X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=solution%2Fsmo%2Fcommon%2Fdocker-compose.yml;fp=solution%2Fsmo%2Fcommon%2Fdocker-compose.yml;h=0000000000000000000000000000000000000000;hb=23f10696c62bec8d7feb376fd7f1599983de1fa8;hp=4007619344a55a3e99cf7bd0d9f969c9b8ced0b1;hpb=a4c402d1a200767c39d0d1241ee229ae1673d29e;p=oam.git diff --git a/solution/smo/common/docker-compose.yml b/solution/smo/common/docker-compose.yml deleted file mode 100755 index 4007619..0000000 --- a/solution/smo/common/docker-compose.yml +++ /dev/null @@ -1,270 +0,0 @@ -################################################################################ -# Copyright 2023 highstreet technologies GmbH -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# no more versions needed! Compose spec supports all features w/o a version -services: - - gateway: - image: ${TRAEFIK_IMAGE} - container_name: gateway - hostname: gateway - healthcheck: - test: - - CMD - - traefik - - healthcheck - - --ping - interval: 10s - timeout: 5s - retries: 3 - restart: always - ports: - - 80:80 - - 443:443 - - 4334:4334 - - 4335:4335 - command: - - --serverstransport.insecureskipverify=true - - --log.level=${TRAEFIK_LOG_LEVEL} - - --global.sendanonymoususage=false - - --global.checkNewVersion=false - - --api.insecure=true - - --api.dashboard=true - - --api.debug=true - - --ping - - --accesslog=false - - --entrypoints.web.address=:80 - - --entrypoints.web.http.redirections.entrypoint.to=websecure - - --entrypoints.web.http.redirections.entrypoint.scheme=https - - --entrypoints.websecure.address=:443 - - --entrypoints.websecure.http.tls.domains[0].main=gateway.${SOLUTION_DOMAIN} - - --entrypoints.websecure.http.tls.domains[0].sans=*.${SOLUTION_DOMAIN} - - --entrypoints.ssh-netconf-callhome.address=:4334 - - --entrypoints.tls-netconf-callhome.address=:4335 - - --providers.docker.endpoint=unix:///var/run/docker.sock - - --providers.docker.network=${TRAEFIK_NETWORK_NAME} - - --providers.docker.exposedByDefault=false - - --providers.docker.watch=true - - --providers.file.filename=/middleware.yml - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - - ./gateway/conf/middleware.yml:/middleware.yml:ro - - ./gateway/conf/.htpasswd:/.htpasswd:ro - labels: - traefik.enable: true - traefik.http.middlewares.traefik-auth.basicauth.usersfile: .htpasswd - traefik.http.routers.gateway.rule: Host(`gateway.${SOLUTION_DOMAIN}`) - traefik.http.routers.gateway.entrypoints: websecure - traefik.http.routers.gateway.service: api@internal - traefik.http.routers.gateway.middlewares: strip - traefik.http.middlewares.strip.stripprefix.prefixes: /traefik - traefik.http.routers.gateway.tls: true - traefik.http.services.gateway.loadbalancer.server.port: 8080 - networks: - dmz: - dcn: - - identitydb: - image: ${IDENTITYDB_IMAGE} - container_name: identitydb - hostname: identitydb - environment: - - ALLOW_EMPTY_PASSWORD=no - - POSTGRESQL_USERNAME=keycloak - - POSTGRESQL_DATABASE=keycloak - - POSTGRESQL_PASSWORD=keycloak - - identity: - image: ${IDENTITY_IMAGE} - container_name: identity - hostname: identity - environment: - - KEYCLOAK_CREATE_ADMIN_USER=true - - KEYCLOAK_ADMIN_USER=${ADMIN_USERNAME} - - KEYCLOAK_ADMIN_PASSWORD=${ADMIN_PASSWORD} - - KEYCLOAK_MANAGEMENT_USER=${IDENTITY_MGMT_USERNAME} - - KEYCLOAK_MANAGEMENT_PASSWORD=${IDENTITY_MGMT_PASSWORD} - - KEYCLOAK_DATABASE_HOST=identitydb - - KEYCLOAK_DATABASE_NAME=keycloak - - KEYCLOAK_DATABASE_USER=keycloak - - KEYCLOAK_DATABASE_PASSWORD=keycloak - - KEYCLOAK_JDBC_PARAMS=sslmode=disable&connectTimeout=30000 - - KEYCLOAK_PRODUCTION=false - - KEYCLOAK_ENABLE_TLS=true - - KEYCLOAK_TLS_KEYSTORE_FILE=/opt/bitnami/keycloak/certs/keystore.jks - - KEYCLOAK_TLS_TRUSTSTORE_FILE=/opt/bitnami/keycloak/certs/truststore.jks - - KEYCLOAK_TLS_KEYSTORE_PASSWORD=password - - KEYCLOAK_TLS_TRUSTSTORE_PASSWORD=changeit - restart: unless-stopped - volumes: - - /etc/localtime:/etc/localtime:ro - - ./identity/standalone.xml:/opt/jboss/keycloak/standalone/configuration/standalone.xml - - ./identity/keystore.jks:/opt/bitnami/keycloak/certs/keystore.jks - - ./identity/truststoreONAPall.jks:/opt/bitnami/keycloak/certs/truststore.jks - labels: - traefik.enable: true - traefik.http.routers.identity.entrypoints: websecure - traefik.http.routers.identity.rule: Host(`identity.${SOLUTION_DOMAIN}`) - traefik.http.routers.identity.tls: true - traefik.http.services.identity.loadbalancer.server.port: 8080 - depends_on: - identitydb: - condition: service_started - gateway: - condition: service_healthy - networks: - dmz: - default: - - persistence: - image: ${PERSISTENCE_IMAGE} - container_name: persistence - environment: - - discovery.type=single-node - - zookeeper: - image: ${ZOOKEEPER_IMAGE} - container_name: zookeeper - environment: - ZOOKEEPER_REPLICAS: 1 - ZOOKEEPER_TICK_TIME: 2000 - ZOOKEEPER_SYNC_LIMIT: 5 - ZOOKEEPER_INIT_LIMIT: 10 - ZOOKEEPER_MAX_CLIENT_CNXNS: 200 - ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT: 3 - ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL: 24 - ZOOKEEPER_CLIENT_PORT: 2181 - KAFKA_OPTS: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl - ZOOKEEPER_SERVER_ID: - volumes: - - ./zookeeper/zk_server_jaas.conf:/etc/zookeeper/secrets/jaas/zk_server_jaas.conf - - kafka: - image: ${KAFKA_IMAGE} - container_name: kafka - environment: - enableCadi: 'false' - KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 - KAFKA_ZOOKEEPER_CONNECTION_TIMEOUT_MS: 40000 - KAFKA_ZOOKEEPER_SESSION_TIMEOUT_MS: 40000 - KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT - KAFKA_ADVERTISED_LISTENERS: INTERNAL_PLAINTEXT://kafka:9092 - KAFKA_LISTENERS: INTERNAL_PLAINTEXT://0.0.0.0:9092 - KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL_PLAINTEXT - KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE: 'false' - KAFKA_OPTS: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf - KAFKA_ZOOKEEPER_SET_ACL: 'true' - KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1 - # Reduced the number of partitions only to avoid the timeout error for the first subscribe call in slow environment - KAFKA_OFFSETS_TOPIC_NUM_PARTITIONS: 1 - volumes: - - ./kafka/zk_client_jaas.conf:/etc/kafka/secrets/jaas/zk_client_jaas.conf - depends_on: - zookeeper: - condition: service_started - - kafka-bridge: - image: ${KAFKA_BRIDGE_IMAGE} - container_name: kafka-bridge - hostname: kafka-bridge - entrypoint: /opt/strimzi/bin/kafka_bridge_run.sh - command: --config-file=config/application.properties - healthcheck: - test: curl http://localhost:8080/healthy || exit 1 - interval: 5s - timeout: 5s - retries: 5 - labels: - traefik.enable: true - traefik.http.routers.kafka-bridge.entrypoints: websecure - traefik.http.routers.kafka-bridge.rule: Host(`kafka-bridge.${SOLUTION_DOMAIN}`) - traefik.http.routers.kafka-bridge.tls: true - traefik.http.services.kafka-bridge.loadbalancer.server.port: 8080 - volumes: - - ./kafka-bridge:/opt/strimzi/config - depends_on: - kafka: - condition: service_started - gateway: - condition: service_healthy - networks: - dmz: - default: - - topology: - image: "${O_RAN_SC_TOPOLOGY_IMAGE}" - container_name: topology - hostname: topology - healthcheck: - test: curl -u ${ADMIN_USERNAME}:${ADMIN_USERNAME} http://localhost:8181 || exit 1 - start_period: 30s - interval: 10s - timeout: 5s - retries: 5 - volumes: - - ./topology/tapi-common-operational.json:/opt/dev/deploy/data/tapi-common-operational.json - - ./topology/tapi-common-running.json:/opt/dev/deploy/data/tapi-common-running.json - labels: - traefik.enable: true - traefik.http.routers.topology.entrypoints: websecure - traefik.http.routers.topology.rule: Host(`topology.${SOLUTION_DOMAIN}`) - traefik.http.routers.topology.tls: true - traefik.http.services.topology.loadbalancer.server.port: 8181 - networks: - dmz: - default: - - messages: - image: ${DMAAP_IMAGE} - container_name: messages - hostname: messages - environment: - enableCadi: 'false' - volumes: - - ./messages/MsgRtrApi.properties:/appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties - - ./messages/logback.xml:/appl/dmaapMR1/bundleconfig/etc/logback.xml - - ./messages/cadi.properties:/appl/dmaapMR1/etc/cadi.properties - labels: - traefik.enable: true - traefik.http.routers.messages.entrypoints: websecure - traefik.http.routers.messages.rule: Host(`messages.${SOLUTION_DOMAIN}`) - traefik.http.routers.messages.tls: true - traefik.http.services.messages.loadbalancer.server.port: 3904 - depends_on: - kafka: - condition: service_started - gateway: - condition: service_healthy - networks: - dmz: - default: - -networks: - dmz: - name: dmz - driver: bridge - enable_ipv6: false - default: - name: smo - driver: bridge - enable_ipv6: false - dcn: - driver: bridge - name: dcn - enable_ipv6: true - ipam: - driver: default - config: - - subnet: ${NETWORK_SUBNET_DCN_IPv6}