solution/operation-and-maintenance/smo/common/docker-compose.yml

   1 ################################################################################
   2 # Copyright 2022 highstreet technologies GmbH
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #     http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15 #
  16 version: '3.8'
  17 services:
  18
  19   identity:
  20     image: ${IDENTITY_IMAGE}
  21     container_name: identity
  22     ports:
  23       - ${IDENTITY_PORT_HTTPS}:${IDENTITY_PORT_HTTPS}
  24     environment:
  25       - KEYCLOAK_HTTPS_PORT=${IDENTITY_PORT_HTTPS}
  26       - KEYCLOAK_CREATE_ADMIN_USER=true
  27       - KEYCLOAK_ADMIN_USER=${ADMIN_USERNAME}
  28       - KEYCLOAK_ADMIN_PASSWORD=${ADMIN_PASSWORD}
  29       - KEYCLOAK_MANAGEMENT_USER=${IDENTITY_MGMT_USERNAME}
  30       - KEYCLOAK_MANAGEMENT_PASSWORD=${IDENTITY_MGMT_PASSWORD}
  31       - KEYCLOAK_DATABASE_HOST=identitydb
  32       - KEYCLOAK_DATABASE_NAME=keycloak
  33       - KEYCLOAK_DATABASE_USER=keycloak
  34       - KEYCLOAK_DATABASE_PASSWORD=keycloak
  35       - KEYCLOAK_JDBC_PARAMS=sslmode=disable&connectTimeout=30000
  36       - KEYCLOAK_PRODUCTION=false
  37       - KEYCLOAK_ENABLE_TLS=true
  38       - KEYCLOAK_TLS_KEYSTORE_FILE=/opt/bitnami/keycloak/certs/keystore.jks
  39       - KEYCLOAK_TLS_TRUSTSTORE_FILE=/opt/bitnami/keycloak/certs/truststore.jks
  40       - KEYCLOAK_TLS_KEYSTORE_PASSWORD=password
  41       - KEYCLOAK_TLS_TRUSTSTORE_PASSWORD=changeit
  42     volumes:
  43       - /etc/localtime:/etc/localtime:ro
  44       - ./identity/standalone.xml:/opt/jboss/keycloak/standalone/configuration/standalone.xml
  45       - ./identity/keystore.jks:/opt/bitnami/keycloak/certs/keystore.jks
  46       - ./identity/truststoreONAPall.jks:/opt/bitnami/keycloak/certs/truststore.jks
  47     depends_on:
  48       - identitydb
  49     networks:
  50       - dmz
  51
  52   identitydb:
  53     image: docker.io/bitnami/postgresql:13
  54     container_name: identitydb
  55     environment:
  56       - ALLOW_EMPTY_PASSWORD=no
  57       - POSTGRESQL_USERNAME=keycloak
  58       - POSTGRESQL_DATABASE=keycloak
  59       - POSTGRESQL_PASSWORD=keycloak
  60     networks:
  61       - dmz
  62
  63
  64   persistence:
  65     image: ${PERSISTENCE_IMAGE}
  66     container_name: persistence
  67     environment:
  68       - discovery.type=single-node
  69
  70   zookeeper:
  71     image: ${ZOOKEEPER_IMAGE}
  72     container_name: zookeeper
  73     ports:
  74       - 2181:2181
  75     environment:
  76       ZOOKEEPER_REPLICAS: 1
  77       ZOOKEEPER_TICK_TIME: 2000
  78       ZOOKEEPER_SYNC_LIMIT: 5
  79       ZOOKEEPER_INIT_LIMIT: 10
  80       ZOOKEEPER_MAX_CLIENT_CNXNS: 200
  81       ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT: 3
  82       ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL: 24
  83       ZOOKEEPER_CLIENT_PORT: 2181
  84       KAFKA_OPTS: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl
  85       ZOOKEEPER_SERVER_ID:
  86     volumes:
  87       -  ./zookeeper/zk_server_jaas.conf:/etc/zookeeper/secrets/jaas/zk_server_jaas.conf
  88
  89   kafka:
  90     image: ${KAFKA_IMAGE}
  91     container_name: kafka
  92     ports:
  93      - 9092:9092
  94     environment:
  95       enableCadi: 'false'
  96       KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
  97       KAFKA_ZOOKEEPER_CONNECTION_TIMEOUT_MS: 40000
  98       KAFKA_ZOOKEEPER_SESSION_TIMEOUT_MS: 40000
  99       KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT
 100       KAFKA_ADVERTISED_LISTENERS: INTERNAL_PLAINTEXT://kafka:9092
 101       KAFKA_LISTENERS: INTERNAL_PLAINTEXT://0.0.0.0:9092
 102       KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL_PLAINTEXT
 103       KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE: 'false'
 104       KAFKA_OPTS: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf
 105       KAFKA_ZOOKEEPER_SET_ACL: 'true'
 106       KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
 107       # Reduced the number of partitions only to avoid the timeout error for the first subscribe call in slow environment
 108       KAFKA_OFFSETS_TOPIC_NUM_PARTITIONS: 1
 109     volumes:
 110       -  ./kafka/zk_client_jaas.conf:/etc/kafka/secrets/jaas/zk_client_jaas.conf
 111     depends_on:
 112      - zookeeper
 113
 114   dmaap:
 115     container_name: onap-dmaap
 116     image: ${DMAAP_IMAGE}
 117     ports:
 118       - 3904:3904
 119       - 3905:3905
 120     environment:
 121       enableCadi: 'false'
 122     volumes:
 123       - ./dmaap/MsgRtrApi.properties:/appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties
 124       - ./dmaap/logback.xml:/appl/dmaapMR1/bundleconfig/etc/logback.xml
 125       - ./dmaap/cadi.properties:/appl/dmaapMR1/etc/cadi.properties
 126     depends_on:
 127       - zookeeper
 128       - kafka
 129
 130 networks:
 131   dmz:
 132     driver: bridge
 133     name: dmz
 134     enable_ipv6: false
 135   default:
 136     driver: bridge
 137     name: smo
 138     enable_ipv6: true
 139     ipam:
 140       driver: default
 141       config:
 142       - subnet:  ${NETWORK_SUBNET_SMO}
 143         gateway: ${NETWORK_GATEWAY_SMO}