##// END OF EJS Templates
rhodecode-enterprise-docker
RSS
release of new installer/docker stack updates...
super-admin -
Show More
Show file before | Show file after | Hide comments
@@ -0,0 +1,4 b''
1 .git/*
2
3 #.source/*
4 #.cache/* No newline at end of file
Show file before | Show file after | Hide comments
@@ -0,0 +1,19 b''
1 [security]
2 admin_user=admin
3 admin_password=admin
4
5 [users]
6 allow_sign_up=false
7
8 [smtp]
9 enabled=true
10 host=
11 user=
12 password=
13 from_address=alerting-grafana@grafana.localhost
14 from_name=[Grafana] Alerting
15
16 # subpath /_grafana
17 [server]
18 serve_from_sub_path=true
19 root_url=%(protocol)s://%(domain)s:%(http_port)s/_grafana/
Show file before | Show file after | Hide comments
1 NO CONTENT: new file 100644
Show file before | Show file after | Hide comments
@@ -0,0 +1,3 b''
1 Store your certificate files here.
2 your-domain.crt
3 your-domain.key No newline at end of file
Show file before | Show file after | Hide comments
@@ -0,0 +1,42 b''
1 ## Static configuration, needs traefik reload
2
3 entryPoints:
4 http:
5 address: ":80"
6
7 https:
8 address: ":443"
9
10 # ssh:
11 # address: ":${RC_SSH_PORT:?must-specify-ssh-port}"
12
13 traefik:
14 address: ":7000"
15
16 api:
17 dashboard: false
18 insecure: false # change to true to expose dashboard
19
20 accessLog: {}
21
22 log:
23 # DEBUG / INFO
24 level: INFO
25
26 metrics:
27 prometheus: {}
28
29
30 providers:
31 docker:
32 exposedByDefault: false
33 swarmMode: false
34
35 file:
36 filename: "/etc/traefik/traefik_dynamic.yaml"
37 watch: true
38
39
40 serversTransport:
41 #this disables SSL certificate verification for legacy own cert services like NextCloud etc
42 insecureSkipVerify: true
Show file before | Show file after | Hide comments
@@ -0,0 +1,24 b''
1
2 ## Setting up the middleware for redirect to https ##
3 http:
4
5 middlewares:
6
7 https-redirect:
8 redirectScheme:
9 scheme: https
10 # permanent: true
11
12 middlewares-rate-limit:
13 rateLimit:
14 average: 100
15 burst: 50
16
17 # Dynamic configuration for standard file based SSL cert
18 # create a custom copy of the traefik into .custom/ and remount this
19 # to enable custom certificates
20 #tls:
21 # certificates:
22 # # first certificate
23 # - certFile: /etc/traefik/certs/rhodecode-com.cert
24 # keyFile: /etc/traefik/certs/rhodecode-com.key
Show file before | Show file after | Hide comments
@@ -0,0 +1,312 b''
1 version: '3.9'
2
3 x-logging: &custom-logging
4 # docker plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions
5 # NOTE: loki logging driver ONLY works for host type networks...
6 driver: loki
7 options:
8 loki-url: "http://127.0.0.1:3100/loki/api/v1/push"
9 #loki-url: "http://loki:3100/loki/api/v1/push"
10 loki-retries: "5"
11 loki-timeout: "1s"
12 loki-max-backoff: "800ms"
13
14 volumes:
15
16 # volume for RhodeCode repo-store, it's where the repositories will be stored
17 rhodecode_repos:
18 labels:
19 "keep": 1
20
21
22 services:
23
24 rhodecode:
25 networks:
26 - rhodecode_network
27 image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var}
28 env_file:
29 - .custom/.runtime.env
30 stdin_open: true
31 tty: true
32 restart: always
33 command: [
34 "/usr/local/bin/rhodecode_bin/bin/gunicorn",
35 "--name=gunicorn-rhodecode-1",
36 "--error-logfile=-",
37 "--paster=/etc/rhodecode/conf/rhodecode.optimized.ini",
38 "--config=/etc/rhodecode/conf/gunicorn_conf.py"
39 ]
40
41 # ports:
42 # - "127.0.0.1::10020"
43
44 build:
45 context: .
46 dockerfile: service/rhodecode/rhodecode.dockerfile
47 args:
48 TZ: ${TZ}
49 RHODECODE_VERSION: ${RC_VERSION:?specify-RC_VERSION-env-var}
50 RHODECODE_DB: postgresql://rhodecode:${DB_PASSWORD:?must-specify-db-password}@database/${DB_NAME:?must-specify-db-name}
51 RHODECODE_USER_NAME: ${RHODECODE_USER_NAME}
52 RHODECODE_USER_PASS: ${RHODECODE_USER_PASS}
53 RHODECODE_USER_EMAIL: ${RHODECODE_USER_EMAIL}
54
55 environment:
56 RC_APP_TYPE: rhodecode_http
57 RC_APP_PROC: 1
58 SSL_CERT_FILE: "/etc/rhodecode/conf/ca-bundle.crt"
59 REQUESTS_CA_BUNDLE: "/etc/rhodecode/conf/ca-bundle.crt"
60 GIT_SSL_CAINFO: "/etc/rhodecode/conf/ca-bundle.crt"
61 GEVENT_RESOLVER: "ares"
62
63 DB_UPGRADE: 1 # run the DB upgrade
64 SETUP_APP: 1 # run the application default settings setup, can be turned off after initial run
65 #FORCE_DB_INIT_FILE: 1 # force the database init, warning: destroys old DB
66 #FORCE_RC_SETUP_APP: 1 # force running setup scripts for configuration/license application
67 MAIN_INI_PATH: /etc/rhodecode/conf/rhodecode.optimized.ini
68
69 # SVN Specific
70 MOD_DAV_SVN_PORT: 8090
71 APACHE_LOG_DIR: /var/log/rhodecode/svn
72 MOD_DAV_SVN_CONF_FILE: /etc/rhodecode/conf/svn/mod_dav_svn.conf
73
74 healthcheck:
75 test: [ "CMD", "curl", "-A", "RhodeCode-Healthcheck", "-s", "-o", "/dev/null", "-w", "'%{http_code}'", "http://127.0.0.1:10020/_admin/ops/ping" ]
76 timeout: 30s
77 interval: 60s
78 retries: 10
79
80 # depends_on:
81 # - database
82 # - redis
83 # - channelstream
84
85 volumes:
86 - confvolume:/etc/rhodecode/conf
87 - logvolume:/var/log/rhodecode
88 - rhodecode_repos:/var/opt/rhodecode_repo_store
89 - rc_datavolume:/var/opt/rhodecode_data
90
91 tmpfs:
92 - /data_ramdisk:size=${RC_DATA_RAMDISK_SIZE:?specify-RC_DATA_RAMDISK_SIZE-env-var}
93
94 logging:
95 *custom-logging
96
97 labels:
98 - "traefik.enable=false"
99
100 vcsserver:
101 networks:
102 - rhodecode_network
103 image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var}
104 env_file:
105 - .custom/.runtime.env
106 stdin_open: true
107 tty: true
108 restart: always
109 command: [
110 "/home/rhodecode/.rccontrol/vcsserver-1/profile/bin/gunicorn",
111 "--name=gunicorn-vcsserver-1",
112 "--error-logfile=-",
113 "--paster=/etc/rhodecode/conf/vcsserver.optimized.ini",
114 "--config=/etc/rhodecode/conf/gunicorn_conf_vcs.py"
115 ]
116
117 # ports:
118 # - "127.0.0.1::10010"
119
120 healthcheck:
121 test: [ "CMD", "curl", "-A", "RhodeCode-Healthcheck", "-s", "-o", "/dev/null", "-w", "'%{http_code}'", "http://127.0.0.1:10010/status" ]
122 timeout: 30s
123 interval: 60s
124 retries: 10
125
126 environment:
127 RC_APP_TYPE: rhodecode_vcsserver
128 RC_APP_PROC: 1
129 MAIN_INI_PATH: /etc/rhodecode/conf/vcsserver.optimized.ini
130 SSL_CERT_FILE: "/etc/rhodecode/conf/ca-bundle.crt"
131 REQUESTS_CA_BUNDLE: "/etc/rhodecode/conf/ca-bundle.crt"
132 GIT_SSL_CAINFO: "/etc/rhodecode/conf/ca-bundle.crt"
133
134 # depends_on:
135 # - redis
136
137 volumes:
138 - confvolume:/etc/rhodecode/conf
139 - logvolume:/var/log/rhodecode
140 - rhodecode_repos:/var/opt/rhodecode_repo_store
141 - rc_datavolume:/var/opt/rhodecode_data
142
143 logging:
144 *custom-logging
145
146 celery:
147 networks:
148 - rhodecode_network
149 image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var}
150 env_file:
151 - .custom/.runtime.env
152 stdin_open: true
153 tty: true
154 restart: always
155 command: [
156 "/usr/local/bin/rhodecode_bin/bin/celery",
157 "worker",
158 "--task-events",
159 "--autoscale=10,2",
160 "--no-color",
161 "--app=rhodecode.lib.celerylib.loader",
162 "--loglevel=DEBUG",
163 "--ini=/etc/rhodecode/conf/rhodecode.optimized.ini"
164 ]
165
166 environment:
167 RC_APP_TYPE: rhodecode_celery
168 RC_APP_PROC: 1
169 MAIN_INI_PATH: /etc/rhodecode/conf/rhodecode.optimized.ini
170 SSL_CERT_FILE: "/etc/rhodecode/conf/ca-bundle.crt"
171 REQUESTS_CA_BUNDLE: "/etc/rhodecode/conf/ca-bundle.crt"
172 GIT_SSL_CAINFO: "/etc/rhodecode/conf/ca-bundle.crt"
173
174 # depends_on:
175 # - database
176 # - redis
177
178 volumes:
179 - confvolume:/etc/rhodecode/conf
180 - logvolume:/var/log/rhodecode
181 - rhodecode_repos:/var/opt/rhodecode_repo_store
182 - rc_datavolume:/var/opt/rhodecode_data
183
184 logging:
185 *custom-logging
186
187 labels:
188 - "traefik.enable=false"
189
190 celery-beat:
191 # This service is not scalable
192 networks:
193 - rhodecode_network
194 image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var}
195 env_file:
196 - .custom/.runtime.env
197 stdin_open: true
198 tty: true
199 restart: always
200 command: [
201 "/usr/local/bin/rhodecode_bin/bin/celery",
202 "beat",
203 "--no-color",
204 "--app=rhodecode.lib.celerylib.loader",
205 "--scheduler=rhodecode.lib.celerylib.scheduler.RcScheduler",
206 "--loglevel=DEBUG",
207 "--ini=/etc/rhodecode/conf/rhodecode.optimized.ini"
208 ]
209
210 environment:
211 RC_APP_TYPE: rhodecode_beat
212 RC_APP_PROC: 1
213 MAIN_INI_PATH: /etc/rhodecode/conf/rhodecode.optimized.ini
214 SSL_CERT_FILE: "/etc/rhodecode/conf/ca-bundle.crt"
215 REQUESTS_CA_BUNDLE: "/etc/rhodecode/conf/ca-bundle.crt"
216 GIT_SSL_CAINFO: "/etc/rhodecode/conf/ca-bundle.crt"
217
218 # depends_on:
219 # - database
220 # - redis
221
222 volumes:
223 - confvolume:/etc/rhodecode/conf
224 - logvolume:/var/log/rhodecode
225 - rhodecode_repos:/var/opt/rhodecode_repo_store
226 - rc_datavolume:/var/opt/rhodecode_data
227
228 logging:
229 *custom-logging
230
231 labels:
232 - "traefik.enable=false"
233
234 svn:
235 networks:
236 - rhodecode_network
237 image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var}
238 env_file:
239 - .custom/.runtime.env
240
241 # build:
242 # context: .
243 # dockerfile: service/svn/rhodecode_svn.dockerfile
244 # args:
245 # APACHE_VER: 1.3
246
247 stdin_open: true
248 tty: true
249 restart: always
250 command: ["apachectl", "-D", "FOREGROUND"]
251
252 environment:
253 RC_APP_TYPE: rhodecode_svn
254
255 # SVN Specific
256 MOD_DAV_SVN_PORT: 8090
257 APACHE_LOG_DIR: /var/log/rhodecode/svn
258 MOD_DAV_SVN_CONF_FILE: /etc/rhodecode/conf/svn/mod_dav_svn.conf
259
260 # ports:
261 # - "127.0.0.1::8090"
262
263 healthcheck:
264 test: [ "CMD", "curl", "-A", "RhodeCode-Healthcheck", "-s", "-o", "/dev/null", "-w", "'%{http_code}'", "http://127.0.0.1:8090/_server_status" ]
265 timeout: 30s
266 interval: 60s
267 retries: 10
268
269 volumes:
270 - confvolume:/etc/rhodecode/conf
271 - logvolume:/var/log/rhodecode
272 - rhodecode_repos:/var/opt/rhodecode_repo_store
273
274 logging:
275 *custom-logging
276
277 sshd:
278 networks:
279 - rhodecode_network
280 image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var}
281 env_file:
282 - .custom/.runtime.env
283
284 stdin_open: true
285 tty: true
286 restart: always
287 command: ["/usr/sbin/sshd", "-f", "/etc/rhodecode/sshd_config", "-D", "-e"]
288
289 environment:
290 RC_APP_TYPE: rhodecode_sshd
291 SSH_BOOTSTRAP: 1
292
293 # ports:
294 # # set from .env file
295 # - "${RC_SSH_PORT:?must-specify-ssh-port}:22"
296
297 volumes:
298 - confvolume:/etc/rhodecode/conf
299 - logvolume:/var/log/rhodecode
300 - rhodecode_repos:/var/opt/rhodecode_repo_store
301 - rc_datavolume:/var/opt/rhodecode_data
302
303 logging:
304 *custom-logging
305
306 labels:
307 - "traefik.enable=true"
308 - "traefik.http.routers.sshd.entrypoints=ssh"
309 - "traefik.http.routers.sshd.rule=Host(`*`)"
310 - "traefik.http.services.sshd.loadbalancer.server.port=${RC_SSH_PORT:?must-specify-ssh-port}"
311
312
Show file before | Show file after | Hide comments
@@ -0,0 +1,46 b''
1 version: '3.9'
2
3 ## Shared base stuff for all compose files in stack
4
5 x-logging: &custom-logging
6 # docker plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions
7 # NOTE: loki logging driver ONLY works for host type networks...
8 driver: loki
9 options:
10 loki-url: "http://127.0.0.1:3100/loki/api/v1/push"
11 #loki-url: "http://loki:3100/loki/api/v1/push"
12 loki-retries: "5"
13 loki-timeout: "1s"
14 loki-max-backoff: "800ms"
15
16 volumes:
17 # shared logvolume
18 logvolume:
19 driver: local
20 driver_opts:
21 type: none
22 o: bind
23 device: $PWD/logs
24
25 # bind-mount with configs
26 confvolume:
27 driver: local
28 driver_opts:
29 type: none
30 o: bind
31 device: $PWD/config/_shared
32
33 # SHARED volume for rhodecode caches, archive caches, nginx static,
34 # must be run via: docker volume create --name=rc_datavolume
35 rc_datavolume:
36 external: true
37
38 networks:
39
40 # SHARED network for all containers
41 # must be run via: docker network create --name=rhodecode_network
42 rhodecode_network:
43 name: rhodecode_network
44 driver: bridge
45 external: true
46
Show file before | Show file after | Hide comments
@@ -0,0 +1,78 b''
1 version: '3.9'
2
3 x-logging: &custom-logging
4 # docker plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions
5 # NOTE: loki logging driver ONLY works for host type networks...
6 driver: loki
7 options:
8 loki-url: "http://127.0.0.1:3100/loki/api/v1/push"
9 #loki-url: "http://loki:3100/loki/api/v1/push"
10 loki-retries: "5"
11 loki-timeout: "1s"
12 loki-max-backoff: "800ms"
13
14 ## docker network create -d overlay lb-net
15 services:
16
17 traefik:
18
19 image: traefik:v2.9.5
20
21 ports:
22 # The HTTP port, exposed as http entrypoint
23 - "80:80"
24 # The HTTPS port, exposed as https entrypoint
25 - "443:443"
26 # The SSH port
27 - "${RC_SSH_PORT}:${RC_SSH_PORT}"
28 # The Web UI (enabled by --api.insecure=true)
29 # uncomment to expose dashboard at port :7000
30 #- "7000:7000"
31 volumes:
32 # So that Traefik can listen to the Docker events
33 - /var/run/docker.sock:/var/run/docker.sock
34 - ./config/traefik:/etc/traefik
35 deploy:
36 placement:
37 constraints:
38 # limit swarm deploy to MANAGER only
39 - node.role == manager
40 networks:
41 - rhodecode_network
42
43 labels:
44 - "traefik.enable=true"
45
46 logging:
47 *custom-logging
48
49 portainer:
50 # Run with COMPOSE_PROFILES=portainer
51 # to access portainer set HEADER `X-Docker-Host=portainer`
52 image: portainer/portainer-ce:latest
53 restart: always
54 volumes:
55 - portainer_data:/data
56 - /var/run/docker.sock:/var/run/docker.sock
57 deploy:
58 mode: replicated
59 replicas: 1
60 placement:
61 constraints:
62 # limit swarm deploy to MANAGER only
63 - node.role == manager
64
65 networks:
66 - rhodecode_network
67 labels:
68 - "traefik.enable=true"
69 - "traefik.http.services.portainer.loadbalancer.server.port=9000"
70 - "traefik.http.routers.portainer.entrypoints=https"
71 - "traefik.http.routers.portainer.rule=Headers(`X-Docker-Host`, `portainer`)"
72
73 profiles:
74 ["portainer"]
75
76 volumes:
77 portainer_data:
78 external: true No newline at end of file
Show file before | Show file after | Hide comments
@@ -0,0 +1,240 b''
1 version: '3.9'
2
3 x-logging: &custom-logging
4 # docker plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions
5 # NOTE: loki logging driver ONLY works for host type networks...
6 driver: loki
7 options:
8 loki-url: "http://127.0.0.1:3100/loki/api/v1/push"
9 #loki-url: "http://loki:3100/loki/api/v1/push"
10 loki-retries: "5"
11 loki-timeout: "1s"
12 loki-max-backoff: "800ms"
13
14 volumes:
15
16 # volume for redis data store
17 redis_data:
18 labels:
19 "keep": 1
20
21 # volume for Postgres db store
22
23 # volume for Postgres Data
24 pg_data:
25 labels:
26 "keep": 1
27
28 # volume for rhodecode elasticsearch
29 es_data:
30 labels:
31 "keep": 1
32
33
34 services:
35
36 channelstream:
37 networks:
38 - rhodecode_network
39 image: channelstream/channelstream:0.7.1
40
41 restart: always
42
43 # ports:
44 # - "127.0.0.1:9800:9800"
45
46 command: ["channelstream", "-i", "/etc/rhodecode/conf/channelstream.ini"]
47
48 environment:
49 CHANNELSTREAM_ALLOW_POSTING_FROM: 0.0.0.0
50
51 healthcheck:
52 test: [ "CMD", "curl", "-s", "-o", "/dev/null", "-w", "'%{http_code}'", "http://channelstream:8000/admin/sign_in" ]
53 timeout: 5s
54 interval: 60s
55 retries: 10
56
57 volumes:
58 - confvolume:/etc/rhodecode/conf
59 - logvolume:/var/log/rhodecode
60
61 logging:
62 *custom-logging
63
64 labels:
65 - "traefik.enable=false"
66 #- "traefik.http.routers.channelstream.entrypoints=http"
67 #- "traefik.http.services.channelstream.loadbalancer.server.port=9800"
68
69 profiles:
70 ["channelstream"]
71
72 nginx:
73 networks:
74 - rhodecode_network
75 image: library/nginx:1.23.2
76
77 restart: always
78
79 environment:
80 NGINX_ENTRYPOINT_QUIET_LOGS: 1
81
82 healthcheck:
83 # change port 80 to 443 when only using SSL
84 test: [ "CMD", "curl", "-A", "RhodeCode-Healthcheck", "-s", "-o", "/dev/null", "-w", "'%{http_code}'", "http://127.0.0.1:80/_admin/ops/ping" ]
85 timeout: 30s
86 interval: 60s
87 retries: 10
88
89 # depends_on:
90 # - channelstream
91
92 volumes:
93 - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
94 - ./config/nginx/http.conf:/etc/nginx/http.conf:ro
95 - ./config/nginx/proxy.conf:/etc/nginx/proxy.conf:ro
96 - logvolume:/var/log/rhodecode
97 - rc_datavolume:/var/opt/rhodecode_data
98
99 logging:
100 *custom-logging
101
102 labels:
103 - "traefik.enable=true"
104 - "traefik.http.routers.nginx.entrypoints=http"
105 - "traefik.http.services.nginx.loadbalancer.server.port=80"
106 - "traefik.http.routers.nginx.rule=Host(`${RHODECODE_HOSTNAME:?must-specify-rhodecode-hostname}`)"
107
108 elasticsearch:
109 networks:
110 - rhodecode_network
111 image: elasticsearch:6.8.23
112
113 environment:
114 - cluster.name=elasticsearch-cluster
115 - network.host=0.0.0.0
116 - bootstrap.memory_lock=true
117 - discovery.type=single-node
118 - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
119 healthcheck:
120 # change port 80 to 443 when only using SSL
121 test: [ "CMD", "curl", "-A", "RhodeCode-Healthcheck", "-s", "-o", "/dev/null", "-w", "'%{http_code}'", "elasticsearch:9200/_cat/health" ]
122 timeout: 30s
123 interval: 60s
124 retries: 10
125
126 ulimits:
127 memlock:
128 soft: -1
129 hard: -1
130
131 volumes:
132 - es_data:/usr/share/elasticsearch/data
133
134 logging:
135 *custom-logging
136
137 profiles:
138 ["elasticsearch"]
139
140 redis:
141 networks:
142 - rhodecode_network
143 image: library/redis:7.0.5
144
145 restart: always
146 command:
147 - "redis-server"
148 - "/etc/redis/redis.conf"
149 - "--maxmemory-policy allkeys-lru"
150 - "--maxmemory ${RC_REDIS_MAXMEMORY}"
151
152 # ports:
153 # - "127.0.0.1::6379"
154
155 healthcheck:
156 test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ]
157 interval: 60s
158
159 volumes:
160 - ./config/redis/redis.conf:/etc/redis/redis.conf:ro
161 - logvolume:/var/log/rhodecode
162 - redis_data:/data
163
164 profiles:
165 ["redis"]
166
167 logging:
168 *custom-logging
169
170 database:
171 networks:
172 - rhodecode_network
173 image: library/postgres:14.6
174
175 environment:
176 POSTGRES_DB: ${DB_NAME:?must-specify-db-name}
177 POSTGRES_USER: ${DB_USER:?must-specify-db-user}
178 PGUSER: ${DB_USER:?must-specify-db-user}
179 POSTGRES_PASSWORD: ${DB_PASSWORD:?must-specify-db-password}
180 POSTGRES_HOST_AUTH_METHOD: md5
181 POSTGRES_INITDB_ARGS: "--auth-host=md5 --auth-local=md5"
182
183 restart: unless-stopped
184 command:
185 - "postgres"
186 - "-c"
187 - "log_statement=ddl"
188 - "-c"
189 - "config_file=/etc/conf.d/pg_customized.conf"
190
191 # ports:
192 # - "127.0.0.1::5432"
193
194 healthcheck:
195 test: ["CMD-SHELL", "pg_isready", '-U', "$DB_USER"]
196 interval: 10s
197 timeout: 5s
198 retries: 5
199
200 volumes:
201 - $PWD/config/database/pg_customized.conf:/etc/conf.d/pg_customized.conf:ro
202 # db dumps reverse mount
203 - $PWD/.custom/db_dump:/var/rc-data-dump
204 # save the pg_data volume
205 - pg_data:/var/lib/postgresql/data
206 - logvolume:/var/log/rhodecode
207
208 profiles:
209 ["postgres"]
210
211 logging:
212 *custom-logging
213
214 database-mysql:
215 networks:
216 - rhodecode_network
217 image: library/mysql:8.0.31
218
219 environment:
220 MYSQL_DATABASE: ${DB_NAME:?must-specify-db-name}
221 MYSQL_USER: ${DB_USER:?must-specify-db-user}
222 MYSQL_PASSWORD: ${DB_PASSWORD:?must-specify-db-password}
223 MYSQL_ROOT_PASSWORD: ${DB_PASSWORD:?must-specify-db-password}
224
225 restart: unless-stopped
226
227 # ports:
228 # - "127.0.0.1::3306"
229
230 volumes:
231 - ./config/database/mysql_customized.conf:/etc/mysql/conf.d/config-file.cnf:ro
232 # save the mysql_data volume
233 - $PWD/mysql_dir:/var/lib/mysql
234 - logvolume:/var/log/rhodecode
235
236 profiles:
237 ["mysql"]
238
239 logging:
240 *custom-logging
Show file before | Show file after | Hide comments
@@ -0,0 +1,1 b''
1 scripts/rccontrol/rccontrol No newline at end of file
Show file before | Show file after | Hide comments
This diff has been collapsed as it changes many lines, (2889 lines changed) Show them Hide them
@@ -0,0 +1,2889 b''
1 #!/usr/bin/env bash
2 # This script was generated by bashly 0.8.10 (https://bashly.dannyb.co)
3 # Modifying it manually is not recommended
4
5 # :wrapper.bash3_bouncer
6 if [[ "${BASH_VERSINFO:-0}" -lt 4 ]]; then
7 printf "bash version 4 or higher is required\n" >&2
8 exit 1
9 fi
10
11 # :command.master_script
12
13 # :command.version_command
14 version_command() {
15 echo "$version"
16 }
17
18 # :command.usage
19 rccontrol_usage() {
20 if [[ -n $long_usage ]]; then
21 printf "rccontrol - RhodeCode Control - CLI for manaing RhodeCode Cluster Stack\n"
22 echo
23
24 else
25 printf "rccontrol - RhodeCode Control - CLI for manaing RhodeCode Cluster Stack\n"
26 echo
27
28 fi
29
30 printf "Usage:\n"
31 printf " rccontrol [OPTIONS] COMMAND\n"
32 printf " rccontrol [COMMAND] --help | -h\n"
33 printf " rccontrol --version | -v\n"
34 echo
35 # :command.usage_commands
36 printf "Commands:\n"
37 echo " self-update update rccontrol and it's docker definitions"
38 echo " bootstrap Bootstrap this machine, check docker version and install rhodecode-network"
39 echo " stack run one of available cluster stacks, use -h for more details"
40 echo " stack-status show stack status"
41 echo " stack-upgrade upgrade ALL stack status"
42 echo
43 printf "Build Commands:\n"
44 echo " get-build-artifacts Fetch Artifacts to run installer based build"
45 echo " build Build RhodeCode image from installer"
46 echo " get-build-source Fetch RhodeCode sources, store in .source dir to run a source-based builds"
47 echo " build-source Build RhodeCode image from source, requires upgrade-source initially"
48 echo
49 printf "CLI Commands:\n"
50 echo " cli-redis CLI"
51 echo " cli-db CLI"
52 echo " cli-db-upgrade CLI"
53 echo
54 printf "Backup Commands:\n"
55 echo " backup-db CLI"
56 echo " backup-data CLI"
57 echo
58
59 # :command.long_usage
60 if [[ -n $long_usage ]]; then
61 printf "Options:\n"
62
63 # :command.usage_fixed_flags
64 echo " --help, -h"
65 printf " Show this help\n"
66 echo
67 echo " --version, -v"
68 printf " Show version number\n"
69 echo
70
71 # :command.usage_flags
72 # :flag.usage
73 echo " --debug"
74 printf " Enable debug and detailed output\n"
75 echo
76
77 # :command.usage_environment_variables
78 printf "Environment Variables:\n"
79
80 # :environment_variable.usage
81 echo " AUTH_TOKEN"
82 printf " Set your RhodeCode AUTH Token\n"
83 echo
84
85 # :environment_variable.usage
86 echo " RC_CLI_VERSION_NAME"
87 printf " default version to build and install\n"
88 printf " Default: 4.27.0\n"
89 echo
90
91 # :environment_variable.usage
92 echo " RC_STACK_ROUTER_EXT"
93 printf "\n"
94 printf " Default: .custom/docker-compose-router.override.yaml\n"
95 echo
96
97 # :environment_variable.usage
98 echo " RC_STACK_METRICS_EXT"
99 printf "\n"
100 printf " Default: .custom/docker-compose-metrics.override.yaml\n"
101 echo
102
103 # :environment_variable.usage
104 echo " RC_STACK_SERVICES_EXT"
105 printf "\n"
106 printf " Default: .custom/docker-compose-services.override.yaml\n"
107 echo
108
109 # :environment_variable.usage
110 echo " RC_STACK_RHODECODE_EXT"
111 printf "\n"
112 printf " Default: .custom/docker-compose-apps.override.yaml\n"
113 echo
114
115 # :command.footer
116 printf "RhodeCode Inc 2022\n\n"
117 echo
118
119 fi
120 }
121
122 # :command.usage
123 rccontrol_self_update_usage() {
124 if [[ -n $long_usage ]]; then
125 printf "rccontrol self-update - update rccontrol and it's docker definitions\n"
126 echo
127
128 else
129 printf "rccontrol self-update - update rccontrol and it's docker definitions\n"
130 echo
131
132 fi
133
134 printf "Usage:\n"
135 printf " rccontrol self-update [OPTIONS]\n"
136 printf " rccontrol self-update --help | -h\n"
137 echo
138
139 # :command.long_usage
140 if [[ -n $long_usage ]]; then
141 printf "Options:\n"
142
143 # :command.usage_fixed_flags
144 echo " --help, -h"
145 printf " Show this help\n"
146 echo
147
148 # :command.usage_flags
149 # :flag.usage
150 echo " --auth-token AUTH_TOKEN"
151 printf " Optionally specify AUTH TOKEN to obtain sources\n"
152 echo
153
154 # :flag.usage
155 echo " --server-url SERVER_URL"
156 printf " Specify RhodeCode server location where projects should be downloaded\n"
157 printf " Default: https://code.rhodecode.com\n"
158 echo
159
160 fi
161 }
162
163 # :command.usage
164 rccontrol_bootstrap_usage() {
165 if [[ -n $long_usage ]]; then
166 printf "rccontrol bootstrap - Bootstrap this machine, check docker version and install rhodecode-network\n"
167 echo
168
169 else
170 printf "rccontrol bootstrap - Bootstrap this machine, check docker version and install rhodecode-network\n"
171 echo
172
173 fi
174
175 printf "Alias: install\n"
176 echo
177
178 printf "Usage:\n"
179 printf " rccontrol bootstrap [OPTIONS]\n"
180 printf " rccontrol bootstrap --help | -h\n"
181 echo
182
183 # :command.long_usage
184 if [[ -n $long_usage ]]; then
185 printf "Options:\n"
186
187 # :command.usage_fixed_flags
188 echo " --help, -h"
189 printf " Show this help\n"
190 echo
191
192 # :command.usage_flags
193 # :flag.usage
194 echo " --force, -f"
195 printf " Overwrite existing files\n"
196 echo
197
198 # :flag.usage
199 echo " --auth-token AUTH_TOKEN"
200 printf " Optionally specify AUTH TOKEN to obtain sources\n"
201 echo
202
203 # :flag.usage
204 echo " --server-url SERVER_URL"
205 printf " Specify RhodeCode server location where projects should be downloaded\n"
206 printf " Default: https://code.rhodecode.com\n"
207 echo
208
209 # :command.usage_examples
210 printf "Examples:\n"
211 printf " rccontrol3 bootstrap\n"
212 printf " rccontrol3 bootstrap --force\n"
213 echo
214
215 fi
216 }
217
218 # :command.usage
219 rccontrol_get_build_artifacts_usage() {
220 if [[ -n $long_usage ]]; then
221 printf "rccontrol get-build-artifacts - Fetch Artifacts to run installer based build\n"
222 echo
223
224 else
225 printf "rccontrol get-build-artifacts - Fetch Artifacts to run installer based build\n"
226 echo
227
228 fi
229
230 printf "Usage:\n"
231 printf " rccontrol get-build-artifacts [OPTIONS]\n"
232 printf " rccontrol get-build-artifacts --help | -h\n"
233 echo
234
235 # :command.long_usage
236 if [[ -n $long_usage ]]; then
237 printf "Options:\n"
238
239 # :command.usage_fixed_flags
240 echo " --help, -h"
241 printf " Show this help\n"
242 echo
243
244 # :command.usage_flags
245 # :flag.usage
246 echo " --auth AUTH"
247 printf " Specify custom auth for curl e.g -u admin:secret\n"
248 printf " Default: \n"
249 echo
250
251 # :flag.usage
252 echo " --installer-url INSTALLER_URL"
253 printf " Installer Download URL\n"
254 printf " Default: https://dls.rhodecode.com/dls/N2E2ZTY1NzA3NjYxNDA2NTc1NjI3MTcyNzA2MjcxNzIyZTcwNjI3YQ==/rhodecode-control/latest-linux-ee\n"
255 echo
256
257 # :flag.usage
258 echo " --manifest-url MANIFEST_URL"
259 printf " Manifest file url\n"
260 printf " Default: https://dls.rhodecode.com/linux/MANIFEST\n"
261 echo
262
263 # :flag.usage
264 echo " --version-name VERSION_NAME"
265 printf " Specify custom build ver e.g $RC_CLI_VERSION_NAME\n"
266 printf " Default: $RC_CLI_VERSION_NAME\n"
267 echo
268
269 fi
270 }
271
272 # :command.usage
273 rccontrol_build_usage() {
274 if [[ -n $long_usage ]]; then
275 printf "rccontrol build - Build RhodeCode image from installer\n"
276 echo
277
278 else
279 printf "rccontrol build - Build RhodeCode image from installer\n"
280 echo
281
282 fi
283
284 printf "Usage:\n"
285 printf " rccontrol build [OPTIONS]\n"
286 printf " rccontrol build --help | -h\n"
287 echo
288
289 # :command.long_usage
290 if [[ -n $long_usage ]]; then
291 printf "Options:\n"
292
293 # :command.usage_fixed_flags
294 echo " --help, -h"
295 printf " Show this help\n"
296 echo
297
298 # :command.usage_flags
299 # :flag.usage
300 echo " --version-name VERSION_NAME"
301 printf " Specify custom build ver e.g $RC_CLI_VERSION_NAME\n"
302 printf " Default: $RC_CLI_VERSION_NAME\n"
303 echo
304
305 fi
306 }
307
308 # :command.usage
309 rccontrol_get_build_source_usage() {
310 if [[ -n $long_usage ]]; then
311 printf "rccontrol get-build-source - Fetch RhodeCode sources, store in .source dir to run a source-based builds\n"
312 echo
313
314 else
315 printf "rccontrol get-build-source - Fetch RhodeCode sources, store in .source dir to run a source-based builds\n"
316 echo
317
318 fi
319
320 printf "Usage:\n"
321 printf " rccontrol get-build-source REVISION [OPTIONS]\n"
322 printf " rccontrol get-build-source --help | -h\n"
323 echo
324
325 # :command.long_usage
326 if [[ -n $long_usage ]]; then
327 printf "Options:\n"
328
329 # :command.usage_fixed_flags
330 echo " --help, -h"
331 printf " Show this help\n"
332 echo
333
334 # :command.usage_flags
335 # :flag.usage
336 echo " --auth-token AUTH_TOKEN"
337 printf " Specify AUTH TOKEN to obtain sources\n"
338 echo
339
340 # :flag.usage
341 echo " --server-url SERVER_URL"
342 printf " Specify RhodeCode server location where projects should be downloaded\n"
343 printf " Default: https://code.rhodecode.com\n"
344 echo
345
346 # :command.usage_args
347 printf "Arguments:\n"
348
349 # :argument.usage
350 echo " REVISION"
351 printf " revision to download\n"
352 echo
353
354 # :command.usage_examples
355 printf "Examples:\n"
356 printf " rccontrol3 get-sources $RC_CLI_VERSION_NAME\n"
357 printf " rccontrol3 get-sources default --auth-token xyxyxyx --server-url\n https://secret.repo/\n"
358 echo
359
360 fi
361 }
362
363 # :command.usage
364 rccontrol_build_source_usage() {
365 if [[ -n $long_usage ]]; then
366 printf "rccontrol build-source - Build RhodeCode image from source, requires upgrade-source initially\n"
367 echo
368
369 else
370 printf "rccontrol build-source - Build RhodeCode image from source, requires upgrade-source initially\n"
371 echo
372
373 fi
374
375 printf "Usage:\n"
376 printf " rccontrol build-source [OPTIONS]\n"
377 printf " rccontrol build-source --help | -h\n"
378 echo
379
380 # :command.long_usage
381 if [[ -n $long_usage ]]; then
382 printf "Options:\n"
383
384 # :command.usage_fixed_flags
385 echo " --help, -h"
386 printf " Show this help\n"
387 echo
388
389 # :command.usage_flags
390 # :flag.usage
391 echo " --version-name VERSION_NAME"
392 printf " Specify custom build ver e.g $RC_CLI_VERSION_NAME\n"
393 printf " Default: $RC_CLI_VERSION_NAME\n"
394 echo
395
396 # :command.usage_examples
397 printf "Examples:\n"
398 printf " build foo\n"
399 echo
400
401 fi
402 }
403
404 # :command.usage
405 rccontrol_stack_usage() {
406 if [[ -n $long_usage ]]; then
407 printf "rccontrol stack - run one of available cluster stacks, use -h for more details\n"
408 echo
409
410 else
411 printf "rccontrol stack - run one of available cluster stacks, use -h for more details\n"
412 echo
413
414 fi
415
416 printf "Usage:\n"
417 printf " rccontrol stack NAME [SERVICES PARAMS...]\n"
418 printf " rccontrol stack --help | -h\n"
419 echo
420
421 # :command.long_usage
422 if [[ -n $long_usage ]]; then
423 printf "Options:\n"
424
425 # :command.usage_fixed_flags
426 echo " --help, -h"
427 printf " Show this help\n"
428 echo
429
430 # :command.usage_args
431 printf "Arguments:\n"
432
433 # :argument.usage
434 echo " NAME"
435 printf " Stack name\n"
436 printf " Allowed: router, metrics, services, rhodecode\n"
437 echo
438
439 echo " SERVICES PARAMS..."
440 printf " Additional arguments or flags for services command\n"
441 echo
442
443 # :command.usage_examples
444 printf "Examples:\n"
445 printf " - ./rccontrol3 stack router up # run router stack with output to\n console\n - ./rccontrol3 stack router up --detach # run router stack detached\n - ./rccontrol3 stack router down # stop whole router stack\n - ./rccontrol3 stack router ps # check status of router stack\n - ./rccontrol3 stack router -f docker-overrides.yaml up -d # run router stack\n with your overrides\n"
446 echo
447
448 fi
449 }
450
451 # :command.usage
452 rccontrol_stack_status_usage() {
453 if [[ -n $long_usage ]]; then
454 printf "rccontrol stack-status - show stack status\n"
455 echo
456
457 else
458 printf "rccontrol stack-status - show stack status\n"
459 echo
460
461 fi
462
463 printf "Alias: status\n"
464 echo
465
466 printf "Usage:\n"
467 printf " rccontrol stack-status\n"
468 printf " rccontrol stack-status --help | -h\n"
469 echo
470
471 # :command.long_usage
472 if [[ -n $long_usage ]]; then
473 printf "Options:\n"
474
475 # :command.usage_fixed_flags
476 echo " --help, -h"
477 printf " Show this help\n"
478 echo
479
480 fi
481 }
482
483 # :command.usage
484 rccontrol_stack_upgrade_usage() {
485 if [[ -n $long_usage ]]; then
486 printf "rccontrol stack-upgrade - upgrade ALL stack status\n"
487 echo
488
489 else
490 printf "rccontrol stack-upgrade - upgrade ALL stack status\n"
491 echo
492
493 fi
494
495 printf "Usage:\n"
496 printf " rccontrol stack-upgrade\n"
497 printf " rccontrol stack-upgrade --help | -h\n"
498 echo
499
500 # :command.long_usage
501 if [[ -n $long_usage ]]; then
502 printf "Options:\n"
503
504 # :command.usage_fixed_flags
505 echo " --help, -h"
506 printf " Show this help\n"
507 echo
508
509 fi
510 }
511
512 # :command.usage
513 rccontrol_cli_redis_usage() {
514 if [[ -n $long_usage ]]; then
515 printf "rccontrol cli-redis - CLI\n"
516 echo
517
518 else
519 printf "rccontrol cli-redis - CLI\n"
520 echo
521
522 fi
523
524 printf "Usage:\n"
525 printf " rccontrol cli-redis\n"
526 printf " rccontrol cli-redis --help | -h\n"
527 echo
528
529 # :command.long_usage
530 if [[ -n $long_usage ]]; then
531 printf "Options:\n"
532
533 # :command.usage_fixed_flags
534 echo " --help, -h"
535 printf " Show this help\n"
536 echo
537
538 fi
539 }
540
541 # :command.usage
542 rccontrol_cli_db_usage() {
543 if [[ -n $long_usage ]]; then
544 printf "rccontrol cli-db - CLI\n"
545 echo
546
547 else
548 printf "rccontrol cli-db - CLI\n"
549 echo
550
551 fi
552
553 printf "Usage:\n"
554 printf " rccontrol cli-db\n"
555 printf " rccontrol cli-db --help | -h\n"
556 echo
557
558 # :command.long_usage
559 if [[ -n $long_usage ]]; then
560 printf "Options:\n"
561
562 # :command.usage_fixed_flags
563 echo " --help, -h"
564 printf " Show this help\n"
565 echo
566
567 fi
568 }
569
570 # :command.usage
571 rccontrol_cli_db_upgrade_usage() {
572 if [[ -n $long_usage ]]; then
573 printf "rccontrol cli-db-upgrade - CLI\n"
574 echo
575
576 else
577 printf "rccontrol cli-db-upgrade - CLI\n"
578 echo
579
580 fi
581
582 printf "Usage:\n"
583 printf " rccontrol cli-db-upgrade\n"
584 printf " rccontrol cli-db-upgrade --help | -h\n"
585 echo
586
587 # :command.long_usage
588 if [[ -n $long_usage ]]; then
589 printf "Options:\n"
590
591 # :command.usage_fixed_flags
592 echo " --help, -h"
593 printf " Show this help\n"
594 echo
595
596 fi
597 }
598
599 # :command.usage
600 rccontrol__completions_usage() {
601 if [[ -n $long_usage ]]; then
602 printf "rccontrol _completions - Generate completions, eval "$(./rccontrol _completions)"\n"
603 echo
604
605 else
606 printf "rccontrol _completions - Generate completions, eval "$(./rccontrol _completions)"\n"
607 echo
608
609 fi
610
611 printf "Usage:\n"
612 printf " rccontrol _completions\n"
613 printf " rccontrol _completions --help | -h\n"
614 echo
615
616 # :command.long_usage
617 if [[ -n $long_usage ]]; then
618 printf "Options:\n"
619
620 # :command.usage_fixed_flags
621 echo " --help, -h"
622 printf " Show this help\n"
623 echo
624
625 fi
626 }
627
628 # :command.usage
629 rccontrol_backup_db_usage() {
630 if [[ -n $long_usage ]]; then
631 printf "rccontrol backup-db - CLI\n"
632 echo
633
634 else
635 printf "rccontrol backup-db - CLI\n"
636 echo
637
638 fi
639
640 printf "Usage:\n"
641 printf " rccontrol backup-db\n"
642 printf " rccontrol backup-db --help | -h\n"
643 echo
644
645 # :command.long_usage
646 if [[ -n $long_usage ]]; then
647 printf "Options:\n"
648
649 # :command.usage_fixed_flags
650 echo " --help, -h"
651 printf " Show this help\n"
652 echo
653
654 # :command.usage_examples
655 printf "Examples:\n"
656 printf " ./rccontrol backup-db\n"
657 echo
658
659 fi
660 }
661
662 # :command.usage
663 rccontrol_backup_data_usage() {
664 if [[ -n $long_usage ]]; then
665 printf "rccontrol backup-data - CLI\n"
666 echo
667
668 else
669 printf "rccontrol backup-data - CLI\n"
670 echo
671
672 fi
673
674 printf "Usage:\n"
675 printf " rccontrol backup-data\n"
676 printf " rccontrol backup-data --help | -h\n"
677 echo
678
679 # :command.long_usage
680 if [[ -n $long_usage ]]; then
681 printf "Options:\n"
682
683 # :command.usage_fixed_flags
684 echo " --help, -h"
685 printf " Show this help\n"
686 echo
687
688 fi
689 }
690
691 # :command.normalize_input
692 normalize_input() {
693 local arg flags
694
695 while [[ $# -gt 0 ]]; do
696 arg="$1"
697 if [[ $arg =~ ^(--[a-zA-Z0-9_\-]+)=(.+)$ ]]; then
698 input+=("${BASH_REMATCH[1]}")
699 input+=("${BASH_REMATCH[2]}")
700 elif [[ $arg =~ ^(-[a-zA-Z0-9])=(.+)$ ]]; then
701 input+=("${BASH_REMATCH[1]}")
702 input+=("${BASH_REMATCH[2]}")
703 elif [[ $arg =~ ^-([a-zA-Z0-9][a-zA-Z0-9]+)$ ]]; then
704 flags="${BASH_REMATCH[1]}"
705 for (( i=0 ; i < ${#flags} ; i++ )); do
706 input+=("-${flags:i:1}")
707 done
708 else
709 input+=("$arg")
710 fi
711
712 shift
713 done
714 }
715 # :command.inspect_args
716 inspect_args() {
717 readarray -t sorted_keys < <(printf '%s\n' "${!args[@]}" | sort)
718 if (( ${#args[@]} )); then
719 echo args:
720 for k in "${sorted_keys[@]}"; do echo "- \${args[$k]} = ${args[$k]}"; done
721 else
722 echo args: none
723 fi
724
725 if (( ${#other_args[@]} )); then
726 echo
727 echo other_args:
728 echo "- \${other_args[*]} = ${other_args[*]}"
729 for i in "${!other_args[@]}"; do
730 echo "- \${other_args[$i]} = ${other_args[$i]}"
731 done
732 fi
733 }
734
735 # :command.user_lib
736 # src/lib/colors.sh
737 print_in_color() {
738 local color="$1"
739 shift
740 if [[ -z ${NO_COLOR+x} ]]; then
741 printf "$color%b\e[0m\n" "$*";
742 else
743 printf "%b\n" "$*";
744 fi
745 }
746
747 red() { print_in_color "\e[31m" "$*"; }
748 green() { print_in_color "\e[32m" "$*"; }
749 yellow() { print_in_color "\e[33m" "$*"; }
750 blue() { print_in_color "\e[34m" "$*"; }
751 magenta() { print_in_color "\e[35m" "$*"; }
752 cyan() { print_in_color "\e[36m" "$*"; }
753 bold() { print_in_color "\e[1m" "$*"; }
754 underlined() { print_in_color "\e[4m" "$*"; }
755 red_bold() { print_in_color "\e[1;31m" "$*"; }
756 green_bold() { print_in_color "\e[1;32m" "$*"; }
757 yellow_bold() { print_in_color "\e[1;33m" "$*"; }
758 blue_bold() { print_in_color "\e[1;34m" "$*"; }
759 magenta_bold() { print_in_color "\e[1;35m" "$*"; }
760 cyan_bold() { print_in_color "\e[1;36m" "$*"; }
761 red_underlined() { print_in_color "\e[4;31m" "$*"; }
762 green_underlined() { print_in_color "\e[4;32m" "$*"; }
763 yellow_underlined() { print_in_color "\e[4;33m" "$*"; }
764 blue_underlined() { print_in_color "\e[4;34m" "$*"; }
765 magenta_underlined() { print_in_color "\e[4;35m" "$*"; }
766 cyan_underlined() { print_in_color "\e[4;36m" "$*"; }
767
768 # src/lib/config.sh
769 config_init() {
770 CONFIG_FILE=${CONFIG_FILE:=config.ini}
771 [[ -f "$CONFIG_FILE" ]] || touch "$CONFIG_FILE"
772 }
773
774 config_get() {
775 local key=$1
776 local regex="^$key *= *(.+)$"
777 local value=""
778
779 config_init
780
781 while IFS= read -r line || [ -n "$line" ]; do
782 if [[ $line =~ $regex ]]; then
783 value="${BASH_REMATCH[1]}"
784 break
785 fi
786 done < "$CONFIG_FILE"
787
788 echo "$value"
789 }
790
791 config_set() {
792 local key=$1
793 shift
794 local value="$*"
795
796 config_init
797
798 local regex="^($key) *= *.+$"
799 local output=""
800 local found_key=""
801 local newline
802
803 while IFS= read -r line || [ -n "$line" ]; do
804 newline=$line
805 if [[ $line =~ $regex ]]; then
806 found_key="${BASH_REMATCH[1]}"
807 newline="$key = $value"
808 output="$output$newline\n"
809 elif [[ $line ]]; then
810 output="$output$line\n"
811 fi
812 done < "$CONFIG_FILE"
813
814 if [[ -z $found_key ]]; then
815 output="$output$key = $value\n"
816 fi
817
818 printf "%b\n" "$output" > "$CONFIG_FILE"
819 }
820
821 config_del() {
822 local key=$1
823
824 local regex="^($key) *="
825 local output=""
826
827 config_init
828
829 while IFS= read -r line || [ -n "$line" ]; do
830 if [[ $line ]] && [[ ! $line =~ $regex ]]; then
831 output="$output$line\n"
832 fi
833 done < "$CONFIG_FILE"
834
835 printf "%b\n" "$output" > "$CONFIG_FILE"
836 }
837
838 config_show() {
839 config_init
840 cat "$CONFIG_FILE"
841 }
842
843 config_keys() {
844 local regex="^([a-zA-Z0-9_\-\/\.]+) *="
845
846 config_init
847
848 local keys=()
849 local key
850
851 while IFS= read -r line || [ -n "$line" ]; do
852 if [[ $line =~ $regex ]]; then
853 key="${BASH_REMATCH[1]}"
854 keys+=("$key")
855 fi
856 done < "$CONFIG_FILE"
857 echo "${keys[@]}"
858 }
859
860 config_has_key() {
861 [[ $(config_get "$1") ]]
862 }
863
864 # src/lib/sample_function.sh
865
866 docker_ping_host() {
867 PING_HOST="$1"
868 docker run --network rhodecode_network --rm alpine ping "$PING_HOST"
869 }
870
871 check_bootstrap() {
872 # Avoid destroying bootstrapping by simple start/stop
873 if [[ ! -e $BOOTSTRAP_FILE ]]; then
874 echo "$(yellow WARNING:) initial bootstrap file $BOOTSTRAP_FILE not found !"
875 echo "$(yellow NOTICE:) Please run ./rccontrol bootstrap first"
876 exit
877 fi
878 }
879
880 # src/lib/send_completions.sh
881 send_completions() {
882 echo $'# rccontrol3 completion -*- shell-script -*-'
883 echo $''
884 echo $'# This bash completions script was generated by'
885 echo $'# completely (https://github.com/dannyben/completely)'
886 echo $'# Modifying it manually is not recommended'
887 echo $''
888 echo $'_rccontrol3_completions_filter() {'
889 echo $' local words="$1"'
890 echo $' local cur=${COMP_WORDS[COMP_CWORD]}'
891 echo $' local result=()'
892 echo $''
893 echo $' if [[ "${cur:0:1}" == "-" ]]; then'
894 echo $' echo "$words"'
895 echo $' '
896 echo $' else'
897 echo $' for word in $words; do'
898 echo $' [[ "${word:0:1}" != "-" ]] && result+=("$word")'
899 echo $' done'
900 echo $''
901 echo $' echo "${result[*]}"'
902 echo $''
903 echo $' fi'
904 echo $'}'
905 echo $''
906 echo $'_rccontrol3_completions() {'
907 echo $' local cur=${COMP_WORDS[COMP_CWORD]}'
908 echo $' local compwords=("${COMP_WORDS[@]:1:$COMP_CWORD-1}")'
909 echo $' local compline="${compwords[*]}"'
910 echo $''
911 echo $' case "$compline" in'
912 echo $' \'upgrade-source\'*)'
913 echo $' while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_rccontrol3_completions_filter "--auth-token --help --server-url -h")" -- "$cur" )'
914 echo $' ;;'
915 echo $''
916 echo $' \'build-source\'*)'
917 echo $' while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_rccontrol3_completions_filter "--help --version-name -h")" -- "$cur" )'
918 echo $' ;;'
919 echo $''
920 echo $' \'self-update\'*)'
921 echo $' while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_rccontrol3_completions_filter "--auth-token --help --server-url -h")" -- "$cur" )'
922 echo $' ;;'
923 echo $''
924 echo $' \'bootstrap\'*)'
925 echo $' while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_rccontrol3_completions_filter "--auth-token --force --help --server-url -f -h")" -- "$cur" )'
926 echo $' ;;'
927 echo $''
928 echo $' \'build\'*)'
929 echo $' while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_rccontrol3_completions_filter "--help --version-name -h")" -- "$cur" )'
930 echo $' ;;'
931 echo $''
932 echo $' \'stack\'*)'
933 echo $' while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_rccontrol3_completions_filter "--help -h metrics rhodecode router services")" -- "$cur" )'
934 echo $' ;;'
935 echo $''
936 echo $' *)'
937 echo $' while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_rccontrol3_completions_filter "--help --version -h -v bootstrap build build-source self-update stack upgrade-source")" -- "$cur" )'
938 echo $' ;;'
939 echo $''
940 echo $' esac'
941 echo $'} &&'
942 echo $'complete -F _rccontrol3_completions rccontrol3'
943 echo $''
944 echo $'# ex: filetype=sh'
945 }
946
947 # src/lib/validate_stack_exists.sh
948
949 validate_stack_exists() {
950 err=""
951 invalid="1"
952
953 for item in $VALID_SERVICES
954 do
955 if [ "$1" == "$item" ]; then
956 invalid=""
957 break
958 fi
959 done
960
961 if [[ -n $invalid ]]; then
962 err="command '$1' not in list of $VALID_SERVICES"
963 fi
964
965 echo $err
966 }
967
968 # :command.command_functions
969 # :command.function
970 rccontrol_self_update_command() {
971 # src/self_update_command.sh
972 check_bootstrap
973
974 echo "# this file is located in 'src/self_update_command.sh'"
975 echo "# code for 'rccontrol3 self-update' goes here"
976 echo "# you can edit it freely and regenerate (it will not be overwritten)"
977 inspect_args
978
979 }
980
981 # :command.function
982 rccontrol_bootstrap_command() {
983 # src/bootstrap_command.sh
984 DEBUG=${args[--debug]}
985 force=${args[--force]}
986
987 check_bash_version() {
988
989 if [ ! "${BASH_VERSINFO:-0}" -ge 4 ]; then
990 echo "$(red Bash version 4 or greater is required, please update your bash version!)"
991 exit
992 fi
993 }
994
995 check_docker() {
996 (which docker || which docker.io) &>/dev/null
997 }
998
999 check_and_install_docker() {
1000 failMsg="Failed to find docker on your PATH"
1001
1002 if ! check_docker; then
1003 echo "$failMsg"
1004 read -p "Enter to install Docker directly from https://get.docker.com/ or Ctrl+C to exit"
1005 curl https://get.docker.com/ | sh
1006
1007 if ! check_docker; then
1008 echo "$failMsg"
1009 echo "Docker install failed. Quitting."
1010 exit
1011 fi
1012 fi
1013 }
1014
1015 docker_bootstrap() {
1016 check_and_install_docker
1017 echo 'Docker: Running bootstrap.'
1018
1019 echo "Docker: creating network 'rc_datavolume'"
1020 docker volume create --name=rc_datavolume
1021 echo "Docker: done"
1022 echo ""
1023
1024 echo "Docker: creating network 'rhodecode_network'"
1025 docker network inspect rhodecode_network >/dev/null 2>&1 || docker network create rhodecode_network
1026 echo "Docker: done"
1027 echo ""
1028
1029 echo "Docker: creating loki logging"
1030 loki_driver=$(docker plugin ls --format {{.Name}} --filter enabled=true | grep loki || echo "")
1031 if [[ $loki_driver == "" ]]; then
1032 docker plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions
1033 else
1034 echo "Docker: loki driver already exists"
1035 fi
1036 }
1037
1038 definitions_bootstrap() {
1039
1040 SOURCE_DIR=$PWD
1041 RHODECODE_DOCKER_HASH='master'
1042
1043 AUTH_TOKEN=${args[--auth-token]}
1044 SERVER_URL=${args[--server-url]}
1045
1046 DEFINITIONS_EXIST=""
1047 CHECK_FILES="rccontrol .env docker-compose-services.yaml docker-compose-apps.yaml"
1048 for check_file in $CHECK_FILES; do
1049 if [[ -f "$check_file" ]]; then
1050 DEFINITIONS_EXIST="1"
1051 fi
1052 done
1053
1054 if [[ -n $DEFINITIONS_EXIST && ! $force ]]; then
1055 echo "$(yellow skipping docker defs creation, existing files found. Use --force to create them anyway)"
1056 return
1057 fi
1058
1059 if [[ -n $DEFINITIONS_EXIST ]]; then
1060 echo "$(yellow docker definitions exists, are you sure to force re-create them?)"
1061 while true; do
1062 read -p "Would you like to continue with overriding file? [yn] " yn
1063 case $yn in
1064 [Yy]*) return 2 ;;
1065 [Nn]*) exit ;;
1066 *) echo "Please answer y or n." ;;
1067 esac
1068 done
1069 fi
1070
1071 exit
1072
1073 # download sources
1074 echo "Files: download rhodecode docker definitions from $SERVER_URL"
1075 echo ""
1076
1077 if [ $DEBUG ]; then
1078 echo "downloading: $SERVER_URL/rhodecode-enterprise-docker/archive/$RHODECODE_DOCKER_HASH.tgz?with_hash=0"
1079 curl --header "X-Rc-Auth-Token: $AUTH_TOKEN" -L $SERVER_URL/rhodecode-enterprise-docker/archive/$RHODECODE_DOCKER_HASH.tgz?with_hash=0 | tar -xz -C $SOURCE_DIR
1080
1081 echo "running CP $SOURCE_DIR/*rhodecode-enterprise-docker-plain/* $SOURCE_DIR"
1082 cp -v -r -f --update --backup=numbered $SOURCE_DIR/*rhodecode-enterprise-docker-plain/* $SOURCE_DIR
1083
1084 echo "removing $SOURCE_DIR/*rhodecode-enterprise-docker-plain"
1085 rm -r $SOURCE_DIR/*rhodecode-enterprise-docker-plain
1086 else
1087 curl -s --header "X-Rc-Auth-Token: $AUTH_TOKEN" -L $SERVER_URL/rhodecode-enterprise-docker/archive/$RHODECODE_DOCKER_HASH.tgz?with_hash=0 | tar -xz -C $SOURCE_DIR
1088
1089 cp -r -f --update --backup=numbered $SOURCE_DIR/*rhodecode-enterprise-docker-plain/* $SOURCE_DIR
1090
1091 rm -r $SOURCE_DIR/*rhodecode-enterprise-docker-plain
1092 fi
1093
1094 echo "$(green_bold DONE: docker definitions extracted to $SOURCE_DIR)"
1095 }
1096
1097 config_bootstrap() {
1098
1099 if [[ ! -f "$CONFIG_FILE" ]]; then
1100 echo "init config at: $CONFIG_FILE"
1101 config_init
1102 else
1103 echo "re-using config at: $CONFIG_FILE"
1104 fi
1105
1106 if ! config_has_key "rc_encrypted_secret" ; then
1107 key=$(echo $RANDOM | md5sum | head -c 32)
1108 config_set "rc_encrypted_secret" $key
1109 fi
1110
1111 if ! config_has_key "rc_db_url" ; then
1112 key=$(echo $RANDOM | md5sum | head -c 32)
1113 config_set "rc_db_url" "postgresql://$DB_USER:$key@database/$DB_NAME"
1114 fi
1115
1116 if ! config_has_key "rc_license_token" ; then
1117 config_set "rc_license_token" abra-cada-bra1-rce4
1118 fi
1119
1120 if ! config_has_key "rc_base_url" ; then
1121 config_set "rc_base_url" http://docker-dev
1122 fi
1123
1124 if ! config_has_key "rc_log_formatter" ; then
1125 # json is another option
1126 config_set "rc_log_formatter" generic
1127 fi
1128
1129 if ! config_has_key "rc_use_celery" ; then
1130 config_set "rc_use_celery" true
1131 fi
1132
1133 BOOTSTRAP_RUNTIME_ENV=$PWD/.custom/.runtime.env
1134 if [[ ! -f "$BOOTSTRAP_RUNTIME_ENV" ]]; then
1135 echo "init runtime env config at: $BOOTSTRAP_RUNTIME_ENV"
1136 touch BOOTSTRAP_RUNTIME_ENV
1137
1138 #ENV_EXPAND=""
1139 for k in $(config_keys); do
1140 k_upper=${k^^}
1141 echo "$k_upper='$(config_get "$k")'" >> $BOOTSTRAP_RUNTIME_ENV
1142 done
1143
1144 fi
1145 }
1146
1147 cur_date=$(date '+%Y-%m-%d %H:%M:%S')
1148
1149 check_bash_version
1150
1151 if [[ ! -e $BOOTSTRAP_FILE ]]; then
1152 echo "initial bootstrap file $BOOTSTRAP_FILE not found !"
1153
1154 docker_bootstrap
1155 definitions_bootstrap
1156 config_bootstrap
1157
1158 echo "$cur_date" > "$BOOTSTRAP_FILE"
1159
1160 else
1161 if [ $force ]; then
1162
1163 docker_bootstrap $force
1164 definitions_bootstrap $force ## TODO: remove old
1165 config_bootstrap $force
1166
1167 echo "$cur_date" > "$BOOTSTRAP_FILE"
1168
1169 exit
1170 fi
1171
1172 echo "bootstrap file $BOOTSTRAP_FILE was found add --force to force bootstrap"
1173 fi
1174
1175 get_started
1176 }
1177
1178 # :command.function
1179 rccontrol_get_build_artifacts_command() {
1180 # src/get_build_artifacts_command.sh
1181 check_bootstrap
1182
1183 DEBUG=${args[--debug]}
1184 AUTH=${args[--auth]}
1185 INSTALLER_URL=${args[--installer-url]}
1186 MANIFEST_URL=${args[--manifest-url]}
1187 RC_VERSION=${args[--version-name]}
1188 VER=$RC_VERSION
1189
1190 CACHE_DIR=$PWD/.cache
1191 VER_REGEX="$VER+x86_64"
1192
1193 echo "Downloading Artifacts for version: $VER"
1194
1195 echo "1/4 Checking available downloads from MANIFEST file"
1196
1197 ARTS=$(curl -s $AUTH $MANIFEST_URL | grep --ignore-case "$VER_REGEX" | cut -d ' ' -f 2)
1198
1199 if [[ $DEBUG ]]; then
1200 echo "DEBUG START"
1201 curl -s $AUTH $MANIFEST_URL | grep --ignore-case "$VER_REGEX" || echo "no regex match"
1202 curl -s $AUTH $MANIFEST_URL | grep --ignore-case "$VER_REGEX" | cut -d ' ' -f 2
1203 echo "Found following artifacts:"
1204 echo $ARTS
1205 echo "DEBUG END"
1206 fi
1207
1208 if [[ $ARTS == "" ]]; then
1209 MSG="Failed to found any MANIFEST entries for version $VER make sure there exists release with that version or use --version to specify different version"
1210 echo "$(red $MSG)"
1211 exit
1212 fi
1213
1214 echo "2/4 Downloading locale-archive"
1215 curl -L https://dls.rhodecode.com/assets/locale-archive -J -O
1216 mv -v locale-archive "$CACHE_DIR"
1217
1218 # vcsserver/ce/ee
1219 echo "3/4 Downloading installer artifacts"
1220 for url in $ARTS; do
1221 echo "Downloading $url with $AUTH"
1222 curl $AUTH --fail-early -L ${url} -J -O
1223 done
1224
1225 #for url in $(curl -s $MANIFEST_URL | grep --ignore-case -E 'control.+\+x86_64' | cut -d ' ' -f 2); do
1226 # echo "Downloading $url"
1227 # curl -L ${url} -J -O
1228 #done
1229
1230 echo "4/4 Downloading installer from $INSTALLER_URL"
1231 curl $AUTH -L $INSTALLER_URL -J -O
1232
1233 INSTALLER=$(ls -Art RhodeCode-installer-* | tail -n 1)
1234 if [[ -n $INSTALLER ]]; then
1235 chmod +x "${INSTALLER}"
1236 fi
1237
1238 echo "Copying artifacts into $CACHE_DIR"
1239
1240 mv -v "${INSTALLER}" $CACHE_DIR
1241 mv -v *.bz2 $CACHE_DIR
1242 ls -lh $CACHE_DIR
1243
1244 }
1245
1246 # :command.function
1247 rccontrol_build_command() {
1248 # src/build_command.sh
1249 check_bootstrap
1250
1251 rc_version=${args[--version-name]}
1252 export RC_VERSION=$rc_version
1253 eval "echo INSTALLER BASED BUILDING${RC_VERSION}"
1254
1255 RC_VERSION=$rc_version ./rccontrol stack rhodecode build --progress plain rhodecode
1256
1257 }
1258
1259 # :command.function
1260 rccontrol_get_build_source_command() {
1261 # src/get_build_source_command.sh
1262 check_bootstrap
1263
1264 AUTH_TOKEN=${args[--auth-token]}
1265 SERVER_URL=${args[--server-url]}
1266 revision=${args[revision]}
1267
1268 SOURCE_DIR=$PWD/.source
1269
1270 RHODECODE_VCS_HASH=$revision
1271 RHODECODE_CE_HASH=$revision
1272 RHODECODE_EE_HASH=$revision
1273
1274 # download sources
1275 echo "** download rhodecode source for build from $SERVER_URL **"
1276
1277 curl --header "X-Rc-Auth-Token: $AUTH_TOKEN" -L $SERVER_URL/rhodecode-vcsserver/archive/$RHODECODE_VCS_HASH.tgz?with_hash=0 | tar -xz -C $SOURCE_DIR
1278 curl --header "X-Rc-Auth-Token: $AUTH_TOKEN" -L $SERVER_URL/rhodecode-enterprise-ce/archive/$RHODECODE_CE_HASH.tgz?with_hash=0 | tar -xz -C $SOURCE_DIR
1279 #TODO: fix just CE build...
1280 curl --header "X-Rc-Auth-Token: $AUTH_TOKEN" -L $SERVER_URL/rhodecode-enterprise-ee/archive/$RHODECODE_EE_HASH.tgz?with_hash=0 | tar -xz -C $SOURCE_DIR
1281
1282 rm -rf $SOURCE_DIR/rhodecode-vcsserver && mv $SOURCE_DIR/*rhodecode-vcsserver-plain $SOURCE_DIR/rhodecode-vcsserver
1283 rm -rf $SOURCE_DIR/rhodecode-enterprise-ce && mv $SOURCE_DIR/*rhodecode-enterprise-ce-plain $SOURCE_DIR/rhodecode-enterprise-ce
1284 rm -rf $SOURCE_DIR/rhodecode-enterprise-ee && cp -r $SOURCE_DIR/*rhodecode-enterprise-ee-plain $SOURCE_DIR/rhodecode-enterprise-ee
1285
1286 echo "downloading sources done to $SOURCE_DIR"
1287
1288 }
1289
1290 # :command.function
1291 rccontrol_build_source_command() {
1292 # src/build_source_command.sh
1293 check_bootstrap
1294
1295 rc_version=${args[--version-name]}
1296 export RC_VERSION=$rc_version
1297 eval "echo SOURCE BASED BUILDING${RC_VERSION}"
1298
1299 RC_VERSION=$rc_version ./rccontrol stack rhodecode -f docker-compose-apps.source.yaml build --progress plain rhodecode
1300
1301 }
1302
1303 # :command.function
1304 rccontrol_stack_command() {
1305 # src/stack_command.sh
1306 check_bootstrap
1307
1308 DEBUG=${args[--debug]}
1309 service_name=${args[name]}
1310
1311 if [[ ! -f $RC_STACK_ROUTER_EXT ]]; then
1312 RC_STACK_ROUTER_EXT=""
1313 else
1314 RC_STACK_ROUTER_EXT="-f $RC_STACK_ROUTER_EXT"
1315 fi
1316
1317 CMD_ROUTER="\
1318 docker compose \
1319 --env-file $ENV_FILE \
1320 $ENV_EXPAND \
1321 -p rc_cluster_router \
1322 -f docker-compose-base.yaml \
1323 -f docker-compose-router.yaml $RC_STACK_ROUTER_EXT"
1324
1325 if [[ ! -f $RC_STACK_SERVICES_EXT ]]; then
1326 RC_STACK_SERVICES_EXT_LCL=""
1327 else
1328 RC_STACK_SERVICES_EXT_LCL="-f $RC_STACK_SERVICES_EXT"
1329 fi
1330
1331 RC_STACK_PROFILES="--profile postgres --profile redis --profile elasticsearch --profile channelstream"
1332
1333 CMD_SERVICES="\
1334 docker compose \
1335 --env-file $ENV_FILE \
1336 $ENV_EXPAND \
1337 $RC_STACK_PROFILES \
1338 -p rc_cluster_services \
1339 -f docker-compose-base.yaml \
1340 -f docker-compose-services.yaml $RC_STACK_SERVICES_EXT_LCL"
1341
1342 if [[ ! -f $RC_STACK_METRICS_EXT ]]; then
1343 RC_STACK_METRICS_EXT_LCL=""
1344 else
1345 RC_STACK_METRICS_EXT_LCL="-f $RC_STACK_METRICS_EXT"
1346 fi
1347
1348 CMD_METRICS="\
1349 docker compose \
1350 --env-file $ENV_FILE \
1351 $ENV_EXPAND \
1352 -p rc_cluster_metrics \
1353 -f docker-compose-base.yaml \
1354 -f docker-compose-metrics.yaml $RC_STACK_METRICS_EXT_LCL"
1355
1356 if [[ ! -f $RC_STACK_RHODECODE_EXT ]]; then
1357 RC_STACK_RHODECODE_EXT_LCL=""
1358 else
1359 RC_STACK_RHODECODE_EXT_LCL="-f $RC_STACK_RHODECODE_EXT"
1360 fi
1361
1362 CMD_RHODECODE="\
1363 docker compose \
1364 --env-file $ENV_FILE \
1365 $ENV_EXPAND \
1366 -p rc_cluster_apps \
1367 -f docker-compose-base.yaml \
1368 -f docker-compose-apps.yaml $RC_STACK_RHODECODE_EXT_LCL"
1369
1370 CMD_RHODECODE_SOURCE="\
1371 docker compose \
1372 --env-file $ENV_FILE \
1373 $ENV_EXPAND \
1374 -p rc_cluster_apps \
1375 -f docker-compose-base.yaml \
1376 -f docker-compose-apps.yaml \
1377 -f docker-compose-apps.source.yaml $RC_STACK_RHODECODE_EXT_LCL"
1378
1379 case $service_name in
1380
1381 services )
1382 if [[ $DEBUG ]]; then
1383 echo "---"
1384 echo "stacks docker: $RC_STACK_SERVICES_EXT_LCL"
1385 echo "running command: ${CMD_SERVICES}"
1386 echo "ARGS: ${other_args[*]}"
1387 echo "---"
1388 fi
1389
1390 eval "${CMD_SERVICES} ${other_args[*]}"
1391 exit
1392 ;;
1393 router )
1394 if [[ $DEBUG ]]; then
1395 echo "---"
1396 echo "stacks docker: $RC_STACK_ROUTER_EXT_LCL"
1397 echo "running command: ${CMD_ROUTER}"
1398 echo "ARGS: ${other_args[*]}"
1399 echo "---"
1400 fi
1401 eval "${CMD_ROUTER} ${other_args[*]}"
1402 exit
1403 ;;
1404 metrics )
1405 if [[ $DEBUG ]]; then
1406 echo "---"
1407 echo "stacks docker: $RC_STACK_METRICS_EXT_LCL"
1408 echo "running command: ${CMD_METRICS}"
1409 echo "ARGS: ${other_args[*]}"
1410 echo "---"
1411 fi
1412 eval "${CMD_METRICS} ${other_args[*]}"
1413 exit
1414 ;;
1415 rhodecode )
1416 if [[ $DEBUG ]]; then
1417 echo "---"
1418 echo "stacks docker: $RC_STACK_RHODECODE_EXT_LCL"
1419 echo "running command: ${CMD_RHODECODE}"
1420 echo "ARGS: ${other_args[*]}"
1421 echo "---"
1422 fi
1423 eval "${CMD_RHODECODE} ${other_args[*]}"
1424 exit
1425 ;;
1426 esac
1427
1428 }
1429
1430 # :command.function
1431 rccontrol_stack_status_command() {
1432 # src/stack_status_command.sh
1433 check_bootstrap
1434 DEBUG=${args[--debug]}
1435 if [[ $DEBUG ]]; then
1436 echo "---"
1437
1438 ps_cmd=$(docker ps --filter=name=rc_cluster --format="{{.ID}}")
1439
1440 for service in $ps_cmd; do
1441
1442 servicename=`docker inspect --format '{{ .Name }}' $service`
1443 servicename=${servicename:1}
1444 echo $servicename
1445 docker inspect $service --format='{{.State.Status}}: {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}'
1446 echo ""
1447
1448 done
1449 fi
1450 echo "---"
1451 docker ps --filter=name=rc_cluster --format="table {{.ID}}\\t{{.Image}}\\t{{.Status}}\\t{{.Names}}\\t{{.Ports}}"
1452 }
1453
1454 # :command.function
1455 rccontrol_stack_upgrade_command() {
1456 # src/stack_upgrade_command.sh
1457 check_bootstrap
1458
1459 echo "# this file is located in 'src/stack_upgrade_command.sh'"
1460 echo "# code for 'rccontrol stack-upgrade' goes here"
1461 echo "# you can edit it freely and regenerate (it will not be overwritten)"
1462 inspect_args
1463
1464 }
1465
1466 # :command.function
1467 rccontrol_cli_redis_command() {
1468 # src/cli_redis_command.sh
1469 check_bootstrap
1470
1471 DEBUG=${args[--debug]}
1472
1473 target_container=rc_cluster_services-redis-1
1474 docker_id=$(docker ps --filter name=$target_container -q)
1475
1476 if [[ $DEBUG ]]; then
1477 echo "container id: $docker_id, based on $target_container filter"
1478 docker ps
1479 fi
1480
1481 if [ "$docker_id" == "" ]; then
1482 MSG="Cannot find container ID with name $target_container"
1483 echo "$(red $MSG)"
1484 exit
1485 fi
1486
1487 if [[ $DEBUG ]]; then
1488 echo "Running |docker exec --interactive --tty $docker_id $CMD|"
1489 echo "docker exec --interactive --tty $docker_id /bin/bash -c 'redis-cli'"
1490 fi
1491
1492 eval "docker exec --interactive --tty $docker_id /bin/bash -c 'redis-cli'"
1493
1494 }
1495
1496 # :command.function
1497 rccontrol_cli_db_command() {
1498 # src/cli_db_command.sh
1499 check_bootstrap
1500
1501 DEBUG=${args[--debug]}
1502
1503 target_container=rc_cluster_services-database-1
1504 docker_id=$(docker ps --filter name=$target_container -q)
1505
1506 if [[ $DEBUG ]]; then
1507 echo "container id: $docker_id, based on $target_container filter"
1508 docker ps
1509 fi
1510
1511 if [ "$docker_id" == "" ]; then
1512 MSG="Cannot find container ID with name $target_container"
1513 echo "$(red $MSG)"
1514 exit
1515 fi
1516
1517 if [[ $DEBUG ]]; then
1518 echo "Running |docker exec --interactive --tty $docker_id $CMD|"
1519 echo "docker exec --interactive --tty $docker_id /bin/bash -c 'PGPASSWORD=$DB_PASSWORD psql --username=$DB_USER --dbname=$DB_NAME'"
1520 fi
1521
1522 eval "docker exec --interactive --tty $docker_id /bin/bash -c 'PGPASSWORD=$DB_PASSWORD psql --username=$DB_USER --dbname=$DB_NAME'"
1523
1524 }
1525
1526 # :command.function
1527 rccontrol_cli_db_upgrade_command() {
1528 # src/cli_db_upgrade_command.sh
1529 check_bootstrap
1530
1531 DEBUG=${args[--debug]}
1532
1533 target_container=rc_cluster_apps-rhodecode-1
1534 docker_id=$(docker ps --filter name=$target_container -q)
1535
1536 if [[ $DEBUG ]]; then
1537 echo "container id: $docker_id, based on $target_container filter"
1538 docker ps
1539 fi
1540
1541 if [ "$docker_id" == "" ]; then
1542 MSG="Cannot find container ID with name $target_container"
1543 echo "$(red $MSG)"
1544 exit
1545 fi
1546
1547 if [[ $DEBUG ]]; then
1548 echo "./rccontrol stack rhodecode exec rhodecode /usr/local/bin/rhodecode_bin/bin/rc-upgrade-db /etc/rhodecode/conf/rhodecode.optimized.ini --force-yes"
1549 fi
1550
1551 ./rccontrol stack rhodecode exec rhodecode /usr/local/bin/rhodecode_bin/bin/rc-upgrade-db /etc/rhodecode/conf/rhodecode.optimized.ini --force-yes
1552 }
1553
1554 # :command.function
1555 rccontrol__completions_command() {
1556 # src/_completions_command.sh
1557 send_completions
1558 }
1559
1560 # :command.function
1561 rccontrol_backup_db_command() {
1562 # src/backup_db_command.sh
1563 check_bootstrap
1564
1565 DEBUG=${args[--debug]}
1566 DESTINATION=${args[destination]}
1567
1568 target_container=rc_cluster_services-database-1
1569
1570 docker_id=$(docker ps --filter name=$target_container -q)
1571 backup_name=rc_db_dump-$(date +%Y-%m-%d).tar.gz
1572
1573 echo "creating backup $backup_name"
1574
1575 if [[ $DEBUG ]]; then
1576 echo "container id: $docker_id, based on $target_container filter"
1577 docker ps
1578 echo "---"
1579 fi
1580
1581 #image_id=$(docker inspect "$docker_id" --format {{.Image}} | cut -c 8-)
1582 #
1583 #if [[ $DEBUG ]]; then
1584 # echo "image id: $image_id, based on $target_container filter"
1585 # docker image ls
1586 # echo "---"
1587 #fi
1588
1589 if [ "$docker_id" == "" ]; then
1590 MSG="Cannot find container ID with name $target_container"
1591 echo "$(red $MSG)"
1592 exit
1593 fi
1594
1595 #if [ "image_id" == "" ]; then
1596 # MSG="Cannot find image ID with name $target_container"
1597 # echo "$(red $MSG)"
1598 # exit
1599 #fi
1600
1601 if [[ $DEBUG ]]; then
1602 echo "docker exec -e PGPASSWORD=$DB_PASSWORD $docker_id /bin/bash -c 'pg_dump --inserts -U $DB_USER -h 127.0.0.1 --dbname=$DB_NAME | gzip > /var/rc-data-dump/$backup_name'"
1603 fi
1604
1605 eval "docker exec -e PGPASSWORD=$DB_PASSWORD $docker_id /bin/bash -c 'pg_dump --inserts -U $DB_USER -h 127.0.0.1 --dbname=$DB_NAME | gzip > /var/rc-data-dump/$backup_name'"
1606 echo "$(green Backup created in /var/rc-data-dump/ mount !)"
1607
1608 }
1609
1610 # :command.function
1611 rccontrol_backup_data_command() {
1612 # src/backup_data_command.sh
1613 echo "# this file is located in 'src/backup_data_command.sh'"
1614 echo "# code for 'rccontrol backup-data' goes here"
1615 echo "# you can edit it freely and regenerate (it will not be overwritten)"
1616 inspect_args
1617
1618 }
1619
1620 # :command.parse_requirements
1621 parse_requirements() {
1622 # :command.fixed_flags_filter
1623 case "${1:-}" in
1624 --version | -v )
1625 version_command
1626 exit
1627 ;;
1628
1629 --help | -h )
1630 long_usage=yes
1631 rccontrol_usage
1632 exit
1633 ;;
1634
1635 # :flag.case
1636 --debug )
1637
1638 # :flag.case_no_arg
1639 args[--debug]=1
1640 shift
1641 ;;
1642
1643 esac
1644
1645 # :command.environment_variables_filter
1646 # :command.environment_variables_default
1647 export RC_CLI_VERSION_NAME="${RC_CLI_VERSION_NAME:-4.27.0}"
1648 export RC_STACK_ROUTER_EXT="${RC_STACK_ROUTER_EXT:-.custom/docker-compose-router.override.yaml}"
1649 export RC_STACK_METRICS_EXT="${RC_STACK_METRICS_EXT:-.custom/docker-compose-metrics.override.yaml}"
1650 export RC_STACK_SERVICES_EXT="${RC_STACK_SERVICES_EXT:-.custom/docker-compose-services.override.yaml}"
1651 export RC_STACK_RHODECODE_EXT="${RC_STACK_RHODECODE_EXT:-.custom/docker-compose-apps.override.yaml}"
1652
1653 # :command.command_filter
1654 action=${1:-}
1655
1656 case $action in
1657 -* )
1658 ;;
1659
1660 self-update )
1661 action="self-update"
1662 shift
1663 rccontrol_self_update_parse_requirements "$@"
1664 shift $#
1665 ;;
1666
1667 bootstrap | install )
1668 action="bootstrap"
1669 shift
1670 rccontrol_bootstrap_parse_requirements "$@"
1671 shift $#
1672 ;;
1673
1674 get-build-artifacts )
1675 action="get-build-artifacts"
1676 shift
1677 rccontrol_get_build_artifacts_parse_requirements "$@"
1678 shift $#
1679 ;;
1680
1681 build )
1682 action="build"
1683 shift
1684 rccontrol_build_parse_requirements "$@"
1685 shift $#
1686 ;;
1687
1688 get-build-source )
1689 action="get-build-source"
1690 shift
1691 rccontrol_get_build_source_parse_requirements "$@"
1692 shift $#
1693 ;;
1694
1695 build-source )
1696 action="build-source"
1697 shift
1698 rccontrol_build_source_parse_requirements "$@"
1699 shift $#
1700 ;;
1701
1702 stack )
1703 action="stack"
1704 shift
1705 rccontrol_stack_parse_requirements "$@"
1706 shift $#
1707 ;;
1708
1709 stack-status | status )
1710 action="stack-status"
1711 shift
1712 rccontrol_stack_status_parse_requirements "$@"
1713 shift $#
1714 ;;
1715
1716 stack-upgrade )
1717 action="stack-upgrade"
1718 shift
1719 rccontrol_stack_upgrade_parse_requirements "$@"
1720 shift $#
1721 ;;
1722
1723 cli-redis )
1724 action="cli-redis"
1725 shift
1726 rccontrol_cli_redis_parse_requirements "$@"
1727 shift $#
1728 ;;
1729
1730 cli-db )
1731 action="cli-db"
1732 shift
1733 rccontrol_cli_db_parse_requirements "$@"
1734 shift $#
1735 ;;
1736
1737 cli-db-upgrade )
1738 action="cli-db-upgrade"
1739 shift
1740 rccontrol_cli_db_upgrade_parse_requirements "$@"
1741 shift $#
1742 ;;
1743
1744 _completions )
1745 action="_completions"
1746 shift
1747 rccontrol__completions_parse_requirements "$@"
1748 shift $#
1749 ;;
1750
1751 backup-db )
1752 action="backup-db"
1753 shift
1754 rccontrol_backup_db_parse_requirements "$@"
1755 shift $#
1756 ;;
1757
1758 backup-data )
1759 action="backup-data"
1760 shift
1761 rccontrol_backup_data_parse_requirements "$@"
1762 shift $#
1763 ;;
1764
1765 # :command.command_fallback
1766 "" )
1767 rccontrol_usage >&2
1768 exit 1
1769 ;;
1770
1771 * )
1772 printf "invalid command: %s\n" "$action" >&2
1773 exit 1
1774 ;;
1775
1776 esac
1777
1778 # :command.parse_requirements_while
1779 while [[ $# -gt 0 ]]; do
1780 key="$1"
1781 case "$key" in
1782
1783 -?* )
1784 printf "invalid option: %s\n" "$key" >&2
1785 exit 1
1786 ;;
1787
1788 * )
1789 # :command.parse_requirements_case
1790 # :command.parse_requirements_case_simple
1791 printf "invalid argument: %s\n" "$key" >&2
1792 exit 1
1793
1794 ;;
1795
1796 esac
1797 done
1798
1799 }
1800
1801 # :command.parse_requirements
1802 rccontrol_self_update_parse_requirements() {
1803 # :command.fixed_flags_filter
1804 case "${1:-}" in
1805 --help | -h )
1806 long_usage=yes
1807 rccontrol_self_update_usage
1808 exit
1809 ;;
1810
1811 esac
1812
1813 # :command.dependencies_filter
1814 if ! [[ -x "$(command -v curl)" ]]; then
1815 printf "missing dependency: curl\n" >&2
1816 exit 1
1817 fi
1818 if ! [[ -x "$(command -v tar)" ]]; then
1819 printf "missing dependency: tar\n" >&2
1820 exit 1
1821 fi
1822
1823 # :command.command_filter
1824 action="self-update"
1825
1826 # :command.parse_requirements_while
1827 while [[ $# -gt 0 ]]; do
1828 key="$1"
1829 case "$key" in
1830 # :flag.case
1831 --auth-token )
1832
1833 # :flag.case_arg
1834 if [[ -n ${2+x} ]]; then
1835
1836 args[--auth-token]="$2"
1837 shift
1838 shift
1839 else
1840 printf "%s\n" "--auth-token requires an argument: --auth-token AUTH_TOKEN" >&2
1841 exit 1
1842 fi
1843 ;;
1844
1845 # :flag.case
1846 --server-url )
1847
1848 # :flag.case_arg
1849 if [[ -n ${2+x} ]]; then
1850
1851 args[--server-url]="$2"
1852 shift
1853 shift
1854 else
1855 printf "%s\n" "--server-url requires an argument: --server-url SERVER_URL" >&2
1856 exit 1
1857 fi
1858 ;;
1859
1860 -?* )
1861 printf "invalid option: %s\n" "$key" >&2
1862 exit 1
1863 ;;
1864
1865 * )
1866 # :command.parse_requirements_case
1867 # :command.parse_requirements_case_simple
1868 printf "invalid argument: %s\n" "$key" >&2
1869 exit 1
1870
1871 ;;
1872
1873 esac
1874 done
1875
1876 # :command.default_assignments
1877 [[ -n ${args[--server-url]:-} ]] || args[--server-url]="https://code.rhodecode.com"
1878
1879 }
1880
1881 # :command.parse_requirements
1882 rccontrol_bootstrap_parse_requirements() {
1883 # :command.fixed_flags_filter
1884 case "${1:-}" in
1885 --help | -h )
1886 long_usage=yes
1887 rccontrol_bootstrap_usage
1888 exit
1889 ;;
1890
1891 esac
1892
1893 # :command.dependencies_filter
1894 if ! [[ -x "$(command -v curl)" ]]; then
1895 printf "missing dependency: curl\n" >&2
1896 exit 1
1897 fi
1898 if ! [[ -x "$(command -v tar)" ]]; then
1899 printf "missing dependency: tar\n" >&2
1900 exit 1
1901 fi
1902 if ! [[ -x "$(command -v md5sum)" ]]; then
1903 printf "missing dependency: md5sum\n" >&2
1904 exit 1
1905 fi
1906
1907 # :command.command_filter
1908 action="bootstrap"
1909
1910 # :command.parse_requirements_while
1911 while [[ $# -gt 0 ]]; do
1912 key="$1"
1913 case "$key" in
1914 # :flag.case
1915 --force | -f )
1916
1917 # :flag.case_no_arg
1918 args[--force]=1
1919 shift
1920 ;;
1921
1922 # :flag.case
1923 --auth-token )
1924
1925 # :flag.case_arg
1926 if [[ -n ${2+x} ]]; then
1927
1928 args[--auth-token]="$2"
1929 shift
1930 shift
1931 else
1932 printf "%s\n" "--auth-token requires an argument: --auth-token AUTH_TOKEN" >&2
1933 exit 1
1934 fi
1935 ;;
1936
1937 # :flag.case
1938 --server-url )
1939
1940 # :flag.case_arg
1941 if [[ -n ${2+x} ]]; then
1942
1943 args[--server-url]="$2"
1944 shift
1945 shift
1946 else
1947 printf "%s\n" "--server-url requires an argument: --server-url SERVER_URL" >&2
1948 exit 1
1949 fi
1950 ;;
1951
1952 -?* )
1953 printf "invalid option: %s\n" "$key" >&2
1954 exit 1
1955 ;;
1956
1957 * )
1958 # :command.parse_requirements_case
1959 # :command.parse_requirements_case_simple
1960 printf "invalid argument: %s\n" "$key" >&2
1961 exit 1
1962
1963 ;;
1964
1965 esac
1966 done
1967
1968 # :command.default_assignments
1969 [[ -n ${args[--server-url]:-} ]] || args[--server-url]="https://code.rhodecode.com"
1970
1971 }
1972
1973 # :command.parse_requirements
1974 rccontrol_get_build_artifacts_parse_requirements() {
1975 # :command.fixed_flags_filter
1976 case "${1:-}" in
1977 --help | -h )
1978 long_usage=yes
1979 rccontrol_get_build_artifacts_usage
1980 exit
1981 ;;
1982
1983 esac
1984
1985 # :command.command_filter
1986 action="get-build-artifacts"
1987
1988 # :command.parse_requirements_while
1989 while [[ $# -gt 0 ]]; do
1990 key="$1"
1991 case "$key" in
1992 # :flag.case
1993 --auth )
1994
1995 # :flag.case_arg
1996 if [[ -n ${2+x} ]]; then
1997
1998 args[--auth]="$2"
1999 shift
2000 shift
2001 else
2002 printf "%s\n" "--auth requires an argument: --auth AUTH" >&2
2003 exit 1
2004 fi
2005 ;;
2006
2007 # :flag.case
2008 --installer-url )
2009
2010 # :flag.case_arg
2011 if [[ -n ${2+x} ]]; then
2012
2013 args[--installer-url]="$2"
2014 shift
2015 shift
2016 else
2017 printf "%s\n" "--installer-url requires an argument: --installer-url INSTALLER_URL" >&2
2018 exit 1
2019 fi
2020 ;;
2021
2022 # :flag.case
2023 --manifest-url )
2024
2025 # :flag.case_arg
2026 if [[ -n ${2+x} ]]; then
2027
2028 args[--manifest-url]="$2"
2029 shift
2030 shift
2031 else
2032 printf "%s\n" "--manifest-url requires an argument: --manifest-url MANIFEST_URL" >&2
2033 exit 1
2034 fi
2035 ;;
2036
2037 # :flag.case
2038 --version-name )
2039
2040 # :flag.case_arg
2041 if [[ -n ${2+x} ]]; then
2042
2043 args[--version-name]="$2"
2044 shift
2045 shift
2046 else
2047 printf "%s\n" "--version-name requires an argument: --version-name VERSION_NAME" >&2
2048 exit 1
2049 fi
2050 ;;
2051
2052 -?* )
2053 printf "invalid option: %s\n" "$key" >&2
2054 exit 1
2055 ;;
2056
2057 * )
2058 # :command.parse_requirements_case
2059 # :command.parse_requirements_case_simple
2060 printf "invalid argument: %s\n" "$key" >&2
2061 exit 1
2062
2063 ;;
2064
2065 esac
2066 done
2067
2068 # :command.default_assignments
2069 [[ -n ${args[--auth]:-} ]] || args[--auth]=""
2070 [[ -n ${args[--installer-url]:-} ]] || args[--installer-url]="https://dls.rhodecode.com/dls/N2E2ZTY1NzA3NjYxNDA2NTc1NjI3MTcyNzA2MjcxNzIyZTcwNjI3YQ==/rhodecode-control/latest-linux-ee"
2071 [[ -n ${args[--manifest-url]:-} ]] || args[--manifest-url]="https://dls.rhodecode.com/linux/MANIFEST"
2072 [[ -n ${args[--version-name]:-} ]] || args[--version-name]="$RC_CLI_VERSION_NAME"
2073
2074 }
2075
2076 # :command.parse_requirements
2077 rccontrol_build_parse_requirements() {
2078 # :command.fixed_flags_filter
2079 case "${1:-}" in
2080 --help | -h )
2081 long_usage=yes
2082 rccontrol_build_usage
2083 exit
2084 ;;
2085
2086 esac
2087
2088 # :command.command_filter
2089 action="build"
2090
2091 # :command.parse_requirements_while
2092 while [[ $# -gt 0 ]]; do
2093 key="$1"
2094 case "$key" in
2095 # :flag.case
2096 --version-name )
2097
2098 # :flag.case_arg
2099 if [[ -n ${2+x} ]]; then
2100
2101 args[--version-name]="$2"
2102 shift
2103 shift
2104 else
2105 printf "%s\n" "--version-name requires an argument: --version-name VERSION_NAME" >&2
2106 exit 1
2107 fi
2108 ;;
2109
2110 -?* )
2111 printf "invalid option: %s\n" "$key" >&2
2112 exit 1
2113 ;;
2114
2115 * )
2116 # :command.parse_requirements_case
2117 # :command.parse_requirements_case_simple
2118 printf "invalid argument: %s\n" "$key" >&2
2119 exit 1
2120
2121 ;;
2122
2123 esac
2124 done
2125
2126 # :command.default_assignments
2127 [[ -n ${args[--version-name]:-} ]] || args[--version-name]="$RC_CLI_VERSION_NAME"
2128
2129 }
2130
2131 # :command.parse_requirements
2132 rccontrol_get_build_source_parse_requirements() {
2133 # :command.fixed_flags_filter
2134 case "${1:-}" in
2135 --help | -h )
2136 long_usage=yes
2137 rccontrol_get_build_source_usage
2138 exit
2139 ;;
2140
2141 esac
2142
2143 # :command.dependencies_filter
2144 if ! [[ -x "$(command -v curl)" ]]; then
2145 printf "missing dependency: curl\n" >&2
2146 exit 1
2147 fi
2148 if ! [[ -x "$(command -v tar)" ]]; then
2149 printf "missing dependency: tar\n" >&2
2150 exit 1
2151 fi
2152
2153 # :command.command_filter
2154 action="get-build-source"
2155
2156 # :command.parse_requirements_while
2157 while [[ $# -gt 0 ]]; do
2158 key="$1"
2159 case "$key" in
2160 # :flag.case
2161 --auth-token )
2162
2163 # :flag.case_arg
2164 if [[ -n ${2+x} ]]; then
2165
2166 args[--auth-token]="$2"
2167 shift
2168 shift
2169 else
2170 printf "%s\n" "--auth-token requires an argument: --auth-token AUTH_TOKEN" >&2
2171 exit 1
2172 fi
2173 ;;
2174
2175 # :flag.case
2176 --server-url )
2177
2178 # :flag.case_arg
2179 if [[ -n ${2+x} ]]; then
2180
2181 args[--server-url]="$2"
2182 shift
2183 shift
2184 else
2185 printf "%s\n" "--server-url requires an argument: --server-url SERVER_URL" >&2
2186 exit 1
2187 fi
2188 ;;
2189
2190 -?* )
2191 printf "invalid option: %s\n" "$key" >&2
2192 exit 1
2193 ;;
2194
2195 * )
2196 # :command.parse_requirements_case
2197 # :command.parse_requirements_case_simple
2198 if [[ -z ${args[revision]+x} ]]; then
2199
2200 args[revision]=$1
2201 shift
2202 else
2203 printf "invalid argument: %s\n" "$key" >&2
2204 exit 1
2205 fi
2206
2207 ;;
2208
2209 esac
2210 done
2211
2212 # :command.required_args_filter
2213 if [[ -z ${args[revision]+x} ]]; then
2214 printf "missing required argument: REVISION\nusage: rccontrol get-build-source REVISION [OPTIONS]\n" >&2
2215 exit 1
2216 fi
2217
2218 # :command.default_assignments
2219 [[ -n ${args[--server-url]:-} ]] || args[--server-url]="https://code.rhodecode.com"
2220
2221 }
2222
2223 # :command.parse_requirements
2224 rccontrol_build_source_parse_requirements() {
2225 # :command.fixed_flags_filter
2226 case "${1:-}" in
2227 --help | -h )
2228 long_usage=yes
2229 rccontrol_build_source_usage
2230 exit
2231 ;;
2232
2233 esac
2234
2235 # :command.command_filter
2236 action="build-source"
2237
2238 # :command.parse_requirements_while
2239 while [[ $# -gt 0 ]]; do
2240 key="$1"
2241 case "$key" in
2242 # :flag.case
2243 --version-name )
2244
2245 # :flag.case_arg
2246 if [[ -n ${2+x} ]]; then
2247
2248 args[--version-name]="$2"
2249 shift
2250 shift
2251 else
2252 printf "%s\n" "--version-name requires an argument: --version-name VERSION_NAME" >&2
2253 exit 1
2254 fi
2255 ;;
2256
2257 -?* )
2258 printf "invalid option: %s\n" "$key" >&2
2259 exit 1
2260 ;;
2261
2262 * )
2263 # :command.parse_requirements_case
2264 # :command.parse_requirements_case_simple
2265 printf "invalid argument: %s\n" "$key" >&2
2266 exit 1
2267
2268 ;;
2269
2270 esac
2271 done
2272
2273 # :command.default_assignments
2274 [[ -n ${args[--version-name]:-} ]] || args[--version-name]="$RC_CLI_VERSION_NAME"
2275
2276 }
2277
2278 # :command.parse_requirements
2279 rccontrol_stack_parse_requirements() {
2280 # :command.fixed_flags_filter
2281 case "${1:-}" in
2282 --help | -h )
2283 long_usage=yes
2284 rccontrol_stack_usage
2285 exit
2286 ;;
2287
2288 esac
2289
2290 # :command.command_filter
2291 action="stack"
2292
2293 # :command.parse_requirements_while
2294 while [[ $# -gt 0 ]]; do
2295 key="$1"
2296 case "$key" in
2297
2298 -?* )
2299 other_args+=("$1")
2300 shift
2301 ;;
2302
2303 * )
2304 # :command.parse_requirements_case
2305 # :command.parse_requirements_case_catch_all
2306 if [[ -z ${args[name]+x} ]]; then
2307
2308 args[name]=$1
2309 shift
2310 else
2311 other_args+=("$1")
2312 shift
2313 fi
2314
2315 ;;
2316
2317 esac
2318 done
2319
2320 # :command.required_args_filter
2321 if [[ -z ${args[name]+x} ]]; then
2322 printf "missing required argument: NAME\nusage: rccontrol stack NAME [SERVICES PARAMS...]\n" >&2
2323 exit 1
2324 fi
2325
2326 # :command.whitelist_filter
2327 if [[ ! ${args[name]} =~ ^(router|metrics|services|rhodecode)$ ]]; then
2328 printf "%s\n" "name must be one of: router, metrics, services, rhodecode" >&2
2329 exit 1
2330 fi
2331
2332 }
2333
2334 # :command.parse_requirements
2335 rccontrol_stack_status_parse_requirements() {
2336 # :command.fixed_flags_filter
2337 case "${1:-}" in
2338 --help | -h )
2339 long_usage=yes
2340 rccontrol_stack_status_usage
2341 exit
2342 ;;
2343
2344 esac
2345
2346 # :command.command_filter
2347 action="stack-status"
2348
2349 # :command.parse_requirements_while
2350 while [[ $# -gt 0 ]]; do
2351 key="$1"
2352 case "$key" in
2353
2354 -?* )
2355 printf "invalid option: %s\n" "$key" >&2
2356 exit 1
2357 ;;
2358
2359 * )
2360 # :command.parse_requirements_case
2361 # :command.parse_requirements_case_simple
2362 printf "invalid argument: %s\n" "$key" >&2
2363 exit 1
2364
2365 ;;
2366
2367 esac
2368 done
2369
2370 }
2371
2372 # :command.parse_requirements
2373 rccontrol_stack_upgrade_parse_requirements() {
2374 # :command.fixed_flags_filter
2375 case "${1:-}" in
2376 --help | -h )
2377 long_usage=yes
2378 rccontrol_stack_upgrade_usage
2379 exit
2380 ;;
2381
2382 esac
2383
2384 # :command.command_filter
2385 action="stack-upgrade"
2386
2387 # :command.parse_requirements_while
2388 while [[ $# -gt 0 ]]; do
2389 key="$1"
2390 case "$key" in
2391
2392 -?* )
2393 printf "invalid option: %s\n" "$key" >&2
2394 exit 1
2395 ;;
2396
2397 * )
2398 # :command.parse_requirements_case
2399 # :command.parse_requirements_case_simple
2400 printf "invalid argument: %s\n" "$key" >&2
2401 exit 1
2402
2403 ;;
2404
2405 esac
2406 done
2407
2408 }
2409
2410 # :command.parse_requirements
2411 rccontrol_cli_redis_parse_requirements() {
2412 # :command.fixed_flags_filter
2413 case "${1:-}" in
2414 --help | -h )
2415 long_usage=yes
2416 rccontrol_cli_redis_usage
2417 exit
2418 ;;
2419
2420 esac
2421
2422 # :command.command_filter
2423 action="cli-redis"
2424
2425 # :command.parse_requirements_while
2426 while [[ $# -gt 0 ]]; do
2427 key="$1"
2428 case "$key" in
2429
2430 -?* )
2431 printf "invalid option: %s\n" "$key" >&2
2432 exit 1
2433 ;;
2434
2435 * )
2436 # :command.parse_requirements_case
2437 # :command.parse_requirements_case_simple
2438 printf "invalid argument: %s\n" "$key" >&2
2439 exit 1
2440
2441 ;;
2442
2443 esac
2444 done
2445
2446 }
2447
2448 # :command.parse_requirements
2449 rccontrol_cli_db_parse_requirements() {
2450 # :command.fixed_flags_filter
2451 case "${1:-}" in
2452 --help | -h )
2453 long_usage=yes
2454 rccontrol_cli_db_usage
2455 exit
2456 ;;
2457
2458 esac
2459
2460 # :command.command_filter
2461 action="cli-db"
2462
2463 # :command.parse_requirements_while
2464 while [[ $# -gt 0 ]]; do
2465 key="$1"
2466 case "$key" in
2467
2468 -?* )
2469 printf "invalid option: %s\n" "$key" >&2
2470 exit 1
2471 ;;
2472
2473 * )
2474 # :command.parse_requirements_case
2475 # :command.parse_requirements_case_simple
2476 printf "invalid argument: %s\n" "$key" >&2
2477 exit 1
2478
2479 ;;
2480
2481 esac
2482 done
2483
2484 }
2485
2486 # :command.parse_requirements
2487 rccontrol_cli_db_upgrade_parse_requirements() {
2488 # :command.fixed_flags_filter
2489 case "${1:-}" in
2490 --help | -h )
2491 long_usage=yes
2492 rccontrol_cli_db_upgrade_usage
2493 exit
2494 ;;
2495
2496 esac
2497
2498 # :command.command_filter
2499 action="cli-db-upgrade"
2500
2501 # :command.parse_requirements_while
2502 while [[ $# -gt 0 ]]; do
2503 key="$1"
2504 case "$key" in
2505
2506 -?* )
2507 printf "invalid option: %s\n" "$key" >&2
2508 exit 1
2509 ;;
2510
2511 * )
2512 # :command.parse_requirements_case
2513 # :command.parse_requirements_case_simple
2514 printf "invalid argument: %s\n" "$key" >&2
2515 exit 1
2516
2517 ;;
2518
2519 esac
2520 done
2521
2522 }
2523
2524 # :command.parse_requirements
2525 rccontrol__completions_parse_requirements() {
2526 # :command.fixed_flags_filter
2527 case "${1:-}" in
2528 --help | -h )
2529 long_usage=yes
2530 rccontrol__completions_usage
2531 exit
2532 ;;
2533
2534 esac
2535
2536 # :command.command_filter
2537 action="_completions"
2538
2539 # :command.parse_requirements_while
2540 while [[ $# -gt 0 ]]; do
2541 key="$1"
2542 case "$key" in
2543
2544 -?* )
2545 printf "invalid option: %s\n" "$key" >&2
2546 exit 1
2547 ;;
2548
2549 * )
2550 # :command.parse_requirements_case
2551 # :command.parse_requirements_case_simple
2552 printf "invalid argument: %s\n" "$key" >&2
2553 exit 1
2554
2555 ;;
2556
2557 esac
2558 done
2559
2560 }
2561
2562 # :command.parse_requirements
2563 rccontrol_backup_db_parse_requirements() {
2564 # :command.fixed_flags_filter
2565 case "${1:-}" in
2566 --help | -h )
2567 long_usage=yes
2568 rccontrol_backup_db_usage
2569 exit
2570 ;;
2571
2572 esac
2573
2574 # :command.dependencies_filter
2575 if ! [[ -x "$(command -v tar)" ]]; then
2576 printf "missing dependency: tar\n" >&2
2577 exit 1
2578 fi
2579 if ! [[ -x "$(command -v gzip)" ]]; then
2580 printf "missing dependency: gzip\n" >&2
2581 exit 1
2582 fi
2583
2584 # :command.command_filter
2585 action="backup-db"
2586
2587 # :command.parse_requirements_while
2588 while [[ $# -gt 0 ]]; do
2589 key="$1"
2590 case "$key" in
2591
2592 -?* )
2593 printf "invalid option: %s\n" "$key" >&2
2594 exit 1
2595 ;;
2596
2597 * )
2598 # :command.parse_requirements_case
2599 # :command.parse_requirements_case_simple
2600 printf "invalid argument: %s\n" "$key" >&2
2601 exit 1
2602
2603 ;;
2604
2605 esac
2606 done
2607
2608 }
2609
2610 # :command.parse_requirements
2611 rccontrol_backup_data_parse_requirements() {
2612 # :command.fixed_flags_filter
2613 case "${1:-}" in
2614 --help | -h )
2615 long_usage=yes
2616 rccontrol_backup_data_usage
2617 exit
2618 ;;
2619
2620 esac
2621
2622 # :command.dependencies_filter
2623 if ! [[ -x "$(command -v tar)" ]]; then
2624 printf "missing dependency: tar\n" >&2
2625 exit 1
2626 fi
2627
2628 # :command.command_filter
2629 action="backup-data"
2630
2631 # :command.parse_requirements_while
2632 while [[ $# -gt 0 ]]; do
2633 key="$1"
2634 case "$key" in
2635
2636 -?* )
2637 printf "invalid option: %s\n" "$key" >&2
2638 exit 1
2639 ;;
2640
2641 * )
2642 # :command.parse_requirements_case
2643 # :command.parse_requirements_case_simple
2644 printf "invalid argument: %s\n" "$key" >&2
2645 exit 1
2646
2647 ;;
2648
2649 esac
2650 done
2651
2652 }
2653
2654 # :command.initialize
2655 initialize() {
2656 version="4.28.0.REL20221101"
2657 long_usage=''
2658 set -e
2659
2660 # :command.environment_variables_default
2661 export RC_CLI_VERSION_NAME="${RC_CLI_VERSION_NAME:-4.27.0}"
2662 export RC_STACK_ROUTER_EXT="${RC_STACK_ROUTER_EXT:-.custom/docker-compose-router.override.yaml}"
2663 export RC_STACK_METRICS_EXT="${RC_STACK_METRICS_EXT:-.custom/docker-compose-metrics.override.yaml}"
2664 export RC_STACK_SERVICES_EXT="${RC_STACK_SERVICES_EXT:-.custom/docker-compose-services.override.yaml}"
2665 export RC_STACK_RHODECODE_EXT="${RC_STACK_RHODECODE_EXT:-.custom/docker-compose-apps.override.yaml}"
2666
2667 # src/initialize.sh
2668
2669 ENV_FILE=$PWD/.env
2670
2671 # bootstrap file is a config file at the same time
2672 BOOTSTRAP_FILE='.rccontrol-bootstrap'
2673 CONFIG_FILE='.rccontrol.ini'
2674
2675 VALID_SERVICES="router metrics services rhodecode"
2676 DOCKER_DEFS_WORK_DIR="docker_defs"
2677
2678 #echo "1 ----"
2679 #echo $RC_STACK_SERVICES_EXT
2680 #echo $RC_STACK_METRICS_EXT
2681 #echo "1 -----"
2682
2683 #echo '2 ----'
2684 #grep -v -e '^#' "$ENV_FILE" | xargs -I {} echo \'{}\'
2685 #echo '2 ----'
2686
2687 #expose env vars from rccontrol donfig
2688 #if [[ -f $ENV_FILE ]]; then
2689 # eval $(grep -v -e '^#' "$ENV_FILE" | xargs -I {} echo export \'{}\')
2690 #fi
2691
2692 #ENV_EXPAND=""
2693 #for k in $(config_keys); do
2694 # k_upper=${k^^}
2695 # env_entry="-e $k_upper='$(config_get "$k")' "
2696 # ENV_EXPAND+=$env_entry;
2697 # #echo $env_expand
2698 #done
2699
2700 #
2701 #echo "3 ----"
2702 #echo $RC_STACK_SERVICES_EXT
2703 #echo $RC_STACK_METRICS_EXT
2704 #echo $RC_STACK_RHODECODE_EXT
2705 #echo "3 -----"
2706
2707 #env | grep RC_
2708
2709 # backup files from a docker volume into /tmp/backup.tar.gz
2710 docker-volume-backup-compressed() {
2711 docker run --rm -v /tmp:/backup --volumes-from "$1" debian:jessie tar -czvf /backup/backup.tar.gz "${@:2}"
2712 }
2713
2714 # restore files from /tmp/backup.tar.gz into a docker volume
2715 docker-volume-restore-compressed() {
2716 docker run --rm -v /tmp:/backup --volumes-from "$1" debian:jessie tar -xzvf /backup/backup.tar.gz "${@:2}"
2717 echo "Double checking files..."
2718 docker run --rm -v /tmp:/backup --volumes-from "$1" debian:jessie ls -lh "${@:2}"
2719 }
2720
2721 # backup files from a docker volume into /tmp/backup.tar
2722 docker-volume-backup() {
2723 docker run --rm -v /tmp:/backup --volumes-from "$1" busybox tar -cvf /backup/backup.tar "${@:2}"
2724 }
2725
2726 # restore files from /tmp/backup.tar into a docker volume
2727 docker-volume-restore() {
2728 docker run --rm -v /tmp:/backup --volumes-from "$1" busybox tar -xvf /backup/backup.tar "${@:2}"
2729 echo "Double checking files..."
2730 docker run --rm -v /tmp:/backup --volumes-from "$1" busybox ls -lh "${@:2}"
2731 }
2732
2733 get_started() {
2734 echo ""
2735 echo "~~~~ $(green Bootstrap completed) ~~~~"
2736 echo "To start using RhodeCode run the following stacks using ./rccontrol stack [STACK_NAME]"
2737 echo ""
2738 echo "$(yellow_bold [Optional]): run the edge router to control domain and SSL"
2739 echo "./rccontrol stack router up --detach"
2740 echo ""
2741 echo "$(green_bold [Mandatory]): run the services, like database, redis, channelstream etc..."
2742 echo "./rccontrol stack services up --detach"
2743 echo ""
2744 echo "$(green_bold [Mandatory]): run the rhodecode app stack"
2745 echo "./rccontrol stack rhodecode up --detach"
2746 echo ""
2747 echo "$(yellow_bold [Optional]): run the monitoring stack, this includes grafana/promethues logging/metrics system"
2748 echo "./rccontrol stack metrics up --detach"
2749 echo ""
2750 echo "check services status/ports"
2751 echo "./rccontrol status"
2752 }
2753 }
2754
2755 # :command.run
2756 run() {
2757 declare -A args=()
2758 declare -a other_args=()
2759 declare -a input=()
2760 normalize_input "$@"
2761 parse_requirements "${input[@]}"
2762
2763 if [[ $action == "self-update" ]]; then
2764 if [[ ${args[--help]:-} ]]; then
2765 long_usage=yes
2766 rccontrol_self_update_usage
2767 else
2768 rccontrol_self_update_command
2769 fi
2770
2771 elif [[ $action == "bootstrap" ]]; then
2772 if [[ ${args[--help]:-} ]]; then
2773 long_usage=yes
2774 rccontrol_bootstrap_usage
2775 else
2776 rccontrol_bootstrap_command
2777 fi
2778
2779 elif [[ $action == "get-build-artifacts" ]]; then
2780 if [[ ${args[--help]:-} ]]; then
2781 long_usage=yes
2782 rccontrol_get_build_artifacts_usage
2783 else
2784 rccontrol_get_build_artifacts_command
2785 fi
2786
2787 elif [[ $action == "build" ]]; then
2788 if [[ ${args[--help]:-} ]]; then
2789 long_usage=yes
2790 rccontrol_build_usage
2791 else
2792 rccontrol_build_command
2793 fi
2794
2795 elif [[ $action == "get-build-source" ]]; then
2796 if [[ ${args[--help]:-} ]]; then
2797 long_usage=yes
2798 rccontrol_get_build_source_usage
2799 else
2800 rccontrol_get_build_source_command
2801 fi
2802
2803 elif [[ $action == "build-source" ]]; then
2804 if [[ ${args[--help]:-} ]]; then
2805 long_usage=yes
2806 rccontrol_build_source_usage
2807 else
2808 rccontrol_build_source_command
2809 fi
2810
2811 elif [[ $action == "stack" ]]; then
2812 if [[ ${args[--help]:-} ]]; then
2813 long_usage=yes
2814 rccontrol_stack_usage
2815 else
2816 rccontrol_stack_command
2817 fi
2818
2819 elif [[ $action == "stack-status" ]]; then
2820 if [[ ${args[--help]:-} ]]; then
2821 long_usage=yes
2822 rccontrol_stack_status_usage
2823 else
2824 rccontrol_stack_status_command
2825 fi
2826
2827 elif [[ $action == "stack-upgrade" ]]; then
2828 if [[ ${args[--help]:-} ]]; then
2829 long_usage=yes
2830 rccontrol_stack_upgrade_usage
2831 else
2832 rccontrol_stack_upgrade_command
2833 fi
2834
2835 elif [[ $action == "cli-redis" ]]; then
2836 if [[ ${args[--help]:-} ]]; then
2837 long_usage=yes
2838 rccontrol_cli_redis_usage
2839 else
2840 rccontrol_cli_redis_command
2841 fi
2842
2843 elif [[ $action == "cli-db" ]]; then
2844 if [[ ${args[--help]:-} ]]; then
2845 long_usage=yes
2846 rccontrol_cli_db_usage
2847 else
2848 rccontrol_cli_db_command
2849 fi
2850
2851 elif [[ $action == "cli-db-upgrade" ]]; then
2852 if [[ ${args[--help]:-} ]]; then
2853 long_usage=yes
2854 rccontrol_cli_db_upgrade_usage
2855 else
2856 rccontrol_cli_db_upgrade_command
2857 fi
2858
2859 elif [[ $action == "_completions" ]]; then
2860 if [[ ${args[--help]:-} ]]; then
2861 long_usage=yes
2862 rccontrol__completions_usage
2863 else
2864 rccontrol__completions_command
2865 fi
2866
2867 elif [[ $action == "backup-db" ]]; then
2868 if [[ ${args[--help]:-} ]]; then
2869 long_usage=yes
2870 rccontrol_backup_db_usage
2871 else
2872 rccontrol_backup_db_command
2873 fi
2874
2875 elif [[ $action == "backup-data" ]]; then
2876 if [[ ${args[--help]:-} ]]; then
2877 long_usage=yes
2878 rccontrol_backup_data_usage
2879 else
2880 rccontrol_backup_data_command
2881 fi
2882
2883 elif [[ $action == "root" ]]; then
2884 root_command
2885 fi
2886 }
2887
2888 initialize
2889 run "$@"
Show file before | Show file after | Hide comments
@@ -1,31 +1,56 b''
1 COMPOSE_PROJECT_NAME=rc_cluster
1 #COMPOSE_PROJECT_NAME=rc_cluster
2 2 TZ="UTC"
3 3
4
4 5 # Version to deploy and run
5 RC_VERSION="4.28.0"
6 ## VERSION_INFO
7 RC_VERSION="4.28.0.REL20221120_SOURCE"
8 #RC_CLI_VERSION_NAME="4.27.0"
9
10 # ce, or ee
11 RC_EDITION=ee
12 RC_IMAGE_CE="rhodecode/rhodecode-ee:$RC_VERSION"
13 RC_IMAGE_EE="rhodecode/rhodecode-ce:$RC_VERSION"
6 14
7 # Database access credentials
15 # Database bootstrap/access credentials
8 16 DB_NAME=rhodecode
9 17 DB_USER=rhodecode
10 DB_PASSWORD=hUc1adS7oDd6Oj3in3
11 18
12 # base url for running app
13 RHODECODE_BASE_URL=http://localhost:8888
19 # Bootstrap container with specific password
20 # This password will be used to generate new account and password for the database
21 DB_PASSWORD=[GENERATED_AT_BOOTSTRAP]
14 22
15 # HTTP and HTTPS ports for running app
16 RC_HTTP_PORT=8888
17 RC_HTTPS_PORT=8443
23 # set limit of redis in-memory cache before keys get evicted using LRU cache
24 RC_REDIS_MAXMEMORY=1024mb
25
26 # set the size of ramdisk used for locking files
27 RC_DATA_RAMDISK_SIZE=1G
28
29 # base url for running app, this is used for traefik hasname matching, so accessing this host will redirect
30 # traffic to the running instance
31 # replace this with your name of host. e.g http://yourdomain.com or https://rc.company.local
32 RHODECODE_HOSTNAME=docker-dev
18 33
19 # SSH Port exposed, increased security is to not used default 22
20 RC_SSH_PORT=9022
21 34
22 35 # user/password for first admin user created for access
23 RHODECODE_USER_EMAIL=admin@rhodecode.com
36 # this is a bootstrap super-admin account to access the web interface
37 RHODECODE_USER_EMAIL=admin@server-com
24 38 RHODECODE_USER_NAME=admin
25 39 RHODECODE_USER_PASS=secret4
26 40
41
42
43
44 # HTTP and HTTPS ports for running app
45 RC_HTTP_PORT=8888
46
47 # SSH Port exposed, increased security is to not used default 22
48 RC_SSH_PORT=3022
49
50
51 ## RHODECODE RUNTIME VARS
52
27 53 ## New since 4.27.0, default GIT branch name can be changed
28 54 GIT_DEFAULT_BRANCH_NAME=master
29 55
30 ## Source build version for image
31 SOURCE_VER=4.28.0.REL1
56
Show file before | Show file after | Hide comments
@@ -1,21 +1,23 b''
1 1 # CACHE FILES
2 2 .cache/RhodeCode-installer*
3 3 .cache/*.tar.bz2
4 4 .cache/locale-archive
5 5
6 # Source code downloaded
7 .source/*
8
9 # Custom / override wont be tracked
10 .custom/*
11
6 12 # LOGS
7 13 logs/*.log
8 14 logs/nginx/*.log
9 15 logs/svn/*.log
10 16 logs/apps/*.log
11 17 logs/postgres/*.log
12 18
13 19 .idea
14 20 config/_shared/.rcmetadata.json
15 21
16 .source/*
17 scripts/download-artifacts-secret.sh
18
19 scripts/download-source-secret.sh
20
21 .rccontrol-bootstrap No newline at end of file
22 .rccontrol-bootstrap
23 .rccontrol.ini No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,258 +1,298 b''
1 1 # RhodeCode Cluster
2 2
3 RhodeCode Cluster is a multi-node highly-scalable setup to run RhodeCode and
3 RhodeCode Cluster is a multi-node highly-scalable setup to run
4 RhodeCode, Edge Router(Traefik + SSL) and Metrics Stack (Prometheus, Loki, Grafana) and
4 5 all its additional components in single environment using Docker.
5 6
6 7 Using a docker-compose this setup creates following services for RhodeCode:
7 8
8 - Nginx HTTP Server for load balancing and reverse proxy
9 - RhodeCode HTTP
10 - VCSServer for GIT/SVN/HG support
11 - SSH Server for cloning over SSH
12 - SVN webserver for HTTP support over SVN
13 - Celery workers for asynchronous tasks
14 - Celery beat for automation tasks
15 - Redis Database for caching
16 - Postgres database for persistent storage
17 - Channelstream websocket server for live components
9 Edge-Router:
10 - Traefik, Edge Router, SSL termination etc
11
12 Core Services:
13 - Database (defaults to PostgreSQL)
14 - Redis, acts as cache and queue exchange
15 - ChannelStream - live websocket communications
16 - Nginx (static/channelstream) proxy serving RhodeCode APPS and channelstream communication
17 - Elasticsearch (full text search backend)
18
19 RhodeCode
20 - RhodeCode CE/EE
21 - VCSServer for GIT/SVN/HG support
22 - SSH Server for cloning over SSH
23 - SVN webserver for HTTP support over SVN
24 - Celery workers for asynchronous tasks
25 - Celery beat for automation tasks
26
27 Metrics
28 - Loki, logs aggregation
29 - Grafana, Metrics Dashboard
30 - Promethues, Metrics time-series
31 - statsd-exporter - statsd to promethues bridge
32 - node-exporter - machine stats
33 - promtail - log scraping
18 34
19 35
20 36 ## Pre requisites
21 37
38 To Run this stack Docker engine and Docker Compose needs to be installed on the host machine.
22 39 Visit docker site and install docker (min version 20.10) and docker compose:
23 40
24 - https://docs.docker.com/engine/install/
25 - https://docs.docker.com/compose/install/
41 - https://docs.docker.com/engine/install/
42 - https://docs.docker.com/compose/install/
26 43
27 44 The instructions below outline installation of the current stable release (v1.29.2) of Compose.
28 45
29 46 ## Data structure
30 47
31 48 There are 4 volumes defined:
32 49
33 50
34 51 - `/etc/rhodecode/conf`
35 52
36 Used for configuration files for rhodecode, vcsserver and supervisord, and some cache data
53 Shared volume used for configuration files for rhodecode, vcsserver and supervisord, and some cache data
37 54
38 55 - `/var/opt/rhodecode_repo_store`
39 56
40 Used for main repository storage where repositories would be stored
57 Used for main repository storage where repositories would be stored
41 58
42 59 - `/var/opt/rhodecode_data`
43 60
44 data dir for rhodecode cache/lock files, or user sessions (for file backend)
61 Data dir for rhodecode cache/lock files, or user sessions (for file backend)
45 62
46 63 - `/var/log/rhodecode`
47 64
48 Used to store all logs from RhodeCode
65 Used to store all logs from RhodeCode
49 66
50 67
51 68 ## Setup/Build options
52 69
53 70 There are 3 options to run the docker stack.
54 71
55 72 - [Standalone cluster build from installer](#standalone-cluster-build-from-installer)
56 73 - [Standalone cluster build from source](#standalone-cluster-build-from-source)
57 - [dev enviroment setup](#like-this-one)
74 - [dev environment setup](#dev-env-build)
75
58 76
59 77
60 78 # Standalone cluster build from installer
61 79
62 80 Follow these steps to build and run the RhodeCode Cluster via Docker-compose.
63 81 Get the repository:
64 82
65 83 git clone https://code.rhodecode.com/rhodecode-enterprise-docker && cd rhodecode-enterprise-docker
66 84
67 85 ## Download installer binaries
68 86
69 87 First start by fetching required installer binaries. This is required to create both
70 88 simple build and full compose setup.
71 89 Please check the `.env` file to adjust RhodeCode version if needed.
72 90 (e.g. RC_VERSION="4.24.1")
73 91
74 92 ```shell
75 93 cd .bootstrap/ && ./download-artifacts.sh && cd ../
76 94 ```
77 95
78 96 This will download required installer files and put them into the `.cache` directory.
79 97 This directory should look similar to that after downloads have finish:
80 98
81 99 ```shell
82 100 drwxr-xr-x 8 rcdev rcdev 256B Feb 8 13:35 .
83 101 drwxr-xr-x 14 rcdev rcdev 448B Feb 8 10:40 ..
84 102 -rw-r--r-- 1 rcdev rcdev 0B Feb 8 20:44 .dirkeep
85 103 -rwxr-xr-x 1 rcdev rcdev 241M Feb 8 13:35 RhodeCode-installer-linux-build20210208_0800
86 104 -rw-r--r-- 1 rcdev rcdev 156M Feb 8 13:35 RhodeCodeCommunity-4.24.1+x86_64-linux_build20210208_0800.tar.bz2
87 105 -rw-r--r-- 1 rcdev rcdev 171M Feb 8 13:35 RhodeCodeEnterprise-4.24.1+x86_64-linux_build20210208_0800.tar.bz2
88 106 -rw-r--r-- 1 rcdev rcdev 145M Feb 8 13:35 RhodeCodeVCSServer-4.24.1+x86_64-linux_build20210208_0800.tar.bz2
89 107 -rw-r--r-- 1 rcdev rcdev 109M Feb 8 13:35 locale-archive
90 108 ```
91 109
92 110 ## Set License for EE version
93 111
94 In order to install EE edition a valid license is required.
112 In order to install EE edition a license file is required to be present.
113 It can contain your current license, or when empty license can be applied via Web interface.
114
95 115 To apply it during build phase save your raw license data into a file
96 116
97 `config/compose/rhodecode_enterprise.license`
117 `config/rhodecode_enterprise.license`
98 118
99 119 If this file is present build phase will read it and license will be applied at creation.
100 120 This file can also be empty and license can be applied via a WEB interface after first login.
101 121
102 122 ## Run Docker compose build:
103 123
104 124 *This will build RhodeCode based on downloaded installer packages.*
105 125
106 126 To create a full stack we need to run the database container, so it's ready to
107 127 build the docker image.
108 128
109 129 _Disk space problems?_
110 130
111 131 ```shell
112 132 docker system df
113 133 docker builder prune
134 # optionally
135 docker image prune -a
114 136 ```
137 ### Creating & building images
115 138
116 139 1) start with running the required database for the build stage in the background.
117 140
118 141 ```shell
119 142 docker-compose up --detach database
120 143 ```
121 144
122 145 This will start our postgres database, and expose it to the network.
146 Postgres DB is configured to output logs into a file `/var/log/rhodecode/postgres`
123 147
124 148 2) We can now run the full installation. Database needs to be running for the next build command.
125
149 This will build the rhodecode base image used for rhodecode, vcsserver, celery, ssh, svn
150 Then it will build all other components required.
151
126 152 ```shell
127 153 docker-compose build rhodecode
128 154 docker-compose build
129 155 ```
130 156
131 3) Once we build the rhodecode app, we can run the whole stack using `docker-compose up`
157 4) Once we build all required containers, we can run the whole stack using `docker-compose up`
132 158
133 159 ```shell
134 160 docker-compose up
135 161 ```
136 162
137 163 If running locally you can access Running RhodeCode via Nginx under:
138 164 http://localhost:8888
139 165
140 166 localhost can be changed to the server IP where docker is running.
141 167
142 168
143 169 In case for bigger setups docker-compose can scale more rhodecode/vcsserver workers:
144 170
145 171 ```shell
146 172 docker-compose up --scale vcsserver=3 rhodecode=3
147 173 ```
148 174
175 Logging is pushed to stdout from all services.
176
149 177
150 Upgrade:
178 ### Upgrade procedure:
151 179
152 180 - pull the latest rhodecode-docker repo
153 181 - check .env file for correct update version
154 182 - re-build rhodecode
155 183 - docker-compose build rhodecode
184 - docker-compose build
156 185 - docker-compose stop
157 186 - docker-compose up
158 187
159 188 # Standalone cluster build from source
160 189
161 There's an option to build the latest branches as a docker installation.
190 There's an option to build the latest release from the source code as a docker installation.
191
192 If you have the 3 required projects source code already, the next step can be omitted, and the
193 sources can be copied to the `.source/` directory. note: symlinks don't work.
162 194
163 Download the source:
195 - https://code.rhodecode.com/rhodecode-vcsserver
196 - https://code.rhodecode.com/rhodecode-enterprise-ce
197 - https://code.rhodecode.com/rhodecode-enterprise-ee (assuming access is granted to this)
198
199 Download the source using bootstrap script:
164 200
165 201 ```shell
166 202 cd .boostrap/ && ./download-source.sh && cd ../
167 203 ```
168 204
169 205 This step will create source code copies into the `.source/` path. e.g
170 206 ```
171 207 -rw-r--r-- 1 docker docker 0 Nov 25 12:27 .dirkeep
172 208 drwxr-xr-x 1 docker docker 1184 Nov 25 12:27 rhodecode-enterprise-ce
173 209 drwxr-xr-x 1 docker docker 1120 Nov 25 12:27 rhodecode-enterprise-ee
174 210 drwxr-xr-x 1 docker docker 800 Nov 25 12:27 rhodecode-vcsserver
175 211 ```
176 212
177 If you have the source already, this step can be omitted, and the
178 sources can be linked or copied to this directory
179
213 With this done, you can now proceed with every step of normal source installation (Creating & building images), but instead of using
214 just `docker-compose` command it needs to be replaced with `docker-compose -f docker-compose.yaml -f docker-compose.source.yaml`
180 215
181 Build the source based image
216 For example to override the installer build with the source `rhodecode` based image, and also setting proper version, run:
182 217
183 218 ```shell
184 docker-compose -f docker-compose.yaml -f docker-compose.source.yaml build --no-cache --progress=plain rhodecode
219 RC_VERSION="4.27.0.REL202221020" docker-compose -f docker-compose-apps.yaml -f docker-compose.source.yaml build --no-cache --progress=plain rhodecode
185 220 ```
186 221
187 to create a source install override and build based on the downloaded sources.
188
189
190 Logging is pushed to stdout from all services.
222 NOTE THAT it's recommended to keep rc_version and source_Ver the same
191 223
192 224 ## Simple build
193 225
194 226 Build docker RhodeCode `Community` without any dependencies (redis, external db) using
195 227 simple sqlite database and file based caches.
196 228 This is a fully running instance good for small use with 3-5 users.
197 229
198 230 ```shell
199 docker build -t rhodecode:4.23.2 -f rhodecode.dockerfile \
231 docker build -t rhodecode/rhodecode-ce:4.23.2 -f rhodecode.dockerfile \
200 232 -e RHODECODE_TYPE=Community \
201 233 -e RHODECODE_VERSION=4.23.2 \
202 234 -e RHODECODE_DB=sqlite \
203 235 -e RHODECODE_USER_NAME=admin \
204 236 -e RHODECODE_USER_PASS=secret4 \
205 237 -e RHODECODE_USER_EMAIL=support@rhodecode.com \
206 238 .
207 239 ```
208 240
209 241 note: for debugging better to add `--progress plain` into the build command to obtain all the output from the build.
210 242 To Build against existing running Postgres or MySQL you can specify:
211 243
212 244 --build-arg RHODECODE_DB=postgresql://postgres:secret@database/rhodecode
213 245 --build-arg RHODECODE_DB=mysql://root:secret@localhost/rhodecode?charset=utf8
214 246
215 247
216 248 To copy over the data into volumes use such command:
217 249 ```shell
218 250 docker run -v logvolume:/data --name data_vol busybox true
219 251 docker cp . data_vol:/data
220 252 docker rm data_vol
221 253 ```
222 254
223 255 Run the container, mounting the required volumes. By default the application would be
224 256 available at http://localhost:10020, and default login is (unless specified differently in the build command)
225 257
226 258 ```
227 259 user: admin
228 260 password: secret4
229 261 ```
230 262
231 263 We've not built our image using specific version. It's time to run it:
264 We specify the run.ini by selecting config option we have locally
232 265
233 266 ```shell
234 267 docker run \
235 268 --name rhodecode-container \
236 269 --publish 10020:10020 \
237 270 --restart unless-stopped \
238 271 --volume $PWD/config:/etc/rhodecode/conf \
272 --volume $PWD/config/rhodecode.optimized.ini:/etc/rhodecode/conf_build/run.ini \
239 273 --volume $PWD/logs:/var/log/rhodecode \
240 'rhodecode:4.23.2'
274 'rhodecode/rhodecode-ee:4.23.2'
241 275 ```
242 276
243 277 Enter container
244 278
245 279 ```shell
246 280 docker exec -it rhodecode-container /bin/bash
247 281 ```
248 282
249 283 Enter interactive shell
250 284
251 285 ```shell
252 docker exec -it rhodecode-container /var/opt/rhodecode_bin/bin/rc-ishell /etc/rhodecode/conf/rhodecode.ini
286 docker exec -it rhodecode-container /usr/local/bin/rhodecode_bin/bin/rc-ishell /etc/rhodecode/conf/rhodecode.ini
253 287 ```
254 288
255 289 Run Database migrations
256 290 ```shell
257 docker exec -it rhodecode-container /var/opt/rhodecode_bin/bin/rc-upgrade-db /etc/rhodecode/conf/rhodecode.ini --force-yes
258 ``` No newline at end of file
291 docker exec -it rhodecode-container /usr/local/bin/rhodecode_bin/bin/rc-upgrade-db /etc/rhodecode/conf/rhodecode.ini --force-yes
292 ```
293
294
295
296 ### Registry for docker swarm
297
298 docker run -d -p 5000:5000 --restart always --name registry registry:2 No newline at end of file
Show file before | Show file after | Hide comments
1 NO CONTENT: file renamed from config/compose/rhodecode_enterprise.license to config/_shared/rhodecode_enterprise.license
Show file before | Show file after | Hide comments
1 NO CONTENT: file renamed from service/database/mysql_customized.conf to config/database/mysql_customized.conf
Show file before | Show file after | Hide comments
@@ -1,808 +1,810 b''
1 ## docker run -i --rm postgres cat /usr/share/postgresql/postgresql.conf.sample > my-postgres.conf
1 2 # -----------------------------
2 3 # PostgreSQL configuration file
3 4 # -----------------------------
4 5 #
5 6 # This file consists of lines of the form:
6 7 #
7 8 # name = value
8 9 #
9 10 # (The "=" is optional.) Whitespace may be used. Comments are introduced with
10 11 # "#" anywhere on a line. The complete list of parameter names and allowed
11 12 # values can be found in the PostgreSQL documentation.
12 13 #
13 14 # The commented-out settings shown in this file represent the default values.
14 15 # Re-commenting a setting is NOT sufficient to revert it to the default value;
15 16 # you need to reload the server.
16 17 #
17 18 # This file is read on server startup and when the server receives a SIGHUP
18 19 # signal. If you edit the file on a running system, you have to SIGHUP the
19 20 # server for the changes to take effect, run "pg_ctl reload", or execute
20 21 # "SELECT pg_reload_conf()". Some parameters, which are marked below,
21 22 # require a server shutdown and restart to take effect.
22 23 #
23 24 # Any parameter can also be given as a command-line option to the server, e.g.,
24 25 # "postgres -c log_connections=on". Some parameters can be changed at run time
25 26 # with the "SET" SQL command.
26 27 #
27 28 # Memory units: B = bytes Time units: us = microseconds
28 29 # kB = kilobytes ms = milliseconds
29 30 # MB = megabytes s = seconds
30 31 # GB = gigabytes min = minutes
31 32 # TB = terabytes h = hours
32 33 # d = days
33 34
34 35
35 36 #------------------------------------------------------------------------------
36 37 # FILE LOCATIONS
37 38 #------------------------------------------------------------------------------
38 39
39 40 # The default values of these variables are driven from the -D command-line
40 41 # option or PGDATA environment variable, represented here as ConfigDir.
41 42
42 43 #data_directory = 'ConfigDir' # use data in another directory
43 44 # (change requires restart)
44 45 #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file
45 46 # (change requires restart)
46 47 #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file
47 48 # (change requires restart)
48 49
49 50 # If external_pid_file is not explicitly set, no extra PID file is written.
50 51 #external_pid_file = '' # write an extra PID file
51 52 # (change requires restart)
52 53
53 54
54 55 #------------------------------------------------------------------------------
55 56 # CONNECTIONS AND AUTHENTICATION
56 57 #------------------------------------------------------------------------------
57 58
58 59 # - Connection Settings -
59 60
60 61 listen_addresses = '*'
61 62 # comma-separated list of addresses;
62 63 # defaults to 'localhost'; use '*' for all
63 64 # (change requires restart)
64 65 #port = 5432 # (change requires restart)
65 66 #max_connections = 100 # (change requires restart)
66 67 #superuser_reserved_connections = 3 # (change requires restart)
67 68 #unix_socket_directories = '/tmp' # comma-separated list of directories
68 69 # (change requires restart)
69 70 #unix_socket_group = '' # (change requires restart)
70 71 #unix_socket_permissions = 0777 # begin with 0 to use octal notation
71 72 # (change requires restart)
72 73 #bonjour = off # advertise server via Bonjour
73 74 # (change requires restart)
74 75 #bonjour_name = '' # defaults to the computer name
75 76 # (change requires restart)
76 77
77 78 # - TCP settings -
78 79 # see "man tcp" for details
79 80
80 81 #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds;
81 82 # 0 selects the system default
82 83 #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds;
83 84 # 0 selects the system default
84 85 #tcp_keepalives_count = 0 # TCP_KEEPCNT;
85 86 # 0 selects the system default
86 87 #tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds;
87 88 # 0 selects the system default
88 89
89 90 #client_connection_check_interval = 0 # time between checks for client
90 91 # disconnection while running queries;
91 92 # 0 for never
92 93
93 94 # - Authentication -
94 95
95 96 #authentication_timeout = 1min # 1s-600s
96 #password_encryption = scram-sha-256 # scram-sha-256 or md5
97 #note; Rhodecode needs to use old md5 for backward compat
98 password_encryption = md5 # scram-sha-256 or md5
97 99 #db_user_namespace = off
98 100
99 101 # GSSAPI using Kerberos
100 102 #krb_server_keyfile = 'FILE:${sysconfdir}/krb5.keytab'
101 103 #krb_caseins_users = off
102 104
103 105 # - SSL -
104 106
105 107 #ssl = off
106 108 #ssl_ca_file = ''
107 109 #ssl_cert_file = 'server.crt'
108 110 #ssl_crl_file = ''
109 111 #ssl_crl_dir = ''
110 112 #ssl_key_file = 'server.key'
111 113 #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
112 114 #ssl_prefer_server_ciphers = on
113 115 #ssl_ecdh_curve = 'prime256v1'
114 116 #ssl_min_protocol_version = 'TLSv1.2'
115 117 #ssl_max_protocol_version = ''
116 118 #ssl_dh_params_file = ''
117 119 #ssl_passphrase_command = ''
118 120 #ssl_passphrase_command_supports_reload = off
119 121
120 122
121 123 #------------------------------------------------------------------------------
122 124 # RESOURCE USAGE (except WAL)
123 125 #------------------------------------------------------------------------------
124 126
125 127 # - Memory -
126 128
127 129 #shared_buffers = 32MB # min 128kB
128 130 # (change requires restart)
129 131 #huge_pages = try # on, off, or try
130 132 # (change requires restart)
131 133 #huge_page_size = 0 # zero for system default
132 134 # (change requires restart)
133 135 #temp_buffers = 8MB # min 800kB
134 136 #max_prepared_transactions = 0 # zero disables the feature
135 137 # (change requires restart)
136 138 # Caution: it is not advisable to set max_prepared_transactions nonzero unless
137 139 # you actively intend to use prepared transactions.
138 140 #work_mem = 4MB # min 64kB
139 141 #hash_mem_multiplier = 1.0 # 1-1000.0 multiplier on hash table work_mem
140 142 #maintenance_work_mem = 64MB # min 1MB
141 143 #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem
142 144 #logical_decoding_work_mem = 64MB # min 64kB
143 145 #max_stack_depth = 2MB # min 100kB
144 146 #shared_memory_type = mmap # the default is the first option
145 147 # supported by the operating system:
146 148 # mmap
147 149 # sysv
148 150 # windows
149 151 # (change requires restart)
150 152 #dynamic_shared_memory_type = posix # the default is the first option
151 153 # supported by the operating system:
152 154 # posix
153 155 # sysv
154 156 # windows
155 157 # mmap
156 158 # (change requires restart)
157 159 #min_dynamic_shared_memory = 0MB # (change requires restart)
158 160
159 161 # - Disk -
160 162
161 163 #temp_file_limit = -1 # limits per-process temp file space
162 164 # in kilobytes, or -1 for no limit
163 165
164 166 # - Kernel Resources -
165 167
166 168 #max_files_per_process = 1000 # min 64
167 169 # (change requires restart)
168 170
169 171 # - Cost-Based Vacuum Delay -
170 172
171 173 #vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables)
172 174 #vacuum_cost_page_hit = 1 # 0-10000 credits
173 175 #vacuum_cost_page_miss = 2 # 0-10000 credits
174 176 #vacuum_cost_page_dirty = 20 # 0-10000 credits
175 177 #vacuum_cost_limit = 200 # 1-10000 credits
176 178
177 179 # - Background Writer -
178 180
179 181 #bgwriter_delay = 200ms # 10-10000ms between rounds
180 182 #bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables
181 183 #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round
182 184 #bgwriter_flush_after = 0 # measured in pages, 0 disables
183 185
184 186 # - Asynchronous Behavior -
185 187
186 188 #backend_flush_after = 0 # measured in pages, 0 disables
187 189 #effective_io_concurrency = 1 # 1-1000; 0 disables prefetching
188 190 #maintenance_io_concurrency = 10 # 1-1000; 0 disables prefetching
189 191 #max_worker_processes = 8 # (change requires restart)
190 192 #max_parallel_workers_per_gather = 2 # taken from max_parallel_workers
191 193 #max_parallel_maintenance_workers = 2 # taken from max_parallel_workers
192 194 #max_parallel_workers = 8 # maximum number of max_worker_processes that
193 195 # can be used in parallel operations
194 196 #parallel_leader_participation = on
195 197 #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate
196 198 # (change requires restart)
197 199
198 200
199 201 #------------------------------------------------------------------------------
200 202 # WRITE-AHEAD LOG
201 203 #------------------------------------------------------------------------------
202 204
203 205 # - Settings -
204 206
205 207 #wal_level = replica # minimal, replica, or logical
206 208 # (change requires restart)
207 209 #fsync = on # flush data to disk for crash safety
208 210 # (turning this off can cause
209 211 # unrecoverable data corruption)
210 212 #synchronous_commit = on # synchronization level;
211 213 # off, local, remote_write, remote_apply, or on
212 214 #wal_sync_method = fsync # the default is the first option
213 215 # supported by the operating system:
214 216 # open_datasync
215 217 # fdatasync (default on Linux and FreeBSD)
216 218 # fsync
217 219 # fsync_writethrough
218 220 # open_sync
219 221 #full_page_writes = on # recover from partial page writes
220 222 #wal_log_hints = off # also do full page writes of non-critical updates
221 223 # (change requires restart)
222 224 #wal_compression = off # enable compression of full-page writes
223 225 #wal_init_zero = on # zero-fill new WAL files
224 226 #wal_recycle = on # recycle WAL files
225 227 #wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers
226 228 # (change requires restart)
227 229 #wal_writer_delay = 200ms # 1-10000 milliseconds
228 230 #wal_writer_flush_after = 1MB # measured in pages, 0 disables
229 231 #wal_skip_threshold = 2MB
230 232
231 233 #commit_delay = 0 # range 0-100000, in microseconds
232 234 #commit_siblings = 5 # range 1-1000
233 235
234 236 # - Checkpoints -
235 237
236 238 #checkpoint_timeout = 5min # range 30s-1d
237 239 #checkpoint_completion_target = 0.9 # checkpoint target duration, 0.0 - 1.0
238 240 #checkpoint_flush_after = 0 # measured in pages, 0 disables
239 241 #checkpoint_warning = 30s # 0 disables
240 242 #max_wal_size = 1GB
241 243 #min_wal_size = 80MB
242 244
243 245 # - Archiving -
244 246
245 247 #archive_mode = off # enables archiving; off, on, or always
246 248 # (change requires restart)
247 249 #archive_command = '' # command to use to archive a logfile segment
248 250 # placeholders: %p = path of file to archive
249 251 # %f = file name only
250 252 # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
251 253 #archive_timeout = 0 # force a logfile segment switch after this
252 254 # number of seconds; 0 disables
253 255
254 256 # - Archive Recovery -
255 257
256 258 # These are only used in recovery mode.
257 259
258 260 #restore_command = '' # command to use to restore an archived logfile segment
259 261 # placeholders: %p = path of file to restore
260 262 # %f = file name only
261 263 # e.g. 'cp /mnt/server/archivedir/%f %p'
262 264 #archive_cleanup_command = '' # command to execute at every restartpoint
263 265 #recovery_end_command = '' # command to execute at completion of recovery
264 266
265 267 # - Recovery Target -
266 268
267 269 # Set these only when performing a targeted recovery.
268 270
269 271 #recovery_target = '' # 'immediate' to end recovery as soon as a
270 272 # consistent state is reached
271 273 # (change requires restart)
272 274 #recovery_target_name = '' # the named restore point to which recovery will proceed
273 275 # (change requires restart)
274 276 #recovery_target_time = '' # the time stamp up to which recovery will proceed
275 277 # (change requires restart)
276 278 #recovery_target_xid = '' # the transaction ID up to which recovery will proceed
277 279 # (change requires restart)
278 280 #recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed
279 281 # (change requires restart)
280 282 #recovery_target_inclusive = on # Specifies whether to stop:
281 283 # just after the specified recovery target (on)
282 284 # just before the recovery target (off)
283 285 # (change requires restart)
284 286 #recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID
285 287 # (change requires restart)
286 288 #recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown'
287 289 # (change requires restart)
288 290
289 291
290 292 #------------------------------------------------------------------------------
291 293 # REPLICATION
292 294 #------------------------------------------------------------------------------
293 295
294 296 # - Sending Servers -
295 297
296 298 # Set these on the primary and on any standby that will send replication data.
297 299
298 300 #max_wal_senders = 10 # max number of walsender processes
299 301 # (change requires restart)
300 302 #max_replication_slots = 10 # max number of replication slots
301 303 # (change requires restart)
302 304 #wal_keep_size = 0 # in megabytes; 0 disables
303 305 #max_slot_wal_keep_size = -1 # in megabytes; -1 disables
304 306 #wal_sender_timeout = 60s # in milliseconds; 0 disables
305 307 #track_commit_timestamp = off # collect timestamp of transaction commit
306 308 # (change requires restart)
307 309
308 310 # - Primary Server -
309 311
310 312 # These settings are ignored on a standby server.
311 313
312 314 #synchronous_standby_names = '' # standby servers that provide sync rep
313 315 # method to choose sync standbys, number of sync standbys,
314 316 # and comma-separated list of application_name
315 317 # from standby(s); '*' = all
316 318 #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed
317 319
318 320 # - Standby Servers -
319 321
320 322 # These settings are ignored on a primary server.
321 323
322 324 #primary_conninfo = '' # connection string to sending server
323 325 #primary_slot_name = '' # replication slot on sending server
324 326 #promote_trigger_file = '' # file name whose presence ends recovery
325 327 #hot_standby = on # "off" disallows queries during recovery
326 328 # (change requires restart)
327 329 #max_standby_archive_delay = 30s # max delay before canceling queries
328 330 # when reading WAL from archive;
329 331 # -1 allows indefinite delay
330 332 #max_standby_streaming_delay = 30s # max delay before canceling queries
331 333 # when reading streaming WAL;
332 334 # -1 allows indefinite delay
333 335 #wal_receiver_create_temp_slot = off # create temp slot if primary_slot_name
334 336 # is not set
335 337 #wal_receiver_status_interval = 10s # send replies at least this often
336 338 # 0 disables
337 339 #hot_standby_feedback = off # send info from standby to prevent
338 340 # query conflicts
339 341 #wal_receiver_timeout = 60s # time that receiver waits for
340 342 # communication from primary
341 343 # in milliseconds; 0 disables
342 344 #wal_retrieve_retry_interval = 5s # time to wait before retrying to
343 345 # retrieve WAL after a failed attempt
344 346 #recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery
345 347
346 348 # - Subscribers -
347 349
348 350 # These settings are ignored on a publisher.
349 351
350 352 #max_logical_replication_workers = 4 # taken from max_worker_processes
351 353 # (change requires restart)
352 354 #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers
353 355
354 356
355 357 #------------------------------------------------------------------------------
356 358 # QUERY TUNING
357 359 #------------------------------------------------------------------------------
358 360
359 361 # - Planner Method Configuration -
360 362
361 363 #enable_async_append = on
362 364 #enable_bitmapscan = on
363 365 #enable_gathermerge = on
364 366 #enable_hashagg = on
365 367 #enable_hashjoin = on
366 368 #enable_incremental_sort = on
367 369 #enable_indexscan = on
368 370 #enable_indexonlyscan = on
369 371 #enable_material = on
370 372 #enable_memoize = on
371 373 #enable_mergejoin = on
372 374 #enable_nestloop = on
373 375 #enable_parallel_append = on
374 376 #enable_parallel_hash = on
375 377 #enable_partition_pruning = on
376 378 #enable_partitionwise_join = off
377 379 #enable_partitionwise_aggregate = off
378 380 #enable_seqscan = on
379 381 #enable_sort = on
380 382 #enable_tidscan = on
381 383
382 384 # - Planner Cost Constants -
383 385
384 386 #seq_page_cost = 1.0 # measured on an arbitrary scale
385 387 #random_page_cost = 4.0 # same scale as above
386 388 #cpu_tuple_cost = 0.01 # same scale as above
387 389 #cpu_index_tuple_cost = 0.005 # same scale as above
388 390 #cpu_operator_cost = 0.0025 # same scale as above
389 391 #parallel_setup_cost = 1000.0 # same scale as above
390 392 #parallel_tuple_cost = 0.1 # same scale as above
391 393 #min_parallel_table_scan_size = 8MB
392 394 #min_parallel_index_scan_size = 512kB
393 395 #effective_cache_size = 4GB
394 396
395 397 #jit_above_cost = 100000 # perform JIT compilation if available
396 398 # and query more expensive than this;
397 399 # -1 disables
398 400 #jit_inline_above_cost = 500000 # inline small functions if query is
399 401 # more expensive than this; -1 disables
400 402 #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if
401 403 # query is more expensive than this;
402 404 # -1 disables
403 405
404 406 # - Genetic Query Optimizer -
405 407
406 408 #geqo = on
407 409 #geqo_threshold = 12
408 410 #geqo_effort = 5 # range 1-10
409 411 #geqo_pool_size = 0 # selects default based on effort
410 412 #geqo_generations = 0 # selects default based on effort
411 413 #geqo_selection_bias = 2.0 # range 1.5-2.0
412 414 #geqo_seed = 0.0 # range 0.0-1.0
413 415
414 416 # - Other Planner Options -
415 417
416 418 #default_statistics_target = 100 # range 1-10000
417 419 #constraint_exclusion = partition # on, off, or partition
418 420 #cursor_tuple_fraction = 0.1 # range 0.0-1.0
419 421 #from_collapse_limit = 8
420 422 #jit = on # allow JIT compilation
421 423 #join_collapse_limit = 8 # 1 disables collapsing of explicit
422 424 # JOIN clauses
423 425 #plan_cache_mode = auto # auto, force_generic_plan or
424 426 # force_custom_plan
425 427
426 428
427 429 #------------------------------------------------------------------------------
428 430 # REPORTING AND LOGGING
429 431 #------------------------------------------------------------------------------
430 432
431 433 # - Where to Log -
432 434
433 435 log_destination = 'stderr' # Valid values are combinations of
434 436 # stderr, csvlog, syslog, and eventlog,
435 437 # depending on platform. csvlog
436 438 # requires logging_collector to be on.
437 439
438 440 # This is used when logging to stderr:
439 logging_collector = on # Enable capturing of stderr and csvlog
441 #logging_collector = on # Enable capturing of stderr and csvlog
440 442 # into log files. Required to be on for
441 443 # csvlogs.
442 444 # (change requires restart)
443 445
444 446 # These are only used if logging_collector is on:
445 log_directory = '/var/log/rhodecode/postgres' # directory where log files are written,
447 #log_directory = '/var/log/rhodecode/postgres' # directory where log files are written,
446 448 # can be absolute or relative to PGDATA
447 log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
449 #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
448 450 # can include strftime() escapes
449 451 #log_file_mode = 0600 # creation mode for log files,
450 452 # begin with 0 to use octal notation
451 453 #log_rotation_age = 1d # Automatic rotation of logfiles will
452 454 # happen after that time. 0 disables.
453 log_rotation_size = 512MB # Automatic rotation of logfiles will
455 #log_rotation_size = 512MB # Automatic rotation of logfiles will
454 456 # happen after that much log output.
455 457 # 0 disables.
456 458 #log_truncate_on_rotation = off # If on, an existing log file with the
457 459 # same name as the new log file will be
458 460 # truncated rather than appended to.
459 461 # But such truncation only occurs on
460 462 # time-driven rotation, not on restarts
461 463 # or size-driven rotation. Default is
462 464 # off, meaning append to existing files
463 465 # in all cases.
464 466
465 467 # These are relevant when logging to syslog:
466 468 #syslog_facility = 'LOCAL0'
467 469 #syslog_ident = 'postgres'
468 470 #syslog_sequence_numbers = on
469 471 #syslog_split_messages = on
470 472
471 473 # This is only relevant when logging to eventlog (Windows):
472 474 # (change requires restart)
473 475 #event_source = 'PostgreSQL'
474 476
475 477 # - When to Log -
476 478
477 479 #log_min_messages = warning # values in order of decreasing detail:
478 480 # debug5
479 481 # debug4
480 482 # debug3
481 483 # debug2
482 484 # debug1
483 485 # info
484 486 # notice
485 487 # warning
486 488 # error
487 489 # log
488 490 # fatal
489 491 # panic
490 492
491 493 #log_min_error_statement = error # values in order of decreasing detail:
492 494 # debug5
493 495 # debug4
494 496 # debug3
495 497 # debug2
496 498 # debug1
497 499 # info
498 500 # notice
499 501 # warning
500 502 # error
501 503 # log
502 504 # fatal
503 505 # panic (effectively off)
504 506
505 507 log_min_duration_statement = 1000 # -1 is disabled, 0 logs all statements
506 508 # and their durations, > 0 logs only
507 509 # statements running at least this number
508 510 # of milliseconds
509 511
510 512 #log_min_duration_sample = -1 # -1 is disabled, 0 logs a sample of statements
511 513 # and their durations, > 0 logs only a sample of
512 514 # statements running at least this number
513 515 # of milliseconds;
514 516 # sample fraction is determined by log_statement_sample_rate
515 517
516 518 #log_statement_sample_rate = 1.0 # fraction of logged statements exceeding
517 519 # log_min_duration_sample to be logged;
518 520 # 1.0 logs all such statements, 0.0 never logs
519 521
520 522
521 523 #log_transaction_sample_rate = 0.0 # fraction of transactions whose statements
522 524 # are logged regardless of their duration; 1.0 logs all
523 525 # statements from all transactions, 0.0 never logs
524 526
525 527 # - What to Log -
526 528
527 529 #debug_print_parse = off
528 530 #debug_print_rewritten = off
529 531 #debug_print_plan = off
530 532 #debug_pretty_print = on
531 533 #log_autovacuum_min_duration = -1 # log autovacuum activity;
532 534 # -1 disables, 0 logs all actions and
533 535 # their durations, > 0 logs only
534 536 # actions running at least this number
535 537 # of milliseconds.
536 538 #log_checkpoints = off
537 #log_connections = off
539 log_connections = off
538 540 #log_disconnections = off
539 541 #log_duration = off
540 542 #log_error_verbosity = default # terse, default, or verbose messages
541 543 #log_hostname = off
542 544 #log_line_prefix = '%m [%p] ' # special values:
543 545 # %a = application name
544 546 # %u = user name
545 547 # %d = database name
546 548 # %r = remote host and port
547 549 # %h = remote host
548 550 # %b = backend type
549 551 # %p = process ID
550 552 # %P = process ID of parallel group leader
551 553 # %t = timestamp without milliseconds
552 554 # %m = timestamp with milliseconds
553 555 # %n = timestamp with milliseconds (as a Unix epoch)
554 556 # %Q = query ID (0 if none or not computed)
555 557 # %i = command tag
556 558 # %e = SQL state
557 559 # %c = session ID
558 560 # %l = session line number
559 561 # %s = session start timestamp
560 562 # %v = virtual transaction ID
561 563 # %x = transaction ID (0 if none)
562 564 # %q = stop here in non-session
563 565 # processes
564 566 # %% = '%'
565 567 # e.g. '<%u%%%d> '
566 568 #log_lock_waits = off # log lock waits >= deadlock_timeout
567 569 #log_recovery_conflict_waits = off # log standby recovery conflict waits
568 570 # >= deadlock_timeout
569 571 #log_parameter_max_length = -1 # when logging statements, limit logged
570 572 # bind-parameter values to N bytes;
571 573 # -1 means print in full, 0 disables
572 574 #log_parameter_max_length_on_error = 0 # when logging an error, limit logged
573 575 # bind-parameter values to N bytes;
574 576 # -1 means print in full, 0 disables
575 577 #log_statement = 'none' # none, ddl, mod, all
576 578 #log_replication_commands = off
577 579 #log_temp_files = -1 # log temporary files equal or larger
578 580 # than the specified size in kilobytes;
579 581 # -1 disables, 0 logs all temp files
580 582 #log_timezone = 'GMT'
581 583
582 584
583 585 #------------------------------------------------------------------------------
584 586 # PROCESS TITLE
585 587 #------------------------------------------------------------------------------
586 588
587 589 #cluster_name = '' # added to process titles if nonempty
588 590 # (change requires restart)
589 591 #update_process_title = on
590 592
591 593
592 594 #------------------------------------------------------------------------------
593 595 # STATISTICS
594 596 #------------------------------------------------------------------------------
595 597
596 598 # - Query and Index Statistics Collector -
597 599
598 600 #track_activities = on
599 601 #track_activity_query_size = 1024 # (change requires restart)
600 602 #track_counts = on
601 603 #track_io_timing = off
602 604 #track_wal_io_timing = off
603 605 #track_functions = none # none, pl, all
604 606 #stats_temp_directory = 'pg_stat_tmp'
605 607
606 608
607 609 # - Monitoring -
608 610
609 611 #compute_query_id = auto
610 612 #log_statement_stats = off
611 613 #log_parser_stats = off
612 614 #log_planner_stats = off
613 615 #log_executor_stats = off
614 616
615 617
616 618 #------------------------------------------------------------------------------
617 619 # AUTOVACUUM
618 620 #------------------------------------------------------------------------------
619 621
620 622 #autovacuum = on # Enable autovacuum subprocess? 'on'
621 623 # requires track_counts to also be on.
622 624 #autovacuum_max_workers = 3 # max number of autovacuum subprocesses
623 625 # (change requires restart)
624 626 #autovacuum_naptime = 1min # time between autovacuum runs
625 627 #autovacuum_vacuum_threshold = 50 # min number of row updates before
626 628 # vacuum
627 629 #autovacuum_vacuum_insert_threshold = 1000 # min number of row inserts
628 630 # before vacuum; -1 disables insert
629 631 # vacuums
630 632 #autovacuum_analyze_threshold = 50 # min number of row updates before
631 633 # analyze
632 634 #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum
633 635 #autovacuum_vacuum_insert_scale_factor = 0.2 # fraction of inserts over table
634 636 # size before insert vacuum
635 637 #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze
636 638 #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum
637 639 # (change requires restart)
638 640 #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age
639 641 # before forced vacuum
640 642 # (change requires restart)
641 643 #autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for
642 644 # autovacuum, in milliseconds;
643 645 # -1 means use vacuum_cost_delay
644 646 #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for
645 647 # autovacuum, -1 means use
646 648 # vacuum_cost_limit
647 649
648 650
649 651 #------------------------------------------------------------------------------
650 652 # CLIENT CONNECTION DEFAULTS
651 653 #------------------------------------------------------------------------------
652 654
653 655 # - Statement Behavior -
654 656
655 657 #client_min_messages = notice # values in order of decreasing detail:
656 658 # debug5
657 659 # debug4
658 660 # debug3
659 661 # debug2
660 662 # debug1
661 663 # log
662 664 # notice
663 665 # warning
664 666 # error
665 667 #search_path = '"$user", public' # schema names
666 668 #row_security = on
667 669 #default_table_access_method = 'heap'
668 670 #default_tablespace = '' # a tablespace name, '' uses the default
669 671 #default_toast_compression = 'pglz' # 'pglz' or 'lz4'
670 672 #temp_tablespaces = '' # a list of tablespace names, '' uses
671 673 # only default tablespace
672 674 #check_function_bodies = on
673 675 #default_transaction_isolation = 'read committed'
674 676 #default_transaction_read_only = off
675 677 #default_transaction_deferrable = off
676 678 #session_replication_role = 'origin'
677 679 #statement_timeout = 0 # in milliseconds, 0 is disabled
678 680 #lock_timeout = 0 # in milliseconds, 0 is disabled
679 681 #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled
680 682 #idle_session_timeout = 0 # in milliseconds, 0 is disabled
681 683 #vacuum_freeze_table_age = 150000000
682 684 #vacuum_freeze_min_age = 50000000
683 685 #vacuum_failsafe_age = 1600000000
684 686 #vacuum_multixact_freeze_table_age = 150000000
685 687 #vacuum_multixact_freeze_min_age = 5000000
686 688 #vacuum_multixact_failsafe_age = 1600000000
687 689 #bytea_output = 'hex' # hex, escape
688 690 #xmlbinary = 'base64'
689 691 #xmloption = 'content'
690 692 #gin_pending_list_limit = 4MB
691 693
692 694 # - Locale and Formatting -
693 695
694 696 #datestyle = 'iso, mdy'
695 697 #intervalstyle = 'postgres'
696 698 #timezone = 'GMT'
697 699 #timezone_abbreviations = 'Default' # Select the set of available time zone
698 700 # abbreviations. Currently, there are
699 701 # Default
700 702 # Australia (historical usage)
701 703 # India
702 704 # You can create your own file in
703 705 # share/timezonesets/.
704 706 #extra_float_digits = 1 # min -15, max 3; any value >0 actually
705 707 # selects precise output mode
706 708 #client_encoding = sql_ascii # actually, defaults to database
707 709 # encoding
708 710
709 711 # These settings are initialized by initdb, but they can be changed.
710 712 #lc_messages = 'C' # locale for system error message
711 713 # strings
712 714 #lc_monetary = 'C' # locale for monetary formatting
713 715 #lc_numeric = 'C' # locale for number formatting
714 716 #lc_time = 'C' # locale for time formatting
715 717
716 718 # default configuration for text search
717 719 #default_text_search_config = 'pg_catalog.simple'
718 720
719 721 # - Shared Library Preloading -
720 722
721 723 #local_preload_libraries = ''
722 724 #session_preload_libraries = ''
723 725 #shared_preload_libraries = '' # (change requires restart)
724 726 #jit_provider = 'llvmjit' # JIT library to use
725 727
726 728 # - Other Defaults -
727 729
728 730 #dynamic_library_path = '$libdir'
729 731 #extension_destdir = '' # prepend path when loading extensions
730 732 # and shared objects (added by Debian)
731 733 #gin_fuzzy_search_limit = 0
732 734
733 735
734 736 #------------------------------------------------------------------------------
735 737 # LOCK MANAGEMENT
736 738 #------------------------------------------------------------------------------
737 739
738 740 #deadlock_timeout = 1s
739 741 #max_locks_per_transaction = 64 # min 10
740 742 # (change requires restart)
741 743 #max_pred_locks_per_transaction = 64 # min 10
742 744 # (change requires restart)
743 745 #max_pred_locks_per_relation = -2 # negative values mean
744 746 # (max_pred_locks_per_transaction
745 747 # / -max_pred_locks_per_relation) - 1
746 748 #max_pred_locks_per_page = 2 # min 0
747 749
748 750
749 751 #------------------------------------------------------------------------------
750 752 # VERSION AND PLATFORM COMPATIBILITY
751 753 #------------------------------------------------------------------------------
752 754
753 755 # - Previous PostgreSQL Versions -
754 756
755 757 #array_nulls = on
756 758 #backslash_quote = safe_encoding # on, off, or safe_encoding
757 759 #escape_string_warning = on
758 760 #lo_compat_privileges = off
759 761 #quote_all_identifiers = off
760 762 #standard_conforming_strings = on
761 763 #synchronize_seqscans = on
762 764
763 765 # - Other Platforms and Clients -
764 766
765 767 #transform_null_equals = off
766 768
767 769
768 770 #------------------------------------------------------------------------------
769 771 # ERROR HANDLING
770 772 #------------------------------------------------------------------------------
771 773
772 774 #exit_on_error = off # terminate session on any error?
773 775 #restart_after_crash = on # reinitialize after backend crash?
774 776 #data_sync_retry = off # retry or panic on failure to fsync
775 777 # data?
776 778 # (change requires restart)
777 779 #recovery_init_sync_method = fsync # fsync, syncfs (Linux 5.8+)
778 780
779 781
780 782 #------------------------------------------------------------------------------
781 783 # CONFIG FILE INCLUDES
782 784 #------------------------------------------------------------------------------
783 785
784 786 # These options allow settings to be loaded from files other than the
785 787 # default postgresql.conf. Note that these are directives, not variable
786 788 # assignments, so they can usefully be given more than once.
787 789
788 790 #include_dir = '...' # include files ending in '.conf' from
789 791 # a directory, e.g., 'conf.d'
790 792 #include_if_exists = '...' # include file only if it exists
791 793 #include = '...' # include file
792 794
793 795
794 796 #------------------------------------------------------------------------------
795 797 # CUSTOMIZED OPTIONS
796 798 #------------------------------------------------------------------------------
797 799
798 800 # Add settings for extensions here
799 801
800 802 max_connections = 400
801 803 shared_buffers = 1GB
802 804 effective_cache_size = 3GB
803 805 work_mem = 2621kB
804 806 maintenance_work_mem = 256MB
805 807 checkpoint_completion_target = 0.9
806 808 wal_buffers = 16MB
807 809 default_statistics_target = 100
808 810 password_encryption = md5
Show file before | Show file after | Hide comments
@@ -1,132 +1,135 b''
1 1 # read more here http://tautt.com/best-nginx-configuration-for-security/
2 2
3 3 # config to don't allow the browser to render the page inside an frame or iframe
4 4 # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
5 5 # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
6 6 # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
7 7 #add_header X-Frame-Options SAMEORIGIN;
8 8
9 9 # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
10 10 # to disable content-type sniffing on some browsers.
11 11 # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
12 12 # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
13 13 # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
14 14 # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
15 15 #add_header X-Content-Type-Options nosniff;
16 16
17 17 # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
18 18 # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
19 19 # this particular website if it was disabled by the user.
20 20 # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
21 21 #add_header X-XSS-Protection "1; mode=block";
22 22
23 23 # with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy),
24 24 # you can tell the browser that it can only download content from the domains you explicitly allow
25 25 # http://www.html5rocks.com/en/tutorials/security/content-security-policy/
26 26 # https://www.owasp.org/index.php/Content_Security_Policy
27 27 # I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval'
28 28 # directives for css and js(if you have inline css or js, you will need to keep it too).
29 29 # more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful
30 30 #add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";
31 31
32 32 ## rate limiter for certain pages to prevent brute force attacks
33 33 limit_req_zone $binary_remote_addr zone=http_req_limit:10m rate=1r/s;
34 34
35 35 ## custom log format
36 36 log_format http_log_custom '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time $upstream_response_time $pipe';
37 37
38 38 log_format json_log_custom escape=json
39 39 '{'
40 40 '"source":"nginx",'
41 41 '"remote_user":"$remote_user",'
42 42 '"time_local":"$time_local",'
43 43 '"remote_addr":"$remote_addr",'
44 44 '"proxy_x_forwarded_for":"$proxy_add_x_forwarded_for",'
45 45 '"request":"$request",'
46 46 '"status": "$status",'
47 47 '"request_method": "$request_method",'
48 48 '"body_bytes_sent":"$body_bytes_sent",'
49 49 '"request_time":"$request_time",'
50 50 '"upstream_response_time":"$upstream_response_time",'
51 51 '"http_referrer":"$http_referer",'
52 52 '"http_user_agent":"$http_user_agent"'
53 53 '}';
54 54
55 55
56 56 server {
57 57 listen 80 default;
58 58 # ensure we get the proper Docker DNS resolver for load balancing.
59 59 resolver 127.0.0.11 ipv6=off;
60 60 server_name localhost 127.0.0.1;
61 access_log /var/log/rhodecode/nginx/rhodecode.http.access.log json_log_custom;
62 error_log /var/log/rhodecode/nginx/rhodecode.http.error.log;
61 access_log /dev/stdout json_log_custom;
62 error_log /dev/stdout;
63 63
64 # uncomment to redirect http traffic to https
64 # uncomment to redirect http traffic to https (not applicable in Docker setup)
65 65 #return 301 https://$host$request_uri;
66 66
67 67 client_body_buffer_size 128k;
68 68 # maximum number and size of buffers for large headers to read from client request
69 69 large_client_header_buffers 16 256k;
70 70
71 71 ## serve static files by nginx, recommended
72 72 location /_static/rhodecode {
73 73 gzip on;
74 74 gzip_min_length 500;
75 75 gzip_proxied any;
76 76 gzip_comp_level 4;
77 77 gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
78 78 gzip_vary on;
79 79 gzip_disable "msie6";
80 80 expires 60d;
81 81
82 82 alias /var/opt/rhodecode_data/static;
83 83 }
84 84
85 85 ## channelstream location handler, if channelstream live chat and notifications
86 86 ## are enable this will proxy the requests to channelstream websocket server
87 87 location /_channelstream {
88 88 rewrite /_channelstream/(.*) /$1 break;
89 89 gzip off;
90 90 tcp_nodelay off;
91 91
92 92 proxy_connect_timeout 10;
93 93 proxy_send_timeout 10m;
94 94 proxy_read_timeout 10m;
95 95
96 96 proxy_set_header Host $host;
97 97 proxy_set_header X-Real-IP $remote_addr;
98 98 proxy_set_header X-Url-Scheme $scheme;
99 99 proxy_set_header X-Forwarded-Proto $scheme;
100 100 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
101 101
102 102 proxy_http_version 1.1;
103 103 proxy_set_header Upgrade $http_upgrade;
104 104 proxy_set_header Connection "upgrade";
105 105
106 proxy_pass http://channelstream:9800;
106 set $upstream_channelstream http://channelstream:8000;
107 proxy_pass $upstream_channelstream;
107 108 }
108 109
109 ## rate limit this endpoint to prevent login page brute-force attacks
110 location /_admin/login {
111 limit_req zone=http_req_limit burst=10 nodelay;
112 try_files $uri @rhodecode_http;
113 }
110 # ## rate limit this endpoint to prevent login page brute-force attacks
111 # location /_admin/login {
112 # limit_req zone=http_req_limit burst=10 nodelay;
113 # try_files $uri @rhodecode_http;
114 # }
114 115
115 116 location / {
116 include /etc/nginx/proxy.conf;
117 try_files $uri @rhodecode_http;
117 include /etc/nginx/proxy.conf;
118 try_files $uri @rhodecode_http;
118 119 }
119 120
120 121 location @rhodecode_http {
121 include /etc/nginx/proxy.conf;
122 proxy_pass http://rhodecode:10020;
122 set $upstream http://rhodecode:10020;
123 include /etc/nginx/proxy.conf;
124 proxy_pass $upstream;
123 125 }
124 126
125 127 ## Custom 502 error page.
126 128 ## Will be displayed while RhodeCode server is turned off
127 129 error_page 502 /502.html;
128 130 location = /502.html {
129 root /var/opt/static;
131 root /var/opt/rhodecode_data/static;
132 internal;
130 133 }
131 134
132 135 }
Show file before | Show file after | Hide comments
@@ -1,30 +1,31 b''
1 1 user root;
2 2 worker_processes 2;
3 3
4 4 pid /var/run/nginx.pid;
5 error_log /var/log/rhodecode/nginx/default.error.log warn;
5 error_log /dev/stdout info;
6 6
7 7 events {
8 8 worker_connections 1024;
9 9 # multi_accept on;
10 10 }
11 11
12 12 http {
13 13 include /etc/nginx/mime.types;
14 14 default_type application/octet-stream;
15 server_tokens off;
15 16
16 17 log_format main '$remote_addr - $remote_user [$time_local] '
17 18 '"$request" $status $body_bytes_sent '
18 19 '"$http_referer" "$http_user_agent" '
19 20 '$request_time $upstream_response_time $pipe';
20 21
21 access_log /var/log/rhodecode/nginx/default.access.log main;
22 access_log /dev/stdout main;
22 23
23 24 sendfile on;
24 25 tcp_nopush on;
25 26 tcp_nodelay on;
26 27 keepalive_timeout 65;
27 28 types_hash_max_size 2048;
28 29
29 include /etc/nginx/sites-enabled/*.conf;
30 include /etc/nginx/http.conf;
30 31 }
Show file before | Show file after | Hide comments
1 NO CONTENT: file renamed from service/nginx/proxy.conf to config/nginx/proxy.conf
Show file before | Show file after | Hide comments
@@ -1,17 +1,23 b''
1 1 global:
2 2 scrape_interval: 15s
3 3 evaluation_interval: 15s
4 4
5 5 scrape_configs:
6 6
7 7 # Scrape statsd exporter from RhodeCode
8 8 - job_name: "rhodecode_metrics"
9 9 metrics_path: "/metrics"
10 10 static_configs:
11 11 - targets: ["statsd-exporter:9102"]
12 12
13 13 # scrape node exporter
14 14 - job_name: node_metrics
15 15 metrics_path: "/metrics"
16 16 static_configs:
17 17 - targets: ["node-exporter:9100"]
18
19 # scrape traefik node
20 - job_name: traefik_metrics
21 metrics_path: "/metrics"
22 static_configs:
23 - targets: ["traefik:7000"]
Show file before | Show file after | Hide comments
@@ -1,38 +1,38 b''
1 1 server:
2 2 http_listen_port: 9080
3 3 grpc_listen_port: 0
4 4
5 5 # Describes how to save read file offsets to disk
6 6 positions:
7 7 filename: /tmp/positions.yaml
8 8
9 9 clients:
10 10 - url: http://loki:3100/loki/api/v1/push
11 11 tenant_id: docker
12 12
13 13 ## Definition to what to scrape
14 14 scrape_configs:
15 15
16 - job_name: scraping_nginx
17 static_configs:
18 - targets:
19 - localhost
20 labels:
21 __path__: /var/log_volume/nginx/rhodecode*
22 job: nginx
23
24 - job_name: scraping_vcsserver
25 static_configs:
26 - targets:
27 - localhost
28 labels:
29 __path__: /var/log_volume/apps/rhodecode*
30 job: rhodecode
31
32 - job_name: scraping_rhodecode
33 static_configs:
34 - targets:
35 - localhost
36 labels:
37 __path__: /var/log_volume/apps/vcsserver*
38 job: vcsserver No newline at end of file
16 #- job_name: scraping_nginx
17 # static_configs:
18 # - targets:
19 # - localhost
20 # labels:
21 # __path__: /var/log_volume/nginx/rhodecode*
22 # job: nginx
23 #
24 #- job_name: scraping_vcsserver
25 # static_configs:
26 # - targets:
27 # - localhost
28 # labels:
29 # __path__: /var/log_volume/apps/rhodecode*
30 # job: rhodecode
31 #
32 #- job_name: scraping_rhodecode
33 # static_configs:
34 # - targets:
35 # - localhost
36 # labels:
37 # __path__: /var/log_volume/apps/vcsserver*
38 # job: vcsserver No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,1865 +1,1865 b''
1 1 # Redis configuration file example.
2 2 #
3 3 # Note that in order to read the configuration file, Redis must be
4 4 # started with the file path as first argument:
5 5 #
6 6 # ./redis-server /path/to/redis.conf
7 7
8 8 # Note on units: when memory size is needed, it is possible to specify
9 9 # it in the usual form of 1k 5GB 4M and so forth:
10 10 #
11 11 # 1k => 1000 bytes
12 12 # 1kb => 1024 bytes
13 13 # 1m => 1000000 bytes
14 14 # 1mb => 1024*1024 bytes
15 15 # 1g => 1000000000 bytes
16 16 # 1gb => 1024*1024*1024 bytes
17 17 #
18 18 # units are case insensitive so 1GB 1Gb 1gB are all the same.
19 19
20 20 ################################## INCLUDES ###################################
21 21
22 22 # Include one or more other config files here. This is useful if you
23 23 # have a standard template that goes to all Redis servers but also need
24 24 # to customize a few per-server settings. Include files can include
25 25 # other files, so use this wisely.
26 26 #
27 27 # Note that option "include" won't be rewritten by command "CONFIG REWRITE"
28 28 # from admin or Redis Sentinel. Since Redis always uses the last processed
29 29 # line as value of a configuration directive, you'd better put includes
30 30 # at the beginning of this file to avoid overwriting config change at runtime.
31 31 #
32 32 # If instead you are interested in using includes to override configuration
33 33 # options, it is better to use include as the last line.
34 34 #
35 35 # include /path/to/local.conf
36 36 # include /path/to/other.conf
37 37
38 38 ################################## MODULES #####################################
39 39
40 40 # Load modules at startup. If the server is not able to load modules
41 41 # it will abort. It is possible to use multiple loadmodule directives.
42 42 #
43 43 # loadmodule /path/to/my_module.so
44 44 # loadmodule /path/to/other_module.so
45 45
46 46 ################################## NETWORK #####################################
47 47
48 48 # By default, if no "bind" configuration directive is specified, Redis listens
49 49 # for connections from all available network interfaces on the host machine.
50 50 # It is possible to listen to just one or multiple selected interfaces using
51 51 # the "bind" configuration directive, followed by one or more IP addresses.
52 52 #
53 53 # Examples:
54 54 #
55 55 # bind 192.168.1.100 10.0.0.1
56 56 # bind 127.0.0.1 ::1
57 57 #
58 58 # ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the
59 59 # internet, binding to all the interfaces is dangerous and will expose the
60 60 # instance to everybody on the internet. So by default we uncomment the
61 61 # following bind directive, that will force Redis to listen only on the
62 62 # IPv4 loopback interface address (this means Redis will only be able to
63 63 # accept client connections from the same host that it is running on).
64 64 #
65 65 # IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
66 66 # JUST COMMENT OUT THE FOLLOWING LINE.
67 67 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
68 68 #bind 127.0.0.1
69 69
70 70 # Protected mode is a layer of security protection, in order to avoid that
71 71 # Redis instances left open on the internet are accessed and exploited.
72 72 #
73 73 # When protected mode is on and if:
74 74 #
75 75 # 1) The server is not binding explicitly to a set of addresses using the
76 76 # "bind" directive.
77 77 # 2) No password is configured.
78 78 #
79 79 # The server only accepts connections from clients connecting from the
80 80 # IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain
81 81 # sockets.
82 82 #
83 83 # By default protected mode is enabled. You should disable it only if
84 84 # you are sure you want clients from other hosts to connect to Redis
85 85 # even if no authentication is configured, nor a specific set of interfaces
86 86 # are explicitly listed using the "bind" directive.
87 87 protected-mode no
88 88
89 89 # Accept connections on the specified port, default is 6379 (IANA #815344).
90 90 # If port 0 is specified Redis will not listen on a TCP socket.
91 91 port 6379
92 92
93 93 # TCP listen() backlog.
94 94 #
95 95 # In high requests-per-second environments you need a high backlog in order
96 96 # to avoid slow clients connection issues. Note that the Linux kernel
97 97 # will silently truncate it to the value of /proc/sys/net/core/somaxconn so
98 98 # make sure to raise both the value of somaxconn and tcp_max_syn_backlog
99 99 # in order to get the desired effect.
100 100 tcp-backlog 511
101 101
102 102 # Unix socket.
103 103 #
104 104 # Specify the path for the Unix socket that will be used to listen for
105 105 # incoming connections. There is no default, so Redis will not listen
106 106 # on a unix socket when not specified.
107 107 #
108 108 # unixsocket /tmp/redis.sock
109 109 # unixsocketperm 700
110 110
111 111 # Close the connection after a client is idle for N seconds (0 to disable)
112 112 timeout 0
113 113
114 114 # TCP keepalive.
115 115 #
116 116 # If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence
117 117 # of communication. This is useful for two reasons:
118 118 #
119 119 # 1) Detect dead peers.
120 120 # 2) Force network equipment in the middle to consider the connection to be
121 121 # alive.
122 122 #
123 123 # On Linux, the specified value (in seconds) is the period used to send ACKs.
124 124 # Note that to close the connection the double of the time is needed.
125 125 # On other kernels the period depends on the kernel configuration.
126 126 #
127 127 # A reasonable value for this option is 300 seconds, which is the new
128 128 # Redis default starting with Redis 3.2.1.
129 129 tcp-keepalive 300
130 130
131 131 ################################# TLS/SSL #####################################
132 132
133 133 # By default, TLS/SSL is disabled. To enable it, the "tls-port" configuration
134 134 # directive can be used to define TLS-listening ports. To enable TLS on the
135 135 # default port, use:
136 136 #
137 137 # port 0
138 138 # tls-port 6379
139 139
140 140 # Configure a X.509 certificate and private key to use for authenticating the
141 141 # server to connected clients, masters or cluster peers. These files should be
142 142 # PEM formatted.
143 143 #
144 144 # tls-cert-file redis.crt
145 145 # tls-key-file redis.key
146 146
147 147 # Configure a DH parameters file to enable Diffie-Hellman (DH) key exchange:
148 148 #
149 149 # tls-dh-params-file redis.dh
150 150
151 151 # Configure a CA certificate(s) bundle or directory to authenticate TLS/SSL
152 152 # clients and peers. Redis requires an explicit configuration of at least one
153 153 # of these, and will not implicitly use the system wide configuration.
154 154 #
155 155 # tls-ca-cert-file ca.crt
156 156 # tls-ca-cert-dir /etc/ssl/certs
157 157
158 158 # By default, clients (including replica servers) on a TLS port are required
159 159 # to authenticate using valid client side certificates.
160 160 #
161 161 # If "no" is specified, client certificates are not required and not accepted.
162 162 # If "optional" is specified, client certificates are accepted and must be
163 163 # valid if provided, but are not required.
164 164 #
165 165 # tls-auth-clients no
166 166 # tls-auth-clients optional
167 167
168 168 # By default, a Redis replica does not attempt to establish a TLS connection
169 169 # with its master.
170 170 #
171 171 # Use the following directive to enable TLS on replication links.
172 172 #
173 173 # tls-replication yes
174 174
175 175 # By default, the Redis Cluster bus uses a plain TCP connection. To enable
176 176 # TLS for the bus protocol, use the following directive:
177 177 #
178 178 # tls-cluster yes
179 179
180 180 # Explicitly specify TLS versions to support. Allowed values are case insensitive
181 181 # and include "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" (OpenSSL >= 1.1.1) or
182 182 # any combination. To enable only TLSv1.2 and TLSv1.3, use:
183 183 #
184 184 # tls-protocols "TLSv1.2 TLSv1.3"
185 185
186 186 # Configure allowed ciphers. See the ciphers(1ssl) manpage for more information
187 187 # about the syntax of this string.
188 188 #
189 189 # Note: this configuration applies only to <= TLSv1.2.
190 190 #
191 191 # tls-ciphers DEFAULT:!MEDIUM
192 192
193 193 # Configure allowed TLSv1.3 ciphersuites. See the ciphers(1ssl) manpage for more
194 194 # information about the syntax of this string, and specifically for TLSv1.3
195 195 # ciphersuites.
196 196 #
197 197 # tls-ciphersuites TLS_CHACHA20_POLY1305_SHA256
198 198
199 199 # When choosing a cipher, use the server's preference instead of the client
200 200 # preference. By default, the server follows the client's preference.
201 201 #
202 202 # tls-prefer-server-ciphers yes
203 203
204 204 # By default, TLS session caching is enabled to allow faster and less expensive
205 205 # reconnections by clients that support it. Use the following directive to disable
206 206 # caching.
207 207 #
208 208 # tls-session-caching no
209 209
210 210 # Change the default number of TLS sessions cached. A zero value sets the cache
211 211 # to unlimited size. The default size is 20480.
212 212 #
213 213 # tls-session-cache-size 5000
214 214
215 215 # Change the default timeout of cached TLS sessions. The default timeout is 300
216 216 # seconds.
217 217 #
218 218 # tls-session-cache-timeout 60
219 219
220 220 ################################# GENERAL #####################################
221 221
222 222 # By default Redis does not run as a daemon. Use 'yes' if you need it.
223 223 # Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
224 224 daemonize no
225 225
226 226 # If you run Redis from upstart or systemd, Redis can interact with your
227 227 # supervision tree. Options:
228 228 # supervised no - no supervision interaction
229 229 # supervised upstart - signal upstart by putting Redis into SIGSTOP mode
230 230 # requires "expect stop" in your upstart job config
231 231 # supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
232 232 # supervised auto - detect upstart or systemd method based on
233 233 # UPSTART_JOB or NOTIFY_SOCKET environment variables
234 234 # Note: these supervision methods only signal "process is ready."
235 235 # They do not enable continuous pings back to your supervisor.
236 236 supervised no
237 237
238 238 # If a pid file is specified, Redis writes it where specified at startup
239 239 # and removes it at exit.
240 240 #
241 241 # When the server runs non daemonized, no pid file is created if none is
242 242 # specified in the configuration. When the server is daemonized, the pid file
243 243 # is used even if not specified, defaulting to "/var/run/redis.pid".
244 244 #
245 245 # Creating a pid file is best effort: if Redis is not able to create it
246 246 # nothing bad happens, the server will start and run normally.
247 247 pidfile /var/run/redis_6379.pid
248 248
249 249 # Specify the server verbosity level.
250 250 # This can be one of:
251 251 # debug (a lot of information, useful for development/testing)
252 252 # verbose (many rarely useful info, but not a mess like the debug level)
253 253 # notice (moderately verbose, what you want in production probably)
254 254 # warning (only very important / critical messages are logged)
255 255 loglevel notice
256 256
257 257 # Specify the log file name. Also the empty string can be used to force
258 258 # Redis to log on the standard output. Note that if you use standard
259 259 # output for logging but daemonize, logs will be sent to /dev/null
260 260 logfile ""
261 261
262 262 # To enable logging to the system logger, just set 'syslog-enabled' to yes,
263 263 # and optionally update the other syslog parameters to suit your needs.
264 264 # syslog-enabled no
265 265
266 266 # Specify the syslog identity.
267 267 # syslog-ident redis
268 268
269 269 # Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
270 270 # syslog-facility local0
271 271
272 272 # Set the number of databases. The default database is DB 0, you can select
273 273 # a different one on a per-connection basis using SELECT <dbid> where
274 274 # dbid is a number between 0 and 'databases'-1
275 275 databases 16
276 276
277 277 # By default Redis shows an ASCII art logo only when started to log to the
278 278 # standard output and if the standard output is a TTY. Basically this means
279 279 # that normally a logo is displayed only in interactive sessions.
280 280 #
281 281 # However it is possible to force the pre-4.0 behavior and always show a
282 282 # ASCII art logo in startup logs by setting the following option to yes.
283 always-show-logo yes
283 always-show-logo no
284 284
285 285 ################################ SNAPSHOTTING ################################
286 286 #
287 287 # Save the DB on disk:
288 288 #
289 289 # save <seconds> <changes>
290 290 #
291 291 # Will save the DB if both the given number of seconds and the given
292 292 # number of write operations against the DB occurred.
293 293 #
294 294 # In the example below the behavior will be to save:
295 295 # after 900 sec (15 min) if at least 1 key changed
296 296 # after 300 sec (5 min) if at least 10 keys changed
297 297 # after 60 sec if at least 10000 keys changed
298 298 #
299 299 # Note: you can disable saving completely by commenting out all "save" lines.
300 300 #
301 301 # It is also possible to remove all the previously configured save
302 302 # points by adding a save directive with a single empty string argument
303 303 # like in the following example:
304 304 #
305 305 # save ""
306 306
307 307 save 900 1
308 308 save 300 10
309 309 save 60 10000
310 310
311 311 # By default Redis will stop accepting writes if RDB snapshots are enabled
312 312 # (at least one save point) and the latest background save failed.
313 313 # This will make the user aware (in a hard way) that data is not persisting
314 314 # on disk properly, otherwise chances are that no one will notice and some
315 315 # disaster will happen.
316 316 #
317 317 # If the background saving process will start working again Redis will
318 318 # automatically allow writes again.
319 319 #
320 320 # However if you have setup your proper monitoring of the Redis server
321 321 # and persistence, you may want to disable this feature so that Redis will
322 322 # continue to work as usual even if there are problems with disk,
323 323 # permissions, and so forth.
324 324 stop-writes-on-bgsave-error yes
325 325
326 326 # Compress string objects using LZF when dump .rdb databases?
327 327 # By default compression is enabled as it's almost always a win.
328 328 # If you want to save some CPU in the saving child set it to 'no' but
329 329 # the dataset will likely be bigger if you have compressible values or keys.
330 330 rdbcompression yes
331 331
332 332 # Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
333 333 # This makes the format more resistant to corruption but there is a performance
334 334 # hit to pay (around 10%) when saving and loading RDB files, so you can disable it
335 335 # for maximum performances.
336 336 #
337 337 # RDB files created with checksum disabled have a checksum of zero that will
338 338 # tell the loading code to skip the check.
339 339 rdbchecksum yes
340 340
341 341 # The filename where to dump the DB
342 342 dbfilename redis_dump.rdb
343 343
344 344 # Remove RDB files used by replication in instances without persistence
345 345 # enabled. By default this option is disabled, however there are environments
346 346 # where for regulations or other security concerns, RDB files persisted on
347 347 # disk by masters in order to feed replicas, or stored on disk by replicas
348 348 # in order to load them for the initial synchronization, should be deleted
349 349 # ASAP. Note that this option ONLY WORKS in instances that have both AOF
350 350 # and RDB persistence disabled, otherwise is completely ignored.
351 351 #
352 352 # An alternative (and sometimes better) way to obtain the same effect is
353 353 # to use diskless replication on both master and replicas instances. However
354 354 # in the case of replicas, diskless is not always an option.
355 355 rdb-del-sync-files no
356 356
357 357 # The working directory.
358 358 #
359 359 # The DB will be written inside this directory, with the filename specified
360 360 # above using the 'dbfilename' configuration directive.
361 361 #
362 362 # The Append Only File will also be created inside this directory.
363 363 #
364 364 # Note that you must specify a directory here, not a file name.
365 dir /var/opt/rhodecode_data/
365 dir /data
366 366
367 367 ################################# REPLICATION #################################
368 368
369 369 # Master-Replica replication. Use replicaof to make a Redis instance a copy of
370 370 # another Redis server. A few things to understand ASAP about Redis replication.
371 371 #
372 372 # +------------------+ +---------------+
373 373 # | Master | ---> | Replica |
374 374 # | (receive writes) | | (exact copy) |
375 375 # +------------------+ +---------------+
376 376 #
377 377 # 1) Redis replication is asynchronous, but you can configure a master to
378 378 # stop accepting writes if it appears to be not connected with at least
379 379 # a given number of replicas.
380 380 # 2) Redis replicas are able to perform a partial resynchronization with the
381 381 # master if the replication link is lost for a relatively small amount of
382 382 # time. You may want to configure the replication backlog size (see the next
383 383 # sections of this file) with a sensible value depending on your needs.
384 384 # 3) Replication is automatic and does not need user intervention. After a
385 385 # network partition replicas automatically try to reconnect to masters
386 386 # and resynchronize with them.
387 387 #
388 388 # replicaof <masterip> <masterport>
389 389
390 390 # If the master is password protected (using the "requirepass" configuration
391 391 # directive below) it is possible to tell the replica to authenticate before
392 392 # starting the replication synchronization process, otherwise the master will
393 393 # refuse the replica request.
394 394 #
395 395 # masterauth <master-password>
396 396 #
397 397 # However this is not enough if you are using Redis ACLs (for Redis version
398 398 # 6 or greater), and the default user is not capable of running the PSYNC
399 399 # command and/or other commands needed for replication. In this case it's
400 400 # better to configure a special user to use with replication, and specify the
401 401 # masteruser configuration as such:
402 402 #
403 403 # masteruser <username>
404 404 #
405 405 # When masteruser is specified, the replica will authenticate against its
406 406 # master using the new AUTH form: AUTH <username> <password>.
407 407
408 408 # When a replica loses its connection with the master, or when the replication
409 409 # is still in progress, the replica can act in two different ways:
410 410 #
411 411 # 1) if replica-serve-stale-data is set to 'yes' (the default) the replica will
412 412 # still reply to client requests, possibly with out of date data, or the
413 413 # data set may just be empty if this is the first synchronization.
414 414 #
415 415 # 2) If replica-serve-stale-data is set to 'no' the replica will reply with
416 416 # an error "SYNC with master in progress" to all commands except:
417 417 # INFO, REPLICAOF, AUTH, PING, SHUTDOWN, REPLCONF, ROLE, CONFIG, SUBSCRIBE,
418 418 # UNSUBSCRIBE, PSUBSCRIBE, PUNSUBSCRIBE, PUBLISH, PUBSUB, COMMAND, POST,
419 419 # HOST and LATENCY.
420 420 #
421 421 replica-serve-stale-data yes
422 422
423 423 # You can configure a replica instance to accept writes or not. Writing against
424 424 # a replica instance may be useful to store some ephemeral data (because data
425 425 # written on a replica will be easily deleted after resync with the master) but
426 426 # may also cause problems if clients are writing to it because of a
427 427 # misconfiguration.
428 428 #
429 429 # Since Redis 2.6 by default replicas are read-only.
430 430 #
431 431 # Note: read only replicas are not designed to be exposed to untrusted clients
432 432 # on the internet. It's just a protection layer against misuse of the instance.
433 433 # Still a read only replica exports by default all the administrative commands
434 434 # such as CONFIG, DEBUG, and so forth. To a limited extent you can improve
435 435 # security of read only replicas using 'rename-command' to shadow all the
436 436 # administrative / dangerous commands.
437 437 replica-read-only yes
438 438
439 439 # Replication SYNC strategy: disk or socket.
440 440 #
441 441 # New replicas and reconnecting replicas that are not able to continue the
442 442 # replication process just receiving differences, need to do what is called a
443 443 # "full synchronization". An RDB file is transmitted from the master to the
444 444 # replicas.
445 445 #
446 446 # The transmission can happen in two different ways:
447 447 #
448 448 # 1) Disk-backed: The Redis master creates a new process that writes the RDB
449 449 # file on disk. Later the file is transferred by the parent
450 450 # process to the replicas incrementally.
451 451 # 2) Diskless: The Redis master creates a new process that directly writes the
452 452 # RDB file to replica sockets, without touching the disk at all.
453 453 #
454 454 # With disk-backed replication, while the RDB file is generated, more replicas
455 455 # can be queued and served with the RDB file as soon as the current child
456 456 # producing the RDB file finishes its work. With diskless replication instead
457 457 # once the transfer starts, new replicas arriving will be queued and a new
458 458 # transfer will start when the current one terminates.
459 459 #
460 460 # When diskless replication is used, the master waits a configurable amount of
461 461 # time (in seconds) before starting the transfer in the hope that multiple
462 462 # replicas will arrive and the transfer can be parallelized.
463 463 #
464 464 # With slow disks and fast (large bandwidth) networks, diskless replication
465 465 # works better.
466 466 repl-diskless-sync no
467 467
468 468 # When diskless replication is enabled, it is possible to configure the delay
469 469 # the server waits in order to spawn the child that transfers the RDB via socket
470 470 # to the replicas.
471 471 #
472 472 # This is important since once the transfer starts, it is not possible to serve
473 473 # new replicas arriving, that will be queued for the next RDB transfer, so the
474 474 # server waits a delay in order to let more replicas arrive.
475 475 #
476 476 # The delay is specified in seconds, and by default is 5 seconds. To disable
477 477 # it entirely just set it to 0 seconds and the transfer will start ASAP.
478 478 repl-diskless-sync-delay 5
479 479
480 480 # -----------------------------------------------------------------------------
481 481 # WARNING: RDB diskless load is experimental. Since in this setup the replica
482 482 # does not immediately store an RDB on disk, it may cause data loss during
483 483 # failovers. RDB diskless load + Redis modules not handling I/O reads may also
484 484 # cause Redis to abort in case of I/O errors during the initial synchronization
485 485 # stage with the master. Use only if your do what you are doing.
486 486 # -----------------------------------------------------------------------------
487 487 #
488 488 # Replica can load the RDB it reads from the replication link directly from the
489 489 # socket, or store the RDB to a file and read that file after it was completely
490 490 # received from the master.
491 491 #
492 492 # In many cases the disk is slower than the network, and storing and loading
493 493 # the RDB file may increase replication time (and even increase the master's
494 494 # Copy on Write memory and salve buffers).
495 495 # However, parsing the RDB file directly from the socket may mean that we have
496 496 # to flush the contents of the current database before the full rdb was
497 497 # received. For this reason we have the following options:
498 498 #
499 499 # "disabled" - Don't use diskless load (store the rdb file to the disk first)
500 500 # "on-empty-db" - Use diskless load only when it is completely safe.
501 501 # "swapdb" - Keep a copy of the current db contents in RAM while parsing
502 502 # the data directly from the socket. note that this requires
503 503 # sufficient memory, if you don't have it, you risk an OOM kill.
504 504 repl-diskless-load disabled
505 505
506 506 # Replicas send PINGs to server in a predefined interval. It's possible to
507 507 # change this interval with the repl_ping_replica_period option. The default
508 508 # value is 10 seconds.
509 509 #
510 510 # repl-ping-replica-period 10
511 511
512 512 # The following option sets the replication timeout for:
513 513 #
514 514 # 1) Bulk transfer I/O during SYNC, from the point of view of replica.
515 515 # 2) Master timeout from the point of view of replicas (data, pings).
516 516 # 3) Replica timeout from the point of view of masters (REPLCONF ACK pings).
517 517 #
518 518 # It is important to make sure that this value is greater than the value
519 519 # specified for repl-ping-replica-period otherwise a timeout will be detected
520 520 # every time there is low traffic between the master and the replica. The default
521 521 # value is 60 seconds.
522 522 #
523 523 # repl-timeout 60
524 524
525 525 # Disable TCP_NODELAY on the replica socket after SYNC?
526 526 #
527 527 # If you select "yes" Redis will use a smaller number of TCP packets and
528 528 # less bandwidth to send data to replicas. But this can add a delay for
529 529 # the data to appear on the replica side, up to 40 milliseconds with
530 530 # Linux kernels using a default configuration.
531 531 #
532 532 # If you select "no" the delay for data to appear on the replica side will
533 533 # be reduced but more bandwidth will be used for replication.
534 534 #
535 535 # By default we optimize for low latency, but in very high traffic conditions
536 536 # or when the master and replicas are many hops away, turning this to "yes" may
537 537 # be a good idea.
538 538 repl-disable-tcp-nodelay no
539 539
540 540 # Set the replication backlog size. The backlog is a buffer that accumulates
541 541 # replica data when replicas are disconnected for some time, so that when a
542 542 # replica wants to reconnect again, often a full resync is not needed, but a
543 543 # partial resync is enough, just passing the portion of data the replica
544 544 # missed while disconnected.
545 545 #
546 546 # The bigger the replication backlog, the longer the replica can endure the
547 547 # disconnect and later be able to perform a partial resynchronization.
548 548 #
549 549 # The backlog is only allocated if there is at least one replica connected.
550 550 #
551 551 # repl-backlog-size 1mb
552 552
553 553 # After a master has no connected replicas for some time, the backlog will be
554 554 # freed. The following option configures the amount of seconds that need to
555 555 # elapse, starting from the time the last replica disconnected, for the backlog
556 556 # buffer to be freed.
557 557 #
558 558 # Note that replicas never free the backlog for timeout, since they may be
559 559 # promoted to masters later, and should be able to correctly "partially
560 560 # resynchronize" with other replicas: hence they should always accumulate backlog.
561 561 #
562 562 # A value of 0 means to never release the backlog.
563 563 #
564 564 # repl-backlog-ttl 3600
565 565
566 566 # The replica priority is an integer number published by Redis in the INFO
567 567 # output. It is used by Redis Sentinel in order to select a replica to promote
568 568 # into a master if the master is no longer working correctly.
569 569 #
570 570 # A replica with a low priority number is considered better for promotion, so
571 571 # for instance if there are three replicas with priority 10, 100, 25 Sentinel
572 572 # will pick the one with priority 10, that is the lowest.
573 573 #
574 574 # However a special priority of 0 marks the replica as not able to perform the
575 575 # role of master, so a replica with priority of 0 will never be selected by
576 576 # Redis Sentinel for promotion.
577 577 #
578 578 # By default the priority is 100.
579 579 replica-priority 100
580 580
581 581 # It is possible for a master to stop accepting writes if there are less than
582 582 # N replicas connected, having a lag less or equal than M seconds.
583 583 #
584 584 # The N replicas need to be in "online" state.
585 585 #
586 586 # The lag in seconds, that must be <= the specified value, is calculated from
587 587 # the last ping received from the replica, that is usually sent every second.
588 588 #
589 589 # This option does not GUARANTEE that N replicas will accept the write, but
590 590 # will limit the window of exposure for lost writes in case not enough replicas
591 591 # are available, to the specified number of seconds.
592 592 #
593 593 # For example to require at least 3 replicas with a lag <= 10 seconds use:
594 594 #
595 595 # min-replicas-to-write 3
596 596 # min-replicas-max-lag 10
597 597 #
598 598 # Setting one or the other to 0 disables the feature.
599 599 #
600 600 # By default min-replicas-to-write is set to 0 (feature disabled) and
601 601 # min-replicas-max-lag is set to 10.
602 602
603 603 # A Redis master is able to list the address and port of the attached
604 604 # replicas in different ways. For example the "INFO replication" section
605 605 # offers this information, which is used, among other tools, by
606 606 # Redis Sentinel in order to discover replica instances.
607 607 # Another place where this info is available is in the output of the
608 608 # "ROLE" command of a master.
609 609 #
610 610 # The listed IP address and port normally reported by a replica is
611 611 # obtained in the following way:
612 612 #
613 613 # IP: The address is auto detected by checking the peer address
614 614 # of the socket used by the replica to connect with the master.
615 615 #
616 616 # Port: The port is communicated by the replica during the replication
617 617 # handshake, and is normally the port that the replica is using to
618 618 # listen for connections.
619 619 #
620 620 # However when port forwarding or Network Address Translation (NAT) is
621 621 # used, the replica may actually be reachable via different IP and port
622 622 # pairs. The following two options can be used by a replica in order to
623 623 # report to its master a specific set of IP and port, so that both INFO
624 624 # and ROLE will report those values.
625 625 #
626 626 # There is no need to use both the options if you need to override just
627 627 # the port or the IP address.
628 628 #
629 629 # replica-announce-ip 5.5.5.5
630 630 # replica-announce-port 1234
631 631
632 632 ############################### KEYS TRACKING #################################
633 633
634 634 # Redis implements server assisted support for client side caching of values.
635 635 # This is implemented using an invalidation table that remembers, using
636 636 # 16 millions of slots, what clients may have certain subsets of keys. In turn
637 637 # this is used in order to send invalidation messages to clients. Please
638 638 # check this page to understand more about the feature:
639 639 #
640 640 # https://redis.io/topics/client-side-caching
641 641 #
642 642 # When tracking is enabled for a client, all the read only queries are assumed
643 643 # to be cached: this will force Redis to store information in the invalidation
644 644 # table. When keys are modified, such information is flushed away, and
645 645 # invalidation messages are sent to the clients. However if the workload is
646 646 # heavily dominated by reads, Redis could use more and more memory in order
647 647 # to track the keys fetched by many clients.
648 648 #
649 649 # For this reason it is possible to configure a maximum fill value for the
650 650 # invalidation table. By default it is set to 1M of keys, and once this limit
651 651 # is reached, Redis will start to evict keys in the invalidation table
652 652 # even if they were not modified, just to reclaim memory: this will in turn
653 653 # force the clients to invalidate the cached values. Basically the table
654 654 # maximum size is a trade off between the memory you want to spend server
655 655 # side to track information about who cached what, and the ability of clients
656 656 # to retain cached objects in memory.
657 657 #
658 658 # If you set the value to 0, it means there are no limits, and Redis will
659 659 # retain as many keys as needed in the invalidation table.
660 660 # In the "stats" INFO section, you can find information about the number of
661 661 # keys in the invalidation table at every given moment.
662 662 #
663 663 # Note: when key tracking is used in broadcasting mode, no memory is used
664 664 # in the server side so this setting is useless.
665 665 #
666 666 # tracking-table-max-keys 1000000
667 667
668 668 ################################## SECURITY ###################################
669 669
670 670 # Warning: since Redis is pretty fast, an outside user can try up to
671 671 # 1 million passwords per second against a modern box. This means that you
672 672 # should use very strong passwords, otherwise they will be very easy to break.
673 673 # Note that because the password is really a shared secret between the client
674 674 # and the server, and should not be memorized by any human, the password
675 675 # can be easily a long string from /dev/urandom or whatever, so by using a
676 676 # long and unguessable password no brute force attack will be possible.
677 677
678 678 # Redis ACL users are defined in the following format:
679 679 #
680 680 # user <username> ... acl rules ...
681 681 #
682 682 # For example:
683 683 #
684 684 # user worker +@list +@connection ~jobs:* on >ffa9203c493aa99
685 685 #
686 686 # The special username "default" is used for new connections. If this user
687 687 # has the "nopass" rule, then new connections will be immediately authenticated
688 688 # as the "default" user without the need of any password provided via the
689 689 # AUTH command. Otherwise if the "default" user is not flagged with "nopass"
690 690 # the connections will start in not authenticated state, and will require
691 691 # AUTH (or the HELLO command AUTH option) in order to be authenticated and
692 692 # start to work.
693 693 #
694 694 # The ACL rules that describe what a user can do are the following:
695 695 #
696 696 # on Enable the user: it is possible to authenticate as this user.
697 697 # off Disable the user: it's no longer possible to authenticate
698 698 # with this user, however the already authenticated connections
699 699 # will still work.
700 700 # +<command> Allow the execution of that command
701 701 # -<command> Disallow the execution of that command
702 702 # +@<category> Allow the execution of all the commands in such category
703 703 # with valid categories are like @admin, @set, @sortedset, ...
704 704 # and so forth, see the full list in the server.c file where
705 705 # the Redis command table is described and defined.
706 706 # The special category @all means all the commands, but currently
707 707 # present in the server, and that will be loaded in the future
708 708 # via modules.
709 709 # +<command>|subcommand Allow a specific subcommand of an otherwise
710 710 # disabled command. Note that this form is not
711 711 # allowed as negative like -DEBUG|SEGFAULT, but
712 712 # only additive starting with "+".
713 713 # allcommands Alias for +@all. Note that it implies the ability to execute
714 714 # all the future commands loaded via the modules system.
715 715 # nocommands Alias for -@all.
716 716 # ~<pattern> Add a pattern of keys that can be mentioned as part of
717 717 # commands. For instance ~* allows all the keys. The pattern
718 718 # is a glob-style pattern like the one of KEYS.
719 719 # It is possible to specify multiple patterns.
720 720 # allkeys Alias for ~*
721 721 # resetkeys Flush the list of allowed keys patterns.
722 722 # ><password> Add this password to the list of valid password for the user.
723 723 # For example >mypass will add "mypass" to the list.
724 724 # This directive clears the "nopass" flag (see later).
725 725 # <<password> Remove this password from the list of valid passwords.
726 726 # nopass All the set passwords of the user are removed, and the user
727 727 # is flagged as requiring no password: it means that every
728 728 # password will work against this user. If this directive is
729 729 # used for the default user, every new connection will be
730 730 # immediately authenticated with the default user without
731 731 # any explicit AUTH command required. Note that the "resetpass"
732 732 # directive will clear this condition.
733 733 # resetpass Flush the list of allowed passwords. Moreover removes the
734 734 # "nopass" status. After "resetpass" the user has no associated
735 735 # passwords and there is no way to authenticate without adding
736 736 # some password (or setting it as "nopass" later).
737 737 # reset Performs the following actions: resetpass, resetkeys, off,
738 738 # -@all. The user returns to the same state it has immediately
739 739 # after its creation.
740 740 #
741 741 # ACL rules can be specified in any order: for instance you can start with
742 742 # passwords, then flags, or key patterns. However note that the additive
743 743 # and subtractive rules will CHANGE MEANING depending on the ordering.
744 744 # For instance see the following example:
745 745 #
746 746 # user alice on +@all -DEBUG ~* >somepassword
747 747 #
748 748 # This will allow "alice" to use all the commands with the exception of the
749 749 # DEBUG command, since +@all added all the commands to the set of the commands
750 750 # alice can use, and later DEBUG was removed. However if we invert the order
751 751 # of two ACL rules the result will be different:
752 752 #
753 753 # user alice on -DEBUG +@all ~* >somepassword
754 754 #
755 755 # Now DEBUG was removed when alice had yet no commands in the set of allowed
756 756 # commands, later all the commands are added, so the user will be able to
757 757 # execute everything.
758 758 #
759 759 # Basically ACL rules are processed left-to-right.
760 760 #
761 761 # For more information about ACL configuration please refer to
762 762 # the Redis web site at https://redis.io/topics/acl
763 763
764 764 # ACL LOG
765 765 #
766 766 # The ACL Log tracks failed commands and authentication events associated
767 767 # with ACLs. The ACL Log is useful to troubleshoot failed commands blocked
768 768 # by ACLs. The ACL Log is stored in memory. You can reclaim memory with
769 769 # ACL LOG RESET. Define the maximum entry length of the ACL Log below.
770 770 acllog-max-len 128
771 771
772 772 # Using an external ACL file
773 773 #
774 774 # Instead of configuring users here in this file, it is possible to use
775 775 # a stand-alone file just listing users. The two methods cannot be mixed:
776 776 # if you configure users here and at the same time you activate the external
777 777 # ACL file, the server will refuse to start.
778 778 #
779 779 # The format of the external ACL user file is exactly the same as the
780 780 # format that is used inside redis.conf to describe users.
781 781 #
782 782 # aclfile /etc/redis/users.acl
783 783
784 784 # IMPORTANT NOTE: starting with Redis 6 "requirepass" is just a compatibility
785 785 # layer on top of the new ACL system. The option effect will be just setting
786 786 # the password for the default user. Clients will still authenticate using
787 787 # AUTH <password> as usually, or more explicitly with AUTH default <password>
788 788 # if they follow the new protocol: both will work.
789 789 #
790 790 # requirepass foobared
791 791
792 792 # Command renaming (DEPRECATED).
793 793 #
794 794 # ------------------------------------------------------------------------
795 795 # WARNING: avoid using this option if possible. Instead use ACLs to remove
796 796 # commands from the default user, and put them only in some admin user you
797 797 # create for administrative purposes.
798 798 # ------------------------------------------------------------------------
799 799 #
800 800 # It is possible to change the name of dangerous commands in a shared
801 801 # environment. For instance the CONFIG command may be renamed into something
802 802 # hard to guess so that it will still be available for internal-use tools
803 803 # but not available for general clients.
804 804 #
805 805 # Example:
806 806 #
807 807 # rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
808 808 #
809 809 # It is also possible to completely kill a command by renaming it into
810 810 # an empty string:
811 811 #
812 812 # rename-command CONFIG ""
813 813 #
814 814 # Please note that changing the name of commands that are logged into the
815 815 # AOF file or transmitted to replicas may cause problems.
816 816
817 817 ################################### CLIENTS ####################################
818 818
819 819 # Set the max number of connected clients at the same time. By default
820 820 # this limit is set to 10000 clients, however if the Redis server is not
821 821 # able to configure the process file limit to allow for the specified limit
822 822 # the max number of allowed clients is set to the current file limit
823 823 # minus 32 (as Redis reserves a few file descriptors for internal uses).
824 824 #
825 825 # Once the limit is reached Redis will close all the new connections sending
826 826 # an error 'max number of clients reached'.
827 827 #
828 828 # IMPORTANT: When Redis Cluster is used, the max number of connections is also
829 829 # shared with the cluster bus: every node in the cluster will use two
830 830 # connections, one incoming and another outgoing. It is important to size the
831 831 # limit accordingly in case of very large clusters.
832 832 #
833 833 # maxclients 10000
834 834
835 835 ############################## MEMORY MANAGEMENT ################################
836 836
837 837 # Set a memory usage limit to the specified amount of bytes.
838 838 # When the memory limit is reached Redis will try to remove keys
839 839 # according to the eviction policy selected (see maxmemory-policy).
840 840 #
841 841 # If Redis can't remove keys according to the policy, or if the policy is
842 842 # set to 'noeviction', Redis will start to reply with errors to commands
843 843 # that would use more memory, like SET, LPUSH, and so on, and will continue
844 844 # to reply to read-only commands like GET.
845 845 #
846 846 # This option is usually useful when using Redis as an LRU or LFU cache, or to
847 847 # set a hard memory limit for an instance (using the 'noeviction' policy).
848 848 #
849 849 # WARNING: If you have replicas attached to an instance with maxmemory on,
850 850 # the size of the output buffers needed to feed the replicas are subtracted
851 851 # from the used memory count, so that network problems / resyncs will
852 852 # not trigger a loop where keys are evicted, and in turn the output
853 853 # buffer of replicas is full with DELs of keys evicted triggering the deletion
854 854 # of more keys, and so forth until the database is completely emptied.
855 855 #
856 856 # In short... if you have replicas attached it is suggested that you set a lower
857 857 # limit for maxmemory so that there is some free RAM on the system for replica
858 858 # output buffers (but this is not needed if the policy is 'noeviction').
859 859 #
860 maxmemory 8192mb
860 #maxmemory 8192mb
861 861
862 862 # MAXMEMORY POLICY: how Redis will select what to remove when maxmemory
863 863 # is reached. You can select one from the following behaviors:
864 864 #
865 865 # volatile-lru -> Evict using approximated LRU, only keys with an expire set.
866 866 # allkeys-lru -> Evict any key using approximated LRU.
867 867 # volatile-lfu -> Evict using approximated LFU, only keys with an expire set.
868 868 # allkeys-lfu -> Evict any key using approximated LFU.
869 869 # volatile-random -> Remove a random key having an expire set.
870 870 # allkeys-random -> Remove a random key, any key.
871 871 # volatile-ttl -> Remove the key with the nearest expire time (minor TTL)
872 872 # noeviction -> Don't evict anything, just return an error on write operations.
873 873 #
874 874 # LRU means Least Recently Used
875 875 # LFU means Least Frequently Used
876 876 #
877 877 # Both LRU, LFU and volatile-ttl are implemented using approximated
878 878 # randomized algorithms.
879 879 #
880 880 # Note: with any of the above policies, Redis will return an error on write
881 881 # operations, when there are no suitable keys for eviction.
882 882 #
883 883 # At the date of writing these commands are: set setnx setex append
884 884 # incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
885 885 # sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
886 886 # zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
887 887 # getset mset msetnx exec sort
888 888 #
889 889 # The default is:
890 890 #
891 maxmemory-policy volatile-lru
891 #maxmemory-policy volatile-lru
892 892
893 893 # LRU, LFU and minimal TTL algorithms are not precise algorithms but approximated
894 894 # algorithms (in order to save memory), so you can tune it for speed or
895 895 # accuracy. By default Redis will check five keys and pick the one that was
896 896 # used least recently, you can change the sample size using the following
897 897 # configuration directive.
898 898 #
899 899 # The default of 5 produces good enough results. 10 Approximates very closely
900 900 # true LRU but costs more CPU. 3 is faster but not very accurate.
901 901 #
902 maxmemory-samples 5
902 maxmemory-samples 10
903 903
904 904 # Starting from Redis 5, by default a replica will ignore its maxmemory setting
905 905 # (unless it is promoted to master after a failover or manually). It means
906 906 # that the eviction of keys will be just handled by the master, sending the
907 907 # DEL commands to the replica as keys evict in the master side.
908 908 #
909 909 # This behavior ensures that masters and replicas stay consistent, and is usually
910 910 # what you want, however if your replica is writable, or you want the replica
911 911 # to have a different memory setting, and you are sure all the writes performed
912 912 # to the replica are idempotent, then you may change this default (but be sure
913 913 # to understand what you are doing).
914 914 #
915 915 # Note that since the replica by default does not evict, it may end using more
916 916 # memory than the one set via maxmemory (there are certain buffers that may
917 917 # be larger on the replica, or data structures may sometimes take more memory
918 918 # and so forth). So make sure you monitor your replicas and make sure they
919 919 # have enough memory to never hit a real out-of-memory condition before the
920 920 # master hits the configured maxmemory setting.
921 921 #
922 922 # replica-ignore-maxmemory yes
923 923
924 924 # Redis reclaims expired keys in two ways: upon access when those keys are
925 925 # found to be expired, and also in background, in what is called the
926 926 # "active expire key". The key space is slowly and interactively scanned
927 927 # looking for expired keys to reclaim, so that it is possible to free memory
928 928 # of keys that are expired and will never be accessed again in a short time.
929 929 #
930 930 # The default effort of the expire cycle will try to avoid having more than
931 931 # ten percent of expired keys still in memory, and will try to avoid consuming
932 932 # more than 25% of total memory and to add latency to the system. However
933 933 # it is possible to increase the expire "effort" that is normally set to
934 934 # "1", to a greater value, up to the value "10". At its maximum value the
935 935 # system will use more CPU, longer cycles (and technically may introduce
936 936 # more latency), and will tolerate less already expired keys still present
937 937 # in the system. It's a tradeoff between memory, CPU and latency.
938 938 #
939 939 # active-expire-effort 1
940 940
941 941 ############################# LAZY FREEING ####################################
942 942
943 943 # Redis has two primitives to delete keys. One is called DEL and is a blocking
944 944 # deletion of the object. It means that the server stops processing new commands
945 945 # in order to reclaim all the memory associated with an object in a synchronous
946 946 # way. If the key deleted is associated with a small object, the time needed
947 947 # in order to execute the DEL command is very small and comparable to most other
948 948 # O(1) or O(log_N) commands in Redis. However if the key is associated with an
949 949 # aggregated value containing millions of elements, the server can block for
950 950 # a long time (even seconds) in order to complete the operation.
951 951 #
952 952 # For the above reasons Redis also offers non blocking deletion primitives
953 953 # such as UNLINK (non blocking DEL) and the ASYNC option of FLUSHALL and
954 954 # FLUSHDB commands, in order to reclaim memory in background. Those commands
955 955 # are executed in constant time. Another thread will incrementally free the
956 956 # object in the background as fast as possible.
957 957 #
958 958 # DEL, UNLINK and ASYNC option of FLUSHALL and FLUSHDB are user-controlled.
959 959 # It's up to the design of the application to understand when it is a good
960 960 # idea to use one or the other. However the Redis server sometimes has to
961 961 # delete keys or flush the whole database as a side effect of other operations.
962 962 # Specifically Redis deletes objects independently of a user call in the
963 963 # following scenarios:
964 964 #
965 965 # 1) On eviction, because of the maxmemory and maxmemory policy configurations,
966 966 # in order to make room for new data, without going over the specified
967 967 # memory limit.
968 968 # 2) Because of expire: when a key with an associated time to live (see the
969 969 # EXPIRE command) must be deleted from memory.
970 970 # 3) Because of a side effect of a command that stores data on a key that may
971 971 # already exist. For example the RENAME command may delete the old key
972 972 # content when it is replaced with another one. Similarly SUNIONSTORE
973 973 # or SORT with STORE option may delete existing keys. The SET command
974 974 # itself removes any old content of the specified key in order to replace
975 975 # it with the specified string.
976 976 # 4) During replication, when a replica performs a full resynchronization with
977 977 # its master, the content of the whole database is removed in order to
978 978 # load the RDB file just transferred.
979 979 #
980 980 # In all the above cases the default is to delete objects in a blocking way,
981 981 # like if DEL was called. However you can configure each case specifically
982 982 # in order to instead release memory in a non-blocking way like if UNLINK
983 983 # was called, using the following configuration directives.
984 984
985 985 lazyfree-lazy-eviction no
986 986 lazyfree-lazy-expire no
987 987 lazyfree-lazy-server-del no
988 988 replica-lazy-flush no
989 989
990 990 # It is also possible, for the case when to replace the user code DEL calls
991 991 # with UNLINK calls is not easy, to modify the default behavior of the DEL
992 992 # command to act exactly like UNLINK, using the following configuration
993 993 # directive:
994 994
995 995 lazyfree-lazy-user-del no
996 996
997 997 ################################ THREADED I/O #################################
998 998
999 999 # Redis is mostly single threaded, however there are certain threaded
1000 1000 # operations such as UNLINK, slow I/O accesses and other things that are
1001 1001 # performed on side threads.
1002 1002 #
1003 1003 # Now it is also possible to handle Redis clients socket reads and writes
1004 1004 # in different I/O threads. Since especially writing is so slow, normally
1005 1005 # Redis users use pipelining in order to speed up the Redis performances per
1006 1006 # core, and spawn multiple instances in order to scale more. Using I/O
1007 1007 # threads it is possible to easily speedup two times Redis without resorting
1008 1008 # to pipelining nor sharding of the instance.
1009 1009 #
1010 1010 # By default threading is disabled, we suggest enabling it only in machines
1011 1011 # that have at least 4 or more cores, leaving at least one spare core.
1012 1012 # Using more than 8 threads is unlikely to help much. We also recommend using
1013 1013 # threaded I/O only if you actually have performance problems, with Redis
1014 1014 # instances being able to use a quite big percentage of CPU time, otherwise
1015 1015 # there is no point in using this feature.
1016 1016 #
1017 1017 # So for instance if you have a four cores boxes, try to use 2 or 3 I/O
1018 1018 # threads, if you have a 8 cores, try to use 6 threads. In order to
1019 1019 # enable I/O threads use the following configuration directive:
1020 1020 #
1021 1021 # io-threads 4
1022 1022 #
1023 1023 # Setting io-threads to 1 will just use the main thread as usual.
1024 1024 # When I/O threads are enabled, we only use threads for writes, that is
1025 1025 # to thread the write(2) syscall and transfer the client buffers to the
1026 1026 # socket. However it is also possible to enable threading of reads and
1027 1027 # protocol parsing using the following configuration directive, by setting
1028 1028 # it to yes:
1029 1029 #
1030 1030 # io-threads-do-reads no
1031 1031 #
1032 1032 # Usually threading reads doesn't help much.
1033 1033 #
1034 1034 # NOTE 1: This configuration directive cannot be changed at runtime via
1035 1035 # CONFIG SET. Aso this feature currently does not work when SSL is
1036 1036 # enabled.
1037 1037 #
1038 1038 # NOTE 2: If you want to test the Redis speedup using redis-benchmark, make
1039 1039 # sure you also run the benchmark itself in threaded mode, using the
1040 1040 # --threads option to match the number of Redis threads, otherwise you'll not
1041 1041 # be able to notice the improvements.
1042 1042
1043 1043 ############################ KERNEL OOM CONTROL ##############################
1044 1044
1045 1045 # On Linux, it is possible to hint the kernel OOM killer on what processes
1046 1046 # should be killed first when out of memory.
1047 1047 #
1048 1048 # Enabling this feature makes Redis actively control the oom_score_adj value
1049 1049 # for all its processes, depending on their role. The default scores will
1050 1050 # attempt to have background child processes killed before all others, and
1051 1051 # replicas killed before masters.
1052 1052
1053 1053 oom-score-adj no
1054 1054
1055 1055 # When oom-score-adj is used, this directive controls the specific values used
1056 1056 # for master, replica and background child processes. Values range -1000 to
1057 1057 # 1000 (higher means more likely to be killed).
1058 1058 #
1059 1059 # Unprivileged processes (not root, and without CAP_SYS_RESOURCE capabilities)
1060 1060 # can freely increase their value, but not decrease it below its initial
1061 1061 # settings.
1062 1062 #
1063 1063 # Values are used relative to the initial value of oom_score_adj when the server
1064 1064 # starts. Because typically the initial value is 0, they will often match the
1065 1065 # absolute values.
1066 1066
1067 1067 oom-score-adj-values 0 200 800
1068 1068
1069 1069 ############################## APPEND ONLY MODE ###############################
1070 1070
1071 1071 # By default Redis asynchronously dumps the dataset on disk. This mode is
1072 1072 # good enough in many applications, but an issue with the Redis process or
1073 1073 # a power outage may result into a few minutes of writes lost (depending on
1074 1074 # the configured save points).
1075 1075 #
1076 1076 # The Append Only File is an alternative persistence mode that provides
1077 1077 # much better durability. For instance using the default data fsync policy
1078 1078 # (see later in the config file) Redis can lose just one second of writes in a
1079 1079 # dramatic event like a server power outage, or a single write if something
1080 1080 # wrong with the Redis process itself happens, but the operating system is
1081 1081 # still running correctly.
1082 1082 #
1083 1083 # AOF and RDB persistence can be enabled at the same time without problems.
1084 1084 # If the AOF is enabled on startup Redis will load the AOF, that is the file
1085 1085 # with the better durability guarantees.
1086 1086 #
1087 1087 # Please check http://redis.io/topics/persistence for more information.
1088 1088
1089 1089 appendonly no
1090 1090
1091 1091 # The name of the append only file (default: "appendonly.aof")
1092 1092
1093 1093 appendfilename "appendonly.aof"
1094 1094
1095 1095 # The fsync() call tells the Operating System to actually write data on disk
1096 1096 # instead of waiting for more data in the output buffer. Some OS will really flush
1097 1097 # data on disk, some other OS will just try to do it ASAP.
1098 1098 #
1099 1099 # Redis supports three different modes:
1100 1100 #
1101 1101 # no: don't fsync, just let the OS flush the data when it wants. Faster.
1102 1102 # always: fsync after every write to the append only log. Slow, Safest.
1103 1103 # everysec: fsync only one time every second. Compromise.
1104 1104 #
1105 1105 # The default is "everysec", as that's usually the right compromise between
1106 1106 # speed and data safety. It's up to you to understand if you can relax this to
1107 1107 # "no" that will let the operating system flush the output buffer when
1108 1108 # it wants, for better performances (but if you can live with the idea of
1109 1109 # some data loss consider the default persistence mode that's snapshotting),
1110 1110 # or on the contrary, use "always" that's very slow but a bit safer than
1111 1111 # everysec.
1112 1112 #
1113 1113 # More details please check the following article:
1114 1114 # http://antirez.com/post/redis-persistence-demystified.html
1115 1115 #
1116 1116 # If unsure, use "everysec".
1117 1117
1118 1118 # appendfsync always
1119 1119 appendfsync everysec
1120 1120 # appendfsync no
1121 1121
1122 1122 # When the AOF fsync policy is set to always or everysec, and a background
1123 1123 # saving process (a background save or AOF log background rewriting) is
1124 1124 # performing a lot of I/O against the disk, in some Linux configurations
1125 1125 # Redis may block too long on the fsync() call. Note that there is no fix for
1126 1126 # this currently, as even performing fsync in a different thread will block
1127 1127 # our synchronous write(2) call.
1128 1128 #
1129 1129 # In order to mitigate this problem it's possible to use the following option
1130 1130 # that will prevent fsync() from being called in the main process while a
1131 1131 # BGSAVE or BGREWRITEAOF is in progress.
1132 1132 #
1133 1133 # This means that while another child is saving, the durability of Redis is
1134 1134 # the same as "appendfsync none". In practical terms, this means that it is
1135 1135 # possible to lose up to 30 seconds of log in the worst scenario (with the
1136 1136 # default Linux settings).
1137 1137 #
1138 1138 # If you have latency problems turn this to "yes". Otherwise leave it as
1139 1139 # "no" that is the safest pick from the point of view of durability.
1140 1140
1141 1141 no-appendfsync-on-rewrite no
1142 1142
1143 1143 # Automatic rewrite of the append only file.
1144 1144 # Redis is able to automatically rewrite the log file implicitly calling
1145 1145 # BGREWRITEAOF when the AOF log size grows by the specified percentage.
1146 1146 #
1147 1147 # This is how it works: Redis remembers the size of the AOF file after the
1148 1148 # latest rewrite (if no rewrite has happened since the restart, the size of
1149 1149 # the AOF at startup is used).
1150 1150 #
1151 1151 # This base size is compared to the current size. If the current size is
1152 1152 # bigger than the specified percentage, the rewrite is triggered. Also
1153 1153 # you need to specify a minimal size for the AOF file to be rewritten, this
1154 1154 # is useful to avoid rewriting the AOF file even if the percentage increase
1155 1155 # is reached but it is still pretty small.
1156 1156 #
1157 1157 # Specify a percentage of zero in order to disable the automatic AOF
1158 1158 # rewrite feature.
1159 1159
1160 1160 auto-aof-rewrite-percentage 100
1161 1161 auto-aof-rewrite-min-size 64mb
1162 1162
1163 1163 # An AOF file may be found to be truncated at the end during the Redis
1164 1164 # startup process, when the AOF data gets loaded back into memory.
1165 1165 # This may happen when the system where Redis is running
1166 1166 # crashes, especially when an ext4 filesystem is mounted without the
1167 1167 # data=ordered option (however this can't happen when Redis itself
1168 1168 # crashes or aborts but the operating system still works correctly).
1169 1169 #
1170 1170 # Redis can either exit with an error when this happens, or load as much
1171 1171 # data as possible (the default now) and start if the AOF file is found
1172 1172 # to be truncated at the end. The following option controls this behavior.
1173 1173 #
1174 1174 # If aof-load-truncated is set to yes, a truncated AOF file is loaded and
1175 1175 # the Redis server starts emitting a log to inform the user of the event.
1176 1176 # Otherwise if the option is set to no, the server aborts with an error
1177 1177 # and refuses to start. When the option is set to no, the user requires
1178 1178 # to fix the AOF file using the "redis-check-aof" utility before to restart
1179 1179 # the server.
1180 1180 #
1181 1181 # Note that if the AOF file will be found to be corrupted in the middle
1182 1182 # the server will still exit with an error. This option only applies when
1183 1183 # Redis will try to read more data from the AOF file but not enough bytes
1184 1184 # will be found.
1185 1185 aof-load-truncated yes
1186 1186
1187 1187 # When rewriting the AOF file, Redis is able to use an RDB preamble in the
1188 1188 # AOF file for faster rewrites and recoveries. When this option is turned
1189 1189 # on the rewritten AOF file is composed of two different stanzas:
1190 1190 #
1191 1191 # [RDB file][AOF tail]
1192 1192 #
1193 1193 # When loading, Redis recognizes that the AOF file starts with the "REDIS"
1194 1194 # string and loads the prefixed RDB file, then continues loading the AOF
1195 1195 # tail.
1196 1196 aof-use-rdb-preamble yes
1197 1197
1198 1198 ################################ LUA SCRIPTING ###############################
1199 1199
1200 1200 # Max execution time of a Lua script in milliseconds.
1201 1201 #
1202 1202 # If the maximum execution time is reached Redis will log that a script is
1203 1203 # still in execution after the maximum allowed time and will start to
1204 1204 # reply to queries with an error.
1205 1205 #
1206 1206 # When a long running script exceeds the maximum execution time only the
1207 1207 # SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be
1208 1208 # used to stop a script that did not yet call any write commands. The second
1209 1209 # is the only way to shut down the server in the case a write command was
1210 1210 # already issued by the script but the user doesn't want to wait for the natural
1211 1211 # termination of the script.
1212 1212 #
1213 1213 # Set it to 0 or a negative value for unlimited execution without warnings.
1214 1214 lua-time-limit 5000
1215 1215
1216 1216 ################################ REDIS CLUSTER ###############################
1217 1217
1218 1218 # Normal Redis instances can't be part of a Redis Cluster; only nodes that are
1219 1219 # started as cluster nodes can. In order to start a Redis instance as a
1220 1220 # cluster node enable the cluster support uncommenting the following:
1221 1221 #
1222 1222 # cluster-enabled yes
1223 1223
1224 1224 # Every cluster node has a cluster configuration file. This file is not
1225 1225 # intended to be edited by hand. It is created and updated by Redis nodes.
1226 1226 # Every Redis Cluster node requires a different cluster configuration file.
1227 1227 # Make sure that instances running in the same system do not have
1228 1228 # overlapping cluster configuration file names.
1229 1229 #
1230 1230 # cluster-config-file nodes-6379.conf
1231 1231
1232 1232 # Cluster node timeout is the amount of milliseconds a node must be unreachable
1233 1233 # for it to be considered in failure state.
1234 1234 # Most other internal time limits are a multiple of the node timeout.
1235 1235 #
1236 1236 # cluster-node-timeout 15000
1237 1237
1238 1238 # A replica of a failing master will avoid to start a failover if its data
1239 1239 # looks too old.
1240 1240 #
1241 1241 # There is no simple way for a replica to actually have an exact measure of
1242 1242 # its "data age", so the following two checks are performed:
1243 1243 #
1244 1244 # 1) If there are multiple replicas able to failover, they exchange messages
1245 1245 # in order to try to give an advantage to the replica with the best
1246 1246 # replication offset (more data from the master processed).
1247 1247 # Replicas will try to get their rank by offset, and apply to the start
1248 1248 # of the failover a delay proportional to their rank.
1249 1249 #
1250 1250 # 2) Every single replica computes the time of the last interaction with
1251 1251 # its master. This can be the last ping or command received (if the master
1252 1252 # is still in the "connected" state), or the time that elapsed since the
1253 1253 # disconnection with the master (if the replication link is currently down).
1254 1254 # If the last interaction is too old, the replica will not try to failover
1255 1255 # at all.
1256 1256 #
1257 1257 # The point "2" can be tuned by user. Specifically a replica will not perform
1258 1258 # the failover if, since the last interaction with the master, the time
1259 1259 # elapsed is greater than:
1260 1260 #
1261 1261 # (node-timeout * cluster-replica-validity-factor) + repl-ping-replica-period
1262 1262 #
1263 1263 # So for example if node-timeout is 30 seconds, and the cluster-replica-validity-factor
1264 1264 # is 10, and assuming a default repl-ping-replica-period of 10 seconds, the
1265 1265 # replica will not try to failover if it was not able to talk with the master
1266 1266 # for longer than 310 seconds.
1267 1267 #
1268 1268 # A large cluster-replica-validity-factor may allow replicas with too old data to failover
1269 1269 # a master, while a too small value may prevent the cluster from being able to
1270 1270 # elect a replica at all.
1271 1271 #
1272 1272 # For maximum availability, it is possible to set the cluster-replica-validity-factor
1273 1273 # to a value of 0, which means, that replicas will always try to failover the
1274 1274 # master regardless of the last time they interacted with the master.
1275 1275 # (However they'll always try to apply a delay proportional to their
1276 1276 # offset rank).
1277 1277 #
1278 1278 # Zero is the only value able to guarantee that when all the partitions heal
1279 1279 # the cluster will always be able to continue.
1280 1280 #
1281 1281 # cluster-replica-validity-factor 10
1282 1282
1283 1283 # Cluster replicas are able to migrate to orphaned masters, that are masters
1284 1284 # that are left without working replicas. This improves the cluster ability
1285 1285 # to resist to failures as otherwise an orphaned master can't be failed over
1286 1286 # in case of failure if it has no working replicas.
1287 1287 #
1288 1288 # Replicas migrate to orphaned masters only if there are still at least a
1289 1289 # given number of other working replicas for their old master. This number
1290 1290 # is the "migration barrier". A migration barrier of 1 means that a replica
1291 1291 # will migrate only if there is at least 1 other working replica for its master
1292 1292 # and so forth. It usually reflects the number of replicas you want for every
1293 1293 # master in your cluster.
1294 1294 #
1295 1295 # Default is 1 (replicas migrate only if their masters remain with at least
1296 1296 # one replica). To disable migration just set it to a very large value.
1297 1297 # A value of 0 can be set but is useful only for debugging and dangerous
1298 1298 # in production.
1299 1299 #
1300 1300 # cluster-migration-barrier 1
1301 1301
1302 1302 # By default Redis Cluster nodes stop accepting queries if they detect there
1303 1303 # is at least a hash slot uncovered (no available node is serving it).
1304 1304 # This way if the cluster is partially down (for example a range of hash slots
1305 1305 # are no longer covered) all the cluster becomes, eventually, unavailable.
1306 1306 # It automatically returns available as soon as all the slots are covered again.
1307 1307 #
1308 1308 # However sometimes you want the subset of the cluster which is working,
1309 1309 # to continue to accept queries for the part of the key space that is still
1310 1310 # covered. In order to do so, just set the cluster-require-full-coverage
1311 1311 # option to no.
1312 1312 #
1313 1313 # cluster-require-full-coverage yes
1314 1314
1315 1315 # This option, when set to yes, prevents replicas from trying to failover its
1316 1316 # master during master failures. However the master can still perform a
1317 1317 # manual failover, if forced to do so.
1318 1318 #
1319 1319 # This is useful in different scenarios, especially in the case of multiple
1320 1320 # data center operations, where we want one side to never be promoted if not
1321 1321 # in the case of a total DC failure.
1322 1322 #
1323 1323 # cluster-replica-no-failover no
1324 1324
1325 1325 # This option, when set to yes, allows nodes to serve read traffic while the
1326 1326 # the cluster is in a down state, as long as it believes it owns the slots.
1327 1327 #
1328 1328 # This is useful for two cases. The first case is for when an application
1329 1329 # doesn't require consistency of data during node failures or network partitions.
1330 1330 # One example of this is a cache, where as long as the node has the data it
1331 1331 # should be able to serve it.
1332 1332 #
1333 1333 # The second use case is for configurations that don't meet the recommended
1334 1334 # three shards but want to enable cluster mode and scale later. A
1335 1335 # master outage in a 1 or 2 shard configuration causes a read/write outage to the
1336 1336 # entire cluster without this option set, with it set there is only a write outage.
1337 1337 # Without a quorum of masters, slot ownership will not change automatically.
1338 1338 #
1339 1339 # cluster-allow-reads-when-down no
1340 1340
1341 1341 # In order to setup your cluster make sure to read the documentation
1342 1342 # available at http://redis.io web site.
1343 1343
1344 1344 ########################## CLUSTER DOCKER/NAT support ########################
1345 1345
1346 1346 # In certain deployments, Redis Cluster nodes address discovery fails, because
1347 1347 # addresses are NAT-ted or because ports are forwarded (the typical case is
1348 1348 # Docker and other containers).
1349 1349 #
1350 1350 # In order to make Redis Cluster working in such environments, a static
1351 1351 # configuration where each node knows its public address is needed. The
1352 1352 # following two options are used for this scope, and are:
1353 1353 #
1354 1354 # * cluster-announce-ip
1355 1355 # * cluster-announce-port
1356 1356 # * cluster-announce-bus-port
1357 1357 #
1358 1358 # Each instructs the node about its address, client port, and cluster message
1359 1359 # bus port. The information is then published in the header of the bus packets
1360 1360 # so that other nodes will be able to correctly map the address of the node
1361 1361 # publishing the information.
1362 1362 #
1363 1363 # If the above options are not used, the normal Redis Cluster auto-detection
1364 1364 # will be used instead.
1365 1365 #
1366 1366 # Note that when remapped, the bus port may not be at the fixed offset of
1367 1367 # clients port + 10000, so you can specify any port and bus-port depending
1368 1368 # on how they get remapped. If the bus-port is not set, a fixed offset of
1369 1369 # 10000 will be used as usual.
1370 1370 #
1371 1371 # Example:
1372 1372 #
1373 1373 # cluster-announce-ip 10.1.1.5
1374 1374 # cluster-announce-port 6379
1375 1375 # cluster-announce-bus-port 6380
1376 1376
1377 1377 ################################## SLOW LOG ###################################
1378 1378
1379 1379 # The Redis Slow Log is a system to log queries that exceeded a specified
1380 1380 # execution time. The execution time does not include the I/O operations
1381 1381 # like talking with the client, sending the reply and so forth,
1382 1382 # but just the time needed to actually execute the command (this is the only
1383 1383 # stage of command execution where the thread is blocked and can not serve
1384 1384 # other requests in the meantime).
1385 1385 #
1386 1386 # You can configure the slow log with two parameters: one tells Redis
1387 1387 # what is the execution time, in microseconds, to exceed in order for the
1388 1388 # command to get logged, and the other parameter is the length of the
1389 1389 # slow log. When a new command is logged the oldest one is removed from the
1390 1390 # queue of logged commands.
1391 1391
1392 1392 # The following time is expressed in microseconds, so 1000000 is equivalent
1393 1393 # to one second. Note that a negative number disables the slow log, while
1394 1394 # a value of zero forces the logging of every command.
1395 1395 slowlog-log-slower-than 10000
1396 1396
1397 1397 # There is no limit to this length. Just be aware that it will consume memory.
1398 1398 # You can reclaim memory used by the slow log with SLOWLOG RESET.
1399 1399 slowlog-max-len 128
1400 1400
1401 1401 ################################ LATENCY MONITOR ##############################
1402 1402
1403 1403 # The Redis latency monitoring subsystem samples different operations
1404 1404 # at runtime in order to collect data related to possible sources of
1405 1405 # latency of a Redis instance.
1406 1406 #
1407 1407 # Via the LATENCY command this information is available to the user that can
1408 1408 # print graphs and obtain reports.
1409 1409 #
1410 1410 # The system only logs operations that were performed in a time equal or
1411 1411 # greater than the amount of milliseconds specified via the
1412 1412 # latency-monitor-threshold configuration directive. When its value is set
1413 1413 # to zero, the latency monitor is turned off.
1414 1414 #
1415 1415 # By default latency monitoring is disabled since it is mostly not needed
1416 1416 # if you don't have latency issues, and collecting data has a performance
1417 1417 # impact, that while very small, can be measured under big load. Latency
1418 1418 # monitoring can easily be enabled at runtime using the command
1419 1419 # "CONFIG SET latency-monitor-threshold <milliseconds>" if needed.
1420 1420 latency-monitor-threshold 0
1421 1421
1422 1422 ############################# EVENT NOTIFICATION ##############################
1423 1423
1424 1424 # Redis can notify Pub/Sub clients about events happening in the key space.
1425 1425 # This feature is documented at http://redis.io/topics/notifications
1426 1426 #
1427 1427 # For instance if keyspace events notification is enabled, and a client
1428 1428 # performs a DEL operation on key "foo" stored in the Database 0, two
1429 1429 # messages will be published via Pub/Sub:
1430 1430 #
1431 1431 # PUBLISH __keyspace@0__:foo del
1432 1432 # PUBLISH __keyevent@0__:del foo
1433 1433 #
1434 1434 # It is possible to select the events that Redis will notify among a set
1435 1435 # of classes. Every class is identified by a single character:
1436 1436 #
1437 1437 # K Keyspace events, published with __keyspace@<db>__ prefix.
1438 1438 # E Keyevent events, published with __keyevent@<db>__ prefix.
1439 1439 # g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ...
1440 1440 # $ String commands
1441 1441 # l List commands
1442 1442 # s Set commands
1443 1443 # h Hash commands
1444 1444 # z Sorted set commands
1445 1445 # x Expired events (events generated every time a key expires)
1446 1446 # e Evicted events (events generated when a key is evicted for maxmemory)
1447 1447 # t Stream commands
1448 1448 # m Key-miss events (Note: It is not included in the 'A' class)
1449 1449 # A Alias for g$lshzxet, so that the "AKE" string means all the events
1450 1450 # (Except key-miss events which are excluded from 'A' due to their
1451 1451 # unique nature).
1452 1452 #
1453 1453 # The "notify-keyspace-events" takes as argument a string that is composed
1454 1454 # of zero or multiple characters. The empty string means that notifications
1455 1455 # are disabled.
1456 1456 #
1457 1457 # Example: to enable list and generic events, from the point of view of the
1458 1458 # event name, use:
1459 1459 #
1460 1460 # notify-keyspace-events Elg
1461 1461 #
1462 1462 # Example 2: to get the stream of the expired keys subscribing to channel
1463 1463 # name __keyevent@0__:expired use:
1464 1464 #
1465 1465 # notify-keyspace-events Ex
1466 1466 #
1467 1467 # By default all notifications are disabled because most users don't need
1468 1468 # this feature and the feature has some overhead. Note that if you don't
1469 1469 # specify at least one of K or E, no events will be delivered.
1470 1470 notify-keyspace-events ""
1471 1471
1472 1472 ############################### GOPHER SERVER #################################
1473 1473
1474 1474 # Redis contains an implementation of the Gopher protocol, as specified in
1475 1475 # the RFC 1436 (https://www.ietf.org/rfc/rfc1436.txt).
1476 1476 #
1477 1477 # The Gopher protocol was very popular in the late '90s. It is an alternative
1478 1478 # to the web, and the implementation both server and client side is so simple
1479 1479 # that the Redis server has just 100 lines of code in order to implement this
1480 1480 # support.
1481 1481 #
1482 1482 # What do you do with Gopher nowadays? Well Gopher never *really* died, and
1483 1483 # lately there is a movement in order for the Gopher more hierarchical content
1484 1484 # composed of just plain text documents to be resurrected. Some want a simpler
1485 1485 # internet, others believe that the mainstream internet became too much
1486 1486 # controlled, and it's cool to create an alternative space for people that
1487 1487 # want a bit of fresh air.
1488 1488 #
1489 1489 # Anyway for the 10nth birthday of the Redis, we gave it the Gopher protocol
1490 1490 # as a gift.
1491 1491 #
1492 1492 # --- HOW IT WORKS? ---
1493 1493 #
1494 1494 # The Redis Gopher support uses the inline protocol of Redis, and specifically
1495 1495 # two kind of inline requests that were anyway illegal: an empty request
1496 1496 # or any request that starts with "/" (there are no Redis commands starting
1497 1497 # with such a slash). Normal RESP2/RESP3 requests are completely out of the
1498 1498 # path of the Gopher protocol implementation and are served as usual as well.
1499 1499 #
1500 1500 # If you open a connection to Redis when Gopher is enabled and send it
1501 1501 # a string like "/foo", if there is a key named "/foo" it is served via the
1502 1502 # Gopher protocol.
1503 1503 #
1504 1504 # In order to create a real Gopher "hole" (the name of a Gopher site in Gopher
1505 1505 # talking), you likely need a script like the following:
1506 1506 #
1507 1507 # https://github.com/antirez/gopher2redis
1508 1508 #
1509 1509 # --- SECURITY WARNING ---
1510 1510 #
1511 1511 # If you plan to put Redis on the internet in a publicly accessible address
1512 1512 # to server Gopher pages MAKE SURE TO SET A PASSWORD to the instance.
1513 1513 # Once a password is set:
1514 1514 #
1515 1515 # 1. The Gopher server (when enabled, not by default) will still serve
1516 1516 # content via Gopher.
1517 1517 # 2. However other commands cannot be called before the client will
1518 1518 # authenticate.
1519 1519 #
1520 1520 # So use the 'requirepass' option to protect your instance.
1521 1521 #
1522 1522 # Note that Gopher is not currently supported when 'io-threads-do-reads'
1523 1523 # is enabled.
1524 1524 #
1525 1525 # To enable Gopher support, uncomment the following line and set the option
1526 1526 # from no (the default) to yes.
1527 1527 #
1528 1528 # gopher-enabled no
1529 1529
1530 1530 ############################### ADVANCED CONFIG ###############################
1531 1531
1532 1532 # Hashes are encoded using a memory efficient data structure when they have a
1533 1533 # small number of entries, and the biggest entry does not exceed a given
1534 1534 # threshold. These thresholds can be configured using the following directives.
1535 1535 hash-max-ziplist-entries 512
1536 1536 hash-max-ziplist-value 64
1537 1537
1538 1538 # Lists are also encoded in a special way to save a lot of space.
1539 1539 # The number of entries allowed per internal list node can be specified
1540 1540 # as a fixed maximum size or a maximum number of elements.
1541 1541 # For a fixed maximum size, use -5 through -1, meaning:
1542 1542 # -5: max size: 64 Kb <-- not recommended for normal workloads
1543 1543 # -4: max size: 32 Kb <-- not recommended
1544 1544 # -3: max size: 16 Kb <-- probably not recommended
1545 1545 # -2: max size: 8 Kb <-- good
1546 1546 # -1: max size: 4 Kb <-- good
1547 1547 # Positive numbers mean store up to _exactly_ that number of elements
1548 1548 # per list node.
1549 1549 # The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size),
1550 1550 # but if your use case is unique, adjust the settings as necessary.
1551 1551 list-max-ziplist-size -2
1552 1552
1553 1553 # Lists may also be compressed.
1554 1554 # Compress depth is the number of quicklist ziplist nodes from *each* side of
1555 1555 # the list to *exclude* from compression. The head and tail of the list
1556 1556 # are always uncompressed for fast push/pop operations. Settings are:
1557 1557 # 0: disable all list compression
1558 1558 # 1: depth 1 means "don't start compressing until after 1 node into the list,
1559 1559 # going from either the head or tail"
1560 1560 # So: [head]->node->node->...->node->[tail]
1561 1561 # [head], [tail] will always be uncompressed; inner nodes will compress.
1562 1562 # 2: [head]->[next]->node->node->...->node->[prev]->[tail]
1563 1563 # 2 here means: don't compress head or head->next or tail->prev or tail,
1564 1564 # but compress all nodes between them.
1565 1565 # 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail]
1566 1566 # etc.
1567 1567 list-compress-depth 0
1568 1568
1569 1569 # Sets have a special encoding in just one case: when a set is composed
1570 1570 # of just strings that happen to be integers in radix 10 in the range
1571 1571 # of 64 bit signed integers.
1572 1572 # The following configuration setting sets the limit in the size of the
1573 1573 # set in order to use this special memory saving encoding.
1574 1574 set-max-intset-entries 512
1575 1575
1576 1576 # Similarly to hashes and lists, sorted sets are also specially encoded in
1577 1577 # order to save a lot of space. This encoding is only used when the length and
1578 1578 # elements of a sorted set are below the following limits:
1579 1579 zset-max-ziplist-entries 128
1580 1580 zset-max-ziplist-value 64
1581 1581
1582 1582 # HyperLogLog sparse representation bytes limit. The limit includes the
1583 1583 # 16 bytes header. When an HyperLogLog using the sparse representation crosses
1584 1584 # this limit, it is converted into the dense representation.
1585 1585 #
1586 1586 # A value greater than 16000 is totally useless, since at that point the
1587 1587 # dense representation is more memory efficient.
1588 1588 #
1589 1589 # The suggested value is ~ 3000 in order to have the benefits of
1590 1590 # the space efficient encoding without slowing down too much PFADD,
1591 1591 # which is O(N) with the sparse encoding. The value can be raised to
1592 1592 # ~ 10000 when CPU is not a concern, but space is, and the data set is
1593 1593 # composed of many HyperLogLogs with cardinality in the 0 - 15000 range.
1594 1594 hll-sparse-max-bytes 3000
1595 1595
1596 1596 # Streams macro node max size / items. The stream data structure is a radix
1597 1597 # tree of big nodes that encode multiple items inside. Using this configuration
1598 1598 # it is possible to configure how big a single node can be in bytes, and the
1599 1599 # maximum number of items it may contain before switching to a new node when
1600 1600 # appending new stream entries. If any of the following settings are set to
1601 1601 # zero, the limit is ignored, so for instance it is possible to set just a
1602 1602 # max entires limit by setting max-bytes to 0 and max-entries to the desired
1603 1603 # value.
1604 1604 stream-node-max-bytes 4096
1605 1605 stream-node-max-entries 100
1606 1606
1607 1607 # Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
1608 1608 # order to help rehashing the main Redis hash table (the one mapping top-level
1609 1609 # keys to values). The hash table implementation Redis uses (see dict.c)
1610 1610 # performs a lazy rehashing: the more operation you run into a hash table
1611 1611 # that is rehashing, the more rehashing "steps" are performed, so if the
1612 1612 # server is idle the rehashing is never complete and some more memory is used
1613 1613 # by the hash table.
1614 1614 #
1615 1615 # The default is to use this millisecond 10 times every second in order to
1616 1616 # actively rehash the main dictionaries, freeing memory when possible.
1617 1617 #
1618 1618 # If unsure:
1619 1619 # use "activerehashing no" if you have hard latency requirements and it is
1620 1620 # not a good thing in your environment that Redis can reply from time to time
1621 1621 # to queries with 2 milliseconds delay.
1622 1622 #
1623 1623 # use "activerehashing yes" if you don't have such hard requirements but
1624 1624 # want to free memory asap when possible.
1625 1625 activerehashing yes
1626 1626
1627 1627 # The client output buffer limits can be used to force disconnection of clients
1628 1628 # that are not reading data from the server fast enough for some reason (a
1629 1629 # common reason is that a Pub/Sub client can't consume messages as fast as the
1630 1630 # publisher can produce them).
1631 1631 #
1632 1632 # The limit can be set differently for the three different classes of clients:
1633 1633 #
1634 1634 # normal -> normal clients including MONITOR clients
1635 1635 # replica -> replica clients
1636 1636 # pubsub -> clients subscribed to at least one pubsub channel or pattern
1637 1637 #
1638 1638 # The syntax of every client-output-buffer-limit directive is the following:
1639 1639 #
1640 1640 # client-output-buffer-limit <class> <hard limit> <soft limit> <soft seconds>
1641 1641 #
1642 1642 # A client is immediately disconnected once the hard limit is reached, or if
1643 1643 # the soft limit is reached and remains reached for the specified number of
1644 1644 # seconds (continuously).
1645 1645 # So for instance if the hard limit is 32 megabytes and the soft limit is
1646 1646 # 16 megabytes / 10 seconds, the client will get disconnected immediately
1647 1647 # if the size of the output buffers reach 32 megabytes, but will also get
1648 1648 # disconnected if the client reaches 16 megabytes and continuously overcomes
1649 1649 # the limit for 10 seconds.
1650 1650 #
1651 1651 # By default normal clients are not limited because they don't receive data
1652 1652 # without asking (in a push way), but just after a request, so only
1653 1653 # asynchronous clients may create a scenario where data is requested faster
1654 1654 # than it can read.
1655 1655 #
1656 1656 # Instead there is a default limit for pubsub and replica clients, since
1657 1657 # subscribers and replicas receive data in a push fashion.
1658 1658 #
1659 1659 # Both the hard or the soft limit can be disabled by setting them to zero.
1660 1660 client-output-buffer-limit normal 0 0 0
1661 1661 client-output-buffer-limit replica 256mb 64mb 60
1662 1662 client-output-buffer-limit pubsub 32mb 8mb 60
1663 1663
1664 1664 # Client query buffers accumulate new commands. They are limited to a fixed
1665 1665 # amount by default in order to avoid that a protocol desynchronization (for
1666 1666 # instance due to a bug in the client) will lead to unbound memory usage in
1667 1667 # the query buffer. However you can configure it here if you have very special
1668 1668 # needs, such us huge multi/exec requests or alike.
1669 1669 #
1670 1670 # client-query-buffer-limit 1gb
1671 1671
1672 1672 # In the Redis protocol, bulk requests, that are, elements representing single
1673 1673 # strings, are normally limited to 512 mb. However you can change this limit
1674 1674 # here, but must be 1mb or greater
1675 1675 #
1676 1676 # proto-max-bulk-len 512mb
1677 1677
1678 1678 # Redis calls an internal function to perform many background tasks, like
1679 1679 # closing connections of clients in timeout, purging expired keys that are
1680 1680 # never requested, and so forth.
1681 1681 #
1682 1682 # Not all tasks are performed with the same frequency, but Redis checks for
1683 1683 # tasks to perform according to the specified "hz" value.
1684 1684 #
1685 1685 # By default "hz" is set to 10. Raising the value will use more CPU when
1686 1686 # Redis is idle, but at the same time will make Redis more responsive when
1687 1687 # there are many keys expiring at the same time, and timeouts may be
1688 1688 # handled with more precision.
1689 1689 #
1690 1690 # The range is between 1 and 500, however a value over 100 is usually not
1691 1691 # a good idea. Most users should use the default of 10 and raise this up to
1692 1692 # 100 only in environments where very low latency is required.
1693 1693 hz 10
1694 1694
1695 1695 # Normally it is useful to have an HZ value which is proportional to the
1696 1696 # number of clients connected. This is useful in order, for instance, to
1697 1697 # avoid too many clients are processed for each background task invocation
1698 1698 # in order to avoid latency spikes.
1699 1699 #
1700 1700 # Since the default HZ value by default is conservatively set to 10, Redis
1701 1701 # offers, and enables by default, the ability to use an adaptive HZ value
1702 1702 # which will temporarily raise when there are many connected clients.
1703 1703 #
1704 1704 # When dynamic HZ is enabled, the actual configured HZ will be used
1705 1705 # as a baseline, but multiples of the configured HZ value will be actually
1706 1706 # used as needed once more clients are connected. In this way an idle
1707 1707 # instance will use very little CPU time while a busy instance will be
1708 1708 # more responsive.
1709 1709 dynamic-hz yes
1710 1710
1711 1711 # When a child rewrites the AOF file, if the following option is enabled
1712 1712 # the file will be fsync-ed every 32 MB of data generated. This is useful
1713 1713 # in order to commit the file to the disk more incrementally and avoid
1714 1714 # big latency spikes.
1715 1715 aof-rewrite-incremental-fsync yes
1716 1716
1717 1717 # When redis saves RDB file, if the following option is enabled
1718 1718 # the file will be fsync-ed every 32 MB of data generated. This is useful
1719 1719 # in order to commit the file to the disk more incrementally and avoid
1720 1720 # big latency spikes.
1721 1721 rdb-save-incremental-fsync yes
1722 1722
1723 1723 # Redis LFU eviction (see maxmemory setting) can be tuned. However it is a good
1724 1724 # idea to start with the default settings and only change them after investigating
1725 1725 # how to improve the performances and how the keys LFU change over time, which
1726 1726 # is possible to inspect via the OBJECT FREQ command.
1727 1727 #
1728 1728 # There are two tunable parameters in the Redis LFU implementation: the
1729 1729 # counter logarithm factor and the counter decay time. It is important to
1730 1730 # understand what the two parameters mean before changing them.
1731 1731 #
1732 1732 # The LFU counter is just 8 bits per key, it's maximum value is 255, so Redis
1733 1733 # uses a probabilistic increment with logarithmic behavior. Given the value
1734 1734 # of the old counter, when a key is accessed, the counter is incremented in
1735 1735 # this way:
1736 1736 #
1737 1737 # 1. A random number R between 0 and 1 is extracted.
1738 1738 # 2. A probability P is calculated as 1/(old_value*lfu_log_factor+1).
1739 1739 # 3. The counter is incremented only if R < P.
1740 1740 #
1741 1741 # The default lfu-log-factor is 10. This is a table of how the frequency
1742 1742 # counter changes with a different number of accesses with different
1743 1743 # logarithmic factors:
1744 1744 #
1745 1745 # +--------+------------+------------+------------+------------+------------+
1746 1746 # | factor | 100 hits | 1000 hits | 100K hits | 1M hits | 10M hits |
1747 1747 # +--------+------------+------------+------------+------------+------------+
1748 1748 # | 0 | 104 | 255 | 255 | 255 | 255 |
1749 1749 # +--------+------------+------------+------------+------------+------------+
1750 1750 # | 1 | 18 | 49 | 255 | 255 | 255 |
1751 1751 # +--------+------------+------------+------------+------------+------------+
1752 1752 # | 10 | 10 | 18 | 142 | 255 | 255 |
1753 1753 # +--------+------------+------------+------------+------------+------------+
1754 1754 # | 100 | 8 | 11 | 49 | 143 | 255 |
1755 1755 # +--------+------------+------------+------------+------------+------------+
1756 1756 #
1757 1757 # NOTE: The above table was obtained by running the following commands:
1758 1758 #
1759 1759 # redis-benchmark -n 1000000 incr foo
1760 1760 # redis-cli object freq foo
1761 1761 #
1762 1762 # NOTE 2: The counter initial value is 5 in order to give new objects a chance
1763 1763 # to accumulate hits.
1764 1764 #
1765 1765 # The counter decay time is the time, in minutes, that must elapse in order
1766 1766 # for the key counter to be divided by two (or decremented if it has a value
1767 1767 # less <= 10).
1768 1768 #
1769 1769 # The default value for the lfu-decay-time is 1. A special value of 0 means to
1770 1770 # decay the counter every time it happens to be scanned.
1771 1771 #
1772 1772 # lfu-log-factor 10
1773 1773 # lfu-decay-time 1
1774 1774
1775 1775 ########################### ACTIVE DEFRAGMENTATION #######################
1776 1776 #
1777 1777 # What is active defragmentation?
1778 1778 # -------------------------------
1779 1779 #
1780 1780 # Active (online) defragmentation allows a Redis server to compact the
1781 1781 # spaces left between small allocations and deallocations of data in memory,
1782 1782 # thus allowing to reclaim back memory.
1783 1783 #
1784 1784 # Fragmentation is a natural process that happens with every allocator (but
1785 1785 # less so with Jemalloc, fortunately) and certain workloads. Normally a server
1786 1786 # restart is needed in order to lower the fragmentation, or at least to flush
1787 1787 # away all the data and create it again. However thanks to this feature
1788 1788 # implemented by Oran Agra for Redis 4.0 this process can happen at runtime
1789 1789 # in a "hot" way, while the server is running.
1790 1790 #
1791 1791 # Basically when the fragmentation is over a certain level (see the
1792 1792 # configuration options below) Redis will start to create new copies of the
1793 1793 # values in contiguous memory regions by exploiting certain specific Jemalloc
1794 1794 # features (in order to understand if an allocation is causing fragmentation
1795 1795 # and to allocate it in a better place), and at the same time, will release the
1796 1796 # old copies of the data. This process, repeated incrementally for all the keys
1797 1797 # will cause the fragmentation to drop back to normal values.
1798 1798 #
1799 1799 # Important things to understand:
1800 1800 #
1801 1801 # 1. This feature is disabled by default, and only works if you compiled Redis
1802 1802 # to use the copy of Jemalloc we ship with the source code of Redis.
1803 1803 # This is the default with Linux builds.
1804 1804 #
1805 1805 # 2. You never need to enable this feature if you don't have fragmentation
1806 1806 # issues.
1807 1807 #
1808 1808 # 3. Once you experience fragmentation, you can enable this feature when
1809 1809 # needed with the command "CONFIG SET activedefrag yes".
1810 1810 #
1811 1811 # The configuration parameters are able to fine tune the behavior of the
1812 1812 # defragmentation process. If you are not sure about what they mean it is
1813 1813 # a good idea to leave the defaults untouched.
1814 1814
1815 1815 # Enabled active defragmentation
1816 1816 # activedefrag no
1817 1817
1818 1818 # Minimum amount of fragmentation waste to start active defrag
1819 1819 # active-defrag-ignore-bytes 100mb
1820 1820
1821 1821 # Minimum percentage of fragmentation to start active defrag
1822 1822 # active-defrag-threshold-lower 10
1823 1823
1824 1824 # Maximum percentage of fragmentation at which we use maximum effort
1825 1825 # active-defrag-threshold-upper 100
1826 1826
1827 1827 # Minimal effort for defrag in CPU percentage, to be used when the lower
1828 1828 # threshold is reached
1829 1829 # active-defrag-cycle-min 1
1830 1830
1831 1831 # Maximal effort for defrag in CPU percentage, to be used when the upper
1832 1832 # threshold is reached
1833 1833 # active-defrag-cycle-max 25
1834 1834
1835 1835 # Maximum number of set/hash/zset/list fields that will be processed from
1836 1836 # the main dictionary scan
1837 1837 # active-defrag-max-scan-fields 1000
1838 1838
1839 1839 # Jemalloc background thread for purging will be enabled by default
1840 1840 jemalloc-bg-thread yes
1841 1841
1842 1842 # It is possible to pin different threads and processes of Redis to specific
1843 1843 # CPUs in your system, in order to maximize the performances of the server.
1844 1844 # This is useful both in order to pin different Redis threads in different
1845 1845 # CPUs, but also in order to make sure that multiple Redis instances running
1846 1846 # in the same host will be pinned to different CPUs.
1847 1847 #
1848 1848 # Normally you can do this using the "taskset" command, however it is also
1849 1849 # possible to this via Redis configuration directly, both in Linux and FreeBSD.
1850 1850 #
1851 1851 # You can pin the server/IO threads, bio threads, aof rewrite child process, and
1852 1852 # the bgsave child process. The syntax to specify the cpu list is the same as
1853 1853 # the taskset command:
1854 1854 #
1855 1855 # Set redis server/io threads to cpu affinity 0,2,4,6:
1856 1856 # server_cpulist 0-7:2
1857 1857 #
1858 1858 # Set bio threads to cpu affinity 1,3:
1859 1859 # bio_cpulist 1,3
1860 1860 #
1861 1861 # Set aof rewrite child process to cpu affinity 8,9,10,11:
1862 1862 # aof_rewrite_cpulist 8-11
1863 1863 #
1864 1864 # Set bgsave child process to cpu affinity 1,10,11
1865 1865 # bgsave_cpulist 1,10-11 No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,56 +1,52 b''
1 1 volumes:
2 2 nixstore:
3 3
4 4
5 5 services:
6 6
7 7 rhodecode:
8 8 volumes:
9 9 - /media/psf/Home/workspace/rhodecode-vcsserver:/home/rhodecode/rhodecode-vcsserver:delegated
10 10 - /media/psf/Home/workspace/rhodecode-enterprise-ce:/home/rhodecode/rhodecode-enterprise-ce:delegated
11 11 - /media/psf/Home/workspace/rhodecode-enterprise-ee:/home/rhodecode/rhodecode-enterprise-ee:delegated
12 12 - /media/psf/Home/workspace:/var/opt/rhodecode_repo_store:delegated
13 13 - nixstore:/opt/nix/store
14 14
15 15 ports:
16 - "8080:8080"
16 - "10020:10020"
17 17
18 18 vcsserver:
19 19 volumes:
20 20 - /media/psf/Home/workspace/rhodecode-vcsserver:/home/rhodecode/rhodecode-vcsserver:delegated
21 21 - /media/psf/Home/workspace/rhodecode-enterprise-ce:/home/rhodecode/rhodecode-enterprise-ce:delegated
22 22 - /media/psf/Home/workspace/rhodecode-enterprise-ee:/home/rhodecode/rhodecode-enterprise-ee:delegated
23 23 - /media/psf/Home/workspace:/var/opt/rhodecode_repo_store:delegated
24 24 - nixstore:/opt/nix/store
25 25
26 26 celery:
27 27 volumes:
28 28 - /media/psf/Home/workspace/rhodecode-vcsserver:/home/rhodecode/rhodecode-vcsserver:delegated
29 29 - /media/psf/Home/workspace/rhodecode-enterprise-ce:/home/rhodecode/rhodecode-enterprise-ce:delegated
30 30 - /media/psf/Home/workspace/rhodecode-enterprise-ee:/home/rhodecode/rhodecode-enterprise-ee:delegated
31 31 - nixstore:/opt/nix/store
32 32
33 beat:
33 celery-beat:
34 34 volumes:
35 35 - /media/psf/Home/workspace/rhodecode-vcsserver:/home/rhodecode/rhodecode-vcsserver:delegated
36 36 - /media/psf/Home/workspace/rhodecode-enterprise-ce:/home/rhodecode/rhodecode-enterprise-ce:delegated
37 37 - /media/psf/Home/workspace/rhodecode-enterprise-ee:/home/rhodecode/rhodecode-enterprise-ee:delegated
38 38 - nixstore:/opt/nix/store
39 39
40 40 svn:
41 41 volumes:
42 42 - /media/psf/Home/workspace/rhodecode-vcsserver:/home/rhodecode/rhodecode-vcsserver:delegated
43 43 - /media/psf/Home/workspace/rhodecode-enterprise-ce:/home/rhodecode/rhodecode-enterprise-ce:delegated
44 44 - /media/psf/Home/workspace/rhodecode-enterprise-ee:/home/rhodecode/rhodecode-enterprise-ee:delegated
45 45 - nixstore:/opt/nix/store
46 46
47 47 sshd:
48 48 volumes:
49 49 - /media/psf/Home/workspace/rhodecode-vcsserver:/home/rhodecode/rhodecode-vcsserver:delegated
50 50 - /media/psf/Home/workspace/rhodecode-enterprise-ce:/home/rhodecode/rhodecode-enterprise-ce:delegated
51 51 - /media/psf/Home/workspace/rhodecode-enterprise-ee:/home/rhodecode/rhodecode-enterprise-ee:delegated
52 52 - nixstore:/opt/nix/store
53
54 database:
55 volumes:
56 - /tmp:/usr-tmp
Show file before | Show file after | Hide comments
@@ -1,80 +1,64 b''
1 1 volumes:
2 2 bashhistory:
3 3
4 4
5 5 services:
6 6
7 7 rhodecode:
8 8 environment:
9 9 HISTFILE: /home/rhodecode/.bash_history_docker
10 10 DB_UPGRADE: 0 # run the DB upgrade
11 11
12 12 volumes:
13 - bashhistory:/home/rhodecode
13 - bashhistory:/home/rhodecode/.bash_history_docker
14 14
15 15 build:
16 16 context: .
17 17 dockerfile: service/rhodecode/rhodecode_source.dockerfile
18 18
19 image: rhodecode/app_source:${SOURCE_VER:?specify-SOURCE_VER-env-var}
20
21 command: [
22 "/home/rhodecode/rhodecode-enterprise-ee/result/bin/gunicorn",
23 "--name=gunicorn-rhodecode-1",
24 "--error-logfile=-",
25 "--paster=/etc/rhodecode/conf/compose/rhodecode.optimized.ini",
26 "--config=/etc/rhodecode/conf/gunicorn_conf.py"
27 ]
19 image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var}_SOURCE
28 20
29 21 vcsserver:
30 22 environment:
31 23 HISTFILE: /home/rhodecode/.bash_history_docker
32 24
33 25 volumes:
34 - bashhistory:/home/rhodecode
26 - bashhistory:/home/rhodecode/.bash_history_docker
35 27
36 28 build:
37 29 context: .
38 30 dockerfile: service/rhodecode/rhodecode_source.dockerfile
39 31
40 image: rhodecode/app_source:${SOURCE_VER:?specify-SOURCE_VER-env-var}
41
42 command: [
43 "/home/rhodecode/rhodecode-vcsserver/result/bin/gunicorn",
44 "--name=gunicorn-vcsserver-1",
45 "--error-logfile=-",
46 "--paster=/etc/rhodecode/conf/compose/vcsserver.optimized.ini",
47 "--config=/etc/rhodecode/conf/gunicorn_conf.py"
48 ]
32 image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var}_SOURCE
49 33
50 34 celery:
51 35
52 36 build:
53 37 context: .
54 38 dockerfile: service/rhodecode/rhodecode_source.dockerfile
55 39
56 image: rhodecode/app_source:${SOURCE_VER:?specify-SOURCE_VER-env-var}
40 image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var}_SOURCE
57 41
58 beat:
42 celery-beat:
59 43
60 44 build:
61 45 context: .
62 46 dockerfile: service/rhodecode/rhodecode_source.dockerfile
63 47
64 image: rhodecode/app_source:${SOURCE_VER:?specify-SOURCE_VER-env-var}
48 image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var}_SOURCE
65 49
66 50 svn:
67 51
68 52 build:
69 53 context: .
70 54 dockerfile: service/rhodecode/rhodecode_source.dockerfile
71 55
72 image: rhodecode/app_source:${SOURCE_VER:?specify-SOURCE_VER-env-var}
56 image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var}_SOURCE
73 57
74 58 sshd:
75 59
76 60 build:
77 61 context: .
78 62 dockerfile: service/rhodecode/rhodecode_source.dockerfile
79 63
80 image: rhodecode/app_source:${SOURCE_VER:?specify-SOURCE_VER-env-var} No newline at end of file
64 image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var}_SOURCE No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,110 +1,128 b''
1 1 version: '3.9'
2 2
3 3 volumes:
4 prometheus_data: {}
5 grafana_data: {}
6 logvolume:
7 driver: local
8 driver_opts:
9 type: none
10 o: bind
11 device: $PWD/logs
12 4
13 networks:
14 rhodecode_network:
15 name: rhodecode_network
5 prometheus_data:
6 labels:
7 "keep": 1
16 8
9 grafana_data:
10 labels:
11 "keep": 1
17 12
18 13 services:
19 14
20 15 statsd-exporter:
21 16 image: prom/statsd-exporter:v0.22.8
22 restart: unless-stopped
17 restart: always
23 18 command: [
24 19 '--statsd.mapping-config=/etc/statsd/statsd.yaml',
25 20 '--statsd.listen-udp=:9125',
26 21 '--web.listen-address=:9102'
27 22 ]
28 23 networks:
29 24 - rhodecode_network
30 ports:
31 - "127.0.0.1:9125:9125/udp"
32 - "127.0.0.1:9102:9102"
25 # ports:
26 # - "9125:9125/udp"
27 # - "9102:9102"
28
33 29 volumes:
34 30 - ./config/statsd-exporter:/etc/statsd
31 labels:
32 - "traefik.enable=false"
33 - "traefik.http.services.statsd-exporter.loadbalancer.server.port=9125"
34 - "traefik.http.services.statsd-exporter.loadbalancer.server.port=9102"
35 35
36 36 node-exporter:
37 37 image: prom/node-exporter:v1.4.0
38 38 command:
39 39 - "--path.procfs=/host/proc"
40 40 - "--path.rootfs=/rootfs"
41 41 - "--path.sysfs=/host/sys"
42 42 - "--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)"
43 43 - "--collector.systemd"
44 44 - "--collector.processes"
45 45 networks:
46 46 - rhodecode_network
47 47 pid: host
48 restart: unless-stopped
49 ports:
50 - "127.0.0.1:9100:9100"
48 restart: always
49 # ports:
50 # - "9100:9100"
51 51 volumes:
52 52 - "/proc:/host/proc:ro"
53 53 - "/sys:/host/sys:ro"
54 54 - "/:/rootfs:ro"
55 labels:
56 - "traefik.enable=false"
57 - "traefik.http.services.node-exporter.loadbalancer.server.port=9100"
55 58
56 59 prometheus:
57 image: prom/prometheus:v2.39.1
58 restart: unless-stopped
60 image: prom/prometheus:v2.40.2
61 restart: always
59 62 command:
60 63 - "--config.file=/etc/prometheus/prometheus.yml"
61 64 - "--storage.tsdb.path=/prometheus"
62 65 - "--web.console.libraries=/etc/prometheus/console_libraries"
63 66 - "--web.console.templates=/etc/prometheus/consoles"
64 67 - "--storage.tsdb.retention.time=24h"
65 68 - "--web.enable-lifecycle"
66 ports:
67 - "127.0.0.1:9090:9090"
69 # ports:
70 # - "9090:9090"
68 71 networks:
69 72 - rhodecode_network
70 73 volumes:
71 74 - ./config/prometheus:/etc/prometheus
72 75 - prometheus_data:/prometheus
76 labels:
77 - "traefik.enable=false"
78 - "traefik.http.services.prometheus.loadbalancer.server.port=9090"
73 79
74 80 grafana:
75 image: grafana/grafana:9.2.1-ubuntu
76 restart: unless-stopped
77 env_file:
78 - ./config/grafana/grafana.env
79 ports:
80 - "4000:3000"
81 image: grafana/grafana:9.2.5
82 restart: always
83 # ports:
84 # - "3000:3000"
81 85 volumes:
82 86 - grafana_data:/var/lib/grafana
87 - ./config/grafana:/etc/grafana
83 88 networks:
84 89 - rhodecode_network
90 labels:
91 - "traefik.enable=true"
92 - "traefik.http.routers.grafana.entrypoints=http"
93 - "traefik.http.routers.grafana.rule=PathPrefix(`/_grafana`)"
94 - "traefik.http.routers.grafana.service=grafana-http"
95 - "traefik.http.services.grafana-http.loadbalancer.server.port=3000"
85 96
86 97 loki:
87 image: grafana/loki:2.6.1
88 restart: unless-stopped
89 ports:
90 - "127.0.0.1:3100:3100"
91 - "127.0.0.1:9095:9095"
98 image: grafana/loki:2.7.0
99 restart: always
100 # ports:
101 # - "3100:3100"
102 # - "9095:9095"
92 103 command: [
93 104 "-config.file=/etc/loki/loki-config.yaml"
94 105 ]
95 106 networks:
96 107 - rhodecode_network
97 108 volumes:
98 109 - ./config/loki:/etc/loki
99 110
111 labels:
112 - "traefik.enable=false"
113 - "traefik.http.services.loki.loadbalancer.server.port=3100"
114 - "traefik.http.services.loki.loadbalancer.server.port=9095"
115
100 116 promtail:
101 117 image: grafana/promtail:latest
102 118 command: [
103 119 "-config.file=/etc/promtail/promtail-config.yaml"
104 120 ]
105 121 networks:
106 122 - rhodecode_network
107 123 volumes:
108 124 - /var/log:/var/log
109 125 - logvolume:/var/log_volume
110 126 - ./config/promtail:/etc/promtail
127 labels:
128 - "traefik.enable=false"
Show file before | Show file after | Hide comments
@@ -1,151 +1,152 b''
1 1 #!/usr/bin/env bash
2 2 set -Eeo pipefail
3 3
4 4 function config_copy() {
5 5 # copy over the configs if they don't exist
6 6 for f in /etc/rhodecode/conf_build/*; do
7 7 fname=${f##*/}
8 8 if [ ! -f "/etc/rhodecode/conf/$fname" ]; then
9 9 echo "$fname not exists copying over as default conf..."
10 10 cp -v $f /etc/rhodecode/conf/$fname
11 11 fi
12 12 done
13 13
14 14 }
15 15
16 16 function db_upgrade() {
17 17 echo 'ENTRYPOINT: Upgrading database.'
18 /var/opt/rhodecode_bin/bin/rc-upgrade-db $MAIN_INI_PATH --force-yes
18 /usr/local/bin/rhodecode_bin/bin/rc-upgrade-db $MAIN_INI_PATH --force-yes
19 19 }
20 20
21 21 function db_init() {
22 22
23 23 gosu $RC_USER \
24 /home/$RC_USER/.rccontrol/$RC_TYPE_ID/profile/bin/rc-setup-app \
24 /usr/local/bin/rhodecode_bin/bin/rc-setup-app \
25 25 $MAIN_INI_PATH \
26 26 --force-yes \
27 27 --skip-existing-db \
28 28 --user=$RHODECODE_USER_NAME \
29 29 --password=$RHODECODE_USER_PASS \
30 30 --email=$RHODECODE_USER_EMAIL \
31 31 --repos=$RHODECODE_REPO_DIR
32 32 }
33 33
34 34 function rhodecode_setup() {
35 35 for f in /home/$RC_USER/.rccontrol/bootstrap/*.py; do
36 36 fname=${f##*/}
37 37
38 38 echo "Running script $fname on $RC_TYPE_ID"
39 gosu $RC_USER /home/$RC_USER/.rccontrol/$RC_TYPE_ID/profile/bin/rc-ishell $MAIN_INI_PATH <<< "%run $f"
39 gosu $RC_USER /usr/local/bin/rhodecode_bin/bin/rc-ishell $MAIN_INI_PATH <<< "%run $f"
40 40
41 41 done
42 42 }
43 43
44 44 function generate_ssh_keys() {
45 45 keys_dir=/etc/rhodecode/conf/ssh
46 46
47 47 if [[ ! -d $keys_dir ]]; then
48 48 echo "Generating $keys_dir/ssh_host_rsa_key ..."
49 49 gosu "$RC_USER" mkdir -p $keys_dir
50 50 fi
51 51
52 52 # Generate ssh host key for the first time
53 53 if [[ ! -f $keys_dir/ssh_host_rsa_key ]]; then
54 54 echo "Generating $keys_dir/ssh_host_rsa_key ..."
55 55 gosu "$RC_USER" ssh-keygen -f $keys_dir/ssh_host_rsa_key -N '' -t rsa
56 56 gosu "$RC_USER" chmod 0600 $keys_dir/ssh_host_rsa_key
57 57 fi
58 58
59 59 if [[ ! -f $keys_dir/ssh_host_ecdsa_key ]]; then
60 60 echo "Generating $keys_dir/ssh_host_ecdsa_key ..."
61 61 gosu "$RC_USER" ssh-keygen -f $keys_dir/ssh_host_ecdsa_key -N '' -t ecdsa
62 62 gosu "$RC_USER" chmod 0600 $keys_dir/ssh_host_ecdsa_key
63 63 fi
64 64
65 65 if [[ ! -f $keys_dir/ssh_host_ed25519_key ]]; then
66 66 echo "Generating $keys_dir/ssh_host_ed25519_key ..."
67 67 gosu "$RC_USER" ssh-keygen -f $keys_dir/ssh_host_ed25519_key -N '' -t ed25519
68 68 gosu "$RC_USER" chmod 0600 $keys_dir/ssh_host_ed25519_key
69 69 fi
70 70
71 71 if [[ ! -f $keys_dir/authorized_keys ]]; then
72 72 echo "Generating $keys_dir/authorized_keys..."
73 73 gosu "$RC_USER" touch $keys_dir/authorized_keys
74 74 fi
75 75
76 76 sed -i "s/AllowUsers USER/AllowUsers $RC_USER/" $SSHD_CONF_FILE
77 77 }
78 78
79 79
80 80 echo "ENTRYPOINT: Running $RC_APP_TYPE with cmd '$1'"
81 81
82 82 if [ "$SSH_BOOTSTRAP" = 1 ]; then
83 83 # generate SSH keys
84 84 generate_ssh_keys
85 85 fi
86 86
87 87 isLikelyWeb=
88 88 case "$1" in
89 89 supervisord | pserve | gunicorn ) isLikelyWeb=1 ;;
90 90 esac
91 91
92 92 if [[ $RC_APP_TYPE = "rhodecode_http" ]]; then
93 93
94 94 DB_INIT_FILE=/var/opt/rhodecode_data/.dbinit_bootstrapped
95 95 if [ "$FORCE_DB_INIT_FILE" = 1 ]; then
96 96 rm $DB_INIT_FILE
97 97 fi
98 98
99 99 # Avoid DB_INIT to run multiple times
100 100 if [[ ! -e $DB_INIT_FILE ]]; then
101 101 echo "ENTRYPOINT: Starting $RC_APP_TYPE initial db bootstrap"
102 102
103 103 db_init
104 104
105 105 gosu $RC_USER touch "$DB_INIT_FILE"
106 106 echo "ENTRYPOINT: marked as db-bootstrapped at $DB_INIT_FILE"
107 107
108 108 fi
109 109
110 110 RC_SETUP_FILE=/var/opt/rhodecode_data/.setup_bootstrapped
111 111 if [ "$FORCE_RC_SETUP_APP" = 1 ]; then
112 112 rm $RC_SETUP_FILE
113 113 fi
114 114
115 115 # Avoid destroying bootstrapping by simple start/stop
116 116 if [[ ! -e $RC_SETUP_FILE ]]; then
117 117 echo "ENTRYPOINT: Starting $RC_APP_TYPE initial bootstrap"
118 118
119 119 # copy over default configuration files
120 120 config_copy
121 121
122 122 # setup application with specific options
123 123 if [ "$SETUP_APP" = 1 ]; then
124 124 rhodecode_setup
125 125 fi
126 126
127 127 gosu $RC_USER touch "$RC_SETUP_FILE"
128 128 echo "ENTRYPOINT: marked as setup-bootstrapped at $RC_SETUP_FILE"
129 129
130 130 fi
131 131
132 132 if [ "$DB_UPGRADE" = 1 ]; then
133 133 # run DB migrate
134 echo "Found DB_UPGRADE flag, running DB upgrade"
134 135 db_upgrade
135 136 fi
136 137
137 138 fi
138 139
139 140
140 141 if [ "$RC_APP_PROC" = 1 ]; then
141 142 # Fix problem with zombie processes when using executables like supervisord/gunicorn
142 143 set -- tini -- "$@"
143 144 set -- gosu $RC_USER "$@"
144 145 fi
145 146
146 147 if [ "$RC_APP_TYPE" = "rhodecode_sshd" ]; then
147 148 # Fix problem with Missing privilege separation directory error
148 149 mkdir -p /run/sshd
149 150 fi
150 151
151 152 exec "$@"
Show file before | Show file after | Hide comments
@@ -1,258 +1,283 b''
1 1 FROM ubuntu:22.04
2 2 # Using 22.04 LTS Release
3 3 MAINTAINER RhodeCode Inc. <support@rhodecode.com>
4 4
5 5 ARG TZ="UTC"
6 6 ARG LOCALE_TYPE=en_US.UTF-8
7 7 ARG RHODECODE_TYPE=Enterprise
8 8 # binary-install
9 ARG RHODECODE_VERSION=4.27.1
9 ARG RHODECODE_VERSION=4.28.0
10 10
11 11 ARG RHODECODE_DB=sqlite
12 12 ARG RHODECODE_USER_NAME=admin
13 13 ARG RHODECODE_USER_PASS=secret4
14 14 ARG RHODECODE_USER_EMAIL=support@rhodecode.com
15 15
16 # nix ver/channels
17 ARG DEV_NIX_VERSION=2.0.4
18 ARG DEV_NIX_CHANNEL=nixos-18.03
19
16 20 # env are runtime
17 21 ENV \
18 22 TZ=${TZ} \
19 23 LOCALE_TYPE=${LOCALE_TYPE} \
20 24 \
21 25 ## Define type we build, and the instance we'll create
22 26 RHODECODE_TYPE=${RHODECODE_TYPE} \
23 27 RC_TYPE_ID=enterprise-1 \
24 28 \
25 29 ## SETUP ARGS FOR INSTALLATION ##
26 30 ## set version we build on, get from .env or set default ver
27 31 RHODECODE_VERSION=${RHODECODE_VERSION} \
28 32 \
29 33 ## set DB, default sqlite
30 34 RHODECODE_DB=${RHODECODE_DB} \
31 35 \
32 36 ## set app bootstrap required data
33 37 RHODECODE_USER_NAME=${RHODECODE_USER_NAME} \
34 38 RHODECODE_USER_PASS=${RHODECODE_USER_PASS} \
35 39 RHODECODE_USER_EMAIL=${RHODECODE_USER_EMAIL} \
36 40 \
37 41 RC_USER=rhodecode \
38 42 \
39 43 # SVN CONFIG
40 44 MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf \
41 45 MOD_DAV_SVN_PORT=8090 \
42 46 \
43 47 # SSHD CONFIG
44 48 SSHD_CONF_FILE=/etc/rhodecode/sshd_config \
45 49 \
50 SHARED_CONF_DIR=/etc/rhodecode/conf \
46 51 BUILD_CONF=/etc/rhodecode/conf_build \
47 BUILD_BIN_DIR=/var/opt/rhodecode_bin \
52 BUILD_BIN_DIR=/usr/local/bin/rhodecode_bin \
48 53 RHODECODE_DATA_DIR=/var/opt/rhodecode_data \
49 54 RHODECODE_REPO_DIR=/var/opt/rhodecode_repo_store \
50 55 RHODECODE_HTTP_PORT=10020 \
51 56 RHODECODE_VCS_PORT=10010 \
52 57 RHODECODE_HOST=0.0.0.0 \
53 58 RHODECODE_VCS_HOST=127.0.0.1
54 59
55 60 ENV \
56 61 RCCONTROL=/home/$RC_USER/.rccontrol-profile/bin/rccontrol \
57 62 SUPERVISOR_CONF=/home/$RC_USER/.rccontrol/supervisor/supervisord.ini \
58 63 # make application scripts visible
59 64 PATH=$PATH:/home/$RC_USER/.rccontrol-profile/bin
60 65
61 66 ENV SVN_LOCALE_DEPS apache2 apache2-utils libapache2-mod-svn
62 67 ENV SSH_LOCALE_DEPS openssh-server
63 68 ENV PYTHON_DEPS python2
64 69 ENV EXTRA_DEPS ""
65 70
66 71 RUN \
67 72 echo "** install base packages **" && \
68 73 set -eux; \
69 74 \
70 75 savedAptMark="$(apt-mark showmanual)"; \
71 76 apt-get update; \
72 77 DEBIAN_FRONTEND="noninteractive" \
73 78 apt-get install -y --no-install-recommends \
74 79 tini \
75 80 bash \
76 81 binutils \
77 82 tzdata \
78 83 locales \
79 84 openssl \
80 85 curl \
81 86 sudo \
82 87 gosu \
83 88 bzip2 \
84 89 ca-certificates \
85 90 $PYTHON_DEPS \
86 91 $SSH_LOCALE_DEPS \
87 92 $SVN_LOCALE_DEPS \
88 93 $EXTRA_DEPS \
89 94 ; \
90 95 rm -rf /var/lib/apt/lists/*;
91 96
92 97 RUN \
93 98 echo "** Configure the python executable for py2/3 compat **" && \
94 ISPY=$(which python3 || which python2) && \
95 if [ -n $ISPY ] ; then ln -s $ISPY /usr/bin/python ; fi
99 IS_PY=$(which python3 || which python2) && \
100 if [ -n $IS_PY ] ; then ln -s $IS_PY /usr/bin/python ; fi
96 101
97 102 RUN \
98 103 echo "** Configure the locales **" && \
99 104 sed -i "s/^# ${LOCALE_TYPE}/${LOCALE_TYPE}/g" /etc/locale.gen && \
100 105 locale-gen
101 106
102 107 # locale-archive is a fix for old nix glibc2.26 locales available
103 108 ENV \
104 109 LOCALE_ARCHIVE=/var/opt/locale-archive \
105 110 LANG=${LOCALE_TYPE} \
106 111 LANGUAGE=${LOCALE_TYPE} \
107 112 LC_ALL=${LOCALE_TYPE}
108 113
109 114 # configure the system user
110 115 # explicitly set uid/gid to guarantee that it won't change in the future
111 116 # the values 999:999 are identical to the current user/group id assigned
112 117 RUN \
113 118 echo "** Create system user $RC_USER **" && \
114 119 groupadd --system --gid 999 $RC_USER && \
115 120 useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER && \
116 121 usermod -G $RC_USER $RC_USER
117 122
123 RUN \
124 echo "** Create nix-build user $NIX_BLD_USER **" && \
125 groupadd --system --gid 1099 $NIX_BLD_USER && \
126 useradd --system --gid $NIX_BLD_USER --uid 1099 --shell /bin/bash $NIX_BLD_USER && \
127 usermod -G $NIX_BLD_USER $NIX_BLD_USER
128
129 RUN \
130 echo "** disable nix sandboxing **" && \
131 mkdir /etc/nix && echo 'sandbox = false' > /etc/nix/nix.conf
132
133
118 134 # set the defult bash shell
119 135 SHELL ["/bin/bash", "-c"]
120 136
121 137 # Fix and set a timezone
122 138 RUN \
123 139 echo "** configure the timezone **" && \
124 140 rm /etc/localtime && cp /usr/share/zoneinfo/$TZ /etc/localtime && \
125 141 echo $TZ > /etc/timezone
126 142
127 143
128 144 RUN \
129 145 echo "** prepare rhodecode store and cache **" && \
130 146 install -d -m 0700 -o $RC_USER -g $RC_USER /nix && \
131 147 install -d -m 0755 -o $RC_USER -g $RC_USER /opt/rhodecode && \
132 install -d -m 0755 -o $RC_USER -g $RC_USER /var/opt/rhodecode_bin && \
148 install -d -m 0755 -o $RC_USER -g $RC_USER /usr/local/bin/rhodecode_bin && \
133 149 install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_REPO_DIR && \
134 150 install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_DATA_DIR && \
135 151 install -d -m 0755 -o $RC_USER -g $RC_USER $BUILD_CONF && \
152 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-vcsserver && \
153 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ce && \
154 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ee && \
136 155 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/ && \
137 156 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol && \
138 157 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/cache && \
139 158 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/bootstrap && \
140 159 install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.ssh && \
141 160 install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.rhoderc
142 161
143 162 # expose our custom sshd config
144 163 COPY service/sshd/sshd_config $SSHD_CONF_FILE
145 164
146 165 # Apache SVN setup
147 166 RUN \
148 167 echo "**** Apache config cleanup ****" && \
149 168 rm -f /etc/apache2/conf.d/info.conf \
150 169 /etc/apache2/conf.d/mpm.conf \
151 170 /etc/apache2/conf.d/userdir.conf && \
152 171 rm -f /etc/apache2/sites-enabled/* && \
153 172 rm -f /etc/apache2/sites-available/*
154 173
155 174 # custom SVN virtualhost
156 175 COPY service/svn/virtualhost.conf /etc/apache2/sites-enabled/
157 176
158 177 RUN \
159 178 echo "**** Apache config ****" && \
160 179 echo $(strings /usr/lib/apache2/modules/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \
161 180 mkdir -p /run/apache2 && \
162 181 mkdir -p /var/opt/www && \
163 182 echo "unset HOME" > /etc/apache2/envvars && \
164 183 echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \
165 184 echo "export APACHE_PID_FILE=/var/run/apache2/apache2.pid" >> /etc/apache2/envvars && \
166 185 echo "export APACHE_RUN_DIR=/var/run/apache2" >> /etc/apache2/envvars && \
167 186 echo "export APACHE_LOCK_DIR=/var/lock/apache2" >> /etc/apache2/envvars && \
168 187 echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \
169 188 echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \
170 189 sed -i "s/Listen 80/Listen ${MOD_DAV_SVN_PORT}/g" /etc/apache2/ports.conf
171 190
172 191
173 192 # Copy artifacts
174 193
175 194 COPY --chown=$RC_USER:$RC_USER .cache/* /home/$RC_USER/.rccontrol/cache/
176 COPY --chown=$RC_USER:$RC_USER config/compose/rhodecode_enterprise.license /home/$RC_USER/.rccontrol/bootstrap/
195 COPY --chown=$RC_USER:$RC_USER config/_shared/rhodecode_enterprise.license /home/$RC_USER/.rccontrol/bootstrap/
177 196 COPY --chown=$RC_USER:$RC_USER service/rhodecode/bootstrap/* /home/$RC_USER/.rccontrol/bootstrap/
178 197
179 198 RUN \
180 199 echo "**** locale-archive path ****" && \
181 200 mv -v /home/$RC_USER/.rccontrol/cache/locale-archive /var/opt/locale-archive
182 201
183 202 # change to non-root user for RUN commands
184 203 USER $RC_USER
185 204 WORKDIR /home/$RC_USER
186 205
187 206 RUN \
188 207 echo "** install rhodecode control **" && \
189 208 cd /home/$RC_USER/.rccontrol/cache && \
190 209 INSTALLER=$(ls -Art /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* | tail -n 1) && \
191 210 chmod +x ${INSTALLER} && \
192 211 ${INSTALLER} --accept-license && \
193 212 ${RCCONTROL} self-init && \
194 213 cp -v /home/$RC_USER/.rccontrol-profile/etc/ca-bundle.crt $BUILD_CONF/ && \
195 echo "Done"
214 echo "Done installing rhodecode control"
196 215
197 216 RUN \
198 217 echo "** install vcsserver ${RHODECODE_VERSION} **" && \
199 218 ${RCCONTROL} install VCSServer --version ${RHODECODE_VERSION} --start-at-boot=yes --accept-license --offline \
200 219 '{"host":"'"$RHODECODE_VCS_HOST"'", "port":"'"$RHODECODE_VCS_PORT"'"}' && \
201 220 VCSSERVER_PATH=/home/$RC_USER/.rccontrol/vcsserver-1 && \
202 rm -rf $BUILD_BIN_DIR/vcs_bin && ln -s ${VCSSERVER_PATH}/profile/bin $BUILD_BIN_DIR/vcs_bin && \
203 cp -v ${VCSSERVER_PATH}/vcsserver.ini $BUILD_CONF/vcsserver.ini
221 rm -rf $BUILD_BIN_DIR/vcs_bin && \
222 ln -s ${VCSSERVER_PATH}/profile/bin $BUILD_BIN_DIR/vcs_bin && \
223 cp -v ${VCSSERVER_PATH}/vcsserver.ini $BUILD_CONF/vcsserver.ini && \
224 cp -v ${VCSSERVER_PATH}/gunicorn_conf.py $BUILD_CONF/gunicorn_conf_vcs.py && \
225 echo "Done installing vcsserver"
204 226
205 227 RUN \
206 228 echo "** install rhodecode ${RHODECODE_TYPE} ${RHODECODE_VERSION} **" && \
207 229 RHODECODE_DB_INIT=sqlite && \
208 230 ${RCCONTROL} install ${RHODECODE_TYPE} --version ${RHODECODE_VERSION} --start-at-boot=yes --accept-license --offline \
209 231 '{"host":"'"$RHODECODE_HOST"'", "port":"'"$RHODECODE_HTTP_PORT"'", "username":"'"$RHODECODE_USER_NAME"'", "password":"'"$RHODECODE_USER_PASS"'", "email":"'"$RHODECODE_USER_EMAIL"'", "repo_dir":"'"$RHODECODE_REPO_DIR"'", "database": "'"$RHODECODE_DB_INIT"'", "skip_existing_db": "1"}' && \
210 232 RHODECODE_PATH=/home/$RC_USER/.rccontrol/${RC_TYPE_ID} && \
211 233 rm -rf $BUILD_BIN_DIR/bin && ln -s ${RHODECODE_PATH}/profile/bin $BUILD_BIN_DIR/ && \
212 234 cp -v ${RHODECODE_PATH}/rhodecode.ini $BUILD_CONF/rhodecode.ini && \
213 235 cp -v ${RHODECODE_PATH}/gunicorn_conf.py $BUILD_CONF/gunicorn_conf.py && \
214 236 cp -v ${RHODECODE_PATH}/search_mapping.ini $BUILD_CONF/search_mapping.ini && \
215 237 mkdir -p $RHODECODE_DATA_DIR/static && cp -r ${RHODECODE_PATH}/public/* $RHODECODE_DATA_DIR/static/ && \
216 rm ${RHODECODE_PATH}/rhodecode.db
238 rm ${RHODECODE_PATH}/rhodecode.db && \
239 echo "Done installing rhodecode"
217 240
218 241
219 242 RUN \
220 243 echo "** configure supervisord **" && \
221 244 cp -v ${SUPERVISOR_CONF} $BUILD_CONF/ && \
222 245 sed -i "s/self_managed_supervisor = False/self_managed_supervisor = True/g" /home/$RC_USER/.rccontrol.ini && \
223 echo "done"
246 echo "Done installing supervisord"
224 247
225 248 USER root
226 249
227
228 250 RUN \
229 251 echo "**** cleanup ****" && \
230 252 apt-get remove -y $PYTHON_DEPS && \
231 253 apt-get autoclean -y && \
232 254 rm -f /tmp/* && \
255 rm -rf /var/lib/apt/lists/* && \
256 rm -rf /var/cache/apk/* && \
233 257 rm -f /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* && \
234 258 rm -f /home/$RC_USER/.rccontrol/cache/*.bz2 && \
235 rm -rf /var/lib/apt/lists/* \
236 rm -rf /var/cache/apk/* \
237 rm ${SUPERVISOR_CONF}
259 rm -f ${SUPERVISOR_CONF} && \
260 echo "Done cleanup"
261
238 262
239 263 # copy entrypoints
240 264 COPY entrypoints.d/entrypoint.sh /opt/entrypoints.d/entrypoint.sh
265
241 266 RUN chmod +x /opt/entrypoints.d/entrypoint.sh
242 267
243 268 # config volume
244 269 VOLUME /etc/rhodecode/conf
245 270
246 271 # repo store volume
247 272 VOLUME /var/opt/rhodecode_repo_store
248 273
249 274 # data volume
250 275 VOLUME /var/opt/rhodecode_data
251 276
252 277 # logs volume
253 278 VOLUME /var/log/rhodecode
254 279
255 280 ENTRYPOINT ["/opt/entrypoints.d/entrypoint.sh"]
256 281
257 282 # compose can override this
258 CMD ["supervisord", "--nodaemon", "-c", "/etc/rhodecode/conf/supervisord.ini"]
283 CMD [ "$BUILD_BIN_DIR/bin/gunicorn", "--error-logfile=-", "--paster=/etc/rhodecode/conf_build/run.ini", "--config=/etc/rhodecode/conf_build/gunicorn_conf.py" ]
Show file before | Show file after | Hide comments
@@ -1,305 +1,324 b''
1 1 FROM ubuntu:22.04
2 2 # Using 22.04 LTS Release
3 3 MAINTAINER RhodeCode Inc. <support@rhodecode.com>
4 4
5 5 ARG TZ="UTC"
6 6 ARG LOCALE_TYPE=en_US.UTF-8
7 7 ARG RHODECODE_TYPE=Enterprise
8 8 # source-install
9 ARG RHODECODE_VERSION=4.26.0
9 ARG RHODECODE_VERSION=4.28.0
10 10
11 11 ARG RHODECODE_DB=sqlite
12 12 ARG RHODECODE_USER_NAME=admin
13 13 ARG RHODECODE_USER_PASS=secret4
14 14 ARG RHODECODE_USER_EMAIL=support@rhodecode.com
15 15
16 16 # nix ver/channels
17 17 ARG DEV_NIX_VERSION=2.0.4
18 18 ARG DEV_NIX_CHANNEL=nixos-18.03
19 19
20 20 # env are runtime
21 21 ENV \
22 22 TZ=${TZ} \
23 23 LOCALE_TYPE=${LOCALE_TYPE} \
24 24 \
25 25 ## Define type we build, and the instance we'll create
26 26 RHODECODE_TYPE=${RHODECODE_TYPE} \
27 27 RC_TYPE_ID=enterprise-1 \
28 28 \
29 29 ## SETUP ARGS FOR INSTALLATION ##
30 30 ## set version we build on, get from .env or set default ver
31 31 RHODECODE_VERSION=${RHODECODE_VERSION} \
32 32 \
33 33 ## set DB, default sqlite
34 34 RHODECODE_DB=${RHODECODE_DB} \
35 35 \
36 36 ## set app bootstrap required data
37 37 RHODECODE_USER_NAME=${RHODECODE_USER_NAME} \
38 38 RHODECODE_USER_PASS=${RHODECODE_USER_PASS} \
39 39 RHODECODE_USER_EMAIL=${RHODECODE_USER_EMAIL} \
40 40 \
41 41 RC_USER=rhodecode \
42 42 \
43 43 # SVN CONFIG
44 44 MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf \
45 45 MOD_DAV_SVN_PORT=8090 \
46 46 \
47 47 # SSHD CONFIG
48 48 SSHD_CONF_FILE=/etc/rhodecode/sshd_config \
49 49 \
50 SHARED_CONF_DIR=/etc/rhodecode/conf \
50 51 BUILD_CONF=/etc/rhodecode/conf_build \
51 BUILD_BIN_DIR=/var/opt/rhodecode_bin \
52 BUILD_BIN_DIR=/usr/local/bin/rhodecode_bin \
52 53 RHODECODE_DATA_DIR=/var/opt/rhodecode_data \
53 54 RHODECODE_REPO_DIR=/var/opt/rhodecode_repo_store \
54 55 RHODECODE_HTTP_PORT=10020 \
55 56 RHODECODE_VCS_PORT=10010 \
56 57 RHODECODE_HOST=0.0.0.0 \
57 58 RHODECODE_VCS_HOST=127.0.0.1
58 59
59 60 ENV \
60 61 RCCONTROL=/home/$RC_USER/.rccontrol-profile/bin/rccontrol \
61 62 SUPERVISOR_CONF=/home/$RC_USER/.rccontrol/supervisor/supervisord.ini \
62 63 # make application scripts visible
63 64 PATH=$PATH:/home/$RC_USER/.rccontrol-profile/bin
64 65
65 66 ENV SVN_LOCALE_DEPS apache2 apache2-utils libapache2-mod-svn
66 67 ENV SSH_LOCALE_DEPS openssh-server
67 68 ENV PYTHON_DEPS python2
68 ENV EXTRA_DEPS vim
69 ENV EXTRA_DEPS ""
69 70
70 71 ENV \
71 72 PATH=$PATH:/nix/var/nix/profiles/per-user/$RC_USER/profile/bin:/home/$RC_USER/rhodecode-enterprise-ee/profile/bin \
72 73 NIX_BLD_USER=nixbld \
73 74 NIX_PATH=/nix/var/nix/profiles/per-user/$RC_USER/channels \
74 75 NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
75 76
76 77
77 78 RUN \
78 79 echo "** install base packages **" && \
79 80 set -eux; \
80 81 \
81 82 savedAptMark="$(apt-mark showmanual)"; \
82 83 apt-get update; \
83 84 DEBIAN_FRONTEND="noninteractive" \
84 85 apt-get install -y --no-install-recommends \
85 86 tini \
86 87 bash \
87 88 binutils \
88 89 tzdata \
89 90 locales \
90 91 openssl \
91 92 curl \
92 93 sudo \
93 94 gosu \
94 95 bzip2 \
95 96 ca-certificates \
96 97 $PYTHON_DEPS \
97 98 $SSH_LOCALE_DEPS \
98 99 $SVN_LOCALE_DEPS \
99 100 $EXTRA_DEPS \
100 101 ; \
101 102 rm -rf /var/lib/apt/lists/*;
102 103
103 104 RUN \
104 105 echo "** Configure the python executable for py2/3 compat **" && \
105 ISPY=$(which python3 || which python2) && \
106 if [ -n $ISPY ] ; then ln -s $ISPY /usr/bin/python ; fi
106 IS_PY=$(which python3 || which python2) && \
107 if [ -n $IS_PY ] ; then ln -s $IS_PY /usr/bin/python ; fi
107 108
108 109 RUN \
109 110 echo "** Configure the locales **" && \
110 111 sed -i "s/^# ${LOCALE_TYPE}/${LOCALE_TYPE}/g" /etc/locale.gen && \
111 112 locale-gen
112 113
113 114 # locale-archive is a fix for old nix glibc2.26 locales available
114 115 ENV \
115 116 LOCALE_ARCHIVE=/var/opt/locale-archive \
116 117 LANG=${LOCALE_TYPE} \
117 118 LANGUAGE=${LOCALE_TYPE} \
118 119 LC_ALL=${LOCALE_TYPE}
119 120
120 121 # configure the system user
121 122 # explicitly set uid/gid to guarantee that it won't change in the future
122 123 # the values 999:999 are identical to the current user/group id assigned
123 124 RUN \
124 125 echo "** Create system user $RC_USER **" && \
125 126 groupadd --system --gid 999 $RC_USER && \
126 127 useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER && \
127 128 usermod -G $RC_USER $RC_USER
128 129
129 130 RUN \
130 131 echo "** Create nix-build user $NIX_BLD_USER **" && \
131 132 groupadd --system --gid 1099 $NIX_BLD_USER && \
132 133 useradd --system --gid $NIX_BLD_USER --uid 1099 --shell /bin/bash $NIX_BLD_USER && \
133 134 usermod -G $NIX_BLD_USER $NIX_BLD_USER
134 135
135 136 RUN \
136 137 echo "** disable nix sandboxing **" && \
137 138 mkdir /etc/nix && echo 'sandbox = false' > /etc/nix/nix.conf
138 139
139 140
140 141 # set the defult bash shell
141 142 SHELL ["/bin/bash", "-c"]
142 143
143 144 # Fix and set a timezone
144 145 RUN \
145 146 echo "** configure the timezone **" && \
146 147 rm /etc/localtime && cp /usr/share/zoneinfo/$TZ /etc/localtime && \
147 148 echo $TZ > /etc/timezone
148 149
149 150
150 151 RUN \
151 152 echo "** prepare rhodecode store and cache **" && \
152 153 install -d -m 0700 -o $RC_USER -g $RC_USER /nix && \
153 154 install -d -m 0755 -o $RC_USER -g $RC_USER /opt/rhodecode && \
154 install -d -m 0755 -o $RC_USER -g $RC_USER /var/opt/rhodecode_bin && \
155 install -d -m 0755 -o $RC_USER -g $RC_USER /usr/local/bin/rhodecode_bin && \
155 156 install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_REPO_DIR && \
156 157 install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_DATA_DIR && \
157 158 install -d -m 0755 -o $RC_USER -g $RC_USER $BUILD_CONF && \
158 159 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-vcsserver && \
159 160 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ce && \
160 161 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ee && \
161 162 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/ && \
162 163 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol && \
163 164 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/cache && \
164 165 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/bootstrap && \
165 install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.ssh
166 install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.ssh && \
167 install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.rhoderc
166 168
167 169 # expose our custom sshd config
168 170 COPY service/sshd/sshd_config $SSHD_CONF_FILE
169 171
170 172 # Apache SVN setup
171 173 RUN \
172 174 echo "**** Apache config cleanup ****" && \
173 175 rm -f /etc/apache2/conf.d/info.conf \
174 176 /etc/apache2/conf.d/mpm.conf \
175 177 /etc/apache2/conf.d/userdir.conf && \
176 178 rm -f /etc/apache2/sites-enabled/* && \
177 179 rm -f /etc/apache2/sites-available/*
178 180
179 181 # custom SVN virtualhost
180 182 COPY service/svn/virtualhost.conf /etc/apache2/sites-enabled/
181 183
182 184 RUN \
183 185 echo "**** Apache config ****" && \
184 186 echo $(strings /usr/lib/apache2/modules/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \
185 187 mkdir -p /run/apache2 && \
186 188 mkdir -p /var/opt/www && \
187 189 echo "unset HOME" > /etc/apache2/envvars && \
188 190 echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \
189 191 echo "export APACHE_PID_FILE=/var/run/apache2/apache2.pid" >> /etc/apache2/envvars && \
190 192 echo "export APACHE_RUN_DIR=/var/run/apache2" >> /etc/apache2/envvars && \
191 193 echo "export APACHE_LOCK_DIR=/var/lock/apache2" >> /etc/apache2/envvars && \
192 194 echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \
193 195 echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \
194 196 sed -i "s/Listen 80/Listen ${MOD_DAV_SVN_PORT}/g" /etc/apache2/ports.conf
195 197
196 198
197 199 # Copy artifacts
198 COPY --chown=$RC_USER:$RC_USER .source/ /home/$RC_USER/
200
199 201 COPY --chown=$RC_USER:$RC_USER .cache/* /home/$RC_USER/.rccontrol/cache/
200 COPY --chown=$RC_USER:$RC_USER config/compose/rhodecode_enterprise.license /home/$RC_USER/.rccontrol/bootstrap/
202 COPY --chown=$RC_USER:$RC_USER config/_shared/rhodecode_enterprise.license /home/$RC_USER/.rccontrol/bootstrap/
201 203 COPY --chown=$RC_USER:$RC_USER service/rhodecode/bootstrap/* /home/$RC_USER/.rccontrol/bootstrap/
202 204
205 COPY --chown=$RC_USER:$RC_USER .source/ /home/$RC_USER/
206 RUN \
207 echo "** prepare rhodecode dirs **" && \
208 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/vcsserver-1 && \
209 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/community-1 && \
210 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/enterprise-1 && \
211
203 212 RUN \
204 213 echo "**** locale-archive path ****" && \
205 214 mv -v /home/$RC_USER/.rccontrol/cache/locale-archive /var/opt/locale-archive
206 215
207 216 # change to non-root user for RUN commands
208 217 USER $RC_USER
209 218 WORKDIR /home/$RC_USER
210 219
211 220
212 221 RUN \
213 222 echo "** download and install nix ** from $DEV_NIX_VERSION/install" && \
214 223 curl -L https://releases.nixos.org/nix/nix-$DEV_NIX_VERSION/install | USER=$RC_USER /bin/bash
215 224
216 225 RUN \
217 226 echo "** update nix package database and set channel to $DEV_NIX_CHANNEL **" && \
218 227 . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \
219 228 nix-channel --add https://channels.nixos.org/$DEV_NIX_CHANNEL nixpkgs && \
220 229 nix-channel --update
221 230
222 231
223 232 RUN \
224 233 echo "** save nix config **" && \
225 234 touch /home/$RC_USER/.rhoderc && \
226 235 mkdir -p /home/$RC_USER/.nixpkgs && touch /home/$RC_USER/.nixpkgs/config.nix && \
227 236 printf '{\n rc = {\n sources = {\n rhodecode-vcsserver = "/home/'$RC_USER'/rhodecode-vcsserver";\n rhodecode-enterprise-ce = "/home/'$RC_USER'/rhodecode-enterprise-ce";\n rhodecode-enterprise-ee = "/home/'$RC_USER'/rhodecode-enterprise-ee";\n };\n };\n}\n' > /home/$RC_USER/.nixpkgs/config.nix
228 237
229 238
230 239 RUN \
231 240 echo "** install rhodecode control **" && \
232 241 # cd /home/$RC_USER/.rccontrol/cache && \
233 242 # INSTALLER=$(ls -Art /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* | tail -n 1) && \
234 243 # chmod +x ${INSTALLER} && \
235 244 # ${INSTALLER} --accept-license && \
236 245 # ${RCCONTROL} self-init && \
237 246 # cp -v /home/$RC_USER/.rccontrol-profile/etc/ca-bundle.crt $BUILD_CONF/ && \
238 echo "Done"
247 echo "Done installing rhodecode control"
239 248
240 249 RUN \
241 echo "** install build vcsserver ${RHODECODE_VERSION} **" && \
250 echo "** install vcsserver ${RHODECODE_VERSION} **" && \
242 251 . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \
243 nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link rhodecode-vcsserver/result rhodecode-vcsserver/default.nix && \
244 nix-shell --command 'echo ok' rhodecode-vcsserver/default.nix && \
252 nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link /home/$RC_USER/.rccontrol/vcsserver-1/profile rhodecode-vcsserver/default.nix && \
253 nix-shell --command 'echo COMMAND FROM NIX-SHELL TEST' rhodecode-vcsserver/default.nix && \
245 254 VCSSERVER_PATH=/home/$RC_USER/rhodecode-vcsserver && \
246 rm -rf $BUILD_BIN_DIR/vcs_bin && ln -s ${VCSSERVER_PATH}/result/bin $BUILD_BIN_DIR/vcs_bin && \
247 cp -v ${VCSSERVER_PATH}/configs/production.ini $BUILD_CONF/vcsserver.ini
255 rm -rf $BUILD_BIN_DIR/vcs_bin && \
256 cp -rv --preserve=links /home/$RC_USER/.rccontrol/vcsserver-1/profile/bin $BUILD_BIN_DIR/vcs_bin && \
257 cp -v ${VCSSERVER_PATH}/configs/production.ini $BUILD_CONF/vcsserver.ini && \
258 cp -v ${VCSSERVER_PATH}/configs/gunicorn_config.py $BUILD_CONF/gunicorn_conf_vcs.py && \
259 echo "Done installing vcsserver"
248 260
249 261 RUN \
250 262 echo "** install build Community ${RHODECODE_VERSION} **" && \
251 263 . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \
252 264 echo "done"
253 265
254 266 RUN \
255 echo "** install build Enterprise ${RHODECODE_VERSION} **" && \
267 echo "** install rhodecode ${RHODECODE_VERSION} **" && \
256 268 . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \
257 nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link rhodecode-enterprise-ee/result rhodecode-enterprise-ee/default.nix && \
269 nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link /home/$RC_USER/.rccontrol/enterprise-1/profile rhodecode-enterprise-ee/default.nix && \
258 270 nix-shell --command 'echo ok' rhodecode-enterprise-ee/default.nix && \
259 271 RHODECODE_PATH=/home/$RC_USER/rhodecode-enterprise-ee && \
260 rm -rf $BUILD_BIN_DIR/bin && ln -s ${RHODECODE_PATH}/result/bin $BUILD_BIN_DIR/ && \
272 rm -rf $BUILD_BIN_DIR/bin && \
273 cp -rv --preserve=links /home/$RC_USER/.rccontrol/enterprise-1/profile/bin $BUILD_BIN_DIR/ && \
261 274 cp -v ${RHODECODE_PATH}/configs/production.ini $BUILD_CONF/rhodecode.ini && \
262 275 cp -v ${RHODECODE_PATH}/configs/gunicorn_config.py $BUILD_CONF/gunicorn_conf.py && \
263 mkdir -p $RHODECODE_DATA_DIR/static && cp -r ${RHODECODE_PATH}/result/etc/static/* $RHODECODE_DATA_DIR/static/
276 mkdir -p $RHODECODE_DATA_DIR/static && cp -r /home/$RC_USER/.rccontrol/enterprise-1/profile/etc/static/* $RHODECODE_DATA_DIR/static/ && \
277 echo "Done installing rhodecode"
264 278
265 279
266 280 RUN \
267 281 echo "** configure supervisord **" && \
268 282 #cp -v ${SUPERVISOR_CONF} $BUILD_CONF/ && \
269 283 #sed -i "s/self_managed_supervisor = False/self_managed_supervisor = True/g" /home/$RC_USER/.rccontrol.ini && \
270 echo "done"
284 echo "Done installing supervisord"
271 285
272 286 USER root
273 287
274
275 288 RUN \
276 289 echo "**** cleanup ****" && \
277 290 apt-get remove -y $PYTHON_DEPS && \
278 291 apt-get autoclean -y && \
279 292 rm -f /tmp/* && \
280 293 rm -f /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* && \
281 294 rm -f /home/$RC_USER/.rccontrol/cache/*.bz2 && \
282 rm -rf /var/lib/apt/lists/* \
283 rm -rf /var/cache/apk/* \
284 rm ${SUPERVISOR_CONF}
295 rm -rf /var/lib/apt/lists/* && \
296 rm -rf /var/cache/apk/* && \
297 rm -f ${SUPERVISOR_CONF} && \
298 rm -rf /home/$RC_USER/rhodecode-vcsserver && \
299 rm -rf /home/$RC_USER/rhodecode-enterprise-ce && \
300 rm -rf /home/$RC_USER/rhodecode-enterprise-ee && \
301 echo "Done cleanup"
302
285 303
286 304 # copy entrypoints
287 305 COPY entrypoints.d/entrypoint.sh /opt/entrypoints.d/entrypoint.sh
306
288 307 RUN chmod +x /opt/entrypoints.d/entrypoint.sh
289 308
290 309 # config volume
291 310 VOLUME /etc/rhodecode/conf
292 311
293 312 # repo store volume
294 313 VOLUME /var/opt/rhodecode_repo_store
295 314
296 315 # data volume
297 316 VOLUME /var/opt/rhodecode_data
298 317
299 318 # logs volume
300 319 VOLUME /var/log/rhodecode
301 320
302 321 ENTRYPOINT ["/opt/entrypoints.d/entrypoint.sh"]
303 322
304 323 # compose can override this
305 CMD ["supervisord", "--nodaemon", "-c", "/etc/rhodecode/conf/supervisord.ini"]
324 CMD [ "$BUILD_BIN_DIR/bin/gunicorn", "--error-logfile=-", "--paster=/etc/rhodecode/conf_build/run.ini", "--config=/etc/rhodecode/conf_build/gunicorn_conf.py" ]
Show file before | Show file after | Hide comments
@@ -1,76 +1,77 b''
1 FROM debian:buster
1 FROM ubuntu:22.04
2 # Using 22.04 LTS Release
2 3 MAINTAINER RhodeCode Inc. <support@rhodecode.com>
3 4
4 5 # env are runtime/build
5 6 ENV \
6 7 TZ="UTC" \
7 8 RC_USER=rhodecode \
8 9 RHODECODE_USER_NAME=rhodecode \
9 10 SSHD_CONF_FILE=/etc/rhodecode/sshd_config
10 11
11 12 RUN \
12 13 echo "** install base packages **" && \
13 14 set -eux; \
14 15 \
15 16 savedAptMark="$(apt-mark showmanual)"; \
16 17 apt-get update; \
17 18 apt-get install -y --no-install-recommends \
18 19 bash \
19 20 tzdata \
20 21 vim \
21 22 openssl \
22 23 openssh-server \
23 24 ; \
24 25 rm -rf /var/lib/apt/lists/*;
25 26
26 27 # # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
27 28 # apt-mark auto '.*' > /dev/null; \
28 29 # [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
29 30 # apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false
30 31
31 32 # configure the system user
32 33 # explicitly set uid/gid to guarantee that it won't change in the future
33 34 # the values 999:999 are identical to the current user/group id assigned
34 35 RUN \
35 36 echo "** Create system user $RC_USER **" && \
36 37 groupadd --system --gid 999 $RC_USER && \
37 38 useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER
38 39
39 40
40 41 RUN \
41 42 echo "** prepare rhodecode store and cache **" && \
42 43 install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.ssh
43 44
44 45 # set the defult bash shell
45 46 SHELL ["/bin/bash", "-c"]
46 47
47 48 # Fix and set a timezone
48 49 RUN \
49 50 echo "** configure the timezone **" && \
50 51 echo $TZ > /etc/timezone
51 52
52 53 # expose our custom sshd config
53 54 COPY service/sshd/sshd_config $SSHD_CONF_FILE
54 55
55 56 USER root
56 57
57 58 RUN \
58 59 echo "**** cleanup ****" && \
59 60 rm -f /tmp/* && \
60 61 rm -rf /var/lib/apt/lists/* \
61 62 rm -rf /var/cache/apk/*
62 63
63 64 # copy entrypoints
64 65 COPY entrypoints.d/ssh-entrypoint.sh /opt/entrypoints.d/ssh-entrypoint.sh
65 66 RUN chmod +x /opt/entrypoints.d/ssh-entrypoint.sh
66 67
67 68 # config volume
68 69 VOLUME /etc/rhodecode/conf
69 70
70 71 # logs volume
71 72 VOLUME /var/log/rhodecode
72 73
73 74 ENTRYPOINT ["/opt/entrypoints.d/ssh-entrypoint.sh"]
74 75
75 76 # compose can override this
76 77 CMD ["/usr/sbin/sshd", "-f", "/etc/rhodecode/sshd_config", "-D", "-e"]
Show file before | Show file after | Hide comments
@@ -1,72 +1,99 b''
1 1 FROM ubuntu:22.04
2 2 # Using 22.04 LTS Release
3 3 MAINTAINER RhodeCode Inc. <support@rhodecode.com>
4 4
5 5
6 6 ENV \
7 7 RC_USER=rhodecode \
8 MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf
8 # SVN CONFIG
9 MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf \
10 MOD_DAV_SVN_PORT=8090
11
12 ENV SVN_LOCALE_DEPS apache2 apache2-utils libapache2-mod-svn subversion
13 #apache2-webdav
9 14
10 15 RUN \
11 echo "** install base svn packages **" && \
12 apt-get update && \
13 apt-get install --no-cache \
14 tini \
15 bash \
16 curl \
17 apache2 \
18 apache2-utils \
19 apache2-webdav \
20 mod_dav_svn \
21 subversion
16 echo "** install svn base packages **" && \
17 set -eux; \
18 \
19 savedAptMark="$(apt-mark showmanual)"; \
20 apt-get update; \
21 DEBIAN_FRONTEND="noninteractive" \
22 apt-get install -y --no-install-recommends \
23 tini \
24 bash \
25 binutils \
26 tzdata \
27 locales \
28 openssl \
29 curl \
30 sudo \
31 gosu \
32 bzip2 \
33 ca-certificates \
34 $SVN_LOCALE_DEPS \
35 ; \
36 rm -rf /var/lib/apt/lists/*;
37
22 38
23 39 # configure the system user
24 40 # explicitly set uid/gid to guarantee that it won't change in the future
25 41 # the values 999:999 are identical to the current user/group id assigned
26 42 RUN \
27 43 echo "** Create system user $RC_USER **" && \
28 44 groupadd --system --gid 999 $RC_USER && \
29 useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER
45 useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER && \
46 usermod -G $RC_USER $RC_USER
47
48 # Apache SVN setup
49 RUN \
50 echo "**** Apache config cleanup ****" && \
51 rm -f /etc/apache2/conf.d/info.conf \
52 /etc/apache2/conf.d/mpm.conf \
53 /etc/apache2/conf.d/userdir.conf && \
54 rm -f /etc/apache2/sites-enabled/* && \
55 rm -f /etc/apache2/sites-available/*
30 56
57 # custom SVN virtualhost
58 COPY service/svn/virtualhost.conf /etc/apache2/sites-enabled/
59
60 RUN \
61 echo "**** Apache config ****" && \
62 echo $(strings /usr/lib/apache2/modules/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \
63 mkdir -p /run/apache2 && \
64 mkdir -p /var/opt/www && \
65 echo "unset HOME" > /etc/apache2/envvars && \
66 echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \
67 echo "export APACHE_PID_FILE=/var/run/apache2/apache2.pid" >> /etc/apache2/envvars && \
68 echo "export APACHE_RUN_DIR=/var/run/apache2" >> /etc/apache2/envvars && \
69 echo "export APACHE_LOCK_DIR=/var/lock/apache2" >> /etc/apache2/envvars && \
70 echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \
71 echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \
72 sed -i "s/Listen 80/Listen ${MOD_DAV_SVN_PORT}/g" /etc/apache2/ports.conf
73
74 USER root
31 75
32 76 RUN \
33 77 echo "**** cleanup ****" && \
34 apt-get purge tzdata python2 && \
78 apt-get autoclean -y && \
35 79 rm -f /tmp/* && \
36 80 rm -rf /var/lib/apt/lists/* \
37 81 rm -rf /var/cache/apk/*
38 82
39 RUN \
40 echo "**** Apache config cleanup ****" && \
41 rm -f /etc/apache2/conf.d/info.conf \
42 /etc/apache2/conf.d/mpm.conf \
43 /etc/apache2/conf.d/userdir.conf
44
45
46 COPY svn/virtualhost.conf /etc/apache2/conf.d/
47 83
48 84 # copy entrypoints
49 85 COPY entrypoints.d/svn-entrypoint.sh /opt/entrypoints.d/svn-entrypoint.sh
50 86 RUN chmod +x /opt/entrypoints.d/svn-entrypoint.sh
51 87
52 RUN \
53 echo $(strings /usr/lib/apache2/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \
54 mkdir -p /run/apache2 && \
55 mkdir -p /var/opt/www && \
56 echo "export APACHE_RUN_USER=${RC_USER}" > /etc/apache2/envvars && \
57 echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \
58 sed -i "s/User apache/User ${RC_USER}/g" /etc/apache2/httpd.conf && \
59 sed -i "s/Group apache/Group ${RC_USER}/g" /etc/apache2/httpd.conf
88 # config volume
89 VOLUME /etc/rhodecode/conf
60 90
61 91 # repo store volume
62 92 VOLUME /var/opt/rhodecode_repo_store
63 93
64 # config volume
65 VOLUME /etc/rhodecode/conf
66
67 94 # logs volume
68 95 VOLUME /var/log/rhodecode
69 96
70 97 ENTRYPOINT ["/opt/entrypoints.d/svn-entrypoint.sh"]
71 98
72 CMD ["apachectl", "-D", "FOREGROUND"]
99 CMD ["apachectl", "-D", "FOREGROUND"] No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,22 +1,33 b''
1 1 LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
2 2 LoadModule authn_anon_module /usr/lib/apache2/modules/mod_authn_anon.so
3 3 LoadModule dav_svn_module /usr/lib/apache2/modules/mod_dav_svn.so
4 4
5 ErrorLogFormat "{ \"time\":\"%{%Y-%m-%d}tT%{%T}t.%{msec_frac}tZ\", \"function\" : \"[%-m:%l]\" , \"process\" : \"[pid %P:tid %T]\" , \"message\" : \"%M\" ,\ \"referer\"\ : \"%{Referer}i\" }"
6 LogFormat "{ \"time\":\"%{%Y-%m-%d}tT%{%T}t.%{msec_frac}tZ\", \"process\":\"%D\", \"filename\":\"%f\", \"remoteIP\":\"%a\", \"host\":\"%V\", \"request\":\"%U\", \"query\":\"%q\", \"method\":\"%m\", \"status\":\"%>s\", \"userAgent\":\"%{User-agent}i\", \"referer\":\"%{Referer}i\" }" combined
7
8 ErrorLog /dev/stderr
9 CustomLog /dev/stdout combined
10
11
5 12 <VirtualHost *:${MOD_DAV_SVN_PORT}>
6 13 ServerAdmin admin@localhost
7 14 DocumentRoot /var/opt/www
8 ErrorLog ${APACHE_LOG_DIR}/svn_error.log
9 CustomLog ${APACHE_LOG_DIR}/svn_access.log combined
15
16 ErrorLogFormat "{ \"time\":\"%{%Y-%m-%d}tT%{%T}t.%{msec_frac}tZ\", \"function\" : \"[%-m:%l]\" , \"process\" : \"[pid %P:tid %T]\" , \"message\" : \"%M\" ,\ \"referer\"\ : \"%{Referer}i\" }"
17 LogFormat "{ \"time\":\"%{%Y-%m-%d}tT%{%T}t.%{msec_frac}tZ\", \"process\":\"%D\", \"filename\":\"%f\", \"remoteIP\":\"%a\", \"host\":\"%V\", \"request\":\"%U\", \"query\":\"%q\", \"method\":\"%m\", \"status\":\"%>s\", \"userAgent\":\"%{User-agent}i\", \"referer\":\"%{Referer}i\" }" combined
18
19 ErrorLog /dev/stderr
20 CustomLog /dev/stdout combined
10 21 LogLevel info
11 22
12 23 <Location /_server_status>
13 24 Require ip 127
14 25 SetHandler server-status
15 26 Require all granted
16 27 </Location>
17 28
18 29 # allows custom host names, prevents 400 errors on checkout
19 30 HttpProtocolOptions Unsafe
20 31
21 32 Include ${MOD_DAV_SVN_CONF_FILE}
22 33 </VirtualHost> No newline at end of file
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed
This diff has been collapsed as it changes many lines, (746 lines changed) Show them Hide them
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed
General Comments 0
You need to be logged in to leave comments. Login now