onlyoffice-docserver/onlyoffice-docserver.nomad.hcl

[[ $c := merge .oo.ds . -]]

job [[ .oo.instance | toJSON ]] {

[[ template "common/job_start.tpl" $c ]]

  group "onlyoffice" {
    network {
      mode = "bridge"
      # This can be used to ensure rabbitmq has a stable hostname
      # Even if for now, we do not persist rabbitmq data
      hostname = "[[ .oo.instance ]][[ $c.consul.suffix ]]"
    }

    volume "data" {
      type            = [[ .oo.volumes.data.type | toJSON ]]
      source          = [[ .oo.volumes.data.source | toJSON ]]
[[- if ne .oo.volumes.data.type "host" ]]
      access_mode     = "single-node-writer"
      attachment_mode = "file-system"
[[- end ]]
    }

    volume "rabbitmq" {
      type            = [[ .oo.volumes.rabbitmq.type | toJSON ]]
      source          = [[ .oo.volumes.rabbitmq.source | toJSON ]]
[[- if ne .oo.volumes.rabbitmq.type "host" ]]
      access_mode     = "single-node-writer"
      attachment_mode = "file-system"
[[- end ]]
    }

    service {
      name = "[[ .oo.instance ]][[ $c.consul.suffix ]]"
      port = 8819

[[ template "common/connect.tpl" $c ]]

      check {
        name     = "health"
        type     = "http"
        path     = "/healthcheck"
        expose   = true
        interval = "10s"
        timeout  = "8s"

        check_restart {
          limit = 30
          grace = "2m"
        }
      }

      tags = [
[[- if $c.traefik.enabled ]]
        "[[ $c.traefik.instance ]].enable=true",
        "[[ $c.traefik.instance ]].http.routers.[[ .oo.instance ]][[ $c.consul.suffix ]].rule=Host(`[[ (urlParse .oo.ds.public_url).Hostname ]]`)
  [[- if not (regexp.Match "^/?$" (urlParse .oo.ds.public_url).Path) ]] && PathPrefix(`[[ (urlParse .oo.ds.public_url).Path ]]`)[[ end ]]",
        "[[ $c.traefik.instance ]].http.routers.[[ .oo.instance ]][[ $c.consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
        "[[ $c.traefik.instance ]].http.middlewares.[[ .oo.instance ]]-headers[[ $c.consul.suffix ]].headers.contentsecuritypolicy=[[ range $k, $v := $c.traefik.csp ]][[ $k ]] [[ $v ]];[[ end ]]",
        "[[ $c.traefik.instance ]].http.middlewares.[[ .oo.instance ]]-headers[[ $c.consul.suffix ]].headers.customrequestheaders.X-Forwarded-Proto=https",
[[- if not (regexp.Match "^/?$" (urlParse .oo.ds.public_url).Path) ]]
        "[[ $c.traefik.instance ]].http.middlewares.[[ .oo.instance ]][[ $c.consul.suffix ]]-prefix.stripprefix.prefixes=[[ (urlParse .oo.ds.public_url).Path ]]",
        "[[ $c.traefik.instance ]].http.routers.[[ .oo.instance ]][[ $c.consul.suffix ]].middlewares=[[ .oo.instance ]]-headers[[ $c.consul.suffix ]],[[ .oo.instance ]][[ $c.consul.suffix ]]-prefix,[[ template "common/traefik_middlewares.tpl" $c.traefik ]]",
[[- else ]]
        "[[ $c.traefik.instance ]].http.routers.[[ .oo.instance ]][[ $c.consul.suffix ]].middlewares=[[ .oo.instance ]]-headers[[ $c.consul.suffix ]],[[ template "common/traefik_middlewares.tpl" $c.traefik ]]",
[[- end ]]
[[- end ]]
      ]

    }

    task "docserver" {
      driver = [[ $c.nomad.driver | toJSON ]]
      leader = true

      config {
        image           = [[ .oo.ds.image | toJSON ]]
        pids_limit      = 200
        readonly_rootfs = true
        volumes         = [
          "local/:/tmp",
          "local/metrics.js:/var/www/onlyoffice/documentserver/server/Metrics/config/config.js:ro"
        ]
      }

      vault {
        policies     = ["[[ .oo.instance ]][[ $c.consul.suffix ]]"]
        disable_file = true
        env          = false
      }

      env {
        NGINX_LISTEN_IP = "127.0.0.1"
        APPLICATION_NAME = "[[ .oo.instance ]][[ .consul.suffix ]]"
[[ template "common/proxy_env.tpl" $c ]]
      }

[[ template "common/file_env.tpl" $c.env ]]

      template {
        data =<<_EOT
[[ template "onlyoffice-docserver/metrics.js.tpl" . ]]
_EOT
        destination = "local/metrics.js"
      }

      volume_mount {
        volume      = "data"
        destination = "/var/lib/onlyoffice/documentserver/App_Data/"
      }

[[ template "common/resources.tpl" $c.resources ]]

    }

[[ template "common/task.wait_for.tpl" $c ]]

    task "redis" {
      driver = [[ $c.nomad.driver | toJSON ]]
      user   = 2967

      lifecycle {
        hook    = "prestart"
        sidecar = true
      }

      config {
        image           = "redis:alpine"
        pids_limit      = 20
        readonly_rootfs = true
        args            = ["/local/redis.conf"]
      }

      template {
        data =<<_EOT
bind 127.0.0.1
maxmemory {{ env "NOMAD_MEMORY_LIMIT" | parseInt | subtract 5 }}mb
databases 1
save ""
appendonly no
_EOT
        destination = "local/redis.conf"
      }

      resources {
        cpu    = 10
        memory = 20
      }
    }

[[ $c := merge .oo.rabbitmq . ]]

    task "rabbitmq" {
      driver = [[ $c.nomad.driver | toJSON ]]
      #user = 100

      lifecycle {
        hook    = "prestart"
        sidecar = true
      }

      config {
        image           = [[ $c.image | toJSON ]]
        pids_limit      = 100
        readonly_rootfs = true
        volumes         = [
          "local/rabbitmq.conf:/etc/rabbitmq/conf.d/30-oods.conf"
        ]
      }

[[ template "common/file_env.tpl" $c.env ]]

      template {
        data = <<_EOT
listeners.tcp.1 = 127.0.0.1:5672
# Set watermark to 95% of the mem allocated to the container
#vm_memory_high_watermark.absolute = [[ mul .oo.rabbitmq.resources.memory 996147 ]]
vm_memory_high_watermark.relative = 0.999
_EOT
        destination = "local/rabbitmq.conf"
      }

      volume_mount {
        volume      = "rabbitmq"
        destination = "/var/lib/rabbitmq"
      }

[[ template "common/resources.tpl" $c.resources ]]
    }
  }
}
Start working on docserver 2023-11-08 22:40:57 +01:00			`[[ $c := merge .oo.ds . -]]`

			`job [[ .oo.instance \| toJSON ]] {`

			`[[ template "common/job_start.tpl" $c ]]`

			`group "onlyoffice" {`
			`network {`
			`mode = "bridge"`
			`# This can be used to ensure rabbitmq has a stable hostname`
			`# Even if for now, we do not persist rabbitmq data`
			`hostname = "[[ .oo.instance ]][[ $c.consul.suffix ]]"`
			`}`

More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`volume "data" {`
			`type = [[ .oo.volumes.data.type \| toJSON ]]`
			`source = [[ .oo.volumes.data.source \| toJSON ]]`
Allocate more CPU + fix for host volumes 2023-11-18 23:28:02 +01:00			`[[- if ne .oo.volumes.data.type "host" ]]`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`access_mode = "single-node-writer"`
			`attachment_mode = "file-system"`
Allocate more CPU + fix for host volumes 2023-11-18 23:28:02 +01:00			`[[- end ]]`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`}`

			`volume "rabbitmq" {`
			`type = [[ .oo.volumes.rabbitmq.type \| toJSON ]]`
			`source = [[ .oo.volumes.rabbitmq.source \| toJSON ]]`
Allocate more CPU + fix for host volumes 2023-11-18 23:28:02 +01:00			`[[- if ne .oo.volumes.rabbitmq.type "host" ]]`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`access_mode = "single-node-writer"`
Start working on docserver 2023-11-08 22:40:57 +01:00			`attachment_mode = "file-system"`
Allocate more CPU + fix for host volumes 2023-11-18 23:28:02 +01:00			`[[- end ]]`
Start working on docserver 2023-11-08 22:40:57 +01:00			`}`

			`service {`
			`name = "[[ .oo.instance ]][[ $c.consul.suffix ]]"`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`port = 8819`
Start working on docserver 2023-11-08 22:40:57 +01:00
			`[[ template "common/connect.tpl" $c ]]`

			`check {`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`name = "health"`
			`type = "http"`
			`path = "/healthcheck"`
			`expose = true`
Start working on docserver 2023-11-08 22:40:57 +01:00			`interval = "10s"`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`timeout = "8s"`
Start working on docserver 2023-11-08 22:40:57 +01:00
			`check_restart {`
Small adjustments 2023-11-11 00:56:43 +01:00			`limit = 30`
Start working on docserver 2023-11-08 22:40:57 +01:00			`grace = "2m"`
			`}`
			`}`

			`tags = [`
			`[[- if $c.traefik.enabled ]]`
			`"[[ $c.traefik.instance ]].enable=true",`
			"[[ $c.traefik.instance ]].http.routers.[[ .oo.instance ]][[ $c.consul.suffix ]].rule=Host(`[[ (urlParse .oo.ds.public_url).Hostname ]]`)
			[[- if not (regexp.Match "^/?$" (urlParse .oo.ds.public_url).Path) ]] && PathPrefix(`[[ (urlParse .oo.ds.public_url).Path ]]`)[[ end ]]",
			`"[[ $c.traefik.instance ]].http.routers.[[ .oo.instance ]][[ $c.consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`"[[ $c.traefik.instance ]].http.middlewares.[[ .oo.instance ]]-headers[[ $c.consul.suffix ]].headers.contentsecuritypolicy=[[ range $k, $v := $c.traefik.csp ]][[ $k ]] [[ $v ]];[[ end ]]",`
			`"[[ $c.traefik.instance ]].http.middlewares.[[ .oo.instance ]]-headers[[ $c.consul.suffix ]].headers.customrequestheaders.X-Forwarded-Proto=https",`
Start working on docserver 2023-11-08 22:40:57 +01:00			`[[- if not (regexp.Match "^/?$" (urlParse .oo.ds.public_url).Path) ]]`
			`"[[ $c.traefik.instance ]].http.middlewares.[[ .oo.instance ]][[ $c.consul.suffix ]]-prefix.stripprefix.prefixes=[[ (urlParse .oo.ds.public_url).Path ]]",`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`"[[ $c.traefik.instance ]].http.routers.[[ .oo.instance ]][[ $c.consul.suffix ]].middlewares=[[ .oo.instance ]]-headers[[ $c.consul.suffix ]],[[ .oo.instance ]][[ $c.consul.suffix ]]-prefix,[[ template "common/traefik_middlewares.tpl" $c.traefik ]]",`
Start working on docserver 2023-11-08 22:40:57 +01:00			`[[- else ]]`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`"[[ $c.traefik.instance ]].http.routers.[[ .oo.instance ]][[ $c.consul.suffix ]].middlewares=[[ .oo.instance ]]-headers[[ $c.consul.suffix ]],[[ template "common/traefik_middlewares.tpl" $c.traefik ]]",`
Start working on docserver 2023-11-08 22:40:57 +01:00			`[[- end ]]`
			`[[- end ]]`
			`]`

			`}`

More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`task "docserver" {`
Start working on docserver 2023-11-08 22:40:57 +01:00			`driver = [[ $c.nomad.driver \| toJSON ]]`
			`leader = true`

			`config {`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`image = [[ .oo.ds.image \| toJSON ]]`
			`pids_limit = 200`
Start working on docserver 2023-11-08 22:40:57 +01:00			`readonly_rootfs = true`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`volumes = [`
Small adjustments 2023-11-11 00:56:43 +01:00			`"local/:/tmp",`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`"local/metrics.js:/var/www/onlyoffice/documentserver/server/Metrics/config/config.js:ro"`
Start working on docserver 2023-11-08 22:40:57 +01:00			`]`
			`}`

			`vault {`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`policies = ["[[ .oo.instance ]][[ $c.consul.suffix ]]"]`
Start working on docserver 2023-11-08 22:40:57 +01:00			`disable_file = true`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`env = false`
Start working on docserver 2023-11-08 22:40:57 +01:00			`}`

			`env {`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`NGINX_LISTEN_IP = "127.0.0.1"`
			`APPLICATION_NAME = "[[ .oo.instance ]][[ .consul.suffix ]]"`
Start working on docserver 2023-11-08 22:40:57 +01:00			`[[ template "common/proxy_env.tpl" $c ]]`
			`}`

			`[[ template "common/file_env.tpl" $c.env ]]`

			`template {`
			`data =<<_EOT`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`[[ template "onlyoffice-docserver/metrics.js.tpl" . ]]`
Start working on docserver 2023-11-08 22:40:57 +01:00			`_EOT`
			`destination = "local/metrics.js"`
			`}`

			`volume_mount {`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`volume = "data"`
			`destination = "/var/lib/onlyoffice/documentserver/App_Data/"`
Start working on docserver 2023-11-08 22:40:57 +01:00			`}`

			`[[ template "common/resources.tpl" $c.resources ]]`

			`}`

			`[[ template "common/task.wait_for.tpl" $c ]]`

			`task "redis" {`
			`driver = [[ $c.nomad.driver \| toJSON ]]`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`user = 2967`
Start working on docserver 2023-11-08 22:40:57 +01:00
			`lifecycle {`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`hook = "prestart"`
Start working on docserver 2023-11-08 22:40:57 +01:00			`sidecar = true`
			`}`

			`config {`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`image = "redis:alpine"`
			`pids_limit = 20`
Start working on docserver 2023-11-08 22:40:57 +01:00			`readonly_rootfs = true`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`args = ["/local/redis.conf"]`
Start working on docserver 2023-11-08 22:40:57 +01:00			`}`

			`template {`
			`data =<<_EOT`
			`bind 127.0.0.1`
			`maxmemory {{ env "NOMAD_MEMORY_LIMIT" \| parseInt \| subtract 5 }}mb`
			`databases 1`
			`save ""`
			`appendonly no`
			`_EOT`
			`destination = "local/redis.conf"`
			`}`

			`resources {`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`cpu = 10`
Start working on docserver 2023-11-08 22:40:57 +01:00			`memory = 20`
			`}`
			`}`

			`[[ $c := merge .oo.rabbitmq . ]]`

			`task "rabbitmq" {`
			`driver = [[ $c.nomad.driver \| toJSON ]]`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`#user = 100`
Start working on docserver 2023-11-08 22:40:57 +01:00
			`lifecycle {`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`hook = "prestart"`
Start working on docserver 2023-11-08 22:40:57 +01:00			`sidecar = true`
			`}`

			`config {`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`image = [[ $c.image \| toJSON ]]`
			`pids_limit = 100`
Start working on docserver 2023-11-08 22:40:57 +01:00			`readonly_rootfs = true`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`volumes = [`
Start working on docserver 2023-11-08 22:40:57 +01:00			`"local/rabbitmq.conf:/etc/rabbitmq/conf.d/30-oods.conf"`
			`]`
			`}`

More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`[[ template "common/file_env.tpl" $c.env ]]`

Start working on docserver 2023-11-08 22:40:57 +01:00			`template {`
			`data = <<_EOT`
			`listeners.tcp.1 = 127.0.0.1:5672`
More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`# Set watermark to 95% of the mem allocated to the container`
			`#vm_memory_high_watermark.absolute = [[ mul .oo.rabbitmq.resources.memory 996147 ]]`
			`vm_memory_high_watermark.relative = 0.999`
Start working on docserver 2023-11-08 22:40:57 +01:00			`_EOT`
			`destination = "local/rabbitmq.conf"`
			`}`

More work on OnlyOffice 2023-11-11 00:13:30 +01:00			`volume_mount {`
			`volume = "rabbitmq"`
			`destination = "/var/lib/rabbitmq"`
			`}`
Start working on docserver 2023-11-08 22:40:57 +01:00
			`[[ template "common/resources.tpl" $c.resources ]]`
			`}`
			`}`
			`}`