From e6b6a27e401a0c015662d345ec8e7ede580f4b12 Mon Sep 17 00:00:00 2001 From: yhnoh Date: Wed, 17 Jun 2026 02:03:34 +0000 Subject: [PATCH 1/6] =?UTF-8?q?fix(docker):=20=EB=A7=A4=EB=8B=88=EC=A0=80?= =?UTF-8?q?=20=EC=84=9C=EB=B9=84=EC=8A=A4=20restart=20=EC=A0=95=EC=B1=85?= =?UTF-8?q?=C2=B7depends=5Fon=20=EB=B3=B4=EA=B0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit mc-workflow-manager, mc-application-manager, mc-data-manager 등이 초기 기동 및 서버 재부팅 시 일부 올라오지 않는 문제 수정. 근본 원인 - 일부 서비스에 restart 정책이 없어, 무거운 의존 서비스(Jenkins/Nexus/ RabbitMQ/infra-manager/MariaDB)보다 먼저 떠서 크래시한 뒤 자력 복구 불가. - 재부팅 시 depends_on 순서는 적용되지 않고 restart 정책이 있는 컨테이너만 데몬이 자동 기동하므로, 정책이 없는 매니저들이 올라오지 않음. 변경 - mc-workflow-manager: restart: unless-stopped 추가, jenkins(healthy) 의존 추가 - mc-application-manager: restart: unless-stopped 추가, nexus/infra-manager (healthy)/rabbitmq(healthy) 의존 추가 - mc-application-manager-sonatype-nexus: restart: unless-stopped 추가 - mc-data-manager-db: restart: always 추가 (재부팅 시 DB 미기동 → data-manager 재시작 반복 문제 해결) --- conf/docker/docker-compose.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/conf/docker/docker-compose.yaml b/conf/docker/docker-compose.yaml index 44e1636..ac90be7 100644 --- a/conf/docker/docker-compose.yaml +++ b/conf/docker/docker-compose.yaml @@ -872,6 +872,7 @@ services: mc-application-manager-sonatype-nexus: image: sonatype/nexus3:latest container_name: mc-application-manager-sonatype-nexus + restart: unless-stopped platform: linux/amd64 networks: - mc-application-manager-network @@ -896,9 +897,16 @@ services: mc-application-manager: image: cloudbaristaorg/mc-application-manager:0.5.2 container_name: mc-application-manager + restart: unless-stopped depends_on: mc-application-manager-db: condition: service_healthy + mc-application-manager-sonatype-nexus: + condition: service_started + mc-infra-manager: + condition: service_healthy + mc-observability-rabbitmq: + condition: service_healthy networks: - mc-application-manager-network - mc-web-console-network @@ -959,6 +967,10 @@ services: image: cloudbaristaorg/mc-workflow-manager:0.5.3 container_name: mc-workflow-manager platform: linux/amd64 + restart: unless-stopped + depends_on: + mc-workflow-manager-jenkins: + condition: service_healthy networks: - mc-workflow-manager-network - mc-web-console-network @@ -1026,6 +1038,7 @@ services: mc-data-manager-db: image: mariadb:latest container_name: mc-data-manager-db + restart: always command: - --skip-character-set-client-handshake volumes: From 9ff6a70551c61d4319b99811c4b87a9a9d185ea2 Mon Sep 17 00:00:00 2001 From: yhnoh Date: Wed, 17 Jun 2026 02:03:34 +0000 Subject: [PATCH 2/6] =?UTF-8?q?fix(docker):=20=EB=A7=A4=EB=8B=88=EC=A0=80?= =?UTF-8?q?=20=EC=84=9C=EB=B9=84=EC=8A=A4=20restart=20=EC=A0=95=EC=B1=85?= =?UTF-8?q?=C2=B7depends=5Fon=20=EB=B3=B4=EA=B0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit mc-workflow-manager, mc-application-manager, mc-data-manager 등이 초기 기동 및 서버 재부팅 시 일부 올라오지 않는 문제 수정. 근본 원인 - 일부 서비스에 restart 정책이 없어, 무거운 의존 서비스(Jenkins/Nexus/ RabbitMQ/infra-manager/MariaDB)보다 먼저 떠서 크래시한 뒤 자력 복구 불가. - 재부팅 시 depends_on 순서는 적용되지 않고 restart 정책이 있는 컨테이너만 데몬이 자동 기동하므로, 정책이 없는 매니저들이 올라오지 않음. 변경 - mc-workflow-manager: restart: unless-stopped 추가, jenkins(healthy) 의존 추가 - mc-application-manager: restart: unless-stopped 추가, nexus/infra-manager (healthy)/rabbitmq(healthy) 의존 추가 - mc-application-manager-sonatype-nexus: restart: unless-stopped 추가 - mc-data-manager-db: restart: always 추가 (재부팅 시 DB 미기동 → data-manager 재시작 반복 문제 해결) --- conf/docker/docker-compose.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/conf/docker/docker-compose.yaml b/conf/docker/docker-compose.yaml index 44e1636..ac90be7 100644 --- a/conf/docker/docker-compose.yaml +++ b/conf/docker/docker-compose.yaml @@ -872,6 +872,7 @@ services: mc-application-manager-sonatype-nexus: image: sonatype/nexus3:latest container_name: mc-application-manager-sonatype-nexus + restart: unless-stopped platform: linux/amd64 networks: - mc-application-manager-network @@ -896,9 +897,16 @@ services: mc-application-manager: image: cloudbaristaorg/mc-application-manager:0.5.2 container_name: mc-application-manager + restart: unless-stopped depends_on: mc-application-manager-db: condition: service_healthy + mc-application-manager-sonatype-nexus: + condition: service_started + mc-infra-manager: + condition: service_healthy + mc-observability-rabbitmq: + condition: service_healthy networks: - mc-application-manager-network - mc-web-console-network @@ -959,6 +967,10 @@ services: image: cloudbaristaorg/mc-workflow-manager:0.5.3 container_name: mc-workflow-manager platform: linux/amd64 + restart: unless-stopped + depends_on: + mc-workflow-manager-jenkins: + condition: service_healthy networks: - mc-workflow-manager-network - mc-web-console-network @@ -1026,6 +1038,7 @@ services: mc-data-manager-db: image: mariadb:latest container_name: mc-data-manager-db + restart: always command: - --skip-character-set-client-handshake volumes: From 7edd0eb0db582cd50b86b774229502e4be900cf6 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 18 Jun 2026 02:21:26 +0000 Subject: [PATCH 3/6] =?UTF-8?q?fix(docker):=20mc-observability-front=20ngi?= =?UTF-8?q?nx=20=ED=94=84=EB=A1=9D=EC=8B=9C=20=EB=B0=8F=20=EC=84=9C?= =?UTF-8?q?=EB=B9=84=EC=8A=A4=20URL=20=EB=93=B1=EB=A1=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - nginx.template.conf/local.conf에 mc-observability-front HTTPS/HTTP 프록시 서버 블록 추가 (포트 MC_OBSERVABILITY_FRONT_PORT) - docker-compose.yaml: mc-observability-front ports 제거(nginx가 처리), mc-iam-manager-nginx에 MC_OBSERVABILITY_FRONT_PORT 포트 바인딩 추가 - docker-compose.yaml: mc-observability-rabbitmq·influx·influx-2·loki restart 정책을 unless-stopped으로 변경 (서버 재시작 후 자동 복구) - api.yaml: mc-observability-fe 서비스 URL 등록 (iframe 표시에 필요) --- .../conf/mc-iam-manager/nginx.template.conf | 31 +++++++++++++++++++ .../mc-iam-manager/nginx.template.local.conf | 26 ++++++++++++++++ .../conf/mc-web-console/api/conf/api.yaml | 5 +++ conf/docker/docker-compose.yaml | 17 +++------- 4 files changed, 67 insertions(+), 12 deletions(-) diff --git a/conf/docker/conf/mc-iam-manager/nginx.template.conf b/conf/docker/conf/mc-iam-manager/nginx.template.conf index d28cc42..87e43d1 100644 --- a/conf/docker/conf/mc-iam-manager/nginx.template.conf +++ b/conf/docker/conf/mc-iam-manager/nginx.template.conf @@ -346,6 +346,37 @@ http { } } + # mc-observability-front HTTPS proxy (for iframe/external access) + server { + listen ${MC_OBSERVABILITY_FRONT_PORT} ssl; + server_name ${MC_IAM_MANAGER_PUBLIC_DOMAIN}; + + ssl_certificate /etc/nginx/certs/live/${MC_IAM_MANAGER_PUBLIC_DOMAIN}/fullchain.pem; + ssl_certificate_key /etc/nginx/certs/live/${MC_IAM_MANAGER_PUBLIC_DOMAIN}/privkey.pem; + + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + + location / { + resolver 127.0.0.11 valid=10s; + set $upstream_obs mc-observability-front; + proxy_pass http://$upstream_obs:18081; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $host; + proxy_hide_header X-Frame-Options; + add_header Content-Security-Policy "frame-ancestors https://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:3001 https://${MC_IAM_MANAGER_PUBLIC_DOMAIN}" always; + + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + } + } + # mc-cost-optimizer-fe HTTPS proxy (for iframe/external access) server { listen ${MC_COST_OPTIMIZER_FE_PROXY_PORT} ssl; diff --git a/conf/docker/conf/mc-iam-manager/nginx.template.local.conf b/conf/docker/conf/mc-iam-manager/nginx.template.local.conf index 388471a..848721a 100644 --- a/conf/docker/conf/mc-iam-manager/nginx.template.local.conf +++ b/conf/docker/conf/mc-iam-manager/nginx.template.local.conf @@ -261,6 +261,32 @@ http { } } + # mc-observability-front HTTP proxy (for iframe) + server { + listen ${MC_OBSERVABILITY_FRONT_PORT}; + server_name ${MC_IAM_MANAGER_PUBLIC_DOMAIN}; + + location / { + resolver 127.0.0.11 valid=10s; + set $upstream_obs mc-observability-front; + proxy_pass http://$upstream_obs:18081; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_hide_header X-Frame-Options; + add_header Content-Security-Policy "frame-ancestors http://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:3001 http://${MC_IAM_MANAGER_PUBLIC_DOMAIN}" always; + + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + } + } + # mc-cost-optimizer-fe HTTP proxy (for iframe) server { listen ${MC_COST_OPTIMIZER_FE_PROXY_PORT}; diff --git a/conf/docker/conf/mc-web-console/api/conf/api.yaml b/conf/docker/conf/mc-web-console/api/conf/api.yaml index 2075a83..3bd4c18 100644 --- a/conf/docker/conf/mc-web-console/api/conf/api.yaml +++ b/conf/docker/conf/mc-web-console/api/conf/api.yaml @@ -75,6 +75,11 @@ services: baseurl: http://mc-application-manager:18084 auth: + mc-observability-fe: + version: v0.0.1 + baseurl: http://mc-observability-front:18081 + auth: + # sample: # baseurl: http://localhost:1323/test # auth: diff --git a/conf/docker/docker-compose.yaml b/conf/docker/docker-compose.yaml index ac90be7..99bf5a4 100644 --- a/conf/docker/docker-compose.yaml +++ b/conf/docker/docker-compose.yaml @@ -354,6 +354,7 @@ services: - "${MC_WORKFLOW_MANAGER_PROXY_PORT}:${MC_WORKFLOW_MANAGER_PROXY_PORT}" - "${MC_DATA_MANAGER_PROXY_PORT}:${MC_DATA_MANAGER_PROXY_PORT}" - "${MC_APPLICATION_MANAGER_PROXY_PORT}:${MC_APPLICATION_MANAGER_PROXY_PORT}" + - "${MC_OBSERVABILITY_FRONT_PORT}:${MC_OBSERVABILITY_FRONT_PORT}" environment: - DOMAIN_NAME=${MC_IAM_MANAGER_PUBLIC_DOMAIN} volumes: @@ -1168,10 +1169,6 @@ services: - mc-infra-manager-network - mc-infra-connector-network - mc-web-console-network - ports: - - target: 18080 - published: ${MC_OBSERVABILITY_MANAGER_PORT} - protocol: tcp depends_on: mc-observability-grafana: condition: service_healthy @@ -1207,10 +1204,6 @@ services: - mc-observability-network - mc-infra-manager-network - mc-infra-connector-network - ports: - - target: 18081 - published: ${MC_OBSERVABILITY_FRONT_PORT} - protocol: tcp depends_on: mc-observability-manager: condition: service_healthy @@ -1266,7 +1259,7 @@ services: mc-observability-rabbitmq: image: rabbitmq:4.1.4-management-alpine container_name: mc-observability-rabbitmq - restart: on-failure + restart: unless-stopped networks: - mc-observability-network ports: @@ -1343,7 +1336,7 @@ services: mc-observability-influx: image: cloudbaristaorg/mc-observability-influx:edge container_name: mc-observability-influx - restart: on-failure + restart: unless-stopped networks: - mc-observability-network ports: @@ -1380,7 +1373,7 @@ services: mc-observability-influx-2: image: cloudbaristaorg/mc-observability-influx:edge container_name: mc-observability-influx-2 - restart: on-failure + restart: unless-stopped networks: - mc-observability-network ports: @@ -1434,7 +1427,7 @@ services: mc-observability-loki: image: grafana/loki:3.4.2 container_name: mc-observability-loki - restart: on-failure + restart: unless-stopped networks: - mc-observability-network ports: From 5d9c5a09b9beed31552534413c2e6108804f8de2 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Fri, 19 Jun 2026 06:59:04 +0000 Subject: [PATCH 4/6] =?UTF-8?q?fix(docker):=20CO=5F=20=ED=99=98=EA=B2=BD?= =?UTF-8?q?=EB=B3=80=EC=88=98=EB=A5=BC=20MC=5FCOST=5FOPTIMIZER=5F=20prefix?= =?UTF-8?q?=EB=A1=9C=20=ED=86=B5=EC=9D=BC=20=EB=B0=8F=20observability=20re?= =?UTF-8?q?start=20=EC=A0=95=EC=B1=85=20=EB=B3=B4=EA=B0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- conf/docker/.env.setup | 2 + .../conf/mc-iam-manager/1_setup_auto.sh | 31 +++ conf/docker/docker-compose.yaml | 220 +++++++++--------- 3 files changed, 143 insertions(+), 110 deletions(-) diff --git a/conf/docker/.env.setup b/conf/docker/.env.setup index d61d4bc..a78d536 100644 --- a/conf/docker/.env.setup +++ b/conf/docker/.env.setup @@ -162,6 +162,8 @@ MC_IAM_MANAGER_PUBLIC_HOST=https://${MC_IAM_MANAGER_PUBLIC_DOMAIN} MC_IAM_MANAGER_PUBLIC_KEYCLOAK_HOST=${MC_IAM_MANAGER_PUBLIC_HOST}/auth # === nginx HTTPS Reverse Proxy Ports (for iframe/external access — same as direct published ports) === +MC_OBSERVABILITY_FRONT_PROXY_PORT=18081 +MC_OBSERVABILITY_FRONT_PUBLIC_HOST=https://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:${MC_OBSERVABILITY_FRONT_PROXY_PORT} MC_OBSERVABILITY_GRAFANA_PROXY_PORT=33002 MC_OBSERVABILITY_GRAFANA_PUBLIC_HOST=https://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:${MC_OBSERVABILITY_GRAFANA_PROXY_PORT} MC_COST_OPTIMIZER_FE_PROXY_PORT=7780 diff --git a/conf/docker/conf/mc-iam-manager/1_setup_auto.sh b/conf/docker/conf/mc-iam-manager/1_setup_auto.sh index 7460e0e..eea3840 100755 --- a/conf/docker/conf/mc-iam-manager/1_setup_auto.sh +++ b/conf/docker/conf/mc-iam-manager/1_setup_auto.sh @@ -605,6 +605,37 @@ update_public_service_urls() { return 1 fi + # mc-observability-fe: register and update dedicated iframe nginx HTTPS proxy URL + local obs_fe_public_url="${MC_OBSERVABILITY_FRONT_PUBLIC_HOST}" + reg_body=$(printf '{"name":"mc-observability-fe","version":"v0.0.1","baseUrl":"http://mc-observability-front:18081","authType":"none","authUser":"","authPass":"","isActive":true}') + reg_resp=$(curl -s -w "HTTPSTATUS:%{http_code}" -X POST \ + --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ + --header 'Content-Type: application/json' \ + --data "$reg_body" \ + "$MC_IAM_MANAGER_HOST/api/mcmp-apis") + reg_code=$(echo $reg_resp | tr -d '\n' | sed -e 's/.*HTTPSTATUS://') + if [ "$reg_code" = "201" ]; then + echo " ✓ mc-observability-fe registered" + elif [ "$reg_code" = "409" ]; then + echo " ✓ mc-observability-fe already registered" + else + echo " ✗ Failed to register mc-observability-fe (HTTP $reg_code)" + return 1 + fi + response=$(curl -s -w "HTTPSTATUS:%{http_code}" -X PUT \ + --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ + --header 'Content-Type: application/json' \ + --data "{\"base_url\": \"${obs_fe_public_url}\"}" \ + "$MC_IAM_MANAGER_HOST/api/mcmp-apis/name/mc-observability-fe") + http_code=$(echo $response | tr -d '\n' | sed -e 's/.*HTTPSTATUS://') + response_body=$(echo $response | sed -e 's/HTTPSTATUS\:.*//g') + if [ "$http_code" = "200" ]; then + echo " ✓ Updated mc-observability-fe baseurl: ${obs_fe_public_url}" + else + echo " ✗ Failed to update mc-observability-fe (HTTP $http_code): $response_body" + return 1 + fi + echo "Public service URL update completed" return 0 } diff --git a/conf/docker/docker-compose.yaml b/conf/docker/docker-compose.yaml index 99bf5a4..d2c8a80 100644 --- a/conf/docker/docker-compose.yaml +++ b/conf/docker/docker-compose.yaml @@ -427,17 +427,17 @@ services: volumes: - ./tool/mcc:/app/tool/mcc environment: - spring.datasource.hikari.cost.optimize.jdbc-url: ${CO_COST_DB_URL_NEW} - spring.datasource.hikari.cost.optimize.username: ${CO_MYSQL_USER} - spring.datasource.hikari.cost.optimize.password: ${CO_MYSQL_PASSWORD} + spring.datasource.hikari.cost.optimize.jdbc-url: ${MC_COST_OPTIMIZER_COST_DB_URL_NEW} + spring.datasource.hikari.cost.optimize.username: ${MC_COST_OPTIMIZER_MYSQL_USER} + spring.datasource.hikari.cost.optimize.password: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} tumblebug.url: ${CO_TBB_URL} tumblebug.username: ${CO_TBB_USERNAME:-default} tumblebug.password: ${CO_TBB_PW:-default} - costopti.alarmservice.url: ${CO_ALARM_URL} - costopti.assetcollector.url: ${CO_COST_ASSET_COLLECTOR_URL} - costopti.costcollector.url: ${CO_COST_COLLECTOR_URL} - costopti.costprocessor.url: ${CO_COST_PROCESSOR_URL} - costopti.costselector.url: ${CO_COST_SELECTOR_URL} + costopti.alarmservice.url: ${MC_COST_OPTIMIZER_ALARM_URL} + costopti.assetcollector.url: ${MC_COST_OPTIMIZER_COST_ASSET_COLLECTOR_URL} + costopti.costcollector.url: ${MC_COST_OPTIMIZER_COST_COLLECTOR_URL} + costopti.costprocessor.url: ${MC_COST_OPTIMIZER_COST_PROCESSOR_URL} + costopti.costselector.url: ${MC_COST_OPTIMIZER_COST_SELECTOR_URL} ml.rightsize.base-url: ${CO_ML_SCORER_URL} llm.key.master: ${CO_LLM_KEY_MASTER} healthcheck: @@ -462,20 +462,20 @@ services: volumes: - ./tool/mcc:/app/tool/mcc environment: - spring.datasource.hikari.batch.jdbc-url: ${CO_COST_DB_URL} - spring.datasource.hikari.batch.username: ${CO_MYSQL_USER} - spring.datasource.hikari.batch.password: ${CO_MYSQL_PASSWORD} + spring.datasource.hikari.batch.jdbc-url: ${MC_COST_OPTIMIZER_COST_DB_URL} + spring.datasource.hikari.batch.username: ${MC_COST_OPTIMIZER_MYSQL_USER} + spring.datasource.hikari.batch.password: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} OPENBAO_ENABLED: ${CO_OPENBAO_ENABLED} OPENBAO_ADDRESS: ${CO_OPENBAO_ADDRESS} OPENBAO_TOKEN: ${CO_OPENBAO_TOKEN} - unusedBatchCronSchedule: ${CO_COST_COLLECT_UNUSED_CRON_SCHEDULE} - curBatchCronSchedule: ${CO_COST_COLLECT_CUR_CRON_SCHEDULE} - aws.data.export.name: ${CO_AWS_CUR_EXPORT_NAME} - aws.data.export.path.prefix: ${CO_AWS_CUR_EXPORT_PATH_PREFIX} - AWS_ACCESS_KEY_ID: ${CO_AWS_ACCESS_KEY_ID} - AWS_SECRET_ACCESS_KEY: ${CO_AWS_SECRET_ACCESS_KEY} + unusedBatchCronSchedule: ${MC_COST_OPTIMIZER_COST_COLLECT_UNUSED_CRON_SCHEDULE} + curBatchCronSchedule: ${MC_COST_OPTIMIZER_COST_COLLECT_CUR_CRON_SCHEDULE} + aws.data.export.name: ${MC_COST_OPTIMIZER_AWS_CUR_EXPORT_NAME} + aws.data.export.path.prefix: ${MC_COST_OPTIMIZER_AWS_CUR_EXPORT_PATH_PREFIX} + AWS_ACCESS_KEY_ID: ${MC_COST_OPTIMIZER_AWS_ACCESS_KEY_ID} + AWS_SECRET_ACCESS_KEY: ${MC_COST_OPTIMIZER_AWS_SECRET_ACCESS_KEY} mc-cost-optimizer-cost-processor: restart: on-failure @@ -495,13 +495,13 @@ services: volumes: - ./tool/mcc:/app/tool/mcc environment: - spring.datasource.hikari.batch.jdbc-url: ${CO_COST_DB_URL} - spring.datasource.hikari.batch.username: ${CO_MYSQL_USER} - spring.datasource.hikari.batch.password: ${CO_MYSQL_PASSWORD} - unusedProcessCronSchedule: ${CO_COST_PROCESS_UNUSED_CRON_SCHEDULE} - abnormalProcessCronSchedule: ${CO_COST_PROCESS_ABNORMAL_CRON_SCHEDULE} - cost.selector.url: ${CO_COST_SELECTOR_URL} - opti.alarm.url: ${CO_ALARM_URL} + spring.datasource.hikari.batch.jdbc-url: ${MC_COST_OPTIMIZER_COST_DB_URL} + spring.datasource.hikari.batch.username: ${MC_COST_OPTIMIZER_MYSQL_USER} + spring.datasource.hikari.batch.password: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} + unusedProcessCronSchedule: ${MC_COST_OPTIMIZER_COST_PROCESS_UNUSED_CRON_SCHEDULE} + abnormalProcessCronSchedule: ${MC_COST_OPTIMIZER_COST_PROCESS_ABNORMAL_CRON_SCHEDULE} + cost.selector.url: ${MC_COST_OPTIMIZER_COST_SELECTOR_URL} + opti.alarm.url: ${MC_COST_OPTIMIZER_ALARM_URL} mc-cost-optimizer-cost-selector: restart: on-failure @@ -521,10 +521,10 @@ services: volumes: - ./tool/mcc:/app/tool/mcc environment: - spring.datasource.hikari.cost.optimize.jdbc-url: ${CO_COST_DB_URL} - spring.datasource.hikari.cost.optimize.username: ${CO_MYSQL_USER} - spring.datasource.hikari.cost.optimize.password: ${CO_MYSQL_PASSWORD} - opti.alarm.url: ${CO_ALARM_URL} + spring.datasource.hikari.cost.optimize.jdbc-url: ${MC_COST_OPTIMIZER_COST_DB_URL} + spring.datasource.hikari.cost.optimize.username: ${MC_COST_OPTIMIZER_MYSQL_USER} + spring.datasource.hikari.cost.optimize.password: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} + opti.alarm.url: ${MC_COST_OPTIMIZER_ALARM_URL} tumblebug.url: ${CO_TBB_URL} tumblebug.username: ${CO_TBB_USERNAME} tumblebug.password: ${CO_TBB_PW} @@ -543,15 +543,15 @@ services: volumes: - ./tool/mcc:/app/tool/mcc environment: - spring.datasource.hikari.slack.jdbc-url: ${CO_SLACK_DB_URL} - spring.datasource.hikari.slack.username: ${CO_MYSQL_USER} - spring.datasource.hikari.slack.password: ${CO_MYSQL_PASSWORD} - spring.datasource.hikari.mailing.jdbc-url: ${CO_MAIL_DB_URL} - spring.datasource.hikari.mailing.username: ${CO_MYSQL_USER} - spring.datasource.hikari.mailing.password: ${CO_MYSQL_PASSWORD} - spring.datasource.hikari.history.jdbc-url: ${CO_COST_DB_URL} - spring.datasource.hikari.history.username: ${CO_MYSQL_USER} - spring.datasource.hikari.history.password: ${CO_MYSQL_PASSWORD} + spring.datasource.hikari.slack.jdbc-url: ${MC_COST_OPTIMIZER_SLACK_DB_URL} + spring.datasource.hikari.slack.username: ${MC_COST_OPTIMIZER_MYSQL_USER} + spring.datasource.hikari.slack.password: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} + spring.datasource.hikari.mailing.jdbc-url: ${MC_COST_OPTIMIZER_MAIL_DB_URL} + spring.datasource.hikari.mailing.username: ${MC_COST_OPTIMIZER_MYSQL_USER} + spring.datasource.hikari.mailing.password: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} + spring.datasource.hikari.history.jdbc-url: ${MC_COST_OPTIMIZER_COST_DB_URL} + spring.datasource.hikari.history.username: ${MC_COST_OPTIMIZER_MYSQL_USER} + spring.datasource.hikari.history.password: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} mc-cost-optimizer-asset-collector: restart: on-failure @@ -571,12 +571,12 @@ services: volumes: - ./tool/mcc:/app/tool/mcc environment: - spring.datasource.hikari.batch.jdbc-url: ${CO_COST_DB_URL} - spring.datasource.hikari.batch.username: ${CO_MYSQL_USER} - spring.datasource.hikari.batch.password: ${CO_MYSQL_PASSWORD} - costopti.be.url: ${CO_API_URL} - asset.collect.url: ${CO_ASSET_MONITORING_SERVER} - assetCollectBatchCronSchedule: ${CO_ASSET_COLLECT_BATCH_CRON_SCHEDULE} + spring.datasource.hikari.batch.jdbc-url: ${MC_COST_OPTIMIZER_COST_DB_URL} + spring.datasource.hikari.batch.username: ${MC_COST_OPTIMIZER_MYSQL_USER} + spring.datasource.hikari.batch.password: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} + costopti.be.url: ${MC_COST_OPTIMIZER_API_URL} + asset.collect.url: ${MC_COST_OPTIMIZER_ASSET_MONITORING_SERVER} + assetCollectBatchCronSchedule: ${MC_COST_OPTIMIZER_ASSET_COLLECT_BATCH_CRON_SCHEDULE} mc-cost-optimizer-cost-azure-collector: restart: on-failure @@ -596,27 +596,27 @@ services: volumes: - ./tool/mcc:/app/tool/mcc environment: - SPRING_DATASOURCE_URL: ${CO_COST_DB_URL} - SPRING_DATASOURCE_USERNAME: ${CO_MYSQL_USER} - SPRING_DATASOURCE_PASSWORD: ${CO_MYSQL_PASSWORD} + SPRING_DATASOURCE_URL: ${MC_COST_OPTIMIZER_COST_DB_URL} + SPRING_DATASOURCE_USERNAME: ${MC_COST_OPTIMIZER_MYSQL_USER} + SPRING_DATASOURCE_PASSWORD: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} OPENBAO_ENABLED: ${CO_OPENBAO_ENABLED} OPENBAO_ADDRESS: ${CO_OPENBAO_ADDRESS} OPENBAO_TOKEN: ${CO_OPENBAO_TOKEN} - AZURE_CREDENTIAL_TENANT_ID: ${CO_AZURE_TENANT_ID} - AZURE_CREDENTIAL_CLIENT_ID: ${CO_AZURE_CLIENT_ID} - AZURE_CREDENTIAL_CLIENT_SECRET: ${CO_AZURE_CLIENT_SECRET} - AZURE_CREDENTIAL_SUBSCRIPTION_ID: ${CO_AZURE_SUBSCRIPTION_ID} + AZURE_CREDENTIAL_TENANT_ID: ${MC_COST_OPTIMIZER_AZURE_TENANT_ID} + AZURE_CREDENTIAL_CLIENT_ID: ${MC_COST_OPTIMIZER_AZURE_CLIENT_ID} + AZURE_CREDENTIAL_CLIENT_SECRET: ${MC_COST_OPTIMIZER_AZURE_CLIENT_SECRET} + AZURE_CREDENTIAL_SUBSCRIPTION_ID: ${MC_COST_OPTIMIZER_AZURE_SUBSCRIPTION_ID} - AZURE_SERVICE_BATCH_CRON_SCHEDULE: ${CO_AZURE_SERVICE_BATCH_CRON_SCHEDULE} - AZURE_VM_BATCH_CRON_SCHEDULE: ${CO_AZURE_VM_BATCH_CRON_SCHEDULE} + AZURE_SERVICE_BATCH_CRON_SCHEDULE: ${MC_COST_OPTIMIZER_AZURE_SERVICE_BATCH_CRON_SCHEDULE} + AZURE_VM_BATCH_CRON_SCHEDULE: ${MC_COST_OPTIMIZER_AZURE_VM_BATCH_CRON_SCHEDULE} - COSTOPTI_ALARMSERVICE_URL: ${CO_ALARM_URL} - COSTOPTI_ASSETCOLLECTOR_URL: ${CO_COST_ASSET_COLLECTOR_URL} - COSTOPTI_COSTCOLLECTOR_URL: ${CO_COST_COLLECTOR_URL} - COSTOPTI_COSTPROCESSOR_URL: ${CO_COST_PROCESSOR_URL} - COSTOPTI_COSTSELECTOR_URL: ${CO_COST_SELECTOR_URL} + COSTOPTI_ALARMSERVICE_URL: ${MC_COST_OPTIMIZER_ALARM_URL} + COSTOPTI_ASSETCOLLECTOR_URL: ${MC_COST_OPTIMIZER_COST_ASSET_COLLECTOR_URL} + COSTOPTI_COSTCOLLECTOR_URL: ${MC_COST_OPTIMIZER_COST_COLLECTOR_URL} + COSTOPTI_COSTPROCESSOR_URL: ${MC_COST_OPTIMIZER_COST_PROCESSOR_URL} + COSTOPTI_COSTSELECTOR_URL: ${MC_COST_OPTIMIZER_COST_SELECTOR_URL} mc-cost-optimizer-gcp-collector: restart: on-failure @@ -629,7 +629,7 @@ services: - mc-web-console-network ports: - target: 8095 - published: ${MC_COST_OPTIMIZER_GCP_COLLECTOR_PORT} + published: ${CO_GCP_COLLECTOR_PORT} protocol: tcp depends_on: - mc-cost-optimizer-db @@ -637,9 +637,9 @@ services: - ./tool/mcc:/app/tool/mcc environment: - spring.datasource.url: ${CO_COST_DB_URL} - spring.datasource.username: ${CO_MYSQL_USER} - spring.datasource.password: ${CO_MYSQL_PASSWORD} + spring.datasource.url: ${MC_COST_OPTIMIZER_COST_DB_URL} + spring.datasource.username: ${MC_COST_OPTIMIZER_MYSQL_USER} + spring.datasource.password: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} gcp.project-id: ${CO_GCP_PROJECT_ID} gcp.client-email: ${CO_GCP_CLIENT_EMAIL} @@ -648,7 +648,7 @@ services: gcp.dataset: ${CO_GCP_BQ_DATASET} gcp.table: ${CO_GCP_BQ_TABLE} gcpBillingCronSchedule: ${CO_GCP_BATCH_CRON_SCHEDULE} - costopti.alarmservice.url: ${CO_ALARM_URL} + costopti.alarmservice.url: ${MC_COST_OPTIMIZER_ALARM_URL} OPENBAO_ENABLED: ${CO_OPENBAO_ENABLED} OPENBAO_ADDRESS: ${CO_OPENBAO_ADDRESS} OPENBAO_TOKEN: ${CO_OPENBAO_TOKEN} @@ -676,25 +676,25 @@ services: volumes: - ./tool/mcc:/app/tool/mcc environment: - SPRING_DATASOURCE_URL: ${CO_COST_DB_URL} - SPRING_DATASOURCE_USERNAME: ${CO_MYSQL_USER} - SPRING_DATASOURCE_PASSWORD: ${CO_MYSQL_PASSWORD} + SPRING_DATASOURCE_URL: ${MC_COST_OPTIMIZER_COST_DB_URL} + SPRING_DATASOURCE_USERNAME: ${MC_COST_OPTIMIZER_MYSQL_USER} + SPRING_DATASOURCE_PASSWORD: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} OPENBAO_ENABLED: ${CO_OPENBAO_ENABLED} OPENBAO_ADDRESS: ${CO_OPENBAO_ADDRESS} OPENBAO_TOKEN: ${CO_OPENBAO_TOKEN} - NCP_CREDENTIAL_IAM_ACCESS_KEY: ${CO_NCP_IAM_ACCESS_KEY} - NCP_CREDENTIAL_IAM_SECRET_KEY: ${CO_NCP_IAM_SECRET_KEY} + NCP_CREDENTIAL_IAM_ACCESS_KEY: ${MC_COST_OPTIMIZER_NCP_IAM_ACCESS_KEY} + NCP_CREDENTIAL_IAM_SECRET_KEY: ${MC_COST_OPTIMIZER_NCP_IAM_SECRET_KEY} - NCP_SERVICE_BATCH_CRON_SCHEDULE: ${CO_NCP_SERVICE_BATCH_CRON_SCHEDULE} - NCP_VM_BATCH_CRON_SCHEDULE: ${CO_NCP_VM_BATCH_CRON_SCHEDULE} + NCP_SERVICE_BATCH_CRON_SCHEDULE: ${MC_COST_OPTIMIZER_NCP_SERVICE_BATCH_CRON_SCHEDULE} + NCP_VM_BATCH_CRON_SCHEDULE: ${MC_COST_OPTIMIZER_NCP_VM_BATCH_CRON_SCHEDULE} - COSTOPTI_ALARMSERVICE_URL: ${CO_ALARM_URL} - COSTOPTI_ASSETCOLLECTOR_URL: ${CO_COST_ASSET_COLLECTOR_URL} - COSTOPTI_COSTCOLLECTOR_URL: ${CO_COST_COLLECTOR_URL} - COSTOPTI_COSTPROCESSOR_URL: ${CO_COST_PROCESSOR_URL} - COSTOPTI_COSTSELECTOR_URL: ${CO_COST_SELECTOR_URL} + COSTOPTI_ALARMSERVICE_URL: ${MC_COST_OPTIMIZER_ALARM_URL} + COSTOPTI_ASSETCOLLECTOR_URL: ${MC_COST_OPTIMIZER_COST_ASSET_COLLECTOR_URL} + COSTOPTI_COSTCOLLECTOR_URL: ${MC_COST_OPTIMIZER_COST_COLLECTOR_URL} + COSTOPTI_COSTPROCESSOR_URL: ${MC_COST_OPTIMIZER_COST_PROCESSOR_URL} + COSTOPTI_COSTSELECTOR_URL: ${MC_COST_OPTIMIZER_COST_SELECTOR_URL} ##timezone setting TZ: Asia/Seoul @@ -717,26 +717,26 @@ services: volumes: - ./tool/mcc:/app/tool/mcc environment: - SPRING_DATASOURCE_URL: ${CO_COST_DB_URL} - SPRING_DATASOURCE_USERNAME: ${CO_MYSQL_USER} - SPRING_DATASOURCE_PASSWORD: ${CO_MYSQL_PASSWORD} + SPRING_DATASOURCE_URL: ${MC_COST_OPTIMIZER_COST_DB_URL} + SPRING_DATASOURCE_USERNAME: ${MC_COST_OPTIMIZER_MYSQL_USER} + SPRING_DATASOURCE_PASSWORD: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} OPENBAO_ENABLED: ${CO_OPENBAO_ENABLED} OPENBAO_ADDRESS: ${CO_OPENBAO_ADDRESS} OPENBAO_TOKEN: ${CO_OPENBAO_TOKEN} - AZURE_CREDENTIAL_TENANT_ID: ${CO_AZURE_TENANT_ID} - AZURE_CREDENTIAL_CLIENT_ID: ${CO_AZURE_CLIENT_ID} - AZURE_CREDENTIAL_CLIENT_SECRET: ${CO_AZURE_CLIENT_SECRET} - AZURE_CREDENTIAL_SUBSCRIPTION_ID: ${CO_AZURE_SUBSCRIPTION_ID} + AZURE_CREDENTIAL_TENANT_ID: ${MC_COST_OPTIMIZER_AZURE_TENANT_ID} + AZURE_CREDENTIAL_CLIENT_ID: ${MC_COST_OPTIMIZER_AZURE_CLIENT_ID} + AZURE_CREDENTIAL_CLIENT_SECRET: ${MC_COST_OPTIMIZER_AZURE_CLIENT_SECRET} + AZURE_CREDENTIAL_SUBSCRIPTION_ID: ${MC_COST_OPTIMIZER_AZURE_SUBSCRIPTION_ID} - AZURE_RIGHTSIZER_BATCH_CRON_SCHEDULE: ${CO_AZURE_VM_RIGHTSIZER_SCHEDULE} + AZURE_RIGHTSIZER_BATCH_CRON_SCHEDULE: ${MC_COST_OPTIMIZER_AZURE_VM_RIGHTSIZER_SCHEDULE} - COSTOPTI_ALARMSERVICE_URL: ${CO_ALARM_URL} - COSTOPTI_ASSETCOLLECTOR_URL: ${CO_COST_ASSET_COLLECTOR_URL} - COSTOPTI_COSTCOLLECTOR_URL: ${CO_COST_COLLECTOR_URL} - COSTOPTI_COSTPROCESSOR_URL: ${CO_COST_PROCESSOR_URL} - COSTOPTI_COSTSELECTOR_URL: ${CO_COST_SELECTOR_URL} + COSTOPTI_ALARMSERVICE_URL: ${MC_COST_OPTIMIZER_ALARM_URL} + COSTOPTI_ASSETCOLLECTOR_URL: ${MC_COST_OPTIMIZER_COST_ASSET_COLLECTOR_URL} + COSTOPTI_COSTCOLLECTOR_URL: ${MC_COST_OPTIMIZER_COST_COLLECTOR_URL} + COSTOPTI_COSTPROCESSOR_URL: ${MC_COST_OPTIMIZER_COST_PROCESSOR_URL} + COSTOPTI_COSTSELECTOR_URL: ${MC_COST_OPTIMIZER_COST_SELECTOR_URL} mc-cost-optimizer-ncp-vm-rightsizer: @@ -757,24 +757,24 @@ services: volumes: - ./tool/mcc:/app/tool/mcc environment: - SPRING_DATASOURCE_URL: ${CO_COST_DB_URL} - SPRING_DATASOURCE_USERNAME: ${CO_MYSQL_USER} - SPRING_DATASOURCE_PASSWORD: ${CO_MYSQL_PASSWORD} + SPRING_DATASOURCE_URL: ${MC_COST_OPTIMIZER_COST_DB_URL} + SPRING_DATASOURCE_USERNAME: ${MC_COST_OPTIMIZER_MYSQL_USER} + SPRING_DATASOURCE_PASSWORD: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} OPENBAO_ENABLED: ${CO_OPENBAO_ENABLED} OPENBAO_ADDRESS: ${CO_OPENBAO_ADDRESS} OPENBAO_TOKEN: ${CO_OPENBAO_TOKEN} - NCP_CREDENTIAL_IAM_ACCESS_KEY: ${CO_NCP_IAM_ACCESS_KEY} - NCP_CREDENTIAL_IAM_SECRET_KEY: ${CO_NCP_IAM_SECRET_KEY} + NCP_CREDENTIAL_IAM_ACCESS_KEY: ${MC_COST_OPTIMIZER_NCP_IAM_ACCESS_KEY} + NCP_CREDENTIAL_IAM_SECRET_KEY: ${MC_COST_OPTIMIZER_NCP_IAM_SECRET_KEY} - AZURE_RIGHTSIZER_BATCH_CRON_SCHEDULE: ${CO_AZURE_VM_RIGHTSIZER_SCHEDULE} + AZURE_RIGHTSIZER_BATCH_CRON_SCHEDULE: ${MC_COST_OPTIMIZER_AZURE_VM_RIGHTSIZER_SCHEDULE} - COSTOPTI_ALARMSERVICE_URL: ${CO_ALARM_URL} - COSTOPTI_ASSETCOLLECTOR_URL: ${CO_COST_ASSET_COLLECTOR_URL} - COSTOPTI_COSTCOLLECTOR_URL: ${CO_COST_COLLECTOR_URL} - COSTOPTI_COSTPROCESSOR_URL: ${CO_COST_PROCESSOR_URL} - COSTOPTI_COSTSELECTOR_URL: ${CO_COST_SELECTOR_URL} + COSTOPTI_ALARMSERVICE_URL: ${MC_COST_OPTIMIZER_ALARM_URL} + COSTOPTI_ASSETCOLLECTOR_URL: ${MC_COST_OPTIMIZER_COST_ASSET_COLLECTOR_URL} + COSTOPTI_COSTCOLLECTOR_URL: ${MC_COST_OPTIMIZER_COST_COLLECTOR_URL} + COSTOPTI_COSTPROCESSOR_URL: ${MC_COST_OPTIMIZER_COST_PROCESSOR_URL} + COSTOPTI_COSTSELECTOR_URL: ${MC_COST_OPTIMIZER_COST_SELECTOR_URL} tumblebug.url: ${CO_TBB_URL} tumblebug.username: ${CO_TBB_USERNAME} tumblebug.password: ${CO_TBB_PW} @@ -790,16 +790,16 @@ services: - mc-web-console-network ports: - target: 8096 - published: ${MC_COST_OPTIMIZER_ML_SCORER_PORT} + published: ${CO_ML_SCORER_PORT} protocol: tcp depends_on: - mc-cost-optimizer-db volumes: - ./tool/mcc:/app/tool/mcc environment: - COST_DB_URL: ${CO_COST_DB_URL} - COST_DB_USERNM: ${CO_MYSQL_USER} - COST_DB_PW: ${CO_MYSQL_PASSWORD} + COST_DB_URL: ${MC_COST_OPTIMIZER_COST_DB_URL} + COST_DB_USERNM: ${MC_COST_OPTIMIZER_MYSQL_USER} + COST_DB_PW: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} SERVER_PORT: 8096 WINDOW_DAYS: ${CO_ML_SCORER_WINDOW_DAYS:-30} healthcheck: @@ -826,9 +826,9 @@ services: condition: service_completed_successfully environment: - ALLOW_EMPTY_PASSWORD=no - - MYSQL_ROOT_PASSWORD=${CO_MYSQL_ROOT_PASSWORD} - - MYSQL_USER=${CO_MYSQL_USER} - - MYSQL_PASSWORD=${CO_MYSQL_PASSWORD} + - MYSQL_ROOT_PASSWORD=${MC_COST_OPTIMIZER_MYSQL_ROOT_PASSWORD} + - MYSQL_USER=${MC_COST_OPTIMIZER_MYSQL_USER} + - MYSQL_PASSWORD=${MC_COST_OPTIMIZER_MYSQL_PASSWORD} command: - --skip-character-set-client-handshake ports: @@ -1162,7 +1162,7 @@ services: mc-observability-manager: image: cloudbaristaorg/mc-observability:edge container_name: mc-observability-manager - restart: on-failure + restart: unless-stopped networks: - mc-observability-network - mc-cost-optimizer-network @@ -1199,7 +1199,7 @@ services: mc-observability-front: image: cloudbaristaorg/mc-observability-front:edge container_name: mc-observability-front - restart: on-failure + restart: unless-stopped networks: - mc-observability-network - mc-infra-manager-network @@ -1211,7 +1211,7 @@ services: mc-observability-infra: image: cloudbaristaorg/mc-observability-infra:edge container_name: mc-observability-infra - restart: on-failure + restart: unless-stopped networks: - mc-observability-network ports: @@ -1297,7 +1297,7 @@ services: mc-observability-maria: image: mariadb:10.11.11 container_name: mc-observability-maria - restart: on-failure + restart: unless-stopped networks: - mc-observability-network ports: @@ -1511,7 +1511,7 @@ services: mc-observability-grafana: image: cloudbaristaorg/mc-observability-grafana:edge container_name: mc-observability-grafana - restart: on-failure + restart: unless-stopped networks: - mc-observability-network ports: From cd468093ad9191b9f9178aad9dbc81c726b9a25c Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 22 Jun 2026 01:38:56 +0000 Subject: [PATCH 5/6] =?UTF-8?q?fix(docker):=20cb-spider/tumblebug=20?= =?UTF-8?q?=EC=9D=B4=EB=AF=B8=EC=A7=80=20=EC=97=85=EB=8D=B0=EC=9D=B4?= =?UTF-8?q?=ED=8A=B8=20=EB=B0=8F=20observability=20healthcheck=20=EC=A1=B0?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit cb-spider 0.12.32, cb-tumblebug 0.12.18로 업그레이드하고 mc-observability-manager healthcheck start_period을 5m으로 설정한다. mc-observability-front depends_on을 service_started로 완화한다. --- conf/docker/docker-compose.yaml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/conf/docker/docker-compose.yaml b/conf/docker/docker-compose.yaml index d2c8a80..67348b6 100644 --- a/conf/docker/docker-compose.yaml +++ b/conf/docker/docker-compose.yaml @@ -23,7 +23,7 @@ services: ##### MC-INFRA-CONNECTOR ######################################################################################################################### mc-infra-connector: - image: cloudbaristaorg/cb-spider:0.12.30 + image: cloudbaristaorg/cb-spider:0.12.32 pull_policy: missing container_name: mc-infra-connector restart: unless-stopped @@ -56,7 +56,7 @@ services: ##### MC-INFRA-MANAGER ######################################################################################################################### mc-infra-manager: - image: cloudbaristaorg/cb-tumblebug:0.12.15 + image: cloudbaristaorg/cb-tumblebug:0.12.18 container_name: mc-infra-manager restart: unless-stopped pull_policy: missing @@ -1194,7 +1194,10 @@ services: - grafana_shared_config:/grafana_config:ro healthcheck: test: [ "CMD", "/app/tool/mcc", "rest", "get", "http://localhost:18080/api/docs" ] - <<: *default-health-check + interval: ${HEALTH_CHECK_INTERVAL:-1m} + timeout: ${HEALTH_CHECK_TIMEOUT:-5s} + retries: ${HEALTH_CHECK_RETRIES:-3} + start_period: 5m mc-observability-front: image: cloudbaristaorg/mc-observability-front:edge @@ -1206,7 +1209,7 @@ services: - mc-infra-connector-network depends_on: mc-observability-manager: - condition: service_healthy + condition: service_started mc-observability-infra: image: cloudbaristaorg/mc-observability-infra:edge From 81cb054c9c65446c09eb5e51889502daa3f5d950 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 22 Jun 2026 04:58:12 +0000 Subject: [PATCH 6/6] =?UTF-8?q?fix(iam):=20FE=20iframe=20URL=20scheme=20?= =?UTF-8?q?=EB=B6=84=EA=B8=B0=20=EB=B0=8F=20data-manager=20nginx=20timeout?= =?UTF-8?q?=20=EB=B3=B4=EA=B0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - localhost/mciam.local은 http, 원격 IP/도메인은 https로 PUBLIC_HOST 변환 - 1_setup_auto.sh FE URL fallback scheme 분기 추가 - mc-observability-front PUBLIC_HOST 변수 .env.setup 추가 - mc-data-manager nginx proxy timeout 60s → 600s --- conf/docker/conf/mc-iam-manager/.env.setup | 2 + .../conf/mc-iam-manager/0_preset_dev.sh | 41 +++++++++++++++++++ .../conf/mc-iam-manager/0_preset_local.sh | 1 + .../conf/mc-iam-manager/1_setup_auto.sh | 14 ++++++- .../conf/mc-iam-manager/nginx.template.conf | 6 +-- .../mc-iam-manager/nginx.template.local.conf | 6 +-- 6 files changed, 62 insertions(+), 8 deletions(-) diff --git a/conf/docker/conf/mc-iam-manager/.env.setup b/conf/docker/conf/mc-iam-manager/.env.setup index 2c9e02c..db67f2c 100644 --- a/conf/docker/conf/mc-iam-manager/.env.setup +++ b/conf/docker/conf/mc-iam-manager/.env.setup @@ -93,3 +93,5 @@ MC_DATA_MANAGER_PROXY_PORT=3300 MC_DATA_MANAGER_PUBLIC_HOST=https://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:${MC_DATA_MANAGER_PROXY_PORT} MC_APPLICATION_MANAGER_PROXY_PORT=18084 MC_APPLICATION_MANAGER_PUBLIC_HOST=https://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:${MC_APPLICATION_MANAGER_PROXY_PORT} +MC_OBSERVABILITY_FRONT_PROXY_PORT=18081 +MC_OBSERVABILITY_FRONT_PUBLIC_HOST=https://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:${MC_OBSERVABILITY_FRONT_PROXY_PORT} diff --git a/conf/docker/conf/mc-iam-manager/0_preset_dev.sh b/conf/docker/conf/mc-iam-manager/0_preset_dev.sh index 3ba12b5..78cac1d 100755 --- a/conf/docker/conf/mc-iam-manager/0_preset_dev.sh +++ b/conf/docker/conf/mc-iam-manager/0_preset_dev.sh @@ -10,6 +10,7 @@ echo "PROJECT_ROOT: $PROJECT_ROOT" # .env file path ENV_FILE="${PROJECT_ROOT}/.env" +IAM_ENV_FILE="${SCRIPT_DIR}/.env" # Certificate output path (same structure as Let's Encrypt) @@ -134,6 +135,46 @@ echo " DATABASE_USER: $MC_IAM_MANAGER_DATABASE_USER" echo " DATABASE_HOST: $MC_IAM_MANAGER_DATABASE_HOST" echo " MC_IAM_MANAGER_PORT: $MC_IAM_MANAGER_PORT" +# ============================================================================= +# Rewrite PUBLIC_HOST variables from http:// to https:// for remote IP/domain +# ============================================================================= + +_sedi() { + if [[ "$(uname)" == "Darwin" ]]; then + sed -i '' "$@" + else + sed -i "$@" + fi +} + +rewrite_http_to_https() { + local env_file="$1" + if [ ! -f "$env_file" ]; then + return 0 + fi + echo "Rewriting http:// → https:// in ${env_file##*/conf/docker/}..." + + local vars=( + "MC_IAM_MANAGER_PUBLIC_HOST" + "MC_OBSERVABILITY_FRONT_PUBLIC_HOST" + "MC_OBSERVABILITY_GRAFANA_PUBLIC_HOST" + "MC_COST_OPTIMIZER_FE_PUBLIC_HOST" + "MC_WORKFLOW_MANAGER_PUBLIC_HOST" + "MC_DATA_MANAGER_PUBLIC_HOST" + "MC_APPLICATION_MANAGER_PUBLIC_HOST" + ) + + for var in "${vars[@]}"; do + if grep -qE "^${var}=http://" "$env_file"; then + _sedi "s|^${var}=http://|${var}=https://|" "$env_file" + echo " ✓ ${var}: http:// → https://" + fi + done +} + +rewrite_http_to_https "$ENV_FILE" +rewrite_http_to_https "$IAM_ENV_FILE" + # Define certificate directory based on PUBLIC_DOMAIN (same structure as Let's Encrypt) CERT_DIR="${CERT_PARENT_DIR}/certs/live/${MC_IAM_MANAGER_PUBLIC_DOMAIN}" diff --git a/conf/docker/conf/mc-iam-manager/0_preset_local.sh b/conf/docker/conf/mc-iam-manager/0_preset_local.sh index 986a895..0cbfd2b 100755 --- a/conf/docker/conf/mc-iam-manager/0_preset_local.sh +++ b/conf/docker/conf/mc-iam-manager/0_preset_local.sh @@ -110,6 +110,7 @@ rewrite_https_to_http() { local vars=( "MC_IAM_MANAGER_PUBLIC_HOST" + "MC_OBSERVABILITY_FRONT_PUBLIC_HOST" "MC_OBSERVABILITY_GRAFANA_PUBLIC_HOST" "MC_COST_OPTIMIZER_FE_PUBLIC_HOST" "MC_WORKFLOW_MANAGER_PUBLIC_HOST" diff --git a/conf/docker/conf/mc-iam-manager/1_setup_auto.sh b/conf/docker/conf/mc-iam-manager/1_setup_auto.sh index eea3840..efad4ef 100755 --- a/conf/docker/conf/mc-iam-manager/1_setup_auto.sh +++ b/conf/docker/conf/mc-iam-manager/1_setup_auto.sh @@ -466,10 +466,20 @@ register_framework_services() { update_public_service_urls() { echo "Updating framework service URLs to public-accessible addresses..." + _public_fe_scheme() { + case "${MC_IAM_MANAGER_PUBLIC_DOMAIN:-}" in + localhost|127.0.0.1|mciam.local) echo "http" ;; + *) echo "https" ;; + esac + } + + local public_scheme + public_scheme=$(_public_fe_scheme) + # mc-cost-optimizer-fe: replace the internal container URL (http://mc-cost-optimizer-fe:7780) - # with the nginx HTTPS proxy URL accessible directly from the browser. + # with the nginx proxy URL accessible directly from the browser. # /api/getapihosts returns this value as the iframe src in MCIAM_USE=true environments. - local cost_fe_public_url="${MC_COST_OPTIMIZER_FE_PUBLIC_HOST:-http://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:${MC_COST_OPTIMIZER_FE_PROXY_PORT}}" + local cost_fe_public_url="${MC_COST_OPTIMIZER_FE_PUBLIC_HOST:-${public_scheme}://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:${MC_COST_OPTIMIZER_FE_PROXY_PORT}}" # mc-cost-optimizer-fe is not in the upstream api.yaml, so attempt registration first (idempotent) local reg_body diff --git a/conf/docker/conf/mc-iam-manager/nginx.template.conf b/conf/docker/conf/mc-iam-manager/nginx.template.conf index 87e43d1..859386b 100644 --- a/conf/docker/conf/mc-iam-manager/nginx.template.conf +++ b/conf/docker/conf/mc-iam-manager/nginx.template.conf @@ -309,9 +309,9 @@ http { proxy_hide_header X-Frame-Options; add_header Content-Security-Policy "frame-ancestors https://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:3001 https://${MC_IAM_MANAGER_PUBLIC_DOMAIN}" always; - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; + proxy_connect_timeout 600s; + proxy_send_timeout 600s; + proxy_read_timeout 600s; } } diff --git a/conf/docker/conf/mc-iam-manager/nginx.template.local.conf b/conf/docker/conf/mc-iam-manager/nginx.template.local.conf index 848721a..4b716f8 100644 --- a/conf/docker/conf/mc-iam-manager/nginx.template.local.conf +++ b/conf/docker/conf/mc-iam-manager/nginx.template.local.conf @@ -229,9 +229,9 @@ http { proxy_hide_header X-Frame-Options; add_header Content-Security-Policy "frame-ancestors http://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:3001 http://${MC_IAM_MANAGER_PUBLIC_DOMAIN}" always; - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; + proxy_connect_timeout 600s; + proxy_send_timeout 600s; + proxy_read_timeout 600s; } }