diff --git a/compose-builder/Makefile b/compose-builder/Makefile index bc0c0311..a1562606 100644 --- a/compose-builder/Makefile +++ b/compose-builder/Makefile @@ -360,12 +360,12 @@ ifeq (asc-http, $(filter asc-http,$(ARGS))) endif # when no security mode (no-secty) not explicitly specified, # then we also need to add the secure version on top of base yml by default. - extension_file:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh app-service-http-export \ + extension_file:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh app-http-export \ app-http-export app-service-configurable) COMPOSE_FILES:=$(COMPOSE_FILES) -f $(extension_file) # add runtime token config for delayed-start if specified ifeq (delayed-start, $(filter delayed-start,$(ARGS))) - ext_file:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_runtime_token_config_compose_ext.sh app-service-http-export) + ext_file:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_runtime_token_config_compose_ext.sh app-http-export) COMPOSE_FILES:=$(COMPOSE_FILES) -f $(ext_file) endif endif @@ -390,12 +390,12 @@ ifeq (asc-mqtt, $(filter asc-mqtt,$(ARGS))) endif # when no security mode (no-secty) not explicitly specified, # then we also need to add the secure version on top of base yml by default. - extension_file:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" IS_MQTT_BUS="$(IS_MQTT_BUS)" ./gen_secure_compose_ext.sh app-service-mqtt-export \ + extension_file:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" IS_MQTT_BUS="$(IS_MQTT_BUS)" ./gen_secure_compose_ext.sh app-mqtt-export \ app-mqtt-export app-service-configurable) COMPOSE_FILES:=$(COMPOSE_FILES) -f $(extension_file) # add runtime token config for delayed-start if specified ifeq (delayed-start, $(filter delayed-start,$(ARGS))) - ext_file:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_runtime_token_config_compose_ext.sh app-service-mqtt-export) + ext_file:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_runtime_token_config_compose_ext.sh app-mqtt-export) COMPOSE_FILES:=$(COMPOSE_FILES) -f $(ext_file) endif endif @@ -416,12 +416,12 @@ ifeq (asc-sample, $(filter asc-sample,$(ARGS))) endif # when no security mode (no-secty) not explicitly specified, # then we also need to add the secure version on top of base yml by default. - extension_file:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh app-service-sample \ + extension_file:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh app-sample \ app-sample app-service-configurable) COMPOSE_FILES:=$(COMPOSE_FILES) -f $(extension_file) # add runtime token config for delayed-start if specified ifeq (delayed-start, $(filter delayed-start,$(ARGS))) - ext_file:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_runtime_token_config_compose_ext.sh app-service-sample) + ext_file:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_runtime_token_config_compose_ext.sh app-sample) COMPOSE_FILES:=$(COMPOSE_FILES) -f $(ext_file) endif endif @@ -496,12 +496,12 @@ ifeq (asc-ex-mqtt, $(filter asc-ex-mqtt,$(ARGS))) endif # when no security mode (no-secty) not explicitly specified, # then we also need to add the secure version on top of base yml by default. - extension_file:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" IS_MQTT_BUS="$(IS_MQTT_BUS)" ./gen_secure_compose_ext.sh app-service-external-mqtt-trigger \ + extension_file:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" IS_MQTT_BUS="$(IS_MQTT_BUS)" ./gen_secure_compose_ext.sh app-external-mqtt-trigger \ app-external-mqtt-trigger app-service-configurable) COMPOSE_FILES:=$(COMPOSE_FILES) -f $(extension_file) # add runtime token config for delayed-start if specified ifeq (delayed-start, $(filter delayed-start,$(ARGS))) - ext_file:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_runtime_token_config_compose_ext.sh app-service-external-mqtt-trigger) + ext_file:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_runtime_token_config_compose_ext.sh app-external-mqtt-trigger) COMPOSE_FILES:=$(COMPOSE_FILES) -f $(ext_file) endif endif @@ -584,15 +584,15 @@ ifeq (taf-secty, $(filter taf-secty,$(ARGS))) IS_MQTT_BUS:=0 endif - asc_http_export_ext:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh app-service-http-export \ + asc_http_export_ext:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh app-http-export \ app-http-export app-service-configurable) - asc_mqtt_export_ext:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" IS_MQTT_BUS="$(IS_MQTT_BUS)" ./gen_secure_compose_ext.sh app-service-mqtt-export \ + asc_mqtt_export_ext:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" IS_MQTT_BUS="$(IS_MQTT_BUS)" ./gen_secure_compose_ext.sh app-mqtt-export \ app-mqtt-export app-service-configurable) - scalability_mqtt_export_ext:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" IS_MQTT_BUS="$(IS_MQTT_BUS)" ./gen_secure_compose_ext.sh scalability-test-mqtt-export \ + scalability_mqtt_export_ext:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" IS_MQTT_BUS="$(IS_MQTT_BUS)" ./gen_secure_compose_ext.sh app-scalability-test-mqtt-export \ app-scalability-test-mqtt-export app-service-configurable) - asc_external_mqtt_trigger_ext:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" IS_MQTT_BUS="$(IS_MQTT_BUS)" ./gen_secure_compose_ext.sh app-service-external-mqtt-trigger \ + asc_external_mqtt_trigger_ext:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" IS_MQTT_BUS="$(IS_MQTT_BUS)" ./gen_secure_compose_ext.sh app-external-mqtt-trigger \ app-external-mqtt-trigger app-service-configurable) - asc_sample_ext:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh app-service-sample \ + asc_sample_ext:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh app-sample \ app-sample app-service-configurable) ds_rest_ext:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh device-rest) # taf has its special place holder from taf-device-services-mods and thus we need to keep it @@ -648,7 +648,7 @@ else -f add-mqtt-broker.yml \ -f add-taf-mqtt-broker.yml \ -f add-delayed-start-services.yml - asc_mqtt_export_ext:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" IS_MQTT_BUS="0" ./gen_secure_compose_ext.sh app-service-mqtt-export \ + asc_mqtt_export_ext:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" IS_MQTT_BUS="0" ./gen_secure_compose_ext.sh app-mqtt-export \ app-mqtt-export app-service-configurable) ds_virtual_ext:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh device-virtual) ds_rest_ext:= $(shell GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh device-rest) diff --git a/compose-builder/add-app-rfid-llrp-inventory.yml b/compose-builder/add-app-rfid-llrp-inventory.yml index f5bbe3aa..e2fb458a 100644 --- a/compose-builder/add-app-rfid-llrp-inventory.yml +++ b/compose-builder/add-app-rfid-llrp-inventory.yml @@ -31,7 +31,7 @@ services: SERVICE_HOST: edgex-app-rfid-llrp-inventory depends_on: - consul - - data + - core-data read_only: true restart: always networks: diff --git a/compose-builder/add-asc-external-mqtt-trigger.yml b/compose-builder/add-asc-external-mqtt-trigger.yml index 9773fa85..be664d9f 100644 --- a/compose-builder/add-asc-external-mqtt-trigger.yml +++ b/compose-builder/add-asc-external-mqtt-trigger.yml @@ -16,7 +16,7 @@ version: '3.7' services: - app-service-external-mqtt-trigger: + app-external-mqtt-trigger: image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION} ports: - 127.0.0.1:59706:59706/tcp @@ -33,7 +33,7 @@ services: WRITABLE_LOGLEVEL: INFO depends_on: - consul - - data + - core-data read_only: true restart: always networks: diff --git a/compose-builder/add-asc-http-export.yml b/compose-builder/add-asc-http-export.yml index 1e9d9f41..b53fe6a3 100644 --- a/compose-builder/add-asc-http-export.yml +++ b/compose-builder/add-asc-http-export.yml @@ -16,7 +16,7 @@ version: '3.7' services: - app-service-http-export: + app-http-export: image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION} ports: - 127.0.0.1:59704:59704/tcp @@ -31,7 +31,7 @@ services: WRITABLE_LOGLEVEL: INFO # allows scripts to find and change with sed depends_on: - consul - - data + - core-data read_only: true restart: always networks: diff --git a/compose-builder/add-asc-metrics-influxdb.yml b/compose-builder/add-asc-metrics-influxdb.yml index 3bc3aac7..0a5aea35 100644 --- a/compose-builder/add-asc-metrics-influxdb.yml +++ b/compose-builder/add-asc-metrics-influxdb.yml @@ -29,7 +29,7 @@ services: EDGEX_PROFILE: metrics-influxdb depends_on: - consul - - data + - core-data read_only: true restart: always networks: diff --git a/compose-builder/add-asc-mqtt-export.yml b/compose-builder/add-asc-mqtt-export.yml index bd8c4c82..8379036c 100644 --- a/compose-builder/add-asc-mqtt-export.yml +++ b/compose-builder/add-asc-mqtt-export.yml @@ -16,7 +16,7 @@ version: '3.7' services: - app-service-mqtt-export: + app-mqtt-export: image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION} ports: - 127.0.0.1:59703:59703/tcp @@ -32,7 +32,7 @@ services: WRITABLE_LOGLEVEL: INFO # allows scripts to find and change with sed depends_on: - consul - - data + - core-data read_only: true restart: always networks: diff --git a/compose-builder/add-asc-sample.yml b/compose-builder/add-asc-sample.yml index ede0ab26..1c368009 100644 --- a/compose-builder/add-asc-sample.yml +++ b/compose-builder/add-asc-sample.yml @@ -16,7 +16,7 @@ version: '3.7' services: - app-service-sample: + app-sample: image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION} ports: - 127.0.0.1:59700:59700/tcp @@ -32,7 +32,7 @@ services: CLIENTS_SUPPORT-NOTIFICATIONS_HOST: edgex-support-notifications depends_on: - consul - - data + - core-data read_only: true restart: always networks: diff --git a/compose-builder/add-device-bacnet.yml b/compose-builder/add-device-bacnet.yml index 9fa10c91..bec14395 100644 --- a/compose-builder/add-device-bacnet.yml +++ b/compose-builder/add-device-bacnet.yml @@ -30,8 +30,8 @@ services: SERVICE_HOST: edgex-device-bacnet depends_on: - consul - - data - - metadata + - core-data + - core-metadata security_opt: - no-new-privileges:true read_only: true diff --git a/compose-builder/add-device-coap.yml b/compose-builder/add-device-coap.yml index ac136851..9ca894ac 100644 --- a/compose-builder/add-device-coap.yml +++ b/compose-builder/add-device-coap.yml @@ -32,8 +32,8 @@ services: SERVICE_HOST: edgex-device-coap depends_on: - consul - - data - - metadata + - core-data + - core-metadata security_opt: - no-new-privileges:true user: "${EDGEX_USER}:${EDGEX_GROUP}" diff --git a/compose-builder/add-device-gpio.yml b/compose-builder/add-device-gpio.yml index fe012650..43b5d601 100644 --- a/compose-builder/add-device-gpio.yml +++ b/compose-builder/add-device-gpio.yml @@ -32,8 +32,8 @@ services: SERVICE_HOST: edgex-device-gpio depends_on: - consul - - data - - metadata + - core-data + - core-metadata security_opt: - no-new-privileges:true user: "${EDGEX_USER}:${EDGEX_GROUP}" diff --git a/compose-builder/add-device-modbus.yml b/compose-builder/add-device-modbus.yml index 776e5a1f..60407739 100644 --- a/compose-builder/add-device-modbus.yml +++ b/compose-builder/add-device-modbus.yml @@ -30,8 +30,8 @@ services: SERVICE_HOST: edgex-device-modbus depends_on: - consul - - data - - metadata + - core-data + - core-metadata security_opt: - no-new-privileges:true read_only: true diff --git a/compose-builder/add-device-mqtt.yml b/compose-builder/add-device-mqtt.yml index 3872747e..654e6909 100644 --- a/compose-builder/add-device-mqtt.yml +++ b/compose-builder/add-device-mqtt.yml @@ -33,8 +33,8 @@ services: MQTTBROKERINFO_HOST: edgex-mqtt-broker depends_on: - consul - - data - - metadata + - core-data + - core-metadata - mqtt-broker security_opt: - no-new-privileges:true diff --git a/compose-builder/add-device-onvif-camera.yml b/compose-builder/add-device-onvif-camera.yml index 9ecb6022..a0d6d5f3 100644 --- a/compose-builder/add-device-onvif-camera.yml +++ b/compose-builder/add-device-onvif-camera.yml @@ -33,8 +33,8 @@ services: SERVICE_HOST: edgex-device-onvif-camera depends_on: - consul - - data - - metadata + - core-data + - core-metadata security_opt: - no-new-privileges:true user: "${EDGEX_USER}:${EDGEX_GROUP}" diff --git a/compose-builder/add-device-rest.yml b/compose-builder/add-device-rest.yml index 6d8b7839..edd626af 100644 --- a/compose-builder/add-device-rest.yml +++ b/compose-builder/add-device-rest.yml @@ -32,8 +32,8 @@ services: SERVICE_HOST: edgex-device-rest depends_on: - consul - - data - - metadata + - core-data + - core-metadata security_opt: - no-new-privileges:true user: "${EDGEX_USER}:${EDGEX_GROUP}" diff --git a/compose-builder/add-device-rfid-llrp.yml b/compose-builder/add-device-rfid-llrp.yml index 2d73e830..98f53c10 100644 --- a/compose-builder/add-device-rfid-llrp.yml +++ b/compose-builder/add-device-rfid-llrp.yml @@ -32,8 +32,8 @@ services: SERVICE_HOST: edgex-device-rfid-llrp depends_on: - consul - - data - - metadata + - core-data + - core-metadata security_opt: - no-new-privileges:true user: "${EDGEX_USER}:${EDGEX_GROUP}" diff --git a/compose-builder/add-device-snmp.yml b/compose-builder/add-device-snmp.yml index e9455f69..1932a999 100644 --- a/compose-builder/add-device-snmp.yml +++ b/compose-builder/add-device-snmp.yml @@ -30,8 +30,8 @@ services: SERVICE_HOST: edgex-device-snmp depends_on: - consul - - data - - metadata + - core-data + - core-metadata security_opt: - no-new-privileges:true read_only: true diff --git a/compose-builder/add-device-usb-camera.yml b/compose-builder/add-device-usb-camera.yml index 2fdb0b93..f8bf9eae 100644 --- a/compose-builder/add-device-usb-camera.yml +++ b/compose-builder/add-device-usb-camera.yml @@ -34,8 +34,8 @@ services: SERVICE_HOST: edgex-device-usb-camera depends_on: - consul - - data - - metadata + - core-data + - core-metadata security_opt: - no-new-privileges:true user: root:root diff --git a/compose-builder/add-device-virtual.yml b/compose-builder/add-device-virtual.yml index 53d61f69..38f666d3 100644 --- a/compose-builder/add-device-virtual.yml +++ b/compose-builder/add-device-virtual.yml @@ -32,8 +32,8 @@ services: SERVICE_HOST: edgex-device-virtual depends_on: - consul - - data - - metadata + - core-data + - core-metadata security_opt: - no-new-privileges:true user: "${EDGEX_USER}:${EDGEX_GROUP}" diff --git a/compose-builder/add-mqtt-messagebus.yml b/compose-builder/add-mqtt-messagebus.yml index 16d268ca..340f8802 100644 --- a/compose-builder/add-mqtt-messagebus.yml +++ b/compose-builder/add-mqtt-messagebus.yml @@ -16,7 +16,7 @@ version: '3.7' services: - common-config: + core-common-config-bootstrapper: environment: ALL_SERVICES_MESSAGEBUS_TYPE: mqtt ALL_SERVICES_MESSAGEBUS_PROTOCOL: tcp @@ -24,7 +24,7 @@ services: ALL_SERVICES_MESSAGEBUS_PORT: "1883" ALL_SERVICES_MESSAGEBUS_AUTHMODE: none - rulesengine: + rules-engine: environment: CONNECTION__EDGEX__MQTTMSGBUS__PORT: 1883 CONNECTION__EDGEX__MQTTMSGBUS__PROTOCOL: tcp diff --git a/compose-builder/add-nats-messagebus.yml b/compose-builder/add-nats-messagebus.yml index f14ef9ff..febf4036 100644 --- a/compose-builder/add-nats-messagebus.yml +++ b/compose-builder/add-nats-messagebus.yml @@ -36,7 +36,7 @@ services: volumes: - nats-data:/tmp/nats - common-config: + core-common-config-bootstrapper: environment: ALL_SERVICES_MESSAGEBUS_TYPE: nats-jetstream ALL_SERVICES_MESSAGEBUS_PROTOCOL: tcp @@ -44,7 +44,7 @@ services: ALL_SERVICES_MESSAGEBUS_PORT: "4222" ALL_SERVICES_MESSAGEBUS_AUTHMODE: none - rulesengine: + rules-engine: environment: CONNECTION__EDGEX__NATSMSGBUS__PORT: 4222 CONNECTION__EDGEX__NATSMSGBUS__PROTOCOL: tcp diff --git a/compose-builder/add-secure-mqtt-broker.yml b/compose-builder/add-secure-mqtt-broker.yml index 504f4e3a..c0c258d9 100644 --- a/compose-builder/add-secure-mqtt-broker.yml +++ b/compose-builder/add-secure-mqtt-broker.yml @@ -35,6 +35,6 @@ services: - /tmp/edgex/secrets/security-bootstrapper-messagebus:/tmp/edgex/secrets/security-bootstrapper-messagebus:ro,z depends_on: - security-bootstrapper - - secretstore-setup + - security-secretstore-setup # root privilege required for bootstrapper's process user: root:root diff --git a/compose-builder/add-secure-mqtt-messagebus.yml b/compose-builder/add-secure-mqtt-messagebus.yml index 62c87c53..36fdd894 100644 --- a/compose-builder/add-secure-mqtt-messagebus.yml +++ b/compose-builder/add-secure-mqtt-messagebus.yml @@ -20,19 +20,19 @@ volumes: kuiper-connections: services: - secretstore-setup: + security-secretstore-setup: environment: SECUREMESSAGEBUS_TYPE: mqtt volumes: - kuiper-sources:/tmp/kuiper - kuiper-connections:/tmp/kuiper-connections - common-config: + core-common-config-bootstrapper: environment: ALL_SERVICES_MESSAGEBUS_AUTHMODE: usernamepassword ALL_SERVICES_MESSAGEBUS_SECRETNAME: message-bus - rulesengine: + rules-engine: entrypoint: [ "/edgex-init/kuiper_wait_install.sh" ] env_file: - common-sec-stage-gate.env @@ -42,6 +42,6 @@ services: - edgex-init:/edgex-init:ro depends_on: - security-bootstrapper - - secretstore-setup + - security-secretstore-setup - database \ No newline at end of file diff --git a/compose-builder/add-secure-redis-messagebus.yml b/compose-builder/add-secure-redis-messagebus.yml index 65721525..0564c583 100644 --- a/compose-builder/add-secure-redis-messagebus.yml +++ b/compose-builder/add-secure-redis-messagebus.yml @@ -20,14 +20,14 @@ volumes: kuiper-connections: services: - secretstore-setup: + security-secretstore-setup: volumes: - kuiper-sources:/tmp/kuiper - kuiper-connections:/tmp/kuiper-connections environment: SECUREMESSAGEBUS_TYPE: redis - rulesengine: + rules-engine: entrypoint: [ "/edgex-init/kuiper_wait_install.sh" ] env_file: - common-sec-stage-gate.env @@ -37,5 +37,5 @@ services: - edgex-init:/edgex-init:ro depends_on: - security-bootstrapper - - secretstore-setup + - security-secretstore-setup - database diff --git a/compose-builder/add-security.yml b/compose-builder/add-security.yml index 2b608750..9a1643a0 100644 --- a/compose-builder/add-security.yml +++ b/compose-builder/add-security.yml @@ -62,9 +62,9 @@ services: - /tmp/edgex/secrets/security-bootstrapper-redis:/tmp/edgex/secrets/security-bootstrapper-redis:ro,z depends_on: - security-bootstrapper - - secretstore-setup + - security-secretstore-setup - secretstore-setup: + security-secretstore-setup: image: ${CORE_EDGEX_REPOSITORY}/security-secretstore-setup${ARCH}:${CORE_EDGEX_VERSION} user: "root:root" # must run as root container_name: edgex-security-secretstore-setup @@ -177,7 +177,7 @@ services: - nginx-templates:/etc/nginx/templates - nginx-tls:/etc/ssl/nginx depends_on: - - secretstore-setup + - security-secretstore-setup security_opt: - no-new-privileges:true tmpfs: @@ -186,7 +186,7 @@ services: - /var/log/nginx - /var/run - proxy-setup: + security-proxy-setup: image: ${CORE_EDGEX_REPOSITORY}/security-proxy-setup${ARCH}:${CORE_EDGEX_VERSION} user: "root:root" container_name: edgex-security-proxy-setup @@ -217,11 +217,11 @@ services: - consul-acl-token:/tmp/edgex/secrets/consul-acl-token:ro depends_on: - security-bootstrapper - - secretstore-setup + - security-secretstore-setup security_opt: - no-new-privileges:true - proxy-auth: + security-proxy-auth: image: ${CORE_EDGEX_REPOSITORY}/security-proxy-auth${ARCH}:${CORE_EDGEX_VERSION} container_name: edgex-proxy-auth hostname: edgex-proxy-auth @@ -246,13 +246,13 @@ services: - edgex-init:/edgex-init:ro - /tmp/edgex/secrets/security-proxy-auth:/tmp/edgex/secrets/security-proxy-auth:ro,z depends_on: - - secretstore-setup + - security-secretstore-setup security_opt: - no-new-privileges:true # end of containers for reverse proxy - notifications: + support-notifications: env_file: - common-security.env - common-sec-stage-gate.env @@ -263,10 +263,10 @@ services: - /tmp/edgex/secrets/support-notifications:/tmp/edgex/secrets/support-notifications:ro,z depends_on: - security-bootstrapper - - secretstore-setup + - security-secretstore-setup - database - metadata: + core-metadata: env_file: - common-security.env - common-sec-stage-gate.env @@ -277,10 +277,10 @@ services: - /tmp/edgex/secrets/core-metadata:/tmp/edgex/secrets/core-metadata:ro,z depends_on: - security-bootstrapper - - secretstore-setup + - security-secretstore-setup - database - data: + core-data: env_file: - common-security.env - common-sec-stage-gate.env @@ -291,10 +291,10 @@ services: - /tmp/edgex/secrets/core-data:/tmp/edgex/secrets/core-data:ro,z depends_on: - security-bootstrapper - - secretstore-setup + - security-secretstore-setup - database - command: + core-command: env_file: - common-security.env - common-sec-stage-gate.env @@ -305,10 +305,10 @@ services: - /tmp/edgex/secrets/core-command:/tmp/edgex/secrets/core-command:ro,z depends_on: - security-bootstrapper - - secretstore-setup + - security-secretstore-setup - database - common-config: + core-common-config-bootstrapper: env_file: - common-security.env - common-sec-stage-gate.env @@ -319,9 +319,9 @@ services: - /tmp/edgex/secrets/core-common-config-bootstrapper:/tmp/edgex/secrets/core-common-config-bootstrapper:ro,z depends_on: - security-bootstrapper - - secretstore-setup + - security-secretstore-setup - scheduler: + support-scheduler: env_file: - common-security.env - common-sec-stage-gate.env @@ -332,12 +332,12 @@ services: - /tmp/edgex/secrets/support-scheduler:/tmp/edgex/secrets/support-scheduler:ro,z depends_on: - security-bootstrapper - - secretstore-setup + - security-secretstore-setup - database # this is to make sure the service is started after security-bootstrapper process is done # because it needs to await Consul roles to be created - app-service-rules: + app-rules-engine: entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"] command: "/app-service-configurable ${DEFAULT_EDGEX_RUN_CMD_PARMS}" env_file: diff --git a/compose-builder/add-service-secure-template.yml b/compose-builder/add-service-secure-template.yml index 121d41c5..26207913 100644 --- a/compose-builder/add-service-secure-template.yml +++ b/compose-builder/add-service-secure-template.yml @@ -16,7 +16,7 @@ version: '3.7' services: - secretstore-setup: + security-secretstore-setup: environment: ADD_SECRETSTORE_TOKENS: ${TOKEN_LIST} ADD_KNOWN_SECRETS: ${KNOWN_SECRETS_LIST} @@ -25,7 +25,7 @@ services: environment: ADD_REGISTRY_ACL_ROLES: ${TOKEN_LIST} - proxy-setup: + security-proxy-setup: environment: ADD_PROXY_ROUTE: ${EXTRA_PROXY_ROUTE_LIST} diff --git a/compose-builder/add-taf-app-services-secure.yml b/compose-builder/add-taf-app-services-secure.yml index 9f0e43b6..984f3033 100644 --- a/compose-builder/add-taf-app-services-secure.yml +++ b/compose-builder/add-taf-app-services-secure.yml @@ -16,7 +16,7 @@ version: '3.7' services: - secretstore-setup: + security-secretstore-setup: environment: ADD_SECRETSTORE_TOKENS: ${TOKEN_LIST} ADD_KNOWN_SECRETS: ${KNOWN_SECRETS_LIST} @@ -25,7 +25,7 @@ services: environment: ADD_REGISTRY_ACL_ROLES: ${TOKEN_LIST} - app-service-functional-tests: + app-functional-tests: entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"] command: "/app-service-configurable ${DEFAULT_EDGEX_RUN_CMD_PARMS}" env_file: @@ -37,7 +37,7 @@ services: depends_on: - security-bootstrapper - scalability-test-mqtt-export: + app-scalability-test-mqtt-export: entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"] command: "/app-service-configurable ${DEFAULT_EDGEX_RUN_CMD_PARMS}" env_file: diff --git a/compose-builder/add-taf-app-services.yml b/compose-builder/add-taf-app-services.yml index 1a180fbd..9bc6930b 100644 --- a/compose-builder/add-taf-app-services.yml +++ b/compose-builder/add-taf-app-services.yml @@ -16,20 +16,20 @@ version: '3.7' services: - app-service-functional-tests: + app-functional-tests: image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION} ports: - 59705:59705/tcp - container_name: app-functional-tests - hostname: app-functional-tests + container_name: edgex-app-functional-tests + hostname: edgex-app-functional-tests env_file: - common-non-security.env environment: EDGEX_PROFILE: functional-tests - SERVICE_HOST: app-functional-tests + SERVICE_HOST: edgex-app-functional-tests depends_on: - consul - - data + - core-data read_only: true networks: - edgex-network @@ -37,19 +37,19 @@ services: - no-new-privileges:true user: "${EDGEX_USER}:${EDGEX_GROUP}" - scalability-test-mqtt-export: + app-scalability-test-mqtt-export: image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION} ports: - "59710:59703" #Exposing as different port to avoid conflict with other MQTT export instance - container_name: edgex-scalability-test-mqtt-export - hostname: edgex-scalability-test-mqtt-export + container_name: edgex-app-scalability-test-mqtt-export + hostname: edgex-app-scalability-test-mqtt-export env_file: - common-non-security.env environment: EDGEX_PROFILE: mqtt-export EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export - SERVICE_HOST: edgex-scalability-test-mqtt-export - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: scalability-test-mqtt-export + SERVICE_HOST: edgex-app-scalability-test-mqtt-export + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: app-scalability-test-mqtt-export WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events @@ -57,7 +57,7 @@ services: WRITABLE_LOGLEVEL: DEBUG depends_on: - consul - - data + - core-data read_only: true networks: - edgex-network diff --git a/compose-builder/docker-compose-base.yml b/compose-builder/docker-compose-base.yml index 3da5d69d..06da5f17 100644 --- a/compose-builder/docker-compose-base.yml +++ b/compose-builder/docker-compose-base.yml @@ -65,7 +65,7 @@ services: security_opt: - no-new-privileges:true - notifications: + support-notifications: image: ${CORE_EDGEX_REPOSITORY}/support-notifications${ARCH}:${CORE_EDGEX_VERSION} user: "${EDGEX_USER}:${EDGEX_GROUP}" ports: @@ -86,7 +86,7 @@ services: security_opt: - no-new-privileges:true - metadata: + core-metadata: image: ${CORE_EDGEX_REPOSITORY}/core-metadata${ARCH}:${CORE_EDGEX_VERSION} user: "${EDGEX_USER}:${EDGEX_GROUP}" ports: @@ -107,7 +107,7 @@ services: security_opt: - no-new-privileges:true - data: + core-data: image: ${CORE_EDGEX_REPOSITORY}/core-data${ARCH}:${CORE_EDGEX_VERSION} user: "${EDGEX_USER}:${EDGEX_GROUP}" ports: @@ -125,11 +125,11 @@ services: depends_on: - consul - database - - metadata + - core-metadata security_opt: - no-new-privileges:true - command: + core-command: image: ${CORE_EDGEX_REPOSITORY}/core-command${ARCH}:${CORE_EDGEX_VERSION} user: "${EDGEX_USER}:${EDGEX_GROUP}" ports: @@ -148,11 +148,11 @@ services: depends_on: - consul - database - - metadata + - core-metadata security_opt: - no-new-privileges:true - common-config: + core-common-config-bootstrapper: image: ${CORE_EDGEX_REPOSITORY}/core-common-config-bootstrapper${ARCH}:${CORE_EDGEX_VERSION} user: "${EDGEX_USER}:${EDGEX_GROUP}" container_name: edgex-core-common-config-bootstrapper @@ -173,7 +173,7 @@ services: security_opt: - no-new-privileges:true - scheduler: + support-scheduler: image: ${CORE_EDGEX_REPOSITORY}/support-scheduler${ARCH}:${CORE_EDGEX_VERSION} user: "${EDGEX_USER}:${EDGEX_GROUP}" ports: @@ -196,7 +196,7 @@ services: security_opt: - no-new-privileges:true - app-service-rules: + app-rules-engine: image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION} user: "${EDGEX_USER}:${EDGEX_GROUP}" ports: @@ -214,11 +214,11 @@ services: SERVICE_HOST: edgex-app-rules-engine depends_on: - consul - - data + - core-data security_opt: - no-new-privileges:true - rulesengine: + rules-engine: image: lfedge/ekuiper:${KUIPER_VERSION} user: "kuiper:kuiper" ports: diff --git a/compose-builder/gen_secure_compose_ext.sh b/compose-builder/gen_secure_compose_ext.sh index b9db8a99..6feb2271 100755 --- a/compose-builder/gen_secure_compose_ext.sh +++ b/compose-builder/gen_secure_compose_ext.sh @@ -58,7 +58,7 @@ fi # app-service-mqtt-export has non-empty env section if [ "$IS_MQTT_BUS" = "1" ]; then - if [ "$service_name" = "app-service-mqtt-export" ] || [ "$service_name" = "scalability-test-mqtt-export" ]; then + if [ "$service_name" = "app-service-mqtt-export" ] || [ "$service_name" = "app-scalability-test-mqtt-export" ]; then ENV_SECTION='environment:\r WRITABLE_INSECURESECRETS_MQTT_SECRETS_USERNAME: USERNAME_PLACEH_OLDER\r WRITABLE_INSECURESECRETS_MQTT_SECRETS_PASSWORD: PASSWORD_PLACE_HOLDER' sed -i 's/##${ENVIRONMENT_SECTION}/'"$ENV_SECTION"'/g' "$SERVICE_EXT_COMPOSE_PATH" fi diff --git a/docker-compose-arm64.yml b/docker-compose-arm64.yml index 6b03e74c..bcf77db9 100644 --- a/docker-compose-arm64.yml +++ b/docker-compose-arm64.yml @@ -26,7 +26,7 @@ # name: edgex services: - app-service-rules: + app-rules-engine: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -35,7 +35,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -87,7 +87,85 @@ services: bind: selinux: z create_host_path: true - command: + consul: + command: + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 + container_name: edgex-core-consul + depends_on: + security-bootstrapper: + condition: service_started + vault: + condition: service_started + entrypoint: + - /edgex-init/consul_wait_install.sh + environment: + ADD_REGISTRY_ACL_ROLES: "" + EDGEX_GROUP: "2001" + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json + STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json + STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-consul + image: consul:1.13 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + volume: {} + - type: bind + source: /tmp/edgex/secrets/edgex-consul + target: /tmp/edgex/secrets/edgex-consul + read_only: true + bind: + selinux: z + create_host_path: true + core-command: command: - /core-command - -cp=consul.http://edgex-core-consul:8500 @@ -96,14 +174,14 @@ services: depends_on: consul: condition: service_started - database: + core-metadata: condition: service_started - metadata: - condition: service_started - secretstore-setup: + database: condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: @@ -152,7 +230,7 @@ services: bind: selinux: z create_host_path: true - common-config: + core-common-config-bootstrapper: command: - /entrypoint.sh - /core-common-config-bootstrapper @@ -161,10 +239,10 @@ services: depends_on: consul: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: @@ -209,108 +287,92 @@ services: bind: selinux: z create_host_path: true - consul: + core-data: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 - container_name: edgex-core-consul + - /core-data + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-core-data depends_on: + consul: + condition: service_started + core-metadata: + condition: service_started + database: + condition: service_started security-bootstrapper: condition: service_started - vault: + security-secretstore-setup: condition: service_started entrypoint: - - /edgex-init/consul_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: - ADD_REGISTRY_ACL_ROLES: "" - EDGEX_GROUP: "2001" EDGEX_SECURITY_SECRET_STORE: "true" - EDGEX_USER: "2002" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-data STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json - STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json - STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-consul - image: consul:1.13 + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 8500 - published: "8500" + target: 59880 + published: "59880" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: root:root + user: 2002:2001 volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - volume: {} - type: bind - source: /tmp/edgex/secrets/edgex-consul - target: /tmp/edgex/secrets/edgex-consul + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data read_only: true bind: selinux: z create_host_path: true - data: + core-metadata: command: - - /core-data + - /core-metadata - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: edgex-core-data + container_name: edgex-core-metadata depends_on: consul: condition: service_started database: condition: service_started - metadata: - condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-core-data + SERVICE_HOST: edgex-core-metadata STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -323,15 +385,15 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59880 - published: "59880" + target: 59881 + published: "59881" protocol: tcp read_only: true restart: always @@ -345,8 +407,8 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets/core-data - target: /tmp/edgex/secrets/core-data + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata read_only: true bind: selinux: z @@ -354,10 +416,10 @@ services: database: container_name: edgex-redis depends_on: - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/redis_wait_install.sh environment: @@ -425,9 +487,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -487,9 +549,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -540,68 +602,6 @@ services: bind: selinux: z create_host_path: true - metadata: - command: - - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-core-metadata - depends_on: - consul: - condition: service_started - database: - condition: service_started - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-core-metadata - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/core-metadata - target: /tmp/edgex/secrets/core-metadata - read_only: true - bind: - selinux: z - create_host_path: true nginx: command: - /docker-entrypoint.sh @@ -610,7 +610,7 @@ services: - daemon off; container_name: edgex-nginx depends_on: - secretstore-setup: + security-secretstore-setup: condition: service_started entrypoint: - /bin/sh @@ -663,28 +663,30 @@ services: source: nginx-tls target: /etc/ssl/nginx volume: {} - notifications: - command: - - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-support-notifications + rules-engine: + container_name: edgex-kuiper depends_on: - consul: - condition: service_started database: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/kuiper_wait_install.sh environment: - EDGEX_SECURITY_SECRET_STORE: "true" + CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" + CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis + CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis + CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis + EDGEX__DEFAULT__PORT: "6379" + EDGEX__DEFAULT__PROTOCOL: redis + EDGEX__DEFAULT__SERVER: edgex-redis + EDGEX__DEFAULT__TOPIC: edgex/rules-events + EDGEX__DEFAULT__TYPE: redis + KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__RESTPORT: "59720" PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-support-notifications STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -697,35 +699,84 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest + hostname: edgex-kuiper + image: lfedge/ekuiper:1.9-alpine networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59860 - published: "59860" + target: 59720 + published: "59720" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: 2002:2001 + user: kuiper:kuiper volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - - type: bind - source: /tmp/edgex/secrets/support-notifications - target: /tmp/edgex/secrets/support-notifications - read_only: true - bind: - selinux: z - create_host_path: true - proxy-auth: + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-connections + target: /kuiper/etc/connections + volume: {} + - type: volume + source: kuiper-sources + target: /kuiper/etc/sources + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + security-bootstrapper: + container_name: edgex-security-bootstrapper + environment: + EDGEX_GROUP: "2001" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-bootstrapper + image: nexus3.edgexfoundry.org:10004/security-bootstrapper-arm64:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + security-proxy-auth: command: - entrypoint.sh - /security-proxy-auth @@ -733,7 +784,7 @@ services: - --registry container_name: edgex-proxy-auth depends_on: - secretstore-setup: + security-secretstore-setup: condition: service_started entrypoint: - /bin/sh @@ -782,13 +833,13 @@ services: bind: selinux: z create_host_path: true - proxy-setup: + security-proxy-setup: container_name: edgex-security-proxy-setup depends_on: - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/proxy_setup_wait_install.sh environment: @@ -855,30 +906,22 @@ services: target: /tmp/edgex/secrets/consul-acl-token read_only: true volume: {} - rulesengine: - container_name: edgex-kuiper + security-secretstore-setup: + container_name: edgex-security-secretstore-setup depends_on: - database: - condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started - entrypoint: - - /edgex-init/kuiper_wait_install.sh + vault: + condition: service_started environment: - CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" - CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis - CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis - CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis - EDGEX__DEFAULT__PORT: "6379" - EDGEX__DEFAULT__PROTOCOL: redis - EDGEX__DEFAULT__SERVER: edgex-redis - EDGEX__DEFAULT__TOPIC: edgex/rules-events - EDGEX__DEFAULT__TYPE: redis - KUIPER__BASIC__CONSOLELOG: "true" - KUIPER__BASIC__RESTPORT: "59720" + ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[device-rest],message-bus[device-rest],redisdb[device-virtual],message-bus[device-virtual] + ADD_SECRETSTORE_TOKENS: "" + EDGEX_GROUP: "2001" + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_USER: "2002" PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SECUREMESSAGEBUS_TYPE: redis STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -891,75 +934,64 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-kuiper - image: lfedge/ekuiper:1.9-alpine + hostname: edgex-security-secretstore-setup + image: nexus3.edgexfoundry.org:10004/security-secretstore-setup-arm64:latest networks: edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59720 - published: "59720" - protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: kuiper:kuiper + tmpfs: + - /run + - /vault + user: root:root volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - - type: volume - source: kuiper-data - target: /kuiper/data - volume: {} - - type: volume - source: kuiper-etc - target: /kuiper/etc - volume: {} - - type: volume - source: kuiper-connections - target: /kuiper/etc/connections - volume: {} + - type: bind + source: /tmp/edgex/secrets + target: /tmp/edgex/secrets + bind: + selinux: z + create_host_path: true - type: volume source: kuiper-sources - target: /kuiper/etc/sources + target: /tmp/kuiper volume: {} - type: volume - source: kuiper-log - target: /kuiper/log + source: kuiper-connections + target: /tmp/kuiper-connections volume: {} - type: volume - source: kuiper-plugins - target: /kuiper/plugins + source: vault-config + target: /vault/config volume: {} - scheduler: + support-notifications: command: - - /support-scheduler + - /support-notifications - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: edgex-support-scheduler + container_name: edgex-support-notifications depends_on: consul: condition: service_started database: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" - INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data - INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-support-scheduler + SERVICE_HOST: edgex-support-notifications STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -972,15 +1004,15 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-scheduler - image: nexus3.edgexfoundry.org:10004/support-scheduler-arm64:latest + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59861 - published: "59861" + target: 59860 + published: "59860" protocol: tcp read_only: true restart: always @@ -994,28 +1026,36 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets/support-scheduler - target: /tmp/edgex/secrets/support-scheduler + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications read_only: true bind: selinux: z create_host_path: true - secretstore-setup: - container_name: edgex-security-secretstore-setup + support-scheduler: + command: + - /support-scheduler + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-support-scheduler depends_on: + consul: + condition: service_started + database: + condition: service_started security-bootstrapper: condition: service_started - vault: + security-secretstore-setup: condition: service_started + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh environment: - ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[device-rest],message-bus[device-rest],redisdb[device-virtual],message-bus[device-virtual] - ADD_SECRETSTORE_TOKENS: "" - EDGEX_GROUP: "2001" EDGEX_SECURITY_SECRET_STORE: "true" - EDGEX_USER: "2002" + INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data + INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SECUREMESSAGEBUS_TYPE: redis + SERVICE_HOST: edgex-support-scheduler STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -1028,18 +1068,21 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-secretstore-setup - image: nexus3.edgexfoundry.org:10004/security-secretstore-setup-arm64:latest + hostname: edgex-support-scheduler + image: nexus3.edgexfoundry.org:10004/support-scheduler-arm64:latest networks: edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - tmpfs: - - /run - - /vault - user: root:root + user: 2002:2001 volumes: - type: volume source: edgex-init @@ -1047,55 +1090,12 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets - target: /tmp/edgex/secrets + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true bind: selinux: z create_host_path: true - - type: volume - source: kuiper-sources - target: /tmp/kuiper - volume: {} - - type: volume - source: kuiper-connections - target: /tmp/kuiper-connections - volume: {} - - type: volume - source: vault-config - target: /vault/config - volume: {} - security-bootstrapper: - container_name: edgex-security-bootstrapper - environment: - EDGEX_GROUP: "2001" - EDGEX_USER: "2002" - PROXY_SETUP_HOST: edgex-security-proxy-setup - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-bootstrapper - image: nexus3.edgexfoundry.org:10004/security-bootstrapper-arm64:latest - networks: - edgex-network: null - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: edgex-init - target: /edgex-init - volume: {} ui: container_name: edgex-ui-go environment: diff --git a/docker-compose-no-secty-arm64.yml b/docker-compose-no-secty-arm64.yml index 6226a89f..1657253b 100644 --- a/docker-compose-no-secty-arm64.yml +++ b/docker-compose-no-secty-arm64.yml @@ -26,12 +26,12 @@ # name: edgex services: - app-service-rules: + app-rules-engine: container_name: edgex-app-rules-engine depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: rules-engine @@ -52,14 +52,47 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - command: + consul: + command: + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 + container_name: edgex-core-consul + hostname: edgex-core-consul + image: consul:1.13 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + core-command: container_name: edgex-core-command depends_on: consul: condition: service_started - database: + core-metadata: condition: service_started - metadata: + database: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -80,7 +113,7 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - common-config: + core-common-config-bootstrapper: container_name: edgex-core-common-config-bootstrapper depends_on: consul: @@ -100,60 +133,52 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - consul: - command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 - container_name: edgex-core-consul - hostname: edgex-core-consul - image: consul:1.13 + core-data: + container_name: edgex-core-data + depends_on: + consul: + condition: service_started + core-metadata: + condition: service_started + database: + condition: service_started + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-core-data + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 8500 - published: "8500" + target: 59880 + published: "59880" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - data: - container_name: edgex-core-data + user: 2002:2001 + core-metadata: + container_name: edgex-core-metadata depends_on: consul: condition: service_started database: condition: service_started - metadata: - condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-core-data - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest + SERVICE_HOST: edgex-core-metadata + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59880 - published: "59880" + target: 59881 + published: "59881" protocol: tcp read_only: true restart: always @@ -187,9 +212,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -214,9 +239,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -236,57 +261,7 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - metadata: - container_name: edgex-core-metadata - depends_on: - consul: - condition: service_started - database: - condition: service_started - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-core-metadata - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - notifications: - container_name: edgex-support-notifications - depends_on: - consul: - condition: service_started - database: - condition: service_started - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-support-notifications - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - rulesengine: + rules-engine: container_name: edgex-kuiper depends_on: database: @@ -335,7 +310,32 @@ services: source: kuiper-plugins target: /kuiper/plugins volume: {} - scheduler: + support-notifications: + container_name: edgex-support-notifications + depends_on: + consul: + condition: service_started + database: + condition: service_started + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-support-notifications + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + support-scheduler: container_name: edgex-support-scheduler depends_on: consul: diff --git a/docker-compose-no-secty-with-app-sample-arm64.yml b/docker-compose-no-secty-with-app-sample-arm64.yml index 1cb960f7..9eb20b2a 100644 --- a/docker-compose-no-secty-with-app-sample-arm64.yml +++ b/docker-compose-no-secty-with-app-sample-arm64.yml @@ -26,12 +26,12 @@ # name: edgex services: - app-service-rules: + app-rules-engine: container_name: edgex-app-rules-engine depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: rules-engine @@ -52,12 +52,12 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-sample: + app-sample: container_name: edgex-app-sample depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: CLIENTS_CORE_COMMAND_HOST: edgex-core-command @@ -81,14 +81,47 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - command: + consul: + command: + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 + container_name: edgex-core-consul + hostname: edgex-core-consul + image: consul:1.13 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + core-command: container_name: edgex-core-command depends_on: consul: condition: service_started - database: + core-metadata: condition: service_started - metadata: + database: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -109,7 +142,7 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - common-config: + core-common-config-bootstrapper: container_name: edgex-core-common-config-bootstrapper depends_on: consul: @@ -129,60 +162,52 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - consul: - command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 - container_name: edgex-core-consul - hostname: edgex-core-consul - image: consul:1.13 + core-data: + container_name: edgex-core-data + depends_on: + consul: + condition: service_started + core-metadata: + condition: service_started + database: + condition: service_started + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-core-data + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 8500 - published: "8500" + target: 59880 + published: "59880" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - data: - container_name: edgex-core-data + user: 2002:2001 + core-metadata: + container_name: edgex-core-metadata depends_on: consul: condition: service_started database: condition: service_started - metadata: - condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-core-data - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest + SERVICE_HOST: edgex-core-metadata + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59880 - published: "59880" + target: 59881 + published: "59881" protocol: tcp read_only: true restart: always @@ -216,9 +241,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -243,9 +268,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -265,57 +290,7 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - metadata: - container_name: edgex-core-metadata - depends_on: - consul: - condition: service_started - database: - condition: service_started - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-core-metadata - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - notifications: - container_name: edgex-support-notifications - depends_on: - consul: - condition: service_started - database: - condition: service_started - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-support-notifications - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - rulesengine: + rules-engine: container_name: edgex-kuiper depends_on: database: @@ -364,7 +339,32 @@ services: source: kuiper-plugins target: /kuiper/plugins volume: {} - scheduler: + support-notifications: + container_name: edgex-support-notifications + depends_on: + consul: + condition: service_started + database: + condition: service_started + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-support-notifications + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + support-scheduler: container_name: edgex-support-scheduler depends_on: consul: diff --git a/docker-compose-no-secty-with-app-sample.yml b/docker-compose-no-secty-with-app-sample.yml index 0a5f22c5..c8e558a4 100644 --- a/docker-compose-no-secty-with-app-sample.yml +++ b/docker-compose-no-secty-with-app-sample.yml @@ -26,12 +26,12 @@ # name: edgex services: - app-service-rules: + app-rules-engine: container_name: edgex-app-rules-engine depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: rules-engine @@ -52,12 +52,12 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-sample: + app-sample: container_name: edgex-app-sample depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: CLIENTS_CORE_COMMAND_HOST: edgex-core-command @@ -81,14 +81,47 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - command: + consul: + command: + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 + container_name: edgex-core-consul + hostname: edgex-core-consul + image: consul:1.13 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + core-command: container_name: edgex-core-command depends_on: consul: condition: service_started - database: + core-metadata: condition: service_started - metadata: + database: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -109,7 +142,7 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - common-config: + core-common-config-bootstrapper: container_name: edgex-core-common-config-bootstrapper depends_on: consul: @@ -129,60 +162,52 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - consul: - command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 - container_name: edgex-core-consul - hostname: edgex-core-consul - image: consul:1.13 + core-data: + container_name: edgex-core-data + depends_on: + consul: + condition: service_started + core-metadata: + condition: service_started + database: + condition: service_started + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-core-data + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 8500 - published: "8500" + target: 59880 + published: "59880" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - data: - container_name: edgex-core-data + user: 2002:2001 + core-metadata: + container_name: edgex-core-metadata depends_on: consul: condition: service_started database: condition: service_started - metadata: - condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-core-data - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data:latest + SERVICE_HOST: edgex-core-metadata + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59880 - published: "59880" + target: 59881 + published: "59881" protocol: tcp read_only: true restart: always @@ -216,9 +241,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -243,9 +268,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -265,57 +290,7 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - metadata: - container_name: edgex-core-metadata - depends_on: - consul: - condition: service_started - database: - condition: service_started - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-core-metadata - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - notifications: - container_name: edgex-support-notifications - depends_on: - consul: - condition: service_started - database: - condition: service_started - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-support-notifications - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - rulesengine: + rules-engine: container_name: edgex-kuiper depends_on: database: @@ -364,7 +339,32 @@ services: source: kuiper-plugins target: /kuiper/plugins volume: {} - scheduler: + support-notifications: + container_name: edgex-support-notifications + depends_on: + consul: + condition: service_started + database: + condition: service_started + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-support-notifications + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + support-scheduler: container_name: edgex-support-scheduler depends_on: consul: diff --git a/docker-compose-no-secty.yml b/docker-compose-no-secty.yml index 0d12be93..9bd276a4 100644 --- a/docker-compose-no-secty.yml +++ b/docker-compose-no-secty.yml @@ -26,12 +26,12 @@ # name: edgex services: - app-service-rules: + app-rules-engine: container_name: edgex-app-rules-engine depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: rules-engine @@ -52,14 +52,47 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - command: + consul: + command: + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 + container_name: edgex-core-consul + hostname: edgex-core-consul + image: consul:1.13 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + core-command: container_name: edgex-core-command depends_on: consul: condition: service_started - database: + core-metadata: condition: service_started - metadata: + database: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -80,7 +113,7 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - common-config: + core-common-config-bootstrapper: container_name: edgex-core-common-config-bootstrapper depends_on: consul: @@ -100,60 +133,52 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - consul: - command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 - container_name: edgex-core-consul - hostname: edgex-core-consul - image: consul:1.13 + core-data: + container_name: edgex-core-data + depends_on: + consul: + condition: service_started + core-metadata: + condition: service_started + database: + condition: service_started + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-core-data + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 8500 - published: "8500" + target: 59880 + published: "59880" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - data: - container_name: edgex-core-data + user: 2002:2001 + core-metadata: + container_name: edgex-core-metadata depends_on: consul: condition: service_started database: condition: service_started - metadata: - condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-core-data - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data:latest + SERVICE_HOST: edgex-core-metadata + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59880 - published: "59880" + target: 59881 + published: "59881" protocol: tcp read_only: true restart: always @@ -187,9 +212,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -214,9 +239,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -236,57 +261,7 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - metadata: - container_name: edgex-core-metadata - depends_on: - consul: - condition: service_started - database: - condition: service_started - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-core-metadata - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - notifications: - container_name: edgex-support-notifications - depends_on: - consul: - condition: service_started - database: - condition: service_started - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-support-notifications - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - rulesengine: + rules-engine: container_name: edgex-kuiper depends_on: database: @@ -335,7 +310,32 @@ services: source: kuiper-plugins target: /kuiper/plugins volume: {} - scheduler: + support-notifications: + container_name: edgex-support-notifications + depends_on: + consul: + condition: service_started + database: + condition: service_started + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-support-notifications + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + support-scheduler: container_name: edgex-support-scheduler depends_on: consul: diff --git a/docker-compose-with-app-sample-arm64.yml b/docker-compose-with-app-sample-arm64.yml index 95006b9c..3f0442f2 100644 --- a/docker-compose-with-app-sample-arm64.yml +++ b/docker-compose-with-app-sample-arm64.yml @@ -26,7 +26,7 @@ # name: edgex services: - app-service-rules: + app-rules-engine: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -35,7 +35,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -87,7 +87,7 @@ services: bind: selinux: z create_host_path: true - app-service-sample: + app-sample: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -96,7 +96,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -151,7 +151,85 @@ services: bind: selinux: z create_host_path: true - command: + consul: + command: + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 + container_name: edgex-core-consul + depends_on: + security-bootstrapper: + condition: service_started + vault: + condition: service_started + entrypoint: + - /edgex-init/consul_wait_install.sh + environment: + ADD_REGISTRY_ACL_ROLES: app-sample + EDGEX_GROUP: "2001" + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json + STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json + STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-consul + image: consul:1.13 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + volume: {} + - type: bind + source: /tmp/edgex/secrets/edgex-consul + target: /tmp/edgex/secrets/edgex-consul + read_only: true + bind: + selinux: z + create_host_path: true + core-command: command: - /core-command - -cp=consul.http://edgex-core-consul:8500 @@ -160,14 +238,14 @@ services: depends_on: consul: condition: service_started - database: + core-metadata: condition: service_started - metadata: - condition: service_started - secretstore-setup: + database: condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: @@ -216,7 +294,7 @@ services: bind: selinux: z create_host_path: true - common-config: + core-common-config-bootstrapper: command: - /entrypoint.sh - /core-common-config-bootstrapper @@ -225,10 +303,10 @@ services: depends_on: consul: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: @@ -273,108 +351,92 @@ services: bind: selinux: z create_host_path: true - consul: + core-data: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 - container_name: edgex-core-consul + - /core-data + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-core-data depends_on: + consul: + condition: service_started + core-metadata: + condition: service_started + database: + condition: service_started security-bootstrapper: condition: service_started - vault: + security-secretstore-setup: condition: service_started entrypoint: - - /edgex-init/consul_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: - ADD_REGISTRY_ACL_ROLES: app-sample - EDGEX_GROUP: "2001" EDGEX_SECURITY_SECRET_STORE: "true" - EDGEX_USER: "2002" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-data STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json - STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json - STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-consul - image: consul:1.13 + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 8500 - published: "8500" + target: 59880 + published: "59880" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: root:root + user: 2002:2001 volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - volume: {} - type: bind - source: /tmp/edgex/secrets/edgex-consul - target: /tmp/edgex/secrets/edgex-consul + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data read_only: true bind: selinux: z create_host_path: true - data: + core-metadata: command: - - /core-data + - /core-metadata - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: edgex-core-data + container_name: edgex-core-metadata depends_on: consul: condition: service_started database: condition: service_started - metadata: - condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-core-data + SERVICE_HOST: edgex-core-metadata STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -387,15 +449,15 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59880 - published: "59880" + target: 59881 + published: "59881" protocol: tcp read_only: true restart: always @@ -409,8 +471,8 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets/core-data - target: /tmp/edgex/secrets/core-data + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata read_only: true bind: selinux: z @@ -418,10 +480,10 @@ services: database: container_name: edgex-redis depends_on: - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/redis_wait_install.sh environment: @@ -489,9 +551,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -551,9 +613,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -604,68 +666,6 @@ services: bind: selinux: z create_host_path: true - metadata: - command: - - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-core-metadata - depends_on: - consul: - condition: service_started - database: - condition: service_started - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-core-metadata - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/core-metadata - target: /tmp/edgex/secrets/core-metadata - read_only: true - bind: - selinux: z - create_host_path: true nginx: command: - /docker-entrypoint.sh @@ -674,7 +674,7 @@ services: - daemon off; container_name: edgex-nginx depends_on: - secretstore-setup: + security-secretstore-setup: condition: service_started entrypoint: - /bin/sh @@ -727,28 +727,30 @@ services: source: nginx-tls target: /etc/ssl/nginx volume: {} - notifications: - command: - - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-support-notifications + rules-engine: + container_name: edgex-kuiper depends_on: - consul: - condition: service_started database: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/kuiper_wait_install.sh environment: - EDGEX_SECURITY_SECRET_STORE: "true" + CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" + CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis + CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis + CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis + EDGEX__DEFAULT__PORT: "6379" + EDGEX__DEFAULT__PROTOCOL: redis + EDGEX__DEFAULT__SERVER: edgex-redis + EDGEX__DEFAULT__TOPIC: edgex/rules-events + EDGEX__DEFAULT__TYPE: redis + KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__RESTPORT: "59720" PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-support-notifications STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -761,35 +763,84 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest + hostname: edgex-kuiper + image: lfedge/ekuiper:1.9-alpine networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59860 - published: "59860" + target: 59720 + published: "59720" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: 2002:2001 + user: kuiper:kuiper volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - - type: bind - source: /tmp/edgex/secrets/support-notifications - target: /tmp/edgex/secrets/support-notifications - read_only: true - bind: - selinux: z - create_host_path: true - proxy-auth: + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-connections + target: /kuiper/etc/connections + volume: {} + - type: volume + source: kuiper-sources + target: /kuiper/etc/sources + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + security-bootstrapper: + container_name: edgex-security-bootstrapper + environment: + EDGEX_GROUP: "2001" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-bootstrapper + image: nexus3.edgexfoundry.org:10004/security-bootstrapper-arm64:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + security-proxy-auth: command: - entrypoint.sh - /security-proxy-auth @@ -797,7 +848,7 @@ services: - --registry container_name: edgex-proxy-auth depends_on: - secretstore-setup: + security-secretstore-setup: condition: service_started entrypoint: - /bin/sh @@ -846,13 +897,13 @@ services: bind: selinux: z create_host_path: true - proxy-setup: + security-proxy-setup: container_name: edgex-security-proxy-setup depends_on: - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/proxy_setup_wait_install.sh environment: @@ -919,30 +970,22 @@ services: target: /tmp/edgex/secrets/consul-acl-token read_only: true volume: {} - rulesengine: - container_name: edgex-kuiper + security-secretstore-setup: + container_name: edgex-security-secretstore-setup depends_on: - database: - condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started - entrypoint: - - /edgex-init/kuiper_wait_install.sh + vault: + condition: service_started environment: - CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" - CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis - CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis - CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis - EDGEX__DEFAULT__PORT: "6379" - EDGEX__DEFAULT__PROTOCOL: redis - EDGEX__DEFAULT__SERVER: edgex-redis - EDGEX__DEFAULT__TOPIC: edgex/rules-events - EDGEX__DEFAULT__TYPE: redis - KUIPER__BASIC__CONSOLELOG: "true" - KUIPER__BASIC__RESTPORT: "59720" + ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[device-rest],message-bus[device-rest],redisdb[device-virtual],message-bus[device-virtual],redisdb[app-sample],message-bus[app-sample] + ADD_SECRETSTORE_TOKENS: app-sample + EDGEX_GROUP: "2001" + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_USER: "2002" PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SECUREMESSAGEBUS_TYPE: redis STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -955,75 +998,64 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-kuiper - image: lfedge/ekuiper:1.9-alpine + hostname: edgex-security-secretstore-setup + image: nexus3.edgexfoundry.org:10004/security-secretstore-setup-arm64:latest networks: edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59720 - published: "59720" - protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: kuiper:kuiper + tmpfs: + - /run + - /vault + user: root:root volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - - type: volume - source: kuiper-data - target: /kuiper/data - volume: {} - - type: volume - source: kuiper-etc - target: /kuiper/etc - volume: {} - - type: volume - source: kuiper-connections - target: /kuiper/etc/connections - volume: {} + - type: bind + source: /tmp/edgex/secrets + target: /tmp/edgex/secrets + bind: + selinux: z + create_host_path: true - type: volume source: kuiper-sources - target: /kuiper/etc/sources + target: /tmp/kuiper volume: {} - type: volume - source: kuiper-log - target: /kuiper/log + source: kuiper-connections + target: /tmp/kuiper-connections volume: {} - type: volume - source: kuiper-plugins - target: /kuiper/plugins + source: vault-config + target: /vault/config volume: {} - scheduler: + support-notifications: command: - - /support-scheduler + - /support-notifications - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: edgex-support-scheduler + container_name: edgex-support-notifications depends_on: consul: condition: service_started database: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" - INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data - INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-support-scheduler + SERVICE_HOST: edgex-support-notifications STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -1036,15 +1068,15 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-scheduler - image: nexus3.edgexfoundry.org:10004/support-scheduler-arm64:latest + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59861 - published: "59861" + target: 59860 + published: "59860" protocol: tcp read_only: true restart: always @@ -1058,28 +1090,36 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets/support-scheduler - target: /tmp/edgex/secrets/support-scheduler + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications read_only: true bind: selinux: z create_host_path: true - secretstore-setup: - container_name: edgex-security-secretstore-setup + support-scheduler: + command: + - /support-scheduler + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-support-scheduler depends_on: + consul: + condition: service_started + database: + condition: service_started security-bootstrapper: condition: service_started - vault: + security-secretstore-setup: condition: service_started + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh environment: - ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[device-rest],message-bus[device-rest],redisdb[device-virtual],message-bus[device-virtual],redisdb[app-sample],message-bus[app-sample] - ADD_SECRETSTORE_TOKENS: app-sample - EDGEX_GROUP: "2001" EDGEX_SECURITY_SECRET_STORE: "true" - EDGEX_USER: "2002" + INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data + INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SECUREMESSAGEBUS_TYPE: redis + SERVICE_HOST: edgex-support-scheduler STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -1092,18 +1132,21 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-secretstore-setup - image: nexus3.edgexfoundry.org:10004/security-secretstore-setup-arm64:latest + hostname: edgex-support-scheduler + image: nexus3.edgexfoundry.org:10004/support-scheduler-arm64:latest networks: edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - tmpfs: - - /run - - /vault - user: root:root + user: 2002:2001 volumes: - type: volume source: edgex-init @@ -1111,55 +1154,12 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets - target: /tmp/edgex/secrets + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true bind: selinux: z create_host_path: true - - type: volume - source: kuiper-sources - target: /tmp/kuiper - volume: {} - - type: volume - source: kuiper-connections - target: /tmp/kuiper-connections - volume: {} - - type: volume - source: vault-config - target: /vault/config - volume: {} - security-bootstrapper: - container_name: edgex-security-bootstrapper - environment: - EDGEX_GROUP: "2001" - EDGEX_USER: "2002" - PROXY_SETUP_HOST: edgex-security-proxy-setup - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-bootstrapper - image: nexus3.edgexfoundry.org:10004/security-bootstrapper-arm64:latest - networks: - edgex-network: null - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: edgex-init - target: /edgex-init - volume: {} ui: container_name: edgex-ui-go environment: diff --git a/docker-compose-with-app-sample.yml b/docker-compose-with-app-sample.yml index 46cb8898..fa169144 100644 --- a/docker-compose-with-app-sample.yml +++ b/docker-compose-with-app-sample.yml @@ -26,7 +26,7 @@ # name: edgex services: - app-service-rules: + app-rules-engine: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -35,7 +35,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -87,7 +87,7 @@ services: bind: selinux: z create_host_path: true - app-service-sample: + app-sample: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -96,7 +96,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -151,7 +151,85 @@ services: bind: selinux: z create_host_path: true - command: + consul: + command: + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 + container_name: edgex-core-consul + depends_on: + security-bootstrapper: + condition: service_started + vault: + condition: service_started + entrypoint: + - /edgex-init/consul_wait_install.sh + environment: + ADD_REGISTRY_ACL_ROLES: app-sample + EDGEX_GROUP: "2001" + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json + STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json + STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-consul + image: consul:1.13 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + volume: {} + - type: bind + source: /tmp/edgex/secrets/edgex-consul + target: /tmp/edgex/secrets/edgex-consul + read_only: true + bind: + selinux: z + create_host_path: true + core-command: command: - /core-command - -cp=consul.http://edgex-core-consul:8500 @@ -160,14 +238,14 @@ services: depends_on: consul: condition: service_started - database: + core-metadata: condition: service_started - metadata: - condition: service_started - secretstore-setup: + database: condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: @@ -216,7 +294,7 @@ services: bind: selinux: z create_host_path: true - common-config: + core-common-config-bootstrapper: command: - /entrypoint.sh - /core-common-config-bootstrapper @@ -225,10 +303,10 @@ services: depends_on: consul: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: @@ -273,108 +351,92 @@ services: bind: selinux: z create_host_path: true - consul: + core-data: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 - container_name: edgex-core-consul + - /core-data + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-core-data depends_on: + consul: + condition: service_started + core-metadata: + condition: service_started + database: + condition: service_started security-bootstrapper: condition: service_started - vault: + security-secretstore-setup: condition: service_started entrypoint: - - /edgex-init/consul_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: - ADD_REGISTRY_ACL_ROLES: app-sample - EDGEX_GROUP: "2001" EDGEX_SECURITY_SECRET_STORE: "true" - EDGEX_USER: "2002" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-data STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json - STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json - STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-consul - image: consul:1.13 + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 8500 - published: "8500" + target: 59880 + published: "59880" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: root:root + user: 2002:2001 volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - volume: {} - type: bind - source: /tmp/edgex/secrets/edgex-consul - target: /tmp/edgex/secrets/edgex-consul + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data read_only: true bind: selinux: z create_host_path: true - data: + core-metadata: command: - - /core-data + - /core-metadata - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: edgex-core-data + container_name: edgex-core-metadata depends_on: consul: condition: service_started database: condition: service_started - metadata: - condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-core-data + SERVICE_HOST: edgex-core-metadata STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -387,15 +449,15 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data:latest + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59880 - published: "59880" + target: 59881 + published: "59881" protocol: tcp read_only: true restart: always @@ -409,8 +471,8 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets/core-data - target: /tmp/edgex/secrets/core-data + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata read_only: true bind: selinux: z @@ -418,10 +480,10 @@ services: database: container_name: edgex-redis depends_on: - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/redis_wait_install.sh environment: @@ -489,9 +551,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -551,9 +613,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -604,68 +666,6 @@ services: bind: selinux: z create_host_path: true - metadata: - command: - - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-core-metadata - depends_on: - consul: - condition: service_started - database: - condition: service_started - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-core-metadata - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/core-metadata - target: /tmp/edgex/secrets/core-metadata - read_only: true - bind: - selinux: z - create_host_path: true nginx: command: - /docker-entrypoint.sh @@ -674,7 +674,7 @@ services: - daemon off; container_name: edgex-nginx depends_on: - secretstore-setup: + security-secretstore-setup: condition: service_started entrypoint: - /bin/sh @@ -727,28 +727,30 @@ services: source: nginx-tls target: /etc/ssl/nginx volume: {} - notifications: - command: - - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-support-notifications + rules-engine: + container_name: edgex-kuiper depends_on: - consul: - condition: service_started database: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/kuiper_wait_install.sh environment: - EDGEX_SECURITY_SECRET_STORE: "true" + CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" + CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis + CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis + CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis + EDGEX__DEFAULT__PORT: "6379" + EDGEX__DEFAULT__PROTOCOL: redis + EDGEX__DEFAULT__SERVER: edgex-redis + EDGEX__DEFAULT__TOPIC: edgex/rules-events + EDGEX__DEFAULT__TYPE: redis + KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__RESTPORT: "59720" PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-support-notifications STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -761,35 +763,84 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications:latest + hostname: edgex-kuiper + image: lfedge/ekuiper:1.9-alpine networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59860 - published: "59860" + target: 59720 + published: "59720" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: 2002:2001 + user: kuiper:kuiper volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - - type: bind - source: /tmp/edgex/secrets/support-notifications - target: /tmp/edgex/secrets/support-notifications - read_only: true - bind: - selinux: z - create_host_path: true - proxy-auth: + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-connections + target: /kuiper/etc/connections + volume: {} + - type: volume + source: kuiper-sources + target: /kuiper/etc/sources + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + security-bootstrapper: + container_name: edgex-security-bootstrapper + environment: + EDGEX_GROUP: "2001" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-bootstrapper + image: nexus3.edgexfoundry.org:10004/security-bootstrapper:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + security-proxy-auth: command: - entrypoint.sh - /security-proxy-auth @@ -797,7 +848,7 @@ services: - --registry container_name: edgex-proxy-auth depends_on: - secretstore-setup: + security-secretstore-setup: condition: service_started entrypoint: - /bin/sh @@ -846,13 +897,13 @@ services: bind: selinux: z create_host_path: true - proxy-setup: + security-proxy-setup: container_name: edgex-security-proxy-setup depends_on: - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/proxy_setup_wait_install.sh environment: @@ -919,30 +970,22 @@ services: target: /tmp/edgex/secrets/consul-acl-token read_only: true volume: {} - rulesengine: - container_name: edgex-kuiper + security-secretstore-setup: + container_name: edgex-security-secretstore-setup depends_on: - database: - condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started - entrypoint: - - /edgex-init/kuiper_wait_install.sh + vault: + condition: service_started environment: - CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" - CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis - CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis - CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis - EDGEX__DEFAULT__PORT: "6379" - EDGEX__DEFAULT__PROTOCOL: redis - EDGEX__DEFAULT__SERVER: edgex-redis - EDGEX__DEFAULT__TOPIC: edgex/rules-events - EDGEX__DEFAULT__TYPE: redis - KUIPER__BASIC__CONSOLELOG: "true" - KUIPER__BASIC__RESTPORT: "59720" + ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[device-rest],message-bus[device-rest],redisdb[device-virtual],message-bus[device-virtual],redisdb[app-sample],message-bus[app-sample] + ADD_SECRETSTORE_TOKENS: app-sample + EDGEX_GROUP: "2001" + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_USER: "2002" PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SECUREMESSAGEBUS_TYPE: redis STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -955,75 +998,64 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-kuiper - image: lfedge/ekuiper:1.9-alpine + hostname: edgex-security-secretstore-setup + image: nexus3.edgexfoundry.org:10004/security-secretstore-setup:latest networks: edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59720 - published: "59720" - protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: kuiper:kuiper + tmpfs: + - /run + - /vault + user: root:root volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - - type: volume - source: kuiper-data - target: /kuiper/data - volume: {} - - type: volume - source: kuiper-etc - target: /kuiper/etc - volume: {} - - type: volume - source: kuiper-connections - target: /kuiper/etc/connections - volume: {} + - type: bind + source: /tmp/edgex/secrets + target: /tmp/edgex/secrets + bind: + selinux: z + create_host_path: true - type: volume source: kuiper-sources - target: /kuiper/etc/sources + target: /tmp/kuiper volume: {} - type: volume - source: kuiper-log - target: /kuiper/log + source: kuiper-connections + target: /tmp/kuiper-connections volume: {} - type: volume - source: kuiper-plugins - target: /kuiper/plugins + source: vault-config + target: /vault/config volume: {} - scheduler: + support-notifications: command: - - /support-scheduler + - /support-notifications - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: edgex-support-scheduler + container_name: edgex-support-notifications depends_on: consul: condition: service_started database: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" - INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data - INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-support-scheduler + SERVICE_HOST: edgex-support-notifications STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -1036,15 +1068,15 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-scheduler - image: nexus3.edgexfoundry.org:10004/support-scheduler:latest + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59861 - published: "59861" + target: 59860 + published: "59860" protocol: tcp read_only: true restart: always @@ -1058,28 +1090,36 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets/support-scheduler - target: /tmp/edgex/secrets/support-scheduler + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications read_only: true bind: selinux: z create_host_path: true - secretstore-setup: - container_name: edgex-security-secretstore-setup + support-scheduler: + command: + - /support-scheduler + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-support-scheduler depends_on: + consul: + condition: service_started + database: + condition: service_started security-bootstrapper: condition: service_started - vault: + security-secretstore-setup: condition: service_started + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh environment: - ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[device-rest],message-bus[device-rest],redisdb[device-virtual],message-bus[device-virtual],redisdb[app-sample],message-bus[app-sample] - ADD_SECRETSTORE_TOKENS: app-sample - EDGEX_GROUP: "2001" EDGEX_SECURITY_SECRET_STORE: "true" - EDGEX_USER: "2002" + INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data + INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SECUREMESSAGEBUS_TYPE: redis + SERVICE_HOST: edgex-support-scheduler STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -1092,18 +1132,21 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-secretstore-setup - image: nexus3.edgexfoundry.org:10004/security-secretstore-setup:latest + hostname: edgex-support-scheduler + image: nexus3.edgexfoundry.org:10004/support-scheduler:latest networks: edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - tmpfs: - - /run - - /vault - user: root:root + user: 2002:2001 volumes: - type: volume source: edgex-init @@ -1111,55 +1154,12 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets - target: /tmp/edgex/secrets + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true bind: selinux: z create_host_path: true - - type: volume - source: kuiper-sources - target: /tmp/kuiper - volume: {} - - type: volume - source: kuiper-connections - target: /tmp/kuiper-connections - volume: {} - - type: volume - source: vault-config - target: /vault/config - volume: {} - security-bootstrapper: - container_name: edgex-security-bootstrapper - environment: - EDGEX_GROUP: "2001" - EDGEX_USER: "2002" - PROXY_SETUP_HOST: edgex-security-proxy-setup - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-bootstrapper - image: nexus3.edgexfoundry.org:10004/security-bootstrapper:latest - networks: - edgex-network: null - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: edgex-init - target: /edgex-init - volume: {} ui: container_name: edgex-ui-go environment: diff --git a/docker-compose.yml b/docker-compose.yml index ab59689d..15989ef0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -26,7 +26,7 @@ # name: edgex services: - app-service-rules: + app-rules-engine: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -35,7 +35,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -87,7 +87,85 @@ services: bind: selinux: z create_host_path: true - command: + consul: + command: + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 + container_name: edgex-core-consul + depends_on: + security-bootstrapper: + condition: service_started + vault: + condition: service_started + entrypoint: + - /edgex-init/consul_wait_install.sh + environment: + ADD_REGISTRY_ACL_ROLES: "" + EDGEX_GROUP: "2001" + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json + STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json + STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-consul + image: consul:1.13 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + volume: {} + - type: bind + source: /tmp/edgex/secrets/edgex-consul + target: /tmp/edgex/secrets/edgex-consul + read_only: true + bind: + selinux: z + create_host_path: true + core-command: command: - /core-command - -cp=consul.http://edgex-core-consul:8500 @@ -96,14 +174,14 @@ services: depends_on: consul: condition: service_started - database: + core-metadata: condition: service_started - metadata: - condition: service_started - secretstore-setup: + database: condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: @@ -152,7 +230,7 @@ services: bind: selinux: z create_host_path: true - common-config: + core-common-config-bootstrapper: command: - /entrypoint.sh - /core-common-config-bootstrapper @@ -161,10 +239,10 @@ services: depends_on: consul: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: @@ -209,108 +287,92 @@ services: bind: selinux: z create_host_path: true - consul: + core-data: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 - container_name: edgex-core-consul + - /core-data + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-core-data depends_on: + consul: + condition: service_started + core-metadata: + condition: service_started + database: + condition: service_started security-bootstrapper: condition: service_started - vault: + security-secretstore-setup: condition: service_started entrypoint: - - /edgex-init/consul_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: - ADD_REGISTRY_ACL_ROLES: "" - EDGEX_GROUP: "2001" EDGEX_SECURITY_SECRET_STORE: "true" - EDGEX_USER: "2002" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-data STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json - STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json - STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-consul - image: consul:1.13 + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 8500 - published: "8500" + target: 59880 + published: "59880" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: root:root + user: 2002:2001 volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - volume: {} - type: bind - source: /tmp/edgex/secrets/edgex-consul - target: /tmp/edgex/secrets/edgex-consul + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data read_only: true bind: selinux: z create_host_path: true - data: + core-metadata: command: - - /core-data + - /core-metadata - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: edgex-core-data + container_name: edgex-core-metadata depends_on: consul: condition: service_started database: condition: service_started - metadata: - condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-core-data + SERVICE_HOST: edgex-core-metadata STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -323,15 +385,15 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data:latest + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59880 - published: "59880" + target: 59881 + published: "59881" protocol: tcp read_only: true restart: always @@ -345,8 +407,8 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets/core-data - target: /tmp/edgex/secrets/core-data + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata read_only: true bind: selinux: z @@ -354,10 +416,10 @@ services: database: container_name: edgex-redis depends_on: - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/redis_wait_install.sh environment: @@ -425,9 +487,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -487,9 +549,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -540,68 +602,6 @@ services: bind: selinux: z create_host_path: true - metadata: - command: - - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-core-metadata - depends_on: - consul: - condition: service_started - database: - condition: service_started - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-core-metadata - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/core-metadata - target: /tmp/edgex/secrets/core-metadata - read_only: true - bind: - selinux: z - create_host_path: true nginx: command: - /docker-entrypoint.sh @@ -610,7 +610,7 @@ services: - daemon off; container_name: edgex-nginx depends_on: - secretstore-setup: + security-secretstore-setup: condition: service_started entrypoint: - /bin/sh @@ -663,28 +663,30 @@ services: source: nginx-tls target: /etc/ssl/nginx volume: {} - notifications: - command: - - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-support-notifications + rules-engine: + container_name: edgex-kuiper depends_on: - consul: - condition: service_started database: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/kuiper_wait_install.sh environment: - EDGEX_SECURITY_SECRET_STORE: "true" + CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" + CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis + CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis + CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis + EDGEX__DEFAULT__PORT: "6379" + EDGEX__DEFAULT__PROTOCOL: redis + EDGEX__DEFAULT__SERVER: edgex-redis + EDGEX__DEFAULT__TOPIC: edgex/rules-events + EDGEX__DEFAULT__TYPE: redis + KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__RESTPORT: "59720" PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-support-notifications STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -697,35 +699,84 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications:latest + hostname: edgex-kuiper + image: lfedge/ekuiper:1.9-alpine networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59860 - published: "59860" + target: 59720 + published: "59720" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: 2002:2001 + user: kuiper:kuiper volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - - type: bind - source: /tmp/edgex/secrets/support-notifications - target: /tmp/edgex/secrets/support-notifications - read_only: true - bind: - selinux: z - create_host_path: true - proxy-auth: + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-connections + target: /kuiper/etc/connections + volume: {} + - type: volume + source: kuiper-sources + target: /kuiper/etc/sources + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + security-bootstrapper: + container_name: edgex-security-bootstrapper + environment: + EDGEX_GROUP: "2001" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-bootstrapper + image: nexus3.edgexfoundry.org:10004/security-bootstrapper:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + security-proxy-auth: command: - entrypoint.sh - /security-proxy-auth @@ -733,7 +784,7 @@ services: - --registry container_name: edgex-proxy-auth depends_on: - secretstore-setup: + security-secretstore-setup: condition: service_started entrypoint: - /bin/sh @@ -782,13 +833,13 @@ services: bind: selinux: z create_host_path: true - proxy-setup: + security-proxy-setup: container_name: edgex-security-proxy-setup depends_on: - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/proxy_setup_wait_install.sh environment: @@ -855,30 +906,22 @@ services: target: /tmp/edgex/secrets/consul-acl-token read_only: true volume: {} - rulesengine: - container_name: edgex-kuiper + security-secretstore-setup: + container_name: edgex-security-secretstore-setup depends_on: - database: - condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started - entrypoint: - - /edgex-init/kuiper_wait_install.sh + vault: + condition: service_started environment: - CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" - CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis - CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis - CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis - EDGEX__DEFAULT__PORT: "6379" - EDGEX__DEFAULT__PROTOCOL: redis - EDGEX__DEFAULT__SERVER: edgex-redis - EDGEX__DEFAULT__TOPIC: edgex/rules-events - EDGEX__DEFAULT__TYPE: redis - KUIPER__BASIC__CONSOLELOG: "true" - KUIPER__BASIC__RESTPORT: "59720" + ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[device-rest],message-bus[device-rest],redisdb[device-virtual],message-bus[device-virtual] + ADD_SECRETSTORE_TOKENS: "" + EDGEX_GROUP: "2001" + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_USER: "2002" PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SECUREMESSAGEBUS_TYPE: redis STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -891,75 +934,64 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-kuiper - image: lfedge/ekuiper:1.9-alpine + hostname: edgex-security-secretstore-setup + image: nexus3.edgexfoundry.org:10004/security-secretstore-setup:latest networks: edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59720 - published: "59720" - protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: kuiper:kuiper + tmpfs: + - /run + - /vault + user: root:root volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - - type: volume - source: kuiper-data - target: /kuiper/data - volume: {} - - type: volume - source: kuiper-etc - target: /kuiper/etc - volume: {} - - type: volume - source: kuiper-connections - target: /kuiper/etc/connections - volume: {} + - type: bind + source: /tmp/edgex/secrets + target: /tmp/edgex/secrets + bind: + selinux: z + create_host_path: true - type: volume source: kuiper-sources - target: /kuiper/etc/sources + target: /tmp/kuiper volume: {} - type: volume - source: kuiper-log - target: /kuiper/log + source: kuiper-connections + target: /tmp/kuiper-connections volume: {} - type: volume - source: kuiper-plugins - target: /kuiper/plugins + source: vault-config + target: /vault/config volume: {} - scheduler: + support-notifications: command: - - /support-scheduler + - /support-notifications - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: edgex-support-scheduler + container_name: edgex-support-notifications depends_on: consul: condition: service_started database: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" - INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data - INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-support-scheduler + SERVICE_HOST: edgex-support-notifications STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -972,15 +1004,15 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-scheduler - image: nexus3.edgexfoundry.org:10004/support-scheduler:latest + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59861 - published: "59861" + target: 59860 + published: "59860" protocol: tcp read_only: true restart: always @@ -994,28 +1026,36 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets/support-scheduler - target: /tmp/edgex/secrets/support-scheduler + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications read_only: true bind: selinux: z create_host_path: true - secretstore-setup: - container_name: edgex-security-secretstore-setup + support-scheduler: + command: + - /support-scheduler + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-support-scheduler depends_on: + consul: + condition: service_started + database: + condition: service_started security-bootstrapper: condition: service_started - vault: + security-secretstore-setup: condition: service_started + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh environment: - ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[device-rest],message-bus[device-rest],redisdb[device-virtual],message-bus[device-virtual] - ADD_SECRETSTORE_TOKENS: "" - EDGEX_GROUP: "2001" EDGEX_SECURITY_SECRET_STORE: "true" - EDGEX_USER: "2002" + INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data + INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SECUREMESSAGEBUS_TYPE: redis + SERVICE_HOST: edgex-support-scheduler STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -1028,18 +1068,21 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-secretstore-setup - image: nexus3.edgexfoundry.org:10004/security-secretstore-setup:latest + hostname: edgex-support-scheduler + image: nexus3.edgexfoundry.org:10004/support-scheduler:latest networks: edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - tmpfs: - - /run - - /vault - user: root:root + user: 2002:2001 volumes: - type: volume source: edgex-init @@ -1047,55 +1090,12 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets - target: /tmp/edgex/secrets + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true bind: selinux: z create_host_path: true - - type: volume - source: kuiper-sources - target: /tmp/kuiper - volume: {} - - type: volume - source: kuiper-connections - target: /tmp/kuiper-connections - volume: {} - - type: volume - source: vault-config - target: /vault/config - volume: {} - security-bootstrapper: - container_name: edgex-security-bootstrapper - environment: - EDGEX_GROUP: "2001" - EDGEX_USER: "2002" - PROXY_SETUP_HOST: edgex-security-proxy-setup - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-bootstrapper - image: nexus3.edgexfoundry.org:10004/security-bootstrapper:latest - networks: - edgex-network: null - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: edgex-init - target: /edgex-init - volume: {} ui: container_name: edgex-ui-go environment: diff --git a/taf/docker-compose-taf-arm64.yml b/taf/docker-compose-taf-arm64.yml index ecfe25b4..dc6fcfa2 100644 --- a/taf/docker-compose-taf-arm64.yml +++ b/taf/docker-compose-taf-arm64.yml @@ -26,7 +26,7 @@ # name: edgex services: - app-service-external-mqtt-trigger: + app-external-mqtt-trigger: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -35,7 +35,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -91,16 +91,16 @@ services: bind: selinux: z create_host_path: true - app-service-functional-tests: + app-functional-tests: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: app-functional-tests + container_name: edgex-app-functional-tests depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -111,7 +111,7 @@ services: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: app-functional-tests + SERVICE_HOST: edgex-app-functional-tests STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -124,7 +124,7 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: app-functional-tests + hostname: edgex-app-functional-tests image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest networks: edgex-network: null @@ -150,7 +150,7 @@ services: bind: selinux: z create_host_path: true - app-service-http-export: + app-http-export: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -159,7 +159,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -213,7 +213,7 @@ services: bind: selinux: z create_host_path: true - app-service-mqtt-export: + app-mqtt-export: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -222,7 +222,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -277,7 +277,7 @@ services: bind: selinux: z create_host_path: true - app-service-rules: + app-rules-engine: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -286,7 +286,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -338,7 +338,7 @@ services: bind: selinux: z create_host_path: true - app-service-sample: + app-sample: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -347,7 +347,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -402,7 +402,150 @@ services: bind: selinux: z create_host_path: true - command: + app-scalability-test-mqtt-export: + command: + - /app-service-configurable + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-app-scalability-test-mqtt-export + depends_on: + consul: + condition: service_started + core-data: + condition: service_started + security-bootstrapper: + condition: service_started + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export + MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-scalability-test-mqtt-export + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_LOGLEVEL: DEBUG + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: app-scalability-test-mqtt-export + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-scalability-test-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-scalability-test-mqtt-export + target: /tmp/edgex/secrets/app-scalability-test-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true + consul: + command: + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 + container_name: edgex-core-consul + depends_on: + security-bootstrapper: + condition: service_started + vault: + condition: service_started + entrypoint: + - /edgex-init/consul_wait_install.sh + environment: + ADD_REGISTRY_ACL_ROLES: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera + EDGEX_GROUP: "2001" + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json + STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json + STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-consul + image: consul:1.13 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + volume: {} + - type: bind + source: /tmp/edgex/secrets/edgex-consul + target: /tmp/edgex/secrets/edgex-consul + read_only: true + bind: + selinux: z + create_host_path: true + core-command: command: - /core-command - -cp=consul.http://edgex-core-consul:8500 @@ -411,14 +554,14 @@ services: depends_on: consul: condition: service_started - database: - condition: service_started - metadata: + core-metadata: condition: service_started - secretstore-setup: + database: condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: @@ -467,7 +610,7 @@ services: bind: selinux: z create_host_path: true - common-config: + core-common-config-bootstrapper: command: - /entrypoint.sh - /core-common-config-bootstrapper @@ -476,10 +619,10 @@ services: depends_on: consul: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: @@ -524,108 +667,92 @@ services: bind: selinux: z create_host_path: true - consul: + core-data: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 - container_name: edgex-core-consul + - /core-data + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-core-data depends_on: + consul: + condition: service_started + core-metadata: + condition: service_started + database: + condition: service_started security-bootstrapper: condition: service_started - vault: + security-secretstore-setup: condition: service_started entrypoint: - - /edgex-init/consul_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: - ADD_REGISTRY_ACL_ROLES: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera - EDGEX_GROUP: "2001" EDGEX_SECURITY_SECRET_STORE: "true" - EDGEX_USER: "2002" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-data STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json - STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json - STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-consul - image: consul:1.13 + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 8500 - published: "8500" + target: 59880 + published: "59880" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: root:root + user: 2002:2001 volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - volume: {} - type: bind - source: /tmp/edgex/secrets/edgex-consul - target: /tmp/edgex/secrets/edgex-consul + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data read_only: true bind: selinux: z create_host_path: true - data: + core-metadata: command: - - /core-data + - /core-metadata - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: edgex-core-data + container_name: edgex-core-metadata depends_on: consul: condition: service_started database: condition: service_started - metadata: - condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-core-data + SERVICE_HOST: edgex-core-metadata STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -638,15 +765,15 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59880 - published: "59880" + target: 59881 + published: "59881" protocol: tcp read_only: true restart: always @@ -660,8 +787,8 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets/core-data - target: /tmp/edgex/secrets/core-data + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata read_only: true bind: selinux: z @@ -669,10 +796,10 @@ services: database: container_name: edgex-redis depends_on: - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/redis_wait_install.sh environment: @@ -741,9 +868,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started modbus-simulator: condition: service_started @@ -811,9 +938,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -873,9 +1000,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -936,9 +1063,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -995,86 +1122,24 @@ services: bind: selinux: z create_host_path: true - metadata: - command: - - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-core-metadata - depends_on: - consul: - condition: service_started - database: - condition: service_started - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-core-metadata - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/core-metadata - target: /tmp/edgex/secrets/core-metadata - read_only: true - bind: - selinux: z - create_host_path: true - modbus-simulator: - container_name: edgex-modbus-simulator - hostname: edgex-modbus-simulator - image: nexus3.edgexfoundry.org:10003/edgex-devops/edgex-modbus-simulator-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1502 - published: "1502" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - mqtt-broker: + modbus-simulator: + container_name: edgex-modbus-simulator + hostname: edgex-modbus-simulator + image: nexus3.edgexfoundry.org:10003/edgex-devops/edgex-modbus-simulator-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1502 + published: "1502" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + mqtt-broker: command: - /usr/sbin/mosquitto - -c @@ -1124,7 +1189,7 @@ services: - daemon off; container_name: edgex-nginx depends_on: - secretstore-setup: + security-secretstore-setup: condition: service_started entrypoint: - /bin/sh @@ -1177,207 +1242,15 @@ services: source: nginx-tls target: /etc/ssl/nginx volume: {} - notifications: - command: - - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-support-notifications - depends_on: - consul: - condition: service_started - database: - condition: service_started - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-support-notifications - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/support-notifications - target: /tmp/edgex/secrets/support-notifications - read_only: true - bind: - selinux: z - create_host_path: true - proxy-auth: - command: - - entrypoint.sh - - /security-proxy-auth - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-proxy-auth - depends_on: - secretstore-setup: - condition: service_started - entrypoint: - - /bin/sh - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-proxy-auth - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-proxy-auth - image: nexus3.edgexfoundry.org:10004/security-proxy-auth-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59842 - published: "59842" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-proxy-auth - target: /tmp/edgex/secrets/security-proxy-auth - read_only: true - bind: - selinux: z - create_host_path: true - proxy-setup: - container_name: edgex-security-proxy-setup - depends_on: - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/proxy_setup_wait_install.sh - environment: - ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901 - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - ROUTES_CORE_COMMAND_HOST: edgex-core-command - ROUTES_CORE_CONSUL_HOST: edgex-core-consul - ROUTES_CORE_DATA_HOST: edgex-core-data - ROUTES_CORE_METADATA_HOST: edgex-core-metadata - ROUTES_DEVICE_VIRTUAL_HOST: device-virtual - ROUTES_RULES_ENGINE_HOST: edgex-kuiper - ROUTES_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications - ROUTES_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler - ROUTES_SYS_MGMT_AGENT_HOST: edgex-sys-mgmt-agent - SECRETSTORE_HOST: edgex-vault - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-proxy-setup - image: nexus3.edgexfoundry.org:10004/security-proxy-setup-arm64:latest - networks: - edgex-network: null - read_only: true - security_opt: - - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: nginx-templates - target: /etc/nginx/templates - volume: {} - - type: volume - source: nginx-tls - target: /etc/ssl/nginx - volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-proxy-setup - target: /tmp/edgex/secrets/security-proxy-setup - read_only: true - bind: - selinux: z - create_host_path: true - - type: volume - source: vault-config - target: /vault/config - volume: {} - rulesengine: + rules-engine: container_name: edgex-kuiper depends_on: database: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/kuiper_wait_install.sh environment: @@ -1447,32 +1320,59 @@ services: target: /kuiper/log volume: {} - type: volume - source: kuiper-plugins - target: /kuiper/plugins + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + security-bootstrapper: + container_name: edgex-security-bootstrapper + environment: + EDGEX_GROUP: "2001" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-bootstrapper + image: nexus3.edgexfoundry.org:10004/security-bootstrapper-arm64:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: edgex-init + target: /edgex-init volume: {} - scalability-test-mqtt-export: + security-proxy-auth: command: - - /app-service-configurable + - entrypoint.sh + - /security-proxy-auth - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: edgex-scalability-test-mqtt-export + container_name: edgex-proxy-auth depends_on: - consul: - condition: service_started - data: - condition: service_started - security-bootstrapper: + security-secretstore-setup: condition: service_started entrypoint: + - /bin/sh - /edgex-init/ready_to_run_wait_install.sh environment: - EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "true" - EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export - MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-scalability-test-mqtt-export + SERVICE_HOST: edgex-proxy-auth STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -1485,23 +1385,20 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - WRITABLE_LOGLEVEL: DEBUG - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: scalability-test-mqtt-export - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events - hostname: edgex-scalability-test-mqtt-export - image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + hostname: edgex-proxy-auth + image: nexus3.edgexfoundry.org:10004/security-proxy-auth-arm64:latest networks: edgex-network: null ports: - mode: ingress - target: 59703 - published: "59710" + host_ip: 127.0.0.1 + target: 59842 + published: "59842" protocol: tcp read_only: true + restart: always security_opt: - no-new-privileges:true - user: 2002:2001 volumes: - type: volume source: edgex-init @@ -1509,36 +1406,35 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets/app-scalability-test-mqtt-export - target: /tmp/edgex/secrets/app-scalability-test-mqtt-export + source: /tmp/edgex/secrets/security-proxy-auth + target: /tmp/edgex/secrets/security-proxy-auth read_only: true bind: selinux: z create_host_path: true - scheduler: - command: - - /support-scheduler - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-support-scheduler + security-proxy-setup: + container_name: edgex-security-proxy-setup depends_on: - consul: - condition: service_started - database: - condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/proxy_setup_wait_install.sh environment: + ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901 EDGEX_SECURITY_SECRET_STORE: "true" - INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data - INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data PROXY_SETUP_HOST: edgex-security-proxy-setup + ROUTES_CORE_COMMAND_HOST: edgex-core-command + ROUTES_CORE_CONSUL_HOST: edgex-core-consul + ROUTES_CORE_DATA_HOST: edgex-core-data + ROUTES_CORE_METADATA_HOST: edgex-core-metadata + ROUTES_DEVICE_VIRTUAL_HOST: device-virtual + ROUTES_RULES_ENGINE_HOST: edgex-kuiper + ROUTES_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications + ROUTES_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler + ROUTES_SYS_MGMT_AGENT_HOST: edgex-sys-mgmt-agent SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-support-scheduler STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -1551,35 +1447,45 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-scheduler - image: nexus3.edgexfoundry.org:10004/support-scheduler-arm64:latest + hostname: edgex-security-proxy-setup + image: nexus3.edgexfoundry.org:10004/security-proxy-setup-arm64:latest networks: edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59861 - published: "59861" - protocol: tcp read_only: true - restart: always security_opt: - no-new-privileges:true - user: 2002:2001 + user: root:root volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + read_only: true + volume: {} - type: bind - source: /tmp/edgex/secrets/support-scheduler - target: /tmp/edgex/secrets/support-scheduler + source: /tmp/edgex/secrets/security-proxy-setup + target: /tmp/edgex/secrets/security-proxy-setup read_only: true bind: selinux: z create_host_path: true - secretstore-setup: + - type: volume + source: vault-config + target: /vault/config + volume: {} + security-secretstore-setup: container_name: edgex-security-secretstore-setup depends_on: security-bootstrapper: @@ -1643,38 +1549,6 @@ services: source: vault-config target: /vault/config volume: {} - security-bootstrapper: - container_name: edgex-security-bootstrapper - environment: - EDGEX_GROUP: "2001" - EDGEX_USER: "2002" - PROXY_SETUP_HOST: edgex-security-proxy-setup - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-bootstrapper - image: nexus3.edgexfoundry.org:10004/security-bootstrapper-arm64:latest - networks: - edgex-network: null - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: edgex-init - target: /edgex-init - volume: {} security-spiffe-token-provider: command: - /security-spiffe-token-provider @@ -1912,6 +1786,132 @@ services: bind: selinux: z create_host_path: true + support-notifications: + command: + - /support-notifications + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-support-notifications + depends_on: + consul: + condition: service_started + database: + condition: service_started + security-bootstrapper: + condition: service_started + security-secretstore-setup: + condition: service_started + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-support-notifications + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications + read_only: true + bind: + selinux: z + create_host_path: true + support-scheduler: + command: + - /support-scheduler + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-support-scheduler + depends_on: + consul: + condition: service_started + database: + condition: service_started + security-bootstrapper: + condition: service_started + security-secretstore-setup: + condition: service_started + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data + INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-support-scheduler + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-support-scheduler + image: nexus3.edgexfoundry.org:10004/support-scheduler-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true + bind: + selinux: z + create_host_path: true ui: container_name: edgex-ui-go environment: diff --git a/taf/docker-compose-taf-mqtt-bus-arm64.yml b/taf/docker-compose-taf-mqtt-bus-arm64.yml index f92755cf..aa0d448e 100644 --- a/taf/docker-compose-taf-mqtt-bus-arm64.yml +++ b/taf/docker-compose-taf-mqtt-bus-arm64.yml @@ -26,7 +26,7 @@ # name: edgex services: - app-service-external-mqtt-trigger: + app-external-mqtt-trigger: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -35,7 +35,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -91,16 +91,16 @@ services: bind: selinux: z create_host_path: true - app-service-functional-tests: + app-functional-tests: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: app-functional-tests + container_name: edgex-app-functional-tests depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -111,7 +111,7 @@ services: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: app-functional-tests + SERVICE_HOST: edgex-app-functional-tests STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -124,7 +124,7 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: app-functional-tests + hostname: edgex-app-functional-tests image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest networks: edgex-network: null @@ -150,7 +150,7 @@ services: bind: selinux: z create_host_path: true - app-service-http-export: + app-http-export: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -159,7 +159,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -213,7 +213,7 @@ services: bind: selinux: z create_host_path: true - app-service-mqtt-export: + app-mqtt-export: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -222,7 +222,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -246,8 +246,6 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - WRITABLE_INSECURESECRETS_MQTT_SECRETS_PASSWORD: PASSWORD_PLACE_HOLDER - WRITABLE_INSECURESECRETS_MQTT_SECRETS_USERNAME: USERNAME_PLACEH_OLDER WRITABLE_LOGLEVEL: INFO WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events @@ -279,7 +277,7 @@ services: bind: selinux: z create_host_path: true - app-service-rules: + app-rules-engine: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -288,7 +286,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -340,7 +338,7 @@ services: bind: selinux: z create_host_path: true - app-service-sample: + app-sample: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -349,7 +347,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -404,7 +402,152 @@ services: bind: selinux: z create_host_path: true - command: + app-scalability-test-mqtt-export: + command: + - /app-service-configurable + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-app-scalability-test-mqtt-export + depends_on: + consul: + condition: service_started + core-data: + condition: service_started + security-bootstrapper: + condition: service_started + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export + MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-scalability-test-mqtt-export + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_INSECURESECRETS_MQTT_SECRETS_PASSWORD: PASSWORD_PLACE_HOLDER + WRITABLE_INSECURESECRETS_MQTT_SECRETS_USERNAME: USERNAME_PLACEH_OLDER + WRITABLE_LOGLEVEL: DEBUG + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: app-scalability-test-mqtt-export + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-scalability-test-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-scalability-test-mqtt-export + target: /tmp/edgex/secrets/app-scalability-test-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true + consul: + command: + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 + container_name: edgex-core-consul + depends_on: + security-bootstrapper: + condition: service_started + vault: + condition: service_started + entrypoint: + - /edgex-init/consul_wait_install.sh + environment: + ADD_REGISTRY_ACL_ROLES: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera + EDGEX_GROUP: "2001" + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json + STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json + STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-consul + image: consul:1.13 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + volume: {} + - type: bind + source: /tmp/edgex/secrets/edgex-consul + target: /tmp/edgex/secrets/edgex-consul + read_only: true + bind: + selinux: z + create_host_path: true + core-command: command: - /core-command - -cp=consul.http://edgex-core-consul:8500 @@ -413,14 +556,14 @@ services: depends_on: consul: condition: service_started - database: - condition: service_started - metadata: + core-metadata: condition: service_started - secretstore-setup: + database: condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: @@ -469,7 +612,7 @@ services: bind: selinux: z create_host_path: true - common-config: + core-common-config-bootstrapper: command: - /entrypoint.sh - /core-common-config-bootstrapper @@ -478,10 +621,10 @@ services: depends_on: consul: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: @@ -531,108 +674,92 @@ services: bind: selinux: z create_host_path: true - consul: + core-data: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 - container_name: edgex-core-consul + - /core-data + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-core-data depends_on: + consul: + condition: service_started + core-metadata: + condition: service_started + database: + condition: service_started security-bootstrapper: condition: service_started - vault: + security-secretstore-setup: condition: service_started entrypoint: - - /edgex-init/consul_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: - ADD_REGISTRY_ACL_ROLES: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera - EDGEX_GROUP: "2001" EDGEX_SECURITY_SECRET_STORE: "true" - EDGEX_USER: "2002" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-data STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json - STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json - STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-consul - image: consul:1.13 + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 8500 - published: "8500" + target: 59880 + published: "59880" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: root:root + user: 2002:2001 volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - volume: {} - type: bind - source: /tmp/edgex/secrets/edgex-consul - target: /tmp/edgex/secrets/edgex-consul + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data read_only: true bind: selinux: z create_host_path: true - data: + core-metadata: command: - - /core-data + - /core-metadata - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: edgex-core-data + container_name: edgex-core-metadata depends_on: consul: condition: service_started database: condition: service_started - metadata: - condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-core-data + SERVICE_HOST: edgex-core-metadata STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -645,15 +772,15 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59880 - published: "59880" + target: 59881 + published: "59881" protocol: tcp read_only: true restart: always @@ -667,8 +794,8 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets/core-data - target: /tmp/edgex/secrets/core-data + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata read_only: true bind: selinux: z @@ -676,10 +803,10 @@ services: database: container_name: edgex-redis depends_on: - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/redis_wait_install.sh environment: @@ -748,9 +875,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started modbus-simulator: condition: service_started @@ -818,9 +945,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -880,9 +1007,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -943,9 +1070,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -1002,97 +1129,35 @@ services: bind: selinux: z create_host_path: true - metadata: + modbus-simulator: + container_name: edgex-modbus-simulator + hostname: edgex-modbus-simulator + image: nexus3.edgexfoundry.org:10003/edgex-devops/edgex-modbus-simulator-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1502 + published: "1502" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + mqtt-broker: command: - - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-core-metadata + - /usr/sbin/mosquitto + - -v + - -c + - /mosquitto/config/mosquitto.conf + container_name: edgex-mqtt-broker depends_on: - consul: - condition: service_started - database: - condition: service_started - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-core-metadata - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/core-metadata - target: /tmp/edgex/secrets/core-metadata - read_only: true - bind: - selinux: z - create_host_path: true - modbus-simulator: - container_name: edgex-modbus-simulator - hostname: edgex-modbus-simulator - image: nexus3.edgexfoundry.org:10003/edgex-devops/edgex-modbus-simulator-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1502 - published: "1502" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - mqtt-broker: - command: - - /usr/sbin/mosquitto - - -v - - -c - - /mosquitto/config/mosquitto.conf - container_name: edgex-mqtt-broker - depends_on: - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/messagebus_wait_install.sh environment: @@ -1175,7 +1240,7 @@ services: - daemon off; container_name: edgex-nginx depends_on: - secretstore-setup: + security-secretstore-setup: condition: service_started entrypoint: - /bin/sh @@ -1228,209 +1293,17 @@ services: source: nginx-tls target: /etc/ssl/nginx volume: {} - notifications: - command: - - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-support-notifications - depends_on: - consul: - condition: service_started - database: - condition: service_started - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-support-notifications - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/support-notifications - target: /tmp/edgex/secrets/support-notifications - read_only: true - bind: - selinux: z - create_host_path: true - proxy-auth: - command: - - entrypoint.sh - - /security-proxy-auth - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-proxy-auth - depends_on: - secretstore-setup: - condition: service_started - entrypoint: - - /bin/sh - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-proxy-auth - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-proxy-auth - image: nexus3.edgexfoundry.org:10004/security-proxy-auth-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59842 - published: "59842" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-proxy-auth - target: /tmp/edgex/secrets/security-proxy-auth - read_only: true - bind: - selinux: z - create_host_path: true - proxy-setup: - container_name: edgex-security-proxy-setup - depends_on: - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/proxy_setup_wait_install.sh - environment: - ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901 - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - ROUTES_CORE_COMMAND_HOST: edgex-core-command - ROUTES_CORE_CONSUL_HOST: edgex-core-consul - ROUTES_CORE_DATA_HOST: edgex-core-data - ROUTES_CORE_METADATA_HOST: edgex-core-metadata - ROUTES_DEVICE_VIRTUAL_HOST: device-virtual - ROUTES_RULES_ENGINE_HOST: edgex-kuiper - ROUTES_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications - ROUTES_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler - ROUTES_SYS_MGMT_AGENT_HOST: edgex-sys-mgmt-agent - SECRETSTORE_HOST: edgex-vault - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-proxy-setup - image: nexus3.edgexfoundry.org:10004/security-proxy-setup-arm64:latest - networks: - edgex-network: null - read_only: true - security_opt: - - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: nginx-templates - target: /etc/nginx/templates - volume: {} - - type: volume - source: nginx-tls - target: /etc/ssl/nginx - volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-proxy-setup - target: /tmp/edgex/secrets/security-proxy-setup - read_only: true - bind: - selinux: z - create_host_path: true - - type: volume - source: vault-config - target: /vault/config - volume: {} - rulesengine: + rules-engine: container_name: edgex-kuiper depends_on: database: condition: service_started mqtt-broker: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/kuiper_wait_install.sh environment: @@ -1508,32 +1381,59 @@ services: target: /kuiper/log volume: {} - type: volume - source: kuiper-plugins - target: /kuiper/plugins + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + security-bootstrapper: + container_name: edgex-security-bootstrapper + environment: + EDGEX_GROUP: "2001" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-bootstrapper + image: nexus3.edgexfoundry.org:10004/security-bootstrapper-arm64:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: edgex-init + target: /edgex-init volume: {} - scalability-test-mqtt-export: + security-proxy-auth: command: - - /app-service-configurable + - entrypoint.sh + - /security-proxy-auth - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: edgex-scalability-test-mqtt-export + container_name: edgex-proxy-auth depends_on: - consul: - condition: service_started - data: - condition: service_started - security-bootstrapper: + security-secretstore-setup: condition: service_started entrypoint: + - /bin/sh - /edgex-init/ready_to_run_wait_install.sh environment: - EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "true" - EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export - MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-scalability-test-mqtt-export + SERVICE_HOST: edgex-proxy-auth STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -1546,25 +1446,20 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - WRITABLE_INSECURESECRETS_MQTT_SECRETS_PASSWORD: PASSWORD_PLACE_HOLDER - WRITABLE_INSECURESECRETS_MQTT_SECRETS_USERNAME: USERNAME_PLACEH_OLDER - WRITABLE_LOGLEVEL: DEBUG - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: scalability-test-mqtt-export - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events - hostname: edgex-scalability-test-mqtt-export - image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + hostname: edgex-proxy-auth + image: nexus3.edgexfoundry.org:10004/security-proxy-auth-arm64:latest networks: edgex-network: null ports: - mode: ingress - target: 59703 - published: "59710" + host_ip: 127.0.0.1 + target: 59842 + published: "59842" protocol: tcp read_only: true + restart: always security_opt: - no-new-privileges:true - user: 2002:2001 volumes: - type: volume source: edgex-init @@ -1572,36 +1467,35 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets/app-scalability-test-mqtt-export - target: /tmp/edgex/secrets/app-scalability-test-mqtt-export + source: /tmp/edgex/secrets/security-proxy-auth + target: /tmp/edgex/secrets/security-proxy-auth read_only: true bind: selinux: z create_host_path: true - scheduler: - command: - - /support-scheduler - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-support-scheduler + security-proxy-setup: + container_name: edgex-security-proxy-setup depends_on: - consul: - condition: service_started - database: - condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/proxy_setup_wait_install.sh environment: + ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901 EDGEX_SECURITY_SECRET_STORE: "true" - INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data - INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data PROXY_SETUP_HOST: edgex-security-proxy-setup + ROUTES_CORE_COMMAND_HOST: edgex-core-command + ROUTES_CORE_CONSUL_HOST: edgex-core-consul + ROUTES_CORE_DATA_HOST: edgex-core-data + ROUTES_CORE_METADATA_HOST: edgex-core-metadata + ROUTES_DEVICE_VIRTUAL_HOST: device-virtual + ROUTES_RULES_ENGINE_HOST: edgex-kuiper + ROUTES_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications + ROUTES_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler + ROUTES_SYS_MGMT_AGENT_HOST: edgex-sys-mgmt-agent SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-support-scheduler STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -1614,35 +1508,45 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-scheduler - image: nexus3.edgexfoundry.org:10004/support-scheduler-arm64:latest + hostname: edgex-security-proxy-setup + image: nexus3.edgexfoundry.org:10004/security-proxy-setup-arm64:latest networks: edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59861 - published: "59861" - protocol: tcp read_only: true - restart: always security_opt: - no-new-privileges:true - user: 2002:2001 + user: root:root volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + read_only: true + volume: {} - type: bind - source: /tmp/edgex/secrets/support-scheduler - target: /tmp/edgex/secrets/support-scheduler + source: /tmp/edgex/secrets/security-proxy-setup + target: /tmp/edgex/secrets/security-proxy-setup read_only: true bind: selinux: z create_host_path: true - secretstore-setup: + - type: volume + source: vault-config + target: /vault/config + volume: {} + security-secretstore-setup: container_name: edgex-security-secretstore-setup depends_on: security-bootstrapper: @@ -1706,38 +1610,6 @@ services: source: vault-config target: /vault/config volume: {} - security-bootstrapper: - container_name: edgex-security-bootstrapper - environment: - EDGEX_GROUP: "2001" - EDGEX_USER: "2002" - PROXY_SETUP_HOST: edgex-security-proxy-setup - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-bootstrapper - image: nexus3.edgexfoundry.org:10004/security-bootstrapper-arm64:latest - networks: - edgex-network: null - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: edgex-init - target: /edgex-init - volume: {} security-spiffe-token-provider: command: - /security-spiffe-token-provider @@ -1975,6 +1847,132 @@ services: bind: selinux: z create_host_path: true + support-notifications: + command: + - /support-notifications + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-support-notifications + depends_on: + consul: + condition: service_started + database: + condition: service_started + security-bootstrapper: + condition: service_started + security-secretstore-setup: + condition: service_started + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-support-notifications + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications + read_only: true + bind: + selinux: z + create_host_path: true + support-scheduler: + command: + - /support-scheduler + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-support-scheduler + depends_on: + consul: + condition: service_started + database: + condition: service_started + security-bootstrapper: + condition: service_started + security-secretstore-setup: + condition: service_started + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data + INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-support-scheduler + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-support-scheduler + image: nexus3.edgexfoundry.org:10004/support-scheduler-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true + bind: + selinux: z + create_host_path: true ui: container_name: edgex-ui-go environment: diff --git a/taf/docker-compose-taf-mqtt-bus.yml b/taf/docker-compose-taf-mqtt-bus.yml index bcd06471..d0f25b9f 100644 --- a/taf/docker-compose-taf-mqtt-bus.yml +++ b/taf/docker-compose-taf-mqtt-bus.yml @@ -26,7 +26,7 @@ # name: edgex services: - app-service-external-mqtt-trigger: + app-external-mqtt-trigger: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -35,7 +35,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -91,16 +91,16 @@ services: bind: selinux: z create_host_path: true - app-service-functional-tests: + app-functional-tests: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: app-functional-tests + container_name: edgex-app-functional-tests depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -111,7 +111,7 @@ services: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: app-functional-tests + SERVICE_HOST: edgex-app-functional-tests STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -124,7 +124,7 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: app-functional-tests + hostname: edgex-app-functional-tests image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest networks: edgex-network: null @@ -150,7 +150,7 @@ services: bind: selinux: z create_host_path: true - app-service-http-export: + app-http-export: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -159,7 +159,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -213,7 +213,7 @@ services: bind: selinux: z create_host_path: true - app-service-mqtt-export: + app-mqtt-export: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -222,7 +222,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -246,8 +246,6 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - WRITABLE_INSECURESECRETS_MQTT_SECRETS_PASSWORD: PASSWORD_PLACE_HOLDER - WRITABLE_INSECURESECRETS_MQTT_SECRETS_USERNAME: USERNAME_PLACEH_OLDER WRITABLE_LOGLEVEL: INFO WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events @@ -279,7 +277,7 @@ services: bind: selinux: z create_host_path: true - app-service-rules: + app-rules-engine: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -288,7 +286,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -340,7 +338,7 @@ services: bind: selinux: z create_host_path: true - app-service-sample: + app-sample: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -349,7 +347,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -404,7 +402,152 @@ services: bind: selinux: z create_host_path: true - command: + app-scalability-test-mqtt-export: + command: + - /app-service-configurable + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-app-scalability-test-mqtt-export + depends_on: + consul: + condition: service_started + core-data: + condition: service_started + security-bootstrapper: + condition: service_started + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export + MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-scalability-test-mqtt-export + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_INSECURESECRETS_MQTT_SECRETS_PASSWORD: PASSWORD_PLACE_HOLDER + WRITABLE_INSECURESECRETS_MQTT_SECRETS_USERNAME: USERNAME_PLACEH_OLDER + WRITABLE_LOGLEVEL: DEBUG + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: app-scalability-test-mqtt-export + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-scalability-test-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-scalability-test-mqtt-export + target: /tmp/edgex/secrets/app-scalability-test-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true + consul: + command: + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 + container_name: edgex-core-consul + depends_on: + security-bootstrapper: + condition: service_started + vault: + condition: service_started + entrypoint: + - /edgex-init/consul_wait_install.sh + environment: + ADD_REGISTRY_ACL_ROLES: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera + EDGEX_GROUP: "2001" + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json + STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json + STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-consul + image: consul:1.13 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + volume: {} + - type: bind + source: /tmp/edgex/secrets/edgex-consul + target: /tmp/edgex/secrets/edgex-consul + read_only: true + bind: + selinux: z + create_host_path: true + core-command: command: - /core-command - -cp=consul.http://edgex-core-consul:8500 @@ -413,14 +556,14 @@ services: depends_on: consul: condition: service_started - database: - condition: service_started - metadata: + core-metadata: condition: service_started - secretstore-setup: + database: condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: @@ -469,7 +612,7 @@ services: bind: selinux: z create_host_path: true - common-config: + core-common-config-bootstrapper: command: - /entrypoint.sh - /core-common-config-bootstrapper @@ -478,10 +621,10 @@ services: depends_on: consul: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: @@ -531,108 +674,92 @@ services: bind: selinux: z create_host_path: true - consul: + core-data: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 - container_name: edgex-core-consul + - /core-data + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-core-data depends_on: + consul: + condition: service_started + core-metadata: + condition: service_started + database: + condition: service_started security-bootstrapper: condition: service_started - vault: + security-secretstore-setup: condition: service_started entrypoint: - - /edgex-init/consul_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: - ADD_REGISTRY_ACL_ROLES: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera - EDGEX_GROUP: "2001" EDGEX_SECURITY_SECRET_STORE: "true" - EDGEX_USER: "2002" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-data STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json - STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json - STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-consul - image: consul:1.13 + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 8500 - published: "8500" + target: 59880 + published: "59880" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: root:root + user: 2002:2001 volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - volume: {} - type: bind - source: /tmp/edgex/secrets/edgex-consul - target: /tmp/edgex/secrets/edgex-consul + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data read_only: true bind: selinux: z create_host_path: true - data: + core-metadata: command: - - /core-data + - /core-metadata - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: edgex-core-data + container_name: edgex-core-metadata depends_on: consul: condition: service_started database: condition: service_started - metadata: - condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-core-data + SERVICE_HOST: edgex-core-metadata STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -645,15 +772,15 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data:latest + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59880 - published: "59880" + target: 59881 + published: "59881" protocol: tcp read_only: true restart: always @@ -667,8 +794,8 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets/core-data - target: /tmp/edgex/secrets/core-data + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata read_only: true bind: selinux: z @@ -676,10 +803,10 @@ services: database: container_name: edgex-redis depends_on: - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/redis_wait_install.sh environment: @@ -748,9 +875,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started modbus-simulator: condition: service_started @@ -818,9 +945,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -880,9 +1007,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -943,9 +1070,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -1002,97 +1129,35 @@ services: bind: selinux: z create_host_path: true - metadata: + modbus-simulator: + container_name: edgex-modbus-simulator + hostname: edgex-modbus-simulator + image: nexus3.edgexfoundry.org:10003/edgex-devops/edgex-modbus-simulator:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1502 + published: "1502" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + mqtt-broker: command: - - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-core-metadata + - /usr/sbin/mosquitto + - -v + - -c + - /mosquitto/config/mosquitto.conf + container_name: edgex-mqtt-broker depends_on: - consul: - condition: service_started - database: - condition: service_started - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-core-metadata - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/core-metadata - target: /tmp/edgex/secrets/core-metadata - read_only: true - bind: - selinux: z - create_host_path: true - modbus-simulator: - container_name: edgex-modbus-simulator - hostname: edgex-modbus-simulator - image: nexus3.edgexfoundry.org:10003/edgex-devops/edgex-modbus-simulator:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1502 - published: "1502" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - mqtt-broker: - command: - - /usr/sbin/mosquitto - - -v - - -c - - /mosquitto/config/mosquitto.conf - container_name: edgex-mqtt-broker - depends_on: - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/messagebus_wait_install.sh environment: @@ -1175,7 +1240,7 @@ services: - daemon off; container_name: edgex-nginx depends_on: - secretstore-setup: + security-secretstore-setup: condition: service_started entrypoint: - /bin/sh @@ -1228,209 +1293,17 @@ services: source: nginx-tls target: /etc/ssl/nginx volume: {} - notifications: - command: - - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-support-notifications - depends_on: - consul: - condition: service_started - database: - condition: service_started - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-support-notifications - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/support-notifications - target: /tmp/edgex/secrets/support-notifications - read_only: true - bind: - selinux: z - create_host_path: true - proxy-auth: - command: - - entrypoint.sh - - /security-proxy-auth - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-proxy-auth - depends_on: - secretstore-setup: - condition: service_started - entrypoint: - - /bin/sh - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-proxy-auth - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-proxy-auth - image: nexus3.edgexfoundry.org:10004/security-proxy-auth:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59842 - published: "59842" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-proxy-auth - target: /tmp/edgex/secrets/security-proxy-auth - read_only: true - bind: - selinux: z - create_host_path: true - proxy-setup: - container_name: edgex-security-proxy-setup - depends_on: - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/proxy_setup_wait_install.sh - environment: - ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901 - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - ROUTES_CORE_COMMAND_HOST: edgex-core-command - ROUTES_CORE_CONSUL_HOST: edgex-core-consul - ROUTES_CORE_DATA_HOST: edgex-core-data - ROUTES_CORE_METADATA_HOST: edgex-core-metadata - ROUTES_DEVICE_VIRTUAL_HOST: device-virtual - ROUTES_RULES_ENGINE_HOST: edgex-kuiper - ROUTES_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications - ROUTES_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler - ROUTES_SYS_MGMT_AGENT_HOST: edgex-sys-mgmt-agent - SECRETSTORE_HOST: edgex-vault - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-proxy-setup - image: nexus3.edgexfoundry.org:10004/security-proxy-setup:latest - networks: - edgex-network: null - read_only: true - security_opt: - - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: nginx-templates - target: /etc/nginx/templates - volume: {} - - type: volume - source: nginx-tls - target: /etc/ssl/nginx - volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-proxy-setup - target: /tmp/edgex/secrets/security-proxy-setup - read_only: true - bind: - selinux: z - create_host_path: true - - type: volume - source: vault-config - target: /vault/config - volume: {} - rulesengine: + rules-engine: container_name: edgex-kuiper depends_on: database: condition: service_started mqtt-broker: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/kuiper_wait_install.sh environment: @@ -1508,32 +1381,59 @@ services: target: /kuiper/log volume: {} - type: volume - source: kuiper-plugins - target: /kuiper/plugins + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + security-bootstrapper: + container_name: edgex-security-bootstrapper + environment: + EDGEX_GROUP: "2001" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-bootstrapper + image: nexus3.edgexfoundry.org:10004/security-bootstrapper:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: edgex-init + target: /edgex-init volume: {} - scalability-test-mqtt-export: + security-proxy-auth: command: - - /app-service-configurable + - entrypoint.sh + - /security-proxy-auth - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: edgex-scalability-test-mqtt-export + container_name: edgex-proxy-auth depends_on: - consul: - condition: service_started - data: - condition: service_started - security-bootstrapper: + security-secretstore-setup: condition: service_started entrypoint: + - /bin/sh - /edgex-init/ready_to_run_wait_install.sh environment: - EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "true" - EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export - MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-scalability-test-mqtt-export + SERVICE_HOST: edgex-proxy-auth STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -1546,25 +1446,20 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - WRITABLE_INSECURESECRETS_MQTT_SECRETS_PASSWORD: PASSWORD_PLACE_HOLDER - WRITABLE_INSECURESECRETS_MQTT_SECRETS_USERNAME: USERNAME_PLACEH_OLDER - WRITABLE_LOGLEVEL: DEBUG - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: scalability-test-mqtt-export - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events - hostname: edgex-scalability-test-mqtt-export - image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + hostname: edgex-proxy-auth + image: nexus3.edgexfoundry.org:10004/security-proxy-auth:latest networks: edgex-network: null ports: - mode: ingress - target: 59703 - published: "59710" + host_ip: 127.0.0.1 + target: 59842 + published: "59842" protocol: tcp read_only: true + restart: always security_opt: - no-new-privileges:true - user: 2002:2001 volumes: - type: volume source: edgex-init @@ -1572,36 +1467,35 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets/app-scalability-test-mqtt-export - target: /tmp/edgex/secrets/app-scalability-test-mqtt-export + source: /tmp/edgex/secrets/security-proxy-auth + target: /tmp/edgex/secrets/security-proxy-auth read_only: true bind: selinux: z create_host_path: true - scheduler: - command: - - /support-scheduler - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-support-scheduler + security-proxy-setup: + container_name: edgex-security-proxy-setup depends_on: - consul: - condition: service_started - database: - condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/proxy_setup_wait_install.sh environment: + ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901 EDGEX_SECURITY_SECRET_STORE: "true" - INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data - INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data PROXY_SETUP_HOST: edgex-security-proxy-setup + ROUTES_CORE_COMMAND_HOST: edgex-core-command + ROUTES_CORE_CONSUL_HOST: edgex-core-consul + ROUTES_CORE_DATA_HOST: edgex-core-data + ROUTES_CORE_METADATA_HOST: edgex-core-metadata + ROUTES_DEVICE_VIRTUAL_HOST: device-virtual + ROUTES_RULES_ENGINE_HOST: edgex-kuiper + ROUTES_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications + ROUTES_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler + ROUTES_SYS_MGMT_AGENT_HOST: edgex-sys-mgmt-agent SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-support-scheduler STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -1614,35 +1508,45 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-scheduler - image: nexus3.edgexfoundry.org:10004/support-scheduler:latest + hostname: edgex-security-proxy-setup + image: nexus3.edgexfoundry.org:10004/security-proxy-setup:latest networks: edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59861 - published: "59861" - protocol: tcp read_only: true - restart: always security_opt: - no-new-privileges:true - user: 2002:2001 + user: root:root volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + read_only: true + volume: {} - type: bind - source: /tmp/edgex/secrets/support-scheduler - target: /tmp/edgex/secrets/support-scheduler + source: /tmp/edgex/secrets/security-proxy-setup + target: /tmp/edgex/secrets/security-proxy-setup read_only: true bind: selinux: z create_host_path: true - secretstore-setup: + - type: volume + source: vault-config + target: /vault/config + volume: {} + security-secretstore-setup: container_name: edgex-security-secretstore-setup depends_on: security-bootstrapper: @@ -1706,38 +1610,6 @@ services: source: vault-config target: /vault/config volume: {} - security-bootstrapper: - container_name: edgex-security-bootstrapper - environment: - EDGEX_GROUP: "2001" - EDGEX_USER: "2002" - PROXY_SETUP_HOST: edgex-security-proxy-setup - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-bootstrapper - image: nexus3.edgexfoundry.org:10004/security-bootstrapper:latest - networks: - edgex-network: null - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: edgex-init - target: /edgex-init - volume: {} security-spiffe-token-provider: command: - /security-spiffe-token-provider @@ -1975,6 +1847,132 @@ services: bind: selinux: z create_host_path: true + support-notifications: + command: + - /support-notifications + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-support-notifications + depends_on: + consul: + condition: service_started + database: + condition: service_started + security-bootstrapper: + condition: service_started + security-secretstore-setup: + condition: service_started + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-support-notifications + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications + read_only: true + bind: + selinux: z + create_host_path: true + support-scheduler: + command: + - /support-scheduler + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-support-scheduler + depends_on: + consul: + condition: service_started + database: + condition: service_started + security-bootstrapper: + condition: service_started + security-secretstore-setup: + condition: service_started + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data + INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-support-scheduler + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-support-scheduler + image: nexus3.edgexfoundry.org:10004/support-scheduler:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true + bind: + selinux: z + create_host_path: true ui: container_name: edgex-ui-go environment: diff --git a/taf/docker-compose-taf-no-secty-arm64.yml b/taf/docker-compose-taf-no-secty-arm64.yml index 474f10dc..8530e439 100644 --- a/taf/docker-compose-taf-no-secty-arm64.yml +++ b/taf/docker-compose-taf-no-secty-arm64.yml @@ -26,12 +26,12 @@ # name: edgex services: - app-service-external-mqtt-trigger: + app-external-mqtt-trigger: container_name: edgex-app-external-mqtt-trigger depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: external-mqtt-trigger @@ -56,18 +56,18 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-functional-tests: - container_name: app-functional-tests + app-functional-tests: + container_name: edgex-app-functional-tests depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: functional-tests EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: app-functional-tests - hostname: app-functional-tests + SERVICE_HOST: edgex-app-functional-tests + hostname: edgex-app-functional-tests image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest networks: edgex-network: null @@ -80,12 +80,12 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-http-export: + app-http-export: container_name: edgex-app-http-export depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: http-export @@ -108,12 +108,12 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-mqtt-export: + app-mqtt-export: container_name: edgex-app-mqtt-export depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: mqtt-export @@ -137,12 +137,12 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-rules: + app-rules-engine: container_name: edgex-app-rules-engine depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: rules-engine @@ -163,12 +163,12 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-sample: + app-sample: container_name: edgex-app-sample depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: CLIENTS_CORE_COMMAND_HOST: edgex-core-command @@ -192,51 +192,33 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - command: - container_name: edgex-core-command + app-scalability-test-mqtt-export: + container_name: edgex-app-scalability-test-mqtt-export depends_on: consul: condition: service_started - database: - condition: service_started - metadata: + core-data: condition: service_started environment: + EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "false" - EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 - SERVICE_HOST: edgex-core-command - hostname: edgex-core-command - image: nexus3.edgexfoundry.org:10004/core-command-arm64:latest + EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export + MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export + SERVICE_HOST: edgex-app-scalability-test-mqtt-export + WRITABLE_LOGLEVEL: DEBUG + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: app-scalability-test-mqtt-export + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-scalability-test-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest networks: edgex-network: null ports: - mode: ingress - host_ip: 127.0.0.1 - target: 59882 - published: "59882" + target: 59703 + published: "59710" protocol: tcp read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - common-config: - container_name: edgex-core-common-config-bootstrapper - depends_on: - consul: - condition: service_started - environment: - ALL_SERVICES_DATABASE_HOST: edgex-redis - ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis - ALL_SERVICES_REGISTRY_HOST: edgex-core-consul - APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - EDGEX_SECURITY_SECRET_STORE: "false" - hostname: edgex-core-common-config-bootstrapper - image: nexus3.edgexfoundry.org:10004/core-common-config-bootstrapper-arm64:latest - networks: - edgex-network: null - read_only: true security_opt: - no-new-privileges:true user: 2002:2001 @@ -273,14 +255,62 @@ services: source: consul-data target: /consul/data volume: {} - data: - container_name: edgex-core-data + core-command: + container_name: edgex-core-command depends_on: consul: condition: service_started + core-metadata: + condition: service_started database: condition: service_started - metadata: + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 + SERVICE_HOST: edgex-core-command + hostname: edgex-core-command + image: nexus3.edgexfoundry.org:10004/core-command-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + core-common-config-bootstrapper: + container_name: edgex-core-common-config-bootstrapper + depends_on: + consul: + condition: service_started + environment: + ALL_SERVICES_DATABASE_HOST: edgex-redis + ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis + ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + EDGEX_SECURITY_SECRET_STORE: "false" + hostname: edgex-core-common-config-bootstrapper + image: nexus3.edgexfoundry.org:10004/core-common-config-bootstrapper-arm64:latest + networks: + edgex-network: null + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + core-data: + container_name: edgex-core-data + depends_on: + consul: + condition: service_started + core-metadata: + condition: service_started + database: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -300,6 +330,31 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 + core-metadata: + container_name: edgex-core-metadata + depends_on: + consul: + condition: service_started + database: + condition: service_started + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-core-metadata + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 database: container_name: edgex-redis hostname: edgex-redis @@ -331,9 +386,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started modbus-simulator: condition: service_started @@ -367,9 +422,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -394,9 +449,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -425,9 +480,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -454,31 +509,6 @@ services: bind: selinux: z create_host_path: true - metadata: - container_name: edgex-core-metadata - depends_on: - consul: - condition: service_started - database: - condition: service_started - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-core-metadata - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 modbus-simulator: container_name: edgex-modbus-simulator hostname: edgex-modbus-simulator @@ -538,32 +568,7 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - notifications: - container_name: edgex-support-notifications - depends_on: - consul: - condition: service_started - database: - condition: service_started - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-support-notifications - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - rulesengine: + rules-engine: container_name: edgex-kuiper depends_on: database: @@ -612,37 +617,32 @@ services: source: kuiper-plugins target: /kuiper/plugins volume: {} - scalability-test-mqtt-export: - container_name: edgex-scalability-test-mqtt-export + support-notifications: + container_name: edgex-support-notifications depends_on: consul: condition: service_started - data: + database: condition: service_started environment: - EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "false" - EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export - MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export - SERVICE_HOST: edgex-scalability-test-mqtt-export - WRITABLE_LOGLEVEL: DEBUG - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: scalability-test-mqtt-export - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events - hostname: edgex-scalability-test-mqtt-export - image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + SERVICE_HOST: edgex-support-notifications + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest networks: edgex-network: null ports: - mode: ingress - target: 59703 - published: "59710" + host_ip: 127.0.0.1 + target: 59860 + published: "59860" protocol: tcp read_only: true + restart: always security_opt: - no-new-privileges:true user: 2002:2001 - scheduler: + support-scheduler: container_name: edgex-support-scheduler depends_on: consul: diff --git a/taf/docker-compose-taf-no-secty-mqtt-bus-arm64.yml b/taf/docker-compose-taf-no-secty-mqtt-bus-arm64.yml index 54a8d6fc..4823363e 100644 --- a/taf/docker-compose-taf-no-secty-mqtt-bus-arm64.yml +++ b/taf/docker-compose-taf-no-secty-mqtt-bus-arm64.yml @@ -26,12 +26,12 @@ # name: edgex services: - app-service-external-mqtt-trigger: + app-external-mqtt-trigger: container_name: edgex-app-external-mqtt-trigger depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: external-mqtt-trigger @@ -56,18 +56,18 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-functional-tests: - container_name: app-functional-tests + app-functional-tests: + container_name: edgex-app-functional-tests depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: functional-tests EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: app-functional-tests - hostname: app-functional-tests + SERVICE_HOST: edgex-app-functional-tests + hostname: edgex-app-functional-tests image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest networks: edgex-network: null @@ -80,12 +80,12 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-http-export: + app-http-export: container_name: edgex-app-http-export depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: http-export @@ -108,12 +108,12 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-mqtt-export: + app-mqtt-export: container_name: edgex-app-mqtt-export depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: mqtt-export @@ -137,12 +137,12 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-rules: + app-rules-engine: container_name: edgex-app-rules-engine depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: rules-engine @@ -163,12 +163,12 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-sample: + app-sample: container_name: edgex-app-sample depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: CLIENTS_CORE_COMMAND_HOST: edgex-core-command @@ -192,14 +192,77 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - command: + app-scalability-test-mqtt-export: + container_name: edgex-app-scalability-test-mqtt-export + depends_on: + consul: + condition: service_started + core-data: + condition: service_started + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "false" + EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export + MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export + SERVICE_HOST: edgex-app-scalability-test-mqtt-export + WRITABLE_LOGLEVEL: DEBUG + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: app-scalability-test-mqtt-export + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-scalability-test-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + consul: + command: + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 + container_name: edgex-core-consul + hostname: edgex-core-consul + image: consul:1.13 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + core-command: container_name: edgex-core-command depends_on: consul: condition: service_started - database: + core-metadata: condition: service_started - metadata: + database: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -220,7 +283,7 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - common-config: + core-common-config-bootstrapper: container_name: edgex-core-common-config-bootstrapper depends_on: consul: @@ -244,60 +307,52 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - consul: - command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 - container_name: edgex-core-consul - hostname: edgex-core-consul - image: consul:1.13 + core-data: + container_name: edgex-core-data + depends_on: + consul: + condition: service_started + core-metadata: + condition: service_started + database: + condition: service_started + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-core-data + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 8500 - published: "8500" + target: 59880 + published: "59880" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - data: - container_name: edgex-core-data + user: 2002:2001 + core-metadata: + container_name: edgex-core-metadata depends_on: consul: condition: service_started database: condition: service_started - metadata: - condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-core-data - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest + SERVICE_HOST: edgex-core-metadata + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59880 - published: "59880" + target: 59881 + published: "59881" protocol: tcp read_only: true restart: always @@ -335,9 +390,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started modbus-simulator: condition: service_started @@ -371,9 +426,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -398,9 +453,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -429,9 +484,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -458,31 +513,6 @@ services: bind: selinux: z create_host_path: true - metadata: - container_name: edgex-core-metadata - depends_on: - consul: - condition: service_started - database: - condition: service_started - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-core-metadata - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 modbus-simulator: container_name: edgex-modbus-simulator hostname: edgex-modbus-simulator @@ -543,32 +573,7 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - notifications: - container_name: edgex-support-notifications - depends_on: - consul: - condition: service_started - database: - condition: service_started - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-support-notifications - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - rulesengine: + rules-engine: container_name: edgex-kuiper depends_on: database: @@ -627,37 +632,32 @@ services: source: kuiper-plugins target: /kuiper/plugins volume: {} - scalability-test-mqtt-export: - container_name: edgex-scalability-test-mqtt-export + support-notifications: + container_name: edgex-support-notifications depends_on: consul: condition: service_started - data: + database: condition: service_started environment: - EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "false" - EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export - MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export - SERVICE_HOST: edgex-scalability-test-mqtt-export - WRITABLE_LOGLEVEL: DEBUG - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: scalability-test-mqtt-export - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events - hostname: edgex-scalability-test-mqtt-export - image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + SERVICE_HOST: edgex-support-notifications + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest networks: edgex-network: null ports: - mode: ingress - target: 59703 - published: "59710" + host_ip: 127.0.0.1 + target: 59860 + published: "59860" protocol: tcp read_only: true + restart: always security_opt: - no-new-privileges:true user: 2002:2001 - scheduler: + support-scheduler: container_name: edgex-support-scheduler depends_on: consul: diff --git a/taf/docker-compose-taf-no-secty-mqtt-bus.yml b/taf/docker-compose-taf-no-secty-mqtt-bus.yml index 198495a9..54fb34bc 100644 --- a/taf/docker-compose-taf-no-secty-mqtt-bus.yml +++ b/taf/docker-compose-taf-no-secty-mqtt-bus.yml @@ -26,12 +26,12 @@ # name: edgex services: - app-service-external-mqtt-trigger: + app-external-mqtt-trigger: container_name: edgex-app-external-mqtt-trigger depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: external-mqtt-trigger @@ -56,18 +56,18 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-functional-tests: - container_name: app-functional-tests + app-functional-tests: + container_name: edgex-app-functional-tests depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: functional-tests EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: app-functional-tests - hostname: app-functional-tests + SERVICE_HOST: edgex-app-functional-tests + hostname: edgex-app-functional-tests image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest networks: edgex-network: null @@ -80,12 +80,12 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-http-export: + app-http-export: container_name: edgex-app-http-export depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: http-export @@ -108,12 +108,12 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-mqtt-export: + app-mqtt-export: container_name: edgex-app-mqtt-export depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: mqtt-export @@ -137,12 +137,12 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-rules: + app-rules-engine: container_name: edgex-app-rules-engine depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: rules-engine @@ -163,12 +163,12 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-sample: + app-sample: container_name: edgex-app-sample depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: CLIENTS_CORE_COMMAND_HOST: edgex-core-command @@ -192,14 +192,77 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - command: + app-scalability-test-mqtt-export: + container_name: edgex-app-scalability-test-mqtt-export + depends_on: + consul: + condition: service_started + core-data: + condition: service_started + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "false" + EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export + MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export + SERVICE_HOST: edgex-app-scalability-test-mqtt-export + WRITABLE_LOGLEVEL: DEBUG + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: app-scalability-test-mqtt-export + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-scalability-test-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + consul: + command: + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 + container_name: edgex-core-consul + hostname: edgex-core-consul + image: consul:1.13 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + core-command: container_name: edgex-core-command depends_on: consul: condition: service_started - database: + core-metadata: condition: service_started - metadata: + database: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -220,7 +283,7 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - common-config: + core-common-config-bootstrapper: container_name: edgex-core-common-config-bootstrapper depends_on: consul: @@ -244,60 +307,52 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - consul: - command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 - container_name: edgex-core-consul - hostname: edgex-core-consul - image: consul:1.13 + core-data: + container_name: edgex-core-data + depends_on: + consul: + condition: service_started + core-metadata: + condition: service_started + database: + condition: service_started + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-core-data + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 8500 - published: "8500" + target: 59880 + published: "59880" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - data: - container_name: edgex-core-data + user: 2002:2001 + core-metadata: + container_name: edgex-core-metadata depends_on: consul: condition: service_started database: condition: service_started - metadata: - condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-core-data - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data:latest + SERVICE_HOST: edgex-core-metadata + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59880 - published: "59880" + target: 59881 + published: "59881" protocol: tcp read_only: true restart: always @@ -335,9 +390,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started modbus-simulator: condition: service_started @@ -371,9 +426,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -398,9 +453,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -429,9 +484,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -458,31 +513,6 @@ services: bind: selinux: z create_host_path: true - metadata: - container_name: edgex-core-metadata - depends_on: - consul: - condition: service_started - database: - condition: service_started - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-core-metadata - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 modbus-simulator: container_name: edgex-modbus-simulator hostname: edgex-modbus-simulator @@ -543,32 +573,7 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - notifications: - container_name: edgex-support-notifications - depends_on: - consul: - condition: service_started - database: - condition: service_started - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-support-notifications - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - rulesengine: + rules-engine: container_name: edgex-kuiper depends_on: database: @@ -627,37 +632,32 @@ services: source: kuiper-plugins target: /kuiper/plugins volume: {} - scalability-test-mqtt-export: - container_name: edgex-scalability-test-mqtt-export + support-notifications: + container_name: edgex-support-notifications depends_on: consul: condition: service_started - data: + database: condition: service_started environment: - EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "false" - EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export - MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export - SERVICE_HOST: edgex-scalability-test-mqtt-export - WRITABLE_LOGLEVEL: DEBUG - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: scalability-test-mqtt-export - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events - hostname: edgex-scalability-test-mqtt-export - image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + SERVICE_HOST: edgex-support-notifications + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications:latest networks: edgex-network: null ports: - mode: ingress - target: 59703 - published: "59710" + host_ip: 127.0.0.1 + target: 59860 + published: "59860" protocol: tcp read_only: true + restart: always security_opt: - no-new-privileges:true user: 2002:2001 - scheduler: + support-scheduler: container_name: edgex-support-scheduler depends_on: consul: diff --git a/taf/docker-compose-taf-no-secty.yml b/taf/docker-compose-taf-no-secty.yml index 9f62b46c..ca154e94 100644 --- a/taf/docker-compose-taf-no-secty.yml +++ b/taf/docker-compose-taf-no-secty.yml @@ -26,12 +26,12 @@ # name: edgex services: - app-service-external-mqtt-trigger: + app-external-mqtt-trigger: container_name: edgex-app-external-mqtt-trigger depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: external-mqtt-trigger @@ -56,18 +56,18 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-functional-tests: - container_name: app-functional-tests + app-functional-tests: + container_name: edgex-app-functional-tests depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: functional-tests EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: app-functional-tests - hostname: app-functional-tests + SERVICE_HOST: edgex-app-functional-tests + hostname: edgex-app-functional-tests image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest networks: edgex-network: null @@ -80,12 +80,12 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-http-export: + app-http-export: container_name: edgex-app-http-export depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: http-export @@ -108,12 +108,12 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-mqtt-export: + app-mqtt-export: container_name: edgex-app-mqtt-export depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: mqtt-export @@ -137,12 +137,12 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-rules: + app-rules-engine: container_name: edgex-app-rules-engine depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: rules-engine @@ -163,12 +163,12 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-sample: + app-sample: container_name: edgex-app-sample depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: CLIENTS_CORE_COMMAND_HOST: edgex-core-command @@ -192,51 +192,33 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - command: - container_name: edgex-core-command + app-scalability-test-mqtt-export: + container_name: edgex-app-scalability-test-mqtt-export depends_on: consul: condition: service_started - database: - condition: service_started - metadata: + core-data: condition: service_started environment: + EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "false" - EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 - SERVICE_HOST: edgex-core-command - hostname: edgex-core-command - image: nexus3.edgexfoundry.org:10004/core-command:latest + EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export + MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export + SERVICE_HOST: edgex-app-scalability-test-mqtt-export + WRITABLE_LOGLEVEL: DEBUG + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: app-scalability-test-mqtt-export + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-scalability-test-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest networks: edgex-network: null ports: - mode: ingress - host_ip: 127.0.0.1 - target: 59882 - published: "59882" + target: 59703 + published: "59710" protocol: tcp read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - common-config: - container_name: edgex-core-common-config-bootstrapper - depends_on: - consul: - condition: service_started - environment: - ALL_SERVICES_DATABASE_HOST: edgex-redis - ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis - ALL_SERVICES_REGISTRY_HOST: edgex-core-consul - APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - EDGEX_SECURITY_SECRET_STORE: "false" - hostname: edgex-core-common-config-bootstrapper - image: nexus3.edgexfoundry.org:10004/core-common-config-bootstrapper:latest - networks: - edgex-network: null - read_only: true security_opt: - no-new-privileges:true user: 2002:2001 @@ -273,14 +255,62 @@ services: source: consul-data target: /consul/data volume: {} - data: - container_name: edgex-core-data + core-command: + container_name: edgex-core-command depends_on: consul: condition: service_started + core-metadata: + condition: service_started database: condition: service_started - metadata: + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 + SERVICE_HOST: edgex-core-command + hostname: edgex-core-command + image: nexus3.edgexfoundry.org:10004/core-command:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + core-common-config-bootstrapper: + container_name: edgex-core-common-config-bootstrapper + depends_on: + consul: + condition: service_started + environment: + ALL_SERVICES_DATABASE_HOST: edgex-redis + ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis + ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + EDGEX_SECURITY_SECRET_STORE: "false" + hostname: edgex-core-common-config-bootstrapper + image: nexus3.edgexfoundry.org:10004/core-common-config-bootstrapper:latest + networks: + edgex-network: null + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + core-data: + container_name: edgex-core-data + depends_on: + consul: + condition: service_started + core-metadata: + condition: service_started + database: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -300,6 +330,31 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 + core-metadata: + container_name: edgex-core-metadata + depends_on: + consul: + condition: service_started + database: + condition: service_started + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-core-metadata + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 database: container_name: edgex-redis hostname: edgex-redis @@ -331,9 +386,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started modbus-simulator: condition: service_started @@ -367,9 +422,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -394,9 +449,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -425,9 +480,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -454,31 +509,6 @@ services: bind: selinux: z create_host_path: true - metadata: - container_name: edgex-core-metadata - depends_on: - consul: - condition: service_started - database: - condition: service_started - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-core-metadata - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 modbus-simulator: container_name: edgex-modbus-simulator hostname: edgex-modbus-simulator @@ -538,32 +568,7 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - notifications: - container_name: edgex-support-notifications - depends_on: - consul: - condition: service_started - database: - condition: service_started - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-support-notifications - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - rulesengine: + rules-engine: container_name: edgex-kuiper depends_on: database: @@ -612,37 +617,32 @@ services: source: kuiper-plugins target: /kuiper/plugins volume: {} - scalability-test-mqtt-export: - container_name: edgex-scalability-test-mqtt-export + support-notifications: + container_name: edgex-support-notifications depends_on: consul: condition: service_started - data: + database: condition: service_started environment: - EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "false" - EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export - MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export - SERVICE_HOST: edgex-scalability-test-mqtt-export - WRITABLE_LOGLEVEL: DEBUG - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: scalability-test-mqtt-export - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events - hostname: edgex-scalability-test-mqtt-export - image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + SERVICE_HOST: edgex-support-notifications + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications:latest networks: edgex-network: null ports: - mode: ingress - target: 59703 - published: "59710" + host_ip: 127.0.0.1 + target: 59860 + published: "59860" protocol: tcp read_only: true + restart: always security_opt: - no-new-privileges:true user: 2002:2001 - scheduler: + support-scheduler: container_name: edgex-support-scheduler depends_on: consul: diff --git a/taf/docker-compose-taf-perf-arm64.yml b/taf/docker-compose-taf-perf-arm64.yml index 7c199e23..fd07cd24 100644 --- a/taf/docker-compose-taf-perf-arm64.yml +++ b/taf/docker-compose-taf-perf-arm64.yml @@ -26,7 +26,7 @@ # name: edgex services: - app-service-mqtt-export: + app-mqtt-export: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -35,7 +35,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -90,7 +90,7 @@ services: bind: selinux: z create_host_path: true - app-service-rules: + app-rules-engine: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -99,7 +99,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -151,7 +151,85 @@ services: bind: selinux: z create_host_path: true - command: + consul: + command: + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 + container_name: edgex-core-consul + depends_on: + security-bootstrapper: + condition: service_started + vault: + condition: service_started + entrypoint: + - /edgex-init/consul_wait_install.sh + environment: + ADD_REGISTRY_ACL_ROLES: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export + EDGEX_GROUP: "2001" + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json + STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json + STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-consul + image: consul:1.13 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + volume: {} + - type: bind + source: /tmp/edgex/secrets/edgex-consul + target: /tmp/edgex/secrets/edgex-consul + read_only: true + bind: + selinux: z + create_host_path: true + core-command: command: - /core-command - -cp=consul.http://edgex-core-consul:8500 @@ -160,14 +238,14 @@ services: depends_on: consul: condition: service_started - database: - condition: service_started - metadata: + core-metadata: condition: service_started - secretstore-setup: + database: condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: @@ -216,7 +294,7 @@ services: bind: selinux: z create_host_path: true - common-config: + core-common-config-bootstrapper: command: - /entrypoint.sh - /core-common-config-bootstrapper @@ -225,10 +303,10 @@ services: depends_on: consul: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: @@ -273,108 +351,92 @@ services: bind: selinux: z create_host_path: true - consul: + core-data: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 - container_name: edgex-core-consul + - /core-data + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-core-data depends_on: + consul: + condition: service_started + core-metadata: + condition: service_started + database: + condition: service_started security-bootstrapper: condition: service_started - vault: + security-secretstore-setup: condition: service_started entrypoint: - - /edgex-init/consul_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: - ADD_REGISTRY_ACL_ROLES: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export - EDGEX_GROUP: "2001" EDGEX_SECURITY_SECRET_STORE: "true" - EDGEX_USER: "2002" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-data STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json - STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json - STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-consul - image: consul:1.13 + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 8500 - published: "8500" + target: 59880 + published: "59880" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: root:root + user: 2002:2001 volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - volume: {} - type: bind - source: /tmp/edgex/secrets/edgex-consul - target: /tmp/edgex/secrets/edgex-consul + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data read_only: true bind: selinux: z create_host_path: true - data: + core-metadata: command: - - /core-data + - /core-metadata - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: edgex-core-data + container_name: edgex-core-metadata depends_on: consul: condition: service_started database: condition: service_started - metadata: - condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-core-data + SERVICE_HOST: edgex-core-metadata STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -387,15 +449,15 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59880 - published: "59880" + target: 59881 + published: "59881" protocol: tcp read_only: true restart: always @@ -409,8 +471,8 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets/core-data - target: /tmp/edgex/secrets/core-data + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata read_only: true bind: selinux: z @@ -418,10 +480,10 @@ services: database: container_name: edgex-redis depends_on: - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/redis_wait_install.sh environment: @@ -489,9 +551,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -551,9 +613,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -604,68 +666,6 @@ services: bind: selinux: z create_host_path: true - metadata: - command: - - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-core-metadata - depends_on: - consul: - condition: service_started - database: - condition: service_started - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-core-metadata - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/core-metadata - target: /tmp/edgex/secrets/core-metadata - read_only: true - bind: - selinux: z - create_host_path: true mqtt-broker: command: - /usr/sbin/mosquitto @@ -716,7 +716,7 @@ services: - daemon off; container_name: edgex-nginx depends_on: - secretstore-setup: + security-secretstore-setup: condition: service_started entrypoint: - /bin/sh @@ -769,28 +769,30 @@ services: source: nginx-tls target: /etc/ssl/nginx volume: {} - notifications: - command: - - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-support-notifications + rules-engine: + container_name: edgex-kuiper depends_on: - consul: - condition: service_started database: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/kuiper_wait_install.sh environment: - EDGEX_SECURITY_SECRET_STORE: "true" + CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" + CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis + CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis + CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis + EDGEX__DEFAULT__PORT: "6379" + EDGEX__DEFAULT__PROTOCOL: redis + EDGEX__DEFAULT__SERVER: edgex-redis + EDGEX__DEFAULT__TOPIC: edgex/rules-events + EDGEX__DEFAULT__TYPE: redis + KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__RESTPORT: "59720" PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-support-notifications STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -803,35 +805,84 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest + hostname: edgex-kuiper + image: lfedge/ekuiper:1.9-alpine networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59860 - published: "59860" + target: 59720 + published: "59720" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: 2002:2001 + user: kuiper:kuiper volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - - type: bind - source: /tmp/edgex/secrets/support-notifications - target: /tmp/edgex/secrets/support-notifications - read_only: true - bind: - selinux: z - create_host_path: true - proxy-auth: + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-connections + target: /kuiper/etc/connections + volume: {} + - type: volume + source: kuiper-sources + target: /kuiper/etc/sources + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + security-bootstrapper: + container_name: edgex-security-bootstrapper + environment: + EDGEX_GROUP: "2001" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-bootstrapper + image: nexus3.edgexfoundry.org:10004/security-bootstrapper-arm64:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + security-proxy-auth: command: - entrypoint.sh - /security-proxy-auth @@ -839,7 +890,7 @@ services: - --registry container_name: edgex-proxy-auth depends_on: - secretstore-setup: + security-secretstore-setup: condition: service_started entrypoint: - /bin/sh @@ -888,13 +939,13 @@ services: bind: selinux: z create_host_path: true - proxy-setup: + security-proxy-setup: container_name: edgex-security-proxy-setup depends_on: - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/proxy_setup_wait_install.sh environment: @@ -961,152 +1012,7 @@ services: source: vault-config target: /vault/config volume: {} - rulesengine: - container_name: edgex-kuiper - depends_on: - database: - condition: service_started - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/kuiper_wait_install.sh - environment: - CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" - CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis - CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis - CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis - EDGEX__DEFAULT__PORT: "6379" - EDGEX__DEFAULT__PROTOCOL: redis - EDGEX__DEFAULT__SERVER: edgex-redis - EDGEX__DEFAULT__TOPIC: edgex/rules-events - EDGEX__DEFAULT__TYPE: redis - KUIPER__BASIC__CONSOLELOG: "true" - KUIPER__BASIC__RESTPORT: "59720" - PROXY_SETUP_HOST: edgex-security-proxy-setup - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-kuiper - image: lfedge/ekuiper:1.9-alpine - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59720 - published: "59720" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: kuiper:kuiper - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: kuiper-data - target: /kuiper/data - volume: {} - - type: volume - source: kuiper-etc - target: /kuiper/etc - volume: {} - - type: volume - source: kuiper-connections - target: /kuiper/etc/connections - volume: {} - - type: volume - source: kuiper-sources - target: /kuiper/etc/sources - volume: {} - - type: volume - source: kuiper-log - target: /kuiper/log - volume: {} - - type: volume - source: kuiper-plugins - target: /kuiper/plugins - volume: {} - scheduler: - command: - - /support-scheduler - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-support-scheduler - depends_on: - consul: - condition: service_started - database: - condition: service_started - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data - INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-support-scheduler - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-scheduler - image: nexus3.edgexfoundry.org:10004/support-scheduler-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59861 - published: "59861" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/support-scheduler - target: /tmp/edgex/secrets/support-scheduler - read_only: true - bind: - selinux: z - create_host_path: true - secretstore-setup: + security-secretstore-setup: container_name: edgex-security-secretstore-setup depends_on: security-bootstrapper: @@ -1170,38 +1076,6 @@ services: source: vault-config target: /vault/config volume: {} - security-bootstrapper: - container_name: edgex-security-bootstrapper - environment: - EDGEX_GROUP: "2001" - EDGEX_USER: "2002" - PROXY_SETUP_HOST: edgex-security-proxy-setup - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-bootstrapper - image: nexus3.edgexfoundry.org:10004/security-bootstrapper-arm64:latest - networks: - edgex-network: null - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: edgex-init - target: /edgex-init - volume: {} security-spiffe-token-provider: command: - /security-spiffe-token-provider @@ -1439,6 +1313,132 @@ services: bind: selinux: z create_host_path: true + support-notifications: + command: + - /support-notifications + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-support-notifications + depends_on: + consul: + condition: service_started + database: + condition: service_started + security-bootstrapper: + condition: service_started + security-secretstore-setup: + condition: service_started + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-support-notifications + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications + read_only: true + bind: + selinux: z + create_host_path: true + support-scheduler: + command: + - /support-scheduler + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-support-scheduler + depends_on: + consul: + condition: service_started + database: + condition: service_started + security-bootstrapper: + condition: service_started + security-secretstore-setup: + condition: service_started + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data + INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-support-scheduler + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-support-scheduler + image: nexus3.edgexfoundry.org:10004/support-scheduler-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true + bind: + selinux: z + create_host_path: true ui: container_name: edgex-ui-go environment: diff --git a/taf/docker-compose-taf-perf-no-secty-arm64.yml b/taf/docker-compose-taf-perf-no-secty-arm64.yml index 3dd7518f..9e7cd5fc 100644 --- a/taf/docker-compose-taf-perf-no-secty-arm64.yml +++ b/taf/docker-compose-taf-perf-no-secty-arm64.yml @@ -26,12 +26,12 @@ # name: edgex services: - app-service-mqtt-export: + app-mqtt-export: container_name: edgex-app-mqtt-export depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: mqtt-export @@ -55,12 +55,12 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-rules: + app-rules-engine: container_name: edgex-app-rules-engine depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: rules-engine @@ -81,14 +81,47 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - command: + consul: + command: + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 + container_name: edgex-core-consul + hostname: edgex-core-consul + image: consul:1.13 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + core-command: container_name: edgex-core-command depends_on: consul: condition: service_started - database: + core-metadata: condition: service_started - metadata: + database: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -109,7 +142,7 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - common-config: + core-common-config-bootstrapper: container_name: edgex-core-common-config-bootstrapper depends_on: consul: @@ -129,60 +162,52 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - consul: - command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 - container_name: edgex-core-consul - hostname: edgex-core-consul - image: consul:1.13 + core-data: + container_name: edgex-core-data + depends_on: + consul: + condition: service_started + core-metadata: + condition: service_started + database: + condition: service_started + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-core-data + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 8500 - published: "8500" + target: 59880 + published: "59880" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - data: - container_name: edgex-core-data + user: 2002:2001 + core-metadata: + container_name: edgex-core-metadata depends_on: consul: condition: service_started database: condition: service_started - metadata: - condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-core-data - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest + SERVICE_HOST: edgex-core-metadata + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59880 - published: "59880" + target: 59881 + published: "59881" protocol: tcp read_only: true restart: always @@ -216,9 +241,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -243,9 +268,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -265,31 +290,6 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - metadata: - container_name: edgex-core-metadata - depends_on: - consul: - condition: service_started - database: - condition: service_started - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-core-metadata - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 mqtt-broker: command: - /usr/sbin/mosquitto @@ -332,32 +332,7 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - notifications: - container_name: edgex-support-notifications - depends_on: - consul: - condition: service_started - database: - condition: service_started - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-support-notifications - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - rulesengine: + rules-engine: container_name: edgex-kuiper depends_on: database: @@ -406,7 +381,32 @@ services: source: kuiper-plugins target: /kuiper/plugins volume: {} - scheduler: + support-notifications: + container_name: edgex-support-notifications + depends_on: + consul: + condition: service_started + database: + condition: service_started + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-support-notifications + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + support-scheduler: container_name: edgex-support-scheduler depends_on: consul: diff --git a/taf/docker-compose-taf-perf-no-secty.yml b/taf/docker-compose-taf-perf-no-secty.yml index 078c2881..a3fdfead 100644 --- a/taf/docker-compose-taf-perf-no-secty.yml +++ b/taf/docker-compose-taf-perf-no-secty.yml @@ -26,12 +26,12 @@ # name: edgex services: - app-service-mqtt-export: + app-mqtt-export: container_name: edgex-app-mqtt-export depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: mqtt-export @@ -55,12 +55,12 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - app-service-rules: + app-rules-engine: container_name: edgex-app-rules-engine depends_on: consul: condition: service_started - data: + core-data: condition: service_started environment: EDGEX_PROFILE: rules-engine @@ -81,14 +81,47 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - command: + consul: + command: + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 + container_name: edgex-core-consul + hostname: edgex-core-consul + image: consul:1.13 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + core-command: container_name: edgex-core-command depends_on: consul: condition: service_started - database: + core-metadata: condition: service_started - metadata: + database: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -109,7 +142,7 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - common-config: + core-common-config-bootstrapper: container_name: edgex-core-common-config-bootstrapper depends_on: consul: @@ -129,60 +162,52 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - consul: - command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 - container_name: edgex-core-consul - hostname: edgex-core-consul - image: consul:1.13 + core-data: + container_name: edgex-core-data + depends_on: + consul: + condition: service_started + core-metadata: + condition: service_started + database: + condition: service_started + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-core-data + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 8500 - published: "8500" + target: 59880 + published: "59880" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - data: - container_name: edgex-core-data + user: 2002:2001 + core-metadata: + container_name: edgex-core-metadata depends_on: consul: condition: service_started database: condition: service_started - metadata: - condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-core-data - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data:latest + SERVICE_HOST: edgex-core-metadata + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59880 - published: "59880" + target: 59881 + published: "59881" protocol: tcp read_only: true restart: always @@ -216,9 +241,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -243,9 +268,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started environment: EDGEX_SECURITY_SECRET_STORE: "false" @@ -265,31 +290,6 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - metadata: - container_name: edgex-core-metadata - depends_on: - consul: - condition: service_started - database: - condition: service_started - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-core-metadata - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 mqtt-broker: command: - /usr/sbin/mosquitto @@ -332,32 +332,7 @@ services: security_opt: - no-new-privileges:true user: 2002:2001 - notifications: - container_name: edgex-support-notifications - depends_on: - consul: - condition: service_started - database: - condition: service_started - environment: - EDGEX_SECURITY_SECRET_STORE: "false" - SERVICE_HOST: edgex-support-notifications - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - rulesengine: + rules-engine: container_name: edgex-kuiper depends_on: database: @@ -406,7 +381,32 @@ services: source: kuiper-plugins target: /kuiper/plugins volume: {} - scheduler: + support-notifications: + container_name: edgex-support-notifications + depends_on: + consul: + condition: service_started + database: + condition: service_started + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-support-notifications + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + support-scheduler: container_name: edgex-support-scheduler depends_on: consul: diff --git a/taf/docker-compose-taf-perf.yml b/taf/docker-compose-taf-perf.yml index b214a079..e0ede7fe 100644 --- a/taf/docker-compose-taf-perf.yml +++ b/taf/docker-compose-taf-perf.yml @@ -26,7 +26,7 @@ # name: edgex services: - app-service-mqtt-export: + app-mqtt-export: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -35,7 +35,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -90,7 +90,7 @@ services: bind: selinux: z create_host_path: true - app-service-rules: + app-rules-engine: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -99,7 +99,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -151,7 +151,85 @@ services: bind: selinux: z create_host_path: true - command: + consul: + command: + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 + container_name: edgex-core-consul + depends_on: + security-bootstrapper: + condition: service_started + vault: + condition: service_started + entrypoint: + - /edgex-init/consul_wait_install.sh + environment: + ADD_REGISTRY_ACL_ROLES: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export + EDGEX_GROUP: "2001" + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json + STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json + STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-consul + image: consul:1.13 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + volume: {} + - type: bind + source: /tmp/edgex/secrets/edgex-consul + target: /tmp/edgex/secrets/edgex-consul + read_only: true + bind: + selinux: z + create_host_path: true + core-command: command: - /core-command - -cp=consul.http://edgex-core-consul:8500 @@ -160,14 +238,14 @@ services: depends_on: consul: condition: service_started - database: - condition: service_started - metadata: + core-metadata: condition: service_started - secretstore-setup: + database: condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: @@ -216,7 +294,7 @@ services: bind: selinux: z create_host_path: true - common-config: + core-common-config-bootstrapper: command: - /entrypoint.sh - /core-common-config-bootstrapper @@ -225,10 +303,10 @@ services: depends_on: consul: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: @@ -273,108 +351,92 @@ services: bind: selinux: z create_host_path: true - consul: + core-data: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 - container_name: edgex-core-consul + - /core-data + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-core-data depends_on: + consul: + condition: service_started + core-metadata: + condition: service_started + database: + condition: service_started security-bootstrapper: condition: service_started - vault: + security-secretstore-setup: condition: service_started entrypoint: - - /edgex-init/consul_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: - ADD_REGISTRY_ACL_ROLES: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export - EDGEX_GROUP: "2001" EDGEX_SECURITY_SECRET_STORE: "true" - EDGEX_USER: "2002" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-data STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json - STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json - STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-consul - image: consul:1.13 + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 8500 - published: "8500" + target: 59880 + published: "59880" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: root:root + user: 2002:2001 volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - volume: {} - type: bind - source: /tmp/edgex/secrets/edgex-consul - target: /tmp/edgex/secrets/edgex-consul + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data read_only: true bind: selinux: z create_host_path: true - data: + core-metadata: command: - - /core-data + - /core-metadata - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: edgex-core-data + container_name: edgex-core-metadata depends_on: consul: condition: service_started database: condition: service_started - metadata: - condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-core-data + SERVICE_HOST: edgex-core-metadata STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -387,15 +449,15 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data:latest + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59880 - published: "59880" + target: 59881 + published: "59881" protocol: tcp read_only: true restart: always @@ -409,8 +471,8 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets/core-data - target: /tmp/edgex/secrets/core-data + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata read_only: true bind: selinux: z @@ -418,10 +480,10 @@ services: database: container_name: edgex-redis depends_on: - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/redis_wait_install.sh environment: @@ -489,9 +551,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -551,9 +613,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -604,68 +666,6 @@ services: bind: selinux: z create_host_path: true - metadata: - command: - - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-core-metadata - depends_on: - consul: - condition: service_started - database: - condition: service_started - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-core-metadata - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/core-metadata - target: /tmp/edgex/secrets/core-metadata - read_only: true - bind: - selinux: z - create_host_path: true mqtt-broker: command: - /usr/sbin/mosquitto @@ -716,7 +716,7 @@ services: - daemon off; container_name: edgex-nginx depends_on: - secretstore-setup: + security-secretstore-setup: condition: service_started entrypoint: - /bin/sh @@ -769,28 +769,30 @@ services: source: nginx-tls target: /etc/ssl/nginx volume: {} - notifications: - command: - - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-support-notifications + rules-engine: + container_name: edgex-kuiper depends_on: - consul: - condition: service_started database: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/kuiper_wait_install.sh environment: - EDGEX_SECURITY_SECRET_STORE: "true" + CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" + CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis + CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis + CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis + EDGEX__DEFAULT__PORT: "6379" + EDGEX__DEFAULT__PROTOCOL: redis + EDGEX__DEFAULT__SERVER: edgex-redis + EDGEX__DEFAULT__TOPIC: edgex/rules-events + EDGEX__DEFAULT__TYPE: redis + KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__RESTPORT: "59720" PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-support-notifications STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -803,35 +805,84 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications:latest + hostname: edgex-kuiper + image: lfedge/ekuiper:1.9-alpine networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59860 - published: "59860" + target: 59720 + published: "59720" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: 2002:2001 + user: kuiper:kuiper volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - - type: bind - source: /tmp/edgex/secrets/support-notifications - target: /tmp/edgex/secrets/support-notifications - read_only: true - bind: - selinux: z - create_host_path: true - proxy-auth: + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-connections + target: /kuiper/etc/connections + volume: {} + - type: volume + source: kuiper-sources + target: /kuiper/etc/sources + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + security-bootstrapper: + container_name: edgex-security-bootstrapper + environment: + EDGEX_GROUP: "2001" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-bootstrapper + image: nexus3.edgexfoundry.org:10004/security-bootstrapper:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + security-proxy-auth: command: - entrypoint.sh - /security-proxy-auth @@ -839,7 +890,7 @@ services: - --registry container_name: edgex-proxy-auth depends_on: - secretstore-setup: + security-secretstore-setup: condition: service_started entrypoint: - /bin/sh @@ -888,13 +939,13 @@ services: bind: selinux: z create_host_path: true - proxy-setup: + security-proxy-setup: container_name: edgex-security-proxy-setup depends_on: - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/proxy_setup_wait_install.sh environment: @@ -961,152 +1012,7 @@ services: source: vault-config target: /vault/config volume: {} - rulesengine: - container_name: edgex-kuiper - depends_on: - database: - condition: service_started - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/kuiper_wait_install.sh - environment: - CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" - CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis - CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis - CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis - EDGEX__DEFAULT__PORT: "6379" - EDGEX__DEFAULT__PROTOCOL: redis - EDGEX__DEFAULT__SERVER: edgex-redis - EDGEX__DEFAULT__TOPIC: edgex/rules-events - EDGEX__DEFAULT__TYPE: redis - KUIPER__BASIC__CONSOLELOG: "true" - KUIPER__BASIC__RESTPORT: "59720" - PROXY_SETUP_HOST: edgex-security-proxy-setup - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-kuiper - image: lfedge/ekuiper:1.9-alpine - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59720 - published: "59720" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: kuiper:kuiper - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: kuiper-data - target: /kuiper/data - volume: {} - - type: volume - source: kuiper-etc - target: /kuiper/etc - volume: {} - - type: volume - source: kuiper-connections - target: /kuiper/etc/connections - volume: {} - - type: volume - source: kuiper-sources - target: /kuiper/etc/sources - volume: {} - - type: volume - source: kuiper-log - target: /kuiper/log - volume: {} - - type: volume - source: kuiper-plugins - target: /kuiper/plugins - volume: {} - scheduler: - command: - - /support-scheduler - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-support-scheduler - depends_on: - consul: - condition: service_started - database: - condition: service_started - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data - INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-support-scheduler - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-scheduler - image: nexus3.edgexfoundry.org:10004/support-scheduler:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59861 - published: "59861" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/support-scheduler - target: /tmp/edgex/secrets/support-scheduler - read_only: true - bind: - selinux: z - create_host_path: true - secretstore-setup: + security-secretstore-setup: container_name: edgex-security-secretstore-setup depends_on: security-bootstrapper: @@ -1170,38 +1076,6 @@ services: source: vault-config target: /vault/config volume: {} - security-bootstrapper: - container_name: edgex-security-bootstrapper - environment: - EDGEX_GROUP: "2001" - EDGEX_USER: "2002" - PROXY_SETUP_HOST: edgex-security-proxy-setup - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-bootstrapper - image: nexus3.edgexfoundry.org:10004/security-bootstrapper:latest - networks: - edgex-network: null - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: edgex-init - target: /edgex-init - volume: {} security-spiffe-token-provider: command: - /security-spiffe-token-provider @@ -1439,6 +1313,132 @@ services: bind: selinux: z create_host_path: true + support-notifications: + command: + - /support-notifications + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-support-notifications + depends_on: + consul: + condition: service_started + database: + condition: service_started + security-bootstrapper: + condition: service_started + security-secretstore-setup: + condition: service_started + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-support-notifications + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications + read_only: true + bind: + selinux: z + create_host_path: true + support-scheduler: + command: + - /support-scheduler + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-support-scheduler + depends_on: + consul: + condition: service_started + database: + condition: service_started + security-bootstrapper: + condition: service_started + security-secretstore-setup: + condition: service_started + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data + INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-support-scheduler + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-support-scheduler + image: nexus3.edgexfoundry.org:10004/support-scheduler:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true + bind: + selinux: z + create_host_path: true ui: container_name: edgex-ui-go environment: diff --git a/taf/docker-compose-taf.yml b/taf/docker-compose-taf.yml index 410922b9..8c07a0ea 100644 --- a/taf/docker-compose-taf.yml +++ b/taf/docker-compose-taf.yml @@ -26,7 +26,7 @@ # name: edgex services: - app-service-external-mqtt-trigger: + app-external-mqtt-trigger: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -35,7 +35,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -91,16 +91,16 @@ services: bind: selinux: z create_host_path: true - app-service-functional-tests: + app-functional-tests: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: app-functional-tests + container_name: edgex-app-functional-tests depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -111,7 +111,7 @@ services: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: app-functional-tests + SERVICE_HOST: edgex-app-functional-tests STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -124,7 +124,7 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: app-functional-tests + hostname: edgex-app-functional-tests image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest networks: edgex-network: null @@ -150,7 +150,7 @@ services: bind: selinux: z create_host_path: true - app-service-http-export: + app-http-export: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -159,7 +159,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -213,7 +213,7 @@ services: bind: selinux: z create_host_path: true - app-service-mqtt-export: + app-mqtt-export: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -222,7 +222,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -277,7 +277,7 @@ services: bind: selinux: z create_host_path: true - app-service-rules: + app-rules-engine: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -286,7 +286,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -338,7 +338,7 @@ services: bind: selinux: z create_host_path: true - app-service-sample: + app-sample: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 @@ -347,7 +347,7 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started security-bootstrapper: condition: service_started @@ -402,7 +402,150 @@ services: bind: selinux: z create_host_path: true - command: + app-scalability-test-mqtt-export: + command: + - /app-service-configurable + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-app-scalability-test-mqtt-export + depends_on: + consul: + condition: service_started + core-data: + condition: service_started + security-bootstrapper: + condition: service_started + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export + MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-scalability-test-mqtt-export + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_LOGLEVEL: DEBUG + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: app-scalability-test-mqtt-export + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-scalability-test-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-scalability-test-mqtt-export + target: /tmp/edgex/secrets/app-scalability-test-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true + consul: + command: + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 + container_name: edgex-core-consul + depends_on: + security-bootstrapper: + condition: service_started + vault: + condition: service_started + entrypoint: + - /edgex-init/consul_wait_install.sh + environment: + ADD_REGISTRY_ACL_ROLES: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera + EDGEX_GROUP: "2001" + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json + STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json + STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-consul + image: consul:1.13 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + volume: {} + - type: bind + source: /tmp/edgex/secrets/edgex-consul + target: /tmp/edgex/secrets/edgex-consul + read_only: true + bind: + selinux: z + create_host_path: true + core-command: command: - /core-command - -cp=consul.http://edgex-core-consul:8500 @@ -411,14 +554,14 @@ services: depends_on: consul: condition: service_started - database: - condition: service_started - metadata: + core-metadata: condition: service_started - secretstore-setup: + database: condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: @@ -467,7 +610,7 @@ services: bind: selinux: z create_host_path: true - common-config: + core-common-config-bootstrapper: command: - /entrypoint.sh - /core-common-config-bootstrapper @@ -476,10 +619,10 @@ services: depends_on: consul: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: @@ -524,108 +667,92 @@ services: bind: selinux: z create_host_path: true - consul: + core-data: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 - container_name: edgex-core-consul + - /core-data + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-core-data depends_on: + consul: + condition: service_started + core-metadata: + condition: service_started + database: + condition: service_started security-bootstrapper: condition: service_started - vault: + security-secretstore-setup: condition: service_started entrypoint: - - /edgex-init/consul_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: - ADD_REGISTRY_ACL_ROLES: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera - EDGEX_GROUP: "2001" EDGEX_SECURITY_SECRET_STORE: "true" - EDGEX_USER: "2002" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-data STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json - STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json - STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-consul - image: consul:1.13 + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 8500 - published: "8500" + target: 59880 + published: "59880" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true - user: root:root + user: 2002:2001 volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - volume: {} - type: bind - source: /tmp/edgex/secrets/edgex-consul - target: /tmp/edgex/secrets/edgex-consul + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data read_only: true bind: selinux: z create_host_path: true - data: + core-metadata: command: - - /core-data + - /core-metadata - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: edgex-core-data + container_name: edgex-core-metadata depends_on: consul: condition: service_started database: condition: service_started - metadata: - condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-core-data + SERVICE_HOST: edgex-core-metadata STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -638,15 +765,15 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data:latest + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata:latest networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 - target: 59880 - published: "59880" + target: 59881 + published: "59881" protocol: tcp read_only: true restart: always @@ -660,8 +787,8 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets/core-data - target: /tmp/edgex/secrets/core-data + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata read_only: true bind: selinux: z @@ -669,10 +796,10 @@ services: database: container_name: edgex-redis depends_on: - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/redis_wait_install.sh environment: @@ -741,9 +868,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started modbus-simulator: condition: service_started @@ -811,9 +938,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -873,9 +1000,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -936,9 +1063,9 @@ services: depends_on: consul: condition: service_started - data: + core-data: condition: service_started - metadata: + core-metadata: condition: service_started security-bootstrapper: condition: service_started @@ -995,86 +1122,24 @@ services: bind: selinux: z create_host_path: true - metadata: - command: - - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-core-metadata - depends_on: - consul: - condition: service_started - database: - condition: service_started - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-core-metadata - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/core-metadata - target: /tmp/edgex/secrets/core-metadata - read_only: true - bind: - selinux: z - create_host_path: true - modbus-simulator: - container_name: edgex-modbus-simulator - hostname: edgex-modbus-simulator - image: nexus3.edgexfoundry.org:10003/edgex-devops/edgex-modbus-simulator:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1502 - published: "1502" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - mqtt-broker: + modbus-simulator: + container_name: edgex-modbus-simulator + hostname: edgex-modbus-simulator + image: nexus3.edgexfoundry.org:10003/edgex-devops/edgex-modbus-simulator:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1502 + published: "1502" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + mqtt-broker: command: - /usr/sbin/mosquitto - -c @@ -1124,7 +1189,7 @@ services: - daemon off; container_name: edgex-nginx depends_on: - secretstore-setup: + security-secretstore-setup: condition: service_started entrypoint: - /bin/sh @@ -1177,207 +1242,15 @@ services: source: nginx-tls target: /etc/ssl/nginx volume: {} - notifications: - command: - - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-support-notifications - depends_on: - consul: - condition: service_started - database: - condition: service_started - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-support-notifications - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/support-notifications - target: /tmp/edgex/secrets/support-notifications - read_only: true - bind: - selinux: z - create_host_path: true - proxy-auth: - command: - - entrypoint.sh - - /security-proxy-auth - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-proxy-auth - depends_on: - secretstore-setup: - condition: service_started - entrypoint: - - /bin/sh - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-proxy-auth - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-proxy-auth - image: nexus3.edgexfoundry.org:10004/security-proxy-auth:latest - networks: - edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59842 - published: "59842" - protocol: tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-proxy-auth - target: /tmp/edgex/secrets/security-proxy-auth - read_only: true - bind: - selinux: z - create_host_path: true - proxy-setup: - container_name: edgex-security-proxy-setup - depends_on: - secretstore-setup: - condition: service_started - security-bootstrapper: - condition: service_started - entrypoint: - - /edgex-init/proxy_setup_wait_install.sh - environment: - ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901 - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - ROUTES_CORE_COMMAND_HOST: edgex-core-command - ROUTES_CORE_CONSUL_HOST: edgex-core-consul - ROUTES_CORE_DATA_HOST: edgex-core-data - ROUTES_CORE_METADATA_HOST: edgex-core-metadata - ROUTES_DEVICE_VIRTUAL_HOST: device-virtual - ROUTES_RULES_ENGINE_HOST: edgex-kuiper - ROUTES_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications - ROUTES_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler - ROUTES_SYS_MGMT_AGENT_HOST: edgex-sys-mgmt-agent - SECRETSTORE_HOST: edgex-vault - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-proxy-setup - image: nexus3.edgexfoundry.org:10004/security-proxy-setup:latest - networks: - edgex-network: null - read_only: true - security_opt: - - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: nginx-templates - target: /etc/nginx/templates - volume: {} - - type: volume - source: nginx-tls - target: /etc/ssl/nginx - volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-proxy-setup - target: /tmp/edgex/secrets/security-proxy-setup - read_only: true - bind: - selinux: z - create_host_path: true - - type: volume - source: vault-config - target: /vault/config - volume: {} - rulesengine: + rules-engine: container_name: edgex-kuiper depends_on: database: condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - /edgex-init/kuiper_wait_install.sh environment: @@ -1447,32 +1320,59 @@ services: target: /kuiper/log volume: {} - type: volume - source: kuiper-plugins - target: /kuiper/plugins + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + security-bootstrapper: + container_name: edgex-security-bootstrapper + environment: + EDGEX_GROUP: "2001" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-bootstrapper + image: nexus3.edgexfoundry.org:10004/security-bootstrapper:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: edgex-init + target: /edgex-init volume: {} - scalability-test-mqtt-export: + security-proxy-auth: command: - - /app-service-configurable + - entrypoint.sh + - /security-proxy-auth - -cp=consul.http://edgex-core-consul:8500 - --registry - container_name: edgex-scalability-test-mqtt-export + container_name: edgex-proxy-auth depends_on: - consul: - condition: service_started - data: - condition: service_started - security-bootstrapper: + security-secretstore-setup: condition: service_started entrypoint: + - /bin/sh - /edgex-init/ready_to_run_wait_install.sh environment: - EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "true" - EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export - MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-scalability-test-mqtt-export + SERVICE_HOST: edgex-proxy-auth STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -1485,23 +1385,20 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - WRITABLE_LOGLEVEL: DEBUG - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: scalability-test-mqtt-export - WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events - hostname: edgex-scalability-test-mqtt-export - image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + hostname: edgex-proxy-auth + image: nexus3.edgexfoundry.org:10004/security-proxy-auth:latest networks: edgex-network: null ports: - mode: ingress - target: 59703 - published: "59710" + host_ip: 127.0.0.1 + target: 59842 + published: "59842" protocol: tcp read_only: true + restart: always security_opt: - no-new-privileges:true - user: 2002:2001 volumes: - type: volume source: edgex-init @@ -1509,36 +1406,35 @@ services: read_only: true volume: {} - type: bind - source: /tmp/edgex/secrets/app-scalability-test-mqtt-export - target: /tmp/edgex/secrets/app-scalability-test-mqtt-export + source: /tmp/edgex/secrets/security-proxy-auth + target: /tmp/edgex/secrets/security-proxy-auth read_only: true bind: selinux: z create_host_path: true - scheduler: - command: - - /support-scheduler - - -cp=consul.http://edgex-core-consul:8500 - - --registry - container_name: edgex-support-scheduler + security-proxy-setup: + container_name: edgex-security-proxy-setup depends_on: - consul: - condition: service_started - database: - condition: service_started - secretstore-setup: - condition: service_started security-bootstrapper: condition: service_started + security-secretstore-setup: + condition: service_started entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/proxy_setup_wait_install.sh environment: + ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901 EDGEX_SECURITY_SECRET_STORE: "true" - INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data - INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data PROXY_SETUP_HOST: edgex-security-proxy-setup + ROUTES_CORE_COMMAND_HOST: edgex-core-command + ROUTES_CORE_CONSUL_HOST: edgex-core-consul + ROUTES_CORE_DATA_HOST: edgex-core-data + ROUTES_CORE_METADATA_HOST: edgex-core-metadata + ROUTES_DEVICE_VIRTUAL_HOST: device-virtual + ROUTES_RULES_ENGINE_HOST: edgex-kuiper + ROUTES_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications + ROUTES_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler + ROUTES_SYS_MGMT_AGENT_HOST: edgex-sys-mgmt-agent SECRETSTORE_HOST: edgex-vault - SERVICE_HOST: edgex-support-scheduler STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis @@ -1551,35 +1447,45 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-scheduler - image: nexus3.edgexfoundry.org:10004/support-scheduler:latest + hostname: edgex-security-proxy-setup + image: nexus3.edgexfoundry.org:10004/security-proxy-setup:latest networks: edgex-network: null - ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59861 - published: "59861" - protocol: tcp read_only: true - restart: always security_opt: - no-new-privileges:true - user: 2002:2001 + user: root:root volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + read_only: true + volume: {} - type: bind - source: /tmp/edgex/secrets/support-scheduler - target: /tmp/edgex/secrets/support-scheduler + source: /tmp/edgex/secrets/security-proxy-setup + target: /tmp/edgex/secrets/security-proxy-setup read_only: true bind: selinux: z create_host_path: true - secretstore-setup: + - type: volume + source: vault-config + target: /vault/config + volume: {} + security-secretstore-setup: container_name: edgex-security-secretstore-setup depends_on: security-bootstrapper: @@ -1643,38 +1549,6 @@ services: source: vault-config target: /vault/config volume: {} - security-bootstrapper: - container_name: edgex-security-bootstrapper - environment: - EDGEX_GROUP: "2001" - EDGEX_USER: "2002" - PROXY_SETUP_HOST: edgex-security-proxy-setup - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: "6379" - STAGEGATE_DATABASE_READYPORT: "6379" - STAGEGATE_READY_TORUNPORT: "54329" - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: "8500" - STAGEGATE_REGISTRY_READYPORT: "54324" - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-bootstrapper - image: nexus3.edgexfoundry.org:10004/security-bootstrapper:latest - networks: - edgex-network: null - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: root:root - volumes: - - type: volume - source: edgex-init - target: /edgex-init - volume: {} security-spiffe-token-provider: command: - /security-spiffe-token-provider @@ -1912,6 +1786,132 @@ services: bind: selinux: z create_host_path: true + support-notifications: + command: + - /support-notifications + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-support-notifications + depends_on: + consul: + condition: service_started + database: + condition: service_started + security-bootstrapper: + condition: service_started + security-secretstore-setup: + condition: service_started + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-support-notifications + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications + read_only: true + bind: + selinux: z + create_host_path: true + support-scheduler: + command: + - /support-scheduler + - -cp=consul.http://edgex-core-consul:8500 + - --registry + container_name: edgex-support-scheduler + depends_on: + consul: + condition: service_started + database: + condition: service_started + security-bootstrapper: + condition: service_started + security-secretstore-setup: + condition: service_started + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data + INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-support-scheduler + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-consul + STAGEGATE_REGISTRY_PORT: "8500" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-support-scheduler + image: nexus3.edgexfoundry.org:10004/support-scheduler:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true + bind: + selinux: z + create_host_path: true ui: container_name: edgex-ui-go environment: