195 lines
6.9 KiB
Plaintext
195 lines
6.9 KiB
Plaintext
# ###################################
|
|
# This file is generated by puppet
|
|
# PLEASE DON'T MODIFY BY HAND
|
|
# ###################################
|
|
|
|
<% if scope.lookupvar('che::che_multiuser') == 'true' -%>
|
|
version: '2.1'
|
|
services:
|
|
<% end -%>
|
|
|
|
########################
|
|
# CHE
|
|
########################
|
|
che:
|
|
image: <%= ENV["IMAGE_CHE"] %>
|
|
mem_limit: <%= scope.lookupvar('che::che_master_container_ram') %>
|
|
memswap_limit: 0
|
|
env_file:
|
|
<% if @compose_file_for_containers == true -%>
|
|
- '<%= ENV["CHE_CONTAINER_ROOT"] %>/instance/config/che/che.env'
|
|
<% else -%>
|
|
- '<%= ENV["CHE_ENV_FILE"] %>'
|
|
<% end -%>
|
|
<% if scope.lookupvar('che::che_multiuser') == 'true' -%>
|
|
links:
|
|
- postgres:postgres
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
keycloak:
|
|
condition: service_healthy
|
|
networks:
|
|
- default
|
|
- che-network
|
|
<% end -%>
|
|
volumes:
|
|
- '/var/run/docker.sock:/var/run/docker.sock'
|
|
- '<%= scope.lookupvar('che::che_instance') -%>/data:/data'
|
|
- '<%= scope.lookupvar('che::che_instance') -%>/logs:/logs'
|
|
- '<%= scope.lookupvar('che::che_instance') -%>/config/che:/conf'
|
|
<% if scope.lookupvar('che::che_dev_env') == 'on' -%>
|
|
- '<%= scope.lookupvar('che::che_assembly') -%>:/assembly'
|
|
<% end -%>
|
|
<% if scope.lookupvar('che::che_user') != 'root' -%>
|
|
- '/etc/group:/etc/group:ro'
|
|
- '/etc/passwd:/etc/passwd:ro'
|
|
<% end -%>
|
|
ports:
|
|
<% if @che_jmx_enabled == 'true' -%>
|
|
- '32001:32001'
|
|
- '32101:32101'
|
|
<% end -%>
|
|
<% if scope.lookupvar('che::che_single_port') == 'true' -%>
|
|
- 8080
|
|
<% else -%>
|
|
- '<%= scope.lookupvar('che::che_port') -%>:<%= scope.lookupvar('che::che_port') -%>'
|
|
<% end -%>
|
|
<% if scope.lookupvar('che::che_env') == 'development' -%>
|
|
- '<%= scope.lookupvar('che::che_debug_port') -%>:<%= scope.lookupvar('che::che_debug_port') -%>'
|
|
<% end -%>
|
|
<% if scope.lookupvar('che::che_single_port') == 'true' -%>
|
|
labels:
|
|
traefik.che.frontend.backend: "che-server"
|
|
traefik.che.frontend.entryPoints: "http"
|
|
traefik.che.port: "<%= scope.lookupvar('che::che_port') -%>"
|
|
traefik.che.frontend.rule: "PathPrefix:/"
|
|
<% if scope.lookupvar('che::che_multiuser') == 'true' -%>
|
|
traefik.docker.network: "che_default"
|
|
<% end -%>
|
|
<% end -%>
|
|
restart: always
|
|
container_name: <%= ENV["CHE_CONTAINER_NAME"] %>
|
|
<% if scope.lookupvar('che::che_user') != 'root' -%>
|
|
user: <%= scope.lookupvar('che::che_user') -%>
|
|
<% end -%>
|
|
<% if ! @dns_resolvers.empty? -%>
|
|
<%= " dns:" + "\n" + @dns_resolvers.split(",").map { |val| " - #{val}" }.join("\n") %>
|
|
<% end -%>
|
|
|
|
<% if scope.lookupvar('che::che_single_port') == 'true' -%>
|
|
########################
|
|
# TRAEFIK
|
|
########################
|
|
traefik:
|
|
image: <%= ENV["IMAGE_TRAEFIK"] %>
|
|
command: --logLevel=DEBUG
|
|
links:
|
|
- che:che
|
|
<% if scope.lookupvar('che::che_multiuser') == 'true' -%>
|
|
networks:
|
|
- default
|
|
- che-network
|
|
<% end -%>
|
|
labels:
|
|
traefik.enable: "false"
|
|
ports:
|
|
- '<%= scope.lookupvar('che::che_port') -%>:<%= scope.lookupvar('che::che_port') -%>'
|
|
<% if scope.lookupvar('che::che_env') == 'development' -%>
|
|
- '7070:7070'
|
|
<% end -%>
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- '<%= scope.lookupvar('che::che_instance') -%>/config/traefik:/etc/traefik'
|
|
restart: always
|
|
<% end -%>
|
|
|
|
<% if scope.lookupvar('che::che_multiuser') == 'true' -%>
|
|
########################
|
|
# POSTGRES
|
|
########################
|
|
postgres:
|
|
image: <%= ENV["IMAGE_POSTGRES"] %>
|
|
command: [ "/var/lib/pgsql/init-che-user-and-run.sh" ]
|
|
environment:
|
|
- POSTGRESQL_USER=keycloak
|
|
- POSTGRESQL_PASSWORD=keycloak
|
|
- POSTGRESQL_DATABASE=keycloak
|
|
- CHE_POSTGRES_USERNAME=<%= scope.lookupvar('postgres::che_pg_username') %>
|
|
- CHE_POSTGRES_PASSWORD=<%= scope.lookupvar('postgres::che_pg_password') %>
|
|
- CHE_POSTGRES_DATABASE=<%= scope.lookupvar('postgres::che_pg_database') %>
|
|
volumes:
|
|
- '<%= scope.lookupvar('che::che_instance') -%>/data/postgres:/var/lib/pgsql/data'
|
|
- '<%= scope.lookupvar('che::che_instance') -%>/config/postgres/init-che-user.sh:/var/lib/pgsql/init-che-user.sh'
|
|
- '<%= scope.lookupvar('che::che_instance') -%>/config/postgres/init-che-user-and-run.sh:/var/lib/pgsql/init-che-user-and-run.sh'
|
|
<% if scope.lookupvar('che::che_single_port') == 'false' -%>
|
|
expose:
|
|
- '5432'
|
|
<% if scope.lookupvar('che::che_env') == 'development' -%>
|
|
ports:
|
|
- '5432:5432'
|
|
<% end -%>
|
|
<% end -%>
|
|
restart: always
|
|
healthcheck:
|
|
test: [ "CMD", "/bin/sh", "-i", "-c", "psql -h 127.0.0.1 -U keycloak -q -d keycloak -c 'SELECT 1'" ]
|
|
interval: 10s
|
|
timeout: 10s
|
|
retries: 10
|
|
|
|
########################
|
|
# KEYCLOAK
|
|
########################
|
|
keycloak:
|
|
image: <%= ENV["IMAGE_KEYCLOACK"] %>
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
<% if scope.lookupvar('che::che_single_port') == 'false' -%>
|
|
ports:
|
|
- '5050:8080'
|
|
<% end -%>
|
|
entrypoint:
|
|
- start-keycloak.sh
|
|
- -Dkeycloak.migration.action=import
|
|
- -Dkeycloak.migration.provider=dir
|
|
- -Dkeycloak.migration.strategy=IGNORE_EXISTING
|
|
- -Dkeycloak.migration.dir=/opt/jboss/keycloak/realms/
|
|
- -Djboss.bind.address=0.0.0.0
|
|
environment:
|
|
- POSTGRES_PORT_5432_TCP_ADDR=postgres
|
|
- POSTGRES_PORT_5432_TCP_PORT=5432
|
|
- POSTGRES_DATABASE=keycloak
|
|
- POSTGRES_USER=keycloak
|
|
- POSTGRES_PASSWORD=keycloak
|
|
links:
|
|
- postgres:postgres
|
|
<% if scope.lookupvar('che::che_single_port') == 'true' -%>
|
|
labels:
|
|
traefik.keycloak.frontend.entryPoints: "http"
|
|
traefik.keycloak.port: "8080"
|
|
<% if scope.lookupvar('che::che_single_port') == 'true' and scope.lookupvar('che::che_single_port_wildcard_domain_ipless') == 'true' -%>
|
|
traefik.keycloak.frontend.rule: "Host:keycloak.<%= scope.lookupvar('che::che_single_port_wildcard_domain_host') -%>"
|
|
<% elsif ! @che_docker_ip_external.empty? -%>
|
|
traefik.keycloak.frontend.rule: "Host:keycloak.<%= scope.lookupvar('che::che_docker_ip_external') -%>.<%= scope.lookupvar('che::che_single_port_wildcard_domain_host') -%>"
|
|
<% else -%>
|
|
traefik.keycloak.frontend.rule: "Host:keycloak.<%= scope.lookupvar('che::docker_ip') -%>.<%= scope.lookupvar('che::che_single_port_wildcard_domain_host') -%>"
|
|
<% end -%>
|
|
traefik.docker.network: "che_default"
|
|
<% end -%>
|
|
volumes:
|
|
- '<%= scope.lookupvar('che::che_instance') -%>/config/keycloak/che:/opt/jboss/keycloak/themes/che'
|
|
- '<%= scope.lookupvar('che::che_instance') -%>/config/keycloak/:/opt/jboss/keycloak/realms/'
|
|
- '<%= scope.lookupvar('che::che_instance') -%>/data/keycloak:/opt/jboss/keycloak/standalone/data'
|
|
- '<%= scope.lookupvar('che::che_instance') -%>/logs/keycloak:/opt/jboss/keycloak/standalone/log'
|
|
restart: always
|
|
healthcheck:
|
|
test: [ "CMD", "curl", "-f", "http://localhost:8080/auth/" ]
|
|
interval: 10s
|
|
timeout: 10s
|
|
retries: 10
|
|
|
|
networks:
|
|
che-network:
|
|
<% end -%>
|