feat: Phase 4 Lab 06 -- Production Deployment (restart policy, resource limits, workers)

Author: RedjiJB

.github/workflows/ci.yml

@@ -272,4 +272,60 @@ run: bash tests/labs/test-lab-15-01.sh
 
       - name: Cleanup
         if: always()
-        run: docker compose -f docker/docker-compose.integration.yml down -v
+        run: docker compose -f docker/docker-compose.integration.yml down -v
+
+  lab-06-smoke:
+    name: Lab 15-06 -- Taiga Production Deployment (restart policy, resource limits, Celery events worker)
+    runs-on: ubuntu-latest
+    needs: validate
+    continue-on-error: true
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install tools
+        run: sudo apt-get install -y curl postgresql-client netcat-openbsd ldap-utils
+
+      - name: Validate production compose
+        run: docker compose -f docker/docker-compose.production.yml config -q && echo "Production compose valid"
+
+      - name: Start production stack
+        run: docker compose -f docker/docker-compose.production.yml up -d
+
+      - name: Wait for PostgreSQL
+        run: |
+          for i in $(seq 1 18); do
+            docker exec taiga-p06-db pg_isready -U taiga -d taiga > /dev/null 2>&1 && echo "DB ready" && break
+            echo "Waiting for DB... ($i/18)"; sleep 5
+          done
+
+      - name: Wait for Keycloak
+        run: |
+          for i in $(seq 1 24); do
+            curl -sf http://localhost:8560/realms/master | grep -q realm && echo "KC ready" && break
+            echo "Waiting for KC... ($i/24)"; sleep 5
+          done
+
+      - name: Wait for Mailhog
+        run: |
+          for i in $(seq 1 12); do
+            curl -sf http://localhost:8750/api/v2/messages > /dev/null && echo "MH ready" && break
+            echo "Waiting for MH... ($i/12)"; sleep 5
+          done
+
+      - name: Wait for Taiga frontend
+        run: |
+          for i in $(seq 1 24); do
+            curl -sf http://localhost:8460/ | grep -qi html && echo "Taiga ready" && break
+            echo "Waiting for Taiga... ($i/24)"; sleep 5
+          done
+
+      - name: Run Lab 15-06 test script
+        run: bash tests/labs/test-lab-15-06.sh --no-cleanup
+
+      - name: Collect logs on failure
+        if: failure()
+        run: docker compose -f docker/docker-compose.production.yml logs
+
+      - name: Cleanup
+        if: always()
+        run: docker compose -f docker/docker-compose.production.yml down -v

docker/docker-compose.production.yml

@@ -1,12 +1,318 @@
-# Lab 06 — Production: taiga HA-ready with monitoring and external volumes
----
+# =============================================================================
+# IT-Stack: Taiga — Lab 06: Production Deployment
+# Module 15 · Phase 4 · Lab 06
+# =============================================================================
+# Services: PostgreSQL · Redis · OpenLDAP · Keycloak · Mailhog
+#           Taiga Back · Taiga Front · Events Worker
+# Ports:    Front:8460  Back:8061  KC:8560  LDAP:3871  MH:8750
+# Credentials:
+#   DB:        taiga / TaigaProd06!
+#   Keycloak:  admin / Admin06!
+#   LDAP:      cn=admin,dc=lab,dc=local / LdapProd06!
+#   Taiga:     admin / AdminProd06!
+# Production features vs Lab 05:
+#   + restart: unless-stopped on ALL services
+#   + Resource limits AND reservations on every service
+#   + Dedicated events-worker container (async event processing)
+#   + Redis for async event queue + session cache
+#   + IT_STACK_ENV: production  IT_STACK_LAB: "06" labels
+#   + Healthcheck start_period on long-boot services
+# =============================================================================
+
+name: it-stack-taiga-lab06
+
 services:
-  taiga:
+
+  # ── PostgreSQL ────────────────────────────────────────────────────────────
+  taiga-p06-db:
+    image: postgres:15-alpine
+    container_name: taiga-p06-db
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: taiga
+      POSTGRES_USER: taiga
+      POSTGRES_PASSWORD: TaigaProd06!
+    volumes:
+      - taiga-p06-db-data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U taiga || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 20s
+    networks:
+      - taiga-p06-net
+    deploy:
+      resources:
+        limits:
+          cpus: "1.0"
+          memory: 512M
+        reservations:
+          cpus: "0.25"
+          memory: 128M
+
+  # ── Redis ───────────────────────────────────────────────────────────────────
+  taiga-p06-redis:
+    image: redis:7-alpine
+    container_name: taiga-p06-redis
+    restart: unless-stopped
+    command: redis-server --maxmemory 256mb --maxmemory-policy allkeys-lru
+    volumes:
+      - taiga-p06-redis-data:/data
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 3s
+      retries: 3
+    networks:
+      - taiga-p06-net
+    deploy:
+      resources:
+        limits:
+          cpus: "0.5"
+          memory: 320M
+        reservations:
+          cpus: "0.1"
+          memory: 64M
+
+  # ── OpenLDAP ───────────────────────────────────────────────────────────────
+  taiga-p06-ldap:
+    image: osixia/openldap:1.5.0
+    container_name: taiga-p06-ldap
+    restart: unless-stopped
+    environment:
+      LDAP_ORGANISATION: "IT-Stack Production"
+      LDAP_DOMAIN: lab.local
+      LDAP_ADMIN_PASSWORD: LdapProd06!
+      LDAP_CONFIG_PASSWORD: ConfigProd06!
+      LDAP_BASE_DN: dc=lab,dc=local
+      LDAP_READONLY_USER: "true"
+      LDAP_READONLY_USER_USERNAME: readonly
+      LDAP_READONLY_USER_PASSWORD: ReadOnlyProd06!
+    ports:
+      - "3871:389"
+    volumes:
+      - taiga-p06-ldap-data:/var/lib/ldap
+      - taiga-p06-ldap-config:/etc/ldap/slapd.d
+    healthcheck:
+      test: ["CMD-SHELL", "ldapsearch -x -H ldap://localhost -b dc=lab,dc=local -D cn=admin,dc=lab,dc=local -w LdapProd06! cn=admin > /dev/null 2>&1 && echo ok"]
+      interval: 15s
+      timeout: 5s
+      retries: 5
+      start_period: 20s
+    networks:
+      - taiga-p06-net
+    deploy:
+      resources:
+        limits:
+          cpus: "0.5"
+          memory: 256M
+        reservations:
+          cpus: "0.1"
+          memory: 64M
+
+  # ── Keycloak ───────────────────────────────────────────────────────────────
+  taiga-p06-kc:
+    image: quay.io/keycloak/keycloak:24.0.3
+    container_name: taiga-p06-kc
+    restart: unless-stopped
+    command: start-dev
+    environment:
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: Admin06!
+      KC_HEALTH_ENABLED: "true"
+      KC_DB: dev-file
+      KC_HOSTNAME_STRICT: "false"
+      KC_HOSTNAME_STRICT_HTTPS: "false"
+      KC_HTTP_ENABLED: "true"
+    ports:
+      - "8560:8080"
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sf http://localhost:8080/realms/master || exit 1"]
+      interval: 15s
+      timeout: 5s
+      retries: 10
+      start_period: 60s
+    networks:
+      - taiga-p06-net
+    deploy:
+      resources:
+        limits:
+          cpus: "1.0"
+          memory: 768M
+        reservations:
+          cpus: "0.25"
+          memory: 256M
+
+  # ── Mailhog ────────────────────────────────────────────────────────────────
+  taiga-p06-mail:
+    image: mailhog/mailhog:latest
+    container_name: taiga-p06-mail
+    restart: unless-stopped
+    ports:
+      - "8750:8025"
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://localhost:8025/api/v2/messages || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+    networks:
+      - taiga-p06-net
+    deploy:
+      resources:
+        limits:
+          cpus: "0.25"
+          memory: 128M
+        reservations:
+          cpus: "0.05"
+          memory: 32M
+
+  # ── Taiga Back ────────────────────────────────────────────────────────────
+  taiga-p06-back:
+    image: taigaio/taiga-back:latest
+    container_name: taiga-p06-back
+    restart: unless-stopped
+    depends_on:
+      taiga-p06-db:
+        condition: service_healthy
+      taiga-p06-redis:
+        condition: service_healthy
+      taiga-p06-ldap:
+        condition: service_healthy
+      taiga-p06-kc:
+        condition: service_healthy
+    ports:
+      - "8061:8000"
+    environment:
+      IT_STACK_ENV: production
+      IT_STACK_MODULE: taiga
+      IT_STACK_LAB: "06"
+      DJANGO_SECRET_KEY: taiga-prod-secret-key-06-change-in-prod
+      POSTGRES_DB: taiga
+      POSTGRES_USER: taiga
+      POSTGRES_PASSWORD: TaigaProd06!
+      POSTGRES_HOST: taiga-p06-db
+      REDIS_URL: redis://taiga-p06-redis:6379
+      TAIGA_SECRET_KEY: taiga-prod-secret-key-06
+      TAIGA_DEBUG: "False"
+      TAIGA_SITES_DOMAIN: localhost
+      TAIGA_SITES_SCHEME: http
+      DEFAULT_FROM_EMAIL: taiga@lab.local
+      EMAIL_BACKEND: django.core.mail.backends.smtp.EmailBackend
+      EMAIL_HOST: taiga-p06-mail
+      EMAIL_PORT: "1025"
+      CELERY_BROKER_URL: redis://taiga-p06-redis:6379
+      CELERY_RESULT_BACKEND: redis://taiga-p06-redis:6379
+      KEYCLOAK_URL: http://taiga-p06-kc:8080
+      KEYCLOAK_REALM: it-stack
+      KEYCLOAK_CLIENT_ID: taiga
+      LDAP_SERVER: ldap://taiga-p06-ldap
+      LDAP_BASE_DN: dc=lab,dc=local
+      LDAP_BIND_DN: cn=admin,dc=lab,dc=local
+      LDAP_BIND_PASSWORD: LdapProd06!
+      MATTERMOST_URL: http://mattermost.lab.local:8065
+      MATTERMOST_CHANNEL: it-stack-projects
+      MATTERMOST_WEBHOOK_TOKEN: prod-mm-token-06
+    volumes:
+      - taiga-p06-back-data:/taiga-back/media
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sf http://localhost:8000/api/v1/ || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+      start_period: 120s
+    networks:
+      - taiga-p06-net
+    deploy:
+      resources:
+        limits:
+          cpus: "1.5"
+          memory: 1G
+        reservations:
+          cpus: "0.25"
+          memory: 256M
+
+  # ── Taiga Front ───────────────────────────────────────────────────────────
+  taiga-p06-front:
     image: taigaio/taiga-front:latest
-    container_name: it-stack-taiga
-    restart: always
+    container_name: taiga-p06-front
+    restart: unless-stopped
+    depends_on:
+      taiga-p06-back:
+        condition: service_healthy
     ports:
-      - "80:$firstPort"
+      - "8460:80"
+    environment:
+      IT_STACK_ENV: production
+      IT_STACK_MODULE: taiga
+      IT_STACK_LAB: "06"
+      TAIGA_URL: http://localhost:8460
+      TAIGA_WEBSOCKETS_URL: ws://localhost:8061
+      TAIGA_SUBPATH: ""
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sf http://localhost:80/ || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+      start_period: 30s
+    networks:
+      - taiga-p06-net
+    deploy:
+      resources:
+        limits:
+          cpus: "0.5"
+          memory: 256M
+        reservations:
+          cpus: "0.1"
+          memory: 64M
+
+  # ── Taiga Events Worker (Celery async task processor) ────────────────────
+  taiga-p06-events:
+    image: taigaio/taiga-back:latest
+    container_name: taiga-p06-events
+    restart: unless-stopped
+    command: ["python", "-m", "celery", "-A", "taiga.celery", "worker", "--loglevel=info", "-c", "2"]
+    depends_on:
+      taiga-p06-back:
+        condition: service_healthy
+    environment:
+      IT_STACK_ENV: production
+      IT_STACK_MODULE: taiga
+      IT_STACK_LAB: "06"
+      DJANGO_SECRET_KEY: taiga-prod-secret-key-06-change-in-prod
+      POSTGRES_DB: taiga
+      POSTGRES_USER: taiga
+      POSTGRES_PASSWORD: TaigaProd06!
+      POSTGRES_HOST: taiga-p06-db
+      REDIS_URL: redis://taiga-p06-redis:6379
+      CELERY_BROKER_URL: redis://taiga-p06-redis:6379
+      CELERY_RESULT_BACKEND: redis://taiga-p06-redis:6379
+    volumes:
+      - taiga-p06-back-data:/taiga-back/media
+    networks:
+      - taiga-p06-net
+    deploy:
+      resources:
+        limits:
+          cpus: "0.5"
+          memory: 512M
+        reservations:
+          cpus: "0.1"
+          memory: 128M
+
+# ── Networks ───────────────────────────────────────────────────────────────────
+networks:
+  taiga-p06-net:
+    name: taiga-p06-net
+    driver: bridge
+
+# ── Volumes ────────────────────────────────────────────────────────────────────
+volumes:
+  taiga-p06-db-data:
+  taiga-p06-redis-data:
+  taiga-p06-ldap-data:
+  taiga-p06-ldap-config:
+  taiga-p06-back-data:
     environment:
       - IT_STACK_ENV=production
       - KEYCLOAK_URL=