services.yml.default 4.87 KB
Newer Older
ale's avatar
ale committed
1 2 3 4 5 6 7 8 9
---

frontend:
  scheduling_group: frontend
  service_credentials:
    - name: nginx
      enable_server: false
    - name: ssoproxy
      enable_server: false
ale's avatar
ale committed
10
    - name: replds-acme
11 12
  systemd_services:
    - nginx.service
ale's avatar
ale committed
13
    - sso-proxy.service
14
    - bind9.service
ale's avatar
ale committed
15 16 17
    - replds@acme.service
  ports:
    - 5005
18 19 20 21 22 23 24
  volumes:
    - name: cache
      path: /var/cache/nginx
      owner: nginx
      group: nginx
      mode: "0700"
      size: 20g
ale's avatar
ale committed
25 26

log-collector:
27
  scheduling_group: backend
ale's avatar
ale committed
28 29 30 31 32 33 34 35
  num_instances: 1
  service_credentials:
    - name: log-collector
      enable_client: false
  monitoring_endpoints:
    - job_name: rsyslog-collector
      port: 9105
      scheme: http
ale's avatar
ale committed
36 37 38
    - job_name: elasticsearch
      port: 9201
      scheme: http
ale's avatar
ale committed
39 40 41 42 43
  public_endpoints:
    - name: logs
      port: 5601
      scheme: http
      enable_sso_proxy: true
ale's avatar
ale committed
44 45
  containers:
    - name: kibana
46
      image: registry.git.autistici.org/ai3/docker/kibana:master
ale's avatar
ale committed
47 48 49 50 51 52
      port: 5061
      volumes:
        - /etc/kibana/kibana.yml: /etc/kibana/kibana.yml
        - /var/lib/kibana: /var/lib/kibana
      env:
        BABEL_CACHE_PATH: "/var/lib/kibana/.babelcache.json"
ale's avatar
ale committed
53
    - name: elasticsearch
54
      image: registry.git.autistici.org/ai3/docker/elasticsearch:master
ale's avatar
ale committed
55 56 57 58 59 60 61 62
      port: 9200
      volumes:
        - /etc/elasticsearch: /etc/elasticsearch
        - /var/lib/elasticsearch: /var/lib/elasticsearch
        - /var/log/elasticsearch: /var/log/elasticsearch
      env:
        PORT: 9200
        EXPORTER_PORT: 9201
63 64
  systemd_services:
    - rsyslog-collector.service
65 66 67
  ports:
    - 6514
    - 9200
68 69 70 71 72 73 74
  volumes:
    - name: elasticsearch
      path: /var/lib/elasticsearch
      size: 100g
      owner: docker-log-collector
      group: docker-log-collector
      mode: "0700"
ale's avatar
ale committed
75 76

prometheus:
77
  scheduling_group: backend
ale's avatar
ale committed
78 79 80
  num_instances: 1
  service_credentials:
    - { name: prometheus }
ale's avatar
ale committed
81 82
  containers:
    - name: grafana
83
      image: registry.git.autistici.org/ai3/docker/grafana:master
ale's avatar
ale committed
84 85 86 87
      port: 2929
      volumes:
        - /etc/grafana: /etc/grafana
        - /var/lib/grafana: /var/lib/grafana
ale's avatar
ale committed
88 89 90 91 92 93 94 95 96
  public_endpoints:
    - name: monitor
      port: 9090
      scheme: http
      enable_sso_proxy: true
    - name: alertmanager
      port: 9093
      scheme: http
      enable_sso_proxy: true
97 98 99 100
    - name: prober
      port: 9115
      scheme: http
      enable_sso_proxy: true
ale's avatar
ale committed
101 102 103 104 105 106 107 108 109 110 111 112 113 114
    - name: grafana
      port: 2929
      scheme: https
      enable_sso_proxy: true
  monitoring_endpoints:
    - job_name: prometheus
      port: 9090
      scheme: http
    - job_name: alertmanager
      port: 9093
      scheme: http
    - job_name: grafana
      port: 2929
      scheme: https
115 116 117 118
  systemd_services:
    - prometheus.service
    - prometheus-alertmanager.service
    - prometheus-blackbox-exporter.service
119
  ports:
120
    - 9094
121 122 123 124 125
  volumes:
    - name: metrics
      path: /var/lib/prometheus
      owner: prometheus
      group: prometheus
ale's avatar
ale committed
126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142

sso-server:
  num_instances: 1
  scheduling_group: backend
  service_credentials:
    - name: sso-server
      enable_server: false
  public_endpoints:
    - name: login
      port: 5002
      scheme: http
  monitoring_endpoints:
    - job_name: sso-server
      port: 5002
      scheme: http

auth-server:
143
  scheduling_group: all
ale's avatar
ale committed
144 145 146
  service_credentials:
    - name: auth-server
      enable_server: false
147 148 149 150
  monitoring_endpoints:
    - job_name: auth-server
      port: 9004
      scheme: http
ale's avatar
ale committed
151

152 153 154 155
auth-cache:
  scheduling_group: backend
  containers:
    - name: memcache
156
      image: registry.git.autistici.org/ai3/docker/memcached:master
157 158 159
      port: 11212
      env:
        PORT: "11212"
ale's avatar
ale committed
160 161
  ports:
    - 11212
162

ale's avatar
ale committed
163 164 165 166 167 168 169 170 171
user-meta-server:
  num_instances: 1
  scheduling_group: backend
  service_credentials:
    - name: user-meta-server
  monitoring_endpoints:
    - job_name: user-meta-server
      port: 5005
      scheme: https
ale's avatar
ale committed
172 173
  ports:
    - 5005
174 175
  systemd_services:
    - user-meta-server.service
ale's avatar
ale committed
176

177 178 179 180 181
admin-dashboard:
  scheduling_group: frontend
  service_credentials:
    - name: admin-dashboard
  containers:
182
    - name: http
183
      image: registry.git.autistici.org/ai3/tools/float-dashboard:master
184 185 186 187 188 189 190 191 192 193 194 195 196 197
      port: 8011
      volumes:
        - /etc/float: /etc/float
      env:
        ADDR: "0.0.0.0:8011"
  public_endpoints:
    - name: admin
      port: 8011
      scheme: https
      enable_sso_proxy: true
  monitoring_endpoints:
    - job_name: admin-dashboard
      port: 8011
      scheme: https
ale's avatar
ale committed
198 199 200 201 202 203 204 205 206

backup-metadata:
  num_instances: 1
  scheduling_group: backend
  service_credentials:
    - name: backup-metadata
      enable_client: false
  monitoring_endpoints:
    - job_name: backup-metadata
ale's avatar
ale committed
207
      port: 5332
ale's avatar
ale committed
208 209
      scheme: https
  ports:
ale's avatar
ale committed
210
    - 5332
211 212
  systemd_services:
    - tabacco-metadb.service
ale's avatar
ale committed
213 214 215 216 217 218 219 220 221

acme:
  num_instances: 1
  scheduling_group: frontend
  service_credentials:
    - name: acme
      enable_server: false
  monitoring_endpoints:
    - job_name: acme
ale's avatar
ale committed
222
      port: 5004
223
      scheme: http
ale's avatar
ale committed
224
  ports:
ale's avatar
ale committed
225
    - 5004
ale's avatar
ale committed
226 227 228
  systemd_services:
    - acmeserver.service