From 0dc851977fabc4491961279e35442fe003681b7e Mon Sep 17 00:00:00 2001 From: Luca Lutz Date: Thu, 3 Nov 2022 21:13:35 +0100 Subject: [PATCH] Fix docker shit --- .gitignore | 2 + Dockerfile | 13 +- docker-compose.yml | 563 +++---------------------------------------- fab_access/config.py | 8 +- requirements.txt | 4 + 5 files changed, 57 insertions(+), 533 deletions(-) create mode 100644 .gitignore create mode 100644 requirements.txt diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..41edece --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/sql +/.env \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 4903558..311b1cc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,9 @@ -FROM python:3.11.0a3-bullseye -RUN pip install keycloak_wrapper paho-mqtt python-keycloak mysql.connector -RUN mkdir /app/ -COPY main.py /app/ +FROM python:3.11-alpine +WORKDIR /app + +COPY requirements.txt . +RUN pip install -r requirements.txt +COPY ./fab_access/* /app + ENTRYPOINT [ "python" ] -CMD [ "-u", "/app/main.py" ] \ No newline at end of file +CMD [ "-u", "main.py" ] diff --git a/docker-compose.yml b/docker-compose.yml index 9454629..5ca50c4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,536 +1,49 @@ version: '3' - -networks: - auth: - FabDB: - FabLoggingDB: - FabLoggingTelegraf: - reverse-proxy: - mediawiki: - nextcloud: - gitea: - octofarm: - octoproxy: - ipam: - config: - - subnet: 172.42.0.0/24 - odoo: - roundcube: - partdb: - -volumes: - build-trigger: - build-output: - db: - nextcloud: - -secrets: - samba-admin-password: - file: ./samba-admin-password - services: - AD: - image: instantlinux/samba-dc:latest - restart: always - network_mode: host - cap_add: - - CAP_SYS_ADMIN - hostname: dc.sfz.lab - environment: - DOMAIN_ACTION: provision - INTERFACES: -lo eth0 - REALM: ad.sfz.lab - TZ: Europe/Berlin - WORKGROUP: AD - volumes: - - ./data/samba/config:/etc/samba - - ./data/samba/data:/var/lib/samba - secrets: - - samba-admin-password - - reverse-proxy: - image: nginx-openid - build: - context: ./data/reverse-proxy/ - dockerfile: Dockerfile - ports: - - "80:80" - - "443:443" - volumes: - - ./data/reverse-proxy/content/:/usr/share/nginx/html/ - - ./data/reverse-proxy/config/:/etc/nginx/conf.d/ - - /etc/letsencrypt:/etc/nginx/certs - - /etc/localtime:/etc/localtime:ro - - ./data/mirror/config/:/mirror/config_web/ - networks: - reverse-proxy: - restart: unless-stopped - - - mysql: - image: mysql:5.7 - volumes: - - ./data/keycloak/DB/:/var/lib/mysql - environment: - MYSQL_RANDOM_ROOT_PASSWORD: "yes" - MYSQL_DATABASE: ${KEYCLOAK_DB_NAME} - MYSQL_USER: ${KEYCLOAK_DB_USER} - MYSQL_PASSWORD: ${KEYCLOAK_DB_PW} - networks: - auth: - - keycloak: - image: keycloak-sfz - build: - context: ./data/keycloak/ - dockerfile: Dockerfile - environment: - - DB_VENDOR=MYSQL - - DB_ADDR=mysql - - DB_DATABASE=${KEYCLOAK_DB_NAME} - - DB_USER=${KEYCLOAK_DB_USER} - - DB_PASSWORD=${KEYCLOAK_DB_PW} - - KEYCLOAK_USER=${KEYCLOAK_USER_NAME} - - KEYCLOAK_PASSWORD=${KEYCLOAK_USER_PW} - - PROXY_ADDRESS_FORWARDING=true + backend: + build: . depends_on: - - mysql - networks: - auth: - reverse-proxy: - volumes: - - ./data/keycloak/data/:/lib/jvm/jre-11/lib/security/ - - ./data/keycloak/cert/:/etc/pki/java/ - - - mosquitto: - image: hivemq/hivemq4 - ports: - - 1883:1883 - - 9001:9001 - networks: - - FabDB - - FabBackend: - image: fabbackend - build: - context: ./data/FabBackend - dockerfile: Dockerfile + - db + - mqtt environment: - KEYCLOAK_USER_NAME: ${KEYCLOAK_USER_NAME} - KEYCLOAK_USER_PW: ${KEYCLOAK_USER_PW} - KEYCLOAK_REALM: ${KEYCLOAK_REALM} - FABDB_DB_USER_NAME: ${FABDB_DB_USER_NAME} - FABDB_DB_USER_PW: ${FABDB_DB_USER_PW} - FABDB_DB_NAME: ${FABDB_DB_NAME} - networks: - - FabDB - - auth - restart: unless-stopped - - FabDB: - image: fabdb - build: - context: ./data/FabBackend - dockerfile: Dockerfile-DB - volumes: - - ./data/FabBackend/DB/:/var/lib/mysql - environment: - MYSQL_RANDOM_ROOT_PASSWORD: "yes" - MYSQL_DATABASE: ${FABDB_DB_NAME} - MYSQL_USER: ${FABDB_DB_USER_NAME} - MYSQL_PASSWORD: ${FABDB_DB_USER_PW} - networks: - - FabDB - - FabLoggingDB: - image: influxdb:1.5 - volumes: - - ./data/FabLogging/DB/data/:/var/lib/influxdb/ - - ./data/FabLogging/DB/config/:/etc/influxdb/ - restart: always - networks: - - FabLoggingDB - - FabLoggingTelegraf - - FabLoggingDBTelegraf: - image: telegraf - volumes: - - ./data/FabLogging/telegraf/telegraf.conf:/etc/telegraf/telegraf.conf - - /var/run/docker.sock:/var/run/docker.sock - restart: always - user: "0" - networks: - - FabDB - - FabLoggingTelegraf - - grafana: - image: grafana/grafana - user: "0" - #ports: - # - "3000:3000" - volumes: - - ./data/FabLogging/data/grafana:/var/lib/grafana - restart: always - networks: - - FabLoggingDB - - buildserver-worker: - image: buildserver - build: - context: ./data/buildserver/worker/ - dockerfile: Dockerfile - volumes: - - build-trigger:/trigger/ - - build-output:/output/ - - /etc/localtime:/etc/localtime:ro - restart: unless-stopped - - buildserver-web-trigger: - image: buildserver-web-trigger - build: - context: ./data/buildserver/trigger/ - dockerfile: Dockerfile - networks: - reverse-proxy: - volumes: - - build-trigger:/var/www/trigger/ - - /etc/localtime:/etc/localtime:ro - environment: - - DEBUG=true - - HISTCONTROL=ignoredups - restart: unless-stopped - - buildserver-web-server: - image: httpd:latest - networks: - reverse-proxy: - volumes: - - build-output:/usr/local/apache2/htdocs/ - - /etc/localtime:/etc/localtime:ro - restart: unless-stopped - - mediawiki: - image: mediawikisfz - build: - dockerfile: Dockerfile - context: ./data/mediawiki/ - networks: - reverse-proxy: - mediawiki: - auth: - depends_on: - - mediawiki-mysql - restart: unless-stopped - volumes: - - ./data/mediawiki/images:/var/www/html/images/ - - mediawiki-mysql: - image: mariadb - volumes: - - ./data/mediawiki/DB:/var/lib/mysql - environment: - MYSQL_ROOT_PASSWORD: ${MEDIAWIKIDB_ROOT_PW} - networks: - mediawiki: - hostname: mediawiki-mysql - restart: unless-stopped - - cdn01: - image: httpd - networks: - reverse-proxy: - volumes: - - ./data/CDN:/usr/local/apache2/htdocs/ - restart: unless-stopped - - cdn02: - image: httpd - networks: - reverse-proxy: - volumes: - - ./data/CDN:/usr/local/apache2/htdocs/ + # Keycloak config + KEYCLOAK_URL: ${KEYCLOAK_URL:?err} + KEYCLOAK_USER_NAME: ${KEYCLOAK_USER_NAME:?err} + KEYCLOAK_USER_PW: ${KEYCLOAK_USER_PW:?err} + KEYCLOAK_REALM: ${KEYCLOAK_REALM:?err} + # DB config + DB_HOSTNAME: ${DB_HOSTNAME:?err} + DB_USERNAME: ${DB_USERNAME:?err} + DB_PASSWORD: ${DB_PASSWORD:?err} + DB_DATABASE: ${DB_DATABASE:?err} + # MQTT config + MQTT_USERNAME: ${MQTT_USERNAME:?err} + MQTT_PASSWORD: ${MQTT_PASSWORD:?err} + MQTT_BROKER: ${MQTT_BROKER:?err} + MQTT_CLIENT: ${MQTT_CLIENT:?err} restart: unless-stopped - cdn03: - image: httpd - networks: - reverse-proxy: - volumes: - - ./data/CDN:/usr/local/apache2/htdocs/ - restart: unless-stopped - db: - image: mariadb:10.5 - command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW - restart: always + image: postgres:15-alpine volumes: - - db:/var/lib/mysql - networks: - nextcloud: + - ./sql/:/docker-entrypoint-initdb.d/:ro,Z environment: - - MYSQL_RANDOM_ROOT_PASSWORD="yes" - - MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PW} - - MYSQL_DATABASE=nextcloud - - MYSQL_USER=nextcloud + POSTGRES_DB: ${DB_DATABASE} + POSTGRES_USER: ${DB_USERNAME} + POSTGRES_PASSWORD: ${DB_PASSWORD} - redis: - image: redis:alpine - restart: always - networks: - nextcloud: - - app: - image: nextcloud:fpm-alpine - restart: always - volumes: - - nextcloud:/var/www/html + mqtt: + image: eclipse-mosquitto:2 environment: - - MYSQL_HOST=db - - REDIS_HOST=redis - - MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PW} - - MYSQL_DATABASE=nextcloud - - MYSQL_USER=nextcloud - depends_on: - - db - - redis - networks: - nextcloud: - - web: - build: ./data/nextcloud/ - restart: always - volumes: - - nextcloud:/var/www/html:ro - depends_on: - - app - networks: - reverse-proxy: - nextcloud: - - cron: - image: nextcloud:fpm-alpine - restart: always - volumes: - - nextcloud:/var/www/html - entrypoint: /cron.sh - depends_on: - - db - - redis - - gitea: - image: gitea/gitea:1.15.9 - environment: - - USER_UID=1000 - - USER_GID=1000 - - GITEA__database__DB_TYPE=mysql - - GITEA__database__HOST=git-db:3306 - - GITEA__database__NAME=gitea - - GITEA__database__USER=gitea - - GITEA__database__PASSWD=${GIT_DB_PW} - restart: always - networks: - - gitea - - reverse-proxy - volumes: - - ./data/gitea/data:/data - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - depends_on: - - git-db - - git-db: - image: mysql:8 - restart: always - environment: - - MYSQL_RANDOM_ROOT_PASSWORD="yes" - - MYSQL_USER=gitea - - MYSQL_PASSWORD=${GIT_DB_PW} - - MYSQL_DATABASE=gitea - networks: - - gitea - volumes: - - ./data/gitea/db:/var/lib/mysql - - octofarm-db: - image: mongo:4.4 - environment: - MONGO_INITDB_ROOT_USERNAME: octofarm - MONGO_INITDB_ROOT_PASSWORD: ${OCTOFARM_DB_PW} - MONGO_INITDB_DATABASE: octofarm - volumes: - - ./data/OctoFarm/data/mongodb-data:/data/db - restart: unless-stopped - networks: - octofarm: - - octofarm: - image: octofarm/octofarm:latest - restart: unless-stopped - mem_limit: 400m # Feel free to adjust! 400 MB is quite high and a safety limit. - networks: - reverse-proxy: - octofarm: - octoproxy: - ipv4_address: 172.42.0.3 - environment: - - MONGO=mongodb://octofarm:${OCTOFARM_DB_PW}@octofarm-db:27017/octofarm?authSource=admin - ports: - - 4000:4000 - expose: - - 4000 - volumes: - - ./data/OctoFarm/logs:/app/logs - - ./data/OctoFarm/scripts:/app/scripts - - ./data/OctoFarm/images:/app/images - - ./data/OctoFarm/hosts:/etc/hosts:ro - - octoproxy: - image: nginx:latest - volumes: - - ./data/octoproxy/config/:/etc/nginx/conf.d/ - - /etc/localtime:/etc/localtime:ro - - /etc/letsencrypt:/etc/nginx/certs - networks: - octoproxy: - ipv4_address: 172.42.0.2 - restart: unless-stopped - - octostreamer: - image: gersilex/cvlc - command: rtsp://admin:@10.10.42.60 --sout '#transcode{vcodec=MJPG,venc=ffmpeg{strict=1}}:standard{access=http{mime=multipart/x-mixed-replace;boundary=--7b3cc56e5f51db803f790dad720ed50a},mux=mpjpeg,dst=:8080/}' - networks: - reverse-proxy: - environment: - - RS_SNAPSHOT_INTERVAL=1000 - - octorestreamer: - image: datarhei/restreamer:latest - restart: always - networks: - reverse-proxy: - environment: - - RS_USERNAME=admin - - RS_PASSWORD=${OCTORESTREAMER_PW} - ports: - - 8087:8080 - volumes: - - ./data/restreamer/db:/restreamer/db - -# docker-zabbix-agent: -# restart: always -# ports: -# - '10060:10050' -# volumes: -# - /etc/localtime:/etc/localtime:ro -# - /etc/timezone:/etc/timezone:ro -# environment: -# - ZBX_SERVER_HOST=172.21.0.1 -# - ZBX_HOSTNAME=USV -# image: apcupsd -# devices: -# - /dev/usb/hiddev0 -# build: -# context: ./data/usv/ -# dockerfile: Dockerfile - - docker-zabbix-agent2: - restart: always - ports: - - '10061:10050' - volumes: - - /etc/localtime:/etc/localtime:ro - - /etc/timezone:/etc/timezone:ro - environment: - - ZBX_SERVER_HOST=192.168.64.1 - - ZBX_HOSTNAME=SSL - image: zabbix/zabbix-agent2 - - odoo: - image: odoo-sfz - build: - context: ./data/odoo - dockerfile: Dockerfile - depends_on: - - odoo-db - environment: - - HOST=odoo-db - - USER=odoo - - PASSWORD=${ODOO_DB_PW} - networks: - reverse-proxy: - odoo: - volumes: - - ./data/odoo/addons:/var/lib/odoo/.local/share/Odoo/addons/14.0/ - - ./data/odoo/conf:/etc/odoo - - ./data/odoo/data:/var/lib/odoo - - odoo-db: - image: postgres:13 - environment: - - POSTGRES_DB=postgres - - POSTGRES_PASSWORD=${ODOO_DB_PW} - - POSTGRES_USER=odoo - networks: - odoo: - volumes: - - ./data/odoo/db:/var/lib/postgresql/data - - roundcubedb: - image: mysql:5.7 - container_name: roundcubedb - restart: unless-stopped - volumes: - - ./data/webmail/db/mysql:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD=${WEBMAIL_PW} - - MYSQL_DATABASE=roundcubemail - networks: - roundcube: - - documentserver: - restart: always - image: onlyoffice/documentserver - networks: - reverse-proxy: - - roundcubemail: - image: roundcube/roundcubemail:latest - container_name: roundcubemail - restart: unless-stopped - networks: - reverse-proxy: - roundcube: - depends_on: - - roundcubedb - volumes: - - ./data/webmail/www:/var/www/html - environment: - - ROUNDCUBEMAIL_DB_TYPE=mysql - - ROUNDCUBEMAIL_DB_HOST=roundcubedb - - ROUNDCUBEMAIL_DB_PASSWORD=${WEBMAIL_PW} - - ROUNDCUBEMAIL_SKIN=elastic - - ROUNDCUBEMAIL_DEFAULT_HOST=tls://mail.sfz-aalen.space - - ROUNDCUBEMAIL_SMTP_SERVER=tls://mail.sfz-aalen.space - - partdb-db: - image: mysql - command: --default-authentication-plugin=mysql_native_password - restart: always - networks: - partdb: - environment: - MYSQL_ROOT_PASSWORD: ${PARTDB_ROOT_PW} - - partdb: - container_name: partdb - # By default Part-DB will be running under Port 8080, you can change it here - image: jbtronics/part-db1:master - volumes: - # By default - - ./uploads:/var/www/html/uploads - - ./public_media:/var/www/html/public/media - restart: unless-stopped - networks: - reverse-proxy: - partdb: + MQTT_USERNAME: ${MQTT_USERNAME} + MQTT_PASSWORD: ${MQTT_PASSWORD} + entrypoint: + - sh + - -c + - | + touch /mosquitto/config/passwd + mosquitto_passwd -b /mosquitto/config/passwd $${MQTT_USERNAME:?err} $${MQTT_PASSWORD:?err} + echo "bind_address 0.0.0.0" > /mosquitto/config/mosquitto.conf + echo "password_file /mosquitto/config/passwd" >> /mosquitto/config/mosquitto.conf + echo "allow_anonymous false" >> /mosquitto/config/mosquitto.conf + /usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf diff --git a/fab_access/config.py b/fab_access/config.py index 21908b7..e5ab1c0 100644 --- a/fab_access/config.py +++ b/fab_access/config.py @@ -1,9 +1,11 @@ +import os + class Config: broker = 'mosquitto' port = 1883 client_id = f'FabMan' keycloak_url = 'http://keycloak:8080/auth/' - keycloak_username = os.environ['KEYCLOAK_USER_NAME'] - keycloak_password = os.environ['KEYCLOAK_USER_PW'] - keycloak_realm = os.environ['KEYCLOAK_REALM'] + keycloak_username = os.getenv('KEYCLOAK_USER_NAME') + keycloak_password = os.getenv('KEYCLOAK_USER_PW') + keycloak_realm = os.getenv('KEYCLOAK_REALM') diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..c57afff --- /dev/null +++ b/requirements.txt @@ -0,0 +1,4 @@ +keycloak_wrapper +paho-mqtt +psycopg[binary] +python-keycloak