Now that Celery switched to using Redis as broker, we no longer need
RabbitMQ. Celery has been running on Redis for a while now and it all seems
fine, so it's time to wave the Rabbit goodbye.
- Changed virtual host weight for the letsencrypt docker so that it is
higher than any other weight
- Copy the renewal script to the server (previously it was available
to the host at /data/git/blender-cloud/…, but no longer.
This radically changes the way we deploy to the production server, as a
Git checkout is no longer required there. All the necessary files are
now inside the docker image. As a result, /data/git should no longer be
mounted as a Docker volume.
- Renamed docker/build.sh → docker/full_rebuild.sh
This makes it clearer that it performs a full rebuild of the Docker images.
- Full rebuilds should be done on a regular basis to pull in Ubuntu
security updates.
- Removed rsync_ui.sh, we no longer need it. Other projects can also
remove their rsync_ui.sh.
- Moved deploy.sh → deploy/2docker.sh and added deploy/2server.sh
Requires a reset + reindex of everything (well, that's the easiest way to
get things indexed properly again), which will loose us the Cloud stats.
Before doing this, export those to MongDB and upgrade the statscollector
to the version that I'll be committing soon.
- No more 'links', all dockers can reach each other by name
- Added 'depends_on', which handles startup sequence
- Allowed haproxy connection to the docker daemon socket
- Told haproxy explicitly which services to proxy. The 'docker:' prefix
comes from the fact that the directory containing the docker-compose.yml
file is called 'docker'.
This allows us to set logging options, which weren't available in version 1.
I've also added newlines around each service definition, and made the
formatting consistent across the entire file (using align-yaml, one of the
tools of the atom-beautify plugin for Atom).
We can then remove X-Pack and control ElasticSearch's memory usage.
This also gives us the opportunity to let Kibana do its optimization when
we build the image, rather than every time the container is recreated.
Other vhosts are already configured to use the 'blender-cloud' hostname,
and now the main one is too. It also adds HTTPS support, so that you can
test locally without having to set FORCE_SSL to false. This does require
you to create a TLS certificate in /data/certs/blender-cloud.pem, using:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
cat key.pem cert.pem > blender-cloud.pem
rm key.pem cert.pem
This docker container uses the Blender Cloud image, but a different entry
point. It is not intended to be network-reachable from the outside world.
All it needs are connections to the databases (mongo, redis, rabbit).
