Añade configuración para despliegue del servicio

include:

  - project: 'redmic-project/gitlab-ci-templates'

    ref: master

    file: '/deployment.yml'

stages:

  - deploy

.deploy:

  variables:

    STACK: etl

    STATUS_CHECK_DELAY: 300

  environment:

    url: https://nifi-registry.${PUBLIC_HOSTNAME}

NIFI_REGISTRY_HOME=/opt/nifi-registry/nifi-registry-current

INITIAL_ADMIN_IDENTITY=cn=admin,dc=example,dc=org

LDAP_AUTHENTICATION_STRATEGY=SIMPLE

LDAP_MANAGER_DN=cn=admin,dc=example,dc=org

LDAP_MANAGER_PASSWORD=changeme

LDAP_USER_SEARCH_BASE=dc=example,dc=org

LDAP_USER_SEARCH_FILTER=cn={0}

LDAP_IDENTITY_STRATEGY=USE_DN

LDAP_URL=ldap://openldap:389

KEYSTORE_TYPE=PKCS12

KEYSTORE_PASSWORD=changeme

KEY_PASSWORD=changeme

TRUSTSTORE_PASSWORD=changeme

TRUSTSTORE_TYPE=PKCS12

AUTH=ldap

NIFI_REGISTRY_WEB_HTTPS_HOST=0.0.0.0

NIFI_REGISTRY_WEB_HTTPS_PORT=18443

TRAEFIK_SUBDOMAIN=nifi-registry

CONF_VOL_NAME=nifi-registry-conf-vol

DATABASE_VOL_NAME=nifi-registry-database-vol

FLOW_STORAGE_VOL_NAME=nifi-registry-flow-storage-vol

SECURITY_VOL_NAME=nifi-security-vol

VOL_TYPE=nfs4

VOL_ADDR=127.0.0.1

VOL_OPTIONS=rw,nolock,noatime,tcp,rsize=8192,wsize=8192,timeo=14

version: '3.9'

volumes:

  conf-vol:

    name: ${CONF_VOL_NAME}

    driver: local

    driver_opts:

      type: ${VOL_TYPE}

      o: addr=${VOL_ADDR},${VOL_OPTIONS}

      device: ${CONF_VOL_DEVICE:-:/nifi-registry-conf-vol/}

  database-vol:

    name: ${DATABASE_VOL_NAME}

    driver: local

    driver_opts:

      type: ${VOL_TYPE}

      o: addr=${VOL_ADDR},${VOL_OPTIONS}

      device: ${DATABASE_VOL_DEVICE:-:/nifi-registry-database-vol/}

  flow-storage-vol:

    name: ${FLOW_STORAGE_VOL_NAME}

    driver: local

    driver_opts:

      type: ${VOL_TYPE}

      o: addr=${VOL_ADDR},${VOL_OPTIONS}

      device: ${FLOW_STORAGE_VOL_DEVICE:-:/nifi-registry-flow-storage-vol/}

  security-vol:

    name: ${SECURITY_VOL_NAME}

    driver: local

    driver_opts:

      type: ${VOL_TYPE}

      o: addr=${VOL_ADDR},${VOL_OPTIONS}

      device: ${SECURITY_VOL_DEVICE:-:/nifi-security-vol/}

version: '3.9'

services:

  nifi-registry:

    deploy:

      placement:

        constraints:

          - node.role == worker

volumes:

  conf-vol:

    name: ${CONF_VOL_NAME}

    driver: 'cloudstor:aws'

    driver_opts:

      backing: shared

  database-vol:

    name: ${DATABASE_VOL_NAME}

    driver: 'cloudstor:aws'

    driver_opts:

      backing: shared

  flow-storage-vol:

    name: ${FLOW_STORAGE_VOL_NAME}

    driver: 'cloudstor:aws'

    driver_opts:

      backing: shared

  security-vol:

    name: ${SECURITY_VOL_NAME}

    driver: 'cloudstor:aws'

    driver_opts:

      backing: shared

version: '3.9'

services:

  nifi-registry:

    image: ${IMAGE_NAME:-apache/nifi-registry}:${IMAGE_TAG:-latest}

    environment:

      HOME: ${NIFI_REGISTRY_HOME}/conf

      NIFI_WEB_PROXY_HOST: ${TRAEFIK_SUBDOMAIN}.${PUBLIC_HOSTNAME}:443

      TRUSTSTORE_PATH: ${NIFI_REGISTRY_HOME}/security/truststore.p12

      KEYSTORE_PATH: ${NIFI_REGISTRY_HOME}/security/keystore.p12

      NIFI_REGISTRY_HOME:

      INITIAL_ADMIN_IDENTITY:

      LDAP_AUTHENTICATION_STRATEGY:

      LDAP_MANAGER_DN:

      LDAP_MANAGER_PASSWORD:

      LDAP_USER_SEARCH_BASE:

      LDAP_USER_SEARCH_FILTER:

      LDAP_IDENTITY_STRATEGY:

      LDAP_URL:

      KEYSTORE_TYPE:

      KEYSTORE_PASSWORD:

      KEY_PASSWORD:

      TRUSTSTORE_PASSWORD:

      TRUSTSTORE_TYPE:

      AUTH:

      NIFI_REGISTRY_WEB_HTTPS_HOST:

      NIFI_REGISTRY_WEB_HTTPS_PORT:

    networks:

      traefik-net:

      auth-net:

    volumes:

      - log-vol:${NIFI_REGISTRY_HOME}/logs

      - conf-vol:${NIFI_REGISTRY_HOME}/conf

      - database-vol:${NIFI_REGISTRY_HOME}/database

      - flow-storage-vol:${NIFI_REGISTRY_HOME}/flow_storage

      - security-vol:${NIFI_REGISTRY_HOME}/security

    healthcheck:

      test: curl --silent --output /dev/null --insecure https://localhost:${NIFI_REGISTRY_WEB_HTTPS_PORT}/nifi-registry

      interval: ${HEALTHCHECK_INTERVAL:-30s}

      timeout: ${HEALTHCHECK_TIMEOUT:-15s}

      retries: ${HEALTHCHECK_RETRIES:-10}

      start_period: ${HEALTHCHECK_START_PERIOD:-5m}

    deploy:

      mode: replicated

      replicas: 1

      restart_policy:

        delay: ${RESTART_DELAY:-10s}

      update_config:

        delay: ${UPDATE_DELAY:-10m}

      resources:

        limits:

          cpus: '${RESOURCES_LIMITS_CPUS:-0.5}'

          memory: ${RESOURCES_LIMITS_MEMORY:-512M}

        reservations:

          cpus: '${RESOURCES_RESERVATIONS_CPUS:-0.2}'

          memory: ${RESOURCES_RESERVATIONS_MEMORY:-408M}

      labels:

        traefik.frontend.rule: Host:${TRAEFIK_SUBDOMAIN}.${PUBLIC_HOSTNAME}

        traefik.frontend.headers.customRequestHeaders: X-ProxyScheme:https||X-ProxyHost:${TRAEFIK_SUBDOMAIN}.${PUBLIC_HOSTNAME}||X-ProxyPort:443||X-ProxyContextPath:/

        traefik.frontend.redirect.regex: ^(.*://${TRAEFIK_SUBDOMAIN}.${PUBLIC_HOSTNAME})/$$

        traefik.frontend.redirect.replacement: $$1/nifi-registry

        traefik.frontend.redirect.permanent: 'true'

        traefik.backend: nifi-registry

        traefik.protocol: https

        traefik.port: '${NIFI_REGISTRY_WEB_HTTPS_PORT}'

networks:

  traefik-net:

    name: ${TRAEFIK_NET_NAME:-traefik-net}

    driver: ${TRAEFIK_NET_DRIVER:-overlay}

    external: true

  auth-net:

    name: ${AUTH_NET_NAME:-auth-net}

    driver: ${AUTH_NET_DRIVER:-overlay}

    external: true

volumes:

  log-vol:

    name: ${LOG_VOL_NAME:-nifi-registry-log-vol}