docker-compose.yml 13.6 KB
Newer Older
1
2
3
4
5
# - + - + - + - + - + - + - + - + - + - + - + - + - +
#             NAIADES IoT Platform and services     #
# - + - + - + - + - + - + - + - + - + - + - + - + - +


6
7
8
9
10
11
12
13
14
15
# - + - + - + - + - + - + - + - + - + - + - + - + - +
#                     Notes                         #
# - + - + - + - + - + - + - + - + - + - + - + - + - +

# ToDoS for PROD
# ==============
# - include let's encrypt in nginx
# - platform's FQDM ?
# - all services requests must pass through nginx
# - change secrets
16

17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

#
#  Authored by UDGA in the context of NAIADES E.U. PROJECT
#
#  Received contributions from
#  ---------------------------
#  - ?
#
#  inspired by https://smartsdk.github.io/smartsdk-recipes/
#
#  PRODUCTION ToDOs
#  ----------------
#  - include let's encrypt in nginx
#  - platform's FQDM ?
#  - all services requests must pass through nginx
#
#
34
#
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#  DEPLOYMENT NOTES:
#  -----------------
#
#  About Docker Volumes:
#  ---------------------
#
#  A data volume is a specially-designated directory within one or more containers that bypasses the Union File System.
#  Data volumes provide several useful features for persistent or shared data:
#
#    - Volumes are initialized when a container is created.
#    If the container’s base image contains data at the specified mount point,
#    that existing data is copied into the new volume upon volume
#    initialization.
#    (Note that this does not apply when mounting a host
#    directory.)
#
#    - Data volumes can be shared and reused among containers.
#
#    - Changes to a data volume are made directly.
#
#    - Changes to a data volume will not be included when you update an image.
#    Data volumes persist even if the container itself is deleted.
#
#  Into Dockerfile you can specify only destination of volume inside container. e.g. /usr/src/app.
#  You may but -not necessary needed- specify mounting point (/opt) in host machine.
#  Using the CLI that is `docker run --volume=/opt:/usr/src/app my_image`
#  If you not specify --volume argument then mount point will be chosen automatically
#

64

65
66
version: "3.5"
services:
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

  # - + - + - + - + - + - + - + - + - + - + - + - + - +
  #                 Reverse-proxy                     #
  # - + - + - + - + - + - + - + - + - + - + - + - + - +

  # Reverse-proxy (entrypoint)
  nginx:
    image: nginx:latest
    container_name: nginx
    networks:
      default:
        ipv4_address: 172.18.1.250
    volumes:
      #- ${PWD}/nginx/error.log:/var/log/nginx/error.log:rw
      - ${PWD}/nginx/conf.d/:/etc/nginx/conf.d/
      - ${PWD}/nginx/cache/:/var/www/nginx/cache/
      - ${PWD}/nginx/logs/:/var/log/nginx/:rw
      - ${PWD}/nginx/nginx.conf:/etc/nginx/nginx.conf:rw
85
      - ${PWD}/nginx/htpasswd/:/etc/nginx/htpasswd/:rw
86
      - /etc/letsencrypt/:/etc/letsencrypt/
87
88
89
90
91
    ports:
      - 80:80
      - 443:443
    depends_on:
      - dca-carouge-watering
92
93
      - quantumleap
      - orion
94
95
    command: [nginx-debug, '-g', 'daemon off;'] # THIS IS FOR DEBUG ONLY! DO NOT USE IN PROD!
  
96
97
98
99
100
  # - + - + - + - + - + - + - + - + - + - + - + - + - +
  #                 IoT Platform                      #
  # - + - + - + - + - + - + - + - + - + - + - + - + - +

  # Context broker
101
  orion:
102
    restart: always
103
    image: fiware/orion:${ORION_VERSION}
104
105
106
107
108
109
110
111
112
    container_name: fiware-orion
    depends_on:
      - mongo-db
    networks:
      default:
        ipv4_address: 172.18.1.9
    expose:
      - "${ORION_PORT}"
    ports:
113
      - "${ORION_PORT}:${ORION_PORT}"
114
    command: -dbhost mongo-db -logLevel WARN -corsOrigin __ALL -corsMaxAge 600
115
116
    healthcheck:
      test: curl --fail -s http://orion:${ORION_PORT}/version || exit 1
117
118
119
120
      start_period: 40s
      interval: 15m00s
      timeout: 10s
      retries: 3
121

122
  # Identity Manager w/ GUI
123
  keyrock:
124
    restart: always
125
126
127
128
129
    image: fiware/idm:${KEYROCK_VERSION}
    container_name: fiware-keyrock
    networks:
      default:
        ipv4_address: 172.18.1.5
130
131
132
    volumes:
      - ${PWD}/keyrock/config.js:/opt/fiware-idm/config.js
      - /etc/letsencrypt/:/etc/letsencrypt    
133
134
135
136
    depends_on:
      - mysql-db
    ports:
      - "${KEYROCK_PORT}:${KEYROCK_PORT}" # localhost:3005
137
      - "${KEYROCK_HTTPS_PORT}:${KEYROCK_HTTPS_PORT}" # localhost:3443
138
139
140
    environment:
      - DEBUG=idm:*
      - IDM_DB_HOST=mysql-db
141
      - IDM_DB_PASS_FILE=/run/secrets/db_password
142
      - IDM_DB_USER=root
143
      - IDM_HOST=https://test.naiades-project.eu:${KEYROCK_HTTPS_PORT}
144
      - IDM_PORT=${KEYROCK_PORT}
145
      - IDM_HTTPS_ENABLED=true
146
      - IDM_HTTPS_PORT=${KEYROCK_HTTPS_PORT}
147
      - IDM_EMAIL_HOST=5.53.108.182
148
149
150
      - IDM_ADMIN_USER=alice
      - IDM_ADMIN_EMAIL=alice-the-admin@test.com
      - IDM_ADMIN_PASS=test
Cédric Crettaz's avatar
Cédric Crettaz committed
151
      - IDM_CORS_ENABLED=true
152
    secrets:
153
      - db_password
154
155
    healthcheck:
      test: curl --fail -s http://localhost:${KEYROCK_PORT}/version || exit 1
156
157
158
159
      start_period: 40s
      interval: 15m00s
      timeout: 10s
      retries: 3
160

161
  # Authorization enforcement (PEP Proxy) for Orion
162
  orion-proxy:
163
    restart: always
164
165
166
167
168
169
170
171
172
    image: fiware/pep-proxy:${WILMA_VERSION}
    container_name: fiware-orion-proxy
    networks:
      default:
        ipv4_address: 172.18.1.10
    depends_on:
      - keyrock
    expose:
      - "${ORION_PROXY_PORT}"
173
174
    ports:
      - "${ORION_PROXY_PORT}:${ORION_PROXY_PORT}"
175
176
177
178
179
180
    environment:
      - PEP_PROXY_APP_HOST=orion
      - PEP_PROXY_APP_PORT=${ORION_PORT}
      - PEP_PROXY_PORT=${ORION_PROXY_PORT}
      - PEP_PROXY_IDM_HOST=keyrock
      - PEP_PROXY_HTTPS_ENABLED=false
181
      - PEP_PROXY_AUTH_ENABLED=true
182
183
      - PEP_PROXY_IDM_SSL_ENABLED=true
      - PEP_PROXY_IDM_PORT=${KEYROCK_HTTPS_PORT}
184
185
186
      - PEP_PROXY_APP_ID=45788b3f-34c7-4a8e-90dc-dfb87e8ad0cc
      - PEP_PROXY_USERNAME=pep_proxy_17c1b932-8559-4615-9927-898cc292e138
      - PEP_PASSWORD=pep_proxy_15c0841c-be71-4c44-8cd5-eaae6f3dd93e
187
188
189
190
191
      - PEP_PROXY_PDP=idm
      - PEP_PROXY_MAGIC_KEY=1234
      - PEP_PROXY_PUBLIC_PATHS=/version
    healthcheck:
      test: curl --fail -s http://orion-proxy:${ORION_PROXY_PORT}/version || exit 1
192
193
194
195
      start_period: 40s
      interval: 15m00s
      timeout: 10s
      retries: 3
196

197
  # db for Orion
198
  mongo-db:
199
    restart: always
200
201
202
203
204
205
206
207
208
209
210
    image: mongo:${MONGO_DB_VERSION}
    container_name: db-mongo
    expose:
      - "${MONGO_DB_PORT}"
    ports:
      - "${MONGO_DB_PORT}:${MONGO_DB_PORT}" # localhost:27017
    networks:
      - default
    command: --bind_ip_all --smallfiles
    volumes:
      - mongo-db:/data
211
    healthcheck:
212
      test: echo 'db.runCommand("ping").ok' | mongo db-mongo:27017/test --quiet
213
214
215
216
      interval: 10s
      timeout: 10s
      retries: 5
      start_period: 40s
217

218
219
  naiades-hmi:
    restart: always
220
    image: naiades-hmi # docker pull registry.gitlab.com/konnektable-devops/frontend-repository/naiades-hmi:latest
221
222
223
224
225
226
    container_name: naiades-hmi
    expose:
      - "80"
    networks:
      - default

227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
#  # mongo admin dashboard
#  mongo-express:
#    image: mongo-express
#    container_name: mongo-express
#    networks:
#      default:
#        ipv4_address: 172.18.1.12
#    depends_on:
#      - mongo-db
#    expose:
#      - "${MONGO_DB_EXPRESS_PORT}"
#    ports:
#      - "${MONGO_DB_EXPRESS_PORT}:${MONGO_DB_EXPRESS_PORT}"
#    environment:
#      - ME_CONFIG_OPTIONS_EDITORTHEME=ambiance
#      - ME_CONFIG_BASICAUTH_USERNAME=${MONGO_DB_EXPRESS_USER}
#      - ME_CONFIG_BASICAUTH_PASSWORD=${MONGO_DB_EXPRESS_PASS}
#      - ME_CONFIG_MONGODB_PORT=${MONGO_DB_PORT}
#      - ME_CONFIG_MONGODB_ENABLE_ADMIN=false
#      - ME_CONFIG_MONGODB_SERVER=mongo-db
247

248
  # db for IdM
249
250
251
252
253
254
255
256
257
258
259
260
  mysql-db:
    restart: always
    image: mysql:${MYSQL_DB_VERSION}
    container_name: db-mysql
    expose:
      - "${MYSQL_DB_PORT}"
    ports:
      - "${MYSQL_DB_PORT}:${MYSQL_DB_PORT}" # localhost:3306
    networks:
      default:
        ipv4_address: 172.18.1.6
    environment:
261
      - "MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_password"
262
263
264
265
266
      - "MYSQL_ROOT_HOST=172.18.1.5" # Allow Keyrock to access this database
    volumes:
      - mysql-db:/var/lib/mysql
      - ./mysql-data:/docker-entrypoint-initdb.d/:ro
    secrets:
267
      - db_password
268

269
  # Quantum Leap - historical data manager
270
  quantumleap:
271
    restart: always
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
    image: smartsdk/quantumleap:${QUANTUMLEAP_VERSION}
    container_name: fiware-quantumleap
    expose:
      - "${QUANTUMLEAP_PORT}"
    ports:
      - "${QUANTUMLEAP_PORT}:${QUANTUMLEAP_PORT}"
    depends_on:
      - crate-db
    networks:
      default:
        ipv4_address: 172.18.1.7
    environment:
      - CRATE_HOST=crate-db
    healthcheck:
      test: curl --fail -s http://fiware-quantumleap:${QUANTUMLEAP_PORT}/v2/version || exit 1
      start_period: 40s
288
      interval: 15m00s
289
290
291
      timeout: 10s
      retries: 3

292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
  # db for timeseries (quantumleap)
  crate-db:
    image: crate:${CRATE_VERSION}
    container_name: db-crate
    networks:
      default:
        ipv4_address: 172.18.1.8
    expose:
      - "${CRATE_PORT_GUI}"
    ports:
      - "${CRATE_PORT_GUI}:${CRATE_PORT_GUI}" # Admin UI
      - "${CRATE_PORT}:${CRATE_PORT_GUI}" # Transport protocol
    command: crate -Clicense.enterprise=false -Cauth.host_based.enabled=false  -Ccluster.name=democluster -Chttp.cors.enabled=true -Chttp.cors.allow-origin="*"
    volumes:
      - crate-storage:/data
307

308
309
310
  # - + - + - + - + - + - + - + - + - + - + - + - + - +
  #       WMS and DCA services                        #
  # - + - + - + - + - + - + - + - + - + - + - + - + - +
311

312
  wms-app-example:
313
    restart: always
314
315
316
317
318
319
320
321
322
    build:
      context: ./wms-example
      dockerfile: Dockerfile
    image: wms-app-example:latest
    container_name: wms-app-example
    environment:
      - LC_ALL=C.UTF-8
      - LANG=C.UTF-8
      - FLASK_DEBUG=1
323
    expose:
324
      - "${WMS_MODULE_PORT}"
325
    ports:
326
      - "${WMS_MODULE_PORT}:${WMS_MODULE_PORT}"
327
328
    volumes:
      - ./wms-example:/code
329
330
    networks:
      default:
331
332
333
        ipv4_address: 172.18.1.11
    healthcheck:
      test: curl --fail -s http://wms-app-example:${WMS_MODULE_PORT}/healthcheck || exit 1
334
335
336
337
338
      start_period: 40s
      interval: 15m00s
      timeout: 10s
      retries: 3

339
  dca-carouge-weather:
340
    build:
341
      context: ./dca-carouge-weather
342
      dockerfile: Dockerfile
343
344
    image: dca-carouge-weather:latest
    container_name: dca-carouge-weather
345
346
347
    environment:
      - LC_ALL=C.UTF-8
      - LANG=C.UTF-8
348
      - POST_DATA_PERIOD=3600 #60 minutes
349
350
      - ORION_HOST=orion
      - COLLECTION_DIR=/code/raw_data
351
      - DATA_MODEL_VALIDATION=10.81.6.109
352
    volumes:
353
      - ./dca-carouge-weather:/code:rw
354
355
    networks:
      default:
356
        ipv4_address: 172.18.1.15
357
    command: python app.py # no sensors, only 3rd party data for the moment
358
#    healthcheck:
359
#      test: curl --fail -s http://dca-carouge-weather:${WMS_MODULE_PORT}/healthcheck || exit 1
360
361
362
363
364
#      start_period: 40s
#      interval: 15m00s
#      timeout: 10s
#      retries: 3

365
366
367
368
369
370
371
372
373
374
375
376
  dca-carouge-watering:
    build:
      context: ./dca-carouge-watering
      dockerfile: Dockerfile
    image: dca-carouge-watering:latest
    container_name: dca-carouge-watering
    environment:
      - LC_ALL=C.UTF-8
      - LANG=C.UTF-8
      - FLASK_ENV=development
      - FLASK_DEBUG=1
      - FLASK_RUN_PORT=80
377
      - COLLECTION_DIR=/code/raw_data
378
      - ORION_HOST=orion
379
      - LORA_PLATFORM_SECRET_FILE=/run/secrets/lora_platform_auth_header
380
      - LORA_PLATFORM_URL=https://lora-ns.sig-ge.ch:443
381
      - DATA_MODEL_VALIDATION=10.81.6.109
382
383
    secrets:
      - lora_platform_auth_header
384
385
386
387
388
389
390
391
392
393
394
395
396
    expose:
      - 80
    volumes:
      - ./dca-carouge-watering:/code
    networks:
      default:
        ipv4_address: 172.18.1.14
    healthcheck:
      test: curl --fail -s http://dca-carouge-watering/healthcheck || exit 1
      start_period: 30s
      interval: 5m00s
      timeout: 10s
      retries: 3
397

398

399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
  dca-carouge-fountain:
    build:
      context: ./dca-carouge-fountain
      dockerfile: Dockerfile
    image: dca-carouge-fountain:latest
    container_name: dca-carouge-fountain
    environment:
      - LC_ALL=C.UTF-8
      - LANG=C.UTF-8
      - FLASK_ENV=development
      - FLASK_DEBUG=1
      - FLASK_RUN_PORT=80
      - COLLECTION_DIR=/code/raw_data
      - ORION_HOST=orion
      - LORA_PLATFORM_SECRET_FILE=/run/secrets/lora_platform_auth_header
414
      - LORA_PLATFORM_URL=https://eu.saas.orbiwise.com:443
415
      - DATA_MODEL_VALIDATION=10.81.6.109
416
417
418
419
420
421
422
423
    secrets:
      - lora_platform_auth_header
    expose:
      - 80
    volumes:
      - ./dca-carouge-fountain:/code
    networks:
      default:
424
        ipv4_address: 172.18.1.16
425
426
427
428
429
430
    healthcheck:
      test: curl --fail -s http://dca-carouge-fountain/healthcheck || exit 1
      start_period: 30s
      interval: 5m00s
      timeout: 10s
      retries: 3
Federico Sismondi's avatar
Federico Sismondi committed
431

432
433
434
435
436
437
438
439
440
441
442
443
444
445
  dca-carouge-weather-station:
    build:
      context: ./dca-carouge-weather-station
      dockerfile: Dockerfile
    image: dca-carouge-weather-station:latest
    container_name: dca-carouge-weather-station
    environment:
      - LC_ALL=C.UTF-8
      - LANG=C.UTF-8
      - FLASK_ENV=development
      - FLASK_DEBUG=1
      - FLASK_RUN_PORT=80
      - COLLECTION_DIR=/code/raw_data
      - ORION_HOST=orion
446
447
    ports:
      - 21:21
448
449
450
451
452
453
454
455
456
457
458
459
    volumes:
      - ./dca-carouge-weather-station:/code
    networks:
      default:
        ipv4_address: 172.18.1.17
#    healthcheck:
#      test: curl --fail -s http://dca-carouge-fountain/healthcheck || exit 1
#      start_period: 30s
#      interval: 5m00s
#      timeout: 10s
#      retries: 3

460
461
462
# - + - + - + - + - + - + - + - + - + - + - + - + - +
#               Docker configs                      #
# - + - + - + - + - + - + - + - + - + - + - + - + - +
463
464
465

networks:
  default:
466
467
468
    driver: bridge
    driver_opts:
      com.docker.network.driver.mtu: 1450
469
      com.docker.network.bridge.name: naiades-network
470
471
472
    ipam:
      config:
        - subnet: 172.18.1.0/24
473

474
475
476
volumes:
  mysql-db: ~
  mongo-db: ~
477
  crate-storage: ~
478
479

secrets:
480
  db_password:
481
    file: secrets
482
483
  lora_platform_auth_header:
    file: secret_carouge_lora