diff --git a/README.md b/README.md index dcab1f35..5b6cc83c 100644 --- a/README.md +++ b/README.md @@ -128,16 +128,16 @@ The compose files under the `taf` subfolder are used for the automated TAF tests Use `make portainer`and `make portainer-down` to start and stop Portainer. ### Use PostgreSQL as the persistence layer in EdgeX -- **docker-compose-postgres-no-secty.yml** Contains just the services needed to run in non-secure configuration. Includes Postgres, Redis, Device Virtual and MQTT Broker services using a mix of Postgres and Redis as the databases and MQTT as the message bus. -- **docker-compose-postgres-no-secty-arm64.yml** Contains just the services needed to run in non-secure configuration on `ARM64` system. Includes Postgres, Redis, Device Virtual and MQTT Broker services using a mix of Postgres and Redis as the databases and MQTT as the message bus. +EdgeX services can be configured to use PostgreSQL as the persistence layer. The compose builder now supports generating compose files that use PostgreSQL. -> **Note:** Only the services as listed below support Postgres as the database in EdgeX. More EdgeX services will support Postgres once the development work is done. -> - **Core Data** -> - **Core Keeper** -> - The Store and Forward capability of **app-mqtt-export** App Service +**To use PostgreSQL as the persistence layer, follow these steps** - **Start the EdgeX Services using Postgres and Redis as the databases** +- Go to `/compose-builder` folder +- `make run no-secty keeper mqtt-bus postgres` - - Use `docker compose -f docker-compose-postgres-no-secty.yml up -d` to start the services using this compose file. - - Use `docker compose -f docker-compose-postgres-no-secty.yml down` to stop the services. - - Replace **docker-compose-postgres-no-secty.yml** with **docker-compose-postgres-no-secty-arm64.yml** in the above commands on `ARM64` system. + Runs the services with PostgreSQL as the persistence layer in non-secure mode. +- `make run keeper mqtt-bus postgres` + + Runs the services with PostgreSQL as the persistence layer in secure mode. + +> **Note:** `keeper` and `mqtt-bus` are required services for EdgeX to run with PostgreSQL as the persistence layer. \ No newline at end of file diff --git a/compose-builder/.env b/compose-builder/.env index 3eaa3752..fef651a1 100644 --- a/compose-builder/.env +++ b/compose-builder/.env @@ -1,5 +1,6 @@ # /******************************************************************************* # * Copyright 2022 Intel +# * Copyright 2024 IOTech Ltd # * # * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except # * in compliance with the License. You may obtain a copy of the License at @@ -45,6 +46,19 @@ CP_FLAGS='-cp=consul.http://edgex-core-consul:8500' REGISTRY_HOST=edgex-core-consul REGISTRY_PORT=8500 REGISTRY_TYPE=consul +DATABASE_HOST=edgex-redis +DATABASE_TYPE=redisdb +DATABASE_PORT=6379 +MESSAGEBUS_HOST=edgex-redis +MESSAGEBUS_SECRETNAME=redisdb +MESSAGEBUS_AUTHMODE=none +MESSAGEBUS_PORT=6379 +MESSAGEBUS_PROTOCOL=redis +MESSAGEBUS_TYPE=redis +WRITABLE_INSECURESECRETS_DB_SECRETNAME=redisdb +WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME= +WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD= +COMMON_SEC_STAGE_GATE_FILE_NAME=common-sec-stage-gate.env # Lock on Vault 1.14 (last MPL-2.0 version) VAULT_VERSION=1.14 @@ -52,6 +66,7 @@ VAULT_VERSION=1.14 CONSUL_VERSION=1.16 # Lock on Redis 7.0 until EdgeX 4.0 REDIS_VERSION=7.0-alpine +POSTGRES_VERSION=16.3-alpine3.20 KUIPER_VERSION=v1.14.0-alpha.2 MOSQUITTO_VERSION=2.0 NANOMQ_VERSION=0.18 diff --git a/compose-builder/Makefile b/compose-builder/Makefile index 511e9a5f..12c3fca0 100644 --- a/compose-builder/Makefile +++ b/compose-builder/Makefile @@ -1,5 +1,6 @@ # /******************************************************************************* # * Copyright 2023 Intel +# * Copyright 2024 IOTech Ltd # * # * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except # * in compliance with the License. You may obtain a copy of the License at @@ -43,7 +44,8 @@ export USERID:=$(shell id -u) export DOCKER_SOCKET_PATH=/var/run/docker.sock # Get total system memory in megabytes for vault config -export TOTAL_SYSTEM_MEMORY:=$(shell grep MemTotal /proc/meminfo | awk '{print $$2}')m +#export TOTAL_SYSTEM_MEMORY:=$(shell grep MemTotal /proc/meminfo | awk '{print $$2}')m +export TOTAL_SYSTEM_MEMORY:=327352832m BROKER_YAML=add-mqtt-broker-mosquitto.yml TAF_BROKER_YAML=add-taf-mqtt-broker-mosquitto.yml @@ -60,6 +62,7 @@ define OPTIONS - asc-http asc-mqtt asc-sample asc-metrics as-llrp as-record-replay asc-ex-mqtt - - modbus-sim zero-trust no-cleanup - - consul keeper - + - postgres - endef export OPTIONS @@ -139,6 +142,35 @@ ifeq (keeper, $(filter keeper,$(ARGS))) export STAGEGATE_REGISTRY_HOST=edgex-core-keeper export STAGEGATE_REGISTRY_PORT=59890 endif + + ifeq (postgres, $(filter postgres,$(ARGS))) + export DATABASE_HOST=edgex-postgres + export DATABASE_TYPE=postgres + export DATABASE_PORT=5432 + export MESSAGEBUS_HOST=edgex-mqtt-broker + export MESSAGEBUS_PORT=1883 + export MESSAGEBUS_PROTOCOL=tcp + export MESSAGEBUS_AUTHMODE=usernamepassword + export MESSAGEBUS_SECRETNAME=message-bus + export MESSAGEBUS_TYPE=mqtt + export WRITABLE_INSECURESECRETS_DB_SECRETNAME= + ifeq (no-secty, $(filter no-secty,$(ARGS))) + export MESSAGEBUS_AUTHMODE=none + export MESSAGEBUS_SECRETNAME= + export WRITABLE_INSECURESECRETS_DB_SECRETNAME=postgres + export WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME=postgres + export WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD=postgres + endif + endif +endif + +ifeq (postgres, $(filter postgres,$(ARGS))) + # When using postgres, change the default compose file to use docker-compose-base-postgres.yml + COMPOSE_FILES:= -f docker-compose-base-postgres.yml + COMPOSE_FILES += -f add-cron-scheduler.yml + ifneq (no-secty, $(filter no-secty,$(ARGS))) + export COMMON_SEC_STAGE_GATE_FILE_NAME=common-sec-stage-gate-postgres.env + endif endif # When in delay-start mode, ensure support services are delay-start-compliant by adding runtime-token configuration @@ -828,7 +860,12 @@ endif ifeq (no-secty, $(filter no-secty,$(ARGS))) NO_SECURITY:=-no-secty else - COMPOSE_FILES:=$(COMPOSE_FILES) -f add-security.yml + ifeq (postgres, $(filter postgres,$(ARGS))) + COMPOSE_FILES:=$(COMPOSE_FILES) -f add-secure-postgres.yml + COMPOSE_FILES:=$(COMPOSE_FILES) -f add-security-postgres.yml + else + COMPOSE_FILES:=$(COMPOSE_FILES) -f add-security.yml + endif ifeq ($(BUS),) # if BUS not set, then we are using secure redis messagebus by default COMPOSE_FILES:=$(COMPOSE_FILES) -f add-secure-redis-messagebus.yml endif @@ -1059,6 +1096,8 @@ define COMPOSE_DOWN -f add-secure-consul.yml \ -f add-keeper.yml \ -f add-secure-keeper.yml \ + -f add-secure-postgres.yml \ + -f add-cron-scheduler.yml \ down $1 endef diff --git a/compose-builder/README.md b/compose-builder/README.md index c1946ada..ee303243 100644 --- a/compose-builder/README.md +++ b/compose-builder/README.md @@ -52,7 +52,9 @@ The `Extending using multiple Compose files` approach along with environment fil This folder contains the following compose files: - **docker-compose-base.yml**
- Base non-secure mode compose file. Contains all the services that run in the non-secure configuration, including the UI. + Base non-secure mode compose file. Contains all the services that run in the non-secure configuration, including the UI. +- **docker-compose-base-postgres.yml**
+ Base non-secure mode compose file with PostgreSQL as database. Contains all the services that run in the non-secure configuration, including the UI. - **add-security.yml**
Security **extending** compose file. Adds the additional security services and configuration of services so that all the services are running in the secure configuration. - **add-secure-redis-messagebus.yml**
@@ -256,6 +258,7 @@ Options: The NATS Server service is also included. no-cleanup: Leaves generated files behind for debugging purposes. keeper: Runs to registry service to core-keeper + postgres: Runs with PostgreSQL as database, 'mqtt-bus' is required when using this option Services: : Runs only services listed (and their dependent services) where 'name' matches a service name in one of the compose files used ``` @@ -315,6 +318,7 @@ Options: nats-bus: Pull includes additional services for NATS Message Bus no-cleanup: Leaves generated files behind for debugging purposes keeper: Pull includes core-keeper + postgres: Pull includes PostgreSQL Services: : Pulls only images for the service(s) listed @@ -373,6 +377,7 @@ Options: no-cleanup: Leaves generated files behind for debugging purposes. keeper: Generates compose file with services registry to core-keeper The core-keeper service is also included + postgres: Generates compose file with PostgreSQL as database, 'mqtt-bus' is required when using this option ``` #### Clean @@ -486,6 +491,7 @@ Options: The NATS Server service is also included. no-cleanup: Leaves generated files behind for debugging purposes. keeper: Generates compose file to registry service to core-keeper + postgres: Generates compose file with PostgreSQL as database, 'mqtt-bus' is required when using this option ``` #### TAF Compose diff --git a/compose-builder/add-cron-scheduler.yml b/compose-builder/add-cron-scheduler.yml new file mode 100644 index 00000000..39c945a6 --- /dev/null +++ b/compose-builder/add-cron-scheduler.yml @@ -0,0 +1,44 @@ +# /******************************************************************************* +# * Copyright 2024 IOTech Ltd +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except +# * in compliance with the License. You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software distributed under the License +# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# * or implied. See the License for the specific language governing permissions and limitations under +# * the License. +# * +# *******************************************************************************/ + +# This file is used to add the support-cron-scheduler service to the base docker-compose.yml file. +# TODO: Remove this file and add this service into docker-compose-base.yml while deprecating the support-scheduler service. +services: + support-cron-scheduler: + image: ${CORE_EDGEX_REPOSITORY}/support-cron-scheduler${ARCH}:${CORE_EDGEX_VERSION} + command: --registry ${CP_FLAGS} + user: "${EDGEX_USER}:${EDGEX_GROUP}" + ports: + - "127.0.0.1:59863:59863" + container_name: edgex-support-cron-scheduler + hostname: edgex-support-cron-scheduler + read_only: true + restart: always + networks: + - edgex-network + env_file: + - common-non-security.env + environment: + SERVICE_HOST: edgex-support-cron-scheduler + DATABASE_HOST: edgex-postgres + depends_on: + - ${REGISTRY_TYPE} + - database + - core-common-config-bootstrapper + security_opt: + - no-new-privileges:true + volumes: + # use host timezone + - /etc/localtime:/etc/localtime:ro diff --git a/compose-builder/add-keeper.yml b/compose-builder/add-keeper.yml index ea3532b7..b2bcf7e7 100644 --- a/compose-builder/add-keeper.yml +++ b/compose-builder/add-keeper.yml @@ -28,8 +28,18 @@ services: env_file: - common-non-security.env environment: - DATABASE_HOST: edgex-redis - MESSAGEBUS_HOST: edgex-redis + DATABASE_HOST: ${DATABASE_HOST} + DATABASE_TYPE: ${DATABASE_TYPE} + DATABASE_PORT: ${DATABASE_PORT} + MESSAGEBUS_HOST: ${MESSAGEBUS_HOST} + MESSAGEBUS_AUTHMODE: ${MESSAGEBUS_AUTHMODE} + MESSAGEBUS_SECRETNAME: ${MESSAGEBUS_SECRETNAME} + MESSAGEBUS_PORT: ${MESSAGEBUS_PORT} + MESSAGEBUS_PROTOCOL: ${MESSAGEBUS_PROTOCOL} + MESSAGEBUS_TYPE: ${MESSAGEBUS_TYPE} + WRITABLE_INSECURESECRETS_DB_SECRETNAME: ${WRITABLE_INSECURESECRETS_DB_SECRETNAME} + WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: ${WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME} + WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: ${WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD} SERVICE_HOST: edgex-core-keeper security_opt: - no-new-privileges:true diff --git a/compose-builder/add-secure-keeper.yml b/compose-builder/add-secure-keeper.yml index c83ef305..12878f30 100644 --- a/compose-builder/add-secure-keeper.yml +++ b/compose-builder/add-secure-keeper.yml @@ -18,7 +18,7 @@ services: command: "/core-keeper" env_file: - common-security.env - - common-sec-stage-gate.env + - ${COMMON_SEC_STAGE_GATE_FILE_NAME} volumes: - edgex-init:/edgex-init:ro - /tmp/edgex/secrets/core-keeper:/tmp/edgex/secrets/core-keeper:ro,z @@ -26,4 +26,3 @@ services: - security-bootstrapper - security-secretstore-setup - database - diff --git a/compose-builder/add-secure-mqtt-broker.yml b/compose-builder/add-secure-mqtt-broker.yml index 9a923239..df1b4543 100644 --- a/compose-builder/add-secure-mqtt-broker.yml +++ b/compose-builder/add-secure-mqtt-broker.yml @@ -1,5 +1,6 @@ # /******************************************************************************* # * Copyright 2022 Intel Corporation. +# * Copyright 2024 IOTech Ltd # * # * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except # * in compliance with the License. You may obtain a copy of the License at @@ -22,7 +23,7 @@ services: entrypoint: ["/edgex-init/messagebus_wait_install.sh"] env_file: - common-security.env - - common-sec-stage-gate.env + - ${COMMON_SEC_STAGE_GATE_FILE_NAME} environment: BROKER_TYPE: mosquitto CONF_DIR: /edgex-init/bootstrap-mosquitto/res diff --git a/compose-builder/add-secure-mqtt-messagebus.yml b/compose-builder/add-secure-mqtt-messagebus.yml index d003e3a2..ac0420cc 100644 --- a/compose-builder/add-secure-mqtt-messagebus.yml +++ b/compose-builder/add-secure-mqtt-messagebus.yml @@ -1,5 +1,6 @@ # /******************************************************************************* # * Copyright 2022 Intel Corporation. +# * Copyright 2024 IOTech Ltd # * # * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except # * in compliance with the License. You may obtain a copy of the License at @@ -33,7 +34,7 @@ services: rules-engine: entrypoint: [ "/edgex-init/kuiper_wait_install.sh" ] env_file: - - common-sec-stage-gate.env + - ${COMMON_SEC_STAGE_GATE_FILE_NAME} volumes: - kuiper-sources:/kuiper/etc/sources - kuiper-connections:/kuiper/etc/connections diff --git a/compose-builder/add-secure-postgres.yml b/compose-builder/add-secure-postgres.yml new file mode 100644 index 00000000..6ce04990 --- /dev/null +++ b/compose-builder/add-secure-postgres.yml @@ -0,0 +1,39 @@ +# /******************************************************************************* +# * Copyright 2024 IOTech Ltd +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except +# * in compliance with the License. You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software distributed under the License +# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# * or implied. See the License for the specific language governing permissions and limitations under +# * the License. +# * +# *******************************************************************************/ + +# TODO: Move the content of this Docker Compose file to add-security.yml when the redis database support is removed + +volumes: + postgres-data: + +services: + database: + entrypoint: ["/edgex-init/postgres_wait_install.sh"] + env_file: + - common-security.env + - common-sec-stage-gate-postgres.env + environment: + DATABASECONFIG_PATH: /tmp/postgres-init-scripts + DATABASECONFIG_NAME: create-users.sh + tmpfs: + - /run + - /tmp + volumes: + - edgex-init:/edgex-init:ro + - postgres-data:/var/lib/postgresql/data + - /tmp/edgex/secrets/security-bootstrapper-postgres:/tmp/edgex/secrets/security-bootstrapper-postgres:ro,z + depends_on: + - security-bootstrapper + - security-secretstore-setup diff --git a/compose-builder/add-security-postgres.yml b/compose-builder/add-security-postgres.yml new file mode 100644 index 00000000..d482aed2 --- /dev/null +++ b/compose-builder/add-security-postgres.yml @@ -0,0 +1,232 @@ +# /******************************************************************************* +# * Copyright 2024 IOTech Ltd +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except +# * in compliance with the License. You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software distributed under the License +# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# * or implied. See the License for the specific language governing permissions and limitations under +# * the License. +# * +# *******************************************************************************/ + +# Note: this Docker Compose file is the postgres version of the add-security.yml file +# TODO: Move the content of this Docker Compose file to add-security.yml when the redis database support is removed + +volumes: + edgex-init: + vault-config: + vault-file: + vault-logs: + +services: + security-bootstrapper: + image: ${CORE_EDGEX_REPOSITORY}/security-bootstrapper${ARCH}:${CORE_EDGEX_VERSION} + user: "root:root" # Must run as root + container_name: edgex-security-bootstrapper + hostname: edgex-security-bootstrapper + networks: + - edgex-network + read_only: true + restart: always + env_file: + - common-sec-stage-gate-postgres.env + environment: + EDGEX_USER: ${EDGEX_USER} + EDGEX_GROUP: ${EDGEX_GROUP} + DATABASE_HOST: edgex-postgres + DATABASE_PORT: 5432 + REGISTRY_HOST: edgex-core-keeper + REGISTRY_PORT: 59890 + volumes: + # use host timezone + - /etc/localtime:/etc/localtime:ro + - edgex-init:/edgex-init + security_opt: + - no-new-privileges:true + + security-secretstore-setup: + image: ${CORE_EDGEX_REPOSITORY}/security-secretstore-setup${ARCH}:${CORE_EDGEX_VERSION} + user: "root:root" # must run as root + container_name: edgex-security-secretstore-setup + hostname: edgex-security-secretstore-setup + env_file: + - common-security.env + - common-sec-stage-gate-postgres.env + environment: + EDGEX_USER: ${EDGEX_USER} + EDGEX_GROUP: ${EDGEX_GROUP} + DATABASE_HOST: edgex-postgres + DATABASE_PORT: 5432 + DATABASE_TYPE: postgres + # Uncomment and modify the following "EDGEX_ADD_SECRETSTORE_TOKENS" to add the additional secret store tokens on the fly + # the secret store token is required if you have added registry acl roles from env "EDGEX_ADD_REGISTRY_ACL_ROLES" + # in service "consul". + #EDGEX_ADD_SECRETSTORE_TOKENS: app-sample,app-rules-engine-redis, app-rules-engine-mqtt, app-push-to-core + read_only: true + restart: always + networks: + - edgex-network + tmpfs: + - /run + - /vault + volumes: + # use host timezone + - /etc/localtime:/etc/localtime:ro + - edgex-init:/edgex-init:ro + - vault-config:/vault/config + - /tmp/edgex/secrets:/tmp/edgex/secrets:z + depends_on: + - security-bootstrapper + - vault + security_opt: + - no-new-privileges:true + + vault: + image: hashicorp/vault:${VAULT_VERSION} + user: "root:root" # Note that Vault is run under the 'vault' user, but entry point scripts need to first run as root + container_name: edgex-vault + hostname: edgex-vault + networks: + - edgex-network + ports: + - "127.0.0.1:8200:8200" + deploy: + resources: + limits: + memory: "${TOTAL_SYSTEM_MEMORY}" + memswap_limit: "${TOTAL_SYSTEM_MEMORY}" + tmpfs: + - /vault/config + entrypoint: [ "/edgex-init/vault_wait_install.sh" ] + env_file: + - common-sec-stage-gate-postgres.env + command: server + environment: + VAULT_ADDR: http://edgex-vault:8200 + VAULT_CONFIG_DIR: /vault/config + VAULT_UI: "true" + SKIP_SETCAP: "true" + VAULT_LOCAL_CONFIG: | + listener "tcp" { + address = "edgex-vault:8200" + tls_disable = "1" + cluster_address = "edgex-vault:8201" + } + backend "file" { + path = "/vault/file" + } + default_lease_ttl = "168h" + max_lease_ttl = "720h" + disable_mlock = true + volumes: + - edgex-init:/edgex-init:ro + - vault-file:/vault/file + - vault-logs:/vault/logs + depends_on: + - security-bootstrapper + restart: always + + support-notifications: + env_file: + - common-security.env + - common-sec-stage-gate-postgres.env + entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"] + command: "/support-notifications --registry ${CP_FLAGS}" + volumes: + - edgex-init:/edgex-init:ro + - /tmp/edgex/secrets/support-notifications:/tmp/edgex/secrets/support-notifications:ro,z + depends_on: + - security-bootstrapper + - security-secretstore-setup + - database + + core-metadata: + env_file: + - common-security.env + - common-sec-stage-gate-postgres.env + entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"] + command: "/core-metadata --registry ${CP_FLAGS}" + volumes: + - edgex-init:/edgex-init:ro + - /tmp/edgex/secrets/core-metadata:/tmp/edgex/secrets/core-metadata:ro,z + depends_on: + - security-bootstrapper + - security-secretstore-setup + - database + + core-data: + env_file: + - common-security.env + - common-sec-stage-gate-postgres.env + entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"] + command: "/core-data --registry ${CP_FLAGS}" + volumes: + - edgex-init:/edgex-init:ro + - /tmp/edgex/secrets/core-data:/tmp/edgex/secrets/core-data:ro,z + depends_on: + - security-bootstrapper + - security-secretstore-setup + - database + + core-command: + env_file: + - common-security.env + - common-sec-stage-gate-postgres.env + entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"] + command: "/core-command --registry ${CP_FLAGS}" + volumes: + - edgex-init:/edgex-init:ro + - /tmp/edgex/secrets/core-command:/tmp/edgex/secrets/core-command:ro,z + depends_on: + - security-bootstrapper + - security-secretstore-setup + - database + + core-common-config-bootstrapper: + env_file: + - common-security.env + - common-sec-stage-gate-postgres.env + entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"] + command: /entrypoint.sh /core-common-config-bootstrapper --registry ${CP_FLAGS} + volumes: + - edgex-init:/edgex-init:ro + - /tmp/edgex/secrets/core-common-config-bootstrapper:/tmp/edgex/secrets/core-common-config-bootstrapper:ro,z + depends_on: + - security-bootstrapper + - security-secretstore-setup + + support-cron-scheduler: + env_file: + - common-security.env + - common-sec-stage-gate-postgres.env + entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"] + command: "/support-cron-scheduler --registry ${CP_FLAGS}" + volumes: + - edgex-init:/edgex-init:ro + - /tmp/edgex/secrets/support-cron-scheduler:/tmp/edgex/secrets/support-cron-scheduler:ro,z + depends_on: + - security-bootstrapper + - security-secretstore-setup + - database + + # this is to make sure the service is started after security-bootstrapper process is done + # because it needs to await Consul roles to be created + app-rules-engine: + entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"] + command: "/app-service-configurable --registry ${CP_FLAGS}" + env_file: + - common-security.env + - common-sec-stage-gate-postgres.env + volumes: + - edgex-init:/edgex-init:ro + - /tmp/edgex/secrets/app-rules-engine:/tmp/edgex/secrets/app-rules-engine:ro,z + depends_on: + - security-bootstrapper + + ui: + environment: + EDGEX_SECURITY_SECRET_STORE: "true" diff --git a/compose-builder/add-security-proxy.yml b/compose-builder/add-security-proxy.yml index fa251e67..b8de2ec1 100644 --- a/compose-builder/add-security-proxy.yml +++ b/compose-builder/add-security-proxy.yml @@ -1,5 +1,6 @@ # /******************************************************************************* # * Copyright 2024 Intel Corporation. +# * Copyright 2024 IOTech Ltd # * # * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except # * in compliance with the License. You may obtain a copy of the License at @@ -38,7 +39,7 @@ services: - "-g" - "daemon off;" env_file: - - common-sec-stage-gate.env + - ${COMMON_SEC_STAGE_GATE_FILE_NAME} volumes: - edgex-init:/edgex-init:ro - nginx-templates:/etc/nginx/templates @@ -65,7 +66,7 @@ services: - edgex-network env_file: - common-security.env - - common-sec-stage-gate.env + - ${COMMON_SEC_STAGE_GATE_FILE_NAME} volumes: # use host timezone - /etc/localtime:/etc/localtime:ro @@ -95,7 +96,7 @@ services: command: entrypoint.sh /security-proxy-auth --registry ${CP_FLAGS} env_file: - common-security.env - - common-sec-stage-gate.env + - ${COMMON_SEC_STAGE_GATE_FILE_NAME} environment: SERVICE_HOST: edgex-proxy-auth volumes: diff --git a/compose-builder/common-sec-stage-gate-postgres.env b/compose-builder/common-sec-stage-gate-postgres.env new file mode 100644 index 00000000..1de4a07d --- /dev/null +++ b/compose-builder/common-sec-stage-gate-postgres.env @@ -0,0 +1,35 @@ +# /******************************************************************************* +# * Copyright 2024 IOTech Ltd +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except +# * in compliance with the License. You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software distributed under the License +# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# * or implied. See the License for the specific language governing permissions and limitations under +# * the License. +# * +# *******************************************************************************/ +# +# This file contains the common security bootstrapper related environment overrides used many Edgex services. +# +# TODO: Move the content of this env file to common-sec-stage-gate.env when the redis database support is removed + +STAGEGATE_WAITFOR_TIMEOUT=60s +STAGEGATE_BOOTSTRAPPER_HOST=edgex-security-bootstrapper +STAGEGATE_BOOTSTRAPPER_STARTPORT=54321 +STAGEGATE_SECRETSTORESETUP_HOST=edgex-security-secretstore-setup +STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT=54322 +# this is intended to be the same as Database.Host/.Port for other services +STAGEGATE_DATABASE_HOST=edgex-postgres +STAGEGATE_DATABASE_PORT=5432 +STAGEGATE_DATABASE_READYPORT=5432 +# this is intended to be the same as Registry.Host/.Port for other services +STAGEGATE_REGISTRY_HOST=${REGISTRY_HOST} +STAGEGATE_REGISTRY_PORT=${REGISTRY_PORT} +STAGEGATE_REGISTRY_READYPORT=54324 +STAGEGATE_READY_TORUNPORT=54329 +PROXY_SETUP_HOST=edgex-security-proxy-setup +STAGEGATE_PROXYSETUP_READYPORT=54325 diff --git a/compose-builder/docker-compose-base-postgres.yml b/compose-builder/docker-compose-base-postgres.yml new file mode 100644 index 00000000..d8ef6af3 --- /dev/null +++ b/compose-builder/docker-compose-base-postgres.yml @@ -0,0 +1,291 @@ +# /******************************************************************************* +# * Copyright 2024 IOTech Ltd +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except +# * in compliance with the License. You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software distributed under the License +# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# * or implied. See the License for the specific language governing permissions and limitations under +# * the License. +# *******************************************************************************/ + +# NOTE: this Docker Compose file does not contain the security services required to run in secure mode +# TODO: Move the content of this Docker Compose file to docker-comose-base.yml when the redis database support is removed + +networks: + edgex-network: + driver: "bridge" + +volumes: + db-data: + kuiper-data: + kuiper-etc: + kuiper-log: + kuiper-plugins: + +services: + database: + image: postgres:${POSTGRES_VERSION} + ports: + - "127.0.0.1:5432:5432" + container_name: edgex-postgres + hostname: edgex-postgres + read_only: true + restart: always + networks: + - edgex-network + environment: + POSTGRES_PASSWORD: postgres + POSTGRES_DB: edgex_db + volumes: + - db-data:/data + security_opt: + - no-new-privileges:true + tmpfs: + - /run + + core-metadata: + image: ${CORE_EDGEX_REPOSITORY}/core-metadata${ARCH}:${CORE_EDGEX_VERSION} + command: --registry ${CP_FLAGS} + user: "${EDGEX_USER}:${EDGEX_GROUP}" + ports: + - "127.0.0.1:59881:59881" + container_name: edgex-core-metadata + hostname: edgex-core-metadata + read_only: true + restart: always + networks: + - edgex-network + env_file: + - common-non-security.env + environment: + SERVICE_HOST: edgex-core-metadata + WRITABLE_INSECURESECRETS_DB_SECRETNAME: ${WRITABLE_INSECURESECRETS_DB_SECRETNAME} + WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: ${WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME} + WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: ${WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD} + DATABASE_HOST: edgex-postgres + DATABASE_PORT: 5432 + DATABASE_TYPE: postgres + depends_on: + - ${REGISTRY_TYPE} + - database + security_opt: + - no-new-privileges:true + volumes: + # use host timezone + - /etc/localtime:/etc/localtime:ro + + core-data: + image: ${CORE_EDGEX_REPOSITORY}/core-data${ARCH}:${CORE_EDGEX_VERSION} + command: --registry ${CP_FLAGS} + user: "${EDGEX_USER}:${EDGEX_GROUP}" + ports: + - "127.0.0.1:59880:59880" + container_name: edgex-core-data + hostname: edgex-core-data + read_only: true + restart: always + networks: + - edgex-network + env_file: + - common-non-security.env + environment: + SERVICE_HOST: edgex-core-data + WRITABLE_INSECURESECRETS_DB_SECRETNAME: ${WRITABLE_INSECURESECRETS_DB_SECRETNAME} + WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: ${WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME} + WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: ${WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD} + DATABASE_HOST: edgex-postgres + DATABASE_PORT: 5432 + DATABASE_TYPE: postgres + depends_on: + - ${REGISTRY_TYPE} + - database + - core-common-config-bootstrapper + security_opt: + - no-new-privileges:true + volumes: + # use host timezone + - /etc/localtime:/etc/localtime:ro + + core-command: + image: ${CORE_EDGEX_REPOSITORY}/core-command${ARCH}:${CORE_EDGEX_VERSION} + command: --registry ${CP_FLAGS} + user: "${EDGEX_USER}:${EDGEX_GROUP}" + ports: + - "127.0.0.1:59882:59882" + container_name: edgex-core-command + hostname: edgex-core-command + read_only: true + restart: always + networks: + - edgex-network + env_file: + - common-non-security.env + environment: + SERVICE_HOST: edgex-core-command + EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 + depends_on: + - ${REGISTRY_TYPE} + - database + - core-metadata + - core-common-config-bootstrapper + security_opt: + - no-new-privileges:true + volumes: + # use host timezone + - /etc/localtime:/etc/localtime:ro + + core-common-config-bootstrapper: + image: ${CORE_EDGEX_REPOSITORY}/core-common-config-bootstrapper${ARCH}:${CORE_EDGEX_VERSION} + command: /core-common-config-bootstrapper --registry ${CP_FLAGS} + user: "${EDGEX_USER}:${EDGEX_GROUP}" + container_name: edgex-core-common-config-bootstrapper + hostname: edgex-core-common-config-bootstrapper + read_only: true + networks: + - edgex-network + env_file: + - common-non-security.env + environment: + ALL_SERVICES_REGISTRY_HOST: ${REGISTRY_HOST} + ALL_SERVICES_REGISTRY_PORT: ${REGISTRY_PORT} + ALL_SERVICES_REGISTRY_TYPE: ${REGISTRY_TYPE} + ALL_SERVICES_DATABASE_HOST: edgex-postgres + ALL_SERVICES_DATABASE_PORT: "5432" + ALL_SERVICES_DATABASE_TYPE: postgres + ALL_SERVICES_MESSAGEBUS_AUTHMODE: none + ALL_SERVICES_MESSAGEBUS_HOST: edgex-mqtt-broker + ALL_SERVICES_MESSAGEBUS_PORT: "1883" + ALL_SERVICES_MESSAGEBUS_PROTOCOL: tcp + ALL_SERVICES_MESSAGEBUS_TYPE: mqtt + ALL_SERVICES_WRITABLE_INSECURESECRETS_DB_SECRETNAME: ${WRITABLE_INSECURESECRETS_DB_SECRETNAME} + ALL_SERVICES_WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: ${WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME} + ALL_SERVICES_WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: ${WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD} + APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + depends_on: + - ${REGISTRY_TYPE} + security_opt: + - no-new-privileges:true + volumes: + # use host timezone + - /etc/localtime:/etc/localtime:ro + + support-notifications: + image: ${CORE_EDGEX_REPOSITORY}/support-notifications${ARCH}:${CORE_EDGEX_VERSION} + command: --registry ${CP_FLAGS} + user: "${EDGEX_USER}:${EDGEX_GROUP}" + ports: + - "127.0.0.1:59860:59860" + container_name: edgex-support-notifications + hostname: edgex-support-notifications + read_only: true + restart: always + networks: + - edgex-network + env_file: + - common-non-security.env + environment: + SERVICE_HOST: edgex-support-notifications + WRITABLE_INSECURESECRETS_DB_SECRETNAME: ${WRITABLE_INSECURESECRETS_DB_SECRETNAME} + WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: ${WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME} + WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: ${WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD} + DATABASE_HOST: edgex-postgres + DATABASE_PORT: 5432 + DATABASE_TYPE: postgres + depends_on: + - ${REGISTRY_TYPE} + - database + - core-common-config-bootstrapper + security_opt: + - no-new-privileges:true + volumes: + # use host timezone + - /etc/localtime:/etc/localtime:ro + + app-rules-engine: + image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION} + command: --registry ${CP_FLAGS} + user: "${EDGEX_USER}:${EDGEX_GROUP}" + ports: + - "127.0.0.1:59701:59701" + container_name: edgex-app-rules-engine + hostname: edgex-app-rules-engine + read_only: true + restart: always + networks: + - edgex-network + env_file: + - common-non-security.env + environment: + EDGEX_PROFILE: rules-engine + SERVICE_HOST: edgex-app-rules-engine + depends_on: + - ${REGISTRY_TYPE} + - core-metadata + - core-common-config-bootstrapper + security_opt: + - no-new-privileges:true + volumes: + # use host timezone + - /etc/localtime:/etc/localtime:ro + + rules-engine: + image: lfedge/ekuiper:${KUIPER_VERSION} + user: "kuiper:kuiper" + ports: + - "127.0.0.1:59720:59720" + container_name: edgex-kuiper + hostname: edgex-kuiper + read_only: true + restart: always + networks: + - edgex-network + volumes: + # use host timezone + - /etc/localtime:/etc/localtime:ro + - kuiper-data:/kuiper/data + - kuiper-etc:/kuiper/etc + - kuiper-log:/kuiper/log + - kuiper-plugins:/kuiper/plugins + environment: +# KUIPER__BASIC__DEBUG: "true" + KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: false + KUIPER__BASIC__RESTPORT: 59720 + CONNECTION__EDGEX__MQTTMSGBUS__PORT: 1883 + CONNECTION__EDGEX__MQTTMSGBUS__PROTOCOL: tcp + CONNECTION__EDGEX__MQTTMSGBUS__SERVER: edgex-mqtt-broker + CONNECTION__EDGEX__MQTTMSGBUS__TYPE: mqtt + EDGEX__DEFAULT__PORT: "1883" + EDGEX__DEFAULT__PROTOCOL: tcp + EDGEX__DEFAULT__SERVER: edgex-mqtt-broker + EDGEX__DEFAULT__TYPE: mqtt + EDGEX__DEFAULT__TOPIC: edgex/rules-events + depends_on: + - database + security_opt: + - no-new-privileges:true + + ui: + image: ${UI_REPOSITORY}/edgex-ui${ARCH}:${EDGEX_UI_VERSION} + ports: + - "4000:4000" + container_name: edgex-ui-go + hostname: edgex-ui-go + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-ui-go + read_only: true + restart: always + networks: + - edgex-network + security_opt: + - no-new-privileges:true + user: "${EDGEX_USER}:${EDGEX_GROUP}" + volumes: + # use host timezone + - /etc/localtime:/etc/localtime:ro diff --git a/docker-compose-arm64.yml b/docker-compose-arm64.yml index 5a140664..581f5811 100644 --- a/docker-compose-arm64.yml +++ b/docker-compose-arm64.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-rules-engine: @@ -1303,7 +1303,7 @@ services: deploy: resources: limits: - memory: "34032716873728" + memory: "343254323167232" entrypoint: - /edgex-init/vault_wait_install.sh environment: @@ -1328,7 +1328,7 @@ services: VAULT_UI: "true" hostname: edgex-vault image: hashicorp/vault:1.14 - memswap_limit: "34032716873728" + memswap_limit: "343254323167232" networks: edgex-network: null ports: diff --git a/docker-compose-no-secty-arm64.yml b/docker-compose-no-secty-arm64.yml index 519e555d..a0a88c85 100644 --- a/docker-compose-no-secty-arm64.yml +++ b/docker-compose-no-secty-arm64.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-rules-engine: diff --git a/docker-compose-no-secty-with-app-sample-arm64.yml b/docker-compose-no-secty-with-app-sample-arm64.yml index 22444bb1..3e6d014b 100644 --- a/docker-compose-no-secty-with-app-sample-arm64.yml +++ b/docker-compose-no-secty-with-app-sample-arm64.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-rules-engine: diff --git a/docker-compose-no-secty-with-app-sample.yml b/docker-compose-no-secty-with-app-sample.yml index 7a6f3bbc..ac30267d 100644 --- a/docker-compose-no-secty-with-app-sample.yml +++ b/docker-compose-no-secty-with-app-sample.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-rules-engine: diff --git a/docker-compose-no-secty.yml b/docker-compose-no-secty.yml index 1b80f704..5c29d492 100644 --- a/docker-compose-no-secty.yml +++ b/docker-compose-no-secty.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-rules-engine: diff --git a/docker-compose-postgres-no-secty-arm64.yml b/docker-compose-postgres-no-secty-arm64.yml deleted file mode 100644 index c9796592..00000000 --- a/docker-compose-postgres-no-secty-arm64.yml +++ /dev/null @@ -1,429 +0,0 @@ -# Generated with: Docker Compose version v2.27.1 -name: edgex -services: - core-command: - command: - - --registry - - -cp=keeper.http://edgex-core-keeper:59890 - container_name: edgex-core-command - depends_on: - core-common-config-bootstrapper: - condition: service_started - required: true - core-metadata: - condition: service_started - required: true - database: - condition: service_started - required: true - keeper: - condition: service_started - required: true - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 - SERVICE_HOST: edgex-core-command - hostname: edgex-core-command - image: nexus3.edgexfoundry.org:10004/core-command-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59882 - published: "59882" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - core-common-config-bootstrapper: - command: - - /core-common-config-bootstrapper - - --registry - - -cp=keeper.http://edgex-core-keeper:59890 - container_name: edgex-core-common-config-bootstrapper - depends_on: - keeper: - condition: service_started - required: true - environment: - ALL_SERVICES_DATABASE_HOST: edgex-postgres - ALL_SERVICES_DATABASE_PORT: "5432" - ALL_SERVICES_DATABASE_TYPE: postgres - ALL_SERVICES_MESSAGEBUS_AUTHMODE: none - ALL_SERVICES_MESSAGEBUS_HOST: edgex-mqtt-broker - ALL_SERVICES_MESSAGEBUS_PORT: "1883" - ALL_SERVICES_MESSAGEBUS_PROTOCOL: tcp - ALL_SERVICES_MESSAGEBUS_TYPE: mqtt - ALL_SERVICES_REGISTRY_HOST: edgex-core-keeper - ALL_SERVICES_REGISTRY_PORT: "59890" - ALL_SERVICES_REGISTRY_TYPE: keeper - ALL_SERVICES_WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres - ALL_SERVICES_WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres - ALL_SERVICES_WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres - APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - EDGEX_SECURITY_SECRET_STORE: "false" - hostname: edgex-core-common-config-bootstrapper - image: nexus3.edgexfoundry.org:10004/core-common-config-bootstrapper-arm64:latest - networks: - edgex-network: null - read_only: true - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - core-data: - command: - - --registry - - -cp=keeper.http://edgex-core-keeper:59890 - container_name: edgex-core-data - depends_on: - core-common-config-bootstrapper: - condition: service_started - required: true - edgex-postgres: - condition: service_started - required: true - keeper: - condition: service_started - required: true - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres - WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres - WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres - SERVICE_HOST: edgex-core-data - DATABASE_HOST: edgex-postgres - DATABASE_TYPE: postgres - DATABASE_PORT: "5432" - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59880 - published: "59880" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - core-metadata: - command: - - --registry - - -cp=keeper.http://edgex-core-keeper:59890 - container_name: edgex-core-metadata - depends_on: - database: - condition: service_started - required: true - keeper: - condition: service_started - required: true - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-core-metadata - DATABASE_HOST: edgex-redis - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - database: - container_name: edgex-redis - hostname: edgex-redis - image: redis:7.0-alpine - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 6379 - published: "6379" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: db-data - target: /data - volume: {} - device-virtual: - command: - - -cp=keeper.http://edgex-core-keeper:59890 - - --registry - container_name: edgex-device-virtual - depends_on: - core-common-config-bootstrapper: - condition: service_started - required: true - core-data: - condition: service_started - required: true - core-metadata: - condition: service_started - required: true - keeper: - condition: service_started - required: true - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-device-virtual - hostname: edgex-device-virtual - image: nexus3.edgexfoundry.org:10004/device-virtual-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59900 - published: "59900" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - keeper: - container_name: edgex-core-keeper - depends_on: - edgex-postgres: - condition: service_started - required: true - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - MESSAGEBUS_HOST: edgex-mqtt-broker - MESSAGEBUS_AUTHMODE: none - MESSAGEBUS_PORT: "1883" - MESSAGEBUS_PROTOCOL: tcp - MESSAGEBUS_TYPE: mqtt - SERVICE_HOST: edgex-core-keeper - WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres - WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres - WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres - DATABASE_HOST: edgex-postgres - DATABASE_TYPE: postgres - DATABASE_PORT: "5432" - hostname: edgex-core-keeper - image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59890 - published: "59890" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - mqtt-broker: - command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf - container_name: edgex-mqtt-broker - hostname: edgex-mqtt-broker - image: eclipse-mosquitto:2.0 - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1883" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - edgex-postgres: - container_name: edgex-postgres - environment: - POSTGRES_PASSWORD: postgres - POSTGRES_DB: edgex_db - hostname: postgres - image: postgres:16.3-alpine3.20 - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 5432 - published: "5432" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - tmpfs: - - /run - volumes: - - type: volume - source: postgres-data - target: /var/lib/postgresql/data - volume: {} - support-cron-scheduler: - command: - - --registry - - -cp=keeper.http://edgex-core-keeper:59890 - container_name: edgex-support-cron-scheduler - depends_on: - core-common-config-bootstrapper: - condition: service_started - required: true - edgex-postgres: - condition: service_started - required: true - keeper: - condition: service_started - required: true - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres - WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres - WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres - SERVICE_HOST: edgex-support-cron-scheduler - DATABASE_HOST: edgex-postgres - DATABASE_TYPE: postgres - DATABASE_PORT: "5432" - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/support-cron-scheduler-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59863 - published: "59863" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - app-mqtt-export: - command: - - --registry - - -cp=keeper.http://edgex-core-keeper:59890 - container_name: edgex-app-mqtt-export - depends_on: - core-common-config-bootstrapper: - condition: service_started - required: true - core-metadata: - condition: service_started - required: true - keeper: - condition: service_started - required: true - environment: - EDGEX_PROFILE: mqtt-export - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-app-mqtt-export - WRITABLE_LOGLEVEL: INFO - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_PERSISTONERROR: true - WRITABLE_STOREANDFORWARD_ENABLED: true - hostname: edgex-app-mqtt-export - image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59703 - published: "59703" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true -networks: - edgex-network: - name: edgex_edgex-network - driver: bridge -volumes: - db-data: - name: edgex_db-data - postgres-data: - name: edgex_postgres-data diff --git a/docker-compose-postgres-no-secty.yml b/docker-compose-postgres-no-secty.yml deleted file mode 100644 index 984639d7..00000000 --- a/docker-compose-postgres-no-secty.yml +++ /dev/null @@ -1,429 +0,0 @@ -# Generated with: Docker Compose version v2.27.1 -name: edgex -services: - core-command: - command: - - --registry - - -cp=keeper.http://edgex-core-keeper:59890 - container_name: edgex-core-command - depends_on: - core-common-config-bootstrapper: - condition: service_started - required: true - core-metadata: - condition: service_started - required: true - database: - condition: service_started - required: true - keeper: - condition: service_started - required: true - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 - SERVICE_HOST: edgex-core-command - hostname: edgex-core-command - image: nexus3.edgexfoundry.org:10004/core-command:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59882 - published: "59882" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - core-common-config-bootstrapper: - command: - - /core-common-config-bootstrapper - - --registry - - -cp=keeper.http://edgex-core-keeper:59890 - container_name: edgex-core-common-config-bootstrapper - depends_on: - keeper: - condition: service_started - required: true - environment: - ALL_SERVICES_DATABASE_HOST: edgex-postgres - ALL_SERVICES_DATABASE_PORT: "5432" - ALL_SERVICES_DATABASE_TYPE: postgres - ALL_SERVICES_MESSAGEBUS_AUTHMODE: none - ALL_SERVICES_MESSAGEBUS_HOST: edgex-mqtt-broker - ALL_SERVICES_MESSAGEBUS_PORT: "1883" - ALL_SERVICES_MESSAGEBUS_PROTOCOL: tcp - ALL_SERVICES_MESSAGEBUS_TYPE: mqtt - ALL_SERVICES_REGISTRY_HOST: edgex-core-keeper - ALL_SERVICES_REGISTRY_PORT: "59890" - ALL_SERVICES_REGISTRY_TYPE: keeper - ALL_SERVICES_WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres - ALL_SERVICES_WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres - ALL_SERVICES_WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres - APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - EDGEX_SECURITY_SECRET_STORE: "false" - hostname: edgex-core-common-config-bootstrapper - image: nexus3.edgexfoundry.org:10004/core-common-config-bootstrapper:latest - networks: - edgex-network: null - read_only: true - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - core-data: - command: - - --registry - - -cp=keeper.http://edgex-core-keeper:59890 - container_name: edgex-core-data - depends_on: - core-common-config-bootstrapper: - condition: service_started - required: true - edgex-postgres: - condition: service_started - required: true - keeper: - condition: service_started - required: true - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres - WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres - WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres - SERVICE_HOST: edgex-core-data - DATABASE_HOST: edgex-postgres - DATABASE_TYPE: postgres - DATABASE_PORT: "5432" - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59880 - published: "59880" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - core-metadata: - command: - - --registry - - -cp=keeper.http://edgex-core-keeper:59890 - container_name: edgex-core-metadata - depends_on: - database: - condition: service_started - required: true - keeper: - condition: service_started - required: true - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-core-metadata - DATABASE_HOST: edgex-redis - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - database: - container_name: edgex-redis - hostname: edgex-redis - image: redis:7.0-alpine - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 6379 - published: "6379" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: db-data - target: /data - volume: {} - device-virtual: - command: - - -cp=keeper.http://edgex-core-keeper:59890 - - --registry - container_name: edgex-device-virtual - depends_on: - core-common-config-bootstrapper: - condition: service_started - required: true - core-data: - condition: service_started - required: true - core-metadata: - condition: service_started - required: true - keeper: - condition: service_started - required: true - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-device-virtual - hostname: edgex-device-virtual - image: nexus3.edgexfoundry.org:10004/device-virtual:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59900 - published: "59900" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - keeper: - container_name: edgex-core-keeper - depends_on: - edgex-postgres: - condition: service_started - required: true - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - MESSAGEBUS_HOST: edgex-mqtt-broker - MESSAGEBUS_AUTHMODE: none - MESSAGEBUS_PORT: "1883" - MESSAGEBUS_PROTOCOL: tcp - MESSAGEBUS_TYPE: mqtt - SERVICE_HOST: edgex-core-keeper - WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres - WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres - WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres - DATABASE_HOST: edgex-postgres - DATABASE_TYPE: postgres - DATABASE_PORT: "5432" - hostname: edgex-core-keeper - image: nexus3.edgexfoundry.org:10004/core-keeper:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59890 - published: "59890" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - mqtt-broker: - command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf - container_name: edgex-mqtt-broker - hostname: edgex-mqtt-broker - image: eclipse-mosquitto:2.0 - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1883" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - edgex-postgres: - container_name: edgex-postgres - environment: - POSTGRES_PASSWORD: postgres - POSTGRES_DB: edgex_db - hostname: postgres - image: postgres:16.3-alpine3.20 - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 5432 - published: "5432" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - tmpfs: - - /run - volumes: - - type: volume - source: postgres-data - target: /var/lib/postgresql/data - volume: { } - support-cron-scheduler: - command: - - --registry - - -cp=keeper.http://edgex-core-keeper:59890 - container_name: edgex-support-cron-scheduler - depends_on: - core-common-config-bootstrapper: - condition: service_started - required: true - edgex-postgres: - condition: service_started - required: true - keeper: - condition: service_started - required: true - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres - WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres - WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres - SERVICE_HOST: edgex-support-cron-scheduler - DATABASE_HOST: edgex-postgres - DATABASE_TYPE: postgres - DATABASE_PORT: "5432" - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/support-cron-scheduler:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59863 - published: "59863" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - app-mqtt-export: - command: - - --registry - - -cp=keeper.http://edgex-core-keeper:59890 - container_name: edgex-app-mqtt-export - depends_on: - core-common-config-bootstrapper: - condition: service_started - required: true - core-metadata: - condition: service_started - required: true - keeper: - condition: service_started - required: true - environment: - EDGEX_PROFILE: mqtt-export - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-app-mqtt-export - WRITABLE_LOGLEVEL: INFO - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_PERSISTONERROR: true - WRITABLE_STOREANDFORWARD_ENABLED: true - hostname: edgex-app-mqtt-export - image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59703 - published: "59703" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true -networks: - edgex-network: - name: edgex_edgex-network - driver: bridge -volumes: - db-data: - name: edgex_db-data - postgres-data: - name: edgex_postgres-data diff --git a/docker-compose-with-app-sample-arm64.yml b/docker-compose-with-app-sample-arm64.yml index c624bfb4..82b76303 100644 --- a/docker-compose-with-app-sample-arm64.yml +++ b/docker-compose-with-app-sample-arm64.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-rules-engine: @@ -1380,7 +1380,7 @@ services: deploy: resources: limits: - memory: "34032716873728" + memory: "343254323167232" entrypoint: - /edgex-init/vault_wait_install.sh environment: @@ -1405,7 +1405,7 @@ services: VAULT_UI: "true" hostname: edgex-vault image: hashicorp/vault:1.14 - memswap_limit: "34032716873728" + memswap_limit: "343254323167232" networks: edgex-network: null ports: diff --git a/docker-compose-with-app-sample.yml b/docker-compose-with-app-sample.yml index d29ec0cc..351a3e19 100644 --- a/docker-compose-with-app-sample.yml +++ b/docker-compose-with-app-sample.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-rules-engine: @@ -1380,7 +1380,7 @@ services: deploy: resources: limits: - memory: "34032716873728" + memory: "343254323167232" entrypoint: - /edgex-init/vault_wait_install.sh environment: @@ -1405,7 +1405,7 @@ services: VAULT_UI: "true" hostname: edgex-vault image: hashicorp/vault:1.14 - memswap_limit: "34032716873728" + memswap_limit: "343254323167232" networks: edgex-network: null ports: diff --git a/docker-compose-zero-trust-arm64.yml b/docker-compose-zero-trust-arm64.yml index 56090136..bbff0c3f 100644 --- a/docker-compose-zero-trust-arm64.yml +++ b/docker-compose-zero-trust-arm64.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-rules-engine: @@ -1134,7 +1134,7 @@ services: deploy: resources: limits: - memory: "34032716873728" + memory: "343254323167232" entrypoint: - /edgex-init/vault_wait_install.sh environment: @@ -1159,7 +1159,7 @@ services: VAULT_UI: "true" hostname: edgex-vault image: hashicorp/vault:1.14 - memswap_limit: "34032716873728" + memswap_limit: "343254323167232" networks: edgex-network: null ports: diff --git a/docker-compose-zero-trust.yml b/docker-compose-zero-trust.yml index 6ac5ecda..1acdad58 100644 --- a/docker-compose-zero-trust.yml +++ b/docker-compose-zero-trust.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-rules-engine: @@ -1134,7 +1134,7 @@ services: deploy: resources: limits: - memory: "34032716873728" + memory: "343254323167232" entrypoint: - /edgex-init/vault_wait_install.sh environment: @@ -1159,7 +1159,7 @@ services: VAULT_UI: "true" hostname: edgex-vault image: hashicorp/vault:1.14 - memswap_limit: "34032716873728" + memswap_limit: "343254323167232" networks: edgex-network: null ports: diff --git a/docker-compose.yml b/docker-compose.yml index a19d406d..4cc68e66 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-rules-engine: @@ -1303,7 +1303,7 @@ services: deploy: resources: limits: - memory: "34032716873728" + memory: "343254323167232" entrypoint: - /edgex-init/vault_wait_install.sh environment: @@ -1328,7 +1328,7 @@ services: VAULT_UI: "true" hostname: edgex-vault image: hashicorp/vault:1.14 - memswap_limit: "34032716873728" + memswap_limit: "343254323167232" networks: edgex-network: null ports: diff --git a/taf/docker-compose-taf-arm64.yml b/taf/docker-compose-taf-arm64.yml index 36ec2d48..326ec661 100644 --- a/taf/docker-compose-taf-arm64.yml +++ b/taf/docker-compose-taf-arm64.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-external-mqtt-trigger: @@ -1352,8 +1352,15 @@ services: required: true environment: DATABASE_HOST: edgex-redis + DATABASE_PORT: "6379" + DATABASE_TYPE: redisdb EDGEX_SECURITY_SECRET_STORE: "true" + MESSAGEBUS_AUTHMODE: none MESSAGEBUS_HOST: edgex-redis + MESSAGEBUS_PORT: "6379" + MESSAGEBUS_PROTOCOL: redis + MESSAGEBUS_SECRETNAME: redisdb + MESSAGEBUS_TYPE: redis PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault SERVICE_HOST: edgex-core-keeper @@ -1370,6 +1377,9 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: "" + WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: "" + WRITABLE_INSECURESECRETS_DB_SECRETNAME: redisdb hostname: edgex-core-keeper image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest networks: @@ -2341,7 +2351,7 @@ services: deploy: resources: limits: - memory: "34032716873728" + memory: "343254323167232" entrypoint: - /edgex-init/vault_wait_install.sh environment: @@ -2366,7 +2376,7 @@ services: VAULT_UI: "true" hostname: edgex-vault image: hashicorp/vault:1.14 - memswap_limit: "34032716873728" + memswap_limit: "343254323167232" networks: edgex-network: null ports: diff --git a/taf/docker-compose-taf-keeper-arm64.yml b/taf/docker-compose-taf-keeper-arm64.yml index d5be2d9d..e474a2cb 100644 --- a/taf/docker-compose-taf-keeper-arm64.yml +++ b/taf/docker-compose-taf-keeper-arm64.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-external-mqtt-trigger: @@ -1271,8 +1271,15 @@ services: required: true environment: DATABASE_HOST: edgex-redis + DATABASE_PORT: "6379" + DATABASE_TYPE: redisdb EDGEX_SECURITY_SECRET_STORE: "true" + MESSAGEBUS_AUTHMODE: none MESSAGEBUS_HOST: edgex-redis + MESSAGEBUS_PORT: "6379" + MESSAGEBUS_PROTOCOL: redis + MESSAGEBUS_SECRETNAME: redisdb + MESSAGEBUS_TYPE: redis PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault SERVICE_HOST: edgex-core-keeper @@ -1289,6 +1296,9 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: "" + WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: "" + WRITABLE_INSECURESECRETS_DB_SECRETNAME: redisdb hostname: edgex-core-keeper image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest networks: @@ -2260,7 +2270,7 @@ services: deploy: resources: limits: - memory: "34032716873728" + memory: "343254323167232" entrypoint: - /edgex-init/vault_wait_install.sh environment: @@ -2285,7 +2295,7 @@ services: VAULT_UI: "true" hostname: edgex-vault image: hashicorp/vault:1.14 - memswap_limit: "34032716873728" + memswap_limit: "343254323167232" networks: edgex-network: null ports: diff --git a/taf/docker-compose-taf-keeper.yml b/taf/docker-compose-taf-keeper.yml index 419d7a1c..61cc803a 100644 --- a/taf/docker-compose-taf-keeper.yml +++ b/taf/docker-compose-taf-keeper.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-external-mqtt-trigger: @@ -1271,8 +1271,15 @@ services: required: true environment: DATABASE_HOST: edgex-redis + DATABASE_PORT: "6379" + DATABASE_TYPE: redisdb EDGEX_SECURITY_SECRET_STORE: "true" + MESSAGEBUS_AUTHMODE: none MESSAGEBUS_HOST: edgex-redis + MESSAGEBUS_PORT: "6379" + MESSAGEBUS_PROTOCOL: redis + MESSAGEBUS_SECRETNAME: redisdb + MESSAGEBUS_TYPE: redis PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault SERVICE_HOST: edgex-core-keeper @@ -1289,6 +1296,9 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: "" + WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: "" + WRITABLE_INSECURESECRETS_DB_SECRETNAME: redisdb hostname: edgex-core-keeper image: nexus3.edgexfoundry.org:10004/core-keeper:latest networks: @@ -2260,7 +2270,7 @@ services: deploy: resources: limits: - memory: "34032716873728" + memory: "343254323167232" entrypoint: - /edgex-init/vault_wait_install.sh environment: @@ -2285,7 +2295,7 @@ services: VAULT_UI: "true" hostname: edgex-vault image: hashicorp/vault:1.14 - memswap_limit: "34032716873728" + memswap_limit: "343254323167232" networks: edgex-network: null ports: diff --git a/taf/docker-compose-taf-mqtt-bus-arm64.yml b/taf/docker-compose-taf-mqtt-bus-arm64.yml index 1b230c1b..2ba270e7 100644 --- a/taf/docker-compose-taf-mqtt-bus-arm64.yml +++ b/taf/docker-compose-taf-mqtt-bus-arm64.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-external-mqtt-trigger: @@ -1359,8 +1359,15 @@ services: required: true environment: DATABASE_HOST: edgex-redis + DATABASE_PORT: "6379" + DATABASE_TYPE: redisdb EDGEX_SECURITY_SECRET_STORE: "true" + MESSAGEBUS_AUTHMODE: none MESSAGEBUS_HOST: edgex-redis + MESSAGEBUS_PORT: "6379" + MESSAGEBUS_PROTOCOL: redis + MESSAGEBUS_SECRETNAME: redisdb + MESSAGEBUS_TYPE: redis PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault SERVICE_HOST: edgex-core-keeper @@ -1377,6 +1384,9 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: "" + WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: "" + WRITABLE_INSECURESECRETS_DB_SECRETNAME: redisdb hostname: edgex-core-keeper image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest networks: @@ -2406,7 +2416,7 @@ services: deploy: resources: limits: - memory: "34032716873728" + memory: "343254323167232" entrypoint: - /edgex-init/vault_wait_install.sh environment: @@ -2431,7 +2441,7 @@ services: VAULT_UI: "true" hostname: edgex-vault image: hashicorp/vault:1.14 - memswap_limit: "34032716873728" + memswap_limit: "343254323167232" networks: edgex-network: null ports: diff --git a/taf/docker-compose-taf-mqtt-bus-keeper-arm64.yml b/taf/docker-compose-taf-mqtt-bus-keeper-arm64.yml index aaf63ca8..092f5dde 100644 --- a/taf/docker-compose-taf-mqtt-bus-keeper-arm64.yml +++ b/taf/docker-compose-taf-mqtt-bus-keeper-arm64.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-external-mqtt-trigger: @@ -1278,8 +1278,15 @@ services: required: true environment: DATABASE_HOST: edgex-redis + DATABASE_PORT: "6379" + DATABASE_TYPE: redisdb EDGEX_SECURITY_SECRET_STORE: "true" + MESSAGEBUS_AUTHMODE: none MESSAGEBUS_HOST: edgex-redis + MESSAGEBUS_PORT: "6379" + MESSAGEBUS_PROTOCOL: redis + MESSAGEBUS_SECRETNAME: redisdb + MESSAGEBUS_TYPE: redis PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault SERVICE_HOST: edgex-core-keeper @@ -1296,6 +1303,9 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: "" + WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: "" + WRITABLE_INSECURESECRETS_DB_SECRETNAME: redisdb hostname: edgex-core-keeper image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest networks: @@ -2325,7 +2335,7 @@ services: deploy: resources: limits: - memory: "34032716873728" + memory: "343254323167232" entrypoint: - /edgex-init/vault_wait_install.sh environment: @@ -2350,7 +2360,7 @@ services: VAULT_UI: "true" hostname: edgex-vault image: hashicorp/vault:1.14 - memswap_limit: "34032716873728" + memswap_limit: "343254323167232" networks: edgex-network: null ports: diff --git a/taf/docker-compose-taf-mqtt-bus-keeper.yml b/taf/docker-compose-taf-mqtt-bus-keeper.yml index 02878ede..6dc6ae43 100644 --- a/taf/docker-compose-taf-mqtt-bus-keeper.yml +++ b/taf/docker-compose-taf-mqtt-bus-keeper.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-external-mqtt-trigger: @@ -1278,8 +1278,15 @@ services: required: true environment: DATABASE_HOST: edgex-redis + DATABASE_PORT: "6379" + DATABASE_TYPE: redisdb EDGEX_SECURITY_SECRET_STORE: "true" + MESSAGEBUS_AUTHMODE: none MESSAGEBUS_HOST: edgex-redis + MESSAGEBUS_PORT: "6379" + MESSAGEBUS_PROTOCOL: redis + MESSAGEBUS_SECRETNAME: redisdb + MESSAGEBUS_TYPE: redis PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault SERVICE_HOST: edgex-core-keeper @@ -1296,6 +1303,9 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: "" + WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: "" + WRITABLE_INSECURESECRETS_DB_SECRETNAME: redisdb hostname: edgex-core-keeper image: nexus3.edgexfoundry.org:10004/core-keeper:latest networks: @@ -2325,7 +2335,7 @@ services: deploy: resources: limits: - memory: "34032716873728" + memory: "343254323167232" entrypoint: - /edgex-init/vault_wait_install.sh environment: @@ -2350,7 +2360,7 @@ services: VAULT_UI: "true" hostname: edgex-vault image: hashicorp/vault:1.14 - memswap_limit: "34032716873728" + memswap_limit: "343254323167232" networks: edgex-network: null ports: diff --git a/taf/docker-compose-taf-mqtt-bus.yml b/taf/docker-compose-taf-mqtt-bus.yml index b232d602..f07e9e80 100644 --- a/taf/docker-compose-taf-mqtt-bus.yml +++ b/taf/docker-compose-taf-mqtt-bus.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-external-mqtt-trigger: @@ -1359,8 +1359,15 @@ services: required: true environment: DATABASE_HOST: edgex-redis + DATABASE_PORT: "6379" + DATABASE_TYPE: redisdb EDGEX_SECURITY_SECRET_STORE: "true" + MESSAGEBUS_AUTHMODE: none MESSAGEBUS_HOST: edgex-redis + MESSAGEBUS_PORT: "6379" + MESSAGEBUS_PROTOCOL: redis + MESSAGEBUS_SECRETNAME: redisdb + MESSAGEBUS_TYPE: redis PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault SERVICE_HOST: edgex-core-keeper @@ -1377,6 +1384,9 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: "" + WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: "" + WRITABLE_INSECURESECRETS_DB_SECRETNAME: redisdb hostname: edgex-core-keeper image: nexus3.edgexfoundry.org:10004/core-keeper:latest networks: @@ -2406,7 +2416,7 @@ services: deploy: resources: limits: - memory: "34032716873728" + memory: "343254323167232" entrypoint: - /edgex-init/vault_wait_install.sh environment: @@ -2431,7 +2441,7 @@ services: VAULT_UI: "true" hostname: edgex-vault image: hashicorp/vault:1.14 - memswap_limit: "34032716873728" + memswap_limit: "343254323167232" networks: edgex-network: null ports: diff --git a/taf/docker-compose-taf-no-secty-arm64.yml b/taf/docker-compose-taf-no-secty-arm64.yml index 6fa48de7..16070321 100644 --- a/taf/docker-compose-taf-no-secty-arm64.yml +++ b/taf/docker-compose-taf-no-secty-arm64.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-external-mqtt-trigger: @@ -739,9 +739,19 @@ services: container_name: edgex-core-keeper environment: DATABASE_HOST: edgex-redis + DATABASE_PORT: "6379" + DATABASE_TYPE: redisdb EDGEX_SECURITY_SECRET_STORE: "false" + MESSAGEBUS_AUTHMODE: none MESSAGEBUS_HOST: edgex-redis + MESSAGEBUS_PORT: "6379" + MESSAGEBUS_PROTOCOL: redis + MESSAGEBUS_SECRETNAME: redisdb + MESSAGEBUS_TYPE: redis SERVICE_HOST: edgex-core-keeper + WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: "" + WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: "" + WRITABLE_INSECURESECRETS_DB_SECRETNAME: redisdb hostname: edgex-core-keeper image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest networks: diff --git a/taf/docker-compose-taf-no-secty-keeper-arm64.yml b/taf/docker-compose-taf-no-secty-keeper-arm64.yml index eb8c1663..e94e6044 100644 --- a/taf/docker-compose-taf-no-secty-keeper-arm64.yml +++ b/taf/docker-compose-taf-no-secty-keeper-arm64.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-external-mqtt-trigger: @@ -706,9 +706,19 @@ services: container_name: edgex-core-keeper environment: DATABASE_HOST: edgex-redis + DATABASE_PORT: "6379" + DATABASE_TYPE: redisdb EDGEX_SECURITY_SECRET_STORE: "false" + MESSAGEBUS_AUTHMODE: none MESSAGEBUS_HOST: edgex-redis + MESSAGEBUS_PORT: "6379" + MESSAGEBUS_PROTOCOL: redis + MESSAGEBUS_SECRETNAME: redisdb + MESSAGEBUS_TYPE: redis SERVICE_HOST: edgex-core-keeper + WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: "" + WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: "" + WRITABLE_INSECURESECRETS_DB_SECRETNAME: redisdb hostname: edgex-core-keeper image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest networks: diff --git a/taf/docker-compose-taf-no-secty-keeper.yml b/taf/docker-compose-taf-no-secty-keeper.yml index 29e4e82c..dd6dd30e 100644 --- a/taf/docker-compose-taf-no-secty-keeper.yml +++ b/taf/docker-compose-taf-no-secty-keeper.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-external-mqtt-trigger: @@ -706,9 +706,19 @@ services: container_name: edgex-core-keeper environment: DATABASE_HOST: edgex-redis + DATABASE_PORT: "6379" + DATABASE_TYPE: redisdb EDGEX_SECURITY_SECRET_STORE: "false" + MESSAGEBUS_AUTHMODE: none MESSAGEBUS_HOST: edgex-redis + MESSAGEBUS_PORT: "6379" + MESSAGEBUS_PROTOCOL: redis + MESSAGEBUS_SECRETNAME: redisdb + MESSAGEBUS_TYPE: redis SERVICE_HOST: edgex-core-keeper + WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: "" + WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: "" + WRITABLE_INSECURESECRETS_DB_SECRETNAME: redisdb hostname: edgex-core-keeper image: nexus3.edgexfoundry.org:10004/core-keeper:latest networks: diff --git a/taf/docker-compose-taf-no-secty-mqtt-bus-arm64.yml b/taf/docker-compose-taf-no-secty-mqtt-bus-arm64.yml index c22ae76b..29d790bd 100644 --- a/taf/docker-compose-taf-no-secty-mqtt-bus-arm64.yml +++ b/taf/docker-compose-taf-no-secty-mqtt-bus-arm64.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-external-mqtt-trigger: @@ -743,9 +743,19 @@ services: container_name: edgex-core-keeper environment: DATABASE_HOST: edgex-redis + DATABASE_PORT: "6379" + DATABASE_TYPE: redisdb EDGEX_SECURITY_SECRET_STORE: "false" + MESSAGEBUS_AUTHMODE: none MESSAGEBUS_HOST: edgex-redis + MESSAGEBUS_PORT: "6379" + MESSAGEBUS_PROTOCOL: redis + MESSAGEBUS_SECRETNAME: redisdb + MESSAGEBUS_TYPE: redis SERVICE_HOST: edgex-core-keeper + WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: "" + WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: "" + WRITABLE_INSECURESECRETS_DB_SECRETNAME: redisdb hostname: edgex-core-keeper image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest networks: diff --git a/taf/docker-compose-taf-no-secty-mqtt-bus-keeper-arm64.yml b/taf/docker-compose-taf-no-secty-mqtt-bus-keeper-arm64.yml index cc626886..34f749af 100644 --- a/taf/docker-compose-taf-no-secty-mqtt-bus-keeper-arm64.yml +++ b/taf/docker-compose-taf-no-secty-mqtt-bus-keeper-arm64.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-external-mqtt-trigger: @@ -710,9 +710,19 @@ services: container_name: edgex-core-keeper environment: DATABASE_HOST: edgex-redis + DATABASE_PORT: "6379" + DATABASE_TYPE: redisdb EDGEX_SECURITY_SECRET_STORE: "false" + MESSAGEBUS_AUTHMODE: none MESSAGEBUS_HOST: edgex-redis + MESSAGEBUS_PORT: "6379" + MESSAGEBUS_PROTOCOL: redis + MESSAGEBUS_SECRETNAME: redisdb + MESSAGEBUS_TYPE: redis SERVICE_HOST: edgex-core-keeper + WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: "" + WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: "" + WRITABLE_INSECURESECRETS_DB_SECRETNAME: redisdb hostname: edgex-core-keeper image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest networks: diff --git a/taf/docker-compose-taf-no-secty-mqtt-bus-keeper.yml b/taf/docker-compose-taf-no-secty-mqtt-bus-keeper.yml index 1ad82dfa..eda7e900 100644 --- a/taf/docker-compose-taf-no-secty-mqtt-bus-keeper.yml +++ b/taf/docker-compose-taf-no-secty-mqtt-bus-keeper.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-external-mqtt-trigger: @@ -710,9 +710,19 @@ services: container_name: edgex-core-keeper environment: DATABASE_HOST: edgex-redis + DATABASE_PORT: "6379" + DATABASE_TYPE: redisdb EDGEX_SECURITY_SECRET_STORE: "false" + MESSAGEBUS_AUTHMODE: none MESSAGEBUS_HOST: edgex-redis + MESSAGEBUS_PORT: "6379" + MESSAGEBUS_PROTOCOL: redis + MESSAGEBUS_SECRETNAME: redisdb + MESSAGEBUS_TYPE: redis SERVICE_HOST: edgex-core-keeper + WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: "" + WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: "" + WRITABLE_INSECURESECRETS_DB_SECRETNAME: redisdb hostname: edgex-core-keeper image: nexus3.edgexfoundry.org:10004/core-keeper:latest networks: diff --git a/taf/docker-compose-taf-no-secty-mqtt-bus.yml b/taf/docker-compose-taf-no-secty-mqtt-bus.yml index e688ba28..645d8308 100644 --- a/taf/docker-compose-taf-no-secty-mqtt-bus.yml +++ b/taf/docker-compose-taf-no-secty-mqtt-bus.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-external-mqtt-trigger: @@ -743,9 +743,19 @@ services: container_name: edgex-core-keeper environment: DATABASE_HOST: edgex-redis + DATABASE_PORT: "6379" + DATABASE_TYPE: redisdb EDGEX_SECURITY_SECRET_STORE: "false" + MESSAGEBUS_AUTHMODE: none MESSAGEBUS_HOST: edgex-redis + MESSAGEBUS_PORT: "6379" + MESSAGEBUS_PROTOCOL: redis + MESSAGEBUS_SECRETNAME: redisdb + MESSAGEBUS_TYPE: redis SERVICE_HOST: edgex-core-keeper + WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: "" + WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: "" + WRITABLE_INSECURESECRETS_DB_SECRETNAME: redisdb hostname: edgex-core-keeper image: nexus3.edgexfoundry.org:10004/core-keeper:latest networks: diff --git a/taf/docker-compose-taf-no-secty.yml b/taf/docker-compose-taf-no-secty.yml index ce1935d6..9cd6c9ed 100644 --- a/taf/docker-compose-taf-no-secty.yml +++ b/taf/docker-compose-taf-no-secty.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-external-mqtt-trigger: @@ -739,9 +739,19 @@ services: container_name: edgex-core-keeper environment: DATABASE_HOST: edgex-redis + DATABASE_PORT: "6379" + DATABASE_TYPE: redisdb EDGEX_SECURITY_SECRET_STORE: "false" + MESSAGEBUS_AUTHMODE: none MESSAGEBUS_HOST: edgex-redis + MESSAGEBUS_PORT: "6379" + MESSAGEBUS_PROTOCOL: redis + MESSAGEBUS_SECRETNAME: redisdb + MESSAGEBUS_TYPE: redis SERVICE_HOST: edgex-core-keeper + WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: "" + WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: "" + WRITABLE_INSECURESECRETS_DB_SECRETNAME: redisdb hostname: edgex-core-keeper image: nexus3.edgexfoundry.org:10004/core-keeper:latest networks: diff --git a/taf/docker-compose-taf-perf-arm64.yml b/taf/docker-compose-taf-perf-arm64.yml index 843664b2..9bdeb377 100644 --- a/taf/docker-compose-taf-perf-arm64.yml +++ b/taf/docker-compose-taf-perf-arm64.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-mqtt-export: @@ -1693,7 +1693,7 @@ services: deploy: resources: limits: - memory: "34032716873728" + memory: "343254323167232" entrypoint: - /edgex-init/vault_wait_install.sh environment: @@ -1718,7 +1718,7 @@ services: VAULT_UI: "true" hostname: edgex-vault image: hashicorp/vault:1.14 - memswap_limit: "34032716873728" + memswap_limit: "343254323167232" networks: edgex-network: null ports: diff --git a/taf/docker-compose-taf-perf-no-secty-arm64.yml b/taf/docker-compose-taf-perf-no-secty-arm64.yml index 3d67841d..e3aeb478 100644 --- a/taf/docker-compose-taf-perf-no-secty-arm64.yml +++ b/taf/docker-compose-taf-perf-no-secty-arm64.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-mqtt-export: diff --git a/taf/docker-compose-taf-perf-no-secty.yml b/taf/docker-compose-taf-perf-no-secty.yml index ef4a00ec..8d778296 100644 --- a/taf/docker-compose-taf-perf-no-secty.yml +++ b/taf/docker-compose-taf-perf-no-secty.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-mqtt-export: diff --git a/taf/docker-compose-taf-perf.yml b/taf/docker-compose-taf-perf.yml index a38d3540..8204dbc0 100644 --- a/taf/docker-compose-taf-perf.yml +++ b/taf/docker-compose-taf-perf.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-mqtt-export: @@ -1693,7 +1693,7 @@ services: deploy: resources: limits: - memory: "34032716873728" + memory: "343254323167232" entrypoint: - /edgex-init/vault_wait_install.sh environment: @@ -1718,7 +1718,7 @@ services: VAULT_UI: "true" hostname: edgex-vault image: hashicorp/vault:1.14 - memswap_limit: "34032716873728" + memswap_limit: "343254323167232" networks: edgex-network: null ports: diff --git a/taf/docker-compose-taf.yml b/taf/docker-compose-taf.yml index 16c4e788..eb274743 100644 --- a/taf/docker-compose-taf.yml +++ b/taf/docker-compose-taf.yml @@ -24,7 +24,7 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # -# Generated with: Docker Compose version v2.29.1 +# Generated with: Docker Compose version v2.29.2 name: edgex services: app-external-mqtt-trigger: @@ -1352,8 +1352,15 @@ services: required: true environment: DATABASE_HOST: edgex-redis + DATABASE_PORT: "6379" + DATABASE_TYPE: redisdb EDGEX_SECURITY_SECRET_STORE: "true" + MESSAGEBUS_AUTHMODE: none MESSAGEBUS_HOST: edgex-redis + MESSAGEBUS_PORT: "6379" + MESSAGEBUS_PROTOCOL: redis + MESSAGEBUS_SECRETNAME: redisdb + MESSAGEBUS_TYPE: redis PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault SERVICE_HOST: edgex-core-keeper @@ -1370,6 +1377,9 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: "" + WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: "" + WRITABLE_INSECURESECRETS_DB_SECRETNAME: redisdb hostname: edgex-core-keeper image: nexus3.edgexfoundry.org:10004/core-keeper:latest networks: @@ -2341,7 +2351,7 @@ services: deploy: resources: limits: - memory: "34032716873728" + memory: "343254323167232" entrypoint: - /edgex-init/vault_wait_install.sh environment: @@ -2366,7 +2376,7 @@ services: VAULT_UI: "true" hostname: edgex-vault image: hashicorp/vault:1.14 - memswap_limit: "34032716873728" + memswap_limit: "343254323167232" networks: edgex-network: null ports: