Docker Swarm Deployment Validation

Self Hosted Retool
1

Hello,

The current docker-compose file retool-onpremise/docker-compose.yml at master · tryretool/retool-onpremise · GitHub provided by retool teams does not support the docker stack deployment.

The stack deployment allows us to deploy individual services to targeted nodes, so I created a new compose YML behind the traefik reverse proxy. Today successfully deployed the current version 2.121.2 to our in-house swarm cluster.

version: '3.8'
services:
  api:
    image: registry.gitlab.com/my-org/tools/docker/images/retool-onpremise:latest
    environment:
      - SERVICE_TYPE=MAIN_BACKEND
      - DB_CONNECTOR_HOST=http://db-connector
      - DB_CONNECTOR_PORT=3002
      - DB_SSH_CONNECTOR_HOST=http://db-ssh-connector
      - DB_SSH_CONNECTOR_PORT=3002
      - NODE_ENV=production
      - JWT_SECRET=
      - POSTGRES_DB=hammerhead_production
      - POSTGRES_USER=retool_internal_user
      - POSTGRES_HOST=postgres
      - POSTGRES_PORT=5432
      - POSTGRES_PASSWORD=
      - COOKIE_INSECURE=true
      - LICENSE_KEY=
      - HTTP_PROXY=
      - HTTPS_PROXY=
    networks:
        - traefik-public
        - traefik-private      
    command: bash -c "./docker_scripts/wait-for-it.sh postgres:5432; ./docker_scripts/start_api.sh"
    volumes:
      - /home/appuser/data/docker/volumes/retool_data/keys:/root/.ssh
      - /home/appuser/data/docker/volumes/retool_data/ssh:/retool_backend/autogen_ssh_keys
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints:
          - node.role == worker
      labels:
        - traefik.enable=true
        - traefik.docker.network=traefik-public
        - traefik.http.routers.retool.rule=Host(`retool.example.com`)
        - traefik.http.routers.retool.entrypoints=web
        - traefik.http.services.retool.loadbalancer.server.port=3000             
  jobs-runner:
    image: registry.gitlab.com/my-org/tools/docker/images/retool-onpremise:latest
    environment:
      - SERVICE_TYPE=JOBS_RUNNER
      - NODE_ENV=production
      - JWT_SECRET=
      - POSTGRES_DB=hammerhead_production
      - POSTGRES_USER=retool_internal_user
      - POSTGRES_HOST=postgres
      - POSTGRES_PORT=5432
      - POSTGRES_PASSWORD=
      - COOKIE_INSECURE=true
      - LICENSE_KEY=
      - HTTP_PROXY=
      - HTTPS_PROXY=      
    networks:
        - traefik-private
    command: bash -c "chmod -R +x ./docker_scripts; sync; ./docker_scripts/wait-for-it.sh postgres:5432; ./docker_scripts/start_api.sh"
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints:
          - node.role == worker 
  db-connector:
    image: registry.gitlab.com/my-org/tools/docker/images/retool-onpremise:latest
    command: bash -c "./retool_backend"
    environment:
      - SERVICE_TYPE=DB_CONNECTOR_SERVICE
      - NODE_ENV=production
      - JWT_SECRET=
      - POSTGRES_DB=hammerhead_production
      - POSTGRES_USER=retool_internal_user
      - POSTGRES_HOST=postgres
      - POSTGRES_PORT=5432
      - POSTGRES_PASSWORD=
      - COOKIE_INSECURE=true
      - LICENSE_KEY=
      - HTTP_PROXY=
      - HTTPS_PROXY=      
    networks:
        - traefik-private
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints:
          - node.role == worker
  db-ssh-connector:
    image: registry.gitlab.com/my-org/tools/docker/images/retool-onpremise:latest
    command: bash -c "./docker_scripts/generate_key_pair.sh; ./retool_backend"
    environment:
      - SERVICE_TYPE=DB_SSH_CONNECTOR_SERVICE
      - NODE_ENV=production
      - JWT_SECRET=
      - POSTGRES_DB=hammerhead_production
      - POSTGRES_USER=retool_internal_user
      - POSTGRES_HOST=postgres
      - POSTGRES_PORT=5432
      - POSTGRES_PASSWORD=
      - COOKIE_INSECURE=true
      - LICENSE_KEY=
      - HTTP_PROXY=
      - HTTPS_PROXY=      
    networks:
        - traefik-private      
    volumes:
      - /home/appuser/data/docker/volumes/retool_data/ssh:/retool_backend/autogen_ssh_keys
      - /home/appuser/data/docker/volumes/retool_data/keys:/retool_backend/keys
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints:
          - node.role == worker 
  postgres:
    image: 'postgres:9.6.5'
    environment:
      - NODE_ENV=production
      - JWT_SECRET=
      - POSTGRES_DB=hammerhead_production
      - POSTGRES_USER=retool_internal_user
      - POSTGRES_HOST=postgres
      - POSTGRES_PORT=5432
      - POSTGRES_PASSWORD=
      - COOKIE_INSECURE=true
      - LICENSE_KEY=
      - HTTP_PROXY=
      - HTTPS_PROXY=    
    networks:
        - traefik-private
    volumes:
      - /home/appuser/data/docker/volumes/retool_data/postgres:/var/lib/postgresql/data
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints:
          - node.role == worker
networks:
  traefik-public:
    external: true
  traefik-private:
    external: true

My docker environment variables looks

JWT_SECRET=randomstring
POSTGRES_PASSWORD=randomstring
LICENSE_KEY=SSOP_XXXXXXXXXXXXXX
HTTP_PROXY=http://example.com:3128
HTTPS_PROXY=http://example.com:3128

Though the stack deployment is working fine, as this is a customized deployment for our own needs. Am I missing any potential steps in this setup?

2

Hey @dvelusamy, thanks for sharing this!

I checked in with a teammate and this looks fine from our end. That does come with a caveat though: there are a bunch of different setups in which it's possible to deploy Retool and we haven't tried all of them. It's awesome when folks find and share new ways to deploy and we're happy to explore them with yall!