Hi Everyone,
I am a huge fan of Nomad and recently converted from Kubernetes due to the fact that we are moving to Nomad at my job to run all of our production workloads. We also use Vault, Consul, and Terraform so we are a very Hashicorp centric company.
The problem I am running into is with creating the Nomad job file for the OWASP tool, “Defect Dojo.” I have scoured the docs and have found helpful things such as the task dependencies being achieved through the lifecycle stanza and the prestart statement, but where I am confused is with the fact that the docker-compose.yml file defines multiple services that all share the same image. Here is a link to the docker-compose.yml:
The services used are:
- nginx (defectdojo/defectdojo-nginx:latest)
- uwsgi (defectdojo/defectdojo-django:latest)
- celerybeat (defectdojo/defectdojo-django:latest)
- celeryworker (defectdojo/defectdojo-django:latest)
- initializer (defectdojo/defectdojo-django:latest)
- mysql (mysql/mysql:latest)
I also read on this forum that I could think of Nomad tasks as loosly equal to docker-compose services, so I took a crack at writing the Nomad job file. Any help would be greatly appreciated. This is what I came up with but it didn’t work: (I dont have the mysql component here because I already have it running fronted by Fabio – which is also why its defined on port 3308):
job "defectdojo" {
datacenters = ["wdc"]
type = "service"
group "nginx" {
network {
port "nginx" {
static = "8443"
}
}
service {
name = "nginx"
port = "nginx"
check {
type = "tcp"
port = "nginx"
interval = "10s"
timeout = "2s"
}
}
task "initializer" {
driver = "docker"
config {
image = "defectdojo/defectdojo-django:latest"
entrypoint = ["/wait-for-it.sh", "mysql:3306", "--", "/entrypoint-initializer.sh"]
mounts = [
{
type = "bind"
target = "/app/docker/extra_settings"
source = "./docker/extra_settings"
}
]
}
resources {
cpu = 200
memory = 128
}
service {
name = "initializer"
}
env {
DD_DATABASE_URL="mysql://defectdojo:defectdojo@mysql.service.consul:3308/defectdojo"
DD_ADMIN_USER="admin"
DD_ADMIN_MAIL="first.last@company.com"
DD_ADMIN_FIRST_NAME="Admin"
DD_ADMIN_LAST_NAME="User"
DD_INITIALIZE="true"
DD_SECRET_KEY="hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq}"
DD_CREDENTIAL_AES_256_KEY="&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw"
}
}
task "celeryworker" {
driver = "docker"
config {
image = "defectdojo/defectdojo-django:latest"
entrypoint = ["/wait-for-it.sh", "mysql:3306", "-t", "30", "--", "/entrypoint-celery-worker.sh"]
mounts = [
{
type = "bind"
target = "/app/docker/extra_settings"
source = "./docker/extra_settings"
}
]
}
resources {
cpu = 200
memory = 128
}
service {
name = "celeryworker"
}
env {
DD_DATABASE_URL="mysql://defectdojo:defectdojo@mysql.service.consul:3308/defectdojo"
DD_CELERY_BROKER_USER="guest"
DD_CELERY_BROKER_PASSWORD="guest"
DD_SECRET_KEY="hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq"
DD_CREDENTIAL_AES_256_KEY="&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw"
}
}
task "celerybeat" {
driver = "docker"
config {
entrypoint = ["/wait-for-it.sh", "mysql:3306", "-t", "30", "--", "/entrypoint-celery-beat.sh"]
mounts [
{
type = "bind"
target = "/app/docker/extra_settings"
source = "./docker/extra_settings"
}
]
}
resources {
cpu = 200
memory = 128
}
service {
name = "celerybeat"
}
env {
DD_DATABASE_URL="mysql://defectdojo:defectdojo@mysql.service.consul:3308/defectdojo"
DD_CELERY_BROKER_USER="guest"
DD_CELERY_BROKER_PASSWORD="guest"
DD_SECRET_KEY="hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq"
DD_CREDENTIAL_AES_256_KEY="&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw"
}
}
task "uwsgi" {
driver = "docker"
config {
image = "defectdojo/defectdojo-django:${DJANGO_VERSION:-latest}"
entrypoint: ["/wait-for-it.sh", "mysql:3306", "-t", "30", "--", "/entrypoint-uwsgi.sh"]
mounts [
{
type = "bind"
target = "/app/docker/extra_settings"
source = "./docker/extra_settings"
}
]
}
resources {
cpu = 200
memory = 128
}
service {
name = "uwsgi"
}
env {
DD_DEBUG="false"
DD_DJANGO_METRICS_ENABLED="false"
DD_ALLOWED_HOSTS=${DD_ALLOWED_HOSTS:"*"
DD_DATABASE_URL="mysql://defectdojo:defectdojo@mysql.service.consul:3308/defectdojo"
DD_CELERY_BROKER_USER="guest"
DD_CELERY_BROKER_PASSWORD="guest"
DD_SECRET_KEY="hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq"
DD_CREDENTIAL_AES_256_KEY="&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw"
}
}
task "nginx" {
driver = "docker"
config {
image = "defectdojo/defectdojo-nginx:${NGINX_VERSION:-latest}"
ports = ["nginx"]
}
env {
NGINX_METRICS_ENABLED="false"
}
}
}
}
}