diff --git a/.DS_Store b/.DS_Store index 6e12243..32bf17a 100644 Binary files a/.DS_Store and b/.DS_Store differ diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..74af716 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.DS_* \ No newline at end of file diff --git a/config/sites-available/base.conf b/config/sites-available/base.conf index 86453b4..db30727 100644 --- a/config/sites-available/base.conf +++ b/config/sites-available/base.conf @@ -31,11 +31,12 @@ server{ listen 443 ssl http2; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/demo.igarson.app/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/demo.igarson.app/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/igarson.app/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/igarson.app/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + } server{ @@ -243,3 +244,42 @@ server{ } +server{ + server_name champions.of.galaxy.igarson.app; + access_log /var/log/nginx/ig/access.champions.of.galaxy.igarson.app.log; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://127.0.0.1:9000; + proxy_read_timeout 90; + proxy_redirect off; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/champions.of.galaxy.igarson.app/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/champions.of.galaxy.igarson.app/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + +} + + +server{ + if ($host = champions.of.galaxy.igarson.app) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + server_name champions.of.galaxy.igarson.app; + listen 80; + return 404; # managed by Certbot + + +} diff --git a/config/sites-available/igarson.conf b/config/sites-available/igarson.conf index 5bfa610..d636ff7 100644 --- a/config/sites-available/igarson.conf +++ b/config/sites-available/igarson.conf @@ -1,3 +1,4 @@ include /etc/nginx/sites-available/base.conf; include /etc/nginx/sites-available/apps.conf; -include /etc/nginx/sites-available/games.conf; \ No newline at end of file +include /etc/nginx/sites-available/games.conf; +include /etc/nginx/sites-available/watcher.conf; diff --git a/config/sites-available/watcher.conf b/config/sites-available/watcher.conf new file mode 100644 index 0000000..0180bda --- /dev/null +++ b/config/sites-available/watcher.conf @@ -0,0 +1,96 @@ +server{ + server_name prometheus.watcher.igarson.app; + access_log /var/log/nginx/ig/access.prometheus.watcher.igarson.app.log; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://127.0.0.1:9090; + proxy_read_timeout 90; + proxy_redirect off; + proxy_http_version 1.1; + } + listen 80; + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/prometheus.watcher.igarson.app/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/prometheus.watcher.igarson.app/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server{ + server_name alertmanager.watcher.igarson.app; + access_log /var/log/nginx/ig/access.alertmanager.watcher.igarson.app.log; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://127.0.0.1:9093; + proxy_read_timeout 90; + proxy_redirect off; + proxy_http_version 1.1; + } + listen 80; + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/alertmanager.watcher.igarson.app/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/alertmanager.watcher.igarson.app/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server{ + server_name unsee.watcher.igarson.app; + access_log /var/log/nginx/ig/access.unsee.watcher.igarson.app.log; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://127.0.0.1:9094; + proxy_read_timeout 90; + proxy_redirect off; + proxy_http_version 1.1; + } + listen 80; + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/unsee.watcher.igarson.app/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/unsee.watcher.igarson.app/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server{ + server_name grafana.watcher.igarson.app; + access_log /var/log/nginx/ig/access.grafana.watcher.igarson.app.log; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://127.0.0.1:3000; + proxy_read_timeout 90; + proxy_redirect off; + proxy_http_version 1.1; + } + listen 80; + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/grafana.watcher.igarson.app/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/grafana.watcher.igarson.app/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} diff --git a/passwords b/passwords index f5fdc20..0d3030a 100644 --- a/passwords +++ b/passwords @@ -1,21 +1,19 @@ #mongo -MONGODB_IG_PASSWORD = jdZwyec3Yb0yaBr8BP+Joup1l/fovAbGT342I2pX8w+X+FqwCeLGvhXBLiL4vmhM +MONGO_HOST=mongoprimary +MONGODB_IG_USER=API +MONGODB_IG_PASSWORD=QBtYse6FYRsM89AS0xGYKCfl7LrO40sbu7n1NU+xLbfoEnoLqmJ3zOG3m2RFOwLb MONGODB_ADVERTISED_HOSTNAME=mongoprimary MONGODB_REPLICA_SET_MODE=primary MONGODB_ROOT_PASSWORD=cWv1WQvWEp+LPdax9We/M6PeT7KgyTE9zKmC5y1ieqz4JtpLiVifJrQg0VHYhE6l MONGODB_REPLICA_SET_KEY=gp39MND7udY6bt9V3h9u+dhxToop4WZTZ2Umn810snSYurlSIPqs/oy0YfjftsBz #pg -POSTGRESQL_USERNAME=igarsonAgent -POSTGRESQL_PASSWORD=xHTpBf4wC+bBeNg2pL6Ga7VEWKFJx7VPEUpqxwPFfOc2YYTVwFQuHfsiqoVeT9+6 -POSTGRESQL_DATABASE=igarsonDB -POSTGRESQL_REPLICATION_MODE=master -POSTGRESQL_REPLICATION_USER=pgreplicator -POSTGRESQL_REPLICATION_PASSWORD=ciXz6xmnEMZSO+0T8L6mGcFJrAvPzkTC04oh/WYIRi51gMQLPfW8tTEHALX6fhk4 +REPMGR_PASSWORD=UjvGvyYXZZTvL1GsST7AJrtmQjqSV+LOihKQaEGyUUtdQAUGSA3BsFEi5B4KoRBF +POSTGRESQL_PASSWORD=xHTpBf4wC+bBeNg2pL6Ga7VEWKFJx7VPEUpqxwPFfOc2YYTVwFQuHfsiqoVeT9+6 #rabbit +RABBITMQ_HOST=rabbitmq RABBITMQ_PASSWORD=muyXH/zymcTYLzk3wYnIwG+UJWECKy0ViUDO+UlCmPF3XS+2kliuV0TaA0mWf6lT RABBITMQ_USERNAME=igarsonAgent #redis -REDIS_REPLICATION_MODE=slave REDIS_MASTER_HOST=redismaster REDIS_MASTER_PORT_NUMBER=6379 REDIS_MASTER_PASSWORD=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== diff --git a/playbooks/server/addDomainAndEncrypt.yml b/playbooks/server/addDomainAndEncrypt.yml index 3458219..331e78a 100644 --- a/playbooks/server/addDomainAndEncrypt.yml +++ b/playbooks/server/addDomainAndEncrypt.yml @@ -2,31 +2,46 @@ - name: letsencrypt hosts: supermaster become: yes - vars_files: - - var/domains.yml tasks: - # - name: add domain to nginx with j2 block - # template: - # src: template/nginx-server-block.j2 - # dest: /tmp/new-nginx-server-block.{{item.server_name}}.conf - # with_items: - # - "{{ newDomains }}" + - name: add domain to nginx with j2 block + template: + src: template/nginx-server-block.j2 + dest: /tmp/new-nginx-server-block.{{item.server_name}}.conf + with_items: + - server_name: mail.igarson.app + server_config: "" + service_port: 9999 + conf_file: base.conf + - # - name: append /tmp/new-nginx-server-block.conf to specific conf - # shell: | - # cat /tmp/new-nginx-server-block.{{item.server_name}}.conf >> /etc/nginx/sites-available/{{ item.conf_file }} - # rm -rf /tmp/new-nginx-server-block.{{item.server_name}}.conf - # with_items: - # - "{{ newDomains }}" + - name: append /tmp/new-nginx-server-block.conf to specific conf + shell: | + cat /tmp/new-nginx-server-block.{{item.server_name}}.conf >> /etc/nginx/sites-available/{{ item.conf_file }} + rm -rf /tmp/new-nginx-server-block.{{item.server_name}}.conf + with_items: + - server_name: mail.igarson.app + server_config: "" + service_port: 9999 + conf_file: base.conf + - name: encrypt all domains - expect: - command: certbot --nginx -d "{{ item.server_name }}" - responses: - Question: - - 2 - - 2 + shell: | + certbot --nginx -d {{item.server_name}} -n --redirect with_items: - - "{{ newDomains }}" + - server_name: mail.igarson.app + server_config: "" + service_port: 9999 + conf_file: base.conf + + - name: Reload nginx to activate specified site + service: name=nginx state=restarted + + - name: cron job for renew certificates + cron: + name: renew_certificates + special_time: weekly + job: certbot renew --post-hook "systemctl reload nginx" + \ No newline at end of file diff --git a/playbooks/server/build.yml b/playbooks/server/build.yml index 27787a3..5567146 100644 --- a/playbooks/server/build.yml +++ b/playbooks/server/build.yml @@ -1,6 +1,6 @@ --- - name: server initial command - hosts: 'all' + hosts: 'new' become: yes become_method: sudo become_user: root @@ -12,48 +12,20 @@ src: hosts dest: /etc/hosts mode: '0644' + + - name: set shecan dns + copy: + src: ../dns/resolv.conf + dest: /etc/resolv.conf + owner: root + group: root + mode: u=rwx,g=rwx,o=rwx - name: disable ufw shell: ufw disable - name: disable swap shell: swapoff -a - - -### sudo ufw allow 2376/tcp && sudo ufw allow 7946/udp && sudo ufw allow 7946/tcp && sudo ufw allow 80/tcp && sudo ufw allow 2377/tcp && sudo ufw allow 4789/udp - - - name: flush iptables - shell: | - iptables -P INPUT ACCEPT - iptables -P FORWARD ACCEPT - iptables -P OUTPUT ACCEPT - iptables -t nat -F - iptables -t mangle -F - iptables -F - iptables -X - - - name: iptables for masters - when: inventory_hostname in groups['masters'] - shell: | - iptables -I INPUT -p tcp --dport 80 -j ACCEPT - iptables -I INPUT -p tcp --dport 443 -j ACCEPT - iptables -I INPUT -p tcp --dport 22 -j ACCEPT - iptables -I INPUT -p tcp --dport 53 -j ACCEPT - iptables -I INPUT -p tcp --dport 2376 -j ACCEPT - iptables -I INPUT -p tcp --dport 7946 -j ACCEPT - iptables -I INPUT -p udp --dport 7946 -j ACCEPT - iptables -I INPUT -p tcp --dport 2377 -j ACCEPT - iptables -I INPUT -p udp --dport 4789 -j ACCEPT - iptables -I INPUT -p tcp --dport 25196 -j ACCEPT - iptables-save >> /etc/iptables.rules.v4 - - - name: iptables for workers - when: inventory_hostname in groups['workers'] - shell: | - iptables -I INPUT -p tcp --dport 80 -j ACCEPT - iptables -I INPUT -p tcp --dport 25196 -j ACCEPT - iptables-save >> /etc/iptables.rules.v4 - - name: sid swap off in fstab shell: sed -i '/swap/d' /etc/fstab @@ -63,8 +35,13 @@ - name: apt-get update apt: update_cache=yes force_apt_get=yes cache_valid_time=3600 - + - name: add docker key and add docker repo + shell: | + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - + sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable" + + - name: installing docker dependencies apt: name: "{{item}}" @@ -77,12 +54,7 @@ - lsb-release - - name: add docker key and add docker repo - shell: | - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable" - - name: installing docker-ce and docker-ce-cli and apt: name: "{{item}}" @@ -103,8 +75,6 @@ - docker - containerd - - - name: create the docker user account user: name=dockerman append=yes state=present createhome=yes shell=/bin/bash @@ -152,15 +122,16 @@ become: dockerman shell: docker login -u {{ registry_user }} -p {{ registry_password }} {{ registry_url }} + - name: add enviroments to all servers + shell: | + echo "export ADMIN_USER=nerdguy" >> /etc/environment + echo "export ADMIN_PASSWORD=RbBmIu1LCgIqKcMmopc1Ie21+1OKsX1ktNCAeiViNIb6HAKkzjJ+GhZlLysItwgm" >> /etc/environment + - name: reboot shell: reboot ignore_errors: yes - - name: add enviroments to all servers - shell: | - echo "export ADMIN_USER=nerdguy" >> /etc/environment - echo "export ADMIN_PASSWORD=RbBmIu1LCgIqKcMmopc1Ie21+1OKsX1ktNCAeiViNIb6HAKkzjJ+GhZlLysItwgm" >> /etc/environment diff --git a/playbooks/server/fetchimportant.yml b/playbooks/server/fetchimportant.yml new file mode 100644 index 0000000..d9d5a98 --- /dev/null +++ b/playbooks/server/fetchimportant.yml @@ -0,0 +1,15 @@ +--- +- name: fetch important folder and files + hosts: supermaster + become: true + vars_files: + - "var/nginx.yml" + tasks: + - name: fetch nginx site-available + fetch: + src: /etc/nginx/sites-available/{{ item }} + dest: ../../config/sites-available/{{item}} + flat: yes + with_items: + - "{{ nginx_confs }}" + - name: backup from /volume \ No newline at end of file diff --git a/playbooks/server/hosts b/playbooks/server/hosts index 43bd6bc..9dcc6d7 100644 --- a/playbooks/server/hosts +++ b/playbooks/server/hosts @@ -10,10 +10,10 @@ ff02::3 ip6-allhosts 87.107.132.77 masterold 87.107.132.78 workerold -192.168.1.6 master1local -192.168.1.73 worker1local -192.168.1.254 worker2local +192.168.1.6 master1 +192.168.1.73 worker1 +192.168.1.254 worker2 +192.168.1.254 worker3 + +31.7.74.79 master1ip -31.7.74.79 master1 -31.7.74.118 worker1 -31.7.74.96 worker2 diff --git a/playbooks/server/supermaster.yml b/playbooks/server/supermaster.yml index a9669d2..986efd8 100644 --- a/playbooks/server/supermaster.yml +++ b/playbooks/server/supermaster.yml @@ -62,11 +62,6 @@ - name: exportfs shell: exportfs -a - - name: set iptables for clients ip for nfs - shell: | - iptables -A INPUT -s "{{ item.local }}"/32 -p tcp -m tcp --dport 2049 -j ACCEPT - with_items: - - "{{ clients }}" - name: create overlay network shell: | diff --git a/playbooks/server/template/nginx-server-block.j2 b/playbooks/server/template/nginx-server-block.j2 index bbb8347..9ee035e 100644 --- a/playbooks/server/template/nginx-server-block.j2 +++ b/playbooks/server/template/nginx-server-block.j2 @@ -14,4 +14,4 @@ server{ } listen 80; -} \ No newline at end of file +} diff --git a/playbooks/server/var/domains.yml b/playbooks/server/var/domains.yml index c0a5c3f..f6a9379 100644 --- a/playbooks/server/var/domains.yml +++ b/playbooks/server/var/domains.yml @@ -16,4 +16,8 @@ domains: - demo.igarson.app - terrace.kermanshah.igarson.app - champions.of.galaxy.igarson.app - +newDomains: + - server_name: champions.of.galaxy.igarson.app + server_config: null + service_port: 9000 + conf_file: base.conf diff --git a/playbooks/server/var/nginx.yml b/playbooks/server/var/nginx.yml new file mode 100644 index 0000000..2ce9286 --- /dev/null +++ b/playbooks/server/var/nginx.yml @@ -0,0 +1,7 @@ +--- +nginx_confs: + - apps.conf + - base.conf + - games.conf + - igarson.conf + - watcher.conf \ No newline at end of file diff --git a/playbooks/server/var/swarm.yml b/playbooks/server/var/swarm.yml index cc88fc3..5940cf1 100644 --- a/playbooks/server/var/swarm.yml +++ b/playbooks/server/var/swarm.yml @@ -1,3 +1,3 @@ --- -manager_token: SWMTKN-1-2qwry99zn95r9ehs30mnyu6b526ccdwlk21ciwri15zjrwbmoj-8z1x15gas5ujyk860zvdbmdnk -worker_token: SWMTKN-1-2qwry99zn95r9ehs30mnyu6b526ccdwlk21ciwri15zjrwbmoj-b0sesv6f6kntbfekxq0vf44os +manager_token: SWMTKN-1-2lc4v06finh32fod6hm675cmfdjgo4eytnmwgyds9vwm0uu2ap-a6tlk6qvbep2q27amo37vzsfo +worker_token: SWMTKN-1-2lc4v06finh32fod6hm675cmfdjgo4eytnmwgyds9vwm0uu2ap-8tcf02zncgup3vsn0rmoys3jg diff --git a/playbooks/server/workers.yml b/playbooks/server/workers.yml index 425ce32..098207a 100644 --- a/playbooks/server/workers.yml +++ b/playbooks/server/workers.yml @@ -1,12 +1,30 @@ --- - name: configure worker for docker swarm become: yes - hosts: workers + hosts: new # add var file vars_files: - "var/swarm.yml" - "var/hosts.yml" + - "var/registry.yml" tasks: + - name: nfs common + when: inventory_hostname in groups['workers'] + apt: + name: nfs-common + state: present + update_cache: yes + + - name: login docker + become: yes + become_user: dockerman + shell: docker login -u {{ registry_user }} -p {{ registry_password }} {{ registry_url }} + + - name: add enviroments to all servers + shell: | + echo "export ADMIN_USER=nerdguy" >> /etc/environment + echo "export ADMIN_PASSWORD=RbBmIu1LCgIqKcMmopc1Ie21+1OKsX1ktNCAeiViNIb6HAKkzjJ+GhZlLysItwgm" >> /etc/environment + - name: join node in swarm as worker shell: docker swarm join --token {{ worker_token }} {{ item.local }}:2377 with_items: diff --git a/port-range b/port-range index f70c80f..f26780b 100644 --- a/port-range +++ b/port-range @@ -16,4 +16,15 @@ 8013 capitan.igarson.app 8014 igarson.app 6732 guardians.of.galaxy.igarson.app ==> must change 8015 -} \ No newline at end of file +8016 yaus.ir +} + +9000-x + {3000} = monitoring +{ + 3000 grafana + 9090 promateus + 9093 alertmanager + 9094 unsee +} + +mailbox 9999 \ No newline at end of file diff --git a/stack.test.yml b/stack.test.yml new file mode 100644 index 0000000..a2df658 --- /dev/null +++ b/stack.test.yml @@ -0,0 +1,36 @@ +version: "3.7" + +networks: + mother: + external: true + + +services: + core: + image: registry.vnfco.ir/ig/api:0.4.4 + environment: + - SPRING_ACTIVE_PROFILE=prod + volumes: + - /Users/amirmoghi3/application-prod.properties:/target/classes/application-prod.properties + deploy: + update_config: + parallelism: 1 + delay: 10s + order: start-first + restart_policy: + condition: any + delay: 5s + window: 120s + resources: + limits: + cpus: '0.75' + memory: 400m + replicas: 1 + mode: replicated + entrypoint: [ "java" ,"-jar","IGAPI.jar" , "--spring.config.location=/target/classes/application-prod.properties"] + ports: + - "8011:8080" + networks: + - mother + + diff --git a/stackDev/mongo/stack.yml b/stackDev/mongo/stack.yml new file mode 100644 index 0000000..e291af9 --- /dev/null +++ b/stackDev/mongo/stack.yml @@ -0,0 +1,98 @@ +version: "3.7" + +networks: + mother: + external: true + +volumes: + mongoprimary-data: + mongosecondary-data: + +services: + mongoprimary: + image: registry.vnfco.ir/library/bitnami/mongodb:4.4.11-debian-10-r5 + volumes: + - mongoprimary-data:/bitnami/mongodb + environment: + - MONGODB_REPLICA_SET_MODE=primary + - MONGODB_REPLICA_SET_NAME=igrep + - MONGODB_ADVERTISED_HOSTNAME=mongoprimary + - MONGODB_ROOT_PASSWORD=cWv1WQvWEp+LPdax9We/M6PeT7KgyTE9zKmC5y1ieqz4JtpLiVifJrQg0VHYhE6l + - MONGODB_REPLICA_SET_KEY=keyissetforlocalreplica + deploy: + update_config: + parallelism: 1 + delay: 10s + order: start-first + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + window: 120s + replicas: 1 + mode: replicated + ports: + - "27011:27017" + networks: + - mother + + + mongosecondary: + image: registry.vnfco.ir/library/bitnami/mongodb:4.4.11-debian-10-r5 + environment: + - MONGODB_REPLICA_SET_MODE=secondary + - MONGODB_REPLICA_SET_NAME=igrep + - MONGODB_ADVERTISED_HOSTNAME=mongosecondary + - MONGODB_INITIAL_PRIMARY_HOST=mongoprimary + - MONGODB_INITIAL_PRIMARY_PORT_NUMBER=27017 + - MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD=cWv1WQvWEp+LPdax9We/M6PeT7KgyTE9zKmC5y1ieqz4JtpLiVifJrQg0VHYhE6l + - MONGODB_REPLICA_SET_KEY=keyissetforlocalreplica + volumes: + - mongosecondary-data:/bitnami/mongodb + deploy: + update_config: + parallelism: 1 + delay: 10s + order: start-first + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + window: 120s + mode: replicated + replicas: 1 + ports: + - "27012:27017" + networks: + - mother + + + + mongoarbiter: + image: registry.vnfco.ir/library/bitnami/mongodb:4.4.11-debian-10-r5 + environment: + - MONGODB_REPLICA_SET_MODE=arbiter + - MONGODB_REPLICA_SET_NAME=igrep + - MONGODB_ADVERTISED_HOSTNAME=mongoarbiter + - MONGODB_INITIAL_PRIMARY_HOST=mongoprimary + - MONGODB_INITIAL_PRIMARY_PORT_NUMBER=27017 + - MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD=cWv1WQvWEp+LPdax9We/M6PeT7KgyTE9zKmC5y1ieqz4JtpLiVifJrQg0VHYhE6l + - MONGODB_REPLICA_SET_KEY=keyissetforlocalreplica + deploy: + update_config: + parallelism: 1 + delay: 10s + order: start-first + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + window: 120s + mode: replicated + replicas: 1 + networks: + - mother + + + + diff --git a/stackDev/pg/stack.yml b/stackDev/pg/stack.yml new file mode 100644 index 0000000..764c373 --- /dev/null +++ b/stackDev/pg/stack.yml @@ -0,0 +1,130 @@ +version: "3.7" + +networks: + mother: + external: true +volumes: + db-1-data: + db-0-data: + +services: + pg-0: + image: registry.vnfco.ir/library/bitnami/postgresql-repmgr:13.5.0-debian-10-r48 + environment: + - REPMGR_PARTNER_NODES=pg-0,pg-1 + - REPMGR_NODE_NAME=pg-0 + - REPMGR_NODE_NETWORK_NAME=pg-0 + - REPMGR_PRIMARY_HOST=pg-0 + - REPMGR_PASSWORD=UjvGvyYXZZTvL1GsST7AJrtmQjqSV+LOihKQaEGyUUtdQAUGSA3BsFEi5B4KoRBF + - POSTGRESQL_PASSWORD=xHTpBf4wC+bBeNg2pL6Ga7VEWKFJx7VPEUpqxwPFfOc2YYTVwFQuHfsiqoVeT9+6 + volumes: + - db-0-data:/bitnami/postgresql + ports: + - "5432:5432" + networks: + - mother + deploy: + update_config: + parallelism: 1 + delay: 10s + order: stop-first + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + window: 120s + + pg-1: + image: registry.vnfco.ir/library/bitnami/postgresql-repmgr:13.5.0-debian-10-r48 + environment: + - REPMGR_PARTNER_NODES=pg-0,pg-1 + - REPMGR_NODE_NAME=pg-1 + - REPMGR_NODE_NETWORK_NAME=pg-1 + - REPMGR_PRIMARY_HOST=pg-0 + - REPMGR_PASSWORD=UjvGvyYXZZTvL1GsST7AJrtmQjqSV+LOihKQaEGyUUtdQAUGSA3BsFEi5B4KoRBF + - POSTGRESQL_PASSWORD=xHTpBf4wC+bBeNg2pL6Ga7VEWKFJx7VPEUpqxwPFfOc2YYTVwFQuHfsiqoVeT9+6 + volumes: + - db-1-data:/bitnami/postgresql + ports: + - "5433:5432" + networks: + - mother + deploy: + update_config: + parallelism: 1 + delay: 10s + order: start-first + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + window: 120s + + # pgmaster: + # image: registry.vnfco.ir/library/crunchydata/crunchy-postgres:centos7-13.1-4.5.1 + # volumes: + # - '/volume/pg:/bitnami/postgresql' + # environment: + # - POSTGRESQL_USERNAME=igarsonAgent + # - POSTGRESQL_PASSWORD=xHTpBf4wC+bBeNg2pL6Ga7VEWKFJx7VPEUpqxwPFfOc2YYTVwFQuHfsiqoVeT9+6 + # - POSTGRESQL_DATABASE=igarsonDB + # - POSTGRESQL_REPLICATION_MODE=master + # - POSTGRESQL_REPLICATION_USER=pgreplicator + # - POSTGRESQL_REPLICATION_PASSWORD=ciXz6xmnEMZSO+0T8L6mGcFJrAvPzkTC04oh/WYIRi51gMQLPfW8tTEHALX6fhk4 + # deploy: + # update_config: + # parallelism: 1 + # delay: 10s + # order: start-first + # restart_policy: + # condition: any + # delay: 5s + # max_attempts: 3 + # window: 120s + # resources: + # limits: + # cpus: '1' + # memory: 300M + # replicas: 1 + # mode: replicated + # placement: + # constraints: + # - node.role == worker + # ports: + # - "5432:5432" + # networks: + # - mother + + # pgslave: + # image: registry.vnfco.ir/library/crunchydata/crunchy-postgres:centos7-13.1-4.5.1 + # environment: + # - POSTGRESQL_REPLICATION_MODE=slave + # - POSTGRESQL_REPLICATION_USER=pgreplicator + # - POSTGRESQL_REPLICATION_PASSWORD=ciXz6xmnEMZSO+0T8L6mGcFJrAvPzkTC04oh/WYIRi51gMQLPfW8tTEHALX6fhk4 + # - POSTGRESQL_MASTER_HOST=pgmaster + # - POSTGRESQL_PASSWORD=xHTpBf4wC+bBeNg2pL6Ga7VEWKFJx7VPEUpqxwPFfOc2YYTVwFQuHfsiqoVeT9+6 + # - POSTGRESQL_MASTER_PORT_NUMBER=5432 + + # deploy: + # update_config: + # parallelism: 1 + # delay: 10s + # order: start-first + # restart_policy: + # condition: any + # delay: 5s + # max_attempts: 3 + # window: 120s + # resources: + # limits: + # cpus: '0.7' + # memory: 300M + # mode: replicated + # replicas: 1 + # placement: + # constraints: + # - node.role == worker + # ports: + # - "5433:5432" + # networks: + # - mother diff --git a/stackDev/rabbitmq/stack.yml b/stackDev/rabbitmq/stack.yml new file mode 100644 index 0000000..d1282e4 --- /dev/null +++ b/stackDev/rabbitmq/stack.yml @@ -0,0 +1,33 @@ + +version: "3.7" + +networks: + mother: + external: true +volumes: + rabbit-data: + + +services: + rabbitmq: + image: registry.vnfco.ir/library/bitnami/rabbitmq:latest + ports: + - '5672' + environment: + - RABBITMQ_PASSWORD=muyXH/zymcTYLzk3wYnIwG+UJWECKy0ViUDO+UlCmPF3XS+2kliuV0TaA0mWf6lT + - RABBITMQ_USERNAME=igarsonAgent + volumes: + - rabbit-data:/bitnami + deploy: + update_config: + parallelism: 1 + delay: 10s + order: start-first + restart_policy: + condition: any + delay: 5s + window: 120s + replicas: 1 + mode: replicated + networks: + - mother \ No newline at end of file diff --git a/stackDev/redis/stack.yml b/stackDev/redis/stack.yml new file mode 100644 index 0000000..123593f --- /dev/null +++ b/stackDev/redis/stack.yml @@ -0,0 +1,102 @@ + +version: "3.7" + +networks: + mother: + external: true + + +volumes: + redis-data: + + +services: + redismaster: + image: registry.vnfco.ir/library/bitnami/redis:5.0.14-debian-10-r90 + ports: + - '6969:6379' + environment: + - REDIS_REPLICATION_MODE=master + - REDISCLI_AUTH=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== + - REDIS_PASSWORD=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== + - REDIS_AOF_ENABLED=no + volumes: + - redis-data:/bitnami + deploy: + update_config: + parallelism: 1 + delay: 10s + order: start-first + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + window: 120s + replicas: 1 + mode: replicated + networks: + - mother + healthcheck: + test: ["CMD-SHELL", "redis-cli ping"] + interval: 5s + timeout: 2s + retries: 3 + start_period: 10s + + redisreplica: + image: registry.vnfco.ir/library/bitnami/redis:5.0.14-debian-10-r90 + ports: + - '6970:6379' + environment: + - REDIS_REPLICATION_MODE=slave + - REDIS_MASTER_HOST=redismaster + - REDIS_MASTER_PORT_NUMBER=6379 + - REDIS_MASTER_PASSWORD=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== + - REDIS_PASSWORD=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== + - REDIS_AOF_ENABLED=no + - REDISCLI_AUTH=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== + deploy: + update_config: + parallelism: 1 + delay: 10s + order: start-first + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + window: 120s + replicas: 1 + mode: replicated + networks: + - mother + healthcheck: + test: ["CMD-SHELL", "redis-cli ping"] + interval: 5s + timeout: 2s + retries: 3 + start_period: 10s + + redissentinel: + image: registry.vnfco.ir/library/bitnami/redis-sentinel:5.0.14-debian-10-r87 + ports: + - '26379:26379' + environment: + - REDIS_SENTINEL_PASSWORD=wgi4KDgvFXLIeB1aiYYYFgMJtOfEI/uGoBv4JrPnhvzdgJCvQidapI3TE/LpheUYwn4T8nmacbkoBasy4+vTNSGgfbntvskXV4LUUp/iByz+Ao61J2Bl9bVC7Tl29TXq5LGEQN4LyPMmLSthYOmFajSNcCEP0xIG + - REDIS_MASTER_HOST=redismaster + - REDIS_MASTER_PASSWORD=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== + - REDIS_SENTINEL_DOWN_AFTER_MILLISECONDS=2000 + - REDIS_SENTINEL_FAILOVER_TIMEOUT=10000 + - REDIS_SENTINEL_QUORUM=1 + - REDISCLI_AUTH=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== + deploy: + update_config: + parallelism: 1 + delay: 10s + order: start-first + restart_policy: + condition: any + delay: 5s + window: 120s + mode: global + networks: + - mother \ No newline at end of file diff --git a/stacks/lvl1/swarmprom/docker-compose.yml b/stacks/lvl1/swarmprom/docker-compose.yml index e45aec4..b7b5f9c 100644 --- a/stacks/lvl1/swarmprom/docker-compose.yml +++ b/stacks/lvl1/swarmprom/docker-compose.yml @@ -164,7 +164,7 @@ services: - node.role == manager resources: limits: - memory: 512M + memory: 1G reservations: memory: 128M diff --git a/stacks/lvl2/mongo/stack.yml b/stacks/lvl2/mongo/stack.yml index d364f20..1694204 100644 --- a/stacks/lvl2/mongo/stack.yml +++ b/stacks/lvl2/mongo/stack.yml @@ -4,19 +4,18 @@ networks: mother: external: true - - services: mongoprimary: - image: registry.vnfco.ir/library/bitnami/mongodb:5.0-debian-10 + image: registry.vnfco.ir/library/bitnami/mongodb:4.4.11-debian-10-r5 volumes: - - /volume/mongo/primary:/data/db + - /volume/mongo/primary:/bitnami/mongodb environment: - - MONGODB_ADVERTISED_HOSTNAME=mongoprimary - MONGODB_REPLICA_SET_MODE=primary + - MONGODB_REPLICA_SET_NAME=igrep + - MONGODB_ADVERTISED_HOSTNAME=mongoprimary - MONGODB_ROOT_PASSWORD=cWv1WQvWEp+LPdax9We/M6PeT7KgyTE9zKmC5y1ieqz4JtpLiVifJrQg0VHYhE6l - - MONGODB_REPLICA_SET_KEY=gp39MND7udY6bt9V3h9u+dhxToop4WZTZ2Umn810snSYurlSIPqs/oy0YfjftsBz + - MONGODB_REPLICA_SET_KEY=keyissetforlocalreplica deploy: update_config: parallelism: 1 @@ -26,60 +25,82 @@ services: condition: any delay: 5s max_attempts: 3 - window: 120s + window: 120s resources: limits: - cpus: '0.25' - memory: 300M + cpus: '0.5' + memory: 350M replicas: 1 mode: replicated placement: constraints: - - node.labels.mongo.replica == 1 - networks: - - mother - - - mongosecondary: - image: registry.vnfco.ir/library/bitnami/mongodb:5.0-debian-10 - environment: - - MONGODB_REPLICA_SET_MODE=secondary - - MONGODB_INITIAL_PRIMARY_HOST=mongoprimary - - MONGODB_INITIAL_PRIMARY_PORT_NUMBER=27017 - - MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD=cWv1WQvWEp+LPdax9We/M6PeT7KgyTE9zKmC5y1ieqz4JtpLiVifJrQg0VHYhE6l - - MONGODB_REPLICA_SET_KEY=gp39MND7udY6bt9V3h9u+dhxToop4WZTZ2Umn810snSYurlSIPqs/oy0YfjftsBz - deploy: - update_config: - parallelism: 1 - delay: 10s - order: start-first - restart_policy: - condition: any - delay: 5s - max_attempts: 3 - window: 120s - resources: - limits: - cpus: '0.25' - memory: 300M - mode: replicated - replicas: 1 - placement: - constraints: - - node.labels.mongo.replica == 2 - port: + - node.role == worker + ports: - "27011:27017" networks: - mother + healthcheck: + test: ["CMD", "mongo", "--eval", "printjson(db.isMaster())" ] + interval: 10s + timeout: 5s + retries: 3 + start_period: 5s + - mongoarbiter: - image: registry.vnfco.ir/library/bitnami/mongodb:5.0-debian-10 + mongosecondary: + image: registry.vnfco.ir/library/bitnami/mongodb:4.4.11-debian-10-r5 environment: - - MONGODB_REPLICA_SET_MODE=arbiter + - MONGODB_REPLICA_SET_MODE=secondary + - MONGODB_REPLICA_SET_NAME=igrep + - MONGODB_ADVERTISED_HOSTNAME=mongosecondary - MONGODB_INITIAL_PRIMARY_HOST=mongoprimary - MONGODB_INITIAL_PRIMARY_PORT_NUMBER=27017 - MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD=cWv1WQvWEp+LPdax9We/M6PeT7KgyTE9zKmC5y1ieqz4JtpLiVifJrQg0VHYhE6l - - MONGODB_REPLICA_SET_KEY=gp39MND7udY6bt9V3h9u+dhxToop4WZTZ2Umn810snSYurlSIPqs/oy0YfjftsBz + - MONGODB_REPLICA_SET_KEY=keyissetforlocalreplica + volumes: + - /volume/mongo/secondary:/bitnami/mongodb + deploy: + update_config: + parallelism: 1 + delay: 10s + order: start-first + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + window: 120s + resources: + limits: + cpus: '0.25' + memory: 350M + mode: replicated + replicas: 1 + placement: + constraints: + - node.role == worker + ports: + - "27012:27017" + networks: + - mother + healthcheck: + test: ["CMD", "mongo", "--eval", "printjson(db.isMaster())" ] + interval: 10s + timeout: 5s + retries: 3 + start_period: 5s + + + + mongoarbiter: + image: registry.vnfco.ir/library/bitnami/mongodb:4.4.11-debian-10-r5 + environment: + - MONGODB_REPLICA_SET_MODE=arbiter + - MONGODB_REPLICA_SET_NAME=igrep + - MONGODB_ADVERTISED_HOSTNAME=mongoarbiter + - MONGODB_INITIAL_PRIMARY_HOST=mongoprimary + - MONGODB_INITIAL_PRIMARY_PORT_NUMBER=27017 + - MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD=cWv1WQvWEp+LPdax9We/M6PeT7KgyTE9zKmC5y1ieqz4JtpLiVifJrQg0VHYhE6l + - MONGODB_REPLICA_SET_KEY=keyissetforlocalreplica deploy: update_config: parallelism: 1 @@ -95,14 +116,18 @@ services: cpus: '0.2' memory: 100M mode: replicated - replicas: 0 + replicas: 1 placement: constraints: - - node.labels.mongo.replica == 2 - port: - - "27012:27017" + - node.role == worker networks: - mother + healthcheck: + test: ["CMD", "mongo", "--eval", "printjson(db.isMaster())" ] + interval: 10s + timeout: 5s + retries: 3 + start_period: 5s diff --git a/stacks/lvl2/pg/stack.yml b/stacks/lvl2/pg/stack.yml index d48d811..3cdbb30 100644 --- a/stacks/lvl2/pg/stack.yml +++ b/stacks/lvl2/pg/stack.yml @@ -1,61 +1,72 @@ - version: "3.7" networks: mother: external: true - - - services: - pgmaster: - image: registry.vnfco.ir/library/bitnami/postgresql:13 - volumes: - - '/volume/pg:/bitnami/postgresql' + pg-0: + image: registry.vnfco.ir/library/bitnami/postgresql-repmgr:13.5.0-debian-10-r48 environment: - - POSTGRESQL_USERNAME=igarsonAgent + - REPMGR_PARTNER_NODES=pg-0,pg-1 + - REPMGR_NODE_NAME=pg-0 + - REPMGR_NODE_NETWORK_NAME=pg-0 + - REPMGR_PRIMARY_HOST=pg-0 + - REPMGR_PASSWORD=UjvGvyYXZZTvL1GsST7AJrtmQjqSV+LOihKQaEGyUUtdQAUGSA3BsFEi5B4KoRBF - POSTGRESQL_PASSWORD=xHTpBf4wC+bBeNg2pL6Ga7VEWKFJx7VPEUpqxwPFfOc2YYTVwFQuHfsiqoVeT9+6 + - POSTGRESQL_POSTGRES_PASSWORD=xHTpBf4wC+bBeNg2pL6Ga7VEWKFJx7VPEUpqxwPFfOc2YYTVwFQuHfsiqoVeT9+6 + - POSTGRESQL_USERNAME=igarsonAgent - POSTGRESQL_DATABASE=igarsonDB - - POSTGRESQL_REPLICATION_MODE=master - - POSTGRESQL_REPLICATION_USER=pgreplicator - - POSTGRESQL_REPLICATION_PASSWORD=ciXz6xmnEMZSO+0T8L6mGcFJrAvPzkTC04oh/WYIRi51gMQLPfW8tTEHALX6fhk4 + volumes: + - /volume/pg/pg_0_data:/bitnami/postgresql + ports: + - "5432:5432" + networks: + - mother deploy: - update_config: - parallelism: 1 - delay: 10s - order: start-first - restart_policy: - condition: any - delay: 5s - max_attempts: 3 - window: 120s - resources: - limits: - cpus: '0.7' - memory: 500M - replicas: 1 - mode: replicated placement: constraints: - - node.labels.mongo.replica == 1 + - node.role == worker + resources: + limits: + cpus: "1" + memory: 300M + update_config: + parallelism: 1 + delay: 10s + order: stop-first + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + window: 120s + + pg-1: + image: registry.vnfco.ir/library/bitnami/postgresql-repmgr:13.5.0-debian-10-r48 + environment: + - REPMGR_PARTNER_NODES=pg-0,pg-1 + - REPMGR_NODE_NAME=pg-1 + - REPMGR_NODE_NETWORK_NAME=pg-1 + - REPMGR_PRIMARY_HOST=pg-0 + - REPMGR_PASSWORD=UjvGvyYXZZTvL1GsST7AJrtmQjqSV+LOihKQaEGyUUtdQAUGSA3BsFEi5B4KoRBF + - POSTGRESQL_PASSWORD=xHTpBf4wC+bBeNg2pL6Ga7VEWKFJx7VPEUpqxwPFfOc2YYTVwFQuHfsiqoVeT9+6 + - POSTGRESQL_POSTGRES_PASSWORD=xHTpBf4wC+bBeNg2pL6Ga7VEWKFJx7VPEUpqxwPFfOc2YYTVwFQuHfsiqoVeT9+6 + - POSTGRESQL_USERNAME=igarsonAgent + - POSTGRESQL_DATABASE=igarsonDB + volumes: + - /volume/pg/pg_1_data:/bitnami/postgresql ports: - - 5432 + - "5433:5432" networks: - mother - - - pgslave1: - image: registry.vnfco.ir/library/bitnami/postgresql:13 - environment: - - POSTGRESQL_REPLICATION_MODE=slave - - POSTGRESQL_REPLICATION_USER=pgreplicator - - POSTGRESQL_REPLICATION_PASSWORD=ciXz6xmnEMZSO+0T8L6mGcFJrAvPzkTC04oh/WYIRi51gMQLPfW8tTEHALX6fhk4 - - POSTGRESQL_MASTER_HOST=pgmaster - - POSTGRESQL_PASSWORD=xHTpBf4wC+bBeNg2pL6Ga7VEWKFJx7VPEUpqxwPFfOc2YYTVwFQuHfsiqoVeT9+6 - - POSTGRESQL_MASTER_PORT_NUMBER=5432 - deploy: + placement: + constraints: + - node.role == worker + resources: + limits: + cpus: "0.5" + memory: 300M update_config: parallelism: 1 delay: 10s @@ -64,22 +75,74 @@ services: condition: any delay: 5s max_attempts: 3 - window: 120s - resources: - limits: - cpus: '0.3' - memory: 300M - mode: replicated - replicas: 1 - placement: - constraints: - - node.labels.mongo.replica == 2 - ports: - - 5432 - networks: - - mother - + window: 120s + # pgmaster: + # image: registry.vnfco.ir/library/crunchydata/crunchy-postgres:centos7-13.1-4.5.1 + # volumes: + # - '/volume/pg:/bitnami/postgresql' + # environment: + # - POSTGRESQL_USERNAME=igarsonAgent + # - POSTGRESQL_PASSWORD=xHTpBf4wC+bBeNg2pL6Ga7VEWKFJx7VPEUpqxwPFfOc2YYTVwFQuHfsiqoVeT9+6 + # - POSTGRESQL_DATABASE=igarsonDB + # - POSTGRESQL_REPLICATION_MODE=master + # - POSTGRESQL_REPLICATION_USER=pgreplicator + # - POSTGRESQL_REPLICATION_PASSWORD=ciXz6xmnEMZSO+0T8L6mGcFJrAvPzkTC04oh/WYIRi51gMQLPfW8tTEHALX6fhk4 + # deploy: + # update_config: + # parallelism: 1 + # delay: 10s + # order: start-first + # restart_policy: + # condition: any + # delay: 5s + # max_attempts: 3 + # window: 120s + # resources: + # limits: + # cpus: '1' + # memory: 300M + # replicas: 1 + # mode: replicated + # placement: + # constraints: + # - node.role == worker + # ports: + # - "5432:5432" + # networks: + # - mother + # pgslave: + # image: registry.vnfco.ir/library/crunchydata/crunchy-postgres:centos7-13.1-4.5.1 + # environment: + # - POSTGRESQL_REPLICATION_MODE=slave + # - POSTGRESQL_REPLICATION_USER=pgreplicator + # - POSTGRESQL_REPLICATION_PASSWORD=ciXz6xmnEMZSO+0T8L6mGcFJrAvPzkTC04oh/WYIRi51gMQLPfW8tTEHALX6fhk4 + # - POSTGRESQL_MASTER_HOST=pgmaster + # - POSTGRESQL_PASSWORD=xHTpBf4wC+bBeNg2pL6Ga7VEWKFJx7VPEUpqxwPFfOc2YYTVwFQuHfsiqoVeT9+6 + # - POSTGRESQL_MASTER_PORT_NUMBER=5432 + # deploy: + # update_config: + # parallelism: 1 + # delay: 10s + # order: start-first + # restart_policy: + # condition: any + # delay: 5s + # max_attempts: 3 + # window: 120s + # resources: + # limits: + # cpus: '0.7' + # memory: 300M + # mode: replicated + # replicas: 1 + # placement: + # constraints: + # - node.role == worker + # ports: + # - "5433:5432" + # networks: + # - mother diff --git a/stacks/lvl2/rabbitmq/stack.yml b/stacks/lvl2/rabbitmq/stack.yml index 90740b3..68177a9 100644 --- a/stacks/lvl2/rabbitmq/stack.yml +++ b/stacks/lvl2/rabbitmq/stack.yml @@ -11,15 +11,10 @@ services: ports: - '5672' environment: - - RABBITMQ_PASSWORD=muyXH/zymcTYLzk3wYnIwG+UJWECKy0ViUDO+UlCmPF3XS+2kliuV0TaA0mWf6lT + - RABBITMQ_PASSWORD=muyXHzymcTYLzk3wYnIwG+UJWECKy0ViUDO+UlCmPF3XS+2kliuV0TaA0mWf6lT - RABBITMQ_USERNAME=igarsonAgent volumes: - '/volume/rabbit:/bitnami' - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:5672"] - interval: 10s - timeout: 3s - retries: 5 deploy: update_config: parallelism: 1 @@ -36,4 +31,10 @@ services: replicas: 1 mode: replicated networks: - - mother \ No newline at end of file + - mother + healthcheck: + test: ["CMD", "rabbitmqctl", "status"] + interval: 10s + timeout: 5s + retries: 3 + start_period: 5s \ No newline at end of file diff --git a/stacks/lvl2/redis/stack.yml b/stacks/lvl2/redis/stack.yml index d608081..8013d9b 100644 --- a/stacks/lvl2/redis/stack.yml +++ b/stacks/lvl2/redis/stack.yml @@ -7,12 +7,14 @@ networks: services: redismaster: - image: registry.vnfco.ir/library/bitnami/redis:latest + image: registry.vnfco.ir/library/bitnami/redis:5.0.14-debian-10-r90 ports: - '6969:6379' environment: - REDIS_REPLICATION_MODE=master + - REDISCLI_AUTH=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== - REDIS_PASSWORD=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== + - REDIS_AOF_ENABLED=no volumes: - '/volume/redis:/bitnami' deploy: @@ -27,44 +29,85 @@ services: window: 120s resources: limits: - cpus: '0.4' - memory: 500M + cpus: '0.5' replicas: 1 mode: replicated placement: constraints: - - node.labels.mongo.replica == 1 + - node.role == worker networks: - mother + healthcheck: + test: ["CMD-SHELL", "redis-cli ping"] + interval: 5s + timeout: 2s + retries: 3 + start_period: 10s - redisreplica: - image: registry.vnfco.ir/library/bitnami/redis:latest - ports: - - '6379' - environment: - - REDIS_REPLICATION_MODE=slave - - REDIS_MASTER_HOST=redismaster - - REDIS_MASTER_PORT_NUMBER=6379 - - REDIS_MASTER_PASSWORD=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== - - REDIS_PASSWORD=gpGS7RezaKsWRH+qga95z6JTTxvecrpFShRR9IXqWZO2o5Kf8YAoNvGni9Zh5GGIM0Oz+e9+Cph9XDjfs3phgauiFtsEDkAf/1dxR8CixIzddcXKXgaawiqfwB8WCuM/2k8Iw7cv2wqoIdWrhdHbn96N//Su57Ri4hy5CRbUAl7VmGd9EL1sGytOJmXzQOi3lJBWvfVWbYBmgALwVQSads6g+OHmP2wpXsTsYMG1thppJVGo7i5Rh515hAuAGWTed4Ayqoe1muRR1L1Rs8pdA7IH/u4kOL1758Idd3BfTTRkr7xfjXY40dM0BkUqL5E4rOga38ThaVC99g== - deploy: - update_config: - parallelism: 1 - delay: 10s - order: start-first - restart_policy: - condition: any - delay: 5s - max_attempts: 3 - window: 120s - resources: - limits: - cpus: '0.3' - memory: 300M - replicas: 1 - mode: replicated - placement: - constraints: - - node.labels.mongo.replica == 2 - networks: - - mother \ No newline at end of file + # redisreplica: + # image: registry.vnfco.ir/library/bitnami/redis:5.0.14-debian-10-r90 + # ports: + # - '6970:6379' + # environment: + # - REDIS_REPLICATION_MODE=slave + # - REDIS_MASTER_HOST=redismaster + # - REDIS_MASTER_PORT_NUMBER=6379 + # - REDIS_MASTER_PASSWORD=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== + # - REDIS_PASSWORD=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== + # - REDIS_AOF_ENABLED=no + # - REDISCLI_AUTH=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== + # deploy: + # update_config: + # parallelism: 1 + # delay: 10s + # order: start-first + # restart_policy: + # condition: any + # delay: 5s + # max_attempts: 3 + # window: 120s + # resources: + # limits: + # cpus: '0.5' + # replicas: 1 + # mode: replicated + # placement: + # constraints: + # - node.role == worker + # networks: + # - mother + # healthcheck: + # test: ["CMD-SHELL", "redis-cli ping"] + # interval: 5s + # timeout: 2s + # retries: 3 + # start_period: 10s + + # redissentinel: + # image: registry.vnfco.ir/library/bitnami/redis-sentinel:5.0.14-debian-10-r87 + # ports: + # - '26379:26379' + # environment: + # - REDIS_SENTINEL_PASSWORD=wgi4KDgvFXLIeB1aiYYYFgMJtOfEI/uGoBv4JrPnhvzdgJCvQidapI3TE/LpheUYwn4T8nmacbkoBasy4+vTNSGgfbntvskXV4LUUp/iByz+Ao61J2Bl9bVC7Tl29TXq5LGEQN4LyPMmLSthYOmFajSNcCEP0xIG + # - REDIS_MASTER_HOST=redismaster + # - REDIS_MASTER_PASSWORD=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== + # - REDIS_SENTINEL_DOWN_AFTER_MILLISECONDS=2000 + # - REDIS_SENTINEL_FAILOVER_TIMEOUT=10000 + # - REDIS_SENTINEL_QUORUM=1 + # - REDISCLI_AUTH=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== + # deploy: + # update_config: + # parallelism: 1 + # delay: 10s + # order: start-first + # restart_policy: + # condition: any + # delay: 5s + # window: 120s + # resources: + # limits: + # cpus: '0.3' + # memory: 10M + # mode: global + # networks: + # - mother \ No newline at end of file diff --git a/stacks/lvl3/stack.yml b/stacks/lvl3/stack.yml index 30a10cb..fb1b682 100644 --- a/stacks/lvl3/stack.yml +++ b/stacks/lvl3/stack.yml @@ -9,18 +9,10 @@ networks: services: - ls: - image: registry.vnfco.ir/ig/ls:test - # environment: - # - NODE_ENV=production - # - REACT_APP_SIGNAL_URL=https://ls.igarson.app - # - REACT_APP_PATH_URL=/api/v1 - # - REACT_APP_STORAGE_URL=https://storage.igarson.app - # - REACT_APP_SIGNAL_URL_PATH=/restauranthub - # - REACT_APP_LOG_LENGTH=20 - # - REACT_APP_SOCKET_SECRET=GodProtectedKeyTools - # - REACT_APP_SECRET_KEY_GAME=6JCvBmi1ADry5Qk0bLaV+5klnAqYaVtjn+HSHG4N4pOAEl480saobylNWcudDxhvgw6q0yzVmbYH+lQIS3RmEHLXRHYAHxsdXl5MBuqU/p1oCC3SWmYke1SWHkoTUOm1f8SBZ1HucOxBHv7psqFUu5lG38P/EPiozv6/0qDU+vVFFp6v9ZTigBihLll0mU6qR14krot8+y9tOnrLDkHxw3wLvWsB4wgd9+RAY97Gzzs7ix3nAXthsT+jPWdyuENiKSuKEyHKbDqciJRBGqktgYU9XkYIfZzEm4cxhscT9jqNsUg2ml+uJdDQOps2mL5LgNetWWmcP43xPIkxAwu5oK873GV3uZOdQqYE2CBYT66+/+Yp5xzoL4+qZUUiDEpfWKm+clRlAm1Keiur + image: registry.vnfco.ir/ig/localserver:latest + environment: + - ASPNETCORE_ENVIRONMENT=Production deploy: update_config: parallelism: 1 @@ -36,29 +28,25 @@ services: memory: 1Gi replicas: 1 mode: replicated - # placement: - # constraints: - # - node.labels.overload == 1 + placement: + constraints: + - node.role == worker volumes: - type: bind source: /volume/ig/ls/wwwroot - target: /publish/wwwroot + target: /app/wwwroot + - type: bind + source: /volume/config/ls/appsettings.Production.json + target: /app/appsettings.Production.json ports: - 8010:8010 networks: - mother core: - image: registry.vnfco.ir/ig/api:test - # environment: - # - NODE_ENV=production - # - REACT_APP_SIGNAL_URL=https://ls.igarson.app - # - REACT_APP_PATH_URL=/api/v1 - # - REACT_APP_STORAGE_URL=https://storage.igarson.app - # - REACT_APP_SIGNAL_URL_PATH=/restauranthub - # - REACT_APP_LOG_LENGTH=20 - # - REACT_APP_SOCKET_SECRET=GodProtectedKeyTools - # - REACT_APP_SECRET_KEY_GAME=6JCvBmi1ADry5Qk0bLaV+5klnAqYaVtjn+HSHG4N4pOAEl480saobylNWcudDxhvgw6q0yzVmbYH+lQIS3RmEHLXRHYAHxsdXl5MBuqU/p1oCC3SWmYke1SWHkoTUOm1f8SBZ1HucOxBHv7psqFUu5lG38P/EPiozv6/0qDU+vVFFp6v9ZTigBihLll0mU6qR14krot8+y9tOnrLDkHxw3wLvWsB4wgd9+RAY97Gzzs7ix3nAXthsT+jPWdyuENiKSuKEyHKbDqciJRBGqktgYU9XkYIfZzEm4cxhscT9jqNsUg2ml+uJdDQOps2mL5LgNetWWmcP43xPIkxAwu5oK873GV3uZOdQqYE2CBYT66+/+Yp5xzoL4+qZUUiDEpfWKm+clRlAm1Keiur + image: registry.vnfco.ir/ig/api:latest + environment: + - SPRING_PROFILES_ACTIVE=prod deploy: update_config: parallelism: 1 @@ -71,32 +59,35 @@ services: resources: limits: cpus: '1' - memory: 1Gi + memory: 500m replicas: 1 mode: replicated - # placement: - # constraints: - # - node.labels.overload == 1 + placement: + constraints: + - node.role == worker volumes: - type: bind source: /volume/ig/api/storage target: /target/storage + - type: bind + source: /volume/config/core/application-prod.properties + target: /target/classes/application-prod.properties ports: - - 8011:8011 + - 8011:8080 networks: - mother + + sms: - image: registry.vnfco.ir/ig/sms:test - # environment: - # - NODE_ENV=production - # - REACT_APP_SIGNAL_URL=https://ls.igarson.app - # - REACT_APP_PATH_URL=/api/v1 - # - REACT_APP_STORAGE_URL=https://storage.igarson.app - # - REACT_APP_SIGNAL_URL_PATH=/restauranthub - # - REACT_APP_LOG_LENGTH=20 - # - REACT_APP_SOCKET_SECRET=GodProtectedKeyTools - # - REACT_APP_SECRET_KEY_GAME=6JCvBmi1ADry5Qk0bLaV+5klnAqYaVtjn+HSHG4N4pOAEl480saobylNWcudDxhvgw6q0yzVmbYH+lQIS3RmEHLXRHYAHxsdXl5MBuqU/p1oCC3SWmYke1SWHkoTUOm1f8SBZ1HucOxBHv7psqFUu5lG38P/EPiozv6/0qDU+vVFFp6v9ZTigBihLll0mU6qR14krot8+y9tOnrLDkHxw3wLvWsB4wgd9+RAY97Gzzs7ix3nAXthsT+jPWdyuENiKSuKEyHKbDqciJRBGqktgYU9XkYIfZzEm4cxhscT9jqNsUg2ml+uJdDQOps2mL5LgNetWWmcP43xPIkxAwu5oK873GV3uZOdQqYE2CBYT66+/+Yp5xzoL4+qZUUiDEpfWKm+clRlAm1Keiur + image: registry.vnfco.ir/ig/sms:latest + environment: + - QUEUE_NAME=ig-sms + - RABBIT_URI=amqp://igarsonAgent:muyXHzymcTYLzk3wYnIwG+UJWECKy0ViUDO+UlCmPF3XS+2kliuV0TaA0mWf6lT@rabbitmq:5672 + - SMS_SERVICE_URI=https://api.kavenegar.com/v1/ + - SMS_SERVICE_CONTEXT_PATH=/sms/send.json + - USERAPIKEY=7461633837643439575446434F7161634F676C58426E674B396A5356586A3173 + - SECRETKEY=!#u*(!@ofOAJDU31y+ deploy: update_config: parallelism: 1 @@ -109,7 +100,7 @@ services: resources: limits: cpus: '0.5' - memory: 50M + memory: 10m replicas: 1 mode: replicated placement: @@ -117,12 +108,41 @@ services: - node.role == worker networks: - mother - - + + yaus: + image: registry.vnfco.ir/ig/yaus:latest + environment: + - MONGO_URL=mongodb://API:dljHVOHjf6123HDHWADOU8123@mongoprimary:27017,mongosecondary:27017/yaus?authSource=yaus + - URL_NOTFOUND=https://igarson.app/notfound + - TOLL=https://igarson.app/goto?dest= + - COLLECTION_MONGO="urls" + - DATABASE_MONGO=yaus + - DOMAIN=qr.igarson.app + deploy: + update_config: + parallelism: 1 + delay: 10s + order: start-first + restart_policy: + condition: any + delay: 5s + window: 120s + resources: + limits: + cpus: '0.5' + memory: 10m + replicas: 1 + mode: replicated + placement: + constraints: + - node.role == worker + ports: + - "8016:8000" + networks: + - mother - diff --git a/stacks/lvl4/stack.yml b/stacks/lvl4/stack.yml index 53f7c9e..9e7c9d4 100644 --- a/stacks/lvl4/stack.yml +++ b/stacks/lvl4/stack.yml @@ -11,7 +11,7 @@ networks: services: menu: - image: registry.vnfco.ir/ig/pwa:test + image: registry.vnfco.ir/ig/pwa:latest # environment: # - NODE_ENV=production # - REACT_APP_SIGNAL_URL=https://ls.igarson.app @@ -32,7 +32,7 @@ services: window: 120s resources: limits: - cpus: '0.5' + cpus: '0.3' memory: 50M replicas: 1 mode: replicated @@ -47,7 +47,7 @@ services: capitan: - image: registry.vnfco.ir/ig/garson:test + image: registry.vnfco.ir/ig/garson:latest # environment: # - NODE_ENV=production # - REACT_APP_SIGNAL_URL=https://ls.igarson.app @@ -68,7 +68,7 @@ services: window: 120s resources: limits: - cpus: '0.5' + cpus: '0.3' memory: 50M replicas: 1 mode: replicated @@ -83,7 +83,7 @@ services: website: - image: registry.vnfco.ir/ig/website:test + image: registry.vnfco.ir/ig/website:latest # environment: # - NODE_ENV=production # - REACT_APP_SIGNAL_URL=https://ls.igarson.app @@ -104,7 +104,7 @@ services: window: 120s resources: limits: - cpus: '0.5' + cpus: '0.3' memory: 50M replicas: 1 mode: replicated @@ -116,8 +116,8 @@ services: networks: - mother - adminpanel: - image: registry.vnfco.ir/ig/admin:test + admin: + image: registry.vnfco.ir/ig/admin:latest # environment: # - NODE_ENV=production # - REACT_APP_SIGNAL_URL=https://ls.igarson.app @@ -138,7 +138,7 @@ services: window: 120s resources: limits: - cpus: '0.5' + cpus: '0.3' memory: 50M replicas: 1 mode: replicated @@ -151,7 +151,7 @@ services: - mother # shop: -# image: registry.vnfco.ir/ig/shop:test +# image: registry.vnfco.ir/ig/shop:latest # # environment: # # - NODE_ENV=production # # - REACT_APP_SIGNAL_URL=https://ls.igarson.app diff --git a/stacks/lvl5/poste.io/stack.yml b/stacks/lvl5/poste.io/stack.yml new file mode 100644 index 0000000..d4d5cc3 --- /dev/null +++ b/stacks/lvl5/poste.io/stack.yml @@ -0,0 +1,50 @@ +version: "3.7" + +networks: + mother: + external: true + +services: + poste: + image: registry.vnfco.ir/library/analogic/poste.io:latest + environment: + - HTTPS=OFF + - HTTP_PORT=9090 + - DISABLE_CLAMAV=TRUE + - DISABLE_RSPAMD=TRUE + - TZ=Asia/Tehran + - VIRTUAL_HOST=mail.igarson.app + - LETSENCRYPT_EMAIL=admin@igarson.app + - LETSENCRYPT_HOST=mail.igarson.app + deploy: + update_config: + parallelism: 1 + delay: 10s + order: start-first + restart_policy: + condition: any + delay: 5s + window: 120s + resources: + limits: + cpus: '0.5' + memory: 200m + replicas: 1 + mode: replicated + placement: + constraints: + - node.role == worker + volumes: + - /etc/localtime:/etc/localtime:ro + - /volume/poste/data:/data + ports: + - "25:25" + - "110:110" + - "143:143" + - "587:587" + - "993:993" + - "995:995" + - "4190:4190" + - "9090:9090" + networks: + - mother \ No newline at end of file diff --git a/stacks/lvlTest/IGTEST/stack.yml b/stacks/lvlTest/IGTEST/stack.yml new file mode 100644 index 0000000..e69de29 diff --git a/stacks/lvlTest/MOTHER/stack.test.yml b/stacks/lvlTest/MOTHER/stack.test.yml new file mode 100644 index 0000000..81de09e --- /dev/null +++ b/stacks/lvlTest/MOTHER/stack.test.yml @@ -0,0 +1,113 @@ +version: "3.7" + +networks: + mother: + external: true + + +services: + mongo1: + image: registry.vnfco.ir/library/bitnami/mongodb:4.4.11-debian-10-r5 + volumes: + - /volume/mongo/primary:/bitnami/mongodb + environment: + - MONGODB_ADVERTISED_HOSTNAME=mongoprimary + - MONGODB_ROOT_PASSWORD=cWv1WQvWEp+LPdax9WeM6PeT7KgyTE9zKmC5y1ieqz4JtpLiVifJrQg0VHYhE6l + deploy: + update_config: + parallelism: 1 + delay: 10s + order: start-first + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + window: 120s + resources: + limits: + cpus: '0.5' + memory: 350M + replicas: 1 + mode: replicated + placement: + constraints: + - node.role == worker + ports: + - "27011:27017" + networks: + - mother +#REDIS + redis: + image: registry.vnfco.ir/library/redis:primary + deploy: + placement: + constraints: + - node.role==worker + resources: + limits: + cpus: '0.30' + memory: 20M + update_config: + parallelism: 1 + delay: 10s + order: stop-first + restart_policy: + condition: any + delay: 5s + max_attempts: 10 + window: 120s + networks: + - mother + volumes: + - /volume/redis:/data + ports: + - "6969:6379" + +# RABBIT + rabbit: + image: registry.vnfco.ir/library/rabbitmq:3.8.19-management-alpine + deploy: + placement: + constraints: + - node.role==worker + resources: + reservations: + cpus: '0.25' + memory: 100M + restart_policy: + condition: any + delay: 10s + max_attempts: 5 + environment: + - RABBITMQ_DEFAULT_PASS=22102210aA + - RABBITMQ_DEFAULT_USER=MyNameIsAdmin + networks: + - mother + ports: + - "5672:5672" + - "15672:15672" + pg: + image: registry.vnfco.ir/library/bitnami/postgresql:12 + deploy: + placement: + constraints: + - node.role==worker + update_config: + parallelism: 1 + delay: 10s + order: stop-first + restart_policy: + condition: any + delay: 5s + max_attempts: 10 + window: 120s + environment: + - POSTGRESQL_USERNAME=igarsonAgent + - POSTGRESQL_PASSWORD=aXysDgz7Nfr55dT5VEXmTDoqsUOG/gl4kmEe6QD/oqwna95RiYXrAyy8 + - POSTGRESQL_DATABASE=igarsonDB + networks: + - mother + volumes: + - /volume/postgres:/bitnami/postgresql + ports: + - "5431:5432" \ No newline at end of file diff --git a/stacks/lvlTest/singlemongonode/Dockerfile b/stacks/lvlTest/singlemongonode/Dockerfile new file mode 100644 index 0000000..f0afe96 --- /dev/null +++ b/stacks/lvlTest/singlemongonode/Dockerfile @@ -0,0 +1,4 @@ +FROM mongo:4.4-rc-focal +COPY docker-entrypoint.sh /usr/local/bin/ +RUN chmod 777 /usr/local/bin/docker-entrypoint.sh +ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] diff --git a/stacks/lvlTest/singlemongonode/docker-entrypoint.sh b/stacks/lvlTest/singlemongonode/docker-entrypoint.sh new file mode 100644 index 0000000..f38d85f --- /dev/null +++ b/stacks/lvlTest/singlemongonode/docker-entrypoint.sh @@ -0,0 +1,341 @@ +#!/bin/bash +set -Eeuo pipefail + +if [ "${1:0:1}" = '-' ]; then + set -- mongod "$@" +fi + +originalArgOne="$1" + +# allow the container to be started with `--user` +# all mongo* commands should be dropped to the correct user +if [[ "$originalArgOne" == mongo* ]] && [ "$(id -u)" = '0' ]; then + if [ "$originalArgOne" = 'mongod' ]; then + find /data/configdb /data/db \! -user mongodb -exec chown mongodb '{}' + + fi + + # make sure we can write to stdout and stderr as "mongodb" + # (for our "initdb" code later; see "--logpath" below) + chown --dereference mongodb "/proc/$$/fd/1" "/proc/$$/fd/2" || : + # ignore errors thanks to https://github.com/docker-library/mongo/issues/149 + + exec gosu mongodb "$BASH_SOURCE" "$@" +fi + +# you should use numactl to start your mongod instances, including the config servers, mongos instances, and any clients. +# https://docs.mongodb.com/manual/administration/production-notes/#configuring-numa-on-linux +if [[ "$originalArgOne" == mongo* ]]; then + numa='numactl --interleave=all' + if $numa true &> /dev/null; then + set -- $numa "$@" + fi +fi + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# see https://github.com/docker-library/mongo/issues/147 (mongod is picky about duplicated arguments) +_mongod_hack_have_arg() { + local checkArg="$1"; shift + local arg + for arg; do + case "$arg" in + "$checkArg"|"$checkArg"=*) + return 0 + ;; + esac + done + return 1 +} +# _mongod_hack_get_arg_val '--some-arg' "$@" +_mongod_hack_get_arg_val() { + local checkArg="$1"; shift + while [ "$#" -gt 0 ]; do + local arg="$1"; shift + case "$arg" in + "$checkArg") + echo "$1" + return 0 + ;; + "$checkArg"=*) + echo "${arg#$checkArg=}" + return 0 + ;; + esac + done + return 1 +} +declare -a mongodHackedArgs +# _mongod_hack_ensure_arg '--some-arg' "$@" +# set -- "${mongodHackedArgs[@]}" +_mongod_hack_ensure_arg() { + local ensureArg="$1"; shift + mongodHackedArgs=( "$@" ) + if ! _mongod_hack_have_arg "$ensureArg" "$@"; then + mongodHackedArgs+=( "$ensureArg" ) + fi +} +# _mongod_hack_ensure_no_arg '--some-unwanted-arg' "$@" +# set -- "${mongodHackedArgs[@]}" +_mongod_hack_ensure_no_arg() { + local ensureNoArg="$1"; shift + mongodHackedArgs=() + while [ "$#" -gt 0 ]; do + local arg="$1"; shift + if [ "$arg" = "$ensureNoArg" ]; then + continue + fi + mongodHackedArgs+=( "$arg" ) + done +} +# _mongod_hack_ensure_no_arg '--some-unwanted-arg' "$@" +# set -- "${mongodHackedArgs[@]}" +_mongod_hack_ensure_no_arg_val() { + local ensureNoArg="$1"; shift + mongodHackedArgs=() + while [ "$#" -gt 0 ]; do + local arg="$1"; shift + case "$arg" in + "$ensureNoArg") + shift # also skip the value + continue + ;; + "$ensureNoArg"=*) + # value is already included + continue + ;; + esac + mongodHackedArgs+=( "$arg" ) + done +} +# _mongod_hack_ensure_arg_val '--some-arg' 'some-val' "$@" +# set -- "${mongodHackedArgs[@]}" +_mongod_hack_ensure_arg_val() { + local ensureArg="$1"; shift + local ensureVal="$1"; shift + _mongod_hack_ensure_no_arg_val "$ensureArg" "$@" + mongodHackedArgs+=( "$ensureArg" "$ensureVal" ) +} + +# _js_escape 'some "string" value' +_js_escape() { + jq --null-input --arg 'str' "$1" '$str' +} + +jsonConfigFile="${TMPDIR:-/tmp}/docker-entrypoint-config.json" +tempConfigFile="${TMPDIR:-/tmp}/docker-entrypoint-temp-config.json" +_parse_config() { + if [ -s "$tempConfigFile" ]; then + return 0 + fi + + local configPath + if configPath="$(_mongod_hack_get_arg_val --config "$@")"; then + # if --config is specified, parse it into a JSON file so we can remove a few problematic keys (especially SSL-related keys) + # see https://docs.mongodb.com/manual/reference/configuration-options/ + mongo --norc --nodb --quiet --eval "load('/js-yaml.js'); printjson(jsyaml.load(cat($(_js_escape "$configPath"))))" > "$jsonConfigFile" + jq 'del(.systemLog, .processManagement, .net, .security)' "$jsonConfigFile" > "$tempConfigFile" + return 0 + fi + + return 1 +} +dbPath= +_dbPath() { + if [ -n "$dbPath" ]; then + echo "$dbPath" + return + fi + + if ! dbPath="$(_mongod_hack_get_arg_val --dbpath "$@")"; then + if _parse_config "$@"; then + dbPath="$(jq -r '.storage.dbPath // empty' "$jsonConfigFile")" + fi + fi + + : "${dbPath:=/data/db}" + + echo "$dbPath" +} + +if [ "$originalArgOne" = 'mongod' ]; then + file_env 'MONGO_INITDB_ROOT_USERNAME' + file_env 'MONGO_INITDB_ROOT_PASSWORD' + # pre-check a few factors to see if it's even worth bothering with initdb + shouldPerformInitdb= + if [ "$MONGO_INITDB_ROOT_USERNAME" ] && [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then + # if we have a username/password, let's set "--auth" + _mongod_hack_ensure_arg '--auth' "$@" + set -- "${mongodHackedArgs[@]}" + shouldPerformInitdb='true' + elif [ "$MONGO_INITDB_ROOT_USERNAME" ] || [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then + cat >&2 <<-'EOF' + error: missing 'MONGO_INITDB_ROOT_USERNAME' or 'MONGO_INITDB_ROOT_PASSWORD' + both must be specified for a user to be created + EOF + exit 1 + fi + + if [ -z "$shouldPerformInitdb" ]; then + # if we've got any /docker-entrypoint-initdb.d/* files to parse later, we should initdb + for f in /docker-entrypoint-initdb.d/*; do + case "$f" in + *.sh|*.js) # this should match the set of files we check for below + shouldPerformInitdb="$f" + break + ;; + esac + done + fi + + # check for a few known paths (to determine whether we've already initialized and should thus skip our initdb scripts) + if [ -n "$shouldPerformInitdb" ]; then + dbPath="$(_dbPath "$@")" + for path in \ + "$dbPath/WiredTiger" \ + "$dbPath/journal" \ + "$dbPath/local.0" \ + "$dbPath/storage.bson" \ + ; do + if [ -e "$path" ]; then + shouldPerformInitdb= + break + fi + done + fi + + if [ -n "$shouldPerformInitdb" ]; then + mongodHackedArgs=( "$@" ) + if _parse_config "$@"; then + _mongod_hack_ensure_arg_val --config "$tempConfigFile" "${mongodHackedArgs[@]}" + fi + _mongod_hack_ensure_arg_val --bind_ip 127.0.0.1 "${mongodHackedArgs[@]}" + _mongod_hack_ensure_arg_val --port 27017 "${mongodHackedArgs[@]}" + _mongod_hack_ensure_no_arg --bind_ip_all "${mongodHackedArgs[@]}" + + # remove "--auth" and "--replSet" for our initial startup (see https://docs.mongodb.com/manual/tutorial/enable-authentication/#start-mongodb-without-access-control) + # https://github.com/docker-library/mongo/issues/211 + _mongod_hack_ensure_no_arg --auth "${mongodHackedArgs[@]}" + if [ "$MONGO_INITDB_ROOT_USERNAME" ] && [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then + _mongod_hack_ensure_no_arg_val --replSet "${mongodHackedArgs[@]}" + fi + + sslMode="$(_mongod_hack_have_arg '--sslPEMKeyFile' "$@" && echo 'allowSSL' || echo 'disabled')" # "BadValue: need sslPEMKeyFile when SSL is enabled" vs "BadValue: need to enable SSL via the sslMode flag when using SSL configuration parameters" + _mongod_hack_ensure_arg_val --sslMode "$sslMode" "${mongodHackedArgs[@]}" + + if stat "/proc/$$/fd/1" > /dev/null && [ -w "/proc/$$/fd/1" ]; then + # https://github.com/mongodb/mongo/blob/38c0eb538d0fd390c6cb9ce9ae9894153f6e8ef5/src/mongo/db/initialize_server_global_state.cpp#L237-L251 + # https://github.com/docker-library/mongo/issues/164#issuecomment-293965668 + _mongod_hack_ensure_arg_val --logpath "/proc/$$/fd/1" "${mongodHackedArgs[@]}" + else + initdbLogPath="$(_dbPath "$@")/docker-initdb.log" + echo >&2 "warning: initdb logs cannot write to '/proc/$$/fd/1', so they are in '$initdbLogPath' instead" + _mongod_hack_ensure_arg_val --logpath "$initdbLogPath" "${mongodHackedArgs[@]}" + fi + _mongod_hack_ensure_arg --logappend "${mongodHackedArgs[@]}" + + pidfile="${TMPDIR:-/tmp}/docker-entrypoint-temp-mongod.pid" + rm -f "$pidfile" + _mongod_hack_ensure_arg_val --pidfilepath "$pidfile" "${mongodHackedArgs[@]}" + + "${mongodHackedArgs[@]}" --fork + + mongo=( mongo --host 127.0.0.1 --port 27017 --quiet ) + + # check to see that our "mongod" actually did start up (catches "--help", "--version", MongoDB 3.2 being silly, slow prealloc, etc) + # https://jira.mongodb.org/browse/SERVER-16292 + tries=30 + while true; do + if ! { [ -s "$pidfile" ] && ps "$(< "$pidfile")" &> /dev/null; }; then + # bail ASAP if "mongod" isn't even running + echo >&2 + echo >&2 "error: $originalArgOne does not appear to have stayed running -- perhaps it had an error?" + echo >&2 + exit 1 + fi + if "${mongo[@]}" 'admin' --eval 'quit(0)' &> /dev/null; then + # success! + break + fi + (( tries-- )) + if [ "$tries" -le 0 ]; then + echo >&2 + echo >&2 "error: $originalArgOne does not appear to have accepted connections quickly enough -- perhaps it had an error?" + echo >&2 + exit 1 + fi + sleep 1 + done + + if [ "$MONGO_INITDB_ROOT_USERNAME" ] && [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then + rootAuthDatabase='admin' + + "${mongo[@]}" "$rootAuthDatabase" <<-EOJS + db.createUser({ + user: $(_js_escape "$MONGO_INITDB_ROOT_USERNAME"), + pwd: $(_js_escape "$MONGO_INITDB_ROOT_PASSWORD"), + roles: [ { role: 'root', db: $(_js_escape "$rootAuthDatabase") } ] + }) + EOJS + fi + echo "Heydaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaar" + + export MONGO_INITDB_DATABASE="${MONGO_INITDB_DATABASE:-test}" + + echo + for f in /docker-entrypoint-initdb.d/*; do + case "$f" in + *.sh) echo "$0: running $f"; . "$f" ;; + *.js) echo "$0: running $f"; "${mongo[@]}" "$MONGO_INITDB_DATABASE" "$f"; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done + + "${mongodHackedArgs[@]}" --shutdown + rm -f "$pidfile" + + echo + echo 'MongoDB init process complete; ready for start up.' + echo + fi + + # MongoDB 3.6+ defaults to localhost-only binding + if mongod --help 2>&1 | grep -q -- --bind_ip_all; then # TODO remove this conditional when 3.4 is no longer supported + haveBindIp= + if _mongod_hack_have_arg --bind_ip "$@" || _mongod_hack_have_arg --bind_ip_all "$@"; then + haveBindIp=1 + elif _parse_config "$@" && jq --exit-status '.net.bindIp // .net.bindIpAll' "$jsonConfigFile" > /dev/null; then + haveBindIp=1 + fi + if [ -z "$haveBindIp" ]; then + # so if no "--bind_ip" is specified, let's add "--bind_ip_all" + set -- "$@" --bind_ip_all + fi + fi + + unset "${!MONGO_INITDB_@}" +fi + +rm -f "$jsonConfigFile" "$tempConfigFile" + +exec "$@"% \ No newline at end of file diff --git a/stacks/lvlTest/singlemongonode/mongod.env b/stacks/lvlTest/singlemongonode/mongod.env new file mode 100644 index 0000000..d3f61f2 --- /dev/null +++ b/stacks/lvlTest/singlemongonode/mongod.env @@ -0,0 +1,2 @@ +MONGO_INITDB_ROOT_USERNAME=admin +MONGO_INITDB_ROOT_PASSWORD=22102210aA \ No newline at end of file diff --git a/stacks/lvldebug.zip b/stacks/lvldebug.zip new file mode 100644 index 0000000..c3aae92 Binary files /dev/null and b/stacks/lvldebug.zip differ diff --git a/stacks/lvldebug/mongo/stack.yml b/stacks/lvldebug/mongo/stack.yml new file mode 100644 index 0000000..eff539a --- /dev/null +++ b/stacks/lvldebug/mongo/stack.yml @@ -0,0 +1,115 @@ +version: "3.7" + +networks: + mother: + external: true + +volumes: + db-01: + db-02: + +services: + mongoprimary: + image: registry.vnfco.ir/library/bitnami/mongodb:4.4.11-debian-10-r5 + volumes: + - db-01:/bitnami/mongodb + environment: + - MONGODB_REPLICA_SET_MODE=primary + - MONGODB_REPLICA_SET_NAME=igrep + - MONGODB_ADVERTISED_HOSTNAME=mongoprimary + - MONGODB_ROOT_PASSWORD=cWv1WQvWEp+LPdax9We/M6PeT7KgyTE9zKmC5y1ieqz4JtpLiVifJrQg0VHYhE6l + - MONGODB_REPLICA_SET_KEY=keyissetforlocalreplica + deploy: + update_config: + parallelism: 1 + delay: 10s + order: start-first + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + window: 120s + replicas: 1 + mode: replicated + ports: + - "27011:27017" + networks: + - mother + healthcheck: + test: ["CMD", "mongo", "--eval", "printjson(db.isMaster())" ] + interval: 10s + timeout: 5s + retries: 3 + start_period: 5s + + + mongosecondary: + image: registry.vnfco.ir/library/bitnami/mongodb:4.4.11-debian-10-r5 + environment: + - MONGODB_REPLICA_SET_MODE=secondary + - MONGODB_REPLICA_SET_NAME=igrep + - MONGODB_ADVERTISED_HOSTNAME=mongosecondary + - MONGODB_INITIAL_PRIMARY_HOST=mongoprimary + - MONGODB_INITIAL_PRIMARY_PORT_NUMBER=27017 + - MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD=cWv1WQvWEp+LPdax9We/M6PeT7KgyTE9zKmC5y1ieqz4JtpLiVifJrQg0VHYhE6l + - MONGODB_REPLICA_SET_KEY=keyissetforlocalreplica + volumes: + - db-02:/bitnami/mongodb + deploy: + update_config: + parallelism: 1 + delay: 10s + order: start-first + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + window: 120s + mode: replicated + replicas: 1 + ports: + - "27012:27017" + networks: + - mother + healthcheck: + test: ["CMD", "mongo", "--eval", "printjson(db.isMaster())" ] + interval: 10s + timeout: 5s + retries: 3 + start_period: 5s + + + + mongoarbiter: + image: registry.vnfco.ir/library/bitnami/mongodb:4.4.11-debian-10-r5 + environment: + - MONGODB_REPLICA_SET_MODE=arbiter + - MONGODB_REPLICA_SET_NAME=igrep + - MONGODB_ADVERTISED_HOSTNAME=mongoarbiter + - MONGODB_INITIAL_PRIMARY_HOST=mongoprimary + - MONGODB_INITIAL_PRIMARY_PORT_NUMBER=27017 + - MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD=cWv1WQvWEp+LPdax9We/M6PeT7KgyTE9zKmC5y1ieqz4JtpLiVifJrQg0VHYhE6l + - MONGODB_REPLICA_SET_KEY=keyissetforlocalreplica + deploy: + update_config: + parallelism: 1 + delay: 10s + order: start-first + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + window: 120s + mode: replicated + replicas: 1 + networks: + - mother + healthcheck: + test: ["CMD", "mongo", "--eval", "printjson(db.isMaster())" ] + interval: 10s + timeout: 5s + retries: 3 + start_period: 5s + + + diff --git a/stacks/lvldebug/pg/stack.yml b/stacks/lvldebug/pg/stack.yml new file mode 100644 index 0000000..a927dff --- /dev/null +++ b/stacks/lvldebug/pg/stack.yml @@ -0,0 +1,154 @@ +version: "3.7" + +networks: + mother: + external: true + +services: + pg-0: + image: registry.vnfco.ir/library/bitnami/postgresql-repmgr:13.5.0-debian-10-r48 + environment: + - REPMGR_PARTNER_NODES=pg-0,pg-1 + - REPMGR_NODE_NAME=pg-0 + - REPMGR_NODE_NETWORK_NAME=pg-0 + - REPMGR_PRIMARY_HOST=pg-0 + - REPMGR_PASSWORD=UjvGvyYXZZTvL1GsST7AJrtmQjqSV+LOihKQaEGyUUtdQAUGSA3BsFEi5B4KoRBF + - POSTGRESQL_PASSWORD=xHTpBf4wC+bBeNg2pL6Ga7VEWKFJx7VPEUpqxwPFfOc2YYTVwFQuHfsiqoVeT9+6 + volumes: + - /Users/amirmoghi3/volume/pg/pg_0_data:/bitnami/postgresql + ports: + - "5432:5432" + networks: + - mother + deploy: + placement: + constraints: + - node.role == worker + resources: + limits: + cpus: "1" + memory: 300M + update_config: + parallelism: 1 + delay: 10s + order: stop-first + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + window: 120s + healthcheck: + test: ["CMD", "curl", "--fail", "--silent", "--output", "/dev/null", "--write-out", "HTTPSTATUS:%{http_code}", "http://localhost:5432/"] + interval: 10s + timeout: 5s + retries: 3 + start_period: 5s + + pg-1: + image: registry.vnfco.ir/library/bitnami/postgresql-repmgr:13.5.0-debian-10-r48 + environment: + - REPMGR_PARTNER_NODES=pg-0,pg-1 + - REPMGR_NODE_NAME=pg-1 + - REPMGR_NODE_NETWORK_NAME=pg-1 + - REPMGR_PRIMARY_HOST=pg-0 + - REPMGR_PASSWORD=UjvGvyYXZZTvL1GsST7AJrtmQjqSV+LOihKQaEGyUUtdQAUGSA3BsFEi5B4KoRBF + - POSTGRESQL_PASSWORD=xHTpBf4wC+bBeNg2pL6Ga7VEWKFJx7VPEUpqxwPFfOc2YYTVwFQuHfsiqoVeT9+6 + volumes: + - /Users/amirmoghi3/volume/pg/pg_1_data:/bitnami/postgresql + ports: + - "5433:5432" + networks: + - mother + deploy: + placement: + constraints: + + - node.role == worker + resources: + limits: + cpus: "0.5" + memory: 300M + update_config: + parallelism: 1 + delay: 10s + order: start-first + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + window: 120s + healthcheck: + test: ["CMD", "curl", "--fail", "--silent", "--output", "/dev/null", "--write-out", "HTTPSTATUS:%{http_code}", "http://localhost:5432/"] + interval: 10s + timeout: 5s + retries: 3 + start_period: 5s + + # pgmaster: + # image: registry.vnfco.ir/library/crunchydata/crunchy-postgres:centos7-13.1-4.5.1 + # volumes: + # - '/Users/amirmoghi3/volume/pg:/bitnami/postgresql' + # environment: + # - POSTGRESQL_USERNAME=igarsonAgent + # - POSTGRESQL_PASSWORD=xHTpBf4wC+bBeNg2pL6Ga7VEWKFJx7VPEUpqxwPFfOc2YYTVwFQuHfsiqoVeT9+6 + # - POSTGRESQL_DATABASE=igarsonDB + # - POSTGRESQL_REPLICATION_MODE=master + # - POSTGRESQL_REPLICATION_USER=pgreplicator + # - POSTGRESQL_REPLICATION_PASSWORD=ciXz6xmnEMZSO+0T8L6mGcFJrAvPzkTC04oh/WYIRi51gMQLPfW8tTEHALX6fhk4 + # deploy: + # update_config: + # parallelism: 1 + # delay: 10s + # order: start-first + # restart_policy: + # condition: any + # delay: 5s + # max_attempts: 3 + # window: 120s + # resources: + # limits: + # cpus: '1' + # memory: 300M + # replicas: 1 + # mode: replicated + # placement: + # constraints: + # - node.role == worker + # ports: + # - "5432:5432" + # networks: + # - mother + + # pgslave: + # image: registry.vnfco.ir/library/crunchydata/crunchy-postgres:centos7-13.1-4.5.1 + # environment: + # - POSTGRESQL_REPLICATION_MODE=slave + # - POSTGRESQL_REPLICATION_USER=pgreplicator + # - POSTGRESQL_REPLICATION_PASSWORD=ciXz6xmnEMZSO+0T8L6mGcFJrAvPzkTC04oh/WYIRi51gMQLPfW8tTEHALX6fhk4 + # - POSTGRESQL_MASTER_HOST=pgmaster + # - POSTGRESQL_PASSWORD=xHTpBf4wC+bBeNg2pL6Ga7VEWKFJx7VPEUpqxwPFfOc2YYTVwFQuHfsiqoVeT9+6 + # - POSTGRESQL_MASTER_PORT_NUMBER=5432 + + # deploy: + # update_config: + # parallelism: 1 + # delay: 10s + # order: start-first + # restart_policy: + # condition: any + # delay: 5s + # max_attempts: 3 + # window: 120s + # resources: + # limits: + # cpus: '0.7' + # memory: 300M + # mode: replicated + # replicas: 1 + # placement: + # constraints: + # - node.role == worker + # ports: + # - "5433:5432" + # networks: + # - mother diff --git a/stacks/lvldebug/rabbitmq/stack.yml b/stacks/lvldebug/rabbitmq/stack.yml new file mode 100644 index 0000000..f5cd656 --- /dev/null +++ b/stacks/lvldebug/rabbitmq/stack.yml @@ -0,0 +1,38 @@ + +version: "3.7" + +networks: + mother: + external: true + + + + + +volumes: + rabbit-data: + +services: + rabbitmq: + image: registry.vnfco.ir/library/rabbitmq:3.8.19-management-alpine + ports: + - '5672:5672' + - '15672:15672' + environment: + - RABBITMQ_PASSWORD=muyXHymcTYLzk3wYnIwGUJWECKy0ViUDOUlCmPF3XS2kliuV0TaA0mWf6lT + - RABBITMQ_USERNAME=igarsonAgent + volumes: + - rabbit-data:/bitnami + deploy: + update_config: + parallelism: 1 + delay: 10s + order: start-first + restart_policy: + condition: any + delay: 5s + window: 120s + replicas: 1 + mode: replicated + networks: + - mother \ No newline at end of file diff --git a/stacks/lvldebug/redis/stack.yml b/stacks/lvldebug/redis/stack.yml new file mode 100644 index 0000000..6b6c6a3 --- /dev/null +++ b/stacks/lvldebug/redis/stack.yml @@ -0,0 +1,100 @@ + +version: "3.7" + +networks: + mother: + external: true + + + +volumes: + redis-data: + +services: + redismaster: + image: registry.vnfco.ir/library/bitnami/redis:5.0.14-debian-10-r90 + ports: + - '6969:6379' + environment: + - REDIS_REPLICATION_MODE=master + - REDISCLI_AUTH=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== + - REDIS_PASSWORD=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== + volumes: + - redis-data:/bitnami + deploy: + update_config: + parallelism: 1 + delay: 10s + order: start-first + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + window: 120s + replicas: 1 + mode: replicated + networks: + - mother + healthcheck: + test: ["CMD-SHELL", "redis-cli ping"] + interval: 5s + timeout: 2s + retries: 3 + start_period: 10s + + # redisreplica: + # image: registry.vnfco.ir/library/bitnami/redis:5.0.14-debian-10-r90 + # ports: + # - '6970:6379' + # environment: + # - REDIS_REPLICATION_MODE=slave + # - REDIS_MASTER_HOST=redismaster + # - REDIS_MASTER_PORT_NUMBER=6379 + # - REDIS_MASTER_PASSWORD=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== + # - REDIS_PASSWORD=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== + # - REDISCLI_AUTH=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== + # deploy: + # update_config: + # parallelism: 1 + # delay: 10s + # order: start-first + # restart_policy: + # condition: any + # delay: 5s + # max_attempts: 3 + # window: 120s + # replicas: 1 + # mode: replicated + # networks: + # - mother + # healthcheck: + # test: ["CMD-SHELL", "redis-cli ping"] + # interval: 5s + # timeout: 2s + # retries: 3 + # start_period: 10s + + # redissentinel: + # image: registry.vnfco.ir/library/bitnami/redis-sentinel:5.0.14-debian-10-r87 + # ports: + # - '26379:26379' + # environment: + # - REDIS_SENTINEL_PASSWORD=wgi4KDgvFXLIeB1aiYYYFgMJtOfEI/uGoBv4JrPnhvzdgJCvQidapI3TE/LpheUYwn4T8nmacbkoBasy4+vTNSGgfbntvskXV4LUUp/iByz+Ao61J2Bl9bVC7Tl29TXq5LGEQN4LyPMmLSthYOmFajSNcCEP0xIG + # - REDIS_MASTER_HOST=redismaster + # - REDIS_MASTER_PASSWORD=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== + # - REDIS_SENTINEL_DOWN_AFTER_MILLISECONDS=2000 + # - REDIS_SENTINEL_FAILOVER_TIMEOUT=10000 + # - REDIS_SENTINEL_QUORUM=1 + # - REDISCLI_AUTH=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ== + # deploy: + # update_config: + # parallelism: 1 + # delay: 10s + # order: start-first + # restart_policy: + # condition: any + # delay: 5s + # window: 120s + # mode: global + # networks: + # - mother \ No newline at end of file