Start job skeletton
This commit is contained in:
commit
35e0c30287
|
@ -0,0 +1,4 @@
|
|||
[submodule "common"]
|
||||
path = deps/common
|
||||
url = https://git.lapiole.org/nomad/common.git
|
||||
branch = master
|
|
@ -0,0 +1 @@
|
|||
Subproject commit 6c43f35bca0f6720c07c993a4b377047339cf591
|
|
@ -0,0 +1,19 @@
|
|||
FROM danielberteaud/alma:8
|
||||
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
|
||||
|
||||
ARG MONGO_MAJOR=3.6
|
||||
|
||||
COPY mongodb.repo /etc/yum.repos.d/
|
||||
RUN set -eux &&\
|
||||
sed -i -e "s/__MONGO_MAJOR__/${MONGO_MAJOR}/g" /etc/yum.repos.d/mongodb.repo &&\
|
||||
microdnf -y --best --nodocs --noplugins --setopt=install_weak_deps=0 update &&\
|
||||
# Create mongod user with same UID as mongodb in the official image \
|
||||
groupadd -g 999 mongod &&\
|
||||
useradd -M -r -g mongod -u 999 -d /var/lib/mongo -s /bin/false -c mongod mongod &&\
|
||||
microdnf -y --nodocs --setopt=install_weak_deps=0 install tini mongodb-org-server mongodb-org-shell mongodb-mongosh mongodb-org-tools &&\
|
||||
microdnf clean all &&\
|
||||
rm -rf /var/cache/yum/* /var/log/yum/* /var/lib/dnf/history*
|
||||
|
||||
USER mongod
|
||||
ENTRYPOINT ["tini", "--"]
|
||||
CMD ["mongod"]
|
|
@ -0,0 +1,6 @@
|
|||
[mongodb-org-__MONGO_MAJOR__]
|
||||
name=MongoDB Repository
|
||||
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/__MONGO_MAJOR__/x86_64/
|
||||
gpgcheck=1
|
||||
enabled=1
|
||||
gpgkey=https://www.mongodb.org/static/pgp/server-__MONGO_MAJOR__.asc
|
|
@ -0,0 +1,2 @@
|
|||
FROM percona/mongodb_exporter:0.39.0
|
||||
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
|
|
@ -0,0 +1,28 @@
|
|||
FROM danielberteaud/alpine:latest AS builder
|
||||
|
||||
ARG UNIFI_VERSION=7.4.162
|
||||
|
||||
RUN set -eu &&\
|
||||
apk --no-cache add curl ca-certificates unzip &&\
|
||||
cd /tmp &&\
|
||||
curl -sSLO https://www.ubnt.com/downloads/unifi/${UNIFI_VERSION}/UniFi.unix.zip &&\
|
||||
unzip UniFi.unix.zip
|
||||
|
||||
FROM danielberteaud/java:11-alpine
|
||||
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
|
||||
|
||||
COPY --from=build /tmp/UniFi /opt/unifi
|
||||
RUN set -eu &&\
|
||||
apk --no-cache upgrade &&\
|
||||
addgroup -g 8443 unifi &&\
|
||||
adduser --system --ingroup unifi --disabled-password --uid 8443 --home /opt/unifi --shell /sbin/nologin unifi &&\
|
||||
chown -R root:root /opt/unifi &&\
|
||||
chown -R unifi:unifi /opt/unifi/dl &&\
|
||||
chown -R :unifi /opt/unifi/conf &&\
|
||||
chmod 750 /opt/unifi/conf
|
||||
|
||||
EXPOSE 8443 8080 3778
|
||||
USER unifi
|
||||
|
||||
CMD ["sh", "-c", "java ${JAVA_OPTS} -jar /opt/unifi/app/lib/ace.jar start"]
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
## system.properties
|
||||
#
|
||||
# each unifi instance requires a set of ports:
|
||||
#
|
||||
## device inform
|
||||
unifi.http.port={{ env "NOMAD_PORT_inform" }}
|
||||
## controller UI / API
|
||||
# unifi.https.port=8443
|
||||
## portal redirect port for HTTP
|
||||
portal.http.port=8880
|
||||
## portal redirect port for HTTPs
|
||||
# portal.https.port=8843
|
||||
## local-bound port for DB server
|
||||
# unifi.db.port=27117
|
||||
## UDP port used for STUN
|
||||
# unifi.stun.port=3478
|
||||
#
|
||||
## the IP devices should be talking to for inform
|
||||
# system_ip=a.b.c.d
|
||||
## disable mongodb journaling
|
||||
# unifi.db.nojournal=false
|
||||
## extra mongod args
|
||||
# unifi.db.extraargs
|
||||
#
|
||||
## HTTPS options
|
||||
# unifi.https.ciphers=TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA
|
||||
# unifi.https.sslEnabledProtocols=TLSv1,SSLv2Hello
|
||||
# unifi.https.hsts=false
|
||||
# unifi.https.hsts.max_age=31536000
|
||||
# unifi.https.hsts.preload=false
|
||||
# unifi.https.hsts.subdomain=false
|
||||
#
|
||||
# Ports reserved for device redirector. There is no need to open
|
||||
# firewall for these ports on controller, however do NOT set
|
||||
# controller to use these ports.
|
||||
#
|
||||
# portal.redirector.port=8881
|
||||
# portal.redirector.port.wired=8882
|
||||
#
|
||||
# Port used for throughput measurement.
|
||||
# unifi.throughput.port=6789
|
||||
#
|
|
@ -0,0 +1,110 @@
|
|||
job "unifi" {
|
||||
|
||||
datacenters = [[ .noamd.datacenters | toJSON ]]
|
||||
|
||||
group "controller" {
|
||||
|
||||
network {
|
||||
mode = "bridge"
|
||||
port "stun" {}
|
||||
}
|
||||
|
||||
service "unifi-inform" {
|
||||
port = 8080
|
||||
|
||||
connect {
|
||||
sidecar_service {}
|
||||
sidecar_task {
|
||||
[[ template "common/resources.tpl" .envoy ]]
|
||||
}
|
||||
}
|
||||
|
||||
tags = [
|
||||
"[[ .env.traefik ]].enable=true",
|
||||
"[[ .env.traefik ]].http.routers.unifi-inform[[ .env.suffix ]].rule=Host(`[[ (urlParse .unifi.inform.public_url).Host ]]`) && (Path(`/inform`) || PathPrefix(`/dl/firmware-cached`))",
|
||||
"[[ .env.traefik ]].http.routers.unifi-inform[[ .env.suffix ]].entrypoints=[[ join .unifi.inform.traefik.entrypoints "," ]]",
|
||||
"[[ .env.traefik ]].http.routers.unifi-inform[[ .env.suffix ]].middlewares=[[ join .unifi.inform.traefik.middlewares "," ]]"
|
||||
]
|
||||
}
|
||||
|
||||
service "unifi-controller" {
|
||||
port = 8443
|
||||
|
||||
connect {
|
||||
sidecar_service {}
|
||||
sidecar_task {
|
||||
[[ template "common/resources.tpl" .envoy ]]
|
||||
}
|
||||
}
|
||||
|
||||
tags = [
|
||||
"[[ .env.traefik ]].enable=true",
|
||||
"[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].rule=Host(`(urlParse .unifi.controller.public_url).Host`) && PathPrefix(`(urlParse .unifi.controller.public_url).Path`)",
|
||||
"[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].entrypoints=[[ join .unifi.controller.traefik.entrypoints ]]",
|
||||
"[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].tls=true",
|
||||
"[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].scheme=https",
|
||||
"[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].middlewares=[[ join .unifi.controller.traefik.middlewares "," ]]"
|
||||
]
|
||||
}
|
||||
|
||||
service "unifi-portal" {
|
||||
port = 8880
|
||||
|
||||
connect {
|
||||
sidecar_service {}
|
||||
sidecar_task {
|
||||
[[ template "common/resources.tpl" .envoy ]]
|
||||
}
|
||||
}
|
||||
|
||||
tags = [
|
||||
"[[ .env.traefik ]].enable=true",
|
||||
"[[ .env.traefik ]].http.routers.unifi-portal[[ .env.suffix ]].rule=Host(`(urlParse .unifi.guest_portal.public_url).Host`) && PathPrefix(`/guest`)",
|
||||
"[[ .env.traefik ]].http.routers.unifi-portal[[ .env.suffix ]].entrypoints=[[ join .unifi.guest_portal.traefik.entrypoints ]]",
|
||||
"[[ .env.traefik ]].http.routers.unifi-portal[[ .env.suffix ]].tls=true",
|
||||
"[[ .env.traefik ]].http.routers.unifi-portal[[ .env.suffix ]].middlewares=[[ join .unifi.guest_portal.traefik.middlewares "," ]]"
|
||||
]
|
||||
}
|
||||
|
||||
service "unifi-stun" {
|
||||
port = "stun"
|
||||
|
||||
tags = [
|
||||
"[[ .env.traefik ]].enable=true",
|
||||
"[[ .env.traefik ]].udp.routers.unifi-stun[[ .env.suffix ]].entrypoints=[[ join .unifi.stun.traefik.middlewares "," ]]",
|
||||
"[[ .env.traefik ]].consulcatalog.connect=false"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
[[ template "common/task.wait_for" dict
|
||||
"ctx" .
|
||||
"SERVICE_1" "unifi-mongo" ]]
|
||||
|
||||
task "unifi" {
|
||||
|
||||
driver = [[ .unifi.controller.driver | toJSON ]]
|
||||
|
||||
config {
|
||||
image = [[ .unifi.controller.image | toJSON ]]
|
||||
}
|
||||
|
||||
env {
|
||||
[[ template "common/env.tpl" .unifi.controller.env ]]
|
||||
}
|
||||
|
||||
template {
|
||||
data =<<_EOF
|
||||
[[ template "unifi/controller/system.properties" . ]]
|
||||
_EOF
|
||||
destination = "secrets/system.properties"
|
||||
}
|
||||
|
||||
[[ template "common/resources.tpl" .unifi.controller.resources ]]
|
||||
|
||||
}
|
||||
|
||||
group "mongodb" {
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue