mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
4f20e70527
Cherry pick of #42253 to 4.83 so that other cherry picks don't fail CI.
Pins the Localstack image to the last-known-good version (4.5) before
they 🔪 'd the community edition and started requiring an auth token. I
also added a "wait for localstack" as an initial debugging step, and
left it in to catch similar future issues. It's probably redundant since
there likely _is_ no future for Fleet and Localstack beyond this, but it
take milliseconds and would catch any other weird Localstack failures
so, why not.
(cherry picked from commit 8ea6f338de)
173 lines
5.2 KiB
YAML
173 lines
5.2 KiB
YAML
---
|
|
services:
|
|
# To test with MariaDB, set FLEET_MYSQL_IMAGE to mariadb:10.6 or the like (note MariaDB is not
|
|
# officially supported).
|
|
# To run in macOS M1, set FLEET_MYSQL_IMAGE=arm64v8/mysql:oracle FLEET_MYSQL_PLATFORM=linux/arm64/v8
|
|
mysql:
|
|
image: ${FLEET_MYSQL_IMAGE:-mysql:8.0.44}
|
|
platform: ${FLEET_MYSQL_PLATFORM:-linux/x86_64}
|
|
volumes:
|
|
- mysql-persistent-volume:/tmp
|
|
command: [
|
|
"mysqld",
|
|
"--datadir=/tmp/mysqldata",
|
|
# These 3 keys run MySQL with GTID consistency enforced to avoid issues with production deployments that use it.
|
|
"--enforce-gtid-consistency=ON",
|
|
"--log-bin=bin.log",
|
|
"--server-id=master-01",
|
|
# Required for storage of Apple MDM bootstrap packages.
|
|
"--max_allowed_packet=536870912",
|
|
]
|
|
environment: &mysql-default-environment
|
|
MYSQL_ROOT_PASSWORD: toor
|
|
MYSQL_DATABASE: fleet
|
|
MYSQL_USER: fleet
|
|
MYSQL_PASSWORD: insecure
|
|
# This is required by Percona XtraDB server.
|
|
CLUSTER_NAME: fleet
|
|
ports:
|
|
- "3306:3306"
|
|
|
|
mysql_test:
|
|
image: ${FLEET_MYSQL_IMAGE:-mysql:8.0.44}
|
|
platform: ${FLEET_MYSQL_PLATFORM:-linux/x86_64}
|
|
# innodb-file-per-table=OFF gives ~20% speedup for test runs.
|
|
command: [
|
|
"mysqld",
|
|
"--datadir=/tmpfs",
|
|
"--slow_query_log=1",
|
|
"--log_output=TABLE",
|
|
"--log-queries-not-using-indexes",
|
|
"--innodb-file-per-table=OFF",
|
|
"--table-definition-cache=8192",
|
|
# These 3 keys run MySQL with GTID consistency enforced to avoid issues with production deployments that use it.
|
|
"--enforce-gtid-consistency=ON",
|
|
"--log-bin=bin.log",
|
|
"--server-id=1",
|
|
# Required for storage of Apple MDM bootstrap packages.
|
|
"--max_allowed_packet=536870912",
|
|
]
|
|
environment: *mysql-default-environment
|
|
ports:
|
|
- "${FLEET_MYSQL_TEST_PORT:-3307}:3306"
|
|
tmpfs:
|
|
- /var/lib/mysql:rw,noexec,nosuid
|
|
- /tmpfs
|
|
|
|
mysql_replica_test:
|
|
image: ${FLEET_MYSQL_IMAGE:-mysql:8.0.44}
|
|
platform: ${FLEET_MYSQL_PLATFORM:-linux/x86_64}
|
|
# innodb-file-per-table=OFF gives ~20% speedup for test runs.
|
|
command: [
|
|
"mysqld",
|
|
"--datadir=/tmpfs",
|
|
"--slow_query_log=1",
|
|
"--log_output=TABLE",
|
|
"--log-queries-not-using-indexes",
|
|
"--innodb-file-per-table=OFF",
|
|
"--table-definition-cache=8192",
|
|
# These 3 keys run MySQL with GTID consistency enforced to avoid issues with production deployments that use it.
|
|
"--enforce-gtid-consistency=ON",
|
|
"--log-bin=bin.log",
|
|
"--server-id=2",
|
|
# Required for storage of Apple MDM bootstrap packages.
|
|
"--max_allowed_packet=536870912",
|
|
]
|
|
environment: *mysql-default-environment
|
|
ports:
|
|
# ports 3308 and 3309 are used by the main and replica MySQL containers in tools/mysql-replica-testing/docker-compose.yml
|
|
- "3310:3306"
|
|
tmpfs:
|
|
- /var/lib/mysql:rw,noexec,nosuid
|
|
- /tmpfs
|
|
|
|
# Unauthenticated SMTP server.
|
|
mailhog:
|
|
image: mailhog/mailhog:latest
|
|
ports:
|
|
- "8025:8025"
|
|
- "1025:1025"
|
|
|
|
# SMTP server with Basic Authentication.
|
|
mailpit:
|
|
image: axllent/mailpit:latest
|
|
ports:
|
|
- "8026:8025"
|
|
- "1026:1025"
|
|
volumes:
|
|
- ./tools/mailpit/auth.txt:/auth.txt
|
|
command: ["--smtp-auth-file=/auth.txt", "--smtp-auth-allow-insecure=true"]
|
|
|
|
# SMTP server with TLS
|
|
smtp4dev_test:
|
|
image: rnwood/smtp4dev:v3
|
|
ports:
|
|
- "8028:80"
|
|
- "1027:25"
|
|
volumes:
|
|
- ./tools/smtp4dev:/certs
|
|
environment:
|
|
- ServerOptions__TlsMode=ImplicitTls
|
|
- ServerOptions__TlsCertificate=/certs/fleet.crt
|
|
- ServerOptions__TlsCertificatePrivateKey=/certs/fleet.key
|
|
|
|
redis:
|
|
image: redis:6
|
|
ports:
|
|
- "6379:6379"
|
|
|
|
saml_idp:
|
|
image: fleetdm/docker-idp:latest
|
|
volumes:
|
|
- ./tools/saml/users.php:/var/www/simplesamlphp/config/authsources.php
|
|
- ./tools/saml/config.php:/var/www/simplesamlphp/metadata/saml20-sp-remote.php
|
|
ports:
|
|
- "9080:8080"
|
|
- "9443:8443"
|
|
|
|
# CAdvisor container allows monitoring other containers. Useful for
|
|
# development.
|
|
cadvisor:
|
|
image: gcr.io/cadvisor/cadvisor:latest
|
|
ports:
|
|
- "5678:8080"
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- /sys:/sys:ro
|
|
- /var/lib/docker/:/var/lib/docker:ro
|
|
|
|
prometheus:
|
|
image: prom/prometheus:latest
|
|
ports:
|
|
- "9090:9090"
|
|
volumes:
|
|
- ./tools/app/prometheus.yml:/etc/prometheus/prometheus.yml
|
|
|
|
# localstack to simulate AWS integrations like firehose & kinesis
|
|
# use http://localhost:4566 as the `--endpoint-url` argument in awscli
|
|
localstack:
|
|
image: localstack/localstack:4.5
|
|
ports:
|
|
- "4566:4566"
|
|
- "4571:4571"
|
|
environment:
|
|
- SERVICES=firehose,kinesis,s3,iam,sts,secretsmanager
|
|
|
|
# s3 compatible object storage (file carving/software installers)
|
|
s3:
|
|
image: rustfs/rustfs:1.0.0-alpha.85
|
|
ports:
|
|
- "9000:9000"
|
|
- "9001:9001"
|
|
environment:
|
|
- RUSTFS_ADDRESS=0.0.0.0:9000
|
|
- RUSTFS_CONSOLE_ADDRESS=0.0.0.0:9001
|
|
- RUSTFS_CONSOLE_ENABLE=true
|
|
- RUSTFS_ACCESS_KEY=locals3
|
|
- RUSTFS_SECRET_KEY=locals3
|
|
volumes:
|
|
- data-s3:/data:rw
|
|
|
|
volumes:
|
|
mysql-persistent-volume:
|
|
data-s3:
|