diff --git a/ci/deploy.yml b/ci/deploy.yml
index 04354f1b05216274a66162c1f33abca9385c6634..b0d3d1a460bd80d38d188936a7d87f65fbb037a8 100644
--- a/ci/deploy.yml
+++ b/ci/deploy.yml
@@ -54,7 +54,7 @@ variables:
- >
$BUILD_DIR/float/float create-env
--domain=${DOMAIN}
- --services=${BUILD_DIR}/float/services.yml.no-elasticsearch
+ --services=${BUILD_DIR}/float/services.core.yml
--services=${SERVICES_FILE}
--passwords=${BUILD_DIR}/float/passwords.yml.default
--passwords=${PASSWORDS_FILE}
diff --git a/docs/reference.md b/docs/reference.md
index 6fb7e9cdee91376985ca91513532a665e1028c9f..899021b588b9a9b93d90b48576fc3fcd3b7f268a 100644
--- a/docs/reference.md
+++ b/docs/reference.md
@@ -568,7 +568,7 @@ Ansible roles to configure them.
Note that, in its default setup, float will naturally assume a
two-tier service topology, with "frontend" hosts handling traffic
routing in a stateless fashion, and "backend" hosts running the actual
-services. The default *services.yml.default* service description file
+services. The default *services.default.yml* service description file
literally expects the *frontend* and *backend* Ansible groups to be
defined in your inventory. However, these are just roles, and there is
nothing inherent in float that limits you to this kind of topology.
@@ -1831,7 +1831,7 @@ pairs that define group variables.
### Groups
While you can define any host groups you want, the default service
-configuration in float (*services.yml.default*) expects you to define
+configuration in float (*services.default.yml*) expects you to define
at least two:
* *frontend*, for the public-facing reverse proxy hosts
@@ -1924,12 +1924,12 @@ Service metadata is encoded as a dictionary of *service name*:
Metadata for services that are part of the core infrastructure ships
embedded with this repository, so when writing your own `services.yml`
file, you only need to add your services to it. You should include the
-*services.yml.default* file shipped with the float source, which
+*services.default.yml* file shipped with the float source, which
defines all the built-in services:
```yaml
include:
- - "/path/to/float/services.yml.default"
+ - "/path/to/float/services.default.yml"
```
The `include` directive is special: it does not define a service, but
@@ -2511,8 +2511,8 @@ tuples used for redirecting top-level domains to specific destinations
service which is normally part of the log-collector infrastructure. As
this is a large Java daemon with significant memory requirements, it
is often useful to disable it for testing environments. Note that in
-this case one should also import *services.yml.no-elasticsearch*
-instead of the default *services.yml.default*.
+this case one should import *services.core.yml*
+instead of the default *services.default.yml*.
`es_log_keep_days` is a dictionary that specifies the retention time
for the various log types, in days. The default is `{ audit: 60,
@@ -3335,7 +3335,7 @@ available) for the service.
```yaml
include:
- - "/path/to/float/services.yml.default"
+ - "/path/to/float/services.default.yml"
ok:
scheduling_group: backend
num_instances: 1
@@ -3410,7 +3410,7 @@ The services.yml file:
```yaml
include:
- - "/path/to/float/services.yml.default"
+ - "/path/to/float/services.default.yml"
videoconf:
scheduling_group: videoconf
num_instances: all
diff --git a/float b/float
index 3036e0a382b31eb07eea1c7ffa0d4c7c3eacd7cb..67910fc9360057c200604b3792e549beee106221 100755
--- a/float
+++ b/float
@@ -120,7 +120,7 @@ include:
- "{{ p | relpath(targetdir) }}"
{% endfor %}
{% else %}
- - "{{ srcdir | relpath(targetdir) }}/services.yml.no-elasticsearch"
+ - "{{ srcdir | relpath(targetdir) }}/services.core.yml"
{% endif %}
''',
'passwords.yml': '''---
diff --git a/services.core.yml b/services.core.yml
new file mode 100644
index 0000000000000000000000000000000000000000..2ae62b71874d296b6ce0aa797d337db78007e4ab
--- /dev/null
+++ b/services.core.yml
@@ -0,0 +1,325 @@
+---
+
+frontend:
+ scheduling_group: frontend
+ service_credentials:
+ - name: nginx
+ enable_server: false
+ - name: ssoproxy
+ enable_server: false
+ - name: replds-acme
+ systemd_services:
+ - nginx.service
+ - haproxy.service
+ - sso-proxy.service
+ - replds@acme.service
+ ports:
+ - 5005
+ volumes:
+ - name: cache
+ path: /var/cache/nginx
+ size: 20g
+ monitoring_endpoints:
+ - port: 8404
+ scheme: http
+
+dns:
+ scheduling_group: frontend
+ systemd_services:
+ - bind9.service
+ monitoring_endpoints:
+ - name: bind
+ port: 9119
+ scheme: http
+
+log-collector:
+ scheduling_group: backend
+ num_instances: 1
+ service_credentials:
+ - name: log-collector
+ enable_client: false
+ monitoring_endpoints:
+ - port: 9105
+ scheme: http
+ containers:
+ - name: rsyslog
+ image: registry.git.autistici.org/ai3/docker/rsyslog:master
+ ports:
+ - 6514
+ - 9105
+ volumes:
+ - /etc/rsyslog-collector.conf: /etc/rsyslog.conf
+ - /etc/rsyslog-collector-lognorm: /etc/rsyslog-collector-lognorm
+ - /var/spool/rsyslog-collector: /var/spool/rsyslog
+ - /var/log/remote: /var/log/remote
+ egress_policy: internal
+ ports:
+ - 6514
+
+prometheus:
+ scheduling_group: backend
+ num_instances: 1
+ service_credentials:
+ - { name: prometheus }
+ containers:
+ - name: prometheus
+ image: registry.git.autistici.org/ai3/docker/prometheus:master
+ port: 9090
+ volumes:
+ - /etc/prometheus: /etc/prometheus
+ - /var/lib/prometheus/metrics2: /var/lib/prometheus/metrics2
+ args: "--storage.tsdb.retention.time={{ prometheus_tsdb_retention | default('90d') }} --web.external-url=https://monitor.{{ domain_public[0] }} --web.enable-lifecycle --query.max-samples={{ prometheus_max_samples | default('5000000') }}"
+ - name: alertmanager
+ image: registry.git.autistici.org/ai3/docker/prometheus-alertmanager:master
+ ports:
+ - 9093
+ - 9094
+ volumes:
+ - /etc/prometheus: /etc/prometheus
+ - /var/lib/prometheus/alertmanager: /var/lib/prometheus/alertmanager
+ args: "--web.external-url=https://alertmanager.{{ domain_public[0] }} --cluster.listen-address=:9094 --cluster.advertise-address={{ float_host_dns_map.get(inventory_hostname + '.prometheus', ['']) | list | first }}:9094{% for h in groups['prometheus']|sort if h != inventory_hostname %} --cluster.peer={{ h }}.prometheus.{{ domain }}:9094{% endfor %}"
+ - name: blackbox
+ image: registry.git.autistici.org/ai3/docker/prometheus-blackbox:master
+ ports:
+ - 9115
+ volumes:
+ - /etc/prometheus: /etc/prometheus
+ args: "--config.file /etc/prometheus/blackbox.yml"
+ docker_options: "--cap-add=NET_RAW"
+ drop_capabilities: false
+ - name: grafana
+ image: registry.git.autistici.org/ai3/docker/grafana:master
+ port: 2929
+ volumes:
+ - /etc/grafana: /etc/grafana
+ - /var/lib/grafana: /var/lib/grafana
+ egress_policy: internal
+ - name: thanos
+ image: registry.git.autistici.org/ai3/docker/thanos:master
+ ports:
+ - 10901 # sidecar grpc
+ - 10902 # sidecar http
+ - 10903 # query grpc
+ - 10904 # query http
+ - 10905 # query-frontend grpc
+ - 10906 # query-frontend http
+ resources:
+ ram: "1G"
+ env:
+ QUERY_FLAGS: "--query.replica-label=monitor {% for h in groups['prometheus']|sort %} --store={{ h }}.prometheus.{{ domain }}:10901{% endfor %}"
+ SIDECAR_FLAGS: ""
+ QUERY_FRONTEND_FLAGS: "--query-range.response-cache-config-file=/etc/thanos/query-frontend-cache.yml"
+ volumes:
+ - /etc/thanos: /etc/thanos
+ egress_policy: internal
+ - name: karma
+ image: registry.git.autistici.org/ai3/docker/karma:master
+ ports:
+ - 9193
+ env:
+ # https://github.com/prymitive/karma/blob/master/docs/CONFIGURATION.md#environment-variables
+ CONFIG_FILE: "/etc/karma/float.yml"
+ PORT: 9193
+ volumes:
+ - /etc/karma: /etc/karma
+ egress_policy: internal
+ public_endpoints:
+ - name: monitor
+ port: 9090
+ scheme: http
+ enable_sso_proxy: true
+ - name: prober
+ port: 9115
+ scheme: http
+ enable_sso_proxy: true
+ - name: grafana
+ port: 2929
+ scheme: https
+ enable_sso_proxy: true
+ - name: thanos
+ port: 10906
+ scheme: http
+ enable_sso_proxy: true
+ - name: alerts
+ port: 9193
+ scheme: http
+ enable_sso_proxy: true
+ monitoring_endpoints:
+ - port: 9090
+ scheme: http
+ healthcheck_http_method: OPTIONS
+ - port: 9093
+ scheme: http
+ healthcheck_http_method: OPTIONS
+ - port: 9193
+ scheme: http
+ healthcheck_http_method: GET
+ - port: 2929
+ scheme: https
+ - port: 10904
+ scheme: http
+ - port: 10902
+ scheme: http
+ - port: 10906
+ scheme: http
+ ports:
+ - 9094
+ - 10901
+ volumes:
+ - name: metrics
+ path: /var/lib/prometheus
+ owner: docker-prometheus
+ group: docker-prometheus
+ mode: "0755"
+ annotations:
+ dependencies:
+ - client: prometheus
+ server: alertmanager
+ - client: karma
+ server: alertmanager
+ - client: thanos
+ server: prometheus
+
+sso-server:
+ num_instances: 1
+ scheduling_group: backend
+ service_credentials:
+ - name: sso-server
+ enable_server: false
+ public_endpoints:
+ - name: login
+ port: 5002
+ scheme: http
+ monitoring_endpoints:
+ - port: 5002
+ scheme: http
+ systemd_services:
+ - sso-server.service
+ annotations:
+ dependencies:
+ - client: sso-server
+ server: user-meta-server/user-meta-server
+
+auth-cache:
+ scheduling_group: backend
+ containers:
+ - name: memcache
+ image: registry.git.autistici.org/ai3/docker/memcached:master
+ ports:
+ - 11212
+ - 11213
+ env:
+ PORT: "11212"
+ egress_policy: internal
+ ports:
+ - 11212
+ monitoring_endpoints:
+ - port: 11213
+ scheme: http
+
+user-meta-server:
+ num_instances: 1
+ scheduling_group: backend
+ service_credentials:
+ - name: user-meta-server
+ monitoring_endpoints:
+ - port: 5505
+ scheme: https
+ ports:
+ - 5505
+ systemd_services:
+ - user-meta-server.service
+ datasets:
+ - name: db
+ type: litestream
+ path: /var/lib/user-meta-server
+ filename: usermeta.db
+ owner: user-meta-server
+ litestream_params:
+ sync-interval: "60s"
+
+service-dashboard:
+ scheduling_group: frontend
+ service_credentials:
+ - name: service-dashboard
+ containers:
+ - name: http
+ image: registry.git.autistici.org/ai3/tools/float-dashboard:master
+ port: 8011
+ volumes:
+ - /etc/float: /etc/float
+ env:
+ ADDR: ":8011"
+ DOMAIN: "{{ domain_public[0] }}"
+ egress_policy: internal
+ public_endpoints:
+ - name: service-dashboard
+ port: 8011
+ scheme: http
+ enable_sso_proxy: true
+
+backup-metadata:
+ num_instances: 1
+ scheduling_group: backend
+ service_credentials:
+ - name: backup-metadata
+ enable_client: false
+ monitoring_endpoints:
+ - port: 5332
+ scheme: https
+ public_endpoints:
+ - name: backups
+ port: 5332
+ scheme: https
+ enable_sso_proxy: true
+ ports:
+ - 5332
+ systemd_services:
+ - tabacco-metadb.service
+ datasets:
+ - name: db
+ type: litestream
+ path: /var/lib/tabacco-metadb
+ filename: meta.db
+ owner: backup-metadata
+
+acme:
+ num_instances: 1
+ scheduling_group: frontend
+ service_credentials:
+ - name: acme
+ enable_server: false
+ monitoring_endpoints:
+ - port: 5004
+ scheme: http
+ ports:
+ - 5004
+ systemd_services:
+ - acmeserver.service
+
+assets:
+ num_instances: 1
+ scheduling_group: backend
+ service_credentials:
+ - name: assetmon
+ containers:
+ - name: http
+ image: registry.git.autistici.org/ai3/tools/assetmon:master
+ volumes:
+ - /etc/assetmon/server.yml: /etc/assetmon/server.yml
+ - /var/lib/assetmon: /var/lib/assetmon
+ ports:
+ - 3798
+ egress_policy: internal
+ monitoring_endpoints:
+ - port: 3798
+ scheme: https
+ public_endpoints:
+ - name: assets
+ port: 3798
+ scheme: https
+ enable_sso_proxy: true
+ datasets:
+ - name: db
+ path: /var/lib/assetmon
+ owner: docker-assets
diff --git a/services.default.yml b/services.default.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7d07664a7d001f8b0ca7f9d19d2e5e532299cd03
--- /dev/null
+++ b/services.default.yml
@@ -0,0 +1,105 @@
+---
+
+include:
+ - "services.core.yml"
+
+reports-collector:
+ scheduling_group: frontend
+ containers:
+ - name: http
+ image: registry.git.autistici.org/ai3/tools/reports-collector:master
+ ports:
+ - 3995
+ - 3996
+ env:
+ ADDR: ":3995"
+ SMTP_ADDR: ":3996"
+ volumes:
+ - /var/lib/GeoIP: /var/lib/GeoIP
+ public_endpoints:
+ - name: live-reports
+ port: 3995
+ scheme: http
+ monitoring_endpoints:
+ - port: 3995
+ scheme: http
+ ports:
+ - 3996
+
+log-collector:
+ scheduling_group: backend
+ num_instances: 1
+ service_credentials:
+ - name: log-collector
+ enable_client: false
+ monitoring_endpoints:
+ - port: 9105
+ scheme: http
+ - port: 9201
+ scheme: http
+ public_endpoints:
+ - name: logs
+ port: 5601
+ scheme: http
+ enable_sso_proxy: true
+ containers:
+ - name: rsyslog
+ image: registry.git.autistici.org/ai3/docker/rsyslog:master
+ ports:
+ - 6514
+ - 9105
+ volumes:
+ - /etc/rsyslog-collector.conf: /etc/rsyslog.conf
+ - /etc/rsyslog-collector: /etc/rsyslog-collector
+ - /etc/rsyslog-collector-lognorm: /etc/rsyslog-collector-lognorm
+ - /var/spool/rsyslog-collector: /var/spool/rsyslog
+ - /var/log/remote: /var/log/remote
+ egress_policy: internal
+ - name: kibana
+ image: registry.git.autistici.org/ai3/docker/kibana:master
+ port: 5601
+ volumes:
+ - /etc/kibana: /etc/kibana
+ - /var/lib/kibana: /var/lib/kibana
+ env:
+ BABEL_CACHE_PATH: "/var/lib/kibana/.babelcache.json"
+ - name: elasticsearch
+ image: registry.git.autistici.org/ai3/docker/elasticsearch:master
+ port: 9200
+ volumes:
+ - /etc/elasticsearch: /etc/elasticsearch
+ - /var/lib/elasticsearch: /var/lib/elasticsearch
+ - /var/log/elasticsearch: /var/log/elasticsearch
+ env:
+ PORT: 9200
+ EXPORTER_PORT: 9201
+ ports:
+ - 6514
+ - 9200
+ volumes:
+ - name: elasticsearch
+ path: /var/lib/elasticsearch
+ size: 100g
+ owner: docker-log-collector
+ group: docker-log-collector
+ mode: "0700"
+ annotations:
+ dependencies:
+ - client: kibana
+ server: elasticsearch
+ - client: log-collector-e2e/prober
+ server: elasticsearch
+
+log-collector-e2e:
+ scheduling_group: all
+ containers:
+ - name: prober
+ image: registry.git.autistici.org/ai3/tools/dye-injector:master
+ port: 7094
+ env:
+ ADDR: ":7094"
+ monitoring_endpoints:
+ - name: log-collector-e2e-prober
+ port: 7094
+ scheme: http
+
diff --git a/services.yml.default b/services.yml.default
deleted file mode 100644
index c7c67a69723caaca45c8275b352894af3018f504..0000000000000000000000000000000000000000
--- a/services.yml.default
+++ /dev/null
@@ -1,105 +0,0 @@
----
-
-include:
- - "services.yml.no-elasticsearch"
-
-reports-collector:
- scheduling_group: frontend
- containers:
- - name: http
- image: registry.git.autistici.org/ai3/tools/reports-collector:master
- ports:
- - 3995
- - 3996
- env:
- ADDR: ":3995"
- SMTP_ADDR: ":3996"
- volumes:
- - /var/lib/GeoIP: /var/lib/GeoIP
- public_endpoints:
- - name: live-reports
- port: 3995
- scheme: http
- monitoring_endpoints:
- - port: 3995
- scheme: http
- ports:
- - 3996
-
-log-collector:
- scheduling_group: backend
- num_instances: 1
- service_credentials:
- - name: log-collector
- enable_client: false
- monitoring_endpoints:
- - port: 9105
- scheme: http
- - port: 9201
- scheme: http
- public_endpoints:
- - name: logs
- port: 5601
- scheme: http
- enable_sso_proxy: true
- containers:
- - name: rsyslog
- image: registry.git.autistici.org/ai3/docker/rsyslog:master
- ports:
- - 6514
- - 9105
- volumes:
- - /etc/rsyslog-collector.conf: /etc/rsyslog.conf
- - /etc/rsyslog-collector: /etc/rsyslog-collector
- - /etc/rsyslog-collector-lognorm: /etc/rsyslog-collector-lognorm
- - /var/spool/rsyslog-collector: /var/spool/rsyslog
- - /var/log/remote: /var/log/remote
- egress_policy: internal
- - name: kibana
- image: registry.git.autistici.org/ai3/docker/kibana:master
- port: 5601
- volumes:
- - /etc/kibana: /etc/kibana
- - /var/lib/kibana: /var/lib/kibana
- env:
- BABEL_CACHE_PATH: "/var/lib/kibana/.babelcache.json"
- - name: elasticsearch
- image: registry.git.autistici.org/ai3/docker/elasticsearch:master
- port: 9200
- volumes:
- - /etc/elasticsearch: /etc/elasticsearch
- - /var/lib/elasticsearch: /var/lib/elasticsearch
- - /var/log/elasticsearch: /var/log/elasticsearch
- env:
- PORT: 9200
- EXPORTER_PORT: 9201
- ports:
- - 6514
- - 9200
- volumes:
- - name: elasticsearch
- path: /var/lib/elasticsearch
- size: 100g
- owner: docker-log-collector
- group: docker-log-collector
- mode: "0700"
- annotations:
- dependencies:
- - client: kibana
- server: elasticsearch
- - client: log-collector-e2e/prober
- server: elasticsearch
-
-log-collector-e2e:
- scheduling_group: all
- containers:
- - name: prober
- image: registry.git.autistici.org/ai3/tools/dye-injector:master
- port: 7094
- env:
- ADDR: ":7094"
- monitoring_endpoints:
- - name: log-collector-e2e-prober
- port: 7094
- scheme: http
-
diff --git a/services.yml.default b/services.yml.default
new file mode 120000
index 0000000000000000000000000000000000000000..77b8ad4edbc93952387aed9d73b6914003c76e6b
--- /dev/null
+++ b/services.yml.default
@@ -0,0 +1 @@
+services.default.yml
\ No newline at end of file
diff --git a/services.yml.no-elasticsearch b/services.yml.no-elasticsearch
deleted file mode 100644
index 2ae62b71874d296b6ce0aa797d337db78007e4ab..0000000000000000000000000000000000000000
--- a/services.yml.no-elasticsearch
+++ /dev/null
@@ -1,325 +0,0 @@
----
-
-frontend:
- scheduling_group: frontend
- service_credentials:
- - name: nginx
- enable_server: false
- - name: ssoproxy
- enable_server: false
- - name: replds-acme
- systemd_services:
- - nginx.service
- - haproxy.service
- - sso-proxy.service
- - replds@acme.service
- ports:
- - 5005
- volumes:
- - name: cache
- path: /var/cache/nginx
- size: 20g
- monitoring_endpoints:
- - port: 8404
- scheme: http
-
-dns:
- scheduling_group: frontend
- systemd_services:
- - bind9.service
- monitoring_endpoints:
- - name: bind
- port: 9119
- scheme: http
-
-log-collector:
- scheduling_group: backend
- num_instances: 1
- service_credentials:
- - name: log-collector
- enable_client: false
- monitoring_endpoints:
- - port: 9105
- scheme: http
- containers:
- - name: rsyslog
- image: registry.git.autistici.org/ai3/docker/rsyslog:master
- ports:
- - 6514
- - 9105
- volumes:
- - /etc/rsyslog-collector.conf: /etc/rsyslog.conf
- - /etc/rsyslog-collector-lognorm: /etc/rsyslog-collector-lognorm
- - /var/spool/rsyslog-collector: /var/spool/rsyslog
- - /var/log/remote: /var/log/remote
- egress_policy: internal
- ports:
- - 6514
-
-prometheus:
- scheduling_group: backend
- num_instances: 1
- service_credentials:
- - { name: prometheus }
- containers:
- - name: prometheus
- image: registry.git.autistici.org/ai3/docker/prometheus:master
- port: 9090
- volumes:
- - /etc/prometheus: /etc/prometheus
- - /var/lib/prometheus/metrics2: /var/lib/prometheus/metrics2
- args: "--storage.tsdb.retention.time={{ prometheus_tsdb_retention | default('90d') }} --web.external-url=https://monitor.{{ domain_public[0] }} --web.enable-lifecycle --query.max-samples={{ prometheus_max_samples | default('5000000') }}"
- - name: alertmanager
- image: registry.git.autistici.org/ai3/docker/prometheus-alertmanager:master
- ports:
- - 9093
- - 9094
- volumes:
- - /etc/prometheus: /etc/prometheus
- - /var/lib/prometheus/alertmanager: /var/lib/prometheus/alertmanager
- args: "--web.external-url=https://alertmanager.{{ domain_public[0] }} --cluster.listen-address=:9094 --cluster.advertise-address={{ float_host_dns_map.get(inventory_hostname + '.prometheus', ['']) | list | first }}:9094{% for h in groups['prometheus']|sort if h != inventory_hostname %} --cluster.peer={{ h }}.prometheus.{{ domain }}:9094{% endfor %}"
- - name: blackbox
- image: registry.git.autistici.org/ai3/docker/prometheus-blackbox:master
- ports:
- - 9115
- volumes:
- - /etc/prometheus: /etc/prometheus
- args: "--config.file /etc/prometheus/blackbox.yml"
- docker_options: "--cap-add=NET_RAW"
- drop_capabilities: false
- - name: grafana
- image: registry.git.autistici.org/ai3/docker/grafana:master
- port: 2929
- volumes:
- - /etc/grafana: /etc/grafana
- - /var/lib/grafana: /var/lib/grafana
- egress_policy: internal
- - name: thanos
- image: registry.git.autistici.org/ai3/docker/thanos:master
- ports:
- - 10901 # sidecar grpc
- - 10902 # sidecar http
- - 10903 # query grpc
- - 10904 # query http
- - 10905 # query-frontend grpc
- - 10906 # query-frontend http
- resources:
- ram: "1G"
- env:
- QUERY_FLAGS: "--query.replica-label=monitor {% for h in groups['prometheus']|sort %} --store={{ h }}.prometheus.{{ domain }}:10901{% endfor %}"
- SIDECAR_FLAGS: ""
- QUERY_FRONTEND_FLAGS: "--query-range.response-cache-config-file=/etc/thanos/query-frontend-cache.yml"
- volumes:
- - /etc/thanos: /etc/thanos
- egress_policy: internal
- - name: karma
- image: registry.git.autistici.org/ai3/docker/karma:master
- ports:
- - 9193
- env:
- # https://github.com/prymitive/karma/blob/master/docs/CONFIGURATION.md#environment-variables
- CONFIG_FILE: "/etc/karma/float.yml"
- PORT: 9193
- volumes:
- - /etc/karma: /etc/karma
- egress_policy: internal
- public_endpoints:
- - name: monitor
- port: 9090
- scheme: http
- enable_sso_proxy: true
- - name: prober
- port: 9115
- scheme: http
- enable_sso_proxy: true
- - name: grafana
- port: 2929
- scheme: https
- enable_sso_proxy: true
- - name: thanos
- port: 10906
- scheme: http
- enable_sso_proxy: true
- - name: alerts
- port: 9193
- scheme: http
- enable_sso_proxy: true
- monitoring_endpoints:
- - port: 9090
- scheme: http
- healthcheck_http_method: OPTIONS
- - port: 9093
- scheme: http
- healthcheck_http_method: OPTIONS
- - port: 9193
- scheme: http
- healthcheck_http_method: GET
- - port: 2929
- scheme: https
- - port: 10904
- scheme: http
- - port: 10902
- scheme: http
- - port: 10906
- scheme: http
- ports:
- - 9094
- - 10901
- volumes:
- - name: metrics
- path: /var/lib/prometheus
- owner: docker-prometheus
- group: docker-prometheus
- mode: "0755"
- annotations:
- dependencies:
- - client: prometheus
- server: alertmanager
- - client: karma
- server: alertmanager
- - client: thanos
- server: prometheus
-
-sso-server:
- num_instances: 1
- scheduling_group: backend
- service_credentials:
- - name: sso-server
- enable_server: false
- public_endpoints:
- - name: login
- port: 5002
- scheme: http
- monitoring_endpoints:
- - port: 5002
- scheme: http
- systemd_services:
- - sso-server.service
- annotations:
- dependencies:
- - client: sso-server
- server: user-meta-server/user-meta-server
-
-auth-cache:
- scheduling_group: backend
- containers:
- - name: memcache
- image: registry.git.autistici.org/ai3/docker/memcached:master
- ports:
- - 11212
- - 11213
- env:
- PORT: "11212"
- egress_policy: internal
- ports:
- - 11212
- monitoring_endpoints:
- - port: 11213
- scheme: http
-
-user-meta-server:
- num_instances: 1
- scheduling_group: backend
- service_credentials:
- - name: user-meta-server
- monitoring_endpoints:
- - port: 5505
- scheme: https
- ports:
- - 5505
- systemd_services:
- - user-meta-server.service
- datasets:
- - name: db
- type: litestream
- path: /var/lib/user-meta-server
- filename: usermeta.db
- owner: user-meta-server
- litestream_params:
- sync-interval: "60s"
-
-service-dashboard:
- scheduling_group: frontend
- service_credentials:
- - name: service-dashboard
- containers:
- - name: http
- image: registry.git.autistici.org/ai3/tools/float-dashboard:master
- port: 8011
- volumes:
- - /etc/float: /etc/float
- env:
- ADDR: ":8011"
- DOMAIN: "{{ domain_public[0] }}"
- egress_policy: internal
- public_endpoints:
- - name: service-dashboard
- port: 8011
- scheme: http
- enable_sso_proxy: true
-
-backup-metadata:
- num_instances: 1
- scheduling_group: backend
- service_credentials:
- - name: backup-metadata
- enable_client: false
- monitoring_endpoints:
- - port: 5332
- scheme: https
- public_endpoints:
- - name: backups
- port: 5332
- scheme: https
- enable_sso_proxy: true
- ports:
- - 5332
- systemd_services:
- - tabacco-metadb.service
- datasets:
- - name: db
- type: litestream
- path: /var/lib/tabacco-metadb
- filename: meta.db
- owner: backup-metadata
-
-acme:
- num_instances: 1
- scheduling_group: frontend
- service_credentials:
- - name: acme
- enable_server: false
- monitoring_endpoints:
- - port: 5004
- scheme: http
- ports:
- - 5004
- systemd_services:
- - acmeserver.service
-
-assets:
- num_instances: 1
- scheduling_group: backend
- service_credentials:
- - name: assetmon
- containers:
- - name: http
- image: registry.git.autistici.org/ai3/tools/assetmon:master
- volumes:
- - /etc/assetmon/server.yml: /etc/assetmon/server.yml
- - /var/lib/assetmon: /var/lib/assetmon
- ports:
- - 3798
- egress_policy: internal
- monitoring_endpoints:
- - port: 3798
- scheme: https
- public_endpoints:
- - name: assets
- port: 3798
- scheme: https
- enable_sso_proxy: true
- datasets:
- - name: db
- path: /var/lib/assetmon
- owner: docker-assets
diff --git a/services.yml.no-elasticsearch b/services.yml.no-elasticsearch
new file mode 120000
index 0000000000000000000000000000000000000000..3685dcfa3ee27fafe719fe48736f7a1d72028857
--- /dev/null
+++ b/services.yml.no-elasticsearch
@@ -0,0 +1 @@
+services.core.yml
\ No newline at end of file
diff --git a/test/README.md b/test/README.md
index 82d8db7c1766960b70adfa794ed189423b1a32e8..86a856fd1f9c1ab2e6aac84ed3510cefaa719a34 100644
--- a/test/README.md
+++ b/test/README.md
@@ -135,8 +135,8 @@ clear speed improvement.
This is, in fact, already the default for test environments created
with "float create-env" and it can be achieved by:
-* importing "services.yml.no-elasticsearch" instead of
- "services.yml.default" for the float built-in service definitions;
+* importing "services.core.yml" instead of
+ "services.default.yml" for the float built-in service definitions;
* setting the configuration variable "enable_elasticsearch" to false.
The resulting environment will still run the *log-collector* service,
diff --git a/test/backup.ref/services.yml b/test/backup.ref/services.yml
index 3f422c92d269401dc7aef00fe44f1b6f256a5cb2..48d3bf301dbc4ab782626fcc6ef4d1abe132e49d 100644
--- a/test/backup.ref/services.yml
+++ b/test/backup.ref/services.yml
@@ -1,7 +1,7 @@
---
include:
- - "../../services.yml.no-elasticsearch"
+ - "../../services.core.yml"
ok:
scheduling_group: backend
diff --git a/test/float_integration_test/test_system.py b/test/float_integration_test/test_system.py
index 7777128319aaacc98d2c5d76cde9b6882c783b3c..7b088871d6eb58781c0787e202b4f6dcfaea0b4e 100644
--- a/test/float_integration_test/test_system.py
+++ b/test/float_integration_test/test_system.py
@@ -43,7 +43,7 @@ class TestBuiltinServiceURLs(URLTestBase):
"""Verify that all the public_endpoints are reachable.
Tests will only run if the corresponding service (from
- services.yml.default) is actually enabled.
+ services.yml) is actually enabled.
"""
diff --git a/test/full.ref/services.yml b/test/full.ref/services.yml
index 9ac1fd0e61722eac8c95403278c36907ef74f12c..95fcd23934341423ced22fdf519603535dd30e6d 100644
--- a/test/full.ref/services.yml
+++ b/test/full.ref/services.yml
@@ -1,7 +1,7 @@
---
include:
- - "../../services.yml.no-elasticsearch"
+ - "../../services.core.yml"
ok:
scheduling_group: backend