From 426ba32c114b49af4d0719ee4b1e461a2b1ba9f3 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Tue, 23 Sep 2025 21:43:50 +0200 Subject: [PATCH] feat(services): add CPU/RAM/PIDs defaults for heavy roles and align service names Add per-service resource overrides (cpus, mem_reservation, mem_limit, pids_limit) for ollama, mariadb, postgres, confluence, gitlab, jira, keycloak, nextcloud; light formatting fixes in wordpress. Rename service keys from generic 'application/web' to concrete names (jira, confluence, gitlab, keycloak) and update compose templates accordingly. Jira: introduce JIRA_STORAGE_PATH and switch mounts/README accordingly. https://chatgpt.com/share/68d2d96c-9bf4-800f-bbec-d4f2c0051c06 --- roles/svc-ai-ollama/config/main.yml | 12 ++++++++---- roles/svc-db-mariadb/config/main.yml | 11 ++++++++--- roles/svc-db-postgres/config/main.yml | 10 +++++++--- roles/web-app-confluence/config/main.yml | 12 ++++++++---- .../templates/docker-compose.yml.j2 | 2 +- roles/web-app-confluence/vars/main.yml | 6 +++--- roles/web-app-gitlab/config/main.yml | 10 +++++++--- roles/web-app-gitlab/templates/docker-compose.yml.j2 | 2 +- roles/web-app-jira/README.md | 2 +- roles/web-app-jira/config/main.yml | 12 ++++++++---- roles/web-app-jira/templates/Dockerfile.j2 | 4 ++-- roles/web-app-jira/templates/docker-compose.yml.j2 | 4 ++-- roles/web-app-jira/vars/main.yml | 7 ++++--- roles/web-app-keycloak/config/main.yml | 10 +++++++--- .../web-app-keycloak/templates/docker-compose.yml.j2 | 2 +- roles/web-app-nextcloud/config/main.yml | 6 +++++- roles/web-app-wordpress/config/main.yml | 8 ++++---- 17 files changed, 77 insertions(+), 43 deletions(-) diff --git a/roles/svc-ai-ollama/config/main.yml b/roles/svc-ai-ollama/config/main.yml index 0dece7da..bdc17c92 100644 --- a/roles/svc-ai-ollama/config/main.yml +++ b/roles/svc-ai-ollama/config/main.yml @@ -5,10 +5,14 @@ docker: ollama: backup: no_stop_required: true - image: ollama/ollama - version: latest - name: ollama - port: 11434 + image: ollama/ollama + version: latest + name: ollama + port: 11434 + cpus: "4.0" + mem_reservation: "6g" + mem_limit: "8g" + pids_limit: 2048 volumes: models: "ollama_models" network: "ollama" diff --git a/roles/svc-db-mariadb/config/main.yml b/roles/svc-db-mariadb/config/main.yml index 3c09f80e..acf6f89e 100644 --- a/roles/svc-db-mariadb/config/main.yml +++ b/roles/svc-db-mariadb/config/main.yml @@ -1,11 +1,16 @@ docker: services: mariadb: - version: "latest" - image: "mariadb" - name: "mariadb" + version: "latest" + image: "mariadb" + name: "mariadb" backup: database_routine: true + # Performance Variables aren't used yet, but will be in the future as soon as an docker file is implemented + cpus: "2.0" + mem_reservation: "2g" + mem_limit: "4g" + pids_limit: 1024 network: "mariadb" volumes: data: "mariadb_data" \ No newline at end of file diff --git a/roles/svc-db-postgres/config/main.yml b/roles/svc-db-postgres/config/main.yml index 339e2a46..5c307192 100644 --- a/roles/svc-db-postgres/config/main.yml +++ b/roles/svc-db-postgres/config/main.yml @@ -2,13 +2,17 @@ docker: services: postgres: # Postgis is necessary for mobilizon - image: postgis/postgis - name: postgres + image: postgis/postgis + name: postgres # Please set an version in your inventory file! # Rolling release isn't recommended - version: "latest" + version: "latest" backup: database_routine: true + cpus: "2.0" + mem_reservation: "4g" + mem_limit: "6g" + pids_limit: 1024 volumes: data: "postgres_data" network: "postgres" \ No newline at end of file diff --git a/roles/web-app-confluence/config/main.yml b/roles/web-app-confluence/config/main.yml index 4dc6bc58..24a724f6 100644 --- a/roles/web-app-confluence/config/main.yml +++ b/roles/web-app-confluence/config/main.yml @@ -3,10 +3,14 @@ docker: services: database: enabled: true - application: - image: atlassian/confluence - version: latest - name: confluence + confluence: + image: atlassian/confluence + version: latest + name: confluence + cpus: "3.0" + mem_reservation: "6g" + mem_limit: "8g" + pids_limit: 2048 volumes: data: "confluence_data" features: diff --git a/roles/web-app-confluence/templates/docker-compose.yml.j2 b/roles/web-app-confluence/templates/docker-compose.yml.j2 index 66b22dca..a5875d5c 100644 --- a/roles/web-app-confluence/templates/docker-compose.yml.j2 +++ b/roles/web-app-confluence/templates/docker-compose.yml.j2 @@ -1,5 +1,5 @@ {% include 'roles/docker-compose/templates/base.yml.j2' %} - application: + confluence: {{ lookup('template', 'roles/docker-container/templates/build.yml.j2') | indent(4) }} image: "{{ CONFLUENCE_CUSTOM_IMAGE }}" container_name: "{{ CONFLUENCE_CONTAINER }}" diff --git a/roles/web-app-confluence/vars/main.yml b/roles/web-app-confluence/vars/main.yml index 9f6cb125..0431c72b 100644 --- a/roles/web-app-confluence/vars/main.yml +++ b/roles/web-app-confluence/vars/main.yml @@ -28,9 +28,9 @@ CONFLUENCE_OIDC_SCOPES: "openid,email,profile" CONFLUENCE_OIDC_UNIQUE_ATTRIBUTE: "{{ OIDC.ATTRIBUTES.USERNAME }}" ## Docker -CONFLUENCE_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.application.version') }}" -CONFLUENCE_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.application.image') }}" -CONFLUENCE_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.application.name') }}" +CONFLUENCE_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.confluence.version') }}" +CONFLUENCE_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.confluence.image') }}" +CONFLUENCE_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.confluence.name') }}" CONFLUENCE_DATA_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}" CONFLUENCE_CUSTOM_IMAGE: "{{ CONFLUENCE_IMAGE }}_custom" diff --git a/roles/web-app-gitlab/config/main.yml b/roles/web-app-gitlab/config/main.yml index 4dd10f74..2eb9c896 100644 --- a/roles/web-app-gitlab/config/main.yml +++ b/roles/web-app-gitlab/config/main.yml @@ -12,9 +12,13 @@ docker: database: enabled: true gitlab: - image: "gitlab/gitlab-ee" - version: "latest" - name: "gitlab" + image: "gitlab/gitlab-ee" + version: "latest" + name: "gitlab" + cpus: "4.0" + mem_reservation: "8g" + mem_limit: "12g" + pids_limit: 4096 volumes: data: "gitlab_data" logs: "gitlab_logs" diff --git a/roles/web-app-gitlab/templates/docker-compose.yml.j2 b/roles/web-app-gitlab/templates/docker-compose.yml.j2 index 22e774f6..4dee7140 100644 --- a/roles/web-app-gitlab/templates/docker-compose.yml.j2 +++ b/roles/web-app-gitlab/templates/docker-compose.yml.j2 @@ -1,6 +1,6 @@ {% include 'roles/docker-compose/templates/base.yml.j2' %} - web: + gitlab: image: "{{ GITLAB_IMAGE }}:{{ GITLAB_VERSION }}" hostname: '{{ GITLAB_HOSTNAME }}' container_name: "{{ GITLAB_CONTAINER }}" diff --git a/roles/web-app-jira/README.md b/roles/web-app-jira/README.md index 79fc139c..6e2f6e1b 100644 --- a/roles/web-app-jira/README.md +++ b/roles/web-app-jira/README.md @@ -17,7 +17,7 @@ The role builds a lean custom image on top of the official Jira Software image, * **JVM Auto-Tuning:** Safe calculation of `JVM_MINIMUM_MEMORY` / `JVM_MAXIMUM_MEMORY` with caps to avoid VM init errors. * **Health Checks:** Container healthcheck for quicker failure detection and stable automation. * **CSP & Canonical Domains:** Integrates with platform CSP and domain management. -* **Backup Ready:** Persistent data under `/var/atlassian/application-data/jira`. +* **Backup Ready:** Persistent data under `{{ JIRA_STORAGE_PATH }}`. ## Further Resources diff --git a/roles/web-app-jira/config/main.yml b/roles/web-app-jira/config/main.yml index c1bf66c1..8d90ebd8 100644 --- a/roles/web-app-jira/config/main.yml +++ b/roles/web-app-jira/config/main.yml @@ -4,10 +4,14 @@ docker: services: database: enabled: true - application: - image: atlassian/jira-software - version: latest - name: jira + jira: + image: atlassian/jira-software + version: latest + name: jira + cpus: "2.0" + mem_reservation: "4g" + mem_limit: "6g" + pids_limit: 2048 volumes: data: "jira_data" features: diff --git a/roles/web-app-jira/templates/Dockerfile.j2 b/roles/web-app-jira/templates/Dockerfile.j2 index d6126699..d7aef409 100644 --- a/roles/web-app-jira/templates/Dockerfile.j2 +++ b/roles/web-app-jira/templates/Dockerfile.j2 @@ -4,5 +4,5 @@ FROM "{{ JIRA_IMAGE }}:{{ JIRA_VERSION }}" # COPY ./plugins/atlassian-sso-dc-latest.obr /opt/atlassian/jira/atlassian-bundled-plugins/ # Ensure proper permissions for app data -RUN mkdir -p /var/atlassian/application-data/jira && \ - chown -R 2001:2001 /var/atlassian/application-data/jira +RUN mkdir -p {{ JIRA_STORAGE_PATH }} && \ + chown -R 2001:2001 {{ JIRA_STORAGE_PATH }} diff --git a/roles/web-app-jira/templates/docker-compose.yml.j2 b/roles/web-app-jira/templates/docker-compose.yml.j2 index f7098b56..6fe4eee8 100644 --- a/roles/web-app-jira/templates/docker-compose.yml.j2 +++ b/roles/web-app-jira/templates/docker-compose.yml.j2 @@ -1,6 +1,6 @@ {% include 'roles/docker-compose/templates/base.yml.j2' %} - application: + jira: {{ lookup('template', 'roles/docker-container/templates/build.yml.j2') | indent(4) }} image: "{{ JIRA_CUSTOM_IMAGE }}" container_name: "{{ JIRA_CONTAINER }}" @@ -8,7 +8,7 @@ ports: - "127.0.0.1:{{ ports.localhost.http[application_id] }}:8080" volumes: - - 'data:/var/atlassian/application-data/jira' + - 'data:{{ JIRA_STORAGE_PATH }}' {% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %} {% include 'roles/docker-container/templates/base.yml.j2' %} {% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %} diff --git a/roles/web-app-jira/vars/main.yml b/roles/web-app-jira/vars/main.yml index 02658555..0fde8eae 100644 --- a/roles/web-app-jira/vars/main.yml +++ b/roles/web-app-jira/vars/main.yml @@ -11,6 +11,7 @@ container_hostname: "{{ domains | get_domain(application_id) }}" ## URLs JIRA_URL: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}" JIRA_HOSTNAME: "{{ container_hostname }}" +JIRA_STORAGE_PATH: "/var/atlassian/application-data/jira" ## OIDC JIRA_OIDC_ENABLED: "{{ applications | get_app_conf(application_id, 'features.oidc') }}" @@ -27,9 +28,9 @@ JIRA_OIDC_SCOPES: "openid,email,profile" JIRA_OIDC_UNIQUE_ATTRIBUTE: "{{ OIDC.ATTRIBUTES.USERNAME }}" ## Docker -JIRA_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.application.version') }}" -JIRA_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.application.image') }}" -JIRA_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.application.name') }}" +JIRA_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.jira.version') }}" +JIRA_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.jira.image') }}" +JIRA_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.jira.name') }}" JIRA_DATA_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}" JIRA_CUSTOM_IMAGE: "{{ JIRA_IMAGE }}_custom" diff --git a/roles/web-app-keycloak/config/main.yml b/roles/web-app-keycloak/config/main.yml index 9ea49d0a..725807d0 100644 --- a/roles/web-app-keycloak/config/main.yml +++ b/roles/web-app-keycloak/config/main.yml @@ -36,9 +36,13 @@ scopes: docker: services: keycloak: - image: "quay.io/keycloak/keycloak" - version: "latest" - name: "keycloak" + image: "quay.io/keycloak/keycloak" + version: "latest" + name: "keycloak" + cpus: "2.0" + mem_reservation: "2g" + mem_limit: "4g" + pids_limit: 1024 database: enabled: true diff --git a/roles/web-app-keycloak/templates/docker-compose.yml.j2 b/roles/web-app-keycloak/templates/docker-compose.yml.j2 index 2ffda9c1..6e47dbd1 100644 --- a/roles/web-app-keycloak/templates/docker-compose.yml.j2 +++ b/roles/web-app-keycloak/templates/docker-compose.yml.j2 @@ -1,6 +1,6 @@ {% include 'roles/docker-compose/templates/base.yml.j2' %} - application: + keycloak: image: "{{ KEYCLOAK_IMAGE }}:{{ KEYCLOAK_VERSION }}" container_name: {{ KEYCLOAK_CONTAINER }} command: start{% if KEYCLOAK_REALM_IMPORT_ENABLED %} --import-realm{% endif %}{% if KEYCLOAK_DEBUG_ENABLED %} --verbose{% endif %} diff --git a/roles/web-app-nextcloud/config/main.yml b/roles/web-app-nextcloud/config/main.yml index d692fbf5..69300f1b 100644 --- a/roles/web-app-nextcloud/config/main.yml +++ b/roles/web-app-nextcloud/config/main.yml @@ -25,7 +25,7 @@ docker: services: redis: enabled: true - database: + database: enabled: true nextcloud: name: "nextcloud" @@ -33,6 +33,10 @@ docker: version: "production-fpm-alpine" backup: no_stop_required: true + cpus: "2.0" + mem_reservation: "2g" + mem_limit: "3g" + pids_limit: 512 proxy: name: "nextcloud-proxy" image: "nginx" diff --git a/roles/web-app-wordpress/config/main.yml b/roles/web-app-wordpress/config/main.yml index 18d3d5ac..816c7b53 100644 --- a/roles/web-app-wordpress/config/main.yml +++ b/roles/web-app-wordpress/config/main.yml @@ -45,11 +45,11 @@ server: docker: services: database: - enabled: true + enabled: true wordpress: - version: latest - image: wordpress - name: wordpress + version: latest + image: wordpress + name: wordpress backup: no_stop_required: true volumes: