Skip to content

Commit c628491

Browse files
authored
archiver: updat runtime image (#330)
2 parents 2fd25a3 + 75d7244 commit c628491

6 files changed

Lines changed: 75 additions & 69 deletions

File tree

deployment/archiver-service.docker-compose.yml

Lines changed: 19 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -31,13 +31,13 @@ services:
3131
privileged: false
3232
read_only: true
3333
labels:
34-
- "traefik.enable=true"
35-
- "traefik.http.routers.backend.rule=Host(`${HOST}`) && PathPrefix(`/archiver/api/v1`)"
36-
- "traefik.http.middlewares.backend-stripprefix.stripprefix.prefixes=/archiver/api/v1"
37-
- "traefik.http.routers.backend.entrypoints=websecure"
38-
- "traefik.http.routers.backend.tls"
39-
- "traefik.http.routers.backend.middlewares=backend-stripprefix"
40-
- "traefik.http.services.backend.loadbalancer.server.port=8000"
34+
traefik.enable: true
35+
traefik.http.routers.backend.rule: Host(`${HOST}`) && PathPrefix(`/archiver/api/v1`)
36+
traefik.http.middlewares.backend-stripprefix.stripprefix.prefixes: /archiver/api/v1
37+
traefik.http.routers.backend.entrypoints: websecure
38+
traefik.http.routers.backend.tls.certresolver: certresolver
39+
traefik.http.routers.backend.middlewares: backend-stripprefix
40+
traefik.http.services.backend.loadbalancer.server.port: 8000
4141
networks:
4242
- scopemarchiver_network
4343
prefect-server:
@@ -84,20 +84,19 @@ services:
8484
depends_on:
8585
- postgres
8686
labels:
87-
- "traefik.enable=true"
88-
- "traefik.http.services.prefect-server.loadbalancer.server.port=4200"
87+
traefik.enable: true
8988
# UI
90-
- "traefik.http.routers.prefect-server.rule=Host(`${HOST}`) && PathPrefix(`/archiver/prefect/ui`)"
91-
- "traefik.http.routers.prefect-server.entrypoints=websecure"
92-
- "traefik.http.routers.prefect-server.tls"
93-
- "traefik.http.services.prefect-server.loadbalancer.server.port=4200"
94-
- "traefik.http.routers.prefect-server.middlewares=${AUTH_MIDDLEWARE}"
89+
traefik.http.routers.prefect-server.rule: Host(`${HOST}`) && PathPrefix(`/archiver/prefect/ui`)
90+
traefik.http.routers.prefect-server.entrypoints: websecure
91+
traefik.http.routers.prefect-server.tls.certresolver: certresolver
92+
traefik.http.services.prefect-server.loadbalancer.server.port: 4200
93+
traefik.http.routers.prefect-server.middlewares: ${AUTH_MIDDLEWARE}
9594
# API
96-
- "traefik.http.routers.prefect-api-server.rule=Host(`${HOST}`) && PathPrefix(`/archiver/prefect/api`)"
97-
- "traefik.http.routers.prefect-api-server.entrypoints=websecure"
98-
- "traefik.http.routers.prefect-api-server.tls"
99-
- "traefik.http.middlewares.prefect-api-strip.stripprefix.prefixes=/archiver/prefect"
100-
- "traefik.http.routers.prefect-api-server.middlewares=prefect-api-strip${AUTH_MIDDLEWARE:+,$AUTH_MIDDLEWARE}"
95+
traefik.http.routers.prefect-api-server.rule: Host(`${HOST}`) && PathPrefix(`/archiver/prefect/api`)
96+
traefik.http.routers.prefect-api-server.entrypoints: websecure
97+
traefik.http.routers.prefect-api-server.tls.certresolver: certresolver
98+
traefik.http.middlewares.prefect-api-strip.stripprefix.prefixes: /archiver/prefect
99+
traefik.http.routers.prefect-api-server.middlewares: prefect-api-strip${AUTH_MIDDLEWARE:+,$AUTH_MIDDLEWARE}
101100
networks:
102101
- scopemarchiver_network
103102
postgres:
@@ -201,7 +200,7 @@ services:
201200
prefect-config:
202201
condition: service_completed_successfully
203202
labels:
204-
- "traefik.enable=false"
203+
traefik.enable: false
205204
volumes:
206205
postgres-volume:
207206
name: scopemarchiver_postgres-volume

deployment/minio.docker-compose.yml

Lines changed: 21 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -20,29 +20,29 @@ services:
2020
- minio_pass
2121
command: server --console-address ":9001" /data
2222
labels:
23-
- "traefik.enable=true"
24-
- "traefik.http.routers.minio.rule=Host(`${HOST}`) && PathPrefix(`/minio`)"
25-
- "traefik.http.routers.minio.middlewares=minio-stripprefix,minio-headers,minio-cors"
26-
- "traefik.http.routers.minio.entrypoints=web"
27-
- "traefik.http.routers.minio.service=minio-web"
28-
- "traefik.http.services.minio-web.loadbalancer.server.port=9001"
23+
traefik.enable: true
24+
traefik.http.routers.minio.rule: Host(`${HOST}`) && PathPrefix(`/minio`)
25+
traefik.http.routers.minio.middlewares: minio-stripprefix,minio-headers,minio-cors
26+
traefik.http.routers.minio.entrypoints: web
27+
traefik.http.routers.minio.service: minio-web
28+
traefik.http.services.minio-web.loadbalancer.server.port: 9001
2929

30-
- "traefik.http.middlewares.minio-stripprefix.stripprefix.prefixes=/minio"
31-
- "traefik.http.middlewares.minio-cors.headers.accesscontrolallowmethods=*"
32-
- "traefik.http.middlewares.minio-cors.headers.accesscontrolallowheaders=*"
33-
- "traefik.http.middlewares.minio-cors.headers.accessControlExposeHeaders=ETag,Location,Authorization,Origin,X-Requested-With,X-Request-ID,X-HTTP-Method-Override,Content-Type,Upload-Length,Upload-Offset,Tus-Resumable,Upload-Metadata,Upload-Defer-Length,Upload-Concat,Upload-Complete,Upload-Draft-Interop-Version,x-token"
34-
- "traefik.http.middlewares.minio-cors.headers.accessControlAllowOriginList=*"
35-
- "traefik.http.middlewares.minio-cors.headers.accesscontrolmaxage=100"
36-
- "traefik.http.middlewares.minio-cors.headers.addvaryheader=true"
37-
- "traefik.http.middlewares.minio-headers.headers.customrequestheaders.X-Forwarded-Proto=http"
38-
- "traefik.http.middlewares.minio-headers.headers.customrequestheaders.X-Forwarded-Host=${HOST}/minio"
30+
traefik.http.middlewares.minio-stripprefix.stripprefix.prefixes: /minio
31+
traefik.http.middlewares.minio-cors.headers.accesscontrolallowmethods: "*"
32+
traefik.http.middlewares.minio-cors.headers.accesscontrolallowheaders: "*"
33+
traefik.http.middlewares.minio-cors.headers.accessControlExposeHeaders: ETag,Location,Authorization,Origin,X-Requested-With,X-Request-ID,X-HTTP-Method-Override,Content-Type,Upload-Length,Upload-Offset,Tus-Resumable,Upload-Metadata,Upload-Defer-Length,Upload-Concat,Upload-Complete,Upload-Draft-Interop-Version,x-token
34+
traefik.http.middlewares.minio-cors.headers.accessControlAllowOriginList: "*"
35+
traefik.http.middlewares.minio-cors.headers.accesscontrolmaxage: 100
36+
traefik.http.middlewares.minio-cors.headers.addvaryheader: true
37+
traefik.http.middlewares.minio-headers.headers.customrequestheaders.X-Forwarded-Proto: http
38+
traefik.http.middlewares.minio-headers.headers.customrequestheaders.X-Forwarded-Host: ${HOST}/minio
3939

40-
- "traefik.http.routers.minio-api.rule=Host(`${HOST}/minio-api`) && PathPrefix(`/minio-api`)"
41-
- "traefik.http.middlewares.minio-api-stripprefix.stripprefix.prefixes=/minio-api"
42-
- "traefik.http.routers.minio-api.entrypoints=web"
43-
- "traefik.http.routers.minio-api.service=minio-api"
44-
- "traefik.http.routers.minio-api.middlewares=minio-api-stripprefix,minio-headers,minio-cors"
45-
- "traefik.http.services.minio-api.loadbalancer.server.port=9000"
40+
traefik.http.routers.minio-api.rule: Host(`${HOST}/minio-api`) && PathPrefix(`/minio-api`)
41+
traefik.http.middlewares.minio-api-stripprefix.stripprefix.prefixes: /minio-api
42+
traefik.http.routers.minio-api.entrypoints: web
43+
traefik.http.routers.minio-api.service: minio-api
44+
traefik.http.routers.minio-api.middlewares: minio-api-stripprefix,minio-headers,minio-cors
45+
traefik.http.services.minio-api.loadbalancer.server.port: 9000
4646
minio-create-bucket:
4747
image: minio/mc
4848
depends_on:

deployment/prefect-worker.docker-compose.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ services:
2020
- PREFECT_LOGGING_LEVEL=${PREFECT_LOGGING_LEVEL}
2121
- PREFECT_API_URL=http://prefect-server:4200/api
2222
labels:
23-
- "traefik.enable=false"
23+
traefik.enable: false
2424
prefect-retrieval-worker:
2525
image: prefecthq/prefect:${PREFECT_VERSION}
2626
restart: always
@@ -42,4 +42,4 @@ services:
4242
- PREFECT_LOGGING_LEVEL=${PREFECT_LOGGING_LEVEL}
4343
- PREFECT_API_URL=http://prefect-server:4200/api
4444
labels:
45-
- "traefik.enable=false"
45+
traefik.enable: false

deployment/traefik.docker-compose.yml

Lines changed: 22 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -1,36 +1,39 @@
11
services:
22
traefik:
3-
image: "traefik:v3.3.4"
3+
image: "traefik:latest"
44
container_name: "traefik"
55
command:
6-
- "--log.level=DEBUG"
7-
- "--api.insecure=false"
6+
- "--log.level=TRACE"
7+
- "--api.insecure=true"
88
- "--api.dashboard=true"
99
- "--providers.docker=true"
10-
- "--providers.docker.exposedbydefault=true"
10+
- "--providers.docker.exposedbydefault=false"
1111
- "--entrypoints.websecure.address=:443"
1212
- "--entrypoints.web.address=:80"
13+
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
1314
- "--metrics.prometheus=true"
1415
- "--providers.file.filename=/opt/traefik.yml"
1516
- "--entryPoints.web.observability.metrics=true"
17+
- "--certificatesresolvers.certresolver.acme.email=wiphilip@ethz.ch"
18+
- "--certificatesresolvers.certresolver.acme.storage=/acme/acme.json"
19+
- "--certificatesresolvers.certresolver.acme.tlschallenge=true"
1620
ports:
1721
- "443:443"
1822
- "80:80"
1923
expose:
2024
- "8080"
2125
volumes:
22-
- ${CERTIFICATE_FILE:-/dev/null}:/opt/certs/cert.pem
23-
- ${CERTIFICATE_KEY_FILE:-/dev/null}:/opt/certs/cert.key
2426
- "/var/run/docker.sock:/var/run/docker.sock:ro"
27+
- acme:/acme
2528
labels:
26-
- "traefik.enable=true"
27-
- "traefik.http.routers.dashboard.rule=Host(`${HOST}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
28-
- "traefik.http.routers.dashboard.middlewares=${AUTH_MIDDLEWARE}"
29-
- "traefik.http.routers.dashboard.service=api@internal"
30-
- "traefik.http.routers.dashboard.entrypoints=websecure"
31-
- "traefik.http.routers.dashboard.tls"
32-
- "traefik.frontend.headers.passHostHeader=true"
33-
- "traefik.http.services.dashboard.loadbalancer.server.port=8080"
29+
traefik.enable: true
30+
traefik.http.routers.dashboard.rule: Host(`${HOST}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
31+
traefik.http.routers.dashboard.middlewares: ${AUTH_MIDDLEWARE}
32+
traefik.http.routers.dashboard.service: api@internal
33+
traefik.http.routers.dashboard.entrypoints: websecure
34+
traefik.http.routers.dashboard.tls.certresolver: certresolver
35+
traefik.frontend.headers.passHostHeader: true
36+
traefik.http.services.dashboard.loadbalancer.server.port: 8080
3437
networks:
3538
- scopemarchiver_network
3639
configs:
@@ -39,6 +42,7 @@ services:
3942
secrets:
4043
- prometheus_auth
4144

45+
4246
authentik-proxy:
4347
image: ghcr.io/goauthentik/proxy
4448
ports:
@@ -70,17 +74,6 @@ services:
7074
configs:
7175
traefik.yml:
7276
content: |
73-
tls:
74-
certificates:
75-
- certFile: /opt/certs/cert.pem
76-
keyFile: /opt/certs/cert.key
77-
stores:
78-
- default
79-
stores:
80-
default:
81-
defaultCertificate:
82-
certFile: /opt/certs/cert.pem
83-
keyFile: /opt/certs/cert.key
8477
http:
8578
routers:
8679
external-api-router:
@@ -100,4 +93,7 @@ secrets:
10093
authentik_token:
10194
file: ./.secrets/authentik_token
10295
prometheus_auth:
103-
file: ./.secrets/.htpasswd_prom
96+
file: ./.secrets/.htpasswd_prom
97+
98+
volumes:
99+
acme:

storage-client-setup/dsm.opt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
SERVERNAME FILESYSTEM

storage-client-setup/dsm.sys

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
SERVERNAME FILESYSTEM
2+
COMMMETHOD TCPIP
3+
NODENAME scopem
4+
TCPSERVERADDRESS sp209.ethz.ch
5+
TCPPORT 15209
6+
PASSWORDACCESS GENERATE
7+
MANAGEDSERVICES SCHEDULE
8+
SCHEDLOGRETENTION 30 D
9+
ERRORLOGRETENTION 30 D
10+

0 commit comments

Comments
 (0)