nats docker setup

2020-11-22 12:03:40 -05:00 · 2020-11-22 12:03:40 -05:00 · 44f05f2dcc
parent 43f7f82bdc
commit 44f05f2dcc
11 changed files with 79 additions and 12 deletions
--- a/api/tacticalrmm/tacticalrmm/settings.py
+++ b/api/tacticalrmm/tacticalrmm/settings.py
@ -6,6 +6,8 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))

 SCRIPTS_DIR = "/srv/salt/scripts"

+DOCKER_BUILD = False
+
 LOG_DIR = os.path.join(BASE_DIR, "tacticalrmm/private/log")

 EXE_DIR = os.path.join(BASE_DIR, "tacticalrmm/private/exe")
--- a/api/tacticalrmm/tacticalrmm/utils.py
+++ b/api/tacticalrmm/tacticalrmm/utils.py
@ -1,6 +1,7 @@
 import json
 import os
 import subprocess
+from tacticalrmm.settings import DOCKER_BUILD
 import tldextract

 from django.conf import settings
@ -18,12 +19,17 @@ def reload_nats():
    for agent in agents:
        users.append({"user": agent.agent_id, "password": agent.user.auth_token.key})

-    tld = tldextract.extract(settings.ALLOWED_HOSTS[0])
-    domain = tld.domain + "." + tld.suffix
+    if not DOCKER_BUILD:
+        tld = tldextract.extract(settings.ALLOWED_HOSTS[0])
+        domain = tld.domain + "." + tld.suffix
+        cert_path = f"/etc/letsencrypt/live/{domain}"
+    else:
+        cert_path = "/opt/tactical/certs"
+        
    config = {
        "tls": {
-            "cert_file": f"/etc/letsencrypt/live/{domain}/fullchain.pem",
-            "key_file": f"/etc/letsencrypt/live/{domain}/privkey.pem",
+            "cert_file": f"{cert_path}/fullchain.pem",
+            "key_file": f"{cert_path}/privkey.pem",
        },
        "authorization": {"users": users},
        "max_payload": 2048576005,
@ -33,4 +39,5 @@ def reload_nats():
    with open(conf, "w") as f:
        json.dump(config, f)

-    subprocess.run(["/usr/local/bin/nats-server", "-signal", "reload"])
+    if not DOCKER_BUILD:
+        subprocess.run(["/usr/local/bin/nats-server", "-signal", "reload"])
--- a/docker/containers/tactical-frontend/dockerfile
+++ b/docker/containers/tactical-frontend/dockerfile
@ -7,6 +7,9 @@ RUN npm install

 COPY ./web .

+# copy env file to set DOCKER_BUILD to true
+RUN echo "DOCKER_BUILD = true" > .env
+
 # modify index.html template to allow injection of js variables at runtime
 RUN sed -i '/<\/head>/i <script src="\/env-config.js"><\/script>' src/index.template.html
 RUN npm run build
--- a/docker/containers/tactical-nats/dockerfile
+++ b/docker/containers/tactical-nats/dockerfile
@ -0,0 +1,10 @@
+FROM nats:2.1-alpine
+
+ENV TACTICAL_DIR /opt/tactical
+
+RUN apk add inotify-tools supervisor
+
+COPY docker/containers/tactical-nats/entrypoint.sh /
+RUN chmod +x /entrypoint.sh
+
+ENTRYPOINT [ "/entrypoint.sh" ]
--- a/docker/containers/tactical-nats/entrypoint.sh
+++ b/docker/containers/tactical-nats/entrypoint.sh
@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+set -e
+
+supervisor_config="$(cat << EOF
+[supervisord]
+nodaemon=true
+[include]
+files = /etc/supervisor/conf.d/*.conf
+
+[program:nats-server]
+command=nats-server --config ${TACTICAL_DIR}/api/nats-rmm.conf
+redirect_stderr=true
+
+[program:config watcher]
+command=inotifywait -q -m -e close_write --format %e myfile.py | while read events; do ${TACTICAL_DIR}/api/nats-rmm.conf done;
+redirect_stderr=true
+EOF
+)"
+
+echo "${supervisor_config}" > /etc/supervisor/conf.d/supervisor.conf
+
+# supervised processes
+/usr/bin/supervisord
--- a/docker/containers/tactical/entrypoint.sh
+++ b/docker/containers/tactical/entrypoint.sh
@ -68,6 +68,8 @@ SECRET_KEY = '${DJANGO_SEKRET}'

 DEBUG = False

+DOCKER_BUILD = True
+
 SCRIPTS_DIR = '/opt/tactical/scripts'

 ALLOWED_HOSTS = ['${API_HOST}']
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@ -75,6 +75,18 @@ services:
      - salt_data:/etc/salt
    networks:
      - proxy
+  
+  # nats
+  tactical-nats:
+    image: ${IMAGE_REPO}tactical-nats:${VERSION}
+    command: nats-server --config /opt/tactical/api/nats-rmm.conf
+    restart: always
+    ports:
+      - "4222:4222"
+    volumes:
+      - tactical_data:/opt/tactical
+    networks:
+      - proxy

  # meshcentral container
  tactical-meshcentral:
--- a/docker/image-build.sh
+++ b/docker/image-build.sh
@ -5,8 +5,7 @@
 set -o errexit
 set -o pipefail

-# tactical tactical-frontend tactical-nginx tactical-meshcentral 
-DOCKER_IMAGES="tactical-salt"
+DOCKER_IMAGES="tactical tactical-frontend tactical-nginx tactical-meshcentral tactical-salt tactical-nats"

 cd ..

--- a/web/.env.example
+++ b/web/.env.example
@ -2,4 +2,5 @@ PROD_URL = "https://api.example.com"
 DEV_URL = "https://api.example.com"
 APP_URL = "https://app.example.com"
 DEV_HOST = 0.0.0.0
-DEV_PORT = 80
+DEV_PORT = 80
+DOCKER_BUILD = false
--- a/web/quasar.conf.js
+++ b/web/quasar.conf.js
@ -29,7 +29,7 @@ module.exports = function () {

    // Full list of options: https://quasar.dev/quasar-cli/quasar-conf-js#Property%3A-build
    build: {
-      env: { DEV_API: process.env.DEV_URL, PROD_API: process.env.PROD_URL },
+      env: { DEV_API: process.env.DEV_URL, PROD_API: process.env.PROD_URL, DOCKER_BUILD: process.env.DOCKER_BUILD },
      vueRouterMode: 'history', // available values: 'hash', 'history'
      distDir: "dist/",

--- a/web/src/boot/axios.js
+++ b/web/src/boot/axios.js
@ -5,9 +5,16 @@ export default function ({ router, store }) {

  Vue.prototype.$axios = axios;

-  axios.defaults.baseURL = process.env.NODE_ENV === "production"
-    ? process.env.PROD_API || window._env_.PROD_URL
-    : process.env.DEV_API;
+  axios.defaults.baseURL = () => {
+    if (process.env.NODE_ENV === "production") {
+      if (process.env.DOCKER_BUILD) {
+        return window._env_.PROD_URL
+      }
+      return process.env.PROD_API
+    } else {
+      return process.env.DEV_API;
+    }
+  }

  axios.interceptors.request.use(
    function (config) {