diff --git a/mirror.yml b/mirror.yml index 58531d5..2bb7f85 100644 --- a/mirror.yml +++ b/mirror.yml @@ -1,534 +1,532 @@ version: "3.8" services: memcache: # used by the web app image: memcached deploy: replicas: 1 networks: - swh-mirror storage-db: # the main storage database image: postgres:13 deploy: # we want only one replica of this service in the whole cluster replicas: 1 # possible workaround to prevent dropped idle cnx (making pg pool fail to work after a while) endpoint_mode: dnsrr placement: max_replicas_per_node: 1 constraints: - node.labels.org.softwareheritage.mirror.volumes.storage-db == true networks: - swh-mirror command: ['-c', 'shared_buffers=4GB', '-c', 'effective_cache_size=4GB', '-c', 'random_page_cost=1.5', '-c', 'max_wal_size=4GB'] environment: POSTGRES_PASSWORD_FILE: /run/secrets/postgres-password POSTGRES_USER: swh POSTGRES_DB: # unset POSTGRES_DB: we're handling db creation ourselves in the backend volumes: - "storage-db:/var/lib/postgresql/data:rw,Z" secrets: - source: swh-mirror-storage-db-password target: postgres-password uid: '999' mode: 0400 web-db: # the database for the web application image: postgres:13 deploy: # we want only one replica of this service in the whole cluster replicas: 1 endpoint_mode: dnsrr placement: max_replicas_per_node: 1 constraints: - node.labels.org.softwareheritage.mirror.volumes.web-db == true networks: - swh-mirror command: ['-c', 'shared_buffers=4GB', '-c', 'effective_cache_size=4GB', '-c', 'random_page_cost=1.5', '-c', 'max_wal_size=4GB'] environment: POSTGRES_PASSWORD_FILE: /run/secrets/postgres-password POSTGRES_USER: swh POSTGRES_DB: swh-web volumes: - "web-db:/var/lib/postgresql/data:rw,Z" secrets: - source: swh-mirror-web-db-password target: postgres-password uid: '999' mode: 0400 web: # the web app; serves both the web navigation interface and the public web API image: softwareheritage/web:${SWH_IMAGE_TAG:-latest} networks: - swh-mirror configs: - source: web target: /etc/softwareheritage/config.yml command: serve environment: PORT: "5004" PGHOST: web-db PGUSER: swh POSTGRES_DB: swh-web depends_on: - web-db - memcache secrets: - source: swh-mirror-web-db-password target: postgres-password mode: 0400 objstorage: # the swh-objstorage backend service; this example configuration uses a simple # filesystem-based pathslicing implementation of the swh-objstorage: see # https://docs.softwareheritage.org/devel/apidoc/swh.objstorage.backends.pathslicing.html image: softwareheritage/base:${SWH_IMAGE_TAG:-latest} deploy: # needed to allow actual and dynamic load balancing endpoint_mode: dnsrr # a real life replicas value better be in the 16 to 64 range replicas: 1 placement: # note: if using a local volume, you need to pin the objstorage # instances on the node hosting the volume, eg. the manager, otherwise, # if using a remote/distributed objstorage backend (seaweedfs, cloud, # etc.) you want to remove this placement constraint constraints: - node.labels.org.softwareheritage.mirror.volumes.objstorage == true networks: - swh-mirror volumes: - "objstorage:/srv/softwareheritage/objects:rw,Z" configs: - source: objstorage target: /etc/softwareheritage/config.yml env_file: - ./env/common-python.env environment: PORT: "5003" command: ["rpc-server", "objstorage"] storage: # the swh-storage backend service; using postgresql (storage-db) as backend image: softwareheritage/base:${SWH_IMAGE_TAG:-latest} deploy: # needed to allow actual and dynammic load balancing endpoint_mode: dnsrr # a real life replicas value better be in the 16 to 64 range # however we recommend keeping 1 in this stack deploy file so that # an upgrade of the base image that comes with a database migration script # is upgraded in a consistent way replicas: 1 networks: - swh-mirror configs: - source: storage target: /etc/softwareheritage/config.yml environment: PGHOST: storage-db PGUSER: swh POSTGRES_DB: swh-storage FLAVOR: mirror PORT: "5002" env_file: - ./env/common-python.env secrets: - source: swh-mirror-storage-db-password target: postgres-password mode: 0400 command: ["rpc-server", "storage"] depends_on: - storage-db nginx: image: nginx networks: - swh-mirror configs: - source: nginx target: /etc/nginx/nginx.conf ports: - "5081:5081/tcp" deploy: mode: global prometheus: image: prom/prometheus networks: - swh-mirror depends_on: - prometheus-statsd-exporter command: # Needed for the reverse-proxy - "--web.external-url=/prometheus" - "--config.file=/etc/prometheus/prometheus.yml" configs: - source: prometheus target: /etc/prometheus/prometheus.yml deploy: # we want only one replica of this service in the whole cluster replicas: 1 placement: max_replicas_per_node: 1 constraints: - node.labels.org.softwareheritage.mirror.monitoring == true prometheus-statsd-exporter: image: prom/statsd-exporter networks: - swh-mirror command: - "--statsd.mapping-config=/etc/prometheus/statsd-mapping.yml" configs: - source: prometheus-statsd-exporter target: /etc/prometheus/statsd-mapping.yml deploy: # we want only one replica of this service in the whole cluster replicas: 1 placement: max_replicas_per_node: 1 constraints: - node.labels.org.softwareheritage.mirror.monitoring == true grafana: image: grafana/grafana networks: - swh-mirror depends_on: - prometheus environment: GF_SERVER_ROOT_URL: http://localhost:5081/grafana configs: - source: grafana-provisioning-datasources-prometheus target: /etc/grafana/provisioning/datasources/prometheus.yaml - source: grafana-provisioning-dashboards-all target: /etc/grafana/provisioning/dashboards/all.yaml - source: grafana-dashboards-backend-stats target: /var/lib/grafana/dashboards/backend-stats.json - source: grafana-dashboards-content-replayer target: /var/lib/grafana/dashboards/content-replayer.json - source: grafana-dashboards-graph-replayer target: /var/lib/grafana/dashboards/graph-replayer.json deploy: # we want only one replica of this service in the whole cluster replicas: 1 placement: max_replicas_per_node: 1 constraints: - node.labels.org.softwareheritage.mirror.monitoring == true ## replayer services redis: image: redis:6.2.6 deploy: # we want only one replica of this service in the whole cluster replicas: 1 placement: max_replicas_per_node: 1 constraints: - node.labels.org.softwareheritage.mirror.volumes.redis == true networks: - swh-mirror command: - redis-server - --save 60 1 - --loglevel warning volumes: - redis:/data graph-replayer: image: softwareheritage/replayer:${SWH_IMAGE_TAG:-latest} deploy: # do not start replayers by default once the remaining of the stack is # running as expected, bump this value; expected real-life values should # be something in the range [16, 64] (staging) or [16, 256] (production) # depending on your hardware capabilities; note that there is no need of # going above the number of partitions on the kafka cluster (so the 64 # and 254 upper limits depending on the execution environment). replicas: 0 - restart_policy: - condition: "none" networks: - swh-mirror env_file: - ./env/common-python.env environment: STATSD_TAGS: 'role:graph-replayer,hostname:${HOSTNAME}' configs: - source: graph-replayer target: /etc/softwareheritage/config.yml command: - graph-replayer depends_on: - storage - redis content-replayer: image: softwareheritage/replayer:${SWH_IMAGE_TAG:-latest} deploy: # do not start replayers by default; see above replicas: 0 networks: - swh-mirror env_file: - ./env/common-python.env environment: STATSD_TAGS: 'role:content-replayer,hostname:${HOSTNAME}' configs: - source: content-replayer target: /etc/softwareheritage/config.yml command: - content-replayer depends_on: - objstorage - redis ## secondary services amqp: image: rabbitmq:3.6-management networks: - swh-mirror ports: - 5072:5672 ### vault services vault-db: # the database for the vault rpc server image: postgres:13 deploy: # we want only one replica of this service in the whole cluster replicas: 1 endpoint_mode: dnsrr placement: max_replicas_per_node: 1 constraints: - node.labels.org.softwareheritage.mirror.volumes.web-db == true networks: - swh-mirror command: ['-c', 'shared_buffers=4GB', '-c', 'effective_cache_size=4GB', '-c', 'random_page_cost=1.5', '-c', 'max_wal_size=4GB'] environment: POSTGRES_PASSWORD_FILE: /run/secrets/postgres-password POSTGRES_USER: swh POSTGRES_DB: swh-vault volumes: - "vault-db:/var/lib/postgresql/data:rw,Z" secrets: - source: swh-mirror-vault-db-password target: postgres-password uid: '999' mode: 0400 vault: image: softwareheritage/base:${SWH_IMAGE_TAG:-latest} deploy: replicas: 1 networks: - swh-mirror env_file: - ./env/common-python.env configs: - source: vault target: /etc/softwareheritage/config.yml environment: PGHOST: vault-db PGUSER: swh POSTGRES_DB: swh-vault PORT: "5005" LOG_LEVEL: DEBUG command: ["rpc-server", "vault"] secrets: - source: swh-mirror-vault-db-password target: postgres-password uid: '999' mode: 0400 vault-worker: image: softwareheritage/base:${SWH_IMAGE_TAG:-latest} deploy: replicas: 1 networks: - swh-mirror env_file: - ./env/common-python.env - ./env/celery-worker.env environment: SWH_WORKER_INSTANCE: vault LOG_LEVEL: DEBUG configs: - source: vault-worker target: /etc/softwareheritage/config.yml command: - celery-worker # vault do really need someone to talk to via SMTP mailhog: image: mailhog/mailhog networks: - swh-mirror ### scheduler services scheduler-db: # the database for the vault rpc server image: postgres:13 deploy: # we want only one replica of this service in the whole cluster replicas: 1 endpoint_mode: dnsrr placement: max_replicas_per_node: 1 constraints: - node.labels.org.softwareheritage.mirror.volumes.web-db == true networks: - swh-mirror command: ['-c', 'shared_buffers=4GB', '-c', 'effective_cache_size=4GB', '-c', 'random_page_cost=1.5', '-c', 'max_wal_size=4GB'] environment: POSTGRES_PASSWORD_FILE: /run/secrets/postgres-password POSTGRES_USER: swh POSTGRES_DB: swh-scheduler volumes: - "scheduler-db:/var/lib/postgresql/data:rw,Z" secrets: - source: swh-mirror-scheduler-db-password target: postgres-password uid: '999' mode: 0400 scheduler: image: softwareheritage/base:${SWH_IMAGE_TAG:-latest} deploy: replicas: 1 networks: - swh-mirror configs: - source: scheduler target: /etc/softwareheritage/config.yml env_file: - ./env/common-python.env environment: PGHOST: scheduler-db PGUSER: swh POSTGRES_DB: swh-scheduler PORT: "5008" command: ["rpc-server", "scheduler"] secrets: - source: swh-mirror-scheduler-db-password target: postgres-password uid: '999' mode: 0400 scheduler-listener: image: softwareheritage/base:${SWH_IMAGE_TAG:-latest} deploy: replicas: 1 networks: - swh-mirror configs: - source: scheduler target: /etc/softwareheritage/config.yml env_file: - ./env/common-python.env environment: SWH_WORKER_INSTANCE: scheduler PGHOST: scheduler-db PGUSER: swh POSTGRES_DB: swh-scheduler command: ["scheduler", "start-listener"] secrets: - source: swh-mirror-scheduler-db-password target: postgres-password uid: '999' mode: 0400 scheduler-runner: image: softwareheritage/base:${SWH_IMAGE_TAG:-latest} deploy: replicas: 1 networks: - swh-mirror configs: - source: scheduler target: /etc/softwareheritage/config.yml env_file: - ./env/common-python.env environment: SWH_WORKER_INSTANCE: scheduler PGHOST: scheduler-db PGUSER: swh POSTGRES_DB: swh-scheduler command: ["scheduler", "start-runner", "--period", "10"] secrets: - source: swh-mirror-scheduler-db-password target: postgres-password uid: '999' mode: 0400 volumes: objstorage: redis: scheduler-db: storage-db: vault-db: web-db: secrets: swh-mirror-storage-db-password: external: true swh-mirror-web-db-password: external: true swh-mirror-vault-db-password: external: true swh-mirror-scheduler-db-password: external: true configs: storage: file: conf/storage.yml objstorage: file: conf/objstorage.yml nginx: file: conf/nginx.conf scheduler: file: conf/scheduler.yml vault: file: conf/vault.yml vault-worker: file: conf/vault-worker.yml web: file: conf/web.yml content-replayer: file: conf/content-replayer.yml graph-replayer: file: conf/graph-replayer.yml prometheus: file: conf/prometheus.yml prometheus-statsd-exporter: file: conf/prometheus-statsd-mapping.yml grafana-provisioning-datasources-prometheus: file: conf/grafana/provisioning/datasources/prometheus.yaml grafana-provisioning-dashboards-all: file: conf/grafana/provisioning/dashboards/all.yaml grafana-dashboards-graph-replayer: file: conf/grafana/dashboards/graph-replayer.json grafana-dashboards-content-replayer: file: conf/grafana/dashboards/content-replayer.json grafana-dashboards-backend-stats: file: conf/grafana/dashboards/backend-stats.json networks: swh-mirror: driver: overlay attachable: true