feat(services): add CPU/RAM/PIDs defaults for heavy roles and align service names

Add per-service resource overrides (cpus, mem_reservation, mem_limit, pids_limit) for ollama, mariadb, postgres, confluence, gitlab, jira, keycloak, nextcloud; light formatting fixes in wordpress. Rename service keys from generic 'application/web' to concrete names (jira, confluence, gitlab, keycloak) and update compose templates accordingly. Jira: introduce JIRA_STORAGE_PATH and switch mounts/README accordingly. https://chatgpt.com/share/68d2d96c-9bf4-800f-bbec-d4f2c0051c06
2025-09-24 11:06:24 +02:00 · 2025-09-23 21:43:50 +02:00
parent ff7b7aeb2d
commit 426ba32c11
17 changed files with 77 additions and 43 deletions
--- a/roles/svc-ai-ollama/config/main.yml
+++ b/roles/svc-ai-ollama/config/main.yml
@@ -9,6 +9,10 @@ docker:
      version:            latest
      name:               ollama
      port:               11434
+      cpus:               "4.0"
+      mem_reservation:    "6g"
+      mem_limit:          "8g"
+      pids_limit:         2048
  volumes:
    models:     "ollama_models"
  network:      "ollama"
--- a/roles/svc-db-mariadb/config/main.yml
+++ b/roles/svc-db-mariadb/config/main.yml
@@ -6,6 +6,11 @@ docker:
      name:               "mariadb"
      backup:
        database_routine: true
+      # Performance Variables aren't used yet, but will be in the future as soon as an docker file is implemented
+      cpus:               "2.0"
+      mem_reservation:    "2g"
+      mem_limit:          "4g"
+      pids_limit:         1024
  network:              "mariadb"
  volumes:
    data:               "mariadb_data"
--- a/roles/svc-db-postgres/config/main.yml
+++ b/roles/svc-db-postgres/config/main.yml
@@ -9,6 +9,10 @@ docker:
      version:            "latest"
      backup:
        database_routine: true
+      cpus:               "2.0"
+      mem_reservation:    "4g"
+      mem_limit:          "6g"
+      pids_limit:         1024
  volumes:
    data:     "postgres_data"
  network:    "postgres"
--- a/roles/web-app-confluence/config/main.yml
+++ b/roles/web-app-confluence/config/main.yml
@@ -3,10 +3,14 @@ docker:
  services:
    database:
      enabled:      true
-    application:
+    confluence:
      image:            atlassian/confluence
      version:          latest
      name:             confluence
+      cpus:             "3.0"
+      mem_reservation:  "6g"
+      mem_limit:        "8g"
+      pids_limit:       2048
  volumes:
    data:           "confluence_data"
 features:
--- a/roles/web-app-confluence/templates/docker-compose.yml.j2
+++ b/roles/web-app-confluence/templates/docker-compose.yml.j2
@@ -1,5 +1,5 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
-  application:
+  confluence:
    {{ lookup('template', 'roles/docker-container/templates/build.yml.j2') | indent(4) }}
    image: "{{ CONFLUENCE_CUSTOM_IMAGE }}"
    container_name: "{{ CONFLUENCE_CONTAINER }}"
--- a/roles/web-app-confluence/vars/main.yml
+++ b/roles/web-app-confluence/vars/main.yml
@@ -28,9 +28,9 @@ CONFLUENCE_OIDC_SCOPES:           "openid,email,profile"
 CONFLUENCE_OIDC_UNIQUE_ATTRIBUTE: "{{ OIDC.ATTRIBUTES.USERNAME }}"

 ## Docker
-CONFLUENCE_VERSION:               "{{ applications | get_app_conf(application_id, 'docker.services.application.version') }}"
-CONFLUENCE_IMAGE:                 "{{ applications | get_app_conf(application_id, 'docker.services.application.image') }}"
-CONFLUENCE_CONTAINER:             "{{ applications | get_app_conf(application_id, 'docker.services.application.name') }}"
+CONFLUENCE_VERSION:               "{{ applications | get_app_conf(application_id, 'docker.services.confluence.version') }}"
+CONFLUENCE_IMAGE:                 "{{ applications | get_app_conf(application_id, 'docker.services.confluence.image') }}"
+CONFLUENCE_CONTAINER:             "{{ applications | get_app_conf(application_id, 'docker.services.confluence.name') }}"
 CONFLUENCE_DATA_VOLUME:           "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
 CONFLUENCE_CUSTOM_IMAGE:          "{{ CONFLUENCE_IMAGE }}_custom"

--- a/roles/web-app-gitlab/config/main.yml
+++ b/roles/web-app-gitlab/config/main.yml
@@ -15,6 +15,10 @@ docker:
      image:            "gitlab/gitlab-ee"
      version:          "latest"
      name:             "gitlab"
+      cpus:             "4.0"
+      mem_reservation:  "8g"
+      mem_limit:        "12g"
+      pids_limit:        4096
  volumes:
    data:           "gitlab_data"
    logs:           "gitlab_logs"
--- a/roles/web-app-gitlab/templates/docker-compose.yml.j2
+++ b/roles/web-app-gitlab/templates/docker-compose.yml.j2
@@ -1,6 +1,6 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}

-  web:
+  gitlab:
    image: "{{ GITLAB_IMAGE }}:{{ GITLAB_VERSION }}"
    hostname: '{{ GITLAB_HOSTNAME }}'
    container_name:  "{{ GITLAB_CONTAINER }}"
--- a/roles/web-app-jira/README.md
+++ b/roles/web-app-jira/README.md
@@ -17,7 +17,7 @@ The role builds a lean custom image on top of the official Jira Software image,
 * **JVM Auto-Tuning:** Safe calculation of `JVM_MINIMUM_MEMORY` / `JVM_MAXIMUM_MEMORY` with caps to avoid VM init errors.
 * **Health Checks:** Container healthcheck for quicker failure detection and stable automation.
 * **CSP & Canonical Domains:** Integrates with platform CSP and domain management.
-* **Backup Ready:** Persistent data under `/var/atlassian/application-data/jira`.
+* **Backup Ready:** Persistent data under `{{ JIRA_STORAGE_PATH }}`.

 ## Further Resources

--- a/roles/web-app-jira/config/main.yml
+++ b/roles/web-app-jira/config/main.yml
@@ -4,10 +4,14 @@ docker:
  services:
    database:
      enabled:      true
-    application:
+    jira:
      image:            atlassian/jira-software
      version:          latest
      name:             jira
+      cpus:             "2.0"
+      mem_reservation:  "4g"
+      mem_limit:        "6g"
+      pids_limit:       2048
  volumes:
    data:           "jira_data"
 features:
--- a/roles/web-app-jira/templates/Dockerfile.j2
+++ b/roles/web-app-jira/templates/Dockerfile.j2
@@ -4,5 +4,5 @@ FROM "{{ JIRA_IMAGE }}:{{ JIRA_VERSION }}"
 # COPY ./plugins/atlassian-sso-dc-latest.obr /opt/atlassian/jira/atlassian-bundled-plugins/

 # Ensure proper permissions for app data
-RUN mkdir -p /var/atlassian/application-data/jira && \
-    chown -R 2001:2001 /var/atlassian/application-data/jira
+RUN mkdir -p {{ JIRA_STORAGE_PATH }} && \
+    chown -R 2001:2001 {{ JIRA_STORAGE_PATH }}
--- a/roles/web-app-jira/templates/docker-compose.yml.j2
+++ b/roles/web-app-jira/templates/docker-compose.yml.j2
@@ -1,6 +1,6 @@

 {% include 'roles/docker-compose/templates/base.yml.j2' %}
-  application:
+  jira:
    {{ lookup('template', 'roles/docker-container/templates/build.yml.j2') | indent(4) }}
    image: "{{ JIRA_CUSTOM_IMAGE }}"
    container_name: "{{ JIRA_CONTAINER }}"
@@ -8,7 +8,7 @@
    ports:
      - "127.0.0.1:{{ ports.localhost.http[application_id] }}:8080"
    volumes:
-      - 'data:/var/atlassian/application-data/jira'
+      - 'data:{{ JIRA_STORAGE_PATH }}'
 {% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
 {% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
--- a/roles/web-app-jira/vars/main.yml
+++ b/roles/web-app-jira/vars/main.yml
@@ -11,6 +11,7 @@ container_hostname:           "{{ domains | get_domain(application_id) }}"
 ## URLs
 JIRA_URL:                     "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
 JIRA_HOSTNAME:                "{{ container_hostname }}"
+JIRA_STORAGE_PATH:            "/var/atlassian/application-data/jira"

 ## OIDC
 JIRA_OIDC_ENABLED:            "{{ applications | get_app_conf(application_id, 'features.oidc') }}"
@@ -27,9 +28,9 @@ JIRA_OIDC_SCOPES:             "openid,email,profile"
 JIRA_OIDC_UNIQUE_ATTRIBUTE:   "{{ OIDC.ATTRIBUTES.USERNAME }}"

 ## Docker
-JIRA_VERSION:                 "{{ applications | get_app_conf(application_id, 'docker.services.application.version') }}"
-JIRA_IMAGE:                   "{{ applications | get_app_conf(application_id, 'docker.services.application.image') }}"
-JIRA_CONTAINER:               "{{ applications | get_app_conf(application_id, 'docker.services.application.name') }}"
+JIRA_VERSION:                 "{{ applications | get_app_conf(application_id, 'docker.services.jira.version') }}"
+JIRA_IMAGE:                   "{{ applications | get_app_conf(application_id, 'docker.services.jira.image') }}"
+JIRA_CONTAINER:               "{{ applications | get_app_conf(application_id, 'docker.services.jira.name') }}"
 JIRA_DATA_VOLUME:             "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
 JIRA_CUSTOM_IMAGE:            "{{ JIRA_IMAGE }}_custom"

--- a/roles/web-app-keycloak/config/main.yml
+++ b/roles/web-app-keycloak/config/main.yml
@@ -39,6 +39,10 @@ docker:
      image:            "quay.io/keycloak/keycloak"
      version:          "latest"
      name:             "keycloak"
+      cpus:             "2.0"
+      mem_reservation:  "2g"
+      mem_limit:        "4g"
+      pids_limit:       1024
    database:
      enabled: true

--- a/roles/web-app-keycloak/templates/docker-compose.yml.j2
+++ b/roles/web-app-keycloak/templates/docker-compose.yml.j2
@@ -1,6 +1,6 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}

-  application:
+  keycloak:
    image: "{{ KEYCLOAK_IMAGE }}:{{ KEYCLOAK_VERSION }}"
    container_name: {{ KEYCLOAK_CONTAINER }}
    command: start{% if KEYCLOAK_REALM_IMPORT_ENABLED %} --import-realm{% endif %}{% if KEYCLOAK_DEBUG_ENABLED %} --verbose{% endif %}
--- a/roles/web-app-nextcloud/config/main.yml
+++ b/roles/web-app-nextcloud/config/main.yml
@@ -33,6 +33,10 @@ docker:
      version:  "production-fpm-alpine"
      backup:
        no_stop_required: true
+      cpus:               "2.0"
+      mem_reservation:    "2g"
+      mem_limit:          "3g"
+      pids_limit:         512
    proxy: 
      name:     "nextcloud-proxy"
      image:    "nginx"