Merge branch 'development' into install-profile

Islandora-Devops · Mar 9, 2022 · 501d9d4 · 501d9d4
2 parents 003538d + 3aa6e1f
commit 501d9d4
Show file tree

Hide file tree

Showing 21 changed files with 307 additions and 49 deletions.
diff --git a/Makefile b/Makefile
@@ -22,7 +22,7 @@ export
 EXTERNAL_SERVICES := etcd watchtower traefik
 
 # The minimal set of docker-compose files required to be able to run anything.
-REQUIRED_SERIVCES ?= activemq alpaca blazegraph cantaloupe crayfish crayfits drupal mariadb matomo solr
+REQUIRED_SERVICES ?= activemq alpaca blazegraph cantaloupe crayfish crayfits drupal mariadb matomo solr
 
 ifeq ($(USE_SECRETS), true)
 	SECRETS := secrets
@@ -74,7 +74,7 @@ DATABASE_SERVICES := $(sort $(DATABASE_SERVICES))
 # The services to be run (order is important), as services can override one
 # another. Traefik must be last if included as otherwise its network
 # definition for `gateway` will be overriden.
-SERVICES := $(REQUIRED_SERIVCES) $(FCREPO_SERVICE) $(WATCHTOWER_SERVICE) $(ETCD_SERVICE) $(DATABASE_SERVICES) $(ENVIRONMENT) $(TRAEFIK_SERVICE) $(SECRETS) $(CODE_SERVER_SERVICE)
+SERVICES := $(REQUIRED_SERVICES) $(FCREPO_SERVICE) $(WATCHTOWER_SERVICE) $(ETCD_SERVICE) $(DATABASE_SERVICES) $(ENVIRONMENT) $(SECRETS) $(CODE_SERVER_SERVICE) $(TRAEFIK_SERVICE)
 
 default: download-default-certs docker-compose.yml pull
 
@@ -114,6 +114,7 @@ endif
 .PHONY: drupal-database
 .SILENT: drupal-database
 drupal-database:
+	docker-compose exec -T drupal timeout 300 bash -c "while ! test -e /var/run/nginx/nginx.pid -a -e /var/run/php-fpm7/php-fpm7.pid; do sleep 1; done"
 	docker-compose exec -T drupal with-contenv bash -lc "for_all_sites create_database"
 
 # Installs drupal site(s) using environment variables.
@@ -451,6 +452,19 @@ help:
 	} \
 	{lastLine = $$0}' $(MAKEFILE_LIST)
 
+IS_DRUPAL_PSSWD_FILE_READABLE := $(shell test -r secrets/live/DRUPAL_DEFAULT_ACCOUNT_PASSWORD -a -w secrets/live/DRUPAL_DEFAULT_ACCOUNT_PASSWORD && echo 1 || echo 0)
+CMD := $(shell [ $(IS_DRUPAL_PSSWD_FILE_READABLE) -eq 1 ] && echo 'tee' || echo 'sudo -k tee')
+
+.PHONY: set_admin_password
+.SILENT: set_admin_password
+## Sets the admin password and accomodates for permissions restrictions to the secrets directory. Only runs sudo when needed.
+set_admin_password:
+	@$(eval PASSWORD ?= $(shell bash -c 'read -s -p "New Password: " pwd; echo $$pwd'))
+	@echo "\n\nSetting admin password now"
+	docker-compose exec -T drupal with-contenv bash -lc 'drush user:password admin "$(PASSWORD)"'
+	echo "$(PASSWORD)" | $(CMD) secrets/live/DRUPAL_DEFAULT_ACCOUNT_PASSWORD >> /dev/null
+	@echo "\ndone."
+
 LATEST_VERSION := $(shell curl -s https://api.github.com/repos/desandro/masonry/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/')
 
 .PHONY: fix-masonry

diff --git a/README.md b/README.md
@@ -23,7 +23,8 @@
 ## Introduction
 
 [Docker Compose] project for creating and managing an Islandora 8 instance
-using [Docker] containers from [isle-buildkit](https://github.com/Islandora-Devops/isle-buildkit).
+using [Docker] containers from [Docker Hub](https://hub.docker.com/u/islandora) 
+that were created by [isle-buildkit](https://github.com/Islandora-Devops/isle-buildkit).
 
 In a nutshell, `isle-dc` generates a docker-compose.yml file for you based on configuration
 that you supply in a `.env` file.  And there are three use cases we're trying to accomplish:
@@ -37,20 +38,12 @@ as database import/export and reindexing.
 
 ## Requirements
 
-- Composer 1.10+
 - Desktop / laptop / VM (*Docker must have sufficient resources to run GNU Make*)
-- Docker-CE 19.x+ (*If using Docker Desktop for Windows, any stable release
-  *after* 2.2.0.4, or use a 2.2.0.4 with a [patch][Docker for Windows Patch] due
-  to a [bug][Docker for Windows Bug]*)
-- Docker-compose version 1.25.x+.* Docker is now rolling out a 2.0.x branch, with incompatible config file syntax. 
+- Docker-CE 19.x+
+- Docker-compose version 1.25.x+ 
 - Git 2.0+
 - GNU Make 4.0+
-
-* As of August, 2021, Docker Desktop is now shipping with docker-compose 2.0 which has incompatible config file syntax. Until this is addressed, run 
-
-```bash
-docker-compose disable-v2
-```
+- At least 8GB of RAM (ideally 16GB)
 
 before running any of the make commands below.
 
@@ -157,7 +150,7 @@ Then you can `git push` your site to Github and `git clone` it down whenever you
 This environment is used to run your custom `drupal` image which can be produced
 outside of this repository. You can specify the image in your `.env` file using
 the settings `PROJECT_DRUPAL_DOCKERFILE` if you want to build it in the context
-of this repository.
+of this repository. You can also set the memory limits for each containers here as well.
 
 For convenience a `sample.Dockerfile` is provided from which you can generate a
 custom image from the [codebase](./codebase) folder. For example if you followed
@@ -262,6 +255,11 @@ The code-server service can be disabled/enabled via the
 INCLUDE_CODE_SERVER_SERVICE=true
 ```
 
+* Run `make local`, `make up`, or `make demo` to build the containers and local file system(s).
+* Then modify the `.env` file.
+* Then `make pull` then `make up` to fetch the builds.
+It will then report it created the **code-server** and recreated **traefik** and **drupal** containers.
+
 By default this will accessible at
 [https://islandora.traefik.me:8443/](https://islandora.traefik.me:8443/).
 

diff --git a/docker-compose.activemq.yml b/docker-compose.activemq.yml
@@ -14,9 +14,15 @@ services:
       - activemq-data:/opt/activemq/data
     labels:
       # Do not expose in production.
-      - traefik.enable=true
+      - traefik.enable=${EXPOSE_ACTIVEMQ:-false}
       - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-activemq.loadbalancer.server.port=8161
       - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-activemq_http.service=${COMPOSE_PROJECT_NAME-isle-dc}-activemq
       - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-activemq_http.entrypoints=activemq
     networks:
       default:
+    deploy:
+      resources:
+          limits:
+            memory: ${ACTIVEMQ_MEMORY_LIMIT:-2G}
+          reservations:
+            memory: 1G
diff --git a/docker-compose.alpaca.yml b/docker-compose.alpaca.yml
@@ -11,3 +11,9 @@ services:
       ALPACA_HOUDINI_TIMEOUT: ${ALPACA_HOUDINI_TIMEOUT:-10000}
       ALPACA_HOMARUS_TIMEOUT: ${ALPACA_HOMARUS_TIMEOUT:-10000}
       ALPACA_FITS_TIMEOUT: ${ALPACA_HOMARUS_TIMEOUT:-10000}
+    deploy:
+      resources:
+          limits:
+            memory: ${ALPACA_MEMORY_LIMIT:-2G}
+          reservations:
+            memory: 1G
diff --git a/docker-compose.blazegraph.yml b/docker-compose.blazegraph.yml
@@ -15,7 +15,13 @@ services:
     networks:
       default:
     labels:
-      - traefik.enable=true
+      - traefik.enable=${EXPOSE_BLAZEGRAPH:-false}
       - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-blazegraph.loadbalancer.server.port=80
       - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-blazegraph_http.service=${COMPOSE_PROJECT_NAME-isle-dc}-blazegraph
       - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-blazegraph_http.entrypoints=blazegraph
+    deploy:
+      resources:
+          limits:
+            memory: ${BLAZEGRAPH_MEMORY_LIMIT:-5G}
+          reservations:
+            memory: 2G
diff --git a/docker-compose.cantaloupe.yml b/docker-compose.cantaloupe.yml
@@ -10,10 +10,14 @@ services:
   cantaloupe:
     restart: ${RESTART_POLICY:-unless-stopped}
     image: ${REPOSITORY:-islandora}/cantaloupe:${TAG:-latest}
+    environment:
+      CANTALOUPE_DELEGATE_SCRIPT_ENABLED: ${CANTALOUPE_DELEGATE_SCRIPT_ENABLED} # "true"
+      CANTALOUPE_DELEGATE_SCRIPT_PATHNAME: ${CANTALOUPE_DELEGATE_SCRIPT_PATHNAME} #/opt/tomcat/bin/delegates.rb
+      CANTALOUPE_HTTPSOURCE_LOOKUP_STRATEGY: ${CANTALOUPE_HTTPSOURCE_LOOKUP_STRATEGY} # ScriptLookupStrategy
     volumes:
       - cantaloupe-data:/data
     labels:
-      - traefik.enable=true
+      - traefik.enable=${EXPOSE_CANTALOUPE:-true}
       - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-cantaloupe.loadbalancer.server.port=80
       - traefik.http.middlewares.cantaloupe-redirectscheme.redirectscheme.scheme=https
       - traefik.http.middlewares.cantaloupe-redirectscheme.redirectscheme.permanent=true
@@ -26,3 +30,9 @@ services:
       - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-cantaloupe_https.tls=true
     networks:
       default:
+    deploy:
+      resources:
+          limits:
+            memory: ${CANTALOUPE_MEMORY_LIMIT:-5G}
+          reservations:
+            memory: 1G
diff --git a/docker-compose.code-server.yml b/docker-compose.code-server.yml
@@ -10,7 +10,7 @@ networks:
     external: true
 secrets:
   CODE_SERVER_PASSWORD:
-    file: "./secrets/CODE_SERVER_PASSWORD"
+    file: "./secrets/live/CODE_SERVER_PASSWORD"
 services:
   code-server:
     environment:
@@ -21,7 +21,7 @@ services:
     restart: ${RESTART_POLICY:-unless-stopped}
     image: ${REPOSITORY:-islandora}/code-server:${TAG:-latest}
     labels:
-      - traefik.enable=true
+      - traefik.enable=${EXPOSE_CODE_SERVER:-false}
       # code-server  
       - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-code-server.loadbalancer.server.port=8443
       - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-code-server_https.service=${COMPOSE_PROJECT_NAME-isle-dc}-code-server
@@ -62,6 +62,12 @@ services:
       gateway:
     depends_on:
       - drupal
+    deploy:
+      resources:
+          limits:
+            memory: ${IDE_MEMORY_LIMIT:-5G}
+          reservations:
+            memory: 2G
   drupal:
     environment:
       PHP_MEMORY_LIMIT: ${PHP_MEMORY_LIMIT}
@@ -74,6 +80,12 @@ services:
     volumes:
       # Allow code-server to serve Drupal / override it.
       - drupal-root:/var/www/drupal
+    deploy:
+      resources:
+          limits:
+            memory: ${DRUPAL_MEMORY_LIMIT:-5G}
+          reservations:
+            memory: 2G
 volumes:
   drupal-root: {}
   drupal-sites-data: {}

diff --git a/docker-compose.crayfish.yml b/docker-compose.crayfish.yml
@@ -8,12 +8,30 @@ services:
   homarus:
     restart: ${RESTART_POLICY:-unless-stopped}
     image: ${REPOSITORY:-islandora}/homarus:${TAG:-latest}
+    deploy:
+      resources:
+          limits:
+            memory: ${HOMARUS_MEMORY_LIMIT:-1G}
+          reservations:
+            memory: 512M
   houdini:
     restart: ${RESTART_POLICY:-unless-stopped}
     image: ${REPOSITORY:-islandora}/houdini:${TAG:-latest}
+    deploy:
+      resources:
+          limits:
+            memory: ${HOUDINI_MEMORY_LIMIT:-1G}
+          reservations:
+            memory: 512M
   hypercube:
     restart: ${RESTART_POLICY:-unless-stopped}
     image: ${REPOSITORY:-islandora}/hypercube:${TAG:-latest}
+    deploy:
+      resources:
+          limits:
+            memory: ${HYPERCUBE_MEMORY_LIMIT:-512M}
+          reservations:
+            memory: 256M
   milliner:
     restart: ${RESTART_POLICY:-unless-stopped}
     image: ${REPOSITORY:-islandora}/milliner:${TAG:-latest}
@@ -22,6 +40,18 @@ services:
     networks:
       default:
       gateway:
+    deploy:
+      resources:
+          limits:
+            memory: ${MILLINER_MEMORY_LIMIT:-1G}
+          reservations:
+            memory: 512M
   recast:
     restart: ${RESTART_POLICY:-unless-stopped}
     image: ${REPOSITORY:-islandora}/recast:${TAG:-latest}
+    deploy:
+      resources:
+          limits:
+            memory: ${RECAST_MEMORY_LIMIT:-1G}
+          reservations:
+            memory: 512M
diff --git a/docker-compose.crayfits.yml b/docker-compose.crayfits.yml
@@ -8,6 +8,18 @@ services:
     image: ${REPOSITORY:-islandora}/crayfits:${TAG:-latest}
     depends_on:
       - fits
+    deploy:
+      resources:
+          limits:
+            memory: ${CRAYFITS_MEMORY_LIMIT:-1G}
+          reservations:
+            memory: 512M
   fits:
     restart: ${RESTART_POLICY:-unless-stopped}
     image: ${REPOSITORY:-islandora}/fits:${TAG:-latest}
+    deploy:
+      resources:
+          limits:
+            memory: ${FITS_MEMORY_LIMIT:-2G}
+          reservations:
+            memory: 1000M
diff --git a/docker-compose.drupal.yml b/docker-compose.drupal.yml
@@ -22,7 +22,7 @@ services:
       PHP_UPLOAD_MAX_FILESIZE: ${PHP_UPLOAD_MAX_FILESIZE}
       PHP_MAX_EXECUTION_TIME: ${PHP_MAX_EXECUTION_TIME}
     labels:
-      - traefik.enable=true
+      - traefik.enable=${EXPOSE_DRUPAL:-true}
       - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-drupal.loadbalancer.server.port=80
       - traefik.http.middlewares.drupal-redirectscheme.redirectscheme.scheme=https
       - traefik.http.middlewares.drupal-redirectscheme.redirectscheme.permanent=true
@@ -36,3 +36,9 @@ services:
     networks:
       default:
       gateway:
+    deploy:
+      resources:
+          limits:
+            memory: ${DRUPAL_MEMORY_LIMIT:-512M}
+          reservations:
+            memory: 256M
diff --git a/docker-compose.fcrepo.yml b/docker-compose.fcrepo.yml
@@ -24,7 +24,7 @@ services:
       default:
     labels:
       # Do not expose in production.
-      - traefik.enable=true
+      - traefik.enable=${EXPOSE_FEDORA:-false}
       - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-fcrepo.loadbalancer.server.port=80
       - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-fcrepo_http.service=${COMPOSE_PROJECT_NAME-isle-dc}-fcrepo
       - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-fcrepo_http.entrypoints=fcrepo
diff --git a/docker-compose.fcrepo6.yml b/docker-compose.fcrepo6.yml
@@ -24,7 +24,13 @@ services:
       default:
     labels:
       # Do not expose in production.
-      - traefik.enable=true
+      - traefik.enable=${EXPOSE_FEDORA:-false}
       - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-fcrepo.loadbalancer.server.port=80
       - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-fcrepo_http.service=${COMPOSE_PROJECT_NAME-isle-dc}-fcrepo
       - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-fcrepo_http.entrypoints=fcrepo
+    deploy:
+      resources:
+          limits:
+            memory: ${FCREPO_MEMORY_LIMIT:-2G}
+          reservations:
+            memory: 1G
diff --git a/docker-compose.mariadb.yml b/docker-compose.mariadb.yml
@@ -20,10 +20,16 @@ services:
     # Since this is not http, but tcp traffic it does does not understand the concept of a "host".
     # so we must dedicate a port to it in traefik, and direct all traffic to this router: HostSNI(`*`).
     labels:
-      - traefik.enable=true
+      - traefik.enable=${EXPOSE_MYSQL:-false}
       - traefik.tcp.services.${COMPOSE_PROJECT_NAME-isle-dc}-mysql.loadbalancer.server.port=3306
       - traefik.tcp.routers.${COMPOSE_PROJECT_NAME-isle-dc}-mysql_tcp.service=${COMPOSE_PROJECT_NAME-isle-dc}-mysql
       - traefik.tcp.routers.${COMPOSE_PROJECT_NAME-isle-dc}-mysql_tcp.entrypoints=mysql
       - traefik.tcp.routers.${COMPOSE_PROJECT_NAME-isle-dc}-mysql_tcp.rule=HostSNI(`*`)
     networks:
       default:
+    deploy:
+      resources:
+          limits:
+            memory: ${MARIADB_MEMORY_LIMIT:-1G}
+          reservations:
+            memory: 512M
diff --git a/docker-compose.matomo.yml b/docker-compose.matomo.yml
@@ -20,7 +20,7 @@ services:
       default:
     labels:
       # Do not expose in production over http, setup https.
-      - traefik.enable=true
+      - traefik.enable=${EXPOSE_MATOMO:-true}
       - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-matomo.loadbalancer.server.port=80
       - traefik.http.middlewares.${COMPOSE_PROJECT_NAME-isle-dc}-matomo-redirectscheme.redirectscheme.scheme=https
       - traefik.http.middlewares.${COMPOSE_PROJECT_NAME-isle-dc}-matomo-redirectscheme.redirectscheme.permanent=true
@@ -35,3 +35,9 @@ services:
       - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-matomo_https.rule=Host(`${DOMAIN}`) && PathPrefix(`/matomo`)
       - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-matomo_https.tls=true
       - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-matomo_https.middlewares=${COMPOSE_PROJECT_NAME-isle-dc}-matomo
+    deploy:
+      resources:
+          limits:
+            memory: ${MATOMO_MEMORY_LIMIT:-1G}
+          reservations:
+            memory: 512M
diff --git a/docker-compose.postgresql.yml b/docker-compose.postgresql.yml
@@ -24,7 +24,7 @@ services:
     # Since this is not http, but tcp traffic it does does not understand the concept of a "host".
     # so we must dedicate a port to it in traefik, and direct all traffic to this router: HostSNI(`*`).
     labels:
-      - traefik.enable=true
+      - traefik.enable=${EXPOSE_POSTGRES:-false}
       - traefik.tcp.services.${COMPOSE_PROJECT_NAME-isle-dc}-postgresql.loadbalancer.server.port=5432
       - traefik.tcp.routers.${COMPOSE_PROJECT_NAME-isle-dc}-postgresql_tcp.service=${COMPOSE_PROJECT_NAME-isle-dc}-postgresql
       - traefik.tcp.routers.${COMPOSE_PROJECT_NAME-isle-dc}-postgresql_tcp.entrypoints=postgresql

diff --git a/docker-compose.solr.yml b/docker-compose.solr.yml
@@ -15,7 +15,13 @@ services:
       default:
     labels:
       # Do not expose in production.
-      - traefik.enable=true
+      - traefik.enable=${EXPOSE_SOLR:-false}
       - traefik.http.services.${COMPOSE_PROJECT_NAME-isle-dc}-solr.loadbalancer.server.port=8983
       - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-solr_http.service=${COMPOSE_PROJECT_NAME-isle-dc}-solr
       - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-solr_http.entrypoints=solr
+    deploy:
+      resources:
+          limits:
+            memory: ${SOLR_MEMORY_LIMIT:-8G}
+          reservations:
+            memory: 6G