services.common.yml 7.48 KB
Newer Older
ale's avatar
ale committed
1
2
---

ale's avatar
ale committed
3
4
5
6
7
8
9
10
11
12
13
14
15
ldap:
  scheduling_group: all
  master_election: true
  master_scheduling_group: backend
  systemd_services:
    - slapd.service
  ports:
    - 389
  datasets:
    - name: ldap
      on_master_only: true
      backup_command: "/usr/sbin/slapcat -c -b o=Anarchy"
      restore_command: "sudo -u openldap /usr/sbin/slapadd -c -w"
ale's avatar
ale committed
16
17
      params:
        compress: true
ale's avatar
ale committed
18
19
20
21
22
  monitoring_endpoints:
    - job_name: slapd
      port: 9389
      scheme: http

ale's avatar
ale committed
23
24
25
26
27
28
29
30
account-automation:
  scheduling_groups:
    - frontend
    - backend
  ldap_credentials:
    - name: account-automation

accountserver:
31
  master_election: true
ale's avatar
ale committed
32
33
34
35
36
37
38
39
40
41
42
  scheduling_group: backend
  ldap_credentials:
    - name: accountserver
  service_credentials:
    - name: accountserver
  ports:
    - 4040
  monitoring_endpoints:
    - job_name: accountserver
      port: 4040
      scheme: https
43
44
  systemd_services:
    - accountserver.service
ale's avatar
ale committed
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

accounts:
  scheduling_group: frontend
  service_credentials:
    - name: accounts
  containers:
    - name: http
      image: registry.git.autistici.org/ai3/pannello:master
      port: 8075
      volumes:
        - /etc/sso/public.key: /etc/sso/public.key
        - /etc/pannello: /etc/pannello
      env:
        BIND_ADDR: "0.0.0.0:8075"
        APP_CONFIG: "/etc/pannello/pannello.conf"
        TLS_AUTH_CONFIG: "/etc/pannello/tls_auth.conf"
        SERVICE_CREDENTIALS: accounts
ale's avatar
ale committed
62
        WORKERS: 5
ale's avatar
ale committed
63
64
65
66
67
  public_endpoints:
    - name: accounts
      port: 8075
      scheme: https

ale's avatar
ale committed
68
69
70
71
72
73
74
75
76
77
accountadmin:
  num_instances: 1
  scheduling_group: backend
  service_credentials:
    - name: accountadmin
  containers:
    - name: http
      image: registry.git.autistici.org/ai3/accountadmin:master
      port: 8078
      volumes:
ale's avatar
ale committed
78
        - /etc/sso/public.key: /etc/sso/public.key
ale's avatar
ale committed
79
80
        - /etc/accountadmin: /etc/accountadmin
      env:
ale's avatar
ale committed
81
        BIND_ADDR: "0.0.0.0:8078"
ale's avatar
ale committed
82
83
84
85
86
87
88
89
        APP_CONFIG: "/etc/accountadmin/accountadmin.conf"
        TLS_AUTH_CONFIG: "/etc/accountadmin/tls_auth.conf"
        SERVICE_CREDENTIALS: accountadmin
  public_endpoints:
    - name: accountadmin
      port: 8078
      scheme: https

godog's avatar
godog committed
90
91
92
mailman:
  scheduling_group: backend

ale's avatar
ale committed
93
94
95
96
97
98
99
rsync:
  scheduling_group: backend
  ports:
    - 873
  systemd_services:
    - rsyncd.service

ale's avatar
ale committed
100
101
102
103
104
zipkin:
  scheduling_group: backend
  num_instances: 1
  containers:
    - name: http
105
      image: openzipkin/zipkin-slim
ale's avatar
ale committed
106
      docker_options: "--no-healthcheck"
ale's avatar
ale committed
107
108
      port: 9411
      env:
ale's avatar
ale committed
109
110
111
112
113
        STORAGE_TYPE: elasticsearch
        ES_HOSTS: "http://log-collector:9200"
        ES_INDEX_SHARDS: 1
        ES_INDEX_REPLICAS: 0
    - name: batch
ale's avatar
ale committed
114
      image: registry.git.autistici.org/ai3/docker/zipkin-dependencies:master
115
116
      docker_options: "--entrypoint /usr/sbin/crond"
      args: "-f"
117
      root: true
ale's avatar
ale committed
118
119
120
121
122
      env:
        STORAGE_TYPE: elasticsearch
        ES_HOSTS: "http://log-collector:9200"
        ES_INDEX_SHARDS: 1
        ES_INDEX_REPLICAS: 0
123
124
125
        JAVA_OPTS: "-Djava.io.tmpdir=/var/cache/zipkin"
      volumes:
        - /var/cache/zipkin: /var/cache/zipkin
ale's avatar
ale committed
126
127
128
129
130
  public_endpoints:
    - name: trace
      port: 9411
      scheme: http
      enable_sso_proxy: true
131
132
133
134
135
  monitoring_endpoints:
    - job_name: trace
      port: 9411
      scheme: http
      metrics_path: "/actuator/prometheus"
ale's avatar
ale committed
136

ale's avatar
ale committed
137
138
139
140
141
redis:
  scheduling_group: backend
  num_instances: 1
  containers:
    - name: redis
ale's avatar
ale committed
142
      image: registry.git.autistici.org/ai3/docker/redis:master
ale's avatar
ale committed
143
144
145
146
      port: 6379
      volumes:
        - /etc/redis: /etc/redis
        - /var/lib/redis: /var/lib/redis
ale's avatar
ale committed
147
148
149
150
151
152
    - name: exporter
      image: oliver006/redis_exporter
      port: 9121
      env:
        REDIS_PASSWORD: "{{ redis_password }}"
        REDIS_EXPORTER_REDIS_ONLY_METRICS: "true"
ale's avatar
ale committed
153
154
  ports:
    - 6379
ale's avatar
ale committed
155
156
157
158
  monitoring_endpoints:
    - job_name: redis
      port: 9121
      scheme: http
ale's avatar
ale committed
159

ale's avatar
ale committed
160
# Modify the sso-server spec to put its public endpoint on accounts/sso.
ale's avatar
ale committed
161
sso-server:
ale's avatar
ale committed
162
  num_instances: all
ale's avatar
ale committed
163
164
165
166
167
  public_endpoints:
    - name: accounts
      path: /sso/
      port: 5002
      scheme: http
168
169
170

saml-server:
  num_instances: all
171
  scheduling_group: backend
172
173
174
175
176
177
178
179
180
181
182
  public_endpoints:
    - name: accounts
      path: /saml/
      port: 5007
      scheme: http
  monitoring_endpoints:
    - job_name: saml-server
      port: 5007
      scheme: http
  systemd_services:
    - saml-server.service
ale's avatar
ale committed
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208

service-request:
  num_instances: 1
  scheduling_group: backend
  service_credentials:
    - name: service-request
  containers:
    - name: http
      image: registry.git.autistici.org/ai3/service-request:master
      port: 5113
      volumes:
        - /var/lib/service-request: /var/lib/service-request
        - /etc/sso/public.key: /etc/sso/public.key
        - /etc/service-request: /etc/service-request
      env:
        BIND_ADDR: "0.0.0.0:5113"
        APP_CONFIG: "/etc/service-request/service-request.conf"
        TLS_AUTH_CONFIG: "/etc/service-request/tls_auth.conf"
        SERVICE_CREDENTIALS: "service-request"
  public_endpoints:
    - name: services
      port: 5113
      scheme: https
  datasets:
    - name: db
      path: /var/lib/service-request
godog's avatar
godog committed
209
      owner: docker-service-request
godog's avatar
godog committed
210
      group: docker-service-request
ale's avatar
ale committed
211

ale's avatar
ale committed
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
# The data exchange service is used to export static data snippets
# (possibly encrypted) to services external to ai3.
data-exchange:
  scheduling_group: backend
  containers:
    - name: http
      image: registry.git.autistici.org/ai3/docker/static-content:master
      port: 5792
      volumes:
        - /var/lib/ai/data-exchange: /var/www
      env:
        ADDR: ":5792"
  public_endpoints:
    - name: data-exchange
      port: 5792
      scheme: http
ale's avatar
ale committed
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248

hark:
  scheduling_group: all
  monitoring_endpoints:
    - job_name: hark
      port: 9419
      scheme: http
  systemd_services:
    - hark.service
  ports:
    - 23
    - 79
    - 88
    - 111
    - 161
    - 631
    - 1080
    - 6000
    - 8000
    - 8080

ale's avatar
ale committed
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
alertmanager-xmpp-relay:
  enabled: false
  scheduling_group: backend
  scheduling_order: 2
  num_instances: 1
  containers:
    - name: http
      image: registry.git.autistici.org/ai3/thirdparty/prometheus-xmpp-alerts:master
      ports:
        - 7845
      volumes:
        - /etc/alertmanager-xmpp-relay.yml: /etc/prometheus/xmpp-alerts.yml
  ports:
    - 7845

ale's avatar
ale committed
264
aux-db:
265
  scheduling_group: userdata
ale's avatar
ale committed
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
  num_instances: all
  service_credentials:
    - name: aux-db
  containers:
    - name: http
      image: registry.git.autistici.org/ai3/tools/aux-db:master
      port: 3420
      volumes:
        - /etc/aux-db: /etc/aux-db
        - /var/lib/aux-db: /var/lib/aux-db
  ports:
    - 3420
  monitoring_endpoints:
    - job_name: aux-db
      port: 3420
      scheme: https
  datasets:
    - name: db
      path: /var/lib/aux-db
      owner: docker-aux-db

287
288
289
290
291
292
293
294
295
296
ai3-prober:
  scheduling_group: backend
  num_instances: 2
  containers:
    - name: blackbox
      image: registry.git.autistici.org/ai3/docker/prometheus-blackbox:master
      ports:
        - 9125
      volumes:
        - /etc/ai3-prober: /etc/prometheus
ale's avatar
ale committed
297
      args: "--web.listen-address=:9125 --config.file /etc/prometheus/blackbox.yml"
298
299
300
301
302
303
304
305
306
      docker_options: "--cap-add=NET_RAW"
      drop_capabilities: false
  public_endpoints:
    - name: ai3-prober
      port: 9125
      scheme: http
      enable_sso_proxy: true
  ports:
    - 9125
ale's avatar
ale committed
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327

iprep:
  scheduling_group: backend
  num_instances: 1
  containers:
    - name: api
      image: registry.git.autistici.org/ai3/tools/iprep:master
      ports:
        - 7170
        - 7180
      volumes:
        - /etc/iprep: /etc/iprep
        - /var/lib/iprep: /var/lib/iprep
  ports:
    - 7170
  datasets:
    - name: db
      path: "/var/lib/iprep"
      owner: docker-iprep
      group: docker-iprep