- SERVICE_9100_CHECK_TCP=true
|
||||||
- SERVICE_9100_CHECK_INITIAL_STATUS=passing
|
- SERVICE_9100_NAME=${COMPOSE_SERVICE_NAME}-node-exporter:9100
|
||||||
- SERVICE_9100_TAGS=${SERVICE_NODE_EXPORTER_HTTP_TAGS}
|
- SERVICE_9100_TAGS=${SERVICE_NODE_EXPORTER_HTTP_TAGS}
|
||||||
networks:
|
networks:
|
||||||
- public
|
- public
|
||||||
|
|
|
@ -4,6 +4,7 @@ services:
|
||||||
consul:
|
consul:
|
||||||
build:
|
build:
|
||||||
args:
|
args:
|
||||||
|
- CONSUL_VERSION=1.11.1
|
||||||
- DOCKER_BUILD_DIR=docker/consul
|
- DOCKER_BUILD_DIR=docker/consul
|
||||||
context: ../..
|
context: ../..
|
||||||
dockerfile: docker/consul/Dockerfile
|
dockerfile: docker/consul/Dockerfile
|
||||||
|
@ -16,8 +17,9 @@ services:
|
||||||
, "enable_script_checks": true
|
, "enable_script_checks": true
|
||||||
, "acl": { "enabled": true
|
, "acl": { "enabled": true
|
||||||
, "default_policy": "deny"
|
, "default_policy": "deny"
|
||||||
|
, "down_policy": "extend-cache"
|
||||||
, "enable_token_persistence": true
|
, "enable_token_persistence": true
|
||||||
, "tokens": { "master": "$CONSUL_ACL_TOKENS_MASTER"
|
, "tokens": { "initial_management": "$CONSUL_ACL_TOKENS_MASTER"
|
||||||
, "agent": "$CONSUL_CONSUL_HTTP_TOKEN"
|
, "agent": "$CONSUL_CONSUL_HTTP_TOKEN"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -27,18 +29,28 @@ services:
|
||||||
- SERVICE_8300_IGNORE=true
|
- SERVICE_8300_IGNORE=true
|
||||||
- SERVICE_8301_IGNORE=true
|
- SERVICE_8301_IGNORE=true
|
||||||
- SERVICE_8302_IGNORE=true
|
- SERVICE_8302_IGNORE=true
|
||||||
- SERVICE_8500_CHECK_HTTP=/ui
|
- SERVICE_8500_CHECK_HTTP=/v1/health/service/consul
|
||||||
- SERVICE_8500_NAME=${COMPOSE_SERVICE_NAME}-consul-8500
|
- SERVICE_8500_NAME=${COMPOSE_SERVICE_NAME}-consul:8500
|
||||||
- SERVICE_8500_TAGS=${CONSUL_SERVICE_8500_TAGS}
|
- SERVICE_8500_TAGS=${CONSUL_SERVICE_8500_TAGS}
|
||||||
- SERVICE_8600_IGNORE=true
|
- SERVICE_8600_IGNORE=true
|
||||||
- SERVICE_ADDRESS=${DOCKER_HOST_INET}
|
- SERVICE_ADDRESS=${DOCKER_HOST_INET}
|
||||||
|
- SERVICE_CHECK_SCRIPT=docker-healthcheck ${DOCKER_HOST_INET}
|
||||||
network_mode: host
|
network_mode: host
|
||||||
restart: always
|
restart: always
|
||||||
volumes:
|
volumes:
|
||||||
- consul:/consul/data
|
- consul:/consul/data
|
||||||
|
- ssl-certs:/certs
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
fabio:
|
fabio:
|
||||||
image: fabiolb/fabio:latest
|
build:
|
||||||
|
args:
|
||||||
|
- DOCKER_BUILD_DIR=docker/fabio
|
||||||
|
- FABIO_VERSION=1.6.0
|
||||||
|
- OPERATING_SYSTEM=${OPERATING_SYSTEM}
|
||||||
|
- PROCESSOR_ARCHITECTURE=${PROCESSOR_ARCHITECTURE}
|
||||||
|
context: ../..
|
||||||
|
dockerfile: docker/fabio/Dockerfile
|
||||||
|
image: ${DOCKER_REPOSITORY_NODE}/fabio:${DOCKER_IMAGE_TAG}
|
||||||
command: -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "$FABIO_CONSUL_HTTP_TOKEN" -proxy.addr ":80,:443;cs=local" -proxy.cs "cs=local;type=file;cert=/certs/${DOMAIN}.crt.pem;key=/certs/${DOMAIN}.key.pem"
|
command: -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "$FABIO_CONSUL_HTTP_TOKEN" -proxy.addr ":80,:443;cs=local" -proxy.cs "cs=local;type=file;cert=/certs/${DOMAIN}.crt.pem;key=/certs/${DOMAIN}.key.pem"
|
||||||
depends_on:
|
depends_on:
|
||||||
- consul
|
- consul
|
||||||
|
@ -47,38 +59,54 @@ services:
|
||||||
hostname: ${HOSTNAME}
|
hostname: ${HOSTNAME}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_80_CHECK_TCP=true
|
- SERVICE_80_CHECK_TCP=true
|
||||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-fabio-80
|
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-fabio:80
|
||||||
- SERVICE_443_CHECK_TCP=true
|
- SERVICE_443_CHECK_TCP=true
|
||||||
- SERVICE_443_NAME=${COMPOSE_SERVICE_NAME}-fabio-443
|
- SERVICE_443_NAME=${COMPOSE_SERVICE_NAME}-fabio:443
|
||||||
- SERVICE_9998_CHECK_TCP=true
|
- SERVICE_9998_CHECK_HTTP=/routes
|
||||||
- SERVICE_9998_NAME=${COMPOSE_SERVICE_NAME}-fabio-9998
|
- SERVICE_9998_NAME=${COMPOSE_SERVICE_NAME}-fabio:9998
|
||||||
- SERVICE_9998_TAGS=${FABIO_SERVICE_9998_TAGS}
|
- SERVICE_9998_TAGS=${FABIO_SERVICE_9998_TAGS}
|
||||||
- SERVICE_9999_IGNORE=true
|
- SERVICE_9999_IGNORE=true
|
||||||
ports:
|
ports:
|
||||||
- 80:80
|
- 80:80/tcp
|
||||||
- 443:443
|
- 443:443/tcp
|
||||||
- 9998
|
- 9998/tcp
|
||||||
networks:
|
networks:
|
||||||
- public
|
- public
|
||||||
restart: always
|
restart: always
|
||||||
volumes:
|
volumes:
|
||||||
- ssl-certs:/certs
|
- ssl-certs:/certs
|
||||||
portainer:
|
ipfs:
|
||||||
image: portainer/portainer:latest
|
build:
|
||||||
|
args:
|
||||||
|
- DOCKER_BUILD_DIR=docker/ipfs
|
||||||
|
- IPFS_VERSION=0.13.0-rc1
|
||||||
|
context: ../..
|
||||||
|
dockerfile: docker/ipfs/Dockerfile
|
||||||
|
image: ${DOCKER_REPOSITORY_NODE}/ipfs:${DOCKER_IMAGE_TAG}
|
||||||
|
environment:
|
||||||
|
- IPFS_PROFILE=${IPFS_PROFILE}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_8000_IGNORE=true
|
- SERVICE_4001_CHECK_TCP=true
|
||||||
- SERVICE_9000_CHECK_HTTP=/
|
- SERVICE_4001_NAME=${COMPOSE_SERVICE_NAME}-ipfs:4001
|
||||||
- SERVICE_9000_NAME=${COMPOSE_SERVICE_NAME}-portainer-9000
|
- SERVICE_5001_CHECK_TCP=true
|
||||||
- SERVICE_9000_TAGS=${PORTAINER_SERVICE_9000_TAGS}
|
- SERVICE_5001_NAME=${COMPOSE_SERVICE_NAME}-ipfs:5001
|
||||||
|
- SERVICE_8080_CHECK_HTTP=/ipfs/QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme
|
||||||
|
- SERVICE_8080_NAME=${COMPOSE_SERVICE_NAME}-ipfs:8080
|
||||||
|
- SERVICE_8080_TAGS=${IPFS_SERVICE_8080_TAGS}
|
||||||
|
- SERVICE_8081_IGNORE=true
|
||||||
networks:
|
networks:
|
||||||
- public
|
- public
|
||||||
ports:
|
ports:
|
||||||
- 8000
|
- 4001:4001
|
||||||
- 9000
|
- 5001/tcp
|
||||||
restart: always
|
- 8080/tcp
|
||||||
|
ulimits:
|
||||||
|
nofile:
|
||||||
|
soft: 65536
|
||||||
|
hard: 65536
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- ipfs:/data/ipfs
|
||||||
- portainer:/data
|
restart: always
|
||||||
registrator:
|
registrator:
|
||||||
build:
|
build:
|
||||||
args:
|
args:
|
||||||
|
@ -88,7 +116,7 @@ services:
|
||||||
context: ../..
|
context: ../..
|
||||||
dockerfile: docker/registrator/Dockerfile
|
dockerfile: docker/registrator/Dockerfile
|
||||||
image: ${DOCKER_REPOSITORY_NODE}/registrator:${DOCKER_IMAGE_TAG}
|
image: ${DOCKER_REPOSITORY_NODE}/registrator:${DOCKER_IMAGE_TAG}
|
||||||
command: -internal -cleanup -deregister always -resync=30 -useIpFromNetwork node -useIpFromLabel SERVICE_ADDRESS consul://consul:8500
|
command: -internal -cleanup -deregister always -resync=30 -useIpFromNetwork "${DOCKER_NETWORK_PUBLIC}" -useIpFromLabel SERVICE_ADDRESS consul://consul:8500
|
||||||
depends_on:
|
depends_on:
|
||||||
- consul
|
- consul
|
||||||
environment:
|
environment:
|
||||||
|
@ -103,7 +131,7 @@ services:
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
consul:
|
consul:
|
||||||
portainer:
|
ipfs:
|
||||||
ssl-certs:
|
ssl-certs:
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
|
|
|
@ -25,12 +25,10 @@ services:
|
||||||
- PASV_MIN_PORT=${VSFTPD_S3_PASV_MIN_PORT}
|
- PASV_MIN_PORT=${VSFTPD_S3_PASV_MIN_PORT}
|
||||||
image: ${DOCKER_REPOSITORY}/vsftpd-s3:${DOCKER_IMAGE_TAG}
|
image: ${DOCKER_REPOSITORY}/vsftpd-s3:${DOCKER_IMAGE_TAG}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_21_NAME=${COMPOSE_SERVICE_NAME}-vsftpd-s3-21
|
|
||||||
- SERVICE_21_CHECK_TCP=true
|
- SERVICE_21_CHECK_TCP=true
|
||||||
- SERVICE_21_CHECK_INITIAL_STATUS=passing
|
- SERVICE_21_NAME=${COMPOSE_SERVICE_NAME}-vsftpd-s3:21
|
||||||
- SERVICE_22_NAME=${COMPOSE_SERVICE_NAME}-vsftpd-s3-22
|
|
||||||
- SERVICE_22_CHECK_TCP=true
|
- SERVICE_22_CHECK_TCP=true
|
||||||
- SERVICE_22_CHECK_INITIAL_STATUS=passing
|
- SERVICE_22_NAME=${COMPOSE_SERVICE_NAME}-vsftpd-s3:22
|
||||||
- SERVICE_65000_IGNORE=true
|
- SERVICE_65000_IGNORE=true
|
||||||
hostname: ${HOSTNAME}
|
hostname: ${HOSTNAME}
|
||||||
security_opt:
|
security_opt:
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
version: '3.6'
|
||||||
|
|
||||||
|
services:
|
||||||
|
portainer:
|
||||||
|
image: portainer/portainer:latest
|
||||||
|
labels:
|
||||||
|
- SERVICE_8000_IGNORE=true
|
||||||
|
- SERVICE_9000_CHECK_HTTP=/
|
||||||
|
- SERVICE_9000_NAME=${COMPOSE_SERVICE_NAME}-portainer:9000
|
||||||
|
- SERVICE_9000_TAGS=${PORTAINER_SERVICE_9000_TAGS}
|
||||||
|
networks:
|
||||||
|
- public
|
||||||
|
ports:
|
||||||
|
- 8000
|
||||||
|
- 9000
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
- portainer:/data
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
portainer:
|
||||||
|
|
||||||
|
networks:
|
||||||
|
public:
|
||||||
|
external: true
|
||||||
|
name: ${DOCKER_NETWORK_PUBLIC}
|
|
@ -7,7 +7,8 @@ services:
|
||||||
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
||||||
- POSTGRES_USER=${POSTGRES_USER}
|
- POSTGRES_USER=${POSTGRES_USER}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_5432_NAME=${COMPOSE_SERVICE_NAME}-postgres-5432
|
- SERVICE_5432_CHECK_TCP=true
|
||||||
|
- SERVICE_5432_NAME=${COMPOSE_SERVICE_NAME}-postgres:5432
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
ports:
|
ports:
|
||||||
|
|
|
@ -10,9 +10,8 @@ services:
|
||||||
dockerfile: docker/prometheus/alertmanager/Dockerfile
|
dockerfile: docker/prometheus/alertmanager/Dockerfile
|
||||||
image: ${DOCKER_REPOSITORY}/alertmanager:${DOCKER_IMAGE_TAG}
|
image: ${DOCKER_REPOSITORY}/alertmanager:${DOCKER_IMAGE_TAG}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_9093_NAME=${COMPOSE_SERVICE_NAME}-alertmanager-9093
|
|
||||||
- SERVICE_9093_CHECK_TCP=true
|
- SERVICE_9093_CHECK_TCP=true
|
||||||
- SERVICE_9093_CHECK_INITIAL_STATUS=passing
|
- SERVICE_9093_NAME=${COMPOSE_SERVICE_NAME}-alertmanager:9093
|
||||||
- SERVICE_9093_TAGS=${ALERTMANAGER_SERVICE_9093_TAGS}
|
- SERVICE_9093_TAGS=${ALERTMANAGER_SERVICE_9093_TAGS}
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
|
|
|
@ -9,9 +9,8 @@ services:
|
||||||
dockerfile: docker/prometheus/blackbox-exporter/Dockerfile
|
dockerfile: docker/prometheus/blackbox-exporter/Dockerfile
|
||||||
image: ${DOCKER_REPOSITORY}/blackbox:${DOCKER_IMAGE_TAG}
|
image: ${DOCKER_REPOSITORY}/blackbox:${DOCKER_IMAGE_TAG}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_9115_NAME=${COMPOSE_SERVICE_NAME}-blackbox-9115
|
|
||||||
- SERVICE_9115_CHECK_TCP=true
|
- SERVICE_9115_CHECK_TCP=true
|
||||||
- SERVICE_9115_CHECK_INITIAL_STATUS=passing
|
- SERVICE_9115_NAME=${COMPOSE_SERVICE_NAME}-blackbox:9115
|
||||||
- SERVICE_9115_TAGS=${BLACKBOX_SERVICE_9115_TAGS}
|
- SERVICE_9115_TAGS=${BLACKBOX_SERVICE_9115_TAGS}
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
|
|
|
@ -10,9 +10,8 @@ services:
|
||||||
command: -e ${ES_EXPORTER_ELASTICSEARCH_URL}
|
command: -e ${ES_EXPORTER_ELASTICSEARCH_URL}
|
||||||
image: ${DOCKER_REPOSITORY}/es-exporter:${DOCKER_IMAGE_TAG}
|
image: ${DOCKER_REPOSITORY}/es-exporter:${DOCKER_IMAGE_TAG}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_9206_NAME=${COMPOSE_SERVICE_NAME}-es-exporter-9206
|
|
||||||
- SERVICE_9206_CHECK_TCP=true
|
- SERVICE_9206_CHECK_TCP=true
|
||||||
- SERVICE_9206_CHECK_INITIAL_STATUS=passing
|
- SERVICE_9206_NAME=${COMPOSE_SERVICE_NAME}-es-exporter:9206
|
||||||
- SERVICE_9206_TAGS=${ES_EXPORTER_SERVICE_9206_TAGS}
|
- SERVICE_9206_TAGS=${ES_EXPORTER_SERVICE_9206_TAGS}
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
|
|
|
@ -11,9 +11,8 @@ services:
|
||||||
dockerfile: docker/prometheus/prometheus/Dockerfile
|
dockerfile: docker/prometheus/prometheus/Dockerfile
|
||||||
image: ${DOCKER_REPOSITORY}/prometheus:${DOCKER_IMAGE_TAG}
|
image: ${DOCKER_REPOSITORY}/prometheus:${DOCKER_IMAGE_TAG}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_9090_NAME=${COMPOSE_SERVICE_NAME}-prometheus-9090
|
|
||||||
- SERVICE_9090_CHECK_TCP=true
|
- SERVICE_9090_CHECK_TCP=true
|
||||||
- SERVICE_9090_CHECK_INITIAL_STATUS=passing
|
- SERVICE_9090_NAME=${COMPOSE_SERVICE_NAME}-prometheus:9090
|
||||||
- SERVICE_9090_TAGS=${PROMETHEUS_SERVICE_9090_TAGS}
|
- SERVICE_9090_TAGS=${PROMETHEUS_SERVICE_9090_TAGS}
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
|
|
|
@ -7,10 +7,10 @@ services:
|
||||||
- SERVICE_4369_IGNORE=true
|
- SERVICE_4369_IGNORE=true
|
||||||
- SERVICE_5671_IGNORE=true
|
- SERVICE_5671_IGNORE=true
|
||||||
- SERVICE_5672_CHECK_TCP=true
|
- SERVICE_5672_CHECK_TCP=true
|
||||||
- SERVICE_5672_NAME=${COMPOSE_SERVICE_NAME}-rabbitmq-5672
|
- SERVICE_5672_NAME=${COMPOSE_SERVICE_NAME}-rabbitmq:5672
|
||||||
- SERVICE_15671_IGNORE=true
|
- SERVICE_15671_IGNORE=true
|
||||||
- SERVICE_15672_CHECK_HTTP=/
|
- SERVICE_15672_CHECK_HTTP=/
|
||||||
- SERVICE_15672_NAME=${COMPOSE_SERVICE_NAME}-rabbitmq-15672
|
- SERVICE_15672_NAME=${COMPOSE_SERVICE_NAME}-rabbitmq:15672
|
||||||
- SERVICE_15672_TAGS=${RABBITMQ_SERVICE_15672_TAGS}
|
- SERVICE_15672_TAGS=${RABBITMQ_SERVICE_15672_TAGS}
|
||||||
- SERVICE_25672_IGNORE=true
|
- SERVICE_25672_IGNORE=true
|
||||||
networks:
|
networks:
|
||||||
|
|
|
@ -2,13 +2,11 @@ version: '3.6'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
redis:
|
redis:
|
||||||
depends_on:
|
|
||||||
- sysctl
|
|
||||||
image: redis:alpine
|
image: redis:alpine
|
||||||
command: redis-server --appendonly yes
|
command: redis-server --appendonly yes
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_6379_CHECK_TCP=true
|
- SERVICE_6379_CHECK_TCP=true
|
||||||
- SERVICE_6379_NAME=${COMPOSE_SERVICE_NAME}-redis-6379
|
- SERVICE_6379_NAME=${COMPOSE_SERVICE_NAME}-redis:6379
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
ports:
|
ports:
|
||||||
|
|
|
@ -22,9 +22,8 @@ services:
|
||||||
- SMTP_PASS=${REDMINE_SMTP_PASS}
|
- SMTP_PASS=${REDMINE_SMTP_PASS}
|
||||||
- TZ=Europe/Paris
|
- TZ=Europe/Paris
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine-80
|
|
||||||
- SERVICE_80_CHECK_TCP=true
|
- SERVICE_80_CHECK_TCP=true
|
||||||
- SERVICE_80_CHECK_INITIAL_STATUS=passing
|
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine:80
|
||||||
- SERVICE_80_TAGS=${REDMINE_SERVICE_80_TAGS}
|
- SERVICE_80_TAGS=${REDMINE_SERVICE_80_TAGS}
|
||||||
- SERVICE_443_IGNORE=true
|
- SERVICE_443_IGNORE=true
|
||||||
networks:
|
networks:
|
||||||
|
|
|
@ -15,9 +15,8 @@ services:
|
||||||
- SMTP_PASS=${REDMINE3_SMTP_PASS}
|
- SMTP_PASS=${REDMINE3_SMTP_PASS}
|
||||||
- TZ=Europe/Paris
|
- TZ=Europe/Paris
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine3-80
|
|
||||||
- SERVICE_80_CHECK_TCP=true
|
- SERVICE_80_CHECK_TCP=true
|
||||||
- SERVICE_80_CHECK_INITIAL_STATUS=passing
|
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine3:80
|
||||||
- SERVICE_80_TAGS=${REDMINE3_SERVICE_80_TAGS}
|
- SERVICE_80_TAGS=${REDMINE3_SERVICE_80_TAGS}
|
||||||
- SERVICE_443_IGNORE=true
|
- SERVICE_443_IGNORE=true
|
||||||
networks:
|
networks:
|
||||||
|
|
|
@ -22,9 +22,8 @@ services:
|
||||||
- WORKSPACE_DIR=/Sources/${MONOREPO}
|
- WORKSPACE_DIR=/Sources/${MONOREPO}
|
||||||
image: ${DOCKER_REPOSITORY}/theia:${DOCKER_IMAGE_TAG}
|
image: ${DOCKER_REPOSITORY}/theia:${DOCKER_IMAGE_TAG}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_3000_NAME=${COMPOSE_SERVICE_NAME}-theia-3000
|
|
||||||
- SERVICE_3000_CHECK_TCP=true
|
- SERVICE_3000_CHECK_TCP=true
|
||||||
- SERVICE_3000_CHECK_INITIAL_STATUS=passing
|
- SERVICE_3000_NAME=${COMPOSE_SERVICE_NAME}-theia:3000
|
||||||
- SERVICE_3000_TAGS=${THEIA_SERVICE_3000_TAGS}
|
- SERVICE_3000_TAGS=${THEIA_SERVICE_3000_TAGS}
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
|
|
Loading…
Reference in New Issue