Show More
@@ -0,0 +1,19 b'' | |||
|
1 | [security] | |
|
2 | admin_user=admin | |
|
3 | admin_password=admin | |
|
4 | ||
|
5 | [users] | |
|
6 | allow_sign_up=false | |
|
7 | ||
|
8 | [smtp] | |
|
9 | enabled=true | |
|
10 | host= | |
|
11 | user= | |
|
12 | password= | |
|
13 | from_address=alerting-grafana@grafana.localhost | |
|
14 | from_name=[Grafana] Alerting | |
|
15 | ||
|
16 | # subpath /_grafana | |
|
17 | [server] | |
|
18 | serve_from_sub_path=true | |
|
19 | root_url=%(protocol)s://%(domain)s:%(http_port)s/_grafana/ |
|
1 | NO CONTENT: new file 100644 |
@@ -0,0 +1,3 b'' | |||
|
1 | Store your certificate files here. | |
|
2 | your-domain.crt | |
|
3 | your-domain.key No newline at end of file |
@@ -0,0 +1,42 b'' | |||
|
1 | ## Static configuration, needs traefik reload | |
|
2 | ||
|
3 | entryPoints: | |
|
4 | http: | |
|
5 | address: ":80" | |
|
6 | ||
|
7 | https: | |
|
8 | address: ":443" | |
|
9 | ||
|
10 | # ssh: | |
|
11 | # address: ":${RC_SSH_PORT:?must-specify-ssh-port}" | |
|
12 | ||
|
13 | traefik: | |
|
14 | address: ":7000" | |
|
15 | ||
|
16 | api: | |
|
17 | dashboard: false | |
|
18 | insecure: false # change to true to expose dashboard | |
|
19 | ||
|
20 | accessLog: {} | |
|
21 | ||
|
22 | log: | |
|
23 | # DEBUG / INFO | |
|
24 | level: INFO | |
|
25 | ||
|
26 | metrics: | |
|
27 | prometheus: {} | |
|
28 | ||
|
29 | ||
|
30 | providers: | |
|
31 | docker: | |
|
32 | exposedByDefault: false | |
|
33 | swarmMode: false | |
|
34 | ||
|
35 | file: | |
|
36 | filename: "/etc/traefik/traefik_dynamic.yaml" | |
|
37 | watch: true | |
|
38 | ||
|
39 | ||
|
40 | serversTransport: | |
|
41 | #this disables SSL certificate verification for legacy own cert services like NextCloud etc | |
|
42 | insecureSkipVerify: true |
@@ -0,0 +1,24 b'' | |||
|
1 | ||
|
2 | ## Setting up the middleware for redirect to https ## | |
|
3 | http: | |
|
4 | ||
|
5 | middlewares: | |
|
6 | ||
|
7 | https-redirect: | |
|
8 | redirectScheme: | |
|
9 | scheme: https | |
|
10 | # permanent: true | |
|
11 | ||
|
12 | middlewares-rate-limit: | |
|
13 | rateLimit: | |
|
14 | average: 100 | |
|
15 | burst: 50 | |
|
16 | ||
|
17 | # Dynamic configuration for standard file based SSL cert | |
|
18 | # create a custom copy of the traefik into .custom/ and remount this | |
|
19 | # to enable custom certificates | |
|
20 | #tls: | |
|
21 | # certificates: | |
|
22 | # # first certificate | |
|
23 | # - certFile: /etc/traefik/certs/rhodecode-com.cert | |
|
24 | # keyFile: /etc/traefik/certs/rhodecode-com.key |
@@ -0,0 +1,312 b'' | |||
|
1 | version: '3.9' | |
|
2 | ||
|
3 | x-logging: &custom-logging | |
|
4 | # docker plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions | |
|
5 | # NOTE: loki logging driver ONLY works for host type networks... | |
|
6 | driver: loki | |
|
7 | options: | |
|
8 | loki-url: "http://127.0.0.1:3100/loki/api/v1/push" | |
|
9 | #loki-url: "http://loki:3100/loki/api/v1/push" | |
|
10 | loki-retries: "5" | |
|
11 | loki-timeout: "1s" | |
|
12 | loki-max-backoff: "800ms" | |
|
13 | ||
|
14 | volumes: | |
|
15 | ||
|
16 | # volume for RhodeCode repo-store, it's where the repositories will be stored | |
|
17 | rhodecode_repos: | |
|
18 | labels: | |
|
19 | "keep": 1 | |
|
20 | ||
|
21 | ||
|
22 | services: | |
|
23 | ||
|
24 | rhodecode: | |
|
25 | networks: | |
|
26 | - rhodecode_network | |
|
27 | image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var} | |
|
28 | env_file: | |
|
29 | - .custom/.runtime.env | |
|
30 | stdin_open: true | |
|
31 | tty: true | |
|
32 | restart: always | |
|
33 | command: [ | |
|
34 | "/usr/local/bin/rhodecode_bin/bin/gunicorn", | |
|
35 | "--name=gunicorn-rhodecode-1", | |
|
36 | "--error-logfile=-", | |
|
37 | "--paster=/etc/rhodecode/conf/rhodecode.optimized.ini", | |
|
38 | "--config=/etc/rhodecode/conf/gunicorn_conf.py" | |
|
39 | ] | |
|
40 | ||
|
41 | # ports: | |
|
42 | # - "127.0.0.1::10020" | |
|
43 | ||
|
44 | build: | |
|
45 | context: . | |
|
46 | dockerfile: service/rhodecode/rhodecode.dockerfile | |
|
47 | args: | |
|
48 | TZ: ${TZ} | |
|
49 | RHODECODE_VERSION: ${RC_VERSION:?specify-RC_VERSION-env-var} | |
|
50 | RHODECODE_DB: postgresql://rhodecode:${DB_PASSWORD:?must-specify-db-password}@database/${DB_NAME:?must-specify-db-name} | |
|
51 | RHODECODE_USER_NAME: ${RHODECODE_USER_NAME} | |
|
52 | RHODECODE_USER_PASS: ${RHODECODE_USER_PASS} | |
|
53 | RHODECODE_USER_EMAIL: ${RHODECODE_USER_EMAIL} | |
|
54 | ||
|
55 | environment: | |
|
56 | RC_APP_TYPE: rhodecode_http | |
|
57 | RC_APP_PROC: 1 | |
|
58 | SSL_CERT_FILE: "/etc/rhodecode/conf/ca-bundle.crt" | |
|
59 | REQUESTS_CA_BUNDLE: "/etc/rhodecode/conf/ca-bundle.crt" | |
|
60 | GIT_SSL_CAINFO: "/etc/rhodecode/conf/ca-bundle.crt" | |
|
61 | GEVENT_RESOLVER: "ares" | |
|
62 | ||
|
63 | DB_UPGRADE: 1 # run the DB upgrade | |
|
64 | SETUP_APP: 1 # run the application default settings setup, can be turned off after initial run | |
|
65 | #FORCE_DB_INIT_FILE: 1 # force the database init, warning: destroys old DB | |
|
66 | #FORCE_RC_SETUP_APP: 1 # force running setup scripts for configuration/license application | |
|
67 | MAIN_INI_PATH: /etc/rhodecode/conf/rhodecode.optimized.ini | |
|
68 | ||
|
69 | # SVN Specific | |
|
70 | MOD_DAV_SVN_PORT: 8090 | |
|
71 | APACHE_LOG_DIR: /var/log/rhodecode/svn | |
|
72 | MOD_DAV_SVN_CONF_FILE: /etc/rhodecode/conf/svn/mod_dav_svn.conf | |
|
73 | ||
|
74 | healthcheck: | |
|
75 | test: [ "CMD", "curl", "-A", "RhodeCode-Healthcheck", "-s", "-o", "/dev/null", "-w", "'%{http_code}'", "http://127.0.0.1:10020/_admin/ops/ping" ] | |
|
76 | timeout: 30s | |
|
77 | interval: 60s | |
|
78 | retries: 10 | |
|
79 | ||
|
80 | # depends_on: | |
|
81 | # - database | |
|
82 | # - redis | |
|
83 | # - channelstream | |
|
84 | ||
|
85 | volumes: | |
|
86 | - confvolume:/etc/rhodecode/conf | |
|
87 | - logvolume:/var/log/rhodecode | |
|
88 | - rhodecode_repos:/var/opt/rhodecode_repo_store | |
|
89 | - rc_datavolume:/var/opt/rhodecode_data | |
|
90 | ||
|
91 | tmpfs: | |
|
92 | - /data_ramdisk:size=${RC_DATA_RAMDISK_SIZE:?specify-RC_DATA_RAMDISK_SIZE-env-var} | |
|
93 | ||
|
94 | logging: | |
|
95 | *custom-logging | |
|
96 | ||
|
97 | labels: | |
|
98 | - "traefik.enable=false" | |
|
99 | ||
|
100 | vcsserver: | |
|
101 | networks: | |
|
102 | - rhodecode_network | |
|
103 | image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var} | |
|
104 | env_file: | |
|
105 | - .custom/.runtime.env | |
|
106 | stdin_open: true | |
|
107 | tty: true | |
|
108 | restart: always | |
|
109 | command: [ | |
|
110 | "/home/rhodecode/.rccontrol/vcsserver-1/profile/bin/gunicorn", | |
|
111 | "--name=gunicorn-vcsserver-1", | |
|
112 | "--error-logfile=-", | |
|
113 | "--paster=/etc/rhodecode/conf/vcsserver.optimized.ini", | |
|
114 | "--config=/etc/rhodecode/conf/gunicorn_conf_vcs.py" | |
|
115 | ] | |
|
116 | ||
|
117 | # ports: | |
|
118 | # - "127.0.0.1::10010" | |
|
119 | ||
|
120 | healthcheck: | |
|
121 | test: [ "CMD", "curl", "-A", "RhodeCode-Healthcheck", "-s", "-o", "/dev/null", "-w", "'%{http_code}'", "http://127.0.0.1:10010/status" ] | |
|
122 | timeout: 30s | |
|
123 | interval: 60s | |
|
124 | retries: 10 | |
|
125 | ||
|
126 | environment: | |
|
127 | RC_APP_TYPE: rhodecode_vcsserver | |
|
128 | RC_APP_PROC: 1 | |
|
129 | MAIN_INI_PATH: /etc/rhodecode/conf/vcsserver.optimized.ini | |
|
130 | SSL_CERT_FILE: "/etc/rhodecode/conf/ca-bundle.crt" | |
|
131 | REQUESTS_CA_BUNDLE: "/etc/rhodecode/conf/ca-bundle.crt" | |
|
132 | GIT_SSL_CAINFO: "/etc/rhodecode/conf/ca-bundle.crt" | |
|
133 | ||
|
134 | # depends_on: | |
|
135 | # - redis | |
|
136 | ||
|
137 | volumes: | |
|
138 | - confvolume:/etc/rhodecode/conf | |
|
139 | - logvolume:/var/log/rhodecode | |
|
140 | - rhodecode_repos:/var/opt/rhodecode_repo_store | |
|
141 | - rc_datavolume:/var/opt/rhodecode_data | |
|
142 | ||
|
143 | logging: | |
|
144 | *custom-logging | |
|
145 | ||
|
146 | celery: | |
|
147 | networks: | |
|
148 | - rhodecode_network | |
|
149 | image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var} | |
|
150 | env_file: | |
|
151 | - .custom/.runtime.env | |
|
152 | stdin_open: true | |
|
153 | tty: true | |
|
154 | restart: always | |
|
155 | command: [ | |
|
156 | "/usr/local/bin/rhodecode_bin/bin/celery", | |
|
157 | "worker", | |
|
158 | "--task-events", | |
|
159 | "--autoscale=10,2", | |
|
160 | "--no-color", | |
|
161 | "--app=rhodecode.lib.celerylib.loader", | |
|
162 | "--loglevel=DEBUG", | |
|
163 | "--ini=/etc/rhodecode/conf/rhodecode.optimized.ini" | |
|
164 | ] | |
|
165 | ||
|
166 | environment: | |
|
167 | RC_APP_TYPE: rhodecode_celery | |
|
168 | RC_APP_PROC: 1 | |
|
169 | MAIN_INI_PATH: /etc/rhodecode/conf/rhodecode.optimized.ini | |
|
170 | SSL_CERT_FILE: "/etc/rhodecode/conf/ca-bundle.crt" | |
|
171 | REQUESTS_CA_BUNDLE: "/etc/rhodecode/conf/ca-bundle.crt" | |
|
172 | GIT_SSL_CAINFO: "/etc/rhodecode/conf/ca-bundle.crt" | |
|
173 | ||
|
174 | # depends_on: | |
|
175 | # - database | |
|
176 | # - redis | |
|
177 | ||
|
178 | volumes: | |
|
179 | - confvolume:/etc/rhodecode/conf | |
|
180 | - logvolume:/var/log/rhodecode | |
|
181 | - rhodecode_repos:/var/opt/rhodecode_repo_store | |
|
182 | - rc_datavolume:/var/opt/rhodecode_data | |
|
183 | ||
|
184 | logging: | |
|
185 | *custom-logging | |
|
186 | ||
|
187 | labels: | |
|
188 | - "traefik.enable=false" | |
|
189 | ||
|
190 | celery-beat: | |
|
191 | # This service is not scalable | |
|
192 | networks: | |
|
193 | - rhodecode_network | |
|
194 | image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var} | |
|
195 | env_file: | |
|
196 | - .custom/.runtime.env | |
|
197 | stdin_open: true | |
|
198 | tty: true | |
|
199 | restart: always | |
|
200 | command: [ | |
|
201 | "/usr/local/bin/rhodecode_bin/bin/celery", | |
|
202 | "beat", | |
|
203 | "--no-color", | |
|
204 | "--app=rhodecode.lib.celerylib.loader", | |
|
205 | "--scheduler=rhodecode.lib.celerylib.scheduler.RcScheduler", | |
|
206 | "--loglevel=DEBUG", | |
|
207 | "--ini=/etc/rhodecode/conf/rhodecode.optimized.ini" | |
|
208 | ] | |
|
209 | ||
|
210 | environment: | |
|
211 | RC_APP_TYPE: rhodecode_beat | |
|
212 | RC_APP_PROC: 1 | |
|
213 | MAIN_INI_PATH: /etc/rhodecode/conf/rhodecode.optimized.ini | |
|
214 | SSL_CERT_FILE: "/etc/rhodecode/conf/ca-bundle.crt" | |
|
215 | REQUESTS_CA_BUNDLE: "/etc/rhodecode/conf/ca-bundle.crt" | |
|
216 | GIT_SSL_CAINFO: "/etc/rhodecode/conf/ca-bundle.crt" | |
|
217 | ||
|
218 | # depends_on: | |
|
219 | # - database | |
|
220 | # - redis | |
|
221 | ||
|
222 | volumes: | |
|
223 | - confvolume:/etc/rhodecode/conf | |
|
224 | - logvolume:/var/log/rhodecode | |
|
225 | - rhodecode_repos:/var/opt/rhodecode_repo_store | |
|
226 | - rc_datavolume:/var/opt/rhodecode_data | |
|
227 | ||
|
228 | logging: | |
|
229 | *custom-logging | |
|
230 | ||
|
231 | labels: | |
|
232 | - "traefik.enable=false" | |
|
233 | ||
|
234 | svn: | |
|
235 | networks: | |
|
236 | - rhodecode_network | |
|
237 | image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var} | |
|
238 | env_file: | |
|
239 | - .custom/.runtime.env | |
|
240 | ||
|
241 | # build: | |
|
242 | # context: . | |
|
243 | # dockerfile: service/svn/rhodecode_svn.dockerfile | |
|
244 | # args: | |
|
245 | # APACHE_VER: 1.3 | |
|
246 | ||
|
247 | stdin_open: true | |
|
248 | tty: true | |
|
249 | restart: always | |
|
250 | command: ["apachectl", "-D", "FOREGROUND"] | |
|
251 | ||
|
252 | environment: | |
|
253 | RC_APP_TYPE: rhodecode_svn | |
|
254 | ||
|
255 | # SVN Specific | |
|
256 | MOD_DAV_SVN_PORT: 8090 | |
|
257 | APACHE_LOG_DIR: /var/log/rhodecode/svn | |
|
258 | MOD_DAV_SVN_CONF_FILE: /etc/rhodecode/conf/svn/mod_dav_svn.conf | |
|
259 | ||
|
260 | # ports: | |
|
261 | # - "127.0.0.1::8090" | |
|
262 | ||
|
263 | healthcheck: | |
|
264 | test: [ "CMD", "curl", "-A", "RhodeCode-Healthcheck", "-s", "-o", "/dev/null", "-w", "'%{http_code}'", "http://127.0.0.1:8090/_server_status" ] | |
|
265 | timeout: 30s | |
|
266 | interval: 60s | |
|
267 | retries: 10 | |
|
268 | ||
|
269 | volumes: | |
|
270 | - confvolume:/etc/rhodecode/conf | |
|
271 | - logvolume:/var/log/rhodecode | |
|
272 | - rhodecode_repos:/var/opt/rhodecode_repo_store | |
|
273 | ||
|
274 | logging: | |
|
275 | *custom-logging | |
|
276 | ||
|
277 | sshd: | |
|
278 | networks: | |
|
279 | - rhodecode_network | |
|
280 | image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var} | |
|
281 | env_file: | |
|
282 | - .custom/.runtime.env | |
|
283 | ||
|
284 | stdin_open: true | |
|
285 | tty: true | |
|
286 | restart: always | |
|
287 | command: ["/usr/sbin/sshd", "-f", "/etc/rhodecode/sshd_config", "-D", "-e"] | |
|
288 | ||
|
289 | environment: | |
|
290 | RC_APP_TYPE: rhodecode_sshd | |
|
291 | SSH_BOOTSTRAP: 1 | |
|
292 | ||
|
293 | # ports: | |
|
294 | # # set from .env file | |
|
295 | # - "${RC_SSH_PORT:?must-specify-ssh-port}:22" | |
|
296 | ||
|
297 | volumes: | |
|
298 | - confvolume:/etc/rhodecode/conf | |
|
299 | - logvolume:/var/log/rhodecode | |
|
300 | - rhodecode_repos:/var/opt/rhodecode_repo_store | |
|
301 | - rc_datavolume:/var/opt/rhodecode_data | |
|
302 | ||
|
303 | logging: | |
|
304 | *custom-logging | |
|
305 | ||
|
306 | labels: | |
|
307 | - "traefik.enable=true" | |
|
308 | - "traefik.http.routers.sshd.entrypoints=ssh" | |
|
309 | - "traefik.http.routers.sshd.rule=Host(`*`)" | |
|
310 | - "traefik.http.services.sshd.loadbalancer.server.port=${RC_SSH_PORT:?must-specify-ssh-port}" | |
|
311 | ||
|
312 |
@@ -0,0 +1,46 b'' | |||
|
1 | version: '3.9' | |
|
2 | ||
|
3 | ## Shared base stuff for all compose files in stack | |
|
4 | ||
|
5 | x-logging: &custom-logging | |
|
6 | # docker plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions | |
|
7 | # NOTE: loki logging driver ONLY works for host type networks... | |
|
8 | driver: loki | |
|
9 | options: | |
|
10 | loki-url: "http://127.0.0.1:3100/loki/api/v1/push" | |
|
11 | #loki-url: "http://loki:3100/loki/api/v1/push" | |
|
12 | loki-retries: "5" | |
|
13 | loki-timeout: "1s" | |
|
14 | loki-max-backoff: "800ms" | |
|
15 | ||
|
16 | volumes: | |
|
17 | # shared logvolume | |
|
18 | logvolume: | |
|
19 | driver: local | |
|
20 | driver_opts: | |
|
21 | type: none | |
|
22 | o: bind | |
|
23 | device: $PWD/logs | |
|
24 | ||
|
25 | # bind-mount with configs | |
|
26 | confvolume: | |
|
27 | driver: local | |
|
28 | driver_opts: | |
|
29 | type: none | |
|
30 | o: bind | |
|
31 | device: $PWD/config/_shared | |
|
32 | ||
|
33 | # SHARED volume for rhodecode caches, archive caches, nginx static, | |
|
34 | # must be run via: docker volume create --name=rc_datavolume | |
|
35 | rc_datavolume: | |
|
36 | external: true | |
|
37 | ||
|
38 | networks: | |
|
39 | ||
|
40 | # SHARED network for all containers | |
|
41 | # must be run via: docker network create --name=rhodecode_network | |
|
42 | rhodecode_network: | |
|
43 | name: rhodecode_network | |
|
44 | driver: bridge | |
|
45 | external: true | |
|
46 |
@@ -0,0 +1,78 b'' | |||
|
1 | version: '3.9' | |
|
2 | ||
|
3 | x-logging: &custom-logging | |
|
4 | # docker plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions | |
|
5 | # NOTE: loki logging driver ONLY works for host type networks... | |
|
6 | driver: loki | |
|
7 | options: | |
|
8 | loki-url: "http://127.0.0.1:3100/loki/api/v1/push" | |
|
9 | #loki-url: "http://loki:3100/loki/api/v1/push" | |
|
10 | loki-retries: "5" | |
|
11 | loki-timeout: "1s" | |
|
12 | loki-max-backoff: "800ms" | |
|
13 | ||
|
14 | ## docker network create -d overlay lb-net | |
|
15 | services: | |
|
16 | ||
|
17 | traefik: | |
|
18 | ||
|
19 | image: traefik:v2.9.5 | |
|
20 | ||
|
21 | ports: | |
|
22 | # The HTTP port, exposed as http entrypoint | |
|
23 | - "80:80" | |
|
24 | # The HTTPS port, exposed as https entrypoint | |
|
25 | - "443:443" | |
|
26 | # The SSH port | |
|
27 | - "${RC_SSH_PORT}:${RC_SSH_PORT}" | |
|
28 | # The Web UI (enabled by --api.insecure=true) | |
|
29 | # uncomment to expose dashboard at port :7000 | |
|
30 | #- "7000:7000" | |
|
31 | volumes: | |
|
32 | # So that Traefik can listen to the Docker events | |
|
33 | - /var/run/docker.sock:/var/run/docker.sock | |
|
34 | - ./config/traefik:/etc/traefik | |
|
35 | deploy: | |
|
36 | placement: | |
|
37 | constraints: | |
|
38 | # limit swarm deploy to MANAGER only | |
|
39 | - node.role == manager | |
|
40 | networks: | |
|
41 | - rhodecode_network | |
|
42 | ||
|
43 | labels: | |
|
44 | - "traefik.enable=true" | |
|
45 | ||
|
46 | logging: | |
|
47 | *custom-logging | |
|
48 | ||
|
49 | portainer: | |
|
50 | # Run with COMPOSE_PROFILES=portainer | |
|
51 | # to access portainer set HEADER `X-Docker-Host=portainer` | |
|
52 | image: portainer/portainer-ce:latest | |
|
53 | restart: always | |
|
54 | volumes: | |
|
55 | - portainer_data:/data | |
|
56 | - /var/run/docker.sock:/var/run/docker.sock | |
|
57 | deploy: | |
|
58 | mode: replicated | |
|
59 | replicas: 1 | |
|
60 | placement: | |
|
61 | constraints: | |
|
62 | # limit swarm deploy to MANAGER only | |
|
63 | - node.role == manager | |
|
64 | ||
|
65 | networks: | |
|
66 | - rhodecode_network | |
|
67 | labels: | |
|
68 | - "traefik.enable=true" | |
|
69 | - "traefik.http.services.portainer.loadbalancer.server.port=9000" | |
|
70 | - "traefik.http.routers.portainer.entrypoints=https" | |
|
71 | - "traefik.http.routers.portainer.rule=Headers(`X-Docker-Host`, `portainer`)" | |
|
72 | ||
|
73 | profiles: | |
|
74 | ["portainer"] | |
|
75 | ||
|
76 | volumes: | |
|
77 | portainer_data: | |
|
78 | external: true No newline at end of file |
@@ -0,0 +1,240 b'' | |||
|
1 | version: '3.9' | |
|
2 | ||
|
3 | x-logging: &custom-logging | |
|
4 | # docker plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions | |
|
5 | # NOTE: loki logging driver ONLY works for host type networks... | |
|
6 | driver: loki | |
|
7 | options: | |
|
8 | loki-url: "http://127.0.0.1:3100/loki/api/v1/push" | |
|
9 | #loki-url: "http://loki:3100/loki/api/v1/push" | |
|
10 | loki-retries: "5" | |
|
11 | loki-timeout: "1s" | |
|
12 | loki-max-backoff: "800ms" | |
|
13 | ||
|
14 | volumes: | |
|
15 | ||
|
16 | # volume for redis data store | |
|
17 | redis_data: | |
|
18 | labels: | |
|
19 | "keep": 1 | |
|
20 | ||
|
21 | # volume for Postgres db store | |
|
22 | ||
|
23 | # volume for Postgres Data | |
|
24 | pg_data: | |
|
25 | labels: | |
|
26 | "keep": 1 | |
|
27 | ||
|
28 | # volume for rhodecode elasticsearch | |
|
29 | es_data: | |
|
30 | labels: | |
|
31 | "keep": 1 | |
|
32 | ||
|
33 | ||
|
34 | services: | |
|
35 | ||
|
36 | channelstream: | |
|
37 | networks: | |
|
38 | - rhodecode_network | |
|
39 | image: channelstream/channelstream:0.7.1 | |
|
40 | ||
|
41 | restart: always | |
|
42 | ||
|
43 | # ports: | |
|
44 | # - "127.0.0.1:9800:9800" | |
|
45 | ||
|
46 | command: ["channelstream", "-i", "/etc/rhodecode/conf/channelstream.ini"] | |
|
47 | ||
|
48 | environment: | |
|
49 | CHANNELSTREAM_ALLOW_POSTING_FROM: 0.0.0.0 | |
|
50 | ||
|
51 | healthcheck: | |
|
52 | test: [ "CMD", "curl", "-s", "-o", "/dev/null", "-w", "'%{http_code}'", "http://channelstream:8000/admin/sign_in" ] | |
|
53 | timeout: 5s | |
|
54 | interval: 60s | |
|
55 | retries: 10 | |
|
56 | ||
|
57 | volumes: | |
|
58 | - confvolume:/etc/rhodecode/conf | |
|
59 | - logvolume:/var/log/rhodecode | |
|
60 | ||
|
61 | logging: | |
|
62 | *custom-logging | |
|
63 | ||
|
64 | labels: | |
|
65 | - "traefik.enable=false" | |
|
66 | #- "traefik.http.routers.channelstream.entrypoints=http" | |
|
67 | #- "traefik.http.services.channelstream.loadbalancer.server.port=9800" | |
|
68 | ||
|
69 | profiles: | |
|
70 | ["channelstream"] | |
|
71 | ||
|
72 | nginx: | |
|
73 | networks: | |
|
74 | - rhodecode_network | |
|
75 | image: library/nginx:1.23.2 | |
|
76 | ||
|
77 | restart: always | |
|
78 | ||
|
79 | environment: | |
|
80 | NGINX_ENTRYPOINT_QUIET_LOGS: 1 | |
|
81 | ||
|
82 | healthcheck: | |
|
83 | # change port 80 to 443 when only using SSL | |
|
84 | test: [ "CMD", "curl", "-A", "RhodeCode-Healthcheck", "-s", "-o", "/dev/null", "-w", "'%{http_code}'", "http://127.0.0.1:80/_admin/ops/ping" ] | |
|
85 | timeout: 30s | |
|
86 | interval: 60s | |
|
87 | retries: 10 | |
|
88 | ||
|
89 | # depends_on: | |
|
90 | # - channelstream | |
|
91 | ||
|
92 | volumes: | |
|
93 | - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro | |
|
94 | - ./config/nginx/http.conf:/etc/nginx/http.conf:ro | |
|
95 | - ./config/nginx/proxy.conf:/etc/nginx/proxy.conf:ro | |
|
96 | - logvolume:/var/log/rhodecode | |
|
97 | - rc_datavolume:/var/opt/rhodecode_data | |
|
98 | ||
|
99 | logging: | |
|
100 | *custom-logging | |
|
101 | ||
|
102 | labels: | |
|
103 | - "traefik.enable=true" | |
|
104 | - "traefik.http.routers.nginx.entrypoints=http" | |
|
105 | - "traefik.http.services.nginx.loadbalancer.server.port=80" | |
|
106 | - "traefik.http.routers.nginx.rule=Host(`${RHODECODE_HOSTNAME:?must-specify-rhodecode-hostname}`)" | |
|
107 | ||
|
108 | elasticsearch: | |
|
109 | networks: | |
|
110 | - rhodecode_network | |
|
111 | image: elasticsearch:6.8.23 | |
|
112 | ||
|
113 | environment: | |
|
114 | - cluster.name=elasticsearch-cluster | |
|
115 | - network.host=0.0.0.0 | |
|
116 | - bootstrap.memory_lock=true | |
|
117 | - discovery.type=single-node | |
|
118 | - "ES_JAVA_OPTS=-Xms512m -Xmx512m" | |
|
119 | healthcheck: | |
|
120 | # change port 80 to 443 when only using SSL | |
|
121 | test: [ "CMD", "curl", "-A", "RhodeCode-Healthcheck", "-s", "-o", "/dev/null", "-w", "'%{http_code}'", "elasticsearch:9200/_cat/health" ] | |
|
122 | timeout: 30s | |
|
123 | interval: 60s | |
|
124 | retries: 10 | |
|
125 | ||
|
126 | ulimits: | |
|
127 | memlock: | |
|
128 | soft: -1 | |
|
129 | hard: -1 | |
|
130 | ||
|
131 | volumes: | |
|
132 | - es_data:/usr/share/elasticsearch/data | |
|
133 | ||
|
134 | logging: | |
|
135 | *custom-logging | |
|
136 | ||
|
137 | profiles: | |
|
138 | ["elasticsearch"] | |
|
139 | ||
|
140 | redis: | |
|
141 | networks: | |
|
142 | - rhodecode_network | |
|
143 | image: library/redis:7.0.5 | |
|
144 | ||
|
145 | restart: always | |
|
146 | command: | |
|
147 | - "redis-server" | |
|
148 | - "/etc/redis/redis.conf" | |
|
149 | - "--maxmemory-policy allkeys-lru" | |
|
150 | - "--maxmemory ${RC_REDIS_MAXMEMORY}" | |
|
151 | ||
|
152 | # ports: | |
|
153 | # - "127.0.0.1::6379" | |
|
154 | ||
|
155 | healthcheck: | |
|
156 | test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ] | |
|
157 | interval: 60s | |
|
158 | ||
|
159 | volumes: | |
|
160 | - ./config/redis/redis.conf:/etc/redis/redis.conf:ro | |
|
161 | - logvolume:/var/log/rhodecode | |
|
162 | - redis_data:/data | |
|
163 | ||
|
164 | profiles: | |
|
165 | ["redis"] | |
|
166 | ||
|
167 | logging: | |
|
168 | *custom-logging | |
|
169 | ||
|
170 | database: | |
|
171 | networks: | |
|
172 | - rhodecode_network | |
|
173 | image: library/postgres:14.6 | |
|
174 | ||
|
175 | environment: | |
|
176 | POSTGRES_DB: ${DB_NAME:?must-specify-db-name} | |
|
177 | POSTGRES_USER: ${DB_USER:?must-specify-db-user} | |
|
178 | PGUSER: ${DB_USER:?must-specify-db-user} | |
|
179 | POSTGRES_PASSWORD: ${DB_PASSWORD:?must-specify-db-password} | |
|
180 | POSTGRES_HOST_AUTH_METHOD: md5 | |
|
181 | POSTGRES_INITDB_ARGS: "--auth-host=md5 --auth-local=md5" | |
|
182 | ||
|
183 | restart: unless-stopped | |
|
184 | command: | |
|
185 | - "postgres" | |
|
186 | - "-c" | |
|
187 | - "log_statement=ddl" | |
|
188 | - "-c" | |
|
189 | - "config_file=/etc/conf.d/pg_customized.conf" | |
|
190 | ||
|
191 | # ports: | |
|
192 | # - "127.0.0.1::5432" | |
|
193 | ||
|
194 | healthcheck: | |
|
195 | test: ["CMD-SHELL", "pg_isready", '-U', "$DB_USER"] | |
|
196 | interval: 10s | |
|
197 | timeout: 5s | |
|
198 | retries: 5 | |
|
199 | ||
|
200 | volumes: | |
|
201 | - $PWD/config/database/pg_customized.conf:/etc/conf.d/pg_customized.conf:ro | |
|
202 | # db dumps reverse mount | |
|
203 | - $PWD/.custom/db_dump:/var/rc-data-dump | |
|
204 | # save the pg_data volume | |
|
205 | - pg_data:/var/lib/postgresql/data | |
|
206 | - logvolume:/var/log/rhodecode | |
|
207 | ||
|
208 | profiles: | |
|
209 | ["postgres"] | |
|
210 | ||
|
211 | logging: | |
|
212 | *custom-logging | |
|
213 | ||
|
214 | database-mysql: | |
|
215 | networks: | |
|
216 | - rhodecode_network | |
|
217 | image: library/mysql:8.0.31 | |
|
218 | ||
|
219 | environment: | |
|
220 | MYSQL_DATABASE: ${DB_NAME:?must-specify-db-name} | |
|
221 | MYSQL_USER: ${DB_USER:?must-specify-db-user} | |
|
222 | MYSQL_PASSWORD: ${DB_PASSWORD:?must-specify-db-password} | |
|
223 | MYSQL_ROOT_PASSWORD: ${DB_PASSWORD:?must-specify-db-password} | |
|
224 | ||
|
225 | restart: unless-stopped | |
|
226 | ||
|
227 | # ports: | |
|
228 | # - "127.0.0.1::3306" | |
|
229 | ||
|
230 | volumes: | |
|
231 | - ./config/database/mysql_customized.conf:/etc/mysql/conf.d/config-file.cnf:ro | |
|
232 | # save the mysql_data volume | |
|
233 | - $PWD/mysql_dir:/var/lib/mysql | |
|
234 | - logvolume:/var/log/rhodecode | |
|
235 | ||
|
236 | profiles: | |
|
237 | ["mysql"] | |
|
238 | ||
|
239 | logging: | |
|
240 | *custom-logging |
@@ -0,0 +1,1 b'' | |||
|
1 | scripts/rccontrol/rccontrol No newline at end of file |
This diff has been collapsed as it changes many lines, (2889 lines changed) Show them Hide them | |||
@@ -0,0 +1,2889 b'' | |||
|
1 | #!/usr/bin/env bash | |
|
2 | # This script was generated by bashly 0.8.10 (https://bashly.dannyb.co) | |
|
3 | # Modifying it manually is not recommended | |
|
4 | ||
|
5 | # :wrapper.bash3_bouncer | |
|
6 | if [[ "${BASH_VERSINFO:-0}" -lt 4 ]]; then | |
|
7 | printf "bash version 4 or higher is required\n" >&2 | |
|
8 | exit 1 | |
|
9 | fi | |
|
10 | ||
|
11 | # :command.master_script | |
|
12 | ||
|
13 | # :command.version_command | |
|
14 | version_command() { | |
|
15 | echo "$version" | |
|
16 | } | |
|
17 | ||
|
18 | # :command.usage | |
|
19 | rccontrol_usage() { | |
|
20 | if [[ -n $long_usage ]]; then | |
|
21 | printf "rccontrol - RhodeCode Control - CLI for manaing RhodeCode Cluster Stack\n" | |
|
22 | echo | |
|
23 | ||
|
24 | else | |
|
25 | printf "rccontrol - RhodeCode Control - CLI for manaing RhodeCode Cluster Stack\n" | |
|
26 | echo | |
|
27 | ||
|
28 | fi | |
|
29 | ||
|
30 | printf "Usage:\n" | |
|
31 | printf " rccontrol [OPTIONS] COMMAND\n" | |
|
32 | printf " rccontrol [COMMAND] --help | -h\n" | |
|
33 | printf " rccontrol --version | -v\n" | |
|
34 | echo | |
|
35 | # :command.usage_commands | |
|
36 | printf "Commands:\n" | |
|
37 | echo " self-update update rccontrol and it's docker definitions" | |
|
38 | echo " bootstrap Bootstrap this machine, check docker version and install rhodecode-network" | |
|
39 | echo " stack run one of available cluster stacks, use -h for more details" | |
|
40 | echo " stack-status show stack status" | |
|
41 | echo " stack-upgrade upgrade ALL stack status" | |
|
42 | echo | |
|
43 | printf "Build Commands:\n" | |
|
44 | echo " get-build-artifacts Fetch Artifacts to run installer based build" | |
|
45 | echo " build Build RhodeCode image from installer" | |
|
46 | echo " get-build-source Fetch RhodeCode sources, store in .source dir to run a source-based builds" | |
|
47 | echo " build-source Build RhodeCode image from source, requires upgrade-source initially" | |
|
48 | echo | |
|
49 | printf "CLI Commands:\n" | |
|
50 | echo " cli-redis CLI" | |
|
51 | echo " cli-db CLI" | |
|
52 | echo " cli-db-upgrade CLI" | |
|
53 | echo | |
|
54 | printf "Backup Commands:\n" | |
|
55 | echo " backup-db CLI" | |
|
56 | echo " backup-data CLI" | |
|
57 | echo | |
|
58 | ||
|
59 | # :command.long_usage | |
|
60 | if [[ -n $long_usage ]]; then | |
|
61 | printf "Options:\n" | |
|
62 | ||
|
63 | # :command.usage_fixed_flags | |
|
64 | echo " --help, -h" | |
|
65 | printf " Show this help\n" | |
|
66 | echo | |
|
67 | echo " --version, -v" | |
|
68 | printf " Show version number\n" | |
|
69 | echo | |
|
70 | ||
|
71 | # :command.usage_flags | |
|
72 | # :flag.usage | |
|
73 | echo " --debug" | |
|
74 | printf " Enable debug and detailed output\n" | |
|
75 | echo | |
|
76 | ||
|
77 | # :command.usage_environment_variables | |
|
78 | printf "Environment Variables:\n" | |
|
79 | ||
|
80 | # :environment_variable.usage | |
|
81 | echo " AUTH_TOKEN" | |
|
82 | printf " Set your RhodeCode AUTH Token\n" | |
|
83 | echo | |
|
84 | ||
|
85 | # :environment_variable.usage | |
|
86 | echo " RC_CLI_VERSION_NAME" | |
|
87 | printf " default version to build and install\n" | |
|
88 | printf " Default: 4.27.0\n" | |
|
89 | echo | |
|
90 | ||
|
91 | # :environment_variable.usage | |
|
92 | echo " RC_STACK_ROUTER_EXT" | |
|
93 | printf "\n" | |
|
94 | printf " Default: .custom/docker-compose-router.override.yaml\n" | |
|
95 | echo | |
|
96 | ||
|
97 | # :environment_variable.usage | |
|
98 | echo " RC_STACK_METRICS_EXT" | |
|
99 | printf "\n" | |
|
100 | printf " Default: .custom/docker-compose-metrics.override.yaml\n" | |
|
101 | echo | |
|
102 | ||
|
103 | # :environment_variable.usage | |
|
104 | echo " RC_STACK_SERVICES_EXT" | |
|
105 | printf "\n" | |
|
106 | printf " Default: .custom/docker-compose-services.override.yaml\n" | |
|
107 | echo | |
|
108 | ||
|
109 | # :environment_variable.usage | |
|
110 | echo " RC_STACK_RHODECODE_EXT" | |
|
111 | printf "\n" | |
|
112 | printf " Default: .custom/docker-compose-apps.override.yaml\n" | |
|
113 | echo | |
|
114 | ||
|
115 | # :command.footer | |
|
116 | printf "RhodeCode Inc 2022\n\n" | |
|
117 | echo | |
|
118 | ||
|
119 | fi | |
|
120 | } | |
|
121 | ||
|
122 | # :command.usage | |
|
123 | rccontrol_self_update_usage() { | |
|
124 | if [[ -n $long_usage ]]; then | |
|
125 | printf "rccontrol self-update - update rccontrol and it's docker definitions\n" | |
|
126 | echo | |
|
127 | ||
|
128 | else | |
|
129 | printf "rccontrol self-update - update rccontrol and it's docker definitions\n" | |
|
130 | echo | |
|
131 | ||
|
132 | fi | |
|
133 | ||
|
134 | printf "Usage:\n" | |
|
135 | printf " rccontrol self-update [OPTIONS]\n" | |
|
136 | printf " rccontrol self-update --help | -h\n" | |
|
137 | echo | |
|
138 | ||
|
139 | # :command.long_usage | |
|
140 | if [[ -n $long_usage ]]; then | |
|
141 | printf "Options:\n" | |
|
142 | ||
|
143 | # :command.usage_fixed_flags | |
|
144 | echo " --help, -h" | |
|
145 | printf " Show this help\n" | |
|
146 | echo | |
|
147 | ||
|
148 | # :command.usage_flags | |
|
149 | # :flag.usage | |
|
150 | echo " --auth-token AUTH_TOKEN" | |
|
151 | printf " Optionally specify AUTH TOKEN to obtain sources\n" | |
|
152 | echo | |
|
153 | ||
|
154 | # :flag.usage | |
|
155 | echo " --server-url SERVER_URL" | |
|
156 | printf " Specify RhodeCode server location where projects should be downloaded\n" | |
|
157 | printf " Default: https://code.rhodecode.com\n" | |
|
158 | echo | |
|
159 | ||
|
160 | fi | |
|
161 | } | |
|
162 | ||
|
163 | # :command.usage | |
|
164 | rccontrol_bootstrap_usage() { | |
|
165 | if [[ -n $long_usage ]]; then | |
|
166 | printf "rccontrol bootstrap - Bootstrap this machine, check docker version and install rhodecode-network\n" | |
|
167 | echo | |
|
168 | ||
|
169 | else | |
|
170 | printf "rccontrol bootstrap - Bootstrap this machine, check docker version and install rhodecode-network\n" | |
|
171 | echo | |
|
172 | ||
|
173 | fi | |
|
174 | ||
|
175 | printf "Alias: install\n" | |
|
176 | echo | |
|
177 | ||
|
178 | printf "Usage:\n" | |
|
179 | printf " rccontrol bootstrap [OPTIONS]\n" | |
|
180 | printf " rccontrol bootstrap --help | -h\n" | |
|
181 | echo | |
|
182 | ||
|
183 | # :command.long_usage | |
|
184 | if [[ -n $long_usage ]]; then | |
|
185 | printf "Options:\n" | |
|
186 | ||
|
187 | # :command.usage_fixed_flags | |
|
188 | echo " --help, -h" | |
|
189 | printf " Show this help\n" | |
|
190 | echo | |
|
191 | ||
|
192 | # :command.usage_flags | |
|
193 | # :flag.usage | |
|
194 | echo " --force, -f" | |
|
195 | printf " Overwrite existing files\n" | |
|
196 | echo | |
|
197 | ||
|
198 | # :flag.usage | |
|
199 | echo " --auth-token AUTH_TOKEN" | |
|
200 | printf " Optionally specify AUTH TOKEN to obtain sources\n" | |
|
201 | echo | |
|
202 | ||
|
203 | # :flag.usage | |
|
204 | echo " --server-url SERVER_URL" | |
|
205 | printf " Specify RhodeCode server location where projects should be downloaded\n" | |
|
206 | printf " Default: https://code.rhodecode.com\n" | |
|
207 | echo | |
|
208 | ||
|
209 | # :command.usage_examples | |
|
210 | printf "Examples:\n" | |
|
211 | printf " rccontrol3 bootstrap\n" | |
|
212 | printf " rccontrol3 bootstrap --force\n" | |
|
213 | echo | |
|
214 | ||
|
215 | fi | |
|
216 | } | |
|
217 | ||
|
218 | # :command.usage | |
|
219 | rccontrol_get_build_artifacts_usage() { | |
|
220 | if [[ -n $long_usage ]]; then | |
|
221 | printf "rccontrol get-build-artifacts - Fetch Artifacts to run installer based build\n" | |
|
222 | echo | |
|
223 | ||
|
224 | else | |
|
225 | printf "rccontrol get-build-artifacts - Fetch Artifacts to run installer based build\n" | |
|
226 | echo | |
|
227 | ||
|
228 | fi | |
|
229 | ||
|
230 | printf "Usage:\n" | |
|
231 | printf " rccontrol get-build-artifacts [OPTIONS]\n" | |
|
232 | printf " rccontrol get-build-artifacts --help | -h\n" | |
|
233 | echo | |
|
234 | ||
|
235 | # :command.long_usage | |
|
236 | if [[ -n $long_usage ]]; then | |
|
237 | printf "Options:\n" | |
|
238 | ||
|
239 | # :command.usage_fixed_flags | |
|
240 | echo " --help, -h" | |
|
241 | printf " Show this help\n" | |
|
242 | echo | |
|
243 | ||
|
244 | # :command.usage_flags | |
|
245 | # :flag.usage | |
|
246 | echo " --auth AUTH" | |
|
247 | printf " Specify custom auth for curl e.g -u admin:secret\n" | |
|
248 | printf " Default: \n" | |
|
249 | echo | |
|
250 | ||
|
251 | # :flag.usage | |
|
252 | echo " --installer-url INSTALLER_URL" | |
|
253 | printf " Installer Download URL\n" | |
|
254 | printf " Default: https://dls.rhodecode.com/dls/N2E2ZTY1NzA3NjYxNDA2NTc1NjI3MTcyNzA2MjcxNzIyZTcwNjI3YQ==/rhodecode-control/latest-linux-ee\n" | |
|
255 | echo | |
|
256 | ||
|
257 | # :flag.usage | |
|
258 | echo " --manifest-url MANIFEST_URL" | |
|
259 | printf " Manifest file url\n" | |
|
260 | printf " Default: https://dls.rhodecode.com/linux/MANIFEST\n" | |
|
261 | echo | |
|
262 | ||
|
263 | # :flag.usage | |
|
264 | echo " --version-name VERSION_NAME" | |
|
265 | printf " Specify custom build ver e.g $RC_CLI_VERSION_NAME\n" | |
|
266 | printf " Default: $RC_CLI_VERSION_NAME\n" | |
|
267 | echo | |
|
268 | ||
|
269 | fi | |
|
270 | } | |
|
271 | ||
|
272 | # :command.usage | |
|
273 | rccontrol_build_usage() { | |
|
274 | if [[ -n $long_usage ]]; then | |
|
275 | printf "rccontrol build - Build RhodeCode image from installer\n" | |
|
276 | echo | |
|
277 | ||
|
278 | else | |
|
279 | printf "rccontrol build - Build RhodeCode image from installer\n" | |
|
280 | echo | |
|
281 | ||
|
282 | fi | |
|
283 | ||
|
284 | printf "Usage:\n" | |
|
285 | printf " rccontrol build [OPTIONS]\n" | |
|
286 | printf " rccontrol build --help | -h\n" | |
|
287 | echo | |
|
288 | ||
|
289 | # :command.long_usage | |
|
290 | if [[ -n $long_usage ]]; then | |
|
291 | printf "Options:\n" | |
|
292 | ||
|
293 | # :command.usage_fixed_flags | |
|
294 | echo " --help, -h" | |
|
295 | printf " Show this help\n" | |
|
296 | echo | |
|
297 | ||
|
298 | # :command.usage_flags | |
|
299 | # :flag.usage | |
|
300 | echo " --version-name VERSION_NAME" | |
|
301 | printf " Specify custom build ver e.g $RC_CLI_VERSION_NAME\n" | |
|
302 | printf " Default: $RC_CLI_VERSION_NAME\n" | |
|
303 | echo | |
|
304 | ||
|
305 | fi | |
|
306 | } | |
|
307 | ||
|
308 | # :command.usage | |
|
309 | rccontrol_get_build_source_usage() { | |
|
310 | if [[ -n $long_usage ]]; then | |
|
311 | printf "rccontrol get-build-source - Fetch RhodeCode sources, store in .source dir to run a source-based builds\n" | |
|
312 | echo | |
|
313 | ||
|
314 | else | |
|
315 | printf "rccontrol get-build-source - Fetch RhodeCode sources, store in .source dir to run a source-based builds\n" | |
|
316 | echo | |
|
317 | ||
|
318 | fi | |
|
319 | ||
|
320 | printf "Usage:\n" | |
|
321 | printf " rccontrol get-build-source REVISION [OPTIONS]\n" | |
|
322 | printf " rccontrol get-build-source --help | -h\n" | |
|
323 | echo | |
|
324 | ||
|
325 | # :command.long_usage | |
|
326 | if [[ -n $long_usage ]]; then | |
|
327 | printf "Options:\n" | |
|
328 | ||
|
329 | # :command.usage_fixed_flags | |
|
330 | echo " --help, -h" | |
|
331 | printf " Show this help\n" | |
|
332 | echo | |
|
333 | ||
|
334 | # :command.usage_flags | |
|
335 | # :flag.usage | |
|
336 | echo " --auth-token AUTH_TOKEN" | |
|
337 | printf " Specify AUTH TOKEN to obtain sources\n" | |
|
338 | echo | |
|
339 | ||
|
340 | # :flag.usage | |
|
341 | echo " --server-url SERVER_URL" | |
|
342 | printf " Specify RhodeCode server location where projects should be downloaded\n" | |
|
343 | printf " Default: https://code.rhodecode.com\n" | |
|
344 | echo | |
|
345 | ||
|
346 | # :command.usage_args | |
|
347 | printf "Arguments:\n" | |
|
348 | ||
|
349 | # :argument.usage | |
|
350 | echo " REVISION" | |
|
351 | printf " revision to download\n" | |
|
352 | echo | |
|
353 | ||
|
354 | # :command.usage_examples | |
|
355 | printf "Examples:\n" | |
|
356 | printf " rccontrol3 get-sources $RC_CLI_VERSION_NAME\n" | |
|
357 | printf " rccontrol3 get-sources default --auth-token xyxyxyx --server-url\n https://secret.repo/\n" | |
|
358 | echo | |
|
359 | ||
|
360 | fi | |
|
361 | } | |
|
362 | ||
|
363 | # :command.usage | |
|
364 | rccontrol_build_source_usage() { | |
|
365 | if [[ -n $long_usage ]]; then | |
|
366 | printf "rccontrol build-source - Build RhodeCode image from source, requires upgrade-source initially\n" | |
|
367 | echo | |
|
368 | ||
|
369 | else | |
|
370 | printf "rccontrol build-source - Build RhodeCode image from source, requires upgrade-source initially\n" | |
|
371 | echo | |
|
372 | ||
|
373 | fi | |
|
374 | ||
|
375 | printf "Usage:\n" | |
|
376 | printf " rccontrol build-source [OPTIONS]\n" | |
|
377 | printf " rccontrol build-source --help | -h\n" | |
|
378 | echo | |
|
379 | ||
|
380 | # :command.long_usage | |
|
381 | if [[ -n $long_usage ]]; then | |
|
382 | printf "Options:\n" | |
|
383 | ||
|
384 | # :command.usage_fixed_flags | |
|
385 | echo " --help, -h" | |
|
386 | printf " Show this help\n" | |
|
387 | echo | |
|
388 | ||
|
389 | # :command.usage_flags | |
|
390 | # :flag.usage | |
|
391 | echo " --version-name VERSION_NAME" | |
|
392 | printf " Specify custom build ver e.g $RC_CLI_VERSION_NAME\n" | |
|
393 | printf " Default: $RC_CLI_VERSION_NAME\n" | |
|
394 | echo | |
|
395 | ||
|
396 | # :command.usage_examples | |
|
397 | printf "Examples:\n" | |
|
398 | printf " build foo\n" | |
|
399 | echo | |
|
400 | ||
|
401 | fi | |
|
402 | } | |
|
403 | ||
|
404 | # :command.usage | |
|
405 | rccontrol_stack_usage() { | |
|
406 | if [[ -n $long_usage ]]; then | |
|
407 | printf "rccontrol stack - run one of available cluster stacks, use -h for more details\n" | |
|
408 | echo | |
|
409 | ||
|
410 | else | |
|
411 | printf "rccontrol stack - run one of available cluster stacks, use -h for more details\n" | |
|
412 | echo | |
|
413 | ||
|
414 | fi | |
|
415 | ||
|
416 | printf "Usage:\n" | |
|
417 | printf " rccontrol stack NAME [SERVICES PARAMS...]\n" | |
|
418 | printf " rccontrol stack --help | -h\n" | |
|
419 | echo | |
|
420 | ||
|
421 | # :command.long_usage | |
|
422 | if [[ -n $long_usage ]]; then | |
|
423 | printf "Options:\n" | |
|
424 | ||
|
425 | # :command.usage_fixed_flags | |
|
426 | echo " --help, -h" | |
|
427 | printf " Show this help\n" | |
|
428 | echo | |
|
429 | ||
|
430 | # :command.usage_args | |
|
431 | printf "Arguments:\n" | |
|
432 | ||
|
433 | # :argument.usage | |
|
434 | echo " NAME" | |
|
435 | printf " Stack name\n" | |
|
436 | printf " Allowed: router, metrics, services, rhodecode\n" | |
|
437 | echo | |
|
438 | ||
|
439 | echo " SERVICES PARAMS..." | |
|
440 | printf " Additional arguments or flags for services command\n" | |
|
441 | echo | |
|
442 | ||
|
443 | # :command.usage_examples | |
|
444 | printf "Examples:\n" | |
|
445 | printf " - ./rccontrol3 stack router up # run router stack with output to\n console\n - ./rccontrol3 stack router up --detach # run router stack detached\n - ./rccontrol3 stack router down # stop whole router stack\n - ./rccontrol3 stack router ps # check status of router stack\n - ./rccontrol3 stack router -f docker-overrides.yaml up -d # run router stack\n with your overrides\n" | |
|
446 | echo | |
|
447 | ||
|
448 | fi | |
|
449 | } | |
|
450 | ||
|
451 | # :command.usage | |
|
452 | rccontrol_stack_status_usage() { | |
|
453 | if [[ -n $long_usage ]]; then | |
|
454 | printf "rccontrol stack-status - show stack status\n" | |
|
455 | echo | |
|
456 | ||
|
457 | else | |
|
458 | printf "rccontrol stack-status - show stack status\n" | |
|
459 | echo | |
|
460 | ||
|
461 | fi | |
|
462 | ||
|
463 | printf "Alias: status\n" | |
|
464 | echo | |
|
465 | ||
|
466 | printf "Usage:\n" | |
|
467 | printf " rccontrol stack-status\n" | |
|
468 | printf " rccontrol stack-status --help | -h\n" | |
|
469 | echo | |
|
470 | ||
|
471 | # :command.long_usage | |
|
472 | if [[ -n $long_usage ]]; then | |
|
473 | printf "Options:\n" | |
|
474 | ||
|
475 | # :command.usage_fixed_flags | |
|
476 | echo " --help, -h" | |
|
477 | printf " Show this help\n" | |
|
478 | echo | |
|
479 | ||
|
480 | fi | |
|
481 | } | |
|
482 | ||
|
483 | # :command.usage | |
|
484 | rccontrol_stack_upgrade_usage() { | |
|
485 | if [[ -n $long_usage ]]; then | |
|
486 | printf "rccontrol stack-upgrade - upgrade ALL stack status\n" | |
|
487 | echo | |
|
488 | ||
|
489 | else | |
|
490 | printf "rccontrol stack-upgrade - upgrade ALL stack status\n" | |
|
491 | echo | |
|
492 | ||
|
493 | fi | |
|
494 | ||
|
495 | printf "Usage:\n" | |
|
496 | printf " rccontrol stack-upgrade\n" | |
|
497 | printf " rccontrol stack-upgrade --help | -h\n" | |
|
498 | echo | |
|
499 | ||
|
500 | # :command.long_usage | |
|
501 | if [[ -n $long_usage ]]; then | |
|
502 | printf "Options:\n" | |
|
503 | ||
|
504 | # :command.usage_fixed_flags | |
|
505 | echo " --help, -h" | |
|
506 | printf " Show this help\n" | |
|
507 | echo | |
|
508 | ||
|
509 | fi | |
|
510 | } | |
|
511 | ||
|
512 | # :command.usage | |
|
513 | rccontrol_cli_redis_usage() { | |
|
514 | if [[ -n $long_usage ]]; then | |
|
515 | printf "rccontrol cli-redis - CLI\n" | |
|
516 | echo | |
|
517 | ||
|
518 | else | |
|
519 | printf "rccontrol cli-redis - CLI\n" | |
|
520 | echo | |
|
521 | ||
|
522 | fi | |
|
523 | ||
|
524 | printf "Usage:\n" | |
|
525 | printf " rccontrol cli-redis\n" | |
|
526 | printf " rccontrol cli-redis --help | -h\n" | |
|
527 | echo | |
|
528 | ||
|
529 | # :command.long_usage | |
|
530 | if [[ -n $long_usage ]]; then | |
|
531 | printf "Options:\n" | |
|
532 | ||
|
533 | # :command.usage_fixed_flags | |
|
534 | echo " --help, -h" | |
|
535 | printf " Show this help\n" | |
|
536 | echo | |
|
537 | ||
|
538 | fi | |
|
539 | } | |
|
540 | ||
|
541 | # :command.usage | |
|
542 | rccontrol_cli_db_usage() { | |
|
543 | if [[ -n $long_usage ]]; then | |
|
544 | printf "rccontrol cli-db - CLI\n" | |
|
545 | echo | |
|
546 | ||
|
547 | else | |
|
548 | printf "rccontrol cli-db - CLI\n" | |
|
549 | echo | |
|
550 | ||
|
551 | fi | |
|
552 | ||
|
553 | printf "Usage:\n" | |
|
554 | printf " rccontrol cli-db\n" | |
|
555 | printf " rccontrol cli-db --help | -h\n" | |
|
556 | echo | |
|
557 | ||
|
558 | # :command.long_usage | |
|
559 | if [[ -n $long_usage ]]; then | |
|
560 | printf "Options:\n" | |
|
561 | ||
|
562 | # :command.usage_fixed_flags | |
|
563 | echo " --help, -h" | |
|
564 | printf " Show this help\n" | |
|
565 | echo | |
|
566 | ||
|
567 | fi | |
|
568 | } | |
|
569 | ||
|
570 | # :command.usage | |
|
571 | rccontrol_cli_db_upgrade_usage() { | |
|
572 | if [[ -n $long_usage ]]; then | |
|
573 | printf "rccontrol cli-db-upgrade - CLI\n" | |
|
574 | echo | |
|
575 | ||
|
576 | else | |
|
577 | printf "rccontrol cli-db-upgrade - CLI\n" | |
|
578 | echo | |
|
579 | ||
|
580 | fi | |
|
581 | ||
|
582 | printf "Usage:\n" | |
|
583 | printf " rccontrol cli-db-upgrade\n" | |
|
584 | printf " rccontrol cli-db-upgrade --help | -h\n" | |
|
585 | echo | |
|
586 | ||
|
587 | # :command.long_usage | |
|
588 | if [[ -n $long_usage ]]; then | |
|
589 | printf "Options:\n" | |
|
590 | ||
|
591 | # :command.usage_fixed_flags | |
|
592 | echo " --help, -h" | |
|
593 | printf " Show this help\n" | |
|
594 | echo | |
|
595 | ||
|
596 | fi | |
|
597 | } | |
|
598 | ||
|
599 | # :command.usage | |
|
600 | rccontrol__completions_usage() { | |
|
601 | if [[ -n $long_usage ]]; then | |
|
602 | printf "rccontrol _completions - Generate completions, eval "$(./rccontrol _completions)"\n" | |
|
603 | echo | |
|
604 | ||
|
605 | else | |
|
606 | printf "rccontrol _completions - Generate completions, eval "$(./rccontrol _completions)"\n" | |
|
607 | echo | |
|
608 | ||
|
609 | fi | |
|
610 | ||
|
611 | printf "Usage:\n" | |
|
612 | printf " rccontrol _completions\n" | |
|
613 | printf " rccontrol _completions --help | -h\n" | |
|
614 | echo | |
|
615 | ||
|
616 | # :command.long_usage | |
|
617 | if [[ -n $long_usage ]]; then | |
|
618 | printf "Options:\n" | |
|
619 | ||
|
620 | # :command.usage_fixed_flags | |
|
621 | echo " --help, -h" | |
|
622 | printf " Show this help\n" | |
|
623 | echo | |
|
624 | ||
|
625 | fi | |
|
626 | } | |
|
627 | ||
|
628 | # :command.usage | |
|
629 | rccontrol_backup_db_usage() { | |
|
630 | if [[ -n $long_usage ]]; then | |
|
631 | printf "rccontrol backup-db - CLI\n" | |
|
632 | echo | |
|
633 | ||
|
634 | else | |
|
635 | printf "rccontrol backup-db - CLI\n" | |
|
636 | echo | |
|
637 | ||
|
638 | fi | |
|
639 | ||
|
640 | printf "Usage:\n" | |
|
641 | printf " rccontrol backup-db\n" | |
|
642 | printf " rccontrol backup-db --help | -h\n" | |
|
643 | echo | |
|
644 | ||
|
645 | # :command.long_usage | |
|
646 | if [[ -n $long_usage ]]; then | |
|
647 | printf "Options:\n" | |
|
648 | ||
|
649 | # :command.usage_fixed_flags | |
|
650 | echo " --help, -h" | |
|
651 | printf " Show this help\n" | |
|
652 | echo | |
|
653 | ||
|
654 | # :command.usage_examples | |
|
655 | printf "Examples:\n" | |
|
656 | printf " ./rccontrol backup-db\n" | |
|
657 | echo | |
|
658 | ||
|
659 | fi | |
|
660 | } | |
|
661 | ||
|
662 | # :command.usage | |
|
663 | rccontrol_backup_data_usage() { | |
|
664 | if [[ -n $long_usage ]]; then | |
|
665 | printf "rccontrol backup-data - CLI\n" | |
|
666 | echo | |
|
667 | ||
|
668 | else | |
|
669 | printf "rccontrol backup-data - CLI\n" | |
|
670 | echo | |
|
671 | ||
|
672 | fi | |
|
673 | ||
|
674 | printf "Usage:\n" | |
|
675 | printf " rccontrol backup-data\n" | |
|
676 | printf " rccontrol backup-data --help | -h\n" | |
|
677 | echo | |
|
678 | ||
|
679 | # :command.long_usage | |
|
680 | if [[ -n $long_usage ]]; then | |
|
681 | printf "Options:\n" | |
|
682 | ||
|
683 | # :command.usage_fixed_flags | |
|
684 | echo " --help, -h" | |
|
685 | printf " Show this help\n" | |
|
686 | echo | |
|
687 | ||
|
688 | fi | |
|
689 | } | |
|
690 | ||
|
691 | # :command.normalize_input | |
|
692 | normalize_input() { | |
|
693 | local arg flags | |
|
694 | ||
|
695 | while [[ $# -gt 0 ]]; do | |
|
696 | arg="$1" | |
|
697 | if [[ $arg =~ ^(--[a-zA-Z0-9_\-]+)=(.+)$ ]]; then | |
|
698 | input+=("${BASH_REMATCH[1]}") | |
|
699 | input+=("${BASH_REMATCH[2]}") | |
|
700 | elif [[ $arg =~ ^(-[a-zA-Z0-9])=(.+)$ ]]; then | |
|
701 | input+=("${BASH_REMATCH[1]}") | |
|
702 | input+=("${BASH_REMATCH[2]}") | |
|
703 | elif [[ $arg =~ ^-([a-zA-Z0-9][a-zA-Z0-9]+)$ ]]; then | |
|
704 | flags="${BASH_REMATCH[1]}" | |
|
705 | for (( i=0 ; i < ${#flags} ; i++ )); do | |
|
706 | input+=("-${flags:i:1}") | |
|
707 | done | |
|
708 | else | |
|
709 | input+=("$arg") | |
|
710 | fi | |
|
711 | ||
|
712 | shift | |
|
713 | done | |
|
714 | } | |
|
715 | # :command.inspect_args | |
|
716 | inspect_args() { | |
|
717 | readarray -t sorted_keys < <(printf '%s\n' "${!args[@]}" | sort) | |
|
718 | if (( ${#args[@]} )); then | |
|
719 | echo args: | |
|
720 | for k in "${sorted_keys[@]}"; do echo "- \${args[$k]} = ${args[$k]}"; done | |
|
721 | else | |
|
722 | echo args: none | |
|
723 | fi | |
|
724 | ||
|
725 | if (( ${#other_args[@]} )); then | |
|
726 | echo | |
|
727 | echo other_args: | |
|
728 | echo "- \${other_args[*]} = ${other_args[*]}" | |
|
729 | for i in "${!other_args[@]}"; do | |
|
730 | echo "- \${other_args[$i]} = ${other_args[$i]}" | |
|
731 | done | |
|
732 | fi | |
|
733 | } | |
|
734 | ||
|
735 | # :command.user_lib | |
|
736 | # src/lib/colors.sh | |
|
737 | print_in_color() { | |
|
738 | local color="$1" | |
|
739 | shift | |
|
740 | if [[ -z ${NO_COLOR+x} ]]; then | |
|
741 | printf "$color%b\e[0m\n" "$*"; | |
|
742 | else | |
|
743 | printf "%b\n" "$*"; | |
|
744 | fi | |
|
745 | } | |
|
746 | ||
|
747 | red() { print_in_color "\e[31m" "$*"; } | |
|
748 | green() { print_in_color "\e[32m" "$*"; } | |
|
749 | yellow() { print_in_color "\e[33m" "$*"; } | |
|
750 | blue() { print_in_color "\e[34m" "$*"; } | |
|
751 | magenta() { print_in_color "\e[35m" "$*"; } | |
|
752 | cyan() { print_in_color "\e[36m" "$*"; } | |
|
753 | bold() { print_in_color "\e[1m" "$*"; } | |
|
754 | underlined() { print_in_color "\e[4m" "$*"; } | |
|
755 | red_bold() { print_in_color "\e[1;31m" "$*"; } | |
|
756 | green_bold() { print_in_color "\e[1;32m" "$*"; } | |
|
757 | yellow_bold() { print_in_color "\e[1;33m" "$*"; } | |
|
758 | blue_bold() { print_in_color "\e[1;34m" "$*"; } | |
|
759 | magenta_bold() { print_in_color "\e[1;35m" "$*"; } | |
|
760 | cyan_bold() { print_in_color "\e[1;36m" "$*"; } | |
|
761 | red_underlined() { print_in_color "\e[4;31m" "$*"; } | |
|
762 | green_underlined() { print_in_color "\e[4;32m" "$*"; } | |
|
763 | yellow_underlined() { print_in_color "\e[4;33m" "$*"; } | |
|
764 | blue_underlined() { print_in_color "\e[4;34m" "$*"; } | |
|
765 | magenta_underlined() { print_in_color "\e[4;35m" "$*"; } | |
|
766 | cyan_underlined() { print_in_color "\e[4;36m" "$*"; } | |
|
767 | ||
|
768 | # src/lib/config.sh | |
|
769 | config_init() { | |
|
770 | CONFIG_FILE=${CONFIG_FILE:=config.ini} | |
|
771 | [[ -f "$CONFIG_FILE" ]] || touch "$CONFIG_FILE" | |
|
772 | } | |
|
773 | ||
|
774 | config_get() { | |
|
775 | local key=$1 | |
|
776 | local regex="^$key *= *(.+)$" | |
|
777 | local value="" | |
|
778 | ||
|
779 | config_init | |
|
780 | ||
|
781 | while IFS= read -r line || [ -n "$line" ]; do | |
|
782 | if [[ $line =~ $regex ]]; then | |
|
783 | value="${BASH_REMATCH[1]}" | |
|
784 | break | |
|
785 | fi | |
|
786 | done < "$CONFIG_FILE" | |
|
787 | ||
|
788 | echo "$value" | |
|
789 | } | |
|
790 | ||
|
791 | config_set() { | |
|
792 | local key=$1 | |
|
793 | shift | |
|
794 | local value="$*" | |
|
795 | ||
|
796 | config_init | |
|
797 | ||
|
798 | local regex="^($key) *= *.+$" | |
|
799 | local output="" | |
|
800 | local found_key="" | |
|
801 | local newline | |
|
802 | ||
|
803 | while IFS= read -r line || [ -n "$line" ]; do | |
|
804 | newline=$line | |
|
805 | if [[ $line =~ $regex ]]; then | |
|
806 | found_key="${BASH_REMATCH[1]}" | |
|
807 | newline="$key = $value" | |
|
808 | output="$output$newline\n" | |
|
809 | elif [[ $line ]]; then | |
|
810 | output="$output$line\n" | |
|
811 | fi | |
|
812 | done < "$CONFIG_FILE" | |
|
813 | ||
|
814 | if [[ -z $found_key ]]; then | |
|
815 | output="$output$key = $value\n" | |
|
816 | fi | |
|
817 | ||
|
818 | printf "%b\n" "$output" > "$CONFIG_FILE" | |
|
819 | } | |
|
820 | ||
|
821 | config_del() { | |
|
822 | local key=$1 | |
|
823 | ||
|
824 | local regex="^($key) *=" | |
|
825 | local output="" | |
|
826 | ||
|
827 | config_init | |
|
828 | ||
|
829 | while IFS= read -r line || [ -n "$line" ]; do | |
|
830 | if [[ $line ]] && [[ ! $line =~ $regex ]]; then | |
|
831 | output="$output$line\n" | |
|
832 | fi | |
|
833 | done < "$CONFIG_FILE" | |
|
834 | ||
|
835 | printf "%b\n" "$output" > "$CONFIG_FILE" | |
|
836 | } | |
|
837 | ||
|
838 | config_show() { | |
|
839 | config_init | |
|
840 | cat "$CONFIG_FILE" | |
|
841 | } | |
|
842 | ||
|
843 | config_keys() { | |
|
844 | local regex="^([a-zA-Z0-9_\-\/\.]+) *=" | |
|
845 | ||
|
846 | config_init | |
|
847 | ||
|
848 | local keys=() | |
|
849 | local key | |
|
850 | ||
|
851 | while IFS= read -r line || [ -n "$line" ]; do | |
|
852 | if [[ $line =~ $regex ]]; then | |
|
853 | key="${BASH_REMATCH[1]}" | |
|
854 | keys+=("$key") | |
|
855 | fi | |
|
856 | done < "$CONFIG_FILE" | |
|
857 | echo "${keys[@]}" | |
|
858 | } | |
|
859 | ||
|
860 | config_has_key() { | |
|
861 | [[ $(config_get "$1") ]] | |
|
862 | } | |
|
863 | ||
|
864 | # src/lib/sample_function.sh | |
|
865 | ||
|
866 | docker_ping_host() { | |
|
867 | PING_HOST="$1" | |
|
868 | docker run --network rhodecode_network --rm alpine ping "$PING_HOST" | |
|
869 | } | |
|
870 | ||
|
871 | check_bootstrap() { | |
|
872 | # Avoid destroying bootstrapping by simple start/stop | |
|
873 | if [[ ! -e $BOOTSTRAP_FILE ]]; then | |
|
874 | echo "$(yellow WARNING:) initial bootstrap file $BOOTSTRAP_FILE not found !" | |
|
875 | echo "$(yellow NOTICE:) Please run ./rccontrol bootstrap first" | |
|
876 | exit | |
|
877 | fi | |
|
878 | } | |
|
879 | ||
|
880 | # src/lib/send_completions.sh | |
|
881 | send_completions() { | |
|
882 | echo $'# rccontrol3 completion -*- shell-script -*-' | |
|
883 | echo $'' | |
|
884 | echo $'# This bash completions script was generated by' | |
|
885 | echo $'# completely (https://github.com/dannyben/completely)' | |
|
886 | echo $'# Modifying it manually is not recommended' | |
|
887 | echo $'' | |
|
888 | echo $'_rccontrol3_completions_filter() {' | |
|
889 | echo $' local words="$1"' | |
|
890 | echo $' local cur=${COMP_WORDS[COMP_CWORD]}' | |
|
891 | echo $' local result=()' | |
|
892 | echo $'' | |
|
893 | echo $' if [[ "${cur:0:1}" == "-" ]]; then' | |
|
894 | echo $' echo "$words"' | |
|
895 | echo $' ' | |
|
896 | echo $' else' | |
|
897 | echo $' for word in $words; do' | |
|
898 | echo $' [[ "${word:0:1}" != "-" ]] && result+=("$word")' | |
|
899 | echo $' done' | |
|
900 | echo $'' | |
|
901 | echo $' echo "${result[*]}"' | |
|
902 | echo $'' | |
|
903 | echo $' fi' | |
|
904 | echo $'}' | |
|
905 | echo $'' | |
|
906 | echo $'_rccontrol3_completions() {' | |
|
907 | echo $' local cur=${COMP_WORDS[COMP_CWORD]}' | |
|
908 | echo $' local compwords=("${COMP_WORDS[@]:1:$COMP_CWORD-1}")' | |
|
909 | echo $' local compline="${compwords[*]}"' | |
|
910 | echo $'' | |
|
911 | echo $' case "$compline" in' | |
|
912 | echo $' \'upgrade-source\'*)' | |
|
913 | echo $' while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_rccontrol3_completions_filter "--auth-token --help --server-url -h")" -- "$cur" )' | |
|
914 | echo $' ;;' | |
|
915 | echo $'' | |
|
916 | echo $' \'build-source\'*)' | |
|
917 | echo $' while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_rccontrol3_completions_filter "--help --version-name -h")" -- "$cur" )' | |
|
918 | echo $' ;;' | |
|
919 | echo $'' | |
|
920 | echo $' \'self-update\'*)' | |
|
921 | echo $' while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_rccontrol3_completions_filter "--auth-token --help --server-url -h")" -- "$cur" )' | |
|
922 | echo $' ;;' | |
|
923 | echo $'' | |
|
924 | echo $' \'bootstrap\'*)' | |
|
925 | echo $' while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_rccontrol3_completions_filter "--auth-token --force --help --server-url -f -h")" -- "$cur" )' | |
|
926 | echo $' ;;' | |
|
927 | echo $'' | |
|
928 | echo $' \'build\'*)' | |
|
929 | echo $' while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_rccontrol3_completions_filter "--help --version-name -h")" -- "$cur" )' | |
|
930 | echo $' ;;' | |
|
931 | echo $'' | |
|
932 | echo $' \'stack\'*)' | |
|
933 | echo $' while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_rccontrol3_completions_filter "--help -h metrics rhodecode router services")" -- "$cur" )' | |
|
934 | echo $' ;;' | |
|
935 | echo $'' | |
|
936 | echo $' *)' | |
|
937 | echo $' while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_rccontrol3_completions_filter "--help --version -h -v bootstrap build build-source self-update stack upgrade-source")" -- "$cur" )' | |
|
938 | echo $' ;;' | |
|
939 | echo $'' | |
|
940 | echo $' esac' | |
|
941 | echo $'} &&' | |
|
942 | echo $'complete -F _rccontrol3_completions rccontrol3' | |
|
943 | echo $'' | |
|
944 | echo $'# ex: filetype=sh' | |
|
945 | } | |
|
946 | ||
|
947 | # src/lib/validate_stack_exists.sh | |
|
948 | ||
|
949 | validate_stack_exists() { | |
|
950 | err="" | |
|
951 | invalid="1" | |
|
952 | ||
|
953 | for item in $VALID_SERVICES | |
|
954 | do | |
|
955 | if [ "$1" == "$item" ]; then | |
|
956 | invalid="" | |
|
957 | break | |
|
958 | fi | |
|
959 | done | |
|
960 | ||
|
961 | if [[ -n $invalid ]]; then | |
|
962 | err="command '$1' not in list of $VALID_SERVICES" | |
|
963 | fi | |
|
964 | ||
|
965 | echo $err | |
|
966 | } | |
|
967 | ||
|
968 | # :command.command_functions | |
|
969 | # :command.function | |
|
970 | rccontrol_self_update_command() { | |
|
971 | # src/self_update_command.sh | |
|
972 | check_bootstrap | |
|
973 | ||
|
974 | echo "# this file is located in 'src/self_update_command.sh'" | |
|
975 | echo "# code for 'rccontrol3 self-update' goes here" | |
|
976 | echo "# you can edit it freely and regenerate (it will not be overwritten)" | |
|
977 | inspect_args | |
|
978 | ||
|
979 | } | |
|
980 | ||
|
981 | # :command.function | |
|
982 | rccontrol_bootstrap_command() { | |
|
983 | # src/bootstrap_command.sh | |
|
984 | DEBUG=${args[--debug]} | |
|
985 | force=${args[--force]} | |
|
986 | ||
|
987 | check_bash_version() { | |
|
988 | ||
|
989 | if [ ! "${BASH_VERSINFO:-0}" -ge 4 ]; then | |
|
990 | echo "$(red Bash version 4 or greater is required, please update your bash version!)" | |
|
991 | exit | |
|
992 | fi | |
|
993 | } | |
|
994 | ||
|
995 | check_docker() { | |
|
996 | (which docker || which docker.io) &>/dev/null | |
|
997 | } | |
|
998 | ||
|
999 | check_and_install_docker() { | |
|
1000 | failMsg="Failed to find docker on your PATH" | |
|
1001 | ||
|
1002 | if ! check_docker; then | |
|
1003 | echo "$failMsg" | |
|
1004 | read -p "Enter to install Docker directly from https://get.docker.com/ or Ctrl+C to exit" | |
|
1005 | curl https://get.docker.com/ | sh | |
|
1006 | ||
|
1007 | if ! check_docker; then | |
|
1008 | echo "$failMsg" | |
|
1009 | echo "Docker install failed. Quitting." | |
|
1010 | exit | |
|
1011 | fi | |
|
1012 | fi | |
|
1013 | } | |
|
1014 | ||
|
1015 | docker_bootstrap() { | |
|
1016 | check_and_install_docker | |
|
1017 | echo 'Docker: Running bootstrap.' | |
|
1018 | ||
|
1019 | echo "Docker: creating network 'rc_datavolume'" | |
|
1020 | docker volume create --name=rc_datavolume | |
|
1021 | echo "Docker: done" | |
|
1022 | echo "" | |
|
1023 | ||
|
1024 | echo "Docker: creating network 'rhodecode_network'" | |
|
1025 | docker network inspect rhodecode_network >/dev/null 2>&1 || docker network create rhodecode_network | |
|
1026 | echo "Docker: done" | |
|
1027 | echo "" | |
|
1028 | ||
|
1029 | echo "Docker: creating loki logging" | |
|
1030 | loki_driver=$(docker plugin ls --format {{.Name}} --filter enabled=true | grep loki || echo "") | |
|
1031 | if [[ $loki_driver == "" ]]; then | |
|
1032 | docker plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions | |
|
1033 | else | |
|
1034 | echo "Docker: loki driver already exists" | |
|
1035 | fi | |
|
1036 | } | |
|
1037 | ||
|
1038 | definitions_bootstrap() { | |
|
1039 | ||
|
1040 | SOURCE_DIR=$PWD | |
|
1041 | RHODECODE_DOCKER_HASH='master' | |
|
1042 | ||
|
1043 | AUTH_TOKEN=${args[--auth-token]} | |
|
1044 | SERVER_URL=${args[--server-url]} | |
|
1045 | ||
|
1046 | DEFINITIONS_EXIST="" | |
|
1047 | CHECK_FILES="rccontrol .env docker-compose-services.yaml docker-compose-apps.yaml" | |
|
1048 | for check_file in $CHECK_FILES; do | |
|
1049 | if [[ -f "$check_file" ]]; then | |
|
1050 | DEFINITIONS_EXIST="1" | |
|
1051 | fi | |
|
1052 | done | |
|
1053 | ||
|
1054 | if [[ -n $DEFINITIONS_EXIST && ! $force ]]; then | |
|
1055 | echo "$(yellow skipping docker defs creation, existing files found. Use --force to create them anyway)" | |
|
1056 | return | |
|
1057 | fi | |
|
1058 | ||
|
1059 | if [[ -n $DEFINITIONS_EXIST ]]; then | |
|
1060 | echo "$(yellow docker definitions exists, are you sure to force re-create them?)" | |
|
1061 | while true; do | |
|
1062 | read -p "Would you like to continue with overriding file? [yn] " yn | |
|
1063 | case $yn in | |
|
1064 | [Yy]*) return 2 ;; | |
|
1065 | [Nn]*) exit ;; | |
|
1066 | *) echo "Please answer y or n." ;; | |
|
1067 | esac | |
|
1068 | done | |
|
1069 | fi | |
|
1070 | ||
|
1071 | exit | |
|
1072 | ||
|
1073 | # download sources | |
|
1074 | echo "Files: download rhodecode docker definitions from $SERVER_URL" | |
|
1075 | echo "" | |
|
1076 | ||
|
1077 | if [ $DEBUG ]; then | |
|
1078 | echo "downloading: $SERVER_URL/rhodecode-enterprise-docker/archive/$RHODECODE_DOCKER_HASH.tgz?with_hash=0" | |
|
1079 | curl --header "X-Rc-Auth-Token: $AUTH_TOKEN" -L $SERVER_URL/rhodecode-enterprise-docker/archive/$RHODECODE_DOCKER_HASH.tgz?with_hash=0 | tar -xz -C $SOURCE_DIR | |
|
1080 | ||
|
1081 | echo "running CP $SOURCE_DIR/*rhodecode-enterprise-docker-plain/* $SOURCE_DIR" | |
|
1082 | cp -v -r -f --update --backup=numbered $SOURCE_DIR/*rhodecode-enterprise-docker-plain/* $SOURCE_DIR | |
|
1083 | ||
|
1084 | echo "removing $SOURCE_DIR/*rhodecode-enterprise-docker-plain" | |
|
1085 | rm -r $SOURCE_DIR/*rhodecode-enterprise-docker-plain | |
|
1086 | else | |
|
1087 | curl -s --header "X-Rc-Auth-Token: $AUTH_TOKEN" -L $SERVER_URL/rhodecode-enterprise-docker/archive/$RHODECODE_DOCKER_HASH.tgz?with_hash=0 | tar -xz -C $SOURCE_DIR | |
|
1088 | ||
|
1089 | cp -r -f --update --backup=numbered $SOURCE_DIR/*rhodecode-enterprise-docker-plain/* $SOURCE_DIR | |
|
1090 | ||
|
1091 | rm -r $SOURCE_DIR/*rhodecode-enterprise-docker-plain | |
|
1092 | fi | |
|
1093 | ||
|
1094 | echo "$(green_bold DONE: docker definitions extracted to $SOURCE_DIR)" | |
|
1095 | } | |
|
1096 | ||
|
1097 | config_bootstrap() { | |
|
1098 | ||
|
1099 | if [[ ! -f "$CONFIG_FILE" ]]; then | |
|
1100 | echo "init config at: $CONFIG_FILE" | |
|
1101 | config_init | |
|
1102 | else | |
|
1103 | echo "re-using config at: $CONFIG_FILE" | |
|
1104 | fi | |
|
1105 | ||
|
1106 | if ! config_has_key "rc_encrypted_secret" ; then | |
|
1107 | key=$(echo $RANDOM | md5sum | head -c 32) | |
|
1108 | config_set "rc_encrypted_secret" $key | |
|
1109 | fi | |
|
1110 | ||
|
1111 | if ! config_has_key "rc_db_url" ; then | |
|
1112 | key=$(echo $RANDOM | md5sum | head -c 32) | |
|
1113 | config_set "rc_db_url" "postgresql://$DB_USER:$key@database/$DB_NAME" | |
|
1114 | fi | |
|
1115 | ||
|
1116 | if ! config_has_key "rc_license_token" ; then | |
|
1117 | config_set "rc_license_token" abra-cada-bra1-rce4 | |
|
1118 | fi | |
|
1119 | ||
|
1120 | if ! config_has_key "rc_base_url" ; then | |
|
1121 | config_set "rc_base_url" http://docker-dev | |
|
1122 | fi | |
|
1123 | ||
|
1124 | if ! config_has_key "rc_log_formatter" ; then | |
|
1125 | # json is another option | |
|
1126 | config_set "rc_log_formatter" generic | |
|
1127 | fi | |
|
1128 | ||
|
1129 | if ! config_has_key "rc_use_celery" ; then | |
|
1130 | config_set "rc_use_celery" true | |
|
1131 | fi | |
|
1132 | ||
|
1133 | BOOTSTRAP_RUNTIME_ENV=$PWD/.custom/.runtime.env | |
|
1134 | if [[ ! -f "$BOOTSTRAP_RUNTIME_ENV" ]]; then | |
|
1135 | echo "init runtime env config at: $BOOTSTRAP_RUNTIME_ENV" | |
|
1136 | touch BOOTSTRAP_RUNTIME_ENV | |
|
1137 | ||
|
1138 | #ENV_EXPAND="" | |
|
1139 | for k in $(config_keys); do | |
|
1140 | k_upper=${k^^} | |
|
1141 | echo "$k_upper='$(config_get "$k")'" >> $BOOTSTRAP_RUNTIME_ENV | |
|
1142 | done | |
|
1143 | ||
|
1144 | fi | |
|
1145 | } | |
|
1146 | ||
|
1147 | cur_date=$(date '+%Y-%m-%d %H:%M:%S') | |
|
1148 | ||
|
1149 | check_bash_version | |
|
1150 | ||
|
1151 | if [[ ! -e $BOOTSTRAP_FILE ]]; then | |
|
1152 | echo "initial bootstrap file $BOOTSTRAP_FILE not found !" | |
|
1153 | ||
|
1154 | docker_bootstrap | |
|
1155 | definitions_bootstrap | |
|
1156 | config_bootstrap | |
|
1157 | ||
|
1158 | echo "$cur_date" > "$BOOTSTRAP_FILE" | |
|
1159 | ||
|
1160 | else | |
|
1161 | if [ $force ]; then | |
|
1162 | ||
|
1163 | docker_bootstrap $force | |
|
1164 | definitions_bootstrap $force ## TODO: remove old | |
|
1165 | config_bootstrap $force | |
|
1166 | ||
|
1167 | echo "$cur_date" > "$BOOTSTRAP_FILE" | |
|
1168 | ||
|
1169 | exit | |
|
1170 | fi | |
|
1171 | ||
|
1172 | echo "bootstrap file $BOOTSTRAP_FILE was found add --force to force bootstrap" | |
|
1173 | fi | |
|
1174 | ||
|
1175 | get_started | |
|
1176 | } | |
|
1177 | ||
|
1178 | # :command.function | |
|
1179 | rccontrol_get_build_artifacts_command() { | |
|
1180 | # src/get_build_artifacts_command.sh | |
|
1181 | check_bootstrap | |
|
1182 | ||
|
1183 | DEBUG=${args[--debug]} | |
|
1184 | AUTH=${args[--auth]} | |
|
1185 | INSTALLER_URL=${args[--installer-url]} | |
|
1186 | MANIFEST_URL=${args[--manifest-url]} | |
|
1187 | RC_VERSION=${args[--version-name]} | |
|
1188 | VER=$RC_VERSION | |
|
1189 | ||
|
1190 | CACHE_DIR=$PWD/.cache | |
|
1191 | VER_REGEX="$VER+x86_64" | |
|
1192 | ||
|
1193 | echo "Downloading Artifacts for version: $VER" | |
|
1194 | ||
|
1195 | echo "1/4 Checking available downloads from MANIFEST file" | |
|
1196 | ||
|
1197 | ARTS=$(curl -s $AUTH $MANIFEST_URL | grep --ignore-case "$VER_REGEX" | cut -d ' ' -f 2) | |
|
1198 | ||
|
1199 | if [[ $DEBUG ]]; then | |
|
1200 | echo "DEBUG START" | |
|
1201 | curl -s $AUTH $MANIFEST_URL | grep --ignore-case "$VER_REGEX" || echo "no regex match" | |
|
1202 | curl -s $AUTH $MANIFEST_URL | grep --ignore-case "$VER_REGEX" | cut -d ' ' -f 2 | |
|
1203 | echo "Found following artifacts:" | |
|
1204 | echo $ARTS | |
|
1205 | echo "DEBUG END" | |
|
1206 | fi | |
|
1207 | ||
|
1208 | if [[ $ARTS == "" ]]; then | |
|
1209 | MSG="Failed to found any MANIFEST entries for version $VER make sure there exists release with that version or use --version to specify different version" | |
|
1210 | echo "$(red $MSG)" | |
|
1211 | exit | |
|
1212 | fi | |
|
1213 | ||
|
1214 | echo "2/4 Downloading locale-archive" | |
|
1215 | curl -L https://dls.rhodecode.com/assets/locale-archive -J -O | |
|
1216 | mv -v locale-archive "$CACHE_DIR" | |
|
1217 | ||
|
1218 | # vcsserver/ce/ee | |
|
1219 | echo "3/4 Downloading installer artifacts" | |
|
1220 | for url in $ARTS; do | |
|
1221 | echo "Downloading $url with $AUTH" | |
|
1222 | curl $AUTH --fail-early -L ${url} -J -O | |
|
1223 | done | |
|
1224 | ||
|
1225 | #for url in $(curl -s $MANIFEST_URL | grep --ignore-case -E 'control.+\+x86_64' | cut -d ' ' -f 2); do | |
|
1226 | # echo "Downloading $url" | |
|
1227 | # curl -L ${url} -J -O | |
|
1228 | #done | |
|
1229 | ||
|
1230 | echo "4/4 Downloading installer from $INSTALLER_URL" | |
|
1231 | curl $AUTH -L $INSTALLER_URL -J -O | |
|
1232 | ||
|
1233 | INSTALLER=$(ls -Art RhodeCode-installer-* | tail -n 1) | |
|
1234 | if [[ -n $INSTALLER ]]; then | |
|
1235 | chmod +x "${INSTALLER}" | |
|
1236 | fi | |
|
1237 | ||
|
1238 | echo "Copying artifacts into $CACHE_DIR" | |
|
1239 | ||
|
1240 | mv -v "${INSTALLER}" $CACHE_DIR | |
|
1241 | mv -v *.bz2 $CACHE_DIR | |
|
1242 | ls -lh $CACHE_DIR | |
|
1243 | ||
|
1244 | } | |
|
1245 | ||
|
1246 | # :command.function | |
|
1247 | rccontrol_build_command() { | |
|
1248 | # src/build_command.sh | |
|
1249 | check_bootstrap | |
|
1250 | ||
|
1251 | rc_version=${args[--version-name]} | |
|
1252 | export RC_VERSION=$rc_version | |
|
1253 | eval "echo INSTALLER BASED BUILDING${RC_VERSION}" | |
|
1254 | ||
|
1255 | RC_VERSION=$rc_version ./rccontrol stack rhodecode build --progress plain rhodecode | |
|
1256 | ||
|
1257 | } | |
|
1258 | ||
|
1259 | # :command.function | |
|
1260 | rccontrol_get_build_source_command() { | |
|
1261 | # src/get_build_source_command.sh | |
|
1262 | check_bootstrap | |
|
1263 | ||
|
1264 | AUTH_TOKEN=${args[--auth-token]} | |
|
1265 | SERVER_URL=${args[--server-url]} | |
|
1266 | revision=${args[revision]} | |
|
1267 | ||
|
1268 | SOURCE_DIR=$PWD/.source | |
|
1269 | ||
|
1270 | RHODECODE_VCS_HASH=$revision | |
|
1271 | RHODECODE_CE_HASH=$revision | |
|
1272 | RHODECODE_EE_HASH=$revision | |
|
1273 | ||
|
1274 | # download sources | |
|
1275 | echo "** download rhodecode source for build from $SERVER_URL **" | |
|
1276 | ||
|
1277 | curl --header "X-Rc-Auth-Token: $AUTH_TOKEN" -L $SERVER_URL/rhodecode-vcsserver/archive/$RHODECODE_VCS_HASH.tgz?with_hash=0 | tar -xz -C $SOURCE_DIR | |
|
1278 | curl --header "X-Rc-Auth-Token: $AUTH_TOKEN" -L $SERVER_URL/rhodecode-enterprise-ce/archive/$RHODECODE_CE_HASH.tgz?with_hash=0 | tar -xz -C $SOURCE_DIR | |
|
1279 | #TODO: fix just CE build... | |
|
1280 | curl --header "X-Rc-Auth-Token: $AUTH_TOKEN" -L $SERVER_URL/rhodecode-enterprise-ee/archive/$RHODECODE_EE_HASH.tgz?with_hash=0 | tar -xz -C $SOURCE_DIR | |
|
1281 | ||
|
1282 | rm -rf $SOURCE_DIR/rhodecode-vcsserver && mv $SOURCE_DIR/*rhodecode-vcsserver-plain $SOURCE_DIR/rhodecode-vcsserver | |
|
1283 | rm -rf $SOURCE_DIR/rhodecode-enterprise-ce && mv $SOURCE_DIR/*rhodecode-enterprise-ce-plain $SOURCE_DIR/rhodecode-enterprise-ce | |
|
1284 | rm -rf $SOURCE_DIR/rhodecode-enterprise-ee && cp -r $SOURCE_DIR/*rhodecode-enterprise-ee-plain $SOURCE_DIR/rhodecode-enterprise-ee | |
|
1285 | ||
|
1286 | echo "downloading sources done to $SOURCE_DIR" | |
|
1287 | ||
|
1288 | } | |
|
1289 | ||
|
1290 | # :command.function | |
|
1291 | rccontrol_build_source_command() { | |
|
1292 | # src/build_source_command.sh | |
|
1293 | check_bootstrap | |
|
1294 | ||
|
1295 | rc_version=${args[--version-name]} | |
|
1296 | export RC_VERSION=$rc_version | |
|
1297 | eval "echo SOURCE BASED BUILDING${RC_VERSION}" | |
|
1298 | ||
|
1299 | RC_VERSION=$rc_version ./rccontrol stack rhodecode -f docker-compose-apps.source.yaml build --progress plain rhodecode | |
|
1300 | ||
|
1301 | } | |
|
1302 | ||
|
1303 | # :command.function | |
|
1304 | rccontrol_stack_command() { | |
|
1305 | # src/stack_command.sh | |
|
1306 | check_bootstrap | |
|
1307 | ||
|
1308 | DEBUG=${args[--debug]} | |
|
1309 | service_name=${args[name]} | |
|
1310 | ||
|
1311 | if [[ ! -f $RC_STACK_ROUTER_EXT ]]; then | |
|
1312 | RC_STACK_ROUTER_EXT="" | |
|
1313 | else | |
|
1314 | RC_STACK_ROUTER_EXT="-f $RC_STACK_ROUTER_EXT" | |
|
1315 | fi | |
|
1316 | ||
|
1317 | CMD_ROUTER="\ | |
|
1318 | docker compose \ | |
|
1319 | --env-file $ENV_FILE \ | |
|
1320 | $ENV_EXPAND \ | |
|
1321 | -p rc_cluster_router \ | |
|
1322 | -f docker-compose-base.yaml \ | |
|
1323 | -f docker-compose-router.yaml $RC_STACK_ROUTER_EXT" | |
|
1324 | ||
|
1325 | if [[ ! -f $RC_STACK_SERVICES_EXT ]]; then | |
|
1326 | RC_STACK_SERVICES_EXT_LCL="" | |
|
1327 | else | |
|
1328 | RC_STACK_SERVICES_EXT_LCL="-f $RC_STACK_SERVICES_EXT" | |
|
1329 | fi | |
|
1330 | ||
|
1331 | RC_STACK_PROFILES="--profile postgres --profile redis --profile elasticsearch --profile channelstream" | |
|
1332 | ||
|
1333 | CMD_SERVICES="\ | |
|
1334 | docker compose \ | |
|
1335 | --env-file $ENV_FILE \ | |
|
1336 | $ENV_EXPAND \ | |
|
1337 | $RC_STACK_PROFILES \ | |
|
1338 | -p rc_cluster_services \ | |
|
1339 | -f docker-compose-base.yaml \ | |
|
1340 | -f docker-compose-services.yaml $RC_STACK_SERVICES_EXT_LCL" | |
|
1341 | ||
|
1342 | if [[ ! -f $RC_STACK_METRICS_EXT ]]; then | |
|
1343 | RC_STACK_METRICS_EXT_LCL="" | |
|
1344 | else | |
|
1345 | RC_STACK_METRICS_EXT_LCL="-f $RC_STACK_METRICS_EXT" | |
|
1346 | fi | |
|
1347 | ||
|
1348 | CMD_METRICS="\ | |
|
1349 | docker compose \ | |
|
1350 | --env-file $ENV_FILE \ | |
|
1351 | $ENV_EXPAND \ | |
|
1352 | -p rc_cluster_metrics \ | |
|
1353 | -f docker-compose-base.yaml \ | |
|
1354 | -f docker-compose-metrics.yaml $RC_STACK_METRICS_EXT_LCL" | |
|
1355 | ||
|
1356 | if [[ ! -f $RC_STACK_RHODECODE_EXT ]]; then | |
|
1357 | RC_STACK_RHODECODE_EXT_LCL="" | |
|
1358 | else | |
|
1359 | RC_STACK_RHODECODE_EXT_LCL="-f $RC_STACK_RHODECODE_EXT" | |
|
1360 | fi | |
|
1361 | ||
|
1362 | CMD_RHODECODE="\ | |
|
1363 | docker compose \ | |
|
1364 | --env-file $ENV_FILE \ | |
|
1365 | $ENV_EXPAND \ | |
|
1366 | -p rc_cluster_apps \ | |
|
1367 | -f docker-compose-base.yaml \ | |
|
1368 | -f docker-compose-apps.yaml $RC_STACK_RHODECODE_EXT_LCL" | |
|
1369 | ||
|
1370 | CMD_RHODECODE_SOURCE="\ | |
|
1371 | docker compose \ | |
|
1372 | --env-file $ENV_FILE \ | |
|
1373 | $ENV_EXPAND \ | |
|
1374 | -p rc_cluster_apps \ | |
|
1375 | -f docker-compose-base.yaml \ | |
|
1376 | -f docker-compose-apps.yaml \ | |
|
1377 | -f docker-compose-apps.source.yaml $RC_STACK_RHODECODE_EXT_LCL" | |
|
1378 | ||
|
1379 | case $service_name in | |
|
1380 | ||
|
1381 | services ) | |
|
1382 | if [[ $DEBUG ]]; then | |
|
1383 | echo "---" | |
|
1384 | echo "stacks docker: $RC_STACK_SERVICES_EXT_LCL" | |
|
1385 | echo "running command: ${CMD_SERVICES}" | |
|
1386 | echo "ARGS: ${other_args[*]}" | |
|
1387 | echo "---" | |
|
1388 | fi | |
|
1389 | ||
|
1390 | eval "${CMD_SERVICES} ${other_args[*]}" | |
|
1391 | exit | |
|
1392 | ;; | |
|
1393 | router ) | |
|
1394 | if [[ $DEBUG ]]; then | |
|
1395 | echo "---" | |
|
1396 | echo "stacks docker: $RC_STACK_ROUTER_EXT_LCL" | |
|
1397 | echo "running command: ${CMD_ROUTER}" | |
|
1398 | echo "ARGS: ${other_args[*]}" | |
|
1399 | echo "---" | |
|
1400 | fi | |
|
1401 | eval "${CMD_ROUTER} ${other_args[*]}" | |
|
1402 | exit | |
|
1403 | ;; | |
|
1404 | metrics ) | |
|
1405 | if [[ $DEBUG ]]; then | |
|
1406 | echo "---" | |
|
1407 | echo "stacks docker: $RC_STACK_METRICS_EXT_LCL" | |
|
1408 | echo "running command: ${CMD_METRICS}" | |
|
1409 | echo "ARGS: ${other_args[*]}" | |
|
1410 | echo "---" | |
|
1411 | fi | |
|
1412 | eval "${CMD_METRICS} ${other_args[*]}" | |
|
1413 | exit | |
|
1414 | ;; | |
|
1415 | rhodecode ) | |
|
1416 | if [[ $DEBUG ]]; then | |
|
1417 | echo "---" | |
|
1418 | echo "stacks docker: $RC_STACK_RHODECODE_EXT_LCL" | |
|
1419 | echo "running command: ${CMD_RHODECODE}" | |
|
1420 | echo "ARGS: ${other_args[*]}" | |
|
1421 | echo "---" | |
|
1422 | fi | |
|
1423 | eval "${CMD_RHODECODE} ${other_args[*]}" | |
|
1424 | exit | |
|
1425 | ;; | |
|
1426 | esac | |
|
1427 | ||
|
1428 | } | |
|
1429 | ||
|
1430 | # :command.function | |
|
1431 | rccontrol_stack_status_command() { | |
|
1432 | # src/stack_status_command.sh | |
|
1433 | check_bootstrap | |
|
1434 | DEBUG=${args[--debug]} | |
|
1435 | if [[ $DEBUG ]]; then | |
|
1436 | echo "---" | |
|
1437 | ||
|
1438 | ps_cmd=$(docker ps --filter=name=rc_cluster --format="{{.ID}}") | |
|
1439 | ||
|
1440 | for service in $ps_cmd; do | |
|
1441 | ||
|
1442 | servicename=`docker inspect --format '{{ .Name }}' $service` | |
|
1443 | servicename=${servicename:1} | |
|
1444 | echo $servicename | |
|
1445 | docker inspect $service --format='{{.State.Status}}: {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' | |
|
1446 | echo "" | |
|
1447 | ||
|
1448 | done | |
|
1449 | fi | |
|
1450 | echo "---" | |
|
1451 | docker ps --filter=name=rc_cluster --format="table {{.ID}}\\t{{.Image}}\\t{{.Status}}\\t{{.Names}}\\t{{.Ports}}" | |
|
1452 | } | |
|
1453 | ||
|
1454 | # :command.function | |
|
1455 | rccontrol_stack_upgrade_command() { | |
|
1456 | # src/stack_upgrade_command.sh | |
|
1457 | check_bootstrap | |
|
1458 | ||
|
1459 | echo "# this file is located in 'src/stack_upgrade_command.sh'" | |
|
1460 | echo "# code for 'rccontrol stack-upgrade' goes here" | |
|
1461 | echo "# you can edit it freely and regenerate (it will not be overwritten)" | |
|
1462 | inspect_args | |
|
1463 | ||
|
1464 | } | |
|
1465 | ||
|
1466 | # :command.function | |
|
1467 | rccontrol_cli_redis_command() { | |
|
1468 | # src/cli_redis_command.sh | |
|
1469 | check_bootstrap | |
|
1470 | ||
|
1471 | DEBUG=${args[--debug]} | |
|
1472 | ||
|
1473 | target_container=rc_cluster_services-redis-1 | |
|
1474 | docker_id=$(docker ps --filter name=$target_container -q) | |
|
1475 | ||
|
1476 | if [[ $DEBUG ]]; then | |
|
1477 | echo "container id: $docker_id, based on $target_container filter" | |
|
1478 | docker ps | |
|
1479 | fi | |
|
1480 | ||
|
1481 | if [ "$docker_id" == "" ]; then | |
|
1482 | MSG="Cannot find container ID with name $target_container" | |
|
1483 | echo "$(red $MSG)" | |
|
1484 | exit | |
|
1485 | fi | |
|
1486 | ||
|
1487 | if [[ $DEBUG ]]; then | |
|
1488 | echo "Running |docker exec --interactive --tty $docker_id $CMD|" | |
|
1489 | echo "docker exec --interactive --tty $docker_id /bin/bash -c 'redis-cli'" | |
|
1490 | fi | |
|
1491 | ||
|
1492 | eval "docker exec --interactive --tty $docker_id /bin/bash -c 'redis-cli'" | |
|
1493 | ||
|
1494 | } | |
|
1495 | ||
|
1496 | # :command.function | |
|
1497 | rccontrol_cli_db_command() { | |
|
1498 | # src/cli_db_command.sh | |
|
1499 | check_bootstrap | |
|
1500 | ||
|
1501 | DEBUG=${args[--debug]} | |
|
1502 | ||
|
1503 | target_container=rc_cluster_services-database-1 | |
|
1504 | docker_id=$(docker ps --filter name=$target_container -q) | |
|
1505 | ||
|
1506 | if [[ $DEBUG ]]; then | |
|
1507 | echo "container id: $docker_id, based on $target_container filter" | |
|
1508 | docker ps | |
|
1509 | fi | |
|
1510 | ||
|
1511 | if [ "$docker_id" == "" ]; then | |
|
1512 | MSG="Cannot find container ID with name $target_container" | |
|
1513 | echo "$(red $MSG)" | |
|
1514 | exit | |
|
1515 | fi | |
|
1516 | ||
|
1517 | if [[ $DEBUG ]]; then | |
|
1518 | echo "Running |docker exec --interactive --tty $docker_id $CMD|" | |
|
1519 | echo "docker exec --interactive --tty $docker_id /bin/bash -c 'PGPASSWORD=$DB_PASSWORD psql --username=$DB_USER --dbname=$DB_NAME'" | |
|
1520 | fi | |
|
1521 | ||
|
1522 | eval "docker exec --interactive --tty $docker_id /bin/bash -c 'PGPASSWORD=$DB_PASSWORD psql --username=$DB_USER --dbname=$DB_NAME'" | |
|
1523 | ||
|
1524 | } | |
|
1525 | ||
|
1526 | # :command.function | |
|
1527 | rccontrol_cli_db_upgrade_command() { | |
|
1528 | # src/cli_db_upgrade_command.sh | |
|
1529 | check_bootstrap | |
|
1530 | ||
|
1531 | DEBUG=${args[--debug]} | |
|
1532 | ||
|
1533 | target_container=rc_cluster_apps-rhodecode-1 | |
|
1534 | docker_id=$(docker ps --filter name=$target_container -q) | |
|
1535 | ||
|
1536 | if [[ $DEBUG ]]; then | |
|
1537 | echo "container id: $docker_id, based on $target_container filter" | |
|
1538 | docker ps | |
|
1539 | fi | |
|
1540 | ||
|
1541 | if [ "$docker_id" == "" ]; then | |
|
1542 | MSG="Cannot find container ID with name $target_container" | |
|
1543 | echo "$(red $MSG)" | |
|
1544 | exit | |
|
1545 | fi | |
|
1546 | ||
|
1547 | if [[ $DEBUG ]]; then | |
|
1548 | echo "./rccontrol stack rhodecode exec rhodecode /usr/local/bin/rhodecode_bin/bin/rc-upgrade-db /etc/rhodecode/conf/rhodecode.optimized.ini --force-yes" | |
|
1549 | fi | |
|
1550 | ||
|
1551 | ./rccontrol stack rhodecode exec rhodecode /usr/local/bin/rhodecode_bin/bin/rc-upgrade-db /etc/rhodecode/conf/rhodecode.optimized.ini --force-yes | |
|
1552 | } | |
|
1553 | ||
|
1554 | # :command.function | |
|
1555 | rccontrol__completions_command() { | |
|
1556 | # src/_completions_command.sh | |
|
1557 | send_completions | |
|
1558 | } | |
|
1559 | ||
|
1560 | # :command.function | |
|
1561 | rccontrol_backup_db_command() { | |
|
1562 | # src/backup_db_command.sh | |
|
1563 | check_bootstrap | |
|
1564 | ||
|
1565 | DEBUG=${args[--debug]} | |
|
1566 | DESTINATION=${args[destination]} | |
|
1567 | ||
|
1568 | target_container=rc_cluster_services-database-1 | |
|
1569 | ||
|
1570 | docker_id=$(docker ps --filter name=$target_container -q) | |
|
1571 | backup_name=rc_db_dump-$(date +%Y-%m-%d).tar.gz | |
|
1572 | ||
|
1573 | echo "creating backup $backup_name" | |
|
1574 | ||
|
1575 | if [[ $DEBUG ]]; then | |
|
1576 | echo "container id: $docker_id, based on $target_container filter" | |
|
1577 | docker ps | |
|
1578 | echo "---" | |
|
1579 | fi | |
|
1580 | ||
|
1581 | #image_id=$(docker inspect "$docker_id" --format {{.Image}} | cut -c 8-) | |
|
1582 | # | |
|
1583 | #if [[ $DEBUG ]]; then | |
|
1584 | # echo "image id: $image_id, based on $target_container filter" | |
|
1585 | # docker image ls | |
|
1586 | # echo "---" | |
|
1587 | #fi | |
|
1588 | ||
|
1589 | if [ "$docker_id" == "" ]; then | |
|
1590 | MSG="Cannot find container ID with name $target_container" | |
|
1591 | echo "$(red $MSG)" | |
|
1592 | exit | |
|
1593 | fi | |
|
1594 | ||
|
1595 | #if [ "image_id" == "" ]; then | |
|
1596 | # MSG="Cannot find image ID with name $target_container" | |
|
1597 | # echo "$(red $MSG)" | |
|
1598 | # exit | |
|
1599 | #fi | |
|
1600 | ||
|
1601 | if [[ $DEBUG ]]; then | |
|
1602 | echo "docker exec -e PGPASSWORD=$DB_PASSWORD $docker_id /bin/bash -c 'pg_dump --inserts -U $DB_USER -h 127.0.0.1 --dbname=$DB_NAME | gzip > /var/rc-data-dump/$backup_name'" | |
|
1603 | fi | |
|
1604 | ||
|
1605 | eval "docker exec -e PGPASSWORD=$DB_PASSWORD $docker_id /bin/bash -c 'pg_dump --inserts -U $DB_USER -h 127.0.0.1 --dbname=$DB_NAME | gzip > /var/rc-data-dump/$backup_name'" | |
|
1606 | echo "$(green Backup created in /var/rc-data-dump/ mount !)" | |
|
1607 | ||
|
1608 | } | |
|
1609 | ||
|
1610 | # :command.function | |
|
1611 | rccontrol_backup_data_command() { | |
|
1612 | # src/backup_data_command.sh | |
|
1613 | echo "# this file is located in 'src/backup_data_command.sh'" | |
|
1614 | echo "# code for 'rccontrol backup-data' goes here" | |
|
1615 | echo "# you can edit it freely and regenerate (it will not be overwritten)" | |
|
1616 | inspect_args | |
|
1617 | ||
|
1618 | } | |
|
1619 | ||
|
1620 | # :command.parse_requirements | |
|
1621 | parse_requirements() { | |
|
1622 | # :command.fixed_flags_filter | |
|
1623 | case "${1:-}" in | |
|
1624 | --version | -v ) | |
|
1625 | version_command | |
|
1626 | exit | |
|
1627 | ;; | |
|
1628 | ||
|
1629 | --help | -h ) | |
|
1630 | long_usage=yes | |
|
1631 | rccontrol_usage | |
|
1632 | exit | |
|
1633 | ;; | |
|
1634 | ||
|
1635 | # :flag.case | |
|
1636 | --debug ) | |
|
1637 | ||
|
1638 | # :flag.case_no_arg | |
|
1639 | args[--debug]=1 | |
|
1640 | shift | |
|
1641 | ;; | |
|
1642 | ||
|
1643 | esac | |
|
1644 | ||
|
1645 | # :command.environment_variables_filter | |
|
1646 | # :command.environment_variables_default | |
|
1647 | export RC_CLI_VERSION_NAME="${RC_CLI_VERSION_NAME:-4.27.0}" | |
|
1648 | export RC_STACK_ROUTER_EXT="${RC_STACK_ROUTER_EXT:-.custom/docker-compose-router.override.yaml}" | |
|
1649 | export RC_STACK_METRICS_EXT="${RC_STACK_METRICS_EXT:-.custom/docker-compose-metrics.override.yaml}" | |
|
1650 | export RC_STACK_SERVICES_EXT="${RC_STACK_SERVICES_EXT:-.custom/docker-compose-services.override.yaml}" | |
|
1651 | export RC_STACK_RHODECODE_EXT="${RC_STACK_RHODECODE_EXT:-.custom/docker-compose-apps.override.yaml}" | |
|
1652 | ||
|
1653 | # :command.command_filter | |
|
1654 | action=${1:-} | |
|
1655 | ||
|
1656 | case $action in | |
|
1657 | -* ) | |
|
1658 | ;; | |
|
1659 | ||
|
1660 | self-update ) | |
|
1661 | action="self-update" | |
|
1662 | shift | |
|
1663 | rccontrol_self_update_parse_requirements "$@" | |
|
1664 | shift $# | |
|
1665 | ;; | |
|
1666 | ||
|
1667 | bootstrap | install ) | |
|
1668 | action="bootstrap" | |
|
1669 | shift | |
|
1670 | rccontrol_bootstrap_parse_requirements "$@" | |
|
1671 | shift $# | |
|
1672 | ;; | |
|
1673 | ||
|
1674 | get-build-artifacts ) | |
|
1675 | action="get-build-artifacts" | |
|
1676 | shift | |
|
1677 | rccontrol_get_build_artifacts_parse_requirements "$@" | |
|
1678 | shift $# | |
|
1679 | ;; | |
|
1680 | ||
|
1681 | build ) | |
|
1682 | action="build" | |
|
1683 | shift | |
|
1684 | rccontrol_build_parse_requirements "$@" | |
|
1685 | shift $# | |
|
1686 | ;; | |
|
1687 | ||
|
1688 | get-build-source ) | |
|
1689 | action="get-build-source" | |
|
1690 | shift | |
|
1691 | rccontrol_get_build_source_parse_requirements "$@" | |
|
1692 | shift $# | |
|
1693 | ;; | |
|
1694 | ||
|
1695 | build-source ) | |
|
1696 | action="build-source" | |
|
1697 | shift | |
|
1698 | rccontrol_build_source_parse_requirements "$@" | |
|
1699 | shift $# | |
|
1700 | ;; | |
|
1701 | ||
|
1702 | stack ) | |
|
1703 | action="stack" | |
|
1704 | shift | |
|
1705 | rccontrol_stack_parse_requirements "$@" | |
|
1706 | shift $# | |
|
1707 | ;; | |
|
1708 | ||
|
1709 | stack-status | status ) | |
|
1710 | action="stack-status" | |
|
1711 | shift | |
|
1712 | rccontrol_stack_status_parse_requirements "$@" | |
|
1713 | shift $# | |
|
1714 | ;; | |
|
1715 | ||
|
1716 | stack-upgrade ) | |
|
1717 | action="stack-upgrade" | |
|
1718 | shift | |
|
1719 | rccontrol_stack_upgrade_parse_requirements "$@" | |
|
1720 | shift $# | |
|
1721 | ;; | |
|
1722 | ||
|
1723 | cli-redis ) | |
|
1724 | action="cli-redis" | |
|
1725 | shift | |
|
1726 | rccontrol_cli_redis_parse_requirements "$@" | |
|
1727 | shift $# | |
|
1728 | ;; | |
|
1729 | ||
|
1730 | cli-db ) | |
|
1731 | action="cli-db" | |
|
1732 | shift | |
|
1733 | rccontrol_cli_db_parse_requirements "$@" | |
|
1734 | shift $# | |
|
1735 | ;; | |
|
1736 | ||
|
1737 | cli-db-upgrade ) | |
|
1738 | action="cli-db-upgrade" | |
|
1739 | shift | |
|
1740 | rccontrol_cli_db_upgrade_parse_requirements "$@" | |
|
1741 | shift $# | |
|
1742 | ;; | |
|
1743 | ||
|
1744 | _completions ) | |
|
1745 | action="_completions" | |
|
1746 | shift | |
|
1747 | rccontrol__completions_parse_requirements "$@" | |
|
1748 | shift $# | |
|
1749 | ;; | |
|
1750 | ||
|
1751 | backup-db ) | |
|
1752 | action="backup-db" | |
|
1753 | shift | |
|
1754 | rccontrol_backup_db_parse_requirements "$@" | |
|
1755 | shift $# | |
|
1756 | ;; | |
|
1757 | ||
|
1758 | backup-data ) | |
|
1759 | action="backup-data" | |
|
1760 | shift | |
|
1761 | rccontrol_backup_data_parse_requirements "$@" | |
|
1762 | shift $# | |
|
1763 | ;; | |
|
1764 | ||
|
1765 | # :command.command_fallback | |
|
1766 | "" ) | |
|
1767 | rccontrol_usage >&2 | |
|
1768 | exit 1 | |
|
1769 | ;; | |
|
1770 | ||
|
1771 | * ) | |
|
1772 | printf "invalid command: %s\n" "$action" >&2 | |
|
1773 | exit 1 | |
|
1774 | ;; | |
|
1775 | ||
|
1776 | esac | |
|
1777 | ||
|
1778 | # :command.parse_requirements_while | |
|
1779 | while [[ $# -gt 0 ]]; do | |
|
1780 | key="$1" | |
|
1781 | case "$key" in | |
|
1782 | ||
|
1783 | -?* ) | |
|
1784 | printf "invalid option: %s\n" "$key" >&2 | |
|
1785 | exit 1 | |
|
1786 | ;; | |
|
1787 | ||
|
1788 | * ) | |
|
1789 | # :command.parse_requirements_case | |
|
1790 | # :command.parse_requirements_case_simple | |
|
1791 | printf "invalid argument: %s\n" "$key" >&2 | |
|
1792 | exit 1 | |
|
1793 | ||
|
1794 | ;; | |
|
1795 | ||
|
1796 | esac | |
|
1797 | done | |
|
1798 | ||
|
1799 | } | |
|
1800 | ||
|
1801 | # :command.parse_requirements | |
|
1802 | rccontrol_self_update_parse_requirements() { | |
|
1803 | # :command.fixed_flags_filter | |
|
1804 | case "${1:-}" in | |
|
1805 | --help | -h ) | |
|
1806 | long_usage=yes | |
|
1807 | rccontrol_self_update_usage | |
|
1808 | exit | |
|
1809 | ;; | |
|
1810 | ||
|
1811 | esac | |
|
1812 | ||
|
1813 | # :command.dependencies_filter | |
|
1814 | if ! [[ -x "$(command -v curl)" ]]; then | |
|
1815 | printf "missing dependency: curl\n" >&2 | |
|
1816 | exit 1 | |
|
1817 | fi | |
|
1818 | if ! [[ -x "$(command -v tar)" ]]; then | |
|
1819 | printf "missing dependency: tar\n" >&2 | |
|
1820 | exit 1 | |
|
1821 | fi | |
|
1822 | ||
|
1823 | # :command.command_filter | |
|
1824 | action="self-update" | |
|
1825 | ||
|
1826 | # :command.parse_requirements_while | |
|
1827 | while [[ $# -gt 0 ]]; do | |
|
1828 | key="$1" | |
|
1829 | case "$key" in | |
|
1830 | # :flag.case | |
|
1831 | --auth-token ) | |
|
1832 | ||
|
1833 | # :flag.case_arg | |
|
1834 | if [[ -n ${2+x} ]]; then | |
|
1835 | ||
|
1836 | args[--auth-token]="$2" | |
|
1837 | shift | |
|
1838 | shift | |
|
1839 | else | |
|
1840 | printf "%s\n" "--auth-token requires an argument: --auth-token AUTH_TOKEN" >&2 | |
|
1841 | exit 1 | |
|
1842 | fi | |
|
1843 | ;; | |
|
1844 | ||
|
1845 | # :flag.case | |
|
1846 | --server-url ) | |
|
1847 | ||
|
1848 | # :flag.case_arg | |
|
1849 | if [[ -n ${2+x} ]]; then | |
|
1850 | ||
|
1851 | args[--server-url]="$2" | |
|
1852 | shift | |
|
1853 | shift | |
|
1854 | else | |
|
1855 | printf "%s\n" "--server-url requires an argument: --server-url SERVER_URL" >&2 | |
|
1856 | exit 1 | |
|
1857 | fi | |
|
1858 | ;; | |
|
1859 | ||
|
1860 | -?* ) | |
|
1861 | printf "invalid option: %s\n" "$key" >&2 | |
|
1862 | exit 1 | |
|
1863 | ;; | |
|
1864 | ||
|
1865 | * ) | |
|
1866 | # :command.parse_requirements_case | |
|
1867 | # :command.parse_requirements_case_simple | |
|
1868 | printf "invalid argument: %s\n" "$key" >&2 | |
|
1869 | exit 1 | |
|
1870 | ||
|
1871 | ;; | |
|
1872 | ||
|
1873 | esac | |
|
1874 | done | |
|
1875 | ||
|
1876 | # :command.default_assignments | |
|
1877 | [[ -n ${args[--server-url]:-} ]] || args[--server-url]="https://code.rhodecode.com" | |
|
1878 | ||
|
1879 | } | |
|
1880 | ||
|
1881 | # :command.parse_requirements | |
|
1882 | rccontrol_bootstrap_parse_requirements() { | |
|
1883 | # :command.fixed_flags_filter | |
|
1884 | case "${1:-}" in | |
|
1885 | --help | -h ) | |
|
1886 | long_usage=yes | |
|
1887 | rccontrol_bootstrap_usage | |
|
1888 | exit | |
|
1889 | ;; | |
|
1890 | ||
|
1891 | esac | |
|
1892 | ||
|
1893 | # :command.dependencies_filter | |
|
1894 | if ! [[ -x "$(command -v curl)" ]]; then | |
|
1895 | printf "missing dependency: curl\n" >&2 | |
|
1896 | exit 1 | |
|
1897 | fi | |
|
1898 | if ! [[ -x "$(command -v tar)" ]]; then | |
|
1899 | printf "missing dependency: tar\n" >&2 | |
|
1900 | exit 1 | |
|
1901 | fi | |
|
1902 | if ! [[ -x "$(command -v md5sum)" ]]; then | |
|
1903 | printf "missing dependency: md5sum\n" >&2 | |
|
1904 | exit 1 | |
|
1905 | fi | |
|
1906 | ||
|
1907 | # :command.command_filter | |
|
1908 | action="bootstrap" | |
|
1909 | ||
|
1910 | # :command.parse_requirements_while | |
|
1911 | while [[ $# -gt 0 ]]; do | |
|
1912 | key="$1" | |
|
1913 | case "$key" in | |
|
1914 | # :flag.case | |
|
1915 | --force | -f ) | |
|
1916 | ||
|
1917 | # :flag.case_no_arg | |
|
1918 | args[--force]=1 | |
|
1919 | shift | |
|
1920 | ;; | |
|
1921 | ||
|
1922 | # :flag.case | |
|
1923 | --auth-token ) | |
|
1924 | ||
|
1925 | # :flag.case_arg | |
|
1926 | if [[ -n ${2+x} ]]; then | |
|
1927 | ||
|
1928 | args[--auth-token]="$2" | |
|
1929 | shift | |
|
1930 | shift | |
|
1931 | else | |
|
1932 | printf "%s\n" "--auth-token requires an argument: --auth-token AUTH_TOKEN" >&2 | |
|
1933 | exit 1 | |
|
1934 | fi | |
|
1935 | ;; | |
|
1936 | ||
|
1937 | # :flag.case | |
|
1938 | --server-url ) | |
|
1939 | ||
|
1940 | # :flag.case_arg | |
|
1941 | if [[ -n ${2+x} ]]; then | |
|
1942 | ||
|
1943 | args[--server-url]="$2" | |
|
1944 | shift | |
|
1945 | shift | |
|
1946 | else | |
|
1947 | printf "%s\n" "--server-url requires an argument: --server-url SERVER_URL" >&2 | |
|
1948 | exit 1 | |
|
1949 | fi | |
|
1950 | ;; | |
|
1951 | ||
|
1952 | -?* ) | |
|
1953 | printf "invalid option: %s\n" "$key" >&2 | |
|
1954 | exit 1 | |
|
1955 | ;; | |
|
1956 | ||
|
1957 | * ) | |
|
1958 | # :command.parse_requirements_case | |
|
1959 | # :command.parse_requirements_case_simple | |
|
1960 | printf "invalid argument: %s\n" "$key" >&2 | |
|
1961 | exit 1 | |
|
1962 | ||
|
1963 | ;; | |
|
1964 | ||
|
1965 | esac | |
|
1966 | done | |
|
1967 | ||
|
1968 | # :command.default_assignments | |
|
1969 | [[ -n ${args[--server-url]:-} ]] || args[--server-url]="https://code.rhodecode.com" | |
|
1970 | ||
|
1971 | } | |
|
1972 | ||
|
1973 | # :command.parse_requirements | |
|
1974 | rccontrol_get_build_artifacts_parse_requirements() { | |
|
1975 | # :command.fixed_flags_filter | |
|
1976 | case "${1:-}" in | |
|
1977 | --help | -h ) | |
|
1978 | long_usage=yes | |
|
1979 | rccontrol_get_build_artifacts_usage | |
|
1980 | exit | |
|
1981 | ;; | |
|
1982 | ||
|
1983 | esac | |
|
1984 | ||
|
1985 | # :command.command_filter | |
|
1986 | action="get-build-artifacts" | |
|
1987 | ||
|
1988 | # :command.parse_requirements_while | |
|
1989 | while [[ $# -gt 0 ]]; do | |
|
1990 | key="$1" | |
|
1991 | case "$key" in | |
|
1992 | # :flag.case | |
|
1993 | --auth ) | |
|
1994 | ||
|
1995 | # :flag.case_arg | |
|
1996 | if [[ -n ${2+x} ]]; then | |
|
1997 | ||
|
1998 | args[--auth]="$2" | |
|
1999 | shift | |
|
2000 | shift | |
|
2001 | else | |
|
2002 | printf "%s\n" "--auth requires an argument: --auth AUTH" >&2 | |
|
2003 | exit 1 | |
|
2004 | fi | |
|
2005 | ;; | |
|
2006 | ||
|
2007 | # :flag.case | |
|
2008 | --installer-url ) | |
|
2009 | ||
|
2010 | # :flag.case_arg | |
|
2011 | if [[ -n ${2+x} ]]; then | |
|
2012 | ||
|
2013 | args[--installer-url]="$2" | |
|
2014 | shift | |
|
2015 | shift | |
|
2016 | else | |
|
2017 | printf "%s\n" "--installer-url requires an argument: --installer-url INSTALLER_URL" >&2 | |
|
2018 | exit 1 | |
|
2019 | fi | |
|
2020 | ;; | |
|
2021 | ||
|
2022 | # :flag.case | |
|
2023 | --manifest-url ) | |
|
2024 | ||
|
2025 | # :flag.case_arg | |
|
2026 | if [[ -n ${2+x} ]]; then | |
|
2027 | ||
|
2028 | args[--manifest-url]="$2" | |
|
2029 | shift | |
|
2030 | shift | |
|
2031 | else | |
|
2032 | printf "%s\n" "--manifest-url requires an argument: --manifest-url MANIFEST_URL" >&2 | |
|
2033 | exit 1 | |
|
2034 | fi | |
|
2035 | ;; | |
|
2036 | ||
|
2037 | # :flag.case | |
|
2038 | --version-name ) | |
|
2039 | ||
|
2040 | # :flag.case_arg | |
|
2041 | if [[ -n ${2+x} ]]; then | |
|
2042 | ||
|
2043 | args[--version-name]="$2" | |
|
2044 | shift | |
|
2045 | shift | |
|
2046 | else | |
|
2047 | printf "%s\n" "--version-name requires an argument: --version-name VERSION_NAME" >&2 | |
|
2048 | exit 1 | |
|
2049 | fi | |
|
2050 | ;; | |
|
2051 | ||
|
2052 | -?* ) | |
|
2053 | printf "invalid option: %s\n" "$key" >&2 | |
|
2054 | exit 1 | |
|
2055 | ;; | |
|
2056 | ||
|
2057 | * ) | |
|
2058 | # :command.parse_requirements_case | |
|
2059 | # :command.parse_requirements_case_simple | |
|
2060 | printf "invalid argument: %s\n" "$key" >&2 | |
|
2061 | exit 1 | |
|
2062 | ||
|
2063 | ;; | |
|
2064 | ||
|
2065 | esac | |
|
2066 | done | |
|
2067 | ||
|
2068 | # :command.default_assignments | |
|
2069 | [[ -n ${args[--auth]:-} ]] || args[--auth]="" | |
|
2070 | [[ -n ${args[--installer-url]:-} ]] || args[--installer-url]="https://dls.rhodecode.com/dls/N2E2ZTY1NzA3NjYxNDA2NTc1NjI3MTcyNzA2MjcxNzIyZTcwNjI3YQ==/rhodecode-control/latest-linux-ee" | |
|
2071 | [[ -n ${args[--manifest-url]:-} ]] || args[--manifest-url]="https://dls.rhodecode.com/linux/MANIFEST" | |
|
2072 | [[ -n ${args[--version-name]:-} ]] || args[--version-name]="$RC_CLI_VERSION_NAME" | |
|
2073 | ||
|
2074 | } | |
|
2075 | ||
|
2076 | # :command.parse_requirements | |
|
2077 | rccontrol_build_parse_requirements() { | |
|
2078 | # :command.fixed_flags_filter | |
|
2079 | case "${1:-}" in | |
|
2080 | --help | -h ) | |
|
2081 | long_usage=yes | |
|
2082 | rccontrol_build_usage | |
|
2083 | exit | |
|
2084 | ;; | |
|
2085 | ||
|
2086 | esac | |
|
2087 | ||
|
2088 | # :command.command_filter | |
|
2089 | action="build" | |
|
2090 | ||
|
2091 | # :command.parse_requirements_while | |
|
2092 | while [[ $# -gt 0 ]]; do | |
|
2093 | key="$1" | |
|
2094 | case "$key" in | |
|
2095 | # :flag.case | |
|
2096 | --version-name ) | |
|
2097 | ||
|
2098 | # :flag.case_arg | |
|
2099 | if [[ -n ${2+x} ]]; then | |
|
2100 | ||
|
2101 | args[--version-name]="$2" | |
|
2102 | shift | |
|
2103 | shift | |
|
2104 | else | |
|
2105 | printf "%s\n" "--version-name requires an argument: --version-name VERSION_NAME" >&2 | |
|
2106 | exit 1 | |
|
2107 | fi | |
|
2108 | ;; | |
|
2109 | ||
|
2110 | -?* ) | |
|
2111 | printf "invalid option: %s\n" "$key" >&2 | |
|
2112 | exit 1 | |
|
2113 | ;; | |
|
2114 | ||
|
2115 | * ) | |
|
2116 | # :command.parse_requirements_case | |
|
2117 | # :command.parse_requirements_case_simple | |
|
2118 | printf "invalid argument: %s\n" "$key" >&2 | |
|
2119 | exit 1 | |
|
2120 | ||
|
2121 | ;; | |
|
2122 | ||
|
2123 | esac | |
|
2124 | done | |
|
2125 | ||
|
2126 | # :command.default_assignments | |
|
2127 | [[ -n ${args[--version-name]:-} ]] || args[--version-name]="$RC_CLI_VERSION_NAME" | |
|
2128 | ||
|
2129 | } | |
|
2130 | ||
|
2131 | # :command.parse_requirements | |
|
2132 | rccontrol_get_build_source_parse_requirements() { | |
|
2133 | # :command.fixed_flags_filter | |
|
2134 | case "${1:-}" in | |
|
2135 | --help | -h ) | |
|
2136 | long_usage=yes | |
|
2137 | rccontrol_get_build_source_usage | |
|
2138 | exit | |
|
2139 | ;; | |
|
2140 | ||
|
2141 | esac | |
|
2142 | ||
|
2143 | # :command.dependencies_filter | |
|
2144 | if ! [[ -x "$(command -v curl)" ]]; then | |
|
2145 | printf "missing dependency: curl\n" >&2 | |
|
2146 | exit 1 | |
|
2147 | fi | |
|
2148 | if ! [[ -x "$(command -v tar)" ]]; then | |
|
2149 | printf "missing dependency: tar\n" >&2 | |
|
2150 | exit 1 | |
|
2151 | fi | |
|
2152 | ||
|
2153 | # :command.command_filter | |
|
2154 | action="get-build-source" | |
|
2155 | ||
|
2156 | # :command.parse_requirements_while | |
|
2157 | while [[ $# -gt 0 ]]; do | |
|
2158 | key="$1" | |
|
2159 | case "$key" in | |
|
2160 | # :flag.case | |
|
2161 | --auth-token ) | |
|
2162 | ||
|
2163 | # :flag.case_arg | |
|
2164 | if [[ -n ${2+x} ]]; then | |
|
2165 | ||
|
2166 | args[--auth-token]="$2" | |
|
2167 | shift | |
|
2168 | shift | |
|
2169 | else | |
|
2170 | printf "%s\n" "--auth-token requires an argument: --auth-token AUTH_TOKEN" >&2 | |
|
2171 | exit 1 | |
|
2172 | fi | |
|
2173 | ;; | |
|
2174 | ||
|
2175 | # :flag.case | |
|
2176 | --server-url ) | |
|
2177 | ||
|
2178 | # :flag.case_arg | |
|
2179 | if [[ -n ${2+x} ]]; then | |
|
2180 | ||
|
2181 | args[--server-url]="$2" | |
|
2182 | shift | |
|
2183 | shift | |
|
2184 | else | |
|
2185 | printf "%s\n" "--server-url requires an argument: --server-url SERVER_URL" >&2 | |
|
2186 | exit 1 | |
|
2187 | fi | |
|
2188 | ;; | |
|
2189 | ||
|
2190 | -?* ) | |
|
2191 | printf "invalid option: %s\n" "$key" >&2 | |
|
2192 | exit 1 | |
|
2193 | ;; | |
|
2194 | ||
|
2195 | * ) | |
|
2196 | # :command.parse_requirements_case | |
|
2197 | # :command.parse_requirements_case_simple | |
|
2198 | if [[ -z ${args[revision]+x} ]]; then | |
|
2199 | ||
|
2200 | args[revision]=$1 | |
|
2201 | shift | |
|
2202 | else | |
|
2203 | printf "invalid argument: %s\n" "$key" >&2 | |
|
2204 | exit 1 | |
|
2205 | fi | |
|
2206 | ||
|
2207 | ;; | |
|
2208 | ||
|
2209 | esac | |
|
2210 | done | |
|
2211 | ||
|
2212 | # :command.required_args_filter | |
|
2213 | if [[ -z ${args[revision]+x} ]]; then | |
|
2214 | printf "missing required argument: REVISION\nusage: rccontrol get-build-source REVISION [OPTIONS]\n" >&2 | |
|
2215 | exit 1 | |
|
2216 | fi | |
|
2217 | ||
|
2218 | # :command.default_assignments | |
|
2219 | [[ -n ${args[--server-url]:-} ]] || args[--server-url]="https://code.rhodecode.com" | |
|
2220 | ||
|
2221 | } | |
|
2222 | ||
|
2223 | # :command.parse_requirements | |
|
2224 | rccontrol_build_source_parse_requirements() { | |
|
2225 | # :command.fixed_flags_filter | |
|
2226 | case "${1:-}" in | |
|
2227 | --help | -h ) | |
|
2228 | long_usage=yes | |
|
2229 | rccontrol_build_source_usage | |
|
2230 | exit | |
|
2231 | ;; | |
|
2232 | ||
|
2233 | esac | |
|
2234 | ||
|
2235 | # :command.command_filter | |
|
2236 | action="build-source" | |
|
2237 | ||
|
2238 | # :command.parse_requirements_while | |
|
2239 | while [[ $# -gt 0 ]]; do | |
|
2240 | key="$1" | |
|
2241 | case "$key" in | |
|
2242 | # :flag.case | |
|
2243 | --version-name ) | |
|
2244 | ||
|
2245 | # :flag.case_arg | |
|
2246 | if [[ -n ${2+x} ]]; then | |
|
2247 | ||
|
2248 | args[--version-name]="$2" | |
|
2249 | shift | |
|
2250 | shift | |
|
2251 | else | |
|
2252 | printf "%s\n" "--version-name requires an argument: --version-name VERSION_NAME" >&2 | |
|
2253 | exit 1 | |
|
2254 | fi | |
|
2255 | ;; | |
|
2256 | ||
|
2257 | -?* ) | |
|
2258 | printf "invalid option: %s\n" "$key" >&2 | |
|
2259 | exit 1 | |
|
2260 | ;; | |
|
2261 | ||
|
2262 | * ) | |
|
2263 | # :command.parse_requirements_case | |
|
2264 | # :command.parse_requirements_case_simple | |
|
2265 | printf "invalid argument: %s\n" "$key" >&2 | |
|
2266 | exit 1 | |
|
2267 | ||
|
2268 | ;; | |
|
2269 | ||
|
2270 | esac | |
|
2271 | done | |
|
2272 | ||
|
2273 | # :command.default_assignments | |
|
2274 | [[ -n ${args[--version-name]:-} ]] || args[--version-name]="$RC_CLI_VERSION_NAME" | |
|
2275 | ||
|
2276 | } | |
|
2277 | ||
|
2278 | # :command.parse_requirements | |
|
2279 | rccontrol_stack_parse_requirements() { | |
|
2280 | # :command.fixed_flags_filter | |
|
2281 | case "${1:-}" in | |
|
2282 | --help | -h ) | |
|
2283 | long_usage=yes | |
|
2284 | rccontrol_stack_usage | |
|
2285 | exit | |
|
2286 | ;; | |
|
2287 | ||
|
2288 | esac | |
|
2289 | ||
|
2290 | # :command.command_filter | |
|
2291 | action="stack" | |
|
2292 | ||
|
2293 | # :command.parse_requirements_while | |
|
2294 | while [[ $# -gt 0 ]]; do | |
|
2295 | key="$1" | |
|
2296 | case "$key" in | |
|
2297 | ||
|
2298 | -?* ) | |
|
2299 | other_args+=("$1") | |
|
2300 | shift | |
|
2301 | ;; | |
|
2302 | ||
|
2303 | * ) | |
|
2304 | # :command.parse_requirements_case | |
|
2305 | # :command.parse_requirements_case_catch_all | |
|
2306 | if [[ -z ${args[name]+x} ]]; then | |
|
2307 | ||
|
2308 | args[name]=$1 | |
|
2309 | shift | |
|
2310 | else | |
|
2311 | other_args+=("$1") | |
|
2312 | shift | |
|
2313 | fi | |
|
2314 | ||
|
2315 | ;; | |
|
2316 | ||
|
2317 | esac | |
|
2318 | done | |
|
2319 | ||
|
2320 | # :command.required_args_filter | |
|
2321 | if [[ -z ${args[name]+x} ]]; then | |
|
2322 | printf "missing required argument: NAME\nusage: rccontrol stack NAME [SERVICES PARAMS...]\n" >&2 | |
|
2323 | exit 1 | |
|
2324 | fi | |
|
2325 | ||
|
2326 | # :command.whitelist_filter | |
|
2327 | if [[ ! ${args[name]} =~ ^(router|metrics|services|rhodecode)$ ]]; then | |
|
2328 | printf "%s\n" "name must be one of: router, metrics, services, rhodecode" >&2 | |
|
2329 | exit 1 | |
|
2330 | fi | |
|
2331 | ||
|
2332 | } | |
|
2333 | ||
|
2334 | # :command.parse_requirements | |
|
2335 | rccontrol_stack_status_parse_requirements() { | |
|
2336 | # :command.fixed_flags_filter | |
|
2337 | case "${1:-}" in | |
|
2338 | --help | -h ) | |
|
2339 | long_usage=yes | |
|
2340 | rccontrol_stack_status_usage | |
|
2341 | exit | |
|
2342 | ;; | |
|
2343 | ||
|
2344 | esac | |
|
2345 | ||
|
2346 | # :command.command_filter | |
|
2347 | action="stack-status" | |
|
2348 | ||
|
2349 | # :command.parse_requirements_while | |
|
2350 | while [[ $# -gt 0 ]]; do | |
|
2351 | key="$1" | |
|
2352 | case "$key" in | |
|
2353 | ||
|
2354 | -?* ) | |
|
2355 | printf "invalid option: %s\n" "$key" >&2 | |
|
2356 | exit 1 | |
|
2357 | ;; | |
|
2358 | ||
|
2359 | * ) | |
|
2360 | # :command.parse_requirements_case | |
|
2361 | # :command.parse_requirements_case_simple | |
|
2362 | printf "invalid argument: %s\n" "$key" >&2 | |
|
2363 | exit 1 | |
|
2364 | ||
|
2365 | ;; | |
|
2366 | ||
|
2367 | esac | |
|
2368 | done | |
|
2369 | ||
|
2370 | } | |
|
2371 | ||
|
2372 | # :command.parse_requirements | |
|
2373 | rccontrol_stack_upgrade_parse_requirements() { | |
|
2374 | # :command.fixed_flags_filter | |
|
2375 | case "${1:-}" in | |
|
2376 | --help | -h ) | |
|
2377 | long_usage=yes | |
|
2378 | rccontrol_stack_upgrade_usage | |
|
2379 | exit | |
|
2380 | ;; | |
|
2381 | ||
|
2382 | esac | |
|
2383 | ||
|
2384 | # :command.command_filter | |
|
2385 | action="stack-upgrade" | |
|
2386 | ||
|
2387 | # :command.parse_requirements_while | |
|
2388 | while [[ $# -gt 0 ]]; do | |
|
2389 | key="$1" | |
|
2390 | case "$key" in | |
|
2391 | ||
|
2392 | -?* ) | |
|
2393 | printf "invalid option: %s\n" "$key" >&2 | |
|
2394 | exit 1 | |
|
2395 | ;; | |
|
2396 | ||
|
2397 | * ) | |
|
2398 | # :command.parse_requirements_case | |
|
2399 | # :command.parse_requirements_case_simple | |
|
2400 | printf "invalid argument: %s\n" "$key" >&2 | |
|
2401 | exit 1 | |
|
2402 | ||
|
2403 | ;; | |
|
2404 | ||
|
2405 | esac | |
|
2406 | done | |
|
2407 | ||
|
2408 | } | |
|
2409 | ||
|
2410 | # :command.parse_requirements | |
|
2411 | rccontrol_cli_redis_parse_requirements() { | |
|
2412 | # :command.fixed_flags_filter | |
|
2413 | case "${1:-}" in | |
|
2414 | --help | -h ) | |
|
2415 | long_usage=yes | |
|
2416 | rccontrol_cli_redis_usage | |
|
2417 | exit | |
|
2418 | ;; | |
|
2419 | ||
|
2420 | esac | |
|
2421 | ||
|
2422 | # :command.command_filter | |
|
2423 | action="cli-redis" | |
|
2424 | ||
|
2425 | # :command.parse_requirements_while | |
|
2426 | while [[ $# -gt 0 ]]; do | |
|
2427 | key="$1" | |
|
2428 | case "$key" in | |
|
2429 | ||
|
2430 | -?* ) | |
|
2431 | printf "invalid option: %s\n" "$key" >&2 | |
|
2432 | exit 1 | |
|
2433 | ;; | |
|
2434 | ||
|
2435 | * ) | |
|
2436 | # :command.parse_requirements_case | |
|
2437 | # :command.parse_requirements_case_simple | |
|
2438 | printf "invalid argument: %s\n" "$key" >&2 | |
|
2439 | exit 1 | |
|
2440 | ||
|
2441 | ;; | |
|
2442 | ||
|
2443 | esac | |
|
2444 | done | |
|
2445 | ||
|
2446 | } | |
|
2447 | ||
|
2448 | # :command.parse_requirements | |
|
2449 | rccontrol_cli_db_parse_requirements() { | |
|
2450 | # :command.fixed_flags_filter | |
|
2451 | case "${1:-}" in | |
|
2452 | --help | -h ) | |
|
2453 | long_usage=yes | |
|
2454 | rccontrol_cli_db_usage | |
|
2455 | exit | |
|
2456 | ;; | |
|
2457 | ||
|
2458 | esac | |
|
2459 | ||
|
2460 | # :command.command_filter | |
|
2461 | action="cli-db" | |
|
2462 | ||
|
2463 | # :command.parse_requirements_while | |
|
2464 | while [[ $# -gt 0 ]]; do | |
|
2465 | key="$1" | |
|
2466 | case "$key" in | |
|
2467 | ||
|
2468 | -?* ) | |
|
2469 | printf "invalid option: %s\n" "$key" >&2 | |
|
2470 | exit 1 | |
|
2471 | ;; | |
|
2472 | ||
|
2473 | * ) | |
|
2474 | # :command.parse_requirements_case | |
|
2475 | # :command.parse_requirements_case_simple | |
|
2476 | printf "invalid argument: %s\n" "$key" >&2 | |
|
2477 | exit 1 | |
|
2478 | ||
|
2479 | ;; | |
|
2480 | ||
|
2481 | esac | |
|
2482 | done | |
|
2483 | ||
|
2484 | } | |
|
2485 | ||
|
2486 | # :command.parse_requirements | |
|
2487 | rccontrol_cli_db_upgrade_parse_requirements() { | |
|
2488 | # :command.fixed_flags_filter | |
|
2489 | case "${1:-}" in | |
|
2490 | --help | -h ) | |
|
2491 | long_usage=yes | |
|
2492 | rccontrol_cli_db_upgrade_usage | |
|
2493 | exit | |
|
2494 | ;; | |
|
2495 | ||
|
2496 | esac | |
|
2497 | ||
|
2498 | # :command.command_filter | |
|
2499 | action="cli-db-upgrade" | |
|
2500 | ||
|
2501 | # :command.parse_requirements_while | |
|
2502 | while [[ $# -gt 0 ]]; do | |
|
2503 | key="$1" | |
|
2504 | case "$key" in | |
|
2505 | ||
|
2506 | -?* ) | |
|
2507 | printf "invalid option: %s\n" "$key" >&2 | |
|
2508 | exit 1 | |
|
2509 | ;; | |
|
2510 | ||
|
2511 | * ) | |
|
2512 | # :command.parse_requirements_case | |
|
2513 | # :command.parse_requirements_case_simple | |
|
2514 | printf "invalid argument: %s\n" "$key" >&2 | |
|
2515 | exit 1 | |
|
2516 | ||
|
2517 | ;; | |
|
2518 | ||
|
2519 | esac | |
|
2520 | done | |
|
2521 | ||
|
2522 | } | |
|
2523 | ||
|
2524 | # :command.parse_requirements | |
|
2525 | rccontrol__completions_parse_requirements() { | |
|
2526 | # :command.fixed_flags_filter | |
|
2527 | case "${1:-}" in | |
|
2528 | --help | -h ) | |
|
2529 | long_usage=yes | |
|
2530 | rccontrol__completions_usage | |
|
2531 | exit | |
|
2532 | ;; | |
|
2533 | ||
|
2534 | esac | |
|
2535 | ||
|
2536 | # :command.command_filter | |
|
2537 | action="_completions" | |
|
2538 | ||
|
2539 | # :command.parse_requirements_while | |
|
2540 | while [[ $# -gt 0 ]]; do | |
|
2541 | key="$1" | |
|
2542 | case "$key" in | |
|
2543 | ||
|
2544 | -?* ) | |
|
2545 | printf "invalid option: %s\n" "$key" >&2 | |
|
2546 | exit 1 | |
|
2547 | ;; | |
|
2548 | ||
|
2549 | * ) | |
|
2550 | # :command.parse_requirements_case | |
|
2551 | # :command.parse_requirements_case_simple | |
|
2552 | printf "invalid argument: %s\n" "$key" >&2 | |
|
2553 | exit 1 | |
|
2554 | ||
|
2555 | ;; | |
|
2556 | ||
|
2557 | esac | |
|
2558 | done | |
|
2559 | ||
|
2560 | } | |
|
2561 | ||
|
2562 | # :command.parse_requirements | |
|
2563 | rccontrol_backup_db_parse_requirements() { | |
|
2564 | # :command.fixed_flags_filter | |
|
2565 | case "${1:-}" in | |
|
2566 | --help | -h ) | |
|
2567 | long_usage=yes | |
|
2568 | rccontrol_backup_db_usage | |
|
2569 | exit | |
|
2570 | ;; | |
|
2571 | ||
|
2572 | esac | |
|
2573 | ||
|
2574 | # :command.dependencies_filter | |
|
2575 | if ! [[ -x "$(command -v tar)" ]]; then | |
|
2576 | printf "missing dependency: tar\n" >&2 | |
|
2577 | exit 1 | |
|
2578 | fi | |
|
2579 | if ! [[ -x "$(command -v gzip)" ]]; then | |
|
2580 | printf "missing dependency: gzip\n" >&2 | |
|
2581 | exit 1 | |
|
2582 | fi | |
|
2583 | ||
|
2584 | # :command.command_filter | |
|
2585 | action="backup-db" | |
|
2586 | ||
|
2587 | # :command.parse_requirements_while | |
|
2588 | while [[ $# -gt 0 ]]; do | |
|
2589 | key="$1" | |
|
2590 | case "$key" in | |
|
2591 | ||
|
2592 | -?* ) | |
|
2593 | printf "invalid option: %s\n" "$key" >&2 | |
|
2594 | exit 1 | |
|
2595 | ;; | |
|
2596 | ||
|
2597 | * ) | |
|
2598 | # :command.parse_requirements_case | |
|
2599 | # :command.parse_requirements_case_simple | |
|
2600 | printf "invalid argument: %s\n" "$key" >&2 | |
|
2601 | exit 1 | |
|
2602 | ||
|
2603 | ;; | |
|
2604 | ||
|
2605 | esac | |
|
2606 | done | |
|
2607 | ||
|
2608 | } | |
|
2609 | ||
|
2610 | # :command.parse_requirements | |
|
2611 | rccontrol_backup_data_parse_requirements() { | |
|
2612 | # :command.fixed_flags_filter | |
|
2613 | case "${1:-}" in | |
|
2614 | --help | -h ) | |
|
2615 | long_usage=yes | |
|
2616 | rccontrol_backup_data_usage | |
|
2617 | exit | |
|
2618 | ;; | |
|
2619 | ||
|
2620 | esac | |
|
2621 | ||
|
2622 | # :command.dependencies_filter | |
|
2623 | if ! [[ -x "$(command -v tar)" ]]; then | |
|
2624 | printf "missing dependency: tar\n" >&2 | |
|
2625 | exit 1 | |
|
2626 | fi | |
|
2627 | ||
|
2628 | # :command.command_filter | |
|
2629 | action="backup-data" | |
|
2630 | ||
|
2631 | # :command.parse_requirements_while | |
|
2632 | while [[ $# -gt 0 ]]; do | |
|
2633 | key="$1" | |
|
2634 | case "$key" in | |
|
2635 | ||
|
2636 | -?* ) | |
|
2637 | printf "invalid option: %s\n" "$key" >&2 | |
|
2638 | exit 1 | |
|
2639 | ;; | |
|
2640 | ||
|
2641 | * ) | |
|
2642 | # :command.parse_requirements_case | |
|
2643 | # :command.parse_requirements_case_simple | |
|
2644 | printf "invalid argument: %s\n" "$key" >&2 | |
|
2645 | exit 1 | |
|
2646 | ||
|
2647 | ;; | |
|
2648 | ||
|
2649 | esac | |
|
2650 | done | |
|
2651 | ||
|
2652 | } | |
|
2653 | ||
|
2654 | # :command.initialize | |
|
2655 | initialize() { | |
|
2656 | version="4.28.0.REL20221101" | |
|
2657 | long_usage='' | |
|
2658 | set -e | |
|
2659 | ||
|
2660 | # :command.environment_variables_default | |
|
2661 | export RC_CLI_VERSION_NAME="${RC_CLI_VERSION_NAME:-4.27.0}" | |
|
2662 | export RC_STACK_ROUTER_EXT="${RC_STACK_ROUTER_EXT:-.custom/docker-compose-router.override.yaml}" | |
|
2663 | export RC_STACK_METRICS_EXT="${RC_STACK_METRICS_EXT:-.custom/docker-compose-metrics.override.yaml}" | |
|
2664 | export RC_STACK_SERVICES_EXT="${RC_STACK_SERVICES_EXT:-.custom/docker-compose-services.override.yaml}" | |
|
2665 | export RC_STACK_RHODECODE_EXT="${RC_STACK_RHODECODE_EXT:-.custom/docker-compose-apps.override.yaml}" | |
|
2666 | ||
|
2667 | # src/initialize.sh | |
|
2668 | ||
|
2669 | ENV_FILE=$PWD/.env | |
|
2670 | ||
|
2671 | # bootstrap file is a config file at the same time | |
|
2672 | BOOTSTRAP_FILE='.rccontrol-bootstrap' | |
|
2673 | CONFIG_FILE='.rccontrol.ini' | |
|
2674 | ||
|
2675 | VALID_SERVICES="router metrics services rhodecode" | |
|
2676 | DOCKER_DEFS_WORK_DIR="docker_defs" | |
|
2677 | ||
|
2678 | #echo "1 ----" | |
|
2679 | #echo $RC_STACK_SERVICES_EXT | |
|
2680 | #echo $RC_STACK_METRICS_EXT | |
|
2681 | #echo "1 -----" | |
|
2682 | ||
|
2683 | #echo '2 ----' | |
|
2684 | #grep -v -e '^#' "$ENV_FILE" | xargs -I {} echo \'{}\' | |
|
2685 | #echo '2 ----' | |
|
2686 | ||
|
2687 | #expose env vars from rccontrol donfig | |
|
2688 | #if [[ -f $ENV_FILE ]]; then | |
|
2689 | # eval $(grep -v -e '^#' "$ENV_FILE" | xargs -I {} echo export \'{}\') | |
|
2690 | #fi | |
|
2691 | ||
|
2692 | #ENV_EXPAND="" | |
|
2693 | #for k in $(config_keys); do | |
|
2694 | # k_upper=${k^^} | |
|
2695 | # env_entry="-e $k_upper='$(config_get "$k")' " | |
|
2696 | # ENV_EXPAND+=$env_entry; | |
|
2697 | # #echo $env_expand | |
|
2698 | #done | |
|
2699 | ||
|
2700 | # | |
|
2701 | #echo "3 ----" | |
|
2702 | #echo $RC_STACK_SERVICES_EXT | |
|
2703 | #echo $RC_STACK_METRICS_EXT | |
|
2704 | #echo $RC_STACK_RHODECODE_EXT | |
|
2705 | #echo "3 -----" | |
|
2706 | ||
|
2707 | #env | grep RC_ | |
|
2708 | ||
|
2709 | # backup files from a docker volume into /tmp/backup.tar.gz | |
|
2710 | docker-volume-backup-compressed() { | |
|
2711 | docker run --rm -v /tmp:/backup --volumes-from "$1" debian:jessie tar -czvf /backup/backup.tar.gz "${@:2}" | |
|
2712 | } | |
|
2713 | ||
|
2714 | # restore files from /tmp/backup.tar.gz into a docker volume | |
|
2715 | docker-volume-restore-compressed() { | |
|
2716 | docker run --rm -v /tmp:/backup --volumes-from "$1" debian:jessie tar -xzvf /backup/backup.tar.gz "${@:2}" | |
|
2717 | echo "Double checking files..." | |
|
2718 | docker run --rm -v /tmp:/backup --volumes-from "$1" debian:jessie ls -lh "${@:2}" | |
|
2719 | } | |
|
2720 | ||
|
2721 | # backup files from a docker volume into /tmp/backup.tar | |
|
2722 | docker-volume-backup() { | |
|
2723 | docker run --rm -v /tmp:/backup --volumes-from "$1" busybox tar -cvf /backup/backup.tar "${@:2}" | |
|
2724 | } | |
|
2725 | ||
|
2726 | # restore files from /tmp/backup.tar into a docker volume | |
|
2727 | docker-volume-restore() { | |
|
2728 | docker run --rm -v /tmp:/backup --volumes-from "$1" busybox tar -xvf /backup/backup.tar "${@:2}" | |
|
2729 | echo "Double checking files..." | |
|
2730 | docker run --rm -v /tmp:/backup --volumes-from "$1" busybox ls -lh "${@:2}" | |
|
2731 | } | |
|
2732 | ||
|
2733 | get_started() { | |
|
2734 | echo "" | |
|
2735 | echo "~~~~ $(green Bootstrap completed) ~~~~" | |
|
2736 | echo "To start using RhodeCode run the following stacks using ./rccontrol stack [STACK_NAME]" | |
|
2737 | echo "" | |
|
2738 | echo "$(yellow_bold [Optional]): run the edge router to control domain and SSL" | |
|
2739 | echo "./rccontrol stack router up --detach" | |
|
2740 | echo "" | |
|
2741 | echo "$(green_bold [Mandatory]): run the services, like database, redis, channelstream etc..." | |
|
2742 | echo "./rccontrol stack services up --detach" | |
|
2743 | echo "" | |
|
2744 | echo "$(green_bold [Mandatory]): run the rhodecode app stack" | |
|
2745 | echo "./rccontrol stack rhodecode up --detach" | |
|
2746 | echo "" | |
|
2747 | echo "$(yellow_bold [Optional]): run the monitoring stack, this includes grafana/promethues logging/metrics system" | |
|
2748 | echo "./rccontrol stack metrics up --detach" | |
|
2749 | echo "" | |
|
2750 | echo "check services status/ports" | |
|
2751 | echo "./rccontrol status" | |
|
2752 | } | |
|
2753 | } | |
|
2754 | ||
|
2755 | # :command.run | |
|
2756 | run() { | |
|
2757 | declare -A args=() | |
|
2758 | declare -a other_args=() | |
|
2759 | declare -a input=() | |
|
2760 | normalize_input "$@" | |
|
2761 | parse_requirements "${input[@]}" | |
|
2762 | ||
|
2763 | if [[ $action == "self-update" ]]; then | |
|
2764 | if [[ ${args[--help]:-} ]]; then | |
|
2765 | long_usage=yes | |
|
2766 | rccontrol_self_update_usage | |
|
2767 | else | |
|
2768 | rccontrol_self_update_command | |
|
2769 | fi | |
|
2770 | ||
|
2771 | elif [[ $action == "bootstrap" ]]; then | |
|
2772 | if [[ ${args[--help]:-} ]]; then | |
|
2773 | long_usage=yes | |
|
2774 | rccontrol_bootstrap_usage | |
|
2775 | else | |
|
2776 | rccontrol_bootstrap_command | |
|
2777 | fi | |
|
2778 | ||
|
2779 | elif [[ $action == "get-build-artifacts" ]]; then | |
|
2780 | if [[ ${args[--help]:-} ]]; then | |
|
2781 | long_usage=yes | |
|
2782 | rccontrol_get_build_artifacts_usage | |
|
2783 | else | |
|
2784 | rccontrol_get_build_artifacts_command | |
|
2785 | fi | |
|
2786 | ||
|
2787 | elif [[ $action == "build" ]]; then | |
|
2788 | if [[ ${args[--help]:-} ]]; then | |
|
2789 | long_usage=yes | |
|
2790 | rccontrol_build_usage | |
|
2791 | else | |
|
2792 | rccontrol_build_command | |
|
2793 | fi | |
|
2794 | ||
|
2795 | elif [[ $action == "get-build-source" ]]; then | |
|
2796 | if [[ ${args[--help]:-} ]]; then | |
|
2797 | long_usage=yes | |
|
2798 | rccontrol_get_build_source_usage | |
|
2799 | else | |
|
2800 | rccontrol_get_build_source_command | |
|
2801 | fi | |
|
2802 | ||
|
2803 | elif [[ $action == "build-source" ]]; then | |
|
2804 | if [[ ${args[--help]:-} ]]; then | |
|
2805 | long_usage=yes | |
|
2806 | rccontrol_build_source_usage | |
|
2807 | else | |
|
2808 | rccontrol_build_source_command | |
|
2809 | fi | |
|
2810 | ||
|
2811 | elif [[ $action == "stack" ]]; then | |
|
2812 | if [[ ${args[--help]:-} ]]; then | |
|
2813 | long_usage=yes | |
|
2814 | rccontrol_stack_usage | |
|
2815 | else | |
|
2816 | rccontrol_stack_command | |
|
2817 | fi | |
|
2818 | ||
|
2819 | elif [[ $action == "stack-status" ]]; then | |
|
2820 | if [[ ${args[--help]:-} ]]; then | |
|
2821 | long_usage=yes | |
|
2822 | rccontrol_stack_status_usage | |
|
2823 | else | |
|
2824 | rccontrol_stack_status_command | |
|
2825 | fi | |
|
2826 | ||
|
2827 | elif [[ $action == "stack-upgrade" ]]; then | |
|
2828 | if [[ ${args[--help]:-} ]]; then | |
|
2829 | long_usage=yes | |
|
2830 | rccontrol_stack_upgrade_usage | |
|
2831 | else | |
|
2832 | rccontrol_stack_upgrade_command | |
|
2833 | fi | |
|
2834 | ||
|
2835 | elif [[ $action == "cli-redis" ]]; then | |
|
2836 | if [[ ${args[--help]:-} ]]; then | |
|
2837 | long_usage=yes | |
|
2838 | rccontrol_cli_redis_usage | |
|
2839 | else | |
|
2840 | rccontrol_cli_redis_command | |
|
2841 | fi | |
|
2842 | ||
|
2843 | elif [[ $action == "cli-db" ]]; then | |
|
2844 | if [[ ${args[--help]:-} ]]; then | |
|
2845 | long_usage=yes | |
|
2846 | rccontrol_cli_db_usage | |
|
2847 | else | |
|
2848 | rccontrol_cli_db_command | |
|
2849 | fi | |
|
2850 | ||
|
2851 | elif [[ $action == "cli-db-upgrade" ]]; then | |
|
2852 | if [[ ${args[--help]:-} ]]; then | |
|
2853 | long_usage=yes | |
|
2854 | rccontrol_cli_db_upgrade_usage | |
|
2855 | else | |
|
2856 | rccontrol_cli_db_upgrade_command | |
|
2857 | fi | |
|
2858 | ||
|
2859 | elif [[ $action == "_completions" ]]; then | |
|
2860 | if [[ ${args[--help]:-} ]]; then | |
|
2861 | long_usage=yes | |
|
2862 | rccontrol__completions_usage | |
|
2863 | else | |
|
2864 | rccontrol__completions_command | |
|
2865 | fi | |
|
2866 | ||
|
2867 | elif [[ $action == "backup-db" ]]; then | |
|
2868 | if [[ ${args[--help]:-} ]]; then | |
|
2869 | long_usage=yes | |
|
2870 | rccontrol_backup_db_usage | |
|
2871 | else | |
|
2872 | rccontrol_backup_db_command | |
|
2873 | fi | |
|
2874 | ||
|
2875 | elif [[ $action == "backup-data" ]]; then | |
|
2876 | if [[ ${args[--help]:-} ]]; then | |
|
2877 | long_usage=yes | |
|
2878 | rccontrol_backup_data_usage | |
|
2879 | else | |
|
2880 | rccontrol_backup_data_command | |
|
2881 | fi | |
|
2882 | ||
|
2883 | elif [[ $action == "root" ]]; then | |
|
2884 | root_command | |
|
2885 | fi | |
|
2886 | } | |
|
2887 | ||
|
2888 | initialize | |
|
2889 | run "$@" |
@@ -1,31 +1,56 b'' | |||
|
1 | COMPOSE_PROJECT_NAME=rc_cluster | |
|
1 | #COMPOSE_PROJECT_NAME=rc_cluster | |
|
2 | 2 | TZ="UTC" |
|
3 | 3 | |
|
4 | ||
|
4 | 5 | # Version to deploy and run |
|
5 | RC_VERSION="4.28.0" | |
|
6 | ## VERSION_INFO | |
|
7 | RC_VERSION="4.28.0.REL20221120_SOURCE" | |
|
8 | #RC_CLI_VERSION_NAME="4.27.0" | |
|
9 | ||
|
10 | # ce, or ee | |
|
11 | RC_EDITION=ee | |
|
12 | RC_IMAGE_CE="rhodecode/rhodecode-ee:$RC_VERSION" | |
|
13 | RC_IMAGE_EE="rhodecode/rhodecode-ce:$RC_VERSION" | |
|
6 | 14 | |
|
7 | # Database access credentials | |
|
15 | # Database bootstrap/access credentials | |
|
8 | 16 | DB_NAME=rhodecode |
|
9 | 17 | DB_USER=rhodecode |
|
10 | DB_PASSWORD=hUc1adS7oDd6Oj3in3 | |
|
11 | 18 | |
|
12 | # base url for running app | |
|
13 | RHODECODE_BASE_URL=http://localhost:8888 | |
|
19 | # Bootstrap container with specific password | |
|
20 | # This password will be used to generate new account and password for the database | |
|
21 | DB_PASSWORD=[GENERATED_AT_BOOTSTRAP] | |
|
14 | 22 | |
|
15 | # HTTP and HTTPS ports for running app | |
|
16 | RC_HTTP_PORT=8888 | |
|
17 | RC_HTTPS_PORT=8443 | |
|
23 | # set limit of redis in-memory cache before keys get evicted using LRU cache | |
|
24 | RC_REDIS_MAXMEMORY=1024mb | |
|
25 | ||
|
26 | # set the size of ramdisk used for locking files | |
|
27 | RC_DATA_RAMDISK_SIZE=1G | |
|
28 | ||
|
29 | # base url for running app, this is used for traefik hasname matching, so accessing this host will redirect | |
|
30 | # traffic to the running instance | |
|
31 | # replace this with your name of host. e.g http://yourdomain.com or https://rc.company.local | |
|
32 | RHODECODE_HOSTNAME=docker-dev | |
|
18 | 33 | |
|
19 | # SSH Port exposed, increased security is to not used default 22 | |
|
20 | RC_SSH_PORT=9022 | |
|
21 | 34 | |
|
22 | 35 | # user/password for first admin user created for access |
|
23 | RHODECODE_USER_EMAIL=admin@rhodecode.com | |
|
36 | # this is a bootstrap super-admin account to access the web interface | |
|
37 | RHODECODE_USER_EMAIL=admin@server-com | |
|
24 | 38 | RHODECODE_USER_NAME=admin |
|
25 | 39 | RHODECODE_USER_PASS=secret4 |
|
26 | 40 | |
|
41 | ||
|
42 | ||
|
43 | ||
|
44 | # HTTP and HTTPS ports for running app | |
|
45 | RC_HTTP_PORT=8888 | |
|
46 | ||
|
47 | # SSH Port exposed, increased security is to not used default 22 | |
|
48 | RC_SSH_PORT=3022 | |
|
49 | ||
|
50 | ||
|
51 | ## RHODECODE RUNTIME VARS | |
|
52 | ||
|
27 | 53 | ## New since 4.27.0, default GIT branch name can be changed |
|
28 | 54 | GIT_DEFAULT_BRANCH_NAME=master |
|
29 | 55 | |
|
30 | ## Source build version for image | |
|
31 | SOURCE_VER=4.28.0.REL1 | |
|
56 |
@@ -1,21 +1,23 b'' | |||
|
1 | 1 | # CACHE FILES |
|
2 | 2 | .cache/RhodeCode-installer* |
|
3 | 3 | .cache/*.tar.bz2 |
|
4 | 4 | .cache/locale-archive |
|
5 | 5 | |
|
6 | # Source code downloaded | |
|
7 | .source/* | |
|
8 | ||
|
9 | # Custom / override wont be tracked | |
|
10 | .custom/* | |
|
11 | ||
|
6 | 12 | # LOGS |
|
7 | 13 | logs/*.log |
|
8 | 14 | logs/nginx/*.log |
|
9 | 15 | logs/svn/*.log |
|
10 | 16 | logs/apps/*.log |
|
11 | 17 | logs/postgres/*.log |
|
12 | 18 | |
|
13 | 19 | .idea |
|
14 | 20 | config/_shared/.rcmetadata.json |
|
15 | 21 | |
|
16 | .source/* | |
|
17 | scripts/download-artifacts-secret.sh | |
|
18 | ||
|
19 | scripts/download-source-secret.sh | |
|
20 | ||
|
21 | .rccontrol-bootstrap No newline at end of file | |
|
22 | .rccontrol-bootstrap | |
|
23 | .rccontrol.ini No newline at end of file |
@@ -1,258 +1,298 b'' | |||
|
1 | 1 | # RhodeCode Cluster |
|
2 | 2 | |
|
3 |
RhodeCode Cluster is a multi-node highly-scalable setup to run |
|
|
3 | RhodeCode Cluster is a multi-node highly-scalable setup to run | |
|
4 | RhodeCode, Edge Router(Traefik + SSL) and Metrics Stack (Prometheus, Loki, Grafana) and | |
|
4 | 5 | all its additional components in single environment using Docker. |
|
5 | 6 | |
|
6 | 7 | Using a docker-compose this setup creates following services for RhodeCode: |
|
7 | 8 | |
|
8 | - Nginx HTTP Server for load balancing and reverse proxy | |
|
9 | - RhodeCode HTTP | |
|
10 | - VCSServer for GIT/SVN/HG support | |
|
11 | - SSH Server for cloning over SSH | |
|
12 | - SVN webserver for HTTP support over SVN | |
|
13 | - Celery workers for asynchronous tasks | |
|
14 | - Celery beat for automation tasks | |
|
15 | - Redis Database for caching | |
|
16 | - Postgres database for persistent storage | |
|
17 | - Channelstream websocket server for live components | |
|
9 | Edge-Router: | |
|
10 | - Traefik, Edge Router, SSL termination etc | |
|
11 | ||
|
12 | Core Services: | |
|
13 | - Database (defaults to PostgreSQL) | |
|
14 | - Redis, acts as cache and queue exchange | |
|
15 | - ChannelStream - live websocket communications | |
|
16 | - Nginx (static/channelstream) proxy serving RhodeCode APPS and channelstream communication | |
|
17 | - Elasticsearch (full text search backend) | |
|
18 | ||
|
19 | RhodeCode | |
|
20 | - RhodeCode CE/EE | |
|
21 | - VCSServer for GIT/SVN/HG support | |
|
22 | - SSH Server for cloning over SSH | |
|
23 | - SVN webserver for HTTP support over SVN | |
|
24 | - Celery workers for asynchronous tasks | |
|
25 | - Celery beat for automation tasks | |
|
26 | ||
|
27 | Metrics | |
|
28 | - Loki, logs aggregation | |
|
29 | - Grafana, Metrics Dashboard | |
|
30 | - Promethues, Metrics time-series | |
|
31 | - statsd-exporter - statsd to promethues bridge | |
|
32 | - node-exporter - machine stats | |
|
33 | - promtail - log scraping | |
|
18 | 34 | |
|
19 | 35 | |
|
20 | 36 | ## Pre requisites |
|
21 | 37 | |
|
38 | To Run this stack Docker engine and Docker Compose needs to be installed on the host machine. | |
|
22 | 39 | Visit docker site and install docker (min version 20.10) and docker compose: |
|
23 | 40 | |
|
24 |
- https://docs.docker.com/engine/install/ |
|
|
25 | - https://docs.docker.com/compose/install/ | |
|
41 | - https://docs.docker.com/engine/install/ | |
|
42 | - https://docs.docker.com/compose/install/ | |
|
26 | 43 | |
|
27 | 44 | The instructions below outline installation of the current stable release (v1.29.2) of Compose. |
|
28 | 45 | |
|
29 | 46 | ## Data structure |
|
30 | 47 | |
|
31 | 48 | There are 4 volumes defined: |
|
32 | 49 | |
|
33 | 50 | |
|
34 | 51 | - `/etc/rhodecode/conf` |
|
35 | 52 | |
|
36 |
|
|
|
53 | Shared volume used for configuration files for rhodecode, vcsserver and supervisord, and some cache data | |
|
37 | 54 | |
|
38 | 55 | - `/var/opt/rhodecode_repo_store` |
|
39 | 56 | |
|
40 |
|
|
|
57 | Used for main repository storage where repositories would be stored | |
|
41 | 58 | |
|
42 | 59 | - `/var/opt/rhodecode_data` |
|
43 | 60 | |
|
44 |
|
|
|
61 | Data dir for rhodecode cache/lock files, or user sessions (for file backend) | |
|
45 | 62 | |
|
46 | 63 | - `/var/log/rhodecode` |
|
47 | 64 | |
|
48 |
|
|
|
65 | Used to store all logs from RhodeCode | |
|
49 | 66 | |
|
50 | 67 | |
|
51 | 68 | ## Setup/Build options |
|
52 | 69 | |
|
53 | 70 | There are 3 options to run the docker stack. |
|
54 | 71 | |
|
55 | 72 | - [Standalone cluster build from installer](#standalone-cluster-build-from-installer) |
|
56 | 73 | - [Standalone cluster build from source](#standalone-cluster-build-from-source) |
|
57 |
- [dev enviroment setup](# |
|
|
74 | - [dev environment setup](#dev-env-build) | |
|
75 | ||
|
58 | 76 | |
|
59 | 77 | |
|
60 | 78 | # Standalone cluster build from installer |
|
61 | 79 | |
|
62 | 80 | Follow these steps to build and run the RhodeCode Cluster via Docker-compose. |
|
63 | 81 | Get the repository: |
|
64 | 82 | |
|
65 | 83 | git clone https://code.rhodecode.com/rhodecode-enterprise-docker && cd rhodecode-enterprise-docker |
|
66 | 84 | |
|
67 | 85 | ## Download installer binaries |
|
68 | 86 | |
|
69 | 87 | First start by fetching required installer binaries. This is required to create both |
|
70 | 88 | simple build and full compose setup. |
|
71 | 89 | Please check the `.env` file to adjust RhodeCode version if needed. |
|
72 | 90 | (e.g. RC_VERSION="4.24.1") |
|
73 | 91 | |
|
74 | 92 | ```shell |
|
75 | 93 | cd .bootstrap/ && ./download-artifacts.sh && cd ../ |
|
76 | 94 | ``` |
|
77 | 95 | |
|
78 | 96 | This will download required installer files and put them into the `.cache` directory. |
|
79 | 97 | This directory should look similar to that after downloads have finish: |
|
80 | 98 | |
|
81 | 99 | ```shell |
|
82 | 100 | drwxr-xr-x 8 rcdev rcdev 256B Feb 8 13:35 . |
|
83 | 101 | drwxr-xr-x 14 rcdev rcdev 448B Feb 8 10:40 .. |
|
84 | 102 | -rw-r--r-- 1 rcdev rcdev 0B Feb 8 20:44 .dirkeep |
|
85 | 103 | -rwxr-xr-x 1 rcdev rcdev 241M Feb 8 13:35 RhodeCode-installer-linux-build20210208_0800 |
|
86 | 104 | -rw-r--r-- 1 rcdev rcdev 156M Feb 8 13:35 RhodeCodeCommunity-4.24.1+x86_64-linux_build20210208_0800.tar.bz2 |
|
87 | 105 | -rw-r--r-- 1 rcdev rcdev 171M Feb 8 13:35 RhodeCodeEnterprise-4.24.1+x86_64-linux_build20210208_0800.tar.bz2 |
|
88 | 106 | -rw-r--r-- 1 rcdev rcdev 145M Feb 8 13:35 RhodeCodeVCSServer-4.24.1+x86_64-linux_build20210208_0800.tar.bz2 |
|
89 | 107 | -rw-r--r-- 1 rcdev rcdev 109M Feb 8 13:35 locale-archive |
|
90 | 108 | ``` |
|
91 | 109 | |
|
92 | 110 | ## Set License for EE version |
|
93 | 111 | |
|
94 |
In order to install EE edition a |
|
|
112 | In order to install EE edition a license file is required to be present. | |
|
113 | It can contain your current license, or when empty license can be applied via Web interface. | |
|
114 | ||
|
95 | 115 | To apply it during build phase save your raw license data into a file |
|
96 | 116 | |
|
97 |
`config/ |
|
|
117 | `config/rhodecode_enterprise.license` | |
|
98 | 118 | |
|
99 | 119 | If this file is present build phase will read it and license will be applied at creation. |
|
100 | 120 | This file can also be empty and license can be applied via a WEB interface after first login. |
|
101 | 121 | |
|
102 | 122 | ## Run Docker compose build: |
|
103 | 123 | |
|
104 | 124 | *This will build RhodeCode based on downloaded installer packages.* |
|
105 | 125 | |
|
106 | 126 | To create a full stack we need to run the database container, so it's ready to |
|
107 | 127 | build the docker image. |
|
108 | 128 | |
|
109 | 129 | _Disk space problems?_ |
|
110 | 130 | |
|
111 | 131 | ```shell |
|
112 | 132 | docker system df |
|
113 | 133 | docker builder prune |
|
134 | # optionally | |
|
135 | docker image prune -a | |
|
114 | 136 | ``` |
|
137 | ### Creating & building images | |
|
115 | 138 | |
|
116 | 139 | 1) start with running the required database for the build stage in the background. |
|
117 | 140 | |
|
118 | 141 | ```shell |
|
119 | 142 | docker-compose up --detach database |
|
120 | 143 | ``` |
|
121 | 144 | |
|
122 | 145 | This will start our postgres database, and expose it to the network. |
|
146 | Postgres DB is configured to output logs into a file `/var/log/rhodecode/postgres` | |
|
123 | 147 | |
|
124 | 148 | 2) We can now run the full installation. Database needs to be running for the next build command. |
|
125 | ||
|
149 | This will build the rhodecode base image used for rhodecode, vcsserver, celery, ssh, svn | |
|
150 | Then it will build all other components required. | |
|
151 | ||
|
126 | 152 | ```shell |
|
127 | 153 | docker-compose build rhodecode |
|
128 | 154 | docker-compose build |
|
129 | 155 | ``` |
|
130 | 156 | |
|
131 |
|
|
|
157 | 4) Once we build all required containers, we can run the whole stack using `docker-compose up` | |
|
132 | 158 | |
|
133 | 159 | ```shell |
|
134 | 160 | docker-compose up |
|
135 | 161 | ``` |
|
136 | 162 | |
|
137 | 163 | If running locally you can access Running RhodeCode via Nginx under: |
|
138 | 164 | http://localhost:8888 |
|
139 | 165 | |
|
140 | 166 | localhost can be changed to the server IP where docker is running. |
|
141 | 167 | |
|
142 | 168 | |
|
143 | 169 | In case for bigger setups docker-compose can scale more rhodecode/vcsserver workers: |
|
144 | 170 | |
|
145 | 171 | ```shell |
|
146 | 172 | docker-compose up --scale vcsserver=3 rhodecode=3 |
|
147 | 173 | ``` |
|
148 | 174 | |
|
175 | Logging is pushed to stdout from all services. | |
|
176 | ||
|
149 | 177 | |
|
150 | Upgrade: | |
|
178 | ### Upgrade procedure: | |
|
151 | 179 | |
|
152 | 180 | - pull the latest rhodecode-docker repo |
|
153 | 181 | - check .env file for correct update version |
|
154 | 182 | - re-build rhodecode |
|
155 | 183 | - docker-compose build rhodecode |
|
184 | - docker-compose build | |
|
156 | 185 | - docker-compose stop |
|
157 | 186 | - docker-compose up |
|
158 | 187 | |
|
159 | 188 | # Standalone cluster build from source |
|
160 | 189 | |
|
161 |
There's an option to build the latest |
|
|
190 | There's an option to build the latest release from the source code as a docker installation. | |
|
191 | ||
|
192 | If you have the 3 required projects source code already, the next step can be omitted, and the | |
|
193 | sources can be copied to the `.source/` directory. note: symlinks don't work. | |
|
162 | 194 | |
|
163 | Download the source: | |
|
195 | - https://code.rhodecode.com/rhodecode-vcsserver | |
|
196 | - https://code.rhodecode.com/rhodecode-enterprise-ce | |
|
197 | - https://code.rhodecode.com/rhodecode-enterprise-ee (assuming access is granted to this) | |
|
198 | ||
|
199 | Download the source using bootstrap script: | |
|
164 | 200 | |
|
165 | 201 | ```shell |
|
166 | 202 | cd .boostrap/ && ./download-source.sh && cd ../ |
|
167 | 203 | ``` |
|
168 | 204 | |
|
169 | 205 | This step will create source code copies into the `.source/` path. e.g |
|
170 | 206 | ``` |
|
171 | 207 | -rw-r--r-- 1 docker docker 0 Nov 25 12:27 .dirkeep |
|
172 | 208 | drwxr-xr-x 1 docker docker 1184 Nov 25 12:27 rhodecode-enterprise-ce |
|
173 | 209 | drwxr-xr-x 1 docker docker 1120 Nov 25 12:27 rhodecode-enterprise-ee |
|
174 | 210 | drwxr-xr-x 1 docker docker 800 Nov 25 12:27 rhodecode-vcsserver |
|
175 | 211 | ``` |
|
176 | 212 | |
|
177 | If you have the source already, this step can be omitted, and the | |
|
178 | sources can be linked or copied to this directory | |
|
179 | ||
|
213 | With this done, you can now proceed with every step of normal source installation (Creating & building images), but instead of using | |
|
214 | just `docker-compose` command it needs to be replaced with `docker-compose -f docker-compose.yaml -f docker-compose.source.yaml` | |
|
180 | 215 | |
|
181 | Build the source based image | |
|
216 | For example to override the installer build with the source `rhodecode` based image, and also setting proper version, run: | |
|
182 | 217 | |
|
183 | 218 | ```shell |
|
184 | docker-compose -f docker-compose.yaml -f docker-compose.source.yaml build --no-cache --progress=plain rhodecode | |
|
219 | RC_VERSION="4.27.0.REL202221020" docker-compose -f docker-compose-apps.yaml -f docker-compose.source.yaml build --no-cache --progress=plain rhodecode | |
|
185 | 220 | ``` |
|
186 | 221 | |
|
187 | to create a source install override and build based on the downloaded sources. | |
|
188 | ||
|
189 | ||
|
190 | Logging is pushed to stdout from all services. | |
|
222 | NOTE THAT it's recommended to keep rc_version and source_Ver the same | |
|
191 | 223 | |
|
192 | 224 | ## Simple build |
|
193 | 225 | |
|
194 | 226 | Build docker RhodeCode `Community` without any dependencies (redis, external db) using |
|
195 | 227 | simple sqlite database and file based caches. |
|
196 | 228 | This is a fully running instance good for small use with 3-5 users. |
|
197 | 229 | |
|
198 | 230 | ```shell |
|
199 | docker build -t rhodecode:4.23.2 -f rhodecode.dockerfile \ | |
|
231 | docker build -t rhodecode/rhodecode-ce:4.23.2 -f rhodecode.dockerfile \ | |
|
200 | 232 | -e RHODECODE_TYPE=Community \ |
|
201 | 233 | -e RHODECODE_VERSION=4.23.2 \ |
|
202 | 234 | -e RHODECODE_DB=sqlite \ |
|
203 | 235 | -e RHODECODE_USER_NAME=admin \ |
|
204 | 236 | -e RHODECODE_USER_PASS=secret4 \ |
|
205 | 237 | -e RHODECODE_USER_EMAIL=support@rhodecode.com \ |
|
206 | 238 | . |
|
207 | 239 | ``` |
|
208 | 240 | |
|
209 | 241 | note: for debugging better to add `--progress plain` into the build command to obtain all the output from the build. |
|
210 | 242 | To Build against existing running Postgres or MySQL you can specify: |
|
211 | 243 | |
|
212 | 244 | --build-arg RHODECODE_DB=postgresql://postgres:secret@database/rhodecode |
|
213 | 245 | --build-arg RHODECODE_DB=mysql://root:secret@localhost/rhodecode?charset=utf8 |
|
214 | 246 | |
|
215 | 247 | |
|
216 | 248 | To copy over the data into volumes use such command: |
|
217 | 249 | ```shell |
|
218 | 250 | docker run -v logvolume:/data --name data_vol busybox true |
|
219 | 251 | docker cp . data_vol:/data |
|
220 | 252 | docker rm data_vol |
|
221 | 253 | ``` |
|
222 | 254 | |
|
223 | 255 | Run the container, mounting the required volumes. By default the application would be |
|
224 | 256 | available at http://localhost:10020, and default login is (unless specified differently in the build command) |
|
225 | 257 | |
|
226 | 258 | ``` |
|
227 | 259 | user: admin |
|
228 | 260 | password: secret4 |
|
229 | 261 | ``` |
|
230 | 262 | |
|
231 | 263 | We've not built our image using specific version. It's time to run it: |
|
264 | We specify the run.ini by selecting config option we have locally | |
|
232 | 265 | |
|
233 | 266 | ```shell |
|
234 | 267 | docker run \ |
|
235 | 268 | --name rhodecode-container \ |
|
236 | 269 | --publish 10020:10020 \ |
|
237 | 270 | --restart unless-stopped \ |
|
238 | 271 | --volume $PWD/config:/etc/rhodecode/conf \ |
|
272 | --volume $PWD/config/rhodecode.optimized.ini:/etc/rhodecode/conf_build/run.ini \ | |
|
239 | 273 | --volume $PWD/logs:/var/log/rhodecode \ |
|
240 | 'rhodecode:4.23.2' | |
|
274 | 'rhodecode/rhodecode-ee:4.23.2' | |
|
241 | 275 | ``` |
|
242 | 276 | |
|
243 | 277 | Enter container |
|
244 | 278 | |
|
245 | 279 | ```shell |
|
246 | 280 | docker exec -it rhodecode-container /bin/bash |
|
247 | 281 | ``` |
|
248 | 282 | |
|
249 | 283 | Enter interactive shell |
|
250 | 284 | |
|
251 | 285 | ```shell |
|
252 |
docker exec -it rhodecode-container / |
|
|
286 | docker exec -it rhodecode-container /usr/local/bin/rhodecode_bin/bin/rc-ishell /etc/rhodecode/conf/rhodecode.ini | |
|
253 | 287 | ``` |
|
254 | 288 | |
|
255 | 289 | Run Database migrations |
|
256 | 290 | ```shell |
|
257 |
docker exec -it rhodecode-container / |
|
|
258 | ``` No newline at end of file | |
|
291 | docker exec -it rhodecode-container /usr/local/bin/rhodecode_bin/bin/rc-upgrade-db /etc/rhodecode/conf/rhodecode.ini --force-yes | |
|
292 | ``` | |
|
293 | ||
|
294 | ||
|
295 | ||
|
296 | ### Registry for docker swarm | |
|
297 | ||
|
298 | docker run -d -p 5000:5000 --restart always --name registry registry:2 No newline at end of file |
|
1 | NO CONTENT: file renamed from config/compose/rhodecode_enterprise.license to config/_shared/rhodecode_enterprise.license |
|
1 | NO CONTENT: file renamed from service/database/mysql_customized.conf to config/database/mysql_customized.conf |
@@ -1,808 +1,810 b'' | |||
|
1 | ## docker run -i --rm postgres cat /usr/share/postgresql/postgresql.conf.sample > my-postgres.conf | |
|
1 | 2 | # ----------------------------- |
|
2 | 3 | # PostgreSQL configuration file |
|
3 | 4 | # ----------------------------- |
|
4 | 5 | # |
|
5 | 6 | # This file consists of lines of the form: |
|
6 | 7 | # |
|
7 | 8 | # name = value |
|
8 | 9 | # |
|
9 | 10 | # (The "=" is optional.) Whitespace may be used. Comments are introduced with |
|
10 | 11 | # "#" anywhere on a line. The complete list of parameter names and allowed |
|
11 | 12 | # values can be found in the PostgreSQL documentation. |
|
12 | 13 | # |
|
13 | 14 | # The commented-out settings shown in this file represent the default values. |
|
14 | 15 | # Re-commenting a setting is NOT sufficient to revert it to the default value; |
|
15 | 16 | # you need to reload the server. |
|
16 | 17 | # |
|
17 | 18 | # This file is read on server startup and when the server receives a SIGHUP |
|
18 | 19 | # signal. If you edit the file on a running system, you have to SIGHUP the |
|
19 | 20 | # server for the changes to take effect, run "pg_ctl reload", or execute |
|
20 | 21 | # "SELECT pg_reload_conf()". Some parameters, which are marked below, |
|
21 | 22 | # require a server shutdown and restart to take effect. |
|
22 | 23 | # |
|
23 | 24 | # Any parameter can also be given as a command-line option to the server, e.g., |
|
24 | 25 | # "postgres -c log_connections=on". Some parameters can be changed at run time |
|
25 | 26 | # with the "SET" SQL command. |
|
26 | 27 | # |
|
27 | 28 | # Memory units: B = bytes Time units: us = microseconds |
|
28 | 29 | # kB = kilobytes ms = milliseconds |
|
29 | 30 | # MB = megabytes s = seconds |
|
30 | 31 | # GB = gigabytes min = minutes |
|
31 | 32 | # TB = terabytes h = hours |
|
32 | 33 | # d = days |
|
33 | 34 | |
|
34 | 35 | |
|
35 | 36 | #------------------------------------------------------------------------------ |
|
36 | 37 | # FILE LOCATIONS |
|
37 | 38 | #------------------------------------------------------------------------------ |
|
38 | 39 | |
|
39 | 40 | # The default values of these variables are driven from the -D command-line |
|
40 | 41 | # option or PGDATA environment variable, represented here as ConfigDir. |
|
41 | 42 | |
|
42 | 43 | #data_directory = 'ConfigDir' # use data in another directory |
|
43 | 44 | # (change requires restart) |
|
44 | 45 | #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file |
|
45 | 46 | # (change requires restart) |
|
46 | 47 | #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file |
|
47 | 48 | # (change requires restart) |
|
48 | 49 | |
|
49 | 50 | # If external_pid_file is not explicitly set, no extra PID file is written. |
|
50 | 51 | #external_pid_file = '' # write an extra PID file |
|
51 | 52 | # (change requires restart) |
|
52 | 53 | |
|
53 | 54 | |
|
54 | 55 | #------------------------------------------------------------------------------ |
|
55 | 56 | # CONNECTIONS AND AUTHENTICATION |
|
56 | 57 | #------------------------------------------------------------------------------ |
|
57 | 58 | |
|
58 | 59 | # - Connection Settings - |
|
59 | 60 | |
|
60 | 61 | listen_addresses = '*' |
|
61 | 62 | # comma-separated list of addresses; |
|
62 | 63 | # defaults to 'localhost'; use '*' for all |
|
63 | 64 | # (change requires restart) |
|
64 | 65 | #port = 5432 # (change requires restart) |
|
65 | 66 | #max_connections = 100 # (change requires restart) |
|
66 | 67 | #superuser_reserved_connections = 3 # (change requires restart) |
|
67 | 68 | #unix_socket_directories = '/tmp' # comma-separated list of directories |
|
68 | 69 | # (change requires restart) |
|
69 | 70 | #unix_socket_group = '' # (change requires restart) |
|
70 | 71 | #unix_socket_permissions = 0777 # begin with 0 to use octal notation |
|
71 | 72 | # (change requires restart) |
|
72 | 73 | #bonjour = off # advertise server via Bonjour |
|
73 | 74 | # (change requires restart) |
|
74 | 75 | #bonjour_name = '' # defaults to the computer name |
|
75 | 76 | # (change requires restart) |
|
76 | 77 | |
|
77 | 78 | # - TCP settings - |
|
78 | 79 | # see "man tcp" for details |
|
79 | 80 | |
|
80 | 81 | #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; |
|
81 | 82 | # 0 selects the system default |
|
82 | 83 | #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; |
|
83 | 84 | # 0 selects the system default |
|
84 | 85 | #tcp_keepalives_count = 0 # TCP_KEEPCNT; |
|
85 | 86 | # 0 selects the system default |
|
86 | 87 | #tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds; |
|
87 | 88 | # 0 selects the system default |
|
88 | 89 | |
|
89 | 90 | #client_connection_check_interval = 0 # time between checks for client |
|
90 | 91 | # disconnection while running queries; |
|
91 | 92 | # 0 for never |
|
92 | 93 | |
|
93 | 94 | # - Authentication - |
|
94 | 95 | |
|
95 | 96 | #authentication_timeout = 1min # 1s-600s |
|
96 | #password_encryption = scram-sha-256 # scram-sha-256 or md5 | |
|
97 | #note; Rhodecode needs to use old md5 for backward compat | |
|
98 | password_encryption = md5 # scram-sha-256 or md5 | |
|
97 | 99 | #db_user_namespace = off |
|
98 | 100 | |
|
99 | 101 | # GSSAPI using Kerberos |
|
100 | 102 | #krb_server_keyfile = 'FILE:${sysconfdir}/krb5.keytab' |
|
101 | 103 | #krb_caseins_users = off |
|
102 | 104 | |
|
103 | 105 | # - SSL - |
|
104 | 106 | |
|
105 | 107 | #ssl = off |
|
106 | 108 | #ssl_ca_file = '' |
|
107 | 109 | #ssl_cert_file = 'server.crt' |
|
108 | 110 | #ssl_crl_file = '' |
|
109 | 111 | #ssl_crl_dir = '' |
|
110 | 112 | #ssl_key_file = 'server.key' |
|
111 | 113 | #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers |
|
112 | 114 | #ssl_prefer_server_ciphers = on |
|
113 | 115 | #ssl_ecdh_curve = 'prime256v1' |
|
114 | 116 | #ssl_min_protocol_version = 'TLSv1.2' |
|
115 | 117 | #ssl_max_protocol_version = '' |
|
116 | 118 | #ssl_dh_params_file = '' |
|
117 | 119 | #ssl_passphrase_command = '' |
|
118 | 120 | #ssl_passphrase_command_supports_reload = off |
|
119 | 121 | |
|
120 | 122 | |
|
121 | 123 | #------------------------------------------------------------------------------ |
|
122 | 124 | # RESOURCE USAGE (except WAL) |
|
123 | 125 | #------------------------------------------------------------------------------ |
|
124 | 126 | |
|
125 | 127 | # - Memory - |
|
126 | 128 | |
|
127 | 129 | #shared_buffers = 32MB # min 128kB |
|
128 | 130 | # (change requires restart) |
|
129 | 131 | #huge_pages = try # on, off, or try |
|
130 | 132 | # (change requires restart) |
|
131 | 133 | #huge_page_size = 0 # zero for system default |
|
132 | 134 | # (change requires restart) |
|
133 | 135 | #temp_buffers = 8MB # min 800kB |
|
134 | 136 | #max_prepared_transactions = 0 # zero disables the feature |
|
135 | 137 | # (change requires restart) |
|
136 | 138 | # Caution: it is not advisable to set max_prepared_transactions nonzero unless |
|
137 | 139 | # you actively intend to use prepared transactions. |
|
138 | 140 | #work_mem = 4MB # min 64kB |
|
139 | 141 | #hash_mem_multiplier = 1.0 # 1-1000.0 multiplier on hash table work_mem |
|
140 | 142 | #maintenance_work_mem = 64MB # min 1MB |
|
141 | 143 | #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem |
|
142 | 144 | #logical_decoding_work_mem = 64MB # min 64kB |
|
143 | 145 | #max_stack_depth = 2MB # min 100kB |
|
144 | 146 | #shared_memory_type = mmap # the default is the first option |
|
145 | 147 | # supported by the operating system: |
|
146 | 148 | # mmap |
|
147 | 149 | # sysv |
|
148 | 150 | # windows |
|
149 | 151 | # (change requires restart) |
|
150 | 152 | #dynamic_shared_memory_type = posix # the default is the first option |
|
151 | 153 | # supported by the operating system: |
|
152 | 154 | # posix |
|
153 | 155 | # sysv |
|
154 | 156 | # windows |
|
155 | 157 | # mmap |
|
156 | 158 | # (change requires restart) |
|
157 | 159 | #min_dynamic_shared_memory = 0MB # (change requires restart) |
|
158 | 160 | |
|
159 | 161 | # - Disk - |
|
160 | 162 | |
|
161 | 163 | #temp_file_limit = -1 # limits per-process temp file space |
|
162 | 164 | # in kilobytes, or -1 for no limit |
|
163 | 165 | |
|
164 | 166 | # - Kernel Resources - |
|
165 | 167 | |
|
166 | 168 | #max_files_per_process = 1000 # min 64 |
|
167 | 169 | # (change requires restart) |
|
168 | 170 | |
|
169 | 171 | # - Cost-Based Vacuum Delay - |
|
170 | 172 | |
|
171 | 173 | #vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables) |
|
172 | 174 | #vacuum_cost_page_hit = 1 # 0-10000 credits |
|
173 | 175 | #vacuum_cost_page_miss = 2 # 0-10000 credits |
|
174 | 176 | #vacuum_cost_page_dirty = 20 # 0-10000 credits |
|
175 | 177 | #vacuum_cost_limit = 200 # 1-10000 credits |
|
176 | 178 | |
|
177 | 179 | # - Background Writer - |
|
178 | 180 | |
|
179 | 181 | #bgwriter_delay = 200ms # 10-10000ms between rounds |
|
180 | 182 | #bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables |
|
181 | 183 | #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round |
|
182 | 184 | #bgwriter_flush_after = 0 # measured in pages, 0 disables |
|
183 | 185 | |
|
184 | 186 | # - Asynchronous Behavior - |
|
185 | 187 | |
|
186 | 188 | #backend_flush_after = 0 # measured in pages, 0 disables |
|
187 | 189 | #effective_io_concurrency = 1 # 1-1000; 0 disables prefetching |
|
188 | 190 | #maintenance_io_concurrency = 10 # 1-1000; 0 disables prefetching |
|
189 | 191 | #max_worker_processes = 8 # (change requires restart) |
|
190 | 192 | #max_parallel_workers_per_gather = 2 # taken from max_parallel_workers |
|
191 | 193 | #max_parallel_maintenance_workers = 2 # taken from max_parallel_workers |
|
192 | 194 | #max_parallel_workers = 8 # maximum number of max_worker_processes that |
|
193 | 195 | # can be used in parallel operations |
|
194 | 196 | #parallel_leader_participation = on |
|
195 | 197 | #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate |
|
196 | 198 | # (change requires restart) |
|
197 | 199 | |
|
198 | 200 | |
|
199 | 201 | #------------------------------------------------------------------------------ |
|
200 | 202 | # WRITE-AHEAD LOG |
|
201 | 203 | #------------------------------------------------------------------------------ |
|
202 | 204 | |
|
203 | 205 | # - Settings - |
|
204 | 206 | |
|
205 | 207 | #wal_level = replica # minimal, replica, or logical |
|
206 | 208 | # (change requires restart) |
|
207 | 209 | #fsync = on # flush data to disk for crash safety |
|
208 | 210 | # (turning this off can cause |
|
209 | 211 | # unrecoverable data corruption) |
|
210 | 212 | #synchronous_commit = on # synchronization level; |
|
211 | 213 | # off, local, remote_write, remote_apply, or on |
|
212 | 214 | #wal_sync_method = fsync # the default is the first option |
|
213 | 215 | # supported by the operating system: |
|
214 | 216 | # open_datasync |
|
215 | 217 | # fdatasync (default on Linux and FreeBSD) |
|
216 | 218 | # fsync |
|
217 | 219 | # fsync_writethrough |
|
218 | 220 | # open_sync |
|
219 | 221 | #full_page_writes = on # recover from partial page writes |
|
220 | 222 | #wal_log_hints = off # also do full page writes of non-critical updates |
|
221 | 223 | # (change requires restart) |
|
222 | 224 | #wal_compression = off # enable compression of full-page writes |
|
223 | 225 | #wal_init_zero = on # zero-fill new WAL files |
|
224 | 226 | #wal_recycle = on # recycle WAL files |
|
225 | 227 | #wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers |
|
226 | 228 | # (change requires restart) |
|
227 | 229 | #wal_writer_delay = 200ms # 1-10000 milliseconds |
|
228 | 230 | #wal_writer_flush_after = 1MB # measured in pages, 0 disables |
|
229 | 231 | #wal_skip_threshold = 2MB |
|
230 | 232 | |
|
231 | 233 | #commit_delay = 0 # range 0-100000, in microseconds |
|
232 | 234 | #commit_siblings = 5 # range 1-1000 |
|
233 | 235 | |
|
234 | 236 | # - Checkpoints - |
|
235 | 237 | |
|
236 | 238 | #checkpoint_timeout = 5min # range 30s-1d |
|
237 | 239 | #checkpoint_completion_target = 0.9 # checkpoint target duration, 0.0 - 1.0 |
|
238 | 240 | #checkpoint_flush_after = 0 # measured in pages, 0 disables |
|
239 | 241 | #checkpoint_warning = 30s # 0 disables |
|
240 | 242 | #max_wal_size = 1GB |
|
241 | 243 | #min_wal_size = 80MB |
|
242 | 244 | |
|
243 | 245 | # - Archiving - |
|
244 | 246 | |
|
245 | 247 | #archive_mode = off # enables archiving; off, on, or always |
|
246 | 248 | # (change requires restart) |
|
247 | 249 | #archive_command = '' # command to use to archive a logfile segment |
|
248 | 250 | # placeholders: %p = path of file to archive |
|
249 | 251 | # %f = file name only |
|
250 | 252 | # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' |
|
251 | 253 | #archive_timeout = 0 # force a logfile segment switch after this |
|
252 | 254 | # number of seconds; 0 disables |
|
253 | 255 | |
|
254 | 256 | # - Archive Recovery - |
|
255 | 257 | |
|
256 | 258 | # These are only used in recovery mode. |
|
257 | 259 | |
|
258 | 260 | #restore_command = '' # command to use to restore an archived logfile segment |
|
259 | 261 | # placeholders: %p = path of file to restore |
|
260 | 262 | # %f = file name only |
|
261 | 263 | # e.g. 'cp /mnt/server/archivedir/%f %p' |
|
262 | 264 | #archive_cleanup_command = '' # command to execute at every restartpoint |
|
263 | 265 | #recovery_end_command = '' # command to execute at completion of recovery |
|
264 | 266 | |
|
265 | 267 | # - Recovery Target - |
|
266 | 268 | |
|
267 | 269 | # Set these only when performing a targeted recovery. |
|
268 | 270 | |
|
269 | 271 | #recovery_target = '' # 'immediate' to end recovery as soon as a |
|
270 | 272 | # consistent state is reached |
|
271 | 273 | # (change requires restart) |
|
272 | 274 | #recovery_target_name = '' # the named restore point to which recovery will proceed |
|
273 | 275 | # (change requires restart) |
|
274 | 276 | #recovery_target_time = '' # the time stamp up to which recovery will proceed |
|
275 | 277 | # (change requires restart) |
|
276 | 278 | #recovery_target_xid = '' # the transaction ID up to which recovery will proceed |
|
277 | 279 | # (change requires restart) |
|
278 | 280 | #recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed |
|
279 | 281 | # (change requires restart) |
|
280 | 282 | #recovery_target_inclusive = on # Specifies whether to stop: |
|
281 | 283 | # just after the specified recovery target (on) |
|
282 | 284 | # just before the recovery target (off) |
|
283 | 285 | # (change requires restart) |
|
284 | 286 | #recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID |
|
285 | 287 | # (change requires restart) |
|
286 | 288 | #recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown' |
|
287 | 289 | # (change requires restart) |
|
288 | 290 | |
|
289 | 291 | |
|
290 | 292 | #------------------------------------------------------------------------------ |
|
291 | 293 | # REPLICATION |
|
292 | 294 | #------------------------------------------------------------------------------ |
|
293 | 295 | |
|
294 | 296 | # - Sending Servers - |
|
295 | 297 | |
|
296 | 298 | # Set these on the primary and on any standby that will send replication data. |
|
297 | 299 | |
|
298 | 300 | #max_wal_senders = 10 # max number of walsender processes |
|
299 | 301 | # (change requires restart) |
|
300 | 302 | #max_replication_slots = 10 # max number of replication slots |
|
301 | 303 | # (change requires restart) |
|
302 | 304 | #wal_keep_size = 0 # in megabytes; 0 disables |
|
303 | 305 | #max_slot_wal_keep_size = -1 # in megabytes; -1 disables |
|
304 | 306 | #wal_sender_timeout = 60s # in milliseconds; 0 disables |
|
305 | 307 | #track_commit_timestamp = off # collect timestamp of transaction commit |
|
306 | 308 | # (change requires restart) |
|
307 | 309 | |
|
308 | 310 | # - Primary Server - |
|
309 | 311 | |
|
310 | 312 | # These settings are ignored on a standby server. |
|
311 | 313 | |
|
312 | 314 | #synchronous_standby_names = '' # standby servers that provide sync rep |
|
313 | 315 | # method to choose sync standbys, number of sync standbys, |
|
314 | 316 | # and comma-separated list of application_name |
|
315 | 317 | # from standby(s); '*' = all |
|
316 | 318 | #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed |
|
317 | 319 | |
|
318 | 320 | # - Standby Servers - |
|
319 | 321 | |
|
320 | 322 | # These settings are ignored on a primary server. |
|
321 | 323 | |
|
322 | 324 | #primary_conninfo = '' # connection string to sending server |
|
323 | 325 | #primary_slot_name = '' # replication slot on sending server |
|
324 | 326 | #promote_trigger_file = '' # file name whose presence ends recovery |
|
325 | 327 | #hot_standby = on # "off" disallows queries during recovery |
|
326 | 328 | # (change requires restart) |
|
327 | 329 | #max_standby_archive_delay = 30s # max delay before canceling queries |
|
328 | 330 | # when reading WAL from archive; |
|
329 | 331 | # -1 allows indefinite delay |
|
330 | 332 | #max_standby_streaming_delay = 30s # max delay before canceling queries |
|
331 | 333 | # when reading streaming WAL; |
|
332 | 334 | # -1 allows indefinite delay |
|
333 | 335 | #wal_receiver_create_temp_slot = off # create temp slot if primary_slot_name |
|
334 | 336 | # is not set |
|
335 | 337 | #wal_receiver_status_interval = 10s # send replies at least this often |
|
336 | 338 | # 0 disables |
|
337 | 339 | #hot_standby_feedback = off # send info from standby to prevent |
|
338 | 340 | # query conflicts |
|
339 | 341 | #wal_receiver_timeout = 60s # time that receiver waits for |
|
340 | 342 | # communication from primary |
|
341 | 343 | # in milliseconds; 0 disables |
|
342 | 344 | #wal_retrieve_retry_interval = 5s # time to wait before retrying to |
|
343 | 345 | # retrieve WAL after a failed attempt |
|
344 | 346 | #recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery |
|
345 | 347 | |
|
346 | 348 | # - Subscribers - |
|
347 | 349 | |
|
348 | 350 | # These settings are ignored on a publisher. |
|
349 | 351 | |
|
350 | 352 | #max_logical_replication_workers = 4 # taken from max_worker_processes |
|
351 | 353 | # (change requires restart) |
|
352 | 354 | #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers |
|
353 | 355 | |
|
354 | 356 | |
|
355 | 357 | #------------------------------------------------------------------------------ |
|
356 | 358 | # QUERY TUNING |
|
357 | 359 | #------------------------------------------------------------------------------ |
|
358 | 360 | |
|
359 | 361 | # - Planner Method Configuration - |
|
360 | 362 | |
|
361 | 363 | #enable_async_append = on |
|
362 | 364 | #enable_bitmapscan = on |
|
363 | 365 | #enable_gathermerge = on |
|
364 | 366 | #enable_hashagg = on |
|
365 | 367 | #enable_hashjoin = on |
|
366 | 368 | #enable_incremental_sort = on |
|
367 | 369 | #enable_indexscan = on |
|
368 | 370 | #enable_indexonlyscan = on |
|
369 | 371 | #enable_material = on |
|
370 | 372 | #enable_memoize = on |
|
371 | 373 | #enable_mergejoin = on |
|
372 | 374 | #enable_nestloop = on |
|
373 | 375 | #enable_parallel_append = on |
|
374 | 376 | #enable_parallel_hash = on |
|
375 | 377 | #enable_partition_pruning = on |
|
376 | 378 | #enable_partitionwise_join = off |
|
377 | 379 | #enable_partitionwise_aggregate = off |
|
378 | 380 | #enable_seqscan = on |
|
379 | 381 | #enable_sort = on |
|
380 | 382 | #enable_tidscan = on |
|
381 | 383 | |
|
382 | 384 | # - Planner Cost Constants - |
|
383 | 385 | |
|
384 | 386 | #seq_page_cost = 1.0 # measured on an arbitrary scale |
|
385 | 387 | #random_page_cost = 4.0 # same scale as above |
|
386 | 388 | #cpu_tuple_cost = 0.01 # same scale as above |
|
387 | 389 | #cpu_index_tuple_cost = 0.005 # same scale as above |
|
388 | 390 | #cpu_operator_cost = 0.0025 # same scale as above |
|
389 | 391 | #parallel_setup_cost = 1000.0 # same scale as above |
|
390 | 392 | #parallel_tuple_cost = 0.1 # same scale as above |
|
391 | 393 | #min_parallel_table_scan_size = 8MB |
|
392 | 394 | #min_parallel_index_scan_size = 512kB |
|
393 | 395 | #effective_cache_size = 4GB |
|
394 | 396 | |
|
395 | 397 | #jit_above_cost = 100000 # perform JIT compilation if available |
|
396 | 398 | # and query more expensive than this; |
|
397 | 399 | # -1 disables |
|
398 | 400 | #jit_inline_above_cost = 500000 # inline small functions if query is |
|
399 | 401 | # more expensive than this; -1 disables |
|
400 | 402 | #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if |
|
401 | 403 | # query is more expensive than this; |
|
402 | 404 | # -1 disables |
|
403 | 405 | |
|
404 | 406 | # - Genetic Query Optimizer - |
|
405 | 407 | |
|
406 | 408 | #geqo = on |
|
407 | 409 | #geqo_threshold = 12 |
|
408 | 410 | #geqo_effort = 5 # range 1-10 |
|
409 | 411 | #geqo_pool_size = 0 # selects default based on effort |
|
410 | 412 | #geqo_generations = 0 # selects default based on effort |
|
411 | 413 | #geqo_selection_bias = 2.0 # range 1.5-2.0 |
|
412 | 414 | #geqo_seed = 0.0 # range 0.0-1.0 |
|
413 | 415 | |
|
414 | 416 | # - Other Planner Options - |
|
415 | 417 | |
|
416 | 418 | #default_statistics_target = 100 # range 1-10000 |
|
417 | 419 | #constraint_exclusion = partition # on, off, or partition |
|
418 | 420 | #cursor_tuple_fraction = 0.1 # range 0.0-1.0 |
|
419 | 421 | #from_collapse_limit = 8 |
|
420 | 422 | #jit = on # allow JIT compilation |
|
421 | 423 | #join_collapse_limit = 8 # 1 disables collapsing of explicit |
|
422 | 424 | # JOIN clauses |
|
423 | 425 | #plan_cache_mode = auto # auto, force_generic_plan or |
|
424 | 426 | # force_custom_plan |
|
425 | 427 | |
|
426 | 428 | |
|
427 | 429 | #------------------------------------------------------------------------------ |
|
428 | 430 | # REPORTING AND LOGGING |
|
429 | 431 | #------------------------------------------------------------------------------ |
|
430 | 432 | |
|
431 | 433 | # - Where to Log - |
|
432 | 434 | |
|
433 | 435 | log_destination = 'stderr' # Valid values are combinations of |
|
434 | 436 | # stderr, csvlog, syslog, and eventlog, |
|
435 | 437 | # depending on platform. csvlog |
|
436 | 438 | # requires logging_collector to be on. |
|
437 | 439 | |
|
438 | 440 | # This is used when logging to stderr: |
|
439 | logging_collector = on # Enable capturing of stderr and csvlog | |
|
441 | #logging_collector = on # Enable capturing of stderr and csvlog | |
|
440 | 442 | # into log files. Required to be on for |
|
441 | 443 | # csvlogs. |
|
442 | 444 | # (change requires restart) |
|
443 | 445 | |
|
444 | 446 | # These are only used if logging_collector is on: |
|
445 | log_directory = '/var/log/rhodecode/postgres' # directory where log files are written, | |
|
447 | #log_directory = '/var/log/rhodecode/postgres' # directory where log files are written, | |
|
446 | 448 | # can be absolute or relative to PGDATA |
|
447 | log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, | |
|
449 | #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, | |
|
448 | 450 | # can include strftime() escapes |
|
449 | 451 | #log_file_mode = 0600 # creation mode for log files, |
|
450 | 452 | # begin with 0 to use octal notation |
|
451 | 453 | #log_rotation_age = 1d # Automatic rotation of logfiles will |
|
452 | 454 | # happen after that time. 0 disables. |
|
453 | log_rotation_size = 512MB # Automatic rotation of logfiles will | |
|
455 | #log_rotation_size = 512MB # Automatic rotation of logfiles will | |
|
454 | 456 | # happen after that much log output. |
|
455 | 457 | # 0 disables. |
|
456 | 458 | #log_truncate_on_rotation = off # If on, an existing log file with the |
|
457 | 459 | # same name as the new log file will be |
|
458 | 460 | # truncated rather than appended to. |
|
459 | 461 | # But such truncation only occurs on |
|
460 | 462 | # time-driven rotation, not on restarts |
|
461 | 463 | # or size-driven rotation. Default is |
|
462 | 464 | # off, meaning append to existing files |
|
463 | 465 | # in all cases. |
|
464 | 466 | |
|
465 | 467 | # These are relevant when logging to syslog: |
|
466 | 468 | #syslog_facility = 'LOCAL0' |
|
467 | 469 | #syslog_ident = 'postgres' |
|
468 | 470 | #syslog_sequence_numbers = on |
|
469 | 471 | #syslog_split_messages = on |
|
470 | 472 | |
|
471 | 473 | # This is only relevant when logging to eventlog (Windows): |
|
472 | 474 | # (change requires restart) |
|
473 | 475 | #event_source = 'PostgreSQL' |
|
474 | 476 | |
|
475 | 477 | # - When to Log - |
|
476 | 478 | |
|
477 | 479 | #log_min_messages = warning # values in order of decreasing detail: |
|
478 | 480 | # debug5 |
|
479 | 481 | # debug4 |
|
480 | 482 | # debug3 |
|
481 | 483 | # debug2 |
|
482 | 484 | # debug1 |
|
483 | 485 | # info |
|
484 | 486 | # notice |
|
485 | 487 | # warning |
|
486 | 488 | # error |
|
487 | 489 | # log |
|
488 | 490 | # fatal |
|
489 | 491 | # panic |
|
490 | 492 | |
|
491 | 493 | #log_min_error_statement = error # values in order of decreasing detail: |
|
492 | 494 | # debug5 |
|
493 | 495 | # debug4 |
|
494 | 496 | # debug3 |
|
495 | 497 | # debug2 |
|
496 | 498 | # debug1 |
|
497 | 499 | # info |
|
498 | 500 | # notice |
|
499 | 501 | # warning |
|
500 | 502 | # error |
|
501 | 503 | # log |
|
502 | 504 | # fatal |
|
503 | 505 | # panic (effectively off) |
|
504 | 506 | |
|
505 | 507 | log_min_duration_statement = 1000 # -1 is disabled, 0 logs all statements |
|
506 | 508 | # and their durations, > 0 logs only |
|
507 | 509 | # statements running at least this number |
|
508 | 510 | # of milliseconds |
|
509 | 511 | |
|
510 | 512 | #log_min_duration_sample = -1 # -1 is disabled, 0 logs a sample of statements |
|
511 | 513 | # and their durations, > 0 logs only a sample of |
|
512 | 514 | # statements running at least this number |
|
513 | 515 | # of milliseconds; |
|
514 | 516 | # sample fraction is determined by log_statement_sample_rate |
|
515 | 517 | |
|
516 | 518 | #log_statement_sample_rate = 1.0 # fraction of logged statements exceeding |
|
517 | 519 | # log_min_duration_sample to be logged; |
|
518 | 520 | # 1.0 logs all such statements, 0.0 never logs |
|
519 | 521 | |
|
520 | 522 | |
|
521 | 523 | #log_transaction_sample_rate = 0.0 # fraction of transactions whose statements |
|
522 | 524 | # are logged regardless of their duration; 1.0 logs all |
|
523 | 525 | # statements from all transactions, 0.0 never logs |
|
524 | 526 | |
|
525 | 527 | # - What to Log - |
|
526 | 528 | |
|
527 | 529 | #debug_print_parse = off |
|
528 | 530 | #debug_print_rewritten = off |
|
529 | 531 | #debug_print_plan = off |
|
530 | 532 | #debug_pretty_print = on |
|
531 | 533 | #log_autovacuum_min_duration = -1 # log autovacuum activity; |
|
532 | 534 | # -1 disables, 0 logs all actions and |
|
533 | 535 | # their durations, > 0 logs only |
|
534 | 536 | # actions running at least this number |
|
535 | 537 | # of milliseconds. |
|
536 | 538 | #log_checkpoints = off |
|
537 |
|
|
|
539 | log_connections = off | |
|
538 | 540 | #log_disconnections = off |
|
539 | 541 | #log_duration = off |
|
540 | 542 | #log_error_verbosity = default # terse, default, or verbose messages |
|
541 | 543 | #log_hostname = off |
|
542 | 544 | #log_line_prefix = '%m [%p] ' # special values: |
|
543 | 545 | # %a = application name |
|
544 | 546 | # %u = user name |
|
545 | 547 | # %d = database name |
|
546 | 548 | # %r = remote host and port |
|
547 | 549 | # %h = remote host |
|
548 | 550 | # %b = backend type |
|
549 | 551 | # %p = process ID |
|
550 | 552 | # %P = process ID of parallel group leader |
|
551 | 553 | # %t = timestamp without milliseconds |
|
552 | 554 | # %m = timestamp with milliseconds |
|
553 | 555 | # %n = timestamp with milliseconds (as a Unix epoch) |
|
554 | 556 | # %Q = query ID (0 if none or not computed) |
|
555 | 557 | # %i = command tag |
|
556 | 558 | # %e = SQL state |
|
557 | 559 | # %c = session ID |
|
558 | 560 | # %l = session line number |
|
559 | 561 | # %s = session start timestamp |
|
560 | 562 | # %v = virtual transaction ID |
|
561 | 563 | # %x = transaction ID (0 if none) |
|
562 | 564 | # %q = stop here in non-session |
|
563 | 565 | # processes |
|
564 | 566 | # %% = '%' |
|
565 | 567 | # e.g. '<%u%%%d> ' |
|
566 | 568 | #log_lock_waits = off # log lock waits >= deadlock_timeout |
|
567 | 569 | #log_recovery_conflict_waits = off # log standby recovery conflict waits |
|
568 | 570 | # >= deadlock_timeout |
|
569 | 571 | #log_parameter_max_length = -1 # when logging statements, limit logged |
|
570 | 572 | # bind-parameter values to N bytes; |
|
571 | 573 | # -1 means print in full, 0 disables |
|
572 | 574 | #log_parameter_max_length_on_error = 0 # when logging an error, limit logged |
|
573 | 575 | # bind-parameter values to N bytes; |
|
574 | 576 | # -1 means print in full, 0 disables |
|
575 | 577 | #log_statement = 'none' # none, ddl, mod, all |
|
576 | 578 | #log_replication_commands = off |
|
577 | 579 | #log_temp_files = -1 # log temporary files equal or larger |
|
578 | 580 | # than the specified size in kilobytes; |
|
579 | 581 | # -1 disables, 0 logs all temp files |
|
580 | 582 | #log_timezone = 'GMT' |
|
581 | 583 | |
|
582 | 584 | |
|
583 | 585 | #------------------------------------------------------------------------------ |
|
584 | 586 | # PROCESS TITLE |
|
585 | 587 | #------------------------------------------------------------------------------ |
|
586 | 588 | |
|
587 | 589 | #cluster_name = '' # added to process titles if nonempty |
|
588 | 590 | # (change requires restart) |
|
589 | 591 | #update_process_title = on |
|
590 | 592 | |
|
591 | 593 | |
|
592 | 594 | #------------------------------------------------------------------------------ |
|
593 | 595 | # STATISTICS |
|
594 | 596 | #------------------------------------------------------------------------------ |
|
595 | 597 | |
|
596 | 598 | # - Query and Index Statistics Collector - |
|
597 | 599 | |
|
598 | 600 | #track_activities = on |
|
599 | 601 | #track_activity_query_size = 1024 # (change requires restart) |
|
600 | 602 | #track_counts = on |
|
601 | 603 | #track_io_timing = off |
|
602 | 604 | #track_wal_io_timing = off |
|
603 | 605 | #track_functions = none # none, pl, all |
|
604 | 606 | #stats_temp_directory = 'pg_stat_tmp' |
|
605 | 607 | |
|
606 | 608 | |
|
607 | 609 | # - Monitoring - |
|
608 | 610 | |
|
609 | 611 | #compute_query_id = auto |
|
610 | 612 | #log_statement_stats = off |
|
611 | 613 | #log_parser_stats = off |
|
612 | 614 | #log_planner_stats = off |
|
613 | 615 | #log_executor_stats = off |
|
614 | 616 | |
|
615 | 617 | |
|
616 | 618 | #------------------------------------------------------------------------------ |
|
617 | 619 | # AUTOVACUUM |
|
618 | 620 | #------------------------------------------------------------------------------ |
|
619 | 621 | |
|
620 | 622 | #autovacuum = on # Enable autovacuum subprocess? 'on' |
|
621 | 623 | # requires track_counts to also be on. |
|
622 | 624 | #autovacuum_max_workers = 3 # max number of autovacuum subprocesses |
|
623 | 625 | # (change requires restart) |
|
624 | 626 | #autovacuum_naptime = 1min # time between autovacuum runs |
|
625 | 627 | #autovacuum_vacuum_threshold = 50 # min number of row updates before |
|
626 | 628 | # vacuum |
|
627 | 629 | #autovacuum_vacuum_insert_threshold = 1000 # min number of row inserts |
|
628 | 630 | # before vacuum; -1 disables insert |
|
629 | 631 | # vacuums |
|
630 | 632 | #autovacuum_analyze_threshold = 50 # min number of row updates before |
|
631 | 633 | # analyze |
|
632 | 634 | #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum |
|
633 | 635 | #autovacuum_vacuum_insert_scale_factor = 0.2 # fraction of inserts over table |
|
634 | 636 | # size before insert vacuum |
|
635 | 637 | #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze |
|
636 | 638 | #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum |
|
637 | 639 | # (change requires restart) |
|
638 | 640 | #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age |
|
639 | 641 | # before forced vacuum |
|
640 | 642 | # (change requires restart) |
|
641 | 643 | #autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for |
|
642 | 644 | # autovacuum, in milliseconds; |
|
643 | 645 | # -1 means use vacuum_cost_delay |
|
644 | 646 | #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for |
|
645 | 647 | # autovacuum, -1 means use |
|
646 | 648 | # vacuum_cost_limit |
|
647 | 649 | |
|
648 | 650 | |
|
649 | 651 | #------------------------------------------------------------------------------ |
|
650 | 652 | # CLIENT CONNECTION DEFAULTS |
|
651 | 653 | #------------------------------------------------------------------------------ |
|
652 | 654 | |
|
653 | 655 | # - Statement Behavior - |
|
654 | 656 | |
|
655 | 657 | #client_min_messages = notice # values in order of decreasing detail: |
|
656 | 658 | # debug5 |
|
657 | 659 | # debug4 |
|
658 | 660 | # debug3 |
|
659 | 661 | # debug2 |
|
660 | 662 | # debug1 |
|
661 | 663 | # log |
|
662 | 664 | # notice |
|
663 | 665 | # warning |
|
664 | 666 | # error |
|
665 | 667 | #search_path = '"$user", public' # schema names |
|
666 | 668 | #row_security = on |
|
667 | 669 | #default_table_access_method = 'heap' |
|
668 | 670 | #default_tablespace = '' # a tablespace name, '' uses the default |
|
669 | 671 | #default_toast_compression = 'pglz' # 'pglz' or 'lz4' |
|
670 | 672 | #temp_tablespaces = '' # a list of tablespace names, '' uses |
|
671 | 673 | # only default tablespace |
|
672 | 674 | #check_function_bodies = on |
|
673 | 675 | #default_transaction_isolation = 'read committed' |
|
674 | 676 | #default_transaction_read_only = off |
|
675 | 677 | #default_transaction_deferrable = off |
|
676 | 678 | #session_replication_role = 'origin' |
|
677 | 679 | #statement_timeout = 0 # in milliseconds, 0 is disabled |
|
678 | 680 | #lock_timeout = 0 # in milliseconds, 0 is disabled |
|
679 | 681 | #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled |
|
680 | 682 | #idle_session_timeout = 0 # in milliseconds, 0 is disabled |
|
681 | 683 | #vacuum_freeze_table_age = 150000000 |
|
682 | 684 | #vacuum_freeze_min_age = 50000000 |
|
683 | 685 | #vacuum_failsafe_age = 1600000000 |
|
684 | 686 | #vacuum_multixact_freeze_table_age = 150000000 |
|
685 | 687 | #vacuum_multixact_freeze_min_age = 5000000 |
|
686 | 688 | #vacuum_multixact_failsafe_age = 1600000000 |
|
687 | 689 | #bytea_output = 'hex' # hex, escape |
|
688 | 690 | #xmlbinary = 'base64' |
|
689 | 691 | #xmloption = 'content' |
|
690 | 692 | #gin_pending_list_limit = 4MB |
|
691 | 693 | |
|
692 | 694 | # - Locale and Formatting - |
|
693 | 695 | |
|
694 | 696 | #datestyle = 'iso, mdy' |
|
695 | 697 | #intervalstyle = 'postgres' |
|
696 | 698 | #timezone = 'GMT' |
|
697 | 699 | #timezone_abbreviations = 'Default' # Select the set of available time zone |
|
698 | 700 | # abbreviations. Currently, there are |
|
699 | 701 | # Default |
|
700 | 702 | # Australia (historical usage) |
|
701 | 703 | # India |
|
702 | 704 | # You can create your own file in |
|
703 | 705 | # share/timezonesets/. |
|
704 | 706 | #extra_float_digits = 1 # min -15, max 3; any value >0 actually |
|
705 | 707 | # selects precise output mode |
|
706 | 708 | #client_encoding = sql_ascii # actually, defaults to database |
|
707 | 709 | # encoding |
|
708 | 710 | |
|
709 | 711 | # These settings are initialized by initdb, but they can be changed. |
|
710 | 712 | #lc_messages = 'C' # locale for system error message |
|
711 | 713 | # strings |
|
712 | 714 | #lc_monetary = 'C' # locale for monetary formatting |
|
713 | 715 | #lc_numeric = 'C' # locale for number formatting |
|
714 | 716 | #lc_time = 'C' # locale for time formatting |
|
715 | 717 | |
|
716 | 718 | # default configuration for text search |
|
717 | 719 | #default_text_search_config = 'pg_catalog.simple' |
|
718 | 720 | |
|
719 | 721 | # - Shared Library Preloading - |
|
720 | 722 | |
|
721 | 723 | #local_preload_libraries = '' |
|
722 | 724 | #session_preload_libraries = '' |
|
723 | 725 | #shared_preload_libraries = '' # (change requires restart) |
|
724 | 726 | #jit_provider = 'llvmjit' # JIT library to use |
|
725 | 727 | |
|
726 | 728 | # - Other Defaults - |
|
727 | 729 | |
|
728 | 730 | #dynamic_library_path = '$libdir' |
|
729 | 731 | #extension_destdir = '' # prepend path when loading extensions |
|
730 | 732 | # and shared objects (added by Debian) |
|
731 | 733 | #gin_fuzzy_search_limit = 0 |
|
732 | 734 | |
|
733 | 735 | |
|
734 | 736 | #------------------------------------------------------------------------------ |
|
735 | 737 | # LOCK MANAGEMENT |
|
736 | 738 | #------------------------------------------------------------------------------ |
|
737 | 739 | |
|
738 | 740 | #deadlock_timeout = 1s |
|
739 | 741 | #max_locks_per_transaction = 64 # min 10 |
|
740 | 742 | # (change requires restart) |
|
741 | 743 | #max_pred_locks_per_transaction = 64 # min 10 |
|
742 | 744 | # (change requires restart) |
|
743 | 745 | #max_pred_locks_per_relation = -2 # negative values mean |
|
744 | 746 | # (max_pred_locks_per_transaction |
|
745 | 747 | # / -max_pred_locks_per_relation) - 1 |
|
746 | 748 | #max_pred_locks_per_page = 2 # min 0 |
|
747 | 749 | |
|
748 | 750 | |
|
749 | 751 | #------------------------------------------------------------------------------ |
|
750 | 752 | # VERSION AND PLATFORM COMPATIBILITY |
|
751 | 753 | #------------------------------------------------------------------------------ |
|
752 | 754 | |
|
753 | 755 | # - Previous PostgreSQL Versions - |
|
754 | 756 | |
|
755 | 757 | #array_nulls = on |
|
756 | 758 | #backslash_quote = safe_encoding # on, off, or safe_encoding |
|
757 | 759 | #escape_string_warning = on |
|
758 | 760 | #lo_compat_privileges = off |
|
759 | 761 | #quote_all_identifiers = off |
|
760 | 762 | #standard_conforming_strings = on |
|
761 | 763 | #synchronize_seqscans = on |
|
762 | 764 | |
|
763 | 765 | # - Other Platforms and Clients - |
|
764 | 766 | |
|
765 | 767 | #transform_null_equals = off |
|
766 | 768 | |
|
767 | 769 | |
|
768 | 770 | #------------------------------------------------------------------------------ |
|
769 | 771 | # ERROR HANDLING |
|
770 | 772 | #------------------------------------------------------------------------------ |
|
771 | 773 | |
|
772 | 774 | #exit_on_error = off # terminate session on any error? |
|
773 | 775 | #restart_after_crash = on # reinitialize after backend crash? |
|
774 | 776 | #data_sync_retry = off # retry or panic on failure to fsync |
|
775 | 777 | # data? |
|
776 | 778 | # (change requires restart) |
|
777 | 779 | #recovery_init_sync_method = fsync # fsync, syncfs (Linux 5.8+) |
|
778 | 780 | |
|
779 | 781 | |
|
780 | 782 | #------------------------------------------------------------------------------ |
|
781 | 783 | # CONFIG FILE INCLUDES |
|
782 | 784 | #------------------------------------------------------------------------------ |
|
783 | 785 | |
|
784 | 786 | # These options allow settings to be loaded from files other than the |
|
785 | 787 | # default postgresql.conf. Note that these are directives, not variable |
|
786 | 788 | # assignments, so they can usefully be given more than once. |
|
787 | 789 | |
|
788 | 790 | #include_dir = '...' # include files ending in '.conf' from |
|
789 | 791 | # a directory, e.g., 'conf.d' |
|
790 | 792 | #include_if_exists = '...' # include file only if it exists |
|
791 | 793 | #include = '...' # include file |
|
792 | 794 | |
|
793 | 795 | |
|
794 | 796 | #------------------------------------------------------------------------------ |
|
795 | 797 | # CUSTOMIZED OPTIONS |
|
796 | 798 | #------------------------------------------------------------------------------ |
|
797 | 799 | |
|
798 | 800 | # Add settings for extensions here |
|
799 | 801 | |
|
800 | 802 | max_connections = 400 |
|
801 | 803 | shared_buffers = 1GB |
|
802 | 804 | effective_cache_size = 3GB |
|
803 | 805 | work_mem = 2621kB |
|
804 | 806 | maintenance_work_mem = 256MB |
|
805 | 807 | checkpoint_completion_target = 0.9 |
|
806 | 808 | wal_buffers = 16MB |
|
807 | 809 | default_statistics_target = 100 |
|
808 | 810 | password_encryption = md5 |
@@ -1,132 +1,135 b'' | |||
|
1 | 1 | # read more here http://tautt.com/best-nginx-configuration-for-security/ |
|
2 | 2 | |
|
3 | 3 | # config to don't allow the browser to render the page inside an frame or iframe |
|
4 | 4 | # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking |
|
5 | 5 | # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri |
|
6 | 6 | # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options |
|
7 | 7 | #add_header X-Frame-Options SAMEORIGIN; |
|
8 | 8 | |
|
9 | 9 | # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header, |
|
10 | 10 | # to disable content-type sniffing on some browsers. |
|
11 | 11 | # https://www.owasp.org/index.php/List_of_useful_HTTP_headers |
|
12 | 12 | # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx |
|
13 | 13 | # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx |
|
14 | 14 | # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020 |
|
15 | 15 | #add_header X-Content-Type-Options nosniff; |
|
16 | 16 | |
|
17 | 17 | # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. |
|
18 | 18 | # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for |
|
19 | 19 | # this particular website if it was disabled by the user. |
|
20 | 20 | # https://www.owasp.org/index.php/List_of_useful_HTTP_headers |
|
21 | 21 | #add_header X-XSS-Protection "1; mode=block"; |
|
22 | 22 | |
|
23 | 23 | # with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy), |
|
24 | 24 | # you can tell the browser that it can only download content from the domains you explicitly allow |
|
25 | 25 | # http://www.html5rocks.com/en/tutorials/security/content-security-policy/ |
|
26 | 26 | # https://www.owasp.org/index.php/Content_Security_Policy |
|
27 | 27 | # I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval' |
|
28 | 28 | # directives for css and js(if you have inline css or js, you will need to keep it too). |
|
29 | 29 | # more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful |
|
30 | 30 | #add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'"; |
|
31 | 31 | |
|
32 | 32 | ## rate limiter for certain pages to prevent brute force attacks |
|
33 | 33 | limit_req_zone $binary_remote_addr zone=http_req_limit:10m rate=1r/s; |
|
34 | 34 | |
|
35 | 35 | ## custom log format |
|
36 | 36 | log_format http_log_custom '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time $upstream_response_time $pipe'; |
|
37 | 37 | |
|
38 | 38 | log_format json_log_custom escape=json |
|
39 | 39 | '{' |
|
40 | 40 | '"source":"nginx",' |
|
41 | 41 | '"remote_user":"$remote_user",' |
|
42 | 42 | '"time_local":"$time_local",' |
|
43 | 43 | '"remote_addr":"$remote_addr",' |
|
44 | 44 | '"proxy_x_forwarded_for":"$proxy_add_x_forwarded_for",' |
|
45 | 45 | '"request":"$request",' |
|
46 | 46 | '"status": "$status",' |
|
47 | 47 | '"request_method": "$request_method",' |
|
48 | 48 | '"body_bytes_sent":"$body_bytes_sent",' |
|
49 | 49 | '"request_time":"$request_time",' |
|
50 | 50 | '"upstream_response_time":"$upstream_response_time",' |
|
51 | 51 | '"http_referrer":"$http_referer",' |
|
52 | 52 | '"http_user_agent":"$http_user_agent"' |
|
53 | 53 | '}'; |
|
54 | 54 | |
|
55 | 55 | |
|
56 | 56 | server { |
|
57 | 57 | listen 80 default; |
|
58 | 58 | # ensure we get the proper Docker DNS resolver for load balancing. |
|
59 | 59 | resolver 127.0.0.11 ipv6=off; |
|
60 | 60 | server_name localhost 127.0.0.1; |
|
61 |
access_log / |
|
|
62 | error_log /var/log/rhodecode/nginx/rhodecode.http.error.log; | |
|
61 | access_log /dev/stdout json_log_custom; | |
|
62 | error_log /dev/stdout; | |
|
63 | 63 | |
|
64 | # uncomment to redirect http traffic to https | |
|
64 | # uncomment to redirect http traffic to https (not applicable in Docker setup) | |
|
65 | 65 | #return 301 https://$host$request_uri; |
|
66 | 66 | |
|
67 | 67 | client_body_buffer_size 128k; |
|
68 | 68 | # maximum number and size of buffers for large headers to read from client request |
|
69 | 69 | large_client_header_buffers 16 256k; |
|
70 | 70 | |
|
71 | 71 | ## serve static files by nginx, recommended |
|
72 | 72 | location /_static/rhodecode { |
|
73 | 73 | gzip on; |
|
74 | 74 | gzip_min_length 500; |
|
75 | 75 | gzip_proxied any; |
|
76 | 76 | gzip_comp_level 4; |
|
77 | 77 | gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml; |
|
78 | 78 | gzip_vary on; |
|
79 | 79 | gzip_disable "msie6"; |
|
80 | 80 | expires 60d; |
|
81 | 81 | |
|
82 | 82 | alias /var/opt/rhodecode_data/static; |
|
83 | 83 | } |
|
84 | 84 | |
|
85 | 85 | ## channelstream location handler, if channelstream live chat and notifications |
|
86 | 86 | ## are enable this will proxy the requests to channelstream websocket server |
|
87 | 87 | location /_channelstream { |
|
88 | 88 | rewrite /_channelstream/(.*) /$1 break; |
|
89 | 89 | gzip off; |
|
90 | 90 | tcp_nodelay off; |
|
91 | 91 | |
|
92 | 92 | proxy_connect_timeout 10; |
|
93 | 93 | proxy_send_timeout 10m; |
|
94 | 94 | proxy_read_timeout 10m; |
|
95 | 95 | |
|
96 | 96 | proxy_set_header Host $host; |
|
97 | 97 | proxy_set_header X-Real-IP $remote_addr; |
|
98 | 98 | proxy_set_header X-Url-Scheme $scheme; |
|
99 | 99 | proxy_set_header X-Forwarded-Proto $scheme; |
|
100 | 100 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
101 | 101 | |
|
102 | 102 | proxy_http_version 1.1; |
|
103 | 103 | proxy_set_header Upgrade $http_upgrade; |
|
104 | 104 | proxy_set_header Connection "upgrade"; |
|
105 | 105 | |
|
106 |
|
|
|
106 | set $upstream_channelstream http://channelstream:8000; | |
|
107 | proxy_pass $upstream_channelstream; | |
|
107 | 108 | } |
|
108 | 109 | |
|
109 | ## rate limit this endpoint to prevent login page brute-force attacks | |
|
110 | location /_admin/login { | |
|
111 | limit_req zone=http_req_limit burst=10 nodelay; | |
|
112 | try_files $uri @rhodecode_http; | |
|
113 | } | |
|
110 | # ## rate limit this endpoint to prevent login page brute-force attacks | |
|
111 | # location /_admin/login { | |
|
112 | # limit_req zone=http_req_limit burst=10 nodelay; | |
|
113 | # try_files $uri @rhodecode_http; | |
|
114 | # } | |
|
114 | 115 | |
|
115 | 116 | location / { |
|
116 |
include |
|
|
117 | try_files $uri @rhodecode_http; | |
|
117 | include /etc/nginx/proxy.conf; | |
|
118 | try_files $uri @rhodecode_http; | |
|
118 | 119 | } |
|
119 | 120 | |
|
120 | 121 | location @rhodecode_http { |
|
121 | include /etc/nginx/proxy.conf; | |
|
122 | proxy_pass http://rhodecode:10020; | |
|
122 | set $upstream http://rhodecode:10020; | |
|
123 | include /etc/nginx/proxy.conf; | |
|
124 | proxy_pass $upstream; | |
|
123 | 125 | } |
|
124 | 126 | |
|
125 | 127 | ## Custom 502 error page. |
|
126 | 128 | ## Will be displayed while RhodeCode server is turned off |
|
127 | 129 | error_page 502 /502.html; |
|
128 | 130 | location = /502.html { |
|
129 | root /var/opt/static; | |
|
131 | root /var/opt/rhodecode_data/static; | |
|
132 | internal; | |
|
130 | 133 | } |
|
131 | 134 | |
|
132 | 135 | } |
@@ -1,30 +1,31 b'' | |||
|
1 | 1 | user root; |
|
2 | 2 | worker_processes 2; |
|
3 | 3 | |
|
4 | 4 | pid /var/run/nginx.pid; |
|
5 | error_log /var/log/rhodecode/nginx/default.error.log warn; | |
|
5 | error_log /dev/stdout info; | |
|
6 | 6 | |
|
7 | 7 | events { |
|
8 | 8 | worker_connections 1024; |
|
9 | 9 | # multi_accept on; |
|
10 | 10 | } |
|
11 | 11 | |
|
12 | 12 | http { |
|
13 | 13 | include /etc/nginx/mime.types; |
|
14 | 14 | default_type application/octet-stream; |
|
15 | server_tokens off; | |
|
15 | 16 | |
|
16 | 17 | log_format main '$remote_addr - $remote_user [$time_local] ' |
|
17 | 18 | '"$request" $status $body_bytes_sent ' |
|
18 | 19 | '"$http_referer" "$http_user_agent" ' |
|
19 | 20 | '$request_time $upstream_response_time $pipe'; |
|
20 | 21 | |
|
21 | access_log /var/log/rhodecode/nginx/default.access.log main; | |
|
22 | access_log /dev/stdout main; | |
|
22 | 23 | |
|
23 | 24 | sendfile on; |
|
24 | 25 | tcp_nopush on; |
|
25 | 26 | tcp_nodelay on; |
|
26 | 27 | keepalive_timeout 65; |
|
27 | 28 | types_hash_max_size 2048; |
|
28 | 29 | |
|
29 |
include /etc/nginx/ |
|
|
30 | include /etc/nginx/http.conf; | |
|
30 | 31 | } |
|
1 | NO CONTENT: file renamed from service/nginx/proxy.conf to config/nginx/proxy.conf |
@@ -1,17 +1,23 b'' | |||
|
1 | 1 | global: |
|
2 | 2 | scrape_interval: 15s |
|
3 | 3 | evaluation_interval: 15s |
|
4 | 4 | |
|
5 | 5 | scrape_configs: |
|
6 | 6 | |
|
7 | 7 | # Scrape statsd exporter from RhodeCode |
|
8 | 8 | - job_name: "rhodecode_metrics" |
|
9 | 9 | metrics_path: "/metrics" |
|
10 | 10 | static_configs: |
|
11 | 11 | - targets: ["statsd-exporter:9102"] |
|
12 | 12 | |
|
13 | 13 | # scrape node exporter |
|
14 | 14 | - job_name: node_metrics |
|
15 | 15 | metrics_path: "/metrics" |
|
16 | 16 | static_configs: |
|
17 | 17 | - targets: ["node-exporter:9100"] |
|
18 | ||
|
19 | # scrape traefik node | |
|
20 | - job_name: traefik_metrics | |
|
21 | metrics_path: "/metrics" | |
|
22 | static_configs: | |
|
23 | - targets: ["traefik:7000"] |
@@ -1,38 +1,38 b'' | |||
|
1 | 1 | server: |
|
2 | 2 | http_listen_port: 9080 |
|
3 | 3 | grpc_listen_port: 0 |
|
4 | 4 | |
|
5 | 5 | # Describes how to save read file offsets to disk |
|
6 | 6 | positions: |
|
7 | 7 | filename: /tmp/positions.yaml |
|
8 | 8 | |
|
9 | 9 | clients: |
|
10 | 10 | - url: http://loki:3100/loki/api/v1/push |
|
11 | 11 | tenant_id: docker |
|
12 | 12 | |
|
13 | 13 | ## Definition to what to scrape |
|
14 | 14 | scrape_configs: |
|
15 | 15 | |
|
16 | - job_name: scraping_nginx | |
|
17 | static_configs: | |
|
18 | - targets: | |
|
19 | - localhost | |
|
20 | labels: | |
|
21 | __path__: /var/log_volume/nginx/rhodecode* | |
|
22 | job: nginx | |
|
23 | ||
|
24 | - job_name: scraping_vcsserver | |
|
25 | static_configs: | |
|
26 | - targets: | |
|
27 | - localhost | |
|
28 | labels: | |
|
29 | __path__: /var/log_volume/apps/rhodecode* | |
|
30 | job: rhodecode | |
|
31 | ||
|
32 | - job_name: scraping_rhodecode | |
|
33 | static_configs: | |
|
34 | - targets: | |
|
35 | - localhost | |
|
36 | labels: | |
|
37 | __path__: /var/log_volume/apps/vcsserver* | |
|
38 | job: vcsserver No newline at end of file | |
|
16 | #- job_name: scraping_nginx | |
|
17 | # static_configs: | |
|
18 | # - targets: | |
|
19 | # - localhost | |
|
20 | # labels: | |
|
21 | # __path__: /var/log_volume/nginx/rhodecode* | |
|
22 | # job: nginx | |
|
23 | # | |
|
24 | #- job_name: scraping_vcsserver | |
|
25 | # static_configs: | |
|
26 | # - targets: | |
|
27 | # - localhost | |
|
28 | # labels: | |
|
29 | # __path__: /var/log_volume/apps/rhodecode* | |
|
30 | # job: rhodecode | |
|
31 | # | |
|
32 | #- job_name: scraping_rhodecode | |
|
33 | # static_configs: | |
|
34 | # - targets: | |
|
35 | # - localhost | |
|
36 | # labels: | |
|
37 | # __path__: /var/log_volume/apps/vcsserver* | |
|
38 | # job: vcsserver No newline at end of file |
@@ -1,1865 +1,1865 b'' | |||
|
1 | 1 | # Redis configuration file example. |
|
2 | 2 | # |
|
3 | 3 | # Note that in order to read the configuration file, Redis must be |
|
4 | 4 | # started with the file path as first argument: |
|
5 | 5 | # |
|
6 | 6 | # ./redis-server /path/to/redis.conf |
|
7 | 7 | |
|
8 | 8 | # Note on units: when memory size is needed, it is possible to specify |
|
9 | 9 | # it in the usual form of 1k 5GB 4M and so forth: |
|
10 | 10 | # |
|
11 | 11 | # 1k => 1000 bytes |
|
12 | 12 | # 1kb => 1024 bytes |
|
13 | 13 | # 1m => 1000000 bytes |
|
14 | 14 | # 1mb => 1024*1024 bytes |
|
15 | 15 | # 1g => 1000000000 bytes |
|
16 | 16 | # 1gb => 1024*1024*1024 bytes |
|
17 | 17 | # |
|
18 | 18 | # units are case insensitive so 1GB 1Gb 1gB are all the same. |
|
19 | 19 | |
|
20 | 20 | ################################## INCLUDES ################################### |
|
21 | 21 | |
|
22 | 22 | # Include one or more other config files here. This is useful if you |
|
23 | 23 | # have a standard template that goes to all Redis servers but also need |
|
24 | 24 | # to customize a few per-server settings. Include files can include |
|
25 | 25 | # other files, so use this wisely. |
|
26 | 26 | # |
|
27 | 27 | # Note that option "include" won't be rewritten by command "CONFIG REWRITE" |
|
28 | 28 | # from admin or Redis Sentinel. Since Redis always uses the last processed |
|
29 | 29 | # line as value of a configuration directive, you'd better put includes |
|
30 | 30 | # at the beginning of this file to avoid overwriting config change at runtime. |
|
31 | 31 | # |
|
32 | 32 | # If instead you are interested in using includes to override configuration |
|
33 | 33 | # options, it is better to use include as the last line. |
|
34 | 34 | # |
|
35 | 35 | # include /path/to/local.conf |
|
36 | 36 | # include /path/to/other.conf |
|
37 | 37 | |
|
38 | 38 | ################################## MODULES ##################################### |
|
39 | 39 | |
|
40 | 40 | # Load modules at startup. If the server is not able to load modules |
|
41 | 41 | # it will abort. It is possible to use multiple loadmodule directives. |
|
42 | 42 | # |
|
43 | 43 | # loadmodule /path/to/my_module.so |
|
44 | 44 | # loadmodule /path/to/other_module.so |
|
45 | 45 | |
|
46 | 46 | ################################## NETWORK ##################################### |
|
47 | 47 | |
|
48 | 48 | # By default, if no "bind" configuration directive is specified, Redis listens |
|
49 | 49 | # for connections from all available network interfaces on the host machine. |
|
50 | 50 | # It is possible to listen to just one or multiple selected interfaces using |
|
51 | 51 | # the "bind" configuration directive, followed by one or more IP addresses. |
|
52 | 52 | # |
|
53 | 53 | # Examples: |
|
54 | 54 | # |
|
55 | 55 | # bind 192.168.1.100 10.0.0.1 |
|
56 | 56 | # bind 127.0.0.1 ::1 |
|
57 | 57 | # |
|
58 | 58 | # ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the |
|
59 | 59 | # internet, binding to all the interfaces is dangerous and will expose the |
|
60 | 60 | # instance to everybody on the internet. So by default we uncomment the |
|
61 | 61 | # following bind directive, that will force Redis to listen only on the |
|
62 | 62 | # IPv4 loopback interface address (this means Redis will only be able to |
|
63 | 63 | # accept client connections from the same host that it is running on). |
|
64 | 64 | # |
|
65 | 65 | # IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES |
|
66 | 66 | # JUST COMMENT OUT THE FOLLOWING LINE. |
|
67 | 67 | # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
68 | 68 | #bind 127.0.0.1 |
|
69 | 69 | |
|
70 | 70 | # Protected mode is a layer of security protection, in order to avoid that |
|
71 | 71 | # Redis instances left open on the internet are accessed and exploited. |
|
72 | 72 | # |
|
73 | 73 | # When protected mode is on and if: |
|
74 | 74 | # |
|
75 | 75 | # 1) The server is not binding explicitly to a set of addresses using the |
|
76 | 76 | # "bind" directive. |
|
77 | 77 | # 2) No password is configured. |
|
78 | 78 | # |
|
79 | 79 | # The server only accepts connections from clients connecting from the |
|
80 | 80 | # IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain |
|
81 | 81 | # sockets. |
|
82 | 82 | # |
|
83 | 83 | # By default protected mode is enabled. You should disable it only if |
|
84 | 84 | # you are sure you want clients from other hosts to connect to Redis |
|
85 | 85 | # even if no authentication is configured, nor a specific set of interfaces |
|
86 | 86 | # are explicitly listed using the "bind" directive. |
|
87 | 87 | protected-mode no |
|
88 | 88 | |
|
89 | 89 | # Accept connections on the specified port, default is 6379 (IANA #815344). |
|
90 | 90 | # If port 0 is specified Redis will not listen on a TCP socket. |
|
91 | 91 | port 6379 |
|
92 | 92 | |
|
93 | 93 | # TCP listen() backlog. |
|
94 | 94 | # |
|
95 | 95 | # In high requests-per-second environments you need a high backlog in order |
|
96 | 96 | # to avoid slow clients connection issues. Note that the Linux kernel |
|
97 | 97 | # will silently truncate it to the value of /proc/sys/net/core/somaxconn so |
|
98 | 98 | # make sure to raise both the value of somaxconn and tcp_max_syn_backlog |
|
99 | 99 | # in order to get the desired effect. |
|
100 | 100 | tcp-backlog 511 |
|
101 | 101 | |
|
102 | 102 | # Unix socket. |
|
103 | 103 | # |
|
104 | 104 | # Specify the path for the Unix socket that will be used to listen for |
|
105 | 105 | # incoming connections. There is no default, so Redis will not listen |
|
106 | 106 | # on a unix socket when not specified. |
|
107 | 107 | # |
|
108 | 108 | # unixsocket /tmp/redis.sock |
|
109 | 109 | # unixsocketperm 700 |
|
110 | 110 | |
|
111 | 111 | # Close the connection after a client is idle for N seconds (0 to disable) |
|
112 | 112 | timeout 0 |
|
113 | 113 | |
|
114 | 114 | # TCP keepalive. |
|
115 | 115 | # |
|
116 | 116 | # If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence |
|
117 | 117 | # of communication. This is useful for two reasons: |
|
118 | 118 | # |
|
119 | 119 | # 1) Detect dead peers. |
|
120 | 120 | # 2) Force network equipment in the middle to consider the connection to be |
|
121 | 121 | # alive. |
|
122 | 122 | # |
|
123 | 123 | # On Linux, the specified value (in seconds) is the period used to send ACKs. |
|
124 | 124 | # Note that to close the connection the double of the time is needed. |
|
125 | 125 | # On other kernels the period depends on the kernel configuration. |
|
126 | 126 | # |
|
127 | 127 | # A reasonable value for this option is 300 seconds, which is the new |
|
128 | 128 | # Redis default starting with Redis 3.2.1. |
|
129 | 129 | tcp-keepalive 300 |
|
130 | 130 | |
|
131 | 131 | ################################# TLS/SSL ##################################### |
|
132 | 132 | |
|
133 | 133 | # By default, TLS/SSL is disabled. To enable it, the "tls-port" configuration |
|
134 | 134 | # directive can be used to define TLS-listening ports. To enable TLS on the |
|
135 | 135 | # default port, use: |
|
136 | 136 | # |
|
137 | 137 | # port 0 |
|
138 | 138 | # tls-port 6379 |
|
139 | 139 | |
|
140 | 140 | # Configure a X.509 certificate and private key to use for authenticating the |
|
141 | 141 | # server to connected clients, masters or cluster peers. These files should be |
|
142 | 142 | # PEM formatted. |
|
143 | 143 | # |
|
144 | 144 | # tls-cert-file redis.crt |
|
145 | 145 | # tls-key-file redis.key |
|
146 | 146 | |
|
147 | 147 | # Configure a DH parameters file to enable Diffie-Hellman (DH) key exchange: |
|
148 | 148 | # |
|
149 | 149 | # tls-dh-params-file redis.dh |
|
150 | 150 | |
|
151 | 151 | # Configure a CA certificate(s) bundle or directory to authenticate TLS/SSL |
|
152 | 152 | # clients and peers. Redis requires an explicit configuration of at least one |
|
153 | 153 | # of these, and will not implicitly use the system wide configuration. |
|
154 | 154 | # |
|
155 | 155 | # tls-ca-cert-file ca.crt |
|
156 | 156 | # tls-ca-cert-dir /etc/ssl/certs |
|
157 | 157 | |
|
158 | 158 | # By default, clients (including replica servers) on a TLS port are required |
|
159 | 159 | # to authenticate using valid client side certificates. |
|
160 | 160 | # |
|
161 | 161 | # If "no" is specified, client certificates are not required and not accepted. |
|
162 | 162 | # If "optional" is specified, client certificates are accepted and must be |
|
163 | 163 | # valid if provided, but are not required. |
|
164 | 164 | # |
|
165 | 165 | # tls-auth-clients no |
|
166 | 166 | # tls-auth-clients optional |
|
167 | 167 | |
|
168 | 168 | # By default, a Redis replica does not attempt to establish a TLS connection |
|
169 | 169 | # with its master. |
|
170 | 170 | # |
|
171 | 171 | # Use the following directive to enable TLS on replication links. |
|
172 | 172 | # |
|
173 | 173 | # tls-replication yes |
|
174 | 174 | |
|
175 | 175 | # By default, the Redis Cluster bus uses a plain TCP connection. To enable |
|
176 | 176 | # TLS for the bus protocol, use the following directive: |
|
177 | 177 | # |
|
178 | 178 | # tls-cluster yes |
|
179 | 179 | |
|
180 | 180 | # Explicitly specify TLS versions to support. Allowed values are case insensitive |
|
181 | 181 | # and include "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" (OpenSSL >= 1.1.1) or |
|
182 | 182 | # any combination. To enable only TLSv1.2 and TLSv1.3, use: |
|
183 | 183 | # |
|
184 | 184 | # tls-protocols "TLSv1.2 TLSv1.3" |
|
185 | 185 | |
|
186 | 186 | # Configure allowed ciphers. See the ciphers(1ssl) manpage for more information |
|
187 | 187 | # about the syntax of this string. |
|
188 | 188 | # |
|
189 | 189 | # Note: this configuration applies only to <= TLSv1.2. |
|
190 | 190 | # |
|
191 | 191 | # tls-ciphers DEFAULT:!MEDIUM |
|
192 | 192 | |
|
193 | 193 | # Configure allowed TLSv1.3 ciphersuites. See the ciphers(1ssl) manpage for more |
|
194 | 194 | # information about the syntax of this string, and specifically for TLSv1.3 |
|
195 | 195 | # ciphersuites. |
|
196 | 196 | # |
|
197 | 197 | # tls-ciphersuites TLS_CHACHA20_POLY1305_SHA256 |
|
198 | 198 | |
|
199 | 199 | # When choosing a cipher, use the server's preference instead of the client |
|
200 | 200 | # preference. By default, the server follows the client's preference. |
|
201 | 201 | # |
|
202 | 202 | # tls-prefer-server-ciphers yes |
|
203 | 203 | |
|
204 | 204 | # By default, TLS session caching is enabled to allow faster and less expensive |
|
205 | 205 | # reconnections by clients that support it. Use the following directive to disable |
|
206 | 206 | # caching. |
|
207 | 207 | # |
|
208 | 208 | # tls-session-caching no |
|
209 | 209 | |
|
210 | 210 | # Change the default number of TLS sessions cached. A zero value sets the cache |
|
211 | 211 | # to unlimited size. The default size is 20480. |
|
212 | 212 | # |
|
213 | 213 | # tls-session-cache-size 5000 |
|
214 | 214 | |
|
215 | 215 | # Change the default timeout of cached TLS sessions. The default timeout is 300 |
|
216 | 216 | # seconds. |
|
217 | 217 | # |
|
218 | 218 | # tls-session-cache-timeout 60 |
|
219 | 219 | |
|
220 | 220 | ################################# GENERAL ##################################### |
|
221 | 221 | |
|
222 | 222 | # By default Redis does not run as a daemon. Use 'yes' if you need it. |
|
223 | 223 | # Note that Redis will write a pid file in /var/run/redis.pid when daemonized. |
|
224 | 224 | daemonize no |
|
225 | 225 | |
|
226 | 226 | # If you run Redis from upstart or systemd, Redis can interact with your |
|
227 | 227 | # supervision tree. Options: |
|
228 | 228 | # supervised no - no supervision interaction |
|
229 | 229 | # supervised upstart - signal upstart by putting Redis into SIGSTOP mode |
|
230 | 230 | # requires "expect stop" in your upstart job config |
|
231 | 231 | # supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET |
|
232 | 232 | # supervised auto - detect upstart or systemd method based on |
|
233 | 233 | # UPSTART_JOB or NOTIFY_SOCKET environment variables |
|
234 | 234 | # Note: these supervision methods only signal "process is ready." |
|
235 | 235 | # They do not enable continuous pings back to your supervisor. |
|
236 | 236 | supervised no |
|
237 | 237 | |
|
238 | 238 | # If a pid file is specified, Redis writes it where specified at startup |
|
239 | 239 | # and removes it at exit. |
|
240 | 240 | # |
|
241 | 241 | # When the server runs non daemonized, no pid file is created if none is |
|
242 | 242 | # specified in the configuration. When the server is daemonized, the pid file |
|
243 | 243 | # is used even if not specified, defaulting to "/var/run/redis.pid". |
|
244 | 244 | # |
|
245 | 245 | # Creating a pid file is best effort: if Redis is not able to create it |
|
246 | 246 | # nothing bad happens, the server will start and run normally. |
|
247 | 247 | pidfile /var/run/redis_6379.pid |
|
248 | 248 | |
|
249 | 249 | # Specify the server verbosity level. |
|
250 | 250 | # This can be one of: |
|
251 | 251 | # debug (a lot of information, useful for development/testing) |
|
252 | 252 | # verbose (many rarely useful info, but not a mess like the debug level) |
|
253 | 253 | # notice (moderately verbose, what you want in production probably) |
|
254 | 254 | # warning (only very important / critical messages are logged) |
|
255 | 255 | loglevel notice |
|
256 | 256 | |
|
257 | 257 | # Specify the log file name. Also the empty string can be used to force |
|
258 | 258 | # Redis to log on the standard output. Note that if you use standard |
|
259 | 259 | # output for logging but daemonize, logs will be sent to /dev/null |
|
260 | 260 | logfile "" |
|
261 | 261 | |
|
262 | 262 | # To enable logging to the system logger, just set 'syslog-enabled' to yes, |
|
263 | 263 | # and optionally update the other syslog parameters to suit your needs. |
|
264 | 264 | # syslog-enabled no |
|
265 | 265 | |
|
266 | 266 | # Specify the syslog identity. |
|
267 | 267 | # syslog-ident redis |
|
268 | 268 | |
|
269 | 269 | # Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7. |
|
270 | 270 | # syslog-facility local0 |
|
271 | 271 | |
|
272 | 272 | # Set the number of databases. The default database is DB 0, you can select |
|
273 | 273 | # a different one on a per-connection basis using SELECT <dbid> where |
|
274 | 274 | # dbid is a number between 0 and 'databases'-1 |
|
275 | 275 | databases 16 |
|
276 | 276 | |
|
277 | 277 | # By default Redis shows an ASCII art logo only when started to log to the |
|
278 | 278 | # standard output and if the standard output is a TTY. Basically this means |
|
279 | 279 | # that normally a logo is displayed only in interactive sessions. |
|
280 | 280 | # |
|
281 | 281 | # However it is possible to force the pre-4.0 behavior and always show a |
|
282 | 282 | # ASCII art logo in startup logs by setting the following option to yes. |
|
283 |
always-show-logo |
|
|
283 | always-show-logo no | |
|
284 | 284 | |
|
285 | 285 | ################################ SNAPSHOTTING ################################ |
|
286 | 286 | # |
|
287 | 287 | # Save the DB on disk: |
|
288 | 288 | # |
|
289 | 289 | # save <seconds> <changes> |
|
290 | 290 | # |
|
291 | 291 | # Will save the DB if both the given number of seconds and the given |
|
292 | 292 | # number of write operations against the DB occurred. |
|
293 | 293 | # |
|
294 | 294 | # In the example below the behavior will be to save: |
|
295 | 295 | # after 900 sec (15 min) if at least 1 key changed |
|
296 | 296 | # after 300 sec (5 min) if at least 10 keys changed |
|
297 | 297 | # after 60 sec if at least 10000 keys changed |
|
298 | 298 | # |
|
299 | 299 | # Note: you can disable saving completely by commenting out all "save" lines. |
|
300 | 300 | # |
|
301 | 301 | # It is also possible to remove all the previously configured save |
|
302 | 302 | # points by adding a save directive with a single empty string argument |
|
303 | 303 | # like in the following example: |
|
304 | 304 | # |
|
305 | 305 | # save "" |
|
306 | 306 | |
|
307 | 307 | save 900 1 |
|
308 | 308 | save 300 10 |
|
309 | 309 | save 60 10000 |
|
310 | 310 | |
|
311 | 311 | # By default Redis will stop accepting writes if RDB snapshots are enabled |
|
312 | 312 | # (at least one save point) and the latest background save failed. |
|
313 | 313 | # This will make the user aware (in a hard way) that data is not persisting |
|
314 | 314 | # on disk properly, otherwise chances are that no one will notice and some |
|
315 | 315 | # disaster will happen. |
|
316 | 316 | # |
|
317 | 317 | # If the background saving process will start working again Redis will |
|
318 | 318 | # automatically allow writes again. |
|
319 | 319 | # |
|
320 | 320 | # However if you have setup your proper monitoring of the Redis server |
|
321 | 321 | # and persistence, you may want to disable this feature so that Redis will |
|
322 | 322 | # continue to work as usual even if there are problems with disk, |
|
323 | 323 | # permissions, and so forth. |
|
324 | 324 | stop-writes-on-bgsave-error yes |
|
325 | 325 | |
|
326 | 326 | # Compress string objects using LZF when dump .rdb databases? |
|
327 | 327 | # By default compression is enabled as it's almost always a win. |
|
328 | 328 | # If you want to save some CPU in the saving child set it to 'no' but |
|
329 | 329 | # the dataset will likely be bigger if you have compressible values or keys. |
|
330 | 330 | rdbcompression yes |
|
331 | 331 | |
|
332 | 332 | # Since version 5 of RDB a CRC64 checksum is placed at the end of the file. |
|
333 | 333 | # This makes the format more resistant to corruption but there is a performance |
|
334 | 334 | # hit to pay (around 10%) when saving and loading RDB files, so you can disable it |
|
335 | 335 | # for maximum performances. |
|
336 | 336 | # |
|
337 | 337 | # RDB files created with checksum disabled have a checksum of zero that will |
|
338 | 338 | # tell the loading code to skip the check. |
|
339 | 339 | rdbchecksum yes |
|
340 | 340 | |
|
341 | 341 | # The filename where to dump the DB |
|
342 | 342 | dbfilename redis_dump.rdb |
|
343 | 343 | |
|
344 | 344 | # Remove RDB files used by replication in instances without persistence |
|
345 | 345 | # enabled. By default this option is disabled, however there are environments |
|
346 | 346 | # where for regulations or other security concerns, RDB files persisted on |
|
347 | 347 | # disk by masters in order to feed replicas, or stored on disk by replicas |
|
348 | 348 | # in order to load them for the initial synchronization, should be deleted |
|
349 | 349 | # ASAP. Note that this option ONLY WORKS in instances that have both AOF |
|
350 | 350 | # and RDB persistence disabled, otherwise is completely ignored. |
|
351 | 351 | # |
|
352 | 352 | # An alternative (and sometimes better) way to obtain the same effect is |
|
353 | 353 | # to use diskless replication on both master and replicas instances. However |
|
354 | 354 | # in the case of replicas, diskless is not always an option. |
|
355 | 355 | rdb-del-sync-files no |
|
356 | 356 | |
|
357 | 357 | # The working directory. |
|
358 | 358 | # |
|
359 | 359 | # The DB will be written inside this directory, with the filename specified |
|
360 | 360 | # above using the 'dbfilename' configuration directive. |
|
361 | 361 | # |
|
362 | 362 | # The Append Only File will also be created inside this directory. |
|
363 | 363 | # |
|
364 | 364 | # Note that you must specify a directory here, not a file name. |
|
365 | dir /var/opt/rhodecode_data/ | |
|
365 | dir /data | |
|
366 | 366 | |
|
367 | 367 | ################################# REPLICATION ################################# |
|
368 | 368 | |
|
369 | 369 | # Master-Replica replication. Use replicaof to make a Redis instance a copy of |
|
370 | 370 | # another Redis server. A few things to understand ASAP about Redis replication. |
|
371 | 371 | # |
|
372 | 372 | # +------------------+ +---------------+ |
|
373 | 373 | # | Master | ---> | Replica | |
|
374 | 374 | # | (receive writes) | | (exact copy) | |
|
375 | 375 | # +------------------+ +---------------+ |
|
376 | 376 | # |
|
377 | 377 | # 1) Redis replication is asynchronous, but you can configure a master to |
|
378 | 378 | # stop accepting writes if it appears to be not connected with at least |
|
379 | 379 | # a given number of replicas. |
|
380 | 380 | # 2) Redis replicas are able to perform a partial resynchronization with the |
|
381 | 381 | # master if the replication link is lost for a relatively small amount of |
|
382 | 382 | # time. You may want to configure the replication backlog size (see the next |
|
383 | 383 | # sections of this file) with a sensible value depending on your needs. |
|
384 | 384 | # 3) Replication is automatic and does not need user intervention. After a |
|
385 | 385 | # network partition replicas automatically try to reconnect to masters |
|
386 | 386 | # and resynchronize with them. |
|
387 | 387 | # |
|
388 | 388 | # replicaof <masterip> <masterport> |
|
389 | 389 | |
|
390 | 390 | # If the master is password protected (using the "requirepass" configuration |
|
391 | 391 | # directive below) it is possible to tell the replica to authenticate before |
|
392 | 392 | # starting the replication synchronization process, otherwise the master will |
|
393 | 393 | # refuse the replica request. |
|
394 | 394 | # |
|
395 | 395 | # masterauth <master-password> |
|
396 | 396 | # |
|
397 | 397 | # However this is not enough if you are using Redis ACLs (for Redis version |
|
398 | 398 | # 6 or greater), and the default user is not capable of running the PSYNC |
|
399 | 399 | # command and/or other commands needed for replication. In this case it's |
|
400 | 400 | # better to configure a special user to use with replication, and specify the |
|
401 | 401 | # masteruser configuration as such: |
|
402 | 402 | # |
|
403 | 403 | # masteruser <username> |
|
404 | 404 | # |
|
405 | 405 | # When masteruser is specified, the replica will authenticate against its |
|
406 | 406 | # master using the new AUTH form: AUTH <username> <password>. |
|
407 | 407 | |
|
408 | 408 | # When a replica loses its connection with the master, or when the replication |
|
409 | 409 | # is still in progress, the replica can act in two different ways: |
|
410 | 410 | # |
|
411 | 411 | # 1) if replica-serve-stale-data is set to 'yes' (the default) the replica will |
|
412 | 412 | # still reply to client requests, possibly with out of date data, or the |
|
413 | 413 | # data set may just be empty if this is the first synchronization. |
|
414 | 414 | # |
|
415 | 415 | # 2) If replica-serve-stale-data is set to 'no' the replica will reply with |
|
416 | 416 | # an error "SYNC with master in progress" to all commands except: |
|
417 | 417 | # INFO, REPLICAOF, AUTH, PING, SHUTDOWN, REPLCONF, ROLE, CONFIG, SUBSCRIBE, |
|
418 | 418 | # UNSUBSCRIBE, PSUBSCRIBE, PUNSUBSCRIBE, PUBLISH, PUBSUB, COMMAND, POST, |
|
419 | 419 | # HOST and LATENCY. |
|
420 | 420 | # |
|
421 | 421 | replica-serve-stale-data yes |
|
422 | 422 | |
|
423 | 423 | # You can configure a replica instance to accept writes or not. Writing against |
|
424 | 424 | # a replica instance may be useful to store some ephemeral data (because data |
|
425 | 425 | # written on a replica will be easily deleted after resync with the master) but |
|
426 | 426 | # may also cause problems if clients are writing to it because of a |
|
427 | 427 | # misconfiguration. |
|
428 | 428 | # |
|
429 | 429 | # Since Redis 2.6 by default replicas are read-only. |
|
430 | 430 | # |
|
431 | 431 | # Note: read only replicas are not designed to be exposed to untrusted clients |
|
432 | 432 | # on the internet. It's just a protection layer against misuse of the instance. |
|
433 | 433 | # Still a read only replica exports by default all the administrative commands |
|
434 | 434 | # such as CONFIG, DEBUG, and so forth. To a limited extent you can improve |
|
435 | 435 | # security of read only replicas using 'rename-command' to shadow all the |
|
436 | 436 | # administrative / dangerous commands. |
|
437 | 437 | replica-read-only yes |
|
438 | 438 | |
|
439 | 439 | # Replication SYNC strategy: disk or socket. |
|
440 | 440 | # |
|
441 | 441 | # New replicas and reconnecting replicas that are not able to continue the |
|
442 | 442 | # replication process just receiving differences, need to do what is called a |
|
443 | 443 | # "full synchronization". An RDB file is transmitted from the master to the |
|
444 | 444 | # replicas. |
|
445 | 445 | # |
|
446 | 446 | # The transmission can happen in two different ways: |
|
447 | 447 | # |
|
448 | 448 | # 1) Disk-backed: The Redis master creates a new process that writes the RDB |
|
449 | 449 | # file on disk. Later the file is transferred by the parent |
|
450 | 450 | # process to the replicas incrementally. |
|
451 | 451 | # 2) Diskless: The Redis master creates a new process that directly writes the |
|
452 | 452 | # RDB file to replica sockets, without touching the disk at all. |
|
453 | 453 | # |
|
454 | 454 | # With disk-backed replication, while the RDB file is generated, more replicas |
|
455 | 455 | # can be queued and served with the RDB file as soon as the current child |
|
456 | 456 | # producing the RDB file finishes its work. With diskless replication instead |
|
457 | 457 | # once the transfer starts, new replicas arriving will be queued and a new |
|
458 | 458 | # transfer will start when the current one terminates. |
|
459 | 459 | # |
|
460 | 460 | # When diskless replication is used, the master waits a configurable amount of |
|
461 | 461 | # time (in seconds) before starting the transfer in the hope that multiple |
|
462 | 462 | # replicas will arrive and the transfer can be parallelized. |
|
463 | 463 | # |
|
464 | 464 | # With slow disks and fast (large bandwidth) networks, diskless replication |
|
465 | 465 | # works better. |
|
466 | 466 | repl-diskless-sync no |
|
467 | 467 | |
|
468 | 468 | # When diskless replication is enabled, it is possible to configure the delay |
|
469 | 469 | # the server waits in order to spawn the child that transfers the RDB via socket |
|
470 | 470 | # to the replicas. |
|
471 | 471 | # |
|
472 | 472 | # This is important since once the transfer starts, it is not possible to serve |
|
473 | 473 | # new replicas arriving, that will be queued for the next RDB transfer, so the |
|
474 | 474 | # server waits a delay in order to let more replicas arrive. |
|
475 | 475 | # |
|
476 | 476 | # The delay is specified in seconds, and by default is 5 seconds. To disable |
|
477 | 477 | # it entirely just set it to 0 seconds and the transfer will start ASAP. |
|
478 | 478 | repl-diskless-sync-delay 5 |
|
479 | 479 | |
|
480 | 480 | # ----------------------------------------------------------------------------- |
|
481 | 481 | # WARNING: RDB diskless load is experimental. Since in this setup the replica |
|
482 | 482 | # does not immediately store an RDB on disk, it may cause data loss during |
|
483 | 483 | # failovers. RDB diskless load + Redis modules not handling I/O reads may also |
|
484 | 484 | # cause Redis to abort in case of I/O errors during the initial synchronization |
|
485 | 485 | # stage with the master. Use only if your do what you are doing. |
|
486 | 486 | # ----------------------------------------------------------------------------- |
|
487 | 487 | # |
|
488 | 488 | # Replica can load the RDB it reads from the replication link directly from the |
|
489 | 489 | # socket, or store the RDB to a file and read that file after it was completely |
|
490 | 490 | # received from the master. |
|
491 | 491 | # |
|
492 | 492 | # In many cases the disk is slower than the network, and storing and loading |
|
493 | 493 | # the RDB file may increase replication time (and even increase the master's |
|
494 | 494 | # Copy on Write memory and salve buffers). |
|
495 | 495 | # However, parsing the RDB file directly from the socket may mean that we have |
|
496 | 496 | # to flush the contents of the current database before the full rdb was |
|
497 | 497 | # received. For this reason we have the following options: |
|
498 | 498 | # |
|
499 | 499 | # "disabled" - Don't use diskless load (store the rdb file to the disk first) |
|
500 | 500 | # "on-empty-db" - Use diskless load only when it is completely safe. |
|
501 | 501 | # "swapdb" - Keep a copy of the current db contents in RAM while parsing |
|
502 | 502 | # the data directly from the socket. note that this requires |
|
503 | 503 | # sufficient memory, if you don't have it, you risk an OOM kill. |
|
504 | 504 | repl-diskless-load disabled |
|
505 | 505 | |
|
506 | 506 | # Replicas send PINGs to server in a predefined interval. It's possible to |
|
507 | 507 | # change this interval with the repl_ping_replica_period option. The default |
|
508 | 508 | # value is 10 seconds. |
|
509 | 509 | # |
|
510 | 510 | # repl-ping-replica-period 10 |
|
511 | 511 | |
|
512 | 512 | # The following option sets the replication timeout for: |
|
513 | 513 | # |
|
514 | 514 | # 1) Bulk transfer I/O during SYNC, from the point of view of replica. |
|
515 | 515 | # 2) Master timeout from the point of view of replicas (data, pings). |
|
516 | 516 | # 3) Replica timeout from the point of view of masters (REPLCONF ACK pings). |
|
517 | 517 | # |
|
518 | 518 | # It is important to make sure that this value is greater than the value |
|
519 | 519 | # specified for repl-ping-replica-period otherwise a timeout will be detected |
|
520 | 520 | # every time there is low traffic between the master and the replica. The default |
|
521 | 521 | # value is 60 seconds. |
|
522 | 522 | # |
|
523 | 523 | # repl-timeout 60 |
|
524 | 524 | |
|
525 | 525 | # Disable TCP_NODELAY on the replica socket after SYNC? |
|
526 | 526 | # |
|
527 | 527 | # If you select "yes" Redis will use a smaller number of TCP packets and |
|
528 | 528 | # less bandwidth to send data to replicas. But this can add a delay for |
|
529 | 529 | # the data to appear on the replica side, up to 40 milliseconds with |
|
530 | 530 | # Linux kernels using a default configuration. |
|
531 | 531 | # |
|
532 | 532 | # If you select "no" the delay for data to appear on the replica side will |
|
533 | 533 | # be reduced but more bandwidth will be used for replication. |
|
534 | 534 | # |
|
535 | 535 | # By default we optimize for low latency, but in very high traffic conditions |
|
536 | 536 | # or when the master and replicas are many hops away, turning this to "yes" may |
|
537 | 537 | # be a good idea. |
|
538 | 538 | repl-disable-tcp-nodelay no |
|
539 | 539 | |
|
540 | 540 | # Set the replication backlog size. The backlog is a buffer that accumulates |
|
541 | 541 | # replica data when replicas are disconnected for some time, so that when a |
|
542 | 542 | # replica wants to reconnect again, often a full resync is not needed, but a |
|
543 | 543 | # partial resync is enough, just passing the portion of data the replica |
|
544 | 544 | # missed while disconnected. |
|
545 | 545 | # |
|
546 | 546 | # The bigger the replication backlog, the longer the replica can endure the |
|
547 | 547 | # disconnect and later be able to perform a partial resynchronization. |
|
548 | 548 | # |
|
549 | 549 | # The backlog is only allocated if there is at least one replica connected. |
|
550 | 550 | # |
|
551 | 551 | # repl-backlog-size 1mb |
|
552 | 552 | |
|
553 | 553 | # After a master has no connected replicas for some time, the backlog will be |
|
554 | 554 | # freed. The following option configures the amount of seconds that need to |
|
555 | 555 | # elapse, starting from the time the last replica disconnected, for the backlog |
|
556 | 556 | # buffer to be freed. |
|
557 | 557 | # |
|
558 | 558 | # Note that replicas never free the backlog for timeout, since they may be |
|
559 | 559 | # promoted to masters later, and should be able to correctly "partially |
|
560 | 560 | # resynchronize" with other replicas: hence they should always accumulate backlog. |
|
561 | 561 | # |
|
562 | 562 | # A value of 0 means to never release the backlog. |
|
563 | 563 | # |
|
564 | 564 | # repl-backlog-ttl 3600 |
|
565 | 565 | |
|
566 | 566 | # The replica priority is an integer number published by Redis in the INFO |
|
567 | 567 | # output. It is used by Redis Sentinel in order to select a replica to promote |
|
568 | 568 | # into a master if the master is no longer working correctly. |
|
569 | 569 | # |
|
570 | 570 | # A replica with a low priority number is considered better for promotion, so |
|
571 | 571 | # for instance if there are three replicas with priority 10, 100, 25 Sentinel |
|
572 | 572 | # will pick the one with priority 10, that is the lowest. |
|
573 | 573 | # |
|
574 | 574 | # However a special priority of 0 marks the replica as not able to perform the |
|
575 | 575 | # role of master, so a replica with priority of 0 will never be selected by |
|
576 | 576 | # Redis Sentinel for promotion. |
|
577 | 577 | # |
|
578 | 578 | # By default the priority is 100. |
|
579 | 579 | replica-priority 100 |
|
580 | 580 | |
|
581 | 581 | # It is possible for a master to stop accepting writes if there are less than |
|
582 | 582 | # N replicas connected, having a lag less or equal than M seconds. |
|
583 | 583 | # |
|
584 | 584 | # The N replicas need to be in "online" state. |
|
585 | 585 | # |
|
586 | 586 | # The lag in seconds, that must be <= the specified value, is calculated from |
|
587 | 587 | # the last ping received from the replica, that is usually sent every second. |
|
588 | 588 | # |
|
589 | 589 | # This option does not GUARANTEE that N replicas will accept the write, but |
|
590 | 590 | # will limit the window of exposure for lost writes in case not enough replicas |
|
591 | 591 | # are available, to the specified number of seconds. |
|
592 | 592 | # |
|
593 | 593 | # For example to require at least 3 replicas with a lag <= 10 seconds use: |
|
594 | 594 | # |
|
595 | 595 | # min-replicas-to-write 3 |
|
596 | 596 | # min-replicas-max-lag 10 |
|
597 | 597 | # |
|
598 | 598 | # Setting one or the other to 0 disables the feature. |
|
599 | 599 | # |
|
600 | 600 | # By default min-replicas-to-write is set to 0 (feature disabled) and |
|
601 | 601 | # min-replicas-max-lag is set to 10. |
|
602 | 602 | |
|
603 | 603 | # A Redis master is able to list the address and port of the attached |
|
604 | 604 | # replicas in different ways. For example the "INFO replication" section |
|
605 | 605 | # offers this information, which is used, among other tools, by |
|
606 | 606 | # Redis Sentinel in order to discover replica instances. |
|
607 | 607 | # Another place where this info is available is in the output of the |
|
608 | 608 | # "ROLE" command of a master. |
|
609 | 609 | # |
|
610 | 610 | # The listed IP address and port normally reported by a replica is |
|
611 | 611 | # obtained in the following way: |
|
612 | 612 | # |
|
613 | 613 | # IP: The address is auto detected by checking the peer address |
|
614 | 614 | # of the socket used by the replica to connect with the master. |
|
615 | 615 | # |
|
616 | 616 | # Port: The port is communicated by the replica during the replication |
|
617 | 617 | # handshake, and is normally the port that the replica is using to |
|
618 | 618 | # listen for connections. |
|
619 | 619 | # |
|
620 | 620 | # However when port forwarding or Network Address Translation (NAT) is |
|
621 | 621 | # used, the replica may actually be reachable via different IP and port |
|
622 | 622 | # pairs. The following two options can be used by a replica in order to |
|
623 | 623 | # report to its master a specific set of IP and port, so that both INFO |
|
624 | 624 | # and ROLE will report those values. |
|
625 | 625 | # |
|
626 | 626 | # There is no need to use both the options if you need to override just |
|
627 | 627 | # the port or the IP address. |
|
628 | 628 | # |
|
629 | 629 | # replica-announce-ip 5.5.5.5 |
|
630 | 630 | # replica-announce-port 1234 |
|
631 | 631 | |
|
632 | 632 | ############################### KEYS TRACKING ################################# |
|
633 | 633 | |
|
634 | 634 | # Redis implements server assisted support for client side caching of values. |
|
635 | 635 | # This is implemented using an invalidation table that remembers, using |
|
636 | 636 | # 16 millions of slots, what clients may have certain subsets of keys. In turn |
|
637 | 637 | # this is used in order to send invalidation messages to clients. Please |
|
638 | 638 | # check this page to understand more about the feature: |
|
639 | 639 | # |
|
640 | 640 | # https://redis.io/topics/client-side-caching |
|
641 | 641 | # |
|
642 | 642 | # When tracking is enabled for a client, all the read only queries are assumed |
|
643 | 643 | # to be cached: this will force Redis to store information in the invalidation |
|
644 | 644 | # table. When keys are modified, such information is flushed away, and |
|
645 | 645 | # invalidation messages are sent to the clients. However if the workload is |
|
646 | 646 | # heavily dominated by reads, Redis could use more and more memory in order |
|
647 | 647 | # to track the keys fetched by many clients. |
|
648 | 648 | # |
|
649 | 649 | # For this reason it is possible to configure a maximum fill value for the |
|
650 | 650 | # invalidation table. By default it is set to 1M of keys, and once this limit |
|
651 | 651 | # is reached, Redis will start to evict keys in the invalidation table |
|
652 | 652 | # even if they were not modified, just to reclaim memory: this will in turn |
|
653 | 653 | # force the clients to invalidate the cached values. Basically the table |
|
654 | 654 | # maximum size is a trade off between the memory you want to spend server |
|
655 | 655 | # side to track information about who cached what, and the ability of clients |
|
656 | 656 | # to retain cached objects in memory. |
|
657 | 657 | # |
|
658 | 658 | # If you set the value to 0, it means there are no limits, and Redis will |
|
659 | 659 | # retain as many keys as needed in the invalidation table. |
|
660 | 660 | # In the "stats" INFO section, you can find information about the number of |
|
661 | 661 | # keys in the invalidation table at every given moment. |
|
662 | 662 | # |
|
663 | 663 | # Note: when key tracking is used in broadcasting mode, no memory is used |
|
664 | 664 | # in the server side so this setting is useless. |
|
665 | 665 | # |
|
666 | 666 | # tracking-table-max-keys 1000000 |
|
667 | 667 | |
|
668 | 668 | ################################## SECURITY ################################### |
|
669 | 669 | |
|
670 | 670 | # Warning: since Redis is pretty fast, an outside user can try up to |
|
671 | 671 | # 1 million passwords per second against a modern box. This means that you |
|
672 | 672 | # should use very strong passwords, otherwise they will be very easy to break. |
|
673 | 673 | # Note that because the password is really a shared secret between the client |
|
674 | 674 | # and the server, and should not be memorized by any human, the password |
|
675 | 675 | # can be easily a long string from /dev/urandom or whatever, so by using a |
|
676 | 676 | # long and unguessable password no brute force attack will be possible. |
|
677 | 677 | |
|
678 | 678 | # Redis ACL users are defined in the following format: |
|
679 | 679 | # |
|
680 | 680 | # user <username> ... acl rules ... |
|
681 | 681 | # |
|
682 | 682 | # For example: |
|
683 | 683 | # |
|
684 | 684 | # user worker +@list +@connection ~jobs:* on >ffa9203c493aa99 |
|
685 | 685 | # |
|
686 | 686 | # The special username "default" is used for new connections. If this user |
|
687 | 687 | # has the "nopass" rule, then new connections will be immediately authenticated |
|
688 | 688 | # as the "default" user without the need of any password provided via the |
|
689 | 689 | # AUTH command. Otherwise if the "default" user is not flagged with "nopass" |
|
690 | 690 | # the connections will start in not authenticated state, and will require |
|
691 | 691 | # AUTH (or the HELLO command AUTH option) in order to be authenticated and |
|
692 | 692 | # start to work. |
|
693 | 693 | # |
|
694 | 694 | # The ACL rules that describe what a user can do are the following: |
|
695 | 695 | # |
|
696 | 696 | # on Enable the user: it is possible to authenticate as this user. |
|
697 | 697 | # off Disable the user: it's no longer possible to authenticate |
|
698 | 698 | # with this user, however the already authenticated connections |
|
699 | 699 | # will still work. |
|
700 | 700 | # +<command> Allow the execution of that command |
|
701 | 701 | # -<command> Disallow the execution of that command |
|
702 | 702 | # +@<category> Allow the execution of all the commands in such category |
|
703 | 703 | # with valid categories are like @admin, @set, @sortedset, ... |
|
704 | 704 | # and so forth, see the full list in the server.c file where |
|
705 | 705 | # the Redis command table is described and defined. |
|
706 | 706 | # The special category @all means all the commands, but currently |
|
707 | 707 | # present in the server, and that will be loaded in the future |
|
708 | 708 | # via modules. |
|
709 | 709 | # +<command>|subcommand Allow a specific subcommand of an otherwise |
|
710 | 710 | # disabled command. Note that this form is not |
|
711 | 711 | # allowed as negative like -DEBUG|SEGFAULT, but |
|
712 | 712 | # only additive starting with "+". |
|
713 | 713 | # allcommands Alias for +@all. Note that it implies the ability to execute |
|
714 | 714 | # all the future commands loaded via the modules system. |
|
715 | 715 | # nocommands Alias for -@all. |
|
716 | 716 | # ~<pattern> Add a pattern of keys that can be mentioned as part of |
|
717 | 717 | # commands. For instance ~* allows all the keys. The pattern |
|
718 | 718 | # is a glob-style pattern like the one of KEYS. |
|
719 | 719 | # It is possible to specify multiple patterns. |
|
720 | 720 | # allkeys Alias for ~* |
|
721 | 721 | # resetkeys Flush the list of allowed keys patterns. |
|
722 | 722 | # ><password> Add this password to the list of valid password for the user. |
|
723 | 723 | # For example >mypass will add "mypass" to the list. |
|
724 | 724 | # This directive clears the "nopass" flag (see later). |
|
725 | 725 | # <<password> Remove this password from the list of valid passwords. |
|
726 | 726 | # nopass All the set passwords of the user are removed, and the user |
|
727 | 727 | # is flagged as requiring no password: it means that every |
|
728 | 728 | # password will work against this user. If this directive is |
|
729 | 729 | # used for the default user, every new connection will be |
|
730 | 730 | # immediately authenticated with the default user without |
|
731 | 731 | # any explicit AUTH command required. Note that the "resetpass" |
|
732 | 732 | # directive will clear this condition. |
|
733 | 733 | # resetpass Flush the list of allowed passwords. Moreover removes the |
|
734 | 734 | # "nopass" status. After "resetpass" the user has no associated |
|
735 | 735 | # passwords and there is no way to authenticate without adding |
|
736 | 736 | # some password (or setting it as "nopass" later). |
|
737 | 737 | # reset Performs the following actions: resetpass, resetkeys, off, |
|
738 | 738 | # -@all. The user returns to the same state it has immediately |
|
739 | 739 | # after its creation. |
|
740 | 740 | # |
|
741 | 741 | # ACL rules can be specified in any order: for instance you can start with |
|
742 | 742 | # passwords, then flags, or key patterns. However note that the additive |
|
743 | 743 | # and subtractive rules will CHANGE MEANING depending on the ordering. |
|
744 | 744 | # For instance see the following example: |
|
745 | 745 | # |
|
746 | 746 | # user alice on +@all -DEBUG ~* >somepassword |
|
747 | 747 | # |
|
748 | 748 | # This will allow "alice" to use all the commands with the exception of the |
|
749 | 749 | # DEBUG command, since +@all added all the commands to the set of the commands |
|
750 | 750 | # alice can use, and later DEBUG was removed. However if we invert the order |
|
751 | 751 | # of two ACL rules the result will be different: |
|
752 | 752 | # |
|
753 | 753 | # user alice on -DEBUG +@all ~* >somepassword |
|
754 | 754 | # |
|
755 | 755 | # Now DEBUG was removed when alice had yet no commands in the set of allowed |
|
756 | 756 | # commands, later all the commands are added, so the user will be able to |
|
757 | 757 | # execute everything. |
|
758 | 758 | # |
|
759 | 759 | # Basically ACL rules are processed left-to-right. |
|
760 | 760 | # |
|
761 | 761 | # For more information about ACL configuration please refer to |
|
762 | 762 | # the Redis web site at https://redis.io/topics/acl |
|
763 | 763 | |
|
764 | 764 | # ACL LOG |
|
765 | 765 | # |
|
766 | 766 | # The ACL Log tracks failed commands and authentication events associated |
|
767 | 767 | # with ACLs. The ACL Log is useful to troubleshoot failed commands blocked |
|
768 | 768 | # by ACLs. The ACL Log is stored in memory. You can reclaim memory with |
|
769 | 769 | # ACL LOG RESET. Define the maximum entry length of the ACL Log below. |
|
770 | 770 | acllog-max-len 128 |
|
771 | 771 | |
|
772 | 772 | # Using an external ACL file |
|
773 | 773 | # |
|
774 | 774 | # Instead of configuring users here in this file, it is possible to use |
|
775 | 775 | # a stand-alone file just listing users. The two methods cannot be mixed: |
|
776 | 776 | # if you configure users here and at the same time you activate the external |
|
777 | 777 | # ACL file, the server will refuse to start. |
|
778 | 778 | # |
|
779 | 779 | # The format of the external ACL user file is exactly the same as the |
|
780 | 780 | # format that is used inside redis.conf to describe users. |
|
781 | 781 | # |
|
782 | 782 | # aclfile /etc/redis/users.acl |
|
783 | 783 | |
|
784 | 784 | # IMPORTANT NOTE: starting with Redis 6 "requirepass" is just a compatibility |
|
785 | 785 | # layer on top of the new ACL system. The option effect will be just setting |
|
786 | 786 | # the password for the default user. Clients will still authenticate using |
|
787 | 787 | # AUTH <password> as usually, or more explicitly with AUTH default <password> |
|
788 | 788 | # if they follow the new protocol: both will work. |
|
789 | 789 | # |
|
790 | 790 | # requirepass foobared |
|
791 | 791 | |
|
792 | 792 | # Command renaming (DEPRECATED). |
|
793 | 793 | # |
|
794 | 794 | # ------------------------------------------------------------------------ |
|
795 | 795 | # WARNING: avoid using this option if possible. Instead use ACLs to remove |
|
796 | 796 | # commands from the default user, and put them only in some admin user you |
|
797 | 797 | # create for administrative purposes. |
|
798 | 798 | # ------------------------------------------------------------------------ |
|
799 | 799 | # |
|
800 | 800 | # It is possible to change the name of dangerous commands in a shared |
|
801 | 801 | # environment. For instance the CONFIG command may be renamed into something |
|
802 | 802 | # hard to guess so that it will still be available for internal-use tools |
|
803 | 803 | # but not available for general clients. |
|
804 | 804 | # |
|
805 | 805 | # Example: |
|
806 | 806 | # |
|
807 | 807 | # rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52 |
|
808 | 808 | # |
|
809 | 809 | # It is also possible to completely kill a command by renaming it into |
|
810 | 810 | # an empty string: |
|
811 | 811 | # |
|
812 | 812 | # rename-command CONFIG "" |
|
813 | 813 | # |
|
814 | 814 | # Please note that changing the name of commands that are logged into the |
|
815 | 815 | # AOF file or transmitted to replicas may cause problems. |
|
816 | 816 | |
|
817 | 817 | ################################### CLIENTS #################################### |
|
818 | 818 | |
|
819 | 819 | # Set the max number of connected clients at the same time. By default |
|
820 | 820 | # this limit is set to 10000 clients, however if the Redis server is not |
|
821 | 821 | # able to configure the process file limit to allow for the specified limit |
|
822 | 822 | # the max number of allowed clients is set to the current file limit |
|
823 | 823 | # minus 32 (as Redis reserves a few file descriptors for internal uses). |
|
824 | 824 | # |
|
825 | 825 | # Once the limit is reached Redis will close all the new connections sending |
|
826 | 826 | # an error 'max number of clients reached'. |
|
827 | 827 | # |
|
828 | 828 | # IMPORTANT: When Redis Cluster is used, the max number of connections is also |
|
829 | 829 | # shared with the cluster bus: every node in the cluster will use two |
|
830 | 830 | # connections, one incoming and another outgoing. It is important to size the |
|
831 | 831 | # limit accordingly in case of very large clusters. |
|
832 | 832 | # |
|
833 | 833 | # maxclients 10000 |
|
834 | 834 | |
|
835 | 835 | ############################## MEMORY MANAGEMENT ################################ |
|
836 | 836 | |
|
837 | 837 | # Set a memory usage limit to the specified amount of bytes. |
|
838 | 838 | # When the memory limit is reached Redis will try to remove keys |
|
839 | 839 | # according to the eviction policy selected (see maxmemory-policy). |
|
840 | 840 | # |
|
841 | 841 | # If Redis can't remove keys according to the policy, or if the policy is |
|
842 | 842 | # set to 'noeviction', Redis will start to reply with errors to commands |
|
843 | 843 | # that would use more memory, like SET, LPUSH, and so on, and will continue |
|
844 | 844 | # to reply to read-only commands like GET. |
|
845 | 845 | # |
|
846 | 846 | # This option is usually useful when using Redis as an LRU or LFU cache, or to |
|
847 | 847 | # set a hard memory limit for an instance (using the 'noeviction' policy). |
|
848 | 848 | # |
|
849 | 849 | # WARNING: If you have replicas attached to an instance with maxmemory on, |
|
850 | 850 | # the size of the output buffers needed to feed the replicas are subtracted |
|
851 | 851 | # from the used memory count, so that network problems / resyncs will |
|
852 | 852 | # not trigger a loop where keys are evicted, and in turn the output |
|
853 | 853 | # buffer of replicas is full with DELs of keys evicted triggering the deletion |
|
854 | 854 | # of more keys, and so forth until the database is completely emptied. |
|
855 | 855 | # |
|
856 | 856 | # In short... if you have replicas attached it is suggested that you set a lower |
|
857 | 857 | # limit for maxmemory so that there is some free RAM on the system for replica |
|
858 | 858 | # output buffers (but this is not needed if the policy is 'noeviction'). |
|
859 | 859 | # |
|
860 | maxmemory 8192mb | |
|
860 | #maxmemory 8192mb | |
|
861 | 861 | |
|
862 | 862 | # MAXMEMORY POLICY: how Redis will select what to remove when maxmemory |
|
863 | 863 | # is reached. You can select one from the following behaviors: |
|
864 | 864 | # |
|
865 | 865 | # volatile-lru -> Evict using approximated LRU, only keys with an expire set. |
|
866 | 866 | # allkeys-lru -> Evict any key using approximated LRU. |
|
867 | 867 | # volatile-lfu -> Evict using approximated LFU, only keys with an expire set. |
|
868 | 868 | # allkeys-lfu -> Evict any key using approximated LFU. |
|
869 | 869 | # volatile-random -> Remove a random key having an expire set. |
|
870 | 870 | # allkeys-random -> Remove a random key, any key. |
|
871 | 871 | # volatile-ttl -> Remove the key with the nearest expire time (minor TTL) |
|
872 | 872 | # noeviction -> Don't evict anything, just return an error on write operations. |
|
873 | 873 | # |
|
874 | 874 | # LRU means Least Recently Used |
|
875 | 875 | # LFU means Least Frequently Used |
|
876 | 876 | # |
|
877 | 877 | # Both LRU, LFU and volatile-ttl are implemented using approximated |
|
878 | 878 | # randomized algorithms. |
|
879 | 879 | # |
|
880 | 880 | # Note: with any of the above policies, Redis will return an error on write |
|
881 | 881 | # operations, when there are no suitable keys for eviction. |
|
882 | 882 | # |
|
883 | 883 | # At the date of writing these commands are: set setnx setex append |
|
884 | 884 | # incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd |
|
885 | 885 | # sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby |
|
886 | 886 | # zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby |
|
887 | 887 | # getset mset msetnx exec sort |
|
888 | 888 | # |
|
889 | 889 | # The default is: |
|
890 | 890 | # |
|
891 | maxmemory-policy volatile-lru | |
|
891 | #maxmemory-policy volatile-lru | |
|
892 | 892 | |
|
893 | 893 | # LRU, LFU and minimal TTL algorithms are not precise algorithms but approximated |
|
894 | 894 | # algorithms (in order to save memory), so you can tune it for speed or |
|
895 | 895 | # accuracy. By default Redis will check five keys and pick the one that was |
|
896 | 896 | # used least recently, you can change the sample size using the following |
|
897 | 897 | # configuration directive. |
|
898 | 898 | # |
|
899 | 899 | # The default of 5 produces good enough results. 10 Approximates very closely |
|
900 | 900 | # true LRU but costs more CPU. 3 is faster but not very accurate. |
|
901 | 901 | # |
|
902 |
maxmemory-samples |
|
|
902 | maxmemory-samples 10 | |
|
903 | 903 | |
|
904 | 904 | # Starting from Redis 5, by default a replica will ignore its maxmemory setting |
|
905 | 905 | # (unless it is promoted to master after a failover or manually). It means |
|
906 | 906 | # that the eviction of keys will be just handled by the master, sending the |
|
907 | 907 | # DEL commands to the replica as keys evict in the master side. |
|
908 | 908 | # |
|
909 | 909 | # This behavior ensures that masters and replicas stay consistent, and is usually |
|
910 | 910 | # what you want, however if your replica is writable, or you want the replica |
|
911 | 911 | # to have a different memory setting, and you are sure all the writes performed |
|
912 | 912 | # to the replica are idempotent, then you may change this default (but be sure |
|
913 | 913 | # to understand what you are doing). |
|
914 | 914 | # |
|
915 | 915 | # Note that since the replica by default does not evict, it may end using more |
|
916 | 916 | # memory than the one set via maxmemory (there are certain buffers that may |
|
917 | 917 | # be larger on the replica, or data structures may sometimes take more memory |
|
918 | 918 | # and so forth). So make sure you monitor your replicas and make sure they |
|
919 | 919 | # have enough memory to never hit a real out-of-memory condition before the |
|
920 | 920 | # master hits the configured maxmemory setting. |
|
921 | 921 | # |
|
922 | 922 | # replica-ignore-maxmemory yes |
|
923 | 923 | |
|
924 | 924 | # Redis reclaims expired keys in two ways: upon access when those keys are |
|
925 | 925 | # found to be expired, and also in background, in what is called the |
|
926 | 926 | # "active expire key". The key space is slowly and interactively scanned |
|
927 | 927 | # looking for expired keys to reclaim, so that it is possible to free memory |
|
928 | 928 | # of keys that are expired and will never be accessed again in a short time. |
|
929 | 929 | # |
|
930 | 930 | # The default effort of the expire cycle will try to avoid having more than |
|
931 | 931 | # ten percent of expired keys still in memory, and will try to avoid consuming |
|
932 | 932 | # more than 25% of total memory and to add latency to the system. However |
|
933 | 933 | # it is possible to increase the expire "effort" that is normally set to |
|
934 | 934 | # "1", to a greater value, up to the value "10". At its maximum value the |
|
935 | 935 | # system will use more CPU, longer cycles (and technically may introduce |
|
936 | 936 | # more latency), and will tolerate less already expired keys still present |
|
937 | 937 | # in the system. It's a tradeoff between memory, CPU and latency. |
|
938 | 938 | # |
|
939 | 939 | # active-expire-effort 1 |
|
940 | 940 | |
|
941 | 941 | ############################# LAZY FREEING #################################### |
|
942 | 942 | |
|
943 | 943 | # Redis has two primitives to delete keys. One is called DEL and is a blocking |
|
944 | 944 | # deletion of the object. It means that the server stops processing new commands |
|
945 | 945 | # in order to reclaim all the memory associated with an object in a synchronous |
|
946 | 946 | # way. If the key deleted is associated with a small object, the time needed |
|
947 | 947 | # in order to execute the DEL command is very small and comparable to most other |
|
948 | 948 | # O(1) or O(log_N) commands in Redis. However if the key is associated with an |
|
949 | 949 | # aggregated value containing millions of elements, the server can block for |
|
950 | 950 | # a long time (even seconds) in order to complete the operation. |
|
951 | 951 | # |
|
952 | 952 | # For the above reasons Redis also offers non blocking deletion primitives |
|
953 | 953 | # such as UNLINK (non blocking DEL) and the ASYNC option of FLUSHALL and |
|
954 | 954 | # FLUSHDB commands, in order to reclaim memory in background. Those commands |
|
955 | 955 | # are executed in constant time. Another thread will incrementally free the |
|
956 | 956 | # object in the background as fast as possible. |
|
957 | 957 | # |
|
958 | 958 | # DEL, UNLINK and ASYNC option of FLUSHALL and FLUSHDB are user-controlled. |
|
959 | 959 | # It's up to the design of the application to understand when it is a good |
|
960 | 960 | # idea to use one or the other. However the Redis server sometimes has to |
|
961 | 961 | # delete keys or flush the whole database as a side effect of other operations. |
|
962 | 962 | # Specifically Redis deletes objects independently of a user call in the |
|
963 | 963 | # following scenarios: |
|
964 | 964 | # |
|
965 | 965 | # 1) On eviction, because of the maxmemory and maxmemory policy configurations, |
|
966 | 966 | # in order to make room for new data, without going over the specified |
|
967 | 967 | # memory limit. |
|
968 | 968 | # 2) Because of expire: when a key with an associated time to live (see the |
|
969 | 969 | # EXPIRE command) must be deleted from memory. |
|
970 | 970 | # 3) Because of a side effect of a command that stores data on a key that may |
|
971 | 971 | # already exist. For example the RENAME command may delete the old key |
|
972 | 972 | # content when it is replaced with another one. Similarly SUNIONSTORE |
|
973 | 973 | # or SORT with STORE option may delete existing keys. The SET command |
|
974 | 974 | # itself removes any old content of the specified key in order to replace |
|
975 | 975 | # it with the specified string. |
|
976 | 976 | # 4) During replication, when a replica performs a full resynchronization with |
|
977 | 977 | # its master, the content of the whole database is removed in order to |
|
978 | 978 | # load the RDB file just transferred. |
|
979 | 979 | # |
|
980 | 980 | # In all the above cases the default is to delete objects in a blocking way, |
|
981 | 981 | # like if DEL was called. However you can configure each case specifically |
|
982 | 982 | # in order to instead release memory in a non-blocking way like if UNLINK |
|
983 | 983 | # was called, using the following configuration directives. |
|
984 | 984 | |
|
985 | 985 | lazyfree-lazy-eviction no |
|
986 | 986 | lazyfree-lazy-expire no |
|
987 | 987 | lazyfree-lazy-server-del no |
|
988 | 988 | replica-lazy-flush no |
|
989 | 989 | |
|
990 | 990 | # It is also possible, for the case when to replace the user code DEL calls |
|
991 | 991 | # with UNLINK calls is not easy, to modify the default behavior of the DEL |
|
992 | 992 | # command to act exactly like UNLINK, using the following configuration |
|
993 | 993 | # directive: |
|
994 | 994 | |
|
995 | 995 | lazyfree-lazy-user-del no |
|
996 | 996 | |
|
997 | 997 | ################################ THREADED I/O ################################# |
|
998 | 998 | |
|
999 | 999 | # Redis is mostly single threaded, however there are certain threaded |
|
1000 | 1000 | # operations such as UNLINK, slow I/O accesses and other things that are |
|
1001 | 1001 | # performed on side threads. |
|
1002 | 1002 | # |
|
1003 | 1003 | # Now it is also possible to handle Redis clients socket reads and writes |
|
1004 | 1004 | # in different I/O threads. Since especially writing is so slow, normally |
|
1005 | 1005 | # Redis users use pipelining in order to speed up the Redis performances per |
|
1006 | 1006 | # core, and spawn multiple instances in order to scale more. Using I/O |
|
1007 | 1007 | # threads it is possible to easily speedup two times Redis without resorting |
|
1008 | 1008 | # to pipelining nor sharding of the instance. |
|
1009 | 1009 | # |
|
1010 | 1010 | # By default threading is disabled, we suggest enabling it only in machines |
|
1011 | 1011 | # that have at least 4 or more cores, leaving at least one spare core. |
|
1012 | 1012 | # Using more than 8 threads is unlikely to help much. We also recommend using |
|
1013 | 1013 | # threaded I/O only if you actually have performance problems, with Redis |
|
1014 | 1014 | # instances being able to use a quite big percentage of CPU time, otherwise |
|
1015 | 1015 | # there is no point in using this feature. |
|
1016 | 1016 | # |
|
1017 | 1017 | # So for instance if you have a four cores boxes, try to use 2 or 3 I/O |
|
1018 | 1018 | # threads, if you have a 8 cores, try to use 6 threads. In order to |
|
1019 | 1019 | # enable I/O threads use the following configuration directive: |
|
1020 | 1020 | # |
|
1021 | 1021 | # io-threads 4 |
|
1022 | 1022 | # |
|
1023 | 1023 | # Setting io-threads to 1 will just use the main thread as usual. |
|
1024 | 1024 | # When I/O threads are enabled, we only use threads for writes, that is |
|
1025 | 1025 | # to thread the write(2) syscall and transfer the client buffers to the |
|
1026 | 1026 | # socket. However it is also possible to enable threading of reads and |
|
1027 | 1027 | # protocol parsing using the following configuration directive, by setting |
|
1028 | 1028 | # it to yes: |
|
1029 | 1029 | # |
|
1030 | 1030 | # io-threads-do-reads no |
|
1031 | 1031 | # |
|
1032 | 1032 | # Usually threading reads doesn't help much. |
|
1033 | 1033 | # |
|
1034 | 1034 | # NOTE 1: This configuration directive cannot be changed at runtime via |
|
1035 | 1035 | # CONFIG SET. Aso this feature currently does not work when SSL is |
|
1036 | 1036 | # enabled. |
|
1037 | 1037 | # |
|
1038 | 1038 | # NOTE 2: If you want to test the Redis speedup using redis-benchmark, make |
|
1039 | 1039 | # sure you also run the benchmark itself in threaded mode, using the |
|
1040 | 1040 | # --threads option to match the number of Redis threads, otherwise you'll not |
|
1041 | 1041 | # be able to notice the improvements. |
|
1042 | 1042 | |
|
1043 | 1043 | ############################ KERNEL OOM CONTROL ############################## |
|
1044 | 1044 | |
|
1045 | 1045 | # On Linux, it is possible to hint the kernel OOM killer on what processes |
|
1046 | 1046 | # should be killed first when out of memory. |
|
1047 | 1047 | # |
|
1048 | 1048 | # Enabling this feature makes Redis actively control the oom_score_adj value |
|
1049 | 1049 | # for all its processes, depending on their role. The default scores will |
|
1050 | 1050 | # attempt to have background child processes killed before all others, and |
|
1051 | 1051 | # replicas killed before masters. |
|
1052 | 1052 | |
|
1053 | 1053 | oom-score-adj no |
|
1054 | 1054 | |
|
1055 | 1055 | # When oom-score-adj is used, this directive controls the specific values used |
|
1056 | 1056 | # for master, replica and background child processes. Values range -1000 to |
|
1057 | 1057 | # 1000 (higher means more likely to be killed). |
|
1058 | 1058 | # |
|
1059 | 1059 | # Unprivileged processes (not root, and without CAP_SYS_RESOURCE capabilities) |
|
1060 | 1060 | # can freely increase their value, but not decrease it below its initial |
|
1061 | 1061 | # settings. |
|
1062 | 1062 | # |
|
1063 | 1063 | # Values are used relative to the initial value of oom_score_adj when the server |
|
1064 | 1064 | # starts. Because typically the initial value is 0, they will often match the |
|
1065 | 1065 | # absolute values. |
|
1066 | 1066 | |
|
1067 | 1067 | oom-score-adj-values 0 200 800 |
|
1068 | 1068 | |
|
1069 | 1069 | ############################## APPEND ONLY MODE ############################### |
|
1070 | 1070 | |
|
1071 | 1071 | # By default Redis asynchronously dumps the dataset on disk. This mode is |
|
1072 | 1072 | # good enough in many applications, but an issue with the Redis process or |
|
1073 | 1073 | # a power outage may result into a few minutes of writes lost (depending on |
|
1074 | 1074 | # the configured save points). |
|
1075 | 1075 | # |
|
1076 | 1076 | # The Append Only File is an alternative persistence mode that provides |
|
1077 | 1077 | # much better durability. For instance using the default data fsync policy |
|
1078 | 1078 | # (see later in the config file) Redis can lose just one second of writes in a |
|
1079 | 1079 | # dramatic event like a server power outage, or a single write if something |
|
1080 | 1080 | # wrong with the Redis process itself happens, but the operating system is |
|
1081 | 1081 | # still running correctly. |
|
1082 | 1082 | # |
|
1083 | 1083 | # AOF and RDB persistence can be enabled at the same time without problems. |
|
1084 | 1084 | # If the AOF is enabled on startup Redis will load the AOF, that is the file |
|
1085 | 1085 | # with the better durability guarantees. |
|
1086 | 1086 | # |
|
1087 | 1087 | # Please check http://redis.io/topics/persistence for more information. |
|
1088 | 1088 | |
|
1089 | 1089 | appendonly no |
|
1090 | 1090 | |
|
1091 | 1091 | # The name of the append only file (default: "appendonly.aof") |
|
1092 | 1092 | |
|
1093 | 1093 | appendfilename "appendonly.aof" |
|
1094 | 1094 | |
|
1095 | 1095 | # The fsync() call tells the Operating System to actually write data on disk |
|
1096 | 1096 | # instead of waiting for more data in the output buffer. Some OS will really flush |
|
1097 | 1097 | # data on disk, some other OS will just try to do it ASAP. |
|
1098 | 1098 | # |
|
1099 | 1099 | # Redis supports three different modes: |
|
1100 | 1100 | # |
|
1101 | 1101 | # no: don't fsync, just let the OS flush the data when it wants. Faster. |
|
1102 | 1102 | # always: fsync after every write to the append only log. Slow, Safest. |
|
1103 | 1103 | # everysec: fsync only one time every second. Compromise. |
|
1104 | 1104 | # |
|
1105 | 1105 | # The default is "everysec", as that's usually the right compromise between |
|
1106 | 1106 | # speed and data safety. It's up to you to understand if you can relax this to |
|
1107 | 1107 | # "no" that will let the operating system flush the output buffer when |
|
1108 | 1108 | # it wants, for better performances (but if you can live with the idea of |
|
1109 | 1109 | # some data loss consider the default persistence mode that's snapshotting), |
|
1110 | 1110 | # or on the contrary, use "always" that's very slow but a bit safer than |
|
1111 | 1111 | # everysec. |
|
1112 | 1112 | # |
|
1113 | 1113 | # More details please check the following article: |
|
1114 | 1114 | # http://antirez.com/post/redis-persistence-demystified.html |
|
1115 | 1115 | # |
|
1116 | 1116 | # If unsure, use "everysec". |
|
1117 | 1117 | |
|
1118 | 1118 | # appendfsync always |
|
1119 | 1119 | appendfsync everysec |
|
1120 | 1120 | # appendfsync no |
|
1121 | 1121 | |
|
1122 | 1122 | # When the AOF fsync policy is set to always or everysec, and a background |
|
1123 | 1123 | # saving process (a background save or AOF log background rewriting) is |
|
1124 | 1124 | # performing a lot of I/O against the disk, in some Linux configurations |
|
1125 | 1125 | # Redis may block too long on the fsync() call. Note that there is no fix for |
|
1126 | 1126 | # this currently, as even performing fsync in a different thread will block |
|
1127 | 1127 | # our synchronous write(2) call. |
|
1128 | 1128 | # |
|
1129 | 1129 | # In order to mitigate this problem it's possible to use the following option |
|
1130 | 1130 | # that will prevent fsync() from being called in the main process while a |
|
1131 | 1131 | # BGSAVE or BGREWRITEAOF is in progress. |
|
1132 | 1132 | # |
|
1133 | 1133 | # This means that while another child is saving, the durability of Redis is |
|
1134 | 1134 | # the same as "appendfsync none". In practical terms, this means that it is |
|
1135 | 1135 | # possible to lose up to 30 seconds of log in the worst scenario (with the |
|
1136 | 1136 | # default Linux settings). |
|
1137 | 1137 | # |
|
1138 | 1138 | # If you have latency problems turn this to "yes". Otherwise leave it as |
|
1139 | 1139 | # "no" that is the safest pick from the point of view of durability. |
|
1140 | 1140 | |
|
1141 | 1141 | no-appendfsync-on-rewrite no |
|
1142 | 1142 | |
|
1143 | 1143 | # Automatic rewrite of the append only file. |
|
1144 | 1144 | # Redis is able to automatically rewrite the log file implicitly calling |
|
1145 | 1145 | # BGREWRITEAOF when the AOF log size grows by the specified percentage. |
|
1146 | 1146 | # |
|
1147 | 1147 | # This is how it works: Redis remembers the size of the AOF file after the |
|
1148 | 1148 | # latest rewrite (if no rewrite has happened since the restart, the size of |
|
1149 | 1149 | # the AOF at startup is used). |
|
1150 | 1150 | # |
|
1151 | 1151 | # This base size is compared to the current size. If the current size is |
|
1152 | 1152 | # bigger than the specified percentage, the rewrite is triggered. Also |
|
1153 | 1153 | # you need to specify a minimal size for the AOF file to be rewritten, this |
|
1154 | 1154 | # is useful to avoid rewriting the AOF file even if the percentage increase |
|
1155 | 1155 | # is reached but it is still pretty small. |
|
1156 | 1156 | # |
|
1157 | 1157 | # Specify a percentage of zero in order to disable the automatic AOF |
|
1158 | 1158 | # rewrite feature. |
|
1159 | 1159 | |
|
1160 | 1160 | auto-aof-rewrite-percentage 100 |
|
1161 | 1161 | auto-aof-rewrite-min-size 64mb |
|
1162 | 1162 | |
|
1163 | 1163 | # An AOF file may be found to be truncated at the end during the Redis |
|
1164 | 1164 | # startup process, when the AOF data gets loaded back into memory. |
|
1165 | 1165 | # This may happen when the system where Redis is running |
|
1166 | 1166 | # crashes, especially when an ext4 filesystem is mounted without the |
|
1167 | 1167 | # data=ordered option (however this can't happen when Redis itself |
|
1168 | 1168 | # crashes or aborts but the operating system still works correctly). |
|
1169 | 1169 | # |
|
1170 | 1170 | # Redis can either exit with an error when this happens, or load as much |
|
1171 | 1171 | # data as possible (the default now) and start if the AOF file is found |
|
1172 | 1172 | # to be truncated at the end. The following option controls this behavior. |
|
1173 | 1173 | # |
|
1174 | 1174 | # If aof-load-truncated is set to yes, a truncated AOF file is loaded and |
|
1175 | 1175 | # the Redis server starts emitting a log to inform the user of the event. |
|
1176 | 1176 | # Otherwise if the option is set to no, the server aborts with an error |
|
1177 | 1177 | # and refuses to start. When the option is set to no, the user requires |
|
1178 | 1178 | # to fix the AOF file using the "redis-check-aof" utility before to restart |
|
1179 | 1179 | # the server. |
|
1180 | 1180 | # |
|
1181 | 1181 | # Note that if the AOF file will be found to be corrupted in the middle |
|
1182 | 1182 | # the server will still exit with an error. This option only applies when |
|
1183 | 1183 | # Redis will try to read more data from the AOF file but not enough bytes |
|
1184 | 1184 | # will be found. |
|
1185 | 1185 | aof-load-truncated yes |
|
1186 | 1186 | |
|
1187 | 1187 | # When rewriting the AOF file, Redis is able to use an RDB preamble in the |
|
1188 | 1188 | # AOF file for faster rewrites and recoveries. When this option is turned |
|
1189 | 1189 | # on the rewritten AOF file is composed of two different stanzas: |
|
1190 | 1190 | # |
|
1191 | 1191 | # [RDB file][AOF tail] |
|
1192 | 1192 | # |
|
1193 | 1193 | # When loading, Redis recognizes that the AOF file starts with the "REDIS" |
|
1194 | 1194 | # string and loads the prefixed RDB file, then continues loading the AOF |
|
1195 | 1195 | # tail. |
|
1196 | 1196 | aof-use-rdb-preamble yes |
|
1197 | 1197 | |
|
1198 | 1198 | ################################ LUA SCRIPTING ############################### |
|
1199 | 1199 | |
|
1200 | 1200 | # Max execution time of a Lua script in milliseconds. |
|
1201 | 1201 | # |
|
1202 | 1202 | # If the maximum execution time is reached Redis will log that a script is |
|
1203 | 1203 | # still in execution after the maximum allowed time and will start to |
|
1204 | 1204 | # reply to queries with an error. |
|
1205 | 1205 | # |
|
1206 | 1206 | # When a long running script exceeds the maximum execution time only the |
|
1207 | 1207 | # SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be |
|
1208 | 1208 | # used to stop a script that did not yet call any write commands. The second |
|
1209 | 1209 | # is the only way to shut down the server in the case a write command was |
|
1210 | 1210 | # already issued by the script but the user doesn't want to wait for the natural |
|
1211 | 1211 | # termination of the script. |
|
1212 | 1212 | # |
|
1213 | 1213 | # Set it to 0 or a negative value for unlimited execution without warnings. |
|
1214 | 1214 | lua-time-limit 5000 |
|
1215 | 1215 | |
|
1216 | 1216 | ################################ REDIS CLUSTER ############################### |
|
1217 | 1217 | |
|
1218 | 1218 | # Normal Redis instances can't be part of a Redis Cluster; only nodes that are |
|
1219 | 1219 | # started as cluster nodes can. In order to start a Redis instance as a |
|
1220 | 1220 | # cluster node enable the cluster support uncommenting the following: |
|
1221 | 1221 | # |
|
1222 | 1222 | # cluster-enabled yes |
|
1223 | 1223 | |
|
1224 | 1224 | # Every cluster node has a cluster configuration file. This file is not |
|
1225 | 1225 | # intended to be edited by hand. It is created and updated by Redis nodes. |
|
1226 | 1226 | # Every Redis Cluster node requires a different cluster configuration file. |
|
1227 | 1227 | # Make sure that instances running in the same system do not have |
|
1228 | 1228 | # overlapping cluster configuration file names. |
|
1229 | 1229 | # |
|
1230 | 1230 | # cluster-config-file nodes-6379.conf |
|
1231 | 1231 | |
|
1232 | 1232 | # Cluster node timeout is the amount of milliseconds a node must be unreachable |
|
1233 | 1233 | # for it to be considered in failure state. |
|
1234 | 1234 | # Most other internal time limits are a multiple of the node timeout. |
|
1235 | 1235 | # |
|
1236 | 1236 | # cluster-node-timeout 15000 |
|
1237 | 1237 | |
|
1238 | 1238 | # A replica of a failing master will avoid to start a failover if its data |
|
1239 | 1239 | # looks too old. |
|
1240 | 1240 | # |
|
1241 | 1241 | # There is no simple way for a replica to actually have an exact measure of |
|
1242 | 1242 | # its "data age", so the following two checks are performed: |
|
1243 | 1243 | # |
|
1244 | 1244 | # 1) If there are multiple replicas able to failover, they exchange messages |
|
1245 | 1245 | # in order to try to give an advantage to the replica with the best |
|
1246 | 1246 | # replication offset (more data from the master processed). |
|
1247 | 1247 | # Replicas will try to get their rank by offset, and apply to the start |
|
1248 | 1248 | # of the failover a delay proportional to their rank. |
|
1249 | 1249 | # |
|
1250 | 1250 | # 2) Every single replica computes the time of the last interaction with |
|
1251 | 1251 | # its master. This can be the last ping or command received (if the master |
|
1252 | 1252 | # is still in the "connected" state), or the time that elapsed since the |
|
1253 | 1253 | # disconnection with the master (if the replication link is currently down). |
|
1254 | 1254 | # If the last interaction is too old, the replica will not try to failover |
|
1255 | 1255 | # at all. |
|
1256 | 1256 | # |
|
1257 | 1257 | # The point "2" can be tuned by user. Specifically a replica will not perform |
|
1258 | 1258 | # the failover if, since the last interaction with the master, the time |
|
1259 | 1259 | # elapsed is greater than: |
|
1260 | 1260 | # |
|
1261 | 1261 | # (node-timeout * cluster-replica-validity-factor) + repl-ping-replica-period |
|
1262 | 1262 | # |
|
1263 | 1263 | # So for example if node-timeout is 30 seconds, and the cluster-replica-validity-factor |
|
1264 | 1264 | # is 10, and assuming a default repl-ping-replica-period of 10 seconds, the |
|
1265 | 1265 | # replica will not try to failover if it was not able to talk with the master |
|
1266 | 1266 | # for longer than 310 seconds. |
|
1267 | 1267 | # |
|
1268 | 1268 | # A large cluster-replica-validity-factor may allow replicas with too old data to failover |
|
1269 | 1269 | # a master, while a too small value may prevent the cluster from being able to |
|
1270 | 1270 | # elect a replica at all. |
|
1271 | 1271 | # |
|
1272 | 1272 | # For maximum availability, it is possible to set the cluster-replica-validity-factor |
|
1273 | 1273 | # to a value of 0, which means, that replicas will always try to failover the |
|
1274 | 1274 | # master regardless of the last time they interacted with the master. |
|
1275 | 1275 | # (However they'll always try to apply a delay proportional to their |
|
1276 | 1276 | # offset rank). |
|
1277 | 1277 | # |
|
1278 | 1278 | # Zero is the only value able to guarantee that when all the partitions heal |
|
1279 | 1279 | # the cluster will always be able to continue. |
|
1280 | 1280 | # |
|
1281 | 1281 | # cluster-replica-validity-factor 10 |
|
1282 | 1282 | |
|
1283 | 1283 | # Cluster replicas are able to migrate to orphaned masters, that are masters |
|
1284 | 1284 | # that are left without working replicas. This improves the cluster ability |
|
1285 | 1285 | # to resist to failures as otherwise an orphaned master can't be failed over |
|
1286 | 1286 | # in case of failure if it has no working replicas. |
|
1287 | 1287 | # |
|
1288 | 1288 | # Replicas migrate to orphaned masters only if there are still at least a |
|
1289 | 1289 | # given number of other working replicas for their old master. This number |
|
1290 | 1290 | # is the "migration barrier". A migration barrier of 1 means that a replica |
|
1291 | 1291 | # will migrate only if there is at least 1 other working replica for its master |
|
1292 | 1292 | # and so forth. It usually reflects the number of replicas you want for every |
|
1293 | 1293 | # master in your cluster. |
|
1294 | 1294 | # |
|
1295 | 1295 | # Default is 1 (replicas migrate only if their masters remain with at least |
|
1296 | 1296 | # one replica). To disable migration just set it to a very large value. |
|
1297 | 1297 | # A value of 0 can be set but is useful only for debugging and dangerous |
|
1298 | 1298 | # in production. |
|
1299 | 1299 | # |
|
1300 | 1300 | # cluster-migration-barrier 1 |
|
1301 | 1301 | |
|
1302 | 1302 | # By default Redis Cluster nodes stop accepting queries if they detect there |
|
1303 | 1303 | # is at least a hash slot uncovered (no available node is serving it). |
|
1304 | 1304 | # This way if the cluster is partially down (for example a range of hash slots |
|
1305 | 1305 | # are no longer covered) all the cluster becomes, eventually, unavailable. |
|
1306 | 1306 | # It automatically returns available as soon as all the slots are covered again. |
|
1307 | 1307 | # |
|
1308 | 1308 | # However sometimes you want the subset of the cluster which is working, |
|
1309 | 1309 | # to continue to accept queries for the part of the key space that is still |
|
1310 | 1310 | # covered. In order to do so, just set the cluster-require-full-coverage |
|
1311 | 1311 | # option to no. |
|
1312 | 1312 | # |
|
1313 | 1313 | # cluster-require-full-coverage yes |
|
1314 | 1314 | |
|
1315 | 1315 | # This option, when set to yes, prevents replicas from trying to failover its |
|
1316 | 1316 | # master during master failures. However the master can still perform a |
|
1317 | 1317 | # manual failover, if forced to do so. |
|
1318 | 1318 | # |
|
1319 | 1319 | # This is useful in different scenarios, especially in the case of multiple |
|
1320 | 1320 | # data center operations, where we want one side to never be promoted if not |
|
1321 | 1321 | # in the case of a total DC failure. |
|
1322 | 1322 | # |
|
1323 | 1323 | # cluster-replica-no-failover no |
|
1324 | 1324 | |
|
1325 | 1325 | # This option, when set to yes, allows nodes to serve read traffic while the |
|
1326 | 1326 | # the cluster is in a down state, as long as it believes it owns the slots. |
|
1327 | 1327 | # |
|
1328 | 1328 | # This is useful for two cases. The first case is for when an application |
|
1329 | 1329 | # doesn't require consistency of data during node failures or network partitions. |
|
1330 | 1330 | # One example of this is a cache, where as long as the node has the data it |
|
1331 | 1331 | # should be able to serve it. |
|
1332 | 1332 | # |
|
1333 | 1333 | # The second use case is for configurations that don't meet the recommended |
|
1334 | 1334 | # three shards but want to enable cluster mode and scale later. A |
|
1335 | 1335 | # master outage in a 1 or 2 shard configuration causes a read/write outage to the |
|
1336 | 1336 | # entire cluster without this option set, with it set there is only a write outage. |
|
1337 | 1337 | # Without a quorum of masters, slot ownership will not change automatically. |
|
1338 | 1338 | # |
|
1339 | 1339 | # cluster-allow-reads-when-down no |
|
1340 | 1340 | |
|
1341 | 1341 | # In order to setup your cluster make sure to read the documentation |
|
1342 | 1342 | # available at http://redis.io web site. |
|
1343 | 1343 | |
|
1344 | 1344 | ########################## CLUSTER DOCKER/NAT support ######################## |
|
1345 | 1345 | |
|
1346 | 1346 | # In certain deployments, Redis Cluster nodes address discovery fails, because |
|
1347 | 1347 | # addresses are NAT-ted or because ports are forwarded (the typical case is |
|
1348 | 1348 | # Docker and other containers). |
|
1349 | 1349 | # |
|
1350 | 1350 | # In order to make Redis Cluster working in such environments, a static |
|
1351 | 1351 | # configuration where each node knows its public address is needed. The |
|
1352 | 1352 | # following two options are used for this scope, and are: |
|
1353 | 1353 | # |
|
1354 | 1354 | # * cluster-announce-ip |
|
1355 | 1355 | # * cluster-announce-port |
|
1356 | 1356 | # * cluster-announce-bus-port |
|
1357 | 1357 | # |
|
1358 | 1358 | # Each instructs the node about its address, client port, and cluster message |
|
1359 | 1359 | # bus port. The information is then published in the header of the bus packets |
|
1360 | 1360 | # so that other nodes will be able to correctly map the address of the node |
|
1361 | 1361 | # publishing the information. |
|
1362 | 1362 | # |
|
1363 | 1363 | # If the above options are not used, the normal Redis Cluster auto-detection |
|
1364 | 1364 | # will be used instead. |
|
1365 | 1365 | # |
|
1366 | 1366 | # Note that when remapped, the bus port may not be at the fixed offset of |
|
1367 | 1367 | # clients port + 10000, so you can specify any port and bus-port depending |
|
1368 | 1368 | # on how they get remapped. If the bus-port is not set, a fixed offset of |
|
1369 | 1369 | # 10000 will be used as usual. |
|
1370 | 1370 | # |
|
1371 | 1371 | # Example: |
|
1372 | 1372 | # |
|
1373 | 1373 | # cluster-announce-ip 10.1.1.5 |
|
1374 | 1374 | # cluster-announce-port 6379 |
|
1375 | 1375 | # cluster-announce-bus-port 6380 |
|
1376 | 1376 | |
|
1377 | 1377 | ################################## SLOW LOG ################################### |
|
1378 | 1378 | |
|
1379 | 1379 | # The Redis Slow Log is a system to log queries that exceeded a specified |
|
1380 | 1380 | # execution time. The execution time does not include the I/O operations |
|
1381 | 1381 | # like talking with the client, sending the reply and so forth, |
|
1382 | 1382 | # but just the time needed to actually execute the command (this is the only |
|
1383 | 1383 | # stage of command execution where the thread is blocked and can not serve |
|
1384 | 1384 | # other requests in the meantime). |
|
1385 | 1385 | # |
|
1386 | 1386 | # You can configure the slow log with two parameters: one tells Redis |
|
1387 | 1387 | # what is the execution time, in microseconds, to exceed in order for the |
|
1388 | 1388 | # command to get logged, and the other parameter is the length of the |
|
1389 | 1389 | # slow log. When a new command is logged the oldest one is removed from the |
|
1390 | 1390 | # queue of logged commands. |
|
1391 | 1391 | |
|
1392 | 1392 | # The following time is expressed in microseconds, so 1000000 is equivalent |
|
1393 | 1393 | # to one second. Note that a negative number disables the slow log, while |
|
1394 | 1394 | # a value of zero forces the logging of every command. |
|
1395 | 1395 | slowlog-log-slower-than 10000 |
|
1396 | 1396 | |
|
1397 | 1397 | # There is no limit to this length. Just be aware that it will consume memory. |
|
1398 | 1398 | # You can reclaim memory used by the slow log with SLOWLOG RESET. |
|
1399 | 1399 | slowlog-max-len 128 |
|
1400 | 1400 | |
|
1401 | 1401 | ################################ LATENCY MONITOR ############################## |
|
1402 | 1402 | |
|
1403 | 1403 | # The Redis latency monitoring subsystem samples different operations |
|
1404 | 1404 | # at runtime in order to collect data related to possible sources of |
|
1405 | 1405 | # latency of a Redis instance. |
|
1406 | 1406 | # |
|
1407 | 1407 | # Via the LATENCY command this information is available to the user that can |
|
1408 | 1408 | # print graphs and obtain reports. |
|
1409 | 1409 | # |
|
1410 | 1410 | # The system only logs operations that were performed in a time equal or |
|
1411 | 1411 | # greater than the amount of milliseconds specified via the |
|
1412 | 1412 | # latency-monitor-threshold configuration directive. When its value is set |
|
1413 | 1413 | # to zero, the latency monitor is turned off. |
|
1414 | 1414 | # |
|
1415 | 1415 | # By default latency monitoring is disabled since it is mostly not needed |
|
1416 | 1416 | # if you don't have latency issues, and collecting data has a performance |
|
1417 | 1417 | # impact, that while very small, can be measured under big load. Latency |
|
1418 | 1418 | # monitoring can easily be enabled at runtime using the command |
|
1419 | 1419 | # "CONFIG SET latency-monitor-threshold <milliseconds>" if needed. |
|
1420 | 1420 | latency-monitor-threshold 0 |
|
1421 | 1421 | |
|
1422 | 1422 | ############################# EVENT NOTIFICATION ############################## |
|
1423 | 1423 | |
|
1424 | 1424 | # Redis can notify Pub/Sub clients about events happening in the key space. |
|
1425 | 1425 | # This feature is documented at http://redis.io/topics/notifications |
|
1426 | 1426 | # |
|
1427 | 1427 | # For instance if keyspace events notification is enabled, and a client |
|
1428 | 1428 | # performs a DEL operation on key "foo" stored in the Database 0, two |
|
1429 | 1429 | # messages will be published via Pub/Sub: |
|
1430 | 1430 | # |
|
1431 | 1431 | # PUBLISH __keyspace@0__:foo del |
|
1432 | 1432 | # PUBLISH __keyevent@0__:del foo |
|
1433 | 1433 | # |
|
1434 | 1434 | # It is possible to select the events that Redis will notify among a set |
|
1435 | 1435 | # of classes. Every class is identified by a single character: |
|
1436 | 1436 | # |
|
1437 | 1437 | # K Keyspace events, published with __keyspace@<db>__ prefix. |
|
1438 | 1438 | # E Keyevent events, published with __keyevent@<db>__ prefix. |
|
1439 | 1439 | # g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ... |
|
1440 | 1440 | # $ String commands |
|
1441 | 1441 | # l List commands |
|
1442 | 1442 | # s Set commands |
|
1443 | 1443 | # h Hash commands |
|
1444 | 1444 | # z Sorted set commands |
|
1445 | 1445 | # x Expired events (events generated every time a key expires) |
|
1446 | 1446 | # e Evicted events (events generated when a key is evicted for maxmemory) |
|
1447 | 1447 | # t Stream commands |
|
1448 | 1448 | # m Key-miss events (Note: It is not included in the 'A' class) |
|
1449 | 1449 | # A Alias for g$lshzxet, so that the "AKE" string means all the events |
|
1450 | 1450 | # (Except key-miss events which are excluded from 'A' due to their |
|
1451 | 1451 | # unique nature). |
|
1452 | 1452 | # |
|
1453 | 1453 | # The "notify-keyspace-events" takes as argument a string that is composed |
|
1454 | 1454 | # of zero or multiple characters. The empty string means that notifications |
|
1455 | 1455 | # are disabled. |
|
1456 | 1456 | # |
|
1457 | 1457 | # Example: to enable list and generic events, from the point of view of the |
|
1458 | 1458 | # event name, use: |
|
1459 | 1459 | # |
|
1460 | 1460 | # notify-keyspace-events Elg |
|
1461 | 1461 | # |
|
1462 | 1462 | # Example 2: to get the stream of the expired keys subscribing to channel |
|
1463 | 1463 | # name __keyevent@0__:expired use: |
|
1464 | 1464 | # |
|
1465 | 1465 | # notify-keyspace-events Ex |
|
1466 | 1466 | # |
|
1467 | 1467 | # By default all notifications are disabled because most users don't need |
|
1468 | 1468 | # this feature and the feature has some overhead. Note that if you don't |
|
1469 | 1469 | # specify at least one of K or E, no events will be delivered. |
|
1470 | 1470 | notify-keyspace-events "" |
|
1471 | 1471 | |
|
1472 | 1472 | ############################### GOPHER SERVER ################################# |
|
1473 | 1473 | |
|
1474 | 1474 | # Redis contains an implementation of the Gopher protocol, as specified in |
|
1475 | 1475 | # the RFC 1436 (https://www.ietf.org/rfc/rfc1436.txt). |
|
1476 | 1476 | # |
|
1477 | 1477 | # The Gopher protocol was very popular in the late '90s. It is an alternative |
|
1478 | 1478 | # to the web, and the implementation both server and client side is so simple |
|
1479 | 1479 | # that the Redis server has just 100 lines of code in order to implement this |
|
1480 | 1480 | # support. |
|
1481 | 1481 | # |
|
1482 | 1482 | # What do you do with Gopher nowadays? Well Gopher never *really* died, and |
|
1483 | 1483 | # lately there is a movement in order for the Gopher more hierarchical content |
|
1484 | 1484 | # composed of just plain text documents to be resurrected. Some want a simpler |
|
1485 | 1485 | # internet, others believe that the mainstream internet became too much |
|
1486 | 1486 | # controlled, and it's cool to create an alternative space for people that |
|
1487 | 1487 | # want a bit of fresh air. |
|
1488 | 1488 | # |
|
1489 | 1489 | # Anyway for the 10nth birthday of the Redis, we gave it the Gopher protocol |
|
1490 | 1490 | # as a gift. |
|
1491 | 1491 | # |
|
1492 | 1492 | # --- HOW IT WORKS? --- |
|
1493 | 1493 | # |
|
1494 | 1494 | # The Redis Gopher support uses the inline protocol of Redis, and specifically |
|
1495 | 1495 | # two kind of inline requests that were anyway illegal: an empty request |
|
1496 | 1496 | # or any request that starts with "/" (there are no Redis commands starting |
|
1497 | 1497 | # with such a slash). Normal RESP2/RESP3 requests are completely out of the |
|
1498 | 1498 | # path of the Gopher protocol implementation and are served as usual as well. |
|
1499 | 1499 | # |
|
1500 | 1500 | # If you open a connection to Redis when Gopher is enabled and send it |
|
1501 | 1501 | # a string like "/foo", if there is a key named "/foo" it is served via the |
|
1502 | 1502 | # Gopher protocol. |
|
1503 | 1503 | # |
|
1504 | 1504 | # In order to create a real Gopher "hole" (the name of a Gopher site in Gopher |
|
1505 | 1505 | # talking), you likely need a script like the following: |
|
1506 | 1506 | # |
|
1507 | 1507 | # https://github.com/antirez/gopher2redis |
|
1508 | 1508 | # |
|
1509 | 1509 | # --- SECURITY WARNING --- |
|
1510 | 1510 | # |
|
1511 | 1511 | # If you plan to put Redis on the internet in a publicly accessible address |
|
1512 | 1512 | # to server Gopher pages MAKE SURE TO SET A PASSWORD to the instance. |
|
1513 | 1513 | # Once a password is set: |
|
1514 | 1514 | # |
|
1515 | 1515 | # 1. The Gopher server (when enabled, not by default) will still serve |
|
1516 | 1516 | # content via Gopher. |
|
1517 | 1517 | # 2. However other commands cannot be called before the client will |
|
1518 | 1518 | # authenticate. |
|
1519 | 1519 | # |
|
1520 | 1520 | # So use the 'requirepass' option to protect your instance. |
|
1521 | 1521 | # |
|
1522 | 1522 | # Note that Gopher is not currently supported when 'io-threads-do-reads' |
|
1523 | 1523 | # is enabled. |
|
1524 | 1524 | # |
|
1525 | 1525 | # To enable Gopher support, uncomment the following line and set the option |
|
1526 | 1526 | # from no (the default) to yes. |
|
1527 | 1527 | # |
|
1528 | 1528 | # gopher-enabled no |
|
1529 | 1529 | |
|
1530 | 1530 | ############################### ADVANCED CONFIG ############################### |
|
1531 | 1531 | |
|
1532 | 1532 | # Hashes are encoded using a memory efficient data structure when they have a |
|
1533 | 1533 | # small number of entries, and the biggest entry does not exceed a given |
|
1534 | 1534 | # threshold. These thresholds can be configured using the following directives. |
|
1535 | 1535 | hash-max-ziplist-entries 512 |
|
1536 | 1536 | hash-max-ziplist-value 64 |
|
1537 | 1537 | |
|
1538 | 1538 | # Lists are also encoded in a special way to save a lot of space. |
|
1539 | 1539 | # The number of entries allowed per internal list node can be specified |
|
1540 | 1540 | # as a fixed maximum size or a maximum number of elements. |
|
1541 | 1541 | # For a fixed maximum size, use -5 through -1, meaning: |
|
1542 | 1542 | # -5: max size: 64 Kb <-- not recommended for normal workloads |
|
1543 | 1543 | # -4: max size: 32 Kb <-- not recommended |
|
1544 | 1544 | # -3: max size: 16 Kb <-- probably not recommended |
|
1545 | 1545 | # -2: max size: 8 Kb <-- good |
|
1546 | 1546 | # -1: max size: 4 Kb <-- good |
|
1547 | 1547 | # Positive numbers mean store up to _exactly_ that number of elements |
|
1548 | 1548 | # per list node. |
|
1549 | 1549 | # The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size), |
|
1550 | 1550 | # but if your use case is unique, adjust the settings as necessary. |
|
1551 | 1551 | list-max-ziplist-size -2 |
|
1552 | 1552 | |
|
1553 | 1553 | # Lists may also be compressed. |
|
1554 | 1554 | # Compress depth is the number of quicklist ziplist nodes from *each* side of |
|
1555 | 1555 | # the list to *exclude* from compression. The head and tail of the list |
|
1556 | 1556 | # are always uncompressed for fast push/pop operations. Settings are: |
|
1557 | 1557 | # 0: disable all list compression |
|
1558 | 1558 | # 1: depth 1 means "don't start compressing until after 1 node into the list, |
|
1559 | 1559 | # going from either the head or tail" |
|
1560 | 1560 | # So: [head]->node->node->...->node->[tail] |
|
1561 | 1561 | # [head], [tail] will always be uncompressed; inner nodes will compress. |
|
1562 | 1562 | # 2: [head]->[next]->node->node->...->node->[prev]->[tail] |
|
1563 | 1563 | # 2 here means: don't compress head or head->next or tail->prev or tail, |
|
1564 | 1564 | # but compress all nodes between them. |
|
1565 | 1565 | # 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail] |
|
1566 | 1566 | # etc. |
|
1567 | 1567 | list-compress-depth 0 |
|
1568 | 1568 | |
|
1569 | 1569 | # Sets have a special encoding in just one case: when a set is composed |
|
1570 | 1570 | # of just strings that happen to be integers in radix 10 in the range |
|
1571 | 1571 | # of 64 bit signed integers. |
|
1572 | 1572 | # The following configuration setting sets the limit in the size of the |
|
1573 | 1573 | # set in order to use this special memory saving encoding. |
|
1574 | 1574 | set-max-intset-entries 512 |
|
1575 | 1575 | |
|
1576 | 1576 | # Similarly to hashes and lists, sorted sets are also specially encoded in |
|
1577 | 1577 | # order to save a lot of space. This encoding is only used when the length and |
|
1578 | 1578 | # elements of a sorted set are below the following limits: |
|
1579 | 1579 | zset-max-ziplist-entries 128 |
|
1580 | 1580 | zset-max-ziplist-value 64 |
|
1581 | 1581 | |
|
1582 | 1582 | # HyperLogLog sparse representation bytes limit. The limit includes the |
|
1583 | 1583 | # 16 bytes header. When an HyperLogLog using the sparse representation crosses |
|
1584 | 1584 | # this limit, it is converted into the dense representation. |
|
1585 | 1585 | # |
|
1586 | 1586 | # A value greater than 16000 is totally useless, since at that point the |
|
1587 | 1587 | # dense representation is more memory efficient. |
|
1588 | 1588 | # |
|
1589 | 1589 | # The suggested value is ~ 3000 in order to have the benefits of |
|
1590 | 1590 | # the space efficient encoding without slowing down too much PFADD, |
|
1591 | 1591 | # which is O(N) with the sparse encoding. The value can be raised to |
|
1592 | 1592 | # ~ 10000 when CPU is not a concern, but space is, and the data set is |
|
1593 | 1593 | # composed of many HyperLogLogs with cardinality in the 0 - 15000 range. |
|
1594 | 1594 | hll-sparse-max-bytes 3000 |
|
1595 | 1595 | |
|
1596 | 1596 | # Streams macro node max size / items. The stream data structure is a radix |
|
1597 | 1597 | # tree of big nodes that encode multiple items inside. Using this configuration |
|
1598 | 1598 | # it is possible to configure how big a single node can be in bytes, and the |
|
1599 | 1599 | # maximum number of items it may contain before switching to a new node when |
|
1600 | 1600 | # appending new stream entries. If any of the following settings are set to |
|
1601 | 1601 | # zero, the limit is ignored, so for instance it is possible to set just a |
|
1602 | 1602 | # max entires limit by setting max-bytes to 0 and max-entries to the desired |
|
1603 | 1603 | # value. |
|
1604 | 1604 | stream-node-max-bytes 4096 |
|
1605 | 1605 | stream-node-max-entries 100 |
|
1606 | 1606 | |
|
1607 | 1607 | # Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in |
|
1608 | 1608 | # order to help rehashing the main Redis hash table (the one mapping top-level |
|
1609 | 1609 | # keys to values). The hash table implementation Redis uses (see dict.c) |
|
1610 | 1610 | # performs a lazy rehashing: the more operation you run into a hash table |
|
1611 | 1611 | # that is rehashing, the more rehashing "steps" are performed, so if the |
|
1612 | 1612 | # server is idle the rehashing is never complete and some more memory is used |
|
1613 | 1613 | # by the hash table. |
|
1614 | 1614 | # |
|
1615 | 1615 | # The default is to use this millisecond 10 times every second in order to |
|
1616 | 1616 | # actively rehash the main dictionaries, freeing memory when possible. |
|
1617 | 1617 | # |
|
1618 | 1618 | # If unsure: |
|
1619 | 1619 | # use "activerehashing no" if you have hard latency requirements and it is |
|
1620 | 1620 | # not a good thing in your environment that Redis can reply from time to time |
|
1621 | 1621 | # to queries with 2 milliseconds delay. |
|
1622 | 1622 | # |
|
1623 | 1623 | # use "activerehashing yes" if you don't have such hard requirements but |
|
1624 | 1624 | # want to free memory asap when possible. |
|
1625 | 1625 | activerehashing yes |
|
1626 | 1626 | |
|
1627 | 1627 | # The client output buffer limits can be used to force disconnection of clients |
|
1628 | 1628 | # that are not reading data from the server fast enough for some reason (a |
|
1629 | 1629 | # common reason is that a Pub/Sub client can't consume messages as fast as the |
|
1630 | 1630 | # publisher can produce them). |
|
1631 | 1631 | # |
|
1632 | 1632 | # The limit can be set differently for the three different classes of clients: |
|
1633 | 1633 | # |
|
1634 | 1634 | # normal -> normal clients including MONITOR clients |
|
1635 | 1635 | # replica -> replica clients |
|
1636 | 1636 | # pubsub -> clients subscribed to at least one pubsub channel or pattern |
|
1637 | 1637 | # |
|
1638 | 1638 | # The syntax of every client-output-buffer-limit directive is the following: |
|
1639 | 1639 | # |
|
1640 | 1640 | # client-output-buffer-limit <class> <hard limit> <soft limit> <soft seconds> |
|
1641 | 1641 | # |
|
1642 | 1642 | # A client is immediately disconnected once the hard limit is reached, or if |
|
1643 | 1643 | # the soft limit is reached and remains reached for the specified number of |
|
1644 | 1644 | # seconds (continuously). |
|
1645 | 1645 | # So for instance if the hard limit is 32 megabytes and the soft limit is |
|
1646 | 1646 | # 16 megabytes / 10 seconds, the client will get disconnected immediately |
|
1647 | 1647 | # if the size of the output buffers reach 32 megabytes, but will also get |
|
1648 | 1648 | # disconnected if the client reaches 16 megabytes and continuously overcomes |
|
1649 | 1649 | # the limit for 10 seconds. |
|
1650 | 1650 | # |
|
1651 | 1651 | # By default normal clients are not limited because they don't receive data |
|
1652 | 1652 | # without asking (in a push way), but just after a request, so only |
|
1653 | 1653 | # asynchronous clients may create a scenario where data is requested faster |
|
1654 | 1654 | # than it can read. |
|
1655 | 1655 | # |
|
1656 | 1656 | # Instead there is a default limit for pubsub and replica clients, since |
|
1657 | 1657 | # subscribers and replicas receive data in a push fashion. |
|
1658 | 1658 | # |
|
1659 | 1659 | # Both the hard or the soft limit can be disabled by setting them to zero. |
|
1660 | 1660 | client-output-buffer-limit normal 0 0 0 |
|
1661 | 1661 | client-output-buffer-limit replica 256mb 64mb 60 |
|
1662 | 1662 | client-output-buffer-limit pubsub 32mb 8mb 60 |
|
1663 | 1663 | |
|
1664 | 1664 | # Client query buffers accumulate new commands. They are limited to a fixed |
|
1665 | 1665 | # amount by default in order to avoid that a protocol desynchronization (for |
|
1666 | 1666 | # instance due to a bug in the client) will lead to unbound memory usage in |
|
1667 | 1667 | # the query buffer. However you can configure it here if you have very special |
|
1668 | 1668 | # needs, such us huge multi/exec requests or alike. |
|
1669 | 1669 | # |
|
1670 | 1670 | # client-query-buffer-limit 1gb |
|
1671 | 1671 | |
|
1672 | 1672 | # In the Redis protocol, bulk requests, that are, elements representing single |
|
1673 | 1673 | # strings, are normally limited to 512 mb. However you can change this limit |
|
1674 | 1674 | # here, but must be 1mb or greater |
|
1675 | 1675 | # |
|
1676 | 1676 | # proto-max-bulk-len 512mb |
|
1677 | 1677 | |
|
1678 | 1678 | # Redis calls an internal function to perform many background tasks, like |
|
1679 | 1679 | # closing connections of clients in timeout, purging expired keys that are |
|
1680 | 1680 | # never requested, and so forth. |
|
1681 | 1681 | # |
|
1682 | 1682 | # Not all tasks are performed with the same frequency, but Redis checks for |
|
1683 | 1683 | # tasks to perform according to the specified "hz" value. |
|
1684 | 1684 | # |
|
1685 | 1685 | # By default "hz" is set to 10. Raising the value will use more CPU when |
|
1686 | 1686 | # Redis is idle, but at the same time will make Redis more responsive when |
|
1687 | 1687 | # there are many keys expiring at the same time, and timeouts may be |
|
1688 | 1688 | # handled with more precision. |
|
1689 | 1689 | # |
|
1690 | 1690 | # The range is between 1 and 500, however a value over 100 is usually not |
|
1691 | 1691 | # a good idea. Most users should use the default of 10 and raise this up to |
|
1692 | 1692 | # 100 only in environments where very low latency is required. |
|
1693 | 1693 | hz 10 |
|
1694 | 1694 | |
|
1695 | 1695 | # Normally it is useful to have an HZ value which is proportional to the |
|
1696 | 1696 | # number of clients connected. This is useful in order, for instance, to |
|
1697 | 1697 | # avoid too many clients are processed for each background task invocation |
|
1698 | 1698 | # in order to avoid latency spikes. |
|
1699 | 1699 | # |
|
1700 | 1700 | # Since the default HZ value by default is conservatively set to 10, Redis |
|
1701 | 1701 | # offers, and enables by default, the ability to use an adaptive HZ value |
|
1702 | 1702 | # which will temporarily raise when there are many connected clients. |
|
1703 | 1703 | # |
|
1704 | 1704 | # When dynamic HZ is enabled, the actual configured HZ will be used |
|
1705 | 1705 | # as a baseline, but multiples of the configured HZ value will be actually |
|
1706 | 1706 | # used as needed once more clients are connected. In this way an idle |
|
1707 | 1707 | # instance will use very little CPU time while a busy instance will be |
|
1708 | 1708 | # more responsive. |
|
1709 | 1709 | dynamic-hz yes |
|
1710 | 1710 | |
|
1711 | 1711 | # When a child rewrites the AOF file, if the following option is enabled |
|
1712 | 1712 | # the file will be fsync-ed every 32 MB of data generated. This is useful |
|
1713 | 1713 | # in order to commit the file to the disk more incrementally and avoid |
|
1714 | 1714 | # big latency spikes. |
|
1715 | 1715 | aof-rewrite-incremental-fsync yes |
|
1716 | 1716 | |
|
1717 | 1717 | # When redis saves RDB file, if the following option is enabled |
|
1718 | 1718 | # the file will be fsync-ed every 32 MB of data generated. This is useful |
|
1719 | 1719 | # in order to commit the file to the disk more incrementally and avoid |
|
1720 | 1720 | # big latency spikes. |
|
1721 | 1721 | rdb-save-incremental-fsync yes |
|
1722 | 1722 | |
|
1723 | 1723 | # Redis LFU eviction (see maxmemory setting) can be tuned. However it is a good |
|
1724 | 1724 | # idea to start with the default settings and only change them after investigating |
|
1725 | 1725 | # how to improve the performances and how the keys LFU change over time, which |
|
1726 | 1726 | # is possible to inspect via the OBJECT FREQ command. |
|
1727 | 1727 | # |
|
1728 | 1728 | # There are two tunable parameters in the Redis LFU implementation: the |
|
1729 | 1729 | # counter logarithm factor and the counter decay time. It is important to |
|
1730 | 1730 | # understand what the two parameters mean before changing them. |
|
1731 | 1731 | # |
|
1732 | 1732 | # The LFU counter is just 8 bits per key, it's maximum value is 255, so Redis |
|
1733 | 1733 | # uses a probabilistic increment with logarithmic behavior. Given the value |
|
1734 | 1734 | # of the old counter, when a key is accessed, the counter is incremented in |
|
1735 | 1735 | # this way: |
|
1736 | 1736 | # |
|
1737 | 1737 | # 1. A random number R between 0 and 1 is extracted. |
|
1738 | 1738 | # 2. A probability P is calculated as 1/(old_value*lfu_log_factor+1). |
|
1739 | 1739 | # 3. The counter is incremented only if R < P. |
|
1740 | 1740 | # |
|
1741 | 1741 | # The default lfu-log-factor is 10. This is a table of how the frequency |
|
1742 | 1742 | # counter changes with a different number of accesses with different |
|
1743 | 1743 | # logarithmic factors: |
|
1744 | 1744 | # |
|
1745 | 1745 | # +--------+------------+------------+------------+------------+------------+ |
|
1746 | 1746 | # | factor | 100 hits | 1000 hits | 100K hits | 1M hits | 10M hits | |
|
1747 | 1747 | # +--------+------------+------------+------------+------------+------------+ |
|
1748 | 1748 | # | 0 | 104 | 255 | 255 | 255 | 255 | |
|
1749 | 1749 | # +--------+------------+------------+------------+------------+------------+ |
|
1750 | 1750 | # | 1 | 18 | 49 | 255 | 255 | 255 | |
|
1751 | 1751 | # +--------+------------+------------+------------+------------+------------+ |
|
1752 | 1752 | # | 10 | 10 | 18 | 142 | 255 | 255 | |
|
1753 | 1753 | # +--------+------------+------------+------------+------------+------------+ |
|
1754 | 1754 | # | 100 | 8 | 11 | 49 | 143 | 255 | |
|
1755 | 1755 | # +--------+------------+------------+------------+------------+------------+ |
|
1756 | 1756 | # |
|
1757 | 1757 | # NOTE: The above table was obtained by running the following commands: |
|
1758 | 1758 | # |
|
1759 | 1759 | # redis-benchmark -n 1000000 incr foo |
|
1760 | 1760 | # redis-cli object freq foo |
|
1761 | 1761 | # |
|
1762 | 1762 | # NOTE 2: The counter initial value is 5 in order to give new objects a chance |
|
1763 | 1763 | # to accumulate hits. |
|
1764 | 1764 | # |
|
1765 | 1765 | # The counter decay time is the time, in minutes, that must elapse in order |
|
1766 | 1766 | # for the key counter to be divided by two (or decremented if it has a value |
|
1767 | 1767 | # less <= 10). |
|
1768 | 1768 | # |
|
1769 | 1769 | # The default value for the lfu-decay-time is 1. A special value of 0 means to |
|
1770 | 1770 | # decay the counter every time it happens to be scanned. |
|
1771 | 1771 | # |
|
1772 | 1772 | # lfu-log-factor 10 |
|
1773 | 1773 | # lfu-decay-time 1 |
|
1774 | 1774 | |
|
1775 | 1775 | ########################### ACTIVE DEFRAGMENTATION ####################### |
|
1776 | 1776 | # |
|
1777 | 1777 | # What is active defragmentation? |
|
1778 | 1778 | # ------------------------------- |
|
1779 | 1779 | # |
|
1780 | 1780 | # Active (online) defragmentation allows a Redis server to compact the |
|
1781 | 1781 | # spaces left between small allocations and deallocations of data in memory, |
|
1782 | 1782 | # thus allowing to reclaim back memory. |
|
1783 | 1783 | # |
|
1784 | 1784 | # Fragmentation is a natural process that happens with every allocator (but |
|
1785 | 1785 | # less so with Jemalloc, fortunately) and certain workloads. Normally a server |
|
1786 | 1786 | # restart is needed in order to lower the fragmentation, or at least to flush |
|
1787 | 1787 | # away all the data and create it again. However thanks to this feature |
|
1788 | 1788 | # implemented by Oran Agra for Redis 4.0 this process can happen at runtime |
|
1789 | 1789 | # in a "hot" way, while the server is running. |
|
1790 | 1790 | # |
|
1791 | 1791 | # Basically when the fragmentation is over a certain level (see the |
|
1792 | 1792 | # configuration options below) Redis will start to create new copies of the |
|
1793 | 1793 | # values in contiguous memory regions by exploiting certain specific Jemalloc |
|
1794 | 1794 | # features (in order to understand if an allocation is causing fragmentation |
|
1795 | 1795 | # and to allocate it in a better place), and at the same time, will release the |
|
1796 | 1796 | # old copies of the data. This process, repeated incrementally for all the keys |
|
1797 | 1797 | # will cause the fragmentation to drop back to normal values. |
|
1798 | 1798 | # |
|
1799 | 1799 | # Important things to understand: |
|
1800 | 1800 | # |
|
1801 | 1801 | # 1. This feature is disabled by default, and only works if you compiled Redis |
|
1802 | 1802 | # to use the copy of Jemalloc we ship with the source code of Redis. |
|
1803 | 1803 | # This is the default with Linux builds. |
|
1804 | 1804 | # |
|
1805 | 1805 | # 2. You never need to enable this feature if you don't have fragmentation |
|
1806 | 1806 | # issues. |
|
1807 | 1807 | # |
|
1808 | 1808 | # 3. Once you experience fragmentation, you can enable this feature when |
|
1809 | 1809 | # needed with the command "CONFIG SET activedefrag yes". |
|
1810 | 1810 | # |
|
1811 | 1811 | # The configuration parameters are able to fine tune the behavior of the |
|
1812 | 1812 | # defragmentation process. If you are not sure about what they mean it is |
|
1813 | 1813 | # a good idea to leave the defaults untouched. |
|
1814 | 1814 | |
|
1815 | 1815 | # Enabled active defragmentation |
|
1816 | 1816 | # activedefrag no |
|
1817 | 1817 | |
|
1818 | 1818 | # Minimum amount of fragmentation waste to start active defrag |
|
1819 | 1819 | # active-defrag-ignore-bytes 100mb |
|
1820 | 1820 | |
|
1821 | 1821 | # Minimum percentage of fragmentation to start active defrag |
|
1822 | 1822 | # active-defrag-threshold-lower 10 |
|
1823 | 1823 | |
|
1824 | 1824 | # Maximum percentage of fragmentation at which we use maximum effort |
|
1825 | 1825 | # active-defrag-threshold-upper 100 |
|
1826 | 1826 | |
|
1827 | 1827 | # Minimal effort for defrag in CPU percentage, to be used when the lower |
|
1828 | 1828 | # threshold is reached |
|
1829 | 1829 | # active-defrag-cycle-min 1 |
|
1830 | 1830 | |
|
1831 | 1831 | # Maximal effort for defrag in CPU percentage, to be used when the upper |
|
1832 | 1832 | # threshold is reached |
|
1833 | 1833 | # active-defrag-cycle-max 25 |
|
1834 | 1834 | |
|
1835 | 1835 | # Maximum number of set/hash/zset/list fields that will be processed from |
|
1836 | 1836 | # the main dictionary scan |
|
1837 | 1837 | # active-defrag-max-scan-fields 1000 |
|
1838 | 1838 | |
|
1839 | 1839 | # Jemalloc background thread for purging will be enabled by default |
|
1840 | 1840 | jemalloc-bg-thread yes |
|
1841 | 1841 | |
|
1842 | 1842 | # It is possible to pin different threads and processes of Redis to specific |
|
1843 | 1843 | # CPUs in your system, in order to maximize the performances of the server. |
|
1844 | 1844 | # This is useful both in order to pin different Redis threads in different |
|
1845 | 1845 | # CPUs, but also in order to make sure that multiple Redis instances running |
|
1846 | 1846 | # in the same host will be pinned to different CPUs. |
|
1847 | 1847 | # |
|
1848 | 1848 | # Normally you can do this using the "taskset" command, however it is also |
|
1849 | 1849 | # possible to this via Redis configuration directly, both in Linux and FreeBSD. |
|
1850 | 1850 | # |
|
1851 | 1851 | # You can pin the server/IO threads, bio threads, aof rewrite child process, and |
|
1852 | 1852 | # the bgsave child process. The syntax to specify the cpu list is the same as |
|
1853 | 1853 | # the taskset command: |
|
1854 | 1854 | # |
|
1855 | 1855 | # Set redis server/io threads to cpu affinity 0,2,4,6: |
|
1856 | 1856 | # server_cpulist 0-7:2 |
|
1857 | 1857 | # |
|
1858 | 1858 | # Set bio threads to cpu affinity 1,3: |
|
1859 | 1859 | # bio_cpulist 1,3 |
|
1860 | 1860 | # |
|
1861 | 1861 | # Set aof rewrite child process to cpu affinity 8,9,10,11: |
|
1862 | 1862 | # aof_rewrite_cpulist 8-11 |
|
1863 | 1863 | # |
|
1864 | 1864 | # Set bgsave child process to cpu affinity 1,10,11 |
|
1865 | 1865 | # bgsave_cpulist 1,10-11 No newline at end of file |
@@ -1,56 +1,52 b'' | |||
|
1 | 1 | volumes: |
|
2 | 2 | nixstore: |
|
3 | 3 | |
|
4 | 4 | |
|
5 | 5 | services: |
|
6 | 6 | |
|
7 | 7 | rhodecode: |
|
8 | 8 | volumes: |
|
9 | 9 | - /media/psf/Home/workspace/rhodecode-vcsserver:/home/rhodecode/rhodecode-vcsserver:delegated |
|
10 | 10 | - /media/psf/Home/workspace/rhodecode-enterprise-ce:/home/rhodecode/rhodecode-enterprise-ce:delegated |
|
11 | 11 | - /media/psf/Home/workspace/rhodecode-enterprise-ee:/home/rhodecode/rhodecode-enterprise-ee:delegated |
|
12 | 12 | - /media/psf/Home/workspace:/var/opt/rhodecode_repo_store:delegated |
|
13 | 13 | - nixstore:/opt/nix/store |
|
14 | 14 | |
|
15 | 15 | ports: |
|
16 |
- " |
|
|
16 | - "10020:10020" | |
|
17 | 17 | |
|
18 | 18 | vcsserver: |
|
19 | 19 | volumes: |
|
20 | 20 | - /media/psf/Home/workspace/rhodecode-vcsserver:/home/rhodecode/rhodecode-vcsserver:delegated |
|
21 | 21 | - /media/psf/Home/workspace/rhodecode-enterprise-ce:/home/rhodecode/rhodecode-enterprise-ce:delegated |
|
22 | 22 | - /media/psf/Home/workspace/rhodecode-enterprise-ee:/home/rhodecode/rhodecode-enterprise-ee:delegated |
|
23 | 23 | - /media/psf/Home/workspace:/var/opt/rhodecode_repo_store:delegated |
|
24 | 24 | - nixstore:/opt/nix/store |
|
25 | 25 | |
|
26 | 26 | celery: |
|
27 | 27 | volumes: |
|
28 | 28 | - /media/psf/Home/workspace/rhodecode-vcsserver:/home/rhodecode/rhodecode-vcsserver:delegated |
|
29 | 29 | - /media/psf/Home/workspace/rhodecode-enterprise-ce:/home/rhodecode/rhodecode-enterprise-ce:delegated |
|
30 | 30 | - /media/psf/Home/workspace/rhodecode-enterprise-ee:/home/rhodecode/rhodecode-enterprise-ee:delegated |
|
31 | 31 | - nixstore:/opt/nix/store |
|
32 | 32 | |
|
33 | beat: | |
|
33 | celery-beat: | |
|
34 | 34 | volumes: |
|
35 | 35 | - /media/psf/Home/workspace/rhodecode-vcsserver:/home/rhodecode/rhodecode-vcsserver:delegated |
|
36 | 36 | - /media/psf/Home/workspace/rhodecode-enterprise-ce:/home/rhodecode/rhodecode-enterprise-ce:delegated |
|
37 | 37 | - /media/psf/Home/workspace/rhodecode-enterprise-ee:/home/rhodecode/rhodecode-enterprise-ee:delegated |
|
38 | 38 | - nixstore:/opt/nix/store |
|
39 | 39 | |
|
40 | 40 | svn: |
|
41 | 41 | volumes: |
|
42 | 42 | - /media/psf/Home/workspace/rhodecode-vcsserver:/home/rhodecode/rhodecode-vcsserver:delegated |
|
43 | 43 | - /media/psf/Home/workspace/rhodecode-enterprise-ce:/home/rhodecode/rhodecode-enterprise-ce:delegated |
|
44 | 44 | - /media/psf/Home/workspace/rhodecode-enterprise-ee:/home/rhodecode/rhodecode-enterprise-ee:delegated |
|
45 | 45 | - nixstore:/opt/nix/store |
|
46 | 46 | |
|
47 | 47 | sshd: |
|
48 | 48 | volumes: |
|
49 | 49 | - /media/psf/Home/workspace/rhodecode-vcsserver:/home/rhodecode/rhodecode-vcsserver:delegated |
|
50 | 50 | - /media/psf/Home/workspace/rhodecode-enterprise-ce:/home/rhodecode/rhodecode-enterprise-ce:delegated |
|
51 | 51 | - /media/psf/Home/workspace/rhodecode-enterprise-ee:/home/rhodecode/rhodecode-enterprise-ee:delegated |
|
52 | 52 | - nixstore:/opt/nix/store |
|
53 | ||
|
54 | database: | |
|
55 | volumes: | |
|
56 | - /tmp:/usr-tmp |
@@ -1,80 +1,64 b'' | |||
|
1 | 1 | volumes: |
|
2 | 2 | bashhistory: |
|
3 | 3 | |
|
4 | 4 | |
|
5 | 5 | services: |
|
6 | 6 | |
|
7 | 7 | rhodecode: |
|
8 | 8 | environment: |
|
9 | 9 | HISTFILE: /home/rhodecode/.bash_history_docker |
|
10 | 10 | DB_UPGRADE: 0 # run the DB upgrade |
|
11 | 11 | |
|
12 | 12 | volumes: |
|
13 | - bashhistory:/home/rhodecode | |
|
13 | - bashhistory:/home/rhodecode/.bash_history_docker | |
|
14 | 14 | |
|
15 | 15 | build: |
|
16 | 16 | context: . |
|
17 | 17 | dockerfile: service/rhodecode/rhodecode_source.dockerfile |
|
18 | 18 | |
|
19 |
image: rhodecode/ |
|
|
20 | ||
|
21 | command: [ | |
|
22 | "/home/rhodecode/rhodecode-enterprise-ee/result/bin/gunicorn", | |
|
23 | "--name=gunicorn-rhodecode-1", | |
|
24 | "--error-logfile=-", | |
|
25 | "--paster=/etc/rhodecode/conf/compose/rhodecode.optimized.ini", | |
|
26 | "--config=/etc/rhodecode/conf/gunicorn_conf.py" | |
|
27 | ] | |
|
19 | image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var}_SOURCE | |
|
28 | 20 | |
|
29 | 21 | vcsserver: |
|
30 | 22 | environment: |
|
31 | 23 | HISTFILE: /home/rhodecode/.bash_history_docker |
|
32 | 24 | |
|
33 | 25 | volumes: |
|
34 | - bashhistory:/home/rhodecode | |
|
26 | - bashhistory:/home/rhodecode/.bash_history_docker | |
|
35 | 27 | |
|
36 | 28 | build: |
|
37 | 29 | context: . |
|
38 | 30 | dockerfile: service/rhodecode/rhodecode_source.dockerfile |
|
39 | 31 | |
|
40 |
image: rhodecode/ |
|
|
41 | ||
|
42 | command: [ | |
|
43 | "/home/rhodecode/rhodecode-vcsserver/result/bin/gunicorn", | |
|
44 | "--name=gunicorn-vcsserver-1", | |
|
45 | "--error-logfile=-", | |
|
46 | "--paster=/etc/rhodecode/conf/compose/vcsserver.optimized.ini", | |
|
47 | "--config=/etc/rhodecode/conf/gunicorn_conf.py" | |
|
48 | ] | |
|
32 | image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var}_SOURCE | |
|
49 | 33 | |
|
50 | 34 | celery: |
|
51 | 35 | |
|
52 | 36 | build: |
|
53 | 37 | context: . |
|
54 | 38 | dockerfile: service/rhodecode/rhodecode_source.dockerfile |
|
55 | 39 | |
|
56 |
image: rhodecode/ |
|
|
40 | image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var}_SOURCE | |
|
57 | 41 | |
|
58 | beat: | |
|
42 | celery-beat: | |
|
59 | 43 | |
|
60 | 44 | build: |
|
61 | 45 | context: . |
|
62 | 46 | dockerfile: service/rhodecode/rhodecode_source.dockerfile |
|
63 | 47 | |
|
64 |
image: rhodecode/ |
|
|
48 | image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var}_SOURCE | |
|
65 | 49 | |
|
66 | 50 | svn: |
|
67 | 51 | |
|
68 | 52 | build: |
|
69 | 53 | context: . |
|
70 | 54 | dockerfile: service/rhodecode/rhodecode_source.dockerfile |
|
71 | 55 | |
|
72 |
image: rhodecode/ |
|
|
56 | image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var}_SOURCE | |
|
73 | 57 | |
|
74 | 58 | sshd: |
|
75 | 59 | |
|
76 | 60 | build: |
|
77 | 61 | context: . |
|
78 | 62 | dockerfile: service/rhodecode/rhodecode_source.dockerfile |
|
79 | 63 | |
|
80 |
image: rhodecode/ |
|
|
64 | image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:?specify-RC_VERSION-env-var}_SOURCE No newline at end of file |
@@ -1,110 +1,128 b'' | |||
|
1 | 1 | version: '3.9' |
|
2 | 2 | |
|
3 | 3 | volumes: |
|
4 | prometheus_data: {} | |
|
5 | grafana_data: {} | |
|
6 | logvolume: | |
|
7 | driver: local | |
|
8 | driver_opts: | |
|
9 | type: none | |
|
10 | o: bind | |
|
11 | device: $PWD/logs | |
|
12 | 4 | |
|
13 | networks: | |
|
14 | rhodecode_network: | |
|
15 | name: rhodecode_network | |
|
5 | prometheus_data: | |
|
6 | labels: | |
|
7 | "keep": 1 | |
|
16 | 8 | |
|
9 | grafana_data: | |
|
10 | labels: | |
|
11 | "keep": 1 | |
|
17 | 12 | |
|
18 | 13 | services: |
|
19 | 14 | |
|
20 | 15 | statsd-exporter: |
|
21 | 16 | image: prom/statsd-exporter:v0.22.8 |
|
22 |
restart: |
|
|
17 | restart: always | |
|
23 | 18 | command: [ |
|
24 | 19 | '--statsd.mapping-config=/etc/statsd/statsd.yaml', |
|
25 | 20 | '--statsd.listen-udp=:9125', |
|
26 | 21 | '--web.listen-address=:9102' |
|
27 | 22 | ] |
|
28 | 23 | networks: |
|
29 | 24 | - rhodecode_network |
|
30 | ports: | |
|
31 |
- " |
|
|
32 |
- " |
|
|
25 | # ports: | |
|
26 | # - "9125:9125/udp" | |
|
27 | # - "9102:9102" | |
|
28 | ||
|
33 | 29 | volumes: |
|
34 | 30 | - ./config/statsd-exporter:/etc/statsd |
|
31 | labels: | |
|
32 | - "traefik.enable=false" | |
|
33 | - "traefik.http.services.statsd-exporter.loadbalancer.server.port=9125" | |
|
34 | - "traefik.http.services.statsd-exporter.loadbalancer.server.port=9102" | |
|
35 | 35 | |
|
36 | 36 | node-exporter: |
|
37 | 37 | image: prom/node-exporter:v1.4.0 |
|
38 | 38 | command: |
|
39 | 39 | - "--path.procfs=/host/proc" |
|
40 | 40 | - "--path.rootfs=/rootfs" |
|
41 | 41 | - "--path.sysfs=/host/sys" |
|
42 | 42 | - "--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)" |
|
43 | 43 | - "--collector.systemd" |
|
44 | 44 | - "--collector.processes" |
|
45 | 45 | networks: |
|
46 | 46 | - rhodecode_network |
|
47 | 47 | pid: host |
|
48 |
restart: |
|
|
49 | ports: | |
|
50 |
- " |
|
|
48 | restart: always | |
|
49 | # ports: | |
|
50 | # - "9100:9100" | |
|
51 | 51 | volumes: |
|
52 | 52 | - "/proc:/host/proc:ro" |
|
53 | 53 | - "/sys:/host/sys:ro" |
|
54 | 54 | - "/:/rootfs:ro" |
|
55 | labels: | |
|
56 | - "traefik.enable=false" | |
|
57 | - "traefik.http.services.node-exporter.loadbalancer.server.port=9100" | |
|
55 | 58 | |
|
56 | 59 | prometheus: |
|
57 |
image: prom/prometheus:v2. |
|
|
58 |
restart: |
|
|
60 | image: prom/prometheus:v2.40.2 | |
|
61 | restart: always | |
|
59 | 62 | command: |
|
60 | 63 | - "--config.file=/etc/prometheus/prometheus.yml" |
|
61 | 64 | - "--storage.tsdb.path=/prometheus" |
|
62 | 65 | - "--web.console.libraries=/etc/prometheus/console_libraries" |
|
63 | 66 | - "--web.console.templates=/etc/prometheus/consoles" |
|
64 | 67 | - "--storage.tsdb.retention.time=24h" |
|
65 | 68 | - "--web.enable-lifecycle" |
|
66 | ports: | |
|
67 |
- " |
|
|
69 | # ports: | |
|
70 | # - "9090:9090" | |
|
68 | 71 | networks: |
|
69 | 72 | - rhodecode_network |
|
70 | 73 | volumes: |
|
71 | 74 | - ./config/prometheus:/etc/prometheus |
|
72 | 75 | - prometheus_data:/prometheus |
|
76 | labels: | |
|
77 | - "traefik.enable=false" | |
|
78 | - "traefik.http.services.prometheus.loadbalancer.server.port=9090" | |
|
73 | 79 | |
|
74 | 80 | grafana: |
|
75 |
image: grafana/grafana:9.2. |
|
|
76 |
restart: |
|
|
77 | env_file: | |
|
78 | - ./config/grafana/grafana.env | |
|
79 | ports: | |
|
80 | - "4000:3000" | |
|
81 | image: grafana/grafana:9.2.5 | |
|
82 | restart: always | |
|
83 | # ports: | |
|
84 | # - "3000:3000" | |
|
81 | 85 | volumes: |
|
82 | 86 | - grafana_data:/var/lib/grafana |
|
87 | - ./config/grafana:/etc/grafana | |
|
83 | 88 | networks: |
|
84 | 89 | - rhodecode_network |
|
90 | labels: | |
|
91 | - "traefik.enable=true" | |
|
92 | - "traefik.http.routers.grafana.entrypoints=http" | |
|
93 | - "traefik.http.routers.grafana.rule=PathPrefix(`/_grafana`)" | |
|
94 | - "traefik.http.routers.grafana.service=grafana-http" | |
|
95 | - "traefik.http.services.grafana-http.loadbalancer.server.port=3000" | |
|
85 | 96 | |
|
86 | 97 | loki: |
|
87 |
image: grafana/loki:2. |
|
|
88 |
restart: |
|
|
89 | ports: | |
|
90 |
- " |
|
|
91 |
- " |
|
|
98 | image: grafana/loki:2.7.0 | |
|
99 | restart: always | |
|
100 | # ports: | |
|
101 | # - "3100:3100" | |
|
102 | # - "9095:9095" | |
|
92 | 103 | command: [ |
|
93 | 104 | "-config.file=/etc/loki/loki-config.yaml" |
|
94 | 105 | ] |
|
95 | 106 | networks: |
|
96 | 107 | - rhodecode_network |
|
97 | 108 | volumes: |
|
98 | 109 | - ./config/loki:/etc/loki |
|
99 | 110 | |
|
111 | labels: | |
|
112 | - "traefik.enable=false" | |
|
113 | - "traefik.http.services.loki.loadbalancer.server.port=3100" | |
|
114 | - "traefik.http.services.loki.loadbalancer.server.port=9095" | |
|
115 | ||
|
100 | 116 | promtail: |
|
101 | 117 | image: grafana/promtail:latest |
|
102 | 118 | command: [ |
|
103 | 119 | "-config.file=/etc/promtail/promtail-config.yaml" |
|
104 | 120 | ] |
|
105 | 121 | networks: |
|
106 | 122 | - rhodecode_network |
|
107 | 123 | volumes: |
|
108 | 124 | - /var/log:/var/log |
|
109 | 125 | - logvolume:/var/log_volume |
|
110 | 126 | - ./config/promtail:/etc/promtail |
|
127 | labels: | |
|
128 | - "traefik.enable=false" |
@@ -1,151 +1,152 b'' | |||
|
1 | 1 | #!/usr/bin/env bash |
|
2 | 2 | set -Eeo pipefail |
|
3 | 3 | |
|
4 | 4 | function config_copy() { |
|
5 | 5 | # copy over the configs if they don't exist |
|
6 | 6 | for f in /etc/rhodecode/conf_build/*; do |
|
7 | 7 | fname=${f##*/} |
|
8 | 8 | if [ ! -f "/etc/rhodecode/conf/$fname" ]; then |
|
9 | 9 | echo "$fname not exists copying over as default conf..." |
|
10 | 10 | cp -v $f /etc/rhodecode/conf/$fname |
|
11 | 11 | fi |
|
12 | 12 | done |
|
13 | 13 | |
|
14 | 14 | } |
|
15 | 15 | |
|
16 | 16 | function db_upgrade() { |
|
17 | 17 | echo 'ENTRYPOINT: Upgrading database.' |
|
18 |
/ |
|
|
18 | /usr/local/bin/rhodecode_bin/bin/rc-upgrade-db $MAIN_INI_PATH --force-yes | |
|
19 | 19 | } |
|
20 | 20 | |
|
21 | 21 | function db_init() { |
|
22 | 22 | |
|
23 | 23 | gosu $RC_USER \ |
|
24 | /home/$RC_USER/.rccontrol/$RC_TYPE_ID/profile/bin/rc-setup-app \ | |
|
24 | /usr/local/bin/rhodecode_bin/bin/rc-setup-app \ | |
|
25 | 25 | $MAIN_INI_PATH \ |
|
26 | 26 | --force-yes \ |
|
27 | 27 | --skip-existing-db \ |
|
28 | 28 | --user=$RHODECODE_USER_NAME \ |
|
29 | 29 | --password=$RHODECODE_USER_PASS \ |
|
30 | 30 | --email=$RHODECODE_USER_EMAIL \ |
|
31 | 31 | --repos=$RHODECODE_REPO_DIR |
|
32 | 32 | } |
|
33 | 33 | |
|
34 | 34 | function rhodecode_setup() { |
|
35 | 35 | for f in /home/$RC_USER/.rccontrol/bootstrap/*.py; do |
|
36 | 36 | fname=${f##*/} |
|
37 | 37 | |
|
38 | 38 | echo "Running script $fname on $RC_TYPE_ID" |
|
39 |
gosu $RC_USER / |
|
|
39 | gosu $RC_USER /usr/local/bin/rhodecode_bin/bin/rc-ishell $MAIN_INI_PATH <<< "%run $f" | |
|
40 | 40 | |
|
41 | 41 | done |
|
42 | 42 | } |
|
43 | 43 | |
|
44 | 44 | function generate_ssh_keys() { |
|
45 | 45 | keys_dir=/etc/rhodecode/conf/ssh |
|
46 | 46 | |
|
47 | 47 | if [[ ! -d $keys_dir ]]; then |
|
48 | 48 | echo "Generating $keys_dir/ssh_host_rsa_key ..." |
|
49 | 49 | gosu "$RC_USER" mkdir -p $keys_dir |
|
50 | 50 | fi |
|
51 | 51 | |
|
52 | 52 | # Generate ssh host key for the first time |
|
53 | 53 | if [[ ! -f $keys_dir/ssh_host_rsa_key ]]; then |
|
54 | 54 | echo "Generating $keys_dir/ssh_host_rsa_key ..." |
|
55 | 55 | gosu "$RC_USER" ssh-keygen -f $keys_dir/ssh_host_rsa_key -N '' -t rsa |
|
56 | 56 | gosu "$RC_USER" chmod 0600 $keys_dir/ssh_host_rsa_key |
|
57 | 57 | fi |
|
58 | 58 | |
|
59 | 59 | if [[ ! -f $keys_dir/ssh_host_ecdsa_key ]]; then |
|
60 | 60 | echo "Generating $keys_dir/ssh_host_ecdsa_key ..." |
|
61 | 61 | gosu "$RC_USER" ssh-keygen -f $keys_dir/ssh_host_ecdsa_key -N '' -t ecdsa |
|
62 | 62 | gosu "$RC_USER" chmod 0600 $keys_dir/ssh_host_ecdsa_key |
|
63 | 63 | fi |
|
64 | 64 | |
|
65 | 65 | if [[ ! -f $keys_dir/ssh_host_ed25519_key ]]; then |
|
66 | 66 | echo "Generating $keys_dir/ssh_host_ed25519_key ..." |
|
67 | 67 | gosu "$RC_USER" ssh-keygen -f $keys_dir/ssh_host_ed25519_key -N '' -t ed25519 |
|
68 | 68 | gosu "$RC_USER" chmod 0600 $keys_dir/ssh_host_ed25519_key |
|
69 | 69 | fi |
|
70 | 70 | |
|
71 | 71 | if [[ ! -f $keys_dir/authorized_keys ]]; then |
|
72 | 72 | echo "Generating $keys_dir/authorized_keys..." |
|
73 | 73 | gosu "$RC_USER" touch $keys_dir/authorized_keys |
|
74 | 74 | fi |
|
75 | 75 | |
|
76 | 76 | sed -i "s/AllowUsers USER/AllowUsers $RC_USER/" $SSHD_CONF_FILE |
|
77 | 77 | } |
|
78 | 78 | |
|
79 | 79 | |
|
80 | 80 | echo "ENTRYPOINT: Running $RC_APP_TYPE with cmd '$1'" |
|
81 | 81 | |
|
82 | 82 | if [ "$SSH_BOOTSTRAP" = 1 ]; then |
|
83 | 83 | # generate SSH keys |
|
84 | 84 | generate_ssh_keys |
|
85 | 85 | fi |
|
86 | 86 | |
|
87 | 87 | isLikelyWeb= |
|
88 | 88 | case "$1" in |
|
89 | 89 | supervisord | pserve | gunicorn ) isLikelyWeb=1 ;; |
|
90 | 90 | esac |
|
91 | 91 | |
|
92 | 92 | if [[ $RC_APP_TYPE = "rhodecode_http" ]]; then |
|
93 | 93 | |
|
94 | 94 | DB_INIT_FILE=/var/opt/rhodecode_data/.dbinit_bootstrapped |
|
95 | 95 | if [ "$FORCE_DB_INIT_FILE" = 1 ]; then |
|
96 | 96 | rm $DB_INIT_FILE |
|
97 | 97 | fi |
|
98 | 98 | |
|
99 | 99 | # Avoid DB_INIT to run multiple times |
|
100 | 100 | if [[ ! -e $DB_INIT_FILE ]]; then |
|
101 | 101 | echo "ENTRYPOINT: Starting $RC_APP_TYPE initial db bootstrap" |
|
102 | 102 | |
|
103 | 103 | db_init |
|
104 | 104 | |
|
105 | 105 | gosu $RC_USER touch "$DB_INIT_FILE" |
|
106 | 106 | echo "ENTRYPOINT: marked as db-bootstrapped at $DB_INIT_FILE" |
|
107 | 107 | |
|
108 | 108 | fi |
|
109 | 109 | |
|
110 | 110 | RC_SETUP_FILE=/var/opt/rhodecode_data/.setup_bootstrapped |
|
111 | 111 | if [ "$FORCE_RC_SETUP_APP" = 1 ]; then |
|
112 | 112 | rm $RC_SETUP_FILE |
|
113 | 113 | fi |
|
114 | 114 | |
|
115 | 115 | # Avoid destroying bootstrapping by simple start/stop |
|
116 | 116 | if [[ ! -e $RC_SETUP_FILE ]]; then |
|
117 | 117 | echo "ENTRYPOINT: Starting $RC_APP_TYPE initial bootstrap" |
|
118 | 118 | |
|
119 | 119 | # copy over default configuration files |
|
120 | 120 | config_copy |
|
121 | 121 | |
|
122 | 122 | # setup application with specific options |
|
123 | 123 | if [ "$SETUP_APP" = 1 ]; then |
|
124 | 124 | rhodecode_setup |
|
125 | 125 | fi |
|
126 | 126 | |
|
127 | 127 | gosu $RC_USER touch "$RC_SETUP_FILE" |
|
128 | 128 | echo "ENTRYPOINT: marked as setup-bootstrapped at $RC_SETUP_FILE" |
|
129 | 129 | |
|
130 | 130 | fi |
|
131 | 131 | |
|
132 | 132 | if [ "$DB_UPGRADE" = 1 ]; then |
|
133 | 133 | # run DB migrate |
|
134 | echo "Found DB_UPGRADE flag, running DB upgrade" | |
|
134 | 135 |
|
|
135 | 136 | fi |
|
136 | 137 | |
|
137 | 138 | fi |
|
138 | 139 | |
|
139 | 140 | |
|
140 | 141 | if [ "$RC_APP_PROC" = 1 ]; then |
|
141 | 142 | # Fix problem with zombie processes when using executables like supervisord/gunicorn |
|
142 | 143 | set -- tini -- "$@" |
|
143 | 144 | set -- gosu $RC_USER "$@" |
|
144 | 145 | fi |
|
145 | 146 | |
|
146 | 147 | if [ "$RC_APP_TYPE" = "rhodecode_sshd" ]; then |
|
147 | 148 | # Fix problem with Missing privilege separation directory error |
|
148 | 149 | mkdir -p /run/sshd |
|
149 | 150 | fi |
|
150 | 151 | |
|
151 | 152 | exec "$@" |
@@ -1,258 +1,283 b'' | |||
|
1 | 1 | FROM ubuntu:22.04 |
|
2 | 2 | # Using 22.04 LTS Release |
|
3 | 3 | MAINTAINER RhodeCode Inc. <support@rhodecode.com> |
|
4 | 4 | |
|
5 | 5 | ARG TZ="UTC" |
|
6 | 6 | ARG LOCALE_TYPE=en_US.UTF-8 |
|
7 | 7 | ARG RHODECODE_TYPE=Enterprise |
|
8 | 8 | # binary-install |
|
9 |
ARG RHODECODE_VERSION=4.2 |
|
|
9 | ARG RHODECODE_VERSION=4.28.0 | |
|
10 | 10 | |
|
11 | 11 | ARG RHODECODE_DB=sqlite |
|
12 | 12 | ARG RHODECODE_USER_NAME=admin |
|
13 | 13 | ARG RHODECODE_USER_PASS=secret4 |
|
14 | 14 | ARG RHODECODE_USER_EMAIL=support@rhodecode.com |
|
15 | 15 | |
|
16 | # nix ver/channels | |
|
17 | ARG DEV_NIX_VERSION=2.0.4 | |
|
18 | ARG DEV_NIX_CHANNEL=nixos-18.03 | |
|
19 | ||
|
16 | 20 | # env are runtime |
|
17 | 21 | ENV \ |
|
18 | 22 | TZ=${TZ} \ |
|
19 | 23 | LOCALE_TYPE=${LOCALE_TYPE} \ |
|
20 | 24 | \ |
|
21 | 25 | ## Define type we build, and the instance we'll create |
|
22 | 26 | RHODECODE_TYPE=${RHODECODE_TYPE} \ |
|
23 | 27 | RC_TYPE_ID=enterprise-1 \ |
|
24 | 28 | \ |
|
25 | 29 | ## SETUP ARGS FOR INSTALLATION ## |
|
26 | 30 | ## set version we build on, get from .env or set default ver |
|
27 | 31 | RHODECODE_VERSION=${RHODECODE_VERSION} \ |
|
28 | 32 | \ |
|
29 | 33 | ## set DB, default sqlite |
|
30 | 34 | RHODECODE_DB=${RHODECODE_DB} \ |
|
31 | 35 | \ |
|
32 | 36 | ## set app bootstrap required data |
|
33 | 37 | RHODECODE_USER_NAME=${RHODECODE_USER_NAME} \ |
|
34 | 38 | RHODECODE_USER_PASS=${RHODECODE_USER_PASS} \ |
|
35 | 39 | RHODECODE_USER_EMAIL=${RHODECODE_USER_EMAIL} \ |
|
36 | 40 | \ |
|
37 | 41 | RC_USER=rhodecode \ |
|
38 | 42 | \ |
|
39 | 43 | # SVN CONFIG |
|
40 | 44 | MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf \ |
|
41 | 45 | MOD_DAV_SVN_PORT=8090 \ |
|
42 | 46 | \ |
|
43 | 47 | # SSHD CONFIG |
|
44 | 48 | SSHD_CONF_FILE=/etc/rhodecode/sshd_config \ |
|
45 | 49 | \ |
|
50 | SHARED_CONF_DIR=/etc/rhodecode/conf \ | |
|
46 | 51 | BUILD_CONF=/etc/rhodecode/conf_build \ |
|
47 |
BUILD_BIN_DIR=/ |
|
|
52 | BUILD_BIN_DIR=/usr/local/bin/rhodecode_bin \ | |
|
48 | 53 | RHODECODE_DATA_DIR=/var/opt/rhodecode_data \ |
|
49 | 54 | RHODECODE_REPO_DIR=/var/opt/rhodecode_repo_store \ |
|
50 | 55 | RHODECODE_HTTP_PORT=10020 \ |
|
51 | 56 | RHODECODE_VCS_PORT=10010 \ |
|
52 | 57 | RHODECODE_HOST=0.0.0.0 \ |
|
53 | 58 | RHODECODE_VCS_HOST=127.0.0.1 |
|
54 | 59 | |
|
55 | 60 | ENV \ |
|
56 | 61 | RCCONTROL=/home/$RC_USER/.rccontrol-profile/bin/rccontrol \ |
|
57 | 62 | SUPERVISOR_CONF=/home/$RC_USER/.rccontrol/supervisor/supervisord.ini \ |
|
58 | 63 | # make application scripts visible |
|
59 | 64 | PATH=$PATH:/home/$RC_USER/.rccontrol-profile/bin |
|
60 | 65 | |
|
61 | 66 | ENV SVN_LOCALE_DEPS apache2 apache2-utils libapache2-mod-svn |
|
62 | 67 | ENV SSH_LOCALE_DEPS openssh-server |
|
63 | 68 | ENV PYTHON_DEPS python2 |
|
64 | 69 | ENV EXTRA_DEPS "" |
|
65 | 70 | |
|
66 | 71 | RUN \ |
|
67 | 72 | echo "** install base packages **" && \ |
|
68 | 73 | set -eux; \ |
|
69 | 74 | \ |
|
70 | 75 | savedAptMark="$(apt-mark showmanual)"; \ |
|
71 | 76 | apt-get update; \ |
|
72 | 77 | DEBIAN_FRONTEND="noninteractive" \ |
|
73 | 78 | apt-get install -y --no-install-recommends \ |
|
74 | 79 | tini \ |
|
75 | 80 | bash \ |
|
76 | 81 | binutils \ |
|
77 | 82 | tzdata \ |
|
78 | 83 | locales \ |
|
79 | 84 | openssl \ |
|
80 | 85 | curl \ |
|
81 | 86 | sudo \ |
|
82 | 87 | gosu \ |
|
83 | 88 | bzip2 \ |
|
84 | 89 | ca-certificates \ |
|
85 | 90 | $PYTHON_DEPS \ |
|
86 | 91 | $SSH_LOCALE_DEPS \ |
|
87 | 92 | $SVN_LOCALE_DEPS \ |
|
88 | 93 | $EXTRA_DEPS \ |
|
89 | 94 | ; \ |
|
90 | 95 | rm -rf /var/lib/apt/lists/*; |
|
91 | 96 | |
|
92 | 97 | RUN \ |
|
93 | 98 | echo "** Configure the python executable for py2/3 compat **" && \ |
|
94 | ISPY=$(which python3 || which python2) && \ | |
|
95 | if [ -n $ISPY ] ; then ln -s $ISPY /usr/bin/python ; fi | |
|
99 | IS_PY=$(which python3 || which python2) && \ | |
|
100 | if [ -n $IS_PY ] ; then ln -s $IS_PY /usr/bin/python ; fi | |
|
96 | 101 | |
|
97 | 102 | RUN \ |
|
98 | 103 | echo "** Configure the locales **" && \ |
|
99 | 104 | sed -i "s/^# ${LOCALE_TYPE}/${LOCALE_TYPE}/g" /etc/locale.gen && \ |
|
100 | 105 | locale-gen |
|
101 | 106 | |
|
102 | 107 | # locale-archive is a fix for old nix glibc2.26 locales available |
|
103 | 108 | ENV \ |
|
104 | 109 | LOCALE_ARCHIVE=/var/opt/locale-archive \ |
|
105 | 110 | LANG=${LOCALE_TYPE} \ |
|
106 | 111 | LANGUAGE=${LOCALE_TYPE} \ |
|
107 | 112 | LC_ALL=${LOCALE_TYPE} |
|
108 | 113 | |
|
109 | 114 | # configure the system user |
|
110 | 115 | # explicitly set uid/gid to guarantee that it won't change in the future |
|
111 | 116 | # the values 999:999 are identical to the current user/group id assigned |
|
112 | 117 | RUN \ |
|
113 | 118 | echo "** Create system user $RC_USER **" && \ |
|
114 | 119 | groupadd --system --gid 999 $RC_USER && \ |
|
115 | 120 | useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER && \ |
|
116 | 121 | usermod -G $RC_USER $RC_USER |
|
117 | 122 | |
|
123 | RUN \ | |
|
124 | echo "** Create nix-build user $NIX_BLD_USER **" && \ | |
|
125 | groupadd --system --gid 1099 $NIX_BLD_USER && \ | |
|
126 | useradd --system --gid $NIX_BLD_USER --uid 1099 --shell /bin/bash $NIX_BLD_USER && \ | |
|
127 | usermod -G $NIX_BLD_USER $NIX_BLD_USER | |
|
128 | ||
|
129 | RUN \ | |
|
130 | echo "** disable nix sandboxing **" && \ | |
|
131 | mkdir /etc/nix && echo 'sandbox = false' > /etc/nix/nix.conf | |
|
132 | ||
|
133 | ||
|
118 | 134 | # set the defult bash shell |
|
119 | 135 | SHELL ["/bin/bash", "-c"] |
|
120 | 136 | |
|
121 | 137 | # Fix and set a timezone |
|
122 | 138 | RUN \ |
|
123 | 139 | echo "** configure the timezone **" && \ |
|
124 | 140 | rm /etc/localtime && cp /usr/share/zoneinfo/$TZ /etc/localtime && \ |
|
125 | 141 | echo $TZ > /etc/timezone |
|
126 | 142 | |
|
127 | 143 | |
|
128 | 144 | RUN \ |
|
129 | 145 | echo "** prepare rhodecode store and cache **" && \ |
|
130 | 146 | install -d -m 0700 -o $RC_USER -g $RC_USER /nix && \ |
|
131 | 147 | install -d -m 0755 -o $RC_USER -g $RC_USER /opt/rhodecode && \ |
|
132 |
install -d -m 0755 -o $RC_USER -g $RC_USER / |
|
|
148 | install -d -m 0755 -o $RC_USER -g $RC_USER /usr/local/bin/rhodecode_bin && \ | |
|
133 | 149 | install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_REPO_DIR && \ |
|
134 | 150 | install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_DATA_DIR && \ |
|
135 | 151 | install -d -m 0755 -o $RC_USER -g $RC_USER $BUILD_CONF && \ |
|
152 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-vcsserver && \ | |
|
153 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ce && \ | |
|
154 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ee && \ | |
|
136 | 155 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/ && \ |
|
137 | 156 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol && \ |
|
138 | 157 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/cache && \ |
|
139 | 158 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/bootstrap && \ |
|
140 | 159 | install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.ssh && \ |
|
141 | 160 | install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.rhoderc |
|
142 | 161 | |
|
143 | 162 | # expose our custom sshd config |
|
144 | 163 | COPY service/sshd/sshd_config $SSHD_CONF_FILE |
|
145 | 164 | |
|
146 | 165 | # Apache SVN setup |
|
147 | 166 | RUN \ |
|
148 | 167 | echo "**** Apache config cleanup ****" && \ |
|
149 | 168 | rm -f /etc/apache2/conf.d/info.conf \ |
|
150 | 169 | /etc/apache2/conf.d/mpm.conf \ |
|
151 | 170 | /etc/apache2/conf.d/userdir.conf && \ |
|
152 | 171 | rm -f /etc/apache2/sites-enabled/* && \ |
|
153 | 172 | rm -f /etc/apache2/sites-available/* |
|
154 | 173 | |
|
155 | 174 | # custom SVN virtualhost |
|
156 | 175 | COPY service/svn/virtualhost.conf /etc/apache2/sites-enabled/ |
|
157 | 176 | |
|
158 | 177 | RUN \ |
|
159 | 178 | echo "**** Apache config ****" && \ |
|
160 | 179 | echo $(strings /usr/lib/apache2/modules/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \ |
|
161 | 180 | mkdir -p /run/apache2 && \ |
|
162 | 181 | mkdir -p /var/opt/www && \ |
|
163 | 182 | echo "unset HOME" > /etc/apache2/envvars && \ |
|
164 | 183 | echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \ |
|
165 | 184 | echo "export APACHE_PID_FILE=/var/run/apache2/apache2.pid" >> /etc/apache2/envvars && \ |
|
166 | 185 | echo "export APACHE_RUN_DIR=/var/run/apache2" >> /etc/apache2/envvars && \ |
|
167 | 186 | echo "export APACHE_LOCK_DIR=/var/lock/apache2" >> /etc/apache2/envvars && \ |
|
168 | 187 | echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \ |
|
169 | 188 | echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \ |
|
170 | 189 | sed -i "s/Listen 80/Listen ${MOD_DAV_SVN_PORT}/g" /etc/apache2/ports.conf |
|
171 | 190 | |
|
172 | 191 | |
|
173 | 192 | # Copy artifacts |
|
174 | 193 | |
|
175 | 194 | COPY --chown=$RC_USER:$RC_USER .cache/* /home/$RC_USER/.rccontrol/cache/ |
|
176 |
COPY --chown=$RC_USER:$RC_USER config/ |
|
|
195 | COPY --chown=$RC_USER:$RC_USER config/_shared/rhodecode_enterprise.license /home/$RC_USER/.rccontrol/bootstrap/ | |
|
177 | 196 | COPY --chown=$RC_USER:$RC_USER service/rhodecode/bootstrap/* /home/$RC_USER/.rccontrol/bootstrap/ |
|
178 | 197 | |
|
179 | 198 | RUN \ |
|
180 | 199 | echo "**** locale-archive path ****" && \ |
|
181 | 200 | mv -v /home/$RC_USER/.rccontrol/cache/locale-archive /var/opt/locale-archive |
|
182 | 201 | |
|
183 | 202 | # change to non-root user for RUN commands |
|
184 | 203 | USER $RC_USER |
|
185 | 204 | WORKDIR /home/$RC_USER |
|
186 | 205 | |
|
187 | 206 | RUN \ |
|
188 | 207 | echo "** install rhodecode control **" && \ |
|
189 | 208 | cd /home/$RC_USER/.rccontrol/cache && \ |
|
190 | 209 | INSTALLER=$(ls -Art /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* | tail -n 1) && \ |
|
191 | 210 | chmod +x ${INSTALLER} && \ |
|
192 | 211 | ${INSTALLER} --accept-license && \ |
|
193 | 212 | ${RCCONTROL} self-init && \ |
|
194 | 213 | cp -v /home/$RC_USER/.rccontrol-profile/etc/ca-bundle.crt $BUILD_CONF/ && \ |
|
195 | echo "Done" | |
|
214 | echo "Done installing rhodecode control" | |
|
196 | 215 | |
|
197 | 216 | RUN \ |
|
198 | 217 | echo "** install vcsserver ${RHODECODE_VERSION} **" && \ |
|
199 | 218 | ${RCCONTROL} install VCSServer --version ${RHODECODE_VERSION} --start-at-boot=yes --accept-license --offline \ |
|
200 | 219 | '{"host":"'"$RHODECODE_VCS_HOST"'", "port":"'"$RHODECODE_VCS_PORT"'"}' && \ |
|
201 | 220 | VCSSERVER_PATH=/home/$RC_USER/.rccontrol/vcsserver-1 && \ |
|
202 | rm -rf $BUILD_BIN_DIR/vcs_bin && ln -s ${VCSSERVER_PATH}/profile/bin $BUILD_BIN_DIR/vcs_bin && \ | |
|
203 |
|
|
|
221 | rm -rf $BUILD_BIN_DIR/vcs_bin && \ | |
|
222 | ln -s ${VCSSERVER_PATH}/profile/bin $BUILD_BIN_DIR/vcs_bin && \ | |
|
223 | cp -v ${VCSSERVER_PATH}/vcsserver.ini $BUILD_CONF/vcsserver.ini && \ | |
|
224 | cp -v ${VCSSERVER_PATH}/gunicorn_conf.py $BUILD_CONF/gunicorn_conf_vcs.py && \ | |
|
225 | echo "Done installing vcsserver" | |
|
204 | 226 | |
|
205 | 227 | RUN \ |
|
206 | 228 | echo "** install rhodecode ${RHODECODE_TYPE} ${RHODECODE_VERSION} **" && \ |
|
207 | 229 | RHODECODE_DB_INIT=sqlite && \ |
|
208 | 230 | ${RCCONTROL} install ${RHODECODE_TYPE} --version ${RHODECODE_VERSION} --start-at-boot=yes --accept-license --offline \ |
|
209 | 231 | '{"host":"'"$RHODECODE_HOST"'", "port":"'"$RHODECODE_HTTP_PORT"'", "username":"'"$RHODECODE_USER_NAME"'", "password":"'"$RHODECODE_USER_PASS"'", "email":"'"$RHODECODE_USER_EMAIL"'", "repo_dir":"'"$RHODECODE_REPO_DIR"'", "database": "'"$RHODECODE_DB_INIT"'", "skip_existing_db": "1"}' && \ |
|
210 | 232 | RHODECODE_PATH=/home/$RC_USER/.rccontrol/${RC_TYPE_ID} && \ |
|
211 | 233 | rm -rf $BUILD_BIN_DIR/bin && ln -s ${RHODECODE_PATH}/profile/bin $BUILD_BIN_DIR/ && \ |
|
212 | 234 | cp -v ${RHODECODE_PATH}/rhodecode.ini $BUILD_CONF/rhodecode.ini && \ |
|
213 | 235 | cp -v ${RHODECODE_PATH}/gunicorn_conf.py $BUILD_CONF/gunicorn_conf.py && \ |
|
214 | 236 | cp -v ${RHODECODE_PATH}/search_mapping.ini $BUILD_CONF/search_mapping.ini && \ |
|
215 | 237 | mkdir -p $RHODECODE_DATA_DIR/static && cp -r ${RHODECODE_PATH}/public/* $RHODECODE_DATA_DIR/static/ && \ |
|
216 | rm ${RHODECODE_PATH}/rhodecode.db | |
|
238 | rm ${RHODECODE_PATH}/rhodecode.db && \ | |
|
239 | echo "Done installing rhodecode" | |
|
217 | 240 | |
|
218 | 241 | |
|
219 | 242 | RUN \ |
|
220 | 243 | echo "** configure supervisord **" && \ |
|
221 | 244 | cp -v ${SUPERVISOR_CONF} $BUILD_CONF/ && \ |
|
222 | 245 | sed -i "s/self_managed_supervisor = False/self_managed_supervisor = True/g" /home/$RC_USER/.rccontrol.ini && \ |
|
223 | echo "done" | |
|
246 | echo "Done installing supervisord" | |
|
224 | 247 | |
|
225 | 248 | USER root |
|
226 | 249 | |
|
227 | ||
|
228 | 250 | RUN \ |
|
229 | 251 | echo "**** cleanup ****" && \ |
|
230 | 252 | apt-get remove -y $PYTHON_DEPS && \ |
|
231 | 253 | apt-get autoclean -y && \ |
|
232 | 254 | rm -f /tmp/* && \ |
|
255 | rm -rf /var/lib/apt/lists/* && \ | |
|
256 | rm -rf /var/cache/apk/* && \ | |
|
233 | 257 | rm -f /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* && \ |
|
234 | 258 | rm -f /home/$RC_USER/.rccontrol/cache/*.bz2 && \ |
|
235 | rm -rf /var/lib/apt/lists/* \ | |
|
236 | rm -rf /var/cache/apk/* \ | |
|
237 | rm ${SUPERVISOR_CONF} | |
|
259 | rm -f ${SUPERVISOR_CONF} && \ | |
|
260 | echo "Done cleanup" | |
|
261 | ||
|
238 | 262 | |
|
239 | 263 | # copy entrypoints |
|
240 | 264 | COPY entrypoints.d/entrypoint.sh /opt/entrypoints.d/entrypoint.sh |
|
265 | ||
|
241 | 266 | RUN chmod +x /opt/entrypoints.d/entrypoint.sh |
|
242 | 267 | |
|
243 | 268 | # config volume |
|
244 | 269 | VOLUME /etc/rhodecode/conf |
|
245 | 270 | |
|
246 | 271 | # repo store volume |
|
247 | 272 | VOLUME /var/opt/rhodecode_repo_store |
|
248 | 273 | |
|
249 | 274 | # data volume |
|
250 | 275 | VOLUME /var/opt/rhodecode_data |
|
251 | 276 | |
|
252 | 277 | # logs volume |
|
253 | 278 | VOLUME /var/log/rhodecode |
|
254 | 279 | |
|
255 | 280 | ENTRYPOINT ["/opt/entrypoints.d/entrypoint.sh"] |
|
256 | 281 | |
|
257 | 282 | # compose can override this |
|
258 | CMD ["supervisord", "--nodaemon", "-c", "/etc/rhodecode/conf/supervisord.ini"] | |
|
283 | CMD [ "$BUILD_BIN_DIR/bin/gunicorn", "--error-logfile=-", "--paster=/etc/rhodecode/conf_build/run.ini", "--config=/etc/rhodecode/conf_build/gunicorn_conf.py" ] |
@@ -1,305 +1,324 b'' | |||
|
1 | 1 | FROM ubuntu:22.04 |
|
2 | 2 | # Using 22.04 LTS Release |
|
3 | 3 | MAINTAINER RhodeCode Inc. <support@rhodecode.com> |
|
4 | 4 | |
|
5 | 5 | ARG TZ="UTC" |
|
6 | 6 | ARG LOCALE_TYPE=en_US.UTF-8 |
|
7 | 7 | ARG RHODECODE_TYPE=Enterprise |
|
8 | 8 | # source-install |
|
9 |
ARG RHODECODE_VERSION=4.2 |
|
|
9 | ARG RHODECODE_VERSION=4.28.0 | |
|
10 | 10 | |
|
11 | 11 | ARG RHODECODE_DB=sqlite |
|
12 | 12 | ARG RHODECODE_USER_NAME=admin |
|
13 | 13 | ARG RHODECODE_USER_PASS=secret4 |
|
14 | 14 | ARG RHODECODE_USER_EMAIL=support@rhodecode.com |
|
15 | 15 | |
|
16 | 16 | # nix ver/channels |
|
17 | 17 | ARG DEV_NIX_VERSION=2.0.4 |
|
18 | 18 | ARG DEV_NIX_CHANNEL=nixos-18.03 |
|
19 | 19 | |
|
20 | 20 | # env are runtime |
|
21 | 21 | ENV \ |
|
22 | 22 | TZ=${TZ} \ |
|
23 | 23 | LOCALE_TYPE=${LOCALE_TYPE} \ |
|
24 | 24 | \ |
|
25 | 25 | ## Define type we build, and the instance we'll create |
|
26 | 26 | RHODECODE_TYPE=${RHODECODE_TYPE} \ |
|
27 | 27 | RC_TYPE_ID=enterprise-1 \ |
|
28 | 28 | \ |
|
29 | 29 | ## SETUP ARGS FOR INSTALLATION ## |
|
30 | 30 | ## set version we build on, get from .env or set default ver |
|
31 | 31 | RHODECODE_VERSION=${RHODECODE_VERSION} \ |
|
32 | 32 | \ |
|
33 | 33 | ## set DB, default sqlite |
|
34 | 34 | RHODECODE_DB=${RHODECODE_DB} \ |
|
35 | 35 | \ |
|
36 | 36 | ## set app bootstrap required data |
|
37 | 37 | RHODECODE_USER_NAME=${RHODECODE_USER_NAME} \ |
|
38 | 38 | RHODECODE_USER_PASS=${RHODECODE_USER_PASS} \ |
|
39 | 39 | RHODECODE_USER_EMAIL=${RHODECODE_USER_EMAIL} \ |
|
40 | 40 | \ |
|
41 | 41 | RC_USER=rhodecode \ |
|
42 | 42 | \ |
|
43 | 43 | # SVN CONFIG |
|
44 | 44 | MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf \ |
|
45 | 45 | MOD_DAV_SVN_PORT=8090 \ |
|
46 | 46 | \ |
|
47 | 47 | # SSHD CONFIG |
|
48 | 48 | SSHD_CONF_FILE=/etc/rhodecode/sshd_config \ |
|
49 | 49 | \ |
|
50 | SHARED_CONF_DIR=/etc/rhodecode/conf \ | |
|
50 | 51 | BUILD_CONF=/etc/rhodecode/conf_build \ |
|
51 |
BUILD_BIN_DIR=/ |
|
|
52 | BUILD_BIN_DIR=/usr/local/bin/rhodecode_bin \ | |
|
52 | 53 | RHODECODE_DATA_DIR=/var/opt/rhodecode_data \ |
|
53 | 54 | RHODECODE_REPO_DIR=/var/opt/rhodecode_repo_store \ |
|
54 | 55 | RHODECODE_HTTP_PORT=10020 \ |
|
55 | 56 | RHODECODE_VCS_PORT=10010 \ |
|
56 | 57 | RHODECODE_HOST=0.0.0.0 \ |
|
57 | 58 | RHODECODE_VCS_HOST=127.0.0.1 |
|
58 | 59 | |
|
59 | 60 | ENV \ |
|
60 | 61 | RCCONTROL=/home/$RC_USER/.rccontrol-profile/bin/rccontrol \ |
|
61 | 62 | SUPERVISOR_CONF=/home/$RC_USER/.rccontrol/supervisor/supervisord.ini \ |
|
62 | 63 | # make application scripts visible |
|
63 | 64 | PATH=$PATH:/home/$RC_USER/.rccontrol-profile/bin |
|
64 | 65 | |
|
65 | 66 | ENV SVN_LOCALE_DEPS apache2 apache2-utils libapache2-mod-svn |
|
66 | 67 | ENV SSH_LOCALE_DEPS openssh-server |
|
67 | 68 | ENV PYTHON_DEPS python2 |
|
68 |
ENV EXTRA_DEPS |
|
|
69 | ENV EXTRA_DEPS "" | |
|
69 | 70 | |
|
70 | 71 | ENV \ |
|
71 | 72 | PATH=$PATH:/nix/var/nix/profiles/per-user/$RC_USER/profile/bin:/home/$RC_USER/rhodecode-enterprise-ee/profile/bin \ |
|
72 | 73 | NIX_BLD_USER=nixbld \ |
|
73 | 74 | NIX_PATH=/nix/var/nix/profiles/per-user/$RC_USER/channels \ |
|
74 | 75 | NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt |
|
75 | 76 | |
|
76 | 77 | |
|
77 | 78 | RUN \ |
|
78 | 79 | echo "** install base packages **" && \ |
|
79 | 80 | set -eux; \ |
|
80 | 81 | \ |
|
81 | 82 | savedAptMark="$(apt-mark showmanual)"; \ |
|
82 | 83 | apt-get update; \ |
|
83 | 84 | DEBIAN_FRONTEND="noninteractive" \ |
|
84 | 85 | apt-get install -y --no-install-recommends \ |
|
85 | 86 | tini \ |
|
86 | 87 | bash \ |
|
87 | 88 | binutils \ |
|
88 | 89 | tzdata \ |
|
89 | 90 | locales \ |
|
90 | 91 | openssl \ |
|
91 | 92 | curl \ |
|
92 | 93 | sudo \ |
|
93 | 94 | gosu \ |
|
94 | 95 | bzip2 \ |
|
95 | 96 | ca-certificates \ |
|
96 | 97 | $PYTHON_DEPS \ |
|
97 | 98 | $SSH_LOCALE_DEPS \ |
|
98 | 99 | $SVN_LOCALE_DEPS \ |
|
99 | 100 | $EXTRA_DEPS \ |
|
100 | 101 | ; \ |
|
101 | 102 | rm -rf /var/lib/apt/lists/*; |
|
102 | 103 | |
|
103 | 104 | RUN \ |
|
104 | 105 | echo "** Configure the python executable for py2/3 compat **" && \ |
|
105 | ISPY=$(which python3 || which python2) && \ | |
|
106 | if [ -n $ISPY ] ; then ln -s $ISPY /usr/bin/python ; fi | |
|
106 | IS_PY=$(which python3 || which python2) && \ | |
|
107 | if [ -n $IS_PY ] ; then ln -s $IS_PY /usr/bin/python ; fi | |
|
107 | 108 | |
|
108 | 109 | RUN \ |
|
109 | 110 | echo "** Configure the locales **" && \ |
|
110 | 111 | sed -i "s/^# ${LOCALE_TYPE}/${LOCALE_TYPE}/g" /etc/locale.gen && \ |
|
111 | 112 | locale-gen |
|
112 | 113 | |
|
113 | 114 | # locale-archive is a fix for old nix glibc2.26 locales available |
|
114 | 115 | ENV \ |
|
115 | 116 | LOCALE_ARCHIVE=/var/opt/locale-archive \ |
|
116 | 117 | LANG=${LOCALE_TYPE} \ |
|
117 | 118 | LANGUAGE=${LOCALE_TYPE} \ |
|
118 | 119 | LC_ALL=${LOCALE_TYPE} |
|
119 | 120 | |
|
120 | 121 | # configure the system user |
|
121 | 122 | # explicitly set uid/gid to guarantee that it won't change in the future |
|
122 | 123 | # the values 999:999 are identical to the current user/group id assigned |
|
123 | 124 | RUN \ |
|
124 | 125 | echo "** Create system user $RC_USER **" && \ |
|
125 | 126 | groupadd --system --gid 999 $RC_USER && \ |
|
126 | 127 | useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER && \ |
|
127 | 128 | usermod -G $RC_USER $RC_USER |
|
128 | 129 | |
|
129 | 130 | RUN \ |
|
130 | 131 | echo "** Create nix-build user $NIX_BLD_USER **" && \ |
|
131 | 132 | groupadd --system --gid 1099 $NIX_BLD_USER && \ |
|
132 | 133 | useradd --system --gid $NIX_BLD_USER --uid 1099 --shell /bin/bash $NIX_BLD_USER && \ |
|
133 | 134 | usermod -G $NIX_BLD_USER $NIX_BLD_USER |
|
134 | 135 | |
|
135 | 136 | RUN \ |
|
136 | 137 | echo "** disable nix sandboxing **" && \ |
|
137 | 138 | mkdir /etc/nix && echo 'sandbox = false' > /etc/nix/nix.conf |
|
138 | 139 | |
|
139 | 140 | |
|
140 | 141 | # set the defult bash shell |
|
141 | 142 | SHELL ["/bin/bash", "-c"] |
|
142 | 143 | |
|
143 | 144 | # Fix and set a timezone |
|
144 | 145 | RUN \ |
|
145 | 146 | echo "** configure the timezone **" && \ |
|
146 | 147 | rm /etc/localtime && cp /usr/share/zoneinfo/$TZ /etc/localtime && \ |
|
147 | 148 | echo $TZ > /etc/timezone |
|
148 | 149 | |
|
149 | 150 | |
|
150 | 151 | RUN \ |
|
151 | 152 | echo "** prepare rhodecode store and cache **" && \ |
|
152 | 153 | install -d -m 0700 -o $RC_USER -g $RC_USER /nix && \ |
|
153 | 154 | install -d -m 0755 -o $RC_USER -g $RC_USER /opt/rhodecode && \ |
|
154 |
install -d -m 0755 -o $RC_USER -g $RC_USER / |
|
|
155 | install -d -m 0755 -o $RC_USER -g $RC_USER /usr/local/bin/rhodecode_bin && \ | |
|
155 | 156 | install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_REPO_DIR && \ |
|
156 | 157 | install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_DATA_DIR && \ |
|
157 | 158 | install -d -m 0755 -o $RC_USER -g $RC_USER $BUILD_CONF && \ |
|
158 | 159 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-vcsserver && \ |
|
159 | 160 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ce && \ |
|
160 | 161 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ee && \ |
|
161 | 162 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/ && \ |
|
162 | 163 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol && \ |
|
163 | 164 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/cache && \ |
|
164 | 165 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/bootstrap && \ |
|
165 | install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.ssh | |
|
166 | install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.ssh && \ | |
|
167 | install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.rhoderc | |
|
166 | 168 | |
|
167 | 169 | # expose our custom sshd config |
|
168 | 170 | COPY service/sshd/sshd_config $SSHD_CONF_FILE |
|
169 | 171 | |
|
170 | 172 | # Apache SVN setup |
|
171 | 173 | RUN \ |
|
172 | 174 | echo "**** Apache config cleanup ****" && \ |
|
173 | 175 | rm -f /etc/apache2/conf.d/info.conf \ |
|
174 | 176 | /etc/apache2/conf.d/mpm.conf \ |
|
175 | 177 | /etc/apache2/conf.d/userdir.conf && \ |
|
176 | 178 | rm -f /etc/apache2/sites-enabled/* && \ |
|
177 | 179 | rm -f /etc/apache2/sites-available/* |
|
178 | 180 | |
|
179 | 181 | # custom SVN virtualhost |
|
180 | 182 | COPY service/svn/virtualhost.conf /etc/apache2/sites-enabled/ |
|
181 | 183 | |
|
182 | 184 | RUN \ |
|
183 | 185 | echo "**** Apache config ****" && \ |
|
184 | 186 | echo $(strings /usr/lib/apache2/modules/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \ |
|
185 | 187 | mkdir -p /run/apache2 && \ |
|
186 | 188 | mkdir -p /var/opt/www && \ |
|
187 | 189 | echo "unset HOME" > /etc/apache2/envvars && \ |
|
188 | 190 | echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \ |
|
189 | 191 | echo "export APACHE_PID_FILE=/var/run/apache2/apache2.pid" >> /etc/apache2/envvars && \ |
|
190 | 192 | echo "export APACHE_RUN_DIR=/var/run/apache2" >> /etc/apache2/envvars && \ |
|
191 | 193 | echo "export APACHE_LOCK_DIR=/var/lock/apache2" >> /etc/apache2/envvars && \ |
|
192 | 194 | echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \ |
|
193 | 195 | echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \ |
|
194 | 196 | sed -i "s/Listen 80/Listen ${MOD_DAV_SVN_PORT}/g" /etc/apache2/ports.conf |
|
195 | 197 | |
|
196 | 198 | |
|
197 | 199 | # Copy artifacts |
|
198 | COPY --chown=$RC_USER:$RC_USER .source/ /home/$RC_USER/ | |
|
200 | ||
|
199 | 201 | COPY --chown=$RC_USER:$RC_USER .cache/* /home/$RC_USER/.rccontrol/cache/ |
|
200 |
COPY --chown=$RC_USER:$RC_USER config/ |
|
|
202 | COPY --chown=$RC_USER:$RC_USER config/_shared/rhodecode_enterprise.license /home/$RC_USER/.rccontrol/bootstrap/ | |
|
201 | 203 | COPY --chown=$RC_USER:$RC_USER service/rhodecode/bootstrap/* /home/$RC_USER/.rccontrol/bootstrap/ |
|
202 | 204 | |
|
205 | COPY --chown=$RC_USER:$RC_USER .source/ /home/$RC_USER/ | |
|
206 | RUN \ | |
|
207 | echo "** prepare rhodecode dirs **" && \ | |
|
208 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/vcsserver-1 && \ | |
|
209 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/community-1 && \ | |
|
210 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/enterprise-1 && \ | |
|
211 | ||
|
203 | 212 | RUN \ |
|
204 | 213 | echo "**** locale-archive path ****" && \ |
|
205 | 214 | mv -v /home/$RC_USER/.rccontrol/cache/locale-archive /var/opt/locale-archive |
|
206 | 215 | |
|
207 | 216 | # change to non-root user for RUN commands |
|
208 | 217 | USER $RC_USER |
|
209 | 218 | WORKDIR /home/$RC_USER |
|
210 | 219 | |
|
211 | 220 | |
|
212 | 221 | RUN \ |
|
213 | 222 | echo "** download and install nix ** from $DEV_NIX_VERSION/install" && \ |
|
214 | 223 | curl -L https://releases.nixos.org/nix/nix-$DEV_NIX_VERSION/install | USER=$RC_USER /bin/bash |
|
215 | 224 | |
|
216 | 225 | RUN \ |
|
217 | 226 | echo "** update nix package database and set channel to $DEV_NIX_CHANNEL **" && \ |
|
218 | 227 | . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ |
|
219 | 228 | nix-channel --add https://channels.nixos.org/$DEV_NIX_CHANNEL nixpkgs && \ |
|
220 | 229 | nix-channel --update |
|
221 | 230 | |
|
222 | 231 | |
|
223 | 232 | RUN \ |
|
224 | 233 | echo "** save nix config **" && \ |
|
225 | 234 | touch /home/$RC_USER/.rhoderc && \ |
|
226 | 235 | mkdir -p /home/$RC_USER/.nixpkgs && touch /home/$RC_USER/.nixpkgs/config.nix && \ |
|
227 | 236 | printf '{\n rc = {\n sources = {\n rhodecode-vcsserver = "/home/'$RC_USER'/rhodecode-vcsserver";\n rhodecode-enterprise-ce = "/home/'$RC_USER'/rhodecode-enterprise-ce";\n rhodecode-enterprise-ee = "/home/'$RC_USER'/rhodecode-enterprise-ee";\n };\n };\n}\n' > /home/$RC_USER/.nixpkgs/config.nix |
|
228 | 237 | |
|
229 | 238 | |
|
230 | 239 | RUN \ |
|
231 | 240 | echo "** install rhodecode control **" && \ |
|
232 | 241 | # cd /home/$RC_USER/.rccontrol/cache && \ |
|
233 | 242 | # INSTALLER=$(ls -Art /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* | tail -n 1) && \ |
|
234 | 243 | # chmod +x ${INSTALLER} && \ |
|
235 | 244 | # ${INSTALLER} --accept-license && \ |
|
236 | 245 | # ${RCCONTROL} self-init && \ |
|
237 | 246 | # cp -v /home/$RC_USER/.rccontrol-profile/etc/ca-bundle.crt $BUILD_CONF/ && \ |
|
238 | echo "Done" | |
|
247 | echo "Done installing rhodecode control" | |
|
239 | 248 | |
|
240 | 249 | RUN \ |
|
241 |
echo "** install |
|
|
250 | echo "** install vcsserver ${RHODECODE_VERSION} **" && \ | |
|
242 | 251 | . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ |
|
243 |
nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link |
|
|
244 |
nix-shell --command 'echo |
|
|
252 | nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link /home/$RC_USER/.rccontrol/vcsserver-1/profile rhodecode-vcsserver/default.nix && \ | |
|
253 | nix-shell --command 'echo COMMAND FROM NIX-SHELL TEST' rhodecode-vcsserver/default.nix && \ | |
|
245 | 254 | VCSSERVER_PATH=/home/$RC_USER/rhodecode-vcsserver && \ |
|
246 | rm -rf $BUILD_BIN_DIR/vcs_bin && ln -s ${VCSSERVER_PATH}/result/bin $BUILD_BIN_DIR/vcs_bin && \ | |
|
247 | cp -v ${VCSSERVER_PATH}/configs/production.ini $BUILD_CONF/vcsserver.ini | |
|
255 | rm -rf $BUILD_BIN_DIR/vcs_bin && \ | |
|
256 | cp -rv --preserve=links /home/$RC_USER/.rccontrol/vcsserver-1/profile/bin $BUILD_BIN_DIR/vcs_bin && \ | |
|
257 | cp -v ${VCSSERVER_PATH}/configs/production.ini $BUILD_CONF/vcsserver.ini && \ | |
|
258 | cp -v ${VCSSERVER_PATH}/configs/gunicorn_config.py $BUILD_CONF/gunicorn_conf_vcs.py && \ | |
|
259 | echo "Done installing vcsserver" | |
|
248 | 260 | |
|
249 | 261 | RUN \ |
|
250 | 262 | echo "** install build Community ${RHODECODE_VERSION} **" && \ |
|
251 | 263 | . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ |
|
252 | 264 | echo "done" |
|
253 | 265 | |
|
254 | 266 | RUN \ |
|
255 |
echo "** install |
|
|
267 | echo "** install rhodecode ${RHODECODE_VERSION} **" && \ | |
|
256 | 268 | . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ |
|
257 |
nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link |
|
|
269 | nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link /home/$RC_USER/.rccontrol/enterprise-1/profile rhodecode-enterprise-ee/default.nix && \ | |
|
258 | 270 | nix-shell --command 'echo ok' rhodecode-enterprise-ee/default.nix && \ |
|
259 | 271 | RHODECODE_PATH=/home/$RC_USER/rhodecode-enterprise-ee && \ |
|
260 | rm -rf $BUILD_BIN_DIR/bin && ln -s ${RHODECODE_PATH}/result/bin $BUILD_BIN_DIR/ && \ | |
|
272 | rm -rf $BUILD_BIN_DIR/bin && \ | |
|
273 | cp -rv --preserve=links /home/$RC_USER/.rccontrol/enterprise-1/profile/bin $BUILD_BIN_DIR/ && \ | |
|
261 | 274 | cp -v ${RHODECODE_PATH}/configs/production.ini $BUILD_CONF/rhodecode.ini && \ |
|
262 | 275 | cp -v ${RHODECODE_PATH}/configs/gunicorn_config.py $BUILD_CONF/gunicorn_conf.py && \ |
|
263 |
mkdir -p $RHODECODE_DATA_DIR/static && cp -r |
|
|
276 | mkdir -p $RHODECODE_DATA_DIR/static && cp -r /home/$RC_USER/.rccontrol/enterprise-1/profile/etc/static/* $RHODECODE_DATA_DIR/static/ && \ | |
|
277 | echo "Done installing rhodecode" | |
|
264 | 278 | |
|
265 | 279 | |
|
266 | 280 | RUN \ |
|
267 | 281 | echo "** configure supervisord **" && \ |
|
268 | 282 | #cp -v ${SUPERVISOR_CONF} $BUILD_CONF/ && \ |
|
269 | 283 | #sed -i "s/self_managed_supervisor = False/self_managed_supervisor = True/g" /home/$RC_USER/.rccontrol.ini && \ |
|
270 | echo "done" | |
|
284 | echo "Done installing supervisord" | |
|
271 | 285 | |
|
272 | 286 | USER root |
|
273 | 287 | |
|
274 | ||
|
275 | 288 | RUN \ |
|
276 | 289 | echo "**** cleanup ****" && \ |
|
277 | 290 | apt-get remove -y $PYTHON_DEPS && \ |
|
278 | 291 | apt-get autoclean -y && \ |
|
279 | 292 | rm -f /tmp/* && \ |
|
280 | 293 | rm -f /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* && \ |
|
281 | 294 | rm -f /home/$RC_USER/.rccontrol/cache/*.bz2 && \ |
|
282 | rm -rf /var/lib/apt/lists/* \ | |
|
283 | rm -rf /var/cache/apk/* \ | |
|
284 | rm ${SUPERVISOR_CONF} | |
|
295 | rm -rf /var/lib/apt/lists/* && \ | |
|
296 | rm -rf /var/cache/apk/* && \ | |
|
297 | rm -f ${SUPERVISOR_CONF} && \ | |
|
298 | rm -rf /home/$RC_USER/rhodecode-vcsserver && \ | |
|
299 | rm -rf /home/$RC_USER/rhodecode-enterprise-ce && \ | |
|
300 | rm -rf /home/$RC_USER/rhodecode-enterprise-ee && \ | |
|
301 | echo "Done cleanup" | |
|
302 | ||
|
285 | 303 | |
|
286 | 304 | # copy entrypoints |
|
287 | 305 | COPY entrypoints.d/entrypoint.sh /opt/entrypoints.d/entrypoint.sh |
|
306 | ||
|
288 | 307 | RUN chmod +x /opt/entrypoints.d/entrypoint.sh |
|
289 | 308 | |
|
290 | 309 | # config volume |
|
291 | 310 | VOLUME /etc/rhodecode/conf |
|
292 | 311 | |
|
293 | 312 | # repo store volume |
|
294 | 313 | VOLUME /var/opt/rhodecode_repo_store |
|
295 | 314 | |
|
296 | 315 | # data volume |
|
297 | 316 | VOLUME /var/opt/rhodecode_data |
|
298 | 317 | |
|
299 | 318 | # logs volume |
|
300 | 319 | VOLUME /var/log/rhodecode |
|
301 | 320 | |
|
302 | 321 | ENTRYPOINT ["/opt/entrypoints.d/entrypoint.sh"] |
|
303 | 322 | |
|
304 | 323 | # compose can override this |
|
305 | CMD ["supervisord", "--nodaemon", "-c", "/etc/rhodecode/conf/supervisord.ini"] | |
|
324 | CMD [ "$BUILD_BIN_DIR/bin/gunicorn", "--error-logfile=-", "--paster=/etc/rhodecode/conf_build/run.ini", "--config=/etc/rhodecode/conf_build/gunicorn_conf.py" ] |
@@ -1,76 +1,77 b'' | |||
|
1 | FROM debian:buster | |
|
1 | FROM ubuntu:22.04 | |
|
2 | # Using 22.04 LTS Release | |
|
2 | 3 | MAINTAINER RhodeCode Inc. <support@rhodecode.com> |
|
3 | 4 | |
|
4 | 5 | # env are runtime/build |
|
5 | 6 | ENV \ |
|
6 | 7 | TZ="UTC" \ |
|
7 | 8 | RC_USER=rhodecode \ |
|
8 | 9 | RHODECODE_USER_NAME=rhodecode \ |
|
9 | 10 | SSHD_CONF_FILE=/etc/rhodecode/sshd_config |
|
10 | 11 | |
|
11 | 12 | RUN \ |
|
12 | 13 | echo "** install base packages **" && \ |
|
13 | 14 | set -eux; \ |
|
14 | 15 | \ |
|
15 | 16 | savedAptMark="$(apt-mark showmanual)"; \ |
|
16 | 17 | apt-get update; \ |
|
17 | 18 | apt-get install -y --no-install-recommends \ |
|
18 | 19 | bash \ |
|
19 | 20 | tzdata \ |
|
20 | 21 | vim \ |
|
21 | 22 | openssl \ |
|
22 | 23 | openssh-server \ |
|
23 | 24 | ; \ |
|
24 | 25 | rm -rf /var/lib/apt/lists/*; |
|
25 | 26 | |
|
26 | 27 | # # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies |
|
27 | 28 | # apt-mark auto '.*' > /dev/null; \ |
|
28 | 29 | # [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ |
|
29 | 30 | # apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false |
|
30 | 31 | |
|
31 | 32 | # configure the system user |
|
32 | 33 | # explicitly set uid/gid to guarantee that it won't change in the future |
|
33 | 34 | # the values 999:999 are identical to the current user/group id assigned |
|
34 | 35 | RUN \ |
|
35 | 36 | echo "** Create system user $RC_USER **" && \ |
|
36 | 37 | groupadd --system --gid 999 $RC_USER && \ |
|
37 | 38 | useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER |
|
38 | 39 | |
|
39 | 40 | |
|
40 | 41 | RUN \ |
|
41 | 42 | echo "** prepare rhodecode store and cache **" && \ |
|
42 | 43 | install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.ssh |
|
43 | 44 | |
|
44 | 45 | # set the defult bash shell |
|
45 | 46 | SHELL ["/bin/bash", "-c"] |
|
46 | 47 | |
|
47 | 48 | # Fix and set a timezone |
|
48 | 49 | RUN \ |
|
49 | 50 | echo "** configure the timezone **" && \ |
|
50 | 51 | echo $TZ > /etc/timezone |
|
51 | 52 | |
|
52 | 53 | # expose our custom sshd config |
|
53 | 54 | COPY service/sshd/sshd_config $SSHD_CONF_FILE |
|
54 | 55 | |
|
55 | 56 | USER root |
|
56 | 57 | |
|
57 | 58 | RUN \ |
|
58 | 59 | echo "**** cleanup ****" && \ |
|
59 | 60 | rm -f /tmp/* && \ |
|
60 | 61 | rm -rf /var/lib/apt/lists/* \ |
|
61 | 62 | rm -rf /var/cache/apk/* |
|
62 | 63 | |
|
63 | 64 | # copy entrypoints |
|
64 | 65 | COPY entrypoints.d/ssh-entrypoint.sh /opt/entrypoints.d/ssh-entrypoint.sh |
|
65 | 66 | RUN chmod +x /opt/entrypoints.d/ssh-entrypoint.sh |
|
66 | 67 | |
|
67 | 68 | # config volume |
|
68 | 69 | VOLUME /etc/rhodecode/conf |
|
69 | 70 | |
|
70 | 71 | # logs volume |
|
71 | 72 | VOLUME /var/log/rhodecode |
|
72 | 73 | |
|
73 | 74 | ENTRYPOINT ["/opt/entrypoints.d/ssh-entrypoint.sh"] |
|
74 | 75 | |
|
75 | 76 | # compose can override this |
|
76 | 77 | CMD ["/usr/sbin/sshd", "-f", "/etc/rhodecode/sshd_config", "-D", "-e"] |
@@ -1,72 +1,99 b'' | |||
|
1 | 1 | FROM ubuntu:22.04 |
|
2 | 2 | # Using 22.04 LTS Release |
|
3 | 3 | MAINTAINER RhodeCode Inc. <support@rhodecode.com> |
|
4 | 4 | |
|
5 | 5 | |
|
6 | 6 | ENV \ |
|
7 | 7 | RC_USER=rhodecode \ |
|
8 | MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf | |
|
8 | # SVN CONFIG | |
|
9 | MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf \ | |
|
10 | MOD_DAV_SVN_PORT=8090 | |
|
11 | ||
|
12 | ENV SVN_LOCALE_DEPS apache2 apache2-utils libapache2-mod-svn subversion | |
|
13 | #apache2-webdav | |
|
9 | 14 | |
|
10 | 15 | RUN \ |
|
11 |
echo "** install base |
|
|
12 | apt-get update && \ | |
|
13 | apt-get install --no-cache \ | |
|
14 | tini \ | |
|
15 | bash \ | |
|
16 | curl \ | |
|
17 | apache2 \ | |
|
18 | apache2-utils \ | |
|
19 | apache2-webdav \ | |
|
20 | mod_dav_svn \ | |
|
21 | subversion | |
|
16 | echo "** install svn base packages **" && \ | |
|
17 | set -eux; \ | |
|
18 | \ | |
|
19 | savedAptMark="$(apt-mark showmanual)"; \ | |
|
20 | apt-get update; \ | |
|
21 | DEBIAN_FRONTEND="noninteractive" \ | |
|
22 | apt-get install -y --no-install-recommends \ | |
|
23 | tini \ | |
|
24 | bash \ | |
|
25 | binutils \ | |
|
26 | tzdata \ | |
|
27 | locales \ | |
|
28 | openssl \ | |
|
29 | curl \ | |
|
30 | sudo \ | |
|
31 | gosu \ | |
|
32 | bzip2 \ | |
|
33 | ca-certificates \ | |
|
34 | $SVN_LOCALE_DEPS \ | |
|
35 | ; \ | |
|
36 | rm -rf /var/lib/apt/lists/*; | |
|
37 | ||
|
22 | 38 | |
|
23 | 39 | # configure the system user |
|
24 | 40 | # explicitly set uid/gid to guarantee that it won't change in the future |
|
25 | 41 | # the values 999:999 are identical to the current user/group id assigned |
|
26 | 42 | RUN \ |
|
27 | 43 | echo "** Create system user $RC_USER **" && \ |
|
28 | 44 | groupadd --system --gid 999 $RC_USER && \ |
|
29 | useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER | |
|
45 | useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER && \ | |
|
46 | usermod -G $RC_USER $RC_USER | |
|
47 | ||
|
48 | # Apache SVN setup | |
|
49 | RUN \ | |
|
50 | echo "**** Apache config cleanup ****" && \ | |
|
51 | rm -f /etc/apache2/conf.d/info.conf \ | |
|
52 | /etc/apache2/conf.d/mpm.conf \ | |
|
53 | /etc/apache2/conf.d/userdir.conf && \ | |
|
54 | rm -f /etc/apache2/sites-enabled/* && \ | |
|
55 | rm -f /etc/apache2/sites-available/* | |
|
30 | 56 | |
|
57 | # custom SVN virtualhost | |
|
58 | COPY service/svn/virtualhost.conf /etc/apache2/sites-enabled/ | |
|
59 | ||
|
60 | RUN \ | |
|
61 | echo "**** Apache config ****" && \ | |
|
62 | echo $(strings /usr/lib/apache2/modules/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \ | |
|
63 | mkdir -p /run/apache2 && \ | |
|
64 | mkdir -p /var/opt/www && \ | |
|
65 | echo "unset HOME" > /etc/apache2/envvars && \ | |
|
66 | echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \ | |
|
67 | echo "export APACHE_PID_FILE=/var/run/apache2/apache2.pid" >> /etc/apache2/envvars && \ | |
|
68 | echo "export APACHE_RUN_DIR=/var/run/apache2" >> /etc/apache2/envvars && \ | |
|
69 | echo "export APACHE_LOCK_DIR=/var/lock/apache2" >> /etc/apache2/envvars && \ | |
|
70 | echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \ | |
|
71 | echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \ | |
|
72 | sed -i "s/Listen 80/Listen ${MOD_DAV_SVN_PORT}/g" /etc/apache2/ports.conf | |
|
73 | ||
|
74 | USER root | |
|
31 | 75 | |
|
32 | 76 | RUN \ |
|
33 | 77 | echo "**** cleanup ****" && \ |
|
34 |
apt-get |
|
|
78 | apt-get autoclean -y && \ | |
|
35 | 79 | rm -f /tmp/* && \ |
|
36 | 80 | rm -rf /var/lib/apt/lists/* \ |
|
37 | 81 | rm -rf /var/cache/apk/* |
|
38 | 82 | |
|
39 | RUN \ | |
|
40 | echo "**** Apache config cleanup ****" && \ | |
|
41 | rm -f /etc/apache2/conf.d/info.conf \ | |
|
42 | /etc/apache2/conf.d/mpm.conf \ | |
|
43 | /etc/apache2/conf.d/userdir.conf | |
|
44 | ||
|
45 | ||
|
46 | COPY svn/virtualhost.conf /etc/apache2/conf.d/ | |
|
47 | 83 | |
|
48 | 84 | # copy entrypoints |
|
49 | 85 | COPY entrypoints.d/svn-entrypoint.sh /opt/entrypoints.d/svn-entrypoint.sh |
|
50 | 86 | RUN chmod +x /opt/entrypoints.d/svn-entrypoint.sh |
|
51 | 87 | |
|
52 | RUN \ | |
|
53 | echo $(strings /usr/lib/apache2/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \ | |
|
54 | mkdir -p /run/apache2 && \ | |
|
55 | mkdir -p /var/opt/www && \ | |
|
56 | echo "export APACHE_RUN_USER=${RC_USER}" > /etc/apache2/envvars && \ | |
|
57 | echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \ | |
|
58 | sed -i "s/User apache/User ${RC_USER}/g" /etc/apache2/httpd.conf && \ | |
|
59 | sed -i "s/Group apache/Group ${RC_USER}/g" /etc/apache2/httpd.conf | |
|
88 | # config volume | |
|
89 | VOLUME /etc/rhodecode/conf | |
|
60 | 90 | |
|
61 | 91 | # repo store volume |
|
62 | 92 | VOLUME /var/opt/rhodecode_repo_store |
|
63 | 93 | |
|
64 | # config volume | |
|
65 | VOLUME /etc/rhodecode/conf | |
|
66 | ||
|
67 | 94 | # logs volume |
|
68 | 95 | VOLUME /var/log/rhodecode |
|
69 | 96 | |
|
70 | 97 | ENTRYPOINT ["/opt/entrypoints.d/svn-entrypoint.sh"] |
|
71 | 98 | |
|
72 |
CMD ["apachectl", "-D", "FOREGROUND"] |
|
|
99 | CMD ["apachectl", "-D", "FOREGROUND"] No newline at end of file |
@@ -1,22 +1,33 b'' | |||
|
1 | 1 | LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so |
|
2 | 2 | LoadModule authn_anon_module /usr/lib/apache2/modules/mod_authn_anon.so |
|
3 | 3 | LoadModule dav_svn_module /usr/lib/apache2/modules/mod_dav_svn.so |
|
4 | 4 | |
|
5 | ErrorLogFormat "{ \"time\":\"%{%Y-%m-%d}tT%{%T}t.%{msec_frac}tZ\", \"function\" : \"[%-m:%l]\" , \"process\" : \"[pid %P:tid %T]\" , \"message\" : \"%M\" ,\ \"referer\"\ : \"%{Referer}i\" }" | |
|
6 | LogFormat "{ \"time\":\"%{%Y-%m-%d}tT%{%T}t.%{msec_frac}tZ\", \"process\":\"%D\", \"filename\":\"%f\", \"remoteIP\":\"%a\", \"host\":\"%V\", \"request\":\"%U\", \"query\":\"%q\", \"method\":\"%m\", \"status\":\"%>s\", \"userAgent\":\"%{User-agent}i\", \"referer\":\"%{Referer}i\" }" combined | |
|
7 | ||
|
8 | ErrorLog /dev/stderr | |
|
9 | CustomLog /dev/stdout combined | |
|
10 | ||
|
11 | ||
|
5 | 12 | <VirtualHost *:${MOD_DAV_SVN_PORT}> |
|
6 | 13 | ServerAdmin admin@localhost |
|
7 | 14 | DocumentRoot /var/opt/www |
|
8 | ErrorLog ${APACHE_LOG_DIR}/svn_error.log | |
|
9 | CustomLog ${APACHE_LOG_DIR}/svn_access.log combined | |
|
15 | ||
|
16 | ErrorLogFormat "{ \"time\":\"%{%Y-%m-%d}tT%{%T}t.%{msec_frac}tZ\", \"function\" : \"[%-m:%l]\" , \"process\" : \"[pid %P:tid %T]\" , \"message\" : \"%M\" ,\ \"referer\"\ : \"%{Referer}i\" }" | |
|
17 | LogFormat "{ \"time\":\"%{%Y-%m-%d}tT%{%T}t.%{msec_frac}tZ\", \"process\":\"%D\", \"filename\":\"%f\", \"remoteIP\":\"%a\", \"host\":\"%V\", \"request\":\"%U\", \"query\":\"%q\", \"method\":\"%m\", \"status\":\"%>s\", \"userAgent\":\"%{User-agent}i\", \"referer\":\"%{Referer}i\" }" combined | |
|
18 | ||
|
19 | ErrorLog /dev/stderr | |
|
20 | CustomLog /dev/stdout combined | |
|
10 | 21 | LogLevel info |
|
11 | 22 | |
|
12 | 23 | <Location /_server_status> |
|
13 | 24 | Require ip 127 |
|
14 | 25 | SetHandler server-status |
|
15 | 26 | Require all granted |
|
16 | 27 | </Location> |
|
17 | 28 | |
|
18 | 29 | # allows custom host names, prevents 400 errors on checkout |
|
19 | 30 | HttpProtocolOptions Unsafe |
|
20 | 31 | |
|
21 | 32 | Include ${MOD_DAV_SVN_CONF_FILE} |
|
22 | 33 | </VirtualHost> No newline at end of file |
|
1 | NO CONTENT: file was removed |
|
1 | NO CONTENT: file was removed |
|
1 | NO CONTENT: file was removed |
|
1 | NO CONTENT: file was removed | |
This diff has been collapsed as it changes many lines, (746 lines changed) Show them Hide them |
|
1 | NO CONTENT: file was removed |
|
1 | NO CONTENT: file was removed |
|
1 | NO CONTENT: file was removed |
|
1 | NO CONTENT: file was removed |
|
1 | NO CONTENT: file was removed |
|
1 | NO CONTENT: file was removed |
|
1 | NO CONTENT: file was removed |
General Comments 0
You need to be logged in to leave comments.
Login now