From f8d575d5b0e06485a5d88a460b3b7569d898990b Mon Sep 17 00:00:00 2001 From: Cian Hughes Date: Fri, 12 Jan 2024 18:07:20 +0000 Subject: [PATCH] Test of first full stack deployment --- backend.yaml | 143 ++++++++++++++++++++++++++++++-------------------- deploy | 7 ++- frontend.yaml | 93 +++++++++++++++++++++++++------- 3 files changed, 164 insertions(+), 79 deletions(-) diff --git a/backend.yaml b/backend.yaml index 0bfeb33..5e4f004 100644 --- a/backend.yaml +++ b/backend.yaml @@ -15,42 +15,8 @@ services: - /var/run/docker.sock:/var/run/docker.sock - /var/lib/docker/volumes:/var/lib/docker/volumes networks: - - i-form_research_server_stack - # A traefik instance provides load balancing and reverse proxying for our services - traefik: - image: traefik:latest - # Enables the web UI and tells Traefik to listen to docker - command: - - "--api.insecure=true" - - "--providers.docker=true" - - "--providers.docker.exposedbydefault=false" - - "--providers.docker.network=traefik" - - "--entrypoints.web.address=:80" - - "--entrypoints.websecure.address=:443" - - "--entrypoints.web.http.redirections.entryPoint.to=websecure" - - "--entrypoints.web.http.redirections.entryPoint.scheme=https" - - "--entrypoints.web.http.redirections.entryPoint.priority=10" # disable permanent forwarding for every route - - "--certificatesresolvers.myresolver.acme.tlschallenge=true" # <== Enable TLS-ALPN-01 to generate and renew ACME certs - - "--certificatesresolvers.myresolver.acme.email=${useremail}" - - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" - - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" - ports: - # - "80:80" - # - "443:443" - - "8089:8080" - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - traefik:/etc/traefik - - letsencrypt:/letsencrypt - deploy: - replicas: 1 - restart_policy: - condition: on-failure - networks: - - i-form_research_server_stack - # secrets: - # - traefik_cert - # - traefik_key + i-form_research_server_stack: + ipv4_address: "172.252.0.5" ###~~~~~~ Then, we will need numerous databases for our various services ~~~~~~### # We want neo4j as a graph database that can easily be used by other services neo4j: @@ -59,7 +25,7 @@ services: - "7474:7474" - "7687:7687" volumes: - - neo4j:/data + - stack_neo4j:/data deploy: replicas: 1 restart_policy: @@ -90,10 +56,11 @@ services: # LC_ALL: C.UTF-8 # POSTGRES_PASSWORD: /run/secrets/dataverse_postgres_key # volumes: - # - dataverse_db:/var/lib/postgresql/data/ # persist data even if container shuts down - # - dataverse_triggers:/triggers + # - stack_dataverse_db:/var/lib/postgresql/data/ # persist data even if container shuts down + # - stack_dataverse_triggers:/triggers # networks: - # - i-form_research_server_stack + # i-form_research_server_stack: + # ipv4_address: "172.252.0.6" # labels: # - "traefik.enable=true" # - "traefik.http.routers.go.rule=Path(`/`)" @@ -124,14 +91,14 @@ services: MYSQL_USER: "elabftw" MYSQL_PASSWORD_FILE: /run/secrets/elabftw_sql_key MYSQL_ROOT_PASSWORD: "test" # MYSQL_RANDOM_ROOT_PASSWORD: 1 - MYSQL_HOST: "172.252.0.3" - MYSQL_ROOT_HOST: "172.252.0.3" # Must allow root access from any host or won't work on swarm + MYSQL_HOST: "172.252.0.15" + MYSQL_ROOT_HOST: "172.252.0.15" # Must allow root access from any host or won't work on swarm TZ: "Europe/Paris" volumes: - - elabftw_sql:/var/lib/mysql + - stack_elabftw_sql:/var/lib/mysql networks: i-form_research_server_stack: - ipv4_address: "172.252.0.2" + ipv4_address: "172.252.0.7" ###~~~~~~ Then, we plan our general utility services ~~~~~~### # The following service is a simple nginx server that hosts static websites nginx: @@ -139,13 +106,14 @@ services: ports: - "80:80" volumes: - - web:/usr/share/nginx/html + - stack_web:/usr/share/nginx/html deploy: replicas: 1 restart_policy: condition: on-failure networks: - - i-form_research_server_stack + i-form_research_server_stack: + ipv4_address: "172.252.0.8" labels: - "traefik.enable=true" - "traefik.http.routers.go.rule=Path(`/`)" @@ -171,7 +139,7 @@ services: # - "SOLR_JAVA_MEM=-Xms1g -Xmx1g" # - "SOLR_OPTS=-Dlog4j2.formatMsgNoLookups=true" # volumes: - # - dataverse_solr_data:/opt/solr/server/solr/collection1/data + # - stack_dataverse_solr_data:/opt/solr/server/solr/collection1/data # # - dataverse_config:/opt/solr/server/solr/collection1/conf/ # - type: bind # source: dataverse_schema @@ -185,12 +153,13 @@ services: # - "traefik.http.routers.solr.tls=true" # - "traefik.http.routers.solr.tls.certresolver=myresolver" # networks: - # - i-form_research_server_stack + # i-form_research_server_stack: + # ipv4_address: "172.252.0.9" # minio: # image: minio/minio:RELEASE.2021-10-06T23-36-31Z # volumes: - # - dataverse_minio:/data + # - stack_dataverse_minio:/data # command: # - server # - /data @@ -217,7 +186,8 @@ services: # - traefik.http.routers.minio-console.rule=Host(`minio-stash.${traefikhost}`) # - traefik.http.services.minio-console.loadbalancer.server.port=9001 # networks: - # - i-form_research_server_stack + # i-form_research_server_stack: + # ipv4_address: "172.252.0.10" # dataverse: # image: coronawhy/dataverse:5.13.allclouds @@ -302,12 +272,12 @@ services: # - postgres # - solr # volumes: - # - dataverse_secrets:/secrets - # - dataverse_data:/data - # - dataverse_docroot:/opt/docroot - # - dataverse_init:/opt/payara/init.d - # - dataverse_triggers:/opt/payara/triggers - # # - dataverse_config:/opt/payara/dvinstall + # - stack_dataverse_secrets:/secrets + # - stack_dataverse_data:/data + # - stack_dataverse_docroot:/opt/docroot + # - stack_dataverse_init:/opt/payara/init.d + # - stack_dataverse_triggers:/opt/payara/triggers + # # - stack_dataverse_config:/opt/payara/dvinstall # - type: bind # source: dataverse_schema # target: /opt/payara/dvinstall/schema.xml @@ -320,4 +290,63 @@ services: # - "traefik.http.routers.dataverse.tls=true" # - "traefik.http.routers.dataverse.tls.certresolver=myresolver" # networks: - # - i-form_research_server_stack + # i-form_research_server_stack: + # ipv4_address: "172.252.0.11" + +networks: + i-form_research_server_stack: + external: true + +volumes: + stack_rsync_run: + external: true + stack_rsync_log: + external: true + stack_rsync_etc: + external: true + stack_traefik: + external: true + stack_letsencrypt: + external: true + stack_coredns: + external: true + stack_web: + external: true + stack_grafana: + external: true + stack_dataverse: + external: true + stack_dataverse_db: + external: true + stack_dataverse_secrets: + external: true + stack_dataverse_solr_data: + external: true + stack_dataverse_triggers: + external: true + stack_dataverse_solr: + external: true + stack_dataverse_minio: + external: true + stack_dataverse_config: + external: true + stack_dataverse_schema: + external: true + stack_dataverse_init: + external: true + stack_dataverse_data: + external: true + stack_dataverse_docroot: + external: true + stack_neo4j: + external: true + stack_senaite: + external: true + stack_elabftw_uploads: + external: true + stack_elabftw_var: + external: true + stack_elabftw_etc: + external: true + stack_elabftw_sql: + external: true diff --git a/deploy b/deploy index 1f07ea6..1eda117 100755 --- a/deploy +++ b/deploy @@ -81,11 +81,10 @@ def deploy_stack(username: str, password: str, stack_name: Optional[str] = "stac stacks = portainer.StacksApi(client) # Then, deploy the substacks using the API print("Deploying substacks via portainer API") - # portainer_deploy_stack("secrets", stacks, endpoint_id) portainer_deploy_stack("networks", stacks, endpoint_id) - # portainer_deploy_stack("volumes", stacks, endpoint_id) - # portainer_deploy_stack("backend", stacks, endpoint_id) - # portainer_deploy_stack("frontend", stacks, endpoint_id) + portainer_deploy_stack("volumes", stacks, endpoint_id) + portainer_deploy_stack("backend", stacks, endpoint_id) + portainer_deploy_stack("frontend", stacks, endpoint_id) print("Stack deployed!") diff --git a/frontend.yaml b/frontend.yaml index 9717d9f..b9bf9eb 100644 --- a/frontend.yaml +++ b/frontend.yaml @@ -7,13 +7,14 @@ services: ports: - "3000:3000" volumes: - - grafana:/var/lib/grafana + - stack_grafana:/var/lib/grafana deploy: replicas: 1 restart_policy: condition: on-failure networks: - - i-form_research_server_stack + i-form_research_server_stack: + ipv4_address: "172.252.0.12" labels: - "traefik.enable=true" - "traefik.http.routers.go.rule=Path(`/`)" @@ -31,7 +32,8 @@ services: restart_policy: condition: on-failure networks: - - i-form_research_server_stack + i-form_research_server_stack: + ipv4_address: "172.252.0.13" labels: - "traefik.enable=true" - "traefik.http.routers.go.rule=Path(`/`)" @@ -43,9 +45,10 @@ services: ports: - "8082:8080" volumes: - - senaite:/data + - stack_senaite:/data networks: - - i-form_research_server_stack + i-form_research_server_stack: + ipv4_address: "172.252.0.14" labels: - "traefik.enable=true" - "traefik.http.routers.go.rule=Path(`/`)" @@ -53,14 +56,10 @@ services: # We also need to add a service for the elabftw instance and its database elabftw: image: elabftw/elabimg:latest - # tty: true - # stdin_open: true deploy: replicas: 1 restart_policy: condition: on-failure - depends_on: - - mysql cap_drop: - ALL cap_add: @@ -74,7 +73,7 @@ services: - elabftw_secret_key environment: SECRET_KEY: /run/secrets/elabftw_secret_key - DB_HOST: "localhost" + DB_HOST: "172.252.0.7" DB_PORT: "3306" DB_NAME: "elabftw" DB_USER: "elabftw" @@ -85,22 +84,80 @@ services: TZ: "Europe/Paris" SERVER_NAME: "I-Form eLabFTW" SITE_URL: "127.0.0.1:443" # "elab.i-form.ie" - DISABLE_HTTPS: 1 + # DISABLE_HTTPS: 1 ENABLE_LETSENCRYPT: 0 ports: - - "3148:443" - # - "443:443" + - "443:443" volumes: - - elabftw_uploads:/elabftw/uploads - - elabftw_var:/var/elabftw - - elabftw_etc:/etc/elabftw + - stack_elabftw_uploads:/elabftw/uploads + - stack_elabftw_var:/var/elabftw + - stack_elabftw_etc:/etc/elabftw # if you have enabled letsencrypt, uncomment the line below # path to the folder with TLS certificate + private key # host:container #- /etc/letsencrypt:/ssl networks: - - i-form_research_server_stack + i-form_research_server_stack: + ipv4_address: "172.252.0.15" labels: - "traefik.enable=true" - "traefik.http.routers.go.rule=Path(`/`)" - - "traefik.http.services.go.loadbalancer.server.port=443" \ No newline at end of file + - "traefik.http.services.go.loadbalancer.server.port=443" + +networks: + i-form_research_server_stack: + external: true + +volumes: + stack_rsync_run: + external: true + stack_rsync_log: + external: true + stack_rsync_etc: + external: true + stack_traefik: + external: true + stack_letsencrypt: + external: true + stack_coredns: + external: true + stack_web: + external: true + stack_grafana: + external: true + stack_dataverse: + external: true + stack_dataverse_db: + external: true + stack_dataverse_secrets: + external: true + stack_dataverse_solr_data: + external: true + stack_dataverse_triggers: + external: true + stack_dataverse_solr: + external: true + stack_dataverse_minio: + external: true + stack_dataverse_config: + external: true + stack_dataverse_schema: + external: true + stack_dataverse_init: + external: true + stack_dataverse_data: + external: true + stack_dataverse_docroot: + external: true + stack_neo4j: + external: true + stack_senaite: + external: true + stack_elabftw_uploads: + external: true + stack_elabftw_var: + external: true + stack_elabftw_etc: + external: true + stack_elabftw_sql: + external: true \ No newline at end of file