From 8228d47def1e01144eeb03db191997117ca696e4 Mon Sep 17 00:00:00 2001 From: P Pavlov Date: Wed, 18 Apr 2018 12:03:07 +0100 Subject: [PATCH 1/8] Compasition step --- jenkins/codefresh.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/jenkins/codefresh.yml b/jenkins/codefresh.yml index 0f7d7c1..0d6210a 100644 --- a/jenkins/codefresh.yml +++ b/jenkins/codefresh.yml @@ -33,3 +33,15 @@ steps: condition: all: executeForMasterBranch: "'${{CF_BRANCH}}' == 'master'" + + CompositionStep: + type: composition + composition: yaml-composition + composition-candidates: + test-yaml: + image: 'codefreshio/${{IMAGE_NAME}}:latest' + ports: + - 3000 + composition-variables: + - IMAGE_NAME=jenkins-master + From 72943ff6ef0cba461f42eed76bd6118b5f640941 Mon Sep 17 00:00:00 2001 From: P Pavlov Date: Wed, 18 Apr 2018 12:03:55 +0100 Subject: [PATCH 2/8] we --- jenkins/codefresh.yml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/jenkins/codefresh.yml b/jenkins/codefresh.yml index 0d6210a..0f7d7c1 100644 --- a/jenkins/codefresh.yml +++ b/jenkins/codefresh.yml @@ -33,15 +33,3 @@ steps: condition: all: executeForMasterBranch: "'${{CF_BRANCH}}' == 'master'" - - CompositionStep: - type: composition - composition: yaml-composition - composition-candidates: - test-yaml: - image: 'codefreshio/${{IMAGE_NAME}}:latest' - ports: - - 3000 - composition-variables: - - IMAGE_NAME=jenkins-master - From 8d65bc7ae570860fe07730f340574c034ba0c56c Mon Sep 17 00:00:00 2001 From: P Pavlov Date: Wed, 18 Apr 2018 12:05:54 +0100 Subject: [PATCH 3/8] adding composition --- jenkins/codefresh.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/jenkins/codefresh.yml b/jenkins/codefresh.yml index 0f7d7c1..0d6210a 100644 --- a/jenkins/codefresh.yml +++ b/jenkins/codefresh.yml @@ -33,3 +33,15 @@ steps: condition: all: executeForMasterBranch: "'${{CF_BRANCH}}' == 'master'" + + CompositionStep: + type: composition + composition: yaml-composition + composition-candidates: + test-yaml: + image: 'codefreshio/${{IMAGE_NAME}}:latest' + ports: + - 3000 + composition-variables: + - IMAGE_NAME=jenkins-master + From b8be7c31ac76210cb0d1438d8c989a7e23480e07 Mon Sep 17 00:00:00 2001 From: P Pavlov Date: Wed, 18 Apr 2018 12:08:25 +0100 Subject: [PATCH 4/8] correction --- jenkins/codefresh.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/codefresh.yml b/jenkins/codefresh.yml index 0d6210a..114cd6d 100644 --- a/jenkins/codefresh.yml +++ b/jenkins/codefresh.yml @@ -36,7 +36,7 @@ steps: CompositionStep: type: composition - composition: yaml-composition + composition: jenkins composition-candidates: test-yaml: image: 'codefreshio/${{IMAGE_NAME}}:latest' From c41410914e8af4d34bec21e0c8c45ff17eadefe4 Mon Sep 17 00:00:00 2001 From: P Pavlov Date: Wed, 18 Apr 2018 12:12:23 +0100 Subject: [PATCH 5/8] adding ports --- jenkins/codefresh.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/jenkins/codefresh.yml b/jenkins/codefresh.yml index 114cd6d..afc68b8 100644 --- a/jenkins/codefresh.yml +++ b/jenkins/codefresh.yml @@ -41,7 +41,8 @@ steps: test-yaml: image: 'codefreshio/${{IMAGE_NAME}}:latest' ports: - - 3000 + - 8080 + - 50000 composition-variables: - IMAGE_NAME=jenkins-master From cf9f5faac8bba8f97f20c755eb82d29eeb042bea Mon Sep 17 00:00:00 2001 From: P Pavlov Date: Thu, 10 May 2018 12:35:47 +0100 Subject: [PATCH 6/8] Adding some new stacks Adding some more --- artifactory/artifactory-ha.yml | 99 ++++++++++++++++++++++++++++++++++ artifactory/docker-compose.yml | 66 +++++++++++++++++++++++ artifactory/docker-stack.yml | 77 ++++++++++++++++---------- gitlab/docker-stack.yml | 6 ++- haproxy/Dockerfile | 16 ++++++ haproxy/haproxy.cfg | 48 +++++++++++++++++ haproxy/server.bundle.pem | 49 +++++++++++++++++ haproxy/server.crt | 22 ++++++++ haproxy/server.csr | 18 +++++++ haproxy/server.key | 27 ++++++++++ jenkins/docker-stack.yml | 3 +- logstash/docker-stack.yml | 29 ++++++++++ portainer/docker-stack.yml | 19 +++++++ sprint-boot/docker-stack.yml | 31 +++++++++++ traefik/docker-stack.yml | 23 ++++++++ 15 files changed, 500 insertions(+), 33 deletions(-) create mode 100644 artifactory/artifactory-ha.yml create mode 100644 artifactory/docker-compose.yml create mode 100644 haproxy/Dockerfile create mode 100644 haproxy/haproxy.cfg create mode 100644 haproxy/server.bundle.pem create mode 100644 haproxy/server.crt create mode 100644 haproxy/server.csr create mode 100644 haproxy/server.key create mode 100644 logstash/docker-stack.yml create mode 100644 portainer/docker-stack.yml create mode 100644 sprint-boot/docker-stack.yml create mode 100644 traefik/docker-stack.yml diff --git a/artifactory/artifactory-ha.yml b/artifactory/artifactory-ha.yml new file mode 100644 index 0000000..51950cc --- /dev/null +++ b/artifactory/artifactory-ha.yml @@ -0,0 +1,99 @@ +version: '2' +services: + postgresql: + image: docker.bintray.io/postgres:9.5.2 + container_name: postgresql + ports: + - 5432:5432 + environment: + - POSTGRES_DB=artifactory + # The following must match the DB_USER and DB_PASSWORD values passed to Artifactory + - POSTGRES_USER=artifactory + - POSTGRES_PASSWORD=password + volumes: + - /data/postgresql:/var/lib/postgresql/data + restart: always + ulimits: + nproc: 65535 + nofile: + soft: 32000 + hard: 40000 + artifactory-node1: + image: docker.bintray.io/jfrog/artifactory-pro:5.10.4 + container_name: artifactory-node1 + ports: + - 8081:8081 + depends_on: + - postgresql + links: + - postgresql + volumes: + - /data/artifactory/node1:/var/opt/jfrog/artifactory + environment: + - HA_IS_PRIMARY=true + - HA_MEMBERSHIP_PORT=10017 + - DB_TYPE=postgresql + # The following must match the POSTGRES_USER and POSTGRES_PASSWORD values passed to PostgreSQL + - DB_USER=artifactory + - DB_PASSWORD=password + # Add extra Java options by uncommenting the following line + #- EXTRA_JAVA_OPTIONS=-Xmx4g + restart: always + ulimits: + nproc: 65535 + nofile: + soft: 32000 + hard: 40000 + artifactory-node2: + image: docker.bintray.io/jfrog/artifactory-pro:5.10.4 + container_name: artifactory-node2 + ports: + - 8082:8081 + depends_on: + - postgresql + - artifactory-node1 + links: + - postgresql + # Must pass this to non primary so it can wait for primary to be up + - artifactory-node1 + volumes: + - /data/artifactory/node2:/var/opt/jfrog/artifactory + environment: + - HA_IS_PRIMARY=false + - HA_MEMBERSHIP_PORT=10017 + - DB_TYPE=postgresql + # The following must match the POSTGRES_USER and POSTGRES_PASSWORD values passed to PostgreSQL + - DB_USER=artifactory + - DB_PASSWORD=password + # Add extra Java options by uncommenting the following line + #- EXTRA_JAVA_OPTIONS=-Xmx4g + restart: always + ulimits: + nproc: 65535 + nofile: + soft: 32000 + hard: 40000 + nginx: + image: docker.bintray.io/jfrog/nginx-artifactory-pro:5.10.4 + container_name: nginx + ports: + - 80:80 + - 443:443 + depends_on: + - artifactory-node1 + - artifactory-node2 + links: + - artifactory-node1 + - artifactory-node2 + volumes: + - /data/nginx:/var/opt/jfrog/nginx + environment: + - ART_BASE_URL=http://artifactory-node1:8081/artifactory + - SSL=true + restart: always + ulimits: + nproc: 65535 + nofile: + soft: 32000 + hard: 40000 + diff --git a/artifactory/docker-compose.yml b/artifactory/docker-compose.yml new file mode 100644 index 0000000..4638fa4 --- /dev/null +++ b/artifactory/docker-compose.yml @@ -0,0 +1,66 @@ +version: '3' +services: + postgresql: + image: docker.bintray.io/postgres:9.5.2 + container_name: postgresql + ports: + - 5432:5432 + environment: + - POSTGRES_DB=artifactory + # The following must match the DB_USER and DB_PASSWORD values passed to Artifactory + - POSTGRES_USER=artifactory + - POSTGRES_PASSWORD=${POSTGRES_PSWRD} + volumes: + - /data/postgresql:/var/lib/postgresql/data + restart: always + ulimits: + nproc: 65535 + nofile: + soft: 32000 + hard: 40000 + artifactory: + image: docker.bintray.io/jfrog/artifactory-pro:5.10.4 + container_name: artifactory + ports: + - 8081:8081 + depends_on: + - postgresql + links: + - postgresql + volumes: + - /data/artifactory:/var/opt/jfrog/artifactory + environment: + - DB_TYPE=postgresql + # The following must match the POSTGRES_USER and POSTGRES_PASSWORD values passed to PostgreSQL + - DB_USER=artifactory + - DB_PASSWORD=${POSTGRES_PSWRD} + # Add extra Java options by uncommenting the following line + #- EXTRA_JAVA_OPTIONS=-Xmx4g + restart: always + ulimits: + nproc: 65535 + nofile: + soft: 32000 + hard: 40000 + nginx: + image: docker.bintray.io/jfrog/nginx-artifactory-pro:5.10.4 + container_name: nginx + ports: + - 80:80 + - 443:443 + depends_on: + - artifactory + links: + - artifactory + volumes: + - /data/nginx:/var/opt/jfrog/nginx + environment: + - ART_BASE_URL=http://artifactory:8081/artifactory + - SSL=true + restart: always + ulimits: + nproc: 65535 + nofile: + soft: 32000 + hard: 40000 + diff --git a/artifactory/docker-stack.yml b/artifactory/docker-stack.yml index ff00fbd..9bc4ed4 100644 --- a/artifactory/docker-stack.yml +++ b/artifactory/docker-stack.yml @@ -1,9 +1,11 @@ -version: '3.6' +version: '3' services: - postgres: + postgresql: image: postgres + networks: + - default ports: - 5432:5432 environment: @@ -24,22 +26,29 @@ services: constraints: [node.role != manager] artifactory: - image: jfrog-docker-reg2.bintray.io/jfrog/artifactory-pro:latest + image: docker.bintray.io/jfrog/artifactory-oss:latest + networks: + - default + - traefik-net ports: - 8081:8081 depends_on: - - postgres + - postgresql deploy: mode: replicated replicas: 1 + labels: + - "traefik.port=8081" + - "traefik.docker.network=traefik-net" + - "traefik.frontend.rule=Host:artifactory.traefik" restart_policy: condition: on-failure delay: 5s max_attempts: 3 placement: constraints: [node.role != manager] - volumes: - - artifactory:/var/opt/jfrog/artifactory +# volumes: +# - artifactory:/var/opt/jfrog/artifactory environment: - DB_TYPE=postgresql # The following must match the POSTGRES_USER and POSTGRES_PASSWORD values passed to PostgreSQL @@ -48,27 +57,37 @@ services: # Adding extra Java options by uncommenting the following line #- EXTRA_JAVA_OPTIONS=-Xmx4g - nginx: - image: jfrog.bintray.com/reg2/jfrog/nginx-artifactory-pro:latest - ports: - - 80:80 - - 443:443 - depends_on: - - artifactory - deploy: - mode: replicated - replicas: 1 - restart_policy: - condition: on-failure - delay: 5s - max_attempts: 3 - placement: - constraints: [node.role != manager] - volumes: - - artifactory:/var/opt/jfrog/nginx - environment: - - ART_BASE_URL=http://artifactory:8081/artifactory - - SSL=true +# nginx: +# image: docker.bintray.io/jfrog/nginx-artifactory-pro:latest +# ports: +# - 8082:8082 +# - 443:443 +# depends_on: +# - artifactory +# deploy: +# mode: replicated +# replicas: 1 +# labels: +# - "traefik.port=8082" +# - "traefik.frontend.entryPoints=http" +# - "traefik.docker.network=traefik-net" +# - "traefik.frontend.rule=Host:artifactory.traefik" +# restart_policy: +# condition: on-failure +# delay: 5s +# max_attempts: 3 +# placement: +# constraints: [node.role != manager] +# volumes: +# - artifactory:/var/opt/jfrog/nginx +# environment: +# - ART_BASE_URL=http://artifactory:8081/artifactory +# - SSL=true + +#volumes: +# artifactory: +networks: + traefik-net: + external: true + default: -volumes: - artifactory: diff --git a/gitlab/docker-stack.yml b/gitlab/docker-stack.yml index b1f377f..d9d8234 100644 --- a/gitlab/docker-stack.yml +++ b/gitlab/docker-stack.yml @@ -2,13 +2,15 @@ version: "3.6" services: gitlab: - image: "gitlab/gitlab-ce:10.3.3-ce.0" + image: "gitlab/gitlab-ce:latest" volumes: - "gitlab_data:/var/opt/gitlab" - "gitlab_logs:/var/log/gitlab" - "gitlab_config:/etc/gitlab" ports: - - "2222:22" + - "22:22" + - "443:443" + - "80:80" configs: - source: "gitlab.rb" target: "/etc/gitlab/gitlab.rb" diff --git a/haproxy/Dockerfile b/haproxy/Dockerfile new file mode 100644 index 0000000..66f2c47 --- /dev/null +++ b/haproxy/Dockerfile @@ -0,0 +1,16 @@ +FROM haproxy + +# Create a system group and user to be used by HAProxy. +ENV HAPROXY_USER haproxy +RUN groupadd --system ${HAPROXY_USER} && \ + useradd --system --gid ${HAPROXY_USER} ${HAPROXY_USER} && \ + mkdir --parents /var/lib/${HAPROXY_USER} && \ + mkdir --parents /run/${HAPROXY_USER} && \ + chown -R ${HAPROXY_USER}:${HAPROXY_USER} /var/lib/${HAPROXY_USER} + +#Adding Certificate +COPY server.bundle.pem /etc/ssl/certs/server.bundle.pem + +# Now copy the configurations file +COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg + diff --git a/haproxy/haproxy.cfg b/haproxy/haproxy.cfg new file mode 100644 index 0000000..78a9850 --- /dev/null +++ b/haproxy/haproxy.cfg @@ -0,0 +1,48 @@ +global + log 127.0.0.1 local0 + chroot /var/lib/haproxy + maxconn 4096 + user haproxy + group haproxy + daemon + tune.ssl.default-dh-param 2048 + stats socket /run/haproxy/admin.sock mode 660 level admin + +stats enable + stats socket /var/run/haproxy.sock mode 600 level admin + stats timeout 2m + +defaults + log global + mode http + option httplog + option dontlognull + option redispatch + option forwardfor + option http-server-close + maxconn 4000 + timeout connect 5000 + timeout client 50000 + timeout server 50000 + errorfile 400 /usr/local/etc/haproxy/errors/400.http + errorfile 403 /usr/local/etc/haproxy/errors/403.http + errorfile 408 /usr/local/etc/haproxy/errors/408.http + errorfile 500 /usr/local/etc/haproxy/errors/500.http + errorfile 502 /usr/local/etc/haproxy/errors/502.http + errorfile 503 /usr/local/etc/haproxy/errors/503.http + errorfile 504 /usr/local/etc/haproxy/errors/504.http + +frontend normal + bind *:80 + bind *:443 ssl crt /etc/ssl/certs/server.bundle.pem + mode http + option forwardfor +# reqirep ^([^ :]*)/v2(.*$)1 /artifactory/api/docker/docker-local + reqadd X-Forwarded-Proto:\ https +# reqadd X-Forwarded-Proto: https if { ssl_fc } + option forwardfor header X-Real-IP + default_backend normal + +backend normal + mode http + server artifactory artifcatoy.domain.com:8081 diff --git a/haproxy/server.bundle.pem b/haproxy/server.bundle.pem new file mode 100644 index 0000000..19346e6 --- /dev/null +++ b/haproxy/server.bundle.pem @@ -0,0 +1,49 @@ +-----BEGIN CERTIFICATE----- +MIIDpjCCAo4CCQCMXbNm1pd3UDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMC +VUsxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMQ4wDAYDVQQKDAVK +ZnJvZzEVMBMGA1UECwwMSnJvZyBTdXBwb3J0MRwwGgYDVQQDDBNhcnRpZmFjdG9y +eS50cmFlZmlrMR4wHAYJKoZIhvcNAQkBFg9qZnJvZ0BqZnJvZy5jb20wHhcNMTgw +NDIwMTEzODMwWhcNMTkwNDIwMTEzODMwWjCBlDELMAkGA1UEBhMCVUsxDzANBgNV +BAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMQ4wDAYDVQQKDAVKZnJvZzEVMBMG +A1UECwwMSnJvZyBTdXBwb3J0MRwwGgYDVQQDDBNhcnRpZmFjdG9yeS50cmFlZmlr +MR4wHAYJKoZIhvcNAQkBFg9qZnJvZ0BqZnJvZy5jb20wggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQChzKEnhNS2KCxcxi20gcc5NnqdM4mOtULKEo1LJsW8 +iaMSrBuhKWeQI8n8y2mjLfAqiBWk71qDSYsDp9iOAnZ5hHaxJc/ijXCGD8WFLl3H +texSwSgV3ckGAWNpyhfykz4czxtJ9/2gav60Kw5t0CoEBKwyZhmmpd6U4EwzjzG5 +lfoAOHKxl8rLi1VbAnOQdSkPCq2pun25R8x5047jjoegAA1xaVuBG3NB0DUJ8uoo +Nkfr5kTKx3jFz9qc5StuFP/zzNAne10BOiqDXpwY35svZ4oC66iu3IuJ1BNjB3Zz +q9bRU+6KPAjP/mUCM4u/CsaOoTjAFZAJZGhCERvGLSONAgMBAAEwDQYJKoZIhvcN +AQEFBQADggEBAGEC+sYv//8/G4j8hK2Dsj7sJlIUpE8FjwC9C7N+OcKG0M8vgiHU +O+ml4wlMcQ/AVDJOdyNR1NkxM7KOAGYQ/eyKoEozcb95UG780Aapn7rNBGoPSOGu +k8sk9MEtNck/28IOCyRkRHGryUVpphmToSlIvsC9iVkBuc6KsFY8OSSdu3x6V16+ +LbtYwu297F0CLcp6JVXdVKbyl+WOZqbVxD+8j7dRnYyaILq3I7jB3qGA2tmKtXPR +tX5hv7l4asPYgj1uz26FQza3rsGkWaij0y12TSQos0gDxtlla+iV3yHirjHkr2pZ +y/fKe7A3yhuAJ+WsP0nxp9t/rkl3yp8APS8= +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAocyhJ4TUtigsXMYttIHHOTZ6nTOJjrVCyhKNSybFvImjEqwb +oSlnkCPJ/Mtpoy3wKogVpO9ag0mLA6fYjgJ2eYR2sSXP4o1whg/FhS5dx7XsUsEo +Fd3JBgFjacoX8pM+HM8bSff9oGr+tCsObdAqBASsMmYZpqXelOBMM48xuZX6ADhy +sZfKy4tVWwJzkHUpDwqtqbp9uUfMedOO446HoAANcWlbgRtzQdA1CfLqKDZH6+ZE +ysd4xc/anOUrbhT/88zQJ3tdAToqg16cGN+bL2eKAuuortyLidQTYwd2c6vW0VPu +ijwIz/5lAjOLvwrGjqE4wBWQCWRoQhEbxi0jjQIDAQABAoIBAQCTt5fV1Z7B43GF +DeXCa82wPT26ccf/gxtEE6Xt26sh02MPdBQRkhSb8yDA7BE4yoL+wZlJKMExJZ6G +KuI53KO/k6EtYEEoLEt0CcgiLE+wOjZU40YumHqkQfY6Kiis7aMCeE8IvCFRKP37 +DWgx95+0ZXO026RFkh/hOdo4JF6YeJHUIMaVo8bKKwO2YPJ+9QWmCUh5RDwu2dch +kK+0jVWMJ4v3QmVbXokd19Lxq90cEcDLsh46l7ctdWN8oxxjQ/FCHlnlMCrWzOd2 +VLyTv1gA5V1DCLR1A6EyS9F9kzwo7Zd458VmbvAXnwbrKo9dIk6BX9lk2jHu+bd7 +6QRJcouBAoGBAMwg5BfEBVoPl6dk4nWI9pqWrfSoYWaouywXSVjC8Fs0wZ+CPcrq +mV16nQtVtcoJ/JBJC3PMWurPjY0ZxXF3xA6BY/IMY4wnX+nkibUZq8bxBTv7FH58 +XSvQY4mBZAtDXhA00NiT51+oZ9wv6ZpE4MGspyIPiQnlrHP/DnSGM2BtAoGBAMrq +HPusHNDzdoO9H3q6kDhdE/jM/gkq3vsIinRDnueb2RukFpNkMmPnPgtS9Sb2zaHt +1B7obrHfDLFFd5QLOErDDLPnaFanrt3V70AMkJXbVEHwCw69ElnDvyMOlxoQ8ntu +Lr7FxY6p4PH0KiAh0Tbp2RSV+xDwp7/Mqa8MOhuhAoGBALkdxtxKlvPimgxjL/+Y +8tKkfSMXpCT+Nae5gnmtZ12/DSyDZ1hiwiyE6nCCDPcpcVLD+0/LblPtX5grW+QX +0cO50ZKLa6eJebDZ4YxLuH0UzENl4mMGk1QNiocDwV95e49E5nTSRIx6Y53KEZYm +ipD46yS3Y/aGw4r6Lfi8T1FNAoGBAK+E/NcR1MdFoYFo6T7u++tVT/5Jy4BAjiqV +A7Z3+48aNx16vXB3HkNedkOzWY1/tPXZ1D98DKxdZQw+K6ZqYiIBQA6qH429dDw9 +XruHYtXNp791lQsFr0boVIBNkZShji4Ia/Tm+/Fgrsx7yKiMt/0JIJZ2+Xp4wJHe +xfQ93lGhAoGAKUP/o9HZ4qedK5jog2v8JDPTur/16uR4t/OJi0j9HNvKyLU3ftTR +PfunPdunbv20jrxMKKSsCEGCrpTkrp6H5rPEc52FzUM9VO+OhdUl27QSeMQSXBKG +ain74EirqUVLYeuH0NYDq8Snrom7FFZoDawP4AUZW0b5YsUlCeTBKEk= +-----END RSA PRIVATE KEY----- diff --git a/haproxy/server.crt b/haproxy/server.crt new file mode 100644 index 0000000..4e196f7 --- /dev/null +++ b/haproxy/server.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDpjCCAo4CCQCMXbNm1pd3UDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMC +VUsxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMQ4wDAYDVQQKDAVK +ZnJvZzEVMBMGA1UECwwMSnJvZyBTdXBwb3J0MRwwGgYDVQQDDBNhcnRpZmFjdG9y +eS50cmFlZmlrMR4wHAYJKoZIhvcNAQkBFg9qZnJvZ0BqZnJvZy5jb20wHhcNMTgw +NDIwMTEzODMwWhcNMTkwNDIwMTEzODMwWjCBlDELMAkGA1UEBhMCVUsxDzANBgNV +BAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMQ4wDAYDVQQKDAVKZnJvZzEVMBMG +A1UECwwMSnJvZyBTdXBwb3J0MRwwGgYDVQQDDBNhcnRpZmFjdG9yeS50cmFlZmlr +MR4wHAYJKoZIhvcNAQkBFg9qZnJvZ0BqZnJvZy5jb20wggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQChzKEnhNS2KCxcxi20gcc5NnqdM4mOtULKEo1LJsW8 +iaMSrBuhKWeQI8n8y2mjLfAqiBWk71qDSYsDp9iOAnZ5hHaxJc/ijXCGD8WFLl3H +texSwSgV3ckGAWNpyhfykz4czxtJ9/2gav60Kw5t0CoEBKwyZhmmpd6U4EwzjzG5 +lfoAOHKxl8rLi1VbAnOQdSkPCq2pun25R8x5047jjoegAA1xaVuBG3NB0DUJ8uoo +Nkfr5kTKx3jFz9qc5StuFP/zzNAne10BOiqDXpwY35svZ4oC66iu3IuJ1BNjB3Zz +q9bRU+6KPAjP/mUCM4u/CsaOoTjAFZAJZGhCERvGLSONAgMBAAEwDQYJKoZIhvcN +AQEFBQADggEBAGEC+sYv//8/G4j8hK2Dsj7sJlIUpE8FjwC9C7N+OcKG0M8vgiHU +O+ml4wlMcQ/AVDJOdyNR1NkxM7KOAGYQ/eyKoEozcb95UG780Aapn7rNBGoPSOGu +k8sk9MEtNck/28IOCyRkRHGryUVpphmToSlIvsC9iVkBuc6KsFY8OSSdu3x6V16+ +LbtYwu297F0CLcp6JVXdVKbyl+WOZqbVxD+8j7dRnYyaILq3I7jB3qGA2tmKtXPR +tX5hv7l4asPYgj1uz26FQza3rsGkWaij0y12TSQos0gDxtlla+iV3yHirjHkr2pZ +y/fKe7A3yhuAJ+WsP0nxp9t/rkl3yp8APS8= +-----END CERTIFICATE----- diff --git a/haproxy/server.csr b/haproxy/server.csr new file mode 100644 index 0000000..aac2b24 --- /dev/null +++ b/haproxy/server.csr @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIC2jCCAcICAQAwgZQxCzAJBgNVBAYTAlVLMQ8wDQYDVQQIDAZMb25kb24xDzAN +BgNVBAcMBkxvbmRvbjEOMAwGA1UECgwFSmZyb2cxFTATBgNVBAsMDEpyb2cgU3Vw +cG9ydDEcMBoGA1UEAwwTYXJ0aWZhY3RvcnkudHJhZWZpazEeMBwGCSqGSIb3DQEJ +ARYPamZyb2dAamZyb2cuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAocyhJ4TUtigsXMYttIHHOTZ6nTOJjrVCyhKNSybFvImjEqwboSlnkCPJ/Mtp +oy3wKogVpO9ag0mLA6fYjgJ2eYR2sSXP4o1whg/FhS5dx7XsUsEoFd3JBgFjacoX +8pM+HM8bSff9oGr+tCsObdAqBASsMmYZpqXelOBMM48xuZX6ADhysZfKy4tVWwJz +kHUpDwqtqbp9uUfMedOO446HoAANcWlbgRtzQdA1CfLqKDZH6+ZEysd4xc/anOUr +bhT/88zQJ3tdAToqg16cGN+bL2eKAuuortyLidQTYwd2c6vW0VPuijwIz/5lAjOL +vwrGjqE4wBWQCWRoQhEbxi0jjQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAHQ8 +Y56KcG6cUUhLzowgDbsJVUGmjLkiONvDEzfDnpjXHOfhEsoX5ZeJOBuZL+YlMlOD +ml6i7Q/BPIVY4vphxZlij1munzDOK01WdMZpILXUMjAmrYcKV2Ps9z6BDYpORFpt +arS+2qmUpTef+BpAIdoJNkaCWuxWCSJ+EmICpdqM0hrF0ShKGztoYlOqqc4Qw0eq +N+/R6MmOhAXMaLthaMUITv5hBwlXina5iPUzUZ/tJEOos4ReYCMcHmxbVR68OzQi +0QlvRez0S+swx5psNJQFt/vrucPwvI+FKiJt/aNnwmxgCB4D5Q3QdeH03SZCHlIg +lXTkYciBVA1Ry6RdYw4= +-----END CERTIFICATE REQUEST----- diff --git a/haproxy/server.key b/haproxy/server.key new file mode 100644 index 0000000..bfd767f --- /dev/null +++ b/haproxy/server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAocyhJ4TUtigsXMYttIHHOTZ6nTOJjrVCyhKNSybFvImjEqwb +oSlnkCPJ/Mtpoy3wKogVpO9ag0mLA6fYjgJ2eYR2sSXP4o1whg/FhS5dx7XsUsEo +Fd3JBgFjacoX8pM+HM8bSff9oGr+tCsObdAqBASsMmYZpqXelOBMM48xuZX6ADhy +sZfKy4tVWwJzkHUpDwqtqbp9uUfMedOO446HoAANcWlbgRtzQdA1CfLqKDZH6+ZE +ysd4xc/anOUrbhT/88zQJ3tdAToqg16cGN+bL2eKAuuortyLidQTYwd2c6vW0VPu +ijwIz/5lAjOLvwrGjqE4wBWQCWRoQhEbxi0jjQIDAQABAoIBAQCTt5fV1Z7B43GF +DeXCa82wPT26ccf/gxtEE6Xt26sh02MPdBQRkhSb8yDA7BE4yoL+wZlJKMExJZ6G +KuI53KO/k6EtYEEoLEt0CcgiLE+wOjZU40YumHqkQfY6Kiis7aMCeE8IvCFRKP37 +DWgx95+0ZXO026RFkh/hOdo4JF6YeJHUIMaVo8bKKwO2YPJ+9QWmCUh5RDwu2dch +kK+0jVWMJ4v3QmVbXokd19Lxq90cEcDLsh46l7ctdWN8oxxjQ/FCHlnlMCrWzOd2 +VLyTv1gA5V1DCLR1A6EyS9F9kzwo7Zd458VmbvAXnwbrKo9dIk6BX9lk2jHu+bd7 +6QRJcouBAoGBAMwg5BfEBVoPl6dk4nWI9pqWrfSoYWaouywXSVjC8Fs0wZ+CPcrq +mV16nQtVtcoJ/JBJC3PMWurPjY0ZxXF3xA6BY/IMY4wnX+nkibUZq8bxBTv7FH58 +XSvQY4mBZAtDXhA00NiT51+oZ9wv6ZpE4MGspyIPiQnlrHP/DnSGM2BtAoGBAMrq +HPusHNDzdoO9H3q6kDhdE/jM/gkq3vsIinRDnueb2RukFpNkMmPnPgtS9Sb2zaHt +1B7obrHfDLFFd5QLOErDDLPnaFanrt3V70AMkJXbVEHwCw69ElnDvyMOlxoQ8ntu +Lr7FxY6p4PH0KiAh0Tbp2RSV+xDwp7/Mqa8MOhuhAoGBALkdxtxKlvPimgxjL/+Y +8tKkfSMXpCT+Nae5gnmtZ12/DSyDZ1hiwiyE6nCCDPcpcVLD+0/LblPtX5grW+QX +0cO50ZKLa6eJebDZ4YxLuH0UzENl4mMGk1QNiocDwV95e49E5nTSRIx6Y53KEZYm +ipD46yS3Y/aGw4r6Lfi8T1FNAoGBAK+E/NcR1MdFoYFo6T7u++tVT/5Jy4BAjiqV +A7Z3+48aNx16vXB3HkNedkOzWY1/tPXZ1D98DKxdZQw+K6ZqYiIBQA6qH429dDw9 +XruHYtXNp791lQsFr0boVIBNkZShji4Ia/Tm+/Fgrsx7yKiMt/0JIJZ2+Xp4wJHe +xfQ93lGhAoGAKUP/o9HZ4qedK5jog2v8JDPTur/16uR4t/OJi0j9HNvKyLU3ftTR +PfunPdunbv20jrxMKKSsCEGCrpTkrp6H5rPEc52FzUM9VO+OhdUl27QSeMQSXBKG +ain74EirqUVLYeuH0NYDq8Snrom7FFZoDawP4AUZW0b5YsUlCeTBKEk= +-----END RSA PRIVATE KEY----- diff --git a/jenkins/docker-stack.yml b/jenkins/docker-stack.yml index d507a68..dcd2a1f 100644 --- a/jenkins/docker-stack.yml +++ b/jenkins/docker-stack.yml @@ -4,7 +4,6 @@ services: jenkins: image: quay.io/ppavlov/jenkins-master networks: - - default - traefik-net deploy: replicas: 1 @@ -18,7 +17,7 @@ services: parallelism: 1 delay: 10s placement: - constraints: [node.role == worker] + constraints: [node.role != manager] volumes: - jenkins_home:/var/jenkins_home ports: diff --git a/logstash/docker-stack.yml b/logstash/docker-stack.yml new file mode 100644 index 0000000..4a6f031 --- /dev/null +++ b/logstash/docker-stack.yml @@ -0,0 +1,29 @@ +version: '3' +services: + + logstash: + image: logstash + networks: + - elk + ports: + - "5000:5000" + environment: + LS_JAVA_OPTS: "-Xmx256m -Xms256m" + #volumes: + # - logstash:/var/lib/logstash + deploy: + mode: replicated + replicas: 1 + labels: + - "traefik.port=5000" + - "traefik.docker.network=elk" + - "traefik.frontend.rule=Host:logstash.traefik" + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + placement: + constraints: [node.role != manager] + +networks: + elk: diff --git a/portainer/docker-stack.yml b/portainer/docker-stack.yml new file mode 100644 index 0000000..9f72b3a --- /dev/null +++ b/portainer/docker-stack.yml @@ -0,0 +1,19 @@ +version: "3.3" +services: + portainer: + image: portainer/portainer + volumes: + - "/var/run/docker.sock:/var/run/docker.sock" + - "portainerdata:/data" + networks: + - traefik-net + deploy: + placement: + constraints: [node.role == manager] + labels: + - "traefik.enable=true" + - "traefik.port=9000" + - "traefik.docker.network=mystack_traefik-net" + - "traefik.frontend.rule=Host:portainer.traefik" +networks: + traefik-net: diff --git a/sprint-boot/docker-stack.yml b/sprint-boot/docker-stack.yml new file mode 100644 index 0000000..6e377c7 --- /dev/null +++ b/sprint-boot/docker-stack.yml @@ -0,0 +1,31 @@ +version: "3.3" +services: + ms1: + image: melvindave/spring-boot-example + networks: + - traefik-net + depends_on: + - mongodb + deploy: + replicas: 1 + labels: + - "traefik.port=8080" + - "traefik.docker.network=mystack_traefik-net" + - "traefik.frontend.rule=Host:ms1.traefik" + + mongodb: + image: mongo + volumes: + - "mongodata:/data/db" + networks: + - traefik-net + deploy: + replicas: 1 + ports: + - "27017:27017" + +networks: + traefik-net: + +volumes: + mongodata: diff --git a/traefik/docker-stack.yml b/traefik/docker-stack.yml new file mode 100644 index 0000000..677943a --- /dev/null +++ b/traefik/docker-stack.yml @@ -0,0 +1,23 @@ +version: "3.3" +services: + traefik: + image: traefik + command: --web \ + --docker \ + --docker.swarmmode \ + --docker.domain=traefik \ + --docker.watch \ + --logLevel=DEBUG + networks: + - traefik-net + ports: + - "80:80" + - "8080:8080" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /dev/null:/traefik.toml + deploy: + placement: + constraints: [node.role==manager] +networks: + traefik-net: From ff7d4ce71b3036d143ee6de8a66384ebcc69c60a Mon Sep 17 00:00:00 2001 From: Pavel Pavlov Date: Mon, 22 Oct 2018 09:10:52 +0100 Subject: [PATCH 7/8] Adsing some new files --- artifactory/docker-stack-nginx.yml | 95 ++++++++++++++++ artifactory/docker-stack.yml | 46 ++------ gitlab/Dockerfile | 10 ++ gitlab/docker-stack.yml | 121 ++++++++++++++------- gitlab/gitlab.rb | 10 +- jenkins/docker-stack.yml | 6 +- logstash/docker-stack.yml | 12 +- portainer/docker-stack.yml | 12 +- traefik/docker-stack.yml | 10 +- unms-config/cert/cert | 1 + unms-config/cert/live.crt | 17 +++ unms-config/cert/live.key | 28 +++++ unms-config/unms/config-backups/.gitignore | 3 + unms-config/unms/images/.gitignore | 3 + unms-config/unms/unms-backups/.gitignore | 3 + unms-config/unms/update/.gitignore | 3 + unms/docker-compose.yml | 19 ++++ unms/docker-stack.yml | 12 ++ zookeeper/docker-stack.yml | 33 ++++++ 19 files changed, 349 insertions(+), 95 deletions(-) create mode 100644 artifactory/docker-stack-nginx.yml create mode 100644 gitlab/Dockerfile create mode 120000 unms-config/cert/cert create mode 100644 unms-config/cert/live.crt create mode 100644 unms-config/cert/live.key create mode 100644 unms-config/unms/config-backups/.gitignore create mode 100644 unms-config/unms/images/.gitignore create mode 100644 unms-config/unms/unms-backups/.gitignore create mode 100644 unms-config/unms/update/.gitignore create mode 100644 unms/docker-compose.yml create mode 100644 unms/docker-stack.yml create mode 100644 zookeeper/docker-stack.yml diff --git a/artifactory/docker-stack-nginx.yml b/artifactory/docker-stack-nginx.yml new file mode 100644 index 0000000..9461054 --- /dev/null +++ b/artifactory/docker-stack-nginx.yml @@ -0,0 +1,95 @@ +version: '3' + +services: + + postgresql: + image: postgres + networks: + - default + ports: + - 5432:5432 + environment: + - POSTGRES_DB=artifactory + # The following must match the DB_USER and DB_PASSWORD values passed to Artifactory + - POSTGRES_USER=artifactory + - POSTGRES_PASSWORD=password + #volumes: + # - postgres:/var/lib/postgresql/data + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + placement: + constraints: [node.role != manager] + + artifactory: + image: docker.bintray.io/jfrog/artifactory-oss:latest + networks: + - default + - traefik-net +# ports: +# - 8081:8081 + depends_on: + - postgresql + deploy: + mode: replicated + replicas: 1 + labels: + - "traefik.port=8081" + - "traefik.docker.network=traefik-net" + - "traefik.frontend.rule=Host:artifactory.traefik" + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + placement: + constraints: [node.role != manager] +# volumes: +# - artifactory:/var/opt/jfrog/artifactory + environment: + - DB_TYPE=postgresql + # The following must match the POSTGRES_USER and POSTGRES_PASSWORD values passed to PostgreSQL + - DB_USER=artifactory + - DB_PASSWORD=password + # Adding extra Java options by uncommenting the following line + #- EXTRA_JAVA_OPTIONS=-Xmx4g + +# nginx: +# image: docker.bintray.io/jfrog/nginx-artifactory-pro:latest +# ports: +# - 8082:8082 +# - 443:443 +# depends_on: +# - artifactory +# deploy: +# mode: replicated +# replicas: 1 +# labels: +# - "traefik.port=8082" +# - "traefik.frontend.entryPoints=http" +# - "traefik.docker.network=traefik-net" +# - "traefik.frontend.rule=Host:artifactory.traefik" +# restart_policy: +# condition: on-failure +# delay: 5s +# max_attempts: 3 +# placement: +# constraints: [node.role != manager] +# volumes: +# - artifactory:/var/opt/jfrog/nginx +# environment: +# - ART_BASE_URL=http://artifactory:8081/artifactory +# - SSL=true + +#volumes: +# artifactory: +networks: + traefik-net: + external: true + default: + driver: overlay + driver_opts: + encrypted: "true" diff --git a/artifactory/docker-stack.yml b/artifactory/docker-stack.yml index 9bc4ed4..359db97 100644 --- a/artifactory/docker-stack.yml +++ b/artifactory/docker-stack.yml @@ -1,13 +1,12 @@ -version: '3' - +version: '3.3' services: postgresql: image: postgres networks: - default - ports: - - 5432:5432 +# ports: +# - 5432:5432 environment: - POSTGRES_DB=artifactory # The following must match the DB_USER and DB_PASSWORD values passed to Artifactory @@ -29,9 +28,7 @@ services: image: docker.bintray.io/jfrog/artifactory-oss:latest networks: - default - - traefik-net - ports: - - 8081:8081 + - traefik_traefik-net depends_on: - postgresql deploy: @@ -39,7 +36,7 @@ services: replicas: 1 labels: - "traefik.port=8081" - - "traefik.docker.network=traefik-net" + - "traefik.docker.network=traefik_traefik-net" - "traefik.frontend.rule=Host:artifactory.traefik" restart_policy: condition: on-failure @@ -57,37 +54,12 @@ services: # Adding extra Java options by uncommenting the following line #- EXTRA_JAVA_OPTIONS=-Xmx4g -# nginx: -# image: docker.bintray.io/jfrog/nginx-artifactory-pro:latest -# ports: -# - 8082:8082 -# - 443:443 -# depends_on: -# - artifactory -# deploy: -# mode: replicated -# replicas: 1 -# labels: -# - "traefik.port=8082" -# - "traefik.frontend.entryPoints=http" -# - "traefik.docker.network=traefik-net" -# - "traefik.frontend.rule=Host:artifactory.traefik" -# restart_policy: -# condition: on-failure -# delay: 5s -# max_attempts: 3 -# placement: -# constraints: [node.role != manager] -# volumes: -# - artifactory:/var/opt/jfrog/nginx -# environment: -# - ART_BASE_URL=http://artifactory:8081/artifactory -# - SSL=true - #volumes: # artifactory: networks: - traefik-net: + traefik_traefik-net: external: true default: - + driver: overlay + driver_opts: + encrypted: "true" diff --git a/gitlab/Dockerfile b/gitlab/Dockerfile new file mode 100644 index 0000000..4c70cb3 --- /dev/null +++ b/gitlab/Dockerfile @@ -0,0 +1,10 @@ +FROM gitlab/gitlab-ce:latest + +MAINTAINER Pavlov + +LABEL name="gitlab-ce" +LABEL version="2.107" +LABEL maintainer "ppavlov@dontmail.me" +LABEL architecture="x86_64" + +ADD gitlab.rb /etc/gitlab/gitlab.rb diff --git a/gitlab/docker-stack.yml b/gitlab/docker-stack.yml index d9d8234..12d148a 100644 --- a/gitlab/docker-stack.yml +++ b/gitlab/docker-stack.yml @@ -1,52 +1,95 @@ -version: "3.6" +version: "3.3" services: + postgresql: + image: postgres + networks: + - gitlab + environment: + - POSTGRES_DB=gitlab + # The following must match the DB_USER and DB_PASSWORD values passed to Gitlab + - POSTGRES_USER=gitlab + - POSTGRES_PASSWORD=password + #volumes: + # - postgres:/var/lib/postgresql/data + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + placement: + constraints: [node.role != manager] + gitlab: - image: "gitlab/gitlab-ce:latest" - volumes: - - "gitlab_data:/var/opt/gitlab" - - "gitlab_logs:/var/log/gitlab" - - "gitlab_config:/etc/gitlab" + image: quay.io/ppavlov/gitlab +# volumes: +# - "gitlab_data:/var/opt/gitlab" +# - "gitlab_logs:/var/log/gitlab" +# - "gitlab_config:/etc/gitlab" ports: - - "22:22" - - "443:443" - - "80:80" - configs: - - source: "gitlab.rb" - target: "/etc/gitlab/gitlab.rb" + - "2022:22" +# configs: +# - source: "gitlab.rb" +# target: "/etc/gitlab/gitlab.rb" + restart: always networks: - - default - - proxy + - traefik-net + - gitlab deploy: + mode: replicated + replicas: 1 labels: traefik.port: "80" - traefik.frontend.rule: "Host:gitlab.localtest.me" - traefik.docker.network: "proxy" + traefik.frontend.rule: "Host:gitlab.traefik" + traefik.docker.network: "traefik-net" + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + placement: + constraints: [node.role != manager] -volumes: - gitlab_data: - driver: local - driver_opts: - type: nfs4 - o: "addr=127.0.0.1" - device: ":/gitlab-swarm/gitlab/data" - gitlab_logs: - driver: local - driver_opts: - type: nfs4 - o: "addr=127.0.0.1" - device: ":/gitlab-swarm/gitlab/logs" - gitlab_config: - driver: local - driver_opts: - type: nfs4 - o: "addr=127.0.0.1" - device: ":/gitlab-swarm/gitlab/config" + gilab-runner: + image: gitlab/gitlab-runner:alpine +# volumes: +# - /var/run/docker.sock:/var/run/docker.sock +# - /srv/gitlab-runner/config:/etc/gitlab-runner +# - /root/.docker:/root/.docker +# - /root/.notary:/root/.notary + restart: always + networks: + - gitlab + deploy: + placement: + constraints: [node.role != manager] + +#volumes: +# gitlab_data: +# driver: local +# driver_opts: +# type: nfs4 +# o: "addr=127.0.0.1" +# device: ":/gitlab-swarm/gitlab/data" +# gitlab_logs: +# driver: local +# driver_opts: +# type: nfs4 +# o: "addr=127.0.0.1" +# device: ":/gitlab-swarm/gitlab/logs" +# gitlab_config: +# driver: local +# driver_opts: +# type: nfs4 +# o: "addr=127.0.0.1" +# device: ":/gitlab-swarm/gitlab/config" -configs: - gitlab.rb: - file: "./gitlab.rb" +#configs: +# gitlab.rb: +# file: "./gitlab.rb" networks: - proxy: + traefik-net: external: true + gitlab: diff --git a/gitlab/gitlab.rb b/gitlab/gitlab.rb index 7b699cb..1233a9e 100644 --- a/gitlab/gitlab.rb +++ b/gitlab/gitlab.rb @@ -1,10 +1,10 @@ # gitlab.rb -external_url 'http://gitlab.local' -registry_external_url 'http://registry.gitlab.local' +external_url 'http://gitlab.traefik' +registry_external_url 'http://registry.gitlab.traefik' # Disable services -postgresql['enable'] = false +postgresql['enable'] = ture redis['enable'] = false prometheus['enable'] = false postgres_exporter['enable'] = false @@ -15,10 +15,10 @@ gitlab_rails['db_encoding'] = "unicode" # database service will be named "postgres" in the stack -gitlab_rails['db_host'] = "postgres" +gitlab_rails['db_host'] = "postgresql" gitlab_rails['db_database'] = "gitlab" gitlab_rails['db_username'] = "gitlab" -gitlab_rails['db_password'] = "gitlab" +gitlab_rails['db_password'] = "password" # Redis settings # redis service will be named "redis" in the stack diff --git a/jenkins/docker-stack.yml b/jenkins/docker-stack.yml index dcd2a1f..af245b8 100644 --- a/jenkins/docker-stack.yml +++ b/jenkins/docker-stack.yml @@ -4,12 +4,12 @@ services: jenkins: image: quay.io/ppavlov/jenkins-master networks: - - traefik-net + - traefik_traefik-net deploy: replicas: 1 labels: - "traefik.port=8080" - - "traefik.docker.network=traefik-net" + - "traefik.docker.network=traefik_traefik-net" - "traefik.frontend.rule=Host:jenkins.traefik" restart_policy: condition: on-failure @@ -34,5 +34,5 @@ secrets: volumes: jenkins_home: networks: - traefik-net: + traefik_traefik-net: external: true diff --git a/logstash/docker-stack.yml b/logstash/docker-stack.yml index 4a6f031..2d27078 100644 --- a/logstash/docker-stack.yml +++ b/logstash/docker-stack.yml @@ -7,16 +7,16 @@ services: - elk ports: - "5000:5000" - environment: - LS_JAVA_OPTS: "-Xmx256m -Xms256m" - #volumes: - # - logstash:/var/lib/logstash +# environment: +# - LS_JAVA_OPTS: "-Xmx256m -Xms256m" +# volumes: +# - logstash:/var/lib/logstash deploy: mode: replicated replicas: 1 labels: - "traefik.port=5000" - - "traefik.docker.network=elk" + - "traefik.docker.network=traefik-net" - "traefik.frontend.rule=Host:logstash.traefik" restart_policy: condition: on-failure @@ -26,4 +26,6 @@ services: constraints: [node.role != manager] networks: + traefik-net: + external: true elk: diff --git a/portainer/docker-stack.yml b/portainer/docker-stack.yml index 9f72b3a..9ccd7ec 100644 --- a/portainer/docker-stack.yml +++ b/portainer/docker-stack.yml @@ -4,16 +4,18 @@ services: image: portainer/portainer volumes: - "/var/run/docker.sock:/var/run/docker.sock" - - "portainerdata:/data" +# - "portainerdata:/data" networks: - - traefik-net + - traefik_traefik-net deploy: + mode: replicated + replicas: 1 placement: constraints: [node.role == manager] labels: - - "traefik.enable=true" - "traefik.port=9000" - - "traefik.docker.network=mystack_traefik-net" + - "traefik.docker.network=traefik_traefik-net" - "traefik.frontend.rule=Host:portainer.traefik" networks: - traefik-net: + traefik_traefik-net: + external: true diff --git a/traefik/docker-stack.yml b/traefik/docker-stack.yml index 677943a..a787d88 100644 --- a/traefik/docker-stack.yml +++ b/traefik/docker-stack.yml @@ -15,9 +15,17 @@ services: - "8080:8080" volumes: - /var/run/docker.sock:/var/run/docker.sock - - /dev/null:/traefik.toml +# - /dev/null:/traefik.toml deploy: + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 placement: constraints: [node.role==manager] + networks: traefik-net: + driver: overlay + driver_opts: + encrypted: "true" diff --git a/unms-config/cert/cert b/unms-config/cert/cert new file mode 120000 index 0000000..ef1ddee --- /dev/null +++ b/unms-config/cert/cert @@ -0,0 +1 @@ +/config/cert \ No newline at end of file diff --git a/unms-config/cert/live.crt b/unms-config/cert/live.crt new file mode 100644 index 0000000..d23d754 --- /dev/null +++ b/unms-config/cert/live.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxTCCAa2gAwIBAgIJAMVlWtEhCxnlMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV +BAMMCWxvY2FsaG9zdDAgFw0xODA5MDcxMzE5MjhaGA8yMTE4MDgxNDEzMTkyOFow +FDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAtshJtHFjWROo0EtsVRVyaABCaVU/Gr/+9GnOplgqqBADXTuKbFAbF4c7 +oy+CAdMd4HKOel+NISARa54zS11FHhEk81gVNizQbOcKl5u6YCEe4bHbODeLCRUO +dKnKfz6PjzTezQFfYQnATSVyPkuFcJcmg743tqP6MsCrNT0LMH6/agGMndtPwUji +y49RaQK1rH72f2Ysu8/vMQ4Cv30oXZt6tI6dMe1j7ZKmeg1iGX0Wkc1RFcGj4y7B +E+2D4+ndNDlVVUq1EUlTuvBpdf4mSlk5qJoe6xYm31lK54vAJTpY1MhwFiLL6mod +wVk5BNeF6k/KjXMDIpO7qd71+gkenwIDAQABoxgwFjAUBgNVHREEDTALgglsb2Nh +bGhvc3QwDQYJKoZIhvcNAQELBQADggEBAE8+zHZ8hp+hTgVF/PgjZjvEEKCgZElS +HrQb4ohEILGorQxhlEvuPxk2L16ZkhqDolRkMpMC1ZctTU3KO/qYijK7bPPa9mLG +ccIQHadC/FOs0BkKfB0UOb+q4AEhMozPAq2P4OdAHGf/1cZEU4DKJLE6P1Nor72F +64dokUC8Ukd7P3p2r1T5e6LgqFLUliCf8krbWANrFHu70zdSbig5MHJ1zJGnhMRA +Y+Y1r11YVpwyiQuC2g57vvdMrMMtf6DVsqirq8/8YGCo7SbVLDtVjm2umcLzAND5 ++/c0gAUkBK3GfmBPkwlLNBcE27hN481NoWAd4LK0M8W5/8zbhjJl1ig= +-----END CERTIFICATE----- diff --git a/unms-config/cert/live.key b/unms-config/cert/live.key new file mode 100644 index 0000000..793c26c --- /dev/null +++ b/unms-config/cert/live.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC2yEm0cWNZE6jQ +S2xVFXJoAEJpVT8av/70ac6mWCqoEANdO4psUBsXhzujL4IB0x3gco56X40hIBFr +njNLXUUeESTzWBU2LNBs5wqXm7pgIR7hsds4N4sJFQ50qcp/Po+PNN7NAV9hCcBN +JXI+S4VwlyaDvje2o/oywKs1PQswfr9qAYyd20/BSOLLj1FpArWsfvZ/Ziy7z+8x +DgK/fShdm3q0jp0x7WPtkqZ6DWIZfRaRzVEVwaPjLsET7YPj6d00OVVVSrURSVO6 +8Gl1/iZKWTmomh7rFibfWUrni8AlOljUyHAWIsvqah3BWTkE14XqT8qNcwMik7up +3vX6CR6fAgMBAAECggEALvHB/FYi7f3enaDBchjQCWYHqIX8byJgmOWT7aU3T3LN +amSgaLEqRCC3cHIDMfTG9550eXmRBbD2yG0ZP4H0/oPouZcl24QnA9FTJx0YARiA +lfbYFtgtHWgLDmuNVqD6vg0WLBDuLj4S5b14WgeLfh9UBQIVzRLQb7iMQGAtP4be +wD2Vrz3yV+947VMMz3zkn3Hua+hb945zJgEXwA7fQm9ZYQaERmHQbVma6GmBwewy +QwidEOoO9cDhvaHvkx3DufDTJrlhUIppEnHKi6fItpdQjbmzTUFvs5S6rBXRSn3J +6XtGKAAiTWNeNEXjRNRpHd12B+Th7vXMqTp3aQN6AQKBgQDn58P/6QIxuCD5oRNd +EPDGBzk7Q8IAhokdWHJEWUQ5nTI2v3Hqx81OrSVZDfzzegjrNOOb3fEPa08tQ33N +WRZyEgHktjz32bWOT1svnSSuvm8Ib+lzKz+qhYCbL2RnTr4q7UHaeDjQGcvehMG4 +QZm8DTgsZv5gKglGTYGWZlj7ywKBgQDJxfJD/obXnorwg9p2QI+u+KPwULWS5sLD +a8So96SAfvjnPKhMA1c4EBeE39RqEZ07MTBG1l41kPC9sTtvptnif9XnBBhS96Rq +dOh+/wT1n95nKugjXqu0ADpLcsrqWqLN6l3zf6S3eO1myS7+KovvD5uyBeyzN3Mp +8DXxC331/QKBgD0V+LP9PZ25Ib5/pmkaYEHZf0LUK1MWHSIEvTyxwt3mQWbYcPpm +HPd/dloJ7Dp6R8UlDlttT+U+4AFNSOMBd38erS8ArfifeUp+LsfQ/eulr/up9vVm +TAPv3JuEFU99F2yZSIJyroxqbyAzGhAd/4/gb46KprDQAddp7Ruf5AqXAoGAc9ax +3LluvrFlwOlh7YvpMaHLtLcRV1ImNL1VPVBXX/IFgfQABwvP8f7DEeTS9UZBh28Y +8UI2+ffJTo5GujYHVxLfQe7G7DMCcJ/HrslIFp/+tioa9dtvJjsPPKudtWftmdxY +ref1L+Q8H0uXMBJLHidO0qi2GLnX4xbmUQmw+h0CgYEAyw9jwKgJN6p2IEdFjDcx +4T8z9uxU+SSen91Mj5vZ2lHWefvsaVa7noyia3zz6nnZen2AJwsySur2nh1c3SQY +mUDHlkhtTniauMdP7Z9Tgk+ZjvNLnCF0Jdu/c1p1SGKVE6KJpD9DzmqXCqrGEVxk +J4H4nURKYg3is3PimH5jgk0= +-----END PRIVATE KEY----- diff --git a/unms-config/unms/config-backups/.gitignore b/unms-config/unms/config-backups/.gitignore new file mode 100644 index 0000000..94548af --- /dev/null +++ b/unms-config/unms/config-backups/.gitignore @@ -0,0 +1,3 @@ +* +*/ +!.gitignore diff --git a/unms-config/unms/images/.gitignore b/unms-config/unms/images/.gitignore new file mode 100644 index 0000000..94548af --- /dev/null +++ b/unms-config/unms/images/.gitignore @@ -0,0 +1,3 @@ +* +*/ +!.gitignore diff --git a/unms-config/unms/unms-backups/.gitignore b/unms-config/unms/unms-backups/.gitignore new file mode 100644 index 0000000..94548af --- /dev/null +++ b/unms-config/unms/unms-backups/.gitignore @@ -0,0 +1,3 @@ +* +*/ +!.gitignore diff --git a/unms-config/unms/update/.gitignore b/unms-config/unms/update/.gitignore new file mode 100644 index 0000000..94548af --- /dev/null +++ b/unms-config/unms/update/.gitignore @@ -0,0 +1,3 @@ +* +*/ +!.gitignore diff --git a/unms/docker-compose.yml b/unms/docker-compose.yml new file mode 100644 index 0000000..e520a78 --- /dev/null +++ b/unms/docker-compose.yml @@ -0,0 +1,19 @@ +version: "3.3" +services: + unms: + image: oznu/unms:latest # use "armhf" instead of "latest" for arm devices + restart: always + deploy: + mode: global + networks: + - unms_default + ports: + - 80:80 + - 443:443 + environment: + - TZ=Europe/London + volumes: + - ../unms-config:/config/ +networks: + unms_default: +# external: true diff --git a/unms/docker-stack.yml b/unms/docker-stack.yml new file mode 100644 index 0000000..f5b3d32 --- /dev/null +++ b/unms/docker-stack.yml @@ -0,0 +1,12 @@ +version: "3.3" +services: + homebridge: + image: oznu/unms:latest # use "armhf" instead of "latest" for arm devices + restart: always + ports: + - 80:80 + - 443:443 + environment: + - TZ=Europe/London + volumes: + - ./unms-config:/config diff --git a/zookeeper/docker-stack.yml b/zookeeper/docker-stack.yml new file mode 100644 index 0000000..268899c --- /dev/null +++ b/zookeeper/docker-stack.yml @@ -0,0 +1,33 @@ +version: '3.1' + +services: + zoo1: + image: zookeeper + restart: always + hostname: zoo1 + ports: + - 2181:2181 + environment: + ZOO_MY_ID: 1 + ZOO_SERVERS: server.1=0.0.0.0:2888:3888 server.2=zoo2:2888:3888 server.3=zoo3:2888:3888 + + zoo2: + image: zookeeper + restart: always + hostname: zoo2 + ports: + - 2182:2181 + environment: + ZOO_MY_ID: 2 + ZOO_SERVERS: server.1=zoo1:2888:3888 server.2=0.0.0.0:2888:3888 server.3=zoo3:2888:3888 + + zoo3: + image: zookeeper + restart: always + hostname: zoo3 + ports: + - 2183:2181 + environment: + ZOO_MY_ID: 3 + ZOO_SERVERS: server.1=zoo1:2888:3888 server.2=zoo2:2888:3888 server.3=0.0.0.0:2888:3888 + From 0d200d7568a196aeddd2fa3ca359849aed323f06 Mon Sep 17 00:00:00 2001 From: Pavel Pavlov <2073978+pmpavlov@users.noreply.github.com> Date: Mon, 22 Oct 2018 09:20:53 +0100 Subject: [PATCH 8/8] Just adding a new commit to test restrictions --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 3cf12f5..3b197c3 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,3 @@ # docker-stacks Templates for Docker stacks +