solution/smo/common/docker-compose.yml

   1 # no more versions needed! Compose spec supports all features w/o a version
   2 services:
   3
   4   gateway:
   5     image: ${TRAEFIK_IMAGE}
   6     container_name: gateway
   7     hostname: gateway
   8     healthcheck:
   9       test:
  10         - CMD
  11         - traefik
  12         - healthcheck
  13         - --ping
  14       interval: 10s
  15       timeout: 5s
  16       retries: 3
  17     restart: always
  18     ports:
  19       - 80:80
  20       - 443:443
  21     command:
  22       - --serverstransport.insecureskipverify=true
  23       - --log.level=${TRAEFIK_LOG_LEVEL}
  24       - --global.sendanonymoususage=false
  25       - --global.checkNewVersion=false
  26       - --api.insecure=true
  27       - --api.dashboard=true
  28       - --api.debug=true
  29       - --ping
  30       - --accesslog=false
  31       - --entrypoints.web.address=:80
  32       - --entrypoints.web.http.redirections.entrypoint.to=websecure
  33       - --entrypoints.web.http.redirections.entrypoint.scheme=https
  34       - --entrypoints.websecure.address=:443
  35       - --entrypoints.websecure.http.tls.domains[0].main=gateway.${SOLUTION_DOMAIN}
  36       - --entrypoints.websecure.http.tls.domains[0].sans=*.${SOLUTION_DOMAIN}
  37       - --providers.docker.endpoint=unix:///var/run/docker.sock
  38       - --providers.docker.network=${TRAEFIK_NETWORK_NAME}
  39       - --providers.docker.exposedByDefault=false
  40       - --providers.docker.watch=true
  41       - --providers.file.filename=/middleware.yml
  42     volumes:
  43       - /var/run/docker.sock:/var/run/docker.sock:ro
  44       - ./gateway/conf/middleware.yml:/middleware.yml:ro
  45       - ./gateway/conf/.htpasswd:/.htpasswd:ro
  46     labels:
  47       traefik.enable: true
  48       traefik.http.middlewares.traefik-auth.basicauth.usersfile: .htpasswd
  49       traefik.http.routers.gateway.rule: Host(`gateway.${SOLUTION_DOMAIN}`)
  50       traefik.http.routers.gateway.entrypoints: websecure
  51       traefik.http.routers.gateway.service: api@internal
  52       traefik.http.routers.gateway.middlewares: strip
  53       traefik.http.middlewares.strip.stripprefix.prefixes: /traefik
  54       traefik.http.routers.gateway.tls: true
  55       traefik.http.services.gateway.loadbalancer.server.port: 8080
  56     networks:
  57       - dmz
  58       - default
  59
  60   identitydb:
  61     image: ${IDENTITYDB_IMAGE}
  62     container_name: identitydb
  63     hostname: identitydb
  64     environment:
  65       - ALLOW_EMPTY_PASSWORD=no
  66       - POSTGRESQL_USERNAME=keycloak
  67       - POSTGRESQL_DATABASE=keycloak
  68       - POSTGRESQL_PASSWORD=keycloak
  69
  70   identity:
  71     image: ${IDENTITY_IMAGE}
  72     container_name: identity
  73     hostname: identity
  74     environment:
  75       - KEYCLOAK_CREATE_ADMIN_USER=true
  76       - KEYCLOAK_ADMIN_USER=${ADMIN_USERNAME}
  77       - KEYCLOAK_ADMIN_PASSWORD=${ADMIN_PASSWORD}
  78       - KEYCLOAK_MANAGEMENT_USER=${IDENTITY_MGMT_USERNAME}
  79       - KEYCLOAK_MANAGEMENT_PASSWORD=${IDENTITY_MGMT_PASSWORD}
  80       - KEYCLOAK_DATABASE_HOST=identitydb
  81       - KEYCLOAK_DATABASE_NAME=keycloak
  82       - KEYCLOAK_DATABASE_USER=keycloak
  83       - KEYCLOAK_DATABASE_PASSWORD=keycloak
  84       - KEYCLOAK_JDBC_PARAMS=sslmode=disable&connectTimeout=30000
  85       - KEYCLOAK_PRODUCTION=false
  86       - KEYCLOAK_ENABLE_TLS=true
  87       - KEYCLOAK_TLS_KEYSTORE_FILE=/opt/bitnami/keycloak/certs/keystore.jks
  88       - KEYCLOAK_TLS_TRUSTSTORE_FILE=/opt/bitnami/keycloak/certs/truststore.jks
  89       - KEYCLOAK_TLS_KEYSTORE_PASSWORD=password
  90       - KEYCLOAK_TLS_TRUSTSTORE_PASSWORD=changeit
  91     restart: unless-stopped
  92     volumes:
  93       - /etc/localtime:/etc/localtime:ro
  94       - ./identity/standalone.xml:/opt/jboss/keycloak/standalone/configuration/standalone.xml
  95       - ./identity/keystore.jks:/opt/bitnami/keycloak/certs/keystore.jks
  96       - ./identity/truststoreONAPall.jks:/opt/bitnami/keycloak/certs/truststore.jks
  97     labels:
  98       traefik.enable: true
  99       traefik.http.routers.identity.entrypoints: websecure
 100       traefik.http.routers.identity.rule: Host(`identity.${SOLUTION_DOMAIN}`)
 101       traefik.http.routers.identity.tls: true
 102       traefik.http.services.identity.loadbalancer.server.port: 8080
 103     depends_on:
 104       identitydb:
 105         condition: service_started
 106       gateway:
 107         condition: service_healthy
 108
 109   persistence:
 110     image: ${PERSISTENCE_IMAGE}
 111     container_name: persistence
 112     environment:
 113       - discovery.type=single-node
 114
 115   zookeeper:
 116     image: ${ZOOKEEPER_IMAGE}
 117     container_name: zookeeper
 118     # ports:
 119     # - 2181:2181
 120     environment:
 121       ZOOKEEPER_REPLICAS: 1
 122       ZOOKEEPER_TICK_TIME: 2000
 123       ZOOKEEPER_SYNC_LIMIT: 5
 124       ZOOKEEPER_INIT_LIMIT: 10
 125       ZOOKEEPER_MAX_CLIENT_CNXNS: 200
 126       ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT: 3
 127       ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL: 24
 128       ZOOKEEPER_CLIENT_PORT: 2181
 129       KAFKA_OPTS: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl
 130       ZOOKEEPER_SERVER_ID:
 131     volumes:
 132       - ./zookeeper/zk_server_jaas.conf:/etc/zookeeper/secrets/jaas/zk_server_jaas.conf
 133
 134   kafka:
 135     image: ${KAFKA_IMAGE}
 136     container_name: kafka
 137     environment:
 138       enableCadi: 'false'
 139       KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
 140       KAFKA_ZOOKEEPER_CONNECTION_TIMEOUT_MS: 40000
 141       KAFKA_ZOOKEEPER_SESSION_TIMEOUT_MS: 40000
 142       KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT
 143       KAFKA_ADVERTISED_LISTENERS: INTERNAL_PLAINTEXT://kafka:9092
 144       KAFKA_LISTENERS: INTERNAL_PLAINTEXT://0.0.0.0:9092
 145       KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL_PLAINTEXT
 146       KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE: 'false'
 147       KAFKA_OPTS: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf
 148       KAFKA_ZOOKEEPER_SET_ACL: 'true'
 149       KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
 150       # Reduced the number of partitions only to avoid the timeout error for the first subscribe call in slow environment
 151       KAFKA_OFFSETS_TOPIC_NUM_PARTITIONS: 1
 152     volumes:
 153       - ./kafka/zk_client_jaas.conf:/etc/kafka/secrets/jaas/zk_client_jaas.conf
 154     depends_on:
 155       zookeeper:
 156         condition: service_started
 157
 158   messages:
 159     image: ${DMAAP_IMAGE}
 160     container_name: messages
 161     hostname: messages
 162     environment:
 163       enableCadi: 'false'
 164     volumes:
 165       - ./messages/MsgRtrApi.properties:/appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties
 166       - ./messages/logback.xml:/appl/dmaapMR1/bundleconfig/etc/logback.xml
 167       - ./messages/cadi.properties:/appl/dmaapMR1/etc/cadi.properties
 168     labels:
 169       traefik.enable: true
 170       traefik.http.routers.messages.entrypoints: websecure
 171       traefik.http.routers.messages.rule: Host(`messages.${SOLUTION_DOMAIN}`)
 172       traefik.http.routers.messages.tls: true
 173       traefik.http.services.messages.loadbalancer.server.port: 3904
 174     depends_on:
 175       kafka:
 176         condition: service_started
 177       gateway:
 178         condition: service_healthy
 179
 180 networks:
 181   dmz:
 182     name: dmz
 183     driver: bridge
 184     enable_ipv6: false
 185     ipam:
 186       driver: default
 187       config:
 188         - subnet: ${TRAEFIK_SUBNET}
 189           gateway: ${TRAEFIK_GATEWAY_IP}
 190         - subnet: ${TRAEFIK_SUBNET_IPv6}
 191           gateway: ${TRAEFIK_GATEWAY_IPv6}
 192   default:
 193     name: ${TRAEFIK_NETWORK_NAME}