X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=solution%2Fsmo%2Foam%2Fdocker-compose.yml;h=d6e943835b46258c0b07c40b6a9c7bf32ff956f0;hb=660fe5384e6f0652e8754e0f2365b4f5355a49c5;hp=2a4bd228ed2fb69a7584a3d9a72d81f6d261191d;hpb=59bc78bd64e2c121389c99e230af16efb532ef68;p=oam.git

diff --git a/solution/smo/oam/docker-compose.yml b/solution/smo/oam/docker-compose.yml
index 2a4bd22..d6e9438 100755
--- a/solution/smo/oam/docker-compose.yml
+++ b/solution/smo/oam/docker-compose.yml
@@ -1,3 +1,19 @@
+################################################################################
+# Copyright 2023 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 # no more versions needed! Compose spec supports all features w/o a version
 services:
 
@@ -6,12 +22,12 @@ services:
     container_name: odlux
     hostname: odlux
     environment:
-      - ENABLE_OAUTH=true
-      - WEBPROTOCOL=HTTP
-      - WEBPORT=${SDNC_WEB_PORT}
-      - SDNRPROTOCOL=http
-      - SDNRHOST=controller
-      - SDNRPORT=${SDNC_REST_PORT}
+      ENABLE_OAUTH: true
+      WEBPROTOCOL: HTTP
+      WEBPORT: ${SDNC_WEB_PORT}
+      SDNRPROTOCOL: http
+      SDNRHOST: controller
+      SDNRPORT: ${SDNC_REST_PORT}
     labels:
       traefik.enable: true
       traefik.http.routers.sdnc-web.entrypoints: websecure
@@ -22,6 +38,7 @@ services:
       controller:
         condition: service_healthy
     networks:
+      dmz:
       smo:
 
   controller:
@@ -29,59 +46,70 @@ services:
     container_name: controller
     hostname: controller
     extra_hosts:
-      - "identity.smo.o-ran-sc.org:${HOST_IP}"
+      - "controller.dcn.smo.o-ran-sc.org:${HOST_IP}"
     healthcheck:
-      test: wget -U ${ADMIN_USERNAME}:${ADMIN_PASSWORD} --no-verbose --tries=1 --spider http://localhost:${SDNC_REST_PORT}/ready || exit 1
+      test: wget --no-verbose --tries=1 --spider http://localhost:${SDNC_REST_PORT}/ready || exit 1
       start_period: 60s
       interval: 10s
       timeout: 5s
       retries: 5
-    ports:
-      - 4334:4334
-      - 4335:4335
     environment:
-      - ENABLE_ODL_CLUSTER=false
-      - ENABLE_OAUTH=true
-      - ODL_ADMIN_PASSWORD=${ADMIN_PASSWORD}
-      - SDNC_CONFIG_DIR=/opt/onap/ccsdk/data/properties
-      - SDNC_REPLICAS=0
-      - CCSDK_REPLICAS=0
-      - DOMAIN=""
-      - SDNRWT=true
-      - SDNRONLY=true
-      - SDNRINIT=true
-      - SDNRDM=true
-      - SDNRDBURL=http://persistence:9200
-      - SDNR_NETCONF_CALLHOME_ENABLED=true
-      - A1_ADAPTER_NORTHBOUND=false
-      - JAVA_OPTS=-Xms256m -Xmx4g
-      - IDENTITY_PROVIDER_URL=${IDENTITY_PROVIDER_URL}
-      - SDNC_WEB_URL=https://odlux.oam.${SOLUTION_DOMAIN}
-      - SDNR_VES_COLLECTOR_ENABLED=true
-      - SDNR_VES_COLLECTOR_TLS_ENABLED=false
-      - SDNR_VES_COLLECTOR_TRUST_ALL_CERTS=true
-      - SDNR_VES_COLLECTOR_IP=ves-collector
-      - SDNR_VES_COLLECTOR_PORT=$VES_ENDPOINT_PORT
-      - SDNR_VES_COLLECTOR_VERSION=v7
-      - SDNR_VES_COLLECTOR_REPORTING_ENTITY_NAME=ONAP SDN-R
-      - SDNR_VES_COLLECTOR_EVENTLOG_MSG_DETAIL=LONG
-      - SDNR_VES_COLLECTOR_USERNAME=${VES_ENDPOINT_USERNAME}
-      - SDNR_VES_COLLECTOR_PASSWORD=${VES_ENDPOINT_PASSWORD}
+      ENABLE_ODL_CLUSTER: false
+      ENABLE_OAUTH: true
+      ODL_CERT_DIR: ${SDNC_CERT_DIR}
+      ODL_ADMIN_PASSWORD: ${ADMIN_PASSWORD}
+      SDNC_CONFIG_DIR: /opt/onap/ccsdk/data/properties
+      SDNC_REPLICAS: 0
+      CCSDK_REPLICAS: 0
+      DOMAIN: ""
+      SDNRWT: true
+      SDNRONLY: true
+      SDNRINIT: true
+      SDNRDM: true
+      SDNRDBURL: http://persistence:9200
+      SDNR_NETCONF_CALLHOME_ENABLED: true
+      A1_ADAPTER_NORTHBOUND: false
+      JAVA_OPTS: -Xms256m -Xmx4g
+      IDENTITY_PROVIDER_URL: ${IDENTITY_PROVIDER_URL}
+      SDNC_WEB_URL: https://odlux.oam.${SOLUTION_DOMAIN}
+      SDNR_VES_COLLECTOR_ENABLED: true
+      SDNR_VES_COLLECTOR_TLS_ENABLED: false
+      SDNR_VES_COLLECTOR_TRUST_ALL_CERTS: true
+      SDNR_VES_COLLECTOR_IP: ves-collector
+      SDNR_VES_COLLECTOR_PORT: $VES_ENDPOINT_PORT
+      SDNR_VES_COLLECTOR_VERSION: v7
+      SDNR_VES_COLLECTOR_REPORTING_ENTITY_NAME: ONAP SDN-R
+      SDNR_VES_COLLECTOR_EVENTLOG_MSG_DETAIL: LONG
+      SDNR_VES_COLLECTOR_USERNAME: ${VES_ENDPOINT_USERNAME}
+      SDNR_VES_COLLECTOR_PASSWORD: ${VES_ENDPOINT_PASSWORD}
     volumes:
       - ./controller/oauth-aaa-app-config.xml:/opt/onap/sdnc/data/oauth-aaa-app-config.xml
       - ./controller/oauth-provider.config.json:/opt/opendaylight/etc/oauth-provider.config.json
       - ./controller/devicemanager.properties:/opt/opendaylight/etc/devicemanager.properties
       - ./controller/mountpoint-registrar.properties:/opt/opendaylight/etc/mountpoint-registrar.properties
+      - ./controller/certs/certs.properties:${SDNC_CERT_DIR}/certs.properties
+      - ./controller/certs/keys0.zip:${SDNC_CERT_DIR}/keys0.zip    
     labels:
       traefik.enable: true
       traefik.http.routers.controller.entrypoints: websecure
-      traefik.http.routers.controller.rule: Host(`controller.oam.${SOLUTION_DOMAIN}`)
+      traefik.http.routers.controller.rule: Host(`controller.dcn.${SOLUTION_DOMAIN}`)
       traefik.http.routers.controller.tls: true
       traefik.http.services.controller.loadbalancer.server.port: ${SDNC_REST_PORT}
+
+      traefik.tcp.routers.controller-ssh.entrypoints: ssh-netconf-callhome
+      traefik.tcp.routers.controller-ssh.rule: HostSNI(`*`)
+      traefik.tcp.routers.controller-ssh.tls: false
+      traefik.tcp.routers.controller-ssh.service: controller-ssh
+      traefik.tcp.services.controller-ssh.loadbalancer.server.port: 4334
+
+      traefik.tcp.routers.controller-tls.entrypoints: tls-netconf-callhome
+      traefik.tcp.routers.controller-tls.rule: HostSNI(`*`)
+      traefik.tcp.routers.controller-tls.tls: false
+      traefik.tcp.routers.controller-tls.service: controller-tls
+      traefik.tcp.services.controller-tls.loadbalancer.server.port: 4335
     networks:
       smo:
-      default:
-        ipv6_address: ${SDNC_OAM_IPv6}
+      dcn:
 
   ves-collector:
     image: ${VES_COLLECTOR_IMAGE}-configured
@@ -91,6 +119,14 @@ services:
         - BASEIMAGE=${VES_COLLECTOR_IMAGE}
     container_name: ves-collector
     hostname: ves-collector
+    extra_hosts:
+      - "ves-collector.dcn.${SOLUTION_DOMAIN}:${HOST_IP}"
+    healthcheck:
+      test: curl -k -u ${VES_ENDPOINT_USERNAME}:${VES_ENDPOINT_PASSWORD} ${VES_ENDPOINT_PROTOCOL}://localhost:${VES_ENDPOINT_PORT} || exit 1
+      start_period: 1s
+      interval: 5s
+      timeout: 4s
+      retries: 5
     environment:
       DMAAPHOST: messages
     volumes:
@@ -99,21 +135,17 @@ services:
     labels:
       traefik.enable: true
       traefik.http.routers.ves.entrypoints: websecure
-      traefik.http.routers.ves.rule: Host(`ves-collector.oam.${SOLUTION_DOMAIN}`)
+      traefik.http.routers.ves.rule: Host(`ves-collector.dcn.${SOLUTION_DOMAIN}`)
       traefik.http.routers.ves.tls: true
       traefik.http.services.ves.loadbalancer.server.port: ${VES_ENDPOINT_PORT}
     networks:
       smo:
+      dcn:
 
 networks:
+  dmz:
+    external: true
   smo:
     external: true
-  default:
-    driver: bridge
-    name: oam
-    enable_ipv6: true
-    ipam:
-      driver: default
-      config:
-      - subnet:  "${NETWORK_SUBNET_OAM_IPv6}"
-        gateway: "${NETWORK_GATEWAY_OAM_IPv6}"
+  dcn:
+    external: true