coop-cloud/organising
coop-cloud
/
organising
7
0
Fork 0
Code Issues 158 Pull Requests Projects 2 Releases Activity

Document how to make a compose stack out of an existing docker-compose.yml #5

New Issue
Closed
opened 2020-09-05 00:14:25 +00:00 by 3wordchant · 4 comments
3wordchant commented 2020-09-05 00:14:25 +00:00
Owner
Copy Link

Off top:

  1. Create a new repo
  2. Add the deploy: labels: section for Traefik
  3. Add networks: proxy to whichever service(s) will be internet-facing
  4. Copy the volumes: and (probably) secrets: definition from an existing app
  5. Add a .envrc file and (probably) helpers.sh to generate secrets

(Probably lots more)

Off top: 1. Create a new repo 2. Add the `deploy: labels:` section for Traefik 3. Add `networks: proxy` to whichever service(s) will be internet-facing 4. Copy the `volumes:` and (probably) `secrets:` definition from an existing app 5. Add a `.envrc` file and (probably) `helpers.sh` to generate secrets (Probably lots more)
3wordchant commented 2020-09-08 17:56:42 +00:00
Author
Owner
Copy Link
  • Using a custom entrypoint.sh to do any initial set-up that relies on docker-compose run (e.g. for matrix-synapse)
  • How to replace build: in stacks
  • Adapting stacks which use bind-mounted volumes
- Using a custom `entrypoint.sh` to do any initial set-up that relies on `docker-compose run` (e.g. [for `matrix-synapse`](https://git.autonomic.zone/compose-stacks/matrix-synapse/src/branch/main/entrypoint.sh.tmpl)) - How to replace `build:` in stacks - Adapting stacks which use bind-mounted volumes
3wordchant commented 2020-09-13 16:06:03 +00:00
Author
Owner
Copy Link

If an image supports loading secrets from environment variables, but not yet from files, e.g. you want CONFIG_AUTHADMINPASSWORD_FILE=/run/secrets/saml_admin_password but the image only supports CONFIG_AUTHADMINPASSWORD=foo, use a simple custom entrypoint: https://git.autonomic.zone/compose-stacks/mediawiki/src/branch/simplesaml/entrypoint.simplesaml.sh.tmpl

If an image supports loading secrets from environment variables, but not yet from files, e.g. you want `CONFIG_AUTHADMINPASSWORD_FILE=/run/secrets/saml_admin_password` but the image only supports `CONFIG_AUTHADMINPASSWORD=foo`, use a simple custom entrypoint: https://git.autonomic.zone/compose-stacks/mediawiki/src/branch/simplesaml/entrypoint.simplesaml.sh.tmpl
3wordchant commented 2020-09-13 16:07:12 +00:00
Author
Owner
Copy Link

Adding custom abra commands, see e.g. Nextcloud's abra occ command

Adding custom `abra` commands, see e.g. [Nextcloud's `abra occ` command](https://git.autonomic.zone/compose-stacks/nextcloud/src/branch/main/abra-commands.sh)
3wordchant added this to the Public mini-launch milestone 2020-09-20 18:40:01 +00:00
3wordchant commented 2020-09-23 21:25:13 +00:00
Author
Owner
Copy Link

CoöpCloud-ising an app

Example: Matomo web analytics

Tired: Write your own image and compose file
Wired: Use someone else's image (& maybe compose file)
Inspired: Upstream image, someone else's compose file
On fire: Upstream compose file

I'm feeling lazy so, luckily for me, Matomo already has an example compose file in their repository! Let's download and edit it:

mkdir matomo && cd matomo
wget https://raw.githubusercontent.com/matomo-org/docker/master/.examples/apache/docker-compose.yml -O compose.yml

Open compose.yml in your favourite editor and have a gander 🦢 . There are a few things we're looking for -- full list to come -- but a few things we can immediately see are:

  1. Let's bump the version to 3.8, to make sure we can use all the latest swarm coolness
  2. We load environment variables separately via abra, so we'll strip out env_file.
  3. The /var/www/html volume definition on L21 is a bit overzealous; it means a copy of Matomo will be stored separately per app instance, which is a waste of space in most cases. We'll narrow it down according to the documentation -- here, the developers have been nice enough to suggest logs and config volumes instead, which is a decent start
  4. The MySQL passwords are sent as variables which is fine for basic use, but if we replace them with Docker secrets we can keep them out of our env files if we want to publish those more widely.
  5. The MariaDB service doesn't need to be exposed to the internet, so we can define an internal network for it to communicate with Matomo.
  6. Lastly, we want to use deploy.labels and remove the ports: definition, to tell Traefik to forward requests to Matomo based on hostname and generate an SSL certificate.

(I'll also rename the db and app services to mariadb and matomo respectively, for consistency with our other compose-stacks apps.)

The resulting compose.yml is here: https://git.autonomic.zone/compose-stacks/matomo/src/branch/main/compose.yml

Now, create an .envrc file (or call it anything else, but remember to specify the -e option for abra):

export SERVICE=matomo
export DOMAIN=matomo.example.com
export STACK_NAME=matomo
export LETS_ENCRYPT_ENV=production

export DB_PASSWORD_VERSION=v1
export DB_ROOT_PASSWORD_VERSION=v1

(and, if you're using .envrc, remember to source .envrc or direnv allow)

You can create the secrets:

abra secret generate db_password v1
abra secret generate db_root_password v1

And deploy the app:

abra deploy

Then, open the DOMAIN you configured (you might need to wait a while for Traefik to generate SSL certificates) to finish the set-up.

Luckily, this container is (mostly) configurable via environment variables -- if we want to auto-generate the configuration we can use a config and / or a custom entrypoint (see compose-stacks/mediawiki for examples of both).

# CoöpCloud-ising an app Example: Matomo web analytics Tired: Write your own image and compose file Wired: Use someone else's image (& maybe compose file) Inspired: Upstream image, someone else's compose file On fire: Upstream compose file I'm feeling lazy so, luckily for me, Matomo already has an example compose file in their repository! Let's download and edit it: ``` mkdir matomo && cd matomo wget https://raw.githubusercontent.com/matomo-org/docker/master/.examples/apache/docker-compose.yml -O compose.yml ``` Open `compose.yml` in your favourite editor and have a gander :swan: . There are a few things we're looking for -- full list to come -- but a few things we can immediately see are: 1. Let's bump the version to `3.8`, to make sure we can use all the latest swarm coolness 2. We load environment variables separately via `abra`, so we'll strip out `env_file`. 3. The `/var/www/html` volume definition on L21 is a bit overzealous; it means a copy of Matomo will be stored separately per app instance, which is a waste of space in most cases. We'll narrow it down according to the documentation -- here, the developers have been nice enough to suggest `logs` and `config` volumes instead, which is a decent start 3. The MySQL passwords are sent as variables which is fine for basic use, but if we replace them with Docker secrets we can keep them out of our env files if we want to publish those more widely. 4. The MariaDB service doesn't need to be exposed to the internet, so we can define an `internal` network for it to communicate with Matomo. 5. Lastly, we want to use `deploy.labels` and remove the `ports:` definition, to tell Traefik to forward requests to Matomo based on hostname and generate an SSL certificate. (I'll also rename the `db` and `app` services to `mariadb` and `matomo` respectively, for consistency with our other `compose-stacks` apps.) The resulting `compose.yml` is here: https://git.autonomic.zone/compose-stacks/matomo/src/branch/main/compose.yml Now, create an `.envrc` file (or call it anything else, but remember to specify the `-e` option for `abra`): ``` export SERVICE=matomo export DOMAIN=matomo.example.com export STACK_NAME=matomo export LETS_ENCRYPT_ENV=production export DB_PASSWORD_VERSION=v1 export DB_ROOT_PASSWORD_VERSION=v1 ``` (and, if you're using `.envrc`, remember to `source .envrc` or `direnv allow`) You can create the secrets: ``` abra secret generate db_password v1 abra secret generate db_root_password v1 ``` And deploy the app: `abra deploy` Then, open the `DOMAIN` you configured (you might need to wait a while for Traefik to generate SSL certificates) to finish the set-up. Luckily, this container is (mostly) configurable via environment variables -- if we want to auto-generate the configuration we can use a `config` and / or a custom `entrypoint` (see [`compose-stacks/mediawiki`](https://git.autonomic.zone/compose-stacks/mediawiki) for examples of both).
decentral1se added the
documentation
 label 2020-10-27 07:57:06 +00:00
3wordchant referenced this issue from a commit 2020-12-23 21:18:50 +00:00
Add initial docs
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
Labels
Clear labels   
abra

Everything to do with abra

  
abra-gandi

Abra Gandi plugin

  
awaiting-feedback

Ping/pong on comms

  
backups

   
bug

Something is not working

  
build

Go build related issues

  
ci/cd

Getting the robots into the mix

  
community organising

Opening this thing up

  
contributing

Contributors stuff

  
coopcloud.tech

Our main website

  
democracy

Democratic decision making

  
design

Design thinking required

  
documentation

Let's write things together

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
finance

Money things

  
funding

Anything related to grant funding

  
good first issue

Easy start with development

  
help wanted

Need some help

  
installer

Installation related issues

  
kadabra

   
performance

Performance related

  
proposal

Large change which requires feedback & decisin making

  
question

More information is needed

  
recipes.coopcloud.tech

Our recipes catalogue

  
security

Securing our shit

  
test

Unit or integration test suite

  
wontfix

This won't be fixed

No Label
abra
abra-gandi
awaiting-feedback
backups
bug
build
ci/cd
community organising
contributing
coopcloud.tech
democracy
design
documentation
duplicate
enhancement
finance
funding
good first issue
help wanted
installer
kadabra
performance
proposal
question
recipes.coopcloud.tech
security
test
wontfix
Milestone
Clear milestone
No items
No Milestone
Public mini-launch
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: coop-cloud/organising#5
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?