letsbe
/
LetsBeBiz-Redesign
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
LetsBeBiz-Redesign/letsbe-ansible-runner/stacks/sysadmin/docker-compose.yml

159 lines
4.9 KiB
YAML
Raw Permalink Blame History

services:
agent:
image: code.letsbe.solutions/letsbe/sysadmin-agent:latest
container_name: {{ customer }}-agent
# Join orchestrator network for container-to-container communication
networks:
- {{ customer }}-orchestrator
# Enable host.docker.internal on Linux (for accessing host services)
extra_hosts:
- "host.docker.internal:host-gateway"
environment:
# Required: Orchestrator connection
# In LOCAL_MODE, connect via shared Docker network
- ORCHESTRATOR_URL=http://{{ customer }}-orchestrator-api:8000
# ============================================================
# AUTHENTICATION - Supports two modes (choose one)
# ============================================================
# LOCAL_MODE: Single-tenant local deployment
# When LOCAL_MODE=true, agent uses LOCAL_AGENT_KEY to register
# via the /register-local endpoint (Phase 2 secure flow)
- LOCAL_MODE=true
- LOCAL_AGENT_KEY={{ local_agent_key }}
# Multi-tenant mode: Registration token from orchestrator
# When LOCAL_MODE=false (default), agent uses REGISTRATION_TOKEN
# to register via the standard /register endpoint
# This token is obtained from the orchestrator's registration-tokens API
- REGISTRATION_TOKEN={{ sysadmin_registration_token }}
# Note: After first registration, credentials are persisted to
# ~/.letsbe-agent/credentials.json and tokens are no longer needed
# ============================================================
# Timing (seconds)
- HEARTBEAT_INTERVAL=${HEARTBEAT_INTERVAL:-30}
- POLL_INTERVAL=${POLL_INTERVAL:-5}
# Logging
- LOG_LEVEL=${LOG_LEVEL:-INFO}
- LOG_JSON=${LOG_JSON:-true}
# Resilience
- MAX_CONCURRENT_TASKS=${MAX_CONCURRENT_TASKS:-3}
- BACKOFF_BASE=${BACKOFF_BASE:-1.0}
- BACKOFF_MAX=${BACKOFF_MAX:-60.0}
- CIRCUIT_BREAKER_THRESHOLD=${CIRCUIT_BREAKER_THRESHOLD:-5}
- CIRCUIT_BREAKER_COOLDOWN=${CIRCUIT_BREAKER_COOLDOWN:-300}
# Security
- ALLOWED_FILE_ROOT=${ALLOWED_FILE_ROOT:-/opt/letsbe}
- MAX_FILE_SIZE=${MAX_FILE_SIZE:-10485760}
- SHELL_TIMEOUT=${SHELL_TIMEOUT:-60}
# Playwright browser automation
- PLAYWRIGHT_ARTIFACTS_DIR=/opt/letsbe/playwright-artifacts
- PLAYWRIGHT_DEFAULT_TIMEOUT_MS=60000
- PLAYWRIGHT_NAVIGATION_TIMEOUT_MS=120000
# MCP Browser Sidecar connection (for LLM-driven browser control)
- MCP_BROWSER_URL=http://mcp-browser:8931
- MCP_BROWSER_API_KEY={{ mcp_browser_api_key }}
volumes:
# Docker socket for container management
- /var/run/docker.sock:/var/run/docker.sock:ro
# Host directory mounts for real infrastructure access
- /opt/letsbe/env:/opt/letsbe/env
- /opt/letsbe/stacks:/opt/letsbe/stacks
- /opt/letsbe/nginx:/opt/letsbe/nginx
# Credential persistence (survives restarts without re-registration)
- agent_home:/home/agent/.letsbe-agent
# Playwright artifacts storage
- playwright_artifacts:/opt/letsbe/playwright-artifacts
# Security options for Chromium sandboxing
security_opt:
- seccomp=./chromium-seccomp.json
# Run as root for Docker socket access
# TODO: Use Docker group membership instead for better security
user: root
restart: unless-stopped
# Resource limits (increased for Playwright browser automation)
deploy:
resources:
limits:
cpus: '1.5'
memory: 1G
reservations:
cpus: '0.25'
memory: 256M
mcp-browser:
image: code.letsbe.solutions/letsbe/mcp-browser:latest
container_name: {{ customer }}-mcp-browser
# Join orchestrator network (shared with agent)
networks:
- {{ customer }}-orchestrator
environment:
# Session limits
- MAX_SESSIONS=${MAX_SESSIONS:-3}
- IDLE_TIMEOUT_SECONDS=${IDLE_TIMEOUT_SECONDS:-300}
- MAX_SESSION_LIFETIME_SECONDS=${MAX_SESSION_LIFETIME_SECONDS:-1800}
- MAX_ACTIONS_PER_SESSION=${MAX_ACTIONS_PER_SESSION:-50}
# Logging
- LOG_LEVEL=${LOG_LEVEL:-INFO}
- LOG_JSON=${LOG_JSON:-true}
# Screenshots
- SCREENSHOTS_DIR=/screenshots
# Authentication
- API_KEY={{ mcp_browser_api_key }}
volumes:
# Screenshots storage
- mcp_screenshots:/screenshots
# Security options for Chromium sandboxing
security_opt:
- seccomp=./chromium-seccomp.json
restart: unless-stopped
# Resource limits for browser automation
deploy:
resources:
limits:
cpus: '1.5'
memory: 1G
reservations:
cpus: '0.25'
memory: 256M
volumes:
agent_home:
name: {{ customer }}-agent-home
playwright_artifacts:
name: {{ customer }}-playwright-artifacts
mcp_screenshots:
name: {{ customer }}-mcp-screenshots
networks:
{{ customer }}-orchestrator:
external: true
Reference in New Issue View Git Blame Copy Permalink