toolshed/organising
7
1
Fork 0
Code Issues 100 Pull Requests Releases Activity

Document how to make a compose stack out of an existing docker-compose.yml #5

New Issue
Closed
opened 2020-09-05 00:14:25 +00:00 by 3wordchant · 4 comments
3wordchant commented 2020-09-05 00:14:25 +00:00
Owner
Copy Link

Off top:

  1. Create a new repo
  2. Add the deploy: labels: section for Traefik
  3. Add networks: proxy to whichever service(s) will be internet-facing
  4. Copy the volumes: and (probably) secrets: definition from an existing app
  5. Add a .envrc file and (probably) helpers.sh to generate secrets

(Probably lots more)

Off top: 1. Create a new repo 2. Add the `deploy: labels:` section for Traefik 3. Add `networks: proxy` to whichever service(s) will be internet-facing 4. Copy the `volumes:` and (probably) `secrets:` definition from an existing app 5. Add a `.envrc` file and (probably) `helpers.sh` to generate secrets (Probably lots more)
3wordchant commented 2020-09-08 17:56:42 +00:00
Author
Owner
Copy Link
  • Using a custom entrypoint.sh to do any initial set-up that relies on docker-compose run (e.g. for matrix-synapse)
  • How to replace build: in stacks
  • Adapting stacks which use bind-mounted volumes
- Using a custom `entrypoint.sh` to do any initial set-up that relies on `docker-compose run` (e.g. [for `matrix-synapse`](https://git.autonomic.zone/compose-stacks/matrix-synapse/src/branch/main/entrypoint.sh.tmpl)) - How to replace `build:` in stacks - Adapting stacks which use bind-mounted volumes
3wordchant commented 2020-09-13 16:06:03 +00:00
Author
Owner
Copy Link

If an image supports loading secrets from environment variables, but not yet from files, e.g. you want CONFIG_AUTHADMINPASSWORD_FILE=/run/secrets/saml_admin_password but the image only supports CONFIG_AUTHADMINPASSWORD=foo, use a simple custom entrypoint: https://git.autonomic.zone/compose-stacks/mediawiki/src/branch/simplesaml/entrypoint.simplesaml.sh.tmpl

If an image supports loading secrets from environment variables, but not yet from files, e.g. you want `CONFIG_AUTHADMINPASSWORD_FILE=/run/secrets/saml_admin_password` but the image only supports `CONFIG_AUTHADMINPASSWORD=foo`, use a simple custom entrypoint: https://git.autonomic.zone/compose-stacks/mediawiki/src/branch/simplesaml/entrypoint.simplesaml.sh.tmpl
3wordchant commented 2020-09-13 16:07:12 +00:00
Author
Owner
Copy Link

Adding custom abra commands, see e.g. Nextcloud's abra occ command

Adding custom `abra` commands, see e.g. [Nextcloud's `abra occ` command](https://git.autonomic.zone/compose-stacks/nextcloud/src/branch/main/abra-commands.sh)
3wordchant added this to the (deleted) milestone 2020-09-20 18:40:01 +00:00
3wordchant commented 2020-09-23 21:25:13 +00:00
Author
Owner
Copy Link

CoöpCloud-ising an app

Example: Matomo web analytics

Tired: Write your own image and compose file
Wired: Use someone else's image (& maybe compose file)
Inspired: Upstream image, someone else's compose file
On fire: Upstream compose file

I'm feeling lazy so, luckily for me, Matomo already has an example compose file in their repository! Let's download and edit it:

mkdir matomo && cd matomo
wget https://raw.githubusercontent.com/matomo-org/docker/master/.examples/apache/docker-compose.yml -O compose.yml

Open compose.yml in your favourite editor and have a gander 🦢 . There are a few things we're looking for -- full list to come -- but a few things we can immediately see are:

  1. Let's bump the version to 3.8, to make sure we can use all the latest swarm coolness
  2. We load environment variables separately via abra, so we'll strip out env_file.
  3. The /var/www/html volume definition on L21 is a bit overzealous; it means a copy of Matomo will be stored separately per app instance, which is a waste of space in most cases. We'll narrow it down according to the documentation -- here, the developers have been nice enough to suggest logs and config volumes instead, which is a decent start
  4. The MySQL passwords are sent as variables which is fine for basic use, but if we replace them with Docker secrets we can keep them out of our env files if we want to publish those more widely.
  5. The MariaDB service doesn't need to be exposed to the internet, so we can define an internal network for it to communicate with Matomo.
  6. Lastly, we want to use deploy.labels and remove the ports: definition, to tell Traefik to forward requests to Matomo based on hostname and generate an SSL certificate.

(I'll also rename the db and app services to mariadb and matomo respectively, for consistency with our other compose-stacks apps.)

The resulting compose.yml is here: https://git.autonomic.zone/compose-stacks/matomo/src/branch/main/compose.yml

Now, create an .envrc file (or call it anything else, but remember to specify the -e option for abra):

export SERVICE=matomo
export DOMAIN=matomo.example.com
export STACK_NAME=matomo
export LETS_ENCRYPT_ENV=production

export DB_PASSWORD_VERSION=v1
export DB_ROOT_PASSWORD_VERSION=v1

(and, if you're using .envrc, remember to source .envrc or direnv allow)

You can create the secrets:

abra secret generate db_password v1
abra secret generate db_root_password v1

And deploy the app:

abra deploy

Then, open the DOMAIN you configured (you might need to wait a while for Traefik to generate SSL certificates) to finish the set-up.

Luckily, this container is (mostly) configurable via environment variables -- if we want to auto-generate the configuration we can use a config and / or a custom entrypoint (see compose-stacks/mediawiki for examples of both).

# CoöpCloud-ising an app Example: Matomo web analytics Tired: Write your own image and compose file Wired: Use someone else's image (& maybe compose file) Inspired: Upstream image, someone else's compose file On fire: Upstream compose file I'm feeling lazy so, luckily for me, Matomo already has an example compose file in their repository! Let's download and edit it: ``` mkdir matomo && cd matomo wget https://raw.githubusercontent.com/matomo-org/docker/master/.examples/apache/docker-compose.yml -O compose.yml ``` Open `compose.yml` in your favourite editor and have a gander :swan: . There are a few things we're looking for -- full list to come -- but a few things we can immediately see are: 1. Let's bump the version to `3.8`, to make sure we can use all the latest swarm coolness 2. We load environment variables separately via `abra`, so we'll strip out `env_file`. 3. The `/var/www/html` volume definition on L21 is a bit overzealous; it means a copy of Matomo will be stored separately per app instance, which is a waste of space in most cases. We'll narrow it down according to the documentation -- here, the developers have been nice enough to suggest `logs` and `config` volumes instead, which is a decent start 3. The MySQL passwords are sent as variables which is fine for basic use, but if we replace them with Docker secrets we can keep them out of our env files if we want to publish those more widely. 4. The MariaDB service doesn't need to be exposed to the internet, so we can define an `internal` network for it to communicate with Matomo. 5. Lastly, we want to use `deploy.labels` and remove the `ports:` definition, to tell Traefik to forward requests to Matomo based on hostname and generate an SSL certificate. (I'll also rename the `db` and `app` services to `mariadb` and `matomo` respectively, for consistency with our other `compose-stacks` apps.) The resulting `compose.yml` is here: https://git.autonomic.zone/compose-stacks/matomo/src/branch/main/compose.yml Now, create an `.envrc` file (or call it anything else, but remember to specify the `-e` option for `abra`): ``` export SERVICE=matomo export DOMAIN=matomo.example.com export STACK_NAME=matomo export LETS_ENCRYPT_ENV=production export DB_PASSWORD_VERSION=v1 export DB_ROOT_PASSWORD_VERSION=v1 ``` (and, if you're using `.envrc`, remember to `source .envrc` or `direnv allow`) You can create the secrets: ``` abra secret generate db_password v1 abra secret generate db_root_password v1 ``` And deploy the app: `abra deploy` Then, open the `DOMAIN` you configured (you might need to wait a while for Traefik to generate SSL certificates) to finish the set-up. Luckily, this container is (mostly) configurable via environment variables -- if we want to auto-generate the configuration we can use a `config` and / or a custom `entrypoint` (see [`compose-stacks/mediawiki`](https://git.autonomic.zone/compose-stacks/mediawiki) for examples of both).
decentral1se added the
documentation
 label 2020-10-27 07:57:06 +00:00
3wordchant referenced this issue from a commit 2020-12-23 21:18:50 +00:00
Add initial docs
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
abra
Everything to do with abra
abra-gandi
Abra Gandi plugin
awaiting-feedback
Ping/pong on comms
backups
bug
Something is not working
build
Go build related issues
ci/cd
Getting the robots into the mix
community organising
Opening this thing up
contributing
Contributors stuff
coopcloud.tech
Our main website
democracy
Democratic decision making
design
Design thinking required
documentation
Let's write things together
duplicate
This issue or pull request already exists
enhancement
New feature
finance
Money things
funding
Anything related to grant funding
good first issue
Easy start with development
help wanted
Need some help
installer
Installation related issues
kadabra
performance
Performance related
proposal
Large change which requires feedback & decisin making
question
More information is needed
recipes.coopcloud.tech
Our recipes catalogue
security
Securing our shit
test
Unit or integration test suite
wontfix
This won't be fixed
No Label
documentation
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
3wordchant aadil abra-bot ammaratef45 Apfelwurm carla cas coopcloud cyrnel decentral1se fauno iexos jade jmakdah2 joe-irving kawaiipunk knoflook kolaente lambdabundesverband linnealovespie moritz notplants p4u1 pharaohgraphy renovate-bot ripclap simon sixsmith trav val yksflip
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: toolshed/organising#5
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?