Add healthchecks for all Taiga services, fix RabbitMQ env var names, and define TAIGA_HOSTNAME

Details: - Implemented healthchecks for taiga, async, rabbitmq, front, events, protected, and gateway - Corrected RabbitMQ env variables (RABBITMQ_DEFAULT_USER/PASS/VHOST/ERLANG_COOKIE) - Added TAIGA_HOSTNAME for backend service See: https://chatgpt.com/share/68da9d6b-b164-800f-bcb7-410b40219a1e
2025-10-10 10:48:10 +02:00 · 2025-09-29 17:09:42 +02:00
parent 3fbb9c38a8
commit 251f7b227d
8 changed files with 70 additions and 20 deletions
--- a/roles/web-app-nextcloud/config/main.yml
+++ b/roles/web-app-nextcloud/config/main.yml
@@ -54,8 +54,8 @@ docker:
      backup:
        no_stop_required:   false
      turn_server:
-        onboard_enabled:    true
+        onboard_enabled:    true # Deactivated because standalone turnserver works with  Big Blue Button, so I assume that the nextcloud internal turnserver has it's isssues
-        standalone_enabled: true
+        standalone_enabled: false
      network_mode:         host
    whiteboard:
      name:                 "nextcloud-whiteboard"
--- a/roles/web-app-nextcloud/templates/docker-compose.yml.j2
+++ b/roles/web-app-nextcloud/templates/docker-compose.yml.j2
@@ -37,7 +37,7 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
        ipv4_address: 192.168.102.69
-{% if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED | bool %}
+{% if NEXTCLOUD_TALK_SIGNALING_ENABLED | bool %}
  talk:
 {% set container_port = NEXTCLOUD_TALK_SIGNALING_PORT %}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
@@ -46,7 +46,7 @@
    container_name: {{ NEXTCLOUD_TALK_CONTAINER }}
    init: true
    network_mode: {{ NEXTCLOUD_TALK_NETWORK_MODE }}
-{% if NEXTCLOUD_TALK_NETWORK_MODE == 'bridge' %}
+{% if NEXTCLOUD_TALK_NETWORK_MODE == 'bridge' and NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED | bool %}
    ports:
      - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_PORT }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_PORT }}/tcp
      - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_PORT }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_PORT }}/udp
--- a/roles/web-app-nextcloud/templates/nginx/docker.conf.j2
+++ b/roles/web-app-nextcloud/templates/nginx/docker.conf.j2
@@ -192,18 +192,20 @@ http {
            proxy_read_timeout 3600;
        }
-{% if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED | bool %}
+{% if NEXTCLOUD_TALK_SIGNALING_ENABLED | bool %}
        location {{ NEXTCLOUD_TALK_SIGNALING_LOCATION }} {
 {% if NEXTCLOUD_TALK_NETWORK_MODE == 'host' %}
-            proxy_pass http://host.docker.internal:{{ NEXTCLOUD_TALK_SIGNALING_PORT }}/;
+            proxy_pass          http://host.docker.internal:{{ NEXTCLOUD_TALK_SIGNALING_PORT }}/;
 {% else %}
-            proxy_pass http://talk:{{ NEXTCLOUD_TALK_SIGNALING_PORT }}/;
+            proxy_pass          http://talk:{{ NEXTCLOUD_TALK_SIGNALING_PORT }}/;
 {% endif %}
-            proxy_http_version 1.1;
+            proxy_http_version  1.1;
-            proxy_set_header   Host              $host;
+            proxy_set_header    Host              $host;
-            proxy_set_header   Upgrade           $http_upgrade;
+            proxy_set_header    Upgrade           $http_upgrade;
-            proxy_set_header   Connection        "upgrade";
+            proxy_set_header    Connection        "upgrade";
-            proxy_read_timeout 3600;
+            proxy_read_timeout  3600;
            proxy_buffering     off;
            proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        }
 {% endif %}
--- a/roles/web-app-nextcloud/vars/main.yml
+++ b/roles/web-app-nextcloud/vars/main.yml
@@ -73,6 +73,7 @@ NEXTCLOUD_TALK_SIGNALING_SECRET:      "{{ applications | get_app_conf(applicatio
 NEXTCLOUD_TALK_SIGNALING_LOCATION:    "/standalone-signaling/"
 NEXTCLOUD_TALK_SIGNALING_PORT:        "8081"
 NEXTCLOUD_TALK_SIGNALING_URL:         "{{ [ NEXTCLOUD_URL, NEXTCLOUD_TALK_SIGNALING_LOCATION ] | url_join }}"
 NEXTCLOUD_TALK_SIGNALING_ENABLED:     "{{ NEXTCLOUD_TALK_PLUGIN_ENABLED }}"
 #### Talk Turn (Onboard)
 NEXTCLOUD_TALK_TURN_ONBOARD_PORT:             "{{ ports.public.stun_turn[application_id] }}"
--- a/roles/web-app-taiga/templates/docker-compose.yml.j2
+++ b/roles/web-app-taiga/templates/docker-compose.yml.j2
@@ -3,7 +3,14 @@
 {% set service_name = TAIGA_SERVICE %}
  {{ service_name }}:
    container_name: {{ TAIGA_CONTAINER }}
    hostname:       {{ TAIGA_HOSTNAME }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    healthcheck:
      test: ["CMD", "python", "-c", "import socket; socket.create_connection(('127.0.0.1',8000),5).close()"]
      interval: 30s
      timeout: 5s
      retries: 5
      start_period: 40s
    image: "{{ TAIGA_DOCKER_IMAGE_BACKEND }}:{{ TAIGA_VERSION }}"
    volumes:
      # These volumens will be used by taiga-back and taiga-async.
@@ -31,6 +38,12 @@
  {{ service_name }}:
    container_name: {{ TAIGA_CONTAINER }}-{{ service_name }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    healthcheck:
      test: ["CMD-SHELL", "tr '\\0' ' ' </proc/1/cmdline | grep -qi celery"]
      interval: 30s
      timeout: 5s
      retries: 5
      start_period: 60s
    image: "{{ TAIGA_DOCKER_IMAGE_BACKEND }}:{{ TAIGA_VERSION }}"
    entrypoint: ["/taiga-back/docker/async_entrypoint.sh"]
    volumes:
@@ -65,6 +78,12 @@
    volumes:
      - async-rabbitmq-data:/var/lib/rabbitmq
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    healthcheck:
      test: ["CMD", "rabbitmq-diagnostics", "-q", "ping"]
      interval: 30s
      timeout: 5s
      retries: 5
      start_period: 20s
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
      taiga:
@@ -73,6 +92,12 @@
    container_name: {{ TAIGA_CONTAINER }}-{{ service_name }}
    image: "{{TAIGA_DOCKER_IMAGE_FRONTEND}}:{{ TAIGA_VERSION }}"
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    healthcheck:
      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1/ >/dev/null || curl -fsS http://127.0.0.1/ >/dev/null"]
      interval: 30s
      timeout: 5s
      retries: 5
      start_period: 20s
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
      taiga:
 #    volumes:
@@ -83,6 +108,12 @@
    container_name: {{ TAIGA_CONTAINER }}-{{ service_name }}
    image: taigaio/taiga-events:latest
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    healthcheck:
      test: ["CMD-SHELL", "nc -z 127.0.0.1 8888"]
      interval: 30s
      timeout: 5s
      retries: 5
      start_period: 30s
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
      taiga:
    depends_on:
@@ -97,7 +128,12 @@
    volumes:
      - events-rabbitmq-data:/var/lib/rabbitmq
 {% include 'roles/docker-container/templates/base.yml.j2' %}
-
+    healthcheck:
      test: ["CMD", "rabbitmq-diagnostics", "-q", "ping"]
      interval: 30s
      timeout: 5s
      retries: 5
      start_period: 20s
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
      taiga:
@@ -106,7 +142,12 @@
    container_name: {{ TAIGA_CONTAINER }}-{{ service_name }}
    image: taigaio/taiga-protected:latest
 {% include 'roles/docker-container/templates/base.yml.j2' %}
-
+    healthcheck:
      test: ["CMD", "python", "-c", "import socket; socket.create_connection(('127.0.0.1',8003),5).close()"]
      interval: 30s
      timeout: 5s
      retries: 5
      start_period: 20s
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
      taiga:
@@ -121,7 +162,12 @@
      - static-data:/taiga/static
      - media-data:/taiga/media
 {% include 'roles/docker-container/templates/base.yml.j2' %}
-
+    healthcheck:
      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1/ >/dev/null || curl -fsS http://127.0.0.1/ >/dev/null"]
      interval: 30s
      timeout: 5s
      retries: 5
      start_period: 20s
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
      taiga:
    depends_on:
--- a/roles/web-app-taiga/templates/env.j2
+++ b/roles/web-app-taiga/templates/env.j2
@@ -33,10 +33,10 @@ RABBITMQ_PASS=taiga
 RABBITMQ_VHOST=taiga
 # Taiga's RabbitMQ settings - Variables to leave messages for the realtime and asynchronous events
-RABBITMQ_DEFAULT_RABBITMQ_USER  =   taiga  # user to connect to RabbitMQ
+RABBITMQ_DEFAULT_USER  =   taiga  # user to connect to RabbitMQ
-RABBITMQ_DEFAULT_RABBITMQ_PASS  =   taiga  # RabbitMQ user's password
+RABBITMQ_DEFAULT_PASS  =   taiga  # RabbitMQ user's password
-RABBITMQ_DEFAULT_RABBITMQ_VHOST =   taiga  # RabbitMQ container name
+RABBITMQ_DEFAULT_VHOST =   taiga  # RabbitMQ container name
-RABBITMQ_ERLANG_COOKIE          =   secret-erlang-cookie  # unique value shared by any connected instance of RabbitMQ
+RABBITMQ_ERLANG_COOKIE =   secret-erlang-cookie  # unique value shared by any connected instance of RabbitMQ
 # Taiga's Attachments - Variable to define how long the attachments will be accesible
 ATTACHMENTS_MAX_AG  =   360  # token expiration date (in seconds)
--- a/roles/web-app-taiga/vars/main.yml
+++ b/roles/web-app-taiga/vars/main.yml
@@ -36,6 +36,7 @@ TAIGA_VERSION:                  "{{ applications | get_app_conf(application_id,
 ### Backend
 TAIGA_SERVICE:                  "{{ entity_name }}"
 TAIGA_HOSTNAME:                 "taiga-back"
 TAIGA_CONTAINER:                "{{ entity_name }}"
 TAIGA_VOLUME_MEDIA:             "/taiga-back/media"
 TAIGA_VOLUME_STATIC:            "/taiga-back/static"
--- a/roles/web-app-wordpress/config/main.yml
+++ b/roles/web-app-wordpress/config/main.yml
@@ -53,7 +53,7 @@ docker:
      backup:
        no_stop_required: true
  volumes: 
-    data:               wordpress_data
+    data:                 wordpress_data
 rbac:
  roles:
    subscriber: