empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 17:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
970b3c3962
fleet/docker-compose.yml

144 lines
3.8 KiB
YAML
Raw Normal View History

docker-compose QoL improvements (#2319) * Use YAML anchors to avoid repeating config blocks * Use docker volumes to persist data for mysql * Allow setting `FLEET_SERVER` (fixes #2127) when using the docker-compose file to spin up multiple osquery clients
2020-10-09 17:10:33 +00:00
---
Make migrations compatible with GTID replication (#2615) * Make migrations compatible with GTID replication Fixes an issue some deployments encountered when migrations used a statement that is unsupported in GTID replication mode (#2462). Local dev MySQL now enforces this consistency, so it should be easier to maintain compatibility going forward. * Update docker-compose formatting * if exists
2021-10-21 10:46:02 +00:00
version: "2"
Use tmpfs with dev MySQL instances (#483) This results in ~100x speedup in MySQL tests.
2016-11-15 18:06:33 +00:00
services:
Strongly discourage use of MariaDB (#7699)
2022-09-23 18:18:34 +00:00
# To test with MariaDB, set FLEET_MYSQL_IMAGE to mariadb:10.6 or the like (note MariaDB is not
# officially supported).
Add better support for M1 to `docker-compose.yml` and add `fleet-dev` target to `Makefile` (#6432) * Add better support for M1 to docker-compose.yml and add fleet-dev target * Amend comment
2022-06-29 17:38:23 +00:00
# To run in macOS M1, set FLEET_MYSQL_IMAGE=arm64v8/mysql:oracle FLEET_MYSQL_PLATFORM=linux/arm64/v8
Use tmpfs with dev MySQL instances (#483) This results in ~100x speedup in MySQL tests.
2016-11-15 18:06:33 +00:00
mysql:
Fix mock tests set test name (#6345) * Set mock test on live query mocked tests * Use MySQL 5.7 as default in docker-compose.yml
2022-06-23 14:34:52 +00:00
image: ${FLEET_MYSQL_IMAGE:-mysql:5.7}
Add better support for M1 to `docker-compose.yml` and add `fleet-dev` target to `Makefile` (#6432) * Add better support for M1 to docker-compose.yml and add fleet-dev target * Amend comment
2022-06-29 17:38:23 +00:00
platform: ${FLEET_MYSQL_PLATFORM:-linux/x86_64}
Use persistent MySQL for local server, tmpfs MySQL for tests (#1245)
2017-02-17 17:15:10 +00:00
volumes:
docker-compose QoL improvements (#2319) * Use YAML anchors to avoid repeating config blocks * Use docker volumes to persist data for mysql * Allow setting `FLEET_SERVER` (fixes #2127) when using the docker-compose file to spin up multiple osquery clients
2020-10-09 17:10:33 +00:00
- mysql-persistent-volume:/tmp
Add better support for M1 to `docker-compose.yml` and add `fleet-dev` target to `Makefile` (#6432) * Add better support for M1 to docker-compose.yml and add fleet-dev target * Amend comment
2022-06-29 17:38:23 +00:00
command:
[
Make migrations compatible with GTID replication (#2615) * Make migrations compatible with GTID replication Fixes an issue some deployments encountered when migrations used a statement that is unsupported in GTID replication mode (#2462). Local dev MySQL now enforces this consistency, so it should be easier to maintain compatibility going forward. * Update docker-compose formatting * if exists
2021-10-21 10:46:02 +00:00
"mysqld",
"--datadir=/tmp/mysqldata",
# These 3 keys run MySQL with GTID consistency enforced to avoid issues with production deployments that use it.
"--enforce-gtid-consistency=ON",
"--log-bin=bin.log",
Add Apple MDM functionality (#7940) * WIP * Adding DEP functionality to Fleet * Better organize additional MDM code * Add cmdr.py and amend API paths * Fix lint * Add demo file * Fix demo.md * go mod tidy * Add munki setup to Fleet * Add diagram to demo.md * Add fixes * Update TODOs and demo.md * Fix cmdr.py and add TODO * Add endpoints to demo.md * Add more Munki PoC/demo stuff * WIP * Remove proposals from PoC * Replace prepare commands with fleetctl commands * Update demo.md with current state * Remove config field * Amend demo * Remove Munki setup from MVP-Dogfood * Update demo.md * Add apple mdm commands (#7769) * fleetctl enqueue mdm command * fix deps * Fix build Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com> * Add command to upload installers * go mod tidy * fix subcommands help There is a bug in urfave/cli where help text is not generated properly when subcommands are nested too deep. * Add support for installing apps * Add a way to list enrolled devices * Add dep listing * Rearrange endpoints * Move DEP routine to schedule * Define paths globally * Add a way to list enrollments and installers * Parse device-ids as comma-separated string * Remove unused types * Add simple commands and nest under enqueue-command * Fix simple commands * Add help to enqueue-command * merge apple_mdm database * Fix commands * update nanomdm * Split nanomdm and nanodep schemas * Set 512 MB in memory for upload * Remove empty file * Amend profile * Add sample commands * Add delete installers and fix bug in DEP profile assigning * Add dogfood.md deployment guide * Update schema.sql * Dump schema with MySQL 5 * Set default value for authenticate_at * add tokens to enrollment profiles When a device downloads an MDM enrollment profile, verify the token passed as a query parameter. This ensures untrusted devices don't enroll with our MDM server. - Rename enrollments to enrollment profiles. Enrollments is used by nano to refer to devices that are enrolled with MDM - Rename endpoint /api/<version>/fleet/mdm/apple/enrollments to ../enrollmentprofiles - Generate a token for authentication when creating an enrollment profile - Return unauthorized if token is invalid when downloading an enrollment profile from /api/mdm/apple/enroll?token= * remove mdm apple server url * update docs * make dump-test-schema * Update nanomdm with missing prefix table * Add docs and simplify changes * Add changes file * Add method docs * Fix compile and revert prepare.go changes * Revert migration status check change * Amend comments * Add more docs * Clarify storage of installers * Remove TODO * Remove unused * update dogfood.md * remove cmdr.py * Add authorization tests * Add TODO comment * use kitlog for nano logging * Add yaml tags * Remove unused flag * Remove changes file * Only run DEP routine if MDM is enabled * Add docs to all new exported types * Add docs * more nano logging changes * Fix unintentional removal * more nano logging changes * Fix compile test * Use string for configs and fix config test * Add docs and amend changes * revert changes to basicAuthHandler * remove exported BasicAuthHandler * rename rego authz type * Add more information to dep list * add db tag * update deps * Fix schema * Remove unimplemented Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Co-authored-by: Michal Nicpon <michal@fleetdm.com>
2022-10-05 22:53:54 +00:00
"--server-id=master-01",
# Required for storage of Apple MDM installers.
"--max_allowed_packet=536870912"
Make migrations compatible with GTID replication (#2615) * Make migrations compatible with GTID replication Fixes an issue some deployments encountered when migrations used a statement that is unsupported in GTID replication mode (#2462). Local dev MySQL now enforces this consistency, so it should be easier to maintain compatibility going forward. * Update docker-compose formatting * if exists
2021-10-21 10:46:02 +00:00
]
Add better support for M1 to `docker-compose.yml` and add `fleet-dev` target to `Makefile` (#6432) * Add better support for M1 to docker-compose.yml and add fleet-dev target * Amend comment
2022-06-29 17:38:23 +00:00
environment:
&mysql-default-environment
Use persistent MySQL for local server, tmpfs MySQL for tests (#1245)
2017-02-17 17:15:10 +00:00
MYSQL_ROOT_PASSWORD: toor
Add --dev flag and change docker defaults (#251) - Add --dev flag that will set default flag values. This simplifies the invocation of Fleet in a development environment. - Change defaults in docker-compose to use `fleet` in place of `kolide`. - Skip prompt in `prepare db` when `--dev` specified. - Update developer documentation. Updates to MySQL configuration in docker-compose.yml may require existing development containers and volumes to be deleted (this will delete data in MySQL): ```shell docker-compose rm -sf docker volume rm fleet_mysql-persistent-volume ``` Closes #170
2021-02-02 02:14:16 +00:00
MYSQL_DATABASE: fleet
MYSQL_USER: fleet
MYSQL_PASSWORD: insecure
Use persistent MySQL for local server, tmpfs MySQL for tests (#1245)
2017-02-17 17:15:10 +00:00
ports:
- "3306:3306"
mysql_test:
Fix mock tests set test name (#6345) * Set mock test on live query mocked tests * Use MySQL 5.7 as default in docker-compose.yml
2022-06-23 14:34:52 +00:00
image: ${FLEET_MYSQL_IMAGE:-mysql:5.7}
Add better support for M1 to `docker-compose.yml` and add `fleet-dev` target to `Makefile` (#6432) * Add better support for M1 to docker-compose.yml and add fleet-dev target * Amend comment
2022-06-29 17:38:23 +00:00
platform: ${FLEET_MYSQL_PLATFORM:-linux/x86_64}
Speed up MySQL tests (#585) Improves MySQL test time (on my 2020 MBP) to ~18s from ~125s. - Use separate databases for each test to allow parallelization. - Run migrations only once at beginning of tests and then reload generated schema. - Add `--innodb-file-per-table=OFF` for ~20% additional speedup.
2021-04-03 18:42:27 +00:00
# innodb-file-per-table=OFF gives ~20% speedup for test runs.
Add better support for M1 to `docker-compose.yml` and add `fleet-dev` target to `Makefile` (#6432) * Add better support for M1 to docker-compose.yml and add fleet-dev target * Amend comment
2022-06-29 17:38:23 +00:00
command:
[
Make migrations compatible with GTID replication (#2615) * Make migrations compatible with GTID replication Fixes an issue some deployments encountered when migrations used a statement that is unsupported in GTID replication mode (#2462). Local dev MySQL now enforces this consistency, so it should be easier to maintain compatibility going forward. * Update docker-compose formatting * if exists
2021-10-21 10:46:02 +00:00
"mysqld",
"--datadir=/tmpfs",
"--slow_query_log=1",
"--log_output=TABLE",
"--log-queries-not-using-indexes",
"--innodb-file-per-table=OFF",
# These 3 keys run MySQL with GTID consistency enforced to avoid issues with production deployments that use it.
"--enforce-gtid-consistency=ON",
"--log-bin=bin.log",
Add Apple MDM functionality (#7940) * WIP * Adding DEP functionality to Fleet * Better organize additional MDM code * Add cmdr.py and amend API paths * Fix lint * Add demo file * Fix demo.md * go mod tidy * Add munki setup to Fleet * Add diagram to demo.md * Add fixes * Update TODOs and demo.md * Fix cmdr.py and add TODO * Add endpoints to demo.md * Add more Munki PoC/demo stuff * WIP * Remove proposals from PoC * Replace prepare commands with fleetctl commands * Update demo.md with current state * Remove config field * Amend demo * Remove Munki setup from MVP-Dogfood * Update demo.md * Add apple mdm commands (#7769) * fleetctl enqueue mdm command * fix deps * Fix build Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com> * Add command to upload installers * go mod tidy * fix subcommands help There is a bug in urfave/cli where help text is not generated properly when subcommands are nested too deep. * Add support for installing apps * Add a way to list enrolled devices * Add dep listing * Rearrange endpoints * Move DEP routine to schedule * Define paths globally * Add a way to list enrollments and installers * Parse device-ids as comma-separated string * Remove unused types * Add simple commands and nest under enqueue-command * Fix simple commands * Add help to enqueue-command * merge apple_mdm database * Fix commands * update nanomdm * Split nanomdm and nanodep schemas * Set 512 MB in memory for upload * Remove empty file * Amend profile * Add sample commands * Add delete installers and fix bug in DEP profile assigning * Add dogfood.md deployment guide * Update schema.sql * Dump schema with MySQL 5 * Set default value for authenticate_at * add tokens to enrollment profiles When a device downloads an MDM enrollment profile, verify the token passed as a query parameter. This ensures untrusted devices don't enroll with our MDM server. - Rename enrollments to enrollment profiles. Enrollments is used by nano to refer to devices that are enrolled with MDM - Rename endpoint /api/<version>/fleet/mdm/apple/enrollments to ../enrollmentprofiles - Generate a token for authentication when creating an enrollment profile - Return unauthorized if token is invalid when downloading an enrollment profile from /api/mdm/apple/enroll?token= * remove mdm apple server url * update docs * make dump-test-schema * Update nanomdm with missing prefix table * Add docs and simplify changes * Add changes file * Add method docs * Fix compile and revert prepare.go changes * Revert migration status check change * Amend comments * Add more docs * Clarify storage of installers * Remove TODO * Remove unused * update dogfood.md * remove cmdr.py * Add authorization tests * Add TODO comment * use kitlog for nano logging * Add yaml tags * Remove unused flag * Remove changes file * Only run DEP routine if MDM is enabled * Add docs to all new exported types * Add docs * more nano logging changes * Fix unintentional removal * more nano logging changes * Fix compile test * Use string for configs and fix config test * Add docs and amend changes * revert changes to basicAuthHandler * remove exported BasicAuthHandler * rename rego authz type * Add more information to dep list * add db tag * update deps * Fix schema * Remove unimplemented Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Co-authored-by: Michal Nicpon <michal@fleetdm.com>
2022-10-05 22:53:54 +00:00
"--server-id=master-01",
# Required for storage of Apple MDM installers.
"--max_allowed_packet=536870912"
Make migrations compatible with GTID replication (#2615) * Make migrations compatible with GTID replication Fixes an issue some deployments encountered when migrations used a statement that is unsupported in GTID replication mode (#2462). Local dev MySQL now enforces this consistency, so it should be easier to maintain compatibility going forward. * Update docker-compose formatting * if exists
2021-10-21 10:46:02 +00:00
]
docker-compose QoL improvements (#2319) * Use YAML anchors to avoid repeating config blocks * Use docker volumes to persist data for mysql * Allow setting `FLEET_SERVER` (fixes #2127) when using the docker-compose file to spin up multiple osquery clients
2020-10-09 17:10:33 +00:00
environment: *mysql-default-environment
Use tmpfs with dev MySQL instances (#483) This results in ~100x speedup in MySQL tests.
2016-11-15 18:06:33 +00:00
ports:
Use persistent MySQL for local server, tmpfs MySQL for tests (#1245)
2017-02-17 17:15:10 +00:00
- "3307:3306"
Migrate all mysql tests to the new form (#1408) * Migrate all mysql tests to the new form * Only dump sql if MYSQL_TEST is on * Removing parallel until we get rid of this code * Move TestMain to an actual _test file * A little experiment with tmpfs to speed up the db * Let's make sure the dump.sql file is also in ram
2021-07-19 21:20:31 +00:00
tmpfs:
- /var/lib/mysql:rw,noexec,nosuid
- /tmpfs
Updating some docker compose functionality (#220) close #210
2016-09-21 12:22:53 +00:00
Fix SMTP e-mail send when SMTP server has credentials (#10758) #9609 This PR also fixes #10777. The issue is: We were using `svc.AppConfig` instead of `svc.ds.AppConfig` to retrieve the SMTP credentials. `svc.AppConfig` obfuscates credentials, whereas `svc.ds.AppConfig` does not. To help prevent this from happening again I've renamed `svc.AppConfig` to `svc.AppConfigObfuscated`. I've also added a new test SMTP server (https://github.com/axllent/mailpit) that supports Basic Authentication and tests that make use of it to catch these kind of bugs (the tests are executed when running `go test` with `MAIL_TEST=1`). - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-03-28 18:23:15 +00:00
# Unauthenticated SMTP server.
Use tmpfs with dev MySQL instances (#483) This results in ~100x speedup in MySQL tests.
2016-11-15 18:06:33 +00:00
mailhog:
image: mailhog/mailhog:latest
ports:
- "8025:8025"
- "1025:1025"
Datastores for buffering distributed query results (#346) A new datastore interface is needed for buffering incoming distributed query results to be sent to the client. This PR attempts to define and implement that interface. It is intended that the ReadChannel() method be used by the goroutine that will push query results down a websocket to the client. Passing the results through this channel will allow that goroutine to perform a select on both the channel and the websocket, in order to properly handle IO.
2016-10-31 22:51:19 +00:00
Fix SMTP e-mail send when SMTP server has credentials (#10758) #9609 This PR also fixes #10777. The issue is: We were using `svc.AppConfig` instead of `svc.ds.AppConfig` to retrieve the SMTP credentials. `svc.AppConfig` obfuscates credentials, whereas `svc.ds.AppConfig` does not. To help prevent this from happening again I've renamed `svc.AppConfig` to `svc.AppConfigObfuscated`. I've also added a new test SMTP server (https://github.com/axllent/mailpit) that supports Basic Authentication and tests that make use of it to catch these kind of bugs (the tests are executed when running `go test` with `MAIL_TEST=1`). - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-03-28 18:23:15 +00:00
# SMTP server with Basic Authentication.
mailpit:
image: axllent/mailpit:latest
ports:
- "8026:8025"
- "1026:1025"
volumes:
- ./tools/mailpit/auth.txt:/auth.txt
command:
[
"--smtp-auth-file=/auth.txt",
"--smtp-auth-allow-insecure=true"
]
Use tmpfs with dev MySQL instances (#483) This results in ~100x speedup in MySQL tests.
2016-11-15 18:06:33 +00:00
redis:
Bump development docker-compose Redis to version 5 (#414)
2021-03-08 22:36:10 +00:00
image: redis:5
Use tmpfs with dev MySQL instances (#483) This results in ~100x speedup in MySQL tests.
2016-11-15 18:06:33 +00:00
ports:
Changed mysql version to match that of circle.yaml (#520)
2016-11-21 13:59:48 +00:00
- "6379:6379"
Add CAdvisor container to dev docker-compose (#2263) This container is useful for monitoring stats of other containers.
2020-07-21 22:36:11 +00:00
Add ability to test SSO locally (#552) - Use IdP in Docker container. - Document process.
2021-03-29 20:50:39 +00:00
saml_idp:
image: fleetdm/docker-idp:latest
Set up Cypress testing for Teams/Tiers (#1005) - Update names/roles of users in `make e2e-setup`. - Update test SSO user info. - Add Cypress commands for seeding users/Teams. - Stub Cypress tests for team/tier matrix.
2021-06-09 18:56:59 +00:00
volumes:
- ./tools/saml/users.php:/var/www/simplesamlphp/config/authsources.php
gate DEP enrollment behind SSO when configured (#11309) #10739 Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2023-04-27 12:43:20 +00:00
- ./tools/saml/config.php:/var/www/simplesamlphp/metadata/saml20-sp-remote.php
Add ability to test SSO locally (#552) - Use IdP in Docker container. - Document process.
2021-03-29 20:50:39 +00:00
ports:
- "9080:8080"
- "9443:8443"
Add CAdvisor container to dev docker-compose (#2263) This container is useful for monitoring stats of other containers.
2020-07-21 22:36:11 +00:00
# CAdvisor container allows monitoring other containers. Useful for
# development.
cadvisor:
image: google/cadvisor:latest
ports:
- "5678:8080"
volumes:
Update flags for development cAdvisor (#679) Updates to a minimal set of permissions for working cAdvisor. Tested with Docker Desktop 3.3.1 on macOS 11.2.3
2021-04-24 00:58:23 +00:00
- /var/run/docker.sock:/var/run/docker.sock:ro
Add CAdvisor container to dev docker-compose (#2263) This container is useful for monitoring stats of other containers.
2020-07-21 22:36:11 +00:00
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
docker-compose QoL improvements (#2319) * Use YAML anchors to avoid repeating config blocks * Use docker volumes to persist data for mysql * Allow setting `FLEET_SERVER` (fixes #2127) when using the docker-compose file to spin up multiple osquery clients
2020-10-09 17:10:33 +00:00
Add dev infrastructure and docs for Prometheus monitoring (#33) - Set up a simple example of Prometheus monitoring in the development docker-compose.yml. - Add documentation for configuring Prometheus.
2020-11-13 03:06:56 +00:00
prometheus:
image: prom/prometheus:latest
ports:
- "9090:9090"
volumes:
- ./tools/app/prometheus.yml:/etc/prometheus/prometheus.yml
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
# localstack to simulate AWS integrations like firehose & kinesis
# use http://localhost:4566 as the `--endpoint-url` argument in awscli
localstack:
image: localstack/localstack
ports:
- "4566:4566"
- "4571:4571"
environment:
- SERVICES=firehose,kinesis
add support for minio backend file carving (#2448) * add support for minio backend file carving * add changes file Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2021-10-12 19:32:06 +00:00
# s3 compatible object storage (file carving backend)
minio:
image: quay.io/minio/minio
command: server /data --console-address ":9001"
ports:
- "9000:9000"
- "9001:9001"
environment:
MINIO_ROOT_USER: minio
MINIO_ROOT_PASSWORD: minio123!
volumes:
- data-minio:/data
Add guide on how to simulate slow connections to redis and mysql (#9140) * Add guide on how to simulate slow connections to redis and mysql * Add pageOrderInSection
2023-01-03 20:29:40 +00:00
toxiproxy:
image: shopify/toxiproxy
ports:
- "22220:22220"
- "8474:8474"
docker-compose QoL improvements (#2319) * Use YAML anchors to avoid repeating config blocks * Use docker volumes to persist data for mysql * Allow setting `FLEET_SERVER` (fixes #2127) when using the docker-compose file to spin up multiple osquery clients
2020-10-09 17:10:33 +00:00
volumes:
mysql-persistent-volume:
add support for minio backend file carving (#2448) * add support for minio backend file carving * add changes file Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2021-10-12 19:32:06 +00:00
data-minio:
Address issues related to Redis Cluster support (#1885) Closes #1847 .
2021-09-01 20:32:57 +00:00
Reference in New Issue Copy Permalink