189 lines
5.5 KiB
HCL
189 lines
5.5 KiB
HCL
[[ $c := merge .oo.ds . -]]
|
|
|
|
job [[ .oo.instance | toJSON ]] {
|
|
|
|
[[ template "common/job_start.tpl" $c ]]
|
|
|
|
group "onlyoffice" {
|
|
network {
|
|
mode = "bridge"
|
|
# This can be used to ensure rabbitmq has a stable hostname
|
|
# Even if for now, we do not persist rabbitmq data
|
|
hostname = "[[ .oo.instance ]][[ $c.consul.suffix ]]"
|
|
}
|
|
|
|
volume "data" {
|
|
type = [[ .oo.volumes.data.type | toJSON ]]
|
|
source = [[ .oo.volumes.data.source | toJSON ]]
|
|
access_mode = "single-node-writer"
|
|
attachment_mode = "file-system"
|
|
}
|
|
|
|
volume "rabbitmq" {
|
|
type = [[ .oo.volumes.rabbitmq.type | toJSON ]]
|
|
source = [[ .oo.volumes.rabbitmq.source | toJSON ]]
|
|
access_mode = "single-node-writer"
|
|
attachment_mode = "file-system"
|
|
}
|
|
|
|
service {
|
|
name = "[[ .oo.instance ]][[ $c.consul.suffix ]]"
|
|
port = 8819
|
|
|
|
[[ template "common/connect.tpl" $c ]]
|
|
|
|
check {
|
|
name = "health"
|
|
type = "http"
|
|
path = "/healthcheck"
|
|
expose = true
|
|
interval = "10s"
|
|
timeout = "8s"
|
|
|
|
check_restart {
|
|
limit = 90
|
|
grace = "2m"
|
|
}
|
|
}
|
|
|
|
tags = [
|
|
[[- if $c.traefik.enabled ]]
|
|
"[[ $c.traefik.instance ]].enable=true",
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .oo.instance ]][[ $c.consul.suffix ]].rule=Host(`[[ (urlParse .oo.ds.public_url).Hostname ]]`)
|
|
[[- if not (regexp.Match "^/?$" (urlParse .oo.ds.public_url).Path) ]] && PathPrefix(`[[ (urlParse .oo.ds.public_url).Path ]]`)[[ end ]]",
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .oo.instance ]][[ $c.consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
|
|
"[[ $c.traefik.instance ]].http.middlewares.[[ .oo.instance ]]-headers[[ $c.consul.suffix ]].headers.contentsecuritypolicy=[[ range $k, $v := $c.traefik.csp ]][[ $k ]] [[ $v ]];[[ end ]]",
|
|
"[[ $c.traefik.instance ]].http.middlewares.[[ .oo.instance ]]-headers[[ $c.consul.suffix ]].headers.customrequestheaders.X-Forwarded-Proto=https",
|
|
[[- if not (regexp.Match "^/?$" (urlParse .oo.ds.public_url).Path) ]]
|
|
"[[ $c.traefik.instance ]].http.middlewares.[[ .oo.instance ]][[ $c.consul.suffix ]]-prefix.stripprefix.prefixes=[[ (urlParse .oo.ds.public_url).Path ]]",
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .oo.instance ]][[ $c.consul.suffix ]].middlewares=[[ .oo.instance ]]-headers[[ $c.consul.suffix ]],[[ .oo.instance ]][[ $c.consul.suffix ]]-prefix,[[ template "common/traefik_middlewares.tpl" $c.traefik ]]",
|
|
[[- else ]]
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .oo.instance ]][[ $c.consul.suffix ]].middlewares=[[ .oo.instance ]]-headers[[ $c.consul.suffix ]],[[ template "common/traefik_middlewares.tpl" $c.traefik ]]",
|
|
[[- end ]]
|
|
[[- end ]]
|
|
]
|
|
|
|
}
|
|
|
|
task "docserver" {
|
|
driver = [[ $c.nomad.driver | toJSON ]]
|
|
leader = true
|
|
|
|
config {
|
|
image = [[ .oo.ds.image | toJSON ]]
|
|
pids_limit = 200
|
|
readonly_rootfs = true
|
|
volumes = [
|
|
"local/metrics.js:/var/www/onlyoffice/documentserver/server/Metrics/config/config.js:ro"
|
|
]
|
|
[[ template "common/tmpfs.tpl" dict "target" "/tmp" "size" 3000000 ]]
|
|
|
|
}
|
|
|
|
vault {
|
|
policies = ["[[ .oo.instance ]][[ $c.consul.suffix ]]"]
|
|
disable_file = true
|
|
env = false
|
|
}
|
|
|
|
env {
|
|
NGINX_LISTEN_IP = "127.0.0.1"
|
|
APPLICATION_NAME = "[[ .oo.instance ]][[ .consul.suffix ]]"
|
|
[[ template "common/proxy_env.tpl" $c ]]
|
|
}
|
|
|
|
[[ template "common/file_env.tpl" $c.env ]]
|
|
|
|
template {
|
|
data =<<_EOT
|
|
[[ template "onlyoffice-docserver/metrics.js.tpl" . ]]
|
|
_EOT
|
|
destination = "local/metrics.js"
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "data"
|
|
destination = "/var/lib/onlyoffice/documentserver/App_Data/"
|
|
}
|
|
|
|
[[ template "common/resources.tpl" $c.resources ]]
|
|
|
|
}
|
|
|
|
[[ template "common/task.wait_for.tpl" $c ]]
|
|
|
|
task "redis" {
|
|
driver = [[ $c.nomad.driver | toJSON ]]
|
|
user = 2967
|
|
|
|
lifecycle {
|
|
hook = "prestart"
|
|
sidecar = true
|
|
}
|
|
|
|
config {
|
|
image = "redis:alpine"
|
|
pids_limit = 20
|
|
readonly_rootfs = true
|
|
args = ["/local/redis.conf"]
|
|
}
|
|
|
|
template {
|
|
data =<<_EOT
|
|
bind 127.0.0.1
|
|
maxmemory {{ env "NOMAD_MEMORY_LIMIT" | parseInt | subtract 5 }}mb
|
|
databases 1
|
|
save ""
|
|
appendonly no
|
|
_EOT
|
|
destination = "local/redis.conf"
|
|
}
|
|
|
|
resources {
|
|
cpu = 10
|
|
memory = 20
|
|
}
|
|
}
|
|
|
|
[[ $c := merge .oo.rabbitmq . ]]
|
|
|
|
task "rabbitmq" {
|
|
driver = [[ $c.nomad.driver | toJSON ]]
|
|
#user = 100
|
|
|
|
lifecycle {
|
|
hook = "prestart"
|
|
sidecar = true
|
|
}
|
|
|
|
config {
|
|
image = [[ $c.image | toJSON ]]
|
|
pids_limit = 100
|
|
readonly_rootfs = true
|
|
volumes = [
|
|
"local/rabbitmq.conf:/etc/rabbitmq/conf.d/30-oods.conf"
|
|
]
|
|
}
|
|
|
|
[[ template "common/file_env.tpl" $c.env ]]
|
|
|
|
template {
|
|
data = <<_EOT
|
|
listeners.tcp.1 = 127.0.0.1:5672
|
|
# Set watermark to 95% of the mem allocated to the container
|
|
#vm_memory_high_watermark.absolute = [[ mul .oo.rabbitmq.resources.memory 996147 ]]
|
|
vm_memory_high_watermark.relative = 0.999
|
|
_EOT
|
|
destination = "local/rabbitmq.conf"
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "rabbitmq"
|
|
destination = "/var/lib/rabbitmq"
|
|
}
|
|
|
|
[[ template "common/resources.tpl" $c.resources ]]
|
|
}
|
|
}
|
|
}
|