X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=solution%2Fsmo%2Fcommon%2Fdocker-compose.yaml;fp=solution%2Fsmo%2Fcommon%2Fdocker-compose.yaml;h=ebfac8b0075c969958edc760883bc66a6369b0c6;hb=23f10696c62bec8d7feb376fd7f1599983de1fa8;hp=0000000000000000000000000000000000000000;hpb=a4c402d1a200767c39d0d1241ee229ae1673d29e;p=oam.git diff --git a/solution/smo/common/docker-compose.yaml b/solution/smo/common/docker-compose.yaml new file mode 100755 index 0000000..ebfac8b --- /dev/null +++ b/solution/smo/common/docker-compose.yaml @@ -0,0 +1,270 @@ +################################################################################ +# Copyright 2023 highstreet technologies GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# no more versions needed! Compose spec supports all features w/o a version +services: + + gateway: + image: ${TRAEFIK_IMAGE} + container_name: gateway + hostname: gateway + healthcheck: + test: + - CMD + - traefik + - healthcheck + - --ping + interval: 10s + timeout: 5s + retries: 3 + restart: always + ports: + - 80:80 + - 443:443 + - 4334:4334 + - 4335:4335 + command: + - --serverstransport.insecureskipverify=true + - --log.level=${TRAEFIK_LOG_LEVEL} + - --global.sendanonymoususage=false + - --global.checkNewVersion=false + - --api.insecure=true + - --api.dashboard=true + - --api.debug=true + - --ping + - --accesslog=false + - --entrypoints.web.address=:80 + - --entrypoints.web.http.redirections.entrypoint.to=websecure + - --entrypoints.web.http.redirections.entrypoint.scheme=https + - --entrypoints.websecure.address=:443 + - --entrypoints.websecure.http.tls.domains[0].main=gateway.${SOLUTION_DOMAIN} + - --entrypoints.websecure.http.tls.domains[0].sans=*.${SOLUTION_DOMAIN} + - --entrypoints.ssh-netconf-callhome.address=:4334 + - --entrypoints.tls-netconf-callhome.address=:4335 + - --providers.docker.endpoint=unix:///var/run/docker.sock + - --providers.docker.network=${TRAEFIK_NETWORK_NAME} + - --providers.docker.exposedByDefault=false + - --providers.docker.watch=true + - --providers.file.filename=/middleware.yaml + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./gateway/conf/middleware.yaml:/middleware.yaml:ro + - ./gateway/conf/.htpasswd:/.htpasswd:ro + labels: + traefik.enable: true + traefik.http.middlewares.traefik-auth.basicauth.usersfile: .htpasswd + traefik.http.routers.gateway.rule: Host(`gateway.${SOLUTION_DOMAIN}`) + traefik.http.routers.gateway.entrypoints: websecure + traefik.http.routers.gateway.service: api@internal + traefik.http.routers.gateway.middlewares: strip + traefik.http.middlewares.strip.stripprefix.prefixes: /traefik + traefik.http.routers.gateway.tls: true + traefik.http.services.gateway.loadbalancer.server.port: 8080 + networks: + dmz: + dcn: + + identitydb: + image: ${IDENTITYDB_IMAGE} + container_name: identitydb + hostname: identitydb + environment: + - ALLOW_EMPTY_PASSWORD=no + - POSTGRESQL_USERNAME=keycloak + - POSTGRESQL_DATABASE=keycloak + - POSTGRESQL_PASSWORD=keycloak + + identity: + image: ${IDENTITY_IMAGE} + container_name: identity + hostname: identity + environment: + - KEYCLOAK_CREATE_ADMIN_USER=true + - KEYCLOAK_ADMIN_USER=${ADMIN_USERNAME} + - KEYCLOAK_ADMIN_PASSWORD=${ADMIN_PASSWORD} + - KEYCLOAK_MANAGEMENT_USER=${IDENTITY_MGMT_USERNAME} + - KEYCLOAK_MANAGEMENT_PASSWORD=${IDENTITY_MGMT_PASSWORD} + - KEYCLOAK_DATABASE_HOST=identitydb + - KEYCLOAK_DATABASE_NAME=keycloak + - KEYCLOAK_DATABASE_USER=keycloak + - KEYCLOAK_DATABASE_PASSWORD=keycloak + - KEYCLOAK_JDBC_PARAMS=sslmode=disable&connectTimeout=30000 + - KEYCLOAK_PRODUCTION=false + - KEYCLOAK_ENABLE_TLS=true + - KEYCLOAK_TLS_KEYSTORE_FILE=/opt/bitnami/keycloak/certs/keystore.jks + - KEYCLOAK_TLS_TRUSTSTORE_FILE=/opt/bitnami/keycloak/certs/truststore.jks + - KEYCLOAK_TLS_KEYSTORE_PASSWORD=password + - KEYCLOAK_TLS_TRUSTSTORE_PASSWORD=changeit + restart: unless-stopped + volumes: + - /etc/localtime:/etc/localtime:ro + - ./identity/standalone.xml:/opt/jboss/keycloak/standalone/configuration/standalone.xml + - ./identity/keystore.jks:/opt/bitnami/keycloak/certs/keystore.jks + - ./identity/truststoreONAPall.jks:/opt/bitnami/keycloak/certs/truststore.jks + labels: + traefik.enable: true + traefik.http.routers.identity.entrypoints: websecure + traefik.http.routers.identity.rule: Host(`identity.${SOLUTION_DOMAIN}`) + traefik.http.routers.identity.tls: true + traefik.http.services.identity.loadbalancer.server.port: 8080 + depends_on: + identitydb: + condition: service_started + gateway: + condition: service_healthy + networks: + dmz: + default: + + persistence: + image: ${PERSISTENCE_IMAGE} + container_name: persistence + environment: + - discovery.type=single-node + + zookeeper: + image: ${ZOOKEEPER_IMAGE} + container_name: zookeeper + environment: + ZOOKEEPER_REPLICAS: 1 + ZOOKEEPER_TICK_TIME: 2000 + ZOOKEEPER_SYNC_LIMIT: 5 + ZOOKEEPER_INIT_LIMIT: 10 + ZOOKEEPER_MAX_CLIENT_CNXNS: 200 + ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT: 3 + ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL: 24 + ZOOKEEPER_CLIENT_PORT: 2181 + KAFKA_OPTS: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl + ZOOKEEPER_SERVER_ID: + volumes: + - ./zookeeper/zk_server_jaas.conf:/etc/zookeeper/secrets/jaas/zk_server_jaas.conf + + kafka: + image: ${KAFKA_IMAGE} + container_name: kafka + environment: + enableCadi: 'false' + KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 + KAFKA_ZOOKEEPER_CONNECTION_TIMEOUT_MS: 40000 + KAFKA_ZOOKEEPER_SESSION_TIMEOUT_MS: 40000 + KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT + KAFKA_ADVERTISED_LISTENERS: INTERNAL_PLAINTEXT://kafka:9092 + KAFKA_LISTENERS: INTERNAL_PLAINTEXT://0.0.0.0:9092 + KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL_PLAINTEXT + KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE: 'false' + KAFKA_OPTS: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf + KAFKA_ZOOKEEPER_SET_ACL: 'true' + KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1 + # Reduced the number of partitions only to avoid the timeout error for the first subscribe call in slow environment + KAFKA_OFFSETS_TOPIC_NUM_PARTITIONS: 1 + volumes: + - ./kafka/zk_client_jaas.conf:/etc/kafka/secrets/jaas/zk_client_jaas.conf + depends_on: + zookeeper: + condition: service_started + + kafka-bridge: + image: ${KAFKA_BRIDGE_IMAGE} + container_name: kafka-bridge + hostname: kafka-bridge + entrypoint: /opt/strimzi/bin/kafka_bridge_run.sh + command: --config-file=config/application.properties + healthcheck: + test: curl http://localhost:8080/healthy || exit 1 + interval: 5s + timeout: 5s + retries: 5 + labels: + traefik.enable: true + traefik.http.routers.kafka-bridge.entrypoints: websecure + traefik.http.routers.kafka-bridge.rule: Host(`kafka-bridge.${SOLUTION_DOMAIN}`) + traefik.http.routers.kafka-bridge.tls: true + traefik.http.services.kafka-bridge.loadbalancer.server.port: 8080 + volumes: + - ./kafka-bridge:/opt/strimzi/config + depends_on: + kafka: + condition: service_started + gateway: + condition: service_healthy + networks: + dmz: + default: + + topology: + image: "${O_RAN_SC_TOPOLOGY_IMAGE}" + container_name: topology + hostname: topology + healthcheck: + test: curl -u ${ADMIN_USERNAME}:${ADMIN_USERNAME} http://localhost:8181 || exit 1 + start_period: 30s + interval: 10s + timeout: 5s + retries: 5 + volumes: + - ./topology/tapi-common-operational.json:/opt/dev/deploy/data/tapi-common-operational.json + - ./topology/tapi-common-running.json:/opt/dev/deploy/data/tapi-common-running.json + labels: + traefik.enable: true + traefik.http.routers.topology.entrypoints: websecure + traefik.http.routers.topology.rule: Host(`topology.${SOLUTION_DOMAIN}`) + traefik.http.routers.topology.tls: true + traefik.http.services.topology.loadbalancer.server.port: 8181 + networks: + dmz: + default: + + messages: + image: ${DMAAP_IMAGE} + container_name: messages + hostname: messages + environment: + enableCadi: 'false' + volumes: + - ./messages/MsgRtrApi.properties:/appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties + - ./messages/logback.xml:/appl/dmaapMR1/bundleconfig/etc/logback.xml + - ./messages/cadi.properties:/appl/dmaapMR1/etc/cadi.properties + labels: + traefik.enable: true + traefik.http.routers.messages.entrypoints: websecure + traefik.http.routers.messages.rule: Host(`messages.${SOLUTION_DOMAIN}`) + traefik.http.routers.messages.tls: true + traefik.http.services.messages.loadbalancer.server.port: 3904 + depends_on: + kafka: + condition: service_started + gateway: + condition: service_healthy + networks: + dmz: + default: + +networks: + dmz: + name: dmz + driver: bridge + enable_ipv6: false + default: + name: smo + driver: bridge + enable_ipv6: false + dcn: + driver: bridge + name: dcn + enable_ipv6: true + ipam: + driver: default + config: + - subnet: ${NETWORK_SUBNET_DCN_IPv6}