diff --git a/Makefile b/Makefile
index 6fb69d60..5a67a13b 100644
--- a/Makefile
+++ b/Makefile
@@ -94,8 +94,3 @@ get-token:
DEV=$(DEV) \
ARCH=$(ARCH) \
cd ./compose-builder; sh get-api-gateway-token.sh
-
-get-consul-acl-token:
- DEV=$(DEV) \
- ARCH=$(ARCH) \
- cd ./compose-builder; sh ./get-consul-acl-token.sh
diff --git a/README.md b/README.md
index 5b6cc83c..496dd908 100644
--- a/README.md
+++ b/README.md
@@ -118,9 +118,6 @@ The compose files under the `taf` subfolder are used for the automated TAF tests
- `make get-token`
For secure mode only. Runs commands via docker to generate a new API Gateway token.
-- `make get-consul-acl-token`
- For secure mode only. Runs commands via docker to retrieve a Consul Access token.
-
### Additional compose files
- **docker-compose-portainer.yml**
diff --git a/compose-builder/.env b/compose-builder/.env
index 96a273c1..90dd5936 100644
--- a/compose-builder/.env
+++ b/compose-builder/.env
@@ -42,26 +42,9 @@ DEVICE_UART_VERSION=latest
DEVICE_ONVIFCAM_VERSION=latest
DEVICE_USBCAM_VERSION=latest
DEVICE_S7_VERSION=latest
-CP_FLAGS='-cp=keeper.http://edgex-core-keeper:59890'
-DATABASE_HOST=edgex-postgres
-DATABASE_TYPE=postgres
-DATABASE_PORT=5432
-MESSAGEBUS_HOST=edgex-mqtt-broker
-MESSAGEBUS_SECRETNAME=message-bus
-MESSAGEBUS_AUTHMODE=usernamepassword
-MESSAGEBUS_PORT=1883
-MESSAGEBUS_PROTOCOL=tcp
-MESSAGEBUS_TYPE=mqtt
-WRITABLE_INSECURESECRETS_DB_SECRETNAME=postgres
-WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME=postgres
-WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD=postgres
# Lock on OpenBao 2.0 (last MPL-2.0 version)
BAO_VERSION=2.0
-# Lock on Consul 1.16 (last MPL-2.0 version)
-CONSUL_VERSION=1.16
-# Lock on Redis 7.0 until EdgeX 4.0
-REDIS_VERSION=7.0-alpine
POSTGRES_VERSION=16.3-alpine3.20
KUIPER_VERSION=v1.14.0-alpha.2
MOSQUITTO_VERSION=2.0
@@ -70,3 +53,13 @@ NATS_VERSION=2.9-alpine
NGINX_VERSION=1.25-alpine-slim
EDGEX_USER=2002
EDGEX_GROUP=2001
+
+CP_FLAGS='-cp=keeper.http://edgex-core-keeper:59890'
+DATABASE_HOST=edgex-postgres
+DATABASE_PORT=5432
+MESSAGEBUS_HOST=edgex-mqtt-broker
+MESSAGEBUS_SECRETNAME=message-bus
+MESSAGEBUS_AUTHMODE=usernamepassword
+MESSAGEBUS_PORT=1883
+MESSAGEBUS_PROTOCOL=tcp
+MESSAGEBUS_TYPE=mqtt
diff --git a/compose-builder/Makefile b/compose-builder/Makefile
index 0e216faa..2ec31ac7 100644
--- a/compose-builder/Makefile
+++ b/compose-builder/Makefile
@@ -30,7 +30,7 @@ GEN_COMMAND=convert
COMPOSE_FILES:=-f docker-compose-base.yml
TOKEN_LIST=
-KNOWN_SECRETS_LIST=redisdb[app-rules-engine]
+KNOWN_SECRETS_LIST=postgres[app-rules-engine],message-bus[app-rules-engine]
EXTRA_PROXY_ROUTE_LIST=
GEN_EXT_DIR=gen_ext_compose
BUS=
@@ -54,13 +54,12 @@ TAF_BROKER_YAML=add-taf-mqtt-broker-mosquitto.yml
# and don't impact the option list
define OPTIONS
- arm64 no-secty dev app-dev device-dev ui-dev delayed-start -
- - nats-bus redis-bus mqtt-broker mqtt-verbose nanomq -
+ - nats-bus mqtt-broker mqtt-verbose nanomq -
- taf-secty taf-no-secty taf-perf taf-perf-no-secty -
- ds-onvif-camera ds-usb-camera ds-bacnet-ip ds-bacnet-mstp ds-modbus ds-mqtt ds-rest ds-snmp ds-virtual ds-llrp -
- ds-coap ds-gpio ds-uart ds-s7 -
- asc-http asc-mqtt asc-sample asc-metrics as-llrp as-record-replay asc-ex-mqtt -
- modbus-sim zero-trust no-cleanup -
- - redis -
endef
export OPTIONS
@@ -131,23 +130,6 @@ else
export MQTT_VERBOSE=
endif
-ifeq (redis, $(filter redis,$(ARGS)))
- export DATABASE_HOST=edgex-redis
- export DATABASE_TYPE=redisdb
- export DATABASE_PORT=6379
- export WRITABLE_INSECURESECRETS_DB_SECRETNAME=
- COMPOSE_FILES:=$(COMPOSE_FILES) -f add-redis.yml
- ifneq (no-secty, $(filter no-secty,$(ARGS)))
- export WRITABLE_INSECURESECRETS_DB_SECRETNAME=redisdb
- COMPOSE_FILES:=$(COMPOSE_FILES) -f add-secure-redis-db.yml
- endif
-else
- COMPOSE_FILES:=$(COMPOSE_FILES) -f add-postgres.yml
- ifneq (no-secty, $(filter no-secty,$(ARGS)))
- COMPOSE_FILES:=$(COMPOSE_FILES) -f add-secure-postgres.yml
- endif
-endif
-
# When in delay-start mode, ensure support services are delay-start-compliant by adding runtime-token configuration
ifeq (delayed-start,$(filter delayed-start,$(ARGS)))
# Resolve docker rootless environment
@@ -172,9 +154,9 @@ ifeq (ds-onvif-camera, $(filter ds-onvif-camera,$(ARGS)))
TOKEN_LIST:=$(TOKEN_LIST),device-onvif-camera
endif
ifeq ($(KNOWN_SECRETS_LIST),)
- KNOWN_SECRETS_LIST:=redisdb[device-onvif-camera],message-bus[device-onvif-camera]
+ KNOWN_SECRETS_LIST:=message-bus[device-onvif-camera]
else
- KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),redisdb[device-onvif-camera],message-bus[device-onvif-camera]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),message-bus[device-onvif-camera]
endif
PROXY_ROUTE:=device-onvif-camera.http://edgex-device-onvif-camera:59984
ifeq ($(EXTRA_PROXY_ROUTE_LIST),)
@@ -200,9 +182,9 @@ ifeq (ds-usb-camera, $(filter ds-usb-camera,$(ARGS)))
TOKEN_LIST:=$(TOKEN_LIST),device-usb-camera
endif
ifeq ($(KNOWN_SECRETS_LIST),)
- KNOWN_SECRETS_LIST:=redisdb[device-usb-camera],message-bus[device-usb-camera]
+ KNOWN_SECRETS_LIST:=message-bus[device-usb-camera]
else
- KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),redisdb[device-usb-camera],message-bus[device-usb-camera]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),message-bus[device-usb-camera]
endif
PROXY_ROUTE:=device-usb-camera.http://edgex-device-usb-camera:59983
ifeq ($(EXTRA_PROXY_ROUTE_LIST),)
@@ -228,9 +210,9 @@ ifeq (ds-bacnet-ip, $(filter ds-bacnet-ip,$(ARGS)))
TOKEN_LIST:=$(TOKEN_LIST),device-bacnet-ip
endif
ifeq ($(KNOWN_SECRETS_LIST),)
- KNOWN_SECRETS_LIST:=redisdb[device-bacnet-ip],message-bus[device-bacnet-ip]
+ KNOWN_SECRETS_LIST:=message-bus[device-bacnet-ip]
else
- KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),redisdb[device-bacnet-ip],message-bus[device-bacnet-ip]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),message-bus[device-bacnet-ip]
endif
PROXY_ROUTE:=device-bacnet-ip.http://edgex-device-bacnet-ip:59980
ifeq ($(EXTRA_PROXY_ROUTE_LIST),)
@@ -257,9 +239,9 @@ ifeq (ds-bacnet-mstp, $(filter ds-bacnet-mstp,$(ARGS)))
TOKEN_LIST:=$(TOKEN_LIST),device-bacnet-mstp
endif
ifeq ($(KNOWN_SECRETS_LIST),)
- KNOWN_SECRETS_LIST:=redisdb[device-bacnet-mstp],message-bus[device-bacnet-mstp]
+ KNOWN_SECRETS_LIST:=message-bus[device-bacnet-mstp]
else
- KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),redisdb[device-bacnet-mstp],message-bus[device-bacnet-mstp]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),message-bus[device-bacnet-mstp]
endif
PROXY_ROUTE:=device-bacnet-mstp.http://edgex-device-bacnet-mstp:59980
ifeq ($(EXTRA_PROXY_ROUTE_LIST),)
@@ -286,9 +268,9 @@ ifeq (ds-modbus, $(filter ds-modbus,$(ARGS)))
TOKEN_LIST:=$(TOKEN_LIST),device-modbus
endif
ifeq ($(KNOWN_SECRETS_LIST),)
- KNOWN_SECRETS_LIST:=redisdb[device-modbus],message-bus[device-modbus]
+ KNOWN_SECRETS_LIST:=message-bus[device-modbus]
else
- KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),redisdb[device-modbus],message-bus[device-modbus]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),message-bus[device-modbus]
endif
PROXY_ROUTE:=device-modbus.http://edgex-device-modbus:59901
ifeq ($(EXTRA_PROXY_ROUTE_LIST),)
@@ -318,9 +300,9 @@ ifeq (ds-mqtt, $(filter ds-mqtt,$(ARGS)))
TOKEN_LIST:=$(TOKEN_LIST),device-mqtt
endif
ifeq ($(KNOWN_SECRETS_LIST),)
- KNOWN_SECRETS_LIST:=redisdb[device-mqtt],message-bus[device-mqtt]
+ KNOWN_SECRETS_LIST:=message-bus[device-mqtt]
else
- KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),redisdb[device-mqtt],message-bus[device-mqtt]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),message-bus[device-mqtt]
endif
PROXY_ROUTE:=device-mqtt.http://edgex-device-mqtt:59982
ifeq ($(EXTRA_PROXY_ROUTE_LIST),)
@@ -347,9 +329,9 @@ ifeq (ds-rest, $(filter ds-rest,$(ARGS)))
ifneq (no-secty, $(filter no-secty,$(ARGS)))
# Device-rest's token is created by default, so not setting TOKEN_LIST
ifeq ($(KNOWN_SECRETS_LIST),)
- KNOWN_SECRETS_LIST:=redisdb[device-rest],message-bus[device-rest]
+ KNOWN_SECRETS_LIST:=message-bus[device-rest]
else
- KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),redisdb[device-rest],message-bus[device-rest]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),message-bus[device-rest]
endif
PROXY_ROUTE:=device-rest.http://edgex-device-rest:59986
ifeq ($(EXTRA_PROXY_ROUTE_LIST),)
@@ -375,9 +357,9 @@ ifeq (ds-snmp, $(filter ds-snmp,$(ARGS)))
TOKEN_LIST:=$(TOKEN_LIST),device-snmp
endif
ifeq ($(KNOWN_SECRETS_LIST),)
- KNOWN_SECRETS_LIST:=redisdb[device-snmp],message-bus[device-snmp]
+ KNOWN_SECRETS_LIST:=message-bus[device-snmp]
else
- KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),redisdb[device-snmp],message-bus[device-snmp]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),message-bus[device-snmp]
endif
PROXY_ROUTE:=device-snmp.http://edgex-device-snmp:59993
ifeq ($(EXTRA_PROXY_ROUTE_LIST),)
@@ -399,9 +381,9 @@ ifeq (ds-virtual, $(filter ds-virtual,$(ARGS)))
ifneq (no-secty, $(filter no-secty,$(ARGS)))
# Device-virtual's token is created by default, so not setting TOKEN_LIST
ifeq ($(KNOWN_SECRETS_LIST),)
- KNOWN_SECRETS_LIST:=redisdb[device-virtual],message-bus[device-virtual]
+ KNOWN_SECRETS_LIST:=message-bus[device-virtual]
else
- KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),redisdb[device-virtual],message-bus[device-virtual]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),message-bus[device-virtual]
endif
# Device-virtual's proxy is created by default, so not setting EXTRA_PROXY_ROUTE_LIST
extension_file:= $(shell ZERO_TRUST="$(MAKE_ZERO_TRUST)" GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh device-virtual)
@@ -422,9 +404,9 @@ ifeq (ds-llrp, $(filter ds-llrp,$(ARGS)))
TOKEN_LIST:=$(TOKEN_LIST),device-rfid-llrp
endif
ifeq ($(KNOWN_SECRETS_LIST),)
- KNOWN_SECRETS_LIST:=redisdb[device-rfid-llrp],message-bus[device-rfid-llrp]
+ KNOWN_SECRETS_LIST:=message-bus[device-rfid-llrp]
else
- KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),redisdb[device-rfid-llrp],message-bus[device-rfid-llrp]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),message-bus[device-rfid-llrp]
endif
PROXY_ROUTE:=device-rfid-llrp.http://edgex-device-rfid-llrp:59989
ifeq ($(EXTRA_PROXY_ROUTE_LIST),)
@@ -450,9 +432,9 @@ ifeq (ds-coap, $(filter ds-coap,$(ARGS)))
TOKEN_LIST:=$(TOKEN_LIST),device-coap
endif
ifeq ($(KNOWN_SECRETS_LIST),)
- KNOWN_SECRETS_LIST:=redisdb[device-coap],message-bus[device-coap]
+ KNOWN_SECRETS_LIST:=message-bus[device-coap]
else
- KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),redisdb[device-coap],message-bus[device-coap]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),message-bus[device-coap]
endif
PROXY_ROUTE:=device-coap.http://edgex-device-coap:59988
ifeq ($(EXTRA_PROXY_ROUTE_LIST),)
@@ -478,9 +460,9 @@ ifeq (ds-gpio, $(filter ds-gpio,$(ARGS)))
TOKEN_LIST:=$(TOKEN_LIST),device-gpio
endif
ifeq ($(KNOWN_SECRETS_LIST),)
- KNOWN_SECRETS_LIST:=redisdb[device-gpio],message-bus[device-gpio]
+ KNOWN_SECRETS_LIST:=message-bus[device-gpio]
else
- KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),redisdb[device-gpio],message-bus[device-gpio]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),message-bus[device-gpio]
endif
PROXY_ROUTE:=device-gpio.http://edgex-device-gpio:59910
ifeq ($(EXTRA_PROXY_ROUTE_LIST),)
@@ -506,9 +488,9 @@ ifeq (ds-uart, $(filter ds-uart,$(ARGS)))
TOKEN_LIST:=$(TOKEN_LIST),device-uart
endif
ifeq ($(KNOWN_SECRETS_LIST),)
- KNOWN_SECRETS_LIST:=redisdb[device-uart],message-bus[device-uart]
+ KNOWN_SECRETS_LIST:=message-bus[device-uart]
else
- KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),redisdb[device-uart],message-bus[device-uart]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),message-bus[device-uart]
endif
PROXY_ROUTE:=device-uart.http://edgex-device-uart:59995
ifeq ($(EXTRA_PROXY_ROUTE_LIST),)
@@ -534,9 +516,9 @@ ifeq (ds-s7, $(filter ds-s7,$(ARGS)))
TOKEN_LIST:=$(TOKEN_LIST),device-s7
endif
ifeq ($(KNOWN_SECRETS_LIST),)
- KNOWN_SECRETS_LIST:=redisdb[device-s7],message-bus[device-s7]
+ KNOWN_SECRETS_LIST:=message-bus[device-s7]
else
- KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),redisdb[device-s7],message-bus[device-s7]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),message-bus[device-s7]
endif
PROXY_ROUTE:=device-s7.http://edgex-device-s7:59994
ifeq ($(EXTRA_PROXY_ROUTE_LIST),)
@@ -568,9 +550,9 @@ ifeq (asc-http, $(filter asc-http,$(ARGS)))
TOKEN_LIST:=$(TOKEN_LIST),app-http-export
endif
ifeq ($(KNOWN_SECRETS_LIST),)
- KNOWN_SECRETS_LIST:=redisdb[app-http-export],message-bus[app-http-export]
+ KNOWN_SECRETS_LIST:=postgres[app-http-export],message-bus[app-http-export]
else
- KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),redisdb[app-http-export],message-bus[app-http-export]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),postgres[app-http-export],message-bus[app-http-export]
endif
PROXY_ROUTE:=app-http-export.http://edgex-app-http-export:59704
ifeq ($(EXTRA_PROXY_ROUTE_LIST),)
@@ -599,9 +581,9 @@ ifeq (asc-mqtt, $(filter asc-mqtt,$(ARGS)))
TOKEN_LIST:=$(TOKEN_LIST),app-mqtt-export
endif
ifeq ($(KNOWN_SECRETS_LIST),)
- KNOWN_SECRETS_LIST:=redisdb[app-mqtt-export],message-bus[app-mqtt-export]
+ KNOWN_SECRETS_LIST:=postgres[app-mqtt-export],message-bus[app-mqtt-export]
else
- KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),redisdb[app-mqtt-export],message-bus[app-mqtt-export]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),postgres[app-mqtt-export],message-bus[app-mqtt-export]
endif
ifeq ($(BUS),)
IS_MQTT_BUS:=1
@@ -636,9 +618,9 @@ ifeq (asc-sample, $(filter asc-sample,$(ARGS)))
TOKEN_LIST:=$(TOKEN_LIST),app-sample
endif
ifeq ($(KNOWN_SECRETS_LIST),)
- KNOWN_SECRETS_LIST:=redisdb[app-sample],message-bus[app-sample]
+ KNOWN_SECRETS_LIST:=postgres[app-sample],message-bus[app-sample]
else
- KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),redisdb[app-sample],message-bus[app-sample]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),postgres[app-sample],message-bus[app-sample]
endif
PROXY_ROUTE:=app-sample.http://edgex-app-sample:59700
ifeq ($(EXTRA_PROXY_ROUTE_LIST),)
@@ -668,9 +650,9 @@ ifeq (asc-metrics, $(filter asc-metrics,$(ARGS)))
TOKEN_LIST:=$(TOKEN_LIST),app-metrics-influxdb
endif
ifeq ($(KNOWN_SECRETS_LIST),)
- KNOWN_SECRETS_LIST:=redisdb[app-metrics-influxdb],message-bus[app-metrics-influxdb]
+ KNOWN_SECRETS_LIST:=postgres[app-metrics-influxdb],message-bus[app-metrics-influxdb]
else
- KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),redisdb[app-metrics-influxdb],message-bus[app-metrics-influxdb]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),postgres[app-metrics-influxdb],message-bus[app-metrics-influxdb]
endif
PROXY_ROUTE:=app-metrics-influxdb.http://edgex-app-metrics-influxdb:59707
ifeq ($(EXTRA_PROXY_ROUTE_LIST),)
@@ -699,9 +681,9 @@ ifeq (as-llrp, $(filter as-llrp,$(ARGS)))
TOKEN_LIST:=$(TOKEN_LIST),app-rfid-llrp-inventory
endif
ifeq ($(KNOWN_SECRETS_LIST),)
- KNOWN_SECRETS_LIST:=redisdb[app-rfid-llrp-inventory],message-bus[app-rfid-llrp-inventory]
+ KNOWN_SECRETS_LIST:=postgres[app-rfid-llrp-inventory],message-bus[app-rfid-llrp-inventory]
else
- KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),redisdb[app-rfid-llrp-inventory],message-bus[app-rfid-llrp-inventory]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),postgres[app-rfid-llrp-inventory],message-bus[app-rfid-llrp-inventory]
endif
PROXY_ROUTE:=app-rfid-llrp-inventory.http://edgex-app-rfid-llrp-inventory:59711
ifeq ($(EXTRA_PROXY_ROUTE_LIST),)
@@ -729,9 +711,9 @@ ifeq (as-record-replay, $(filter as-record-replay,$(ARGS)))
TOKEN_LIST:=$(TOKEN_LIST),app-record-replay
endif
ifeq ($(KNOWN_SECRETS_LIST),)
- KNOWN_SECRETS_LIST:=redisdb[app-record-replay],message-bus[app-record-replay]
+ KNOWN_SECRETS_LIST:=postgres[app-record-replay],message-bus[app-record-replay]
else
- KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),redisdb[app-record-replay],message-bus[app-record-replay]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),postgres[app-record-replay],message-bus[app-record-replay]
endif
PROXY_ROUTE:=app-record-replay.http://edgex-app-record-replay:59712
ifeq ($(EXTRA_PROXY_ROUTE_LIST),)
@@ -798,21 +780,9 @@ ifeq (delayed-start, $(filter delayed-start,$(ARGS)))
endif
# Add a MQTT Broker
-ifeq (mqtt-broker, $(filter mqtt-broker,$(ARGS)))
- ifeq (nanomq, $(filter nanomq,$(ARGS)))
- # When just extra un-secured MQTT Broker, nanomq can be used in secure/non-secure modes
- BROKER_YAML=add-mqtt-broker-nanomq.yml
- endif
- COMPOSE_FILES:=$(COMPOSE_FILES) -f ${BROKER_YAML}
-endif
-
-# Add switch to use REDIS Message Bus
-ifeq (redis-bus, $(filter redis-bus,$(ARGS)))
- BUS:=-redis-bus
- COMPOSE_FILES:=$(COMPOSE_FILES) -f add-redis-messagebus.yml
- ifneq (no-secty, $(filter no-secty,$(ARGS)))
- COMPOSE_FILES:=$(COMPOSE_FILES) -f add-secure-redis-messagebus.yml
- endif
+ifeq (nanomq, $(filter nanomq,$(ARGS)))
+ # When just extra un-secured MQTT Broker, nanomq can be used in secure/non-secure modes
+ BROKER_YAML=add-mqtt-broker-nanomq.yml
endif
# Add switch to use NATS Message Bus
@@ -826,18 +796,14 @@ ifeq (no-secty, $(filter no-secty,$(ARGS)))
export MESSAGEBUS_SECRETNAME=
export MESSAGEBUS_AUTHMODE=none
NO_SECURITY:=-no-secty
+ COMPOSE_FILES:=$(COMPOSE_FILES) -f add-postgres.yml
ifeq ($(BUS),) # if BUS not set, then we are using secure mqtt messagebus by default
IS_MQTT_BUS:=1
COMPOSE_FILES:=$(COMPOSE_FILES) -f add-mqtt-messagebus.yml -f ${BROKER_YAML}
endif
else
- COMPOSE_FILES:=$(COMPOSE_FILES) -f add-security.yml
- ifeq (redis, $(filter redis,$(ARGS)))
- COMPOSE_FILES:=$(COMPOSE_FILES) -f add-secure-redis-db.yml
- BUS:=-redis-bus
- else
- COMPOSE_FILES:=$(COMPOSE_FILES) -f add-secure-postgres.yml
- endif
+ COMPOSE_FILES:=$(COMPOSE_FILES) -f add-security.yml -f add-postgres.yml -f add-secure-postgres.yml
+
ifeq ($(BUS),) # if BUS not set, then we are using secure mqtt messagebus by default
IS_MQTT_BUS:=1
COMPOSE_FILES:=$(COMPOSE_FILES) -f add-mqtt-messagebus.yml -f add-secure-mqtt-messagebus.yml -f ${BROKER_YAML}
@@ -853,7 +819,7 @@ ifeq (taf-secty, $(filter taf-secty,$(ARGS)))
TOKEN_LIST:=app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera
# Note that the services in this list should be separated by ';', but that causes issues with build scripts, so
# have to list them individually.
- KNOWN_SECRETS_LIST:=redisdb[app-rules-engine],redisdb[app-http-export],redisdb[app-mqtt-export],redisdb[app-scalability-test-mqtt-export],redisdb[app-sample],redisdb[device-modbus],redisdb[device-rest],redisdb[device-virtual],redisdb[device-onvif-camera]
+ KNOWN_SECRETS_LIST:=postgres[app-rules-engine],postgres[app-http-export],postgres[app-mqtt-export],postgres[app-scalability-test-mqtt-export],postgres[app-sample]
KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),message-bus[app-rules-engine],message-bus[app-http-export],message-bus[app-mqtt-export],message-bus[app-external-mqtt-trigger],message-bus[app-scalability-test-mqtt-export],message-bus[app-sample],message-bus[device-modbus],message-bus[device-rest],message-bus[device-virtual],message-bus[device-onvif-camera]
EXTRA_PROXY_ROUTE_LIST:=device-modbus.http://edgex-device-modbus:59901
@@ -935,11 +901,12 @@ else
else
# Build compose for TAF secure performance testing (ignore all other compose file options)
ifeq (taf-perf, $(filter taf-perf,$(ARGS)))
- TOKEN_LIST:=app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export
+ TOKEN_LIST:=app-rules-engine,app-mqtt-export
# Note that the services in this list should be separated by ';', but that causes issues with build scripts, so
# have to list them individually.
- KNOWN_SECRETS_LIST:=redisdb[app-rules-engine],redisdb[app-http-export],redisdb[app-mqtt-export],redisdb[app-scalability-test-mqtt-export],redisdb[device-rest],redisdb[device-virtual]
- EXTRA_PROXY_ROUTE_LIST:=device-modbus.http://edgex-device-modbus:59901
+ KNOWN_SECRETS_LIST:=postgres[app-rules-engine],postgres[app-mqtt-export]
+ KNOWN_SECRETS_LIST:=$(KNOWN_SECRETS_LIST),message-bus[app-rules-engine],message-bus[app-mqtt-export],message-bus[device-rest],message-bus[device-virtual]
+ EXTRA_PROXY_ROUTE_LIST:=device-modbus.http://edgex-device-modbus:59901,device-rest.http://edgex-device-rest:59986
COMPOSE_FILES:= \
-f docker-compose-base.yml \
@@ -950,8 +917,8 @@ else
-f add-asc-mqtt-export.yml \
-f add-device-virtual.yml \
-f add-device-rest.yml \
- -f add-mqtt-broker-mosquitto.yml \
- -f add-taf-mqtt-broker-mosquitto.yml \
+ -f ${BROKER_YAML} \
+ -f ${TAF_BROKER_YAML} \
-f add-delayed-start-services.yml \
-f add-postgres.yml \
-f add-secure-postgres.yml
@@ -1017,6 +984,7 @@ define COMPOSE_DOWN
-f add-app-rfid-llrp-inventory.yml \
-f add-app-record-replay.yml \
-f add-modbus-simulator.yml \
+ -f add-mqtt-broker-nanomq.yml \
-f add-mqtt-broker-mosquitto.yml \
-f add-secure-mqtt-broker.yml \
-f add-mqtt-messagebus.yml \
@@ -1024,13 +992,9 @@ define COMPOSE_DOWN
-f add-nats-messagebus.yml \
-f add-security.yml \
-f add-security-proxy.yml \
- -f add-secure-redis-messagebus.yml \
-f add-delayed-start-services.yml \
-f add-postgres.yml \
- -f add-secure-postgres.yml \
- -f add-redis.yml \
- -f add-secure-redis-db.yml \
- -f add-redis-messagebus.yml
+ -f add-secure-postgres.yml
down $1
endef
diff --git a/compose-builder/README.md b/compose-builder/README.md
index 1686ecc7..be7ee26a 100644
--- a/compose-builder/README.md
+++ b/compose-builder/README.md
@@ -57,8 +57,6 @@ This folder contains the following compose files:
Base non-secure mode compose file with PostgreSQL as database. Contains all the services that run in the non-secure configuration, including the UI.
- **add-security.yml**
Security **extending** compose file. Adds the additional security services and configuration of services so that all the services are running in the secure configuration.
-- **add-secure-redis-messagebus.yml**
- Secure Redis MessageBus **extending** compose file. Adds the additional security configuration for when Redis is used as MessageBus in secure mode so Kuiper can connect to the secure MessageBus.
- **add-delayed-start-services.yml**
Secure delayed start services **extending** compose file. Adds additional delayed start services based on spire/spiffe implementation to provide the secret store token on the runtime secure configuration.
- **add-device-bacnet-ip.yml**
@@ -387,13 +385,6 @@ Options:
KEY_INPUT_FILE=: the full file name path to your own key file, this is required
```
-#### Get-consul-acl-token
-
-```
-get-consul-acl-token
-Retrieves the Consul ACL token
-```
-
#### Build Canned
```
build-canned
@@ -458,8 +449,6 @@ Options:
as-record-replay: Generates compose file with App Record & Replay included
asc-ex-mqtt: Generates compose file with App Service External MQTT Trigger included
mqtt-broker: Generates compose file with a MQTT Broker service included
- mqtt-bus: Generates compose file with services configure for MQTT Message Bus
- The MQTT Broker service is also included.
nanomq: ** Experimental **
Generates compose file with NonoMQ MQTT broker when mqtt-broker or mqtt-bus are specified
Not valid in secure mode when uses with mqtt-bus
diff --git a/compose-builder/add-postgres.yml b/compose-builder/add-postgres.yml
index bc767ad8..ea90a853 100644
--- a/compose-builder/add-postgres.yml
+++ b/compose-builder/add-postgres.yml
@@ -13,8 +13,6 @@
# *
# *******************************************************************************/
-# TODO: Move the content of this Docker Compose file to add-security.yml when the redis database support is removed
-
volumes:
db-data:
@@ -38,5 +36,3 @@ services:
- no-new-privileges:true
tmpfs:
- /run
-
-
diff --git a/compose-builder/add-redis-messagebus.yml b/compose-builder/add-redis-messagebus.yml
deleted file mode 100644
index 04944bba..00000000
--- a/compose-builder/add-redis-messagebus.yml
+++ /dev/null
@@ -1,36 +0,0 @@
-# /*******************************************************************************
-# * Copyright 2022 Intel Corporation.
-# *
-# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
-# * in compliance with the License. You may obtain a copy of the License at
-# *
-# * http://www.apache.org/licenses/LICENSE-2.0
-# *
-# * Unless required by applicable law or agreed to in writing, software distributed under the License
-# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# * or implied. See the License for the specific language governing permissions and limitations under
-# * the License.
-# *
-# *******************************************************************************/
-
-services:
- core-common-config-bootstrapper:
- environment:
- ALL_SERVICES_MESSAGEBUS_TYPE: redis
- ALL_SERVICES_MESSAGEBUS_PROTOCOL: redisdb
- ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis
- ALL_SERVICES_MESSAGEBUS_PORT: 6379
- ALL_SERVICES_MESSAGEBUS_AUTHMODE: none
-
- rules-engine:
- environment:
- CONNECTION__EDGEX__REDISMSGBUS__PORT: 6379
- CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis
- CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis
- CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis
- EDGEX__DEFAULT__PORT: 6379
- EDGEX__DEFAULT__PROTOCOL: redis
- EDGEX__DEFAULT__SERVER: edgex-redis
- EDGEX__DEFAULT__TYPE: redis
- depends_on:
- - database
\ No newline at end of file
diff --git a/compose-builder/add-redis.yml b/compose-builder/add-redis.yml
deleted file mode 100644
index 7cb1f1b5..00000000
--- a/compose-builder/add-redis.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-# /*******************************************************************************
-# * Copyright 2024 IOTech Ltd
-# *
-# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
-# * in compliance with the License. You may obtain a copy of the License at
-# *
-# * http://www.apache.org/licenses/LICENSE-2.0
-# *
-# * Unless required by applicable law or agreed to in writing, software distributed under the License
-# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# * or implied. See the License for the specific language governing permissions and limitations under
-# * the License.
-# *
-# *******************************************************************************/
-
-volumes:
- db-data:
-
-services:
- database:
- image: redis:${REDIS_VERSION}
- user: "root:root" # Note that Redis is run under the 'redis' user, but entry point scripts need to first run as root
- ports:
- - "127.0.0.1:6379:6379"
- container_name: edgex-redis
- hostname: edgex-redis
- read_only: true
- restart: always
- networks:
- - edgex-network
- volumes:
- - db-data:/data
- security_opt:
- - no-new-privileges:true
\ No newline at end of file
diff --git a/compose-builder/add-secure-postgres.yml b/compose-builder/add-secure-postgres.yml
index 403c48b8..21093544 100644
--- a/compose-builder/add-secure-postgres.yml
+++ b/compose-builder/add-secure-postgres.yml
@@ -13,8 +13,6 @@
# *
# *******************************************************************************/
-# TODO: Move the content of this Docker Compose file to add-security.yml when the redis database support is removed
-
volumes:
postgres-data:
diff --git a/compose-builder/add-secure-redis-db.yml b/compose-builder/add-secure-redis-db.yml
deleted file mode 100644
index 8dd9dd36..00000000
--- a/compose-builder/add-secure-redis-db.yml
+++ /dev/null
@@ -1,45 +0,0 @@
-# /*******************************************************************************
-# * Copyright 2024 IOTech Ltd
-# *
-# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
-# * in compliance with the License. You may obtain a copy of the License at
-# *
-# * http://www.apache.org/licenses/LICENSE-2.0
-# *
-# * Unless required by applicable law or agreed to in writing, software distributed under the License
-# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# * or implied. See the License for the specific language governing permissions and limitations under
-# * the License.
-# *
-# *******************************************************************************/
-
-volumes:
- edgex-init:
- # non-shared volumes
- redis-config:
-
-services:
- database:
- entrypoint: ["/edgex-init/redis_wait_install.sh"]
- env_file:
- - common-security.env
- - common-sec-stage-gate.env
- environment:
- DATABASECONFIG_PATH: /run/redis/conf
- DATABASECONFIG_NAME: redis.conf
- tmpfs:
- - /run
- volumes:
- - edgex-init:/edgex-init:ro
- - redis-config:/run/redis/conf
- - /tmp/edgex/secrets/security-bootstrapper-redis:/tmp/edgex/secrets/security-bootstrapper-redis:ro,z
- depends_on:
- - security-bootstrapper
- - security-secretstore-setup
-
- core-common-config-bootstrapper:
- environment:
- ALL_SERVICES_DATABASE_HOST: edgex-redis
- ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis
- ALL_SERVICES_MESSAGEBUS_PORT: 6379
- ALL_SERVICES_MESSAGEBUS_AUTHMODE: none
diff --git a/compose-builder/add-secure-redis-messagebus.yml b/compose-builder/add-secure-redis-messagebus.yml
deleted file mode 100644
index 0470cf47..00000000
--- a/compose-builder/add-secure-redis-messagebus.yml
+++ /dev/null
@@ -1,44 +0,0 @@
-# /*******************************************************************************
-# * Copyright 2021 Intel Corporation.
-# *
-# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
-# * in compliance with the License. You may obtain a copy of the License at
-# *
-# * http://www.apache.org/licenses/LICENSE-2.0
-# *
-# * Unless required by applicable law or agreed to in writing, software distributed under the License
-# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# * or implied. See the License for the specific language governing permissions and limitations under
-# * the License.
-# *
-# *******************************************************************************/
-
-volumes:
- kuiper-sources:
- kuiper-connections:
-
-services:
- security-secretstore-setup:
- volumes:
- - kuiper-sources:/tmp/kuiper
- - kuiper-connections:/tmp/kuiper-connections
- environment:
- SECUREMESSAGEBUS_TYPE: redis
-
- core-common-config-bootstrapper:
- environment:
- ALL_SERVICES_MESSAGEBUS_AUTHMODE: usernamepassword
- ALL_SERVICES_MESSAGEBUS_SECRETNAME: redisdb
-
- rules-engine:
- entrypoint: [ "/edgex-init/kuiper_wait_install.sh" ]
- env_file:
- - common-sec-stage-gate.env
- volumes:
- - kuiper-sources:/kuiper/etc/sources
- - kuiper-connections:/kuiper/etc/connections
- - edgex-init:/edgex-init:ro
- depends_on:
- - security-bootstrapper
- - security-secretstore-setup
- - database
diff --git a/compose-builder/add-security.yml b/compose-builder/add-security.yml
index ecd05f91..f8bdbf47 100644
--- a/compose-builder/add-security.yml
+++ b/compose-builder/add-security.yml
@@ -54,8 +54,8 @@ services:
EDGEX_GROUP: ${EDGEX_GROUP}
# Uncomment and modify the following "EDGEX_ADD_SECRETSTORE_TOKENS" to add the additional secret store tokens on the fly
# the secret store token is required if you have added registry acl roles from env "EDGEX_ADD_REGISTRY_ACL_ROLES"
- # in service "consul".
- #EDGEX_ADD_SECRETSTORE_TOKENS: app-sample,app-rules-engine-redis, app-rules-engine-mqtt, app-push-to-core
+ # in registry service.
+ #EDGEX_ADD_SECRETSTORE_TOKENS: app-sample,app-rules-engine, app-push-to-core
read_only: true
restart: always
networks:
@@ -130,7 +130,6 @@ services:
depends_on:
- security-bootstrapper
- security-secretstore-setup
- - database
support-notifications:
env_file:
@@ -211,7 +210,6 @@ services:
- security-secretstore-setup
# this is to make sure the service is started after security-bootstrapper process is done
- # because it needs to await Consul roles to be created
app-rules-engine:
entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"]
command: "/app-service-configurable --registry ${CP_FLAGS}"
diff --git a/compose-builder/docker-compose-base.yml b/compose-builder/docker-compose-base.yml
index 0efcbbad..ef60aafd 100644
--- a/compose-builder/docker-compose-base.yml
+++ b/compose-builder/docker-compose-base.yml
@@ -42,24 +42,21 @@ services:
env_file:
- common-non-security.env
environment:
- DATABASE_HOST: ${DATABASE_HOST}
- DATABASE_TYPE: ${DATABASE_TYPE}
- DATABASE_PORT: ${DATABASE_PORT}
MESSAGEBUS_HOST: ${MESSAGEBUS_HOST}
MESSAGEBUS_AUTHMODE: ${MESSAGEBUS_AUTHMODE}
MESSAGEBUS_SECRETNAME: ${MESSAGEBUS_SECRETNAME}
MESSAGEBUS_PORT: ${MESSAGEBUS_PORT}
MESSAGEBUS_PROTOCOL: ${MESSAGEBUS_PROTOCOL}
MESSAGEBUS_TYPE: ${MESSAGEBUS_TYPE}
- WRITABLE_INSECURESECRETS_DB_SECRETNAME: ${WRITABLE_INSECURESECRETS_DB_SECRETNAME}
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: ${WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME}
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: ${WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD}
SERVICE_HOST: edgex-core-keeper
+ DATABASE_HOST: ${DATABASE_HOST}
security_opt:
- no-new-privileges:true
volumes:
# use host timezone
- /etc/localtime:/etc/localtime:ro
+ depends_on:
+ - database
support-notifications:
image: ${CORE_EDGEX_REPOSITORY}/support-notifications${ARCH}:${CORE_EDGEX_VERSION}
@@ -205,7 +202,7 @@ services:
- common-non-security.env
environment:
ALL_SERVICES_REGISTRY_HOST: edgex-core-keeper
- ALL_SERVICES_DATABASE_HOST: edgex-postgres
+ ALL_SERVICES_DATABASE_HOST: ${DATABASE_HOST}
ALL_SERVICES_MESSAGEBUS_HOST: ${MESSAGEBUS_HOST}
APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata
DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata
diff --git a/compose-builder/get-consul-acl-token.sh b/compose-builder/get-consul-acl-token.sh
deleted file mode 100755
index 4b97c5fc..00000000
--- a/compose-builder/get-consul-acl-token.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/sh
-# /*******************************************************************************
-# * Copyright 2022 Intel Corporation.
-# *
-# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
-# * in compliance with the License. You may obtain a copy of the License at
-# *
-# * http://www.apache.org/licenses/LICENSE-2.0
-# *
-# * Unless required by applicable law or agreed to in writing, software distributed under the License
-# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# * or implied. See the License for the specific language governing permissions and limitations under
-# * the License.
-# *******************************************************************************/
-
-# versions are loaded from .env file
-. ./.env
-
-docker exec -it edgex-core-consul /bin/sh -c \
- 'cat "$STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH" | jq -r '.SecretID' '
diff --git a/docker-compose-arm64.yml b/docker-compose-arm64.yml
index 9b409c79..9998a06a 100644
--- a/docker-compose-arm64.yml
+++ b/docker-compose-arm64.yml
@@ -343,8 +343,6 @@ services:
required: true
environment:
DATABASE_HOST: edgex-postgres
- DATABASE_PORT: "5432"
- DATABASE_TYPE: postgres
EDGEX_SECURITY_SECRET_STORE: "true"
MESSAGEBUS_AUTHMODE: usernamepassword
MESSAGEBUS_HOST: edgex-mqtt-broker
@@ -368,9 +366,6 @@ services:
STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup
STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322"
STAGEGATE_WAITFOR_TIMEOUT: 60s
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres
hostname: edgex-core-keeper
image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest
networks:
@@ -888,7 +883,7 @@ services:
deploy:
resources:
limits:
- memory: "4190239719424"
+ memory: "4190235525120"
entrypoint:
- /edgex-init/secretstore_wait_install.sh
environment:
@@ -912,7 +907,7 @@ services:
STAGEGATE_WAITFOR_TIMEOUT: 60s
hostname: edgex-secret-store
image: openbao/openbao:2.0
- memswap_limit: "4190239719424"
+ memswap_limit: "4190235525120"
networks:
edgex-network: null
ports:
@@ -1125,7 +1120,7 @@ services:
condition: service_started
required: true
environment:
- EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[device-rest],message-bus[device-rest],redisdb[device-virtual],message-bus[device-virtual]
+ EDGEX_ADD_KNOWN_SECRETS: postgres[app-rules-engine],message-bus[app-rules-engine],message-bus[device-rest],message-bus[device-virtual]
EDGEX_ADD_SECRETSTORE_TOKENS: ""
EDGEX_GROUP: "2001"
EDGEX_SECURITY_SECRET_STORE: "true"
diff --git a/docker-compose-no-secty-arm64.yml b/docker-compose-no-secty-arm64.yml
index d62b11bb..5f4df3b5 100644
--- a/docker-compose-no-secty-arm64.yml
+++ b/docker-compose-no-secty-arm64.yml
@@ -186,10 +186,12 @@ services:
create_host_path: true
core-keeper:
container_name: edgex-core-keeper
+ depends_on:
+ database:
+ condition: service_started
+ required: true
environment:
DATABASE_HOST: edgex-postgres
- DATABASE_PORT: "5432"
- DATABASE_TYPE: postgres
EDGEX_SECURITY_SECRET_STORE: "false"
MESSAGEBUS_AUTHMODE: none
MESSAGEBUS_HOST: edgex-mqtt-broker
@@ -198,9 +200,6 @@ services:
MESSAGEBUS_SECRETNAME: ""
MESSAGEBUS_TYPE: mqtt
SERVICE_HOST: edgex-core-keeper
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres
hostname: edgex-core-keeper
image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest
networks:
diff --git a/docker-compose-no-secty-with-app-sample-arm64.yml b/docker-compose-no-secty-with-app-sample-arm64.yml
index 4fef937a..0c439075 100644
--- a/docker-compose-no-secty-with-app-sample-arm64.yml
+++ b/docker-compose-no-secty-with-app-sample-arm64.yml
@@ -230,10 +230,12 @@ services:
create_host_path: true
core-keeper:
container_name: edgex-core-keeper
+ depends_on:
+ database:
+ condition: service_started
+ required: true
environment:
DATABASE_HOST: edgex-postgres
- DATABASE_PORT: "5432"
- DATABASE_TYPE: postgres
EDGEX_SECURITY_SECRET_STORE: "false"
MESSAGEBUS_AUTHMODE: none
MESSAGEBUS_HOST: edgex-mqtt-broker
@@ -242,9 +244,6 @@ services:
MESSAGEBUS_SECRETNAME: ""
MESSAGEBUS_TYPE: mqtt
SERVICE_HOST: edgex-core-keeper
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres
hostname: edgex-core-keeper
image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest
networks:
diff --git a/docker-compose-no-secty-with-app-sample.yml b/docker-compose-no-secty-with-app-sample.yml
index 0da5056c..f7ec409c 100644
--- a/docker-compose-no-secty-with-app-sample.yml
+++ b/docker-compose-no-secty-with-app-sample.yml
@@ -230,10 +230,12 @@ services:
create_host_path: true
core-keeper:
container_name: edgex-core-keeper
+ depends_on:
+ database:
+ condition: service_started
+ required: true
environment:
DATABASE_HOST: edgex-postgres
- DATABASE_PORT: "5432"
- DATABASE_TYPE: postgres
EDGEX_SECURITY_SECRET_STORE: "false"
MESSAGEBUS_AUTHMODE: none
MESSAGEBUS_HOST: edgex-mqtt-broker
@@ -242,9 +244,6 @@ services:
MESSAGEBUS_SECRETNAME: ""
MESSAGEBUS_TYPE: mqtt
SERVICE_HOST: edgex-core-keeper
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres
hostname: edgex-core-keeper
image: nexus3.edgexfoundry.org:10004/core-keeper:latest
networks:
diff --git a/docker-compose-no-secty.yml b/docker-compose-no-secty.yml
index b889d470..66d81742 100644
--- a/docker-compose-no-secty.yml
+++ b/docker-compose-no-secty.yml
@@ -186,10 +186,12 @@ services:
create_host_path: true
core-keeper:
container_name: edgex-core-keeper
+ depends_on:
+ database:
+ condition: service_started
+ required: true
environment:
DATABASE_HOST: edgex-postgres
- DATABASE_PORT: "5432"
- DATABASE_TYPE: postgres
EDGEX_SECURITY_SECRET_STORE: "false"
MESSAGEBUS_AUTHMODE: none
MESSAGEBUS_HOST: edgex-mqtt-broker
@@ -198,9 +200,6 @@ services:
MESSAGEBUS_SECRETNAME: ""
MESSAGEBUS_TYPE: mqtt
SERVICE_HOST: edgex-core-keeper
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres
hostname: edgex-core-keeper
image: nexus3.edgexfoundry.org:10004/core-keeper:latest
networks:
diff --git a/docker-compose-with-app-sample-arm64.yml b/docker-compose-with-app-sample-arm64.yml
index 0e24007e..77056e5d 100644
--- a/docker-compose-with-app-sample-arm64.yml
+++ b/docker-compose-with-app-sample-arm64.yml
@@ -420,8 +420,6 @@ services:
required: true
environment:
DATABASE_HOST: edgex-postgres
- DATABASE_PORT: "5432"
- DATABASE_TYPE: postgres
EDGEX_SECURITY_SECRET_STORE: "true"
MESSAGEBUS_AUTHMODE: usernamepassword
MESSAGEBUS_HOST: edgex-mqtt-broker
@@ -445,9 +443,6 @@ services:
STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup
STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322"
STAGEGATE_WAITFOR_TIMEOUT: 60s
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres
hostname: edgex-core-keeper
image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest
networks:
@@ -965,7 +960,7 @@ services:
deploy:
resources:
limits:
- memory: "4190239719424"
+ memory: "4190235525120"
entrypoint:
- /edgex-init/secretstore_wait_install.sh
environment:
@@ -989,7 +984,7 @@ services:
STAGEGATE_WAITFOR_TIMEOUT: 60s
hostname: edgex-secret-store
image: openbao/openbao:2.0
- memswap_limit: "4190239719424"
+ memswap_limit: "4190235525120"
networks:
edgex-network: null
ports:
@@ -1202,7 +1197,7 @@ services:
condition: service_started
required: true
environment:
- EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[device-rest],message-bus[device-rest],redisdb[device-virtual],message-bus[device-virtual],redisdb[app-sample],message-bus[app-sample]
+ EDGEX_ADD_KNOWN_SECRETS: postgres[app-rules-engine],message-bus[app-rules-engine],message-bus[device-rest],message-bus[device-virtual],postgres[app-sample],message-bus[app-sample]
EDGEX_ADD_SECRETSTORE_TOKENS: app-sample
EDGEX_GROUP: "2001"
EDGEX_SECURITY_SECRET_STORE: "true"
diff --git a/docker-compose-with-app-sample.yml b/docker-compose-with-app-sample.yml
index 18622ea6..389483a3 100644
--- a/docker-compose-with-app-sample.yml
+++ b/docker-compose-with-app-sample.yml
@@ -420,8 +420,6 @@ services:
required: true
environment:
DATABASE_HOST: edgex-postgres
- DATABASE_PORT: "5432"
- DATABASE_TYPE: postgres
EDGEX_SECURITY_SECRET_STORE: "true"
MESSAGEBUS_AUTHMODE: usernamepassword
MESSAGEBUS_HOST: edgex-mqtt-broker
@@ -445,9 +443,6 @@ services:
STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup
STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322"
STAGEGATE_WAITFOR_TIMEOUT: 60s
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres
hostname: edgex-core-keeper
image: nexus3.edgexfoundry.org:10004/core-keeper:latest
networks:
@@ -965,7 +960,7 @@ services:
deploy:
resources:
limits:
- memory: "4190239719424"
+ memory: "4190235525120"
entrypoint:
- /edgex-init/secretstore_wait_install.sh
environment:
@@ -989,7 +984,7 @@ services:
STAGEGATE_WAITFOR_TIMEOUT: 60s
hostname: edgex-secret-store
image: openbao/openbao:2.0
- memswap_limit: "4190239719424"
+ memswap_limit: "4190235525120"
networks:
edgex-network: null
ports:
@@ -1202,7 +1197,7 @@ services:
condition: service_started
required: true
environment:
- EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[device-rest],message-bus[device-rest],redisdb[device-virtual],message-bus[device-virtual],redisdb[app-sample],message-bus[app-sample]
+ EDGEX_ADD_KNOWN_SECRETS: postgres[app-rules-engine],message-bus[app-rules-engine],message-bus[device-rest],message-bus[device-virtual],postgres[app-sample],message-bus[app-sample]
EDGEX_ADD_SECRETSTORE_TOKENS: app-sample
EDGEX_GROUP: "2001"
EDGEX_SECURITY_SECRET_STORE: "true"
diff --git a/docker-compose-zero-trust-arm64.yml b/docker-compose-zero-trust-arm64.yml
index 0e927b16..ea95a6c3 100644
--- a/docker-compose-zero-trust-arm64.yml
+++ b/docker-compose-zero-trust-arm64.yml
@@ -336,8 +336,6 @@ services:
required: true
environment:
DATABASE_HOST: edgex-postgres
- DATABASE_PORT: "5432"
- DATABASE_TYPE: postgres
EDGEX_SECURITY_SECRET_STORE: "true"
MESSAGEBUS_AUTHMODE: usernamepassword
MESSAGEBUS_HOST: edgex-mqtt-broker
@@ -361,9 +359,6 @@ services:
STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup
STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322"
STAGEGATE_WAITFOR_TIMEOUT: 60s
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres
hostname: edgex-core-keeper
image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest
networks:
@@ -808,7 +803,7 @@ services:
deploy:
resources:
limits:
- memory: "4190239719424"
+ memory: "4190235525120"
entrypoint:
- /edgex-init/secretstore_wait_install.sh
environment:
@@ -832,7 +827,7 @@ services:
STAGEGATE_WAITFOR_TIMEOUT: 60s
hostname: edgex-secret-store
image: openbao/openbao:2.0
- memswap_limit: "4190239719424"
+ memswap_limit: "4190235525120"
networks:
edgex-network: null
ports:
@@ -908,7 +903,7 @@ services:
condition: service_started
required: true
environment:
- EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[device-rest],message-bus[device-rest],redisdb[device-virtual],message-bus[device-virtual]
+ EDGEX_ADD_KNOWN_SECRETS: postgres[app-rules-engine],message-bus[app-rules-engine],message-bus[device-rest],message-bus[device-virtual]
EDGEX_ADD_SECRETSTORE_TOKENS: ""
EDGEX_GROUP: "2001"
EDGEX_SECURITY_SECRET_STORE: "true"
diff --git a/docker-compose-zero-trust.yml b/docker-compose-zero-trust.yml
index b3b36c82..a0ae019e 100644
--- a/docker-compose-zero-trust.yml
+++ b/docker-compose-zero-trust.yml
@@ -336,8 +336,6 @@ services:
required: true
environment:
DATABASE_HOST: edgex-postgres
- DATABASE_PORT: "5432"
- DATABASE_TYPE: postgres
EDGEX_SECURITY_SECRET_STORE: "true"
MESSAGEBUS_AUTHMODE: usernamepassword
MESSAGEBUS_HOST: edgex-mqtt-broker
@@ -361,9 +359,6 @@ services:
STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup
STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322"
STAGEGATE_WAITFOR_TIMEOUT: 60s
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres
hostname: edgex-core-keeper
image: nexus3.edgexfoundry.org:10004/core-keeper:latest
networks:
@@ -808,7 +803,7 @@ services:
deploy:
resources:
limits:
- memory: "4190239719424"
+ memory: "4190235525120"
entrypoint:
- /edgex-init/secretstore_wait_install.sh
environment:
@@ -832,7 +827,7 @@ services:
STAGEGATE_WAITFOR_TIMEOUT: 60s
hostname: edgex-secret-store
image: openbao/openbao:2.0
- memswap_limit: "4190239719424"
+ memswap_limit: "4190235525120"
networks:
edgex-network: null
ports:
@@ -908,7 +903,7 @@ services:
condition: service_started
required: true
environment:
- EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[device-rest],message-bus[device-rest],redisdb[device-virtual],message-bus[device-virtual]
+ EDGEX_ADD_KNOWN_SECRETS: postgres[app-rules-engine],message-bus[app-rules-engine],message-bus[device-rest],message-bus[device-virtual]
EDGEX_ADD_SECRETSTORE_TOKENS: ""
EDGEX_GROUP: "2001"
EDGEX_SECURITY_SECRET_STORE: "true"
diff --git a/docker-compose.yml b/docker-compose.yml
index 56c289bf..a71df0e6 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -343,8 +343,6 @@ services:
required: true
environment:
DATABASE_HOST: edgex-postgres
- DATABASE_PORT: "5432"
- DATABASE_TYPE: postgres
EDGEX_SECURITY_SECRET_STORE: "true"
MESSAGEBUS_AUTHMODE: usernamepassword
MESSAGEBUS_HOST: edgex-mqtt-broker
@@ -368,9 +366,6 @@ services:
STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup
STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322"
STAGEGATE_WAITFOR_TIMEOUT: 60s
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres
hostname: edgex-core-keeper
image: nexus3.edgexfoundry.org:10004/core-keeper:latest
networks:
@@ -888,7 +883,7 @@ services:
deploy:
resources:
limits:
- memory: "4190239719424"
+ memory: "4190235525120"
entrypoint:
- /edgex-init/secretstore_wait_install.sh
environment:
@@ -912,7 +907,7 @@ services:
STAGEGATE_WAITFOR_TIMEOUT: 60s
hostname: edgex-secret-store
image: openbao/openbao:2.0
- memswap_limit: "4190239719424"
+ memswap_limit: "4190235525120"
networks:
edgex-network: null
ports:
@@ -1125,7 +1120,7 @@ services:
condition: service_started
required: true
environment:
- EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[device-rest],message-bus[device-rest],redisdb[device-virtual],message-bus[device-virtual]
+ EDGEX_ADD_KNOWN_SECRETS: postgres[app-rules-engine],message-bus[app-rules-engine],message-bus[device-rest],message-bus[device-virtual]
EDGEX_ADD_SECRETSTORE_TOKENS: ""
EDGEX_GROUP: "2001"
EDGEX_SECURITY_SECRET_STORE: "true"
diff --git a/taf/docker-compose-taf-arm64.yml b/taf/docker-compose-taf-arm64.yml
index b14935f7..81808431 100644
--- a/taf/docker-compose-taf-arm64.yml
+++ b/taf/docker-compose-taf-arm64.yml
@@ -809,8 +809,6 @@ services:
required: true
environment:
DATABASE_HOST: edgex-postgres
- DATABASE_PORT: "5432"
- DATABASE_TYPE: postgres
EDGEX_SECURITY_SECRET_STORE: "true"
MESSAGEBUS_AUTHMODE: usernamepassword
MESSAGEBUS_HOST: edgex-mqtt-broker
@@ -834,9 +832,6 @@ services:
STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup
STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322"
STAGEGATE_WAITFOR_TIMEOUT: 60s
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres
hostname: edgex-core-keeper
image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest
networks:
@@ -1615,7 +1610,7 @@ services:
deploy:
resources:
limits:
- memory: "4190239719424"
+ memory: "4190235525120"
entrypoint:
- /edgex-init/secretstore_wait_install.sh
environment:
@@ -1639,7 +1634,7 @@ services:
STAGEGATE_WAITFOR_TIMEOUT: 60s
hostname: edgex-secret-store
image: openbao/openbao:2.0
- memswap_limit: "4190239719424"
+ memswap_limit: "4190235525120"
networks:
edgex-network: null
ports:
@@ -1852,7 +1847,7 @@ services:
condition: service_started
required: true
environment:
- EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[app-http-export],redisdb[app-mqtt-export],redisdb[app-scalability-test-mqtt-export],redisdb[app-sample],redisdb[device-modbus],redisdb[device-rest],redisdb[device-virtual],redisdb[device-onvif-camera],message-bus[app-rules-engine],message-bus[app-http-export],message-bus[app-mqtt-export],message-bus[app-external-mqtt-trigger],message-bus[app-scalability-test-mqtt-export],message-bus[app-sample],message-bus[device-modbus],message-bus[device-rest],message-bus[device-virtual],message-bus[device-onvif-camera]
+ EDGEX_ADD_KNOWN_SECRETS: postgres[app-rules-engine],postgres[app-http-export],postgres[app-mqtt-export],postgres[app-scalability-test-mqtt-export],postgres[app-sample],message-bus[app-rules-engine],message-bus[app-http-export],message-bus[app-mqtt-export],message-bus[app-external-mqtt-trigger],message-bus[app-scalability-test-mqtt-export],message-bus[app-sample],message-bus[device-modbus],message-bus[device-rest],message-bus[device-virtual],message-bus[device-onvif-camera]
EDGEX_ADD_SECRETSTORE_TOKENS: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera
EDGEX_GROUP: "2001"
EDGEX_SECURITY_SECRET_STORE: "true"
diff --git a/taf/docker-compose-taf-no-secty-arm64.yml b/taf/docker-compose-taf-no-secty-arm64.yml
index b42c87c9..1d1a7ac6 100644
--- a/taf/docker-compose-taf-no-secty-arm64.yml
+++ b/taf/docker-compose-taf-no-secty-arm64.yml
@@ -452,10 +452,12 @@ services:
create_host_path: true
core-keeper:
container_name: edgex-core-keeper
+ depends_on:
+ database:
+ condition: service_started
+ required: true
environment:
DATABASE_HOST: edgex-postgres
- DATABASE_PORT: "5432"
- DATABASE_TYPE: postgres
EDGEX_SECURITY_SECRET_STORE: "false"
MESSAGEBUS_AUTHMODE: none
MESSAGEBUS_HOST: edgex-mqtt-broker
@@ -464,9 +466,6 @@ services:
MESSAGEBUS_SECRETNAME: ""
MESSAGEBUS_TYPE: mqtt
SERVICE_HOST: edgex-core-keeper
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres
hostname: edgex-core-keeper
image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest
networks:
diff --git a/taf/docker-compose-taf-no-secty.yml b/taf/docker-compose-taf-no-secty.yml
index f5689362..9c6b259c 100644
--- a/taf/docker-compose-taf-no-secty.yml
+++ b/taf/docker-compose-taf-no-secty.yml
@@ -452,10 +452,12 @@ services:
create_host_path: true
core-keeper:
container_name: edgex-core-keeper
+ depends_on:
+ database:
+ condition: service_started
+ required: true
environment:
DATABASE_HOST: edgex-postgres
- DATABASE_PORT: "5432"
- DATABASE_TYPE: postgres
EDGEX_SECURITY_SECRET_STORE: "false"
MESSAGEBUS_AUTHMODE: none
MESSAGEBUS_HOST: edgex-mqtt-broker
@@ -464,9 +466,6 @@ services:
MESSAGEBUS_SECRETNAME: ""
MESSAGEBUS_TYPE: mqtt
SERVICE_HOST: edgex-core-keeper
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres
hostname: edgex-core-keeper
image: nexus3.edgexfoundry.org:10004/core-keeper:latest
networks:
diff --git a/taf/docker-compose-taf-perf-arm64.yml b/taf/docker-compose-taf-perf-arm64.yml
index e3760b24..bb187b38 100644
--- a/taf/docker-compose-taf-perf-arm64.yml
+++ b/taf/docker-compose-taf-perf-arm64.yml
@@ -420,8 +420,6 @@ services:
required: true
environment:
DATABASE_HOST: edgex-postgres
- DATABASE_PORT: "5432"
- DATABASE_TYPE: postgres
EDGEX_SECURITY_SECRET_STORE: "true"
MESSAGEBUS_AUTHMODE: usernamepassword
MESSAGEBUS_HOST: edgex-mqtt-broker
@@ -445,9 +443,6 @@ services:
STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup
STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322"
STAGEGATE_WAITFOR_TIMEOUT: 60s
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres
hostname: edgex-core-keeper
image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest
networks:
@@ -986,7 +981,7 @@ services:
deploy:
resources:
limits:
- memory: "4190239719424"
+ memory: "4190235525120"
entrypoint:
- /edgex-init/secretstore_wait_install.sh
environment:
@@ -1010,7 +1005,7 @@ services:
STAGEGATE_WAITFOR_TIMEOUT: 60s
hostname: edgex-secret-store
image: openbao/openbao:2.0
- memswap_limit: "4190239719424"
+ memswap_limit: "4190235525120"
networks:
edgex-network: null
ports:
@@ -1156,7 +1151,7 @@ services:
entrypoint:
- /edgex-init/proxy_setup_wait_install.sh
environment:
- EDGEX_ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901
+ EDGEX_ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901,device-rest.http://edgex-device-rest:59986
EDGEX_SECURITY_SECRET_STORE: "true"
PROXY_SETUP_HOST: edgex-security-proxy-setup
SECRETSTORE_HOST: edgex-secret-store
@@ -1223,8 +1218,8 @@ services:
condition: service_started
required: true
environment:
- EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[app-http-export],redisdb[app-mqtt-export],redisdb[app-scalability-test-mqtt-export],redisdb[device-rest],redisdb[device-virtual]
- EDGEX_ADD_SECRETSTORE_TOKENS: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export
+ EDGEX_ADD_KNOWN_SECRETS: postgres[app-rules-engine],postgres[app-mqtt-export],message-bus[app-rules-engine],message-bus[app-mqtt-export],message-bus[device-rest],message-bus[device-virtual]
+ EDGEX_ADD_SECRETSTORE_TOKENS: app-rules-engine,app-mqtt-export
EDGEX_GROUP: "2001"
EDGEX_SECURITY_SECRET_STORE: "true"
EDGEX_USER: "2002"
diff --git a/taf/docker-compose-taf-perf-no-secty-arm64.yml b/taf/docker-compose-taf-perf-no-secty-arm64.yml
index cd50baf6..e9a59dcd 100644
--- a/taf/docker-compose-taf-perf-no-secty-arm64.yml
+++ b/taf/docker-compose-taf-perf-no-secty-arm64.yml
@@ -230,10 +230,12 @@ services:
create_host_path: true
core-keeper:
container_name: edgex-core-keeper
+ depends_on:
+ database:
+ condition: service_started
+ required: true
environment:
DATABASE_HOST: edgex-postgres
- DATABASE_PORT: "5432"
- DATABASE_TYPE: postgres
EDGEX_SECURITY_SECRET_STORE: "false"
MESSAGEBUS_AUTHMODE: none
MESSAGEBUS_HOST: edgex-mqtt-broker
@@ -242,9 +244,6 @@ services:
MESSAGEBUS_SECRETNAME: ""
MESSAGEBUS_TYPE: mqtt
SERVICE_HOST: edgex-core-keeper
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres
hostname: edgex-core-keeper
image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest
networks:
diff --git a/taf/docker-compose-taf-perf-no-secty.yml b/taf/docker-compose-taf-perf-no-secty.yml
index df746965..3f510c01 100644
--- a/taf/docker-compose-taf-perf-no-secty.yml
+++ b/taf/docker-compose-taf-perf-no-secty.yml
@@ -230,10 +230,12 @@ services:
create_host_path: true
core-keeper:
container_name: edgex-core-keeper
+ depends_on:
+ database:
+ condition: service_started
+ required: true
environment:
DATABASE_HOST: edgex-postgres
- DATABASE_PORT: "5432"
- DATABASE_TYPE: postgres
EDGEX_SECURITY_SECRET_STORE: "false"
MESSAGEBUS_AUTHMODE: none
MESSAGEBUS_HOST: edgex-mqtt-broker
@@ -242,9 +244,6 @@ services:
MESSAGEBUS_SECRETNAME: ""
MESSAGEBUS_TYPE: mqtt
SERVICE_HOST: edgex-core-keeper
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres
hostname: edgex-core-keeper
image: nexus3.edgexfoundry.org:10004/core-keeper:latest
networks:
diff --git a/taf/docker-compose-taf-perf.yml b/taf/docker-compose-taf-perf.yml
index 59c83b5f..188e69b8 100644
--- a/taf/docker-compose-taf-perf.yml
+++ b/taf/docker-compose-taf-perf.yml
@@ -420,8 +420,6 @@ services:
required: true
environment:
DATABASE_HOST: edgex-postgres
- DATABASE_PORT: "5432"
- DATABASE_TYPE: postgres
EDGEX_SECURITY_SECRET_STORE: "true"
MESSAGEBUS_AUTHMODE: usernamepassword
MESSAGEBUS_HOST: edgex-mqtt-broker
@@ -445,9 +443,6 @@ services:
STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup
STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322"
STAGEGATE_WAITFOR_TIMEOUT: 60s
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres
hostname: edgex-core-keeper
image: nexus3.edgexfoundry.org:10004/core-keeper:latest
networks:
@@ -986,7 +981,7 @@ services:
deploy:
resources:
limits:
- memory: "4190239719424"
+ memory: "4190235525120"
entrypoint:
- /edgex-init/secretstore_wait_install.sh
environment:
@@ -1010,7 +1005,7 @@ services:
STAGEGATE_WAITFOR_TIMEOUT: 60s
hostname: edgex-secret-store
image: openbao/openbao:2.0
- memswap_limit: "4190239719424"
+ memswap_limit: "4190235525120"
networks:
edgex-network: null
ports:
@@ -1156,7 +1151,7 @@ services:
entrypoint:
- /edgex-init/proxy_setup_wait_install.sh
environment:
- EDGEX_ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901
+ EDGEX_ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901,device-rest.http://edgex-device-rest:59986
EDGEX_SECURITY_SECRET_STORE: "true"
PROXY_SETUP_HOST: edgex-security-proxy-setup
SECRETSTORE_HOST: edgex-secret-store
@@ -1223,8 +1218,8 @@ services:
condition: service_started
required: true
environment:
- EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[app-http-export],redisdb[app-mqtt-export],redisdb[app-scalability-test-mqtt-export],redisdb[device-rest],redisdb[device-virtual]
- EDGEX_ADD_SECRETSTORE_TOKENS: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export
+ EDGEX_ADD_KNOWN_SECRETS: postgres[app-rules-engine],postgres[app-mqtt-export],message-bus[app-rules-engine],message-bus[app-mqtt-export],message-bus[device-rest],message-bus[device-virtual]
+ EDGEX_ADD_SECRETSTORE_TOKENS: app-rules-engine,app-mqtt-export
EDGEX_GROUP: "2001"
EDGEX_SECURITY_SECRET_STORE: "true"
EDGEX_USER: "2002"
diff --git a/taf/docker-compose-taf.yml b/taf/docker-compose-taf.yml
index 60f80dcb..d0376c37 100644
--- a/taf/docker-compose-taf.yml
+++ b/taf/docker-compose-taf.yml
@@ -809,8 +809,6 @@ services:
required: true
environment:
DATABASE_HOST: edgex-postgres
- DATABASE_PORT: "5432"
- DATABASE_TYPE: postgres
EDGEX_SECURITY_SECRET_STORE: "true"
MESSAGEBUS_AUTHMODE: usernamepassword
MESSAGEBUS_HOST: edgex-mqtt-broker
@@ -834,9 +832,6 @@ services:
STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup
STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322"
STAGEGATE_WAITFOR_TIMEOUT: 60s
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_PASSWORD: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETDATA_USERNAME: postgres
- WRITABLE_INSECURESECRETS_DB_SECRETNAME: postgres
hostname: edgex-core-keeper
image: nexus3.edgexfoundry.org:10004/core-keeper:latest
networks:
@@ -1615,7 +1610,7 @@ services:
deploy:
resources:
limits:
- memory: "4190239719424"
+ memory: "4190235525120"
entrypoint:
- /edgex-init/secretstore_wait_install.sh
environment:
@@ -1639,7 +1634,7 @@ services:
STAGEGATE_WAITFOR_TIMEOUT: 60s
hostname: edgex-secret-store
image: openbao/openbao:2.0
- memswap_limit: "4190239719424"
+ memswap_limit: "4190235525120"
networks:
edgex-network: null
ports:
@@ -1852,7 +1847,7 @@ services:
condition: service_started
required: true
environment:
- EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[app-http-export],redisdb[app-mqtt-export],redisdb[app-scalability-test-mqtt-export],redisdb[app-sample],redisdb[device-modbus],redisdb[device-rest],redisdb[device-virtual],redisdb[device-onvif-camera],message-bus[app-rules-engine],message-bus[app-http-export],message-bus[app-mqtt-export],message-bus[app-external-mqtt-trigger],message-bus[app-scalability-test-mqtt-export],message-bus[app-sample],message-bus[device-modbus],message-bus[device-rest],message-bus[device-virtual],message-bus[device-onvif-camera]
+ EDGEX_ADD_KNOWN_SECRETS: postgres[app-rules-engine],postgres[app-http-export],postgres[app-mqtt-export],postgres[app-scalability-test-mqtt-export],postgres[app-sample],message-bus[app-rules-engine],message-bus[app-http-export],message-bus[app-mqtt-export],message-bus[app-external-mqtt-trigger],message-bus[app-scalability-test-mqtt-export],message-bus[app-sample],message-bus[device-modbus],message-bus[device-rest],message-bus[device-virtual],message-bus[device-onvif-camera]
EDGEX_ADD_SECRETSTORE_TOKENS: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera
EDGEX_GROUP: "2001"
EDGEX_SECURITY_SECRET_STORE: "true"