diff --git a/README.md b/README.md index 3cf12f5..3b197c3 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,3 @@ # docker-stacks Templates for Docker stacks + diff --git a/artifactory/artifactory-ha.yml b/artifactory/artifactory-ha.yml new file mode 100644 index 0000000..51950cc --- /dev/null +++ b/artifactory/artifactory-ha.yml @@ -0,0 +1,99 @@ +version: '2' +services: + postgresql: + image: docker.bintray.io/postgres:9.5.2 + container_name: postgresql + ports: + - 5432:5432 + environment: + - POSTGRES_DB=artifactory + # The following must match the DB_USER and DB_PASSWORD values passed to Artifactory + - POSTGRES_USER=artifactory + - POSTGRES_PASSWORD=password + volumes: + - /data/postgresql:/var/lib/postgresql/data + restart: always + ulimits: + nproc: 65535 + nofile: + soft: 32000 + hard: 40000 + artifactory-node1: + image: docker.bintray.io/jfrog/artifactory-pro:5.10.4 + container_name: artifactory-node1 + ports: + - 8081:8081 + depends_on: + - postgresql + links: + - postgresql + volumes: + - /data/artifactory/node1:/var/opt/jfrog/artifactory + environment: + - HA_IS_PRIMARY=true + - HA_MEMBERSHIP_PORT=10017 + - DB_TYPE=postgresql + # The following must match the POSTGRES_USER and POSTGRES_PASSWORD values passed to PostgreSQL + - DB_USER=artifactory + - DB_PASSWORD=password + # Add extra Java options by uncommenting the following line + #- EXTRA_JAVA_OPTIONS=-Xmx4g + restart: always + ulimits: + nproc: 65535 + nofile: + soft: 32000 + hard: 40000 + artifactory-node2: + image: docker.bintray.io/jfrog/artifactory-pro:5.10.4 + container_name: artifactory-node2 + ports: + - 8082:8081 + depends_on: + - postgresql + - artifactory-node1 + links: + - postgresql + # Must pass this to non primary so it can wait for primary to be up + - artifactory-node1 + volumes: + - /data/artifactory/node2:/var/opt/jfrog/artifactory + environment: + - HA_IS_PRIMARY=false + - HA_MEMBERSHIP_PORT=10017 + - DB_TYPE=postgresql + # The following must match the POSTGRES_USER and POSTGRES_PASSWORD values passed to PostgreSQL + - DB_USER=artifactory + - DB_PASSWORD=password + # Add extra Java options by uncommenting the following line + #- EXTRA_JAVA_OPTIONS=-Xmx4g + restart: always + ulimits: + nproc: 65535 + nofile: + soft: 32000 + hard: 40000 + nginx: + image: docker.bintray.io/jfrog/nginx-artifactory-pro:5.10.4 + container_name: nginx + ports: + - 80:80 + - 443:443 + depends_on: + - artifactory-node1 + - artifactory-node2 + links: + - artifactory-node1 + - artifactory-node2 + volumes: + - /data/nginx:/var/opt/jfrog/nginx + environment: + - ART_BASE_URL=http://artifactory-node1:8081/artifactory + - SSL=true + restart: always + ulimits: + nproc: 65535 + nofile: + soft: 32000 + hard: 40000 + diff --git a/artifactory/docker-compose.yml b/artifactory/docker-compose.yml new file mode 100644 index 0000000..4638fa4 --- /dev/null +++ b/artifactory/docker-compose.yml @@ -0,0 +1,66 @@ +version: '3' +services: + postgresql: + image: docker.bintray.io/postgres:9.5.2 + container_name: postgresql + ports: + - 5432:5432 + environment: + - POSTGRES_DB=artifactory + # The following must match the DB_USER and DB_PASSWORD values passed to Artifactory + - POSTGRES_USER=artifactory + - POSTGRES_PASSWORD=${POSTGRES_PSWRD} + volumes: + - /data/postgresql:/var/lib/postgresql/data + restart: always + ulimits: + nproc: 65535 + nofile: + soft: 32000 + hard: 40000 + artifactory: + image: docker.bintray.io/jfrog/artifactory-pro:5.10.4 + container_name: artifactory + ports: + - 8081:8081 + depends_on: + - postgresql + links: + - postgresql + volumes: + - /data/artifactory:/var/opt/jfrog/artifactory + environment: + - DB_TYPE=postgresql + # The following must match the POSTGRES_USER and POSTGRES_PASSWORD values passed to PostgreSQL + - DB_USER=artifactory + - DB_PASSWORD=${POSTGRES_PSWRD} + # Add extra Java options by uncommenting the following line + #- EXTRA_JAVA_OPTIONS=-Xmx4g + restart: always + ulimits: + nproc: 65535 + nofile: + soft: 32000 + hard: 40000 + nginx: + image: docker.bintray.io/jfrog/nginx-artifactory-pro:5.10.4 + container_name: nginx + ports: + - 80:80 + - 443:443 + depends_on: + - artifactory + links: + - artifactory + volumes: + - /data/nginx:/var/opt/jfrog/nginx + environment: + - ART_BASE_URL=http://artifactory:8081/artifactory + - SSL=true + restart: always + ulimits: + nproc: 65535 + nofile: + soft: 32000 + hard: 40000 + diff --git a/artifactory/docker-stack-nginx.yml b/artifactory/docker-stack-nginx.yml new file mode 100644 index 0000000..9461054 --- /dev/null +++ b/artifactory/docker-stack-nginx.yml @@ -0,0 +1,95 @@ +version: '3' + +services: + + postgresql: + image: postgres + networks: + - default + ports: + - 5432:5432 + environment: + - POSTGRES_DB=artifactory + # The following must match the DB_USER and DB_PASSWORD values passed to Artifactory + - POSTGRES_USER=artifactory + - POSTGRES_PASSWORD=password + #volumes: + # - postgres:/var/lib/postgresql/data + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + placement: + constraints: [node.role != manager] + + artifactory: + image: docker.bintray.io/jfrog/artifactory-oss:latest + networks: + - default + - traefik-net +# ports: +# - 8081:8081 + depends_on: + - postgresql + deploy: + mode: replicated + replicas: 1 + labels: + - "traefik.port=8081" + - "traefik.docker.network=traefik-net" + - "traefik.frontend.rule=Host:artifactory.traefik" + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + placement: + constraints: [node.role != manager] +# volumes: +# - artifactory:/var/opt/jfrog/artifactory + environment: + - DB_TYPE=postgresql + # The following must match the POSTGRES_USER and POSTGRES_PASSWORD values passed to PostgreSQL + - DB_USER=artifactory + - DB_PASSWORD=password + # Adding extra Java options by uncommenting the following line + #- EXTRA_JAVA_OPTIONS=-Xmx4g + +# nginx: +# image: docker.bintray.io/jfrog/nginx-artifactory-pro:latest +# ports: +# - 8082:8082 +# - 443:443 +# depends_on: +# - artifactory +# deploy: +# mode: replicated +# replicas: 1 +# labels: +# - "traefik.port=8082" +# - "traefik.frontend.entryPoints=http" +# - "traefik.docker.network=traefik-net" +# - "traefik.frontend.rule=Host:artifactory.traefik" +# restart_policy: +# condition: on-failure +# delay: 5s +# max_attempts: 3 +# placement: +# constraints: [node.role != manager] +# volumes: +# - artifactory:/var/opt/jfrog/nginx +# environment: +# - ART_BASE_URL=http://artifactory:8081/artifactory +# - SSL=true + +#volumes: +# artifactory: +networks: + traefik-net: + external: true + default: + driver: overlay + driver_opts: + encrypted: "true" diff --git a/artifactory/docker-stack.yml b/artifactory/docker-stack.yml index ff00fbd..359db97 100644 --- a/artifactory/docker-stack.yml +++ b/artifactory/docker-stack.yml @@ -1,11 +1,12 @@ -version: '3.6' - +version: '3.3' services: - postgres: + postgresql: image: postgres - ports: - - 5432:5432 + networks: + - default +# ports: +# - 5432:5432 environment: - POSTGRES_DB=artifactory # The following must match the DB_USER and DB_PASSWORD values passed to Artifactory @@ -24,22 +25,27 @@ services: constraints: [node.role != manager] artifactory: - image: jfrog-docker-reg2.bintray.io/jfrog/artifactory-pro:latest - ports: - - 8081:8081 + image: docker.bintray.io/jfrog/artifactory-oss:latest + networks: + - default + - traefik_traefik-net depends_on: - - postgres + - postgresql deploy: mode: replicated replicas: 1 + labels: + - "traefik.port=8081" + - "traefik.docker.network=traefik_traefik-net" + - "traefik.frontend.rule=Host:artifactory.traefik" restart_policy: condition: on-failure delay: 5s max_attempts: 3 placement: constraints: [node.role != manager] - volumes: - - artifactory:/var/opt/jfrog/artifactory +# volumes: +# - artifactory:/var/opt/jfrog/artifactory environment: - DB_TYPE=postgresql # The following must match the POSTGRES_USER and POSTGRES_PASSWORD values passed to PostgreSQL @@ -48,27 +54,12 @@ services: # Adding extra Java options by uncommenting the following line #- EXTRA_JAVA_OPTIONS=-Xmx4g - nginx: - image: jfrog.bintray.com/reg2/jfrog/nginx-artifactory-pro:latest - ports: - - 80:80 - - 443:443 - depends_on: - - artifactory - deploy: - mode: replicated - replicas: 1 - restart_policy: - condition: on-failure - delay: 5s - max_attempts: 3 - placement: - constraints: [node.role != manager] - volumes: - - artifactory:/var/opt/jfrog/nginx - environment: - - ART_BASE_URL=http://artifactory:8081/artifactory - - SSL=true - -volumes: - artifactory: +#volumes: +# artifactory: +networks: + traefik_traefik-net: + external: true + default: + driver: overlay + driver_opts: + encrypted: "true" diff --git a/gitlab/Dockerfile b/gitlab/Dockerfile new file mode 100644 index 0000000..4c70cb3 --- /dev/null +++ b/gitlab/Dockerfile @@ -0,0 +1,10 @@ +FROM gitlab/gitlab-ce:latest + +MAINTAINER Pavlov + +LABEL name="gitlab-ce" +LABEL version="2.107" +LABEL maintainer "ppavlov@dontmail.me" +LABEL architecture="x86_64" + +ADD gitlab.rb /etc/gitlab/gitlab.rb diff --git a/gitlab/docker-stack.yml b/gitlab/docker-stack.yml index b1f377f..12d148a 100644 --- a/gitlab/docker-stack.yml +++ b/gitlab/docker-stack.yml @@ -1,50 +1,95 @@ -version: "3.6" +version: "3.3" services: + postgresql: + image: postgres + networks: + - gitlab + environment: + - POSTGRES_DB=gitlab + # The following must match the DB_USER and DB_PASSWORD values passed to Gitlab + - POSTGRES_USER=gitlab + - POSTGRES_PASSWORD=password + #volumes: + # - postgres:/var/lib/postgresql/data + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + placement: + constraints: [node.role != manager] + gitlab: - image: "gitlab/gitlab-ce:10.3.3-ce.0" - volumes: - - "gitlab_data:/var/opt/gitlab" - - "gitlab_logs:/var/log/gitlab" - - "gitlab_config:/etc/gitlab" + image: quay.io/ppavlov/gitlab +# volumes: +# - "gitlab_data:/var/opt/gitlab" +# - "gitlab_logs:/var/log/gitlab" +# - "gitlab_config:/etc/gitlab" ports: - - "2222:22" - configs: - - source: "gitlab.rb" - target: "/etc/gitlab/gitlab.rb" + - "2022:22" +# configs: +# - source: "gitlab.rb" +# target: "/etc/gitlab/gitlab.rb" + restart: always networks: - - default - - proxy + - traefik-net + - gitlab deploy: + mode: replicated + replicas: 1 labels: traefik.port: "80" - traefik.frontend.rule: "Host:gitlab.localtest.me" - traefik.docker.network: "proxy" + traefik.frontend.rule: "Host:gitlab.traefik" + traefik.docker.network: "traefik-net" + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + placement: + constraints: [node.role != manager] -volumes: - gitlab_data: - driver: local - driver_opts: - type: nfs4 - o: "addr=127.0.0.1" - device: ":/gitlab-swarm/gitlab/data" - gitlab_logs: - driver: local - driver_opts: - type: nfs4 - o: "addr=127.0.0.1" - device: ":/gitlab-swarm/gitlab/logs" - gitlab_config: - driver: local - driver_opts: - type: nfs4 - o: "addr=127.0.0.1" - device: ":/gitlab-swarm/gitlab/config" + gilab-runner: + image: gitlab/gitlab-runner:alpine +# volumes: +# - /var/run/docker.sock:/var/run/docker.sock +# - /srv/gitlab-runner/config:/etc/gitlab-runner +# - /root/.docker:/root/.docker +# - /root/.notary:/root/.notary + restart: always + networks: + - gitlab + deploy: + placement: + constraints: [node.role != manager] + +#volumes: +# gitlab_data: +# driver: local +# driver_opts: +# type: nfs4 +# o: "addr=127.0.0.1" +# device: ":/gitlab-swarm/gitlab/data" +# gitlab_logs: +# driver: local +# driver_opts: +# type: nfs4 +# o: "addr=127.0.0.1" +# device: ":/gitlab-swarm/gitlab/logs" +# gitlab_config: +# driver: local +# driver_opts: +# type: nfs4 +# o: "addr=127.0.0.1" +# device: ":/gitlab-swarm/gitlab/config" -configs: - gitlab.rb: - file: "./gitlab.rb" +#configs: +# gitlab.rb: +# file: "./gitlab.rb" networks: - proxy: + traefik-net: external: true + gitlab: diff --git a/gitlab/gitlab.rb b/gitlab/gitlab.rb index 7b699cb..1233a9e 100644 --- a/gitlab/gitlab.rb +++ b/gitlab/gitlab.rb @@ -1,10 +1,10 @@ # gitlab.rb -external_url 'http://gitlab.local' -registry_external_url 'http://registry.gitlab.local' +external_url 'http://gitlab.traefik' +registry_external_url 'http://registry.gitlab.traefik' # Disable services -postgresql['enable'] = false +postgresql['enable'] = ture redis['enable'] = false prometheus['enable'] = false postgres_exporter['enable'] = false @@ -15,10 +15,10 @@ gitlab_rails['db_encoding'] = "unicode" # database service will be named "postgres" in the stack -gitlab_rails['db_host'] = "postgres" +gitlab_rails['db_host'] = "postgresql" gitlab_rails['db_database'] = "gitlab" gitlab_rails['db_username'] = "gitlab" -gitlab_rails['db_password'] = "gitlab" +gitlab_rails['db_password'] = "password" # Redis settings # redis service will be named "redis" in the stack diff --git a/haproxy/Dockerfile b/haproxy/Dockerfile new file mode 100644 index 0000000..66f2c47 --- /dev/null +++ b/haproxy/Dockerfile @@ -0,0 +1,16 @@ +FROM haproxy + +# Create a system group and user to be used by HAProxy. +ENV HAPROXY_USER haproxy +RUN groupadd --system ${HAPROXY_USER} && \ + useradd --system --gid ${HAPROXY_USER} ${HAPROXY_USER} && \ + mkdir --parents /var/lib/${HAPROXY_USER} && \ + mkdir --parents /run/${HAPROXY_USER} && \ + chown -R ${HAPROXY_USER}:${HAPROXY_USER} /var/lib/${HAPROXY_USER} + +#Adding Certificate +COPY server.bundle.pem /etc/ssl/certs/server.bundle.pem + +# Now copy the configurations file +COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg + diff --git a/haproxy/haproxy.cfg b/haproxy/haproxy.cfg new file mode 100644 index 0000000..78a9850 --- /dev/null +++ b/haproxy/haproxy.cfg @@ -0,0 +1,48 @@ +global + log 127.0.0.1 local0 + chroot /var/lib/haproxy + maxconn 4096 + user haproxy + group haproxy + daemon + tune.ssl.default-dh-param 2048 + stats socket /run/haproxy/admin.sock mode 660 level admin + +stats enable + stats socket /var/run/haproxy.sock mode 600 level admin + stats timeout 2m + +defaults + log global + mode http + option httplog + option dontlognull + option redispatch + option forwardfor + option http-server-close + maxconn 4000 + timeout connect 5000 + timeout client 50000 + timeout server 50000 + errorfile 400 /usr/local/etc/haproxy/errors/400.http + errorfile 403 /usr/local/etc/haproxy/errors/403.http + errorfile 408 /usr/local/etc/haproxy/errors/408.http + errorfile 500 /usr/local/etc/haproxy/errors/500.http + errorfile 502 /usr/local/etc/haproxy/errors/502.http + errorfile 503 /usr/local/etc/haproxy/errors/503.http + errorfile 504 /usr/local/etc/haproxy/errors/504.http + +frontend normal + bind *:80 + bind *:443 ssl crt /etc/ssl/certs/server.bundle.pem + mode http + option forwardfor +# reqirep ^([^ :]*)/v2(.*$)1 /artifactory/api/docker/docker-local + reqadd X-Forwarded-Proto:\ https +# reqadd X-Forwarded-Proto: https if { ssl_fc } + option forwardfor header X-Real-IP + default_backend normal + +backend normal + mode http + server artifactory artifcatoy.domain.com:8081 diff --git a/haproxy/server.bundle.pem b/haproxy/server.bundle.pem new file mode 100644 index 0000000..19346e6 --- /dev/null +++ b/haproxy/server.bundle.pem @@ -0,0 +1,49 @@ +-----BEGIN CERTIFICATE----- +MIIDpjCCAo4CCQCMXbNm1pd3UDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMC +VUsxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMQ4wDAYDVQQKDAVK +ZnJvZzEVMBMGA1UECwwMSnJvZyBTdXBwb3J0MRwwGgYDVQQDDBNhcnRpZmFjdG9y +eS50cmFlZmlrMR4wHAYJKoZIhvcNAQkBFg9qZnJvZ0BqZnJvZy5jb20wHhcNMTgw +NDIwMTEzODMwWhcNMTkwNDIwMTEzODMwWjCBlDELMAkGA1UEBhMCVUsxDzANBgNV +BAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMQ4wDAYDVQQKDAVKZnJvZzEVMBMG +A1UECwwMSnJvZyBTdXBwb3J0MRwwGgYDVQQDDBNhcnRpZmFjdG9yeS50cmFlZmlr +MR4wHAYJKoZIhvcNAQkBFg9qZnJvZ0BqZnJvZy5jb20wggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQChzKEnhNS2KCxcxi20gcc5NnqdM4mOtULKEo1LJsW8 +iaMSrBuhKWeQI8n8y2mjLfAqiBWk71qDSYsDp9iOAnZ5hHaxJc/ijXCGD8WFLl3H +texSwSgV3ckGAWNpyhfykz4czxtJ9/2gav60Kw5t0CoEBKwyZhmmpd6U4EwzjzG5 +lfoAOHKxl8rLi1VbAnOQdSkPCq2pun25R8x5047jjoegAA1xaVuBG3NB0DUJ8uoo +Nkfr5kTKx3jFz9qc5StuFP/zzNAne10BOiqDXpwY35svZ4oC66iu3IuJ1BNjB3Zz +q9bRU+6KPAjP/mUCM4u/CsaOoTjAFZAJZGhCERvGLSONAgMBAAEwDQYJKoZIhvcN +AQEFBQADggEBAGEC+sYv//8/G4j8hK2Dsj7sJlIUpE8FjwC9C7N+OcKG0M8vgiHU +O+ml4wlMcQ/AVDJOdyNR1NkxM7KOAGYQ/eyKoEozcb95UG780Aapn7rNBGoPSOGu +k8sk9MEtNck/28IOCyRkRHGryUVpphmToSlIvsC9iVkBuc6KsFY8OSSdu3x6V16+ +LbtYwu297F0CLcp6JVXdVKbyl+WOZqbVxD+8j7dRnYyaILq3I7jB3qGA2tmKtXPR +tX5hv7l4asPYgj1uz26FQza3rsGkWaij0y12TSQos0gDxtlla+iV3yHirjHkr2pZ +y/fKe7A3yhuAJ+WsP0nxp9t/rkl3yp8APS8= +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAocyhJ4TUtigsXMYttIHHOTZ6nTOJjrVCyhKNSybFvImjEqwb +oSlnkCPJ/Mtpoy3wKogVpO9ag0mLA6fYjgJ2eYR2sSXP4o1whg/FhS5dx7XsUsEo +Fd3JBgFjacoX8pM+HM8bSff9oGr+tCsObdAqBASsMmYZpqXelOBMM48xuZX6ADhy +sZfKy4tVWwJzkHUpDwqtqbp9uUfMedOO446HoAANcWlbgRtzQdA1CfLqKDZH6+ZE +ysd4xc/anOUrbhT/88zQJ3tdAToqg16cGN+bL2eKAuuortyLidQTYwd2c6vW0VPu +ijwIz/5lAjOLvwrGjqE4wBWQCWRoQhEbxi0jjQIDAQABAoIBAQCTt5fV1Z7B43GF +DeXCa82wPT26ccf/gxtEE6Xt26sh02MPdBQRkhSb8yDA7BE4yoL+wZlJKMExJZ6G +KuI53KO/k6EtYEEoLEt0CcgiLE+wOjZU40YumHqkQfY6Kiis7aMCeE8IvCFRKP37 +DWgx95+0ZXO026RFkh/hOdo4JF6YeJHUIMaVo8bKKwO2YPJ+9QWmCUh5RDwu2dch +kK+0jVWMJ4v3QmVbXokd19Lxq90cEcDLsh46l7ctdWN8oxxjQ/FCHlnlMCrWzOd2 +VLyTv1gA5V1DCLR1A6EyS9F9kzwo7Zd458VmbvAXnwbrKo9dIk6BX9lk2jHu+bd7 +6QRJcouBAoGBAMwg5BfEBVoPl6dk4nWI9pqWrfSoYWaouywXSVjC8Fs0wZ+CPcrq +mV16nQtVtcoJ/JBJC3PMWurPjY0ZxXF3xA6BY/IMY4wnX+nkibUZq8bxBTv7FH58 +XSvQY4mBZAtDXhA00NiT51+oZ9wv6ZpE4MGspyIPiQnlrHP/DnSGM2BtAoGBAMrq +HPusHNDzdoO9H3q6kDhdE/jM/gkq3vsIinRDnueb2RukFpNkMmPnPgtS9Sb2zaHt +1B7obrHfDLFFd5QLOErDDLPnaFanrt3V70AMkJXbVEHwCw69ElnDvyMOlxoQ8ntu +Lr7FxY6p4PH0KiAh0Tbp2RSV+xDwp7/Mqa8MOhuhAoGBALkdxtxKlvPimgxjL/+Y +8tKkfSMXpCT+Nae5gnmtZ12/DSyDZ1hiwiyE6nCCDPcpcVLD+0/LblPtX5grW+QX +0cO50ZKLa6eJebDZ4YxLuH0UzENl4mMGk1QNiocDwV95e49E5nTSRIx6Y53KEZYm +ipD46yS3Y/aGw4r6Lfi8T1FNAoGBAK+E/NcR1MdFoYFo6T7u++tVT/5Jy4BAjiqV +A7Z3+48aNx16vXB3HkNedkOzWY1/tPXZ1D98DKxdZQw+K6ZqYiIBQA6qH429dDw9 +XruHYtXNp791lQsFr0boVIBNkZShji4Ia/Tm+/Fgrsx7yKiMt/0JIJZ2+Xp4wJHe +xfQ93lGhAoGAKUP/o9HZ4qedK5jog2v8JDPTur/16uR4t/OJi0j9HNvKyLU3ftTR +PfunPdunbv20jrxMKKSsCEGCrpTkrp6H5rPEc52FzUM9VO+OhdUl27QSeMQSXBKG +ain74EirqUVLYeuH0NYDq8Snrom7FFZoDawP4AUZW0b5YsUlCeTBKEk= +-----END RSA PRIVATE KEY----- diff --git a/haproxy/server.crt b/haproxy/server.crt new file mode 100644 index 0000000..4e196f7 --- /dev/null +++ b/haproxy/server.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDpjCCAo4CCQCMXbNm1pd3UDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMC +VUsxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMQ4wDAYDVQQKDAVK +ZnJvZzEVMBMGA1UECwwMSnJvZyBTdXBwb3J0MRwwGgYDVQQDDBNhcnRpZmFjdG9y +eS50cmFlZmlrMR4wHAYJKoZIhvcNAQkBFg9qZnJvZ0BqZnJvZy5jb20wHhcNMTgw +NDIwMTEzODMwWhcNMTkwNDIwMTEzODMwWjCBlDELMAkGA1UEBhMCVUsxDzANBgNV +BAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMQ4wDAYDVQQKDAVKZnJvZzEVMBMG +A1UECwwMSnJvZyBTdXBwb3J0MRwwGgYDVQQDDBNhcnRpZmFjdG9yeS50cmFlZmlr +MR4wHAYJKoZIhvcNAQkBFg9qZnJvZ0BqZnJvZy5jb20wggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQChzKEnhNS2KCxcxi20gcc5NnqdM4mOtULKEo1LJsW8 +iaMSrBuhKWeQI8n8y2mjLfAqiBWk71qDSYsDp9iOAnZ5hHaxJc/ijXCGD8WFLl3H +texSwSgV3ckGAWNpyhfykz4czxtJ9/2gav60Kw5t0CoEBKwyZhmmpd6U4EwzjzG5 +lfoAOHKxl8rLi1VbAnOQdSkPCq2pun25R8x5047jjoegAA1xaVuBG3NB0DUJ8uoo +Nkfr5kTKx3jFz9qc5StuFP/zzNAne10BOiqDXpwY35svZ4oC66iu3IuJ1BNjB3Zz +q9bRU+6KPAjP/mUCM4u/CsaOoTjAFZAJZGhCERvGLSONAgMBAAEwDQYJKoZIhvcN +AQEFBQADggEBAGEC+sYv//8/G4j8hK2Dsj7sJlIUpE8FjwC9C7N+OcKG0M8vgiHU +O+ml4wlMcQ/AVDJOdyNR1NkxM7KOAGYQ/eyKoEozcb95UG780Aapn7rNBGoPSOGu +k8sk9MEtNck/28IOCyRkRHGryUVpphmToSlIvsC9iVkBuc6KsFY8OSSdu3x6V16+ +LbtYwu297F0CLcp6JVXdVKbyl+WOZqbVxD+8j7dRnYyaILq3I7jB3qGA2tmKtXPR +tX5hv7l4asPYgj1uz26FQza3rsGkWaij0y12TSQos0gDxtlla+iV3yHirjHkr2pZ +y/fKe7A3yhuAJ+WsP0nxp9t/rkl3yp8APS8= +-----END CERTIFICATE----- diff --git a/haproxy/server.csr b/haproxy/server.csr new file mode 100644 index 0000000..aac2b24 --- /dev/null +++ b/haproxy/server.csr @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIC2jCCAcICAQAwgZQxCzAJBgNVBAYTAlVLMQ8wDQYDVQQIDAZMb25kb24xDzAN +BgNVBAcMBkxvbmRvbjEOMAwGA1UECgwFSmZyb2cxFTATBgNVBAsMDEpyb2cgU3Vw +cG9ydDEcMBoGA1UEAwwTYXJ0aWZhY3RvcnkudHJhZWZpazEeMBwGCSqGSIb3DQEJ +ARYPamZyb2dAamZyb2cuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAocyhJ4TUtigsXMYttIHHOTZ6nTOJjrVCyhKNSybFvImjEqwboSlnkCPJ/Mtp +oy3wKogVpO9ag0mLA6fYjgJ2eYR2sSXP4o1whg/FhS5dx7XsUsEoFd3JBgFjacoX +8pM+HM8bSff9oGr+tCsObdAqBASsMmYZpqXelOBMM48xuZX6ADhysZfKy4tVWwJz +kHUpDwqtqbp9uUfMedOO446HoAANcWlbgRtzQdA1CfLqKDZH6+ZEysd4xc/anOUr +bhT/88zQJ3tdAToqg16cGN+bL2eKAuuortyLidQTYwd2c6vW0VPuijwIz/5lAjOL +vwrGjqE4wBWQCWRoQhEbxi0jjQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAHQ8 +Y56KcG6cUUhLzowgDbsJVUGmjLkiONvDEzfDnpjXHOfhEsoX5ZeJOBuZL+YlMlOD +ml6i7Q/BPIVY4vphxZlij1munzDOK01WdMZpILXUMjAmrYcKV2Ps9z6BDYpORFpt +arS+2qmUpTef+BpAIdoJNkaCWuxWCSJ+EmICpdqM0hrF0ShKGztoYlOqqc4Qw0eq +N+/R6MmOhAXMaLthaMUITv5hBwlXina5iPUzUZ/tJEOos4ReYCMcHmxbVR68OzQi +0QlvRez0S+swx5psNJQFt/vrucPwvI+FKiJt/aNnwmxgCB4D5Q3QdeH03SZCHlIg +lXTkYciBVA1Ry6RdYw4= +-----END CERTIFICATE REQUEST----- diff --git a/haproxy/server.key b/haproxy/server.key new file mode 100644 index 0000000..bfd767f --- /dev/null +++ b/haproxy/server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAocyhJ4TUtigsXMYttIHHOTZ6nTOJjrVCyhKNSybFvImjEqwb +oSlnkCPJ/Mtpoy3wKogVpO9ag0mLA6fYjgJ2eYR2sSXP4o1whg/FhS5dx7XsUsEo +Fd3JBgFjacoX8pM+HM8bSff9oGr+tCsObdAqBASsMmYZpqXelOBMM48xuZX6ADhy +sZfKy4tVWwJzkHUpDwqtqbp9uUfMedOO446HoAANcWlbgRtzQdA1CfLqKDZH6+ZE +ysd4xc/anOUrbhT/88zQJ3tdAToqg16cGN+bL2eKAuuortyLidQTYwd2c6vW0VPu +ijwIz/5lAjOLvwrGjqE4wBWQCWRoQhEbxi0jjQIDAQABAoIBAQCTt5fV1Z7B43GF +DeXCa82wPT26ccf/gxtEE6Xt26sh02MPdBQRkhSb8yDA7BE4yoL+wZlJKMExJZ6G +KuI53KO/k6EtYEEoLEt0CcgiLE+wOjZU40YumHqkQfY6Kiis7aMCeE8IvCFRKP37 +DWgx95+0ZXO026RFkh/hOdo4JF6YeJHUIMaVo8bKKwO2YPJ+9QWmCUh5RDwu2dch +kK+0jVWMJ4v3QmVbXokd19Lxq90cEcDLsh46l7ctdWN8oxxjQ/FCHlnlMCrWzOd2 +VLyTv1gA5V1DCLR1A6EyS9F9kzwo7Zd458VmbvAXnwbrKo9dIk6BX9lk2jHu+bd7 +6QRJcouBAoGBAMwg5BfEBVoPl6dk4nWI9pqWrfSoYWaouywXSVjC8Fs0wZ+CPcrq +mV16nQtVtcoJ/JBJC3PMWurPjY0ZxXF3xA6BY/IMY4wnX+nkibUZq8bxBTv7FH58 +XSvQY4mBZAtDXhA00NiT51+oZ9wv6ZpE4MGspyIPiQnlrHP/DnSGM2BtAoGBAMrq +HPusHNDzdoO9H3q6kDhdE/jM/gkq3vsIinRDnueb2RukFpNkMmPnPgtS9Sb2zaHt +1B7obrHfDLFFd5QLOErDDLPnaFanrt3V70AMkJXbVEHwCw69ElnDvyMOlxoQ8ntu +Lr7FxY6p4PH0KiAh0Tbp2RSV+xDwp7/Mqa8MOhuhAoGBALkdxtxKlvPimgxjL/+Y +8tKkfSMXpCT+Nae5gnmtZ12/DSyDZ1hiwiyE6nCCDPcpcVLD+0/LblPtX5grW+QX +0cO50ZKLa6eJebDZ4YxLuH0UzENl4mMGk1QNiocDwV95e49E5nTSRIx6Y53KEZYm +ipD46yS3Y/aGw4r6Lfi8T1FNAoGBAK+E/NcR1MdFoYFo6T7u++tVT/5Jy4BAjiqV +A7Z3+48aNx16vXB3HkNedkOzWY1/tPXZ1D98DKxdZQw+K6ZqYiIBQA6qH429dDw9 +XruHYtXNp791lQsFr0boVIBNkZShji4Ia/Tm+/Fgrsx7yKiMt/0JIJZ2+Xp4wJHe +xfQ93lGhAoGAKUP/o9HZ4qedK5jog2v8JDPTur/16uR4t/OJi0j9HNvKyLU3ftTR +PfunPdunbv20jrxMKKSsCEGCrpTkrp6H5rPEc52FzUM9VO+OhdUl27QSeMQSXBKG +ain74EirqUVLYeuH0NYDq8Snrom7FFZoDawP4AUZW0b5YsUlCeTBKEk= +-----END RSA PRIVATE KEY----- diff --git a/jenkins/codefresh.yml b/jenkins/codefresh.yml index 0f7d7c1..afc68b8 100644 --- a/jenkins/codefresh.yml +++ b/jenkins/codefresh.yml @@ -33,3 +33,16 @@ steps: condition: all: executeForMasterBranch: "'${{CF_BRANCH}}' == 'master'" + + CompositionStep: + type: composition + composition: jenkins + composition-candidates: + test-yaml: + image: 'codefreshio/${{IMAGE_NAME}}:latest' + ports: + - 8080 + - 50000 + composition-variables: + - IMAGE_NAME=jenkins-master + diff --git a/jenkins/docker-stack.yml b/jenkins/docker-stack.yml index d507a68..af245b8 100644 --- a/jenkins/docker-stack.yml +++ b/jenkins/docker-stack.yml @@ -4,13 +4,12 @@ services: jenkins: image: quay.io/ppavlov/jenkins-master networks: - - default - - traefik-net + - traefik_traefik-net deploy: replicas: 1 labels: - "traefik.port=8080" - - "traefik.docker.network=traefik-net" + - "traefik.docker.network=traefik_traefik-net" - "traefik.frontend.rule=Host:jenkins.traefik" restart_policy: condition: on-failure @@ -18,7 +17,7 @@ services: parallelism: 1 delay: 10s placement: - constraints: [node.role == worker] + constraints: [node.role != manager] volumes: - jenkins_home:/var/jenkins_home ports: @@ -35,5 +34,5 @@ secrets: volumes: jenkins_home: networks: - traefik-net: + traefik_traefik-net: external: true diff --git a/logstash/docker-stack.yml b/logstash/docker-stack.yml new file mode 100644 index 0000000..2d27078 --- /dev/null +++ b/logstash/docker-stack.yml @@ -0,0 +1,31 @@ +version: '3' +services: + + logstash: + image: logstash + networks: + - elk + ports: + - "5000:5000" +# environment: +# - LS_JAVA_OPTS: "-Xmx256m -Xms256m" +# volumes: +# - logstash:/var/lib/logstash + deploy: + mode: replicated + replicas: 1 + labels: + - "traefik.port=5000" + - "traefik.docker.network=traefik-net" + - "traefik.frontend.rule=Host:logstash.traefik" + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + placement: + constraints: [node.role != manager] + +networks: + traefik-net: + external: true + elk: diff --git a/portainer/docker-stack.yml b/portainer/docker-stack.yml new file mode 100644 index 0000000..9ccd7ec --- /dev/null +++ b/portainer/docker-stack.yml @@ -0,0 +1,21 @@ +version: "3.3" +services: + portainer: + image: portainer/portainer + volumes: + - "/var/run/docker.sock:/var/run/docker.sock" +# - "portainerdata:/data" + networks: + - traefik_traefik-net + deploy: + mode: replicated + replicas: 1 + placement: + constraints: [node.role == manager] + labels: + - "traefik.port=9000" + - "traefik.docker.network=traefik_traefik-net" + - "traefik.frontend.rule=Host:portainer.traefik" +networks: + traefik_traefik-net: + external: true diff --git a/sprint-boot/docker-stack.yml b/sprint-boot/docker-stack.yml new file mode 100644 index 0000000..6e377c7 --- /dev/null +++ b/sprint-boot/docker-stack.yml @@ -0,0 +1,31 @@ +version: "3.3" +services: + ms1: + image: melvindave/spring-boot-example + networks: + - traefik-net + depends_on: + - mongodb + deploy: + replicas: 1 + labels: + - "traefik.port=8080" + - "traefik.docker.network=mystack_traefik-net" + - "traefik.frontend.rule=Host:ms1.traefik" + + mongodb: + image: mongo + volumes: + - "mongodata:/data/db" + networks: + - traefik-net + deploy: + replicas: 1 + ports: + - "27017:27017" + +networks: + traefik-net: + +volumes: + mongodata: diff --git a/traefik/docker-stack.yml b/traefik/docker-stack.yml new file mode 100644 index 0000000..a787d88 --- /dev/null +++ b/traefik/docker-stack.yml @@ -0,0 +1,31 @@ +version: "3.3" +services: + traefik: + image: traefik + command: --web \ + --docker \ + --docker.swarmmode \ + --docker.domain=traefik \ + --docker.watch \ + --logLevel=DEBUG + networks: + - traefik-net + ports: + - "80:80" + - "8080:8080" + volumes: + - /var/run/docker.sock:/var/run/docker.sock +# - /dev/null:/traefik.toml + deploy: + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + placement: + constraints: [node.role==manager] + +networks: + traefik-net: + driver: overlay + driver_opts: + encrypted: "true" diff --git a/unms-config/cert/cert b/unms-config/cert/cert new file mode 120000 index 0000000..ef1ddee --- /dev/null +++ b/unms-config/cert/cert @@ -0,0 +1 @@ +/config/cert \ No newline at end of file diff --git a/unms-config/cert/live.crt b/unms-config/cert/live.crt new file mode 100644 index 0000000..d23d754 --- /dev/null +++ b/unms-config/cert/live.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxTCCAa2gAwIBAgIJAMVlWtEhCxnlMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV +BAMMCWxvY2FsaG9zdDAgFw0xODA5MDcxMzE5MjhaGA8yMTE4MDgxNDEzMTkyOFow +FDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAtshJtHFjWROo0EtsVRVyaABCaVU/Gr/+9GnOplgqqBADXTuKbFAbF4c7 +oy+CAdMd4HKOel+NISARa54zS11FHhEk81gVNizQbOcKl5u6YCEe4bHbODeLCRUO +dKnKfz6PjzTezQFfYQnATSVyPkuFcJcmg743tqP6MsCrNT0LMH6/agGMndtPwUji +y49RaQK1rH72f2Ysu8/vMQ4Cv30oXZt6tI6dMe1j7ZKmeg1iGX0Wkc1RFcGj4y7B +E+2D4+ndNDlVVUq1EUlTuvBpdf4mSlk5qJoe6xYm31lK54vAJTpY1MhwFiLL6mod +wVk5BNeF6k/KjXMDIpO7qd71+gkenwIDAQABoxgwFjAUBgNVHREEDTALgglsb2Nh +bGhvc3QwDQYJKoZIhvcNAQELBQADggEBAE8+zHZ8hp+hTgVF/PgjZjvEEKCgZElS +HrQb4ohEILGorQxhlEvuPxk2L16ZkhqDolRkMpMC1ZctTU3KO/qYijK7bPPa9mLG +ccIQHadC/FOs0BkKfB0UOb+q4AEhMozPAq2P4OdAHGf/1cZEU4DKJLE6P1Nor72F +64dokUC8Ukd7P3p2r1T5e6LgqFLUliCf8krbWANrFHu70zdSbig5MHJ1zJGnhMRA +Y+Y1r11YVpwyiQuC2g57vvdMrMMtf6DVsqirq8/8YGCo7SbVLDtVjm2umcLzAND5 ++/c0gAUkBK3GfmBPkwlLNBcE27hN481NoWAd4LK0M8W5/8zbhjJl1ig= +-----END CERTIFICATE----- diff --git a/unms-config/cert/live.key b/unms-config/cert/live.key new file mode 100644 index 0000000..793c26c --- /dev/null +++ b/unms-config/cert/live.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC2yEm0cWNZE6jQ +S2xVFXJoAEJpVT8av/70ac6mWCqoEANdO4psUBsXhzujL4IB0x3gco56X40hIBFr +njNLXUUeESTzWBU2LNBs5wqXm7pgIR7hsds4N4sJFQ50qcp/Po+PNN7NAV9hCcBN +JXI+S4VwlyaDvje2o/oywKs1PQswfr9qAYyd20/BSOLLj1FpArWsfvZ/Ziy7z+8x +DgK/fShdm3q0jp0x7WPtkqZ6DWIZfRaRzVEVwaPjLsET7YPj6d00OVVVSrURSVO6 +8Gl1/iZKWTmomh7rFibfWUrni8AlOljUyHAWIsvqah3BWTkE14XqT8qNcwMik7up +3vX6CR6fAgMBAAECggEALvHB/FYi7f3enaDBchjQCWYHqIX8byJgmOWT7aU3T3LN +amSgaLEqRCC3cHIDMfTG9550eXmRBbD2yG0ZP4H0/oPouZcl24QnA9FTJx0YARiA +lfbYFtgtHWgLDmuNVqD6vg0WLBDuLj4S5b14WgeLfh9UBQIVzRLQb7iMQGAtP4be +wD2Vrz3yV+947VMMz3zkn3Hua+hb945zJgEXwA7fQm9ZYQaERmHQbVma6GmBwewy +QwidEOoO9cDhvaHvkx3DufDTJrlhUIppEnHKi6fItpdQjbmzTUFvs5S6rBXRSn3J +6XtGKAAiTWNeNEXjRNRpHd12B+Th7vXMqTp3aQN6AQKBgQDn58P/6QIxuCD5oRNd +EPDGBzk7Q8IAhokdWHJEWUQ5nTI2v3Hqx81OrSVZDfzzegjrNOOb3fEPa08tQ33N +WRZyEgHktjz32bWOT1svnSSuvm8Ib+lzKz+qhYCbL2RnTr4q7UHaeDjQGcvehMG4 +QZm8DTgsZv5gKglGTYGWZlj7ywKBgQDJxfJD/obXnorwg9p2QI+u+KPwULWS5sLD +a8So96SAfvjnPKhMA1c4EBeE39RqEZ07MTBG1l41kPC9sTtvptnif9XnBBhS96Rq +dOh+/wT1n95nKugjXqu0ADpLcsrqWqLN6l3zf6S3eO1myS7+KovvD5uyBeyzN3Mp +8DXxC331/QKBgD0V+LP9PZ25Ib5/pmkaYEHZf0LUK1MWHSIEvTyxwt3mQWbYcPpm +HPd/dloJ7Dp6R8UlDlttT+U+4AFNSOMBd38erS8ArfifeUp+LsfQ/eulr/up9vVm +TAPv3JuEFU99F2yZSIJyroxqbyAzGhAd/4/gb46KprDQAddp7Ruf5AqXAoGAc9ax +3LluvrFlwOlh7YvpMaHLtLcRV1ImNL1VPVBXX/IFgfQABwvP8f7DEeTS9UZBh28Y +8UI2+ffJTo5GujYHVxLfQe7G7DMCcJ/HrslIFp/+tioa9dtvJjsPPKudtWftmdxY +ref1L+Q8H0uXMBJLHidO0qi2GLnX4xbmUQmw+h0CgYEAyw9jwKgJN6p2IEdFjDcx +4T8z9uxU+SSen91Mj5vZ2lHWefvsaVa7noyia3zz6nnZen2AJwsySur2nh1c3SQY +mUDHlkhtTniauMdP7Z9Tgk+ZjvNLnCF0Jdu/c1p1SGKVE6KJpD9DzmqXCqrGEVxk +J4H4nURKYg3is3PimH5jgk0= +-----END PRIVATE KEY----- diff --git a/unms-config/unms/config-backups/.gitignore b/unms-config/unms/config-backups/.gitignore new file mode 100644 index 0000000..94548af --- /dev/null +++ b/unms-config/unms/config-backups/.gitignore @@ -0,0 +1,3 @@ +* +*/ +!.gitignore diff --git a/unms-config/unms/images/.gitignore b/unms-config/unms/images/.gitignore new file mode 100644 index 0000000..94548af --- /dev/null +++ b/unms-config/unms/images/.gitignore @@ -0,0 +1,3 @@ +* +*/ +!.gitignore diff --git a/unms-config/unms/unms-backups/.gitignore b/unms-config/unms/unms-backups/.gitignore new file mode 100644 index 0000000..94548af --- /dev/null +++ b/unms-config/unms/unms-backups/.gitignore @@ -0,0 +1,3 @@ +* +*/ +!.gitignore diff --git a/unms-config/unms/update/.gitignore b/unms-config/unms/update/.gitignore new file mode 100644 index 0000000..94548af --- /dev/null +++ b/unms-config/unms/update/.gitignore @@ -0,0 +1,3 @@ +* +*/ +!.gitignore diff --git a/unms/docker-compose.yml b/unms/docker-compose.yml new file mode 100644 index 0000000..e520a78 --- /dev/null +++ b/unms/docker-compose.yml @@ -0,0 +1,19 @@ +version: "3.3" +services: + unms: + image: oznu/unms:latest # use "armhf" instead of "latest" for arm devices + restart: always + deploy: + mode: global + networks: + - unms_default + ports: + - 80:80 + - 443:443 + environment: + - TZ=Europe/London + volumes: + - ../unms-config:/config/ +networks: + unms_default: +# external: true diff --git a/unms/docker-stack.yml b/unms/docker-stack.yml new file mode 100644 index 0000000..f5b3d32 --- /dev/null +++ b/unms/docker-stack.yml @@ -0,0 +1,12 @@ +version: "3.3" +services: + homebridge: + image: oznu/unms:latest # use "armhf" instead of "latest" for arm devices + restart: always + ports: + - 80:80 + - 443:443 + environment: + - TZ=Europe/London + volumes: + - ./unms-config:/config diff --git a/zookeeper/docker-stack.yml b/zookeeper/docker-stack.yml new file mode 100644 index 0000000..268899c --- /dev/null +++ b/zookeeper/docker-stack.yml @@ -0,0 +1,33 @@ +version: '3.1' + +services: + zoo1: + image: zookeeper + restart: always + hostname: zoo1 + ports: + - 2181:2181 + environment: + ZOO_MY_ID: 1 + ZOO_SERVERS: server.1=0.0.0.0:2888:3888 server.2=zoo2:2888:3888 server.3=zoo3:2888:3888 + + zoo2: + image: zookeeper + restart: always + hostname: zoo2 + ports: + - 2182:2181 + environment: + ZOO_MY_ID: 2 + ZOO_SERVERS: server.1=zoo1:2888:3888 server.2=0.0.0.0:2888:3888 server.3=zoo3:2888:3888 + + zoo3: + image: zookeeper + restart: always + hostname: zoo3 + ports: + - 2183:2181 + environment: + ZOO_MY_ID: 3 + ZOO_SERVERS: server.1=zoo1:2888:3888 server.2=zoo2:2888:3888 server.3=0.0.0.0:2888:3888 +