From 09d59556e0360470c82193d5d1c8e644f977ab8b Mon Sep 17 00:00:00 2001 From: Mauricio Ugaz Date: Sun, 21 Jan 2018 19:01:46 -0300 Subject: [PATCH] Swarm file flavors (#222) * Better documentation for swarm file, avoid exposing ports for no reason * add swarm file using traefik --- contrib/swarm/docker-stack-traefik.yml | 123 ++++++++++++++++++ contrib/swarm/docker-stack.yml | 165 +++++++++++++++---------- 2 files changed, 220 insertions(+), 68 deletions(-) create mode 100644 contrib/swarm/docker-stack-traefik.yml diff --git a/contrib/swarm/docker-stack-traefik.yml b/contrib/swarm/docker-stack-traefik.yml new file mode 100644 index 0000000..e0ce995 --- /dev/null +++ b/contrib/swarm/docker-stack-traefik.yml @@ -0,0 +1,123 @@ +# This file allows you to run mattermost within your docker swarm mode cluster +# for more informations check: https://docs.docker.com/engine/swarm/ +# +# Simply run: +# +# `docker stack up [STACK NAME] -c docker-stack-traefik.yml` +# +# In this case `mm` is going to be stack name, so the command will be: +# +# `docker stack up mm -c docker-stack-traefik.yml` +# +# From now on all the services that belong to this stack will be prefixed with `mm_` +# this file defines 3 services, these are going to be mm_db, mm_app and mm_web, +# each of these names is the service's hostname as well, they can communicate +# with each other easily by using the hostname instead of the ip or exposing ports to the host. +# +# As a side note, images tagged as latest are pulled by default, +# that means there's no need to use `image:latest` +# +# use latest compose v3.3 file format for optimal compatibility with latest docker release and swarm features. +# see https://docs.docker.com/compose/compose-file/compose-versioning/#version-3 +# and https://docs.docker.com/compose/compose-file/compose-versioning/#version-33 +# and https://docs.docker.com/compose/compose-file/compose-versioning/#upgrading + +version: '3.3' +networks: + # network for App <-> DB transactions + mm-in: + driver: overlay + internal: true + # this network faces the outside world + mm-out: + driver: overlay + internal: false +volumes: + mm-dbdata: + traefik-certs: +services: + db: + # use official mattermost prod-db image + image: mattermost/mattermost-prod-db + networks: + - mm-in + volumes: + # use a named-volume for data persistency + - mm-dbdata:/var/lib/postgresql/data + - /etc/localtime:/etc/localtime:ro + environment: + - POSTGRES_USER=mmuser + - POSTGRES_PASSWORD=mmuser_password + - POSTGRES_DB=mattermost + # uncomment the following to enable backup + # - AWS_ACCESS_KEY_ID=XXXX + # - AWS_SECRET_ACCESS_KEY=XXXX + # - WALE_S3_PREFIX=s3://BUCKET_NAME/PATH + # - AWS_REGION=us-east-1 + deploy: + restart_policy: + condition: on-failure + app: + # use official mattermost prod-app image + image: mattermost/mattermost-prod-app + networks: + - mm-in + - mm-out + volumes: + - /var/lib/mattermost/config:/mattermost/config:rw + - /var/lib/mattermost/data:/mattermost/data:rw + - /var/lib/mattermost/logs:/mattermost/logs:rw + - /etc/localtime:/etc/localtime:ro + environment: + # use service's hostname + - DB_HOST=mm_db + # talk to the port within the overlay network + # without (over)exposing ports + - DB_PORT_NUMBER=5432 + - MM_USERNAME=mmuser + - MM_PASSWORD=mmuser_password + - MM_DBNAME=mattermost + # pass the edition to be used, default is enterprise + # setting this env var will make the app use the team edition + - edition=team + # in case your config is not in default location + # - MM_CONFIG=/mattermost/config/config.json + deploy: + labels: + - "traefik.backend.loadbalancer.sticky=true" + - "traefik.backend.loadbalancer.swarm=true" + # the backend service needs a name + - "traefik.backend=mmapp" + # network is prefixed `mm_` as well + - "traefik.docker.network=mm_mm-out" + # generate a TLS cert for this domain + - "traefik.entrypoints=https" + - "traefik.frontend.passHostHeader=true" + # add your domain below here + - "traefik.frontend.rule=Host:mattermost.domain.com" + - "traefik.port=80" + restart_policy: + condition: on-failure + web: + # use official traefik image + image: traefik + ports: + - "80:80" + # you can view the traefik's dashboard in http://localhost:8080 + - "8080:8080" + - "443:443" + networks: + - mm-out + command: --acme --acme.email="[ADD YOUR EMAIL HERE]" --acme.entrypoint=https --acme.onhostrule --acme.storage="acme/certs.json" --acme.acmelogging --web --docker --docker.domain=docker.localhost --docker.swarmmode --docker.watch --logLevel=DEBUG + volumes: + # traefik needs the docker socket in order to work properly + - /var/run/docker.sock:/var/run/docker.sock + # no traefik config file is being used + # you can deep further in the traefik docs + # http://docs.traefik.io/user-guide/examples/ + - /dev/null:/traefik.toml + # use a named-volume for certs persistency + - traefik-certs:/acme + deploy: + restart_policy: + condition: on-failure \ No newline at end of file diff --git a/contrib/swarm/docker-stack.yml b/contrib/swarm/docker-stack.yml index affbbf2..883c338 100644 --- a/contrib/swarm/docker-stack.yml +++ b/contrib/swarm/docker-stack.yml @@ -1,78 +1,107 @@ -# This file allow you to run mattermost within your docker swarm mode cluster +# This file allows you to run mattermost within your docker swarm mode cluster # for more informations check: https://docs.docker.com/engine/swarm/ # +# Simply run: +# +# `docker stack up [STACK NAME] -c docker-stack.yml` +# +# In this case `mm` is going to be stack name, so the command will be: +# +# `docker stack up mm -c docker-stack.yml` +# +# From now on all the services that belong to this stack will be prefixed with `mm_` +# this file defines 3 services, these are going to be mm_db, mm_app and mm_web, +# each of these names is the service's hostname as well, they can communicate +# with each other easily by using the hostname instead of the ip or exposing ports to the host. +# +# As a side note, images tagged as latest are pulled by default, +# that means there's no need to use `image:latest` +# # use latest compose v3.3 file format for optimal compatibility with latest docker release and swarm features. # see https://docs.docker.com/compose/compose-file/compose-versioning/#version-3 # and https://docs.docker.com/compose/compose-file/compose-versioning/#version-33 # and https://docs.docker.com/compose/compose-file/compose-versioning/#upgrading version: '3.3' - -services: - db: - # use official mattermost prod-db image - image: mattermost/mattermost-prod-db:latest - ports: - - "5432" - networks: - - mm-network - volumes: - # use a named-volume for data persistency - - mm-dbdata:/var/lib/postgresql/data - - /etc/localtime:/etc/localtime:ro - environment: - POSTGRES_USER: mmuser - POSTGRES_PASSWORD: mmuser_password - POSTGRES_DB: mattermost - # uncomment the following to enable backup - # AWS_ACCESS_KEY_ID=XXXX - # AWS_SECRET_ACCESS_KEY=XXXX - # WALE_S3_PREFIX=s3://BUCKET_NAME/PATH - # AWS_REGION=us-east-1 - deploy: - restart_policy: - condition: on-failure - app: - # use official mattermost prod-app image - image: mattermost/mattermost-prod-app:latest - ports: - - "8065" - networks: - - mm-network - volumes: - - /var/lib/mattermost/config:/mattermost/config:rw - - /var/lib/mattermost/data:/mattermost/data:rw - - /var/lib/mattermost/logs:/mattermost/logs:rw - - /etc/localtime:/etc/localtime:ro - environment: - DB_HOST: db - DB_PORT_NUMBER: 5432 - MM_USERNAME: mmuser - MM_PASSWORD: mmuser_password - MM_DBNAME: mattermost - # in case your config is not in default location - # MM_CONFIG=/mattermost/config/config.json - deploy: - restart_policy: - condition: on-failure - web: - # use official mattermost prod-web image - image: mattermost/mattermost-prod-web:latest - ports: - - "80:80" - - "443:443" - networks: - - mm-network - volumes: - # This directory must have cert files - - /var/lib/mattermost/cert:/cert:ro - - /etc/localtime:/etc/localtime:ro - deploy: - restart_policy: - condition: on-failure - networks: - mm-network: - + # network for App <-> DB transactions + mm-in: + driver: overlay + internal: true + # this network faces the outside world + mm-out: + driver: overlay + internal: false volumes: - mm-dbdata: + mm-dbdata: +services: + db: + # use official mattermost prod-db image + image: mattermost/mattermost-prod-db + networks: + - mm-in + volumes: + # use a named-volume for data persistency + - mm-dbdata:/var/lib/postgresql/data + - /etc/localtime:/etc/localtime:ro + environment: + - POSTGRES_USER=mmuser + - POSTGRES_PASSWORD=mmuser_password + - POSTGRES_DB=mattermost + # uncomment the following to enable backup + # - AWS_ACCESS_KEY_ID=XXXX + # - AWS_SECRET_ACCESS_KEY=XXXX + # - WALE_S3_PREFIX=s3://BUCKET_NAME/PATH + # - AWS_REGION=us-east-1 + deploy: + restart_policy: + condition: on-failure + app: + # use official mattermost prod-app image + image: mattermost/mattermost-prod-app + networks: + - mm-in + - mm-out + volumes: + - /var/lib/mattermost/config:/mattermost/config:rw + - /var/lib/mattermost/data:/mattermost/data:rw + - /var/lib/mattermost/logs:/mattermost/logs:rw + - /etc/localtime:/etc/localtime:ro + environment: + # use service's hostname + - DB_HOST=mm_db + # talk to the port within the overlay network + # without (over)exposing ports + - DB_PORT_NUMBER=5432 + - MM_USERNAME=mmuser + - MM_PASSWORD=mmuser_password + - MM_DBNAME=mattermost + # pass the edition to be used, default is enterprise + # setting this env var will make the app use the team edition + - edition=team + # in case your config is not in default location + # - MM_CONFIG=/mattermost/config/config.json + deploy: + restart_policy: + condition: on-failure + web: + # use official mattermost prod-web image + image: mattermost/mattermost-prod-web + ports: + - "80:80" + - "443:443" + networks: + - mm-out + volumes: + # This directory must have cert files + - /var/lib/mattermost/cert:/cert:ro + - /etc/localtime:/etc/localtime:ro + environment: + # use app service's hostname + - APP_HOST=mm_app + # talk to the port within the overlay network + # without (over)exposing ports + - APP_PORT_NUMBER=80 + deploy: + restart_policy: + condition: on-failure \ No newline at end of file