solution/smo/common/docker-compose.yaml

   1 ################################################################################
   2 # Copyright 2023 highstreet technologies GmbH
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #     http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15 #
  16 # no more versions needed! Compose spec supports all features w/o a version
  17 services:
  18
  19   gateway:
  20     image: ${TRAEFIK_IMAGE}
  21     container_name: gateway
  22     hostname: gateway
  23     healthcheck:
  24       test:
  25         - CMD
  26         - traefik
  27         - healthcheck
  28         - --ping
  29       interval: 10s
  30       timeout: 5s
  31       retries: 3
  32     restart: always
  33     ports:
  34       - 80:80
  35       - 443:443
  36       - 4334:4334
  37       - 4335:4335
  38     command:
  39       - --serverstransport.insecureskipverify=true
  40       - --log.level=${TRAEFIK_LOG_LEVEL}
  41       - --global.sendanonymoususage=false
  42       - --global.checkNewVersion=false
  43       - --api.insecure=true
  44       - --api.dashboard=true
  45       - --api.debug=true
  46       - --ping
  47       - --accesslog=false
  48       - --entrypoints.web.address=:80
  49       - --entrypoints.web.http.redirections.entrypoint.to=websecure
  50       - --entrypoints.web.http.redirections.entrypoint.scheme=https
  51       - --entrypoints.websecure.address=:443
  52       - --entrypoints.websecure.http.tls.domains[0].main=gateway.${HTTP_DOMAIN}
  53       - --entrypoints.websecure.http.tls.domains[0].sans=*.${HTTP_DOMAIN}
  54       - --entrypoints.ssh-netconf-callhome.address=:4334
  55       - --entrypoints.tls-netconf-callhome.address=:4335
  56       - --providers.docker.endpoint=unix:///var/run/docker.sock
  57       - --providers.docker.network=${TRAEFIK_NETWORK_NAME}
  58       - --providers.docker.exposedByDefault=false
  59       - --providers.docker.watch=true
  60       - --providers.file.filename=/middleware.yaml
  61     volumes:
  62       - /var/run/docker.sock:/var/run/docker.sock:ro
  63       - ./gateway/conf/middleware.yaml:/middleware.yaml:ro
  64       - ./gateway/conf/.htpasswd:/.htpasswd:ro
  65     labels:
  66       traefik.enable: true
  67       traefik.http.middlewares.traefik-auth.basicauth.usersfile: .htpasswd
  68       traefik.http.routers.gateway.rule: Host(`gateway.${HTTP_DOMAIN}`)
  69       traefik.http.routers.gateway.entrypoints: websecure
  70       traefik.http.routers.gateway.service: api@internal
  71       traefik.http.routers.gateway.middlewares: strip
  72       traefik.http.middlewares.strip.stripprefix.prefixes: /traefik
  73       traefik.http.routers.gateway.tls: true
  74       traefik.http.services.gateway.loadbalancer.server.port: 8080
  75     networks:
  76       dmz:
  77       dcn:
  78
  79   identitydb:
  80     image: ${IDENTITYDB_IMAGE}
  81     container_name: identitydb
  82     hostname: identitydb
  83     environment:
  84       - ALLOW_EMPTY_PASSWORD=no
  85       - POSTGRESQL_USERNAME=keycloak
  86       - POSTGRESQL_DATABASE=keycloak
  87       - POSTGRESQL_PASSWORD=keycloak
  88
  89   identity:
  90     image: ${IDENTITY_IMAGE}
  91     container_name: identity
  92     hostname: identity
  93     environment:
  94       - KEYCLOAK_CREATE_ADMIN_USER=true
  95       - KEYCLOAK_ADMIN_USER=${ADMIN_USERNAME}
  96       - KEYCLOAK_ADMIN_PASSWORD=${ADMIN_PASSWORD}
  97       - KEYCLOAK_MANAGEMENT_USER=${IDENTITY_MGMT_USERNAME}
  98       - KEYCLOAK_MANAGEMENT_PASSWORD=${IDENTITY_MGMT_PASSWORD}
  99       - KEYCLOAK_DATABASE_HOST=identitydb
 100       - KEYCLOAK_DATABASE_NAME=keycloak
 101       - KEYCLOAK_DATABASE_USER=keycloak
 102       - KEYCLOAK_DATABASE_PASSWORD=keycloak
 103       - KEYCLOAK_JDBC_PARAMS=sslmode=disable&connectTimeout=30000
 104       - KEYCLOAK_PRODUCTION=false
 105       - KEYCLOAK_ENABLE_TLS=true
 106       - KEYCLOAK_TLS_KEYSTORE_FILE=/opt/bitnami/keycloak/certs/keystore.jks
 107       - KEYCLOAK_TLS_TRUSTSTORE_FILE=/opt/bitnami/keycloak/certs/truststore.jks
 108       - KEYCLOAK_TLS_KEYSTORE_PASSWORD=password
 109       - KEYCLOAK_TLS_TRUSTSTORE_PASSWORD=changeit
 110     restart: unless-stopped
 111     volumes:
 112       - /etc/localtime:/etc/localtime:ro
 113       - ./identity/standalone.xml:/opt/jboss/keycloak/standalone/configuration/standalone.xml
 114       - ./identity/keystore.jks:/opt/bitnami/keycloak/certs/keystore.jks
 115       - ./identity/truststoreONAPall.jks:/opt/bitnami/keycloak/certs/truststore.jks
 116     labels:
 117       traefik.enable: true
 118       traefik.http.routers.identity.entrypoints: websecure
 119       traefik.http.routers.identity.rule: Host(`identity.${HTTP_DOMAIN}`)
 120       traefik.http.routers.identity.tls: true
 121       traefik.http.services.identity.loadbalancer.server.port: 8080
 122     depends_on:
 123       identitydb:
 124         condition: service_started
 125       gateway:
 126         condition: service_healthy
 127     networks:
 128       dmz:
 129       default:
 130
 131   persistence:
 132     image: ${PERSISTENCE_IMAGE}
 133     container_name: persistence
 134     environment:
 135       - discovery.type=single-node
 136
 137   zookeeper:
 138     image: ${ZOOKEEPER_IMAGE}
 139     container_name: zookeeper
 140     environment:
 141       ZOOKEEPER_REPLICAS: 1
 142       ZOOKEEPER_TICK_TIME: 2000
 143       ZOOKEEPER_SYNC_LIMIT: 5
 144       ZOOKEEPER_INIT_LIMIT: 10
 145       ZOOKEEPER_MAX_CLIENT_CNXNS: 200
 146       ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT: 3
 147       ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL: 24
 148       ZOOKEEPER_CLIENT_PORT: 2181
 149       KAFKA_OPTS: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl
 150       ZOOKEEPER_SERVER_ID:
 151     volumes:
 152       - ./zookeeper/zk_server_jaas.conf:/etc/zookeeper/secrets/jaas/zk_server_jaas.conf
 153
 154   kafka:
 155     image: ${KAFKA_IMAGE}
 156     container_name: kafka
 157     environment:
 158       enableCadi: 'false'
 159       KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
 160       KAFKA_ZOOKEEPER_CONNECTION_TIMEOUT_MS: 40000
 161       KAFKA_ZOOKEEPER_SESSION_TIMEOUT_MS: 40000
 162       KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT
 163       KAFKA_ADVERTISED_LISTENERS: INTERNAL_PLAINTEXT://kafka:9092
 164       KAFKA_LISTENERS: INTERNAL_PLAINTEXT://0.0.0.0:9092
 165       KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL_PLAINTEXT
 166       KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE: 'false'
 167       KAFKA_OPTS: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf
 168       KAFKA_ZOOKEEPER_SET_ACL: 'true'
 169       KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
 170       # Reduced the number of partitions only to avoid the timeout error for the first subscribe call in slow environment
 171       KAFKA_OFFSETS_TOPIC_NUM_PARTITIONS: 1
 172     volumes:
 173       - ./kafka/zk_client_jaas.conf:/etc/kafka/secrets/jaas/zk_client_jaas.conf
 174     depends_on:
 175       zookeeper:
 176         condition: service_started
 177
 178   kafka-bridge:
 179     image: ${KAFKA_BRIDGE_IMAGE}
 180     container_name: kafka-bridge
 181     hostname: kafka-bridge
 182     entrypoint: /opt/strimzi/bin/kafka_bridge_run.sh
 183     command: --config-file=config/application.properties
 184     healthcheck:
 185       test: curl http://localhost:8080/healthy || exit 1
 186       interval: 5s
 187       timeout: 5s
 188       retries: 5
 189     labels:
 190       traefik.enable: true
 191       traefik.http.routers.kafka-bridge.entrypoints: websecure
 192       traefik.http.routers.kafka-bridge.rule: Host(`kafka-bridge.${HTTP_DOMAIN}`)
 193       traefik.http.routers.kafka-bridge.tls: true
 194       traefik.http.services.kafka-bridge.loadbalancer.server.port: 8080
 195     volumes:
 196       - ./kafka-bridge:/opt/strimzi/config
 197     depends_on:
 198       kafka:
 199         condition: service_started
 200       gateway:
 201         condition: service_healthy
 202     networks:
 203       dmz:
 204       default:
 205
 206   topology:
 207     image: "${O_RAN_SC_TOPOLOGY_IMAGE}"
 208     container_name: topology
 209     hostname: topology
 210     healthcheck:
 211       test: curl -u ${ADMIN_USERNAME}:${ADMIN_USERNAME} http://localhost:8181 || exit 1
 212       start_period: 30s
 213       interval: 10s
 214       timeout: 5s
 215       retries: 5
 216     volumes:
 217         - ./topology/tapi-common-operational.json:/opt/dev/deploy/data/tapi-common-operational.json
 218         - ./topology/tapi-common-running.json:/opt/dev/deploy/data/tapi-common-running.json
 219     labels:
 220       traefik.enable: true
 221       traefik.http.routers.topology.entrypoints: websecure
 222       traefik.http.routers.topology.rule: Host(`topology.${HTTP_DOMAIN}`)
 223       traefik.http.routers.topology.tls: true
 224       traefik.http.services.topology.loadbalancer.server.port: 8181
 225     networks:
 226       dmz:
 227       default:
 228
 229   messages:
 230     image: ${DMAAP_IMAGE}
 231     container_name: messages
 232     hostname: messages
 233     environment:
 234       enableCadi: 'false'
 235     volumes:
 236       - ./messages/MsgRtrApi.properties:/appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties
 237       - ./messages/logback.xml:/appl/dmaapMR1/bundleconfig/etc/logback.xml
 238       - ./messages/cadi.properties:/appl/dmaapMR1/etc/cadi.properties
 239     labels:
 240       traefik.enable: true
 241       traefik.http.routers.messages.entrypoints: websecure
 242       traefik.http.routers.messages.rule: Host(`messages.${HTTP_DOMAIN}`)
 243       traefik.http.routers.messages.tls: true
 244       traefik.http.services.messages.loadbalancer.server.port: 3904
 245     depends_on:
 246       kafka:
 247         condition: service_started
 248       gateway:
 249         condition: service_healthy
 250     networks:
 251       dmz:
 252       default:
 253
 254 networks:
 255   dmz:
 256     name: dmz
 257     driver: bridge
 258     enable_ipv6: false
 259   default:
 260     name: smo
 261     driver: bridge
 262     enable_ipv6: false
 263   dcn:
 264     driver: bridge
 265     name: dcn
 266     enable_ipv6: true
 267     ipam:
 268       driver: default
 269       config:
 270       - subnet:  ${NETWORK_SUBNET_DCN_IPv6}