feat(rocketchat): standalone Docker stack + split provisioner pattern (misp-style)#189
Open
t0kubetsu wants to merge 5 commits into
Open
feat(rocketchat): standalone Docker stack + split provisioner pattern (misp-style)#189t0kubetsu wants to merge 5 commits into
t0kubetsu wants to merge 5 commits into
Conversation
Add an admin-rocketchat box template (Debian, template-vm-debian-trixie-medium) that bootstraps the existing 03_container_layer/docker/admin/rocketchat compose stack: firewall (22/3000) -> Docker baseline -> software.install.rocketchat. - New role software.install.rocketchat: rsyncs the catalog Rocket.Chat stack onto the box and brings it up, delegating to software.configure.docker-compose (no stack duplication; env-lookup path lives in role defaults, not in the injection-guarded box-template params). - software.configure.docker-compose: was Ubuntu-only (silent no-op on Debian); broadened the deploy gate to ['Ubuntu','Debian'] and renamed tasks/ubuntu -> tasks/debian-based to match the basic_packages convention. Tasks are apt/rsync based, so behaviour on Ubuntu is unchanged.
Sync the rocketchat-deployable fixes proven on dev_ada so PR #189 reflects a working end-to-end deploy on Debian: - admin-rocketchat box template: drop NTP-and-update-time (no reachable NTP in egress-filtered ranges; host kvm-clock is correct). - software.install.warmup.basic_packages docker path: Debian-clean — drop Ubuntu-only software-properties-common, use keyring instead of removed apt-key, install the docker compose v2 plugin + python Docker SDK (ubuntu/ tasks -> debian-based/). - software.configure.docker-compose: retry `docker compose up` on transient registry/mirror timeouts. - rocketchat stack: MongoDB 6.0 -> 8.0 (rocket.chat:latest is 8.4.3, needs >=8); Node-based healthcheck on /health + provisioner curl + /api/info readiness (rocket.chat image ships no curl; /api/v1/info is 404 on 8.x). Deployed clean: Rocket.Chat 8.4.3 healthy on :3000 with provisioning.
Contributor
Author
🔗 test_rocketchat deploy chain (verified end-to-end on
|
5 tasks
…er scripts Mirrors the misp-standalone provisioner pattern: dedicated one-shot Alpine provisioner service with scripts volume-mounted at runtime (not baked in), team/org-aware env config, auto-generated passwords, and structured credentials output. - Remove provisioning/init.sh + provisioning/users.yml - Add provision.sh (orchestrator, ENTRYPOINT), provision-users.sh (creates instructor + team accounts, writes /tokens/rc-credentials.json + .provisioned stamp), provision-tokens.sh (generates PATs, writes /tokens/tokens.txt) - Dockerfile: simplify to Alpine + bash/curl/jq/openssl, no COPY - compose.yml: provisioner uses env_file + 3 read-only volume mounts - .env.example: add RC_TEAMS, RC_INSTRUCTOR_ORG, RC_INSTRUCTOR_COUNT, RC_USERS_PER_TEAM, RC_USER_DOMAIN - Makefile: add keys target (rc-credentials.json), update help text - README.md: document new architecture, env vars, both output files
Brings the branch back in sync with dev for these two layers: - Replace debian-based docker tasks with ubuntu equivalents - Remove software.install.rocketchat Ansible role (not present on dev) - Remove admin-rocketchat box template (not present on dev)
t0kubetsu
changed the title
t0kubetsu
changed the title
Contributor
Author
|
Deployment prerequisite — Before running the scenario, the stack directory on the deployer's catalog copy must have a Workaround (until resolved at the catalog level): cd /path/to/range42-catalog/03_container_layer/docker/admin/rocketchat-bootstrap
cp .env.example .envAll defaults in |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds the Rocket.Chat admin box and brings the stack/roles to a working end-to-end deploy, then refactors the provisioner to mirror the `misp-standalone` pattern.
What's in the PR
Ansible / topology (earlier commits)
Rocket.Chat Docker stack (this branch)
Credentials output
Both `chmod 600`. Retrieve via `make keys` / `make tokens`.
Dependency note
Stack deploys standalone; no dependency on other open dev PRs for the Docker layer. The Ansible role structure is intentionally absent from this branch (reverted to match dev).
Test plan