diff --git a/.gitignore b/.gitignore
index 32dbba481b82ad0ce03caea4c4fc4e99270a13aa..1e78577332eab730f22156280545fc4f0484928f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -126,3 +126,9 @@ discovery/pkg
common/go/pkg
authorizer/pkg
asapo_tools/pkg
+
+
+
+#
+*.rpm
+
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 31dc962d885da0880e1b54fdfaabf7655074bfbc..b5974eccbf2598849bbd27cdac13e5d2d5ad686d 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -72,6 +72,8 @@ add_subdirectory(authorizer)
add_subdirectory(asapo_tools)
+add_subdirectory(deploy)
+
if(BUILD_INTEGRATION_TESTS)
add_subdirectory(tests)
diff --git a/CMakeModules/prepare_asapo.cmake b/CMakeModules/prepare_asapo.cmake
index 86fbf0e39fbdd4633972097af471d582ee05a95b..17681e5bd0645f497429addf73575c4728c531d6 100644
--- a/CMakeModules/prepare_asapo.cmake
+++ b/CMakeModules/prepare_asapo.cmake
@@ -23,3 +23,20 @@ function(prepare_asapo)
endfunction()
+macro(configure_files srcDir destDir)
+ message(STATUS "Configuring directory ${destDir}")
+ make_directory(${destDir})
+
+ file(GLOB templateFiles RELATIVE ${srcDir} ${srcDir}/*)
+ foreach(templateFile ${templateFiles})
+ set(srcTemplatePath ${srcDir}/${templateFile})
+ string(REGEX REPLACE "\\.in$" "" File ${templateFile})
+ if(NOT IS_DIRECTORY ${srcTemplatePath})
+ message(STATUS "Configuring file ${templateFile}")
+ configure_file(
+ ${srcTemplatePath}
+ ${destDir}/${File}
+ @ONLY)
+ endif(NOT IS_DIRECTORY ${srcTemplatePath})
+ endforeach(templateFile)
+endmacro(configure_files)
diff --git a/deploy/CMakeLists.txt b/deploy/CMakeLists.txt
new file mode 100644
index 0000000000000000000000000000000000000000..6eb356f10b81ddcd2d53c343fcceeb240765cf7b
--- /dev/null
+++ b/deploy/CMakeLists.txt
@@ -0,0 +1,11 @@
+if(DEFINED ENV{INSTALLPATH_NOMAD_JOBS})
+ SET (NOMAD_INSTALL $ENV{INSTALLPATH_NOMAD_JOBS}/nomad_jobs)
+else()
+ SET (NOMAD_INSTALL ${CMAKE_INSTALL_PREFIX}/nomad_jobs)
+endif()
+
+configure_files(${CMAKE_CURRENT_SOURCE_DIR}/nomad_jobs ${CMAKE_CURRENT_BINARY_DIR}/nomad_jobs)
+
+
+install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/nomad_jobs/ DESTINATION ${NOMAD_INSTALL})
+
diff --git a/deploy/nomad_consul/Packages/CMakeLists.txt b/deploy/nomad_consul/Packages/CMakeLists.txt
index b50b9696a6f9f3c5a88ef230f9172acacfab35de..fe7829db5fd63c8ec27893ead4f27320515d8e16 100644
--- a/deploy/nomad_consul/Packages/CMakeLists.txt
+++ b/deploy/nomad_consul/Packages/CMakeLists.txt
@@ -14,7 +14,7 @@ SET(CPACK_PACKAGE_NAME "asapo-ha")
SET(CPACK_PACKAGE_VENDOR "DESY")
SET(CPACK_PACKAGE_VERSION_MAJOR "1")
SET(CPACK_PACKAGE_VERSION_MINOR "2")
-SET(CPACK_PACKAGE_VERSION_PATCH "2")
+SET(CPACK_PACKAGE_VERSION_PATCH "3")
SET(CPACK_PACKAGE_DESCRIPTION_SUMMARY "Nomad and Consul for Asapo Debian package")
diff --git a/deploy/nomad_consul/usr/lib/systemd/system/consul.service b/deploy/nomad_consul/usr/lib/systemd/system/consul.service
new file mode 100644
index 0000000000000000000000000000000000000000..4c0b1e24d773eb4d0354656b2149afd346d37705
--- /dev/null
+++ b/deploy/nomad_consul/usr/lib/systemd/system/consul.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=consul agent
+Requires=network-online.target
+After=network-online.target
+Documentation=https://consul.io/docs/
+
+[Service]
+User=asapo
+Group=asapo
+Environment=GOMAXPROCS=4
+Restart=on-failure
+ExecStart=/usr/bin/consul agent -config-dir=/etc/consul.d
+ExecReload=/bin/kill -HUP $MAINPID
+KillSignal=SIGINT
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/deploy/nomad_consul/usr/lib/systemd/system/nomad.service b/deploy/nomad_consul/usr/lib/systemd/system/nomad.service
new file mode 100644
index 0000000000000000000000000000000000000000..624f441526389071c2690888486ee31b731a9287
--- /dev/null
+++ b/deploy/nomad_consul/usr/lib/systemd/system/nomad.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=nomad agent
+Requires=network-online.target
+After=network-online.target
+Documentation=https://nomadproject.io/docs/
+After=consul.service
+
+[Service]
+User=asapo
+Group=asapo
+Environment=GOMAXPROCS=4
+Restart=on-failure
+ExecStart=/usr/bin/nomad agent -config=/etc/nomad.d
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+KillSignal=SIGINT
+
+[Install]
+WantedBy=multi-user.target
diff --git a/deploy/nomad_jobs/asapo-logging.nmd.in b/deploy/nomad_jobs/asapo-logging.nmd.in
new file mode 100644
index 0000000000000000000000000000000000000000..ef4ce47101f1572d4845dbb235e83b3ddee1a8b4
--- /dev/null
+++ b/deploy/nomad_jobs/asapo-logging.nmd.in
@@ -0,0 +1,175 @@
+job "asapo-logging" {
+ datacenters = ["dc1"]
+
+# update {
+# max_parallel = 1
+# min_healthy_time = "10s"
+# healthy_deadline = "3m"
+# auto_revert = false
+# }
+
+ group "fluentd" {
+ count = 1
+ restart {
+ attempts = 2
+ interval = "3m"
+ delay = "15s"
+ mode = "delay"
+ }
+
+ task "fluentd" {
+ driver = "docker"
+
+ config {
+ dns_servers = ["127.0.0.1"]
+ network_mode = "host"
+ image = "yakser/fluentd_elastic"
+ volumes = ["local/fluentd.conf:/fluentd/etc/fluent.conf",
+ "/${meta.shared_storage}/fluentd:/shared"]
+ }
+
+ resources {
+ cpu = 500
+ memory = 256
+ network {
+ mbits = 10
+ port "fluentd" {
+ static = 9880
+ }
+ }
+ }
+
+ service {
+ port = "fluentd"
+ name = "fluentd"
+ check {
+ name = "alive"
+ type = "script"
+ command = "/bin/pidof"
+ args = ["ruby2.3"]
+ timeout = "2s"
+ interval = "10s"
+ }
+ check_restart {
+ limit = 2
+ grace = "15s"
+ ignore_warnings = false
+ }
+ }
+ template {
+ source = "@NOMAD_INSTALL@/fluentd.conf"
+ destination = "local/fluentd.conf"
+ change_mode = "restart"
+ }
+ }
+ }
+#elasticsearch
+ group "elk" {
+ count = 1
+ restart {
+ attempts = 2
+ interval = "3m"
+ delay = "15s"
+ mode = "delay"
+ }
+
+ task "elasticsearch" {
+ driver = "docker"
+
+ env {
+ bootstrap.memory_lock = "true"
+ cluster.name = "asapo-logging"
+ ES_JAVA_OPTS = "-Xms512m -Xmx512m"
+ }
+
+ config {
+ ulimit {
+ memlock = "-1:-1"
+ nofile = "65536:65536"
+ nproc = "8192"
+ }
+ network_mode = "host"
+ dns_servers = ["127.0.0.1"]
+ image = "docker.elastic.co/elasticsearch/elasticsearch:6.3.0"
+ volumes = ["/${meta.shared_storage}/esdatadir:/usr/share/elasticsearch/data"]
+ }
+
+ resources {
+ #MHz
+ cpu = 4000
+ #MB
+ memory = 2048
+ network {
+ mbits = 10
+ port "elasticsearch" {
+ static = 9200
+ }
+ }
+ }
+
+ service {
+ port = "elasticsearch"
+ name = "elasticsearch"
+ check {
+ name = "alive"
+ type = "http"
+ path = "/_cluster/health"
+ interval = "10s"
+ timeout = "1s"
+ }
+ check_restart {
+ limit = 2
+ grace = "90s"
+ ignore_warnings = false
+ }
+ }
+ }
+#kibana
+ task "kibana" {
+ driver = "docker"
+
+ config {
+ network_mode = "host"
+ dns_servers = ["127.0.0.1"]
+ image = "docker.elastic.co/kibana/kibana:6.3.0"
+ volumes = ["local/kibana.yml:/usr/share/kibana/config/kibana.yml"]
+ }
+
+ template {
+ source = "@NOMAD_INSTALL@/kibana.yml"
+ destination = "local/kibana.yml"
+ change_mode = "restart"
+ }
+
+ resources {
+ cpu = 256
+ memory = 1024
+ network {
+ mbits = 10
+ port "kibana" {
+ static = 5601
+ }
+ }
+ }
+
+ service {
+ port = "kibana"
+ name = "kibana"
+ check {
+ name = "alive"
+ type = "http"
+ path = "/logsview"
+ interval = "10s"
+ timeout = "1s"
+ }
+ check_restart {
+ limit = 2
+ grace = "90s"
+ ignore_warnings = false
+ }
+ }
+ }
+
+ }
+
+}
diff --git a/deploy/nomad_jobs/asapo-nginx.nmd.in b/deploy/nomad_jobs/asapo-nginx.nmd.in
new file mode 100644
index 0000000000000000000000000000000000000000..b417ac8fcd70840d6a789e56f2de3df7b6af31c6
--- /dev/null
+++ b/deploy/nomad_jobs/asapo-nginx.nmd.in
@@ -0,0 +1,70 @@
+job "nginx" {
+ datacenters = ["dc1"]
+
+ type = "system"
+
+# update {
+# max_parallel = 1
+# min_healthy_time = "10s"
+# healthy_deadline = "3m"
+# auto_revert = false
+# }
+
+ group "nginx" {
+ count = 1
+
+ restart {
+ attempts = 2
+ interval = "3m"
+ delay = "15s"
+ mode = "delay"
+ }
+
+ task "nginx" {
+ driver = "docker"
+
+ config {
+ network_mode = "host"
+ image = "nginx:1.14"
+ volumes = ["local/nginx.conf:/etc/nginx/nginx.conf"]
+ }
+
+ resources {
+ cpu = 500
+ memory = 256
+ network {
+ mbits = 10
+ port "nginx" {
+ static = 8400
+ }
+ }
+ }
+
+ service {
+ port = "nginx"
+ name = "nginx"
+ check {
+ name = "alive"
+ type = "http"
+ path = "/nginx-health"
+ timeout = "2s"
+ interval = "10s"
+ }
+
+ check_restart {
+ limit = 2
+ grace = "15s"
+ ignore_warnings = false
+ }
+ }
+
+ template {
+ source = "@NOMAD_INSTALL@/nginx.conf.tpl"
+ destination = "local/nginx.conf"
+ change_mode = "restart"
+ }
+
+
+ }
+ }
+}
diff --git a/deploy/nomad_jobs/fluentd.conf b/deploy/nomad_jobs/fluentd.conf
new file mode 100644
index 0000000000000000000000000000000000000000..53068d69af5bcd1fccca36a79badcb2faf0fd87d
--- /dev/null
+++ b/deploy/nomad_jobs/fluentd.conf
@@ -0,0 +1,30 @@
+<source>
+ @type http
+ port 9880
+ bind 0.0.0.0
+ add_remote_addr true
+ format json
+ time_format %Y-%m-%d %H:%M:%S.%N
+</source>
+
+<match asapo.**>
+@type copy
+<store>
+ @type elasticsearch
+ host elasticsearch.service.asapo
+ port 9200
+ flush_interval 5s
+ logstash_format true
+ time_key_format %Y-%m-%dT%H:%M:%S.%N
+ time_key time
+ time_key_exclude_timestamp true
+ buffer_type memory
+ flush_interval 1s
+ </store>
+ <store>
+ @type file
+ flush_interval 1s
+ buffer_type memory
+ path /shared/asapo-logs
+ </store>
+</match>
diff --git a/deploy/nomad_jobs/kibana.yml b/deploy/nomad_jobs/kibana.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4b8e272b46ab6d6abc68c4519a7f16d83e4c517e
--- /dev/null
+++ b/deploy/nomad_jobs/kibana.yml
@@ -0,0 +1,6 @@
+elasticsearch:
+ url: "http://elasticsearch.service.asapo:9200"
+server:
+ basePath: "/logsview"
+ rewriteBasePath: true
+ host: "0.0.0.0"
diff --git a/deploy/nomad_jobs/nginx.conf.tpl b/deploy/nomad_jobs/nginx.conf.tpl
new file mode 100644
index 0000000000000000000000000000000000000000..65a231fc44e5da41bb83070bbb3febe6f84f0839
--- /dev/null
+++ b/deploy/nomad_jobs/nginx.conf.tpl
@@ -0,0 +1,52 @@
+worker_processes 1;
+
+events {
+ worker_connections 1024;
+}
+
+http {
+# include mime.types;
+# default_type application/octet-stream;
+
+# sendfile on;
+# tcp_nopush on;
+
+# keepalive_timeout 0;
+# keepalive_timeout 65;
+
+ resolver 127.0.0.1:53 valid=1s;
+ server {
+ listen {{ env "NOMAD_PORT_nginx" }};
+ set $discovery_endpoint discovery.service.asapo;
+ set $authorizer_endpoint authorizer.service.asapo;
+ set $fluentd_endpoint fluentd.service.asapo;
+ set $kibana_endpoint kibana.service.asapo;
+
+ location /discovery/ {
+ rewrite ^/discovery(/.*) $1 break;
+ proxy_pass http://$discovery_endpoint:5006$uri$is_args$args;
+ }
+
+ location /logs/ {
+ rewrite ^/logs(/.*) $1 break;
+ proxy_pass http://$fluentd_endpoint:9880$uri$is_args$args;
+ }
+
+ location /logsview/ {
+ proxy_pass http://$kibana_endpoint:5601$uri$is_args$args;
+ proxy_ignore_client_abort on;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $http_host;
+ }
+
+ location /authorizer/ {
+ rewrite ^/authorizer(/.*) $1 break;
+ proxy_pass http://$authorizer_endpoint:5007$uri$is_args$args;
+ }
+
+ location /nginx-health {
+ return 200 "healthy\n";
+ }
+ }
+}