From f7bd95c27f079243a9d45ac2064c391722a3cc45 Mon Sep 17 00:00:00 2001 From: Yevhen Podlyzhnyi Date: Fri, 9 Aug 2024 13:48:59 +0300 Subject: [PATCH 01/11] docker-compose with opensearch - core - camunda platform --- docker-compose-core-opensearch.yaml | 149 +++++++++++ docker-compose-opensearch.yml | 400 ++++++++++++++++++++++++++++ 2 files changed, 549 insertions(+) create mode 100644 docker-compose-core-opensearch.yaml create mode 100644 docker-compose-opensearch.yml diff --git a/docker-compose-core-opensearch.yaml b/docker-compose-core-opensearch.yaml new file mode 100644 index 00000000..e8a84885 --- /dev/null +++ b/docker-compose-core-opensearch.yaml @@ -0,0 +1,149 @@ +services: + + opensearch-init: + image: bash + privileged: true + user: root + command: [ "sysctl", "-w", "vm.max_map_count=262144" ] + + zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe + image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} + container_name: zeebe + ports: + - "26500:26500" + - "9600:9600" + - "8088:8080" + environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ + - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_CLASSNAME=io.camunda.zeebe.exporter.opensearch.OpensearchExporter + - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_INDEX_DEPLOYMENT=false + - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_URL=http://opensearch:9200 + - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_BULK_SIZE=1 + - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_INDEX_PROCESSMESSAGESUBSCRIPTION=true + # allow running with low disk space + - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 + - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 + - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m" + restart: unless-stopped + healthcheck: + test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ] + interval: 30s + timeout: 5s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - opensearch + + operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate + image: camunda/operate:${CAMUNDA_PLATFORM_VERSION} + container_name: operate + ports: + - "8081:8080" + environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ + - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - CAMUNDA_OPERATE_DATABASE=opensearch + - CAMUNDA_OPERATE_OPENSEARCH_URL=http://opensearch:9200 + - CAMUNDA_OPERATE_ZEEBEOPENSEARCH_URL=http://opensearch:9200 + - CAMUNDA_OPERATE_CSRFPREVENTIONENABLED=false + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - opensearch + + tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist + image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION} + container_name: tasklist + ports: + - "8082:8080" + environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ + - camunda.tasklist.opensearch.url=http://opensearch:9200 + - camunda.tasklist.zeebeOpensearch.url=http://opensearch:9200 + - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - CAMUNDA_TASKLIST_ZEEBE_RESTADDRESS=http://zeebe:8080 + - CAMUNDA_TASKLIST_CSRFPREVENTIONENABLED=false + - camunda.tasklist.database=opensearch + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - opensearch + + connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ + image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} + container_name: connectors + ports: + - "8085:8080" + environment: + - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500 + - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true + - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080 + - CAMUNDA_OPERATE_CLIENT_USERNAME=demo + - CAMUNDA_OPERATE_CLIENT_PASSWORD=demo + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + env_file: connector-secrets.txt + networks: + - camunda-platform + depends_on: + - zeebe + - operate + + opensearch: + image: opensearchproject/opensearch:2.16.0 + container_name: opensearch + depends_on: + - opensearch-init + environment: + - cluster.name=opensearch-cluster + - node.name=opensearch + - discovery.seed_hosts=opensearch + - plugins.security.disabled=true + - cluster.initial_cluster_manager_nodes=opensearch + - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping + - path.repo=/usr/local/os-snapshots + - "OPENSEARCH_JAVA_OPTS=-Xms1G -Xmx1G" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM + - OPENSEARCH_INITIAL_ADMIN_PASSWORD=OpenSearch_Admin1234! + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems + hard: 65536 + networks: + - camunda-platform + ports: + - "9200:9200" + - "9601:9600" # required for Performance Analyzer + volumes: + - ./os-snapshots:/usr/local/os-snapshots + +volumes: + zeebe: + +networks: + camunda-platform: \ No newline at end of file diff --git a/docker-compose-opensearch.yml b/docker-compose-opensearch.yml new file mode 100644 index 00000000..f7bdf164 --- /dev/null +++ b/docker-compose-opensearch.yml @@ -0,0 +1,400 @@ +# While the Docker images themselves are supported for production usage, +# this docker-compose.yaml is designed to be used by developers to run +# an environment locally. It is not designed to be used in production. +# We recommend to use Kubernetes in production with our Helm Charts: +# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/ +# For local development, we recommend using KIND instead of `docker-compose`: +# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/ + +# This is a full configuration with Zeebe, Operate, Tasklist, Optimize, Identity, Keycloak, and Elasticsearch +# See docker-compose-core.yml for a lightweight configuration that does not include Optimize, Identity, and Keycloak. + +services: + + # opensearch-init: + # image: bash + # privileged: true + # user: root + # command: [ "sysctl", "-w", "vm.max_map_count=262144" ] + + zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe + image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} + container_name: zeebe + ports: + - "26500:26500" + - "9600:9600" + - "8088:8080" + environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_MODE=${ZEEBE_AUTHENTICATION_MODE} + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_ISSUERBACKENDURL=http://keycloak:8080/auth/realms/camunda-platform + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_AUDIENCE=zeebe-api + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_BASEURL=http://identity:8084 + - ZEEBE_BROKER_GATEWAY_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} + - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_CLASSNAME=io.camunda.zeebe.exporter.opensearch.OpensearchExporter + - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_URL=http://opensearch:9200 + - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_BULK_SIZE=1 + # allow running with low disk space + - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 + - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 + - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m" + restart: always + healthcheck: + test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ] + interval: 30s + timeout: 5s + retries: 5 + start_period: 30s + volumes: + - zeebe:/usr/local/zeebe/data + networks: + - camunda-platform + depends_on: + - opensearch + - identity + + operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate + image: camunda/operate:${CAMUNDA_PLATFORM_VERSION} + container_name: operate + ports: + - "8081:8080" + environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ + - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_OPERATE_DATABASE=opensearch + - CAMUNDA_OPERATE_OPENSEARCH_URL=http://opensearch:9200 + - CAMUNDA_OPERATE_ZEEBEOPENSEARCH_URL=http://opensearch:9200 + # For more information regarding configuration with Identity see: + # https://docs.camunda.io/docs/self-managed/operate-deployment/authentication/#identity + - SPRING_PROFILES_ACTIVE=identity-auth + - CAMUNDA_OPERATE_IDENTITY_BASEURL=http://identity:8084 + - CAMUNDA_OPERATE_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform + - CAMUNDA_OPERATE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_OPERATE_IDENTITY_CLIENTID=operate + - CAMUNDA_OPERATE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_OPERATE_IDENTITY_AUDIENCE=operate-api + - CAMUNDA_OPERATE_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:8080/auth/realms/camunda-platform + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs + - CAMUNDA_OPERATE_IDENTITY_RESOURCEPERMISSIONSENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED} + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + volumes: + - operate_tmp:/tmp + networks: + - camunda-platform + depends_on: + - zeebe + - identity + - opensearch + + tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist + image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION} + container_name: tasklist + ports: + - "8082:8080" + environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ + - camunda.tasklist.opensearch.url=http://opensearch:9200 + - camunda.tasklist.zeebeOpensearch.url=http://opensearch:9200 + - camunda.tasklist.database=opensearch + - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - CAMUNDA_TASKLIST_ZEEBE_RESTADDRESS=http://zeebe:8080 + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_TASKLIST_OPENSEARCH_URL=http://opensearch:9200 + - CAMUNDA_TASKLIST_ZEEBEEOPENSEARCH_URL=http://opensearch:9200 + # For more information regarding configuration with Identity see: + # https://docs.camunda.io/docs/self-managed/tasklist-deployment/authentication/#identity + - SPRING_PROFILES_ACTIVE=identity-auth + - CAMUNDA_TASKLIST_IDENTITY_BASEURL=http://identity:8084 + - CAMUNDA_TASKLIST_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform + - CAMUNDA_TASKLIST_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_TASKLIST_IDENTITY_CLIENTID=tasklist + - CAMUNDA_TASKLIST_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_TASKLIST_IDENTITY_AUDIENCE=tasklist-api + - CAMUNDA_TASKLIST_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:8080/auth/realms/camunda-platform + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs + - CAMUNDA_TASKLIST_IDENTITY_RESOURCE_PERMISSIONS_ENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED} + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + volumes: + - tasklist_tmp:/tmp + networks: + - camunda-platform + depends_on: + zeebe: + condition: service_started + opensearch: + condition: service_healthy + identity: + condition: service_healthy + + connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ + image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} + container_name: connectors + ports: + - "8085:8080" + environment: + - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500 + - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080 + - CAMUNDA_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_IDENTITY_CLIENT_ID=connectors + - CAMUNDA_IDENTITY_CLIENT_SECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_IDENTITY_TYPE=KEYCLOAK + - CAMUNDA_IDENTITY_AUDIENCE=operate-api + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + env_file: connector-secrets.txt + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - operate + - identity + + optimize: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#optimize + image: camunda/optimize:${CAMUNDA_OPTIMIZE_VERSION} + container_name: optimize + ports: + - "8083:8090" + environment: # https://docs.camunda.io/docs/self-managed/optimize-deployment/setup/installation/#available-environment-variables + - CAMUNDA_OPTIMIZE_OPENSEARCH_HOST=opensearch + - CAMUNDA_OPTIMIZE_OPENSEARCH_HTTP_PORT=9200 + - CAMUNDA_OPTIMIZE_DATABASE=opensearch + - SPRING_PROFILES_ACTIVE=ccsm + - CAMUNDA_OPTIMIZE_ZEEBE_ENABLED=true + - CAMUNDA_OPTIMIZE_ENTERPRISE=false + - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform + - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTID=optimize + - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_OPTIMIZE_IDENTITY_AUDIENCE=optimize-api + - CAMUNDA_OPTIMIZE_IDENTITY_BASE_URL=http://identity:8084 + - CAMUNDA_OPTIMIZE_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} + - CAMUNDA_OPTIMIZE_SECURITY_AUTH_COOKIE_SAME_SITE_ENABLED=false + - CAMUNDA_OPTIMIZE_UI_LOGOUT_HIDDEN=true + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8090/api/readyz" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + volumes: + - "./.optimize/environment-config.yaml:/optimize/config/environment-config.yaml" + restart: on-failure + networks: + - camunda-platform + depends_on: + - identity + - opensearch + + identity: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#identity + container_name: identity + image: camunda/identity:${CAMUNDA_PLATFORM_VERSION} + ports: + - "8084:8084" + environment: # https://docs.camunda.io/docs/self-managed/identity/deployment/configuration-variables/ + SERVER_PORT: 8084 + IDENTITY_RETRY_DELAY_SECONDS: 30 + KEYCLOAK_URL: http://keycloak:8080/auth + IDENTITY_AUTH_PROVIDER_BACKEND_URL: http://keycloak:8080/auth/realms/camunda-platform + IDENTITY_DATABASE_HOST: postgres + IDENTITY_DATABASE_PORT: 5432 + IDENTITY_DATABASE_NAME: bitnami_keycloak + IDENTITY_DATABASE_USERNAME: bn_keycloak + IDENTITY_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + KEYCLOAK_INIT_OPERATE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_OPERATE_ROOT_URL: http://${HOST}:8081 + KEYCLOAK_INIT_TASKLIST_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_TASKLIST_ROOT_URL: http://${HOST}:8082 + KEYCLOAK_INIT_OPTIMIZE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_OPTIMIZE_ROOT_URL: http://${HOST}:8083 + KEYCLOAK_INIT_WEBMODELER_ROOT_URL: http://${HOST}:8070 + KEYCLOAK_INIT_CONNECTORS_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_CONNECTORS_ROOT_URL: http://${HOST}:8085 + KEYCLOAK_INIT_ZEEBE_NAME: zeebe + KEYCLOAK_USERS_0_USERNAME: "demo" + KEYCLOAK_USERS_0_PASSWORD: "demo" + KEYCLOAK_USERS_0_FIRST_NAME: "demo" + KEYCLOAK_USERS_0_EMAIL: "demo@acme.com" + KEYCLOAK_USERS_0_ROLES_0: "Identity" + KEYCLOAK_USERS_0_ROLES_1: "Optimize" + KEYCLOAK_USERS_0_ROLES_2: "Operate" + KEYCLOAK_USERS_0_ROLES_3: "Tasklist" + KEYCLOAK_USERS_0_ROLES_4: "Web Modeler" + KEYCLOAK_CLIENTS_0_NAME: zeebe + KEYCLOAK_CLIENTS_0_ID: ${ZEEBE_CLIENT_ID} + KEYCLOAK_CLIENTS_0_SECRET: ${ZEEBE_CLIENT_SECRET} + KEYCLOAK_CLIENTS_0_TYPE: M2M + KEYCLOAK_CLIENTS_0_PERMISSIONS_0_RESOURCE_SERVER_ID: zeebe-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_0_DEFINITION: write:* + KEYCLOAK_CLIENTS_0_PERMISSIONS_1_RESOURCE_SERVER_ID: operate-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_1_DEFINITION: write:* + KEYCLOAK_CLIENTS_0_PERMISSIONS_2_RESOURCE_SERVER_ID: tasklist-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_2_DEFINITION: write:* + KEYCLOAK_CLIENTS_0_PERMISSIONS_3_RESOURCE_SERVER_ID: optimize-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_3_DEFINITION: write:* + KEYCLOAK_CLIENTS_0_PERMISSIONS_4_RESOURCE_SERVER_ID: tasklist-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_4_DEFINITION: read:* + KEYCLOAK_CLIENTS_0_PERMISSIONS_5_RESOURCE_SERVER_ID: operate-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_5_DEFINITION: read:* + MULTITENANCY_ENABLED: ${MULTI_TENANCY_ENABLED} + RESOURCE_PERMISSIONS_ENABLED: ${RESOURCE_AUTHORIZATIONS_ENABLED} + healthcheck: + test: [ "CMD", "wget", "-q", "--tries=1", "--spider", "http://localhost:8082/actuator/health" ] + interval: 5s + timeout: 15s + retries: 30 + start_period: 60s + restart: on-failure + volumes: + - keycloak-theme:/app/keycloak-theme + networks: + - camunda-platform + - identity-network + depends_on: + keycloak: + condition: service_healthy + + postgres: # https://hub.docker.com/_/postgres + container_name: postgres + image: postgres:${POSTGRES_VERSION} + environment: + POSTGRES_DB: bitnami_keycloak + POSTGRES_USER: bn_keycloak + POSTGRES_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + restart: on-failure + healthcheck: + test: [ "CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ] + interval: 10s + timeout: 5s + retries: 5 + volumes: + - postgres:/var/lib/postgresql/data + networks: + - identity-network + + keycloak: # https://hub.docker.com/r/bitnami/keycloak + container_name: keycloak + image: bitnami/keycloak:${KEYCLOAK_SERVER_VERSION} + volumes: + - keycloak-theme:/opt/bitnami/keycloak/themes/identity + ports: + - "18080:8080" + environment: + KEYCLOAK_HTTP_RELATIVE_PATH: /auth + KEYCLOAK_DATABASE_HOST: postgres + KEYCLOAK_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + KEYCLOAK_ADMIN_USER: admin + KEYCLOAK_ADMIN_PASSWORD: admin + restart: on-failure + healthcheck: + test: [ "CMD", "curl", "-f", "http://localhost:8080/auth" ] + interval: 30s + timeout: 15s + retries: 5 + start_period: 30s + networks: + - camunda-platform + - identity-network + depends_on: + - postgres + + opensearch: + image: opensearchproject/opensearch:2.16.0 + container_name: opensearch + # depends_on: + # - opensearch-init + environment: + - cluster.name=opensearch-cluster + - node.name=opensearch + - discovery.seed_hosts=opensearch + - plugins.security.disabled=true + - cluster.initial_cluster_manager_nodes=opensearch + - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping + - path.repo=/usr/local/os-snapshots + - "OPENSEARCH_JAVA_OPTS=-Xms1G -Xmx1G" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM + - OPENSEARCH_INITIAL_ADMIN_PASSWORD=OpenSearch_Admin1234! + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + ports: + - "9200:9200" + - "9601:9600" + restart: always + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ] + interval: 30s + timeout: 240s + retries: 3 + volumes: + # - opensearch-data:/usr/share/opensearch/data + - ./os-snapshots:/usr/local/os-snapshots + networks: + - camunda-platform + + kibana: + image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION} + container_name: kibana + ports: + - 5601:5601 + volumes: + - kibana:/usr/share/kibana/data + networks: + - camunda-platform + depends_on: + - opensearch + profiles: + - kibana + +volumes: + zeebe: + opensearch-data: + postgres: + keycloak-theme: + kibana: + operate_tmp: + tasklist_tmp: + +networks: + # Note there are two bridge networks: One for Camunda Platform and one for Identity. + # Identity and Keycloak are part of both as they need to be accessible by platform components. + camunda-platform: + identity-network: From 5a7c2c2efea1a36a478c4d8b875d2bacbbf85745 Mon Sep 17 00:00:00 2001 From: Yevhen Podlyzhnyi Date: Fri, 9 Aug 2024 16:22:19 +0300 Subject: [PATCH 02/11] added missed new line --- docker-compose-core-opensearch.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose-core-opensearch.yaml b/docker-compose-core-opensearch.yaml index e8a84885..c83fa66c 100644 --- a/docker-compose-core-opensearch.yaml +++ b/docker-compose-core-opensearch.yaml @@ -146,4 +146,4 @@ volumes: zeebe: networks: - camunda-platform: \ No newline at end of file + camunda-platform: From 8cd1e0f96cc66ff7ea16ad762c636335f473ddc5 Mon Sep 17 00:00:00 2001 From: Yevhen Podlyzhnyi Date: Fri, 9 Aug 2024 13:48:59 +0300 Subject: [PATCH 03/11] chore: added docker-compose example with OpenSearch - core - camunda platform --- docker-compose-core-opensearch.yaml | 149 +++++++++++ docker-compose-opensearch.yml | 400 ++++++++++++++++++++++++++++ 2 files changed, 549 insertions(+) create mode 100644 docker-compose-core-opensearch.yaml create mode 100644 docker-compose-opensearch.yml diff --git a/docker-compose-core-opensearch.yaml b/docker-compose-core-opensearch.yaml new file mode 100644 index 00000000..c83fa66c --- /dev/null +++ b/docker-compose-core-opensearch.yaml @@ -0,0 +1,149 @@ +services: + + opensearch-init: + image: bash + privileged: true + user: root + command: [ "sysctl", "-w", "vm.max_map_count=262144" ] + + zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe + image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} + container_name: zeebe + ports: + - "26500:26500" + - "9600:9600" + - "8088:8080" + environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ + - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_CLASSNAME=io.camunda.zeebe.exporter.opensearch.OpensearchExporter + - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_INDEX_DEPLOYMENT=false + - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_URL=http://opensearch:9200 + - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_BULK_SIZE=1 + - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_INDEX_PROCESSMESSAGESUBSCRIPTION=true + # allow running with low disk space + - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 + - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 + - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m" + restart: unless-stopped + healthcheck: + test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ] + interval: 30s + timeout: 5s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - opensearch + + operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate + image: camunda/operate:${CAMUNDA_PLATFORM_VERSION} + container_name: operate + ports: + - "8081:8080" + environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ + - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - CAMUNDA_OPERATE_DATABASE=opensearch + - CAMUNDA_OPERATE_OPENSEARCH_URL=http://opensearch:9200 + - CAMUNDA_OPERATE_ZEEBEOPENSEARCH_URL=http://opensearch:9200 + - CAMUNDA_OPERATE_CSRFPREVENTIONENABLED=false + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - opensearch + + tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist + image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION} + container_name: tasklist + ports: + - "8082:8080" + environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ + - camunda.tasklist.opensearch.url=http://opensearch:9200 + - camunda.tasklist.zeebeOpensearch.url=http://opensearch:9200 + - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - CAMUNDA_TASKLIST_ZEEBE_RESTADDRESS=http://zeebe:8080 + - CAMUNDA_TASKLIST_CSRFPREVENTIONENABLED=false + - camunda.tasklist.database=opensearch + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - opensearch + + connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ + image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} + container_name: connectors + ports: + - "8085:8080" + environment: + - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500 + - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true + - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080 + - CAMUNDA_OPERATE_CLIENT_USERNAME=demo + - CAMUNDA_OPERATE_CLIENT_PASSWORD=demo + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + env_file: connector-secrets.txt + networks: + - camunda-platform + depends_on: + - zeebe + - operate + + opensearch: + image: opensearchproject/opensearch:2.16.0 + container_name: opensearch + depends_on: + - opensearch-init + environment: + - cluster.name=opensearch-cluster + - node.name=opensearch + - discovery.seed_hosts=opensearch + - plugins.security.disabled=true + - cluster.initial_cluster_manager_nodes=opensearch + - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping + - path.repo=/usr/local/os-snapshots + - "OPENSEARCH_JAVA_OPTS=-Xms1G -Xmx1G" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM + - OPENSEARCH_INITIAL_ADMIN_PASSWORD=OpenSearch_Admin1234! + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems + hard: 65536 + networks: + - camunda-platform + ports: + - "9200:9200" + - "9601:9600" # required for Performance Analyzer + volumes: + - ./os-snapshots:/usr/local/os-snapshots + +volumes: + zeebe: + +networks: + camunda-platform: diff --git a/docker-compose-opensearch.yml b/docker-compose-opensearch.yml new file mode 100644 index 00000000..f7bdf164 --- /dev/null +++ b/docker-compose-opensearch.yml @@ -0,0 +1,400 @@ +# While the Docker images themselves are supported for production usage, +# this docker-compose.yaml is designed to be used by developers to run +# an environment locally. It is not designed to be used in production. +# We recommend to use Kubernetes in production with our Helm Charts: +# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/ +# For local development, we recommend using KIND instead of `docker-compose`: +# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/ + +# This is a full configuration with Zeebe, Operate, Tasklist, Optimize, Identity, Keycloak, and Elasticsearch +# See docker-compose-core.yml for a lightweight configuration that does not include Optimize, Identity, and Keycloak. + +services: + + # opensearch-init: + # image: bash + # privileged: true + # user: root + # command: [ "sysctl", "-w", "vm.max_map_count=262144" ] + + zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe + image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} + container_name: zeebe + ports: + - "26500:26500" + - "9600:9600" + - "8088:8080" + environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_MODE=${ZEEBE_AUTHENTICATION_MODE} + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_ISSUERBACKENDURL=http://keycloak:8080/auth/realms/camunda-platform + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_AUDIENCE=zeebe-api + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_BASEURL=http://identity:8084 + - ZEEBE_BROKER_GATEWAY_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} + - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_CLASSNAME=io.camunda.zeebe.exporter.opensearch.OpensearchExporter + - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_URL=http://opensearch:9200 + - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_BULK_SIZE=1 + # allow running with low disk space + - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 + - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 + - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m" + restart: always + healthcheck: + test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ] + interval: 30s + timeout: 5s + retries: 5 + start_period: 30s + volumes: + - zeebe:/usr/local/zeebe/data + networks: + - camunda-platform + depends_on: + - opensearch + - identity + + operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate + image: camunda/operate:${CAMUNDA_PLATFORM_VERSION} + container_name: operate + ports: + - "8081:8080" + environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ + - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_OPERATE_DATABASE=opensearch + - CAMUNDA_OPERATE_OPENSEARCH_URL=http://opensearch:9200 + - CAMUNDA_OPERATE_ZEEBEOPENSEARCH_URL=http://opensearch:9200 + # For more information regarding configuration with Identity see: + # https://docs.camunda.io/docs/self-managed/operate-deployment/authentication/#identity + - SPRING_PROFILES_ACTIVE=identity-auth + - CAMUNDA_OPERATE_IDENTITY_BASEURL=http://identity:8084 + - CAMUNDA_OPERATE_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform + - CAMUNDA_OPERATE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_OPERATE_IDENTITY_CLIENTID=operate + - CAMUNDA_OPERATE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_OPERATE_IDENTITY_AUDIENCE=operate-api + - CAMUNDA_OPERATE_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:8080/auth/realms/camunda-platform + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs + - CAMUNDA_OPERATE_IDENTITY_RESOURCEPERMISSIONSENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED} + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + volumes: + - operate_tmp:/tmp + networks: + - camunda-platform + depends_on: + - zeebe + - identity + - opensearch + + tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist + image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION} + container_name: tasklist + ports: + - "8082:8080" + environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ + - camunda.tasklist.opensearch.url=http://opensearch:9200 + - camunda.tasklist.zeebeOpensearch.url=http://opensearch:9200 + - camunda.tasklist.database=opensearch + - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - CAMUNDA_TASKLIST_ZEEBE_RESTADDRESS=http://zeebe:8080 + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_TASKLIST_OPENSEARCH_URL=http://opensearch:9200 + - CAMUNDA_TASKLIST_ZEEBEEOPENSEARCH_URL=http://opensearch:9200 + # For more information regarding configuration with Identity see: + # https://docs.camunda.io/docs/self-managed/tasklist-deployment/authentication/#identity + - SPRING_PROFILES_ACTIVE=identity-auth + - CAMUNDA_TASKLIST_IDENTITY_BASEURL=http://identity:8084 + - CAMUNDA_TASKLIST_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform + - CAMUNDA_TASKLIST_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_TASKLIST_IDENTITY_CLIENTID=tasklist + - CAMUNDA_TASKLIST_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_TASKLIST_IDENTITY_AUDIENCE=tasklist-api + - CAMUNDA_TASKLIST_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:8080/auth/realms/camunda-platform + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs + - CAMUNDA_TASKLIST_IDENTITY_RESOURCE_PERMISSIONS_ENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED} + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + volumes: + - tasklist_tmp:/tmp + networks: + - camunda-platform + depends_on: + zeebe: + condition: service_started + opensearch: + condition: service_healthy + identity: + condition: service_healthy + + connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ + image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} + container_name: connectors + ports: + - "8085:8080" + environment: + - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500 + - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080 + - CAMUNDA_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_IDENTITY_CLIENT_ID=connectors + - CAMUNDA_IDENTITY_CLIENT_SECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_IDENTITY_TYPE=KEYCLOAK + - CAMUNDA_IDENTITY_AUDIENCE=operate-api + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + env_file: connector-secrets.txt + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - operate + - identity + + optimize: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#optimize + image: camunda/optimize:${CAMUNDA_OPTIMIZE_VERSION} + container_name: optimize + ports: + - "8083:8090" + environment: # https://docs.camunda.io/docs/self-managed/optimize-deployment/setup/installation/#available-environment-variables + - CAMUNDA_OPTIMIZE_OPENSEARCH_HOST=opensearch + - CAMUNDA_OPTIMIZE_OPENSEARCH_HTTP_PORT=9200 + - CAMUNDA_OPTIMIZE_DATABASE=opensearch + - SPRING_PROFILES_ACTIVE=ccsm + - CAMUNDA_OPTIMIZE_ZEEBE_ENABLED=true + - CAMUNDA_OPTIMIZE_ENTERPRISE=false + - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform + - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTID=optimize + - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_OPTIMIZE_IDENTITY_AUDIENCE=optimize-api + - CAMUNDA_OPTIMIZE_IDENTITY_BASE_URL=http://identity:8084 + - CAMUNDA_OPTIMIZE_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} + - CAMUNDA_OPTIMIZE_SECURITY_AUTH_COOKIE_SAME_SITE_ENABLED=false + - CAMUNDA_OPTIMIZE_UI_LOGOUT_HIDDEN=true + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8090/api/readyz" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + volumes: + - "./.optimize/environment-config.yaml:/optimize/config/environment-config.yaml" + restart: on-failure + networks: + - camunda-platform + depends_on: + - identity + - opensearch + + identity: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#identity + container_name: identity + image: camunda/identity:${CAMUNDA_PLATFORM_VERSION} + ports: + - "8084:8084" + environment: # https://docs.camunda.io/docs/self-managed/identity/deployment/configuration-variables/ + SERVER_PORT: 8084 + IDENTITY_RETRY_DELAY_SECONDS: 30 + KEYCLOAK_URL: http://keycloak:8080/auth + IDENTITY_AUTH_PROVIDER_BACKEND_URL: http://keycloak:8080/auth/realms/camunda-platform + IDENTITY_DATABASE_HOST: postgres + IDENTITY_DATABASE_PORT: 5432 + IDENTITY_DATABASE_NAME: bitnami_keycloak + IDENTITY_DATABASE_USERNAME: bn_keycloak + IDENTITY_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + KEYCLOAK_INIT_OPERATE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_OPERATE_ROOT_URL: http://${HOST}:8081 + KEYCLOAK_INIT_TASKLIST_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_TASKLIST_ROOT_URL: http://${HOST}:8082 + KEYCLOAK_INIT_OPTIMIZE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_OPTIMIZE_ROOT_URL: http://${HOST}:8083 + KEYCLOAK_INIT_WEBMODELER_ROOT_URL: http://${HOST}:8070 + KEYCLOAK_INIT_CONNECTORS_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_CONNECTORS_ROOT_URL: http://${HOST}:8085 + KEYCLOAK_INIT_ZEEBE_NAME: zeebe + KEYCLOAK_USERS_0_USERNAME: "demo" + KEYCLOAK_USERS_0_PASSWORD: "demo" + KEYCLOAK_USERS_0_FIRST_NAME: "demo" + KEYCLOAK_USERS_0_EMAIL: "demo@acme.com" + KEYCLOAK_USERS_0_ROLES_0: "Identity" + KEYCLOAK_USERS_0_ROLES_1: "Optimize" + KEYCLOAK_USERS_0_ROLES_2: "Operate" + KEYCLOAK_USERS_0_ROLES_3: "Tasklist" + KEYCLOAK_USERS_0_ROLES_4: "Web Modeler" + KEYCLOAK_CLIENTS_0_NAME: zeebe + KEYCLOAK_CLIENTS_0_ID: ${ZEEBE_CLIENT_ID} + KEYCLOAK_CLIENTS_0_SECRET: ${ZEEBE_CLIENT_SECRET} + KEYCLOAK_CLIENTS_0_TYPE: M2M + KEYCLOAK_CLIENTS_0_PERMISSIONS_0_RESOURCE_SERVER_ID: zeebe-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_0_DEFINITION: write:* + KEYCLOAK_CLIENTS_0_PERMISSIONS_1_RESOURCE_SERVER_ID: operate-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_1_DEFINITION: write:* + KEYCLOAK_CLIENTS_0_PERMISSIONS_2_RESOURCE_SERVER_ID: tasklist-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_2_DEFINITION: write:* + KEYCLOAK_CLIENTS_0_PERMISSIONS_3_RESOURCE_SERVER_ID: optimize-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_3_DEFINITION: write:* + KEYCLOAK_CLIENTS_0_PERMISSIONS_4_RESOURCE_SERVER_ID: tasklist-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_4_DEFINITION: read:* + KEYCLOAK_CLIENTS_0_PERMISSIONS_5_RESOURCE_SERVER_ID: operate-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_5_DEFINITION: read:* + MULTITENANCY_ENABLED: ${MULTI_TENANCY_ENABLED} + RESOURCE_PERMISSIONS_ENABLED: ${RESOURCE_AUTHORIZATIONS_ENABLED} + healthcheck: + test: [ "CMD", "wget", "-q", "--tries=1", "--spider", "http://localhost:8082/actuator/health" ] + interval: 5s + timeout: 15s + retries: 30 + start_period: 60s + restart: on-failure + volumes: + - keycloak-theme:/app/keycloak-theme + networks: + - camunda-platform + - identity-network + depends_on: + keycloak: + condition: service_healthy + + postgres: # https://hub.docker.com/_/postgres + container_name: postgres + image: postgres:${POSTGRES_VERSION} + environment: + POSTGRES_DB: bitnami_keycloak + POSTGRES_USER: bn_keycloak + POSTGRES_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + restart: on-failure + healthcheck: + test: [ "CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ] + interval: 10s + timeout: 5s + retries: 5 + volumes: + - postgres:/var/lib/postgresql/data + networks: + - identity-network + + keycloak: # https://hub.docker.com/r/bitnami/keycloak + container_name: keycloak + image: bitnami/keycloak:${KEYCLOAK_SERVER_VERSION} + volumes: + - keycloak-theme:/opt/bitnami/keycloak/themes/identity + ports: + - "18080:8080" + environment: + KEYCLOAK_HTTP_RELATIVE_PATH: /auth + KEYCLOAK_DATABASE_HOST: postgres + KEYCLOAK_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + KEYCLOAK_ADMIN_USER: admin + KEYCLOAK_ADMIN_PASSWORD: admin + restart: on-failure + healthcheck: + test: [ "CMD", "curl", "-f", "http://localhost:8080/auth" ] + interval: 30s + timeout: 15s + retries: 5 + start_period: 30s + networks: + - camunda-platform + - identity-network + depends_on: + - postgres + + opensearch: + image: opensearchproject/opensearch:2.16.0 + container_name: opensearch + # depends_on: + # - opensearch-init + environment: + - cluster.name=opensearch-cluster + - node.name=opensearch + - discovery.seed_hosts=opensearch + - plugins.security.disabled=true + - cluster.initial_cluster_manager_nodes=opensearch + - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping + - path.repo=/usr/local/os-snapshots + - "OPENSEARCH_JAVA_OPTS=-Xms1G -Xmx1G" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM + - OPENSEARCH_INITIAL_ADMIN_PASSWORD=OpenSearch_Admin1234! + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + ports: + - "9200:9200" + - "9601:9600" + restart: always + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ] + interval: 30s + timeout: 240s + retries: 3 + volumes: + # - opensearch-data:/usr/share/opensearch/data + - ./os-snapshots:/usr/local/os-snapshots + networks: + - camunda-platform + + kibana: + image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION} + container_name: kibana + ports: + - 5601:5601 + volumes: + - kibana:/usr/share/kibana/data + networks: + - camunda-platform + depends_on: + - opensearch + profiles: + - kibana + +volumes: + zeebe: + opensearch-data: + postgres: + keycloak-theme: + kibana: + operate_tmp: + tasklist_tmp: + +networks: + # Note there are two bridge networks: One for Camunda Platform and one for Identity. + # Identity and Keycloak are part of both as they need to be accessible by platform components. + camunda-platform: + identity-network: From f510c62e5b9ae4ade9f2d6e991dbd29b52594958 Mon Sep 17 00:00:00 2001 From: Igor Petrov Date: Thu, 15 Aug 2024 20:24:19 +0300 Subject: [PATCH 04/11] chore: renamed OS files --- .env | 2 ++ ...-core-opensearch.yaml => docker-compose-core.opensearch.yaml | 2 +- docker-compose-opensearch.yml => docker-compose.opensearch.yml | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) rename docker-compose-core-opensearch.yaml => docker-compose-core.opensearch.yaml (98%) rename docker-compose-opensearch.yml => docker-compose.opensearch.yml (99%) diff --git a/.env b/.env index 699be329..a42daf0c 100644 --- a/.env +++ b/.env @@ -21,6 +21,8 @@ CAMUNDA_OPTIMIZE_VERSION=8.5.4 CAMUNDA_WEB_MODELER_VERSION=8.5.6 # renovate: datasource=docker depName=elasticsearch ELASTIC_VERSION=8.15.0 +# renovate: datasource=docker depName=opensearch +OPENSEARCH_VERSION=2.16.0 KEYCLOAK_SERVER_VERSION=21.1.2 # renovate: datasource=docker depName=axllent/mailpit MAILPIT_VERSION=v1.20.1 diff --git a/docker-compose-core-opensearch.yaml b/docker-compose-core.opensearch.yaml similarity index 98% rename from docker-compose-core-opensearch.yaml rename to docker-compose-core.opensearch.yaml index c83fa66c..282ceadb 100644 --- a/docker-compose-core-opensearch.yaml +++ b/docker-compose-core.opensearch.yaml @@ -113,7 +113,7 @@ services: - operate opensearch: - image: opensearchproject/opensearch:2.16.0 + image: opensearchproject/opensearch:${OPENSEARCH_VERSION} container_name: opensearch depends_on: - opensearch-init diff --git a/docker-compose-opensearch.yml b/docker-compose.opensearch.yml similarity index 99% rename from docker-compose-opensearch.yml rename to docker-compose.opensearch.yml index f7bdf164..78b77d9f 100644 --- a/docker-compose-opensearch.yml +++ b/docker-compose.opensearch.yml @@ -334,7 +334,7 @@ services: - postgres opensearch: - image: opensearchproject/opensearch:2.16.0 + image: opensearchproject/opensearch:${OPENSEARCH_VERSION} container_name: opensearch # depends_on: # - opensearch-init From 8ebc2295195a3fc52cc26c1a930d0982e22ebc7f Mon Sep 17 00:00:00 2001 From: Igor Petrov Date: Thu, 15 Aug 2024 20:31:36 +0300 Subject: [PATCH 05/11] chore: added OS test flows --- .github/workflows/test-core-opensearch.yaml | 12 ++++++++++++ .github/workflows/test-default.opensearch.yaml | 12 ++++++++++++ .github/workflows/test-modeler.opensearch.yaml | 12 ++++++++++++ docker-compose-core.opensearch.yaml | 15 +++++++++++++-- ...ensearch.yml => docker-compose.opensearch.yaml | 8 ++++---- 5 files changed, 53 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/test-core-opensearch.yaml create mode 100644 .github/workflows/test-default.opensearch.yaml create mode 100644 .github/workflows/test-modeler.opensearch.yaml rename docker-compose.opensearch.yml => docker-compose.opensearch.yaml (98%) diff --git a/.github/workflows/test-core-opensearch.yaml b/.github/workflows/test-core-opensearch.yaml new file mode 100644 index 00000000..111d639f --- /dev/null +++ b/.github/workflows/test-core-opensearch.yaml @@ -0,0 +1,12 @@ +name: "Test docker-compose-core.opensearch.yaml" +on: + push: + branches: + - "**" +jobs: + test_core: + uses: ./.github/workflows/template-deploy.yaml + secrets: inherit + with: + compose_args: "-f docker-compose-core.opensearch.yaml" + run_e2e_tests: false \ No newline at end of file diff --git a/.github/workflows/test-default.opensearch.yaml b/.github/workflows/test-default.opensearch.yaml new file mode 100644 index 00000000..5ea5debc --- /dev/null +++ b/.github/workflows/test-default.opensearch.yaml @@ -0,0 +1,12 @@ +name: "Test docker-compose.opensearch.yaml" +on: + push: + branches: + - "**" +jobs: + test_docker_compose_yaml: + uses: ./.github/workflows/template-deploy.yaml + secrets: inherit + with: + compose_args: "-f docker-compose.opensearch.yaml" + run_e2e_tests: false \ No newline at end of file diff --git a/.github/workflows/test-modeler.opensearch.yaml b/.github/workflows/test-modeler.opensearch.yaml new file mode 100644 index 00000000..326dce2b --- /dev/null +++ b/.github/workflows/test-modeler.opensearch.yaml @@ -0,0 +1,12 @@ +name: "Test docker-compose-web-modeler.yaml with OpenSearch" +on: + push: + branches: + - "**" +jobs: + test_modeler_yaml: + uses: ./.github/workflows/template-deploy.yaml + secrets: inherit + with: + compose_args: "-f docker-compose.opensearch.yaml -f docker-compose-web-modeler.yaml" + run_e2e_tests: true \ No newline at end of file diff --git a/docker-compose-core.opensearch.yaml b/docker-compose-core.opensearch.yaml index 282ceadb..7f8c0169 100644 --- a/docker-compose-core.opensearch.yaml +++ b/docker-compose-core.opensearch.yaml @@ -1,3 +1,14 @@ +# While the Docker images themselves are supported for production usage, +# this docker-compose.yaml is designed to be used by developers to run +# an environment locally. It is not designed to be used in production. +# We recommend to use Kubernetes in production with our Helm Charts: +# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/ +# For local development, we recommend using KIND instead of `docker-compose`: +# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/ + +# This is a lightweight configuration with Zeebe, Operate, Tasklist, and OpenSearch +# See docker-compose.yml for a configuration that also includes Optimize, Identity, and Keycloak. + services: opensearch-init: @@ -36,7 +47,7 @@ services: - opensearch operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate - image: camunda/operate:${CAMUNDA_PLATFORM_VERSION} + image: camunda/operate:${CAMUNDA_OPERATE_VERSION} container_name: operate ports: - "8081:8080" @@ -61,7 +72,7 @@ services: - opensearch tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist - image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION} + image: camunda/tasklist:${CAMUNDA_TASKLIST_VERSION} container_name: tasklist ports: - "8082:8080" diff --git a/docker-compose.opensearch.yml b/docker-compose.opensearch.yaml similarity index 98% rename from docker-compose.opensearch.yml rename to docker-compose.opensearch.yaml index 78b77d9f..7f7aa238 100644 --- a/docker-compose.opensearch.yml +++ b/docker-compose.opensearch.yaml @@ -6,7 +6,7 @@ # For local development, we recommend using KIND instead of `docker-compose`: # https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/ -# This is a full configuration with Zeebe, Operate, Tasklist, Optimize, Identity, Keycloak, and Elasticsearch +# This is a full configuration with Zeebe, Operate, Tasklist, Optimize, Identity, Keycloak, and OpenSearch # See docker-compose-core.yml for a lightweight configuration that does not include Optimize, Identity, and Keycloak. services: @@ -53,7 +53,7 @@ services: - identity operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate - image: camunda/operate:${CAMUNDA_PLATFORM_VERSION} + image: camunda/operate:${CAMUNDA_OPERATE_VERSION} container_name: operate ports: - "8081:8080" @@ -98,7 +98,7 @@ services: - opensearch tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist - image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION} + image: camunda/tasklist:${CAMUNDA_TASKLIST_VERSION} container_name: tasklist ports: - "8082:8080" @@ -223,7 +223,7 @@ services: identity: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#identity container_name: identity - image: camunda/identity:${CAMUNDA_PLATFORM_VERSION} + image: camunda/identity:${CAMUNDA_IDENTITY_VERSION} ports: - "8084:8084" environment: # https://docs.camunda.io/docs/self-managed/identity/deployment/configuration-variables/ From ed78e980921c471b7d84e92960d5bd644feb05ba Mon Sep 17 00:00:00 2001 From: Yevhen Podlyzhnyi Date: Wed, 21 Aug 2024 10:14:24 +0300 Subject: [PATCH 06/11] added recommended config - health check workaround --- .env | 2 ++ docker-compose.opensearch.yaml | 25 +++++++++++++------------ 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/.env b/.env index 642ae0ea..ef5ccc16 100644 --- a/.env +++ b/.env @@ -46,3 +46,5 @@ RESOURCE_AUTHORIZATIONS_ENABLED=false # ZEEBE_AUTHENTICATION_MODE=identity # MULTI_TENANCY_ENABLED=false + +OPENSEARCH_INITIAL_ADMIN_PASSWORD=OpenSearch_Admin1234! diff --git a/docker-compose.opensearch.yaml b/docker-compose.opensearch.yaml index 7f7aa238..d3c95cdd 100644 --- a/docker-compose.opensearch.yaml +++ b/docker-compose.opensearch.yaml @@ -11,11 +11,11 @@ services: - # opensearch-init: - # image: bash - # privileged: true - # user: root - # command: [ "sysctl", "-w", "vm.max_map_count=262144" ] + opensearch-init: # recommended config https://opensearch.org/docs/1.1/opensearch/install/important-settings/ + image: bash + privileged: true + user: root + command: [ "sysctl", "-w", "vm.max_map_count=262144" ] zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} @@ -336,8 +336,8 @@ services: opensearch: image: opensearchproject/opensearch:${OPENSEARCH_VERSION} container_name: opensearch - # depends_on: - # - opensearch-init + depends_on: + - opensearch-init environment: - cluster.name=opensearch-cluster - node.name=opensearch @@ -347,7 +347,7 @@ services: - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping - path.repo=/usr/local/os-snapshots - "OPENSEARCH_JAVA_OPTS=-Xms1G -Xmx1G" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM - - OPENSEARCH_INITIAL_ADMIN_PASSWORD=OpenSearch_Admin1234! + - OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_INITIAL_ADMIN_PASSWORD} ulimits: memlock: soft: -1 @@ -360,10 +360,11 @@ services: - "9601:9600" restart: always healthcheck: - test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ] - interval: 30s - timeout: 240s - retries: 3 + # test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cluster/health?wait_for_status=yellow&timeout=60s | grep -q green" ] + test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cluster/health?wait_for_status=yellow | grep -q -E 'yellow|green'" ] + interval: 60s + timeout: 30s + retries: 5 volumes: # - opensearch-data:/usr/share/opensearch/data - ./os-snapshots:/usr/local/os-snapshots From 75545208745d5a59bbc54bc936e6c958ba232611 Mon Sep 17 00:00:00 2001 From: Yevhen Podluzhnyi Date: Mon, 9 Sep 2024 18:02:56 +0300 Subject: [PATCH 07/11] feat: opensearch improvement. unified compose files (#851) * initial unified compose file * removed ssl * remove healthcheck * removed test data * fix: core changes - added .env configs - removed sh file - unified docker-compose.yml and docker-compose-core.yml * fix: core changes - added recommended config - removed ssl - added .env configs - removed sh file - unified docker-compose.yml and docker-compose-core.yml --------- Co-authored-by: Yevhen Podluzhnyi --- .env | 5 + .env.elasticsearch | 9 + .env.elasticsearch.core | 7 + .env.opensearch | 8 + .env.opensearch.core | 11 + docker-compose-core-opensearch.yaml | 149 ----------- docker-compose-core.opensearch.yaml | 160 ----------- docker-compose-core.yaml | 72 ++++- docker-compose-opensearch.yml | 400 --------------------------- docker-compose.opensearch.yaml | 401 ---------------------------- docker-compose.yaml | 80 ++++-- 11 files changed, 165 insertions(+), 1137 deletions(-) create mode 100644 .env.elasticsearch create mode 100644 .env.elasticsearch.core create mode 100644 .env.opensearch create mode 100644 .env.opensearch.core delete mode 100644 docker-compose-core-opensearch.yaml delete mode 100644 docker-compose-core.opensearch.yaml delete mode 100644 docker-compose-opensearch.yml delete mode 100644 docker-compose.opensearch.yaml diff --git a/.env b/.env index ef5ccc16..cb606415 100644 --- a/.env +++ b/.env @@ -23,6 +23,7 @@ CAMUNDA_WEB_MODELER_VERSION=8.5.6 ELASTIC_VERSION=8.15.0 # renovate: datasource=docker depName=opensearch OPENSEARCH_VERSION=2.16.0 + KEYCLOAK_SERVER_VERSION=21.1.2 # renovate: datasource=docker depName=axllent/mailpit MAILPIT_VERSION=v1.20.2 @@ -48,3 +49,7 @@ RESOURCE_AUTHORIZATIONS_ENABLED=false MULTI_TENANCY_ENABLED=false OPENSEARCH_INITIAL_ADMIN_PASSWORD=OpenSearch_Admin1234! + +# search engine app: opensearch or elasticsearch +XSEARCH=elasticsearch +# XSEARCH=opensearch diff --git a/.env.elasticsearch b/.env.elasticsearch new file mode 100644 index 00000000..6f659783 --- /dev/null +++ b/.env.elasticsearch @@ -0,0 +1,9 @@ +ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter +ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200 +CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200 +CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 +OPTIMIZE_ELASTICSEARCH_HOST=elasticsearch +OPTIMIZE_ELASTICSEARCH_HTTP_PORT=9200 +CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200 +CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 +ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 diff --git a/.env.elasticsearch.core b/.env.elasticsearch.core new file mode 100644 index 00000000..7e675b3c --- /dev/null +++ b/.env.elasticsearch.core @@ -0,0 +1,7 @@ +ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter +ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200 +ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 +CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200 +CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 +CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200 +CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 diff --git a/.env.opensearch b/.env.opensearch new file mode 100644 index 00000000..077d73b9 --- /dev/null +++ b/.env.opensearch @@ -0,0 +1,8 @@ +CAMUNDA_OPERATE_DATABASE=opensearch +ZEEBE_BROKER_EXPORTERS_OPENSEARCH_CLASSNAME=io.camunda.zeebe.exporter.opensearch.OpensearchExporter +ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_URL=http://opensearch:9200 +ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_BULK_SIZE=1 +CAMUNDA_OPERATE_OPENSEARCH_URL=http://opensearch:9200 +CAMUNDA_OPERATE_ZEEBEOPENSEARCH_URL=http://opensearch:9200 +CAMUNDA_TASKLIST_OPENSEARCH_URL=http://opensearch:9200 +CAMUNDA_TASKLIST_ZEEBEEOPENSEARCH_URL=http://opensearch:9200 diff --git a/.env.opensearch.core b/.env.opensearch.core new file mode 100644 index 00000000..b3987e44 --- /dev/null +++ b/.env.opensearch.core @@ -0,0 +1,11 @@ +camunda.tasklist.opensearch.url=http://opensearch:9200 +camunda.tasklist.zeebeOpensearch.url=http://opensearch:9200 +camunda.tasklist.database=opensearch +CAMUNDA_OPERATE_DATABASE=opensearch +CAMUNDA_OPERATE_OPENSEARCH_URL=http://opensearch:9200 +CAMUNDA_OPERATE_ZEEBEOPENSEARCH_URL=http://opensearch:9200 +ZEEBE_BROKER_EXPORTERS_OPENSEARCH_CLASSNAME=io.camunda.zeebe.exporter.opensearch.OpensearchExporter +ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_INDEX_DEPLOYMENT=false +ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_URL=http://opensearch:9200 +ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_BULK_SIZE=1 +ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_INDEX_PROCESSMESSAGESUBSCRIPTION=true diff --git a/docker-compose-core-opensearch.yaml b/docker-compose-core-opensearch.yaml deleted file mode 100644 index c83fa66c..00000000 --- a/docker-compose-core-opensearch.yaml +++ /dev/null @@ -1,149 +0,0 @@ -services: - - opensearch-init: - image: bash - privileged: true - user: root - command: [ "sysctl", "-w", "vm.max_map_count=262144" ] - - zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe - image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} - container_name: zeebe - ports: - - "26500:26500" - - "9600:9600" - - "8088:8080" - environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ - - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_CLASSNAME=io.camunda.zeebe.exporter.opensearch.OpensearchExporter - - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_INDEX_DEPLOYMENT=false - - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_URL=http://opensearch:9200 - - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_BULK_SIZE=1 - - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_INDEX_PROCESSMESSAGESUBSCRIPTION=true - # allow running with low disk space - - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 - - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 - - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m" - restart: unless-stopped - healthcheck: - test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ] - interval: 30s - timeout: 5s - retries: 5 - start_period: 30s - networks: - - camunda-platform - depends_on: - - opensearch - - operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate - image: camunda/operate:${CAMUNDA_PLATFORM_VERSION} - container_name: operate - ports: - - "8081:8080" - environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ - - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 - - CAMUNDA_OPERATE_DATABASE=opensearch - - CAMUNDA_OPERATE_OPENSEARCH_URL=http://opensearch:9200 - - CAMUNDA_OPERATE_ZEEBEOPENSEARCH_URL=http://opensearch:9200 - - CAMUNDA_OPERATE_CSRFPREVENTIONENABLED=false - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - healthcheck: - test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - networks: - - camunda-platform - depends_on: - - zeebe - - opensearch - - tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist - image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION} - container_name: tasklist - ports: - - "8082:8080" - environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ - - camunda.tasklist.opensearch.url=http://opensearch:9200 - - camunda.tasklist.zeebeOpensearch.url=http://opensearch:9200 - - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 - - CAMUNDA_TASKLIST_ZEEBE_RESTADDRESS=http://zeebe:8080 - - CAMUNDA_TASKLIST_CSRFPREVENTIONENABLED=false - - camunda.tasklist.database=opensearch - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - healthcheck: - test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - networks: - - camunda-platform - depends_on: - - zeebe - - opensearch - - connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ - image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} - container_name: connectors - ports: - - "8085:8080" - environment: - - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500 - - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true - - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080 - - CAMUNDA_OPERATE_CLIENT_USERNAME=demo - - CAMUNDA_OPERATE_CLIENT_PASSWORD=demo - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - healthcheck: - test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - env_file: connector-secrets.txt - networks: - - camunda-platform - depends_on: - - zeebe - - operate - - opensearch: - image: opensearchproject/opensearch:2.16.0 - container_name: opensearch - depends_on: - - opensearch-init - environment: - - cluster.name=opensearch-cluster - - node.name=opensearch - - discovery.seed_hosts=opensearch - - plugins.security.disabled=true - - cluster.initial_cluster_manager_nodes=opensearch - - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping - - path.repo=/usr/local/os-snapshots - - "OPENSEARCH_JAVA_OPTS=-Xms1G -Xmx1G" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM - - OPENSEARCH_INITIAL_ADMIN_PASSWORD=OpenSearch_Admin1234! - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems - hard: 65536 - networks: - - camunda-platform - ports: - - "9200:9200" - - "9601:9600" # required for Performance Analyzer - volumes: - - ./os-snapshots:/usr/local/os-snapshots - -volumes: - zeebe: - -networks: - camunda-platform: diff --git a/docker-compose-core.opensearch.yaml b/docker-compose-core.opensearch.yaml deleted file mode 100644 index 7f8c0169..00000000 --- a/docker-compose-core.opensearch.yaml +++ /dev/null @@ -1,160 +0,0 @@ -# While the Docker images themselves are supported for production usage, -# this docker-compose.yaml is designed to be used by developers to run -# an environment locally. It is not designed to be used in production. -# We recommend to use Kubernetes in production with our Helm Charts: -# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/ -# For local development, we recommend using KIND instead of `docker-compose`: -# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/ - -# This is a lightweight configuration with Zeebe, Operate, Tasklist, and OpenSearch -# See docker-compose.yml for a configuration that also includes Optimize, Identity, and Keycloak. - -services: - - opensearch-init: - image: bash - privileged: true - user: root - command: [ "sysctl", "-w", "vm.max_map_count=262144" ] - - zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe - image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} - container_name: zeebe - ports: - - "26500:26500" - - "9600:9600" - - "8088:8080" - environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ - - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_CLASSNAME=io.camunda.zeebe.exporter.opensearch.OpensearchExporter - - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_INDEX_DEPLOYMENT=false - - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_URL=http://opensearch:9200 - - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_BULK_SIZE=1 - - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_INDEX_PROCESSMESSAGESUBSCRIPTION=true - # allow running with low disk space - - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 - - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 - - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m" - restart: unless-stopped - healthcheck: - test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ] - interval: 30s - timeout: 5s - retries: 5 - start_period: 30s - networks: - - camunda-platform - depends_on: - - opensearch - - operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate - image: camunda/operate:${CAMUNDA_OPERATE_VERSION} - container_name: operate - ports: - - "8081:8080" - environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ - - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 - - CAMUNDA_OPERATE_DATABASE=opensearch - - CAMUNDA_OPERATE_OPENSEARCH_URL=http://opensearch:9200 - - CAMUNDA_OPERATE_ZEEBEOPENSEARCH_URL=http://opensearch:9200 - - CAMUNDA_OPERATE_CSRFPREVENTIONENABLED=false - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - healthcheck: - test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - networks: - - camunda-platform - depends_on: - - zeebe - - opensearch - - tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist - image: camunda/tasklist:${CAMUNDA_TASKLIST_VERSION} - container_name: tasklist - ports: - - "8082:8080" - environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ - - camunda.tasklist.opensearch.url=http://opensearch:9200 - - camunda.tasklist.zeebeOpensearch.url=http://opensearch:9200 - - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 - - CAMUNDA_TASKLIST_ZEEBE_RESTADDRESS=http://zeebe:8080 - - CAMUNDA_TASKLIST_CSRFPREVENTIONENABLED=false - - camunda.tasklist.database=opensearch - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - healthcheck: - test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - networks: - - camunda-platform - depends_on: - - zeebe - - opensearch - - connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ - image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} - container_name: connectors - ports: - - "8085:8080" - environment: - - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500 - - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true - - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080 - - CAMUNDA_OPERATE_CLIENT_USERNAME=demo - - CAMUNDA_OPERATE_CLIENT_PASSWORD=demo - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - healthcheck: - test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - env_file: connector-secrets.txt - networks: - - camunda-platform - depends_on: - - zeebe - - operate - - opensearch: - image: opensearchproject/opensearch:${OPENSEARCH_VERSION} - container_name: opensearch - depends_on: - - opensearch-init - environment: - - cluster.name=opensearch-cluster - - node.name=opensearch - - discovery.seed_hosts=opensearch - - plugins.security.disabled=true - - cluster.initial_cluster_manager_nodes=opensearch - - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping - - path.repo=/usr/local/os-snapshots - - "OPENSEARCH_JAVA_OPTS=-Xms1G -Xmx1G" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM - - OPENSEARCH_INITIAL_ADMIN_PASSWORD=OpenSearch_Admin1234! - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems - hard: 65536 - networks: - - camunda-platform - ports: - - "9200:9200" - - "9601:9600" # required for Performance Analyzer - volumes: - - ./os-snapshots:/usr/local/os-snapshots - -volumes: - zeebe: - -networks: - camunda-platform: diff --git a/docker-compose-core.yaml b/docker-compose-core.yaml index ecd47e9a..8bc37582 100644 --- a/docker-compose-core.yaml +++ b/docker-compose-core.yaml @@ -10,19 +10,24 @@ # See docker-compose.yml for a configuration that also includes Optimize, Identity, and Keycloak. services: + init: # recommended config https://opensearch.org/docs/1.1/opensearch/install/important-settings/ + image: bash + profiles: ["opensearch"] + privileged: true + user: root + command: [ "sysctl", "-w", "vm.max_map_count=262144" ] zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} container_name: zeebe + profiles: ["", "opensearch"] ports: - "26500:26500" - "9600:9600" - "8088:8080" + env_file: + - .env.${XSEARCH}.core environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ - - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter - - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200 - # default is 1000, see here: https://github.com/camunda/zeebe/blob/main/exporters/elasticsearch-exporter/src/main/java/io/camunda/zeebe/exporter/ElasticsearchExporterConfiguration.java#L259 - - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 # allow running with low disk space - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 @@ -39,17 +44,18 @@ services: networks: - camunda-platform depends_on: - - elasticsearch + - ${XSEARCH} operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate image: camunda/operate:${CAMUNDA_OPERATE_VERSION} container_name: operate + profiles: ["", "opensearch"] ports: - "8081:8080" + env_file: + - .env.${XSEARCH}.core environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 - - CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200 - - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 - CAMUNDA_OPERATE_CSRFPREVENTIONENABLED=false - management.endpoints.web.exposure.include=health - management.endpoint.health.probes.enabled=true @@ -63,18 +69,19 @@ services: - camunda-platform depends_on: - zeebe - - elasticsearch + - ${XSEARCH} tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist image: camunda/tasklist:${CAMUNDA_TASKLIST_VERSION} container_name: tasklist + profiles: ["", "opensearch"] ports: - "8082:8080" + env_file: + - .env.${XSEARCH}.core environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 - CAMUNDA_TASKLIST_ZEEBE_RESTADDRESS=http://zeebe:8080 - - CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200 - - CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 - CAMUNDA_TASKLIST_CSRFPREVENTIONENABLED=false - management.endpoints.web.exposure.include=health - management.endpoint.health.probes.enabled=true @@ -88,11 +95,12 @@ services: - camunda-platform depends_on: - zeebe - - elasticsearch + - ${XSEARCH} connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} container_name: connectors + profiles: ["", "opensearch"] ports: - "8085:8080" environment: @@ -116,9 +124,48 @@ services: - zeebe - operate + opensearch: + image: opensearchproject/opensearch:${OPENSEARCH_VERSION} + container_name: opensearch + profiles: ["opensearch"] + depends_on: + - init + environment: + cluster.name: opensearch-cluster + network.bind_host: 0.0.0.0 + node.name: opensearch + plugins.security.disabled: true + plugins.security.audit.config.index: myauditlogindex + discovery.type: single-node + discovery.seed_hosts: opensearch + bootstrap.memory_lock: true + OPENSEARCH_JAVA_OPTS: "-Xms1G -Xmx1G" + OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD} + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + ports: + - "9200:9200" + - "9601:9600" + restart: always + healthcheck: + test: [ "CMD-SHELL", "curl -k -f http://localhost:9200/_cluster/health -u admin:${OPENSEARCH_INITIAL_ADMIN_PASSWORD} | grep -q -E 'yellow|green'" ] + interval: 60s + timeout: 10s + retries: 5 + volumes: + - opensearch-data:/usr/share/opensearch/data + networks: + - camunda-platform + elasticsearch: # https://hub.docker.com/_/elasticsearch image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} container_name: elasticsearch + profiles: [""] ports: - "9200:9200" - "9300:9300" @@ -154,13 +201,14 @@ services: networks: - camunda-platform depends_on: - - elasticsearch + - ${XSEARCH} profiles: - kibana volumes: zeebe: elastic: + opensearch-data: kibana: networks: diff --git a/docker-compose-opensearch.yml b/docker-compose-opensearch.yml deleted file mode 100644 index f7bdf164..00000000 --- a/docker-compose-opensearch.yml +++ /dev/null @@ -1,400 +0,0 @@ -# While the Docker images themselves are supported for production usage, -# this docker-compose.yaml is designed to be used by developers to run -# an environment locally. It is not designed to be used in production. -# We recommend to use Kubernetes in production with our Helm Charts: -# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/ -# For local development, we recommend using KIND instead of `docker-compose`: -# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/ - -# This is a full configuration with Zeebe, Operate, Tasklist, Optimize, Identity, Keycloak, and Elasticsearch -# See docker-compose-core.yml for a lightweight configuration that does not include Optimize, Identity, and Keycloak. - -services: - - # opensearch-init: - # image: bash - # privileged: true - # user: root - # command: [ "sysctl", "-w", "vm.max_map_count=262144" ] - - zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe - image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} - container_name: zeebe - ports: - - "26500:26500" - - "9600:9600" - - "8088:8080" - environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ - - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_MODE=${ZEEBE_AUTHENTICATION_MODE} - - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_ISSUERBACKENDURL=http://keycloak:8080/auth/realms/camunda-platform - - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_AUDIENCE=zeebe-api - - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_BASEURL=http://identity:8084 - - ZEEBE_BROKER_GATEWAY_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} - - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_CLASSNAME=io.camunda.zeebe.exporter.opensearch.OpensearchExporter - - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_URL=http://opensearch:9200 - - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_BULK_SIZE=1 - # allow running with low disk space - - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 - - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 - - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m" - restart: always - healthcheck: - test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ] - interval: 30s - timeout: 5s - retries: 5 - start_period: 30s - volumes: - - zeebe:/usr/local/zeebe/data - networks: - - camunda-platform - depends_on: - - opensearch - - identity - - operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate - image: camunda/operate:${CAMUNDA_PLATFORM_VERSION} - container_name: operate - ports: - - "8081:8080" - environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ - - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 - - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} - - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} - - ZEEBE_TOKEN_AUDIENCE=zeebe-api - - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token - - CAMUNDA_OPERATE_DATABASE=opensearch - - CAMUNDA_OPERATE_OPENSEARCH_URL=http://opensearch:9200 - - CAMUNDA_OPERATE_ZEEBEOPENSEARCH_URL=http://opensearch:9200 - # For more information regarding configuration with Identity see: - # https://docs.camunda.io/docs/self-managed/operate-deployment/authentication/#identity - - SPRING_PROFILES_ACTIVE=identity-auth - - CAMUNDA_OPERATE_IDENTITY_BASEURL=http://identity:8084 - - CAMUNDA_OPERATE_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform - - CAMUNDA_OPERATE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform - - CAMUNDA_OPERATE_IDENTITY_CLIENTID=operate - - CAMUNDA_OPERATE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - - CAMUNDA_OPERATE_IDENTITY_AUDIENCE=operate-api - - CAMUNDA_OPERATE_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} - - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:8080/auth/realms/camunda-platform - - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs - - CAMUNDA_OPERATE_IDENTITY_RESOURCEPERMISSIONSENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED} - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache - healthcheck: - test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - volumes: - - operate_tmp:/tmp - networks: - - camunda-platform - depends_on: - - zeebe - - identity - - opensearch - - tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist - image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION} - container_name: tasklist - ports: - - "8082:8080" - environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ - - camunda.tasklist.opensearch.url=http://opensearch:9200 - - camunda.tasklist.zeebeOpensearch.url=http://opensearch:9200 - - camunda.tasklist.database=opensearch - - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 - - CAMUNDA_TASKLIST_ZEEBE_RESTADDRESS=http://zeebe:8080 - - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} - - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} - - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache - - ZEEBE_TOKEN_AUDIENCE=zeebe-api - - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token - - CAMUNDA_TASKLIST_OPENSEARCH_URL=http://opensearch:9200 - - CAMUNDA_TASKLIST_ZEEBEEOPENSEARCH_URL=http://opensearch:9200 - # For more information regarding configuration with Identity see: - # https://docs.camunda.io/docs/self-managed/tasklist-deployment/authentication/#identity - - SPRING_PROFILES_ACTIVE=identity-auth - - CAMUNDA_TASKLIST_IDENTITY_BASEURL=http://identity:8084 - - CAMUNDA_TASKLIST_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform - - CAMUNDA_TASKLIST_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform - - CAMUNDA_TASKLIST_IDENTITY_CLIENTID=tasklist - - CAMUNDA_TASKLIST_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - - CAMUNDA_TASKLIST_IDENTITY_AUDIENCE=tasklist-api - - CAMUNDA_TASKLIST_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} - - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:8080/auth/realms/camunda-platform - - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs - - CAMUNDA_TASKLIST_IDENTITY_RESOURCE_PERMISSIONS_ENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED} - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - healthcheck: - test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - volumes: - - tasklist_tmp:/tmp - networks: - - camunda-platform - depends_on: - zeebe: - condition: service_started - opensearch: - condition: service_healthy - identity: - condition: service_healthy - - connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ - image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} - container_name: connectors - ports: - - "8085:8080" - environment: - - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500 - - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true - - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} - - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} - - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache - - ZEEBE_TOKEN_AUDIENCE=zeebe-api - - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token - - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080 - - CAMUNDA_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform - - CAMUNDA_IDENTITY_CLIENT_ID=connectors - - CAMUNDA_IDENTITY_CLIENT_SECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - - CAMUNDA_IDENTITY_TYPE=KEYCLOAK - - CAMUNDA_IDENTITY_AUDIENCE=operate-api - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - env_file: connector-secrets.txt - healthcheck: - test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - networks: - - camunda-platform - depends_on: - - zeebe - - operate - - identity - - optimize: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#optimize - image: camunda/optimize:${CAMUNDA_OPTIMIZE_VERSION} - container_name: optimize - ports: - - "8083:8090" - environment: # https://docs.camunda.io/docs/self-managed/optimize-deployment/setup/installation/#available-environment-variables - - CAMUNDA_OPTIMIZE_OPENSEARCH_HOST=opensearch - - CAMUNDA_OPTIMIZE_OPENSEARCH_HTTP_PORT=9200 - - CAMUNDA_OPTIMIZE_DATABASE=opensearch - - SPRING_PROFILES_ACTIVE=ccsm - - CAMUNDA_OPTIMIZE_ZEEBE_ENABLED=true - - CAMUNDA_OPTIMIZE_ENTERPRISE=false - - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform - - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform - - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTID=optimize - - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - - CAMUNDA_OPTIMIZE_IDENTITY_AUDIENCE=optimize-api - - CAMUNDA_OPTIMIZE_IDENTITY_BASE_URL=http://identity:8084 - - CAMUNDA_OPTIMIZE_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} - - CAMUNDA_OPTIMIZE_SECURITY_AUTH_COOKIE_SAME_SITE_ENABLED=false - - CAMUNDA_OPTIMIZE_UI_LOGOUT_HIDDEN=true - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - healthcheck: - test: [ "CMD-SHELL", "curl -f http://localhost:8090/api/readyz" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - volumes: - - "./.optimize/environment-config.yaml:/optimize/config/environment-config.yaml" - restart: on-failure - networks: - - camunda-platform - depends_on: - - identity - - opensearch - - identity: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#identity - container_name: identity - image: camunda/identity:${CAMUNDA_PLATFORM_VERSION} - ports: - - "8084:8084" - environment: # https://docs.camunda.io/docs/self-managed/identity/deployment/configuration-variables/ - SERVER_PORT: 8084 - IDENTITY_RETRY_DELAY_SECONDS: 30 - KEYCLOAK_URL: http://keycloak:8080/auth - IDENTITY_AUTH_PROVIDER_BACKEND_URL: http://keycloak:8080/auth/realms/camunda-platform - IDENTITY_DATABASE_HOST: postgres - IDENTITY_DATABASE_PORT: 5432 - IDENTITY_DATABASE_NAME: bitnami_keycloak - IDENTITY_DATABASE_USERNAME: bn_keycloak - IDENTITY_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" - KEYCLOAK_INIT_OPERATE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - KEYCLOAK_INIT_OPERATE_ROOT_URL: http://${HOST}:8081 - KEYCLOAK_INIT_TASKLIST_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - KEYCLOAK_INIT_TASKLIST_ROOT_URL: http://${HOST}:8082 - KEYCLOAK_INIT_OPTIMIZE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - KEYCLOAK_INIT_OPTIMIZE_ROOT_URL: http://${HOST}:8083 - KEYCLOAK_INIT_WEBMODELER_ROOT_URL: http://${HOST}:8070 - KEYCLOAK_INIT_CONNECTORS_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - KEYCLOAK_INIT_CONNECTORS_ROOT_URL: http://${HOST}:8085 - KEYCLOAK_INIT_ZEEBE_NAME: zeebe - KEYCLOAK_USERS_0_USERNAME: "demo" - KEYCLOAK_USERS_0_PASSWORD: "demo" - KEYCLOAK_USERS_0_FIRST_NAME: "demo" - KEYCLOAK_USERS_0_EMAIL: "demo@acme.com" - KEYCLOAK_USERS_0_ROLES_0: "Identity" - KEYCLOAK_USERS_0_ROLES_1: "Optimize" - KEYCLOAK_USERS_0_ROLES_2: "Operate" - KEYCLOAK_USERS_0_ROLES_3: "Tasklist" - KEYCLOAK_USERS_0_ROLES_4: "Web Modeler" - KEYCLOAK_CLIENTS_0_NAME: zeebe - KEYCLOAK_CLIENTS_0_ID: ${ZEEBE_CLIENT_ID} - KEYCLOAK_CLIENTS_0_SECRET: ${ZEEBE_CLIENT_SECRET} - KEYCLOAK_CLIENTS_0_TYPE: M2M - KEYCLOAK_CLIENTS_0_PERMISSIONS_0_RESOURCE_SERVER_ID: zeebe-api - KEYCLOAK_CLIENTS_0_PERMISSIONS_0_DEFINITION: write:* - KEYCLOAK_CLIENTS_0_PERMISSIONS_1_RESOURCE_SERVER_ID: operate-api - KEYCLOAK_CLIENTS_0_PERMISSIONS_1_DEFINITION: write:* - KEYCLOAK_CLIENTS_0_PERMISSIONS_2_RESOURCE_SERVER_ID: tasklist-api - KEYCLOAK_CLIENTS_0_PERMISSIONS_2_DEFINITION: write:* - KEYCLOAK_CLIENTS_0_PERMISSIONS_3_RESOURCE_SERVER_ID: optimize-api - KEYCLOAK_CLIENTS_0_PERMISSIONS_3_DEFINITION: write:* - KEYCLOAK_CLIENTS_0_PERMISSIONS_4_RESOURCE_SERVER_ID: tasklist-api - KEYCLOAK_CLIENTS_0_PERMISSIONS_4_DEFINITION: read:* - KEYCLOAK_CLIENTS_0_PERMISSIONS_5_RESOURCE_SERVER_ID: operate-api - KEYCLOAK_CLIENTS_0_PERMISSIONS_5_DEFINITION: read:* - MULTITENANCY_ENABLED: ${MULTI_TENANCY_ENABLED} - RESOURCE_PERMISSIONS_ENABLED: ${RESOURCE_AUTHORIZATIONS_ENABLED} - healthcheck: - test: [ "CMD", "wget", "-q", "--tries=1", "--spider", "http://localhost:8082/actuator/health" ] - interval: 5s - timeout: 15s - retries: 30 - start_period: 60s - restart: on-failure - volumes: - - keycloak-theme:/app/keycloak-theme - networks: - - camunda-platform - - identity-network - depends_on: - keycloak: - condition: service_healthy - - postgres: # https://hub.docker.com/_/postgres - container_name: postgres - image: postgres:${POSTGRES_VERSION} - environment: - POSTGRES_DB: bitnami_keycloak - POSTGRES_USER: bn_keycloak - POSTGRES_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" - restart: on-failure - healthcheck: - test: [ "CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ] - interval: 10s - timeout: 5s - retries: 5 - volumes: - - postgres:/var/lib/postgresql/data - networks: - - identity-network - - keycloak: # https://hub.docker.com/r/bitnami/keycloak - container_name: keycloak - image: bitnami/keycloak:${KEYCLOAK_SERVER_VERSION} - volumes: - - keycloak-theme:/opt/bitnami/keycloak/themes/identity - ports: - - "18080:8080" - environment: - KEYCLOAK_HTTP_RELATIVE_PATH: /auth - KEYCLOAK_DATABASE_HOST: postgres - KEYCLOAK_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" - KEYCLOAK_ADMIN_USER: admin - KEYCLOAK_ADMIN_PASSWORD: admin - restart: on-failure - healthcheck: - test: [ "CMD", "curl", "-f", "http://localhost:8080/auth" ] - interval: 30s - timeout: 15s - retries: 5 - start_period: 30s - networks: - - camunda-platform - - identity-network - depends_on: - - postgres - - opensearch: - image: opensearchproject/opensearch:2.16.0 - container_name: opensearch - # depends_on: - # - opensearch-init - environment: - - cluster.name=opensearch-cluster - - node.name=opensearch - - discovery.seed_hosts=opensearch - - plugins.security.disabled=true - - cluster.initial_cluster_manager_nodes=opensearch - - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping - - path.repo=/usr/local/os-snapshots - - "OPENSEARCH_JAVA_OPTS=-Xms1G -Xmx1G" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM - - OPENSEARCH_INITIAL_ADMIN_PASSWORD=OpenSearch_Admin1234! - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - ports: - - "9200:9200" - - "9601:9600" - restart: always - healthcheck: - test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ] - interval: 30s - timeout: 240s - retries: 3 - volumes: - # - opensearch-data:/usr/share/opensearch/data - - ./os-snapshots:/usr/local/os-snapshots - networks: - - camunda-platform - - kibana: - image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION} - container_name: kibana - ports: - - 5601:5601 - volumes: - - kibana:/usr/share/kibana/data - networks: - - camunda-platform - depends_on: - - opensearch - profiles: - - kibana - -volumes: - zeebe: - opensearch-data: - postgres: - keycloak-theme: - kibana: - operate_tmp: - tasklist_tmp: - -networks: - # Note there are two bridge networks: One for Camunda Platform and one for Identity. - # Identity and Keycloak are part of both as they need to be accessible by platform components. - camunda-platform: - identity-network: diff --git a/docker-compose.opensearch.yaml b/docker-compose.opensearch.yaml deleted file mode 100644 index d3c95cdd..00000000 --- a/docker-compose.opensearch.yaml +++ /dev/null @@ -1,401 +0,0 @@ -# While the Docker images themselves are supported for production usage, -# this docker-compose.yaml is designed to be used by developers to run -# an environment locally. It is not designed to be used in production. -# We recommend to use Kubernetes in production with our Helm Charts: -# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/ -# For local development, we recommend using KIND instead of `docker-compose`: -# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/ - -# This is a full configuration with Zeebe, Operate, Tasklist, Optimize, Identity, Keycloak, and OpenSearch -# See docker-compose-core.yml for a lightweight configuration that does not include Optimize, Identity, and Keycloak. - -services: - - opensearch-init: # recommended config https://opensearch.org/docs/1.1/opensearch/install/important-settings/ - image: bash - privileged: true - user: root - command: [ "sysctl", "-w", "vm.max_map_count=262144" ] - - zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe - image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} - container_name: zeebe - ports: - - "26500:26500" - - "9600:9600" - - "8088:8080" - environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ - - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_MODE=${ZEEBE_AUTHENTICATION_MODE} - - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_ISSUERBACKENDURL=http://keycloak:8080/auth/realms/camunda-platform - - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_AUDIENCE=zeebe-api - - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_BASEURL=http://identity:8084 - - ZEEBE_BROKER_GATEWAY_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} - - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_CLASSNAME=io.camunda.zeebe.exporter.opensearch.OpensearchExporter - - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_URL=http://opensearch:9200 - - ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_BULK_SIZE=1 - # allow running with low disk space - - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 - - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 - - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m" - restart: always - healthcheck: - test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ] - interval: 30s - timeout: 5s - retries: 5 - start_period: 30s - volumes: - - zeebe:/usr/local/zeebe/data - networks: - - camunda-platform - depends_on: - - opensearch - - identity - - operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate - image: camunda/operate:${CAMUNDA_OPERATE_VERSION} - container_name: operate - ports: - - "8081:8080" - environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ - - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 - - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} - - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} - - ZEEBE_TOKEN_AUDIENCE=zeebe-api - - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token - - CAMUNDA_OPERATE_DATABASE=opensearch - - CAMUNDA_OPERATE_OPENSEARCH_URL=http://opensearch:9200 - - CAMUNDA_OPERATE_ZEEBEOPENSEARCH_URL=http://opensearch:9200 - # For more information regarding configuration with Identity see: - # https://docs.camunda.io/docs/self-managed/operate-deployment/authentication/#identity - - SPRING_PROFILES_ACTIVE=identity-auth - - CAMUNDA_OPERATE_IDENTITY_BASEURL=http://identity:8084 - - CAMUNDA_OPERATE_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform - - CAMUNDA_OPERATE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform - - CAMUNDA_OPERATE_IDENTITY_CLIENTID=operate - - CAMUNDA_OPERATE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - - CAMUNDA_OPERATE_IDENTITY_AUDIENCE=operate-api - - CAMUNDA_OPERATE_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} - - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:8080/auth/realms/camunda-platform - - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs - - CAMUNDA_OPERATE_IDENTITY_RESOURCEPERMISSIONSENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED} - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache - healthcheck: - test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - volumes: - - operate_tmp:/tmp - networks: - - camunda-platform - depends_on: - - zeebe - - identity - - opensearch - - tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist - image: camunda/tasklist:${CAMUNDA_TASKLIST_VERSION} - container_name: tasklist - ports: - - "8082:8080" - environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ - - camunda.tasklist.opensearch.url=http://opensearch:9200 - - camunda.tasklist.zeebeOpensearch.url=http://opensearch:9200 - - camunda.tasklist.database=opensearch - - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 - - CAMUNDA_TASKLIST_ZEEBE_RESTADDRESS=http://zeebe:8080 - - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} - - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} - - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache - - ZEEBE_TOKEN_AUDIENCE=zeebe-api - - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token - - CAMUNDA_TASKLIST_OPENSEARCH_URL=http://opensearch:9200 - - CAMUNDA_TASKLIST_ZEEBEEOPENSEARCH_URL=http://opensearch:9200 - # For more information regarding configuration with Identity see: - # https://docs.camunda.io/docs/self-managed/tasklist-deployment/authentication/#identity - - SPRING_PROFILES_ACTIVE=identity-auth - - CAMUNDA_TASKLIST_IDENTITY_BASEURL=http://identity:8084 - - CAMUNDA_TASKLIST_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform - - CAMUNDA_TASKLIST_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform - - CAMUNDA_TASKLIST_IDENTITY_CLIENTID=tasklist - - CAMUNDA_TASKLIST_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - - CAMUNDA_TASKLIST_IDENTITY_AUDIENCE=tasklist-api - - CAMUNDA_TASKLIST_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} - - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:8080/auth/realms/camunda-platform - - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs - - CAMUNDA_TASKLIST_IDENTITY_RESOURCE_PERMISSIONS_ENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED} - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - healthcheck: - test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - volumes: - - tasklist_tmp:/tmp - networks: - - camunda-platform - depends_on: - zeebe: - condition: service_started - opensearch: - condition: service_healthy - identity: - condition: service_healthy - - connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ - image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} - container_name: connectors - ports: - - "8085:8080" - environment: - - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500 - - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true - - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} - - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} - - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache - - ZEEBE_TOKEN_AUDIENCE=zeebe-api - - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token - - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080 - - CAMUNDA_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform - - CAMUNDA_IDENTITY_CLIENT_ID=connectors - - CAMUNDA_IDENTITY_CLIENT_SECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - - CAMUNDA_IDENTITY_TYPE=KEYCLOAK - - CAMUNDA_IDENTITY_AUDIENCE=operate-api - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - env_file: connector-secrets.txt - healthcheck: - test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - networks: - - camunda-platform - depends_on: - - zeebe - - operate - - identity - - optimize: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#optimize - image: camunda/optimize:${CAMUNDA_OPTIMIZE_VERSION} - container_name: optimize - ports: - - "8083:8090" - environment: # https://docs.camunda.io/docs/self-managed/optimize-deployment/setup/installation/#available-environment-variables - - CAMUNDA_OPTIMIZE_OPENSEARCH_HOST=opensearch - - CAMUNDA_OPTIMIZE_OPENSEARCH_HTTP_PORT=9200 - - CAMUNDA_OPTIMIZE_DATABASE=opensearch - - SPRING_PROFILES_ACTIVE=ccsm - - CAMUNDA_OPTIMIZE_ZEEBE_ENABLED=true - - CAMUNDA_OPTIMIZE_ENTERPRISE=false - - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform - - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform - - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTID=optimize - - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - - CAMUNDA_OPTIMIZE_IDENTITY_AUDIENCE=optimize-api - - CAMUNDA_OPTIMIZE_IDENTITY_BASE_URL=http://identity:8084 - - CAMUNDA_OPTIMIZE_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} - - CAMUNDA_OPTIMIZE_SECURITY_AUTH_COOKIE_SAME_SITE_ENABLED=false - - CAMUNDA_OPTIMIZE_UI_LOGOUT_HIDDEN=true - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - healthcheck: - test: [ "CMD-SHELL", "curl -f http://localhost:8090/api/readyz" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - volumes: - - "./.optimize/environment-config.yaml:/optimize/config/environment-config.yaml" - restart: on-failure - networks: - - camunda-platform - depends_on: - - identity - - opensearch - - identity: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#identity - container_name: identity - image: camunda/identity:${CAMUNDA_IDENTITY_VERSION} - ports: - - "8084:8084" - environment: # https://docs.camunda.io/docs/self-managed/identity/deployment/configuration-variables/ - SERVER_PORT: 8084 - IDENTITY_RETRY_DELAY_SECONDS: 30 - KEYCLOAK_URL: http://keycloak:8080/auth - IDENTITY_AUTH_PROVIDER_BACKEND_URL: http://keycloak:8080/auth/realms/camunda-platform - IDENTITY_DATABASE_HOST: postgres - IDENTITY_DATABASE_PORT: 5432 - IDENTITY_DATABASE_NAME: bitnami_keycloak - IDENTITY_DATABASE_USERNAME: bn_keycloak - IDENTITY_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" - KEYCLOAK_INIT_OPERATE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - KEYCLOAK_INIT_OPERATE_ROOT_URL: http://${HOST}:8081 - KEYCLOAK_INIT_TASKLIST_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - KEYCLOAK_INIT_TASKLIST_ROOT_URL: http://${HOST}:8082 - KEYCLOAK_INIT_OPTIMIZE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - KEYCLOAK_INIT_OPTIMIZE_ROOT_URL: http://${HOST}:8083 - KEYCLOAK_INIT_WEBMODELER_ROOT_URL: http://${HOST}:8070 - KEYCLOAK_INIT_CONNECTORS_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - KEYCLOAK_INIT_CONNECTORS_ROOT_URL: http://${HOST}:8085 - KEYCLOAK_INIT_ZEEBE_NAME: zeebe - KEYCLOAK_USERS_0_USERNAME: "demo" - KEYCLOAK_USERS_0_PASSWORD: "demo" - KEYCLOAK_USERS_0_FIRST_NAME: "demo" - KEYCLOAK_USERS_0_EMAIL: "demo@acme.com" - KEYCLOAK_USERS_0_ROLES_0: "Identity" - KEYCLOAK_USERS_0_ROLES_1: "Optimize" - KEYCLOAK_USERS_0_ROLES_2: "Operate" - KEYCLOAK_USERS_0_ROLES_3: "Tasklist" - KEYCLOAK_USERS_0_ROLES_4: "Web Modeler" - KEYCLOAK_CLIENTS_0_NAME: zeebe - KEYCLOAK_CLIENTS_0_ID: ${ZEEBE_CLIENT_ID} - KEYCLOAK_CLIENTS_0_SECRET: ${ZEEBE_CLIENT_SECRET} - KEYCLOAK_CLIENTS_0_TYPE: M2M - KEYCLOAK_CLIENTS_0_PERMISSIONS_0_RESOURCE_SERVER_ID: zeebe-api - KEYCLOAK_CLIENTS_0_PERMISSIONS_0_DEFINITION: write:* - KEYCLOAK_CLIENTS_0_PERMISSIONS_1_RESOURCE_SERVER_ID: operate-api - KEYCLOAK_CLIENTS_0_PERMISSIONS_1_DEFINITION: write:* - KEYCLOAK_CLIENTS_0_PERMISSIONS_2_RESOURCE_SERVER_ID: tasklist-api - KEYCLOAK_CLIENTS_0_PERMISSIONS_2_DEFINITION: write:* - KEYCLOAK_CLIENTS_0_PERMISSIONS_3_RESOURCE_SERVER_ID: optimize-api - KEYCLOAK_CLIENTS_0_PERMISSIONS_3_DEFINITION: write:* - KEYCLOAK_CLIENTS_0_PERMISSIONS_4_RESOURCE_SERVER_ID: tasklist-api - KEYCLOAK_CLIENTS_0_PERMISSIONS_4_DEFINITION: read:* - KEYCLOAK_CLIENTS_0_PERMISSIONS_5_RESOURCE_SERVER_ID: operate-api - KEYCLOAK_CLIENTS_0_PERMISSIONS_5_DEFINITION: read:* - MULTITENANCY_ENABLED: ${MULTI_TENANCY_ENABLED} - RESOURCE_PERMISSIONS_ENABLED: ${RESOURCE_AUTHORIZATIONS_ENABLED} - healthcheck: - test: [ "CMD", "wget", "-q", "--tries=1", "--spider", "http://localhost:8082/actuator/health" ] - interval: 5s - timeout: 15s - retries: 30 - start_period: 60s - restart: on-failure - volumes: - - keycloak-theme:/app/keycloak-theme - networks: - - camunda-platform - - identity-network - depends_on: - keycloak: - condition: service_healthy - - postgres: # https://hub.docker.com/_/postgres - container_name: postgres - image: postgres:${POSTGRES_VERSION} - environment: - POSTGRES_DB: bitnami_keycloak - POSTGRES_USER: bn_keycloak - POSTGRES_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" - restart: on-failure - healthcheck: - test: [ "CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ] - interval: 10s - timeout: 5s - retries: 5 - volumes: - - postgres:/var/lib/postgresql/data - networks: - - identity-network - - keycloak: # https://hub.docker.com/r/bitnami/keycloak - container_name: keycloak - image: bitnami/keycloak:${KEYCLOAK_SERVER_VERSION} - volumes: - - keycloak-theme:/opt/bitnami/keycloak/themes/identity - ports: - - "18080:8080" - environment: - KEYCLOAK_HTTP_RELATIVE_PATH: /auth - KEYCLOAK_DATABASE_HOST: postgres - KEYCLOAK_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" - KEYCLOAK_ADMIN_USER: admin - KEYCLOAK_ADMIN_PASSWORD: admin - restart: on-failure - healthcheck: - test: [ "CMD", "curl", "-f", "http://localhost:8080/auth" ] - interval: 30s - timeout: 15s - retries: 5 - start_period: 30s - networks: - - camunda-platform - - identity-network - depends_on: - - postgres - - opensearch: - image: opensearchproject/opensearch:${OPENSEARCH_VERSION} - container_name: opensearch - depends_on: - - opensearch-init - environment: - - cluster.name=opensearch-cluster - - node.name=opensearch - - discovery.seed_hosts=opensearch - - plugins.security.disabled=true - - cluster.initial_cluster_manager_nodes=opensearch - - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping - - path.repo=/usr/local/os-snapshots - - "OPENSEARCH_JAVA_OPTS=-Xms1G -Xmx1G" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM - - OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_INITIAL_ADMIN_PASSWORD} - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - ports: - - "9200:9200" - - "9601:9600" - restart: always - healthcheck: - # test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cluster/health?wait_for_status=yellow&timeout=60s | grep -q green" ] - test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cluster/health?wait_for_status=yellow | grep -q -E 'yellow|green'" ] - interval: 60s - timeout: 30s - retries: 5 - volumes: - # - opensearch-data:/usr/share/opensearch/data - - ./os-snapshots:/usr/local/os-snapshots - networks: - - camunda-platform - - kibana: - image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION} - container_name: kibana - ports: - - 5601:5601 - volumes: - - kibana:/usr/share/kibana/data - networks: - - camunda-platform - depends_on: - - opensearch - profiles: - - kibana - -volumes: - zeebe: - opensearch-data: - postgres: - keycloak-theme: - kibana: - operate_tmp: - tasklist_tmp: - -networks: - # Note there are two bridge networks: One for Camunda Platform and one for Identity. - # Identity and Keycloak are part of both as they need to be accessible by platform components. - camunda-platform: - identity-network: diff --git a/docker-compose.yaml b/docker-compose.yaml index 287cf403..fcbd481d 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -10,24 +10,30 @@ # See docker-compose-core.yml for a lightweight configuration that does not include Optimize, Identity, and Keycloak. services: + init: # recommended config https://opensearch.org/docs/1.1/opensearch/install/important-settings/ + image: bash + profiles: ["opensearch"] + privileged: true + user: root + command: [ "sysctl", "-w", "vm.max_map_count=262144" ] zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} container_name: zeebe + profiles: ["", "opensearch"] ports: - "26500:26500" - "9600:9600" - "8088:8080" + env_file: + - .env.${XSEARCH} environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_MODE=${ZEEBE_AUTHENTICATION_MODE} - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_ISSUERBACKENDURL=http://keycloak:8080/auth/realms/camunda-platform - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_AUDIENCE=zeebe-api - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_BASEURL=http://identity:8084 - ZEEBE_BROKER_GATEWAY_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} - - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter - - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200 # default is 1000, see here: https://github.com/camunda/zeebe/blob/main/exporters/elasticsearch-exporter/src/main/java/io/camunda/zeebe/exporter/ElasticsearchExporterConfiguration.java#L259 - - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 # allow running with low disk space - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 @@ -44,22 +50,23 @@ services: networks: - camunda-platform depends_on: - - elasticsearch - identity + - ${XSEARCH} operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate image: camunda/operate:${CAMUNDA_OPERATE_VERSION} container_name: operate + profiles: ["", "opensearch"] ports: - "8081:8080" + env_file: + - .env.${XSEARCH} environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} - ZEEBE_TOKEN_AUDIENCE=zeebe-api - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token - - CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200 - - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 # For more information regarding configuration with Identity see: # https://docs.camunda.io/docs/self-managed/operate-deployment/authentication/#identity - SPRING_PROFILES_ACTIVE=identity-auth @@ -89,13 +96,16 @@ services: depends_on: - zeebe - identity - - elasticsearch + - ${XSEARCH} tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist image: camunda/tasklist:${CAMUNDA_TASKLIST_VERSION} container_name: tasklist + profiles: ["", "opensearch"] ports: - "8082:8080" + env_file: + - .env.${XSEARCH} environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 - CAMUNDA_TASKLIST_ZEEBE_RESTADDRESS=http://zeebe:8080 @@ -104,8 +114,6 @@ services: - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache - ZEEBE_TOKEN_AUDIENCE=zeebe-api - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token - - CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200 - - CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 # For more information regarding configuration with Identity see: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/authentication/#identity - SPRING_PROFILES_ACTIVE=identity-auth @@ -134,14 +142,13 @@ services: depends_on: zeebe: condition: service_started - elasticsearch: - condition: service_healthy identity: condition: service_healthy connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} container_name: connectors + profiles: ["", "opensearch"] ports: - "8085:8080" environment: @@ -177,11 +184,12 @@ services: optimize: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#optimize image: camunda/optimize:${CAMUNDA_OPTIMIZE_VERSION} container_name: optimize + profiles: ["", "opensearch"] ports: - "8083:8090" + env_file: + - .env.${XSEARCH} environment: # https://docs.camunda.io/docs/self-managed/optimize-deployment/setup/installation/#available-environment-variables - - OPTIMIZE_ELASTICSEARCH_HOST=elasticsearch - - OPTIMIZE_ELASTICSEARCH_HTTP_PORT=9200 - SPRING_PROFILES_ACTIVE=ccsm - CAMUNDA_OPTIMIZE_ZEEBE_ENABLED=true - CAMUNDA_OPTIMIZE_ENTERPRISE=false @@ -209,11 +217,12 @@ services: - camunda-platform depends_on: - identity - - elasticsearch + - ${XSEARCH} identity: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#identity container_name: identity image: camunda/identity:${CAMUNDA_IDENTITY_VERSION} + profiles: ["", "opensearch"] ports: - "8084:8084" environment: # https://docs.camunda.io/docs/self-managed/identity/deployment/configuration-variables/ @@ -282,6 +291,7 @@ services: postgres: # https://hub.docker.com/_/postgres container_name: postgres image: postgres:${POSTGRES_VERSION} + profiles: ["", "opensearch"] environment: POSTGRES_DB: bitnami_keycloak POSTGRES_USER: bn_keycloak @@ -300,6 +310,7 @@ services: keycloak: # https://hub.docker.com/r/bitnami/keycloak container_name: keycloak image: bitnami/keycloak:${KEYCLOAK_SERVER_VERSION} + profiles: ["", "opensearch"] volumes: - keycloak-theme:/opt/bitnami/keycloak/themes/identity ports: @@ -323,9 +334,47 @@ services: depends_on: - postgres + opensearch: + image: opensearchproject/opensearch:${OPENSEARCH_VERSION} + container_name: opensearch + profiles: ["opensearch"] + depends_on: + - init + environment: + cluster.name: opensearch-cluster + network.bind_host: 0.0.0.0 + node.name: opensearch + plugins.security.disabled: true + discovery.type: single-node + discovery.seed_hosts: opensearch + bootstrap.memory_lock: true + OPENSEARCH_JAVA_OPTS: "-Xms1G -Xmx1G" + OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD} + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + ports: + - "9200:9200" + - "9601:9600" + restart: always + healthcheck: + test: [ "CMD-SHELL", "curl -k -f http://localhost:9200/_cluster/health -u admin:${OPENSEARCH_INITIAL_ADMIN_PASSWORD} | grep -q -E 'yellow|green'" ] + interval: 60s + timeout: 10s + retries: 5 + volumes: + - opensearch-data:/usr/share/opensearch/data + networks: + - camunda-platform + elasticsearch: # https://hub.docker.com/_/elasticsearch image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} container_name: elasticsearch + profiles: [""] ports: - "9200:9200" - "9300:9300" @@ -361,13 +410,14 @@ services: networks: - camunda-platform depends_on: - - elasticsearch + - ${XSEARCH} profiles: - kibana volumes: zeebe: elastic: + opensearch-data: postgres: keycloak-theme: kibana: From 92aeb2982577abb068dfbd5274a105e3dc18763c Mon Sep 17 00:00:00 2001 From: Yevhen Podluzhnyi Date: Tue, 10 Sep 2024 10:02:56 +0300 Subject: [PATCH 08/11] fix: edited README.md - fixed comments - added params for opensearch --- .env | 3 +-- .env.opensearch | 14 +++++++++++--- .env.opensearch.core | 6 +++--- README.md | 31 ++++++++++++++++++++++++++++--- docker-compose-core.yaml | 15 ++++++++------- docker-compose.yaml | 17 +++++++++-------- 6 files changed, 60 insertions(+), 26 deletions(-) diff --git a/.env b/.env index cb606415..eff02980 100644 --- a/.env +++ b/.env @@ -51,5 +51,4 @@ MULTI_TENANCY_ENABLED=false OPENSEARCH_INITIAL_ADMIN_PASSWORD=OpenSearch_Admin1234! # search engine app: opensearch or elasticsearch -XSEARCH=elasticsearch -# XSEARCH=opensearch +SEARCH_DB=elasticsearch diff --git a/.env.opensearch b/.env.opensearch index 077d73b9..8508eb47 100644 --- a/.env.opensearch +++ b/.env.opensearch @@ -1,8 +1,16 @@ CAMUNDA_OPERATE_DATABASE=opensearch -ZEEBE_BROKER_EXPORTERS_OPENSEARCH_CLASSNAME=io.camunda.zeebe.exporter.opensearch.OpensearchExporter -ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_URL=http://opensearch:9200 -ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_BULK_SIZE=1 CAMUNDA_OPERATE_OPENSEARCH_URL=http://opensearch:9200 CAMUNDA_OPERATE_ZEEBEOPENSEARCH_URL=http://opensearch:9200 CAMUNDA_TASKLIST_OPENSEARCH_URL=http://opensearch:9200 CAMUNDA_TASKLIST_ZEEBEEOPENSEARCH_URL=http://opensearch:9200 +camunda.tasklist.database=opensearch +camunda.tasklist.opensearch.url=http://opensearch:9200 +camunda.tasklist.zeebeOpensearch.url=http://opensearch:9200 +ZEEBE_BROKER_EXPORTERS_OPENSEARCH_CLASSNAME=io.camunda.zeebe.exporter.opensearch.OpensearchExporter +ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_INDEX_DEPLOYMENT=false +ZEEBE_BROKER_EXPORTERS_OPENSEARCH_CLASSNAME=io.camunda.zeebe.exporter.opensearch.OpensearchExporter +ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_URL=http://opensearch:9200 +ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_BULK_SIZE=1 +CAMUNDA_OPTIMIZE_DATABASE=opensearch +CAMUNDA_OPTIMIZE_OPENSEARCH_HOST=opensearch +CAMUNDA_OPTIMIZE_OPENSEARCH_HTTP_PORT=9200 diff --git a/.env.opensearch.core b/.env.opensearch.core index b3987e44..a5734419 100644 --- a/.env.opensearch.core +++ b/.env.opensearch.core @@ -1,6 +1,3 @@ -camunda.tasklist.opensearch.url=http://opensearch:9200 -camunda.tasklist.zeebeOpensearch.url=http://opensearch:9200 -camunda.tasklist.database=opensearch CAMUNDA_OPERATE_DATABASE=opensearch CAMUNDA_OPERATE_OPENSEARCH_URL=http://opensearch:9200 CAMUNDA_OPERATE_ZEEBEOPENSEARCH_URL=http://opensearch:9200 @@ -9,3 +6,6 @@ ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_INDEX_DEPLOYMENT=false ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_URL=http://opensearch:9200 ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_BULK_SIZE=1 ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_INDEX_PROCESSMESSAGESUBSCRIPTION=true +camunda.tasklist.opensearch.url=http://opensearch:9200 +camunda.tasklist.zeebeOpensearch.url=http://opensearch:9200 +camunda.tasklist.database=opensearch diff --git a/README.md b/README.md index de9435e8..58d22695 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ The full environment contains these components: - Connectors - Optimize - Identity -- Elasticsearch +- Elasticsearch/Opensearch - Keycloak - PostgreSQL @@ -78,6 +78,12 @@ If Optimize, Identity, and Keycloak are not needed you can use the [docker-compo ``` docker compose -f docker-compose-core.yaml up -d ``` +**OR** + +Set parameter ```SEARCH_DB=opensearch``` in the file ```.env``` if you want to use OpenSearch instead of ElasticSearch +``` +docker compose -f docker-compose-core.yaml --profile opensearch up -d +``` ### Deploying BPMN diagrams @@ -165,10 +171,16 @@ $ docker login registry.camunda.cloud Username: your_username Password: ****** Login Succeeded -$ docker compose -f docker-compose.yaml -f docker-compose-web-modeler.yaml up -d ``` -To tear down the whole environment run the following command +#### To run Camunda Platform with Elasticsearch execute this commands + +1. Edit ```.env``` file and set parameter ```SEARCH_DB=elasticserach``` (this default value) +2. Run command +``` +$ docker compose -f docker-compose.yaml -f docker-compose-web-modeler.yaml up -d +``` +3. To tear down the whole environment with ```ElasticSearch``` run the following command ``` $ docker compose -f docker-compose.yaml -f docker-compose-web-modeler.yaml down -v @@ -181,6 +193,19 @@ Alternatively, if you want to keep the data run: $ docker compose -f docker-compose.yaml -f docker-compose-web-modeler.yaml down ``` +To run Camunda Platform with ```OpenSearch``` execute this commands + +1. Edit ```.env``` file and set parameter ```SEARCH_DB=opensearch``` +2. Run command +``` +$ docker compose -f docker-compose.yaml -f docker-compose-web-modeler.yaml --profile opensearch up -d +``` +3. To tear down the whole environment with Elasticsearch run the following command (-v is optional flag. Use it, if you want to delete all the data) + +``` +$ docker compose -f docker-compose.yaml -f docker-compose-web-modeler.yaml --profile opensearch down -v +``` + ### Login You can access Web Modeler Self-Managed and log in with the user `demo` and password `demo` at [http://localhost:8070](http://localhost:8070). diff --git a/docker-compose-core.yaml b/docker-compose-core.yaml index 8bc37582..a70af74b 100644 --- a/docker-compose-core.yaml +++ b/docker-compose-core.yaml @@ -26,7 +26,7 @@ services: - "9600:9600" - "8088:8080" env_file: - - .env.${XSEARCH}.core + - .env.${SEARCH_DB}.core environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ # allow running with low disk space - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 @@ -44,7 +44,7 @@ services: networks: - camunda-platform depends_on: - - ${XSEARCH} + - ${SEARCH_DB} operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate image: camunda/operate:${CAMUNDA_OPERATE_VERSION} @@ -53,7 +53,7 @@ services: ports: - "8081:8080" env_file: - - .env.${XSEARCH}.core + - .env.${SEARCH_DB}.core environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 - CAMUNDA_OPERATE_CSRFPREVENTIONENABLED=false @@ -69,7 +69,7 @@ services: - camunda-platform depends_on: - zeebe - - ${XSEARCH} + - ${SEARCH_DB} tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist image: camunda/tasklist:${CAMUNDA_TASKLIST_VERSION} @@ -78,7 +78,7 @@ services: ports: - "8082:8080" env_file: - - .env.${XSEARCH}.core + - .env.${SEARCH_DB}.core environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 - CAMUNDA_TASKLIST_ZEEBE_RESTADDRESS=http://zeebe:8080 @@ -95,7 +95,7 @@ services: - camunda-platform depends_on: - zeebe - - ${XSEARCH} + - ${SEARCH_DB} connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} @@ -153,6 +153,7 @@ services: - "9601:9600" restart: always healthcheck: + # Single node OpenSearch clusters are considered 'yellow', see https://github.com/opensearch-project/opensearch-build/issues/4285 test: [ "CMD-SHELL", "curl -k -f http://localhost:9200/_cluster/health -u admin:${OPENSEARCH_INITIAL_ADMIN_PASSWORD} | grep -q -E 'yellow|green'" ] interval: 60s timeout: 10s @@ -201,7 +202,7 @@ services: networks: - camunda-platform depends_on: - - ${XSEARCH} + - ${SEARCH_DB} profiles: - kibana diff --git a/docker-compose.yaml b/docker-compose.yaml index fcbd481d..99349cd6 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -26,7 +26,7 @@ services: - "9600:9600" - "8088:8080" env_file: - - .env.${XSEARCH} + - .env.${SEARCH_DB} environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_MODE=${ZEEBE_AUTHENTICATION_MODE} - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_ISSUERBACKENDURL=http://keycloak:8080/auth/realms/camunda-platform @@ -51,7 +51,7 @@ services: - camunda-platform depends_on: - identity - - ${XSEARCH} + - ${SEARCH_DB} operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate image: camunda/operate:${CAMUNDA_OPERATE_VERSION} @@ -60,7 +60,7 @@ services: ports: - "8081:8080" env_file: - - .env.${XSEARCH} + - .env.${SEARCH_DB} environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} @@ -96,7 +96,7 @@ services: depends_on: - zeebe - identity - - ${XSEARCH} + - ${SEARCH_DB} tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist image: camunda/tasklist:${CAMUNDA_TASKLIST_VERSION} @@ -105,7 +105,7 @@ services: ports: - "8082:8080" env_file: - - .env.${XSEARCH} + - .env.${SEARCH_DB} environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 - CAMUNDA_TASKLIST_ZEEBE_RESTADDRESS=http://zeebe:8080 @@ -188,7 +188,7 @@ services: ports: - "8083:8090" env_file: - - .env.${XSEARCH} + - .env.${SEARCH_DB} environment: # https://docs.camunda.io/docs/self-managed/optimize-deployment/setup/installation/#available-environment-variables - SPRING_PROFILES_ACTIVE=ccsm - CAMUNDA_OPTIMIZE_ZEEBE_ENABLED=true @@ -217,7 +217,7 @@ services: - camunda-platform depends_on: - identity - - ${XSEARCH} + - ${SEARCH_DB} identity: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#identity container_name: identity @@ -362,6 +362,7 @@ services: - "9601:9600" restart: always healthcheck: + # Single node OpenSearch clusters are considered 'yellow', see https://github.com/opensearch-project/opensearch-build/issues/4285 test: [ "CMD-SHELL", "curl -k -f http://localhost:9200/_cluster/health -u admin:${OPENSEARCH_INITIAL_ADMIN_PASSWORD} | grep -q -E 'yellow|green'" ] interval: 60s timeout: 10s @@ -410,7 +411,7 @@ services: networks: - camunda-platform depends_on: - - ${XSEARCH} + - ${SEARCH_DB} profiles: - kibana From 8169aef1b031907ad84f6c4e3ef314e7c799ee1e Mon Sep 17 00:00:00 2001 From: Yevhen Podluzhnyi Date: Tue, 10 Sep 2024 15:09:45 +0300 Subject: [PATCH 09/11] use opensearch --- .github/workflows/template-deploy.yaml | 8 ++++++++ .github/workflows/test-core-opensearch.yaml | 5 +++-- .github/workflows/test-default.opensearch.yaml | 5 +++-- .github/workflows/test-modeler.opensearch.yaml | 5 +++-- 4 files changed, 17 insertions(+), 6 deletions(-) diff --git a/.github/workflows/template-deploy.yaml b/.github/workflows/template-deploy.yaml index b141a0f2..455c4b7a 100644 --- a/.github/workflows/template-deploy.yaml +++ b/.github/workflows/template-deploy.yaml @@ -19,6 +19,11 @@ on: description: runs a single test required: false type: string + search_db: + description: runs playwright tests + required: false + default: elasticsearch + type: string jobs: test_compose_deploy: @@ -34,6 +39,9 @@ jobs: sudo killall xsp4 || true - uses: actions/checkout@v4 + - name: change search db + run: >- + sed -i 's/SEARCH_DB=elasticsearch/SEARCH_DB=opensearch/g' .env - name: Login to private registry if: ${{ inputs.directory != 'docker-compose/camunda-8.6' }} diff --git a/.github/workflows/test-core-opensearch.yaml b/.github/workflows/test-core-opensearch.yaml index 111d639f..e4323ff9 100644 --- a/.github/workflows/test-core-opensearch.yaml +++ b/.github/workflows/test-core-opensearch.yaml @@ -8,5 +8,6 @@ jobs: uses: ./.github/workflows/template-deploy.yaml secrets: inherit with: - compose_args: "-f docker-compose-core.opensearch.yaml" - run_e2e_tests: false \ No newline at end of file + compose_args: "-f docker-compose-core.opensearch.yaml --profile opensearch" + run_e2e_tests: false + search_db: opensearch \ No newline at end of file diff --git a/.github/workflows/test-default.opensearch.yaml b/.github/workflows/test-default.opensearch.yaml index 5ea5debc..d2d3169d 100644 --- a/.github/workflows/test-default.opensearch.yaml +++ b/.github/workflows/test-default.opensearch.yaml @@ -8,5 +8,6 @@ jobs: uses: ./.github/workflows/template-deploy.yaml secrets: inherit with: - compose_args: "-f docker-compose.opensearch.yaml" - run_e2e_tests: false \ No newline at end of file + compose_args: "-f docker-compose.yaml --profile opensearch" + run_e2e_tests: false + search_db: opensearch \ No newline at end of file diff --git a/.github/workflows/test-modeler.opensearch.yaml b/.github/workflows/test-modeler.opensearch.yaml index 326dce2b..096b593a 100644 --- a/.github/workflows/test-modeler.opensearch.yaml +++ b/.github/workflows/test-modeler.opensearch.yaml @@ -8,5 +8,6 @@ jobs: uses: ./.github/workflows/template-deploy.yaml secrets: inherit with: - compose_args: "-f docker-compose.opensearch.yaml -f docker-compose-web-modeler.yaml" - run_e2e_tests: true \ No newline at end of file + compose_args: "-f docker-compose.yaml -f docker-compose-web-modeler.yaml --profile opensearch" + run_e2e_tests: true + search_db: opensearch \ No newline at end of file From 5b48adfe8cb81c81cc8c0f9390afc06db7bae256 Mon Sep 17 00:00:00 2001 From: Yevhen Podluzhnyi Date: Tue, 10 Sep 2024 15:11:22 +0300 Subject: [PATCH 10/11] fix: fixed failed services --- .env.elasticsearch | 20 ++++++++-- .env.opensearch | 39 +++++++++++++++---- .github/workflows/template-deploy.yaml | 7 ++-- .github/workflows/test-core-opensearch.yaml | 4 +- .../workflows/test-default.opensearch.yaml | 2 +- .../workflows/test-modeler.opensearch.yaml | 2 +- docker-compose-core.yaml | 1 - docker-compose.yaml | 19 +++++++-- 8 files changed, 70 insertions(+), 24 deletions(-) diff --git a/.env.elasticsearch b/.env.elasticsearch index 6f659783..58e13c56 100644 --- a/.env.elasticsearch +++ b/.env.elasticsearch @@ -1,9 +1,21 @@ +# ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter +# ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200 +# CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200 +# CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 +# OPTIMIZE_ELASTICSEARCH_HOST=elasticsearch +# OPTIMIZE_ELASTICSEARCH_HTTP_PORT=9200 +# CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200 +# CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 +# ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 + + +OPTIMIZE_ELASTICSEARCH_HOST=elasticsearch +OPTIMIZE_ELASTICSEARCH_HTTP_PORT=9200 ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200 +# default is 1000, see here: https://github.com/camunda/zeebe/blob/main/exporters/elasticsearch-exporter/src/main/java/io/camunda/zeebe/exporter/ElasticsearchExporterConfiguration.java#L259 +ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200 CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 -OPTIMIZE_ELASTICSEARCH_HOST=elasticsearch -OPTIMIZE_ELASTICSEARCH_HTTP_PORT=9200 CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200 -CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 -ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 +CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 \ No newline at end of file diff --git a/.env.opensearch b/.env.opensearch index 8508eb47..20a29d7e 100644 --- a/.env.opensearch +++ b/.env.opensearch @@ -1,16 +1,39 @@ +# CAMUNDA_OPERATE_DATABASE=opensearch +# CAMUNDA_OPERATE_OPENSEARCH_URL=http://opensearch:9200 +# CAMUNDA_OPERATE_ZEEBEOPENSEARCH_URL=http://opensearch:9200 +# CAMUNDA_TASKLIST_OPENSEARCH_URL=http://opensearch:9200 +# CAMUNDA_TASKLIST_ZEEBEEOPENSEARCH_URL=http://opensearch:9200 +# camunda.tasklist.database=opensearch +# camunda.tasklist.opensearch.url=http://opensearch:9200 +# camunda.tasklist.zeebeOpensearch.url=http://opensearch:9200 +# ZEEBE_BROKER_EXPORTERS_OPENSEARCH_CLASSNAME=io.camunda.zeebe.exporter.opensearch.OpensearchExporter +# ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_INDEX_DEPLOYMENT=false +# ZEEBE_BROKER_EXPORTERS_OPENSEARCH_CLASSNAME=io.camunda.zeebe.exporter.opensearch.OpensearchExporter +# ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_URL=http://opensearch:9200 +# ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_BULK_SIZE=1 +# CAMUNDA_OPTIMIZE_DATABASE=opensearch +# CAMUNDA_OPTIMIZE_OPENSEARCH_HOST=opensearch +# CAMUNDA_OPTIMIZE_OPENSEARCH_HTTP_PORT=9200 + +# Optimize +CAMUNDA_OPTIMIZE_OPENSEARCH_HOST=opensearch +CAMUNDA_OPTIMIZE_OPENSEARCH_HTTP_PORT=9200 +CAMUNDA_OPTIMIZE_DATABASE=opensearch + +# Zeebe +ZEEBE_BROKER_EXPORTERS_OPENSEARCH_CLASSNAME=io.camunda.zeebe.exporter.opensearch.OpensearchExporter +ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_URL=http://opensearch:9200 +ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_BULK_SIZE=1 + +# Operate CAMUNDA_OPERATE_DATABASE=opensearch CAMUNDA_OPERATE_OPENSEARCH_URL=http://opensearch:9200 CAMUNDA_OPERATE_ZEEBEOPENSEARCH_URL=http://opensearch:9200 + +# Tasklist CAMUNDA_TASKLIST_OPENSEARCH_URL=http://opensearch:9200 CAMUNDA_TASKLIST_ZEEBEEOPENSEARCH_URL=http://opensearch:9200 +# CAMUNDA_TASKLIST_DATABASE=opensearch camunda.tasklist.database=opensearch camunda.tasklist.opensearch.url=http://opensearch:9200 camunda.tasklist.zeebeOpensearch.url=http://opensearch:9200 -ZEEBE_BROKER_EXPORTERS_OPENSEARCH_CLASSNAME=io.camunda.zeebe.exporter.opensearch.OpensearchExporter -ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_INDEX_DEPLOYMENT=false -ZEEBE_BROKER_EXPORTERS_OPENSEARCH_CLASSNAME=io.camunda.zeebe.exporter.opensearch.OpensearchExporter -ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_URL=http://opensearch:9200 -ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_BULK_SIZE=1 -CAMUNDA_OPTIMIZE_DATABASE=opensearch -CAMUNDA_OPTIMIZE_OPENSEARCH_HOST=opensearch -CAMUNDA_OPTIMIZE_OPENSEARCH_HTTP_PORT=9200 diff --git a/.github/workflows/template-deploy.yaml b/.github/workflows/template-deploy.yaml index 455c4b7a..a2d456f3 100644 --- a/.github/workflows/template-deploy.yaml +++ b/.github/workflows/template-deploy.yaml @@ -20,7 +20,7 @@ on: required: false type: string search_db: - description: runs playwright tests + description: elasticsearch or opensearch required: false default: elasticsearch type: string @@ -40,8 +40,9 @@ jobs: - uses: actions/checkout@v4 - name: change search db - run: >- - sed -i 's/SEARCH_DB=elasticsearch/SEARCH_DB=opensearch/g' .env + if: ${{ contains(inputs.search_db, 'opensearch') }} + run: | + sudo sed -i 's/SEARCH_DB=elasticsearch/SEARCH_DB=opensearch/g' .env - name: Login to private registry if: ${{ inputs.directory != 'docker-compose/camunda-8.6' }} diff --git a/.github/workflows/test-core-opensearch.yaml b/.github/workflows/test-core-opensearch.yaml index e4323ff9..78c89ce7 100644 --- a/.github/workflows/test-core-opensearch.yaml +++ b/.github/workflows/test-core-opensearch.yaml @@ -8,6 +8,6 @@ jobs: uses: ./.github/workflows/template-deploy.yaml secrets: inherit with: - compose_args: "-f docker-compose-core.opensearch.yaml --profile opensearch" + compose_args: "-f docker-compose-core.yaml --profile opensearch" run_e2e_tests: false - search_db: opensearch \ No newline at end of file + search_db: opensearch diff --git a/.github/workflows/test-default.opensearch.yaml b/.github/workflows/test-default.opensearch.yaml index d2d3169d..1d182384 100644 --- a/.github/workflows/test-default.opensearch.yaml +++ b/.github/workflows/test-default.opensearch.yaml @@ -10,4 +10,4 @@ jobs: with: compose_args: "-f docker-compose.yaml --profile opensearch" run_e2e_tests: false - search_db: opensearch \ No newline at end of file + search_db: opensearch diff --git a/.github/workflows/test-modeler.opensearch.yaml b/.github/workflows/test-modeler.opensearch.yaml index 096b593a..bc6077b7 100644 --- a/.github/workflows/test-modeler.opensearch.yaml +++ b/.github/workflows/test-modeler.opensearch.yaml @@ -10,4 +10,4 @@ jobs: with: compose_args: "-f docker-compose.yaml -f docker-compose-web-modeler.yaml --profile opensearch" run_e2e_tests: true - search_db: opensearch \ No newline at end of file + search_db: opensearch diff --git a/docker-compose-core.yaml b/docker-compose-core.yaml index a70af74b..f0dd3745 100644 --- a/docker-compose-core.yaml +++ b/docker-compose-core.yaml @@ -135,7 +135,6 @@ services: network.bind_host: 0.0.0.0 node.name: opensearch plugins.security.disabled: true - plugins.security.audit.config.index: myauditlogindex discovery.type: single-node discovery.seed_hosts: opensearch bootstrap.memory_lock: true diff --git a/docker-compose.yaml b/docker-compose.yaml index b5287d47..9a016505 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -33,7 +33,10 @@ services: - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_AUDIENCE=zeebe-api - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_BASEURL=http://identity:8084 - ZEEBE_BROKER_GATEWAY_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} - # default is 1000, see here: https://github.com/camunda/zeebe/blob/main/exporters/elasticsearch-exporter/src/main/java/io/camunda/zeebe/exporter/ElasticsearchExporterConfiguration.java#L259 + # - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter + # - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200 + # # default is 1000, see here: https://github.com/camunda/zeebe/blob/main/exporters/elasticsearch-exporter/src/main/java/io/camunda/zeebe/exporter/ElasticsearchExporterConfiguration.java#L259 + # - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 # allow running with low disk space - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 @@ -50,8 +53,8 @@ services: networks: - camunda-platform depends_on: - - identity - ${SEARCH_DB} + - identity operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate image: camunda/operate:${CAMUNDA_OPERATE_VERSION} @@ -66,7 +69,9 @@ services: - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} - ZEEBE_TOKEN_AUDIENCE=zeebe-api - - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/token + # - CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200 + # - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 # For more information regarding configuration with Identity see: # https://docs.camunda.io/docs/self-managed/operate-deployment/authentication/#identity - SPRING_PROFILES_ACTIVE=identity-auth @@ -113,7 +118,9 @@ services: - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache - ZEEBE_TOKEN_AUDIENCE=zeebe-api - - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/token + # - CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200 + # - CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 # For more information regarding configuration with Identity see: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/authentication/#identity - SPRING_PROFILES_ACTIVE=identity-auth @@ -142,6 +149,8 @@ services: depends_on: zeebe: condition: service_started + # elasticsearch: + # condition: service_healthy identity: condition: service_healthy @@ -192,6 +201,8 @@ services: - .env.${SEARCH_DB} environment: # https://docs.camunda.io/docs/self-managed/optimize-deployment/setup/installation/#available-environment-variables - SPRING_PROFILES_ACTIVE=ccsm + # - CAMUNDA_OPTIMIZE_OPENSEARCH_HOST=opensearch + # - CAMUNDA_OPTIMIZE_OPENSEARCH_HTTP_PORT=9200 - CAMUNDA_OPTIMIZE_ZEEBE_ENABLED=true - CAMUNDA_OPTIMIZE_ENTERPRISE=false - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_URL=http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform From 527460f1b6338f4143e17626fd5332e9a4b9314e Mon Sep 17 00:00:00 2001 From: Yevhen Podluzhnyi Date: Wed, 11 Sep 2024 09:13:47 +0300 Subject: [PATCH 11/11] fix: removed comments --- .env.elasticsearch | 11 ----------- .env.opensearch | 18 ------------------ 2 files changed, 29 deletions(-) diff --git a/.env.elasticsearch b/.env.elasticsearch index 58e13c56..fc92fe1d 100644 --- a/.env.elasticsearch +++ b/.env.elasticsearch @@ -1,14 +1,3 @@ -# ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter -# ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200 -# CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200 -# CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 -# OPTIMIZE_ELASTICSEARCH_HOST=elasticsearch -# OPTIMIZE_ELASTICSEARCH_HTTP_PORT=9200 -# CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200 -# CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 -# ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 - - OPTIMIZE_ELASTICSEARCH_HOST=elasticsearch OPTIMIZE_ELASTICSEARCH_HTTP_PORT=9200 ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter diff --git a/.env.opensearch b/.env.opensearch index 20a29d7e..f954fbfc 100644 --- a/.env.opensearch +++ b/.env.opensearch @@ -1,20 +1,3 @@ -# CAMUNDA_OPERATE_DATABASE=opensearch -# CAMUNDA_OPERATE_OPENSEARCH_URL=http://opensearch:9200 -# CAMUNDA_OPERATE_ZEEBEOPENSEARCH_URL=http://opensearch:9200 -# CAMUNDA_TASKLIST_OPENSEARCH_URL=http://opensearch:9200 -# CAMUNDA_TASKLIST_ZEEBEEOPENSEARCH_URL=http://opensearch:9200 -# camunda.tasklist.database=opensearch -# camunda.tasklist.opensearch.url=http://opensearch:9200 -# camunda.tasklist.zeebeOpensearch.url=http://opensearch:9200 -# ZEEBE_BROKER_EXPORTERS_OPENSEARCH_CLASSNAME=io.camunda.zeebe.exporter.opensearch.OpensearchExporter -# ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_INDEX_DEPLOYMENT=false -# ZEEBE_BROKER_EXPORTERS_OPENSEARCH_CLASSNAME=io.camunda.zeebe.exporter.opensearch.OpensearchExporter -# ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_URL=http://opensearch:9200 -# ZEEBE_BROKER_EXPORTERS_OPENSEARCH_ARGS_BULK_SIZE=1 -# CAMUNDA_OPTIMIZE_DATABASE=opensearch -# CAMUNDA_OPTIMIZE_OPENSEARCH_HOST=opensearch -# CAMUNDA_OPTIMIZE_OPENSEARCH_HTTP_PORT=9200 - # Optimize CAMUNDA_OPTIMIZE_OPENSEARCH_HOST=opensearch CAMUNDA_OPTIMIZE_OPENSEARCH_HTTP_PORT=9200 @@ -33,7 +16,6 @@ CAMUNDA_OPERATE_ZEEBEOPENSEARCH_URL=http://opensearch:9200 # Tasklist CAMUNDA_TASKLIST_OPENSEARCH_URL=http://opensearch:9200 CAMUNDA_TASKLIST_ZEEBEEOPENSEARCH_URL=http://opensearch:9200 -# CAMUNDA_TASKLIST_DATABASE=opensearch camunda.tasklist.database=opensearch camunda.tasklist.opensearch.url=http://opensearch:9200 camunda.tasklist.zeebeOpensearch.url=http://opensearch:9200