# - + - + - + - + - + - + - + - + - + - + - + - + - + # NAIADES IoT Platform and services # # - + - + - + - + - + - + - + - + - + - + - + - + - + # - + - + - + - + - + - + - + - + - + - + - + - + - + # Notes # # - + - + - + - + - + - + - + - + - + - + - + - + - + # ToDoS for PROD # ============== # - include let's encrypt in nginx # - platform's FQDM ? # - all services requests must pass through nginx # - change secrets # # Authored by UDGA in the context of NAIADES E.U. PROJECT # # Received contributions from # --------------------------- # - ? # # inspired by https://smartsdk.github.io/smartsdk-recipes/ # # PRODUCTION ToDOs # ---------------- # - include let's encrypt in nginx # - platform's FQDM ? # - all services requests must pass through nginx # # # # DEPLOYMENT NOTES: # ----------------- # # About Docker Volumes: # --------------------- # # A data volume is a specially-designated directory within one or more containers that bypasses the Union File System. # Data volumes provide several useful features for persistent or shared data: # # - Volumes are initialized when a container is created. # If the container’s base image contains data at the specified mount point, # that existing data is copied into the new volume upon volume # initialization. # (Note that this does not apply when mounting a host # directory.) # # - Data volumes can be shared and reused among containers. # # - Changes to a data volume are made directly. # # - Changes to a data volume will not be included when you update an image. # Data volumes persist even if the container itself is deleted. # # Into Dockerfile you can specify only destination of volume inside container. e.g. /usr/src/app. # You may but -not necessary needed- specify mounting point (/opt) in host machine. # Using the CLI that is `docker run --volume=/opt:/usr/src/app my_image` # If you not specify --volume argument then mount point will be chosen automatically # version: "3.5" services: # - + - + - + - + - + - + - + - + - + - + - + - + - + # Reverse-proxy # # - + - + - + - + - + - + - + - + - + - + - + - + - + # Reverse-proxy (entrypoint) nginx: image: nginx:latest container_name: nginx networks: default: ipv4_address: 172.18.1.250 volumes: #- ${PWD}/nginx/error.log:/var/log/nginx/error.log:rw - ${PWD}/nginx/conf.d/:/etc/nginx/conf.d/ - ${PWD}/nginx/cache/:/var/www/nginx/cache/ - ${PWD}/nginx/logs/:/var/log/nginx/:rw - ${PWD}/nginx/nginx.conf:/etc/nginx/nginx.conf:rw - ${PWD}/nginx/htpasswd/:/etc/nginx/htpasswd/:rw #- /etc/letsencrypt/:/etc/letsencrypt/ ports: - 80:80 - 443:443 depends_on: - dca-carouge-watering - quantumleap - orion command: [nginx-debug, '-g', 'daemon off;'] # THIS IS FOR DEBUG ONLY! DO NOT USE IN PROD! # - + - + - + - + - + - + - + - + - + - + - + - + - + # IoT Platform # # - + - + - + - + - + - + - + - + - + - + - + - + - + # Context broker orion: restart: always image: fiware/orion:${ORION_VERSION} container_name: fiware-orion depends_on: - mongo-db networks: default: ipv4_address: 172.18.1.9 expose: - "${ORION_PORT}" ports: - "${ORION_PORT}:${ORION_PORT}" command: -corsOrigin __ALL -corsMaxAge 600 -dbhost mongo-db -logLevel WARN healthcheck: test: curl --fail -s http://orion:${ORION_PORT}/version || exit 1 start_period: 40s interval: 15m00s timeout: 10s retries: 3 # Identity Manager w/ GUI keyrock: restart: always image: fiware/idm:${KEYROCK_VERSION} container_name: fiware-keyrock networks: default: ipv4_address: 172.18.1.5 depends_on: - mysql-db ports: - "${KEYROCK_PORT}:${KEYROCK_PORT}" # localhost:3005 environment: - DEBUG=idm:* - IDM_DB_HOST=mysql-db - IDM_DB_PASS_FILE=/run/secrets/db_password - IDM_DB_USER=root - IDM_HOST=http://5.53.108.182:${KEYROCK_PORT} - IDM_PORT=${KEYROCK_PORT} - IDM_HTTPS_ENABLED=${IDM_HTTPS_ENABLED} - IDM_HTTPS_PORT=${KEYROCK_HTTPS_PORT} - IDM_EMAIL_HOST=5.53.108.182 - IDM_ADMIN_USER=alice - IDM_ADMIN_EMAIL=alice-the-admin@test.com - IDM_ADMIN_PASS=test secrets: - db_password healthcheck: test: curl --fail -s http://localhost:${KEYROCK_PORT}/version || exit 1 start_period: 40s interval: 15m00s timeout: 10s retries: 3 # Authorization enforcement (PEP Proxy) for Orion orion-proxy: restart: always image: fiware/pep-proxy:${WILMA_VERSION} container_name: fiware-orion-proxy networks: default: ipv4_address: 172.18.1.10 depends_on: - keyrock expose: - "${ORION_PROXY_PORT}" ports: - "${ORION_PROXY_PORT}:${ORION_PROXY_PORT}" environment: - PEP_PROXY_APP_HOST=orion - PEP_PROXY_APP_PORT=${ORION_PORT} - PEP_PROXY_PORT=${ORION_PROXY_PORT} - PEP_PROXY_IDM_HOST=keyrock - PEP_PROXY_HTTPS_ENABLED=false - PEP_PROXY_AUTH_ENABLED=true - PEP_PROXY_IDM_SSL_ENABLED=false - PEP_PROXY_IDM_PORT=${KEYROCK_PORT} - PEP_PROXY_APP_ID=45788b3f-34c7-4a8e-90dc-dfb87e8ad0cc - PEP_PROXY_USERNAME=pep_proxy_17c1b932-8559-4615-9927-898cc292e138 - PEP_PASSWORD=pep_proxy_15c0841c-be71-4c44-8cd5-eaae6f3dd93e - PEP_PROXY_PDP=idm - PEP_PROXY_MAGIC_KEY=1234 - PEP_PROXY_PUBLIC_PATHS=/version healthcheck: test: curl --fail -s http://orion-proxy:${ORION_PROXY_PORT}/version || exit 1 start_period: 40s interval: 15m00s timeout: 10s retries: 3 # db for Orion mongo-db: restart: always image: mongo:${MONGO_DB_VERSION} container_name: db-mongo expose: - "${MONGO_DB_PORT}" ports: - "${MONGO_DB_PORT}:${MONGO_DB_PORT}" # localhost:27017 networks: - default command: --bind_ip_all --smallfiles volumes: - mongo-db:/data healthcheck: test: echo 'db.runCommand("ping").ok' | mongo db-mongo:27017/test --quiet interval: 10s timeout: 10s retries: 5 start_period: 40s naiades-hmi: restart: always image: naiades-hmi container_name: naiades-hmi expose: - "80" networks: - default # # mongo admin dashboard # mongo-express: # image: mongo-express # container_name: mongo-express # networks: # default: # ipv4_address: 172.18.1.12 # depends_on: # - mongo-db # expose: # - "${MONGO_DB_EXPRESS_PORT}" # ports: # - "${MONGO_DB_EXPRESS_PORT}:${MONGO_DB_EXPRESS_PORT}" # environment: # - ME_CONFIG_OPTIONS_EDITORTHEME=ambiance # - ME_CONFIG_BASICAUTH_USERNAME=${MONGO_DB_EXPRESS_USER} # - ME_CONFIG_BASICAUTH_PASSWORD=${MONGO_DB_EXPRESS_PASS} # - ME_CONFIG_MONGODB_PORT=${MONGO_DB_PORT} # - ME_CONFIG_MONGODB_ENABLE_ADMIN=false # - ME_CONFIG_MONGODB_SERVER=mongo-db # db for IdM mysql-db: restart: always image: mysql:${MYSQL_DB_VERSION} container_name: db-mysql expose: - "${MYSQL_DB_PORT}" ports: - "${MYSQL_DB_PORT}:${MYSQL_DB_PORT}" # localhost:3306 networks: default: ipv4_address: 172.18.1.6 environment: - "MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_password" - "MYSQL_ROOT_HOST=172.18.1.5" # Allow Keyrock to access this database volumes: - mysql-db:/var/lib/mysql - ./mysql-data:/docker-entrypoint-initdb.d/:ro secrets: - db_password # Quantum Leap - historical data manager quantumleap: restart: always image: smartsdk/quantumleap:${QUANTUMLEAP_VERSION} container_name: fiware-quantumleap expose: - "${QUANTUMLEAP_PORT}" ports: - "${QUANTUMLEAP_PORT}:${QUANTUMLEAP_PORT}" depends_on: - crate-db networks: default: ipv4_address: 172.18.1.7 environment: - CRATE_HOST=crate-db healthcheck: test: curl --fail -s http://fiware-quantumleap:${QUANTUMLEAP_PORT}/v2/version || exit 1 start_period: 40s interval: 15m00s timeout: 10s retries: 3 # db for timeseries (quantumleap) crate-db: image: crate:${CRATE_VERSION} container_name: db-crate networks: default: ipv4_address: 172.18.1.8 expose: - "${CRATE_PORT_GUI}" ports: - "${CRATE_PORT_GUI}:${CRATE_PORT_GUI}" # Admin UI - "${CRATE_PORT}:${CRATE_PORT_GUI}" # Transport protocol command: crate -Clicense.enterprise=false -Cauth.host_based.enabled=false -Ccluster.name=democluster -Chttp.cors.enabled=true -Chttp.cors.allow-origin="*" volumes: - crate-storage:/data # - + - + - + - + - + - + - + - + - + - + - + - + - + # WMS and DCA services # # - + - + - + - + - + - + - + - + - + - + - + - + - + wms-app-example: restart: always build: context: ./wms-example dockerfile: Dockerfile image: wms-app-example:latest container_name: wms-app-example environment: - LC_ALL=C.UTF-8 - LANG=C.UTF-8 - FLASK_DEBUG=1 expose: - "${WMS_MODULE_PORT}" ports: - "${WMS_MODULE_PORT}:${WMS_MODULE_PORT}" volumes: - ./wms-example:/code networks: default: ipv4_address: 172.18.1.11 healthcheck: test: curl --fail -s http://wms-app-example:${WMS_MODULE_PORT}/healthcheck || exit 1 start_period: 40s interval: 15m00s timeout: 10s retries: 3 dca-carouge-weather: build: context: ./dca-carouge-weather dockerfile: Dockerfile image: dca-carouge-weather:latest container_name: dca-carouge-weather environment: - LC_ALL=C.UTF-8 - LANG=C.UTF-8 - POST_DATA_PERIOD=900 #15mins - ORION_HOST=orion - COLLECTION_DIR=/code/raw_data volumes: - ./dca-carouge-weather:/code:rw networks: default: ipv4_address: 172.18.1.15 command: ./weather_00_collect_raw_weather_data_carouge.py # no sensors, only 3rd party data for the moment # healthcheck: # test: curl --fail -s http://dca-carouge-weather:${WMS_MODULE_PORT}/healthcheck || exit 1 # start_period: 40s # interval: 15m00s # timeout: 10s # retries: 3 dca-carouge-watering: build: context: ./dca-carouge-watering dockerfile: Dockerfile image: dca-carouge-watering:latest container_name: dca-carouge-watering environment: - LC_ALL=C.UTF-8 - LANG=C.UTF-8 - FLASK_ENV=development - FLASK_DEBUG=1 - FLASK_RUN_PORT=80 - COLLECTION_DIR=/code/raw_data - ORION_HOST=orion - LORA_PLATFORM_SECRET_FILE=/run/secrets/lora_platform_auth_header - LORA_PLATFORM_URL=https://lora-ns.sig-ge.ch:443 secrets: - lora_platform_auth_header expose: - 80 volumes: - ./dca-carouge-watering:/code networks: default: ipv4_address: 172.18.1.14 healthcheck: test: curl --fail -s http://dca-carouge-watering/healthcheck || exit 1 start_period: 30s interval: 5m00s timeout: 10s retries: 3 dca-carouge-fountain: build: context: ./dca-carouge-fountain dockerfile: Dockerfile image: dca-carouge-fountain:latest container_name: dca-carouge-fountain environment: - LC_ALL=C.UTF-8 - LANG=C.UTF-8 - FLASK_ENV=development - FLASK_DEBUG=1 - FLASK_RUN_PORT=80 - COLLECTION_DIR=/code/raw_data - ORION_HOST=orion - LORA_PLATFORM_SECRET_FILE=/run/secrets/lora_platform_auth_header - LORA_PLATFORM_URL=https://eu.saas.orbiwise.com:443 secrets: - lora_platform_auth_header expose: - 80 volumes: - ./dca-carouge-fountain:/code networks: default: ipv4_address: 172.18.1.16 healthcheck: test: curl --fail -s http://dca-carouge-fountain/healthcheck || exit 1 start_period: 30s interval: 5m00s timeout: 10s retries: 3 dca-carouge-weather-station: build: context: ./dca-carouge-weather-station dockerfile: Dockerfile image: dca-carouge-weather-station:latest container_name: dca-carouge-weather-station environment: - LC_ALL=C.UTF-8 - LANG=C.UTF-8 - FLASK_ENV=development - FLASK_DEBUG=1 - FLASK_RUN_PORT=80 - COLLECTION_DIR=/code/raw_data - ORION_HOST=orion ports: - 21:21 volumes: - ./dca-carouge-weather-station:/code networks: default: ipv4_address: 172.18.1.17 # healthcheck: # test: curl --fail -s http://dca-carouge-fountain/healthcheck || exit 1 # start_period: 30s # interval: 5m00s # timeout: 10s # retries: 3 # - + - + - + - + - + - + - + - + - + - + - + - + - + # Docker configs # # - + - + - + - + - + - + - + - + - + - + - + - + - + networks: default: driver: bridge driver_opts: com.docker.network.driver.mtu: 1450 com.docker.network.bridge.name: naiades-network ipam: config: - subnet: 172.18.1.0/24 volumes: mysql-db: ~ mongo-db: ~ crate-storage: ~ secrets: db_password: file: secrets lora_platform_auth_header: file: secret_carouge_lora