--- /dev/null
+################################################################################
+# Copyright 2023 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# no more versions needed! Compose spec supports all features w/o a version
+services:
+
+ gateway:
+ image: ${TRAEFIK_IMAGE}
+ container_name: gateway
+ hostname: gateway
+ healthcheck:
+ test:
+ - CMD
+ - traefik
+ - healthcheck
+ - --ping
+ interval: 10s
+ timeout: 5s
+ retries: 3
+ restart: always
+ ports:
+ - 80:80
+ - 443:443
+ - 4334:4334
+ - 4335:4335
+ command:
+ - --serverstransport.insecureskipverify=true
+ - --log.level=${TRAEFIK_LOG_LEVEL}
+ - --global.sendanonymoususage=false
+ - --global.checkNewVersion=false
+ - --api.insecure=true
+ - --api.dashboard=true
+ - --api.debug=true
+ - --ping
+ - --accesslog=false
+ - --entrypoints.web.address=:80
+ - --entrypoints.web.http.redirections.entrypoint.to=websecure
+ - --entrypoints.web.http.redirections.entrypoint.scheme=https
+ - --entrypoints.websecure.address=:443
+ - --entrypoints.websecure.http.tls.domains[0].main=gateway.${SOLUTION_DOMAIN}
+ - --entrypoints.websecure.http.tls.domains[0].sans=*.${SOLUTION_DOMAIN}
+ - --entrypoints.ssh-netconf-callhome.address=:4334
+ - --entrypoints.tls-netconf-callhome.address=:4335
+ - --providers.docker.endpoint=unix:///var/run/docker.sock
+ - --providers.docker.network=${TRAEFIK_NETWORK_NAME}
+ - --providers.docker.exposedByDefault=false
+ - --providers.docker.watch=true
+ - --providers.file.filename=/middleware.yaml
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock:ro
+ - ./gateway/conf/middleware.yaml:/middleware.yaml:ro
+ - ./gateway/conf/.htpasswd:/.htpasswd:ro
+ labels:
+ traefik.enable: true
+ traefik.http.middlewares.traefik-auth.basicauth.usersfile: .htpasswd
+ traefik.http.routers.gateway.rule: Host(`gateway.${SOLUTION_DOMAIN}`)
+ traefik.http.routers.gateway.entrypoints: websecure
+ traefik.http.routers.gateway.service: api@internal
+ traefik.http.routers.gateway.middlewares: strip
+ traefik.http.middlewares.strip.stripprefix.prefixes: /traefik
+ traefik.http.routers.gateway.tls: true
+ traefik.http.services.gateway.loadbalancer.server.port: 8080
+ networks:
+ dmz:
+ dcn:
+
+ identitydb:
+ image: ${IDENTITYDB_IMAGE}
+ container_name: identitydb
+ hostname: identitydb
+ environment:
+ - ALLOW_EMPTY_PASSWORD=no
+ - POSTGRESQL_USERNAME=keycloak
+ - POSTGRESQL_DATABASE=keycloak
+ - POSTGRESQL_PASSWORD=keycloak
+
+ identity:
+ image: ${IDENTITY_IMAGE}
+ container_name: identity
+ hostname: identity
+ environment:
+ - KEYCLOAK_CREATE_ADMIN_USER=true
+ - KEYCLOAK_ADMIN_USER=${ADMIN_USERNAME}
+ - KEYCLOAK_ADMIN_PASSWORD=${ADMIN_PASSWORD}
+ - KEYCLOAK_MANAGEMENT_USER=${IDENTITY_MGMT_USERNAME}
+ - KEYCLOAK_MANAGEMENT_PASSWORD=${IDENTITY_MGMT_PASSWORD}
+ - KEYCLOAK_DATABASE_HOST=identitydb
+ - KEYCLOAK_DATABASE_NAME=keycloak
+ - KEYCLOAK_DATABASE_USER=keycloak
+ - KEYCLOAK_DATABASE_PASSWORD=keycloak
+ - KEYCLOAK_JDBC_PARAMS=sslmode=disable&connectTimeout=30000
+ - KEYCLOAK_PRODUCTION=false
+ - KEYCLOAK_ENABLE_TLS=true
+ - KEYCLOAK_TLS_KEYSTORE_FILE=/opt/bitnami/keycloak/certs/keystore.jks
+ - KEYCLOAK_TLS_TRUSTSTORE_FILE=/opt/bitnami/keycloak/certs/truststore.jks
+ - KEYCLOAK_TLS_KEYSTORE_PASSWORD=password
+ - KEYCLOAK_TLS_TRUSTSTORE_PASSWORD=changeit
+ restart: unless-stopped
+ volumes:
+ - /etc/localtime:/etc/localtime:ro
+ - ./identity/standalone.xml:/opt/jboss/keycloak/standalone/configuration/standalone.xml
+ - ./identity/keystore.jks:/opt/bitnami/keycloak/certs/keystore.jks
+ - ./identity/truststoreONAPall.jks:/opt/bitnami/keycloak/certs/truststore.jks
+ labels:
+ traefik.enable: true
+ traefik.http.routers.identity.entrypoints: websecure
+ traefik.http.routers.identity.rule: Host(`identity.${SOLUTION_DOMAIN}`)
+ traefik.http.routers.identity.tls: true
+ traefik.http.services.identity.loadbalancer.server.port: 8080
+ depends_on:
+ identitydb:
+ condition: service_started
+ gateway:
+ condition: service_healthy
+ networks:
+ dmz:
+ default:
+
+ persistence:
+ image: ${PERSISTENCE_IMAGE}
+ container_name: persistence
+ environment:
+ - discovery.type=single-node
+
+ zookeeper:
+ image: ${ZOOKEEPER_IMAGE}
+ container_name: zookeeper
+ environment:
+ ZOOKEEPER_REPLICAS: 1
+ ZOOKEEPER_TICK_TIME: 2000
+ ZOOKEEPER_SYNC_LIMIT: 5
+ ZOOKEEPER_INIT_LIMIT: 10
+ ZOOKEEPER_MAX_CLIENT_CNXNS: 200
+ ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT: 3
+ ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL: 24
+ ZOOKEEPER_CLIENT_PORT: 2181
+ KAFKA_OPTS: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl
+ ZOOKEEPER_SERVER_ID:
+ volumes:
+ - ./zookeeper/zk_server_jaas.conf:/etc/zookeeper/secrets/jaas/zk_server_jaas.conf
+
+ kafka:
+ image: ${KAFKA_IMAGE}
+ container_name: kafka
+ environment:
+ enableCadi: 'false'
+ KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
+ KAFKA_ZOOKEEPER_CONNECTION_TIMEOUT_MS: 40000
+ KAFKA_ZOOKEEPER_SESSION_TIMEOUT_MS: 40000
+ KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT
+ KAFKA_ADVERTISED_LISTENERS: INTERNAL_PLAINTEXT://kafka:9092
+ KAFKA_LISTENERS: INTERNAL_PLAINTEXT://0.0.0.0:9092
+ KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL_PLAINTEXT
+ KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE: 'false'
+ KAFKA_OPTS: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf
+ KAFKA_ZOOKEEPER_SET_ACL: 'true'
+ KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
+ # Reduced the number of partitions only to avoid the timeout error for the first subscribe call in slow environment
+ KAFKA_OFFSETS_TOPIC_NUM_PARTITIONS: 1
+ volumes:
+ - ./kafka/zk_client_jaas.conf:/etc/kafka/secrets/jaas/zk_client_jaas.conf
+ depends_on:
+ zookeeper:
+ condition: service_started
+
+ kafka-bridge:
+ image: ${KAFKA_BRIDGE_IMAGE}
+ container_name: kafka-bridge
+ hostname: kafka-bridge
+ entrypoint: /opt/strimzi/bin/kafka_bridge_run.sh
+ command: --config-file=config/application.properties
+ healthcheck:
+ test: curl http://localhost:8080/healthy || exit 1
+ interval: 5s
+ timeout: 5s
+ retries: 5
+ labels:
+ traefik.enable: true
+ traefik.http.routers.kafka-bridge.entrypoints: websecure
+ traefik.http.routers.kafka-bridge.rule: Host(`kafka-bridge.${SOLUTION_DOMAIN}`)
+ traefik.http.routers.kafka-bridge.tls: true
+ traefik.http.services.kafka-bridge.loadbalancer.server.port: 8080
+ volumes:
+ - ./kafka-bridge:/opt/strimzi/config
+ depends_on:
+ kafka:
+ condition: service_started
+ gateway:
+ condition: service_healthy
+ networks:
+ dmz:
+ default:
+
+ topology:
+ image: "${O_RAN_SC_TOPOLOGY_IMAGE}"
+ container_name: topology
+ hostname: topology
+ healthcheck:
+ test: curl -u ${ADMIN_USERNAME}:${ADMIN_USERNAME} http://localhost:8181 || exit 1
+ start_period: 30s
+ interval: 10s
+ timeout: 5s
+ retries: 5
+ volumes:
+ - ./topology/tapi-common-operational.json:/opt/dev/deploy/data/tapi-common-operational.json
+ - ./topology/tapi-common-running.json:/opt/dev/deploy/data/tapi-common-running.json
+ labels:
+ traefik.enable: true
+ traefik.http.routers.topology.entrypoints: websecure
+ traefik.http.routers.topology.rule: Host(`topology.${SOLUTION_DOMAIN}`)
+ traefik.http.routers.topology.tls: true
+ traefik.http.services.topology.loadbalancer.server.port: 8181
+ networks:
+ dmz:
+ default:
+
+ messages:
+ image: ${DMAAP_IMAGE}
+ container_name: messages
+ hostname: messages
+ environment:
+ enableCadi: 'false'
+ volumes:
+ - ./messages/MsgRtrApi.properties:/appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties
+ - ./messages/logback.xml:/appl/dmaapMR1/bundleconfig/etc/logback.xml
+ - ./messages/cadi.properties:/appl/dmaapMR1/etc/cadi.properties
+ labels:
+ traefik.enable: true
+ traefik.http.routers.messages.entrypoints: websecure
+ traefik.http.routers.messages.rule: Host(`messages.${SOLUTION_DOMAIN}`)
+ traefik.http.routers.messages.tls: true
+ traefik.http.services.messages.loadbalancer.server.port: 3904
+ depends_on:
+ kafka:
+ condition: service_started
+ gateway:
+ condition: service_healthy
+ networks:
+ dmz:
+ default:
+
+networks:
+ dmz:
+ name: dmz
+ driver: bridge
+ enable_ipv6: false
+ default:
+ name: smo
+ driver: bridge
+ enable_ipv6: false
+ dcn:
+ driver: bridge
+ name: dcn
+ enable_ipv6: true
+ ipam:
+ driver: default
+ config:
+ - subnet: ${NETWORK_SUBNET_DCN_IPv6}