djpbessems/Tinkerbell.Sandbox
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
0ff1d633cd
Tinkerbell.Sandbox/deploy/compose/docker-compose.yml
Jacob Weinstock 0ff1d633cd Make Hook the default OSIE: 
With the recent update in Hook to publish the kernel and initrd
we can make make hook the default in the sandbox. Original OSIE
can still be used by updating deploy/compose/.env and setting
OSIE_DOWNLOAD_URL to an OSIE URL and TINKERBELL_USE_HOOK to false.
Currently only an x86_64 Hook is published so only x86_64 machines
can be provisioned with the sandbox using Hook.

Signed-off-by: Jacob Weinstock <jakobweinstock@gmail.com>
2021-08-19 10:46:24 -06:00

301 lines
8.6 KiB
YAML
Raw Blame History

services:
# TLS cert for tink-server and docker registry
tls-gen:
image: cfssl/cfssl
entrypoint: /code/tls/generate.sh
command: ["$TINKERBELL_HOST_IP"]
environment:
FACILITY: ${FACILITY:-onprem}
volumes:
- ${REPO_TOP_LEVEL:-.}:/code
- certs:/certs/${FACILITY:-onprem}:rw
# User creds for the registry
registry-auth:
image: httpd:2
entrypoint: htpasswd
working_dir: /auth
command:
[
"-Bbc",
".htpasswd",
"${TINKERBELL_REGISTRY_USERNAME:-admin}",
"${TINKERBELL_REGISTRY_PASSWORD:-Admin1234}",
]
volumes:
- auth:/auth:rw
# OSIE work
osie-work:
image: alpine
entrypoint: /scripts/lastmile.sh
command:
[
"${OSIE_DOWNLOAD_URL}",
"/source",
"/source",
"/destination",
"${TINKERBELL_USE_HOOK}",
]
volumes:
- ${REPO_TOP_LEVEL:-.}/osie:/scripts
- ${REPO_TOP_LEVEL:-.}/state/webroot/misc/osie/current:/source
- ${REPO_TOP_LEVEL:-.}/state/webroot/workflow:/destination
# Uploads images in /registry/registry_images.txt to the local registry
images-to-local-registry:
image: quay.io/containers/skopeo:latest
entrypoint: /registry/upload.sh
command:
[
"${TINKERBELL_REGISTRY_USERNAME:-admin}",
"${TINKERBELL_REGISTRY_PASSWORD:-Admin1234}",
"${TINKERBELL_HOST_IP}",
"/registry/registry_images.txt",
]
volumes:
- ${REPO_TOP_LEVEL:-.}/registry:/registry
depends_on:
registry:
condition: service_healthy
# registry ca.crt download
registry-ca-crt-download:
image: alpine
entrypoint: wget
working_dir: /code
command: ["http://$TINKERBELL_HOST_IP:42114/cert", "-O", "ca.pem"]
volumes:
- ${REPO_TOP_LEVEL:-.}/state/webroot/workflow:/code
depends_on:
tink-server:
condition: service_healthy
db:
condition: service_healthy
# Create hardware, template, and workflow records in tink-server
create-tink-records:
image: ${TINK_CLI_IMAGE}
entrypoint: /manifests/apply_manifests.sh
command:
[
"$TINKERBELL_HARDWARE_MANIFEST",
"$TINKERBELL_TEMPLATE_MANIFEST",
"/manifests/workflow",
"$TINKERBELL_HOST_IP",
"$TINKERBELL_CLIENT_IP",
"$TINKERBELL_CLIENT_MAC",
]
environment:
TINKERBELL_GRPC_AUTHORITY: tink-server:42113
TINKERBELL_CERT_URL: http://tink-server:42114/cert
volumes:
- ${REPO_TOP_LEVEL:-.}/manifests:/manifests
depends_on:
tink-server:
condition: service_healthy
db:
condition: service_healthy
# Setup ubuntu image
ubuntu-image-setup:
image: ubuntu
entrypoint: /scripts/setup_ubuntu.sh
command:
[
"https://cloud-images.ubuntu.com/daily/server/focal/current/focal-server-cloudimg-amd64.img",
"focal-server-cloudimg-amd64.img",
"/destination/focal-server-cloudimg-amd64.raw",
]
volumes:
- ${REPO_TOP_LEVEL:-.}/ubuntu:/scripts
- ${REPO_TOP_LEVEL:-.}/state/webroot:/destination
tink-server:
image: ${TINK_SERVER_IMAGE}
restart: unless-stopped
environment:
FACILITY: ${FACILITY:-onprem}
PACKET_ENV: ${PACKET_ENV:-testing}
PACKET_VERSION: ${PACKET_VERSION:-ignored}
ROLLBAR_TOKEN: ${ROLLBAR_TOKEN:-ignored}
ROLLBAR_DISABLE: ${ROLLBAR_DISABLE:-1}
PGDATABASE: tinkerbell
PGHOST: db
PGPASSWORD: tinkerbell
PGPORT: 5432
PGSSLMODE: disable
PGUSER: tinkerbell
TINKERBELL_GRPC_AUTHORITY: :42113
TINKERBELL_HTTP_AUTHORITY: :42114
TINK_AUTH_USERNAME: ${TINKERBELL_TINK_USERNAME:-admin}
TINK_AUTH_PASSWORD: ${TINKERBELL_TINK_PASSWORD:-admin}
depends_on:
tink-server-migration:
condition: service_started
db:
condition: service_healthy
tls-gen:
condition: service_completed_successfully
healthcheck:
test: ["CMD-SHELL", "wget -qO- 127.0.0.1:42114/cert"] # port needs to match TINKERBELL_HTTP_AUTHORITY
interval: 5s
timeout: 2s
retries: 30
volumes:
- certs:/certs/${FACILITY:-onprem}:rw
ports:
- 42113:42113/tcp
- 42114:42114/tcp
tink-server-migration:
image: ${TINK_SERVER_IMAGE}
restart: on-failure
environment:
ONLY_MIGRATION: "true"
FACILITY: ${FACILITY:-onprem}
PGDATABASE: tinkerbell
PGHOST: db
PGPASSWORD: tinkerbell
PGPORT: 5432
PGSSLMODE: disable
PGUSER: tinkerbell
TINKERBELL_GRPC_AUTHORITY: :42113
TINKERBELL_HTTP_AUTHORITY: :42114
TINK_AUTH_USERNAME: ${TINKERBELL_TINK_USERNAME:-admin}
TINK_AUTH_PASSWORD: ${TINKERBELL_TINK_PASSWORD:-admin}
depends_on:
db:
condition: service_healthy
volumes:
- certs:/certs/${FACILITY:-onprem}:rw
db:
image: postgres:10-alpine
restart: unless-stopped
environment:
POSTGRES_DB: tinkerbell
POSTGRES_PASSWORD: tinkerbell
POSTGRES_USER: tinkerbell
volumes:
- postgres_data:/var/lib/postgresql/data:rw
ports:
- 5432:5432
healthcheck:
test: ["CMD-SHELL", "pg_isready -U tinkerbell"]
interval: 1s
timeout: 1s
retries: 30
tink-cli:
image: ${TINK_CLI_IMAGE}
restart: unless-stopped
environment:
TINKERBELL_GRPC_AUTHORITY: tink-server:42113
TINKERBELL_CERT_URL: http://tink-server:42114/cert
depends_on:
tink-server:
condition: service_healthy
db:
condition: service_healthy
registry:
image: registry:2.7.1
restart: unless-stopped
network_mode: host
healthcheck:
test:
[
"CMD-SHELL",
"wget --no-check-certificate https://$TINKERBELL_HOST_IP -O -",
]
interval: 5s
timeout: 1s
retries: 5
environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
REGISTRY_AUTH_HTPASSWD_PATH: /auth/.htpasswd
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/${FACILITY:-onprem}/bundle.pem
REGISTRY_HTTP_TLS_KEY: /certs/${FACILITY:-onprem}/server-key.pem
REGISTRY_HTTP_ADDR: $TINKERBELL_HOST_IP:443
volumes:
- certs:/certs/${FACILITY:-onprem}:ro
- auth:/auth:rw
depends_on:
tls-gen:
condition: service_completed_successfully
registry-auth:
condition: service_completed_successfully
boots:
image: ${BOOTS_SERVER_IMAGE}
restart: unless-stopped
command: -dhcp-addr 0.0.0.0:67 -tftp-addr $TINKERBELL_HOST_IP:69 -http-addr $TINKERBELL_HOST_IP:80 -log-level DEBUG
network_mode: host
environment:
API_AUTH_TOKEN: ${PACKET_API_AUTH_TOKEN:-ignored}
API_CONSUMER_TOKEN: ${PACKET_CONSUMER_TOKEN:-ignored}
FACILITY_CODE: ${FACILITY:-onprem}
PACKET_ENV: ${PACKET_ENV:-testing}
PACKET_VERSION: ${PACKET_VERSION:-ignored}
ROLLBAR_TOKEN: ${ROLLBAR_TOKEN:-ignored}
ROLLBAR_DISABLE: ${ROLLBAR_DISABLE:-1}
MIRROR_HOST: ${TINKERBELL_HOST_IP:-127.0.0.1}:8080
DNS_SERVERS: 8.8.8.8
PUBLIC_IP: $TINKERBELL_HOST_IP
BOOTP_BIND: $TINKERBELL_HOST_IP:67
HTTP_BIND: $TINKERBELL_HOST_IP:80
SYSLOG_BIND: $TINKERBELL_HOST_IP:514
TFTP_BIND: $TINKERBELL_HOST_IP:69
DOCKER_REGISTRY: $TINKERBELL_HOST_IP
REGISTRY_USERNAME: ${TINKERBELL_REGISTRY_USERNAME:-admin}
REGISTRY_PASSWORD: ${TINKERBELL_REGISTRY_PASSWORD:-Admin1234}
TINKERBELL_GRPC_AUTHORITY: $TINKERBELL_HOST_IP:42113
TINKERBELL_CERT_URL: http://$TINKERBELL_HOST_IP:42114/cert
DATA_MODEL_VERSION: 1
extra_hosts:
- "tink-server:$TINKERBELL_HOST_IP"
depends_on:
tink-server:
condition: service_healthy
osie-bootloader:
image: nginx:alpine
restart: unless-stopped
tty: true
user: root
ports:
- 8080:80/tcp
volumes:
- ${REPO_TOP_LEVEL:-.}/state/webroot:/usr/share/nginx/html/
depends_on:
osie-work:
condition: service_completed_successfully
ubuntu-image-setup:
condition: service_completed_successfully
hegel:
image: ${HEGEL_SERVER_IMAGE}
restart: unless-stopped
environment:
ROLLBAR_TOKEN: ${ROLLBAR_TOKEN-ignored}
ROLLBAR_DISABLE: 1
PACKET_ENV: testing
PACKET_VERSION: ${PACKET_VERSION:-ignored}
GRPC_PORT: 42115
HEGEL_FACILITY: ${FACILITY:-onprem}
HEGEL_USE_TLS: 0
TINKERBELL_GRPC_AUTHORITY: tink-server:42113
TINKERBELL_CERT_URL: http://tink-server:42114/cert
DATA_MODEL_VERSION: 1
CUSTOM_ENDPOINTS: '{"/metadata":""}'
depends_on:
tink-server:
condition: service_healthy
volumes:
postgres_data:
certs:
auth:
Reference in New Issue View Git Blame Copy Permalink