Swarm file flavors (#222)

* Better documentation for swarm file, avoid exposing ports for no reason * add swarm file using traefik
2018-01-21 19:01:46 -03:00 · 2018-01-21 19:01:46 -03:00 · 09d59556e0
commit 09d59556e0
parent bdabd10d4d
2 changed files with 220 additions and 68 deletions
--- a/contrib/swarm/docker-stack-traefik.yml
+++ b/contrib/swarm/docker-stack-traefik.yml
@ -0,0 +1,123 @@
+# This file allows you to run mattermost within your docker swarm mode cluster
+# for more informations check: https://docs.docker.com/engine/swarm/
+#
+# Simply run:
+#
+# `docker stack up [STACK NAME] -c docker-stack-traefik.yml`
+# 
+# In this case `mm` is going to be stack name, so the command will be:
+#
+# `docker stack up mm -c docker-stack-traefik.yml`
+#
+# From now on all the services that belong to this stack will be prefixed with `mm_`
+# this file defines 3 services, these are going to be mm_db, mm_app and mm_web,
+# each of these names is the service's hostname as well, they can communicate 
+# with each other easily by using the hostname instead of the ip or exposing ports to the host.
+#
+# As a side note, images tagged as latest are pulled by default, 
+# that means there's no need to use `image:latest`
+#
+# use latest compose v3.3 file format for optimal compatibility with latest docker release and swarm features.
+# see https://docs.docker.com/compose/compose-file/compose-versioning/#version-3
+# and https://docs.docker.com/compose/compose-file/compose-versioning/#version-33
+# and https://docs.docker.com/compose/compose-file/compose-versioning/#upgrading
+
+version: '3.3'
+networks:
+  # network for App <-> DB transactions
+  mm-in:
+    driver: overlay
+    internal: true
+  # this network faces the outside world
+  mm-out:
+    driver: overlay
+    internal: false
+volumes:
+  mm-dbdata:
+  traefik-certs:
+services:
+  db:
+    # use official mattermost prod-db image
+    image: mattermost/mattermost-prod-db
+    networks:
+      - mm-in
+    volumes:
+      # use a named-volume for data persistency
+      - mm-dbdata:/var/lib/postgresql/data
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      - POSTGRES_USER=mmuser
+      - POSTGRES_PASSWORD=mmuser_password
+      - POSTGRES_DB=mattermost
+      # uncomment the following to enable backup
+      # - AWS_ACCESS_KEY_ID=XXXX
+      # - AWS_SECRET_ACCESS_KEY=XXXX
+      # - WALE_S3_PREFIX=s3://BUCKET_NAME/PATH
+      # - AWS_REGION=us-east-1
+    deploy:
+      restart_policy:
+        condition: on-failure
+  app:
+    # use official mattermost prod-app image
+    image: mattermost/mattermost-prod-app
+    networks:
+      - mm-in
+      - mm-out
+    volumes:
+      - /var/lib/mattermost/config:/mattermost/config:rw
+      - /var/lib/mattermost/data:/mattermost/data:rw
+      - /var/lib/mattermost/logs:/mattermost/logs:rw
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      # use service's hostname
+      - DB_HOST=mm_db
+      # talk to the port within the overlay network
+      # without (over)exposing ports
+      - DB_PORT_NUMBER=5432
+      - MM_USERNAME=mmuser
+      - MM_PASSWORD=mmuser_password
+      - MM_DBNAME=mattermost
+      # pass the edition to be used, default is enterprise
+      # setting this env var will make the app use the team edition
+      - edition=team
+      # in case your config is not in default location
+      # - MM_CONFIG=/mattermost/config/config.json
+    deploy:
+      labels:
+        - "traefik.backend.loadbalancer.sticky=true"
+        - "traefik.backend.loadbalancer.swarm=true"
+        # the backend service needs a name
+        - "traefik.backend=mmapp"
+        # network is prefixed `mm_` as well
+        - "traefik.docker.network=mm_mm-out"
+        # generate a TLS cert for this domain
+        - "traefik.entrypoints=https"
+        - "traefik.frontend.passHostHeader=true"
+        # add your domain below here
+        - "traefik.frontend.rule=Host:mattermost.domain.com"
+        - "traefik.port=80"
+      restart_policy:
+        condition: on-failure
+  web:
+  # use official traefik image
+    image: traefik
+    ports:
+      - "80:80"
+      # you can view the traefik's dashboard in http://localhost:8080
+      - "8080:8080"
+      - "443:443"
+    networks:
+      - mm-out
+    command: --acme --acme.email="[ADD YOUR EMAIL HERE]" --acme.entrypoint=https --acme.onhostrule --acme.storage="acme/certs.json" --acme.acmelogging --web --docker --docker.domain=docker.localhost --docker.swarmmode --docker.watch --logLevel=DEBUG
+    volumes:
+      # traefik needs the docker socket in order to work properly
+      - /var/run/docker.sock:/var/run/docker.sock
+      # no traefik config file is being used
+      # you can deep further in the traefik docs
+      # http://docs.traefik.io/user-guide/examples/
+      - /dev/null:/traefik.toml
+      # use a named-volume for certs persistency
+      - traefik-certs:/acme
+    deploy:
+      restart_policy:
+       condition: on-failure
--- a/contrib/swarm/docker-stack.yml
+++ b/contrib/swarm/docker-stack.yml
@ -1,78 +1,107 @@
-# This file allow you to run mattermost within your docker swarm mode cluster
+# This file allows you to run mattermost within your docker swarm mode cluster
 # for more informations check: https://docs.docker.com/engine/swarm/
 #
+# Simply run:
+#
+# `docker stack up [STACK NAME] -c docker-stack.yml`
+# 
+# In this case `mm` is going to be stack name, so the command will be:
+#
+# `docker stack up mm -c docker-stack.yml`
+#
+# From now on all the services that belong to this stack will be prefixed with `mm_`
+# this file defines 3 services, these are going to be mm_db, mm_app and mm_web,
+# each of these names is the service's hostname as well, they can communicate 
+# with each other easily by using the hostname instead of the ip or exposing ports to the host.
+#
+# As a side note, images tagged as latest are pulled by default, 
+# that means there's no need to use `image:latest`
+#
 # use latest compose v3.3 file format for optimal compatibility with latest docker release and swarm features.
 # see https://docs.docker.com/compose/compose-file/compose-versioning/#version-3
 # and https://docs.docker.com/compose/compose-file/compose-versioning/#version-33
 # and https://docs.docker.com/compose/compose-file/compose-versioning/#upgrading

 version: '3.3'
-
+networks:
+  # network for App <-> DB transactions
+  mm-in:
+    driver: overlay
+    internal: true
+  # this network faces the outside world
+  mm-out:
+    driver: overlay
+    internal: false
+volumes:
+  mm-dbdata:
 services:
  db:
    # use official mattermost prod-db image
-        image: mattermost/mattermost-prod-db:latest
-        ports:
-            - "5432"
+    image: mattermost/mattermost-prod-db
    networks:
-            - mm-network
+      - mm-in
    volumes:
      # use a named-volume for data persistency
      - mm-dbdata:/var/lib/postgresql/data
      - /etc/localtime:/etc/localtime:ro
    environment:
-            POSTGRES_USER: mmuser
-            POSTGRES_PASSWORD: mmuser_password
-            POSTGRES_DB: mattermost
+      - POSTGRES_USER=mmuser
+      - POSTGRES_PASSWORD=mmuser_password
+      - POSTGRES_DB=mattermost
      # uncomment the following to enable backup
-            # AWS_ACCESS_KEY_ID=XXXX
-            # AWS_SECRET_ACCESS_KEY=XXXX
-            # WALE_S3_PREFIX=s3://BUCKET_NAME/PATH
-            # AWS_REGION=us-east-1
+      # - AWS_ACCESS_KEY_ID=XXXX
+      # - AWS_SECRET_ACCESS_KEY=XXXX
+      # - WALE_S3_PREFIX=s3://BUCKET_NAME/PATH
+      # - AWS_REGION=us-east-1
    deploy:
      restart_policy:
        condition: on-failure
  app:
    # use official mattermost prod-app image
-        image: mattermost/mattermost-prod-app:latest
-        ports:
-            - "8065"
+    image: mattermost/mattermost-prod-app
    networks:
-            - mm-network
+      - mm-in
+      - mm-out
    volumes:
      - /var/lib/mattermost/config:/mattermost/config:rw
      - /var/lib/mattermost/data:/mattermost/data:rw
      - /var/lib/mattermost/logs:/mattermost/logs:rw
      - /etc/localtime:/etc/localtime:ro
    environment:
-            DB_HOST: db
-            DB_PORT_NUMBER: 5432
-            MM_USERNAME: mmuser
-            MM_PASSWORD: mmuser_password
-            MM_DBNAME: mattermost
+      # use service's hostname
+      - DB_HOST=mm_db
+      # talk to the port within the overlay network
+      # without (over)exposing ports
+      - DB_PORT_NUMBER=5432
+      - MM_USERNAME=mmuser
+      - MM_PASSWORD=mmuser_password
+      - MM_DBNAME=mattermost
+      # pass the edition to be used, default is enterprise
+      # setting this env var will make the app use the team edition
+      - edition=team
      # in case your config is not in default location
-            # MM_CONFIG=/mattermost/config/config.json
+      # - MM_CONFIG=/mattermost/config/config.json
    deploy:
      restart_policy:
        condition: on-failure
  web:
    # use official mattermost prod-web image
-        image: mattermost/mattermost-prod-web:latest
+    image: mattermost/mattermost-prod-web
    ports:
      - "80:80"
      - "443:443"
    networks:
-            - mm-network
+      - mm-out
    volumes:
      # This directory must have cert files
      - /var/lib/mattermost/cert:/cert:ro
      - /etc/localtime:/etc/localtime:ro
+    environment:
+      # use app service's hostname
+      - APP_HOST=mm_app
+      # talk to the port within the overlay network
+      # without (over)exposing ports
+      - APP_PORT_NUMBER=80
    deploy:
      restart_policy:
       condition: on-failure
-
-networks:
-    mm-network:
-
-volumes:
-    mm-dbdata: