# Compose v2 x-common-env: &common-env env_file: - ../env/.env.runtime - ../env/.env.lock.db volumes: mongo1_data: {} mongo2_data: {} mongo3_data: {} vault_secrets: driver: local driver_opts: type: tmpfs device: tmpfs o: size=32m,uid=999,gid=999,mode=0750 pbm_cfg: driver: local driver_opts: type: tmpfs device: tmpfs o: size=16m,uid=0,gid=0,mode=0750 services: vault-agent-sendico: <<: *common-env image: hashicorp/vault:latest container_name: vault-agent-sendico restart: unless-stopped cap_add: ["IPC_LOCK"] environment: VAULT_ADDR: ${VAULT_ADDR} volumes: - ./vault/agent.hcl:/etc/vault/agent.hcl:ro - ./vault/templates:/etc/vault/templates:ro - /opt/sendico/vault/sendico-db/role_id:/vault/role_id:ro - /opt/sendico/vault/sendico-db/secret_id:/vault/secret_id:ro - vault_secrets:/vault/secrets:rw - pbm_cfg:/etc/backup:rw command: sh -lc 'vault agent -config=/etc/vault/agent.hcl' healthcheck: test: ["CMD-SHELL","test -s /vault/secrets/MONGO_INITDB_ROOT_USERNAME -a -s /vault/secrets/MONGO_INITDB_ROOT_PASSWORD -a -s /vault/secrets/mongo.kf -a -s /etc/backup/pbm.env -a -s /etc/backup/.u -a -s /etc/backup/.p"] interval: 5s timeout: 3s retries: 30 start_period: 5s sendico_db1: <<: *common-env image: ${MONGO_IMAGE} container_name: sendico_db1 restart: unless-stopped depends_on: { vault-agent-sendico: { condition: service_healthy } } entrypoint: ["/usr/local/bin/mongo-entrypoint-wrapper.sh"] command: > mongod --replSet ${MONGO_REPLICA_SET} --bind_ip_all --auth --keyFile /vault/secrets/mongo.kf --port ${MONGO_PORT} volumes: - mongo1_data:/data/db - vault_secrets:/vault/secrets:ro - ./ops/mongo-entrypoint.sh:/usr/local/bin/mongo-entrypoint-wrapper.sh:ro healthcheck: test: ["CMD-SHELL","mongosh --quiet --host localhost --port ${MONGO_PORT} --eval 'db.runCommand({ ping: 1 }).ok' || exit 1"] interval: 10s timeout: 5s retries: 10 start_period: 30s ports: [ "0.0.0.0:${MONGO_PORT}:${MONGO_PORT}" ] sendico_db2: <<: *common-env image: ${MONGO_IMAGE} container_name: sendico_db2 restart: unless-stopped depends_on: { vault-agent-sendico: { condition: service_healthy } } entrypoint: ["/usr/local/bin/mongo-entrypoint-wrapper.sh"] command: > mongod --replSet ${MONGO_REPLICA_SET} --bind_ip_all --auth --keyFile /vault/secrets/mongo.kf --port ${MONGO_PORT} volumes: - mongo2_data:/data/db - vault_secrets:/vault/secrets:ro - ./ops/mongo-entrypoint.sh:/usr/local/bin/mongo-entrypoint-wrapper.sh:ro healthcheck: test: ["CMD-SHELL","mongosh --quiet --host localhost --port ${MONGO_PORT} --eval 'db.runCommand({ ping: 1 }).ok' || exit 1"] interval: 10s timeout: 5s retries: 10 start_period: 30s sendico_db3: <<: *common-env image: ${MONGO_IMAGE} container_name: sendico_db3 restart: unless-stopped depends_on: { vault-agent-sendico: { condition: service_healthy } } entrypoint: ["/usr/local/bin/mongo-entrypoint-wrapper.sh"] command: > mongod --replSet ${MONGO_REPLICA_SET} --bind_ip_all --auth --keyFile /vault/secrets/mongo.kf --port ${MONGO_PORT} volumes: - mongo3_data:/data/db - vault_secrets:/vault/secrets:ro - ./ops/mongo-entrypoint.sh:/usr/local/bin/mongo-entrypoint-wrapper.sh:ro healthcheck: test: ["CMD-SHELL","mongosh --quiet --host localhost --port ${MONGO_PORT} --eval 'db.runCommand({ ping: 1 }).ok' || exit 1"] interval: 10s timeout: 5s retries: 10 start_period: 30s mongo_setup: <<: *common-env image: ${MONGO_IMAGE} depends_on: sendico_db1: { condition: service_healthy } sendico_db2: { condition: service_healthy } sendico_db3: { condition: service_healthy } volumes: - vault_secrets:/vault/secrets:ro entrypoint: | bash -c ' u=$(cat /vault/secrets/MONGO_INITDB_ROOT_USERNAME) p=$(cat /vault/secrets/MONGO_INITDB_ROOT_PASSWORD) until mongosh --quiet --host sendico_db1 --port ${MONGO_PORT} --eval "db.adminCommand({ ping: 1 })"; do echo "waiting for MongoDB…"; sleep 2; done mongosh --host sendico_db1 --port ${MONGO_PORT} -u "$$u" -p "$$p" --authenticationDatabase admin <<'EOJS' try { rs.status() } catch (e) { rs.initiate({ _id: "${MONGO_REPLICA_SET}", members: [ { _id: 0, host: "sendico_db1:${MONGO_PORT}", priority: 2 }, { _id: 1, host: "sendico_db2:${MONGO_PORT}", priority: 1 }, { _id: 2, host: "sendico_db3:${MONGO_PORT}", priority: 1 } ] }) } EOJS ' restart: "no" pbm-agent-1: <<: *common-env image: percona/percona-backup-mongodb:latest container_name: pbm-agent-1 restart: unless-stopped depends_on: sendico_db1: { condition: service_healthy } vault-agent-sendico: { condition: service_healthy } volumes: - pbm_cfg:/etc/backup:ro command: | sh -lc ' . /etc/backup/pbm.env U=$$(cat /etc/backup/.u) ; P=$$(cat /etc/backup/.p) export AWS_EC2_METADATA_DISABLED=true export PBM_MONGODB_URI="mongodb://$${U}:$${P}@sendico_db1:${MONGO_PORT}/?authSource=${MONGO_AUTH_SOURCE}&replicaSet=${MONGO_REPLICA_SET}" exec pbm-agent --config=/etc/backup/pbm-config.yaml ' pbm-agent-2: <<: *common-env image: percona/percona-backup-mongodb:latest container_name: pbm-agent-2 restart: unless-stopped depends_on: sendico_db2: { condition: service_healthy } vault-agent-sendico: { condition: service_healthy } volumes: - pbm_cfg:/etc/backup:ro command: | sh -lc ' . /etc/backup/pbm.env U=$$(cat /etc/backup/.u) ; P=$$(cat /etc/backup/.p) export AWS_EC2_METADATA_DISABLED=true export PBM_MONGODB_URI="mongodb://$${U}:$${P}@sendico_db2:${MONGO_PORT}/?authSource=${MONGO_AUTH_SOURCE}&replicaSet=${MONGO_REPLICA_SET}" exec pbm-agent --config=/etc/backup/pbm-config.yaml ' pbm-agent-3: <<: *common-env image: percona/percona-backup-mongodb:latest container_name: pbm-agent-3 restart: unless-stopped depends_on: sendico_db3: { condition: service_healthy } vault-agent-sendico: { condition: service_healthy } volumes: - pbm_cfg:/etc/backup:ro command: | sh -lc ' . /etc/backup/pbm.env U=$$(cat /etc/backup/.u) ; P=$$(cat /etc/backup/.p) export AWS_EC2_METADATA_DISABLED=true export PBM_MONGODB_URI="mongodb://$${U}:$${P}@sendico_db3:${MONGO_PORT}/?authSource=${MONGO_AUTH_SOURCE}&replicaSet=${MONGO_REPLICA_SET}" exec pbm-agent --config=/etc/backup/pbm-config.yaml '