From 27df3e90d8abd82e1ac4a0b9ce6d45985a753c6a Mon Sep 17 00:00:00 2001 From: gabriel petry <24570030+gabrielpetry@users.noreply.github.com> Date: Wed, 18 Feb 2026 12:42:17 -0300 Subject: [PATCH 1/5] Split mongodb and NATS --- compose.database.yml => compose.mongodb.yml | 50 +++------------------ compose.nats.yml | 40 +++++++++++++++++ 2 files changed, 47 insertions(+), 43 deletions(-) rename compose.database.yml => compose.mongodb.yml (79%) create mode 100644 compose.nats.yml diff --git a/compose.database.yml b/compose.mongodb.yml similarity index 79% rename from compose.database.yml rename to compose.mongodb.yml index 528220b..e377529 100644 --- a/compose.database.yml +++ b/compose.mongodb.yml @@ -1,40 +1,4 @@ services: - nats: - image: docker.io/nats:${NATS_VERSION:-2.11-alpine} - restart: always - expose: - - 4222 - - 8222 - - 6222 - # healthcheck: - # test: ["CMD", "nc", "-zv", "-w", "10", "nats", "4222"] - # interval: 30s - # timeout: 10s - # retries: 10 - # start_period: 30s - command: --http_port 8222 - ports: - - "${NATS_BIND_IP:-127.0.0.1}:${NATS_PORT_NUMBER:-4222}:4222" - logging: - driver: "journald" - options: - tag: "${COMPOSE_PROJECT_NAME:-rocketchat}#nats#{{.Name}}" - - nats-exporter: - image: docker.io/natsio/prometheus-nats-exporter:${NATS_EXPORTER_VERSION:-0.17.3} - depends_on: - - nats - expose: - - 7777 - command: - - -healthz - - -varz - - "http://nats:8222" - logging: - driver: "journald" - options: - tag: "${COMPOSE_PROJECT_NAME:-rocketchat}#nats-exporter#{{.Name}}" - mongodb-fix-permission-container: image: docker.io/mongodb/mongodb-community-server:${MONGODB_VERSION:-8.2}-ubi8 restart: on-failure @@ -86,7 +50,7 @@ services: mongosh "$$MONGODB_URI" --eval "rs.initiate({_id: \"$$MONGODB_REPLICA_SET_NAME\", members: [{ _id: 0, host: \"$$MONGODB_ADVERTISED_HOSTNAME:$$MONGODB_PORT_NUMBER\" }]})"; echo "=====> Initiating ReplSet done..."; ' - + mongodb: image: docker.io/mongodb/mongodb-community-server:${MONGODB_VERSION:-8.2}-ubi8 restart: always @@ -124,11 +88,11 @@ services: tag: "${COMPOSE_PROJECT_NAME:-rocketchat}#mongodb#{{.Name}}" healthcheck: test: - - CMD - - mongosh - - "mongodb://${MONGODB_ADVERTISED_HOSTNAME:-mongodb}:${MONGODB_PORT_NUMBER:-27017}/?directConnection=true" - - --eval - - "\"db.adminCommand('ping')\"" + - CMD + - mongosh + - "mongodb://${MONGODB_ADVERTISED_HOSTNAME:-mongodb}:${MONGODB_PORT_NUMBER:-27017}/?directConnection=true" + - --eval + - '"db.adminCommand(''ping'')"' interval: 30s timeout: 10s retries: 10 @@ -152,4 +116,4 @@ services: tag: "${COMPOSE_PROJECT_NAME:-rocketchat}#mongodb-exporter#{{.Name}}" volumes: - mongodb_data: {driver: local} + mongodb_data: { driver: local } diff --git a/compose.nats.yml b/compose.nats.yml new file mode 100644 index 0000000..6fa1564 --- /dev/null +++ b/compose.nats.yml @@ -0,0 +1,40 @@ +services: + nats: + image: docker.io/nats:${NATS_VERSION:-2.11-alpine} + restart: always + expose: + - 4222 + - 8222 + - 6222 + # healthcheck: + # test: ["CMD", "nc", "-zv", "-w", "10", "nats", "4222"] + # interval: 30s + # timeout: 10s + # retries: 10 + # start_period: 30s + command: --http_port 8222 + ports: + - "${NATS_BIND_IP:-127.0.0.1}:${NATS_PORT_NUMBER:-4222}:4222" + logging: + driver: "journald" + options: + tag: "${COMPOSE_PROJECT_NAME:-rocketchat}#nats#{{.Name}}" + + nats-exporter: + image: docker.io/natsio/prometheus-nats-exporter:${NATS_EXPORTER_VERSION:-0.17.3} + depends_on: + - nats + expose: + - 7777 + command: + - -healthz + - -varz + - "http://nats:8222" + logging: + driver: "journald" + options: + tag: "${COMPOSE_PROJECT_NAME:-rocketchat}#nats-exporter#{{.Name}}" + +volumes: + nats_data: + driver: local From 6133cb05473e4ac0e65214d198761de2ba4cdcb2 Mon Sep 17 00:00:00 2001 From: gabriel petry <24570030+gabrielpetry@users.noreply.github.com> Date: Wed, 18 Feb 2026 12:42:28 -0300 Subject: [PATCH 2/5] Include a helper script --- run | 129 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100644 run diff --git a/run b/run new file mode 100644 index 0000000..5ad3b80 --- /dev/null +++ b/run @@ -0,0 +1,129 @@ +#!/usr/bin/env bash + +set -euo pipefail +export VERBOSE +VERBOSE="" +# Color Definitions +RESTORE=$(tput sgr0) +RED=$(tput setaf 1) +YELLOW=$(tput setaf 3) +GREEN=$(tput setaf 2) +CYAN=$(tput setaf 6) +# Logging Functions +log:info() { + echo -e "${GREEN}[INFO]${RESTORE} $(date +'%H:%M:%S') - $1" +} + +log:debug() { + # Only prints if DEBUG environment variable is set + if [[ "${VERBOSE}" == "true" ]]; then + # debug will output to stderr, so we can log while capturing the stdout + # without breaking + echo -e "${CYAN}[DEBUG]${RESTORE} $(date +'%H:%M:%S') - ${*}" >&2 + fi +} + +log:warn() { + echo -e "${YELLOW}[WARN]${RESTORE} $(date +'%H:%M:%S') - ${*}" +} + +log:raise() { + echo -e "${RED}[ERROR]${RESTORE} $(date +'%H:%M:%S') - ${*}" >&2 + exit 1 +} + +# store the root dir as a variable +here="$(dirname "$(readlink -f "${0}")")" + +# We use our own variable to avoid conflicting with COMPOSE_FILE, or COMPOSE_PROFILES +# Older versions might not recognize it, so we try our best to avoid confusion +ROCKETCHAT_COMPOSE_FILES="" + +add_compose_file() { + export ROCKETCHAT_COMPOSE_FILES + log:debug "Adding to compose files: ${1}" + ROCKETCHAT_COMPOSE_FILES="${ROCKETCHAT_COMPOSE_FILES} -f ${1}" +} + +add_compose_file "${here}/compose.yml" +add_compose_file "${here}/compose.mongodb.yml" +add_compose_file "${here}/compose.nats.yml" +add_compose_file "${here}/compose.monitoring.yml " +add_compose_file "${here}/compose.traefik.yml" + +profiles() { + export ROCKETCHAT_COMPOSE_FILES + # reset ROCKETCHAT_COMPOSE_FILES and use the provided by the user + ROCKETCHAT_COMPOSE_FILES="" + profiles_string="$(echo "$1" | tr ',' '\n')" + while read -r profile; do + if [[ "${profile}" == "rocketchat" ]] || [[ "${profile}" == "rc" ]]; then + # keep rc name for compatibility reasons + file="${here}/compose.yml" + else + file="${here}/compose.${profile}.yml" + fi + + test -f "${file}" || + log:raise "Error loading profile ${profile}\n ${file} not found " + + add_compose_file "$file" + done <<<"$profiles_string" +} + +podman() { + # we prefer using podman-compose if that the plugin used + if type podman-compose >/dev/null 2>&1; then + echo "podman-compose" + else + echo "podman compose" + fi +} + +compose() { + local cmd + export ROCKETCHAT_COMPOSE_FILES + if type docker >/dev/null 2>&1; then + cmd="docker compose" + elif type podman >/dev/null 2>&1; then + cmd="$(podman)" + else + msg="No container runner found in \$PATH\n" + msg="$msg please check your docker or podman installations" + log:raise "$msg" + fi + + log:debug "Using compose files" + log:debug "${ROCKETCHAT_COMPOSE_FILES}" + log:debug "Running command:" + log:debug "${cmd} ${*}" + # we need the word spliting here, and it's safe because we validated previously + # shellcheck disable=SC2086 + ${cmd} ${ROCKETCHAT_COMPOSE_FILES} "$@" +} + +for ((i = 1; i <= $#; )); do + arg="${!i}" + case "$arg" in + -v | --verbose) + VERBOSE=true + shift + ;; + -vv | --extra-verbose) + set -x + shift + ;; + -p | --profiles | --profile) + profiles "${2}" + shift 2 + ;; + compose) + shift + compose "$@" + shift "$#" # clear all args + ;; + *) + log:raise "Invalid args ${*}" + ;; + esac +done From ecd7ca87121b1b37a4adf26617fc8c2331fd9f8f Mon Sep 17 00:00:00 2001 From: gabriel petry <24570030+gabrielpetry@users.noreply.github.com> Date: Wed, 18 Feb 2026 13:22:53 -0300 Subject: [PATCH 3/5] reorganize the override for runners --- compose.mongodb.yml | 2 - compose.monitoring.yml | 4 -- compose.nats.yml | 7 +- docker.yml | 7 -- overrides/docker/compose.monitoring.yml | 5 ++ overrides/docker/compose.yml | 8 +++ .../podman-rootful/compose.monitoring.yml | 7 ++ .../podman-rootless/compose.monitoring.yml | 7 ++ podman-rootful.yml | 23 ------ run | 71 ++++++++++++------- 10 files changed, 78 insertions(+), 63 deletions(-) create mode 100644 overrides/docker/compose.monitoring.yml create mode 100644 overrides/docker/compose.yml create mode 100644 overrides/podman-rootful/compose.monitoring.yml create mode 100644 overrides/podman-rootless/compose.monitoring.yml delete mode 100644 podman-rootful.yml diff --git a/compose.mongodb.yml b/compose.mongodb.yml index 854e687..279eb11 100644 --- a/compose.mongodb.yml +++ b/compose.mongodb.yml @@ -93,8 +93,6 @@ services: timeout: 10s retries: 10 start_period: 30s - ports: - - "${MONGODB_BIND_IP:-127.0.0.1}:${MONGODB_PORT_NUMBER:-27017}:${MONGODB_PORT_NUMBER:-27017}" mongodb-exporter: image: docker.io/percona/mongodb_exporter:${MONGODB_EXPORTER_VERSION:-0.44.0} diff --git a/compose.monitoring.yml b/compose.monitoring.yml index e58c069..95024b8 100644 --- a/compose.monitoring.yml +++ b/compose.monitoring.yml @@ -15,8 +15,6 @@ services: - --storage.tsdb.retention.time=${PROMETHEUS_RETENTION_TIME:-15d} expose: - 9090 - ports: - - ${PROMETHEUS_LISTEN_ADDR:-127.0.0.1}:${PROMETHEUS_PORT:-9090}:9090 volumes: - prometheus_tsdb:/prometheus:rw - ./files/prometheus:/etc/prometheus:Z @@ -81,8 +79,6 @@ services: restart: always expose: - 3000 - ports: - - "${GRAFANA_BIND_IP:-0.0.0.0}:${GRAFANA_HOST_PORT:-5050}:3000" volumes: - grafana_data:/var/lib/grafana:Z - ./files/grafana/dashboards:/dashboards:Z diff --git a/compose.nats.yml b/compose.nats.yml index 6fa1564..01dfc6e 100644 --- a/compose.nats.yml +++ b/compose.nats.yml @@ -12,9 +12,10 @@ services: # timeout: 10s # retries: 10 # start_period: 30s - command: --http_port 8222 - ports: - - "${NATS_BIND_IP:-127.0.0.1}:${NATS_PORT_NUMBER:-4222}:4222" + command: --http_port 8222 -js -sd /data + # In docker this won't have many replicas, so restart is complety data loss + volumes: + - nats_data:/data logging: driver: "journald" options: diff --git a/docker.yml b/docker.yml index f964d3a..f1b15fe 100644 --- a/docker.yml +++ b/docker.yml @@ -11,10 +11,3 @@ services: - /var/run/docker.sock:/var/run/docker.sock:ro - /var/lib/docker/containers:/hostfs/storage:ro - rocketchat: - healthcheck: - test: ["CMD", "nc", "-zv", "-w", "10", "rocketchat", "${PORT:-3000}"] - interval: 30s - timeout: 10s - retries: 10 - start_period: 30s diff --git a/overrides/docker/compose.monitoring.yml b/overrides/docker/compose.monitoring.yml new file mode 100644 index 0000000..5c04245 --- /dev/null +++ b/overrides/docker/compose.monitoring.yml @@ -0,0 +1,5 @@ +services: + opentelemetry-logs-collector: + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - /var/lib/docker/containers:/hostfs/storage:ro diff --git a/overrides/docker/compose.yml b/overrides/docker/compose.yml new file mode 100644 index 0000000..54b61fc --- /dev/null +++ b/overrides/docker/compose.yml @@ -0,0 +1,8 @@ +services: + rocketchat: + healthcheck: + test: ["CMD", "nc", "-zv", "-w", "10", "rocketchat", "${PORT:-3000}"] + interval: 30s + timeout: 10s + retries: 10 + start_period: 30s diff --git a/overrides/podman-rootful/compose.monitoring.yml b/overrides/podman-rootful/compose.monitoring.yml new file mode 100644 index 0000000..07e6547 --- /dev/null +++ b/overrides/podman-rootful/compose.monitoring.yml @@ -0,0 +1,7 @@ +services: + opentelemetry-logs-collector: + security_opt: + - label=disable + volumes: + - /var/run/podman/podman.sock:/var/run/docker.sock:Z + - /var/lib/containers/storage/overlay-containers:/hostfs/storage:Z diff --git a/overrides/podman-rootless/compose.monitoring.yml b/overrides/podman-rootless/compose.monitoring.yml new file mode 100644 index 0000000..6412a24 --- /dev/null +++ b/overrides/podman-rootless/compose.monitoring.yml @@ -0,0 +1,7 @@ +services: + opentelemetry-logs-collector: + security_opt: + - label=disable + volumes: + - ${XDG_RUNTIME_DIR}/podman/podman.sock:/var/run/docker.sock:Z + - ${HOME}/.local/share/containers/storage/overlay-containers:/hostfs/storage:Z diff --git a/podman-rootful.yml b/podman-rootful.yml deleted file mode 100644 index 15bc5c9..0000000 --- a/podman-rootful.yml +++ /dev/null @@ -1,23 +0,0 @@ -####################################################################### -# podman-rootful.yml -# -# Compose file for running Rocket.Chat stack with Podman in rootful mode. -# -# Use this file ONLY if your Podman setup requires rootful operation. -# Rootless Podman is recommended for most users (see README). -# -# This file configures additional security options and mounts required -# for rootful Podman compatibility, especially for log collection. -# -# Usage example: -# podman-compose -f compose.monitoring.yml -f compose.traefik.yml -f compose.database.yml -f compose.yml -f podman-rootful.yml up -d -# -# For rootless mode, use podman.yml instead. -####################################################################### -services: - opentelemetry-logs-collector: - security_opt: - - label=disable - volumes: - - /var/run/podman/podman.sock:/var/run/docker.sock:Z - - /var/lib/containers/storage/overlay-containers:/hostfs/storage:Z diff --git a/run b/run index 5ad3b80..79f753d 100644 --- a/run +++ b/run @@ -51,57 +51,80 @@ add_compose_file "${here}/compose.nats.yml" add_compose_file "${here}/compose.monitoring.yml " add_compose_file "${here}/compose.traefik.yml" +OVERRIDES_DIR="" +RUNNER_CMD="" + +get_runner_config() { + export OVERRIDES_DIR + export RUNNER_CMD + if type docker >/dev/null 2>&1; then + RUNNER_CMD="docker compose" + OVERRIDES_DIR="overrides/docker" + elif type podman >/dev/null 2>&1; then + if type podman-compose >/dev/null 2>&1; then + RUNNER_CMD="podman-compose" + else + RUNNER_CMD="podman compose" + fi + + OVERRIDES_DIR="overrides/podman-rootful" + podman info --format '{{.Host.Security.Rootless}}' 2>/dev/null | grep -q "true" || + OVERRIDES_DIR="overrides/podman-rootless" + else + msg="No container runner found in \$PATH\n" + msg="$msg please check your docker or podman installations" + log:raise "$msg" + fi +} + profiles() { export ROCKETCHAT_COMPOSE_FILES + export OVERRIDES_DIR # reset ROCKETCHAT_COMPOSE_FILES and use the provided by the user ROCKETCHAT_COMPOSE_FILES="" profiles_string="$(echo "$1" | tr ',' '\n')" while read -r profile; do + [[ -z "${profile}" ]] && + continue + + base_name="compose.${profile}.yml" + if [[ "${profile}" == "rocketchat" ]] || [[ "${profile}" == "rc" ]]; then # keep rc name for compatibility reasons - file="${here}/compose.yml" - else - file="${here}/compose.${profile}.yml" + base_name="compose.yml" fi + file="${here}/${base_name}" + test -f "${file}" || log:raise "Error loading profile ${profile}\n ${file} not found " add_compose_file "$file" - done <<<"$profiles_string" -} -podman() { - # we prefer using podman-compose if that the plugin used - if type podman-compose >/dev/null 2>&1; then - echo "podman-compose" - else - echo "podman compose" - fi + override_file="${here}/${OVERRIDES_DIR}/${base_name}" + if test -f "${override_file}"; then + log:info "Found override for ${base_name} in: ${override_file}, loading it" + add_compose_file "$override_file" + fi + + done <<<"$profiles_string" } compose() { - local cmd export ROCKETCHAT_COMPOSE_FILES - if type docker >/dev/null 2>&1; then - cmd="docker compose" - elif type podman >/dev/null 2>&1; then - cmd="$(podman)" - else - msg="No container runner found in \$PATH\n" - msg="$msg please check your docker or podman installations" - log:raise "$msg" - fi log:debug "Using compose files" log:debug "${ROCKETCHAT_COMPOSE_FILES}" log:debug "Running command:" - log:debug "${cmd} ${*}" + log:debug "${RUNNER_CMD} ${ROCKETCHAT_COMPOSE_FILES} ${*}" # we need the word spliting here, and it's safe because we validated previously # shellcheck disable=SC2086 - ${cmd} ${ROCKETCHAT_COMPOSE_FILES} "$@" + ${RUNNER_CMD} ${ROCKETCHAT_COMPOSE_FILES} "$@" } +# Run this before anything to setup vairables +get_runner_config + for ((i = 1; i <= $#; )); do arg="${!i}" case "$arg" in From 992bddbd196dc5b0de2359a6ecd4f8b03b10bd41 Mon Sep 17 00:00:00 2001 From: gabriel petry <24570030+gabrielpetry@users.noreply.github.com> Date: Wed, 18 Feb 2026 14:27:54 -0300 Subject: [PATCH 4/5] more podman shennanigans --- run | 36 +++++++++++++++++++++++++++++------- 1 file changed, 29 insertions(+), 7 deletions(-) diff --git a/run b/run index 79f753d..5af8211 100644 --- a/run +++ b/run @@ -27,8 +27,12 @@ log:warn() { echo -e "${YELLOW}[WARN]${RESTORE} $(date +'%H:%M:%S') - ${*}" } -log:raise() { +log:error() { echo -e "${RED}[ERROR]${RESTORE} $(date +'%H:%M:%S') - ${*}" >&2 +} + +log:raise() { + log:error "$@" exit 1 } @@ -57,10 +61,10 @@ RUNNER_CMD="" get_runner_config() { export OVERRIDES_DIR export RUNNER_CMD - if type docker >/dev/null 2>&1; then + if type docker2 >/dev/null 2>&1; then RUNNER_CMD="docker compose" OVERRIDES_DIR="overrides/docker" - elif type podman >/dev/null 2>&1; then + elif type podman2 >/dev/null 2>&1; then if type podman-compose >/dev/null 2>&1; then RUNNER_CMD="podman-compose" else @@ -68,12 +72,30 @@ get_runner_config() { fi OVERRIDES_DIR="overrides/podman-rootful" - podman info --format '{{.Host.Security.Rootless}}' 2>/dev/null | grep -q "true" || + if podman info --format '{{.Host.Security.Rootless}}' 2>/dev/null | grep -q "true"; then OVERRIDES_DIR="overrides/podman-rootless" + systemctl --user is-active podman.socket || { + log:error "Rocket.Chat requires the Podman API socket (podman.socket) to be enabled for rootless operation." + log:error "To enable it, run the following command as your regular user:" + log:error " systemctl --user enable --now podman.socket" + log:error "If you have never started the user systemd instance, you may need to run:" + log:error " loginctl enable-linger $USER" + log:error "For more information, see: https://docs.podman.io/en/latest/markdown/podman-system-service.1.html" + log:raise "podman.socket is required for this Rocket.Chat setup." + } + + systemctl --user is-enabled podman.socket || { + log:error "podman.socket is active but not enabled, this will prevent it from starting when machine reboots." + log:error "Enable the service on boot with:" + log:error " systemctl --user enable --now podman.socket" + log:error "If you see issues, ensure your user session is active (try: loginctl enable-linger $USER)." + log:raise "podman.socket must be running for this Rocket.Chat setup." + } + fi + else - msg="No container runner found in \$PATH\n" - msg="$msg please check your docker or podman installations" - log:raise "$msg" + log:error "No container runner found in \$PATH" + log:raise " please check your docker or podman installations" fi } From b94e4b3f42fb2c1f8e62493e754fa069380d1897 Mon Sep 17 00:00:00 2001 From: gabriel petry <24570030+gabrielpetry@users.noreply.github.com> Date: Wed, 18 Feb 2026 14:54:18 -0300 Subject: [PATCH 5/5] fix --- run | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/run b/run index 5af8211..f5ad9e2 100644 --- a/run +++ b/run @@ -144,9 +144,6 @@ compose() { ${RUNNER_CMD} ${ROCKETCHAT_COMPOSE_FILES} "$@" } -# Run this before anything to setup vairables -get_runner_config - for ((i = 1; i <= $#; )); do arg="${!i}" case "$arg" in @@ -164,6 +161,9 @@ for ((i = 1; i <= $#; )); do ;; compose) shift + # Run this before anything to setup vairables + get_runner_config + compose "$@" shift "$#" # clear all args ;;