docker-compose.yml

# - + - + - + - + - + - + - + - + - + - + - + - + - +
#             NAIADES IoT Platform and services     #
# - + - + - + - + - + - + - + - + - + - + - + - + - +


# - + - + - + - + - + - + - + - + - + - + - + - + - +
#                     Notes                         #
# - + - + - + - + - + - + - + - + - + - + - + - + - +

# ToDoS for PROD
# ==============
# - include let's encrypt in nginx
# - platform's FQDM ?
# - all services requests must pass through nginx
# - change secrets


#
#  Authored by UDGA in the context of NAIADES E.U. PROJECT
#
#  Received contributions from
#  ---------------------------
#  - ?
#
#  inspired by https://smartsdk.github.io/smartsdk-recipes/
#
#  PRODUCTION ToDOs
#  ----------------
#  - include let's encrypt in nginx
#  - platform's FQDM ?
#  - all services requests must pass through nginx
#
#
#
#  DEPLOYMENT NOTES:
#  -----------------
#
#  About Docker Volumes:
#  ---------------------
#
#  A data volume is a specially-designated directory within one or more containers that bypasses the Union File System.
#  Data volumes provide several useful features for persistent or shared data:
#
#    - Volumes are initialized when a container is created.
#    If the container’s base image contains data at the specified mount point,
#    that existing data is copied into the new volume upon volume
#    initialization.
#    (Note that this does not apply when mounting a host
#    directory.)
#
#    - Data volumes can be shared and reused among containers.
#
#    - Changes to a data volume are made directly.
#
#    - Changes to a data volume will not be included when you update an image.
#    Data volumes persist even if the container itself is deleted.
#
#  Into Dockerfile you can specify only destination of volume inside container. e.g. /usr/src/app.
#  You may but -not necessary needed- specify mounting point (/opt) in host machine.
#  Using the CLI that is `docker run --volume=/opt:/usr/src/app my_image`
#  If you not specify --volume argument then mount point will be chosen automatically
#


version: "3.5"
services:

  # - + - + - + - + - + - + - + - + - + - + - + - + - +
  #                 Reverse-proxy                     #
  # - + - + - + - + - + - + - + - + - + - + - + - + - +

  # Reverse-proxy (entrypoint)
  nginx:
    image: nginx:latest
    container_name: nginx
    networks:
      default:
        ipv4_address: 172.18.1.250
    volumes:
      #- ${PWD}/nginx/error.log:/var/log/nginx/error.log:rw
      - ${PWD}/nginx/conf.d/:/etc/nginx/conf.d/
      - ${PWD}/nginx/cache/:/var/www/nginx/cache/
      - ${PWD}/nginx/logs/:/var/log/nginx/:rw
      - ${PWD}/nginx/nginx.conf:/etc/nginx/nginx.conf:rw
      - ${PWD}/nginx/htpasswd/:/etc/nginx/htpasswd/:rw
      - /etc/letsencrypt/:/etc/letsencrypt/
    ports:
      - 80:80
      - 443:443
    depends_on:
      - dca-carouge-watering
      - quantumleap
      - orion
    command: [nginx-debug, '-g', 'daemon off;'] # THIS IS FOR DEBUG ONLY! DO NOT USE IN PROD!
  
  # - + - + - + - + - + - + - + - + - + - + - + - + - +
  #                 IoT Platform                      #
  # - + - + - + - + - + - + - + - + - + - + - + - + - +

  # Context broker
  orion:
    restart: always
    image: fiware/orion:${ORION_VERSION}
    container_name: fiware-orion
    depends_on:
      - mongo-db
    networks:
      default:
        ipv4_address: 172.18.1.9
    expose:
      - "${ORION_PORT}"
    ports:
      - "${ORION_PORT}:${ORION_PORT}"
    command: -dbhost mongo-db -logLevel WARN -corsOrigin __ALL -corsMaxAge 600
    healthcheck:
      test: curl --fail -s http://orion:${ORION_PORT}/version || exit 1
      start_period: 40s
      interval: 15m00s
      timeout: 10s
      retries: 3

  # Identity Manager w/ GUI
  keyrock:
    restart: always
    image: fiware/idm:${KEYROCK_VERSION}
    container_name: fiware-keyrock
    networks:
      default:
        ipv4_address: 172.18.1.5
    volumes:
      - ${PWD}/keyrock/config.js:/opt/fiware-idm/config.js
      - /etc/letsencrypt/:/etc/letsencrypt    
    depends_on:
      - mysql-db
    ports:
      - "${KEYROCK_PORT}:${KEYROCK_PORT}" # localhost:3005
      - "${KEYROCK_HTTPS_PORT}:${KEYROCK_HTTPS_PORT}" # localhost:3443
    environment:
      - DEBUG=idm:*
      - IDM_DB_HOST=mysql-db
      - IDM_DB_PASS_FILE=/run/secrets/db_password
      - IDM_DB_USER=root
      - IDM_HOST=https://test.naiades-project.eu:${KEYROCK_HTTPS_PORT}
      - IDM_PORT=${KEYROCK_PORT}
      - IDM_HTTPS_ENABLED=true
      - IDM_HTTPS_PORT=${KEYROCK_HTTPS_PORT}
      - IDM_EMAIL_HOST=5.53.108.182
      - IDM_ADMIN_USER=alice
      - IDM_ADMIN_EMAIL=alice-the-admin@test.com
      - IDM_ADMIN_PASS=test
      - IDM_CORS_ENABLED=true
    secrets:
      - db_password
    healthcheck:
      test: curl --fail -s http://localhost:${KEYROCK_PORT}/version || exit 1
      start_period: 40s
      interval: 15m00s
      timeout: 10s
      retries: 3

  # Authorization enforcement (PEP Proxy) for Orion
  orion-proxy:
    restart: always
    image: fiware/pep-proxy:${WILMA_VERSION}
    container_name: fiware-orion-proxy
    networks:
      default:
        ipv4_address: 172.18.1.10
    depends_on:
      - keyrock
    expose:
      - "${ORION_PROXY_PORT}"
    ports:
      - "${ORION_PROXY_PORT}:${ORION_PROXY_PORT}"
    environment:
      - PEP_PROXY_APP_HOST=orion
      - PEP_PROXY_APP_PORT=${ORION_PORT}
      - PEP_PROXY_PORT=${ORION_PROXY_PORT}
      - PEP_PROXY_IDM_HOST=keyrock
      - PEP_PROXY_HTTPS_ENABLED=false
      - PEP_PROXY_AUTH_ENABLED=true
      - PEP_PROXY_IDM_SSL_ENABLED=true
      - PEP_PROXY_IDM_PORT=${KEYROCK_HTTPS_PORT}
      - PEP_PROXY_APP_ID=45788b3f-34c7-4a8e-90dc-dfb87e8ad0cc
      - PEP_PROXY_USERNAME=pep_proxy_17c1b932-8559-4615-9927-898cc292e138
      - PEP_PASSWORD=pep_proxy_15c0841c-be71-4c44-8cd5-eaae6f3dd93e
      - PEP_PROXY_PDP=idm
      - PEP_PROXY_MAGIC_KEY=1234
      - PEP_PROXY_PUBLIC_PATHS=/version
    healthcheck:
      test: curl --fail -s http://orion-proxy:${ORION_PROXY_PORT}/version || exit 1
      start_period: 40s
      interval: 15m00s
      timeout: 10s
      retries: 3

  # db for Orion
  mongo-db:
    restart: always
    image: mongo:${MONGO_DB_VERSION}
    container_name: db-mongo
    expose:
      - "${MONGO_DB_PORT}"
    ports:
      - "${MONGO_DB_PORT}:${MONGO_DB_PORT}" # localhost:27017
    networks:
      - default
    command: --bind_ip_all --smallfiles
    volumes:
      - mongo-db:/data
    healthcheck:
      test: echo 'db.runCommand("ping").ok' | mongo db-mongo:27017/test --quiet
      interval: 10s
      timeout: 10s
      retries: 5
      start_period: 40s

  naiades-hmi:
    restart: always
    image: naiades-hmi # docker pull registry.gitlab.com/konnektable-devops/frontend-repository/naiades-hmi:latest
    container_name: naiades-hmi
    expose:
      - "80"
    networks:
      - default

#  # mongo admin dashboard
#  mongo-express:
#    image: mongo-express
#    container_name: mongo-express
#    networks:
#      default:
#        ipv4_address: 172.18.1.12
#    depends_on:
#      - mongo-db
#    expose:
#      - "${MONGO_DB_EXPRESS_PORT}"
#    ports:
#      - "${MONGO_DB_EXPRESS_PORT}:${MONGO_DB_EXPRESS_PORT}"
#    environment:
#      - ME_CONFIG_OPTIONS_EDITORTHEME=ambiance
#      - ME_CONFIG_BASICAUTH_USERNAME=${MONGO_DB_EXPRESS_USER}
#      - ME_CONFIG_BASICAUTH_PASSWORD=${MONGO_DB_EXPRESS_PASS}
#      - ME_CONFIG_MONGODB_PORT=${MONGO_DB_PORT}
#      - ME_CONFIG_MONGODB_ENABLE_ADMIN=false
#      - ME_CONFIG_MONGODB_SERVER=mongo-db

  # db for IdM
  mysql-db:
    restart: always
    image: mysql:${MYSQL_DB_VERSION}
    container_name: db-mysql
    expose:
      - "${MYSQL_DB_PORT}"
    ports:
      - "${MYSQL_DB_PORT}:${MYSQL_DB_PORT}" # localhost:3306
    networks:
      default:
        ipv4_address: 172.18.1.6
    environment:
      - "MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_password"
      - "MYSQL_ROOT_HOST=172.18.1.5" # Allow Keyrock to access this database
    volumes:
      - mysql-db:/var/lib/mysql
      - ./mysql-data:/docker-entrypoint-initdb.d/:ro
    secrets:
      - db_password

  # Quantum Leap - historical data manager
  quantumleap:
    restart: always
    image: smartsdk/quantumleap:${QUANTUMLEAP_VERSION}
    container_name: fiware-quantumleap
    expose:
      - "${QUANTUMLEAP_PORT}"
    ports:
      - "${QUANTUMLEAP_PORT}:${QUANTUMLEAP_PORT}"
    depends_on:
      - crate-db
    networks:
      default:
        ipv4_address: 172.18.1.7
    environment:
      - CRATE_HOST=crate-db
    healthcheck:
      test: curl --fail -s http://fiware-quantumleap:${QUANTUMLEAP_PORT}/v2/version || exit 1
      start_period: 40s
      interval: 15m00s
      timeout: 10s
      retries: 3

  # db for timeseries (quantumleap)
  crate-db:
    image: crate:${CRATE_VERSION}
    container_name: db-crate
    networks:
      default:
        ipv4_address: 172.18.1.8
    expose:
      - "${CRATE_PORT_GUI}"
    ports:
      - "${CRATE_PORT_GUI}:${CRATE_PORT_GUI}" # Admin UI
      - "${CRATE_PORT}:${CRATE_PORT_GUI}" # Transport protocol
    command: crate -Clicense.enterprise=false -Cauth.host_based.enabled=false  -Ccluster.name=democluster -Chttp.cors.enabled=true -Chttp.cors.allow-origin="*"
    volumes:
      - crate-storage:/data

  # - + - + - + - + - + - + - + - + - + - + - + - + - +
  #       WMS and DCA services                        #
  # - + - + - + - + - + - + - + - + - + - + - + - + - +

  wms-app-example:
    restart: always
    build:
      context: ./wms-example
      dockerfile: Dockerfile
    image: wms-app-example:latest
    container_name: wms-app-example
    environment:
      - LC_ALL=C.UTF-8
      - LANG=C.UTF-8
      - FLASK_DEBUG=1
    expose:
      - "${WMS_MODULE_PORT}"
    ports:
      - "${WMS_MODULE_PORT}:${WMS_MODULE_PORT}"
    volumes:
      - ./wms-example:/code
    networks:
      default:
        ipv4_address: 172.18.1.11
    healthcheck:
      test: curl --fail -s http://wms-app-example:${WMS_MODULE_PORT}/healthcheck || exit 1
      start_period: 40s
      interval: 15m00s
      timeout: 10s
      retries: 3

  dca-carouge-weather:
    build:
      context: ./dca-carouge-weather
      dockerfile: Dockerfile
    image: dca-carouge-weather:latest
    container_name: dca-carouge-weather
    environment:
      - LC_ALL=C.UTF-8
      - LANG=C.UTF-8
      - POST_DATA_PERIOD=3600 #60 minutes
      - ORION_HOST=orion
      - COLLECTION_DIR=/code/raw_data
      - DATA_MODEL_VALIDATION=10.81.6.109
    volumes:
      - ./dca-carouge-weather:/code:rw
    networks:
      default:
        ipv4_address: 172.18.1.15
    command: python app.py # no sensors, only 3rd party data for the moment
#    healthcheck:
#      test: curl --fail -s http://dca-carouge-weather:${WMS_MODULE_PORT}/healthcheck || exit 1
#      start_period: 40s
#      interval: 15m00s
#      timeout: 10s
#      retries: 3

  dca-carouge-watering:
    build:
      context: ./dca-carouge-watering
      dockerfile: Dockerfile
    image: dca-carouge-watering:latest
    container_name: dca-carouge-watering
    environment:
      - LC_ALL=C.UTF-8
      - LANG=C.UTF-8
      - FLASK_ENV=development
      - FLASK_DEBUG=1
      - FLASK_RUN_PORT=80
      - COLLECTION_DIR=/code/raw_data
      - ORION_HOST=orion
      - LORA_PLATFORM_SECRET_FILE=/run/secrets/lora_platform_auth_header
      - LORA_PLATFORM_URL=https://lora-ns.sig-ge.ch:443
      - DATA_MODEL_VALIDATION=10.81.6.109
    secrets:
      - lora_platform_auth_header
    expose:
      - 80
    volumes:
      - ./dca-carouge-watering:/code
    networks:
      default:
        ipv4_address: 172.18.1.14
    healthcheck:
      test: curl --fail -s http://dca-carouge-watering/healthcheck || exit 1
      start_period: 30s
      interval: 5m00s
      timeout: 10s
      retries: 3


  dca-carouge-fountain:
    build:
      context: ./dca-carouge-fountain
      dockerfile: Dockerfile
    image: dca-carouge-fountain:latest
    container_name: dca-carouge-fountain
    environment:
      - LC_ALL=C.UTF-8
      - LANG=C.UTF-8
      - FLASK_ENV=development
      - FLASK_DEBUG=1
      - FLASK_RUN_PORT=80
      - COLLECTION_DIR=/code/raw_data
      - ORION_HOST=orion
      - LORA_PLATFORM_SECRET_FILE=/run/secrets/lora_platform_auth_header
      - LORA_PLATFORM_URL=https://eu.saas.orbiwise.com:443
      - DATA_MODEL_VALIDATION=10.81.6.109
    secrets:
      - lora_platform_auth_header
    expose:
      - 80
    volumes:
      - ./dca-carouge-fountain:/code
    networks:
      default:
        ipv4_address: 172.18.1.16
    healthcheck:
      test: curl --fail -s http://dca-carouge-fountain/healthcheck || exit 1
      start_period: 30s
      interval: 5m00s
      timeout: 10s
      retries: 3

  dca-carouge-weather-station:
    build:
      context: ./dca-carouge-weather-station
      dockerfile: Dockerfile
    image: dca-carouge-weather-station:latest
    container_name: dca-carouge-weather-station
    environment:
      - LC_ALL=C.UTF-8
      - LANG=C.UTF-8
      - FLASK_ENV=development
      - FLASK_DEBUG=1
      - FLASK_RUN_PORT=80
      - COLLECTION_DIR=/code/raw_data
      - ORION_HOST=orion
    ports:
      - 21:21
    volumes:
      - ./dca-carouge-weather-station:/code
    networks:
      default:
        ipv4_address: 172.18.1.17
#    healthcheck:
#      test: curl --fail -s http://dca-carouge-fountain/healthcheck || exit 1
#      start_period: 30s
#      interval: 5m00s
#      timeout: 10s
#      retries: 3

# - + - + - + - + - + - + - + - + - + - + - + - + - +
#               Docker configs                      #
# - + - + - + - + - + - + - + - + - + - + - + - + - +

networks:
  default:
    driver: bridge
    driver_opts:
      com.docker.network.driver.mtu: 1450
      com.docker.network.bridge.name: naiades-network
    ipam:
      config:
        - subnet: 172.18.1.0/24

volumes:
  mysql-db: ~
  mongo-db: ~
  crate-storage: ~

secrets:
  db_password:
    file: secrets
  lora_platform_auth_header:
    file: secret_carouge_lora