Replace caretakerd with minit
This commit is contained in:
parent
a53cf467fd
commit
4d04a8cc5f
|
@ -1,12 +1,9 @@
|
|||
FROM danielberteaud/alma:9.24.1-3
|
||||
FROM danielberteaud/alma:9.24.1-5
|
||||
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
|
||||
|
||||
ARG OO_VERSION=7.5.1 \
|
||||
CARETAKERD_VERSION=1.0.8
|
||||
ARG OO_VERSION=7.5.1
|
||||
|
||||
ENV LANG=fr_FR.utf8 \
|
||||
TZ=Europe/Paris \
|
||||
NGINX_LISTEN_IP=0.0.0.0 \
|
||||
ENV NGINX_LISTEN_IP=0.0.0.0 \
|
||||
NODE_ENV=production-linux \
|
||||
NODE_CONFIG_DIR=/etc/onlyoffice/documentserver \
|
||||
NODE_DISABLE_COLORS=1 \
|
||||
|
@ -38,16 +35,11 @@ RUN set -euxo pipefail &&\
|
|||
onlyoffice-documentserver \
|
||||
nginx \
|
||||
&&\
|
||||
curl -sSL https://github.com/echocat/caretakerd/releases/download/v${CARETAKERD_VERSION}/caretakerd-linux-amd64.tar.gz | \
|
||||
tar xvz --exclude caretakerd.html -C /usr/local/bin &&\
|
||||
chmod +x /usr/local/bin/caretakerd &&\
|
||||
dnf clean all &&\
|
||||
rm -rf /var/cache/dnf/* /var/cache/yum/* /var/log/dnf* /var/log/yum/* /var/lib/dnf/history*
|
||||
|
||||
COPY root/ /
|
||||
|
||||
EXPOSE 8819
|
||||
|
||||
USER ds
|
||||
|
||||
CMD ["caretakerd", "run"]
|
||||
CMD ["minit"]
|
||||
|
|
|
@ -1,15 +0,0 @@
|
|||
services:
|
||||
docserver:
|
||||
type: master
|
||||
command: ["/var/www/onlyoffice/documentserver/server/DocService/docservice"]
|
||||
preCommands:
|
||||
- ["rm", "-f", "/tmp/oods.sock"]
|
||||
directory: /var/www/onlyoffice/documentserver/server/DocService
|
||||
metrics:
|
||||
command: ["/var/www/onlyoffice/documentserver/server/Metrics/metrics", "./config/config.js"]
|
||||
directory: /var/www/onlyoffice/documentserver/server/Metrics
|
||||
converter:
|
||||
command: ["/var/www/onlyoffice/documentserver/server/FileConverter/converter"]
|
||||
directory: /var/www/onlyoffice/documentserver/server/FileConverter
|
||||
nginx:
|
||||
command: ["/usr/sbin/nginx", "-c", "/tmp/nginx.conf"]
|
|
@ -5,6 +5,7 @@ job "onlyoffice" {
|
|||
|
||||
|
||||
group "onlyoffice" {
|
||||
|
||||
network {
|
||||
mode = "bridge"
|
||||
# This can be used to ensure rabbitmq has a stable hostname
|
||||
|
@ -70,7 +71,7 @@ job "onlyoffice" {
|
|||
"traefik.http.routers.onlyoffice.entrypoints=https",
|
||||
"traefik.http.middlewares.onlyoffice-headers.headers.contentsecuritypolicy=connect-src 'self' https://www.zotero.org https://cdn.jsdelivr.net https://cdn.rawgit.com https://translate.googleapis.com https://code.responsivevoice.org https://onlyoffice.github.io;default-src 'self';font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' https://www.youtube.com https://onlyoffice.github.io;img-src 'self' data: https://*;media-src 'self' https://code.responsivevoice.org;script-src 'self' 'wasm-unsafe-eval' 'unsafe-inline' 'unsafe-eval' blob: https://ajax.googleapis.com https://www.youtube.com/ https://*.cloudfront.net https://cdn.rawgit.com https://code.jquery.com https://translate.googleapis.com https://code.responsivevoice.org https://cdn.jsdelivr.net https://onlyoffice.github.io;style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://translate.googleapis.com https://onlyoffice.github.io;",
|
||||
"traefik.http.middlewares.onlyoffice-headers.headers.customrequestheaders.X-Forwarded-Proto=https",
|
||||
"traefik.http.routers.onlyoffice.middlewares=onlyoffice-headers,rate-limit-high@file,inflight-high@file,security-headers@file,hsts@file,compression@file",
|
||||
"traefik.http.routers.onlyoffice.middlewares=onlyoffice-headers,rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,compression@file",
|
||||
]
|
||||
|
||||
}
|
||||
|
@ -80,7 +81,7 @@ job "onlyoffice" {
|
|||
leader = true
|
||||
|
||||
config {
|
||||
image = "danielberteaud/onlyoffice-docserver:7.5.1-8"
|
||||
image = "danielberteaud/onlyoffice-docserver:7.5.1-9"
|
||||
pids_limit = 200
|
||||
readonly_rootfs = true
|
||||
volumes = [
|
||||
|
@ -193,10 +194,10 @@ _EOT
|
|||
|
||||
|
||||
|
||||
|
||||
# Local redis instance
|
||||
task "redis" {
|
||||
driver = "docker"
|
||||
user = 2967
|
||||
user = 6379
|
||||
|
||||
lifecycle {
|
||||
hook = "prestart"
|
||||
|
@ -205,8 +206,8 @@ _EOT
|
|||
|
||||
config {
|
||||
image = "redis:alpine"
|
||||
pids_limit = 20
|
||||
readonly_rootfs = true
|
||||
force_pull = true
|
||||
args = ["/local/redis.conf"]
|
||||
}
|
||||
|
||||
|
@ -222,13 +223,15 @@ _EOT
|
|||
}
|
||||
|
||||
resources {
|
||||
cpu = 10
|
||||
memory = 20
|
||||
cpu = 300
|
||||
memory = 512
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
task "rabbitmq" {
|
||||
driver = "docker"
|
||||
#user = 100
|
||||
|
|
|
@ -1,12 +1,9 @@
|
|||
FROM [[ .docker.repo ]][[ .docker.base_images.alma9.image ]]
|
||||
MAINTAINER [[ .docker.maintainer ]]
|
||||
|
||||
ARG OO_VERSION=7.5.1 \
|
||||
CARETAKERD_VERSION=1.0.8
|
||||
ARG OO_VERSION=7.5.1
|
||||
|
||||
ENV LANG=[[ .locale.lang ]] \
|
||||
TZ=[[ .locale.tz ]] \
|
||||
NGINX_LISTEN_IP=0.0.0.0 \
|
||||
ENV NGINX_LISTEN_IP=0.0.0.0 \
|
||||
NODE_ENV=production-linux \
|
||||
NODE_CONFIG_DIR=/etc/onlyoffice/documentserver \
|
||||
NODE_DISABLE_COLORS=1 \
|
||||
|
@ -38,16 +35,11 @@ RUN set -euxo pipefail &&\
|
|||
onlyoffice-documentserver \
|
||||
nginx \
|
||||
&&\
|
||||
curl -sSL https://github.com/echocat/caretakerd/releases/download/v${CARETAKERD_VERSION}/caretakerd-linux-amd64.tar.gz | \
|
||||
tar xvz --exclude caretakerd.html -C /usr/local/bin &&\
|
||||
chmod +x /usr/local/bin/caretakerd &&\
|
||||
dnf clean all &&\
|
||||
rm -rf /var/cache/dnf/* /var/cache/yum/* /var/log/dnf* /var/log/yum/* /var/lib/dnf/history*
|
||||
|
||||
COPY root/ /
|
||||
|
||||
EXPOSE 8819
|
||||
|
||||
USER ds
|
||||
|
||||
CMD ["caretakerd", "run"]
|
||||
CMD ["minit"]
|
||||
|
|
|
@ -1,15 +0,0 @@
|
|||
services:
|
||||
docserver:
|
||||
type: master
|
||||
command: ["/var/www/onlyoffice/documentserver/server/DocService/docservice"]
|
||||
preCommands:
|
||||
- ["rm", "-f", "/tmp/oods.sock"]
|
||||
directory: /var/www/onlyoffice/documentserver/server/DocService
|
||||
metrics:
|
||||
command: ["/var/www/onlyoffice/documentserver/server/Metrics/metrics", "./config/config.js"]
|
||||
directory: /var/www/onlyoffice/documentserver/server/Metrics
|
||||
converter:
|
||||
command: ["/var/www/onlyoffice/documentserver/server/FileConverter/converter"]
|
||||
directory: /var/www/onlyoffice/documentserver/server/FileConverter
|
||||
nginx:
|
||||
command: ["/usr/sbin/nginx", "-c", "/tmp/nginx.conf"]
|
|
@ -1,10 +1,13 @@
|
|||
[[ $c := merge .oo.ds . -]]
|
||||
|
||||
job [[ .instance | toJSON ]] {
|
||||
job "[[ .instance ]]" {
|
||||
|
||||
[[- $c := merge .oo.ds .oo . ]]
|
||||
|
||||
[[ template "common/job_start" $c ]]
|
||||
|
||||
group "onlyoffice" {
|
||||
|
||||
network {
|
||||
mode = "bridge"
|
||||
# This can be used to ensure rabbitmq has a stable hostname
|
||||
|
@ -12,7 +15,7 @@ job [[ .instance | toJSON ]] {
|
|||
hostname = "[[ .instance ]][[ $c.consul.suffix ]]"
|
||||
}
|
||||
|
||||
[[ template "common/volumes" .oo.volumes ]]
|
||||
[[ template "common/volumes" $c ]]
|
||||
|
||||
service {
|
||||
name = "[[ .instance ]][[ $c.consul.suffix ]]"
|
||||
|
@ -44,9 +47,9 @@ job [[ .instance | toJSON ]] {
|
|||
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-headers[[ $c.consul.suffix ]].headers.customrequestheaders.X-Forwarded-Proto=https",
|
||||
[[- if not (regexp.Match "^/?$" (urlParse .oo.ds.public_url).Path) ]]
|
||||
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]][[ $c.consul.suffix ]]-prefix.stripprefix.prefixes=[[ (urlParse .oo.ds.public_url).Path ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].middlewares=[[ .instance ]]-headers[[ $c.consul.suffix ]],[[ .instance ]][[ $c.consul.suffix ]]-prefix,[[ template "common/traefik_middlewares" $c.traefik ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].middlewares=[[ .instance ]]-headers[[ $c.consul.suffix ]],[[ .instance ]][[ $c.consul.suffix ]]-prefix,[[ template "common/traefik_middlewares" $c ]]",
|
||||
[[- else ]]
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].middlewares=[[ .instance ]]-headers[[ $c.consul.suffix ]],[[ template "common/traefik_middlewares" $c.traefik ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].middlewares=[[ .instance ]]-headers[[ $c.consul.suffix ]],[[ template "common/traefik_middlewares" $c ]]",
|
||||
[[- end ]]
|
||||
[[- end ]]
|
||||
]
|
||||
|
@ -54,11 +57,11 @@ job [[ .instance | toJSON ]] {
|
|||
}
|
||||
|
||||
task "docserver" {
|
||||
driver = [[ $c.nomad.driver | toJSON ]]
|
||||
driver = "[[ $c.nomad.driver ]]"
|
||||
leader = true
|
||||
|
||||
config {
|
||||
image = [[ .oo.ds.image | toJSON ]]
|
||||
image = "[[ .oo.ds.image ]]"
|
||||
pids_limit = 200
|
||||
readonly_rootfs = true
|
||||
volumes = [
|
||||
|
@ -76,7 +79,7 @@ job [[ .instance | toJSON ]] {
|
|||
[[ template "common/proxy_env" $c ]]
|
||||
}
|
||||
|
||||
[[ template "common/file_env" $c.env ]]
|
||||
[[ template "common/file_env" $c ]]
|
||||
|
||||
# Database settings
|
||||
template {
|
||||
|
@ -90,8 +93,8 @@ OO_DB_PASS={{ env "NOMAD_ALLOC_ID" }}
|
|||
[[- else ]]
|
||||
OO_DB_HOST=[[ $c.postgres.host ]]
|
||||
OO_DB_PORT=[[ $c.postgres.port ]]
|
||||
OO_DB_USER={{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}
|
||||
OO_DB_PASS={{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}
|
||||
OO_DB_USER=[[ $c.postgres.user ]]
|
||||
OO_DB_PASS=[[ $c.postgres.password ]]
|
||||
[[- end ]]
|
||||
_EOT
|
||||
destination = "secrets/.db.env"
|
||||
|
@ -113,50 +116,18 @@ _EOT
|
|||
destination = "/var/lib/onlyoffice/documentserver/App_Data/"
|
||||
}
|
||||
|
||||
[[ template "common/resources" $c.resources ]]
|
||||
[[ template "common/resources" $c ]]
|
||||
|
||||
}
|
||||
|
||||
[[ template "common/task.wait_for" $c ]]
|
||||
[[ template "common/task.pgpooler" $c ]]
|
||||
|
||||
task "redis" {
|
||||
driver = [[ $c.nomad.driver | toJSON ]]
|
||||
user = 2967
|
||||
|
||||
lifecycle {
|
||||
hook = "prestart"
|
||||
sidecar = true
|
||||
}
|
||||
|
||||
config {
|
||||
image = "redis:alpine"
|
||||
pids_limit = 20
|
||||
readonly_rootfs = true
|
||||
args = ["/local/redis.conf"]
|
||||
}
|
||||
|
||||
template {
|
||||
data =<<_EOT
|
||||
bind 127.0.0.1
|
||||
maxmemory {{ env "NOMAD_MEMORY_LIMIT" | parseInt | subtract 5 }}mb
|
||||
databases 1
|
||||
save ""
|
||||
appendonly no
|
||||
_EOT
|
||||
destination = "local/redis.conf"
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 10
|
||||
memory = 20
|
||||
}
|
||||
}
|
||||
[[ template "common/task.redis" $c ]]
|
||||
|
||||
[[ $c := merge .oo.rabbitmq . ]]
|
||||
|
||||
task "rabbitmq" {
|
||||
driver = [[ $c.nomad.driver | toJSON ]]
|
||||
driver = "[[ $c.nomad.driver ]]"
|
||||
#user = 100
|
||||
|
||||
lifecycle {
|
||||
|
@ -165,7 +136,7 @@ _EOT
|
|||
}
|
||||
|
||||
config {
|
||||
image = [[ $c.image | toJSON ]]
|
||||
image = "[[ $c.image ]]"
|
||||
pids_limit = 100
|
||||
readonly_rootfs = true
|
||||
volumes = [
|
||||
|
@ -173,7 +144,7 @@ _EOT
|
|||
]
|
||||
}
|
||||
|
||||
[[ template "common/file_env" $c.env ]]
|
||||
[[ template "common/file_env" $c ]]
|
||||
|
||||
template {
|
||||
data = <<_EOT
|
||||
|
@ -190,7 +161,7 @@ _EOT
|
|||
destination = "/var/lib/rabbitmq"
|
||||
}
|
||||
|
||||
[[ template "common/resources" $c.resources ]]
|
||||
[[ template "common/resources" $c ]]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -9,7 +9,7 @@ oo:
|
|||
# Document Services
|
||||
ds:
|
||||
# Docker image to use
|
||||
image: '[[ .docker.repo ]]onlyoffice-docserver:7.5.1-8'
|
||||
image: '[[ .docker.repo ]]onlyoffice-docserver:7.5.1-9'
|
||||
|
||||
# Resource allocation for OnlyOffice itself
|
||||
resources:
|
||||
|
@ -48,12 +48,7 @@ oo:
|
|||
media-src: "'self' https://code.responsivevoice.org"
|
||||
frame-src: "'self' https://www.youtube.com https://onlyoffice.github.io"
|
||||
|
||||
# Override base_middlewares to remove csp-relaxed@file
|
||||
base_middlewares:
|
||||
- rate-limit-high@file
|
||||
- inflight-high@file
|
||||
- security-headers@file
|
||||
- hsts@file
|
||||
middlewares:
|
||||
- compression@file
|
||||
|
||||
# Wait for the database server to be ready before starting
|
||||
|
|
Loading…
Reference in New Issue