From 3018c3ee150a96d1e68ffe1d9856c65aad6230ea Mon Sep 17 00:00:00 2001 From: stakost Date: Sun, 1 Jun 2025 14:30:09 +0300 Subject: [PATCH] Update to production Vault with service names --- docker-compose.portainer.yml | 8 +++++++- docker-compose.production.yml | 20 ++++++++++++-------- vault_client.py | 2 +- 3 files changed, 20 insertions(+), 10 deletions(-) diff --git a/docker-compose.portainer.yml b/docker-compose.portainer.yml index 2025f57..ce3bd37 100644 --- a/docker-compose.portainer.yml +++ b/docker-compose.portainer.yml @@ -12,10 +12,16 @@ services: - VAULT_SECRET_ID=6b3ecc3c-9436-7f04-022f-8b1ce0ac09ee - VAULT_SECRET_PATH=secret/data/mikrotik-bot - DATABASE_PATH=/app/data/bot.db + # Fallback environment variables (если Vault недоступен) + - BOT_TOKEN=1269908167:AAGaP1-joabDy87Hy6NyuS_KOjr75jrp4bI + - ROUTER_HOST=10.10.10.1 + - ROUTER_USER=admin + - ROUTER_PASSWORD=4040Slonov + - ALLOWED_USER_IDS= # Оставляем пустым для открытого доступа (временно) volumes: - mikrotik_bot_data:/app/data ports: - - "8001:8000" # Health check endpoint + - "8008:8000" # Health check endpoint networks: - bot-network labels: diff --git a/docker-compose.production.yml b/docker-compose.production.yml index 3a94535..9c01ce7 100644 --- a/docker-compose.production.yml +++ b/docker-compose.production.yml @@ -2,21 +2,22 @@ version: '3.8' services: mikrotik-bot: - image: 10.10.30.121:5000/mikrotik-bot:latest + image: registry:5000/mikrotik-bot:latest container_name: mikrotik-bot-production restart: unless-stopped environment: - # Vault AppRole credentials (безопасно) - - VAULT_ADDR=http://10.10.30.121:8200 - - VAULT_ROLE_ID=ba8d3d21-263e-4d92-8ffe-ef803017cef5 - - VAULT_SECRET_ID=6b3ecc3c-9436-7f04-022f-8b1ce0ac09ee - - VAULT_SECRET_PATH=secret/data/mikrotik-bot + # Production Vault AppRole credentials + - VAULT_ADDR=http://vault:8200 + - VAULT_ROLE_ID=b8248e4d-d22a-1f7e-37f0-b2e0c36679cd + - VAULT_SECRET_ID=5c6982ea-cdb1-94ce-0261-685852f36531 + - VAULT_SECRET_PATH=kv/data/mikrotik-bot - DATABASE_PATH=/app/data/bot.db volumes: - mikrotik_bot_data:/app/data ports: - - "8000:8000" # Health check endpoint + - "8008:8000" # Health check endpoint networks: + - proxmox-services - bot-network depends_on: - watchtower @@ -31,14 +32,17 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock environment: - - WATCHTOWER_POLL_INTERVAL=60 # Проверять каждые 60 секунд + - WATCHTOWER_POLL_INTERVAL=60 - WATCHTOWER_LABEL_ENABLE=true - WATCHTOWER_CLEANUP=true command: --interval 60 --label-enable --cleanup networks: + - proxmox-services - bot-network networks: + proxmox-services: + external: true bot-network: driver: bridge diff --git a/vault_client.py b/vault_client.py index 0c2da88..a9b7c1f 100644 --- a/vault_client.py +++ b/vault_client.py @@ -11,7 +11,7 @@ class VaultClient: self.vault_addr = os.environ.get('VAULT_ADDR', 'http://localhost:8200') self.role_id = os.environ.get('VAULT_ROLE_ID') self.secret_id = os.environ.get('VAULT_SECRET_ID') - self.secret_path = os.environ.get('VAULT_SECRET_PATH', 'secret/data/mikrotik-bot') + self.secret_path = os.environ.get('VAULT_SECRET_PATH', 'kv/data/mikrotik-bot') self.token = None def authenticate(self) -> bool: