- unistall script for certbot

- update resource limits for some docker container
2017-10-04 06:15:03 -04:00
parent 92950ffd2d
commit 9988549d59
7 changed files with 33 additions and 14 deletions
--- a/dkhost.xai-corp.net.yml
+++ b/dkhost.xai-corp.net.yml
@@ -85,7 +85,7 @@
  roles:
    - dockerhost
-    - geerlingguy.nginx
+#    - geerlingguy.nginx
    - certbot
 #    - { role: Datadog.datadog, when: ansible_architecture != 'armv7l' } #does not support armhf architecture. should switch to fluentd or logstash
--- a/dockerfiles/services/dkregistry/docker-compose.yml
+++ b/dockerfiles/services/dkregistry/docker-compose.yml
@@ -2,7 +2,7 @@
 # docker-compose file for logstash
 # - see https://www.elastic.co/guide/en/logstash/current/_pulling_the_image.html
 #
-# DOCKER_HOST=dkhost03:2376 docker-compose up -d
+# DOCKER_HOST=dkhost:2376 docker-compose up -d
 # DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services
 version: '3'
@@ -14,8 +14,8 @@ services:
      - 5000:5000
    environment:
      REGISTRY_HTTP_SECRET: aabuioqlwlcpp2
-      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/live/dkregistry.xai-corp.net/fullchain.pem
+      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/live/xai-corp.net/fullchain.pem
-      REGISTRY_HTTP_TLS_KEY: /certs/live/dkregistry.xai-corp.net/privkey.pem
+      REGISTRY_HTTP_TLS_KEY: /certs/live/xai-corp.net/privkey.pem
 #      REGISTRY_HTTP_LETSENCRYPT_CACHEFILE: /var/run/letsencrypt.cache
 #      REGISTRY_HTTP_LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
      REGISTRY_HTTP_HOST: https://dkregistry.xai-corp.net:5000
@@ -25,7 +25,8 @@ services:
      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
    volumes:
      - /opt/shared/dkregistry/data:/var/lib/registry
-      - /etc/letsencrypt:/certs
+      - /opt/shared/letsencrypt-2:/certs
      - /opt/shared/letsencrypt-2:/etc/letsencrypt
      - /opt/shared/dkregistry/auth:/auth
    deploy:
@@ -34,8 +35,8 @@ services:
      restart_policy:
        condition: any
        delay: "1s"
-        max_attempts: 15
+        max_attempts: 1
      resources:
        limits:
          cpus: '0.1'
-          memory: 256M
+          memory: 16M
--- a/dockerfiles/services/gitea/docker-compose.yml
+++ b/dockerfiles/services/gitea/docker-compose.yml
@@ -1,6 +1,6 @@
 ---
 # DOCKER_HOST=192.168.2.41:2376 docker-compose up -d
-# DOCKER_HOST=dkhost03:2376 docker stack deploy -c docker-compose.yml sslproxy
+# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml gitea
 version: '3'
 services:
@@ -22,3 +22,8 @@ services:
        max_attempts: 3
      labels:
        net.xai-corp.sslproxy.description:  proxy ssl calls to non ssl containers
      resources:
        limits:
          cpus: '0.5'
          memory: 96M
--- a/dockerfiles/services/jenkins/docker-compose.yml
+++ b/dockerfiles/services/jenkins/docker-compose.yml
@@ -6,7 +6,7 @@ version: '3'
 services:
  app:
 #    restart: always
-    privileged: true
+#    privileged: true
    image: "jenkins:alpine"
    volumes:
@@ -21,6 +21,10 @@ services:
        condition: any
        delay: "5s"
        max_attempts: 1
      resources:
        limits:
          cpus: '2'
          memory: 1024M
 networks:
  default:
--- a/dockerfiles/services/letsencrypt/readme.md
+++ b/dockerfiles/services/letsencrypt/readme.md
@@ -8,11 +8,11 @@ todo: set this up as a cron
 #install new certs
 ```
-DOCKER_HOST=dkhost:2376 docker run -d \
+DOCKER_HOST=dkhost01:2376 docker run -d \
    -p 80:80 \
    --name letsencrypt \
    -e "LETSENCRYPT_HTTPS_ENABLED=false" \
-    -v /opt/shared/letsencrypt-2:/opt/shared/letsencrypt \
+    -v /opt/shared/letsencrypt-2:/etc/letsencrypt \
    -e "LETSENCRYPT_EMAIL=r_morgan@sympatico.ca" \
    -e "LETSENCRYPT_DOMAIN1=xai-corp.net" \
    -e "LETSENCRYPT_DOMAIN2=git.xai-corp.net" \
@@ -28,11 +28,11 @@ DOCKER_HOST=dkhost:2376 docker run -d \
 ```
 ```
-DOCKER_HOST=dkhost:2376 docker run -d \
+DOCKER_HOST=dkhost01:2376 docker run -d \
    -p 80:80 \
    --name letsencrypt_updates \
    -e "LETSENCRYPT_HTTPS_ENABLED=false" \
-    -v /opt/shared/letsencrypt-2:/opt/shared/letsencrypt \
+    -v /opt/shared/letsencrypt-2:/etc/letsencrypt \
    -e "LETSENCRYPT_EMAIL=r_morgan@sympatico.ca" \
    -e "LETSENCRYPT_DOMAIN1=xai-corp.net" \
    -e "LETSENCRYPT_DOMAIN2=git.xai-corp.net" \
--- a/dockerfiles/services/ui/docker-compose.yml
+++ b/dockerfiles/services/ui/docker-compose.yml
@@ -1,6 +1,6 @@
 ---
 # DOCKER_HOST=192.168.2.41:2376 docker-compose up -d
-# DOCKER_HOST=dkhost03:2376 docker stack deploy -c docker-compose.yml dkui
+# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml dkui
 version: '3'
 services:
@@ -25,4 +25,8 @@ services:
        max_attempts: 10
      labels:
        net.xai-corp.dkui.description: portainer ui for docker host and swarm management
      resources:
        limits:
          cpus: '0.2'
          memory: 16M
--- a/roles/certbot/tasks/uninstall.yml
+++ b/roles/certbot/tasks/uninstall.yml
@@ -1,6 +1,11 @@
 ---
 # uninstall certbot
 - name: stop nginx before removing it
  service:
    name: nginx
    state: stopped
 - name: uninstall certbot on ubuntu 16.04
  apt:
    state: absent