version: "3.3" services: # If the database isn't accessed other than by services present in this file, remove port instruction. # It exposes the database to the host system and if the server isn't secure, it exposes the database to attacks. # That doesn't exclude the need to secure the servers on which the containers are run. db: image: hub.andrewalliance.com/releases/postgres:17.8 volumes: - pgdata:/var/lib/postgresql/data environment: - POSTGRES_USER=postgres - POSTGRES_PASSWORD={{ onelab.services.db.password }} - POSTGRES_DB=postgres {% if onelab.services.db.port is defined %} ports: - "{{ onelab.services.db.port }}:5432" {% endif %} deploy: replicas: {{ onelab.services.db.replicas|default('1') }} placement: constraints: - node.role == manager redis: image: hub.andrewalliance.com/releases/redis:7.4.7-alpine deploy: replicas: {{ onelab.services.db.redis.replicas|default('1') }} placement: constraints: - node.role == manager rabbitmq: image: hub.andrewalliance.com/releases/rabbitmq:3.13.7 hostname: "onelab" volumes: - rabbitmq_data:/var/lib/rabbitmq/mnesia configs: - source: enable_plugins target: /etc/rabbitmq/enabled_plugins - source: rabbit.conf target: /etc/rabbitmq/rabbitmq.conf - source: advanced.conf target: /etc/rabbitmq/advanced.conf - source: definitions.json target: /opt/definitions.json - source: rabbit.crt target: /etc/rabbitmq/ssl/rabbit.crt - source: rabbit.key target: /etc/rabbitmq/ssl/rabbit.key - source: rabbit.fullchain.pem target: /etc/rabbitmq/ssl/rabbit.fullchain.pem ports: - "5671:5671" deploy: replicas: {{ onelab.services.rabbit.replicas|default('1') }} placement: constraints: - node.role == manager supervisor: image: hub.andrewalliance.com/releases/onelab-supervisor-worker:1.27.0 volumes: - {{ onelab.logs.path|default('./logs') }}:/logs - {{ onelab.assets.path|default('./data') }}:/data configs: - source: configurations.yml target: /conf/configurations.yml deploy: replicas: 1 placement: constraints: - node.role == {{ deploy_on|default('manager') }} file-worker: image: hub.andrewalliance.com/releases/onelab-file-worker:1.27.0 volumes: - {{ onelab.logs.path|default('./logs') }}:/logs - {{ onelab.assets.path|default('./data') }}:/data - {{ onelab.shared.inputs.path|default('./data/shared/inputs') }}:/shared-inputs - {{ onelab.shared.inputs.archived_path|default('./data/shared/archived') }}:/shared-archived configs: - source: configurations.yml target: /conf/configurations.yml deploy: replicas: 1 placement: constraints: - node.role == manager api: image: hub.andrewalliance.com/releases/onelab-api:1.27.0 volumes: - {{ onelab.logs.path|default('./logs') }}:/logs - {{ onelab.assets.path|default('./data') }}:/data configs: - source: configurations.yml target: /conf/configurations.yml deploy: replicas: {{ onelab.services.api.replicas|default('1') }} placement: constraints: - node.role == {{ deploy_on|default('manager') }} api-device: image: hub.andrewalliance.com/releases/onelab-api-device:1.27.0 volumes: - {{ onelab.logs.path|default('./logs') }}:/logs - {{ onelab.assets.path|default('./data') }}:/data configs: - source: configurations.yml target: /conf/configurations.yml deploy: replicas: {{ onelab.services.apidevice.replicas|default('1') }} placement: constraints: - node.role == {{ deploy_on|default('manager') }} api-rabbit: image: hub.andrewalliance.com/releases/onelab-api-rabbit:1.27.0 volumes: - {{ onelab.logs.path|default('./logs') }}:/logs - {{ onelab.assets.path|default('./data') }}:/data configs: - source: configurations.yml target: /conf/configurations.yml deploy: replicas: {{ onelab.services.apirabbit.replicas|default('1') }} placement: constraints: - node.role == {{ deploy_on|default('manager') }} devices-worker: image: hub.andrewalliance.com/releases/onelab-devices-worker:1.27.0 volumes: - {{ onelab.logs.path|default('./logs') }}:/logs - {{ onelab.assets.path|default('./data') }}:/data configs: - source: configurations.yml target: /conf/configurations.yml deploy: replicas: {{ onelab.services.devices.replicas|default('1') }} placement: constraints: - node.role == {{ deploy_on|default('manager') }} experiments-worker: image: hub.andrewalliance.com/releases/onelab-experiments-worker:1.27.0 volumes: - {{ onelab.logs.path|default('./logs') }}:/logs configs: - source: configurations.yml target: /conf/configurations.yml deploy: replicas: {{ onelab.services.experiments.replicas|default('1') }} placement: constraints: - node.role == {{ deploy_on|default('manager') }} images-worker: image: hub.andrewalliance.com/releases/onelab-images-worker:1.27.0 volumes: - {{ onelab.logs.path|default('./logs') }}:/logs - {{ onelab.assets.path|default('./data') }}:/data configs: - source: configurations.yml target: /conf/configurations.yml deploy: replicas: {{ onelab.services.images.replicas|default('1') }} placement: constraints: - node.role == {{ deploy_on|default('manager') }} {% if (onelab.ldap|default(false)) != false %} ldap-worker: image: hub.andrewalliance.com/releases/onelab-ldap-worker:1.27.0 volumes: - {{ onelab.logs.path|default('./logs') }}:/logs configs: - source: configurations.yml target: /conf/configurations.yml {% if onelab.ldap.tls.ca is defined %} - source: ldap-ca.crt target: /ldap/ca.crt {% endif %} {% if onelab.ldap.tls.key is defined %} - source: ldap-private.key target: /ldap/private.key {% endif %} {% if onelab.ldap.tls.cert is defined %} - source: ldap-cert.crt target: /ldap/cert.crt {% endif %} deploy: replicas: {{ onelab.services.ldap.replicas|default('1') }} placement: constraints: - node.role == {{ deploy_on|default('manager') }} {% endif %} {% if (onelab.mailer.smtp|default(false)) != false or (onelab.mailer.ses|default(false)) != false %} mailer-worker: image: hub.andrewalliance.com/releases/onelab-mailer-worker:1.27.0 volumes: - {{ onelab.logs.path|default('./logs') }}:/logs configs: - source: configurations.yml target: /conf/configurations.yml deploy: replicas: {{ onelab.services.mailer.replicas|default('1') }} placement: constraints: - node.role == {{ deploy_on|default('manager') }} {% endif %} manual-worker: image: hub.andrewalliance.com/releases/onelab-manual-worker:1.27.0 volumes: - {{ onelab.logs.path|default('./logs') }}:/logs configs: - source: configurations.yml target: /conf/configurations.yml deploy: replicas: {{ onelab.services.manual.replicas|default('1') }} placement: constraints: - node.role == {{ deploy_on|default('manager') }} websocket-worker: image: hub.andrewalliance.com/releases/onelab-websocket-worker:1.27.0 volumes: - {{ onelab.logs.path|default('./logs') }}:/logs configs: - source: configurations.yml target: /conf/configurations.yml deploy: replicas: {{ onelab.services.ws.replicas|default('1') }} placement: constraints: - node.role == {{ deploy_on|default('manager') }} static: image: hub.andrewalliance.com/releases/onelab-static:1.27.0 deploy: replicas: 1 placement: constraints: - node.role == {{ deploy_on|default('manager') }} main: image: hub.andrewalliance.com/releases/onelab-main:1.27.0 deploy: replicas: 1 placement: constraints: - node.role == {{ deploy_on|default('manager') }} designer: image: hub.andrewalliance.com/releases/onelab-designer:1.27.0 deploy: replicas: 1 placement: constraints: - node.role == {{ deploy_on|default('manager') }} runner: image: hub.andrewalliance.com/releases/onelab-runner:1.27.0 deploy: replicas: 1 placement: constraints: - node.role == {{ deploy_on|default('manager') }} website: image: hub.andrewalliance.com/releases/onelab-website:1.27.0 {% if (onelab.services.website.ssr|default(true)) != true %} environment: - RENDERING_MODE=no-ssr {% endif %} deploy: replicas: 1 placement: constraints: - node.role == {{ deploy_on|default('manager') }} revproxy: image: hub.andrewalliance.com/releases/nginx:1.29.5-alpine ports: - "8080:80" volumes: - {{ onelab.assets.path|default('./data') }}:/data configs: - source: nginx.conf target: /etc/nginx/nginx.conf - source: error-404.html target: /data/error-404.html deploy: replicas: 1 placement: constraints: - node.role == {{ deploy_on|default('manager') }} volumes: pgdata: driver: local rabbitmq_data: driver: local configs: configurations.yml: file: ./configurations.yml nginx.conf: file: ./nginx/onelab.conf error-404.html: file: ./proxy/error-404.html rabbit.crt: file: ./rabbit/ssl/rabbit.crt rabbit.key: file: ./rabbit/ssl/rabbit.key rabbit.fullchain.pem: file: ./rabbit/ssl/rabbit.fullchain.pem enable_plugins: file: ./rabbit/enable_plugins rabbit.conf: file: ./rabbit/rabbit.conf advanced.conf: file: ./rabbit/advanced.conf definitions.json: file: ./rabbit/definitions.json {% if onelab.ldap.tls.ca is defined %} ldap-ca.crt: file: {{ onelab.ldap.tls.ca }} {% endif %} {% if onelab.ldap.tls.key is defined %} ldap-private.key: file: {{ onelab.ldap.tls.key }} {% endif %} {% if onelab.ldap.tls.cert is defined %} ldap-cert.crt: file: {{ onelab.ldap.tls.cert }} {% endif %}