Update to production Vault with service names

2025-06-01 14:30:09 +03:00 · 2025-06-01 14:30:09 +03:00 · 3018c3ee15
commit 3018c3ee15
parent 25d910cef7
3 changed files with 20 additions and 10 deletions
--- a/docker-compose.portainer.yml
+++ b/docker-compose.portainer.yml
@ -12,10 +12,16 @@ services:
      - VAULT_SECRET_ID=6b3ecc3c-9436-7f04-022f-8b1ce0ac09ee
      - VAULT_SECRET_PATH=secret/data/mikrotik-bot
      - DATABASE_PATH=/app/data/bot.db
+      # Fallback environment variables (если Vault недоступен)
+      - BOT_TOKEN=1269908167:AAGaP1-joabDy87Hy6NyuS_KOjr75jrp4bI
+      - ROUTER_HOST=10.10.10.1
+      - ROUTER_USER=admin
+      - ROUTER_PASSWORD=4040Slonov
+      - ALLOWED_USER_IDS=  # Оставляем пустым для открытого доступа (временно)
    volumes:
      - mikrotik_bot_data:/app/data
    ports:
-      - "8001:8000"  # Health check endpoint
+      - "8008:8000"  # Health check endpoint
    networks:
      - bot-network
    labels:
--- a/docker-compose.production.yml
+++ b/docker-compose.production.yml
@ -2,21 +2,22 @@ version: '3.8'

 services:
  mikrotik-bot:
-    image: 10.10.30.121:5000/mikrotik-bot:latest
+    image: registry:5000/mikrotik-bot:latest
    container_name: mikrotik-bot-production
    restart: unless-stopped
    environment:
-      # Vault AppRole credentials (безопасно)
-      - VAULT_ADDR=http://10.10.30.121:8200
-      - VAULT_ROLE_ID=ba8d3d21-263e-4d92-8ffe-ef803017cef5
-      - VAULT_SECRET_ID=6b3ecc3c-9436-7f04-022f-8b1ce0ac09ee
-      - VAULT_SECRET_PATH=secret/data/mikrotik-bot
+      # Production Vault AppRole credentials
+      - VAULT_ADDR=http://vault:8200
+      - VAULT_ROLE_ID=b8248e4d-d22a-1f7e-37f0-b2e0c36679cd
+      - VAULT_SECRET_ID=5c6982ea-cdb1-94ce-0261-685852f36531
+      - VAULT_SECRET_PATH=kv/data/mikrotik-bot
      - DATABASE_PATH=/app/data/bot.db
    volumes:
      - mikrotik_bot_data:/app/data
    ports:
-      - "8000:8000"  # Health check endpoint
+      - "8008:8000"  # Health check endpoint
    networks:
+      - proxmox-services
      - bot-network
    depends_on:
      - watchtower
@ -31,14 +32,17 @@ services:
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
-      - WATCHTOWER_POLL_INTERVAL=60  # Проверять каждые 60 секунд
+      - WATCHTOWER_POLL_INTERVAL=60
      - WATCHTOWER_LABEL_ENABLE=true
      - WATCHTOWER_CLEANUP=true
    command: --interval 60 --label-enable --cleanup
    networks:
+      - proxmox-services
      - bot-network
      
 networks:
+  proxmox-services:
+    external: true
  bot-network:
    driver: bridge
    
--- a/vault_client.py
+++ b/vault_client.py
@ -11,7 +11,7 @@ class VaultClient:
        self.vault_addr = os.environ.get('VAULT_ADDR', 'http://localhost:8200')
        self.role_id = os.environ.get('VAULT_ROLE_ID')
        self.secret_id = os.environ.get('VAULT_SECRET_ID')
-        self.secret_path = os.environ.get('VAULT_SECRET_PATH', 'secret/data/mikrotik-bot')
+        self.secret_path = os.environ.get('VAULT_SECRET_PATH', 'kv/data/mikrotik-bot')
        self.token = None
        
    def authenticate(self) -> bool: