mirror of
https://github.com/fleetdm/fleet
synced 2026-05-15 04:58:25 +00:00
dfaad610d9
Also ensures we run integration tests when docker-compose files used by `fleetctl preview` are changed, so we don't merge any more test failures due to those.
148 lines
5.1 KiB
YAML
148 lines
5.1 KiB
YAML
volumes:
|
|
data01:
|
|
driver: local
|
|
data-minio:
|
|
|
|
networks:
|
|
fleet-preview:
|
|
name: fleet-preview
|
|
|
|
services:
|
|
mysql01:
|
|
image: mysql:8.0.36
|
|
platform: linux/x86_64
|
|
volumes:
|
|
- .:/data
|
|
command: mysqld --datadir=/tmp/data --event-scheduler=ON
|
|
environment:
|
|
MYSQL_ROOT_PASSWORD: toor
|
|
MYSQL_DATABASE: fleet
|
|
MYSQL_USER: fleet
|
|
MYSQL_PASSWORD: fleet
|
|
ports:
|
|
- "3308:3306"
|
|
networks:
|
|
- fleet-preview
|
|
|
|
redis01:
|
|
image: redis:6
|
|
networks:
|
|
- fleet-preview
|
|
|
|
# Normal Fleet server running TLS with a self-signed cert to handle the
|
|
# osquery connections.
|
|
fleet01:
|
|
image: fleetdm/fleet:${FLEET_VERSION:-latest}
|
|
platform: linux/x86_64
|
|
command: sh -c "/usr/bin/fleet prepare db --no-prompt && /usr/bin/fleet serve"
|
|
environment:
|
|
FLEET_S3_SOFTWARE_INSTALLERS_BUCKET: software-installers-preview
|
|
FLEET_S3_SOFTWARE_INSTALLERS_ACCESS_KEY_ID: minio
|
|
FLEET_S3_SOFTWARE_INSTALLERS_SECRET_ACCESS_KEY: minio123!
|
|
FLEET_S3_SOFTWARE_INSTALLERS_ENDPOINT_URL: http://minio:9000
|
|
FLEET_S3_SOFTWARE_INSTALLERS_REGION: minio
|
|
FLEET_S3_SOFTWARE_INSTALLERS_DISABLE_SSL: true
|
|
FLEET_S3_SOFTWARE_INSTALLERS_FORCE_S3_PATH_STYLE: true
|
|
FLEET_MYSQL_ADDRESS: mysql01:3306
|
|
FLEET_MYSQL_DATABASE: fleet
|
|
FLEET_MYSQL_USERNAME: fleet
|
|
FLEET_MYSQL_PASSWORD: fleet
|
|
FLEET_REDIS_ADDRESS: redis01:6379
|
|
FLEET_SERVER_ADDRESS: 0.0.0.0:8412
|
|
FLEET_SERVER_CERT: /fleet/osquery/fleet.crt
|
|
FLEET_SERVER_KEY: /fleet/osquery/fleet.key
|
|
FLEET_LOGGING_JSON: 'true'
|
|
FLEET_OSQUERY_STATUS_LOG_PLUGIN: filesystem
|
|
FLEET_FILESYSTEM_STATUS_LOG_FILE: /logs/osqueryd.status.log
|
|
FLEET_OSQUERY_RESULT_LOG_PLUGIN: filesystem
|
|
FLEET_FILESYSTEM_RESULT_LOG_FILE: /logs/osqueryd.results.log
|
|
FLEET_BETA_SOFTWARE_INVENTORY: 1
|
|
FLEET_LICENSE_KEY: ${FLEET_LICENSE_KEY}
|
|
FLEET_OSQUERY_LABEL_UPDATE_INTERVAL: 1m
|
|
FLEET_VULNERABILITIES_CURRENT_INSTANCE_CHECKS: "yes"
|
|
FLEET_VULNERABILITIES_DATABASES_PATH: /vulndb
|
|
FLEET_VULNERABILITIES_PERIODICITY: 5m
|
|
FLEET_LOGGING_DEBUG: 'true'
|
|
FLEET_SERVER_PRIVATE_KEY: ${FLEET_SERVER_PRIVATE_KEY}
|
|
# This can be configured for testing purposes but otherwise uses the
|
|
# typical default of provided.
|
|
FLEET_OSQUERY_HOST_IDENTIFIER: ${FLEET_OSQUERY_HOST_IDENTIFIER:-provided}
|
|
depends_on:
|
|
- mysql01
|
|
- redis01
|
|
- minio
|
|
volumes:
|
|
- .:/fleet/
|
|
- ./logs:/logs
|
|
- ./vulndb:/vulndb
|
|
- ./config:/config
|
|
ports:
|
|
- "8412:8412"
|
|
networks:
|
|
fleet-preview:
|
|
aliases:
|
|
# Kind of a funny hack, this allows host.docker.internal to point
|
|
# to the Fleet server on Linux hosts where host.docker.internal is not
|
|
# yet added as a host by default in Docker.
|
|
- host.docker.internal
|
|
# Another strange hack, this allows the UI Fleet server to see
|
|
# this server as though it were on localhost, thereby allowing it to
|
|
# download the TLS certificate.
|
|
- localhost
|
|
|
|
# Run another Fleet server listening over plain HTTP bound to port 1337.
|
|
# This is expected to receive UI requests only and not connections from
|
|
# agents.
|
|
fleet02:
|
|
image: fleetdm/fleet:${FLEET_VERSION:-latest}
|
|
platform: linux/x86_64
|
|
command: sh -c "/usr/bin/fleet prepare db --no-prompt && /usr/bin/fleet serve"
|
|
environment:
|
|
FLEET_S3_SOFTWARE_INSTALLERS_BUCKET: software-installers-preview
|
|
FLEET_S3_SOFTWARE_INSTALLERS_ACCESS_KEY_ID: minio
|
|
FLEET_S3_SOFTWARE_INSTALLERS_SECRET_ACCESS_KEY: minio123!
|
|
FLEET_S3_SOFTWARE_INSTALLERS_ENDPOINT_URL: http://minio:9000
|
|
FLEET_S3_SOFTWARE_INSTALLERS_REGION: minio
|
|
FLEET_S3_SOFTWARE_INSTALLERS_DISABLE_SSL: true
|
|
FLEET_S3_SOFTWARE_INSTALLERS_FORCE_S3_PATH_STYLE: true
|
|
FLEET_MYSQL_ADDRESS: mysql01:3306
|
|
FLEET_MYSQL_DATABASE: fleet
|
|
FLEET_MYSQL_USERNAME: fleet
|
|
FLEET_MYSQL_PASSWORD: fleet
|
|
FLEET_REDIS_ADDRESS: redis01:6379
|
|
FLEET_SERVER_ADDRESS: 0.0.0.0:1337
|
|
FLEET_SERVER_TLS: "false"
|
|
FLEET_LOGGING_JSON: "true"
|
|
FLEET_SESSION_DURATION: 720h
|
|
FLEET_OSQUERY_STATUS_LOG_PLUGIN: stdout
|
|
FLEET_OSQUERY_RESULT_LOG_PLUGIN: stdout
|
|
FLEET_BETA_SOFTWARE_INVENTORY: 1
|
|
FLEET_LICENSE_KEY: ${FLEET_LICENSE_KEY}
|
|
FLEET_OSQUERY_LABEL_UPDATE_INTERVAL: 1m
|
|
FLEET_VULNERABILITIES_CURRENT_INSTANCE_CHECKS: "no"
|
|
FLEET_SERVER_PRIVATE_KEY: ${FLEET_SERVER_PRIVATE_KEY}
|
|
# This can be configured for testing purposes but otherwise uses the
|
|
# typical default of provided.
|
|
FLEET_OSQUERY_HOST_IDENTIFIER: ${FLEET_OSQUERY_HOST_IDENTIFIER:-provided}
|
|
depends_on:
|
|
- mysql01
|
|
- redis01
|
|
- minio
|
|
volumes:
|
|
- ./config:/config
|
|
ports:
|
|
- "1337:1337"
|
|
networks:
|
|
- fleet-preview
|
|
|
|
minio:
|
|
image: quay.io/minio/minio
|
|
entrypoint: sh
|
|
command: -c 'mkdir -p /data/software-installers-preview && /usr/bin/minio server /data --console-address ":9001"'
|
|
environment:
|
|
MINIO_ROOT_USER: minio
|
|
MINIO_ROOT_PASSWORD: minio123!
|
|
volumes:
|
|
- data-minio:/data
|
|
networks:
|
|
- fleet-preview
|