Replace caretakerd with minit

2024-01-19 22:39:19 +01:00 · 2024-01-19 22:39:19 +01:00 · 4d04a8cc5f
parent a53cf467fd
commit 4d04a8cc5f
7 changed files with 37 additions and 114 deletions
--- a/example/images/onlyoffice-docserver/Dockerfile
+++ b/example/images/onlyoffice-docserver/Dockerfile
@ -1,12 +1,9 @@
-FROM danielberteaud/alma:9.24.1-3
+FROM danielberteaud/alma:9.24.1-5
 MAINTAINER Daniel Berteaud <dbd@ehtrace.com>

-ARG OO_VERSION=7.5.1 \
-    CARETAKERD_VERSION=1.0.8
+ARG OO_VERSION=7.5.1

-ENV LANG=fr_FR.utf8 \
-    TZ=Europe/Paris \
-    NGINX_LISTEN_IP=0.0.0.0 \
+ENV NGINX_LISTEN_IP=0.0.0.0 \
    NODE_ENV=production-linux \
    NODE_CONFIG_DIR=/etc/onlyoffice/documentserver \
    NODE_DISABLE_COLORS=1 \
@ -38,16 +35,11 @@ RUN set -euxo pipefail &&\
      onlyoffice-documentserver \
      nginx \
    &&\
-    curl -sSL https://github.com/echocat/caretakerd/releases/download/v${CARETAKERD_VERSION}/caretakerd-linux-amd64.tar.gz | \
-      tar xvz --exclude caretakerd.html -C /usr/local/bin &&\
-    chmod +x /usr/local/bin/caretakerd &&\
    dnf clean all &&\
    rm -rf /var/cache/dnf/* /var/cache/yum/* /var/log/dnf* /var/log/yum/* /var/lib/dnf/history* 

 COPY root/ /

 EXPOSE 8819
-
 USER ds
-
-CMD ["caretakerd", "run"]
+CMD ["minit"]
--- a/example/images/onlyoffice-docserver/root/etc/caretakerd.yaml
+++ b/example/images/onlyoffice-docserver/root/etc/caretakerd.yaml
@ -1,15 +0,0 @@
-services:
-  docserver:
-    type: master
-    command: ["/var/www/onlyoffice/documentserver/server/DocService/docservice"]
-    preCommands:
-      - ["rm", "-f", "/tmp/oods.sock"]
-    directory: /var/www/onlyoffice/documentserver/server/DocService
-  metrics:
-    command: ["/var/www/onlyoffice/documentserver/server/Metrics/metrics", "./config/config.js"]
-    directory: /var/www/onlyoffice/documentserver/server/Metrics
-  converter:
-    command: ["/var/www/onlyoffice/documentserver/server/FileConverter/converter"]
-    directory: /var/www/onlyoffice/documentserver/server/FileConverter
-  nginx:
-    command: ["/usr/sbin/nginx", "-c", "/tmp/nginx.conf"]
--- a/example/onlyoffice-docserver.nomad.hcl
+++ b/example/onlyoffice-docserver.nomad.hcl
@ -5,6 +5,7 @@ job "onlyoffice" {


  group "onlyoffice" {
+
    network {
      mode = "bridge"
      # This can be used to ensure rabbitmq has a stable hostname
@ -70,7 +71,7 @@ job "onlyoffice" {
        "traefik.http.routers.onlyoffice.entrypoints=https",
        "traefik.http.middlewares.onlyoffice-headers.headers.contentsecuritypolicy=connect-src 'self' https://www.zotero.org https://cdn.jsdelivr.net https://cdn.rawgit.com https://translate.googleapis.com https://code.responsivevoice.org https://onlyoffice.github.io;default-src 'self';font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' https://www.youtube.com https://onlyoffice.github.io;img-src 'self' data: https://*;media-src 'self' https://code.responsivevoice.org;script-src 'self' 'wasm-unsafe-eval' 'unsafe-inline' 'unsafe-eval' blob: https://ajax.googleapis.com https://www.youtube.com/ https://*.cloudfront.net https://cdn.rawgit.com https://code.jquery.com https://translate.googleapis.com https://code.responsivevoice.org https://cdn.jsdelivr.net https://onlyoffice.github.io;style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://translate.googleapis.com https://onlyoffice.github.io;",
        "traefik.http.middlewares.onlyoffice-headers.headers.customrequestheaders.X-Forwarded-Proto=https",
-        "traefik.http.routers.onlyoffice.middlewares=onlyoffice-headers,rate-limit-high@file,inflight-high@file,security-headers@file,hsts@file,compression@file",
+        "traefik.http.routers.onlyoffice.middlewares=onlyoffice-headers,rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,compression@file",
      ]

    }
@ -80,7 +81,7 @@ job "onlyoffice" {
      leader = true

      config {
-        image           = "danielberteaud/onlyoffice-docserver:7.5.1-8"
+        image           = "danielberteaud/onlyoffice-docserver:7.5.1-9"
        pids_limit      = 200
        readonly_rootfs = true
        volumes = [
@ -193,10 +194,10 @@ _EOT



-
+    # Local redis instance
    task "redis" {
      driver = "docker"
-      user   = 2967
+      user   = 6379

      lifecycle {
        hook    = "prestart"
@ -205,8 +206,8 @@ _EOT

      config {
        image           = "redis:alpine"
-        pids_limit      = 20
        readonly_rootfs = true
+        force_pull      = true
        args            = ["/local/redis.conf"]
      }

@ -222,13 +223,15 @@ _EOT
      }

      resources {
-        cpu    = 10
-        memory = 20
+        cpu    = 300
+        memory = 512
      }
    }



+
+
    task "rabbitmq" {
      driver = "docker"
      #user = 100
--- a/images/onlyoffice-docserver/Dockerfile
+++ b/images/onlyoffice-docserver/Dockerfile
@ -1,12 +1,9 @@
 FROM [[ .docker.repo ]][[ .docker.base_images.alma9.image ]]
 MAINTAINER [[ .docker.maintainer ]]

-ARG OO_VERSION=7.5.1 \
-    CARETAKERD_VERSION=1.0.8
+ARG OO_VERSION=7.5.1

-ENV LANG=[[ .locale.lang ]] \
-    TZ=[[ .locale.tz ]] \
-    NGINX_LISTEN_IP=0.0.0.0 \
+ENV NGINX_LISTEN_IP=0.0.0.0 \
    NODE_ENV=production-linux \
    NODE_CONFIG_DIR=/etc/onlyoffice/documentserver \
    NODE_DISABLE_COLORS=1 \
@ -38,16 +35,11 @@ RUN set -euxo pipefail &&\
      onlyoffice-documentserver \
      nginx \
    &&\
-    curl -sSL https://github.com/echocat/caretakerd/releases/download/v${CARETAKERD_VERSION}/caretakerd-linux-amd64.tar.gz | \
-      tar xvz --exclude caretakerd.html -C /usr/local/bin &&\
-    chmod +x /usr/local/bin/caretakerd &&\
    dnf clean all &&\
    rm -rf /var/cache/dnf/* /var/cache/yum/* /var/log/dnf* /var/log/yum/* /var/lib/dnf/history* 

 COPY root/ /

 EXPOSE 8819
-
 USER ds
-
-CMD ["caretakerd", "run"]
+CMD ["minit"]
--- a/images/onlyoffice-docserver/root/etc/caretakerd.yaml
+++ b/images/onlyoffice-docserver/root/etc/caretakerd.yaml
@ -1,15 +0,0 @@
-services:
-  docserver:
-    type: master
-    command: ["/var/www/onlyoffice/documentserver/server/DocService/docservice"]
-    preCommands:
-      - ["rm", "-f", "/tmp/oods.sock"]
-    directory: /var/www/onlyoffice/documentserver/server/DocService
-  metrics:
-    command: ["/var/www/onlyoffice/documentserver/server/Metrics/metrics", "./config/config.js"]
-    directory: /var/www/onlyoffice/documentserver/server/Metrics
-  converter:
-    command: ["/var/www/onlyoffice/documentserver/server/FileConverter/converter"]
-    directory: /var/www/onlyoffice/documentserver/server/FileConverter
-  nginx:
-    command: ["/usr/sbin/nginx", "-c", "/tmp/nginx.conf"]
--- a/onlyoffice-docserver.nomad.hcl
+++ b/onlyoffice-docserver.nomad.hcl
@ -1,10 +1,13 @@
 [[ $c := merge .oo.ds . -]]

-job [[ .instance | toJSON ]] {
+job "[[ .instance ]]" {
+
+[[- $c := merge .oo.ds .oo . ]]

 [[ template "common/job_start" $c ]]

  group "onlyoffice" {
+
    network {
      mode = "bridge"
      # This can be used to ensure rabbitmq has a stable hostname
@ -12,7 +15,7 @@ job [[ .instance | toJSON ]] {
      hostname = "[[ .instance ]][[ $c.consul.suffix ]]"
    }

-[[ template "common/volumes" .oo.volumes ]]
+[[ template "common/volumes" $c ]]

    service {
      name = "[[ .instance ]][[ $c.consul.suffix ]]"
@ -44,9 +47,9 @@ job [[ .instance | toJSON ]] {
        "[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-headers[[ $c.consul.suffix ]].headers.customrequestheaders.X-Forwarded-Proto=https",
 [[- if not (regexp.Match "^/?$" (urlParse .oo.ds.public_url).Path) ]]
        "[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]][[ $c.consul.suffix ]]-prefix.stripprefix.prefixes=[[ (urlParse .oo.ds.public_url).Path ]]",
-        "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].middlewares=[[ .instance ]]-headers[[ $c.consul.suffix ]],[[ .instance ]][[ $c.consul.suffix ]]-prefix,[[ template "common/traefik_middlewares" $c.traefik ]]",
+        "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].middlewares=[[ .instance ]]-headers[[ $c.consul.suffix ]],[[ .instance ]][[ $c.consul.suffix ]]-prefix,[[ template "common/traefik_middlewares" $c ]]",
 [[- else ]]
-        "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].middlewares=[[ .instance ]]-headers[[ $c.consul.suffix ]],[[ template "common/traefik_middlewares" $c.traefik ]]",
+        "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].middlewares=[[ .instance ]]-headers[[ $c.consul.suffix ]],[[ template "common/traefik_middlewares" $c ]]",
 [[- end ]]
 [[- end ]]
      ]
@ -54,11 +57,11 @@ job [[ .instance | toJSON ]] {
    }

    task "docserver" {
-      driver = [[ $c.nomad.driver | toJSON ]]
+      driver = "[[ $c.nomad.driver ]]"
      leader = true

      config {
-        image           = [[ .oo.ds.image | toJSON ]]
+        image           = "[[ .oo.ds.image ]]"
        pids_limit      = 200
        readonly_rootfs = true
        volumes         = [
@ -76,7 +79,7 @@ job [[ .instance | toJSON ]] {
 [[ template "common/proxy_env" $c ]]
      }

-[[ template "common/file_env" $c.env ]]
+[[ template "common/file_env" $c ]]

      # Database settings
      template {
@ -90,8 +93,8 @@ OO_DB_PASS={{ env "NOMAD_ALLOC_ID" }}
 [[- else ]]
 OO_DB_HOST=[[ $c.postgres.host ]]
 OO_DB_PORT=[[ $c.postgres.port ]]
-OO_DB_USER={{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}
-OO_DB_PASS={{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}
+OO_DB_USER=[[ $c.postgres.user ]]
+OO_DB_PASS=[[ $c.postgres.password ]]
 [[- end ]]
 _EOT
        destination = "secrets/.db.env"
@ -113,50 +116,18 @@ _EOT
        destination = "/var/lib/onlyoffice/documentserver/App_Data/"
      }

-[[ template "common/resources" $c.resources ]]
+[[ template "common/resources" $c ]]

    }

 [[ template "common/task.wait_for" $c ]]
 [[ template "common/task.pgpooler" $c ]]
-
-    task "redis" {
-      driver = [[ $c.nomad.driver | toJSON ]]
-      user   = 2967
-
-      lifecycle {
-        hook    = "prestart"
-        sidecar = true
-      }
-
-      config {
-        image           = "redis:alpine"
-        pids_limit      = 20
-        readonly_rootfs = true
-        args            = ["/local/redis.conf"]
-      }
-
-      template {
-        data =<<_EOT
-bind 127.0.0.1
-maxmemory {{ env "NOMAD_MEMORY_LIMIT" | parseInt | subtract 5 }}mb
-databases 1
-save ""
-appendonly no
-_EOT
-        destination = "local/redis.conf"
-      }
-
-      resources {
-        cpu    = 10
-        memory = 20
-      }
-    }
+[[ template "common/task.redis" $c ]]

 [[ $c := merge .oo.rabbitmq . ]]

    task "rabbitmq" {
-      driver = [[ $c.nomad.driver | toJSON ]]
+      driver = "[[ $c.nomad.driver ]]"
      #user = 100

      lifecycle {
@ -165,7 +136,7 @@ _EOT
      }

      config {
-        image           = [[ $c.image | toJSON ]]
+        image           = "[[ $c.image ]]"
        pids_limit      = 100
        readonly_rootfs = true
        volumes         = [
@ -173,7 +144,7 @@ _EOT
        ]
      }

-[[ template "common/file_env" $c.env ]]
+[[ template "common/file_env" $c ]]

      template {
        data = <<_EOT
@ -190,7 +161,7 @@ _EOT
        destination = "/var/lib/rabbitmq"
      }

-[[ template "common/resources" $c.resources ]]
+[[ template "common/resources" $c ]]
    }
  }
 }
--- a/variables.yml
+++ b/variables.yml
@ -9,7 +9,7 @@ oo:
  # Document Services
  ds:
    # Docker image to use
-    image: '[[ .docker.repo ]]onlyoffice-docserver:7.5.1-8'
+    image: '[[ .docker.repo ]]onlyoffice-docserver:7.5.1-9'

    # Resource allocation for OnlyOffice itself
    resources:
@ -48,12 +48,7 @@ oo:
        media-src: "'self' https://code.responsivevoice.org"
        frame-src: "'self' https://www.youtube.com https://onlyoffice.github.io"

-      # Override base_middlewares to remove csp-relaxed@file
-      base_middlewares:
-        - rate-limit-high@file
-        - inflight-high@file
-        - security-headers@file
-        - hsts@file
+      middlewares:
        - compression@file

    # Wait for the database server to be ready before starting