Merge pull request #466 from cherrycl/issue-465

fix: Generate new TAF compose files with postgres

compose-builder/Makefile

@@ -44,8 +44,7 @@ export USERID:=$(shell id -u)
 export DOCKER_SOCKET_PATH=/var/run/docker.sock
 
 # Get total system memory in megabytes for vault config
-#export TOTAL_SYSTEM_MEMORY:=$(shell grep MemTotal /proc/meminfo | awk '{print $$2}')m
-export TOTAL_SYSTEM_MEMORY:=327352832m
+export TOTAL_SYSTEM_MEMORY:=$(shell grep MemTotal /proc/meminfo | awk '{print $$2}')m
 
 BROKER_YAML=add-mqtt-broker-mosquitto.yml
 TAF_BROKER_YAML=add-taf-mqtt-broker-mosquitto.yml
@@ -156,7 +155,7 @@ ifeq (keeper, $(filter keeper,$(ARGS)))
 		export WRITABLE_INSECURESECRETS_DB_SECRETNAME=
 		ifeq (no-secty, $(filter no-secty,$(ARGS)))
 			export MESSAGEBUS_AUTHMODE=none
-            export MESSAGEBUS_SECRETNAME=
+			export MESSAGEBUS_SECRETNAME=
 			export WRITABLE_INSECURESECRETS_DB_SECRETNAME=postgres
 			export WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME=postgres
 			export WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD=postgres
@@ -891,16 +890,24 @@ endif
 
 # Build compose for TAF secure testing (ignore all other compose file options)
 ifeq (taf-secty, $(filter taf-secty,$(ARGS)))
+
+	ifeq (postgres, $(filter postgres,$(ARGS)))
+		export COMMON_SEC_STAGE_GATE_FILE_NAME=common-sec-stage-gate-postgres.env
+		DATABASE:=-postgres
+		COMPOSE_FILES:=-f docker-compose-base-postgres.yml -f add-cron-scheduler.yml \
+				-f add-security-postgres.yml -f add-secure-postgres.yml
+	else
+		COMPOSE_FILES:=-f docker-compose-base.yml -f add-security.yml
+	endif
+
 	TOKEN_LIST:=app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera
 	# Note that the services in this list should be separated by ';', but that causes issues with build scripts, so
 	# have to list them individually.
 	KNOWN_SECRETS_LIST:=redisdb[app-rules-engine],redisdb[app-http-export],redisdb[app-mqtt-export],redisdb[app-scalability-test-mqtt-export],redisdb[app-sample],redisdb[device-modbus],redisdb[device-rest],redisdb[device-virtual],redisdb[device-onvif-camera]
 	KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),message-bus[app-rules-engine],message-bus[app-http-export],message-bus[app-mqtt-export],message-bus[app-external-mqtt-trigger],message-bus[app-scalability-test-mqtt-export],message-bus[app-sample],message-bus[device-modbus],message-bus[device-rest],message-bus[device-virtual],message-bus[device-onvif-camera]
 	EXTRA_PROXY_ROUTE_LIST:=device-modbus.http://edgex-device-modbus:59901
 
-	COMPOSE_FILES:= \
-		-f docker-compose-base.yml \
-		-f add-security.yml \
+	COMPOSE_FILES:= $(COMPOSE_FILES) \
 		-f add-security-proxy.yml \
 		-f add-taf-app-services.yml \
 		-f add-taf-app-services-secure.yml \
@@ -922,6 +929,14 @@ ifeq (taf-secty, $(filter taf-secty,$(ARGS)))
 		IS_SECURE_MODE:=1
 		IS_MQTT_BUS:=1
 		COMPOSE_FILES:=$(COMPOSE_FILES) -f add-mqtt-messagebus.yml -f add-secure-mqtt-messagebus.yml -f add-secure-mqtt-broker.yml
+		ifeq (keeper, $(filter keeper,$(ARGS)))
+			export MESSAGEBUS_AUTHMODE=usernamepassword
+			export MESSAGEBUS_SECRETNAME=message-bus
+			export MESSAGEBUS_HOST=edgex-mqtt-broker
+			export MESSAGEBUS_PORT=1883
+			export MESSAGEBUS_PROTOCOL=tcp
+			export MESSAGEBUS_TYPE=mqtt
+		endif
 	else
 		COMPOSE_FILES:=$(COMPOSE_FILES) -f add-secure-redis-messagebus.yml
 		IS_MQTT_BUS:=0
@@ -964,7 +979,6 @@ else
     ifeq (taf-no-secty, $(filter taf-no-secty,$(ARGS)))
 
 		COMPOSE_FILES:= \
-			-f docker-compose-base.yml \
 			-f add-taf-app-services.yml \
 			-f add-asc-http-export.yml \
 			-f add-asc-mqtt-export.yml \
@@ -973,25 +987,47 @@ else
 			-f add-device-virtual.yml \
 			-f add-device-rest.yml \
 			-f add-device-modbus.yml \
-            -f add-device-onvif-camera.yml \
+			-f add-device-onvif-camera.yml \
 			-f add-taf-device-services-mods.yml \
 			-f ${BROKER_YAML} \
 			-f add-modbus-simulator.yml \
 			-f ${TAF_BROKER_YAML}
 
-        NO_SECURITY:=-no-secty
+		NO_SECURITY:=-no-secty
 
-        ifeq (mqtt-bus, $(filter mqtt-bus,$(ARGS)))
-            IS_SECURE_MODE:=0
-            COMPOSE_FILES:=$(COMPOSE_FILES) -f add-mqtt-messagebus.yml
-        endif
+		ifeq (postgres, $(filter postgres,$(ARGS)))
+			export MESSAGEBUS_AUTHMODE=none
+			export MESSAGEBUS_SECRETNAME=
+			export WRITABLE_INSECURESECRETS_DB_SECRETNAME=postgres
+			export WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME=postgres
+			export WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD=postgres
+			DATABASE:=-postgres
+			COMPOSE_FILES:=$(COMPOSE_FILES) -f docker-compose-base-postgres.yml -f add-cron-scheduler.yml
+		else
+			COMPOSE_FILES:=$(COMPOSE_FILES) -f docker-compose-base.yml
+		endif
+
+		ifeq (mqtt-bus, $(filter mqtt-bus,$(ARGS)))
+			IS_SECURE_MODE:=0
+			COMPOSE_FILES:=$(COMPOSE_FILES) -f add-mqtt-messagebus.yml
+
+			ifeq (keeper, $(filter keeper,$(ARGS)))
+				export MESSAGEBUS_AUTHMODE=none
+				export MESSAGEBUS_HOST=edgex-mqtt-broker
+				export MESSAGEBUS_PORT=1883
+				export MESSAGEBUS_PROTOCOL=tcp
+				export MESSAGEBUS_SECRETNAME=
+				export MESSAGEBUS_TYPE=mqtt
+			endif
+		endif
 
 		ifeq (keeper, $(filter keeper,$(ARGS)))
 			COMPOSE_FILES:=$(COMPOSE_FILES) -f add-keeper.yml
 			REGISTRY:=-keeper
 		else
 			COMPOSE_FILES:=$(COMPOSE_FILES) -f add-consul.yml -f add-keeper.yml
 		endif
+
     else
     	# Build compose for TAF secure performance testing (ignore all other compose file options)
     	ifeq (taf-perf, $(filter taf-perf,$(ARGS)))
@@ -1157,6 +1193,10 @@ build-taf:
 	make taf-compose taf-no-secty keeper mqtt-bus mqtt-verbose
 	make taf-compose taf-secty keeper mqtt-bus mqtt-verbose arm64
 	make taf-compose taf-no-secty keeper mqtt-bus mqtt-verbose arm64
+	make taf-compose taf-secty keeper mqtt-bus mqtt-verbose postgres
+	make taf-compose taf-no-secty keeper mqtt-bus mqtt-verbose postgres
+	make taf-compose taf-secty keeper mqtt-bus mqtt-verbose postgres arm64
+	make taf-compose taf-no-secty keeper mqtt-bus mqtt-verbose postgres arm64
 	make taf-compose-perf taf-perf
 	make taf-compose-perf taf-perf-no-secty
 	make taf-compose-perf taf-perf arm64
@@ -1172,7 +1212,7 @@ compose: gen
 	cat gen-header docker-compose.yml > $(RELEASE_FOLDER)/docker-compose$(NO_SECURITY)$(APP_SAMPLE)$(BUS)$(NANOMQ)$(ZERO_TRUST_COMPOSE)$(ARCH).yml
 
 taf-compose: gen
-	cat gen-header docker-compose.yml > $(RELEASE_FOLDER)/taf/docker-compose-taf$(NO_SECURITY)$(BUS)$(NANOMQ)$(REGISTRY)$(ARCH).yml
+	cat gen-header docker-compose.yml > $(RELEASE_FOLDER)/taf/docker-compose-taf$(NO_SECURITY)$(BUS)$(NANOMQ)$(REGISTRY)$(DATABASE)$(ARCH).yml
 
 taf-compose-perf: gen
 	cat gen-header docker-compose.yml > $(RELEASE_FOLDER)taf/docker-compose-taf-perf$(NO_SECURITY)$(BUS)$(NANOMQ)$(ARCH).yml

compose-builder/add-delayed-start-services.yml

@@ -35,7 +35,7 @@ services:
     restart: always
     env_file:
       - common-security.env
-      - common-sec-stage-gate.env
+      - ${COMMON_SEC_STAGE_GATE_FILE_NAME}
     tmpfs:
       - /run
     volumes:
@@ -65,7 +65,7 @@ services:
     restart: always
     env_file:
       - common-security.env
-      - common-sec-stage-gate.env
+      - ${COMMON_SEC_STAGE_GATE_FILE_NAME}
     tmpfs:
       - /run
     volumes:
@@ -97,7 +97,7 @@ services:
     restart: always
     env_file:
       - common-security.env
-      - common-sec-stage-gate.env
+      - ${COMMON_SEC_STAGE_GATE_FILE_NAME}
     tmpfs:
       - /run
     volumes:
@@ -126,7 +126,7 @@ services:
     restart: always
     env_file:
       - common-security.env
-      - common-sec-stage-gate.env
+      - ${COMMON_SEC_STAGE_GATE_FILE_NAME}
     environment:
       SERVICE_HOST: edgex-security-spiffe-token-provider
     tmpfs:

compose-builder/add-security-zero-trust.yml

@@ -65,7 +65,7 @@ services:
       - security-bootstrapper
     env_file:
       - common-security.env
-      - common-sec-stage-gate.env
+      - ${COMMON_SEC_STAGE_GATE_FILE_NAME}
     environment:
       SERVICE_HOST: edgex-ui-go
       CLIENTS_CORE_COMMAND_SECURITYOPTIONS_MODE: "zerotrust"

compose-builder/add-service-secure-template.yml

@@ -28,7 +28,7 @@ services:
     command: "/${EXECUTABLE} --registry ${CP_FLAGS}"
     env_file:
       - common-security.env
-      - common-sec-stage-gate.env
+      - ${COMMON_SEC_STAGE_GATE_FILE_NAME}
     ##${ENVIRONMENT_SECTION}
     volumes:
       - edgex-init:/edgex-init:ro

compose-builder/add-taf-app-services-secure.yml

@@ -24,7 +24,7 @@ services:
     command: "/app-service-configurable --registry ${CP_FLAGS}"
     env_file:
       - common-security.env
-      - common-sec-stage-gate.env
+      - ${COMMON_SEC_STAGE_GATE_FILE_NAME}
     volumes:
       - edgex-init:/edgex-init:ro
       - /tmp/edgex/secrets/app-functional-tests:/tmp/edgex/secrets/app-functional-tests:ro,z
@@ -38,7 +38,7 @@ services:
     command: "/app-service-configurable --registry ${CP_FLAGS}"
     env_file:
       - common-security.env
-      - common-sec-stage-gate.env
+      - ${COMMON_SEC_STAGE_GATE_FILE_NAME}
     volumes:
       - edgex-init:/edgex-init:ro
       - /tmp/edgex/secrets/app-scalability-test-mqtt-export:/tmp/edgex/secrets/app-scalability-test-mqtt-export:ro,z

docker-compose-arm64.yml

@@ -1303,7 +1303,7 @@ services:
     deploy:
       resources:
         limits:
-          memory: "343254323167232"
+          memory: "4190239719424"
     entrypoint:
       - /edgex-init/vault_wait_install.sh
     environment:
@@ -1328,7 +1328,7 @@ services:
       VAULT_UI: "true"
     hostname: edgex-vault
     image: hashicorp/vault:1.14
-    memswap_limit: "343254323167232"
+    memswap_limit: "4190239719424"
     networks:
       edgex-network: null
     ports:

docker-compose-with-app-sample-arm64.yml

@@ -1380,7 +1380,7 @@ services:
     deploy:
       resources:
         limits:
-          memory: "343254323167232"
+          memory: "4190239719424"
     entrypoint:
       - /edgex-init/vault_wait_install.sh
     environment:
@@ -1405,7 +1405,7 @@ services:
       VAULT_UI: "true"
     hostname: edgex-vault
     image: hashicorp/vault:1.14
-    memswap_limit: "343254323167232"
+    memswap_limit: "4190239719424"
     networks:
       edgex-network: null
     ports:

docker-compose-with-app-sample.yml

@@ -1380,7 +1380,7 @@ services:
     deploy:
       resources:
         limits:
-          memory: "343254323167232"
+          memory: "4190239719424"
     entrypoint:
       - /edgex-init/vault_wait_install.sh
     environment:
@@ -1405,7 +1405,7 @@ services:
       VAULT_UI: "true"
     hostname: edgex-vault
     image: hashicorp/vault:1.14
-    memswap_limit: "343254323167232"
+    memswap_limit: "4190239719424"
     networks:
       edgex-network: null
     ports:

docker-compose-zero-trust-arm64.yml

@@ -1134,7 +1134,7 @@ services:
     deploy:
       resources:
         limits:
-          memory: "343254323167232"
+          memory: "4190239719424"
     entrypoint:
       - /edgex-init/vault_wait_install.sh
     environment:
@@ -1159,7 +1159,7 @@ services:
       VAULT_UI: "true"
     hostname: edgex-vault
     image: hashicorp/vault:1.14
-    memswap_limit: "343254323167232"
+    memswap_limit: "4190239719424"
     networks:
       edgex-network: null
     ports:

docker-compose-zero-trust.yml

@@ -1134,7 +1134,7 @@ services:
     deploy:
       resources:
         limits:
-          memory: "343254323167232"
+          memory: "4190239719424"
     entrypoint:
       - /edgex-init/vault_wait_install.sh
     environment:
@@ -1159,7 +1159,7 @@ services:
       VAULT_UI: "true"
     hostname: edgex-vault
     image: hashicorp/vault:1.14
-    memswap_limit: "343254323167232"
+    memswap_limit: "4190239719424"
     networks:
       edgex-network: null
     ports:

docker-compose.yml

@@ -1303,7 +1303,7 @@ services:
     deploy:
       resources:
         limits:
-          memory: "343254323167232"
+          memory: "4190239719424"
     entrypoint:
       - /edgex-init/vault_wait_install.sh
     environment:
@@ -1328,7 +1328,7 @@ services:
       VAULT_UI: "true"
     hostname: edgex-vault
     image: hashicorp/vault:1.14
-    memswap_limit: "343254323167232"
+    memswap_limit: "4190239719424"
     networks:
       edgex-network: null
     ports:

taf/docker-compose-taf-arm64.yml

@@ -2351,7 +2351,7 @@ services:
     deploy:
       resources:
         limits:
-          memory: "343254323167232"
+          memory: "4190239719424"
     entrypoint:
       - /edgex-init/vault_wait_install.sh
     environment:
@@ -2376,7 +2376,7 @@ services:
       VAULT_UI: "true"
     hostname: edgex-vault
     image: hashicorp/vault:1.14
-    memswap_limit: "343254323167232"
+    memswap_limit: "4190239719424"
     networks:
       edgex-network: null
     ports:

taf/docker-compose-taf-keeper-arm64.yml

@@ -2270,7 +2270,7 @@ services:
     deploy:
       resources:
         limits:
-          memory: "343254323167232"
+          memory: "4190239719424"
     entrypoint:
       - /edgex-init/vault_wait_install.sh
     environment:
@@ -2295,7 +2295,7 @@ services:
       VAULT_UI: "true"
     hostname: edgex-vault
     image: hashicorp/vault:1.14
-    memswap_limit: "343254323167232"
+    memswap_limit: "4190239719424"
     networks:
       edgex-network: null
     ports:

taf/docker-compose-taf-keeper.yml

@@ -2270,7 +2270,7 @@ services:
     deploy:
       resources:
         limits:
-          memory: "343254323167232"
+          memory: "4190239719424"
     entrypoint:
       - /edgex-init/vault_wait_install.sh
     environment:
@@ -2295,7 +2295,7 @@ services:
       VAULT_UI: "true"
     hostname: edgex-vault
     image: hashicorp/vault:1.14
-    memswap_limit: "343254323167232"
+    memswap_limit: "4190239719424"
     networks:
       edgex-network: null
     ports:

taf/docker-compose-taf-mqtt-bus-arm64.yml

@@ -2416,7 +2416,7 @@ services:
     deploy:
       resources:
         limits:
-          memory: "343254323167232"
+          memory: "4190239719424"
     entrypoint:
       - /edgex-init/vault_wait_install.sh
     environment:
@@ -2441,7 +2441,7 @@ services:
       VAULT_UI: "true"
     hostname: edgex-vault
     image: hashicorp/vault:1.14
-    memswap_limit: "343254323167232"
+    memswap_limit: "4190239719424"
     networks:
       edgex-network: null
     ports: