switch sslproxy and fluentd to global service so each host runs one container.

build own image for letsencrypt, and tweek update job runtime.
2017-12-23 22:03:51 -05:00
parent 785db4ec18
commit d6806a673e
11 changed files with 65 additions and 103 deletions
--- a/dkswarm.xai-corp.net.yml
+++ b/dkswarm.xai-corp.net.yml
@@ -11,13 +11,13 @@
   - swarm:
      managers:
        - dkhost01
-        - dkhost05
+        - dkhost03
        - home
      workers: []
      removed:
        - dkhost04
        - dkhost02
-        - dkhost03
+        - dkhost05
      history: 1
--- a/dockerfiles/services/dkregistry/docker-compose.yml
+++ b/dockerfiles/services/dkregistry/docker-compose.yml
@@ -31,15 +31,15 @@ services:
    deploy:
      mode: replicated
-      replicas: 1
+      replicas: 2
      restart_policy:
        condition: any
        delay: "1s"
        max_attempts: 1
      resources:
        limits:
-          cpus: '0.1'
+          cpus: '0.2'
-          memory: 16M
+          memory: 64M
    logging:
      driver: fluentd
--- a/dockerfiles/services/letsencrypt/Dockerfile
+++ b/dockerfiles/services/letsencrypt/Dockerfile
@@ -0,0 +1,3 @@
 FROM blacklabelops/letsencrypt:latest
 MAINTAINER Richard Morgan <r_morgan@sympatico.ca>
--- a/dockerfiles/services/letsencrypt/docker-compose-update.yml
+++ b/dockerfiles/services/letsencrypt/docker-compose-update.yml
@@ -9,7 +9,7 @@ version: '3'
 services:
  updates:
-    image: "blacklabelops/letsencrypt"
+    image: "dkregistry.xai-corp.net:5000/letsencrypt:latest"
    ports:
      - 83:80
 #      - 443:443
@@ -20,7 +20,7 @@ services:
      LETSENCRYPT_HTTPS_ENABLED: "false"
      LETSENCRYPT_TESTCERT: "false"
      LETSENCRYPT_DEBUG: "true"
-      LETSENCRYPT_JOB_TIME: "0 0 1 */2 * *"
+      LETSENCRYPT_JOB_TIME: "0 1 */12 * * 0"
      LETSENCRYPT_DOMAIN1: xai-corp.net
      LETSENCRYPT_DOMAIN2: git.xai-corp.net
      LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
@@ -43,9 +43,9 @@ services:
          cpus: '0.5'
          memory: 16M
-    logging:
+#    logging:
-      driver: fluentd
+#      driver: fluentd
-      options:
+#      options:
-        fluentd-address: "logs.xai-corp.net:24224"
+#        fluentd-address: "logs.xai-corp.net:24224"
-        fluentd-async-connect: 'true'
+#        fluentd-async-connect: 'true'
-        tag: letsencrypt-update
+#        tag: letsencrypt-update
--- a/dockerfiles/services/letsencrypt/docker-compose.yml
+++ b/dockerfiles/services/letsencrypt/docker-compose.yml
@@ -5,80 +5,38 @@
 # DOCKER_HOST=dkhost01:2376 docker-compose up updates
 # docker login dkregistry.xai-corp.net:5000
-# docker-compose build && docker push dkregistry.xai-corp.net:5000/xaicorp/nextcloud:latest
+# docker-compose build && docker push dkregistry.xai-corp.net:5000/letsencrypt:latest
-# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services_letsencrypt
+# DOCKER_HOST=dkhost:2376 docker stack deploy --with-registry-auth -c docker-compose-update.yml services_letsencrypt
 # DOCKER_HOST=dkhost:2376 docker stack ps services
 version: '3'
 services:
-  install:
+  builder:
-    image: "blacklabelops/letsencrypt"
+    build:
-    container_name: letsencrypt_staging_install
+      context: ""
-    ports:
+      dockerfile: Dockerfile
-      - 80:80
+    image: "dkregistry.xai-corp.net:5000/letsencrypt:latest"
-#      - 443:443
+#    ports:
-    volumes:
+#      - 80:80
-      - /opt/shared/letsencrypt-2-staging:/etc/letsencrypt
+##      - 443:443
-    environment:
+#    volumes:
-      LETSENCRYPT_HTTPS_ENABLED: "false"
+#      - /opt/shared/letsencrypt-2-staging:/etc/letsencrypt
-      LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
+#    environment:
-      LETSENCRYPT_DOMAIN1: xai-corp.net
+#      LETSENCRYPT_HTTPS_ENABLED: "false"
-      LETSENCRYPT_DOMAIN2: git.xai-corp.net
+#      LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
-      LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
+#      LETSENCRYPT_DOMAIN1: xai-corp.net
-      LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
+#      LETSENCRYPT_DOMAIN2: git.xai-corp.net
-      LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
+#      LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
-      LETSENCRYPT_DOMAIN6: fs.xai-corp.net
+#      LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
-      LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
+#      LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
-      LETSENCRYPT_DOMAIN8: sql.xai-corp.net
+#      LETSENCRYPT_DOMAIN6: fs.xai-corp.net
-      LETSENCRYPT_DOMAIN9: office.xai-corp.net
+#      LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
-      LETSENCRYPT_DOMAIN9: www.xai-corp.net
+#      LETSENCRYPT_DOMAIN8: sql.xai-corp.net
-    command:
+#      LETSENCRYPT_DOMAIN9: office.xai-corp.net
-      - install
+#      LETSENCRYPT_DOMAIN9: www.xai-corp.net
-      - --staging
+#    command:
-      - --expand
+#      - install
-
+#      - --staging
-    deploy:
+#      - --expand
      mode: replicated
      replicas: 1
      restart_policy:
        condition: none
      resources:
        limits:
          cpus: '0.1'
          memory: 256M
  updates:
    image: "blacklabelops/letsencrypt"
    container_name: letsencrypt_staging_updates
    ports:
      - 80:80
 #      - 443:443
    volumes:
      - /opt/shared/letsencrypt-2-staging:/etc/letsencrypt
    environment:
      LETSENCRYPT_HTTPS_ENABLED: "false"
      LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
      LETSENCRYPT_DOMAIN1: xai-corp.net
      LETSENCRYPT_DOMAIN2: git.xai-corp.net
      LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
      LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
      LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
      LETSENCRYPT_DOMAIN6: fs.xai-corp.net
      LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
      LETSENCRYPT_DOMAIN8: sql.xai-corp.net
      LETSENCRYPT_DOMAIN9: office.xai-corp.net
      LETSENCRYPT_DOMAIN9: www.xai-corp.net
    command:
      - install
      - --staging
      - --expand
    deploy:
      mode: replicated
      replicas: 1
      restart_policy:
        condition: none
      resources:
        limits:
          cpus: '0.1'
          memory: 256M
--- a/dockerfiles/services/nextcloud/Dockerfile
+++ b/dockerfiles/services/nextcloud/Dockerfile
@@ -1,4 +1,4 @@
-FROM nextcloud:12
+FROM nextcloud:latest
 RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*
--- a/dockerfiles/services/nextcloud/docker-compose.yml
+++ b/dockerfiles/services/nextcloud/docker-compose.yml
@@ -43,9 +43,9 @@ services:
 #TODO:
 #  cron:
-  http:
+#  http:
-    image: "dkregistry.xai-corp.net:5000/sslproxy:2.0"
+#    image: "dkregistry.xai-corp.net:5000/sslproxy:2.0"
-    volumes:
+#    volumes:
-      - ./letsencrypt:/etc/letsencrypt:ro
+#      - ./letsencrypt:/etc/letsencrypt:ro
-    ports:
+#    ports:
-      - "443:443"
+#      - "443:443"
--- a/dockerfiles/services/services/fluentd/docker-compose.yml
+++ b/dockerfiles/services/services/fluentd/docker-compose.yml
@@ -24,9 +24,8 @@ services:
    deploy:
-      mode: replicated
+      mode: global
      replicas: 1
      restart_policy:
        condition: any
        delay: "1s"
--- a/dockerfiles/services/sslproxy/docker-compose-prod.yml
+++ b/dockerfiles/services/sslproxy/docker-compose-prod.yml
@@ -2,8 +2,8 @@
 # DOCKER_HOST=192.168.2.41:2376 docker-compose up -d
 # docker login dkregistry.xai-corp.net:5000
 # docker-compose build && docker push dkregistry.xai-corp.net:5000/sslproxy:2.0
-# DOCKER_HOST=dkhost01:2376 docker stack deploy --with-registry-auth -c docker-compose-prod.yml sslproxy
+# DOCKER_HOST=dkhost:2376 docker stack deploy --with-registry-auth -c docker-compose-prod.yml sslproxy
-# DOCKER_HOST=dkhost01:2376 docker stack ps sslproxy
+# DOCKER_HOST=dkhost:2376 docker stack ps sslproxy
 version: '3'
 services:
@@ -34,8 +34,7 @@ services:
 #        tag: sslproxy
    deploy:
-      mode: replicated
+      mode: global
      replicas: 3
      restart_policy:
        condition: any
        delay: 5s
--- a/dockerfiles/tasks/dev-php7.0/Dockerfile.yml
+++ b/dockerfiles/tasks/dev-php7.0/Dockerfile.yml
@@ -0,0 +1,3 @@
 # docker login dkregistry.xai-corp.net:5000
 # docker-compose build
 # docker push dkregistry.xai-corp.net:5000/xaicorp/php7.0-dev:latest
--- a/inventory.conf
+++ b/inventory.conf
@@ -5,18 +5,18 @@ home            ansible_ssh_host=192.168.2.11
 home02          ansible_ssh_host=192.168.2.22
 dkhost01        ansible_ssh_host=192.168.2.41
 #dkhost02       ansible_ssh_host=192.168.2.43
-#dkhost03        ansible_ssh_host=192.168.2.53
+dkhost03        ansible_ssh_host=192.168.2.53
 #dkhost04        ansible_ssh_host=192.168.2.54
-dkhost05        ansible_ssh_host=192.168.2.55
+#dkhost05        ansible_ssh_host=192.168.2.55
 #logs           ansible_ssh_host=192.168.2.42
 cubox-i         ansible_ssh_host=192.168.2.12
 [dkhost]
 dkhost01        ansible_ssh_host=192.168.2.41
 #dkhost02       ansible_ssh_host=192.168.2.43
-#dkhost03        ansible_ssh_host=192.168.2.53
+dkhost03        ansible_ssh_host=192.168.2.53
 #dkhost04        ansible_ssh_host=192.168.2.54
-dkhost05        ansible_ssh_host=192.168.2.55
+#dkhost05        ansible_ssh_host=192.168.2.55
 home            ansible_ssh_host=192.168.2.11
 [ns]
		`@@ -0,0 +1,3 @@`
							`FROM blacklabelops/letsencrypt:latest`
							`MAINTAINER Richard Morgan <r_morgan@sympatico.ca>`
`@@ -1,4 +1,4 @@`
	`FROM nextcloud:12`	`FROM nextcloud:latest`

	`RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*`	`RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*`