docker-compose.yml

version: "3.8"
services:
  database:
    image: mdillon/postgis:10
    volumes:
      - db-data:/var/lib/postgresql/data
    env_file:
      - ./config/db.env
    environment:
      INSTANCE_ID: "prism-view-server_database"
    deploy:
      placement:
        constraints: [node.role == manager]
    networks:
      - intnet
    command: ["postgres", "-c", "max_connections=300"]
    sysctls:
      net.ipv4.tcp_keepalive_time: 600
      net.ipv4.tcp_keepalive_probes: 5
      net.ipv4.tcp_keepalive_intvl: 10
  redis:
    image: redis
    volumes:
      - redis-data:/data
    deploy:
      placement:
        constraints: [node.role == manager]
    networks:
      - intnet
  renderer:
    volumes:
      - type: tmpfs
        target: /tmp
      - type: volume
        source: instance-data
        target: /var/www/pvs
    env_file:
      - ./config/db.env
      - ./config/django.env
    secrets:
      - DJANGO_PASSWORD
      - DJANGO_SECRET_KEY
    environment:
      INSTANCE_ID: "prism-view-server_renderer"
      INSTALL_DIR: "/var/www/pvs/dev/"
      INIT_SCRIPTS: "/opt/core/configure.sh /opt/core/init-db.sh /opt/core/initialized.sh"
      STARTUP_SCRIPTS: "/opt/core/wait-initialized.sh"
      WAIT_SERVICES: "database:5432"
      WAIT_TIMEOUT: 180
      DJANGO_PASSWORD_FILE: "/run/secrets/DJANGO_PASSWORD"
      DJANGO_SECRET_KEY_FILE: "/run/secrets/DJANGO_SECRET_KEY"
      GDAL_DISABLE_READDIR_ON_OPEN: "TRUE"
      CPL_VSIL_CURL_ALLOWED_EXTENSIONS: ".TIF,.tif,.xml"
{%- if slug in ["dem", "demF"] %}
      ENABLE_HTTP_ACCESS: "true"
{%- endif %}
    configs:
      - source: init-db
        target: /opt/core/init-db.sh
    deploy:
      replicas: 1
    networks:
      - intnet
  cache:
    volumes:
      - type: tmpfs
        target: /tmp
    env_file:
      - ./config/db.env
    secrets:
      - OS_PASSWORD
    configs:
      - source: mapcache-config
        target: /mapcache-template.xml
    environment:
      INSTANCE_ID: "prism-view-server_cache"
      RENDERER_HOST: renderer
      WAIT_SERVICES: "database:5432 renderer:80"
      WAIT_TIMEOUT: 300
      OS_PASSWORD_FILE: "/run/secrets/OS_PASSWORD"
    deploy:
      replicas: 1
    logging:
      options:
        tag: "docker.apache2"
    networks:
      - intnet
  ingestor:
    command:
      ["python3", "/opt/ingestor/filedaemon.py"]
    volumes:
      - type: volume
        source: from-fepd
        target: /mnt/data
      - type: volume
        source: ingestor-data
        target: /var/ingestor
    environment:
      INSTANCE_ID: "prism-view-server_ingestor"
      INGESTOR_SUCCESS_DIR: "/var/ingestor/success"
      INGESTOR_FAIL_DIR: "/var/ingestor/fail"
    deploy:
      replicas: 1
    networks:
      - intnet
  preprocessor:
    secrets:
      - OS_PASSWORD_{{slug | upper}}
      - OS_PASSWORD_DOWNLOAD
    environment:
      INSTANCE_ID: "prism-view-server_preprocessor"
      WAIT_SERVICES: "redis:6379"
      OS_PASSWORD_FILE: "/run/secrets/OS_PASSWORD_{{slug | upper}}"
      OS_PASSWORD_DOWNLOAD_FILE: "/run/secrets/OS_PASSWORD_DOWNLOAD"
      GDAL_DISABLE_READDIR_ON_OPEN: "TRUE"
    configs:
      - source: preprocessor-config
        target: /config.yaml
    networks:
      - intnet
  registrar:
    volumes:
      - type: tmpfs
        target: /tmp
      - type: volume
        source: instance-data
        target: /var/www/pvs
      - type: volume
        source: report-data
        target: /mnt/reports/
    env_file:
      - ./config/db.env
      - ./config/django.env
    secrets:
      - DJANGO_PASSWORD
      - OS_PASSWORD_{{slug | upper}}
      - DJANGO_SECRET_KEY
    environment:
      INSTANCE_ID: "prism-view-server_registrar"
      INSTALL_DIR: "/var/www/pvs/dev/"
      INIT_SCRIPTS: "/opt/core/configure.sh /opt/core/init-db.sh /opt/core/initialized.sh"
      STARTUP_SCRIPTS: "/opt/core/wait-initialized.sh"
      WAIT_SERVICES: "redis:6379 database:5432"
      WAIT_TIMEOUT: 180
      OS_PASSWORD_FILE: "/run/secrets/OS_PASSWORD_{{slug | upper}}"
      DJANGO_PASSWORD_FILE: "/run/secrets/DJANGO_PASSWORD"
      DJANGO_SECRET_KEY_FILE: "/run/secrets/DJANGO_SECRET_KEY"
      REPORTING_DIR: "/mnt/reports/"
      GDAL_DISABLE_READDIR_ON_OPEN: "EMPTY_DIR"
      CPL_VSIL_CURL_ALLOWED_EXTENSIONS: ".TIF,.tif,.xml"
    configs:
      - source: init-db
        target: /opt/core/init-db.sh
      - source: registrar-config
        target: /config.yaml
    deploy:
      replicas: 1
    networks:
      - intnet
    command:
      ["/opt/core/run-registrar.sh"]
  client:
    deploy:
      replicas: 1
  sftp:
    volumes:
      - type: volume
        source: report-data
        target: /home/eox/data/to/panda
      - type: volume
        source: from-fepd
        target: /home/eox/data/from/fepd
    configs:
      - source: sftp_users_{{slug}}
        target: /etc/sftp/users.conf
    ports:
      - "{{sftp}}:22"
    deploy:
      replicas: 1
configs:
  sftp_users_{{slug}}:
    external: true
  init-db:
    file: ./config/init-db.sh
  mapcache-config:
    file: ./config/mapcache.xml
  client-config:
    file: ./config/index.html
  preprocessor-config:
    file: ./config/preprocessor-config.yaml
  registrar-config:
    file: ./config/registrar-config.yaml
volumes:
  db-data:
  redis-data:
  instance-data:
  from-fepd:
  report-data:
  ingestor-data:
networks:
  intnet:
secrets:
  OS_PASSWORD_{{slug | upper}}:
    external: true
  OS_PASSWORD:
    external: true
  OS_PASSWORD_DOWNLOAD:
    external: true
  DJANGO_PASSWORD:
    external: true
  DJANGO_SECRET_KEY:
    external: true