- unistall script for certbot

- update resource limits for some docker container

dkhost.xai-corp.net.yml

@@ -85,7 +85,7 @@
 
   roles:
     - dockerhost
-    - geerlingguy.nginx
+#    - geerlingguy.nginx
     - certbot
 #    - { role: Datadog.datadog, when: ansible_architecture != 'armv7l' } #does not support armhf architecture. should switch to fluentd or logstash
 

dockerfiles/services/dkregistry/docker-compose.yml

@@ -2,7 +2,7 @@
 # docker-compose file for logstash
 # - see https://www.elastic.co/guide/en/logstash/current/_pulling_the_image.html
 #
-# DOCKER_HOST=dkhost03:2376 docker-compose up -d
+# DOCKER_HOST=dkhost:2376 docker-compose up -d
 # DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services
 
 version: '3'
@@ -14,8 +14,8 @@ services:
       - 5000:5000
     environment:
       REGISTRY_HTTP_SECRET: aabuioqlwlcpp2
-      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/live/dkregistry.xai-corp.net/fullchain.pem
-      REGISTRY_HTTP_TLS_KEY: /certs/live/dkregistry.xai-corp.net/privkey.pem
+      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/live/xai-corp.net/fullchain.pem
+      REGISTRY_HTTP_TLS_KEY: /certs/live/xai-corp.net/privkey.pem
 #      REGISTRY_HTTP_LETSENCRYPT_CACHEFILE: /var/run/letsencrypt.cache
 #      REGISTRY_HTTP_LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
       REGISTRY_HTTP_HOST: https://dkregistry.xai-corp.net:5000
@@ -25,7 +25,8 @@ services:
       REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
     volumes:
       - /opt/shared/dkregistry/data:/var/lib/registry
-      - /etc/letsencrypt:/certs
+      - /opt/shared/letsencrypt-2:/certs
+      - /opt/shared/letsencrypt-2:/etc/letsencrypt
       - /opt/shared/dkregistry/auth:/auth
 
     deploy:
@@ -34,8 +35,8 @@ services:
       restart_policy:
         condition: any
         delay: "1s"
-        max_attempts: 15
+        max_attempts: 1
       resources:
         limits:
           cpus: '0.1'
-          memory: 256M
+          memory: 16M

dockerfiles/services/gitea/docker-compose.yml

@@ -1,6 +1,6 @@
 ---
 # DOCKER_HOST=192.168.2.41:2376 docker-compose up -d
-# DOCKER_HOST=dkhost03:2376 docker stack deploy -c docker-compose.yml sslproxy
+# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml gitea
 
 version: '3'
 services:
@@ -22,3 +22,8 @@ services:
         max_attempts: 3
       labels:
         net.xai-corp.sslproxy.description:  proxy ssl calls to non ssl containers
+      resources:
+        limits:
+          cpus: '0.5'
+          memory: 96M
+

dockerfiles/services/jenkins/docker-compose.yml

@@ -6,7 +6,7 @@ version: '3'
 services:
   app:
 #    restart: always
-    privileged: true
+#    privileged: true
     image: "jenkins:alpine"
 
     volumes:
@@ -21,6 +21,10 @@ services:
         condition: any
         delay: "5s"
         max_attempts: 1
+      resources:
+        limits:
+          cpus: '2'
+          memory: 1024M
 
 networks:
   default:

dockerfiles/services/letsencrypt/readme.md

@@ -8,11 +8,11 @@ todo: set this up as a cron
 
 #install new certs
 ```
-DOCKER_HOST=dkhost:2376 docker run -d \
+DOCKER_HOST=dkhost01:2376 docker run -d \
     -p 80:80 \
     --name letsencrypt \
     -e "LETSENCRYPT_HTTPS_ENABLED=false" \
-    -v /opt/shared/letsencrypt-2:/opt/shared/letsencrypt \
+    -v /opt/shared/letsencrypt-2:/etc/letsencrypt \
     -e "LETSENCRYPT_EMAIL=r_morgan@sympatico.ca" \
     -e "LETSENCRYPT_DOMAIN1=xai-corp.net" \
     -e "LETSENCRYPT_DOMAIN2=git.xai-corp.net" \
@@ -28,11 +28,11 @@ DOCKER_HOST=dkhost:2376 docker run -d \
 ```
 
 ```
-DOCKER_HOST=dkhost:2376 docker run -d \
+DOCKER_HOST=dkhost01:2376 docker run -d \
     -p 80:80 \
     --name letsencrypt_updates \
     -e "LETSENCRYPT_HTTPS_ENABLED=false" \
-    -v /opt/shared/letsencrypt-2:/opt/shared/letsencrypt \
+    -v /opt/shared/letsencrypt-2:/etc/letsencrypt \
     -e "LETSENCRYPT_EMAIL=r_morgan@sympatico.ca" \
     -e "LETSENCRYPT_DOMAIN1=xai-corp.net" \
     -e "LETSENCRYPT_DOMAIN2=git.xai-corp.net" \

dockerfiles/services/ui/docker-compose.yml

@@ -1,6 +1,6 @@
 ---
 # DOCKER_HOST=192.168.2.41:2376 docker-compose up -d
-# DOCKER_HOST=dkhost03:2376 docker stack deploy -c docker-compose.yml dkui
+# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml dkui
 
 version: '3'
 services:
@@ -25,4 +25,8 @@ services:
         max_attempts: 10
       labels:
         net.xai-corp.dkui.description: portainer ui for docker host and swarm management
+      resources:
+        limits:
+          cpus: '0.2'
+          memory: 16M
 

roles/certbot/tasks/uninstall.yml

@@ -1,6 +1,11 @@
 ---
 # uninstall certbot
 
+- name: stop nginx before removing it
+  service:
+    name: nginx
+    state: stopped
+
 - name: uninstall certbot on ubuntu 16.04
   apt:
     state: absent