From 62f8ba52613828bd36661a531cb2a4c7abaafd53 Mon Sep 17 00:00:00 2001 From: Tim Cowlishaw Date: Mon, 20 Nov 2023 08:13:33 +0100 Subject: [PATCH] split out compose.yml by service --- compose.yml | 215 +++------------------------------------- compose/app.yml | 37 +++++++ compose/auth.yml | 7 ++ compose/cassandra.yml | 34 +++++++ compose/db.yml | 11 ++ compose/kairos.yml | 20 ++++ compose/mqtt-task.yml | 12 +++ compose/mqtt.yml | 41 ++++++++ compose/push.yml | 10 ++ compose/redis.yml | 3 + compose/sidekiq.yml | 8 ++ compose/telnet-task.yml | 6 ++ compose/web.yml | 12 +++ 13 files changed, 214 insertions(+), 202 deletions(-) create mode 100644 compose/app.yml create mode 100644 compose/auth.yml create mode 100644 compose/cassandra.yml create mode 100644 compose/db.yml create mode 100644 compose/kairos.yml create mode 100644 compose/mqtt-task.yml create mode 100644 compose/mqtt.yml create mode 100644 compose/push.yml create mode 100644 compose/redis.yml create mode 100644 compose/sidekiq.yml create mode 100644 compose/telnet-task.yml create mode 100644 compose/web.yml diff --git a/compose.yml b/compose.yml index 45ccdd8e..435c4bfd 100644 --- a/compose.yml +++ b/compose.yml @@ -1,202 +1,13 @@ -services: - db: - image: postgres:10 - volumes: - - sck-postgres:/var/lib/postgresql/data - #environment: - # NOTE: Postgres 9.5 stopped allowing connections without passwords. - # Enable this if needed. - #- POSTGRES_HOST_AUTH_METHOD=trust - - redis: - image: redis:5 - - auth: - env_file: .env - image: smartcitizen/auth - ports: - - "3001:3000" - restart: always - - app: - build: - context: . - # Skip installing development & test gems in production, saves 20s build time. - # If developing with Docker, this line might need to be commented out. - args: - - BUNDLE_WITHOUT=test development - env_file: .env - ports: - - "3000:3000" - depends_on: - # We disable some containers in production - - db - - auth - - redis - - sidekiq - - mqtt-task - - telnet-task - - push - #- mqtt - restart: always - deploy: - resources: - limits: - memory: 2gb - volumes: - - "./:/app" - #command: rails server -p 3000 -b '0.0.0.0' - #command: bash -c "rm -f tmp/pids/server.pid && bundle exec rails s -p 3000 -b '0.0.0.0'" - environment: - # For this to take effect, remove init/timeout, and in Gemfile, fix "rack-timeout" to not require anything. - RACK_TIMEOUT_SERVICE_TIMEOUT: 25 - logging: - driver: "json-file" - options: - max-size: "100m" - - sidekiq: - build: . - env_file: .env - command: bundle exec sidekiq - restart: always - volumes: - - "./log:/app/log" - - mqtt-task: - build: . - env_file: .env - command: bundle exec rake mqtt:sub - restart: always - volumes: - - "./log:/app/log" - logging: - driver: "json-file" - options: - max-size: "100m" - - telnet-task: - build: . - env_file: .env - command: bundle exec rake telnet:push - restart: always - - mqtt: - # NOTE: This cannot be fully dockerized in production yet because MQTT also needs port 80 - # The MQTT server hax iptables rules that 80 -> 1883 and 443 -> 8883 - # This was done in the past to allow kits to post mqtt over 80 to prevent firewall issues. - # - #image: emqx/emqx:v2.4.7 # This is currently on mqtt server #2020-05-05 - image: emqx/emqx:v3.0.0 # last known working version on docker - ports: - - "1883:1883" # mqtt tcp - #- "8080:8080" # http:management - can clash with Kairos - - "8083:8083" # HTTP and WebSocket - - "8084:8084" # HTTPS and WSS - - "8883:8883" # MQTT SSL listener port - - "18083:18083" # Web dashboard: admin:public - - "18084:18084" # Web dashboard TLS - #- "11883:11883" - environment: - # Enable HTTPS for Dashboard: - EMQX_DASHBOARD__LISTENER__HTTPS__KEYFILE: "/opt/emqx/etc/certs/mydomain.key" - EMQX_DASHBOARD__LISTENER__HTTPS__CERTFILE: "/opt/emqx/etc/certs/final.crt" - EMQX_DASHBOARD__LISTENER__HTTPS__CACERTFILE: "/opt/emqx/etc/certs/STAR_smartcitizen_me.ca-bundle" - EMQX_DASHBOARD__LISTENER__HTTPS: 18084 - EMQX_DASHBOARD__LISTENER__HTTPS__ACCEPTORS: 2 - EMQX_DASHBOARD__LISTENER__HTTPS__MAX_CLIENTS: 512 - - EMQX_LISTENER__WSS__EXTERNAL__KEYFILE: "/opt/emqx/etc/certs/mydomain.key" - EMQX_LISTENER__WSS__EXTERNAL__CERTFILE: "/opt/emqx/etc/certs/final.crt" - EMQX_LISTENER__WSS__EXTERNAL__CACERTFILE: "/opt/emqx/etc/certs/STAR_smartcitizen_me.ca-bundle" - - EMQX_LISTENER__SSL__EXTERNAL__KEYFILE: "/opt/emqx/etc/certs/mydomain.key" - EMQX_LISTENER__SSL__EXTERNAL__CERTFILE: "/opt/emqx/etc/certs/final.crt" - EMQX_LISTENER__SSL__EXTERNAL__CACERTFILE: "/opt/emqx/etc/certs/STAR_smartcitizen_me.ca-bundle" - EMQX_LISTENER__SSL__EXTERNAL: 8883 - #EMQX_LISTENER__SSL__EXTERNAL__REUSEADDR: "true" - volumes: - # emqx.conf can be overwritten with ENV vars, so next line is not needed. Rather use ENV above - #- "./scripts/emqx-config/emqx.conf:/opt/emqx/etc/emqx.conf" - # However, acl.conf is not supported (yet), see: https://github.com/emqx/emqx-docker/issues/86 - #- "./scripts/emqx-config/acl.conf:/opt/emqx/etc/acl.conf" - - "./scripts/certs/:/opt/emqx/etc/certs/" - - web: - image: nginx - depends_on: - - app - ports: - - 80:80 - - 80:80/udp - #- 443:443 - volumes: - - ./scripts/nginx-conf/api.smartcitizen.me.conf:/etc/nginx/conf.d/api.smartcitizen.me.conf - - ./scripts/nginx.conf:/etc/nginx/nginx.conf - - # Websockets - push: - image: smartcitizen/push - environment: - - REDIS_URL=redis://redis:6379/4 - # TODO: needs SSL on ws.smartcitizen.me - restart: always - ports: - - 8000:8000 - -# There is no official docker image for Kairos 2017-12-18 -# kairos: -# image: kairos - kairos: - env_file: .env - build: - context: ./scripts/ - dockerfile: Dockerfile-kairos - deploy: - restart_policy: - condition: on-failure - max_attempts: 3 - window: 120s - ports: - - 8080:8080 - - 4242:4242 #telnet - # We better not start Cassandra container in production, it eats up memory - #depends_on: - #- cassandra-1 - -# Check if cassandra cluster is working: -# docker compose exec cassandra-1 nodetool status - cassandra-1: - image: cassandra:3.11.4 - ports: - # no need to expose all ports? - - "7000:7000" # Internode, cluster communication - - "7001:7001" # TLS Internode - - "7199:7199" # JMX - - "9042:9042" # CQL native transport - - "9160:9160" # Thrift client API - #volumes: - #- sck-cassandra:/var/lib/cassandra - -# cassandra-2: -# image: cassandra:3.11.4 -# ports: -# - 9142:9042 -# environment: -# - CASSANDRA_SEEDS=cassandra-1 # Use IP if on different servers -# depends_on: -# - cassandra-1 -# command: bash -c 'if [ -z "$$(ls -A /var/lib/cassandra/)" ] ; then sleep 60; fi && /docker-entrypoint.sh cassandra -f' -# -# cassandra-3: -# image: cassandra:3.11.4 -# ports: -# - 9242:9042 -# environment: -# - CASSANDRA_SEEDS=cassandra-1 # Use IP if on different servers -# depends_on: -# - cassandra-1 -# command: bash -c 'if [ -z "$$(ls -A /var/lib/cassandra/)" ] ; then sleep 120; fi && /docker-entrypoint.sh cassandra -f' - -volumes: - sck-postgres: +include: + - compose/db.yml + - compose/redis.yml + - compose/auth.yml + - compose/app.yml + - compose/sidekiq.yml + - compose/mqtt-task.yml + - compose/telnet-task.yml + - compose/mqtt.yml + - compose/web.yml + - compose/push.yml + - compose/kairos.yml + - compose/cassandra.yml \ No newline at end of file diff --git a/compose/app.yml b/compose/app.yml new file mode 100644 index 00000000..8545da85 --- /dev/null +++ b/compose/app.yml @@ -0,0 +1,37 @@ +services: + app: + build: + context: ../. + # Skip installing development & test gems in production, saves 20s build time. + # If developing with Docker, this line might need to be commented out. + args: + - BUNDLE_WITHOUT=test development + env_file: ../.env + ports: + - "3000:3000" + depends_on: + # We disable some containers in production + - db + - auth + - redis + - sidekiq + - mqtt-task + - telnet-task + - push + #- mqtt + restart: always + deploy: + resources: + limits: + memory: 2gb + volumes: + - "../:/app" + #command: rails server -p 3000 -b '0.0.0.0' + #command: bash -c "rm -f tmp/pids/server.pid && bundle exec rails s -p 3000 -b '0.0.0.0'" + environment: + # For this to take effect, remove init/timeout, and in Gemfile, fix "rack-timeout" to not require anything. + RACK_TIMEOUT_SERVICE_TIMEOUT: 25 + logging: + driver: "json-file" + options: + max-size: "100m" \ No newline at end of file diff --git a/compose/auth.yml b/compose/auth.yml new file mode 100644 index 00000000..5a62a8d3 --- /dev/null +++ b/compose/auth.yml @@ -0,0 +1,7 @@ +services: + auth: + env_file: ../.env + image: smartcitizen/auth + ports: + - "3001:3000" + restart: always \ No newline at end of file diff --git a/compose/cassandra.yml b/compose/cassandra.yml new file mode 100644 index 00000000..073a4676 --- /dev/null +++ b/compose/cassandra.yml @@ -0,0 +1,34 @@ +services: + # Check if cassandra cluster is working: + # docker compose exec cassandra-1 nodetool status + cassandra-1: + image: cassandra:3.11.4 + ports: + # no need to expose all ports? + - "7000:7000" # Internode, cluster communication + - "7001:7001" # TLS Internode + - "7199:7199" # JMX + - "9042:9042" # CQL native transport + - "9160:9160" # Thrift client API + #volumes: + #- ../sck-cassandra:/var/lib/cassandra + +# cassandra-2: +# image: cassandra:3.11.4 +# ports: +# - 9142:9042 +# environment: +# - CASSANDRA_SEEDS=cassandra-1 # Use IP if on different servers +# depends_on: +# - cassandra-1 +# command: bash -c 'if [ -z "$$(ls -A /var/lib/cassandra/)" ] ; then sleep 60; fi && /docker-entrypoint.sh cassandra -f' +# +# cassandra-3: +# image: cassandra:3.11.4 +# ports: +# - 9242:9042 +# environment: +# - CASSANDRA_SEEDS=cassandra-1 # Use IP if on different servers +# depends_on: +# - cassandra-1 +# command: bash -c 'if [ -z "$$(ls -A /var/lib/cassandra/)" ] ; then sleep 120; fi && /docker-entrypoint.sh cassandra -f' diff --git a/compose/db.yml b/compose/db.yml new file mode 100644 index 00000000..20c03923 --- /dev/null +++ b/compose/db.yml @@ -0,0 +1,11 @@ +services: + db: + image: postgres:10 + volumes: + - sck-postgres:/var/lib/postgresql/data + #environment: + # NOTE: Postgres 9.5 stopped allowing connections without passwords. + # Enable this if needed. + #- POSTGRES_HOST_AUTH_METHOD=trust +volumes: + sck-postgres: \ No newline at end of file diff --git a/compose/kairos.yml b/compose/kairos.yml new file mode 100644 index 00000000..b87bb36a --- /dev/null +++ b/compose/kairos.yml @@ -0,0 +1,20 @@ +services: + # There is no official docker image for Kairos 2017-12-18 + # kairos: + # image: kairos + kairos: + env_file: ../.env + build: + context: ../scripts/ + dockerfile: Dockerfile-kairos + deploy: + restart_policy: + condition: on-failure + max_attempts: 3 + window: 120s + ports: + - 8080:8080 + - 4242:4242 #telnet + # We better not start Cassandra container in production, it eats up memory + #depends_on: + #- cassandra-1 \ No newline at end of file diff --git a/compose/mqtt-task.yml b/compose/mqtt-task.yml new file mode 100644 index 00000000..f2258b12 --- /dev/null +++ b/compose/mqtt-task.yml @@ -0,0 +1,12 @@ +services: + mqtt-task: + build: ../ + env_file: ../.env + command: bundle exec rake mqtt:sub + restart: always + volumes: + - "../log:/app/log" + logging: + driver: "json-file" + options: + max-size: "100m" diff --git a/compose/mqtt.yml b/compose/mqtt.yml new file mode 100644 index 00000000..2a29e22c --- /dev/null +++ b/compose/mqtt.yml @@ -0,0 +1,41 @@ +services: + mqtt: + # NOTE: This cannot be fully dockerized in production yet because MQTT also needs port 80 + # The MQTT server hax iptables rules that 80 -> 1883 and 443 -> 8883 + # This was done in the past to allow kits to post mqtt over 80 to prevent firewall issues. + # + #image: emqx/emqx:v2.4.7 # This is currently on mqtt server #2020-05-05 + image: emqx/emqx:v3.0.0 # last known working version on docker + ports: + - "1883:1883" # mqtt tcp + #- "8080:8080" # http:management - can clash with Kairos + - "8083:8083" # HTTP and WebSocket + - "8084:8084" # HTTPS and WSS + - "8883:8883" # MQTT SSL listener port + - "18083:18083" # Web dashboard: admin:public + - "18084:18084" # Web dashboard TLS + #- "11883:11883" + environment: + # Enable HTTPS for Dashboard: + EMQX_DASHBOARD__LISTENER__HTTPS__KEYFILE: "/opt/emqx/etc/certs/mydomain.key" + EMQX_DASHBOARD__LISTENER__HTTPS__CERTFILE: "/opt/emqx/etc/certs/final.crt" + EMQX_DASHBOARD__LISTENER__HTTPS__CACERTFILE: "/opt/emqx/etc/certs/STAR_smartcitizen_me.ca-bundle" + EMQX_DASHBOARD__LISTENER__HTTPS: 18084 + EMQX_DASHBOARD__LISTENER__HTTPS__ACCEPTORS: 2 + EMQX_DASHBOARD__LISTENER__HTTPS__MAX_CLIENTS: 512 + + EMQX_LISTENER__WSS__EXTERNAL__KEYFILE: "/opt/emqx/etc/certs/mydomain.key" + EMQX_LISTENER__WSS__EXTERNAL__CERTFILE: "/opt/emqx/etc/certs/final.crt" + EMQX_LISTENER__WSS__EXTERNAL__CACERTFILE: "/opt/emqx/etc/certs/STAR_smartcitizen_me.ca-bundle" + + EMQX_LISTENER__SSL__EXTERNAL__KEYFILE: "/opt/emqx/etc/certs/mydomain.key" + EMQX_LISTENER__SSL__EXTERNAL__CERTFILE: "/opt/emqx/etc/certs/final.crt" + EMQX_LISTENER__SSL__EXTERNAL__CACERTFILE: "/opt/emqx/etc/certs/STAR_smartcitizen_me.ca-bundle" + EMQX_LISTENER__SSL__EXTERNAL: 8883 + #EMQX_LISTENER__SSL__EXTERNAL__REUSEADDR: "true" + volumes: + # emqx.conf can be overwritten with ENV vars, so next line is not needed. Rather use ENV above + #- "./scripts/emqx-config/emqx.conf:/opt/emqx/etc/emqx.conf" + # However, acl.conf is not supported (yet), see: https://github.com/emqx/emqx-docker/issues/86 + #- "./scripts/emqx-config/acl.conf:/opt/emqx/etc/acl.conf" + - "../scripts/certs/:/opt/emqx/etc/certs/" \ No newline at end of file diff --git a/compose/push.yml b/compose/push.yml new file mode 100644 index 00000000..aa919a73 --- /dev/null +++ b/compose/push.yml @@ -0,0 +1,10 @@ +services: + # Websockets + push: + image: smartcitizen/push + environment: + - REDIS_URL=redis://redis:6379/4 + # TODO: needs SSL on ws.smartcitizen.me + restart: always + ports: + - 8000:8000 \ No newline at end of file diff --git a/compose/redis.yml b/compose/redis.yml new file mode 100644 index 00000000..b8768f34 --- /dev/null +++ b/compose/redis.yml @@ -0,0 +1,3 @@ +services: + redis: + image: redis:5 \ No newline at end of file diff --git a/compose/sidekiq.yml b/compose/sidekiq.yml new file mode 100644 index 00000000..04eec931 --- /dev/null +++ b/compose/sidekiq.yml @@ -0,0 +1,8 @@ +services: + sidekiq: + build: ../. + env_file: ../.env + command: bundle exec sidekiq + restart: always + volumes: + - "../log:/app/log" \ No newline at end of file diff --git a/compose/telnet-task.yml b/compose/telnet-task.yml new file mode 100644 index 00000000..6929a1d9 --- /dev/null +++ b/compose/telnet-task.yml @@ -0,0 +1,6 @@ +services: + telnet-task: + build: ../. + env_file: ../.env + command: bundle exec rake telnet:push + restart: always diff --git a/compose/web.yml b/compose/web.yml new file mode 100644 index 00000000..46023771 --- /dev/null +++ b/compose/web.yml @@ -0,0 +1,12 @@ +services: + web: + image: nginx + depends_on: + - app + ports: + - 80:80 + - 80:80/udp + #- 443:443 + volumes: + - ../scripts/nginx-conf/api.smartcitizen.me.conf:/etc/nginx/conf.d/api.smartcitizen.me.conf + - ../scripts/nginx.conf:/etc/nginx/nginx.conf \ No newline at end of file