From 417adbf9efe4b30990086e136532dbe0d903ba3f Mon Sep 17 00:00:00 2001 From: hyung-hwan Date: Mon, 31 Oct 2022 00:40:09 +0900 Subject: [PATCH] updated docker stack files --- docker-stack/Makefile | 85 ++++++++++++++++------- docker-stack/cadvisor.yml | 6 +- docker-stack/codepot.yml | 6 +- docker-stack/coder.yml | 66 ++++++++++++++++++ docker-stack/drone-runner.yml | 6 +- docker-stack/drone.yml | 8 +-- docker-stack/gitea.yml | 8 +-- docker-stack/grafana.yml | 6 +- docker-stack/prometheus-node-exporter.yml | 6 +- docker-stack/prometheus.conf.yml | 21 ++++-- docker-stack/prometheus.yml | 12 ++-- docker-stack/traefik.yml | 6 +- 12 files changed, 172 insertions(+), 64 deletions(-) create mode 100644 docker-stack/coder.yml diff --git a/docker-stack/Makefile b/docker-stack/Makefile index 5f81996..df759bf 100644 --- a/docker-stack/Makefile +++ b/docker-stack/Makefile @@ -1,4 +1,5 @@ -DATA_ROOT := /home/gfs-data +D1_ROOT := /home/gfs-data +D2_ROOT := /media/seagate-1000 all: @echo "ERROR: Be specific with one or more targets" @@ -10,62 +11,98 @@ push: docker tag alpine:prom-proc-net docker.io/hyunghwan/alpine:prom-proc-net docker push docker.io/hyunghwan/alpine:prom-proc-net +#------------------------------------------------ + init-traefik-data: - mkdir -p "$(DATA_ROOT)/traefik" - cp traefik-cert.yml "$(DATA_ROOT)/traefik" - cp /etc/letsencrypt/live/miflux.com/fullchain.pem "$(DATA_ROOT)/traefik/miflux.crt" - cp /etc/letsencrypt/live/miflux.com/privkey.pem "$(DATA_ROOT)/traefik/miflux.key" + [ -d "$(D1_ROOT)/traefik" ] || mkdir "$(D1_ROOT)/traefik" + cp traefik-cert.yml "$(D1_ROOT)/traefik" + cp -f /etc/letsencrypt/live/miflux.com/fullchain.pem "$(D1_ROOT)/traefik/miflux.crt" + cp -f /etc/letsencrypt/live/miflux.com/privkey.pem "$(D1_ROOT)/traefik/miflux.key" + +init-coder-data: + [ -d "$(D1_ROOT)/coder" ] || { mkdir "$(D1_ROOT)/coder"; chown 1000:1000 "$(D1_ROOT)/coder"; } + [ -d "$(D1_ROOT)/coder/data" ] || { mkdir "$(D1_ROOT)/coder/data"; chown 1000:1000 "$(D1_ROOT)/coder/data"; } + [ -d "$(D1_ROOT)/coder/templates" ] || { mkdir "$(D1_ROOT)/coder/templates"; chown 1000:1000 "$(D1_ROOT)/coder/templates"; } + [ -d "$(D1_ROOT)/coder/workspace" ] || { mkdir "$(D1_ROOT)/coder/workspace"; chown 1000:1000 "$(D1_ROOT)/coder/workspace"; } + + +init-gitea-data: + [ -d "$(D1_ROOT)/gitea" ] || mkdir "$(D1_ROOT)/gitea" init-prometheus-data: - mkdir -p "$(DATA_ROOT)/prometheus/etc" - mkdir -p "$(DATA_ROOT)/prometheus/data" - chown 65534:65534 "$(DATA_ROOT)/prometheus/data" - cp prometheus.conf.yml "$(DATA_ROOT)/prometheus/etc/prometheus.yml" + [ -d "$(D1_ROOT)/prometheus" ] || mkdir "$(D1_ROOT)/prometheus" + [ -d "$(D1_ROOT)/prometheus/etc" ] || mkdir "$(D1_ROOT)/prometheus/etc" + [ -d "$(D1_ROOT)/prometheus/data" ] || mkdir "$(D1_ROOT)/prometheus/data" + chown 65534:65534 "$(D1_ROOT)/prometheus/data" + cp -f prometheus.conf.yml "$(D1_ROOT)/prometheus/etc/prometheus.yml" + ##cp -f prometheus.alert.rules.yml "$(D1_ROOT)/prometheus/etc/alert.rules.yml" + +init-nextcloud-data: + [ -d "$(D2_ROOT)/nextcloud" ] || mkdir "$(D2_ROOT)/nextcloud" + +init-onlyoffice-data: + [ -d "$(D2_ROOT)/onlyoffice" ] || mkdir "$(D2_ROOT)/onlyoffice" + [ -d "$(D2_ROOT)/onlyoffice/data" ] || mkdir "$(D2_ROOT)/onlyoffice/data" + [ -d "$(D2_ROOT)/onlyoffice/logs" ] || mkdir "$(D2_ROOT)/onlyoffice/logs" + +#------------------------------------------------ +network-up-coder: + docker network ls | grep -q coder-network || docker network create --driver overlay --attachable coder-network + +network-down-coder: + docker network rm coder-network network-up-drone: - docker network create --driver overlay --attachable drone-network + docker network ls | grep -q drone-network || docker network create --driver overlay --attachable drone-network network-down-drone: docker network rm drone-network network-up-prometheus: - docker network create --driver overlay --attachable prometheus-network + docker network ls | grep -q prometheus-network || docker network create --driver overlay --attachable prometheus-network network-down-prometheus: docker network rm prometheus-network network-up-traefik: - docker network create --driver overlay --attachable traefik-network + docker network ls | grep -q traefik-network || docker network create --driver overlay --attachable traefik-network network-down-traefik: docker network rm traefik-network -stack-up-traefik: +#------------------------------------------------ + +stack-up-traefik: network-up-traefik init-traefik-data docker stack deploy --compose-file traefik.yml traefik-stack stack-down-traefik: docker stack rm traefik-stack - -stack-up-codepot: +stack-up-codepot: network-up-traefik docker stack deploy --compose-file codepot.yml codepot-stack stack-down-codepot: docker stack rm codepot-stack -stack-up-gitea: +stack-up-coder: network-up-traefik network-up-coder init-coder-data + docker stack deploy --compose-file coder.yml coder-stack + +stack-down-coder: + docker stack rm coder-stack + +stack-up-gitea: network-up-traefik init-gitea-data docker stack deploy --compose-file gitea.yml gitea-stack stack-down-gitea: docker stack rm gitea-stack -stack-up-drone: +stack-up-drone: network-up-traefik network-up-drone docker stack deploy --compose-file drone.yml drone-stack stack-down-drone: docker stack rm drone-stack -stack-up-drone-runner: +stack-up-drone-runner: network-up-drone docker stack deploy --compose-file drone-runner.yml drone-runner-stack stack-down-drone-runner: @@ -84,13 +121,13 @@ stack-up-cadvisor: stack-down-cadvisor: docker stack rm cadvisor-stack -stack-up-prometheus-node-exporter: +stack-up-prometheus-node-exporter: network-up-prometheus docker stack deploy --compose-file prometheus-node-exporter.yml prometheus-node-exporter-stack stack-down-prometheus-node-exporter: docker stack rm prometheus-node-exporter-stack -stack-up-prometheus: +stack-up-prometheus: network-up-prometheus init-prometheus-data docker stack deploy --compose-file prometheus.yml prometheus-stack stack-down-prometheus: @@ -103,17 +140,13 @@ stack-down-grafana: docker stack rm grafana-stack -stack-up-nextcloud: - [ -d /media/seagate-1000/nextcloud ] || mkdir /media/seagate-1000/nextcloud +stack-up-nextcloud: network-up-traefik init-nextcloud-data docker stack deploy --compose-file nextcloud.yml nextcloud-stack stack-down-nextcloud: docker stack rm nextcloud-stack -stack-up-onlyoffice: - [ -d /media/seagate-1000/onlyoffice ] || mkdir /media/seagate-1000/onlyoffice - [ -d /media/seagate-1000/onlyoffice/data ] || mkdir /media/seagate-1000/onlyoffice/data - [ -d /media/seagate-1000/onlyoffice/logs ] || mkdir /media/seagate-1000/onlyoffice/logs +stack-up-onlyoffice: init-onlyoffice-data docker stack deploy --compose-file onlyoffice.yml onlyoffice-stack stack-down-onlyoffice: diff --git a/docker-stack/cadvisor.yml b/docker-stack/cadvisor.yml index 1e5ae27..5835331 100644 --- a/docker-stack/cadvisor.yml +++ b/docker-stack/cadvisor.yml @@ -18,9 +18,9 @@ services: - -logtostderr #- -docker_only environment: - - DS_NODE_NAME="{{.Node.Hostname}}" - - DS_SERVICE_NAME="{{.Service.Name}}" - - DS_TASK_NAME="{{.Task.Name}}" + - DS_NODE_NAME={{.Node.Hostname}} + - DS_SERVICE_NAME={{.Service.Name}} + - DS_TASK_NAME={{.Task.Name}} networks: - traefik-network - prometheus-network diff --git a/docker-stack/codepot.yml b/docker-stack/codepot.yml index 8262461..2c859b5 100644 --- a/docker-stack/codepot.yml +++ b/docker-stack/codepot.yml @@ -10,9 +10,9 @@ services: hostname: codepot-service-host tty: true environment: - - DS_NODE_NAME="{{.Node.Hostname}}" - - DS_SERVICE_NAME="{{.Service.Name}}" - - DS_TASK_NAME="{{.Task.Name}}" + - DS_NODE_NAME={{.Node.Hostname}} + - DS_SERVICE_NAME={{.Service.Name}} + - DS_TASK_NAME={{.Task.Name}} command: - --port=80 - --hide-index-page=yes diff --git a/docker-stack/coder.yml b/docker-stack/coder.yml new file mode 100644 index 0000000..449185e --- /dev/null +++ b/docker-stack/coder.yml @@ -0,0 +1,66 @@ +version: "3.8" + +networks: + coder-network: + external: true + traefik-network: + external: true + +services: + coder-service: + image: ghcr.io/coder/coder:latest + hostname: coder-service-host + tty: true + environment: + - DS_NODE_NAME={{.Node.Hostname}} + - DS_SERVICE_NAME={{.Service.Name}} + - DS_TASK_NAME={{.Task.Name}} + - CODER_ACCESS_URL=https://vc.miflux.com + - CODER_ADDRESS=0.0.0.0:80 + - CODER_TLS_ENABLE=false + - CODER_OIDC_ISSUER_URL=https://code.miflux.com/ + - CODER_OIDC_EMAIL_DOMAIN=miflux.com + - CODER_OIDC_CLIENT_ID=8fc09269-57cd-4a03-a66b-6fb357d8abec + - CODER_OIDC_CLIENT_SECRET=gto_7hfqdkyg3tfc6ho5zuv2k34wl4jmnwxctzp32kvujrrmjf4bb2ta + networks: + - coder-network + - traefik-network + volumes: + - type: bind + source: /home/gfs-data/coder/data + target: /home/coder/.config + - type: bind + source: /home/gfs-data/coder/templates + target: /home/coder/templates + - type: bind + source: /home/gfs-data/coder/workspace + target: /workspace +# ports: +# - target: 80 +# published: 80 +# protocol: tcp + deploy: + mode: replicated + replicas: 1 + placement: + max_replicas_per_node: 1 + ##constraints: + ## - node.labels.location == home + ## - node.hostname == rose + resources: + limits: + memory: 1GB + restart_policy: + condition: on-failure + labels: + - traefik.enable=true + ##- traefik.docker.network=traefik-network + - traefik.http.routers.coder-https.entrypoints=websec + - traefik.http.routers.coder-https.rule=Host(`vc.miflux.com`) + - traefik.http.routers.coder-https.tls=true +# - traefik.http.routers.coder-http.entrypoints=web +# - traefik.http.routers.coder-http.rule=Host(`vc.miflux.com`) +# - traefik.http.routers.coder-http.tls=false + - traefik.http.services.coder-service.loadbalancer.server.port=80 + - traefik.http.services.coder-service.loadbalancer.sticky.cookie=true + - traefik.http.services.coder-service.loadbalancer.sticky.cookie.name=coder-sticker diff --git a/docker-stack/drone-runner.yml b/docker-stack/drone-runner.yml index a66df48..567833b 100644 --- a/docker-stack/drone-runner.yml +++ b/docker-stack/drone-runner.yml @@ -12,6 +12,9 @@ services: hostname: drone-runner-service-host tty: true environment: + - DS_NODE_NAME={{.Node.Hostname}} + - DS_SERVICE_NAME={{.Service.Name}} + - DS_TASK_NAME={{.Task.Name}} ##- DRONE_RPC_PROTO=https ##- DRONE_RPC_HOST=ci.miflux.com - DRONE_RPC_PROTO=http @@ -20,9 +23,6 @@ services: - DRONE_RPC_SECRET=bd7c7058fd60caa00b86f7ea944c913d - DRONE_RUNNER_CAPACITY=10 - DRONE_RUNNER_NAME=drone-runner-docker-1 - - DS_NODE_NAME="{{.Node.Hostname}}" - - DS_SERVICE_NAME="{{.Service.Name}}" - - DS_TASK_NAME="{{.Task.Name}}" networks: - drone-network ##- traefik-network diff --git a/docker-stack/drone.yml b/docker-stack/drone.yml index 738e1f0..fbd1079 100644 --- a/docker-stack/drone.yml +++ b/docker-stack/drone.yml @@ -12,7 +12,10 @@ services: hostname: drone-service-host tty: true environment: - ## unabel to use the internal DNS name as this URL is shown to + - DS_NODE_NAME={{.Node.Hostname}} + - DS_SERVICE_NAME={{.Service.Name}} + - DS_TASK_NAME={{.Task.Name}} + ## unable to use the internal DNS name as this URL is shown to ## the user for oauth login. ##- DRONE_GITEA_SERVER=http://gitea-service-host:3000 - DRONE_GITEA_SERVER=https://code.miflux.com @@ -22,9 +25,6 @@ services: - DRONE_SERVER_HOST=ci.miflux.com - DRONE_SERVER_PROTO=https - DRONE_USER_CREATE=username:hyung-hwan,admin:true - - DS_NODE_NAME="{{.Node.Hostname}}" - - DS_SERVICE_NAME="{{.Service.Name}}" - - DS_TASK_NAME="{{.Task.Name}}" networks: - drone-network - traefik-network diff --git a/docker-stack/gitea.yml b/docker-stack/gitea.yml index 59c397d..9752a9a 100644 --- a/docker-stack/gitea.yml +++ b/docker-stack/gitea.yml @@ -15,6 +15,9 @@ services: hostname: gitea-service-host tty: true environment: + - DS_NODE_NAME={{.Node.Hostname}} + - DS_SERVICE_NAME={{.Service.Name}} + - DS_TASK_NAME={{.Task.Name}} ##- USER_UID=1000 ##- USER_GID=1000 - GITEA____APP_NAME=HYUNG-HWAN @@ -32,11 +35,8 @@ services: - GITEA__service__EMAIL_NOTIFY_TRUE=false - GITEA__openid__ENABLE_OPENID_SIGNIN=false - GITEA__openid__ENABLE_OPENID_SIGNUP=false - - GITEA__wehhook__ALLOWED_HOST_LIST=* + - GITEA__webhook__ALLOWED_HOST_LIST=* - GITEA__metrics__ENABLED=true - - DS_NODE_NAME="{{.Node.Hostname}}" - - DS_SERVICE_NAME="{{.Service.Name}}" - - DS_TASK_NAME="{{.Task.Name}}" networks: - traefik-network - prometheus-network diff --git a/docker-stack/grafana.yml b/docker-stack/grafana.yml index 55ffd3b..a03706b 100644 --- a/docker-stack/grafana.yml +++ b/docker-stack/grafana.yml @@ -15,11 +15,11 @@ services: hostname: grafana-service-host tty: true environment: + - DS_NODE_NAME={{.Node.Hostname}} + - DS_SERVICE_NAME={{.Service.Name}} + - DS_TASK_NAME={{.Task.Name}} - GF_SECURITY_ADMIN_USER=admin - GF_SECURITY_ADMIN_PASSWORD=admin - - DS_NODE_NAME="{{.Node.Hostname}}" - - DS_SERVICE_NAME="{{.Service.Name}}" - - DS_TASK_NAME="{{.Task.Name}}" networks: - prometheus-network - traefik-network diff --git a/docker-stack/prometheus-node-exporter.yml b/docker-stack/prometheus-node-exporter.yml index d07c590..51cb8c3 100644 --- a/docker-stack/prometheus-node-exporter.yml +++ b/docker-stack/prometheus-node-exporter.yml @@ -15,9 +15,9 @@ services: hostname: prometheus-node-exporter-service-host tty: true environment: - - DS_NODE_NAME="{{.Node.Hostname}}" - - DS_SERVICE_NAME="{{.Service.Name}}" - - DS_TASK_NAME="{{.Task.Name}}" + - DS_NODE_NAME={{.Node.Hostname}} + - DS_SERVICE_NAME={{.Service.Name}} + - DS_TASK_NAME={{.Task.Name}} networks: - host-network volumes: diff --git a/docker-stack/prometheus.conf.yml b/docker-stack/prometheus.conf.yml index 74c7ab0..d9354e5 100644 --- a/docker-stack/prometheus.conf.yml +++ b/docker-stack/prometheus.conf.yml @@ -12,12 +12,12 @@ global: scrape_configs: - job_name: prometheus - scrape_interval: 10s + scrape_interval: 30s static_configs: - targets: ['localhost:9090'] - job_name: gitea - scrape_interval: 10s + scrape_interval: 60s #scheme: https #static_configs: # - targets: ['gitea-service-host:3000'] @@ -28,7 +28,7 @@ scrape_configs: refresh_interval: 30s - job_name: node - scrape_interval: 10s + scrape_interval: 25s #scheme: https #static_configs: # - targets: ['prometheus-node-exporter-service-host:9100'] @@ -41,14 +41,23 @@ scrape_configs: - host: tcp://prometheus-socat-service-host:2375 role: nodes relabel_configs: - - source_labels: [__meta_dockerswarm_node_address] + - source_labels: + - __meta_dockerswarm_node_address target_label: __address__ replacement: $1:9100 - - source_labels: [__meta_dockerswarm_node_hostname] + - source_labels: + - __meta_dockerswarm_node_manager_leader + - __meta_dockerswarm_node_manager_address + regex: 'true;(.+):[0-9]+' + target_label: __address__ + replacement: '$1:9100' + - source_labels: + - __meta_dockerswarm_node_hostname target_label: instance + - job_name: cadvisor - scrape_interval: 10s + scrape_interval: 60s dns_sd_configs: - names: ['cadvisor-service-host'] type: A diff --git a/docker-stack/prometheus.yml b/docker-stack/prometheus.yml index 4fbbf2b..c7a1f7d 100644 --- a/docker-stack/prometheus.yml +++ b/docker-stack/prometheus.yml @@ -15,9 +15,9 @@ services: hostname: prometheus-socat-service-host command: tcp-listen:2375,fork,reuseaddr unix-connect:/var/run/docker.sock environment: - - DS_NODE_NAME="{{.Node.Hostname}}" - - DS_SERVICE_NAME="{{.Service.Name}}" - - DS_TASK_NAME="{{.Task.Name}}" + - DS_NODE_NAME={{.Node.Hostname}} + - DS_SERVICE_NAME={{.Service.Name}} + - DS_TASK_NAME={{.Task.Name}} volumes: - type: bind source: /var/run/docker.sock @@ -35,9 +35,9 @@ services: hostname: prometheus-service-host tty: true environment: - - DS_NODE_NAME="{{.Node.Hostname}}" - - DS_SERVICE_NAME="{{.Service.Name}}" - - DS_TASK_NAME="{{.Task.Name}}" + - DS_NODE_NAME={{.Node.Hostname}} + - DS_SERVICE_NAME={{.Service.Name}} + - DS_TASK_NAME={{.Task.Name}} networks: - prometheus-network ports: diff --git a/docker-stack/traefik.yml b/docker-stack/traefik.yml index 517685c..a63e8fa 100644 --- a/docker-stack/traefik.yml +++ b/docker-stack/traefik.yml @@ -13,9 +13,9 @@ services: hostname: traefik-service-host tty: true environment: - - DS_NODE_NAME="{{.Node.Hostname}}" - - DS_SERVICE_NAME="{{.Service.Name}}" - - DS_TASK_NAME="{{.Task.Name}}" + - DS_NODE_NAME={{.Node.Hostname}} + - DS_SERVICE_NAME={{.Service.Name}} + - DS_TASK_NAME={{.Task.Name}} volumes: - type: bind source: /var/run/docker.sock