-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy patharchiver-service.docker-compose.yml
220 lines (216 loc) · 7.62 KB
/
archiver-service.docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
services:
archiver-service-api:
image: ${OPENEM_BACKEND_IMAGE_NAME}:${OPENEM_IMAGE_TAG}
container_name: archiver-service-api
build:
context: ./backend/api
dockerfile: ./Dockerfile
environment:
- PREFECT_LOGGING_LEVEL=${PREFECT_LOGGING_LEVEL}
- PREFECT_API_URL=http://prefect-server:4200/api
- UVICORN_ROOT_PATH=/archiver/api/v1
- UVICORN_PORT=8000
- UVICORN_LOG_LEVEL=info
- UVICORN_RELOAD=False
- MINIO_ENDPOINT=${MINIO_EXTERNAL_ENDPOINT}
secrets:
- minio_user
- minio_password
- idp_client_secret
- idp_password
expose:
- 8000
labels:
- "traefik.enable=true"
- "traefik.http.routers.backend.rule=Host(`${HOST}`) && PathPrefix(`/archiver/api/v1`)"
- "traefik.http.middlewares.backend-stripprefix.stripprefix.prefixes=/archiver/api/v1"
- "traefik.http.routers.backend.entrypoints=websecure"
- "traefik.http.routers.backend.tls"
- "traefik.http.routers.backend.middlewares=backend-stripprefix"
- "traefik.http.services.backend.loadbalancer.server.port=8000"
networks:
- scopemarchiver_network
prefect-server:
image: prefecthq/prefect:${PREFECT_VERSION}
container_name: prefect-server
restart: always
volumes:
- prefect-volume-new:/root/.prefect
entrypoint:
- /bin/sh
- -c
- |
export PREFECT_API_DATABASE_PASSWORD=$$(cat /var/run/secrets/postgres_pass)
export PREFECT_API_DATABASE_USER=$$(cat /var/run/secrets/postgres_user)
export PREFECT_API_DATABASE_CONNECTION_URL=postgresql+asyncpg://$$PREFECT_API_DATABASE_USER:$$PREFECT_API_DATABASE_PASSWORD@postgres:5432/prefect
/opt/prefect/entrypoint.sh prefect server start
secrets:
- postgres_pass
- postgres_user
healthcheck:
test: ["CMD", "prefect", "version"]
interval: 5s
timeout: 15s
retries: 5
start_period: 5s
environment:
- PREFECT_LOGGING_LEVEL=${PREFECT_LOGGING_LEVEL}
- PREFECT_HOME=/opt/prefect
- PREFECT_API_DATABASE_ECHO=False
- PREFECT_API_DATABASE_MIGRATE_ON_START=True
- PREFECT_TASK_DEFAULT_RETRIES=2
- PREFECT_TASK_DEFAULT_RETRY_DELAY_SECONDS=[1,10,100]
# working; PREFECT has some issues with api prefixes...
- PREFECT_UI_SERVE_BASE=/archiver/prefect/ui
- PREFECT_UI_URL=http://prefect-server:4200/api
- PREFECT_API_URL=https://${HOST}/archiver/prefect/api
- PREFECT_SERVER_API_HOST=0.0.0.0
expose:
- 4200
depends_on:
- postgres
labels:
- "traefik.enable=true"
- "traefik.http.services.prefect-server.loadbalancer.server.port=4200"
# UI
- "traefik.http.routers.prefect-server.rule=Host(`${HOST}`) && PathPrefix(`/archiver/prefect/ui`)"
- "traefik.http.routers.prefect-server.entrypoints=websecure"
- "traefik.http.routers.prefect-server.tls"
- "traefik.http.services.prefect-server.loadbalancer.server.port=4200"
- "traefik.http.routers.prefect-api-server.rule=Host(`${HOST}`) && PathPrefix(`/archiver/prefect/api`)"
- "traefik.http.routers.prefect-api-server.entrypoints=websecure"
- "traefik.http.routers.prefect-api-server.tls"
- "traefik.http.middlewares.prefect-api-strip.stripprefix.prefixes=/archiver/prefect"
- "traefik.http.routers.prefect-api-server.middlewares=prefect-api-strip"
networks:
- scopemarchiver_network
postgres:
image: postgres:15.2-alpine
restart: always
environment:
- POSTGRES_USER_FILE=/run/secrets/postgres_user
- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_pass
- POSTGRES_DB=prefect
secrets:
- postgres_user
- postgres_pass
expose:
- 5432
volumes:
- postgres-volume-new:/var/lib/postgresql/data
networks:
- scopemarchiver_network
prefect-config:
image: ${PREFECT_CONFIG_IMAGE_NAME}:${OPENEM_IMAGE_TAG:-latest}
container_name: prefect-config
build:
context: ./backend/
dockerfile: ./prefect/config.Dockerfile
args:
PREFECT_VERSION: ${PREFECT_VERSION}
tags:
- ${OPENEM_IMAGE_TAG}
networks:
- scopemarchiver_network
environment:
- PREFECT_LOGGING_LEVEL=${PREFECT_LOGGING_LEVEL}
- PREFECT_API_URL=http://prefect-server:4200/api
- SCICAT_ENDPOINT=${SCICAT_ENDPOINT}
- MINIO_EXTERNAL_ENDPOINT=${MINIO_EXTERNAL_ENDPOINT}
- MINIO_ENDPOINT=${MINIO_ENDPOINT}
# Secrets are stored as blocks, removing _FILE suffix
- MINIO_USER_FILE=/run/secrets/minio_user
- MINIO_PASSWORD_FILE=/run/secrets/minio_password
- GITHUB_USER_FILE=/run/secrets/github_user
- GITHUB_PASSWORD_FILE=/run/secrets/github_pass
- SCICAT_USER_FILE=/run/secrets/scicat_user
- SCICAT_PASSWORD_FILE=/run/secrets/scicat_pass
volumes:
- type: bind
source: ./backend/prefect/vars.toml
target: /var/local/vars.toml
- type: bind
source: ./backend/prefect/concurrency-limits.toml
target: /var/local/concurrency-limits.toml
command: "-v /var/local/vars.toml -s MINIO_USER_FILE MINIO_PASSWORD_FILE GITHUB_USER_FILE GITHUB_PASSWORD_FILE SCICAT_USER_FILE SCICAT_PASSWORD_FILE -l /var/local/concurrency-limits.toml"
depends_on:
prefect-server:
condition: service_healthy
secrets:
- minio_user
- minio_password
- github_user
- github_pass
- scicat_user
- scicat_pass
prefect-flows-deployment:
# Uses the runtime image: prefect will import the code and there it needs all packages installed
image: ${PREFECT_RUNTIME_IMAGE_NAME}:${OPENEM_IMAGE_TAG:-latest}
build:
context: ./backend/archiver
dockerfile: ../prefect/runtime.Dockerfile
args:
LTS_ROOT_FOLDER: ${LTS_ROOT_FOLDER}
PREFECT_VERSION: ${PREFECT_VERSION}
UID: 123
GID: 123
container_name: prefect-flows-deployment
networks:
- scopemarchiver_network
environment:
### Prefect specific values
- PREFECT_LOGGING_LEVEL=${PREFECT_LOGGING_LEVEL}
- PREFECT_API_URL=http://prefect-server:4200/api
### Deployment values for interpolation in prefect.yaml
- PREFECT_VERSION=${PREFECT_VERSION}
- PREFECT_WORKER_LTS_VOLUME_NAME=scopemarchiver_${PREFECT_WORKER_LTS_VOLUME_NAME}
- LTS_ROOT_FOLDER=${LTS_ROOT_FOLDER}
- PREFECT_NETWORK=scopemarchiver_network
- PREFECT_RUNTIME_IMAGE=${PREFECT_RUNTIME_IMAGE_NAME}:${OPENEM_IMAGE_TAG:-latest}
command: prefect --no-prompt deploy --all --prefect-file /prefect.yaml
working_dir: /app/backend
volumes:
- type: bind
source: ./backend/prefect/prefect.yaml
target: /prefect.yaml
read_only: true
- /usr/bin/docker:/usr/bin/docker
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
prefect-server:
condition: service_healthy
labels:
- "traefik.enable=false"
volumes:
lts-mock-volume:
driver: local
nfs-lts-share:
driver_opts:
type: "nfs"
o: "nfsvers=3,addr=lts22,nolock"
device: ":/scopem_lts_nfs_test_lts22"
postgres-volume-new:
driver: local
prefect-volume-new:
driver: local
secrets:
postgres_user:
file: ./.secrets/postgresuser.txt
postgres_pass:
file: ./.secrets/postgrespass.txt
github_user:
file: ./.secrets/githubuser.txt
github_pass:
file: ./.secrets/githubpass.txt
scicat_user:
file: ./.secrets/scicatuser.txt
scicat_pass:
file: ./.secrets/scicatpass.txt
minio_user:
file: ./.secrets/miniouser.txt
minio_password:
file: ./.secrets/miniopass.txt
idp_client_secret:
file: ./.secrets/idpclientsecret.txt
idp_password:
file: ./.secrets/idppassword.txt