diff --git a/dkhost.xai-corp.net.yml b/dkhost.xai-corp.net.yml index 6b58faf..de49672 100644 --- a/dkhost.xai-corp.net.yml +++ b/dkhost.xai-corp.net.yml @@ -85,7 +85,7 @@ roles: - dockerhost - - geerlingguy.nginx +# - geerlingguy.nginx - certbot # - { role: Datadog.datadog, when: ansible_architecture != 'armv7l' } #does not support armhf architecture. should switch to fluentd or logstash diff --git a/dockerfiles/services/dkregistry/docker-compose.yml b/dockerfiles/services/dkregistry/docker-compose.yml index 66dfb51..ff6df94 100644 --- a/dockerfiles/services/dkregistry/docker-compose.yml +++ b/dockerfiles/services/dkregistry/docker-compose.yml @@ -2,7 +2,7 @@ # docker-compose file for logstash # - see https://www.elastic.co/guide/en/logstash/current/_pulling_the_image.html # -# DOCKER_HOST=dkhost03:2376 docker-compose up -d +# DOCKER_HOST=dkhost:2376 docker-compose up -d # DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services version: '3' @@ -14,8 +14,8 @@ services: - 5000:5000 environment: REGISTRY_HTTP_SECRET: aabuioqlwlcpp2 - REGISTRY_HTTP_TLS_CERTIFICATE: /certs/live/dkregistry.xai-corp.net/fullchain.pem - REGISTRY_HTTP_TLS_KEY: /certs/live/dkregistry.xai-corp.net/privkey.pem + REGISTRY_HTTP_TLS_CERTIFICATE: /certs/live/xai-corp.net/fullchain.pem + REGISTRY_HTTP_TLS_KEY: /certs/live/xai-corp.net/privkey.pem # REGISTRY_HTTP_LETSENCRYPT_CACHEFILE: /var/run/letsencrypt.cache # REGISTRY_HTTP_LETSENCRYPT_EMAIL: r_morgan@sympatico.ca REGISTRY_HTTP_HOST: https://dkregistry.xai-corp.net:5000 @@ -25,7 +25,8 @@ services: REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm volumes: - /opt/shared/dkregistry/data:/var/lib/registry - - /etc/letsencrypt:/certs + - /opt/shared/letsencrypt-2:/certs + - /opt/shared/letsencrypt-2:/etc/letsencrypt - /opt/shared/dkregistry/auth:/auth deploy: @@ -34,8 +35,8 @@ services: restart_policy: condition: any delay: "1s" - max_attempts: 15 + max_attempts: 1 resources: limits: cpus: '0.1' - memory: 256M + memory: 16M diff --git a/dockerfiles/services/gitea/docker-compose.yml b/dockerfiles/services/gitea/docker-compose.yml index 3419ce5..338de67 100644 --- a/dockerfiles/services/gitea/docker-compose.yml +++ b/dockerfiles/services/gitea/docker-compose.yml @@ -1,6 +1,6 @@ --- # DOCKER_HOST=192.168.2.41:2376 docker-compose up -d -# DOCKER_HOST=dkhost03:2376 docker stack deploy -c docker-compose.yml sslproxy +# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml gitea version: '3' services: @@ -22,3 +22,8 @@ services: max_attempts: 3 labels: net.xai-corp.sslproxy.description: proxy ssl calls to non ssl containers + resources: + limits: + cpus: '0.5' + memory: 96M + diff --git a/dockerfiles/services/jenkins/docker-compose.yml b/dockerfiles/services/jenkins/docker-compose.yml index ffb864c..0e0aabb 100644 --- a/dockerfiles/services/jenkins/docker-compose.yml +++ b/dockerfiles/services/jenkins/docker-compose.yml @@ -6,7 +6,7 @@ version: '3' services: app: # restart: always - privileged: true +# privileged: true image: "jenkins:alpine" volumes: @@ -21,6 +21,10 @@ services: condition: any delay: "5s" max_attempts: 1 + resources: + limits: + cpus: '2' + memory: 1024M networks: default: diff --git a/dockerfiles/services/letsencrypt/readme.md b/dockerfiles/services/letsencrypt/readme.md index c25a98a..dcfff4c 100644 --- a/dockerfiles/services/letsencrypt/readme.md +++ b/dockerfiles/services/letsencrypt/readme.md @@ -8,11 +8,11 @@ todo: set this up as a cron #install new certs ``` -DOCKER_HOST=dkhost:2376 docker run -d \ +DOCKER_HOST=dkhost01:2376 docker run -d \ -p 80:80 \ --name letsencrypt \ -e "LETSENCRYPT_HTTPS_ENABLED=false" \ - -v /opt/shared/letsencrypt-2:/opt/shared/letsencrypt \ + -v /opt/shared/letsencrypt-2:/etc/letsencrypt \ -e "LETSENCRYPT_EMAIL=r_morgan@sympatico.ca" \ -e "LETSENCRYPT_DOMAIN1=xai-corp.net" \ -e "LETSENCRYPT_DOMAIN2=git.xai-corp.net" \ @@ -28,11 +28,11 @@ DOCKER_HOST=dkhost:2376 docker run -d \ ``` ``` -DOCKER_HOST=dkhost:2376 docker run -d \ +DOCKER_HOST=dkhost01:2376 docker run -d \ -p 80:80 \ --name letsencrypt_updates \ -e "LETSENCRYPT_HTTPS_ENABLED=false" \ - -v /opt/shared/letsencrypt-2:/opt/shared/letsencrypt \ + -v /opt/shared/letsencrypt-2:/etc/letsencrypt \ -e "LETSENCRYPT_EMAIL=r_morgan@sympatico.ca" \ -e "LETSENCRYPT_DOMAIN1=xai-corp.net" \ -e "LETSENCRYPT_DOMAIN2=git.xai-corp.net" \ diff --git a/dockerfiles/services/ui/docker-compose.yml b/dockerfiles/services/ui/docker-compose.yml index 314bf74..b1bcfad 100644 --- a/dockerfiles/services/ui/docker-compose.yml +++ b/dockerfiles/services/ui/docker-compose.yml @@ -1,6 +1,6 @@ --- # DOCKER_HOST=192.168.2.41:2376 docker-compose up -d -# DOCKER_HOST=dkhost03:2376 docker stack deploy -c docker-compose.yml dkui +# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml dkui version: '3' services: @@ -25,4 +25,8 @@ services: max_attempts: 10 labels: net.xai-corp.dkui.description: portainer ui for docker host and swarm management + resources: + limits: + cpus: '0.2' + memory: 16M diff --git a/roles/certbot/tasks/uninstall.yml b/roles/certbot/tasks/uninstall.yml index 64a8b69..3ac5717 100644 --- a/roles/certbot/tasks/uninstall.yml +++ b/roles/certbot/tasks/uninstall.yml @@ -1,6 +1,11 @@ --- # uninstall certbot +- name: stop nginx before removing it + service: + name: nginx + state: stopped + - name: uninstall certbot on ubuntu 16.04 apt: state: absent