Page MenuHomeDevCentral
Files F24682375

No OneTemporary
Actions

View Options

diff --git a/pillar/paas/docker.sls b/pillar/paas/docker.sls
index df9f741..ec9d5e5 100644
--- a/pillar/paas/docker.sls
+++ b/pillar/paas/docker.sls
@@ -1,212 +1,228 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-03-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
docker_aliases:
- &ipv4_equatower 51.255.124.10
# -------------------------------------------------------------
# Images
#
# You can append a :tag (by default, latest is used).
#
# It's not possible to specify Docker library images only by final name.
# See https://docs.saltstack.com/en/latest/ref/states/all/salt.states.docker_image.html
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
docker_images:
'*':
- certbot/certbot
dwellers:
# Core services
- nasqueron/rabbitmq
# Infrastructure and development services
- dereckson/cachet
- nasqueron/notifications
equatower:
# Core services
- library/registry
- nasqueron/mysql
# Infrastructure and development services
- nasqueron/aphlict
- nasqueron/etherpad:production
- nasqueron/phabricator
# Continuous deployment jobs
- jenkinsci/jenkins
- nasqueron/jenkins-slave-php
- nasqueron/jenkins-slave-rust
# -------------------------------------------------------------
# Networks
#
# Containers can be grouped by network, instead to use links.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
docker_networks:
equatower:
cd:
subnet: 172.18.1.0/24
+# -------------------------------------------------------------
+# Docker engine configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_daemon:
+ equatower:
+ storage-driver: devicemapper
+ storage-opts:
+ - "dm.thinpooldev=/dev/mapper/wharf-thinpool"
+ - "dm.use_deferred_removal=true"
+ - "dm.use_deferred_deletion=true"
+
+docker_devicemapper:
+ equatower:
+ thinpool: wharf-thinpool
+
# -------------------------------------------------------------
# Containers
#
# The docker_containers entry allow to declare
# containers by image by servers
#
# The hierarchy is so as following.
#
# docker_containers:
# server with the Docker engine:
# service codename:
# instance name:
# container properties
#
# The service codename must match a state file in
# the roles/paas-docker/containers/ directory.
#
# The container will be run with the specified instance name.
#
# **nginx**
#
# The container properties can also describe the information
# needed to configure nginx with the host and app_port key.
#
# In such case, a matching vhost file should be declared as
# roles/paas-docker/nginx/files/vhosts/<service codename>.sls
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
docker_containers:
#
# Equatower is the current production engine
#
equatower:
#
# Core services
#
mysql:
acquisitariat: {}
phpbb_db: {}
registry:
registry:
app_port: 5000
ip: 127.0.0.1
#
# CD
#
jenkins:
jenkins_cd:
realm: cd
host: cd.nasqueron.org
app_port: 38080
jnlp_port: 50000
jenkins_slave:
# Slaves for CD
apsile: &php_for_cd
image: php
realm: cd
elapsi: *php_for_cd
rust_brown:
image: rust
realm: cd
# Infrastructure and development services
phabricator:
devcentral:
app_port: 31080
host: devcentral.nasqueron.org
aliases:
- phabricator.nasqueron.org
blogs:
servers:
host: servers.nasqueron.org
aliases:
- server.nasqueron.org
- serveur.nasqueron.org
- serveurs.nasqueron.org
static_host: phabricator-files-for-devcentral-nasqueron.spacetechnology.net
aphlict:
aphlict:
ports:
client: 22280
admin: 22281
cachet:
cachet:
app_port: 39080
host: status.nasqueron.org
credential: nasqueron.cachet.mysql
app_key: nasqueron.cachet.app_key
mysql_link: acquisitariat
etherpad:
pad:
app_port: 34080
host: pad.nasqueron.org
aliases:
- pad.wolfplex.org
- pad.wolfplex.be
credential: nasqueron.etherpad.api
mysql_link: acquisitariat
# phpBB SaaS
# The SaaS uses a MySQL instance, declared in the MySQL section.
# Openfire
openfire:
openfire:
ip: *ipv4_equatower
app_port: 9090
host: xmpp.nasqueron.org
# -------------------------------------------------------------
# Ports listened by XMPP
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
xmpp_ports:
- 3478
- 5222 # Client to server
- 5223 # Client to server (Encrypted (legacy-mode) connections)
- 5262 # Connections managers
- 5269 # Server to server
- 5275 # External components
- 5276 # External components (Encrypted (legacy-mode) connections)
- 7070 # HTTP binding
- 7443 # HTTP binding with TLS
- 7777 # File transfer proxy
- 9090 # Web administration server
- 9091 # Web administration server with TLS
# -------------------------------------------------------------
# Zemke-Rhyne clients
#
# This section should list all the Docker engines server
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
zr_clients:
- key: 2
allowedConnectionFrom:
- 172.27.26.49
- dwellers.nasqueron.drake
- dwellers.nasqueron.org
restrictCommand:
comment: Zemke-Rhyne
- key: 123
allowedConnectionFrom:
- equatower.nasqueron.org
restrictCommand:
comment: Zemke-Rhyne
diff --git a/roles/paas-docker/docker/config.sls b/roles/paas-docker/docker/config.sls
new file mode 100644
index 0000000..7cc6928
--- /dev/null
+++ b/roles/paas-docker/docker/config.sls
@@ -0,0 +1,27 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2018-09-18
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs with context %}
+
+# -------------------------------------------------------------
+# Configure lvm profile
+# -------------------------------------------------------------
+
+{% if grains['id'] in pillar['docker_daemon'] %}
+
+{% set daemon = pillar['docker_daemon'][grains['id']] %}
+
+{{ dirs.etc }}/docker/daemon.json:
+ file.managed:
+ - source: salt://roles/paas-docker/docker/files/daemon.json.jinja
+ - template: jinja
+ - mode: 644
+ - context:
+ daemon: {{ daemon }}
+
+{% endif %}
diff --git a/roles/paas-docker/docker/files/daemon.json.jinja b/roles/paas-docker/docker/files/daemon.json.jinja
new file mode 100644
index 0000000..f2cd478
--- /dev/null
+++ b/roles/paas-docker/docker/files/daemon.json.jinja
@@ -0,0 +1 @@
+{{ daemon | json }}
diff --git a/roles/paas-docker/docker/files/thinpool.profile b/roles/paas-docker/docker/files/thinpool.profile
new file mode 100644
index 0000000..1afa549
--- /dev/null
+++ b/roles/paas-docker/docker/files/thinpool.profile
@@ -0,0 +1,26 @@
+# -------------------------------------------------------------
+# PaaS Docker
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2018-09-18
+# License: Trivial work, not eligible to copyright
+# Source file: roles/paas-docker/docker/files/thinpool.profile
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+# -------------------------------------------------------------
+# Auto extend
+#
+# Reference: https://docs.docker.com/storage/storagedriver/device-mapper-driver/
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+activation {
+ thin_pool_autoextend_threshold=80
+ thin_pool_autoextend_percent=20
+}
diff --git a/roles/paas-docker/docker/init.sls b/roles/paas-docker/docker/init.sls
index a63d4b9..0461818 100644
--- a/roles/paas-docker/docker/init.sls
+++ b/roles/paas-docker/docker/init.sls
@@ -1,11 +1,13 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-03-09
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
include:
- .software
+ - .storage
+ - .config
- .networks
diff --git a/roles/paas-docker/docker/storage.sls b/roles/paas-docker/docker/storage.sls
new file mode 100644
index 0000000..cbb1778
--- /dev/null
+++ b/roles/paas-docker/docker/storage.sls
@@ -0,0 +1,34 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2018-09-18
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs with context %}
+
+# -------------------------------------------------------------
+# Configure lvm profile
+# -------------------------------------------------------------
+
+{% if grains['id'] in pillar['docker_devicemapper'] %}
+
+{% set dm = pillar['docker_devicemapper'][grains['id']] %}
+{% set volume = dm['thinpool'].replace('-', '/') %}
+
+lvm_thinpool_profile:
+ file.managed:
+ - source: salt://roles/paas-docker/docker/files/thinpool.profile
+ - name: {{ dirs.etc }}/lvm/profile/{{ dm['thinpool'] }}.profile
+ - mode: 644
+
+lvm_apply_thinpool_profile:
+ cmd.run:
+ - name: |
+ lvchange --metadataprofile {{ dm['thinpool'] }} {{ volume }}
+ lvs -o+seg_monitor
+ - onchanges:
+ - file: lvm_thinpool_profile
+
+{% endif %}

File Metadata

Mime Type
text/x-diff
Expires
Sat, Mar 7, 01:15 (1 h, 26 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3500231
Default Alt Text
(10 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator