forked from fabric8-analytics/fabric8-analytics-common
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
315 lines (311 loc) · 10.7 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
# NOTE: Containers use the generic "coreapi" prefix so they're independent of
# the particular project name. Project specific images are always built
# locally when using the docker-compose file.
#
# The services are all configured with "network_mode: bridge" to work around
# name lookup problems with docker, docker-compose and the use of a local DNS
# resolver on the host: https://bugzilla.redhat.com/show_bug.cgi?id=1258350
version: "2"
services:
broker:
# if you're updating tag, don't forget to also update configuration
# for kubernetes in orchestration/restart-coreapi.sh
image: registry.centos.org/centos/rabbitmq
container_name: coreapi-broker
network_mode: bridge
ports:
- "5672:5672"
- "15672:15672"
environment:
RABBITMQ_USER: guest
RABBITMQ_PASS: guest
postgres:
image: registry.devshift.net/bayesian/coreapi-postgres
network_mode: bridge
ports:
- "6432:5432"
environment:
POSTGRESQL_USER: coreapi
POSTGRESQL_PASSWORD: coreapi
POSTGRESQL_DATABASE: "coreapi"
container_name: coreapi-postgres
pgbouncer:
image: registry.devshift.net/bayesian/coreapi-pgbouncer
container_name: coreapi-pgbouncer
network_mode: bridge
links:
- postgres
ports:
- "5432:5432"
environment:
POSTGRESQL_USER: coreapi
POSTGRESQL_PASSWORD: coreapi
POSTGRESQL_DATABASE: coreapi
POSTGRESQL_INITIAL_DATABASE: postgres
server:
image: registry.devshift.net/bayesian/bayesian-api
network_mode: bridge
links:
- broker
- pgbouncer
- gremlin-http
- minio-s3
container_name: coreapi-server
environment:
F8A_DEBUG: 'true'
F8A_UNCLOUDED_MODE: 'true'
DEPLOYMENT_PREFIX: "${USER}"
WORKER_ADMINISTRATION_REGION: api
# Provide credentials here if you want to run on Amazon SQS instead of RabbitMQ, don't forget to supply
# credentials even for worker
#AWS_SQS_ACCESS_KEY_ID: ''
#AWS_SQS_SECRET_ACCESS_KEY: ''
#AWS_S3_ACCESS_KEY_ID: ''
#AWS_S3_SECRET_ACCESS_KEY: ''
# Both can be omitted, defaults to eu-west-1
#AWS_SQS_REGION: ''
#AWS_S3_REGION: ''
POSTGRESQL_USER: coreapi
POSTGRESQL_PASSWORD: coreapi
POSTGRESQL_DATABASE: coreapi
PGBOUNCER_SERVICE_HOST: coreapi-pgbouncer
BAYESIAN_GREMLIN_HTTP_SERVICE_HOST: "bayesian-gremlin-http"
BAYESIAN_GREMLIN_HTTP_SERVICE_PORT: "8182"
DISABLE_AUTHENTICATION: 1
# you can change it and/or generate a JWT token in server/hack/auth_test_fixtures
# BAYESIAN_FETCH_PUBLIC_KEY: 'https://sso.openshift.io/auth/realms/fabric8/'
# BAYESIAN_JWT_AUDIENCE: 'fabric8-online-platform'
BAYESIAN_AUTH_KEY: |
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs73IBTo0rX2m9bGJGOFq
NtD2XiN6Y3mLjYDnBILRHVQ3fyZnTy/pRC+aKQl/rFbJbv0cXH/WdqOUGv4o5csV
caR7CPWPPNJg4RrkgtrJGAY5Zxu0A4SflyUI6RMnxbrleP/3+bHjS5W4xFUtX/uL
8Um+wlwuR26tPeQAe5HyGNo/mmDNzqohQGVca89qKf/HFnKmYLeMcaWQAH/o0KSK
yZVEKlG689y3K0Tq6XYBC+SkOIrsWcg71ZrX6azm8DPBa6/hSck619H+ILe7VwjX
pZ4sS5sLo10E0sSHNZb57o8MpGTPBHQPgKNNnHGlTn2MyzmLPZm8OCr+KuFtmCxO
MwIDAQAB
-----END PUBLIC KEY-----
ports:
- "32000:5000"
jobs:
image: registry.devshift.net/bayesian/coreapi-jobs
network_mode: bridge
container_name: coreapi-jobs
restart: always
ports:
- "34000:34000"
depends_on:
# forces docker-compose to build the image after its base worker image
- worker-api
- worker-ingestion
- worker-priority
- pgbouncer
links:
- broker
- pgbouncer
- minio-s3
- gremlin-http
- data-model-importer
environment:
# Uncomment if you want to start job service in a paused state
#JOB_SERVICE_PAUSED: 1
#JOB_SERVICE_PORT: 34000
DEPLOYMENT_PREFIX: "${USER}"
DISABLE_AUTHENTICATION: "1"
#If we want to use gh_most_started api locally then need to put the right github-access token in below variable
GITHUB_ACCESS_TOKENS: ""
# We use ingestion in deployment, but force to api here as we have only one worker that is serving api requests by default
WORKER_ADMINISTRATION_REGION: api
RABBITMQ_SERVICE_SERVICE_HOST: coreapi-broker
POSTGRESQL_USER: coreapi
POSTGRESQL_PASSWORD: coreapi
POSTGRESQL_DATABASE: coreapi
PGBOUNCER_SERVICE_HOST: coreapi-pgbouncer
F8A_UNCLOUDED_MODE: 'true'
BAYESIAN_GREMLIN_HTTP_SERVICE_HOST: "bayesian-gremlin-http"
BAYESIAN_GREMLIN_HTTP_SERVICE_PORT: "8182"
# Provide the number of end-users involved in tagging
BAYESIAN_DATA_IMPORTER_SERVICE_HOST: "data-model-importer"
BAYESIAN_DATA_IMPORTER_SERVICE_PORT: "9192"
CROWDSOURCE_USER_COUNT: 2
#AWS_S3_ACCESS_KEY_ID: ''
#AWS_S3_SECRET_ACCESS_KEY: ''
# Provide credentials here if you want to run on Amazon SQS instead of RabbitMQ, don't forget to supply
# credentials even for server and worker
# Both can be omitted, defaults to eu-west-1
#AWS_SQS_REGION: ''
#AWS_S3_REGION: ''
worker-api: &worker
image: registry.devshift.net/bayesian/cucos-worker
restart: always
network_mode: bridge
depends_on:
- worker-db-migrations
links:
- broker
- pgbouncer
- minio-s3
- data-model-importer
- gremlin-http
environment: &worker_environment
DEPLOYMENT_PREFIX: "${USER}"
F8A_UNCLOUDED_MODE: 'true'
WORKER_ADMINISTRATION_REGION: api
RABBITMQ_SERVICE_SERVICE_HOST: coreapi-broker
F8A_SERVER_SERVICE_HOST: coreapi-server
POSTGRESQL_USER: coreapi
POSTGRESQL_PASSWORD: coreapi
POSTGRESQL_DATABASE: coreapi
PGBOUNCER_SERVICE_HOST: coreapi-pgbouncer
# Sync data to Scality-S3
BAYESIAN_SYNC_S3: 1
# 0 - Bayesian runs inside RH
# 1 - Bayesian runs in a cloud
OPENSHIFT_DEPLOYMENT: 0
# Provide credentials here if you want to run on Amazon SQS instead of RabbitMQ, don't forget to supply
# credentials even for server
#AWS_SQS_ACCESS_KEY_ID: ''
#AWS_SQS_SECRET_ACCESS_KEY: ''
#AWS_S3_ACCESS_KEY_ID: ''
#AWS_S3_SECRET_ACCESS_KEY: ''
# Both can be omitted, defaults to eu-west-1
#AWS_SQS_REGION: ''
#AWS_S3_REGION: ''
# If no Github API token is provided, requests will be unauthenticated, i.e. limited to 60 per hour
# Generate your token @ https://github.com/settings/tokens
#GITHUB_TOKEN: ""
#BLACKDUCK_HOST: ""
#BLACKDUCK_SCHEME: ""
#BLACKDUCK_PORT: ""
#BLACKDUCK_USERNAME: ""
#BLACKDUCK_PASSWORD: ""
#BLACKDUCK_PATH: ""
JACCARD_THRESHOLD: 0.4
SIMILARITY_SCORE_THRESHOLD: 0.4
MAX_COMPANION_PACKAGES: 5
MAX_ALTERNATE_PACKAGES: 2
OUTLIER_THRESHOLD: 0.6
UNKNOWN_PACKAGES_THRESHOLD: 0.3
PGM_SERVICE_HOST: "kronos-stack-analysis.dev.rdu2c.fabric8.io"
PGM_SERVICE_PORT: "80"
LICENSE_SERVICE_HOST: "stack-license-stack-license.dev.rdu2c.fabric8.io"
LICENSE_SERVICE_PORT: "80"
BAYESIAN_GREMLIN_HTTP_SERVICE_HOST: "bayesian-gremlin-http"
BAYESIAN_GREMLIN_HTTP_SERVICE_PORT: "8182"
BAYESIAN_DATA_IMPORTER_SERVICE_HOST: "data-model-importer"
BAYESIAN_DATA_IMPORTER_SERVICE_PORT: "9192"
SCANCODE_PROCESSES: "4"
tty: true # yes, really -ti -d, binwalk chokes when there's no tty kept open
worker-ingestion:
<<: *worker
environment:
<<: *worker_environment
WORKER_ADMINISTRATION_REGION: ingestion
worker-priority:
<<: *worker
environment:
<<: *worker_environment
WORKER_ADMINISTRATION_REGION: priority
worker-db-migrations:
image: registry.devshift.net/bayesian/cucos-worker
restart: on-failure
container_name: coreapi-worker-db-migrations
network_mode: bridge
links:
- pgbouncer
command: /alembic/run-db-migrations.sh
environment:
F8A_UNCLOUDED_MODE: 'true'
POSTGRESQL_USER: coreapi
POSTGRESQL_PASSWORD: coreapi
POSTGRESQL_DATABASE: coreapi
POSTGRESQL_INITIAL_DATABASE: postgres
PGBOUNCER_SERVICE_HOST: coreapi-pgbouncer
WORKER_ADMINISTRATION_REGION: ingestion
WORKER_RUN_DB_MIGRATIONS: "1"
minio-s3:
image: minio/minio
command:
- server
- --address
- ":33000"
- /export
container_name: coreapi-s3
network_mode: bridge
ports:
- "33000:33000"
environment:
MINIO_ACCESS_KEY: GNV3SAHAHA3DOT99GQII
MINIO_SECRET_KEY: ZmvMwngonaDK5ymlCd6ptaalDdJsCn3aSSxASPaZ
dynamodb:
image: hilverd/dynamodb
network_mode: bridge
ports:
- "8000:8000"
- "4567:4567"
mem_limit: 2G
container_name: dynamodb
gremlin-http:
image: registry.devshift.net/bayesian/gremlin
network_mode: bridge
entrypoint: /bin/entrypoint-local.sh
environment:
- REST=1
- DEBUG_GRAPH_METRICS=0
ports:
- "8181:8182"
depends_on:
- dynamodb
mem_limit: 2G
container_name: bayesian-gremlin-http
links:
- dynamodb
data-model-importer:
image: registry.devshift.net/bayesian/data-model-importer
restart: always
network_mode: bridge
entrypoint:
- /bin/entrypoint.sh
# volumes:
# - ./data-model/src:/src:z
environment:
DATA_IMPORTER_SERVICE_PORT: "9192"
DATA_IMPORTER_SERVICE_TIMEOUT: "3600"
NUMBER_WORKER_PROCESS: "1"
# controls whether to use http/ws or https/wss
GREMLIN_USE_SECURE_CONNECTION: "false"
BAYESIAN_GREMLIN_HTTP_SERVICE_HOST: "bayesian-gremlin-http"
BAYESIAN_GREMLIN_HTTP_SERVICE_PORT: "8182"
AWS_S3_IS_LOCAL: 1
AWS_S3_ACCESS_KEY_ID: "GNV3SAHAHA3DOT99GQII"
AWS_S3_SECRET_ACCESS_KEY: "ZmvMwngonaDK5ymlCd6ptaalDdJsCn3aSSxASPaZ"
LOCAL_MINIO_ENDPOINT: "coreapi-s3:33000"
DEPLOYMENT_PREFIX: "${USER}"
AWS_EPV_BUCKET: "${USER}-bayesian-core-data"
AWS_PKG_BUCKET: "${USER}-bayesian-core-package-data"
POSTGRESQL_USER: coreapi
POSTGRESQL_PASSWORD: coreapi
POSTGRESQL_DATABASE: coreapi
PGBOUNCER_SERVICE_HOST: coreapi-pgbouncer
BAYESIAN_PGBOUNCER_SERVICE_HOST: "coreapi-pgbouncer"
BAYESIAN_PGBOUNCER_SERVICE_PORT: 5432
ports:
- "9192:9192"
links:
- gremlin-http
- minio-s3
- pgbouncer
cvedb-s3-dump:
# this service just copies pre-built CVE DB to S3 and exits
# https://github.com/fabric8-analytics/cvedb-s3-dump-docker
image: registry.devshift.net/bayesian/cvedb-s3-dump
restart: on-failure
network_mode: bridge
environment:
F8A_UNCLOUDED_MODE: 'true'
AWS_ACCESS_KEY_ID: "GNV3SAHAHA3DOT99GQII"
AWS_SECRET_ACCESS_KEY: "ZmvMwngonaDK5ymlCd6ptaalDdJsCn3aSSxASPaZ"
DEPLOYMENT_PREFIX: "${USER}"
S3_ENDPOINT_URL: "http://coreapi-s3:33000"
links:
- minio-s3