mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 21:47:20 +00:00
7ba762ebec
Manually tested. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated database container configurations to manage log retention. Binary logs will now automatically expire after 24 hours in local development environments, helping manage disk space usage during testing and development workflows. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
179 lines
6.3 KiB
YAML
179 lines
6.3 KiB
YAML
---
|
|
services:
|
|
# To test with MariaDB, set FLEET_MYSQL_IMAGE to mariadb:10.6 or the like (note MariaDB is not
|
|
# officially supported).
|
|
# To run in macOS M1, set FLEET_MYSQL_IMAGE=arm64v8/mysql:oracle FLEET_MYSQL_PLATFORM=linux/arm64/v8
|
|
mysql:
|
|
image: ${FLEET_MYSQL_IMAGE:-mysql:8.0.44}
|
|
platform: ${FLEET_MYSQL_PLATFORM:-linux/x86_64}
|
|
volumes:
|
|
- mysql-persistent-volume:/tmp
|
|
command: [
|
|
"mysqld",
|
|
"--datadir=/tmp/mysqldata",
|
|
# These 3 keys run MySQL with GTID consistency enforced to avoid issues with production deployments that use it.
|
|
"--enforce-gtid-consistency=ON",
|
|
"--log-bin=bin.log",
|
|
"--server-id=master-01",
|
|
# Required for storage of Apple MDM bootstrap packages.
|
|
"--max_allowed_packet=536870912",
|
|
# Automatically expire binary logs after 1 day to save disk space in dev. Default is 30 days.
|
|
"--binlog-expire-logs-seconds=86400",
|
|
]
|
|
environment: &mysql-default-environment
|
|
MYSQL_ROOT_PASSWORD: toor
|
|
MYSQL_DATABASE: fleet
|
|
MYSQL_USER: fleet
|
|
MYSQL_PASSWORD: insecure
|
|
# This is required by Percona XtraDB server.
|
|
CLUSTER_NAME: fleet
|
|
ports:
|
|
- "127.0.0.1:${FLEET_MYSQL_PORT:-3306}:3306"
|
|
|
|
mysql_test:
|
|
image: ${FLEET_MYSQL_IMAGE:-mysql:8.0.44}
|
|
platform: ${FLEET_MYSQL_PLATFORM:-linux/x86_64}
|
|
# innodb-file-per-table=OFF gives ~20% speedup for test runs.
|
|
command: [
|
|
"mysqld",
|
|
"--datadir=/tmpfs",
|
|
"--slow_query_log=1",
|
|
"--log_output=TABLE",
|
|
"--log-queries-not-using-indexes",
|
|
"--innodb-file-per-table=OFF",
|
|
"--table-definition-cache=8192",
|
|
# These 3 keys run MySQL with GTID consistency enforced to avoid issues with production deployments that use it.
|
|
"--enforce-gtid-consistency=ON",
|
|
"--log-bin=bin.log",
|
|
"--server-id=1",
|
|
# Required for storage of Apple MDM bootstrap packages.
|
|
"--max_allowed_packet=536870912",
|
|
# Automatically expire binary logs after 1 day to save disk space in dev. Default is 30 days.
|
|
"--binlog-expire-logs-seconds=86400",
|
|
]
|
|
environment: *mysql-default-environment
|
|
ports:
|
|
- "127.0.0.1:${FLEET_MYSQL_TEST_PORT:-3307}:3306"
|
|
tmpfs:
|
|
- /var/lib/mysql:rw,noexec,nosuid
|
|
- /tmpfs
|
|
|
|
mysql_replica_test:
|
|
image: ${FLEET_MYSQL_IMAGE:-mysql:8.0.44}
|
|
platform: ${FLEET_MYSQL_PLATFORM:-linux/x86_64}
|
|
# innodb-file-per-table=OFF gives ~20% speedup for test runs.
|
|
command: [
|
|
"mysqld",
|
|
"--datadir=/tmpfs",
|
|
"--slow_query_log=1",
|
|
"--log_output=TABLE",
|
|
"--log-queries-not-using-indexes",
|
|
"--innodb-file-per-table=OFF",
|
|
"--table-definition-cache=8192",
|
|
# These 3 keys run MySQL with GTID consistency enforced to avoid issues with production deployments that use it.
|
|
"--enforce-gtid-consistency=ON",
|
|
"--log-bin=bin.log",
|
|
"--server-id=2",
|
|
# Required for storage of Apple MDM bootstrap packages.
|
|
"--max_allowed_packet=536870912",
|
|
# Automatically expire binary logs after 1 day to save disk space in dev. Default is 30 days.
|
|
"--binlog-expire-logs-seconds=86400",
|
|
]
|
|
environment: *mysql-default-environment
|
|
ports:
|
|
# ports 3308 and 3309 are used by the main and replica MySQL containers in tools/mysql-replica-testing/docker-compose.yml
|
|
- "127.0.0.1:${FLEET_MYSQL_REPLICA_TEST_PORT:-3310}:3306"
|
|
tmpfs:
|
|
- /var/lib/mysql:rw,noexec,nosuid
|
|
- /tmpfs
|
|
|
|
# Unauthenticated SMTP server.
|
|
mailhog:
|
|
image: mailhog/mailhog:latest
|
|
ports:
|
|
- "127.0.0.1:${FLEET_MAILHOG_WEB_PORT:-8025}:8025"
|
|
- "127.0.0.1:${FLEET_MAILHOG_SMTP_PORT:-1025}:1025"
|
|
|
|
# SMTP server with Basic Authentication.
|
|
mailpit:
|
|
image: axllent/mailpit:latest
|
|
ports:
|
|
- "127.0.0.1:${FLEET_MAILPIT_WEB_PORT:-8026}:8025"
|
|
- "127.0.0.1:${FLEET_MAILPIT_SMTP_PORT:-1026}:1025"
|
|
volumes:
|
|
- ./tools/mailpit/auth.txt:/auth.txt
|
|
command: ["--smtp-auth-file=/auth.txt", "--smtp-auth-allow-insecure=true"]
|
|
|
|
# SMTP server with TLS
|
|
smtp4dev_test:
|
|
image: rnwood/smtp4dev:v3
|
|
ports:
|
|
- "127.0.0.1:${FLEET_SMTP4DEV_WEB_PORT:-8028}:80"
|
|
- "127.0.0.1:${FLEET_SMTP4DEV_SMTP_PORT:-1027}:25"
|
|
volumes:
|
|
- ./tools/smtp4dev:/certs
|
|
environment:
|
|
- ServerOptions__TlsMode=ImplicitTls
|
|
- ServerOptions__TlsCertificate=/certs/fleet.crt
|
|
- ServerOptions__TlsCertificatePrivateKey=/certs/fleet.key
|
|
|
|
redis:
|
|
image: redis:6
|
|
ports:
|
|
- "127.0.0.1:${FLEET_REDIS_PORT:-6379}:6379"
|
|
|
|
saml_idp:
|
|
image: fleetdm/docker-idp:latest
|
|
volumes:
|
|
- ./tools/saml/users.php:/var/www/simplesamlphp/config/authsources.php
|
|
- ./tools/saml/config.php:/var/www/simplesamlphp/metadata/saml20-sp-remote.php
|
|
ports:
|
|
- "127.0.0.1:${FLEET_SAML_IDP_HTTP_PORT:-9080}:8080"
|
|
- "127.0.0.1:${FLEET_SAML_IDP_HTTPS_PORT:-9443}:8443"
|
|
|
|
# CAdvisor container allows monitoring other containers. Useful for
|
|
# development.
|
|
cadvisor:
|
|
image: gcr.io/cadvisor/cadvisor:latest
|
|
ports:
|
|
- "127.0.0.1:${FLEET_CADVISOR_PORT:-5678}:8080"
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- /sys:/sys:ro
|
|
- /var/lib/docker/:/var/lib/docker:ro
|
|
|
|
prometheus:
|
|
image: prom/prometheus:latest
|
|
ports:
|
|
- "127.0.0.1:${FLEET_PROMETHEUS_PORT:-9090}:9090"
|
|
volumes:
|
|
- ./tools/app/prometheus.yml:/etc/prometheus/prometheus.yml
|
|
|
|
# localstack to simulate AWS integrations like firehose & kinesis
|
|
# use http://localhost:4566 as the `--endpoint-url` argument in awscli
|
|
localstack:
|
|
image: localstack/localstack:4.5
|
|
ports:
|
|
- "127.0.0.1:${FLEET_LOCALSTACK_PORT:-4566}:4566"
|
|
- "127.0.0.1:${FLEET_LOCALSTACK_LEGACY_PORT:-4571}:4571"
|
|
environment:
|
|
- SERVICES=firehose,kinesis,s3,iam,sts,secretsmanager
|
|
|
|
# s3 compatible object storage (file carving/software installers)
|
|
s3:
|
|
image: rustfs/rustfs:1.0.0-alpha.85
|
|
ports:
|
|
- "127.0.0.1:${FLEET_S3_PORT:-9000}:9000"
|
|
- "127.0.0.1:${FLEET_S3_CONSOLE_PORT:-9001}:9001"
|
|
environment:
|
|
- RUSTFS_ADDRESS=0.0.0.0:9000
|
|
- RUSTFS_CONSOLE_ADDRESS=0.0.0.0:9001
|
|
- RUSTFS_CONSOLE_ENABLE=true
|
|
- RUSTFS_ACCESS_KEY=locals3
|
|
- RUSTFS_SECRET_KEY=locals3
|
|
volumes:
|
|
- data-s3:/data:rw
|
|
|
|
volumes:
|
|
mysql-persistent-volume:
|
|
data-s3:
|