docker-compose.yml 13.2 KB
Newer Older
1 2 3 4 5
# - + - + - + - + - + - + - + - + - + - + - + - + - +
#             NAIADES IoT Platform and services     #
# - + - + - + - + - + - + - + - + - + - + - + - + - +


6 7 8 9 10 11 12 13 14 15
# - + - + - + - + - + - + - + - + - + - + - + - + - +
#                     Notes                         #
# - + - + - + - + - + - + - + - + - + - + - + - + - +

# ToDoS for PROD
# ==============
# - include let's encrypt in nginx
# - platform's FQDM ?
# - all services requests must pass through nginx
# - change secrets
16

17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33

#
#  Authored by UDGA in the context of NAIADES E.U. PROJECT
#
#  Received contributions from
#  ---------------------------
#  - ?
#
#  inspired by https://smartsdk.github.io/smartsdk-recipes/
#
#  PRODUCTION ToDOs
#  ----------------
#  - include let's encrypt in nginx
#  - platform's FQDM ?
#  - all services requests must pass through nginx
#
#
34
#
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
#  DEPLOYMENT NOTES:
#  -----------------
#
#  About Docker Volumes:
#  ---------------------
#
#  A data volume is a specially-designated directory within one or more containers that bypasses the Union File System.
#  Data volumes provide several useful features for persistent or shared data:
#
#    - Volumes are initialized when a container is created.
#    If the container’s base image contains data at the specified mount point,
#    that existing data is copied into the new volume upon volume
#    initialization.
#    (Note that this does not apply when mounting a host
#    directory.)
#
#    - Data volumes can be shared and reused among containers.
#
#    - Changes to a data volume are made directly.
#
#    - Changes to a data volume will not be included when you update an image.
#    Data volumes persist even if the container itself is deleted.
#
#  Into Dockerfile you can specify only destination of volume inside container. e.g. /usr/src/app.
#  You may but -not necessary needed- specify mounting point (/opt) in host machine.
#  Using the CLI that is `docker run --volume=/opt:/usr/src/app my_image`
#  If you not specify --volume argument then mount point will be chosen automatically
#

64

65 66
version: "3.5"
services:
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84

  # - + - + - + - + - + - + - + - + - + - + - + - + - +
  #                 Reverse-proxy                     #
  # - + - + - + - + - + - + - + - + - + - + - + - + - +

  # Reverse-proxy (entrypoint)
  nginx:
    image: nginx:latest
    container_name: nginx
    networks:
      default:
        ipv4_address: 172.18.1.250
    volumes:
      #- ${PWD}/nginx/error.log:/var/log/nginx/error.log:rw
      - ${PWD}/nginx/conf.d/:/etc/nginx/conf.d/
      - ${PWD}/nginx/cache/:/var/www/nginx/cache/
      - ${PWD}/nginx/logs/:/var/log/nginx/:rw
      - ${PWD}/nginx/nginx.conf:/etc/nginx/nginx.conf:rw
85 86
      - ${PWD}/nginx/htpasswd/:/etc/nginx/htpasswd/:rw
        #- /etc/letsencrypt/:/etc/letsencrypt/
87 88 89 90 91
    ports:
      - 80:80
      - 443:443
    depends_on:
      - dca-carouge-watering
92 93
      - quantumleap
      - orion
94 95
    command: [nginx-debug, '-g', 'daemon off;'] # THIS IS FOR DEBUG ONLY! DO NOT USE IN PROD!
  
96 97 98 99 100
  # - + - + - + - + - + - + - + - + - + - + - + - + - +
  #                 IoT Platform                      #
  # - + - + - + - + - + - + - + - + - + - + - + - + - +

  # Context broker
101
  orion:
102
    restart: always
103
    image: fiware/orion:${ORION_VERSION}
104 105 106 107 108 109 110 111 112
    container_name: fiware-orion
    depends_on:
      - mongo-db
    networks:
      default:
        ipv4_address: 172.18.1.9
    expose:
      - "${ORION_PORT}"
    ports:
113
      - "${ORION_PORT}:${ORION_PORT}"
114
    command: -corsOrigin __ALL -corsMaxAge 600 -dbhost mongo-db -logLevel WARN
115 116
    healthcheck:
      test: curl --fail -s http://orion:${ORION_PORT}/version || exit 1
117 118 119 120
      start_period: 40s
      interval: 15m00s
      timeout: 10s
      retries: 3
121

122
  # Identity Manager w/ GUI
123
  keyrock:
124
    restart: always
125 126 127 128 129 130 131 132 133 134 135 136
    image: fiware/idm:${KEYROCK_VERSION}
    container_name: fiware-keyrock
    networks:
      default:
        ipv4_address: 172.18.1.5
    depends_on:
      - mysql-db
    ports:
      - "${KEYROCK_PORT}:${KEYROCK_PORT}" # localhost:3005
    environment:
      - DEBUG=idm:*
      - IDM_DB_HOST=mysql-db
137
      - IDM_DB_PASS_FILE=/run/secrets/db_password
138
      - IDM_DB_USER=root
139
      - IDM_HOST=http://5.53.108.182:${KEYROCK_PORT}
140 141 142
      - IDM_PORT=${KEYROCK_PORT}
      - IDM_HTTPS_ENABLED=${IDM_HTTPS_ENABLED}
      - IDM_HTTPS_PORT=${KEYROCK_HTTPS_PORT}
143
      - IDM_EMAIL_HOST=5.53.108.182
144 145 146 147
      - IDM_ADMIN_USER=alice
      - IDM_ADMIN_EMAIL=alice-the-admin@test.com
      - IDM_ADMIN_PASS=test
    secrets:
148
      - db_password
149 150
    healthcheck:
      test: curl --fail -s http://localhost:${KEYROCK_PORT}/version || exit 1
151 152 153 154
      start_period: 40s
      interval: 15m00s
      timeout: 10s
      retries: 3
155

156
  # Authorization enforcement (PEP Proxy) for Orion
157
  orion-proxy:
158
    restart: always
159 160 161 162 163 164 165 166 167
    image: fiware/pep-proxy:${WILMA_VERSION}
    container_name: fiware-orion-proxy
    networks:
      default:
        ipv4_address: 172.18.1.10
    depends_on:
      - keyrock
    expose:
      - "${ORION_PROXY_PORT}"
168 169
    ports:
      - "${ORION_PROXY_PORT}:${ORION_PROXY_PORT}"
170 171 172 173 174 175
    environment:
      - PEP_PROXY_APP_HOST=orion
      - PEP_PROXY_APP_PORT=${ORION_PORT}
      - PEP_PROXY_PORT=${ORION_PROXY_PORT}
      - PEP_PROXY_IDM_HOST=keyrock
      - PEP_PROXY_HTTPS_ENABLED=false
176
      - PEP_PROXY_AUTH_ENABLED=true
177 178
      - PEP_PROXY_IDM_SSL_ENABLED=false
      - PEP_PROXY_IDM_PORT=${KEYROCK_PORT}
179 180 181
      - PEP_PROXY_APP_ID=45788b3f-34c7-4a8e-90dc-dfb87e8ad0cc
      - PEP_PROXY_USERNAME=pep_proxy_17c1b932-8559-4615-9927-898cc292e138
      - PEP_PASSWORD=pep_proxy_15c0841c-be71-4c44-8cd5-eaae6f3dd93e
182 183 184 185 186
      - PEP_PROXY_PDP=idm
      - PEP_PROXY_MAGIC_KEY=1234
      - PEP_PROXY_PUBLIC_PATHS=/version
    healthcheck:
      test: curl --fail -s http://orion-proxy:${ORION_PROXY_PORT}/version || exit 1
187 188 189 190
      start_period: 40s
      interval: 15m00s
      timeout: 10s
      retries: 3
191

192
  # db for Orion
193
  mongo-db:
194
    restart: always
195 196 197 198 199 200 201 202 203 204 205
    image: mongo:${MONGO_DB_VERSION}
    container_name: db-mongo
    expose:
      - "${MONGO_DB_PORT}"
    ports:
      - "${MONGO_DB_PORT}:${MONGO_DB_PORT}" # localhost:27017
    networks:
      - default
    command: --bind_ip_all --smallfiles
    volumes:
      - mongo-db:/data
206
    healthcheck:
207
      test: echo 'db.runCommand("ping").ok' | mongo db-mongo:27017/test --quiet
208 209 210 211
      interval: 10s
      timeout: 10s
      retries: 5
      start_period: 40s
212

213 214 215 216 217 218 219 220 221
  naiades-hmi:
    restart: always
    image: naiades-hmi
    container_name: naiades-hmi
    expose:
      - "80"
    networks:
      - default

222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241
#  # mongo admin dashboard
#  mongo-express:
#    image: mongo-express
#    container_name: mongo-express
#    networks:
#      default:
#        ipv4_address: 172.18.1.12
#    depends_on:
#      - mongo-db
#    expose:
#      - "${MONGO_DB_EXPRESS_PORT}"
#    ports:
#      - "${MONGO_DB_EXPRESS_PORT}:${MONGO_DB_EXPRESS_PORT}"
#    environment:
#      - ME_CONFIG_OPTIONS_EDITORTHEME=ambiance
#      - ME_CONFIG_BASICAUTH_USERNAME=${MONGO_DB_EXPRESS_USER}
#      - ME_CONFIG_BASICAUTH_PASSWORD=${MONGO_DB_EXPRESS_PASS}
#      - ME_CONFIG_MONGODB_PORT=${MONGO_DB_PORT}
#      - ME_CONFIG_MONGODB_ENABLE_ADMIN=false
#      - ME_CONFIG_MONGODB_SERVER=mongo-db
242

243
  # db for IdM
244 245 246 247 248 249 250 251 252 253 254 255
  mysql-db:
    restart: always
    image: mysql:${MYSQL_DB_VERSION}
    container_name: db-mysql
    expose:
      - "${MYSQL_DB_PORT}"
    ports:
      - "${MYSQL_DB_PORT}:${MYSQL_DB_PORT}" # localhost:3306
    networks:
      default:
        ipv4_address: 172.18.1.6
    environment:
256
      - "MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_password"
257 258 259 260 261
      - "MYSQL_ROOT_HOST=172.18.1.5" # Allow Keyrock to access this database
    volumes:
      - mysql-db:/var/lib/mysql
      - ./mysql-data:/docker-entrypoint-initdb.d/:ro
    secrets:
262
      - db_password
263

264
  # Quantum Leap - historical data manager
265
  quantumleap:
266
    restart: always
267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282
    image: smartsdk/quantumleap:${QUANTUMLEAP_VERSION}
    container_name: fiware-quantumleap
    expose:
      - "${QUANTUMLEAP_PORT}"
    ports:
      - "${QUANTUMLEAP_PORT}:${QUANTUMLEAP_PORT}"
    depends_on:
      - crate-db
    networks:
      default:
        ipv4_address: 172.18.1.7
    environment:
      - CRATE_HOST=crate-db
    healthcheck:
      test: curl --fail -s http://fiware-quantumleap:${QUANTUMLEAP_PORT}/v2/version || exit 1
      start_period: 40s
283
      interval: 15m00s
284 285 286
      timeout: 10s
      retries: 3

287 288 289 290 291 292 293 294 295 296 297 298 299 300 301
  # db for timeseries (quantumleap)
  crate-db:
    image: crate:${CRATE_VERSION}
    container_name: db-crate
    networks:
      default:
        ipv4_address: 172.18.1.8
    expose:
      - "${CRATE_PORT_GUI}"
    ports:
      - "${CRATE_PORT_GUI}:${CRATE_PORT_GUI}" # Admin UI
      - "${CRATE_PORT}:${CRATE_PORT_GUI}" # Transport protocol
    command: crate -Clicense.enterprise=false -Cauth.host_based.enabled=false  -Ccluster.name=democluster -Chttp.cors.enabled=true -Chttp.cors.allow-origin="*"
    volumes:
      - crate-storage:/data
302

303 304 305
  # - + - + - + - + - + - + - + - + - + - + - + - + - +
  #       WMS and DCA services                        #
  # - + - + - + - + - + - + - + - + - + - + - + - + - +
306

307
  wms-app-example:
308
    restart: always
309 310 311 312 313 314 315 316 317
    build:
      context: ./wms-example
      dockerfile: Dockerfile
    image: wms-app-example:latest
    container_name: wms-app-example
    environment:
      - LC_ALL=C.UTF-8
      - LANG=C.UTF-8
      - FLASK_DEBUG=1
318
    expose:
319
      - "${WMS_MODULE_PORT}"
320
    ports:
321
      - "${WMS_MODULE_PORT}:${WMS_MODULE_PORT}"
322 323
    volumes:
      - ./wms-example:/code
324 325
    networks:
      default:
326 327 328
        ipv4_address: 172.18.1.11
    healthcheck:
      test: curl --fail -s http://wms-app-example:${WMS_MODULE_PORT}/healthcheck || exit 1
329 330 331 332 333
      start_period: 40s
      interval: 15m00s
      timeout: 10s
      retries: 3

334
  dca-carouge-weather:
335
    build:
336
      context: ./dca-carouge-weather
337
      dockerfile: Dockerfile
338 339
    image: dca-carouge-weather:latest
    container_name: dca-carouge-weather
340 341 342
    environment:
      - LC_ALL=C.UTF-8
      - LANG=C.UTF-8
343
      - POST_DATA_PERIOD=900 #15mins
344 345 346
      - ORION_HOST=orion
      - COLLECTION_DIR=/code/raw_data
    volumes:
347
      - ./dca-carouge-weather:/code:rw
348 349
    networks:
      default:
350
        ipv4_address: 172.18.1.15
351
    command: ./weather_00_collect_raw_weather_data_carouge.py # no sensors, only 3rd party data for the moment
352
#    healthcheck:
353
#      test: curl --fail -s http://dca-carouge-weather:${WMS_MODULE_PORT}/healthcheck || exit 1
354 355 356 357 358
#      start_period: 40s
#      interval: 15m00s
#      timeout: 10s
#      retries: 3

359 360 361 362 363 364 365 366 367 368 369 370
  dca-carouge-watering:
    build:
      context: ./dca-carouge-watering
      dockerfile: Dockerfile
    image: dca-carouge-watering:latest
    container_name: dca-carouge-watering
    environment:
      - LC_ALL=C.UTF-8
      - LANG=C.UTF-8
      - FLASK_ENV=development
      - FLASK_DEBUG=1
      - FLASK_RUN_PORT=80
371
      - COLLECTION_DIR=/code/raw_data
372
      - ORION_HOST=orion
373
      - LORA_PLATFORM_SECRET_FILE=/run/secrets/lora_platform_auth_header
374
      - LORA_PLATFORM_URL=https://lora-ns.sig-ge.ch:443
375 376
    secrets:
      - lora_platform_auth_header
377 378 379 380 381 382 383 384 385 386 387 388 389
    expose:
      - 80
    volumes:
      - ./dca-carouge-watering:/code
    networks:
      default:
        ipv4_address: 172.18.1.14
    healthcheck:
      test: curl --fail -s http://dca-carouge-watering/healthcheck || exit 1
      start_period: 30s
      interval: 5m00s
      timeout: 10s
      retries: 3
390

391

392 393 394 395 396 397 398 399 400 401 402 403 404 405 406
  dca-carouge-fountain:
    build:
      context: ./dca-carouge-fountain
      dockerfile: Dockerfile
    image: dca-carouge-fountain:latest
    container_name: dca-carouge-fountain
    environment:
      - LC_ALL=C.UTF-8
      - LANG=C.UTF-8
      - FLASK_ENV=development
      - FLASK_DEBUG=1
      - FLASK_RUN_PORT=80
      - COLLECTION_DIR=/code/raw_data
      - ORION_HOST=orion
      - LORA_PLATFORM_SECRET_FILE=/run/secrets/lora_platform_auth_header
407
      - LORA_PLATFORM_URL=https://eu.saas.orbiwise.com:443
408 409 410 411 412 413 414 415
    secrets:
      - lora_platform_auth_header
    expose:
      - 80
    volumes:
      - ./dca-carouge-fountain:/code
    networks:
      default:
416
        ipv4_address: 172.18.1.16
417 418 419 420 421 422
    healthcheck:
      test: curl --fail -s http://dca-carouge-fountain/healthcheck || exit 1
      start_period: 30s
      interval: 5m00s
      timeout: 10s
      retries: 3
Federico Sismondi's avatar
Federico Sismondi committed
423

424 425 426 427 428 429 430 431 432 433 434 435 436 437
  dca-carouge-weather-station:
    build:
      context: ./dca-carouge-weather-station
      dockerfile: Dockerfile
    image: dca-carouge-weather-station:latest
    container_name: dca-carouge-weather-station
    environment:
      - LC_ALL=C.UTF-8
      - LANG=C.UTF-8
      - FLASK_ENV=development
      - FLASK_DEBUG=1
      - FLASK_RUN_PORT=80
      - COLLECTION_DIR=/code/raw_data
      - ORION_HOST=orion
438 439
    ports:
      - 21:21
440 441 442 443 444 445 446 447 448 449 450 451
    volumes:
      - ./dca-carouge-weather-station:/code
    networks:
      default:
        ipv4_address: 172.18.1.17
#    healthcheck:
#      test: curl --fail -s http://dca-carouge-fountain/healthcheck || exit 1
#      start_period: 30s
#      interval: 5m00s
#      timeout: 10s
#      retries: 3

452 453 454
# - + - + - + - + - + - + - + - + - + - + - + - + - +
#               Docker configs                      #
# - + - + - + - + - + - + - + - + - + - + - + - + - +
455 456 457

networks:
  default:
458 459 460
    driver: bridge
    driver_opts:
      com.docker.network.driver.mtu: 1450
461
      com.docker.network.bridge.name: naiades-network
462 463 464
    ipam:
      config:
        - subnet: 172.18.1.0/24
465

466 467 468
volumes:
  mysql-db: ~
  mongo-db: ~
469
  crate-storage: ~
470 471

secrets:
472
  db_password:
473
    file: secrets
474 475
  lora_platform_auth_header:
    file: secret_carouge_lora