switch sslproxy and fluentd to global service so each host runs one container.

build own image for letsencrypt, and tweek update job runtime.
2017-12-23 22:03:51 -05:00
parent 785db4ec18
commit d6806a673e
11 changed files with 65 additions and 103 deletions
--- a/dkswarm.xai-corp.net.yml
+++ b/dkswarm.xai-corp.net.yml
@@ -11,13 +11,13 @@
   - swarm:
      managers:
        - dkhost01
-        - dkhost05
+        - dkhost03
        - home
      workers: []
      removed:
        - dkhost04
        - dkhost02
-        - dkhost03
+        - dkhost05

      history: 1

--- a/dockerfiles/services/dkregistry/docker-compose.yml
+++ b/dockerfiles/services/dkregistry/docker-compose.yml
@@ -31,15 +31,15 @@ services:

    deploy:
      mode: replicated
-      replicas: 1
+      replicas: 2
      restart_policy:
        condition: any
        delay: "1s"
        max_attempts: 1
      resources:
        limits:
-          cpus: '0.1'
-          memory: 16M
+          cpus: '0.2'
+          memory: 64M

    logging:
      driver: fluentd
--- a/dockerfiles/services/letsencrypt/Dockerfile
+++ b/dockerfiles/services/letsencrypt/Dockerfile
@@ -0,0 +1,3 @@
+FROM blacklabelops/letsencrypt:latest
+MAINTAINER Richard Morgan <r_morgan@sympatico.ca>
+
--- a/dockerfiles/services/letsencrypt/docker-compose-update.yml
+++ b/dockerfiles/services/letsencrypt/docker-compose-update.yml
@@ -9,7 +9,7 @@ version: '3'
 services:

  updates:
-    image: "blacklabelops/letsencrypt"
+    image: "dkregistry.xai-corp.net:5000/letsencrypt:latest"
    ports:
      - 83:80
 #      - 443:443
@@ -20,7 +20,7 @@ services:
      LETSENCRYPT_HTTPS_ENABLED: "false"
      LETSENCRYPT_TESTCERT: "false"
      LETSENCRYPT_DEBUG: "true"
-      LETSENCRYPT_JOB_TIME: "0 0 1 */2 * *"
+      LETSENCRYPT_JOB_TIME: "0 1 */12 * * 0"
      LETSENCRYPT_DOMAIN1: xai-corp.net
      LETSENCRYPT_DOMAIN2: git.xai-corp.net
      LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
@@ -43,9 +43,9 @@ services:
          cpus: '0.5'
          memory: 16M

-    logging:
-      driver: fluentd
-      options:
-        fluentd-address: "logs.xai-corp.net:24224"
-        fluentd-async-connect: 'true'
-        tag: letsencrypt-update
+#    logging:
+#      driver: fluentd
+#      options:
+#        fluentd-address: "logs.xai-corp.net:24224"
+#        fluentd-async-connect: 'true'
+#        tag: letsencrypt-update
--- a/dockerfiles/services/letsencrypt/docker-compose.yml
+++ b/dockerfiles/services/letsencrypt/docker-compose.yml
@@ -5,80 +5,38 @@
 # DOCKER_HOST=dkhost01:2376 docker-compose up updates

 # docker login dkregistry.xai-corp.net:5000
-# docker-compose build && docker push dkregistry.xai-corp.net:5000/xaicorp/nextcloud:latest
-# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services_letsencrypt
+# docker-compose build && docker push dkregistry.xai-corp.net:5000/letsencrypt:latest
+# DOCKER_HOST=dkhost:2376 docker stack deploy --with-registry-auth -c docker-compose-update.yml services_letsencrypt
+# DOCKER_HOST=dkhost:2376 docker stack ps services
+

 version: '3'
 services:

-  install:
-    image: "blacklabelops/letsencrypt"
-    container_name: letsencrypt_staging_install
-    ports:
-      - 80:80
-#      - 443:443
-    volumes:
-      - /opt/shared/letsencrypt-2-staging:/etc/letsencrypt
-    environment:
-      LETSENCRYPT_HTTPS_ENABLED: "false"
-      LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
-      LETSENCRYPT_DOMAIN1: xai-corp.net
-      LETSENCRYPT_DOMAIN2: git.xai-corp.net
-      LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
-      LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
-      LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
-      LETSENCRYPT_DOMAIN6: fs.xai-corp.net
-      LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
-      LETSENCRYPT_DOMAIN8: sql.xai-corp.net
-      LETSENCRYPT_DOMAIN9: office.xai-corp.net
-      LETSENCRYPT_DOMAIN9: www.xai-corp.net
-    command:
-      - install
-      - --staging
-      - --expand
-
-    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: none
-      resources:
-        limits:
-          cpus: '0.1'
-          memory: 256M
-
-  updates:
-    image: "blacklabelops/letsencrypt"
-    container_name: letsencrypt_staging_updates
-    ports:
-      - 80:80
-#      - 443:443
-    volumes:
-      - /opt/shared/letsencrypt-2-staging:/etc/letsencrypt
-    environment:
-      LETSENCRYPT_HTTPS_ENABLED: "false"
-      LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
-      LETSENCRYPT_DOMAIN1: xai-corp.net
-      LETSENCRYPT_DOMAIN2: git.xai-corp.net
-      LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
-      LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
-      LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
-      LETSENCRYPT_DOMAIN6: fs.xai-corp.net
-      LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
-      LETSENCRYPT_DOMAIN8: sql.xai-corp.net
-      LETSENCRYPT_DOMAIN9: office.xai-corp.net
-      LETSENCRYPT_DOMAIN9: www.xai-corp.net
-    command:
-      - install
-      - --staging
-      - --expand
-
-    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: none
-      resources:
-        limits:
-          cpus: '0.1'
-          memory: 256M
+  builder:
+    build:
+      context: ""
+      dockerfile: Dockerfile
+    image: "dkregistry.xai-corp.net:5000/letsencrypt:latest"
+#    ports:
+#      - 80:80
+##      - 443:443
+#    volumes:
+#      - /opt/shared/letsencrypt-2-staging:/etc/letsencrypt
+#    environment:
+#      LETSENCRYPT_HTTPS_ENABLED: "false"
+#      LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
+#      LETSENCRYPT_DOMAIN1: xai-corp.net
+#      LETSENCRYPT_DOMAIN2: git.xai-corp.net
+#      LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
+#      LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
+#      LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
+#      LETSENCRYPT_DOMAIN6: fs.xai-corp.net
+#      LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
+#      LETSENCRYPT_DOMAIN8: sql.xai-corp.net
+#      LETSENCRYPT_DOMAIN9: office.xai-corp.net
+#      LETSENCRYPT_DOMAIN9: www.xai-corp.net
+#    command:
+#      - install
+#      - --staging
+#      - --expand
--- a/dockerfiles/services/nextcloud/Dockerfile
+++ b/dockerfiles/services/nextcloud/Dockerfile
@@ -1,4 +1,4 @@
-FROM nextcloud:12
+FROM nextcloud:latest

 RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*

--- a/dockerfiles/services/nextcloud/docker-compose.yml
+++ b/dockerfiles/services/nextcloud/docker-compose.yml
@@ -43,9 +43,9 @@ services:
 #TODO:
 #  cron:

-  http:
-    image: "dkregistry.xai-corp.net:5000/sslproxy:2.0"
-    volumes:
-      - ./letsencrypt:/etc/letsencrypt:ro
-    ports:
-      - "443:443"
+#  http:
+#    image: "dkregistry.xai-corp.net:5000/sslproxy:2.0"
+#    volumes:
+#      - ./letsencrypt:/etc/letsencrypt:ro
+#    ports:
+#      - "443:443"
--- a/dockerfiles/services/services/fluentd/docker-compose.yml
+++ b/dockerfiles/services/services/fluentd/docker-compose.yml
@@ -24,9 +24,8 @@ services:


    deploy:
-      mode: replicated
+      mode: global

-      replicas: 1
      restart_policy:
        condition: any
        delay: "1s"
--- a/dockerfiles/services/sslproxy/docker-compose-prod.yml
+++ b/dockerfiles/services/sslproxy/docker-compose-prod.yml
@@ -2,8 +2,8 @@
 # DOCKER_HOST=192.168.2.41:2376 docker-compose up -d
 # docker login dkregistry.xai-corp.net:5000
 # docker-compose build && docker push dkregistry.xai-corp.net:5000/sslproxy:2.0
-# DOCKER_HOST=dkhost01:2376 docker stack deploy --with-registry-auth -c docker-compose-prod.yml sslproxy
-# DOCKER_HOST=dkhost01:2376 docker stack ps sslproxy
+# DOCKER_HOST=dkhost:2376 docker stack deploy --with-registry-auth -c docker-compose-prod.yml sslproxy
+# DOCKER_HOST=dkhost:2376 docker stack ps sslproxy

 version: '3'
 services:
@@ -34,8 +34,7 @@ services:
 #        tag: sslproxy

    deploy:
-      mode: replicated
-      replicas: 3
+      mode: global
      restart_policy:
        condition: any
        delay: 5s
--- a/dockerfiles/tasks/dev-php7.0/Dockerfile.yml
+++ b/dockerfiles/tasks/dev-php7.0/Dockerfile.yml
@@ -0,0 +1,3 @@
+# docker login dkregistry.xai-corp.net:5000
+# docker-compose build
+# docker push dkregistry.xai-corp.net:5000/xaicorp/php7.0-dev:latest
--- a/inventory.conf
+++ b/inventory.conf
@@ -5,18 +5,18 @@ home            ansible_ssh_host=192.168.2.11
 home02          ansible_ssh_host=192.168.2.22
 dkhost01        ansible_ssh_host=192.168.2.41
 #dkhost02       ansible_ssh_host=192.168.2.43
-#dkhost03        ansible_ssh_host=192.168.2.53
+dkhost03        ansible_ssh_host=192.168.2.53
 #dkhost04        ansible_ssh_host=192.168.2.54
-dkhost05        ansible_ssh_host=192.168.2.55
+#dkhost05        ansible_ssh_host=192.168.2.55
 #logs           ansible_ssh_host=192.168.2.42
 cubox-i         ansible_ssh_host=192.168.2.12

 [dkhost]
 dkhost01        ansible_ssh_host=192.168.2.41
 #dkhost02       ansible_ssh_host=192.168.2.43
-#dkhost03        ansible_ssh_host=192.168.2.53
+dkhost03        ansible_ssh_host=192.168.2.53
 #dkhost04        ansible_ssh_host=192.168.2.54
-dkhost05        ansible_ssh_host=192.168.2.55
+#dkhost05        ansible_ssh_host=192.168.2.55
 home            ansible_ssh_host=192.168.2.11

 [ns]