services: # TLS cert for tink-server and docker registry tls-gen: image: cfssl/cfssl entrypoint: /code/tls/generate.sh command: ["$TINKERBELL_HOST_IP"] environment: FACILITY: ${FACILITY:-onprem} volumes: - ${REPO_TOP_LEVEL:-.}:/code - certs:/certs/${FACILITY:-onprem}:rw # User creds for the registry registry-auth: image: httpd:2 entrypoint: htpasswd working_dir: /auth command: [ "-Bbc", ".htpasswd", "${TINKERBELL_REGISTRY_USERNAME:-admin}", "${TINKERBELL_REGISTRY_PASSWORD:-Admin1234}", ] volumes: - auth:/auth:rw # OSIE work osie-work: image: alpine entrypoint: /scripts/lastmile.sh command: ["${OSIE_DOWNLOAD_URL}", "/source", "/source", "/destination"] volumes: - ${REPO_TOP_LEVEL:-.}/osie:/scripts - ${REPO_TOP_LEVEL:-.}/state/webroot/misc/osie/current:/source - ${REPO_TOP_LEVEL:-.}/state/webroot/workflow:/destination # Uploads images in /registry/registry_images.txt to the local registry images-to-local-registry: image: quay.io/containers/skopeo:latest entrypoint: /registry/upload.sh command: [ "${TINKERBELL_REGISTRY_USERNAME:-admin}", "${TINKERBELL_REGISTRY_PASSWORD:-Admin1234}", "${TINKERBELL_HOST_IP}", "/registry/registry_images.txt", ] volumes: - ${REPO_TOP_LEVEL:-.}/registry:/registry depends_on: registry: condition: service_healthy # registry ca.crt download registry-ca-crt-download: image: alpine entrypoint: wget working_dir: /code command: ["http://$TINKERBELL_HOST_IP:42114/cert", "-O", "ca.pem"] volumes: - ${REPO_TOP_LEVEL:-.}/state/webroot/workflow:/code depends_on: tink-server: condition: service_healthy db: condition: service_healthy # Create hardware, template, and workflow records in tink-server create-tink-records: image: ${TINK_CLI_IMAGE} entrypoint: /manifests/apply_manifests.sh command: [ "$TINKERBELL_HARDWARE_MANIFEST", "$TINKERBELL_TEMPLATE_MANIFEST", "/manifests/workflow", "$TINKERBELL_HOST_IP", "$TINKERBELL_CLIENT_IP", "$TINKERBELL_CLIENT_MAC", ] environment: TINKERBELL_GRPC_AUTHORITY: tink-server:42113 TINKERBELL_CERT_URL: http://tink-server:42114/cert volumes: - ${REPO_TOP_LEVEL:-.}/manifests:/manifests depends_on: tink-server: condition: service_healthy db: condition: service_healthy # Setup ubuntu image ubuntu-image-setup: image: ubuntu entrypoint: /scripts/setup_ubuntu.sh command: [ "https://cloud-images.ubuntu.com/daily/server/focal/current/focal-server-cloudimg-amd64.img", "focal-server-cloudimg-amd64.img", "/destination/focal-server-cloudimg-amd64.raw", ] volumes: - ${REPO_TOP_LEVEL:-.}/ubuntu:/scripts - ${REPO_TOP_LEVEL:-.}/state/webroot:/destination tink-server: image: ${TINK_SERVER_IMAGE} restart: unless-stopped environment: FACILITY: ${FACILITY:-onprem} PACKET_ENV: ${PACKET_ENV:-testing} PACKET_VERSION: ${PACKET_VERSION:-ignored} ROLLBAR_TOKEN: ${ROLLBAR_TOKEN:-ignored} ROLLBAR_DISABLE: ${ROLLBAR_DISABLE:-1} PGDATABASE: tinkerbell PGHOST: db PGPASSWORD: tinkerbell PGPORT: 5432 PGSSLMODE: disable PGUSER: tinkerbell TINKERBELL_GRPC_AUTHORITY: :42113 TINKERBELL_HTTP_AUTHORITY: :42114 TINK_AUTH_USERNAME: ${TINKERBELL_TINK_USERNAME:-admin} TINK_AUTH_PASSWORD: ${TINKERBELL_TINK_PASSWORD:-admin} depends_on: tink-server-migration: condition: service_started db: condition: service_healthy tls-gen: condition: service_completed_successfully healthcheck: test: ["CMD-SHELL", "wget -qO- 127.0.0.1:42114/cert"] # port needs to match TINKERBELL_HTTP_AUTHORITY interval: 5s timeout: 2s retries: 30 volumes: - certs:/certs/${FACILITY:-onprem}:rw ports: - 42113:42113/tcp - 42114:42114/tcp tink-server-migration: image: ${TINK_SERVER_IMAGE} restart: on-failure environment: ONLY_MIGRATION: "true" FACILITY: ${FACILITY:-onprem} PGDATABASE: tinkerbell PGHOST: db PGPASSWORD: tinkerbell PGPORT: 5432 PGSSLMODE: disable PGUSER: tinkerbell TINKERBELL_GRPC_AUTHORITY: :42113 TINKERBELL_HTTP_AUTHORITY: :42114 TINK_AUTH_USERNAME: ${TINKERBELL_TINK_USERNAME:-admin} TINK_AUTH_PASSWORD: ${TINKERBELL_TINK_PASSWORD:-admin} depends_on: db: condition: service_healthy volumes: - certs:/certs/${FACILITY:-onprem}:rw db: image: postgres:10-alpine restart: unless-stopped environment: POSTGRES_DB: tinkerbell POSTGRES_PASSWORD: tinkerbell POSTGRES_USER: tinkerbell volumes: - postgres_data:/var/lib/postgresql/data:rw ports: - 5432:5432 healthcheck: test: ["CMD-SHELL", "pg_isready -U tinkerbell"] interval: 1s timeout: 1s retries: 30 tink-cli: image: ${TINK_CLI_IMAGE} restart: unless-stopped environment: TINKERBELL_GRPC_AUTHORITY: tink-server:42113 TINKERBELL_CERT_URL: http://tink-server:42114/cert depends_on: tink-server: condition: service_healthy db: condition: service_healthy registry: image: registry:2.7.1 restart: unless-stopped network_mode: host healthcheck: test: [ "CMD-SHELL", "wget --no-check-certificate https://$TINKERBELL_HOST_IP -O -", ] interval: 5s timeout: 1s retries: 5 environment: REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm REGISTRY_AUTH_HTPASSWD_PATH: /auth/.htpasswd REGISTRY_HTTP_TLS_CERTIFICATE: /certs/${FACILITY:-onprem}/bundle.pem REGISTRY_HTTP_TLS_KEY: /certs/${FACILITY:-onprem}/server-key.pem REGISTRY_HTTP_ADDR: $TINKERBELL_HOST_IP:443 volumes: - certs:/certs/${FACILITY:-onprem}:ro - auth:/auth:rw depends_on: tls-gen: condition: service_completed_successfully registry-auth: condition: service_completed_successfully boots: image: ${BOOTS_SERVER_IMAGE} restart: unless-stopped command: -dhcp-addr 0.0.0.0:67 -tftp-addr $TINKERBELL_HOST_IP:69 -http-addr $TINKERBELL_HOST_IP:80 -log-level DEBUG network_mode: host environment: API_AUTH_TOKEN: ${PACKET_API_AUTH_TOKEN:-ignored} API_CONSUMER_TOKEN: ${PACKET_CONSUMER_TOKEN:-ignored} FACILITY_CODE: ${FACILITY:-onprem} PACKET_ENV: ${PACKET_ENV:-testing} PACKET_VERSION: ${PACKET_VERSION:-ignored} ROLLBAR_TOKEN: ${ROLLBAR_TOKEN:-ignored} ROLLBAR_DISABLE: ${ROLLBAR_DISABLE:-1} MIRROR_HOST: ${TINKERBELL_HOST_IP:-127.0.0.1}:8080 DNS_SERVERS: 8.8.8.8 PUBLIC_IP: $TINKERBELL_HOST_IP BOOTP_BIND: $TINKERBELL_HOST_IP:67 HTTP_BIND: $TINKERBELL_HOST_IP:80 SYSLOG_BIND: $TINKERBELL_HOST_IP:514 TFTP_BIND: $TINKERBELL_HOST_IP:69 DOCKER_REGISTRY: $TINKERBELL_HOST_IP REGISTRY_USERNAME: ${TINKERBELL_REGISTRY_USERNAME:-admin} REGISTRY_PASSWORD: ${TINKERBELL_REGISTRY_PASSWORD:-Admin1234} TINKERBELL_GRPC_AUTHORITY: $TINKERBELL_HOST_IP:42113 TINKERBELL_CERT_URL: http://$TINKERBELL_HOST_IP:42114/cert DATA_MODEL_VERSION: 1 extra_hosts: - "tink-server:$TINKERBELL_HOST_IP" depends_on: tink-server: condition: service_healthy osie-bootloader: image: nginx:alpine restart: unless-stopped tty: true user: root ports: - 8080:80/tcp volumes: - ${REPO_TOP_LEVEL:-.}/state/webroot:/usr/share/nginx/html/ depends_on: osie-work: condition: service_completed_successfully ubuntu-image-setup: condition: service_completed_successfully hegel: image: ${HEGEL_SERVER_IMAGE} restart: unless-stopped environment: ROLLBAR_TOKEN: ${ROLLBAR_TOKEN-ignored} ROLLBAR_DISABLE: 1 PACKET_ENV: testing PACKET_VERSION: ${PACKET_VERSION:-ignored} GRPC_PORT: 42115 HEGEL_FACILITY: ${FACILITY:-onprem} HEGEL_USE_TLS: 0 TINKERBELL_GRPC_AUTHORITY: tink-server:42113 TINKERBELL_CERT_URL: http://tink-server:42114/cert DATA_MODEL_VERSION: 1 CUSTOM_ENDPOINTS: '{"/metadata":""}' depends_on: tink-server: condition: service_healthy volumes: postgres_data: certs: auth: