-
Notifications
You must be signed in to change notification settings - Fork 1
/
docker-compose.yml
152 lines (138 loc) · 5.06 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
version: '2.1'
services:
#
# Welcome to Grafolean NetFlow bot!
#
# To modify the variables in this file, please use .evn file (use .env.example as a starting point.)
#
# To run a NetFlow v5 simulator, use:
# $ docker run --net=host --name nflow networkstatic/nflow-generator -t 127.0.0.1 -p 2055
# (replace the port appropriately)
netflowbot:
# If you wish to load an explicit version, change the next line. For example:
# image: grafolean/grafolean-netflow-bot:v1.0.0
image: grafolean/grafolean-netflow-bot
container_name: grafolean-netflow-bot
build:
context: .
dockerfile: Dockerfile
depends_on:
db:
condition: service_healthy
environment:
# Backend url must be set to the address of the Grafolean backend, for example this uses Grafolean hosted service:
# - BACKEND_URL=https://grafolean.com/api
# IMPORTANT: '127.0.0.1' and 'localhost' are _never_ correct addresses for Grafolean backend, because they translate
# to container, not host.
- BACKEND_URL=${BACKEND_URL}
# To use NetFlow bot, a bot with the protocol "netflow" must be added via user interface, then the token needs to be copied here:
- BOT_TOKEN=${BOT_TOKEN}
# Interval between fetching information about jobs:
- JOBS_REFRESH_INTERVAL=${JOBS_REFRESH_INTERVAL:-60}
- DB_HOST=db
- DB_DATABASE=${DB_NAME:-grafolean}
- DB_USERNAME=${DB_USER:-admin}
- DB_PASSWORD=${DB_PASS:-admin}
- DEBUG=${DEBUG:-false}
restart: always
networks:
- grafolean
db:
image: timescale/timescaledb:latest-pg12
container_name: grafolean-netflow-db
volumes:
# You should always save DB data to a host directory unless you are prepared to lose it. By default
# this the location of data is '/grafolean/db/'.
# Note that if you ever wish to copy this directory as backup, you need to stop grafolean
# container first. For alternative backup approaches consult PostgreSQL documentation.
- ${DB_DIR:-/grafolean/netflow-db/}:/var/lib/postgresql/data/
environment:
- POSTGRES_DB=${DB_NAME:-grafolean}
- POSTGRES_USER=${DB_USER:-admin}
- POSTGRES_PASSWORD=${DB_PASS:-admin}
ports:
- "5432:5432"
restart: always
healthcheck:
test: ["CMD-SHELL", "pg_isready -h db -U ${DB_USER:-admin} -t 1 -q"]
interval: 10s
timeout: 5s
retries: 3
networks:
- grafolean
netflowcollector:
# This process collects NetFlow data and writes it to a shared named pipe. The
# reason is that there is a Docker bug which causes UDP packets to change the source
# IP if processed within the Docker network. To avoid that, we have a collector
# listening on host network interface, then transferring the data to a "writer"
# process within the network, which writes the data to DB.
image: grafolean/grafolean-netflow-bot
container_name: grafolean-netflow-collector
depends_on:
db:
condition: service_healthy
environment:
- NAMED_PIPE_FILENAME=/shared-grafolean/netflow.pipe
- NETFLOW_PORT=2055
- DEBUG=${DEBUG:-false}
ports:
- "${NETFLOW_PORT:-2055}:2055/udp"
restart: always
# NetFlow collector uses the same docker image as bot (grafolean/grafolean-netflow-bot),
# but specifies a different entrypoint:
entrypoint:
- python
- -m
- netflowcollector
volumes:
- shared-grafolean:/shared-grafolean
network_mode: "host"
netflowwriter:
# Reads netflow data from named pipe and writes it to DB.
image: grafolean/grafolean-netflow-bot
container_name: grafolean-netflow-writer
depends_on:
db:
condition: service_healthy
environment:
- NAMED_PIPE_FILENAME=/shared-grafolean/netflow.pipe
- DB_HOST=db
- DB_DATABASE=${DB_NAME:-grafolean}
- DB_USERNAME=${DB_USER:-admin}
- DB_PASSWORD=${DB_PASS:-admin}
- DEBUG=${DEBUG:-false}
restart: always
# CAREFUL: NetFlow collector uses the same docker image as bot
# (grafolean/grafolean-netflow-bot), but specifies a different entrypoint:
entrypoint:
- python
- -m
- netflowwriter
volumes:
- shared-grafolean:/shared-grafolean
# To use py-spy:
# - $ docker exec -ti grafolean-netflow-writer bash
# - # pip install py-spy
# - # py-spy record -n -o /tmp/prof/out.svg --pid 1
# But first, these 3 lines below must be enabled, to add a volume and capabilities: (careful not to add spaces!)
# - /tmp/prof/:/tmp/prof/
#cap_add:
# - SYS_PTRACE
networks:
- grafolean
# network_mode: host
# autoheal:
# # This container automatically restarts any container that fails its health check. Not a bullet-proof solution, but better than nothing.
# image: willfarrell/autoheal
# container_name: grafolean-netflow-bot-autoheal
# environment:
# - AUTOHEAL_CONTAINER_LABEL=all
# volumes:
# - /var/run/docker.sock:/var/run/docker.sock
# restart: always
# networks:
# - grafolean
networks:
grafolean:
volumes:
shared-grafolean: