chore: import upstream snapshot with attribution
Integration Tests - MySQL + Elasticsearch / Detect Changes (push) Waiting to run
Integration Tests - MySQL + Elasticsearch / integration-tests-mysql-elasticsearch (push) Blocked by required conditions
Integration Tests - PostgreSQL + Elasticsearch + Redis / Detect Changes (push) Waiting to run
Integration Tests - PostgreSQL + Elasticsearch + Redis / integration-tests-postgres-elasticsearch-redis (push) Blocked by required conditions
Integration Tests - PostgreSQL + OpenSearch / Detect Changes (push) Waiting to run
Integration Tests - PostgreSQL + OpenSearch / integration-tests-postgres-opensearch (push) Blocked by required conditions
Java Checkstyle / java-checkstyle (push) Waiting to run
Maven Collate Tests / maven-collate-ci (push) Waiting to run
OpenMetadata Service Unit Tests / Detect Changes (push) Waiting to run
OpenMetadata Service Unit Tests / openmetadata-service-unit-tests (push) Blocked by required conditions
OpenMetadata Service Unit Tests / k8s_operator-unit-tests (push) Blocked by required conditions
OpenMetadata Service Unit Tests / openmetadata-service-unit-tests-status (push) Blocked by required conditions
Publish Package to Maven Central Repository / publish-maven-packages (push) Waiting to run
Integration Tests - MySQL + Elasticsearch / Detect Changes (push) Waiting to run
Integration Tests - MySQL + Elasticsearch / integration-tests-mysql-elasticsearch (push) Blocked by required conditions
Integration Tests - PostgreSQL + Elasticsearch + Redis / Detect Changes (push) Waiting to run
Integration Tests - PostgreSQL + Elasticsearch + Redis / integration-tests-postgres-elasticsearch-redis (push) Blocked by required conditions
Integration Tests - PostgreSQL + OpenSearch / Detect Changes (push) Waiting to run
Integration Tests - PostgreSQL + OpenSearch / integration-tests-postgres-opensearch (push) Blocked by required conditions
Java Checkstyle / java-checkstyle (push) Waiting to run
Maven Collate Tests / maven-collate-ci (push) Waiting to run
OpenMetadata Service Unit Tests / Detect Changes (push) Waiting to run
OpenMetadata Service Unit Tests / openmetadata-service-unit-tests (push) Blocked by required conditions
OpenMetadata Service Unit Tests / k8s_operator-unit-tests (push) Blocked by required conditions
OpenMetadata Service Unit Tests / openmetadata-service-unit-tests-status (push) Blocked by required conditions
Publish Package to Maven Central Repository / publish-maven-packages (push) Waiting to run
This commit is contained in:
@@ -0,0 +1,14 @@
|
||||
# Docker volumes location for RDF services
|
||||
# Default: Uses docker-volumes directory in current path
|
||||
# You can override this to use an external directory like:
|
||||
# DOCKER_VOLUMES_PATH=/home/user/docker-volumes
|
||||
DOCKER_VOLUMES_PATH=./docker-volumes
|
||||
|
||||
# Fuseki settings
|
||||
FUSEKI_ADMIN_PASSWORD=admin
|
||||
FUSEKI_MEMORY_MAX=4g
|
||||
FUSEKI_MEMORY_MIN=2g
|
||||
|
||||
# OpenSearch settings
|
||||
OPENSEARCH_MEMORY_MAX=4g
|
||||
OPENSEARCH_MEMORY_MIN=2g
|
||||
@@ -0,0 +1,48 @@
|
||||
# Copyright 2021 Collate
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Build stage
|
||||
FROM alpine:3 AS build
|
||||
ARG RI_VERSION="2.0.0-SNAPSHOT"
|
||||
ENV RELEASE_URL="https://github.com/open-metadata/OpenMetadata/releases/download/${RI_VERSION}-release/openmetadata-${RI_VERSION}.tar.gz"
|
||||
|
||||
RUN mkdir -p /opt/openmetadata && \
|
||||
wget ${RELEASE_URL} && \
|
||||
tar zxvf openmetadata-*.tar.gz -C /opt/openmetadata --strip-components 1 && \
|
||||
rm openmetadata-*.tar.gz
|
||||
|
||||
# Final stage
|
||||
FROM alpine:3
|
||||
ARG RI_VERSION="2.0.0-SNAPSHOT"
|
||||
ARG BUILD_DATE
|
||||
ARG COMMIT_ID
|
||||
LABEL maintainer="OpenMetadata"
|
||||
LABEL org.open-metadata.image.authors="support@openmetadata.org"
|
||||
LABEL org.open-metadata.vendor="OpenMetadata"
|
||||
LABEL org.open-metadata.release-version="$RI_VERSION"
|
||||
LABEL org.open-metadata.description="OpenMetadata is an open source platform for metadata management and discovery."
|
||||
LABEL org.open-metadata.url="https://open-metadata.org/"
|
||||
LABEL org.open-metadata.vcs-url="https://github.com/open-metadata/OpenMetadata"
|
||||
LABEL org.open-metadata.build-date=$BUILD_DATE
|
||||
LABEL org.open-metadata.commit-id=$COMMIT_ID
|
||||
|
||||
EXPOSE 8585 8586
|
||||
RUN adduser -D openmetadata && apk update && \
|
||||
apk upgrade && \
|
||||
apk add --update --no-cache bash openjdk21-jre
|
||||
|
||||
COPY --chown=openmetadata:openmetadata --from=build /opt/openmetadata /opt/openmetadata
|
||||
COPY --chmod=755 docker/openmetadata-start.sh ./
|
||||
USER openmetadata
|
||||
|
||||
WORKDIR /opt/openmetadata
|
||||
ENTRYPOINT [ "/bin/bash" ]
|
||||
CMD ["/openmetadata-start.sh"]
|
||||
@@ -0,0 +1,38 @@
|
||||
# Use eclipse-temurin which supports ARM64
|
||||
FROM eclipse-temurin:17-jre
|
||||
|
||||
# Install minimal packages
|
||||
RUN apt-get update && \
|
||||
apt-get install -y --no-install-recommends wget && \
|
||||
apt-get clean && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Set Fuseki version and paths
|
||||
ENV FUSEKI_VERSION=5.6.0
|
||||
ENV FUSEKI_HOME=/fuseki
|
||||
ENV FUSEKI_BASE=/fuseki
|
||||
|
||||
# Create fuseki user and directories
|
||||
RUN addgroup -g 1000 -S fuseki && \
|
||||
adduser -u 1000 -S fuseki -G fuseki && \
|
||||
mkdir -p ${FUSEKI_HOME} && \
|
||||
chown -R fuseki:fuseki ${FUSEKI_HOME}
|
||||
|
||||
# Switch to fuseki user
|
||||
USER fuseki
|
||||
WORKDIR ${FUSEKI_HOME}
|
||||
|
||||
# Download and install Fuseki
|
||||
RUN wget -q https://archive.apache.org/dist/jena/binaries/apache-jena-fuseki-${FUSEKI_VERSION}.tar.gz && \
|
||||
tar -xzf apache-jena-fuseki-${FUSEKI_VERSION}.tar.gz --strip-components=1 && \
|
||||
rm apache-jena-fuseki-${FUSEKI_VERSION}.tar.gz && \
|
||||
mkdir -p ${FUSEKI_HOME}/run ${FUSEKI_HOME}/databases
|
||||
|
||||
# JVM options
|
||||
ENV JVM_ARGS="-Xmx4g -Xms2g"
|
||||
|
||||
# Expose port
|
||||
EXPOSE 3030
|
||||
|
||||
# Start Fuseki with openmetadata dataset
|
||||
CMD ["sh", "-c", "mkdir -p ${FUSEKI_HOME}/databases/openmetadata && exec ${FUSEKI_HOME}/fuseki-server --update --loc=${FUSEKI_HOME}/databases/openmetadata /openmetadata"]
|
||||
@@ -0,0 +1,61 @@
|
||||
# Multi-architecture Dockerfile for Apache Jena Fuseki
|
||||
FROM eclipse-temurin:17-jre-jammy
|
||||
|
||||
# Fix for GPG signature issues and install dependencies
|
||||
RUN apt-get update || true && \
|
||||
apt-get install -y --no-install-recommends \
|
||||
wget \
|
||||
curl \
|
||||
ca-certificates \
|
||||
|| (rm -rf /var/lib/apt/lists/* && \
|
||||
apt-get clean && \
|
||||
apt-get update --fix-missing && \
|
||||
apt-get install -y --no-install-recommends wget curl ca-certificates) && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Set Fuseki version
|
||||
ENV FUSEKI_VERSION=5.6.0
|
||||
ENV FUSEKI_HOME=/fuseki
|
||||
|
||||
# Download and install Fuseki
|
||||
RUN mkdir -p ${FUSEKI_HOME} && \
|
||||
cd /tmp && \
|
||||
wget -q https://archive.apache.org/dist/jena/binaries/apache-jena-fuseki-${FUSEKI_VERSION}.tar.gz && \
|
||||
tar -xzf apache-jena-fuseki-${FUSEKI_VERSION}.tar.gz && \
|
||||
mv apache-jena-fuseki-${FUSEKI_VERSION}/* ${FUSEKI_HOME}/ && \
|
||||
rm -rf apache-jena-fuseki-${FUSEKI_VERSION}.tar.gz apache-jena-fuseki-${FUSEKI_VERSION}
|
||||
|
||||
# Create necessary directories
|
||||
RUN mkdir -p ${FUSEKI_HOME}/run && \
|
||||
mkdir -p ${FUSEKI_HOME}/databases
|
||||
|
||||
# Set working directory
|
||||
WORKDIR ${FUSEKI_HOME}
|
||||
|
||||
# Expose Fuseki port
|
||||
EXPOSE 3030
|
||||
|
||||
# Set JVM options
|
||||
ENV JVM_ARGS="-Xmx4g -Xms2g"
|
||||
|
||||
# Create entrypoint script
|
||||
RUN echo '#!/bin/bash\n\
|
||||
if [ ! -z "$ADMIN_PASSWORD" ]; then\n\
|
||||
echo "Setting admin password..."\n\
|
||||
${FUSEKI_HOME}/fuseki-server --passwd --update /fuseki/run/shiro.ini <<EOF\n\
|
||||
admin=$ADMIN_PASSWORD\n\
|
||||
EOF\n\
|
||||
fi\n\
|
||||
\n\
|
||||
# Create openmetadata database if it doesn'\''t exist\n\
|
||||
mkdir -p ${FUSEKI_HOME}/databases/openmetadata\n\
|
||||
\n\
|
||||
# Start Fuseki\n\
|
||||
exec ${FUSEKI_HOME}/fuseki-server --update --loc=${FUSEKI_HOME}/databases/openmetadata /openmetadata\n\
|
||||
' > /entrypoint.sh && chmod +x /entrypoint.sh
|
||||
|
||||
# Volume for persistent data
|
||||
VOLUME ["${FUSEKI_HOME}/databases", "${FUSEKI_HOME}/run"]
|
||||
|
||||
# Entrypoint
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
@@ -0,0 +1,36 @@
|
||||
# Multi-architecture Fuseki build
|
||||
# eclipse-temurin replaces the deprecated openjdk Docker Hub images.
|
||||
FROM --platform=$TARGETPLATFORM eclipse-temurin:17-jre-jammy
|
||||
|
||||
# Install required packages
|
||||
RUN apt-get update && \
|
||||
apt-get install -y --no-install-recommends \
|
||||
wget \
|
||||
ca-certificates && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Set Fuseki version and paths
|
||||
ENV FUSEKI_VERSION=5.6.0
|
||||
ENV FUSEKI_HOME=/fuseki
|
||||
ENV FUSEKI_BASE=/fuseki
|
||||
|
||||
# Download and install Fuseki
|
||||
WORKDIR /tmp
|
||||
RUN wget -q https://archive.apache.org/dist/jena/binaries/apache-jena-fuseki-${FUSEKI_VERSION}.tar.gz && \
|
||||
tar -xzf apache-jena-fuseki-${FUSEKI_VERSION}.tar.gz && \
|
||||
mv apache-jena-fuseki-${FUSEKI_VERSION}/* ${FUSEKI_HOME}/ && \
|
||||
rm -rf /tmp/*
|
||||
|
||||
# Create necessary directories
|
||||
RUN mkdir -p ${FUSEKI_HOME}/run ${FUSEKI_HOME}/databases
|
||||
|
||||
WORKDIR ${FUSEKI_HOME}
|
||||
|
||||
# JVM options
|
||||
ENV JVM_ARGS="-Xmx4g -Xms2g"
|
||||
|
||||
# Expose port
|
||||
EXPOSE 3030
|
||||
|
||||
# Start Fuseki with openmetadata dataset
|
||||
CMD ["sh", "-c", "mkdir -p ${FUSEKI_HOME}/databases/openmetadata && exec ${FUSEKI_HOME}/fuseki-server --update --loc=${FUSEKI_HOME}/databases/openmetadata /openmetadata"]
|
||||
@@ -0,0 +1,34 @@
|
||||
# Simple multi-platform Fuseki using official image
|
||||
FROM --platform=$BUILDPLATFORM alpine:latest AS downloader
|
||||
|
||||
RUN apk add --no-cache wget tar
|
||||
|
||||
ENV FUSEKI_VERSION=5.6.0
|
||||
WORKDIR /tmp
|
||||
|
||||
RUN wget -q https://archive.apache.org/dist/jena/binaries/apache-jena-fuseki-${FUSEKI_VERSION}.tar.gz && \
|
||||
tar -xzf apache-jena-fuseki-${FUSEKI_VERSION}.tar.gz && \
|
||||
mv apache-jena-fuseki-${FUSEKI_VERSION} /fuseki-dist
|
||||
|
||||
# Runtime: eclipse-temurin replaces the deprecated openjdk Docker Hub images.
|
||||
FROM eclipse-temurin:17-jre-jammy
|
||||
|
||||
ENV FUSEKI_HOME=/fuseki
|
||||
ENV FUSEKI_BASE=/fuseki
|
||||
|
||||
# Copy Fuseki from builder
|
||||
COPY --from=downloader /fuseki-dist ${FUSEKI_HOME}
|
||||
|
||||
# Create necessary directories
|
||||
RUN mkdir -p ${FUSEKI_HOME}/run ${FUSEKI_HOME}/databases
|
||||
|
||||
WORKDIR ${FUSEKI_HOME}
|
||||
|
||||
# Expose port
|
||||
EXPOSE 3030
|
||||
|
||||
# Default JVM options
|
||||
ENV JVM_ARGS="-Xmx4g -Xms2g"
|
||||
|
||||
# Simple entrypoint
|
||||
CMD ["sh", "-c", "mkdir -p ${FUSEKI_HOME}/databases/openmetadata && exec ${FUSEKI_HOME}/fuseki-server --update --loc=${FUSEKI_HOME}/databases/openmetadata /openmetadata"]
|
||||
@@ -0,0 +1,30 @@
|
||||
# Simple Fuseki build that works on ARM64
|
||||
# eclipse-temurin replaces the deprecated openjdk Docker Hub images.
|
||||
FROM eclipse-temurin:17-jre-jammy
|
||||
|
||||
# Set Fuseki version and paths
|
||||
ENV FUSEKI_VERSION=5.6.0
|
||||
ENV FUSEKI_HOME=/fuseki
|
||||
ENV FUSEKI_BASE=/fuseki
|
||||
|
||||
# Create directories
|
||||
RUN mkdir -p ${FUSEKI_HOME}
|
||||
|
||||
WORKDIR ${FUSEKI_HOME}
|
||||
|
||||
# Download Fuseki using ADD (doesn't require wget)
|
||||
ADD https://archive.apache.org/dist/jena/binaries/apache-jena-fuseki-${FUSEKI_VERSION}.tar.gz /tmp/fuseki.tar.gz
|
||||
|
||||
# Extract Fuseki
|
||||
RUN tar -xzf /tmp/fuseki.tar.gz --strip-components=1 -C ${FUSEKI_HOME} && \
|
||||
rm /tmp/fuseki.tar.gz && \
|
||||
mkdir -p ${FUSEKI_HOME}/run ${FUSEKI_HOME}/databases
|
||||
|
||||
# JVM options
|
||||
ENV JVM_ARGS="-Xmx4g -Xms2g"
|
||||
|
||||
# Expose port
|
||||
EXPOSE 3030
|
||||
|
||||
# Start Fuseki
|
||||
CMD ["sh", "-c", "mkdir -p ${FUSEKI_HOME}/databases/openmetadata && exec ${FUSEKI_HOME}/fuseki-server --update --loc=${FUSEKI_HOME}/databases/openmetadata /openmetadata"]
|
||||
@@ -0,0 +1,51 @@
|
||||
version: "3.9"
|
||||
|
||||
# ARM64-native Apache Jena Fuseki for RDF/Knowledge Graph storage
|
||||
services:
|
||||
fuseki:
|
||||
build:
|
||||
context: .
|
||||
dockerfile: Dockerfile.fuseki-simple
|
||||
platforms:
|
||||
- linux/arm64
|
||||
- linux/amd64
|
||||
container_name: fuseki-standalone
|
||||
hostname: fuseki
|
||||
ports:
|
||||
- "3030:3030"
|
||||
environment:
|
||||
# Admin credentials
|
||||
- ADMIN_PASSWORD=admin
|
||||
# JVM memory settings - adjust based on your system
|
||||
- JVM_ARGS=-Xmx4g -Xms2g
|
||||
# Fuseki configuration
|
||||
- FUSEKI_HOME=/fuseki
|
||||
volumes:
|
||||
# Mount directory for persistent storage (configurable via .env)
|
||||
- ${DOCKER_VOLUMES_PATH:-./docker-volumes}/fuseki/databases:/fuseki/databases
|
||||
- ${DOCKER_VOLUMES_PATH:-./docker-volumes}/fuseki/run:/fuseki/run
|
||||
networks:
|
||||
- fuseki-net
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost:3030/$/ping"]
|
||||
interval: 15s
|
||||
timeout: 10s
|
||||
retries: 5
|
||||
start_period: 30s
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
memory: 4G
|
||||
reservations:
|
||||
memory: 2G
|
||||
|
||||
networks:
|
||||
fuseki-net:
|
||||
driver: bridge
|
||||
|
||||
# Usage:
|
||||
# 1. Create the volume directory: mkdir -p fuseki-volume/run
|
||||
# 2. Build and start: docker-compose -f docker-compose-fuseki-arm64.yml up -d --build
|
||||
# 3. Access Fuseki UI: http://localhost:3030
|
||||
# 4. Login: admin/admin
|
||||
# 5. SPARQL endpoint: http://localhost:3030/openmetadata/sparql
|
||||
@@ -0,0 +1,39 @@
|
||||
version: "3.9"
|
||||
|
||||
# Official Apache Jena Fuseki with multi-platform support
|
||||
services:
|
||||
fuseki:
|
||||
# Build multi-architecture image locally using Alpine
|
||||
build:
|
||||
context: .
|
||||
dockerfile: Dockerfile.fuseki-working
|
||||
container_name: fuseki-standalone
|
||||
hostname: fuseki
|
||||
ports:
|
||||
- "3030:3030"
|
||||
environment:
|
||||
# Admin credentials
|
||||
- ADMIN_PASSWORD=admin
|
||||
# JVM memory settings
|
||||
- JVM_ARGS=-Xmx4g -Xms2g
|
||||
volumes:
|
||||
# Mount directory for persistent storage
|
||||
- ${DOCKER_VOLUMES_PATH:-./docker-volumes}/fuseki:/fuseki
|
||||
networks:
|
||||
- fuseki-net
|
||||
healthcheck:
|
||||
test: ["CMD", "wget", "-q", "-O", "-", "http://localhost:3030/$/ping"]
|
||||
interval: 15s
|
||||
timeout: 10s
|
||||
retries: 5
|
||||
start_period: 30s
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
memory: 4G
|
||||
reservations:
|
||||
memory: 2G
|
||||
|
||||
networks:
|
||||
fuseki-net:
|
||||
driver: bridge
|
||||
@@ -0,0 +1,47 @@
|
||||
# Fuseki using Rosetta 2 emulation on Apple Silicon
|
||||
services:
|
||||
fuseki:
|
||||
# Force AMD64 platform with Rosetta 2 emulation
|
||||
platform: linux/amd64
|
||||
# Build from the in-repo Dockerfile (Fuseki 5.6.0). See
|
||||
# docker-compose-fuseki.yml for the full rationale.
|
||||
build:
|
||||
context: ../rdf-store
|
||||
dockerfile: Dockerfile
|
||||
image: openmetadata-fuseki:5.6.0
|
||||
container_name: fuseki-standalone
|
||||
hostname: fuseki
|
||||
ports:
|
||||
- "3030:3030"
|
||||
environment:
|
||||
# Local-dev default — production deployments MUST override via
|
||||
# FUSEKI_ADMIN_PASSWORD / FUSEKI_OPENMETADATA_PASSWORD env vars.
|
||||
- FUSEKI_ADMIN_PASSWORD=${FUSEKI_ADMIN_PASSWORD:-admin}
|
||||
- FUSEKI_OPENMETADATA_PASSWORD=${FUSEKI_OPENMETADATA_PASSWORD:-openmetadata-secret}
|
||||
- JVM_ARGS=-Xmx8g -Xms4g
|
||||
volumes:
|
||||
# Host bind path renamed from `.../fuseki` (used by the old stain image
|
||||
# layout) to `.../fuseki-tdb2-data` so an existing host directory with
|
||||
# the previous layout isn't silently mounted at /fuseki-data — Fuseki
|
||||
# would see an empty TDB2 store and the old data would appear lost.
|
||||
# Operators upgrading can either delete the new dir to start fresh or
|
||||
# migrate old data manually.
|
||||
- ${DOCKER_VOLUMES_PATH:-./docker-volumes}/fuseki-tdb2-data:/fuseki-data
|
||||
networks:
|
||||
- fuseki-net
|
||||
healthcheck:
|
||||
test: ["CMD", "wget", "-q", "--spider", "http://localhost:3030/$/ping"]
|
||||
interval: 15s
|
||||
timeout: 10s
|
||||
retries: 5
|
||||
start_period: 30s
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
memory: 10G
|
||||
reservations:
|
||||
memory: 8G
|
||||
|
||||
networks:
|
||||
fuseki-net:
|
||||
driver: bridge
|
||||
@@ -0,0 +1,49 @@
|
||||
# Standalone Apache Jena Fuseki for RDF/Knowledge Graph storage
|
||||
services:
|
||||
fuseki:
|
||||
# Build from the in-repo Dockerfile (Fuseki 5.6.0). See
|
||||
# ../development/docker-compose-fuseki.yml for the full rationale.
|
||||
build:
|
||||
context: ../rdf-store
|
||||
dockerfile: Dockerfile
|
||||
image: openmetadata-fuseki:5.6.0
|
||||
container_name: fuseki-standalone
|
||||
hostname: fuseki
|
||||
ports:
|
||||
- "3030:3030"
|
||||
environment:
|
||||
# Local-dev default — production deployments MUST override via
|
||||
# FUSEKI_ADMIN_PASSWORD / FUSEKI_OPENMETADATA_PASSWORD env vars.
|
||||
- FUSEKI_ADMIN_PASSWORD=${FUSEKI_ADMIN_PASSWORD:-admin}
|
||||
- FUSEKI_OPENMETADATA_PASSWORD=${FUSEKI_OPENMETADATA_PASSWORD:-openmetadata-secret}
|
||||
- JVM_ARGS=-Xmx4g -Xms2g
|
||||
volumes:
|
||||
# See docker-compose-fuseki-rosetta.yml — host bind path renamed so
|
||||
# existing directories with the old stain layout aren't silently
|
||||
# mounted at the new /fuseki-data path.
|
||||
- ${DOCKER_VOLUMES_PATH:-./docker-volumes}/fuseki-tdb2-data:/fuseki-data
|
||||
networks:
|
||||
- fuseki-net
|
||||
healthcheck:
|
||||
test: ["CMD", "wget", "-q", "--spider", "http://localhost:3030/$/ping"]
|
||||
interval: 15s
|
||||
timeout: 10s
|
||||
retries: 5
|
||||
start_period: 30s
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
memory: 4G
|
||||
reservations:
|
||||
memory: 2G
|
||||
|
||||
networks:
|
||||
fuseki-net:
|
||||
driver: bridge
|
||||
|
||||
# Usage:
|
||||
# 1. Create the volume directory: mkdir -p fuseki-volume
|
||||
# 2. Start: docker-compose -f docker-compose-fuseki-standalone.yml up -d
|
||||
# 3. Access Fuseki UI: http://localhost:3030
|
||||
# 4. Login: admin/admin
|
||||
# 5. SPARQL endpoint: http://localhost:3030/openmetadata/sparql
|
||||
@@ -0,0 +1,84 @@
|
||||
# Standalone OpenSearch 3.0 with security disabled for local testing
|
||||
services:
|
||||
opensearch:
|
||||
image: opensearchproject/opensearch:3.4.0
|
||||
platform: linux/arm64 # Native ARM64 support
|
||||
container_name: opensearch-standalone
|
||||
hostname: opensearch
|
||||
environment:
|
||||
# Cluster settings
|
||||
- cluster.name=opensearch-cluster
|
||||
- node.name=opensearch-node1
|
||||
- discovery.type=single-node
|
||||
- bootstrap.memory_lock=true
|
||||
|
||||
# Disable security for local testing
|
||||
- DISABLE_SECURITY_PLUGIN=true
|
||||
- DISABLE_INSTALL_DEMO_CONFIG=true
|
||||
|
||||
# JVM memory settings - adjust based on your system
|
||||
- OPENSEARCH_JAVA_OPTS=-Xms2g -Xmx4g
|
||||
|
||||
# Performance settings
|
||||
- indices.memory.index_buffer_size=20%
|
||||
- cluster.routing.allocation.disk.threshold_enabled=false
|
||||
|
||||
# Compatibility mode for Elasticsearch clients
|
||||
- compatibility.override_main_response_version=true
|
||||
|
||||
ulimits:
|
||||
memlock:
|
||||
soft: -1
|
||||
hard: -1
|
||||
nofile:
|
||||
soft: 65536
|
||||
hard: 65536
|
||||
volumes:
|
||||
# Mount directory for persistent storage (configurable via .env)
|
||||
- ${DOCKER_VOLUMES_PATH:-./docker-volumes}/opensearch:/usr/share/opensearch/data
|
||||
ports:
|
||||
- "9200:9200"
|
||||
- "9600:9600" # Performance analyzer
|
||||
networks:
|
||||
- opensearch-net
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "curl -s http://localhost:9200/_cluster/health?pretty | grep status | grep -qE 'green|yellow' || exit 1"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 5
|
||||
start_period: 60s
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
memory: 4G
|
||||
reservations:
|
||||
memory: 2G
|
||||
|
||||
# Optional: OpenSearch Dashboards for visualization
|
||||
# Commented out to save space - uncomment if needed
|
||||
# opensearch-dashboards:
|
||||
# image: opensearchproject/opensearch-dashboards:2.19.0
|
||||
# platform: linux/arm64 # Native ARM64 support
|
||||
# container_name: opensearch-dashboards
|
||||
# ports:
|
||||
# - "5601:5601"
|
||||
# environment:
|
||||
# - OPENSEARCH_HOSTS=["http://opensearch:9200"]
|
||||
# - DISABLE_SECURITY_DASHBOARDS_PLUGIN=true
|
||||
# networks:
|
||||
# - opensearch-net
|
||||
# depends_on:
|
||||
# opensearch:
|
||||
# condition: service_healthy
|
||||
|
||||
networks:
|
||||
opensearch-net:
|
||||
driver: bridge
|
||||
|
||||
# Usage:
|
||||
# 1. Set vm.max_map_count: sudo sysctl -w vm.max_map_count=262144
|
||||
# 2. Create the volume directory: mkdir -p search-volume
|
||||
# 3. Start: docker-compose -f docker-compose-opensearch-standalone.yml up -d
|
||||
# 4. Access OpenSearch: http://localhost:9200
|
||||
# 5. Access OpenSearch Dashboards: http://localhost:5601
|
||||
# 6. No authentication required (security disabled)
|
||||
@@ -0,0 +1,559 @@
|
||||
# Copyright 2021 Collate
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
version: "3.9"
|
||||
volumes:
|
||||
ingestion-volume-dag-airflow:
|
||||
ingestion-volume-dags:
|
||||
ingestion-volume-tmp:
|
||||
es-data:
|
||||
services:
|
||||
postgresql:
|
||||
container_name: openmetadata_postgresql
|
||||
image: docker.getcollate.io/openmetadata/postgresql:2.0.0-SNAPSHOT
|
||||
restart: always
|
||||
command: "--work_mem=10MB"
|
||||
environment:
|
||||
POSTGRES_USER: postgres
|
||||
POSTGRES_PASSWORD: password
|
||||
expose:
|
||||
- 5432
|
||||
ports:
|
||||
- "5432:5432"
|
||||
volumes:
|
||||
- ./docker-volume/db-data-postgres:/var/lib/postgresql/data
|
||||
|
||||
networks:
|
||||
- app_net
|
||||
healthcheck:
|
||||
test: psql -U postgres -tAc 'select 1' -d openmetadata_db
|
||||
interval: 15s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
|
||||
elasticsearch:
|
||||
container_name: openmetadata_elasticsearch
|
||||
image: docker.elastic.co/elasticsearch/elasticsearch:9.3.0
|
||||
environment:
|
||||
- discovery.type=single-node
|
||||
- ES_JAVA_OPTS=-Xms1024m -Xmx1024m
|
||||
- xpack.security.enabled=false
|
||||
networks:
|
||||
- app_net
|
||||
ports:
|
||||
- "9200:9200"
|
||||
- "9300:9300"
|
||||
healthcheck:
|
||||
test: "curl -s http://localhost:9200/_cluster/health?pretty | grep status | grep -qE 'green|yellow' || exit 1"
|
||||
interval: 15s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
volumes:
|
||||
- es-data:/usr/share/elasticsearch/data
|
||||
|
||||
execute-migrate-all:
|
||||
container_name: execute_migrate_all
|
||||
image: docker.getcollate.io/openmetadata/server:2.0.0-SNAPSHOT
|
||||
command: "./bootstrap/openmetadata-ops.sh migrate"
|
||||
environment:
|
||||
OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata}
|
||||
SERVER_PORT: ${SERVER_PORT:-8585}
|
||||
SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586}
|
||||
LOG_LEVEL: ${LOG_LEVEL:-INFO}
|
||||
|
||||
# Migration
|
||||
MIGRATION_LIMIT_PARAM: ${MIGRATION_LIMIT_PARAM:-1200}
|
||||
|
||||
# OpenMetadata Server Authentication Configuration
|
||||
AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer}
|
||||
AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter}
|
||||
AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]}
|
||||
AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]}
|
||||
AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]}
|
||||
AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"}
|
||||
AUTHORIZER_ALLOWED_DOMAINS: ${AUTHORIZER_ALLOWED_DOMAINS:-[]}
|
||||
AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false}
|
||||
AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false}
|
||||
AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic}
|
||||
AUTHENTICATION_RESPONSE_TYPE: ${AUTHENTICATION_RESPONSE_TYPE:-id_token}
|
||||
CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""}
|
||||
AUTHENTICATION_PUBLIC_KEYS: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]}
|
||||
AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
|
||||
AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""}
|
||||
AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""}
|
||||
AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]}
|
||||
AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING:-[]}
|
||||
AUTHENTICATION_ENABLE_SELF_SIGNUP: ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true}
|
||||
AUTHENTICATION_CLIENT_TYPE: ${AUTHENTICATION_CLIENT_TYPE:-public}
|
||||
#For OIDC Authentication, when client is confidential
|
||||
OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-""}
|
||||
OIDC_TYPE: ${OIDC_TYPE:-""} # google, azure etc.
|
||||
OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET:-""}
|
||||
OIDC_SCOPE: ${OIDC_SCOPE:-"openid email profile"}
|
||||
OIDC_DISCOVERY_URI: ${OIDC_DISCOVERY_URI:-""}
|
||||
OIDC_USE_NONCE: ${OIDC_USE_NONCE:-true}
|
||||
OIDC_PREFERRED_JWS: ${OIDC_PREFERRED_JWS:-"RS256"}
|
||||
OIDC_RESPONSE_TYPE: ${OIDC_RESPONSE_TYPE:-"code"}
|
||||
OIDC_DISABLE_PKCE: ${OIDC_DISABLE_PKCE:-true}
|
||||
OIDC_CALLBACK: ${OIDC_CALLBACK:-"http://localhost:8585/callback"}
|
||||
OIDC_SERVER_URL: ${OIDC_SERVER_URL:-"http://localhost:8585"}
|
||||
OIDC_CLIENT_AUTH_METHOD: ${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"}
|
||||
OIDC_TENANT: ${OIDC_TENANT:-""}
|
||||
OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""}
|
||||
OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}}
|
||||
OIDC_MAX_AGE: ${OIDC_MAX_AGE:-"0"}
|
||||
OIDC_PROMPT_TYPE: ${OIDC_PROMPT_TYPE:-"consent"}
|
||||
OIDC_SESSION_EXPIRY: ${OIDC_SESSION_EXPIRY:-"604800"}
|
||||
AUTHENTICATION_SESSION_EXPIRY: ${AUTHENTICATION_SESSION_EXPIRY:-"604800"}
|
||||
AUTHENTICATION_MAX_ACTIVE_SESSIONS_PER_USER: ${AUTHENTICATION_MAX_ACTIVE_SESSIONS_PER_USER:-5}
|
||||
# For SAML Authentication
|
||||
# SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false}
|
||||
# SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""}
|
||||
# SAML_IDP_SSO_LOGIN_URL: ${SAML_IDP_SSO_LOGIN_URL:-""}
|
||||
# SAML_IDP_CERTIFICATE: ${SAML_IDP_CERTIFICATE:-""}
|
||||
# SAML_AUTHORITY_URL: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"}
|
||||
# SAML_IDP_NAME_ID: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"}
|
||||
# SAML_SP_ENTITY_ID: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"}
|
||||
# SAML_SP_ACS: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"}
|
||||
# SAML_SP_CERTIFICATE: ${SAML_SP_CERTIFICATE:-""}
|
||||
# SAML_SP_CALLBACK: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"}
|
||||
# SAML_STRICT_MODE: ${SAML_STRICT_MODE:-false}
|
||||
# SAML_SP_TOKEN_VALIDITY: ${SAML_SP_TOKEN_VALIDITY:-"3600"}
|
||||
# SAML_SEND_ENCRYPTED_NAME_ID: ${SAML_SEND_ENCRYPTED_NAME_ID:-false}
|
||||
# SAML_SEND_SIGNED_AUTH_REQUEST: ${SAML_SEND_SIGNED_AUTH_REQUEST:-false}
|
||||
# SAML_SIGNED_SP_METADATA: ${SAML_SIGNED_SP_METADATA:-false}
|
||||
# SAML_WANT_MESSAGE_SIGNED: ${SAML_WANT_MESSAGE_SIGNED:-false}
|
||||
# SAML_WANT_ASSERTION_SIGNED: ${SAML_WANT_ASSERTION_SIGNED:-false}
|
||||
# SAML_WANT_ASSERTION_ENCRYPTED: ${SAML_WANT_ASSERTION_ENCRYPTED:-false}
|
||||
# SAML_WANT_NAME_ID_ENCRYPTED: ${SAML_WANT_NAME_ID_ENCRYPTED:-false}
|
||||
# SAML_KEYSTORE_FILE_PATH: ${SAML_KEYSTORE_FILE_PATH:-""}
|
||||
# SAML_KEYSTORE_ALIAS: ${SAML_KEYSTORE_ALIAS:-""}
|
||||
# SAML_KEYSTORE_PASSWORD: ${SAML_KEYSTORE_PASSWORD:-""}
|
||||
# For LDAP Authentication
|
||||
# AUTHENTICATION_LDAP_HOST: ${AUTHENTICATION_LDAP_HOST:-}
|
||||
# AUTHENTICATION_LDAP_PORT: ${AUTHENTICATION_LDAP_PORT:-}
|
||||
# AUTHENTICATION_LOOKUP_ADMIN_DN: ${AUTHENTICATION_LOOKUP_ADMIN_DN:-""}
|
||||
# AUTHENTICATION_LOOKUP_ADMIN_PWD: ${AUTHENTICATION_LOOKUP_ADMIN_PWD:-""}
|
||||
# AUTHENTICATION_USER_LOOKUP_BASEDN: ${AUTHENTICATION_USER_LOOKUP_BASEDN:-""}
|
||||
# AUTHENTICATION_USER_MAIL_ATTR: ${AUTHENTICATION_USER_MAIL_ATTR:-}
|
||||
# AUTHENTICATION_LDAP_POOL_SIZE: ${AUTHENTICATION_LDAP_POOL_SIZE:-3}
|
||||
# AUTHENTICATION_LDAP_SSL_ENABLED: ${AUTHENTICATION_LDAP_SSL_ENABLED:-}
|
||||
# AUTHENTICATION_LDAP_TRUSTSTORE_TYPE: ${AUTHENTICATION_LDAP_TRUSTSTORE_TYPE:-TrustAll}
|
||||
# AUTHENTICATION_LDAP_TRUSTSTORE_PATH: ${AUTHENTICATION_LDAP_TRUSTSTORE_PATH:-}
|
||||
# AUTHENTICATION_LDAP_KEYSTORE_PASSWORD: ${AUTHENTICATION_LDAP_KEYSTORE_PASSWORD:-}
|
||||
# AUTHENTICATION_LDAP_SSL_KEY_FORMAT: ${AUTHENTICATION_LDAP_SSL_KEY_FORMAT:-}
|
||||
# AUTHENTICATION_LDAP_ALLOW_WILDCARDS: ${AUTHENTICATION_LDAP_ALLOW_WILDCARDS:-}
|
||||
# AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES: ${AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES:-[]}
|
||||
# AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST: ${AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST:-}
|
||||
# AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES: ${AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES:-true}
|
||||
|
||||
# JWT Configuration
|
||||
RSA_PUBLIC_KEY_FILE_PATH: ${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"}
|
||||
RSA_PRIVATE_KEY_FILE_PATH: ${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"}
|
||||
JWT_ISSUER: ${JWT_ISSUER:-"open-metadata.org"}
|
||||
JWT_KEY_ID: ${JWT_KEY_ID:-"Gb389a-9f76-gdjs-a92j-0242bk94356"}
|
||||
# OpenMetadata Server Pipeline Service Client Configuration
|
||||
PIPELINE_SERVICE_CLIENT_ENDPOINT: ${PIPELINE_SERVICE_CLIENT_ENDPOINT:-http://ingestion:8080}
|
||||
PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL: ${PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL:-300}
|
||||
SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api}
|
||||
PIPELINE_SERVICE_CLIENT_VERIFY_SSL: ${PIPELINE_SERVICE_CLIENT_VERIFY_SSL:-"no-ssl"}
|
||||
PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH: ${PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH:-""}
|
||||
#Database configuration for postgresql
|
||||
DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-org.postgresql.Driver}
|
||||
DB_SCHEME: ${DB_SCHEME:-postgresql}
|
||||
DB_PARAMS: ${DB_PARAMS:-allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC}
|
||||
DB_USER: ${DB_USER:-openmetadata_user}
|
||||
DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password}
|
||||
DB_HOST: ${DB_HOST:-postgresql}
|
||||
DB_PORT: ${DB_PORT:-5432}
|
||||
OM_DATABASE: ${OM_DATABASE:-openmetadata_db}
|
||||
# ElasticSearch Configurations
|
||||
ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:- elasticsearch}
|
||||
ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200}
|
||||
ELASTICSEARCH_SCHEME: ${ELASTICSEARCH_SCHEME:-http}
|
||||
ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""}
|
||||
ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""}
|
||||
SEARCH_TYPE: ${SEARCH_TYPE:- "elasticsearch"}
|
||||
ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""}
|
||||
ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""}
|
||||
ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5}
|
||||
ELASTICSEARCH_SOCKET_TIMEOUT_SECS: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60}
|
||||
ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS: ${ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS:-600}
|
||||
ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-100}
|
||||
ELASTICSEARCH_PAYLOAD_BYTES_SIZE: ${ELASTICSEARCH_PAYLOAD_BYTES_SIZE:-10485760} #max payLoadSize in Bytes
|
||||
ELASTICSEARCH_INDEX_MAPPING_LANG: ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN}
|
||||
# AWS IAM Authentication for OpenSearch (auto-enabled when AWS_DEFAULT_REGION is set)
|
||||
# Uses standard AWS env vars: https://docs.aws.amazon.com/cli/v1/userguide/cli-configure-envvars.html
|
||||
AWS_DEFAULT_REGION: ${AWS_DEFAULT_REGION:-""}
|
||||
AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID:-""}
|
||||
AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY:-""}
|
||||
AWS_SESSION_TOKEN: ${AWS_SESSION_TOKEN:-""}
|
||||
SEARCH_AWS_SERVICE_NAME: ${SEARCH_AWS_SERVICE_NAME:-"es"}
|
||||
|
||||
#eventMonitoringConfiguration
|
||||
EVENT_MONITOR: ${EVENT_MONITOR:-prometheus}
|
||||
EVENT_MONITOR_BATCH_SIZE: ${EVENT_MONITOR_BATCH_SIZE:-10}
|
||||
EVENT_MONITOR_PATH_PATTERN: ${EVENT_MONITOR_PATH_PATTERN:-["/api/v1/tables/*", "/api/v1/health-check"]}
|
||||
EVENT_MONITOR_LATENCY: ${EVENT_MONITOR_LATENCY:-[]}
|
||||
|
||||
#pipelineServiceClientConfiguration
|
||||
PIPELINE_SERVICE_CLIENT_ENABLED: ${PIPELINE_SERVICE_CLIENT_ENABLED:-true}
|
||||
PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"}
|
||||
PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false}
|
||||
PIPELINE_SERVICE_CLIENT_HOST_IP: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""}
|
||||
PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER: ${PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER:-"noop"}
|
||||
#airflow parameters
|
||||
AIRFLOW_USERNAME: ${AIRFLOW_USERNAME:-admin}
|
||||
AIRFLOW_PASSWORD: ${AIRFLOW_PASSWORD:-admin}
|
||||
AIRFLOW_TIMEOUT: ${AIRFLOW_TIMEOUT:-10}
|
||||
AIRFLOW_TRUST_STORE_PATH: ${AIRFLOW_TRUST_STORE_PATH:-""}
|
||||
AIRFLOW_TRUST_STORE_PASSWORD: ${AIRFLOW_TRUST_STORE_PASSWORD:-""}
|
||||
FERNET_KEY: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=}
|
||||
|
||||
#secretsManagerConfiguration
|
||||
SECRET_MANAGER: ${SECRET_MANAGER:-db}
|
||||
# AWS:
|
||||
OM_SM_REGION: ${OM_SM_REGION:-""}
|
||||
OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""}
|
||||
OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""}
|
||||
# Azure:
|
||||
OM_SM_VAULT_NAME: ${OM_SM_VAULT_NAME:-""}
|
||||
OM_SM_CLIENT_ID: ${OM_SM_CLIENT_ID:-""}
|
||||
OM_SM_CLIENT_SECRET: ${OM_SM_CLIENT_SECRET:-""}
|
||||
OM_SM_TENANT_ID: ${OM_SM_TENANT_ID:-""}
|
||||
|
||||
#email configuration:
|
||||
OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"}
|
||||
OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"}
|
||||
AUTHORIZER_ENABLE_SMTP : ${AUTHORIZER_ENABLE_SMTP:-false}
|
||||
OPENMETADATA_SERVER_URL: ${OPENMETADATA_SERVER_URL:-""}
|
||||
OPENMETADATA_SMTP_SENDER_MAIL: ${OPENMETADATA_SMTP_SENDER_MAIL:-""}
|
||||
SMTP_SERVER_ENDPOINT: ${SMTP_SERVER_ENDPOINT:-""}
|
||||
SMTP_SERVER_PORT: ${SMTP_SERVER_PORT:-""}
|
||||
SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""}
|
||||
SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""}
|
||||
SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"}
|
||||
|
||||
# Heap OPTS Configurations
|
||||
OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G}
|
||||
# Mask passwords values in UI
|
||||
MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false}
|
||||
|
||||
#OpenMetadata Web Configuration
|
||||
WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"}
|
||||
#HSTS
|
||||
WEB_CONF_HSTS_ENABLED: ${WEB_CONF_HSTS_ENABLED:-false}
|
||||
WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"}
|
||||
WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"}
|
||||
WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"}
|
||||
#Frame Options
|
||||
WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false}
|
||||
WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"}
|
||||
WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""}
|
||||
#Content Type
|
||||
WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false}
|
||||
#XSS-Protection
|
||||
WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false}
|
||||
WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true}
|
||||
WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true}
|
||||
#CSP
|
||||
WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false}
|
||||
WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"}
|
||||
WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""}
|
||||
#Referrer-Policy
|
||||
WEB_CONF_REFERRER_POLICY_ENABLED: ${WEB_CONF_REFERRER_POLICY_ENABLED:-false}
|
||||
WEB_CONF_REFERRER_POLICY_OPTION: ${WEB_CONF_REFERRER_POLICY_OPTION:-"SAME_ORIGIN"}
|
||||
#Permission-Policy
|
||||
WEB_CONF_PERMISSION_POLICY_ENABLED: ${WEB_CONF_PERMISSION_POLICY_ENABLED:-false}
|
||||
WEB_CONF_PERMISSION_POLICY_OPTION: ${WEB_CONF_PERMISSION_POLICY_OPTION:-""}
|
||||
#Cache
|
||||
WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""}
|
||||
WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""}
|
||||
depends_on:
|
||||
elasticsearch:
|
||||
condition: service_healthy
|
||||
postgresql:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- app_net
|
||||
|
||||
openmetadata-server:
|
||||
container_name: openmetadata_server
|
||||
restart: always
|
||||
image: docker.getcollate.io/openmetadata/server:2.0.0-SNAPSHOT
|
||||
environment:
|
||||
OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata}
|
||||
SERVER_PORT: ${SERVER_PORT:-8585}
|
||||
SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586}
|
||||
LOG_LEVEL: ${LOG_LEVEL:-INFO}
|
||||
|
||||
# OpenMetadata Server Authentication Configuration
|
||||
AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer}
|
||||
AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter}
|
||||
AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]}
|
||||
AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]}
|
||||
AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]}
|
||||
AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"}
|
||||
AUTHORIZER_ALLOWED_DOMAINS: ${AUTHORIZER_ALLOWED_DOMAINS:-[]}
|
||||
AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false}
|
||||
AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false}
|
||||
AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic}
|
||||
AUTHENTICATION_RESPONSE_TYPE: ${AUTHENTICATION_RESPONSE_TYPE:-id_token}
|
||||
CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""}
|
||||
AUTHENTICATION_PUBLIC_KEYS: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]}
|
||||
AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
|
||||
AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""}
|
||||
AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""}
|
||||
AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]}
|
||||
AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING:-[]}
|
||||
AUTHENTICATION_ENABLE_SELF_SIGNUP: ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true}
|
||||
AUTHENTICATION_CLIENT_TYPE: ${AUTHENTICATION_CLIENT_TYPE:-public}
|
||||
#For OIDC Authentication, when client is confidential
|
||||
OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-""}
|
||||
OIDC_TYPE: ${OIDC_TYPE:-""} # google, azure etc.
|
||||
OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET:-""}
|
||||
OIDC_SCOPE: ${OIDC_SCOPE:-"openid email profile"}
|
||||
OIDC_DISCOVERY_URI: ${OIDC_DISCOVERY_URI:-""}
|
||||
OIDC_USE_NONCE: ${OIDC_USE_NONCE:-true}
|
||||
OIDC_PREFERRED_JWS: ${OIDC_PREFERRED_JWS:-"RS256"}
|
||||
OIDC_RESPONSE_TYPE: ${OIDC_RESPONSE_TYPE:-"code"}
|
||||
OIDC_DISABLE_PKCE: ${OIDC_DISABLE_PKCE:-true}
|
||||
OIDC_CALLBACK: ${OIDC_CALLBACK:-"http://localhost:8585/callback"}
|
||||
OIDC_SERVER_URL: ${OIDC_SERVER_URL:-"http://localhost:8585"}
|
||||
OIDC_CLIENT_AUTH_METHOD: ${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"}
|
||||
OIDC_TENANT: ${OIDC_TENANT:-""}
|
||||
OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""}
|
||||
OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}}
|
||||
OIDC_MAX_AGE: ${OIDC_MAX_AGE:-"0"}
|
||||
OIDC_PROMPT_TYPE: ${OIDC_PROMPT_TYPE:-"consent"}
|
||||
OIDC_SESSION_EXPIRY: ${OIDC_SESSION_EXPIRY:-"604800"}
|
||||
AUTHENTICATION_SESSION_EXPIRY: ${AUTHENTICATION_SESSION_EXPIRY:-"604800"}
|
||||
AUTHENTICATION_MAX_ACTIVE_SESSIONS_PER_USER: ${AUTHENTICATION_MAX_ACTIVE_SESSIONS_PER_USER:-5}
|
||||
# For SAML Authentication
|
||||
# SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false}
|
||||
# SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""}
|
||||
# SAML_IDP_SSO_LOGIN_URL: ${SAML_IDP_SSO_LOGIN_URL:-""}
|
||||
# SAML_IDP_CERTIFICATE: ${SAML_IDP_CERTIFICATE:-""}
|
||||
# SAML_AUTHORITY_URL: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"}
|
||||
# SAML_IDP_NAME_ID: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"}
|
||||
# SAML_SP_ENTITY_ID: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"}
|
||||
# SAML_SP_ACS: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"}
|
||||
# SAML_SP_CERTIFICATE: ${SAML_SP_CERTIFICATE:-""}
|
||||
# SAML_SP_CALLBACK: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"}
|
||||
# SAML_STRICT_MODE: ${SAML_STRICT_MODE:-false}
|
||||
# SAML_SP_TOKEN_VALIDITY: ${SAML_SP_TOKEN_VALIDITY:-"3600"}
|
||||
# SAML_SEND_ENCRYPTED_NAME_ID: ${SAML_SEND_ENCRYPTED_NAME_ID:-false}
|
||||
# SAML_SEND_SIGNED_AUTH_REQUEST: ${SAML_SEND_SIGNED_AUTH_REQUEST:-false}
|
||||
# SAML_SIGNED_SP_METADATA: ${SAML_SIGNED_SP_METADATA:-false}
|
||||
# SAML_WANT_MESSAGE_SIGNED: ${SAML_WANT_MESSAGE_SIGNED:-false}
|
||||
# SAML_WANT_ASSERTION_SIGNED: ${SAML_WANT_ASSERTION_SIGNED:-false}
|
||||
# SAML_WANT_ASSERTION_ENCRYPTED: ${SAML_WANT_ASSERTION_ENCRYPTED:-false}
|
||||
# SAML_WANT_NAME_ID_ENCRYPTED: ${SAML_WANT_NAME_ID_ENCRYPTED:-false}
|
||||
# SAML_KEYSTORE_FILE_PATH: ${SAML_KEYSTORE_FILE_PATH:-""}
|
||||
# SAML_KEYSTORE_ALIAS: ${SAML_KEYSTORE_ALIAS:-""}
|
||||
# SAML_KEYSTORE_PASSWORD: ${SAML_KEYSTORE_PASSWORD:-""}
|
||||
# For LDAP Authentication
|
||||
# AUTHENTICATION_LDAP_HOST: ${AUTHENTICATION_LDAP_HOST:-}
|
||||
# AUTHENTICATION_LDAP_PORT: ${AUTHENTICATION_LDAP_PORT:-}
|
||||
# AUTHENTICATION_LOOKUP_ADMIN_DN: ${AUTHENTICATION_LOOKUP_ADMIN_DN:-""}
|
||||
# AUTHENTICATION_LOOKUP_ADMIN_PWD: ${AUTHENTICATION_LOOKUP_ADMIN_PWD:-""}
|
||||
# AUTHENTICATION_USER_LOOKUP_BASEDN: ${AUTHENTICATION_USER_LOOKUP_BASEDN:-""}
|
||||
# AUTHENTICATION_USER_MAIL_ATTR: ${AUTHENTICATION_USER_MAIL_ATTR:-}
|
||||
# AUTHENTICATION_LDAP_POOL_SIZE: ${AUTHENTICATION_LDAP_POOL_SIZE:-3}
|
||||
# AUTHENTICATION_LDAP_SSL_ENABLED: ${AUTHENTICATION_LDAP_SSL_ENABLED:-}
|
||||
# AUTHENTICATION_LDAP_TRUSTSTORE_TYPE: ${AUTHENTICATION_LDAP_TRUSTSTORE_TYPE:-TrustAll}
|
||||
# AUTHENTICATION_LDAP_TRUSTSTORE_PATH: ${AUTHENTICATION_LDAP_TRUSTSTORE_PATH:-}
|
||||
# AUTHENTICATION_LDAP_KEYSTORE_PASSWORD: ${AUTHENTICATION_LDAP_KEYSTORE_PASSWORD:-}
|
||||
# AUTHENTICATION_LDAP_SSL_KEY_FORMAT: ${AUTHENTICATION_LDAP_SSL_KEY_FORMAT:-}
|
||||
# AUTHENTICATION_LDAP_ALLOW_WILDCARDS: ${AUTHENTICATION_LDAP_ALLOW_WILDCARDS:-}
|
||||
# AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES: ${AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES:-[]}
|
||||
# AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST: ${AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST:-}
|
||||
# AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES: ${AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES:-true}
|
||||
|
||||
# JWT Configuration
|
||||
RSA_PUBLIC_KEY_FILE_PATH: ${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"}
|
||||
RSA_PRIVATE_KEY_FILE_PATH: ${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"}
|
||||
JWT_ISSUER: ${JWT_ISSUER:-"open-metadata.org"}
|
||||
JWT_KEY_ID: ${JWT_KEY_ID:-"Gb389a-9f76-gdjs-a92j-0242bk94356"}
|
||||
# OpenMetadata Server Pipeline Service Client Configuration
|
||||
PIPELINE_SERVICE_CLIENT_ENDPOINT: ${PIPELINE_SERVICE_CLIENT_ENDPOINT:-http://ingestion:8080}
|
||||
PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL: ${PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL:-300}
|
||||
SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api}
|
||||
PIPELINE_SERVICE_CLIENT_VERIFY_SSL: ${PIPELINE_SERVICE_CLIENT_VERIFY_SSL:-"no-ssl"}
|
||||
PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH: ${PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH:-""}
|
||||
#Database configuration for postgresql
|
||||
DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-org.postgresql.Driver}
|
||||
DB_SCHEME: ${DB_SCHEME:-postgresql}
|
||||
DB_PARAMS: ${DB_PARAMS:-allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC}
|
||||
DB_USER: ${DB_USER:-openmetadata_user}
|
||||
DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password}
|
||||
DB_HOST: ${DB_HOST:-postgresql}
|
||||
DB_PORT: ${DB_PORT:-5432}
|
||||
OM_DATABASE: ${OM_DATABASE:-openmetadata_db}
|
||||
# ElasticSearch Configurations
|
||||
ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:- elasticsearch}
|
||||
ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200}
|
||||
ELASTICSEARCH_SCHEME: ${ELASTICSEARCH_SCHEME:-http}
|
||||
ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""}
|
||||
ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""}
|
||||
SEARCH_TYPE: ${SEARCH_TYPE:- "elasticsearch"}
|
||||
ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""}
|
||||
ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""}
|
||||
ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5}
|
||||
ELASTICSEARCH_SOCKET_TIMEOUT_SECS: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60}
|
||||
ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS: ${ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS:-600}
|
||||
ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-100}
|
||||
ELASTICSEARCH_PAYLOAD_BYTES_SIZE: ${ELASTICSEARCH_PAYLOAD_BYTES_SIZE:-10485760} #max payLoadSize in Bytes
|
||||
ELASTICSEARCH_INDEX_MAPPING_LANG: ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN}
|
||||
# AWS IAM Authentication for OpenSearch (auto-enabled when AWS_DEFAULT_REGION is set)
|
||||
# Uses standard AWS env vars: https://docs.aws.amazon.com/cli/v1/userguide/cli-configure-envvars.html
|
||||
AWS_DEFAULT_REGION: ${AWS_DEFAULT_REGION:-""}
|
||||
AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID:-""}
|
||||
AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY:-""}
|
||||
AWS_SESSION_TOKEN: ${AWS_SESSION_TOKEN:-""}
|
||||
SEARCH_AWS_SERVICE_NAME: ${SEARCH_AWS_SERVICE_NAME:-"es"}
|
||||
|
||||
#eventMonitoringConfiguration
|
||||
EVENT_MONITOR: ${EVENT_MONITOR:-prometheus}
|
||||
EVENT_MONITOR_BATCH_SIZE: ${EVENT_MONITOR_BATCH_SIZE:-10}
|
||||
EVENT_MONITOR_PATH_PATTERN: ${EVENT_MONITOR_PATH_PATTERN:-["/api/v1/tables/*", "/api/v1/health-check"]}
|
||||
EVENT_MONITOR_LATENCY: ${EVENT_MONITOR_LATENCY:-[]}
|
||||
|
||||
#pipelineServiceClientConfiguration
|
||||
PIPELINE_SERVICE_CLIENT_ENABLED: ${PIPELINE_SERVICE_CLIENT_ENABLED:-true}
|
||||
PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"}
|
||||
PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false}
|
||||
PIPELINE_SERVICE_CLIENT_HOST_IP: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""}
|
||||
PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER: ${PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER:-"noop"}
|
||||
#airflow parameters
|
||||
AIRFLOW_USERNAME: ${AIRFLOW_USERNAME:-admin}
|
||||
AIRFLOW_PASSWORD: ${AIRFLOW_PASSWORD:-admin}
|
||||
AIRFLOW_TIMEOUT: ${AIRFLOW_TIMEOUT:-10}
|
||||
AIRFLOW_TRUST_STORE_PATH: ${AIRFLOW_TRUST_STORE_PATH:-""}
|
||||
AIRFLOW_TRUST_STORE_PASSWORD: ${AIRFLOW_TRUST_STORE_PASSWORD:-""}
|
||||
FERNET_KEY: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=}
|
||||
|
||||
#secretsManagerConfiguration
|
||||
SECRET_MANAGER: ${SECRET_MANAGER:-db}
|
||||
#parameters:
|
||||
OM_SM_REGION: ${OM_SM_REGION:-""}
|
||||
OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""}
|
||||
OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""}
|
||||
|
||||
#email configuration:
|
||||
OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"}
|
||||
OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"}
|
||||
AUTHORIZER_ENABLE_SMTP : ${AUTHORIZER_ENABLE_SMTP:-false}
|
||||
OPENMETADATA_SERVER_URL: ${OPENMETADATA_SERVER_URL:-""}
|
||||
OPENMETADATA_SMTP_SENDER_MAIL: ${OPENMETADATA_SMTP_SENDER_MAIL:-""}
|
||||
SMTP_SERVER_ENDPOINT: ${SMTP_SERVER_ENDPOINT:-""}
|
||||
SMTP_SERVER_PORT: ${SMTP_SERVER_PORT:-""}
|
||||
SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""}
|
||||
SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""}
|
||||
SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"}
|
||||
|
||||
# Heap OPTS Configurations
|
||||
OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G}
|
||||
# Mask passwords values in UI
|
||||
MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false}
|
||||
|
||||
#OpenMetadata Web Configuration
|
||||
WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"}
|
||||
#HSTS
|
||||
WEB_CONF_HSTS_ENABLED: ${WEB_CONF_HSTS_ENABLED:-false}
|
||||
WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"}
|
||||
WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"}
|
||||
WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"}
|
||||
#Frame Options
|
||||
WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false}
|
||||
WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"}
|
||||
WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""}
|
||||
#Content Type
|
||||
WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false}
|
||||
#XSS-Protection
|
||||
WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false}
|
||||
WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true}
|
||||
WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true}
|
||||
#CSP
|
||||
WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false}
|
||||
WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"}
|
||||
WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""}
|
||||
#Cache
|
||||
WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""}
|
||||
WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""}
|
||||
expose:
|
||||
- 8585
|
||||
- 8586
|
||||
ports:
|
||||
- "8585:8585"
|
||||
- "8586:8586"
|
||||
depends_on:
|
||||
elasticsearch:
|
||||
condition: service_healthy
|
||||
postgresql:
|
||||
condition: service_healthy
|
||||
execute-migrate-all:
|
||||
condition: service_completed_successfully
|
||||
networks:
|
||||
- app_net
|
||||
healthcheck:
|
||||
test: [ "CMD", "wget", "-q", "--spider", "http://localhost:8586/healthcheck" ]
|
||||
|
||||
ingestion:
|
||||
container_name: openmetadata_ingestion
|
||||
image: docker.getcollate.io/openmetadata/ingestion:2.0.0-SNAPSHOT
|
||||
depends_on:
|
||||
elasticsearch:
|
||||
condition: service_started
|
||||
postgresql:
|
||||
condition: service_healthy
|
||||
openmetadata-server:
|
||||
condition: service_started
|
||||
environment:
|
||||
AIRFLOW__API__AUTH_BACKENDS: "airflow.api.auth.backend.basic_auth,airflow.api.auth.backend.session"
|
||||
AIRFLOW__CORE__EXECUTOR: LocalExecutor
|
||||
AIRFLOW__OPENMETADATA_AIRFLOW_APIS__DAG_GENERATED_CONFIGS: "/opt/airflow/dag_generated_configs"
|
||||
DB_HOST: ${AIRFLOW_DB_HOST:-postgresql}
|
||||
DB_PORT: ${AIRFLOW_DB_PORT:-5432}
|
||||
AIRFLOW_DB: ${AIRFLOW_DB:-airflow_db}
|
||||
DB_USER: ${AIRFLOW_DB_USER:-airflow_user}
|
||||
DB_SCHEME: ${AIRFLOW_DB_SCHEME:-postgresql+psycopg2}
|
||||
DB_PASSWORD: ${AIRFLOW_DB_PASSWORD:-airflow_pass}
|
||||
# extra connection-string properties for the database
|
||||
# EXAMPLE
|
||||
# require SSL (only for Postgres)
|
||||
# properties: "?sslmode=require"
|
||||
DB_PROPERTIES: ${AIRFLOW_DB_PROPERTIES:-}
|
||||
# To test the lineage backend
|
||||
# AIRFLOW__LINEAGE__BACKEND: airflow_provider_openmetadata.lineage.backend.OpenMetadataLineageBackend
|
||||
# AIRFLOW__LINEAGE__AIRFLOW_SERVICE_NAME: local_airflow
|
||||
# AIRFLOW__LINEAGE__OPENMETADATA_API_ENDPOINT: http://openmetadata-server:8585/api
|
||||
# AIRFLOW__LINEAGE__JWT_TOKEN: ...
|
||||
entrypoint: /bin/bash
|
||||
command:
|
||||
- "/opt/airflow/ingestion_dependency.sh"
|
||||
expose:
|
||||
- 8080
|
||||
ports:
|
||||
- "8080:8080"
|
||||
networks:
|
||||
- app_net
|
||||
volumes:
|
||||
- ingestion-volume-dag-airflow:/opt/airflow/dag_generated_configs
|
||||
- ingestion-volume-dags:/opt/airflow/dags
|
||||
- ingestion-volume-tmp:/tmp
|
||||
|
||||
networks:
|
||||
app_net:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: "172.16.240.0/24"
|
||||
@@ -0,0 +1,509 @@
|
||||
# Copyright 2021 Collate
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# OpenMetadata Quickstart with RDF/Knowledge Graph support
|
||||
# Usage: docker-compose -f docker-compose-rdf.yml up
|
||||
|
||||
version: "3.9"
|
||||
volumes:
|
||||
ingestion-volume-dag-airflow:
|
||||
ingestion-volume-dags:
|
||||
ingestion-volume-tmp:
|
||||
es-data:
|
||||
# See ../development/docker-compose-fuseki.yml — renamed from `fuseki-data`
|
||||
# because the new Dockerfile uses a different on-disk layout and reusing
|
||||
# the old volume name silently mounts stale state.
|
||||
fuseki-tdb2-data:
|
||||
|
||||
services:
|
||||
mysql:
|
||||
container_name: openmetadata_mysql
|
||||
image: docker.getcollate.io/openmetadata/db:1.8.0-SNAPSHOT
|
||||
command: "--sort_buffer_size=10M"
|
||||
restart: always
|
||||
environment:
|
||||
MYSQL_ROOT_PASSWORD: password
|
||||
expose:
|
||||
- 3306
|
||||
ports:
|
||||
- "3306:3306"
|
||||
volumes:
|
||||
- ./docker-volume/db-data:/var/lib/mysql
|
||||
networks:
|
||||
- app_net
|
||||
healthcheck:
|
||||
test: mysql --user=root --password=$$MYSQL_ROOT_PASSWORD --silent --execute "use openmetadata_db"
|
||||
interval: 15s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
|
||||
elasticsearch:
|
||||
container_name: openmetadata_elasticsearch
|
||||
image: docker.elastic.co/elasticsearch/elasticsearch:9.3.0
|
||||
environment:
|
||||
- discovery.type=single-node
|
||||
- ES_JAVA_OPTS=-Xms2g -Xmx4g
|
||||
- xpack.security.enabled=false
|
||||
- indices.memory.index_buffer_size=20%
|
||||
- cluster.routing.allocation.disk.threshold_enabled=false
|
||||
networks:
|
||||
- app_net
|
||||
ports:
|
||||
- "9200:9200"
|
||||
- "9300:9300"
|
||||
healthcheck:
|
||||
test: "curl -s http://localhost:9200/_cluster/health?pretty | grep status | grep -qE 'green|yellow' || exit 1"
|
||||
interval: 15s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
volumes:
|
||||
- es-data:/usr/share/elasticsearch/data
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
memory: 4G
|
||||
reservations:
|
||||
memory: 2G
|
||||
|
||||
# Apache Jena Fuseki for RDF/Knowledge Graph storage. Built from the
|
||||
# in-repo Dockerfile (Fuseki 5.6.0) — see ../development/docker-compose-fuseki.yml
|
||||
# for why we don't use the unmaintained stain/jena-fuseki image.
|
||||
fuseki:
|
||||
container_name: openmetadata_fuseki
|
||||
build:
|
||||
context: ../rdf-store
|
||||
dockerfile: Dockerfile
|
||||
image: openmetadata-fuseki:5.6.0
|
||||
restart: always
|
||||
environment:
|
||||
# Local-dev defaults — production deployments MUST override via the
|
||||
# FUSEKI_ADMIN_PASSWORD / FUSEKI_OPENMETADATA_PASSWORD env vars before
|
||||
# bringing this stack up. The entrypoint envsubsts these into shiro.ini.
|
||||
- FUSEKI_ADMIN_PASSWORD=${FUSEKI_ADMIN_PASSWORD:-admin}
|
||||
- FUSEKI_OPENMETADATA_PASSWORD=${FUSEKI_OPENMETADATA_PASSWORD:-openmetadata-secret}
|
||||
- JVM_ARGS=-Xmx4g -Xms2g
|
||||
ports:
|
||||
- "3030:3030"
|
||||
volumes:
|
||||
- fuseki-tdb2-data:/fuseki-data
|
||||
networks:
|
||||
- app_net
|
||||
healthcheck:
|
||||
test: ["CMD", "wget", "-q", "--spider", "http://localhost:3030/$/ping"]
|
||||
interval: 15s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
start_period: 40s
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
memory: 4G
|
||||
reservations:
|
||||
memory: 2G
|
||||
|
||||
execute-migrate-all:
|
||||
container_name: execute_migrate_all
|
||||
image: docker.getcollate.io/openmetadata/server:1.8.0-SNAPSHOT
|
||||
command: "./bootstrap/openmetadata-ops.sh migrate"
|
||||
environment:
|
||||
OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata}
|
||||
SERVER_PORT: ${SERVER_PORT:-8585}
|
||||
SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586}
|
||||
LOG_LEVEL: ${LOG_LEVEL:-INFO}
|
||||
|
||||
# Migration
|
||||
MIGRATION_LIMIT_PARAM: ${MIGRATION_LIMIT_PARAM:-1200}
|
||||
|
||||
# OpenMetadata Server Authentication Configuration
|
||||
AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer}
|
||||
AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter}
|
||||
AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]}
|
||||
AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]}
|
||||
AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]}
|
||||
AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"}
|
||||
AUTHORIZER_ALLOWED_DOMAINS: ${AUTHORIZER_ALLOWED_DOMAINS:-[]}
|
||||
AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false}
|
||||
AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false}
|
||||
AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic}
|
||||
AUTHENTICATION_RESPONSE_TYPE: ${AUTHENTICATION_RESPONSE_TYPE:-id_token}
|
||||
CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""}
|
||||
AUTHENTICATION_PUBLIC_KEYS: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]}
|
||||
AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
|
||||
AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""}
|
||||
AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""}
|
||||
AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]}
|
||||
AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING:-[]}
|
||||
AUTHENTICATION_ENABLE_SELF_SIGNUP: ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true}
|
||||
AUTHENTICATION_CLIENT_TYPE: ${AUTHENTICATION_CLIENT_TYPE:-public}
|
||||
#For OIDC Authentication, when client is confidential
|
||||
OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-""}
|
||||
OIDC_TYPE: ${OIDC_TYPE:-""} # google, azure etc.
|
||||
OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET:-""}
|
||||
OIDC_SCOPE: ${OIDC_SCOPE:-"openid email profile"}
|
||||
OIDC_DISCOVERY_URI: ${OIDC_DISCOVERY_URI:-""}
|
||||
OIDC_USE_NONCE: ${OIDC_USE_NONCE:-true}
|
||||
OIDC_PREFERRED_JWS: ${OIDC_PREFERRED_JWS:-RS256}
|
||||
OIDC_RESPONSE_TYPE: ${OIDC_RESPONSE_TYPE:-"code"}
|
||||
OIDC_DISABLE_PKCE: ${OIDC_DISABLE_PKCE:-true}
|
||||
OIDC_CALLBACK: ${OIDC_CALLBACK:-""}
|
||||
OIDC_SERVER_URL: ${OIDC_SERVER_URL:-""}
|
||||
OIDC_CLIENT_AUTH_METHOD: ${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"}
|
||||
OIDC_TENANT: ${OIDC_TENANT:-""}
|
||||
OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""}
|
||||
OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}}
|
||||
|
||||
# Database configuration for MySQL
|
||||
DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-com.mysql.cj.jdbc.Driver}
|
||||
DB_SCHEME: ${DB_SCHEME:-mysql}
|
||||
DB_USE_SSL: ${DB_USE_SSL:-false}
|
||||
DB_USER: ${DB_USER:-openmetadata_user}
|
||||
DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password}
|
||||
DB_HOST: ${DB_HOST:-mysql}
|
||||
DB_PORT: ${DB_PORT:-3306}
|
||||
OM_DATABASE: ${OM_DATABASE:-openmetadata_db}
|
||||
|
||||
# Elasticsearch configuration
|
||||
ELASTICSEARCH_SOCKET_TIMEOUT_SECS: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60}
|
||||
ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-20}
|
||||
ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-elasticsearch}
|
||||
ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200}
|
||||
ELASTICSEARCH_SCHEME: ${ELASTICSEARCH_SCHEME:-http}
|
||||
ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""}
|
||||
ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""}
|
||||
SEARCH_TYPE: ${SEARCH_TYPE:-elasticsearch}
|
||||
ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""}
|
||||
ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""}
|
||||
ELASTICSEARCH_INDEX_MAPPING_LANG: ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN}
|
||||
ELASTICSEARCH_CA_CERT_PATH: ${ELASTICSEARCH_CA_CERT_PATH:-""}
|
||||
ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-10}
|
||||
ELASTICSEARCH_PAYLOAD_SIZE_IN_BYTES: ${ELASTICSEARCH_PAYLOAD_SIZE_IN_BYTES:-10485760}
|
||||
ELASTICSEARCH_INDEX_FACTORY: ${ELASTICSEARCH_INDEX_FACTORY:-"org.openmetadata.service.search.elasticsearch.ElasticSearchIndexFactory"}
|
||||
|
||||
# RDF Configuration
|
||||
RDF_ENABLED: ${RDF_ENABLED:-true}
|
||||
RDF_STORAGE_TYPE: ${RDF_STORAGE_TYPE:-FUSEKI}
|
||||
RDF_REMOTE_ENDPOINT: ${RDF_REMOTE_ENDPOINT:-http://fuseki:3030/openmetadata}
|
||||
RDF_REMOTE_USERNAME: ${RDF_REMOTE_USERNAME:-admin}
|
||||
RDF_REMOTE_PASSWORD: ${RDF_REMOTE_PASSWORD:-${FUSEKI_ADMIN_PASSWORD:-admin}}
|
||||
RDF_BASE_URI: ${RDF_BASE_URI:-https://open-metadata.org/}
|
||||
RDF_JSONLD_ENABLED: ${RDF_JSONLD_ENABLED:-true}
|
||||
RDF_SPARQL_ENABLED: ${RDF_SPARQL_ENABLED:-true}
|
||||
RDF_AUTO_GENERATE: ${RDF_AUTO_GENERATE:-true}
|
||||
RDF_SYNC_BATCH_SIZE: ${RDF_SYNC_BATCH_SIZE:-100}
|
||||
|
||||
# Pipeline Service Client Configuration
|
||||
PIPELINE_SERVICE_CLIENT_ENDPOINT: ${PIPELINE_SERVICE_CLIENT_ENDPOINT:-http://ingestion:8080}
|
||||
PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"}
|
||||
PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false}
|
||||
PIPELINE_SERVICE_CLIENT_HOST_IP: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""}
|
||||
PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER: ${PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER:-"noop"}
|
||||
#airflow parameters
|
||||
AIRFLOW_USERNAME: ${AIRFLOW_USERNAME:-admin}
|
||||
AIRFLOW_PASSWORD: ${AIRFLOW_PASSWORD:-admin}
|
||||
AIRFLOW_TIMEOUT: ${AIRFLOW_TIMEOUT:-10}
|
||||
AIRFLOW_TRUST_STORE_PATH: ${AIRFLOW_TRUST_STORE_PATH:-""}
|
||||
AIRFLOW_TRUST_STORE_PASSWORD: ${AIRFLOW_TRUST_STORE_PASSWORD:-""}
|
||||
FERNET_KEY: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=}
|
||||
|
||||
#secretsManagerConfiguration
|
||||
SECRET_MANAGER: ${SECRET_MANAGER:-db}
|
||||
# AWS:
|
||||
OM_SM_REGION: ${OM_SM_REGION:-""}
|
||||
OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""}
|
||||
OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""}
|
||||
# Azure:
|
||||
OM_SM_VAULT_NAME: ${OM_SM_VAULT_NAME:-""}
|
||||
OM_SM_CLIENT_ID: ${OM_SM_CLIENT_ID:-""}
|
||||
OM_SM_CLIENT_SECRET: ${OM_SM_CLIENT_SECRET:-""}
|
||||
OM_SM_TENANT_ID: ${OM_SM_TENANT_ID:-""}
|
||||
|
||||
#email configuration:
|
||||
OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"}
|
||||
OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"}
|
||||
AUTHORIZER_ENABLE_SMTP : ${AUTHORIZER_ENABLE_SMTP:-false}
|
||||
OPENMETADATA_SERVER_URL: ${OPENMETADATA_SERVER_URL:-""}
|
||||
OPENMETADATA_SMTP_SENDER_MAIL: ${OPENMETADATA_SMTP_SENDER_MAIL:-""}
|
||||
SMTP_SERVER_ENDPOINT: ${SMTP_SERVER_ENDPOINT:-""}
|
||||
SMTP_SERVER_PORT: ${SMTP_SERVER_PORT:-""}
|
||||
SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""}
|
||||
SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""}
|
||||
SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"}
|
||||
|
||||
# Heap OPTS Configurations
|
||||
OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx2G -Xms1G}
|
||||
# Mask passwords values in UI
|
||||
MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false}
|
||||
|
||||
#OpenMetadata Web Configuration
|
||||
WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"}
|
||||
#HSTS
|
||||
WEB_CONF_HSTS_ENABLED: ${WEB_CONF_HSTS_ENABLED:-false}
|
||||
WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"}
|
||||
WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"}
|
||||
WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"}
|
||||
#Frame Options
|
||||
WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false}
|
||||
WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"}
|
||||
WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""}
|
||||
#Content Type
|
||||
WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false}
|
||||
#XSS-Protection
|
||||
WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false}
|
||||
WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true}
|
||||
WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true}
|
||||
#CSP
|
||||
WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false}
|
||||
WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"}
|
||||
WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""}
|
||||
#Referrer-Policy
|
||||
WEB_CONF_REFERRER_POLICY_ENABLED: ${WEB_CONF_REFERRER_POLICY_ENABLED:-false}
|
||||
WEB_CONF_REFERRER_POLICY_OPTION: ${WEB_CONF_REFERRER_POLICY_OPTION:-"SAME_ORIGIN"}
|
||||
#Permission-Policy
|
||||
WEB_CONF_PERMISSION_POLICY_ENABLED: ${WEB_CONF_PERMISSION_POLICY_ENABLED:-false}
|
||||
WEB_CONF_PERMISSION_POLICY_OPTION: ${WEB_CONF_PERMISSION_POLICY_OPTION:-""}
|
||||
#Cache
|
||||
WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""}
|
||||
WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""}
|
||||
depends_on:
|
||||
elasticsearch:
|
||||
condition: service_healthy
|
||||
mysql:
|
||||
condition: service_healthy
|
||||
fuseki:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- app_net
|
||||
|
||||
openmetadata-server:
|
||||
container_name: openmetadata_server
|
||||
restart: always
|
||||
image: docker.getcollate.io/openmetadata/server:1.8.0-SNAPSHOT
|
||||
environment:
|
||||
OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata}
|
||||
SERVER_PORT: ${SERVER_PORT:-8585}
|
||||
SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586}
|
||||
LOG_LEVEL: ${LOG_LEVEL:-INFO}
|
||||
|
||||
# OpenMetadata Server Authentication Configuration
|
||||
AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer}
|
||||
AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter}
|
||||
AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]}
|
||||
AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]}
|
||||
AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]}
|
||||
AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"}
|
||||
AUTHORIZER_ALLOWED_DOMAINS: ${AUTHORIZER_ALLOWED_DOMAINS:-[]}
|
||||
AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false}
|
||||
AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false}
|
||||
AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic}
|
||||
AUTHENTICATION_RESPONSE_TYPE: ${AUTHENTICATION_RESPONSE_TYPE:-id_token}
|
||||
CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""}
|
||||
AUTHENTICATION_PUBLIC_KEYS: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]}
|
||||
AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
|
||||
AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""}
|
||||
AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""}
|
||||
AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]}
|
||||
AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING:-[]}
|
||||
AUTHENTICATION_ENABLE_SELF_SIGNUP: ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true}
|
||||
AUTHENTICATION_CLIENT_TYPE: ${AUTHENTICATION_CLIENT_TYPE:-public}
|
||||
#For OIDC Authentication, when client is confidential
|
||||
OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-""}
|
||||
OIDC_TYPE: ${OIDC_TYPE:-""} # google, azure etc.
|
||||
OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET:-""}
|
||||
OIDC_SCOPE: ${OIDC_SCOPE:-"openid email profile"}
|
||||
OIDC_DISCOVERY_URI: ${OIDC_DISCOVERY_URI:-""}
|
||||
OIDC_USE_NONCE: ${OIDC_USE_NONCE:-true}
|
||||
OIDC_PREFERRED_JWS: ${OIDC_PREFERRED_JWS:-RS256}
|
||||
OIDC_RESPONSE_TYPE: ${OIDC_RESPONSE_TYPE:-"code"}
|
||||
OIDC_DISABLE_PKCE: ${OIDC_DISABLE_PKCE:-true}
|
||||
OIDC_CALLBACK: ${OIDC_CALLBACK:-""}
|
||||
OIDC_SERVER_URL: ${OIDC_SERVER_URL:-""}
|
||||
OIDC_CLIENT_AUTH_METHOD: ${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"}
|
||||
OIDC_TENANT: ${OIDC_TENANT:-""}
|
||||
OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""}
|
||||
OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}}
|
||||
|
||||
# Database configuration for MySQL
|
||||
DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-com.mysql.cj.jdbc.Driver}
|
||||
DB_SCHEME: ${DB_SCHEME:-mysql}
|
||||
DB_USE_SSL: ${DB_USE_SSL:-false}
|
||||
DB_USER: ${DB_USER:-openmetadata_user}
|
||||
DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password}
|
||||
DB_HOST: ${DB_HOST:-mysql}
|
||||
DB_PORT: ${DB_PORT:-3306}
|
||||
OM_DATABASE: ${OM_DATABASE:-openmetadata_db}
|
||||
|
||||
# Elasticsearch configuration
|
||||
ELASTICSEARCH_SOCKET_TIMEOUT_SECS: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60}
|
||||
ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-20}
|
||||
ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-elasticsearch}
|
||||
ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200}
|
||||
ELASTICSEARCH_SCHEME: ${ELASTICSEARCH_SCHEME:-http}
|
||||
ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""}
|
||||
ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""}
|
||||
SEARCH_TYPE: ${SEARCH_TYPE:-elasticsearch}
|
||||
ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""}
|
||||
ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""}
|
||||
ELASTICSEARCH_INDEX_MAPPING_LANG: ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN}
|
||||
ELASTICSEARCH_CA_CERT_PATH: ${ELASTICSEARCH_CA_CERT_PATH:-""}
|
||||
ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-10}
|
||||
ELASTICSEARCH_PAYLOAD_SIZE_IN_BYTES: ${ELASTICSEARCH_PAYLOAD_SIZE_IN_BYTES:-10485760}
|
||||
ELASTICSEARCH_INDEX_FACTORY: ${ELASTICSEARCH_INDEX_FACTORY:-"org.openmetadata.service.search.elasticsearch.ElasticSearchIndexFactory"}
|
||||
|
||||
# RDF Configuration
|
||||
RDF_ENABLED: ${RDF_ENABLED:-true}
|
||||
RDF_STORAGE_TYPE: ${RDF_STORAGE_TYPE:-FUSEKI}
|
||||
RDF_REMOTE_ENDPOINT: ${RDF_REMOTE_ENDPOINT:-http://fuseki:3030/openmetadata}
|
||||
RDF_REMOTE_USERNAME: ${RDF_REMOTE_USERNAME:-admin}
|
||||
RDF_REMOTE_PASSWORD: ${RDF_REMOTE_PASSWORD:-${FUSEKI_ADMIN_PASSWORD:-admin}}
|
||||
RDF_BASE_URI: ${RDF_BASE_URI:-https://open-metadata.org/}
|
||||
RDF_JSONLD_ENABLED: ${RDF_JSONLD_ENABLED:-true}
|
||||
RDF_SPARQL_ENABLED: ${RDF_SPARQL_ENABLED:-true}
|
||||
RDF_AUTO_GENERATE: ${RDF_AUTO_GENERATE:-true}
|
||||
RDF_SYNC_BATCH_SIZE: ${RDF_SYNC_BATCH_SIZE:-100}
|
||||
|
||||
# Pipeline Service Client Configuration
|
||||
PIPELINE_SERVICE_CLIENT_ENDPOINT: ${PIPELINE_SERVICE_CLIENT_ENDPOINT:-http://ingestion:8080}
|
||||
PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"}
|
||||
PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false}
|
||||
PIPELINE_SERVICE_CLIENT_HOST_IP: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""}
|
||||
PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER: ${PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER:-"noop"}
|
||||
#airflow parameters
|
||||
AIRFLOW_USERNAME: ${AIRFLOW_USERNAME:-admin}
|
||||
AIRFLOW_PASSWORD: ${AIRFLOW_PASSWORD:-admin}
|
||||
AIRFLOW_TIMEOUT: ${AIRFLOW_TIMEOUT:-10}
|
||||
AIRFLOW_TRUST_STORE_PATH: ${AIRFLOW_TRUST_STORE_PATH:-""}
|
||||
AIRFLOW_TRUST_STORE_PASSWORD: ${AIRFLOW_TRUST_STORE_PASSWORD:-""}
|
||||
FERNET_KEY: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=}
|
||||
|
||||
#secretsManagerConfiguration
|
||||
SECRET_MANAGER: ${SECRET_MANAGER:-db}
|
||||
# AWS:
|
||||
OM_SM_REGION: ${OM_SM_REGION:-""}
|
||||
OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""}
|
||||
OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""}
|
||||
# Azure:
|
||||
OM_SM_VAULT_NAME: ${OM_SM_VAULT_NAME:-""}
|
||||
OM_SM_CLIENT_ID: ${OM_SM_CLIENT_ID:-""}
|
||||
OM_SM_CLIENT_SECRET: ${OM_SM_CLIENT_SECRET:-""}
|
||||
OM_SM_TENANT_ID: ${OM_SM_TENANT_ID:-""}
|
||||
|
||||
#email configuration:
|
||||
OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"}
|
||||
OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"}
|
||||
AUTHORIZER_ENABLE_SMTP : ${AUTHORIZER_ENABLE_SMTP:-false}
|
||||
OPENMETADATA_SERVER_URL: ${OPENMETADATA_SERVER_URL:-""}
|
||||
OPENMETADATA_SMTP_SENDER_MAIL: ${OPENMETADATA_SMTP_SENDER_MAIL:-""}
|
||||
SMTP_SERVER_ENDPOINT: ${SMTP_SERVER_ENDPOINT:-""}
|
||||
SMTP_SERVER_PORT: ${SMTP_SERVER_PORT:-""}
|
||||
SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""}
|
||||
SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""}
|
||||
SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"}
|
||||
|
||||
# Heap OPTS Configurations
|
||||
OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx2G -Xms1G}
|
||||
# Mask passwords values in UI
|
||||
MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false}
|
||||
|
||||
#OpenMetadata Web Configuration
|
||||
WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"}
|
||||
#HSTS
|
||||
WEB_CONF_HSTS_ENABLED: ${WEB_CONF_HSTS_ENABLED:-false}
|
||||
WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"}
|
||||
WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"}
|
||||
WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"}
|
||||
#Frame Options
|
||||
WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false}
|
||||
WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"}
|
||||
WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""}
|
||||
#Content Type
|
||||
WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false}
|
||||
#XSS-Protection
|
||||
WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false}
|
||||
WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true}
|
||||
WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true}
|
||||
#CSP
|
||||
WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false}
|
||||
WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"}
|
||||
WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""}
|
||||
#Referrer-Policy
|
||||
WEB_CONF_REFERRER_POLICY_ENABLED: ${WEB_CONF_REFERRER_POLICY_ENABLED:-false}
|
||||
WEB_CONF_REFERRER_POLICY_OPTION: ${WEB_CONF_REFERRER_POLICY_OPTION:-"SAME_ORIGIN"}
|
||||
#Permission-Policy
|
||||
WEB_CONF_PERMISSION_POLICY_ENABLED: ${WEB_CONF_PERMISSION_POLICY_ENABLED:-false}
|
||||
WEB_CONF_PERMISSION_POLICY_OPTION: ${WEB_CONF_PERMISSION_POLICY_OPTION:-""}
|
||||
#Cache
|
||||
WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""}
|
||||
WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""}
|
||||
expose:
|
||||
- 8585
|
||||
- 8586
|
||||
ports:
|
||||
- "8585:8585"
|
||||
- "8586:8586"
|
||||
depends_on:
|
||||
execute-migrate-all:
|
||||
condition: service_completed_successfully
|
||||
fuseki:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- app_net
|
||||
healthcheck:
|
||||
test: [ "CMD", "wget", "-q", "--spider", "http://localhost:8586/healthcheck" ]
|
||||
|
||||
ingestion:
|
||||
container_name: openmetadata_ingestion
|
||||
build:
|
||||
context: ../
|
||||
dockerfile: docker/development/Dockerfile
|
||||
image: docker.getcollate.io/openmetadata/ingestion:1.8.0-SNAPSHOT
|
||||
depends_on:
|
||||
elasticsearch:
|
||||
condition: service_healthy
|
||||
mysql:
|
||||
condition: service_healthy
|
||||
openmetadata-server:
|
||||
condition: service_healthy
|
||||
fuseki:
|
||||
condition: service_healthy
|
||||
environment:
|
||||
AIRFLOW__API__AUTH_BACKENDS: "airflow.api.auth.backend.basic_auth,airflow.api.auth.backend.session"
|
||||
AIRFLOW__CORE__EXECUTOR: LocalExecutor
|
||||
AIRFLOW__OPENMETADATA_AIRFLOW_APIS__DAG_GENERATED_CONFIGS: "/opt/airflow/dag_generated_configs"
|
||||
DB_SCHEME: ${AIRFLOW_DB_SCHEME:-mysql+pymysql}
|
||||
DB_HOST: ${AIRFLOW_DB_HOST:-mysql}
|
||||
DB_PORT: ${AIRFLOW_DB_PORT:-3306}
|
||||
AIRFLOW_DB: ${AIRFLOW_DB:-airflow_db}
|
||||
DB_USER: ${AIRFLOW_DB_USER:-airflow_user}
|
||||
DB_PASSWORD: ${AIRFLOW_DB_PASSWORD:-airflow_pass}
|
||||
|
||||
# RDF Configuration (for any RDF-aware ingestion pipelines)
|
||||
RDF_ENABLED: ${RDF_ENABLED:-true}
|
||||
RDF_STORAGE_TYPE: ${RDF_STORAGE_TYPE:-FUSEKI}
|
||||
RDF_REMOTE_ENDPOINT: ${RDF_REMOTE_ENDPOINT:-http://fuseki:3030/openmetadata}
|
||||
RDF_REMOTE_USERNAME: ${RDF_REMOTE_USERNAME:-admin}
|
||||
RDF_REMOTE_PASSWORD: ${RDF_REMOTE_PASSWORD:-${FUSEKI_ADMIN_PASSWORD:-admin}}
|
||||
entrypoint: /bin/bash
|
||||
command:
|
||||
- "/opt/airflow/ingestion_dependency.sh"
|
||||
expose:
|
||||
- 8080
|
||||
ports:
|
||||
- "8080:8080"
|
||||
networks:
|
||||
- app_net
|
||||
volumes:
|
||||
- ingestion-volume-dag-airflow:/opt/airflow/dag_generated_configs
|
||||
- ingestion-volume-dags:/opt/airflow/dags
|
||||
- ingestion-volume-tmp:/tmp
|
||||
|
||||
networks:
|
||||
app_net:
|
||||
driver: bridge
|
||||
@@ -0,0 +1,44 @@
|
||||
version: "3.9"
|
||||
|
||||
# Override file to increase disk storage for persistent volumes
|
||||
# Place this file in the same directory as docker-compose-rdf.yml
|
||||
|
||||
volumes:
|
||||
# Increase Elasticsearch data volume
|
||||
es-data:
|
||||
driver: local
|
||||
driver_opts:
|
||||
type: none
|
||||
o: bind
|
||||
device: ./docker-volume/elasticsearch-data
|
||||
|
||||
# Fuseki data volume. Renamed from `fuseki-data` (and host path changed
|
||||
# from `./docker-volume/fuseki-data` to `./docker-volume/fuseki-tdb2-data`)
|
||||
# to match docker-compose-rdf.yml — see ../development/docker-compose-fuseki.yml
|
||||
# for the migration rationale (new on-disk layout vs the old stain image).
|
||||
fuseki-tdb2-data:
|
||||
driver: local
|
||||
driver_opts:
|
||||
type: none
|
||||
o: bind
|
||||
device: ./docker-volume/fuseki-tdb2-data
|
||||
|
||||
services:
|
||||
# Additional Elasticsearch optimizations
|
||||
elasticsearch:
|
||||
ulimits:
|
||||
memlock:
|
||||
soft: -1
|
||||
hard: -1
|
||||
nofile:
|
||||
soft: 65536
|
||||
hard: 65536
|
||||
sysctls:
|
||||
- vm.max_map_count=262144
|
||||
|
||||
# Additional Fuseki optimizations
|
||||
fuseki:
|
||||
ulimits:
|
||||
nofile:
|
||||
soft: 65536
|
||||
hard: 65536
|
||||
@@ -0,0 +1,559 @@
|
||||
# Copyright 2021 Collate
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
version: "3.9"
|
||||
volumes:
|
||||
ingestion-volume-dag-airflow:
|
||||
ingestion-volume-dags:
|
||||
ingestion-volume-tmp:
|
||||
es-data:
|
||||
services:
|
||||
mysql:
|
||||
container_name: openmetadata_mysql
|
||||
image: ${OPENMETADATA_DB_IMAGE:-docker.getcollate.io/openmetadata/db:1.12.0-SNAPSHOT}
|
||||
command: "--sort_buffer_size=10M"
|
||||
restart: always
|
||||
environment:
|
||||
MYSQL_ROOT_PASSWORD: password
|
||||
expose:
|
||||
- 3306
|
||||
ports:
|
||||
- "3306:3306"
|
||||
volumes:
|
||||
- ./docker-volume/db-data:/var/lib/mysql
|
||||
networks:
|
||||
- app_net
|
||||
healthcheck:
|
||||
test: mysql --user=root --password=$$MYSQL_ROOT_PASSWORD --silent --execute "use openmetadata_db"
|
||||
interval: 15s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
|
||||
elasticsearch:
|
||||
container_name: openmetadata_elasticsearch
|
||||
image: docker.elastic.co/elasticsearch/elasticsearch:9.3.0
|
||||
environment:
|
||||
- discovery.type=single-node
|
||||
- ES_JAVA_OPTS=-Xms1024m -Xmx1024m
|
||||
- xpack.security.enabled=false
|
||||
networks:
|
||||
- app_net
|
||||
ports:
|
||||
- "9200:9200"
|
||||
- "9300:9300"
|
||||
healthcheck:
|
||||
test: "curl -s http://localhost:9200/_cluster/health?pretty | grep status | grep -qE 'green|yellow' || exit 1"
|
||||
interval: 15s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
volumes:
|
||||
- es-data:/usr/share/elasticsearch/data
|
||||
|
||||
execute-migrate-all:
|
||||
container_name: execute_migrate_all
|
||||
image: ${OPENMETADATA_SERVER_IMAGE:-docker.getcollate.io/openmetadata/server:1.12.0-SNAPSHOT}
|
||||
command: "./bootstrap/openmetadata-ops.sh migrate"
|
||||
environment:
|
||||
OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata}
|
||||
SERVER_PORT: ${SERVER_PORT:-8585}
|
||||
SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586}
|
||||
LOG_LEVEL: ${LOG_LEVEL:-INFO}
|
||||
|
||||
# Migration
|
||||
MIGRATION_LIMIT_PARAM: ${MIGRATION_LIMIT_PARAM:-1200}
|
||||
|
||||
# OpenMetadata Server Authentication Configuration
|
||||
AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer}
|
||||
AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter}
|
||||
AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]}
|
||||
AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]}
|
||||
AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]}
|
||||
AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"}
|
||||
AUTHORIZER_ALLOWED_DOMAINS: ${AUTHORIZER_ALLOWED_DOMAINS:-[]}
|
||||
AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false}
|
||||
AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false}
|
||||
AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic}
|
||||
AUTHENTICATION_RESPONSE_TYPE: ${AUTHENTICATION_RESPONSE_TYPE:-id_token}
|
||||
CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""}
|
||||
AUTHENTICATION_PUBLIC_KEYS: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]}
|
||||
AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
|
||||
AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""}
|
||||
AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""}
|
||||
AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]}
|
||||
AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING:-[]}
|
||||
AUTHENTICATION_ENABLE_SELF_SIGNUP: ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true}
|
||||
AUTHENTICATION_CLIENT_TYPE: ${AUTHENTICATION_CLIENT_TYPE:-public}
|
||||
#For OIDC Authentication, when client is confidential
|
||||
OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-""}
|
||||
OIDC_TYPE: ${OIDC_TYPE:-""} # google, azure etc.
|
||||
OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET:-""}
|
||||
OIDC_SCOPE: ${OIDC_SCOPE:-"openid email profile"}
|
||||
OIDC_DISCOVERY_URI: ${OIDC_DISCOVERY_URI:-""}
|
||||
OIDC_USE_NONCE: ${OIDC_USE_NONCE:-true}
|
||||
OIDC_PREFERRED_JWS: ${OIDC_PREFERRED_JWS:-"RS256"}
|
||||
OIDC_RESPONSE_TYPE: ${OIDC_RESPONSE_TYPE:-"code"}
|
||||
OIDC_DISABLE_PKCE: ${OIDC_DISABLE_PKCE:-true}
|
||||
OIDC_CALLBACK: ${OIDC_CALLBACK:-"http://localhost:8585/callback"}
|
||||
OIDC_SERVER_URL: ${OIDC_SERVER_URL:-"http://localhost:8585"}
|
||||
OIDC_CLIENT_AUTH_METHOD: ${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"}
|
||||
OIDC_TENANT: ${OIDC_TENANT:-""}
|
||||
OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""}
|
||||
OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}}
|
||||
OIDC_MAX_AGE: ${OIDC_MAX_AGE:-"0"}
|
||||
OIDC_PROMPT_TYPE: ${OIDC_PROMPT_TYPE:-"consent"}
|
||||
OIDC_SESSION_EXPIRY: ${OIDC_SESSION_EXPIRY:-"604800"}
|
||||
AUTHENTICATION_SESSION_EXPIRY: ${AUTHENTICATION_SESSION_EXPIRY:-"604800"}
|
||||
AUTHENTICATION_MAX_ACTIVE_SESSIONS_PER_USER: ${AUTHENTICATION_MAX_ACTIVE_SESSIONS_PER_USER:-5}
|
||||
# For SAML Authentication
|
||||
# SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false}
|
||||
# SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""}
|
||||
# SAML_IDP_SSO_LOGIN_URL: ${SAML_IDP_SSO_LOGIN_URL:-""}
|
||||
# SAML_IDP_CERTIFICATE: ${SAML_IDP_CERTIFICATE:-""}
|
||||
# SAML_AUTHORITY_URL: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"}
|
||||
# SAML_IDP_NAME_ID: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"}
|
||||
# SAML_SP_ENTITY_ID: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"}
|
||||
# SAML_SP_ACS: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"}
|
||||
# SAML_SP_CERTIFICATE: ${SAML_SP_CERTIFICATE:-""}
|
||||
# SAML_SP_CALLBACK: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"}
|
||||
# SAML_STRICT_MODE: ${SAML_STRICT_MODE:-false}
|
||||
# SAML_SP_TOKEN_VALIDITY: ${SAML_SP_TOKEN_VALIDITY:-"3600"}
|
||||
# SAML_SEND_ENCRYPTED_NAME_ID: ${SAML_SEND_ENCRYPTED_NAME_ID:-false}
|
||||
# SAML_SEND_SIGNED_AUTH_REQUEST: ${SAML_SEND_SIGNED_AUTH_REQUEST:-false}
|
||||
# SAML_SIGNED_SP_METADATA: ${SAML_SIGNED_SP_METADATA:-false}
|
||||
# SAML_WANT_MESSAGE_SIGNED: ${SAML_WANT_MESSAGE_SIGNED:-false}
|
||||
# SAML_WANT_ASSERTION_SIGNED: ${SAML_WANT_ASSERTION_SIGNED:-false}
|
||||
# SAML_WANT_ASSERTION_ENCRYPTED: ${SAML_WANT_ASSERTION_ENCRYPTED:-false}
|
||||
# SAML_WANT_NAME_ID_ENCRYPTED: ${SAML_WANT_NAME_ID_ENCRYPTED:-false}
|
||||
# SAML_KEYSTORE_FILE_PATH: ${SAML_KEYSTORE_FILE_PATH:-""}
|
||||
# SAML_KEYSTORE_ALIAS: ${SAML_KEYSTORE_ALIAS:-""}
|
||||
# SAML_KEYSTORE_PASSWORD: ${SAML_KEYSTORE_PASSWORD:-""}
|
||||
# For LDAP Authentication
|
||||
# AUTHENTICATION_LDAP_HOST: ${AUTHENTICATION_LDAP_HOST:-}
|
||||
# AUTHENTICATION_LDAP_PORT: ${AUTHENTICATION_LDAP_PORT:-}
|
||||
# AUTHENTICATION_LOOKUP_ADMIN_DN: ${AUTHENTICATION_LOOKUP_ADMIN_DN:-""}
|
||||
# AUTHENTICATION_LOOKUP_ADMIN_PWD: ${AUTHENTICATION_LOOKUP_ADMIN_PWD:-""}
|
||||
# AUTHENTICATION_USER_LOOKUP_BASEDN: ${AUTHENTICATION_USER_LOOKUP_BASEDN:-""}
|
||||
# AUTHENTICATION_USER_MAIL_ATTR: ${AUTHENTICATION_USER_MAIL_ATTR:-}
|
||||
# AUTHENTICATION_LDAP_POOL_SIZE: ${AUTHENTICATION_LDAP_POOL_SIZE:-3}
|
||||
# AUTHENTICATION_LDAP_SSL_ENABLED: ${AUTHENTICATION_LDAP_SSL_ENABLED:-}
|
||||
# AUTHENTICATION_LDAP_TRUSTSTORE_TYPE: ${AUTHENTICATION_LDAP_TRUSTSTORE_TYPE:-TrustAll}
|
||||
# AUTHENTICATION_LDAP_TRUSTSTORE_PATH: ${AUTHENTICATION_LDAP_TRUSTSTORE_PATH:-}
|
||||
# AUTHENTICATION_LDAP_KEYSTORE_PASSWORD: ${AUTHENTICATION_LDAP_KEYSTORE_PASSWORD:-}
|
||||
# AUTHENTICATION_LDAP_SSL_KEY_FORMAT: ${AUTHENTICATION_LDAP_SSL_KEY_FORMAT:-}
|
||||
# AUTHENTICATION_LDAP_ALLOW_WILDCARDS: ${AUTHENTICATION_LDAP_ALLOW_WILDCARDS:-}
|
||||
# AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES: ${AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES:-[]}
|
||||
# AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST: ${AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST:-}
|
||||
# AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES: ${AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES:-true}
|
||||
|
||||
# JWT Configuration
|
||||
RSA_PUBLIC_KEY_FILE_PATH: ${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"}
|
||||
RSA_PRIVATE_KEY_FILE_PATH: ${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"}
|
||||
JWT_ISSUER: ${JWT_ISSUER:-"open-metadata.org"}
|
||||
JWT_KEY_ID: ${JWT_KEY_ID:-"Gb389a-9f76-gdjs-a92j-0242bk94356"}
|
||||
# OpenMetadata Server Pipeline Service Client Configuration
|
||||
PIPELINE_SERVICE_CLIENT_ENDPOINT: ${PIPELINE_SERVICE_CLIENT_ENDPOINT:-http://ingestion:8080}
|
||||
PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL: ${PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL:-300}
|
||||
SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api}
|
||||
PIPELINE_SERVICE_CLIENT_VERIFY_SSL: ${PIPELINE_SERVICE_CLIENT_VERIFY_SSL:-"no-ssl"}
|
||||
PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH: ${PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH:-""}
|
||||
# Database configuration for MySQL
|
||||
DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-com.mysql.cj.jdbc.Driver}
|
||||
DB_SCHEME: ${DB_SCHEME:-mysql}
|
||||
DB_PARAMS: ${DB_PARAMS:-allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC}
|
||||
DB_USER: ${DB_USER:-openmetadata_user}
|
||||
DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password}
|
||||
DB_HOST: ${DB_HOST:-mysql}
|
||||
DB_PORT: ${DB_PORT:-3306}
|
||||
OM_DATABASE: ${OM_DATABASE:-openmetadata_db}
|
||||
# ElasticSearch Configurations
|
||||
ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:- elasticsearch}
|
||||
ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200}
|
||||
ELASTICSEARCH_SCHEME: ${ELASTICSEARCH_SCHEME:-http}
|
||||
ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""}
|
||||
ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""}
|
||||
SEARCH_TYPE: ${SEARCH_TYPE:- "elasticsearch"}
|
||||
ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""}
|
||||
ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""}
|
||||
ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5}
|
||||
ELASTICSEARCH_SOCKET_TIMEOUT_SECS: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60}
|
||||
ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS: ${ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS:-600}
|
||||
ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-100}
|
||||
ELASTICSEARCH_PAYLOAD_BYTES_SIZE: ${ELASTICSEARCH_PAYLOAD_BYTES_SIZE:-10485760} #max payLoadSize in Bytes
|
||||
ELASTICSEARCH_INDEX_MAPPING_LANG: ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN}
|
||||
# AWS IAM Authentication for OpenSearch (auto-enabled when AWS_DEFAULT_REGION is set)
|
||||
# Uses standard AWS env vars: https://docs.aws.amazon.com/cli/v1/userguide/cli-configure-envvars.html
|
||||
AWS_DEFAULT_REGION: ${AWS_DEFAULT_REGION:-""}
|
||||
AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID:-""}
|
||||
AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY:-""}
|
||||
AWS_SESSION_TOKEN: ${AWS_SESSION_TOKEN:-""}
|
||||
SEARCH_AWS_SERVICE_NAME: ${SEARCH_AWS_SERVICE_NAME:-"es"}
|
||||
|
||||
#eventMonitoringConfiguration
|
||||
EVENT_MONITOR: ${EVENT_MONITOR:-prometheus}
|
||||
EVENT_MONITOR_BATCH_SIZE: ${EVENT_MONITOR_BATCH_SIZE:-10}
|
||||
EVENT_MONITOR_PATH_PATTERN: ${EVENT_MONITOR_PATH_PATTERN:-["/api/v1/tables/*", "/api/v1/health-check"]}
|
||||
EVENT_MONITOR_LATENCY: ${EVENT_MONITOR_LATENCY:-[]}
|
||||
|
||||
#pipelineServiceClientConfiguration
|
||||
PIPELINE_SERVICE_CLIENT_ENABLED: ${PIPELINE_SERVICE_CLIENT_ENABLED:-true}
|
||||
PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"}
|
||||
PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false}
|
||||
PIPELINE_SERVICE_CLIENT_HOST_IP: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""}
|
||||
PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER: ${PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER:-"noop"}
|
||||
#airflow parameters
|
||||
AIRFLOW_USERNAME: ${AIRFLOW_USERNAME:-admin}
|
||||
AIRFLOW_PASSWORD: ${AIRFLOW_PASSWORD:-admin}
|
||||
AIRFLOW_TIMEOUT: ${AIRFLOW_TIMEOUT:-10}
|
||||
AIRFLOW_TRUST_STORE_PATH: ${AIRFLOW_TRUST_STORE_PATH:-""}
|
||||
AIRFLOW_TRUST_STORE_PASSWORD: ${AIRFLOW_TRUST_STORE_PASSWORD:-""}
|
||||
FERNET_KEY: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=}
|
||||
|
||||
#secretsManagerConfiguration
|
||||
SECRET_MANAGER: ${SECRET_MANAGER:-db}
|
||||
# AWS:
|
||||
OM_SM_REGION: ${OM_SM_REGION:-""}
|
||||
OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""}
|
||||
OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""}
|
||||
# Azure:
|
||||
OM_SM_VAULT_NAME: ${OM_SM_VAULT_NAME:-""}
|
||||
OM_SM_CLIENT_ID: ${OM_SM_CLIENT_ID:-""}
|
||||
OM_SM_CLIENT_SECRET: ${OM_SM_CLIENT_SECRET:-""}
|
||||
OM_SM_TENANT_ID: ${OM_SM_TENANT_ID:-""}
|
||||
|
||||
#email configuration:
|
||||
OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"}
|
||||
OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"}
|
||||
AUTHORIZER_ENABLE_SMTP : ${AUTHORIZER_ENABLE_SMTP:-false}
|
||||
OPENMETADATA_SERVER_URL: ${OPENMETADATA_SERVER_URL:-""}
|
||||
OPENMETADATA_SMTP_SENDER_MAIL: ${OPENMETADATA_SMTP_SENDER_MAIL:-""}
|
||||
SMTP_SERVER_ENDPOINT: ${SMTP_SERVER_ENDPOINT:-""}
|
||||
SMTP_SERVER_PORT: ${SMTP_SERVER_PORT:-""}
|
||||
SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""}
|
||||
SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""}
|
||||
SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"}
|
||||
|
||||
# Heap OPTS Configurations
|
||||
OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G}
|
||||
# Mask passwords values in UI
|
||||
MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false}
|
||||
|
||||
#OpenMetadata Web Configuration
|
||||
WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"}
|
||||
#HSTS
|
||||
WEB_CONF_HSTS_ENABLED: ${WEB_CONF_HSTS_ENABLED:-false}
|
||||
WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"}
|
||||
WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"}
|
||||
WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"}
|
||||
#Frame Options
|
||||
WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false}
|
||||
WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"}
|
||||
WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""}
|
||||
#Content Type
|
||||
WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false}
|
||||
#XSS-Protection
|
||||
WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false}
|
||||
WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true}
|
||||
WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true}
|
||||
#CSP
|
||||
WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false}
|
||||
WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"}
|
||||
WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""}
|
||||
#Referrer-Policy
|
||||
WEB_CONF_REFERRER_POLICY_ENABLED: ${WEB_CONF_REFERRER_POLICY_ENABLED:-false}
|
||||
WEB_CONF_REFERRER_POLICY_OPTION: ${WEB_CONF_REFERRER_POLICY_OPTION:-"SAME_ORIGIN"}
|
||||
#Permission-Policy
|
||||
WEB_CONF_PERMISSION_POLICY_ENABLED: ${WEB_CONF_PERMISSION_POLICY_ENABLED:-false}
|
||||
WEB_CONF_PERMISSION_POLICY_OPTION: ${WEB_CONF_PERMISSION_POLICY_OPTION:-""}
|
||||
#Cache
|
||||
WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""}
|
||||
WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""}
|
||||
depends_on:
|
||||
elasticsearch:
|
||||
condition: service_healthy
|
||||
mysql:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- app_net
|
||||
|
||||
openmetadata-server:
|
||||
container_name: openmetadata_server
|
||||
restart: always
|
||||
image: ${OPENMETADATA_SERVER_IMAGE:-docker.getcollate.io/openmetadata/server:1.12.0-SNAPSHOT}
|
||||
environment:
|
||||
OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata}
|
||||
SERVER_PORT: ${SERVER_PORT:-8585}
|
||||
SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586}
|
||||
LOG_LEVEL: ${LOG_LEVEL:-INFO}
|
||||
|
||||
# OpenMetadata Server Authentication Configuration
|
||||
AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer}
|
||||
AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter}
|
||||
AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]}
|
||||
AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]}
|
||||
AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]}
|
||||
AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"}
|
||||
AUTHORIZER_ALLOWED_DOMAINS: ${AUTHORIZER_ALLOWED_DOMAINS:-[]}
|
||||
AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false}
|
||||
AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false}
|
||||
AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic}
|
||||
AUTHENTICATION_RESPONSE_TYPE: ${AUTHENTICATION_RESPONSE_TYPE:-id_token}
|
||||
CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""}
|
||||
AUTHENTICATION_PUBLIC_KEYS: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]}
|
||||
AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
|
||||
AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""}
|
||||
AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""}
|
||||
AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]}
|
||||
AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING:-[]}
|
||||
AUTHENTICATION_ENABLE_SELF_SIGNUP: ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true}
|
||||
AUTHENTICATION_CLIENT_TYPE: ${AUTHENTICATION_CLIENT_TYPE:-public}
|
||||
#For OIDC Authentication, when client is confidential
|
||||
OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-""}
|
||||
OIDC_TYPE: ${OIDC_TYPE:-""} # google, azure etc.
|
||||
OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET:-""}
|
||||
OIDC_SCOPE: ${OIDC_SCOPE:-"openid email profile"}
|
||||
OIDC_DISCOVERY_URI: ${OIDC_DISCOVERY_URI:-""}
|
||||
OIDC_USE_NONCE: ${OIDC_USE_NONCE:-true}
|
||||
OIDC_PREFERRED_JWS: ${OIDC_PREFERRED_JWS:-"RS256"}
|
||||
OIDC_RESPONSE_TYPE: ${OIDC_RESPONSE_TYPE:-"code"}
|
||||
OIDC_DISABLE_PKCE: ${OIDC_DISABLE_PKCE:-true}
|
||||
OIDC_CALLBACK: ${OIDC_CALLBACK:-"http://localhost:8585/callback"}
|
||||
OIDC_SERVER_URL: ${OIDC_SERVER_URL:-"http://localhost:8585"}
|
||||
OIDC_CLIENT_AUTH_METHOD: ${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"}
|
||||
OIDC_TENANT: ${OIDC_TENANT:-""}
|
||||
OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""}
|
||||
OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}}
|
||||
OIDC_MAX_AGE: ${OIDC_MAX_AGE:-"0"}
|
||||
OIDC_PROMPT_TYPE: ${OIDC_PROMPT_TYPE:-"consent"}
|
||||
OIDC_SESSION_EXPIRY: ${OIDC_SESSION_EXPIRY:-"604800"}
|
||||
AUTHENTICATION_SESSION_EXPIRY: ${AUTHENTICATION_SESSION_EXPIRY:-"604800"}
|
||||
AUTHENTICATION_MAX_ACTIVE_SESSIONS_PER_USER: ${AUTHENTICATION_MAX_ACTIVE_SESSIONS_PER_USER:-5}
|
||||
# For SAML Authentication
|
||||
# SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false}
|
||||
# SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""}
|
||||
# SAML_IDP_SSO_LOGIN_URL: ${SAML_IDP_SSO_LOGIN_URL:-""}
|
||||
# SAML_IDP_CERTIFICATE: ${SAML_IDP_CERTIFICATE:-""}
|
||||
# SAML_AUTHORITY_URL: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"}
|
||||
# SAML_IDP_NAME_ID: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"}
|
||||
# SAML_SP_ENTITY_ID: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"}
|
||||
# SAML_SP_ACS: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"}
|
||||
# SAML_SP_CERTIFICATE: ${SAML_SP_CERTIFICATE:-""}
|
||||
# SAML_SP_CALLBACK: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"}
|
||||
# SAML_STRICT_MODE: ${SAML_STRICT_MODE:-false}
|
||||
# SAML_SP_TOKEN_VALIDITY: ${SAML_SP_TOKEN_VALIDITY:-"3600"}
|
||||
# SAML_SEND_ENCRYPTED_NAME_ID: ${SAML_SEND_ENCRYPTED_NAME_ID:-false}
|
||||
# SAML_SEND_SIGNED_AUTH_REQUEST: ${SAML_SEND_SIGNED_AUTH_REQUEST:-false}
|
||||
# SAML_SIGNED_SP_METADATA: ${SAML_SIGNED_SP_METADATA:-false}
|
||||
# SAML_WANT_MESSAGE_SIGNED: ${SAML_WANT_MESSAGE_SIGNED:-false}
|
||||
# SAML_WANT_ASSERTION_SIGNED: ${SAML_WANT_ASSERTION_SIGNED:-false}
|
||||
# SAML_WANT_ASSERTION_ENCRYPTED: ${SAML_WANT_ASSERTION_ENCRYPTED:-false}
|
||||
# SAML_WANT_NAME_ID_ENCRYPTED: ${SAML_WANT_NAME_ID_ENCRYPTED:-false}
|
||||
# SAML_KEYSTORE_FILE_PATH: ${SAML_KEYSTORE_FILE_PATH:-""}
|
||||
# SAML_KEYSTORE_ALIAS: ${SAML_KEYSTORE_ALIAS:-""}
|
||||
# SAML_KEYSTORE_PASSWORD: ${SAML_KEYSTORE_PASSWORD:-""}
|
||||
# For LDAP Authentication
|
||||
# AUTHENTICATION_LDAP_HOST: ${AUTHENTICATION_LDAP_HOST:-}
|
||||
# AUTHENTICATION_LDAP_PORT: ${AUTHENTICATION_LDAP_PORT:-}
|
||||
# AUTHENTICATION_LOOKUP_ADMIN_DN: ${AUTHENTICATION_LOOKUP_ADMIN_DN:-""}
|
||||
# AUTHENTICATION_LOOKUP_ADMIN_PWD: ${AUTHENTICATION_LOOKUP_ADMIN_PWD:-""}
|
||||
# AUTHENTICATION_USER_LOOKUP_BASEDN: ${AUTHENTICATION_USER_LOOKUP_BASEDN:-""}
|
||||
# AUTHENTICATION_USER_MAIL_ATTR: ${AUTHENTICATION_USER_MAIL_ATTR:-}
|
||||
# AUTHENTICATION_LDAP_POOL_SIZE: ${AUTHENTICATION_LDAP_POOL_SIZE:-3}
|
||||
# AUTHENTICATION_LDAP_SSL_ENABLED: ${AUTHENTICATION_LDAP_SSL_ENABLED:-}
|
||||
# AUTHENTICATION_LDAP_TRUSTSTORE_TYPE: ${AUTHENTICATION_LDAP_TRUSTSTORE_TYPE:-TrustAll}
|
||||
# AUTHENTICATION_LDAP_TRUSTSTORE_PATH: ${AUTHENTICATION_LDAP_TRUSTSTORE_PATH:-}
|
||||
# AUTHENTICATION_LDAP_KEYSTORE_PASSWORD: ${AUTHENTICATION_LDAP_KEYSTORE_PASSWORD:-}
|
||||
# AUTHENTICATION_LDAP_SSL_KEY_FORMAT: ${AUTHENTICATION_LDAP_SSL_KEY_FORMAT:-}
|
||||
# AUTHENTICATION_LDAP_ALLOW_WILDCARDS: ${AUTHENTICATION_LDAP_ALLOW_WILDCARDS:-}
|
||||
# AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES: ${AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES:-[]}
|
||||
# AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST: ${AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST:-}
|
||||
# AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES: ${AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES:-true}
|
||||
|
||||
# JWT Configuration
|
||||
RSA_PUBLIC_KEY_FILE_PATH: ${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"}
|
||||
RSA_PRIVATE_KEY_FILE_PATH: ${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"}
|
||||
JWT_ISSUER: ${JWT_ISSUER:-"open-metadata.org"}
|
||||
JWT_KEY_ID: ${JWT_KEY_ID:-"Gb389a-9f76-gdjs-a92j-0242bk94356"}
|
||||
# OpenMetadata Server Pipeline Service Client Configuration
|
||||
PIPELINE_SERVICE_CLIENT_ENDPOINT: ${PIPELINE_SERVICE_CLIENT_ENDPOINT:-http://ingestion:8080}
|
||||
PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL: ${PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL:-300}
|
||||
SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api}
|
||||
PIPELINE_SERVICE_CLIENT_VERIFY_SSL: ${PIPELINE_SERVICE_CLIENT_VERIFY_SSL:-"no-ssl"}
|
||||
PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH: ${PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH:-""}
|
||||
# Database configuration for MySQL
|
||||
DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-com.mysql.cj.jdbc.Driver}
|
||||
DB_SCHEME: ${DB_SCHEME:-mysql}
|
||||
DB_PARAMS: ${DB_PARAMS:-allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC}
|
||||
DB_USER: ${DB_USER:-openmetadata_user}
|
||||
DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password}
|
||||
DB_HOST: ${DB_HOST:-mysql}
|
||||
DB_PORT: ${DB_PORT:-3306}
|
||||
OM_DATABASE: ${OM_DATABASE:-openmetadata_db}
|
||||
# ElasticSearch Configurations
|
||||
ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:- elasticsearch}
|
||||
ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200}
|
||||
ELASTICSEARCH_SCHEME: ${ELASTICSEARCH_SCHEME:-http}
|
||||
ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""}
|
||||
ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""}
|
||||
SEARCH_TYPE: ${SEARCH_TYPE:- "elasticsearch"}
|
||||
ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""}
|
||||
ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""}
|
||||
ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5}
|
||||
ELASTICSEARCH_SOCKET_TIMEOUT_SECS: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60}
|
||||
ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS: ${ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS:-600}
|
||||
ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-100}
|
||||
ELASTICSEARCH_PAYLOAD_BYTES_SIZE: ${ELASTICSEARCH_PAYLOAD_BYTES_SIZE:-10485760} #max payLoadSize in Bytes
|
||||
ELASTICSEARCH_INDEX_MAPPING_LANG: ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN}
|
||||
# AWS IAM Authentication for OpenSearch (auto-enabled when AWS_DEFAULT_REGION is set)
|
||||
# Uses standard AWS env vars: https://docs.aws.amazon.com/cli/v1/userguide/cli-configure-envvars.html
|
||||
AWS_DEFAULT_REGION: ${AWS_DEFAULT_REGION:-""}
|
||||
AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID:-""}
|
||||
AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY:-""}
|
||||
AWS_SESSION_TOKEN: ${AWS_SESSION_TOKEN:-""}
|
||||
SEARCH_AWS_SERVICE_NAME: ${SEARCH_AWS_SERVICE_NAME:-"es"}
|
||||
|
||||
#eventMonitoringConfiguration
|
||||
EVENT_MONITOR: ${EVENT_MONITOR:-prometheus}
|
||||
EVENT_MONITOR_BATCH_SIZE: ${EVENT_MONITOR_BATCH_SIZE:-10}
|
||||
EVENT_MONITOR_PATH_PATTERN: ${EVENT_MONITOR_PATH_PATTERN:-["/api/v1/tables/*", "/api/v1/health-check"]}
|
||||
EVENT_MONITOR_LATENCY: ${EVENT_MONITOR_LATENCY:-[]}
|
||||
|
||||
#pipelineServiceClientConfiguration
|
||||
PIPELINE_SERVICE_CLIENT_ENABLED: ${PIPELINE_SERVICE_CLIENT_ENABLED:-true}
|
||||
PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"}
|
||||
PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false}
|
||||
PIPELINE_SERVICE_CLIENT_HOST_IP: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""}
|
||||
PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER: ${PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER:-"noop"}
|
||||
#airflow parameters
|
||||
AIRFLOW_USERNAME: ${AIRFLOW_USERNAME:-admin}
|
||||
AIRFLOW_PASSWORD: ${AIRFLOW_PASSWORD:-admin}
|
||||
AIRFLOW_TIMEOUT: ${AIRFLOW_TIMEOUT:-10}
|
||||
AIRFLOW_TRUST_STORE_PATH: ${AIRFLOW_TRUST_STORE_PATH:-""}
|
||||
AIRFLOW_TRUST_STORE_PASSWORD: ${AIRFLOW_TRUST_STORE_PASSWORD:-""}
|
||||
FERNET_KEY: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=}
|
||||
|
||||
#secretsManagerConfiguration
|
||||
SECRET_MANAGER: ${SECRET_MANAGER:-db}
|
||||
#parameters:
|
||||
OM_SM_REGION: ${OM_SM_REGION:-""}
|
||||
OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""}
|
||||
OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""}
|
||||
|
||||
#email configuration:
|
||||
OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"}
|
||||
OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"}
|
||||
AUTHORIZER_ENABLE_SMTP : ${AUTHORIZER_ENABLE_SMTP:-false}
|
||||
OPENMETADATA_SERVER_URL: ${OPENMETADATA_SERVER_URL:-""}
|
||||
OPENMETADATA_SMTP_SENDER_MAIL: ${OPENMETADATA_SMTP_SENDER_MAIL:-""}
|
||||
SMTP_SERVER_ENDPOINT: ${SMTP_SERVER_ENDPOINT:-""}
|
||||
SMTP_SERVER_PORT: ${SMTP_SERVER_PORT:-""}
|
||||
SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""}
|
||||
SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""}
|
||||
SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"}
|
||||
|
||||
# Heap OPTS Configurations
|
||||
OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G}
|
||||
# Mask passwords values in UI
|
||||
MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false}
|
||||
|
||||
#OpenMetadata Web Configuration
|
||||
WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"}
|
||||
#HSTS
|
||||
WEB_CONF_HSTS_ENABLED: ${WEB_CONF_HSTS_ENABLED:-false}
|
||||
WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"}
|
||||
WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"}
|
||||
WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"}
|
||||
#Frame Options
|
||||
WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false}
|
||||
WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"}
|
||||
WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""}
|
||||
#Content Type
|
||||
WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false}
|
||||
#XSS-Protection
|
||||
WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false}
|
||||
WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true}
|
||||
WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true}
|
||||
#CSP
|
||||
WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false}
|
||||
WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"}
|
||||
WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""}
|
||||
#Cache
|
||||
WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""}
|
||||
WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""}
|
||||
|
||||
expose:
|
||||
- 8585
|
||||
- 8586
|
||||
ports:
|
||||
- "8585:8585"
|
||||
- "8586:8586"
|
||||
depends_on:
|
||||
elasticsearch:
|
||||
condition: service_healthy
|
||||
mysql:
|
||||
condition: service_healthy
|
||||
execute-migrate-all:
|
||||
condition: service_completed_successfully
|
||||
networks:
|
||||
- app_net
|
||||
healthcheck:
|
||||
test: [ "CMD", "wget", "-q", "--spider", "http://localhost:8586/healthcheck" ]
|
||||
|
||||
ingestion:
|
||||
container_name: openmetadata_ingestion
|
||||
image: ${OPENMETADATA_INGESTION_IMAGE:-docker.getcollate.io/openmetadata/ingestion:1.12.0-SNAPSHOT}
|
||||
depends_on:
|
||||
elasticsearch:
|
||||
condition: service_started
|
||||
mysql:
|
||||
condition: service_healthy
|
||||
openmetadata-server:
|
||||
condition: service_started
|
||||
environment:
|
||||
AIRFLOW__API__AUTH_BACKENDS: "airflow.api.auth.backend.basic_auth,airflow.api.auth.backend.session"
|
||||
AIRFLOW__CORE__EXECUTOR: LocalExecutor
|
||||
AIRFLOW__OPENMETADATA_AIRFLOW_APIS__DAG_GENERATED_CONFIGS: "/opt/airflow/dag_generated_configs"
|
||||
DB_HOST: ${AIRFLOW_DB_HOST:-mysql}
|
||||
DB_PORT: ${AIRFLOW_DB_PORT:-3306}
|
||||
AIRFLOW_DB: ${AIRFLOW_DB:-airflow_db}
|
||||
DB_SCHEME: ${AIRFLOW_DB_SCHEME:-mysql+mysqldb}
|
||||
DB_USER: ${AIRFLOW_DB_USER:-airflow_user}
|
||||
DB_PASSWORD: ${AIRFLOW_DB_PASSWORD:-airflow_pass}
|
||||
# extra connection-string properties for the database
|
||||
# EXAMPLE
|
||||
# require SSL (only for Postgres)
|
||||
# properties: "?sslmode=require"
|
||||
DB_PROPERTIES: ${AIRFLOW_DB_PROPERTIES:-}
|
||||
# To test the lineage backend
|
||||
# AIRFLOW__LINEAGE__BACKEND: airflow_provider_openmetadata.lineage.backend.OpenMetadataLineageBackend
|
||||
# AIRFLOW__LINEAGE__AIRFLOW_SERVICE_NAME: local_airflow
|
||||
# AIRFLOW__LINEAGE__OPENMETADATA_API_ENDPOINT: http://openmetadata-server:8585/api
|
||||
# AIRFLOW__LINEAGE__JWT_TOKEN: ...
|
||||
entrypoint: /bin/bash
|
||||
command:
|
||||
- "/opt/airflow/ingestion_dependency.sh"
|
||||
expose:
|
||||
- 8080
|
||||
ports:
|
||||
- "8080:8080"
|
||||
networks:
|
||||
- app_net
|
||||
volumes:
|
||||
- ingestion-volume-dag-airflow:/opt/airflow/dag_generated_configs
|
||||
- ingestion-volume-dags:/opt/airflow/dags
|
||||
- ingestion-volume-tmp:/tmp
|
||||
|
||||
|
||||
networks:
|
||||
app_net:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: "172.16.240.0/24"
|
||||
+96
@@ -0,0 +1,96 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Script to start Fuseki and OpenSearch services for OpenMetadata RDF development
|
||||
|
||||
set -e
|
||||
|
||||
echo "=== Starting RDF Services for OpenMetadata ==="
|
||||
|
||||
# Check if running on macOS or Linux
|
||||
if [[ "$OSTYPE" == "darwin"* ]]; then
|
||||
echo "Running on macOS - skipping vm.max_map_count setting"
|
||||
else
|
||||
# Set vm.max_map_count for OpenSearch (Linux only)
|
||||
echo "Setting vm.max_map_count for OpenSearch..."
|
||||
sudo sysctl -w vm.max_map_count=262144 || {
|
||||
echo "Warning: Could not set vm.max_map_count. OpenSearch might have issues."
|
||||
echo "Try running: sudo sysctl -w vm.max_map_count=262144"
|
||||
}
|
||||
fi
|
||||
|
||||
# Load environment variables if .env exists
|
||||
if [ -f .env ]; then
|
||||
echo "Loading environment variables from .env..."
|
||||
export $(grep -v '^#' .env | xargs)
|
||||
fi
|
||||
|
||||
# Use default path if not set
|
||||
VOLUMES_PATH=${DOCKER_VOLUMES_PATH:-./docker-volumes}
|
||||
|
||||
# Create volume directories
|
||||
echo "Creating volume directories in: $VOLUMES_PATH"
|
||||
mkdir -p "$VOLUMES_PATH/fuseki/databases" "$VOLUMES_PATH/fuseki/run" "$VOLUMES_PATH/opensearch"
|
||||
|
||||
# Set permissions
|
||||
echo "Setting permissions..."
|
||||
chmod -R 777 "$VOLUMES_PATH"
|
||||
|
||||
# Start Fuseki
|
||||
echo "Starting Apache Jena Fuseki..."
|
||||
# Use Rosetta 2 emulation on ARM64 because the local Fuseki Dockerfile
|
||||
# bases on a Linux x86_64 image; the Rosetta variant pins platform=linux/amd64.
|
||||
if [[ $(uname -m) == "arm64" ]] || [[ $(uname -m) == "aarch64" ]]; then
|
||||
echo "Detected ARM64 architecture, using Rosetta 2 emulation..."
|
||||
docker compose -f docker-compose-fuseki-rosetta.yml up -d
|
||||
else
|
||||
docker compose -f docker-compose-fuseki-standalone.yml up -d
|
||||
fi
|
||||
|
||||
# Start OpenSearch
|
||||
echo "Starting OpenSearch..."
|
||||
docker compose -f docker-compose-opensearch-standalone.yml up -d
|
||||
|
||||
# Wait for services to be healthy
|
||||
echo "Waiting for services to start..."
|
||||
sleep 10
|
||||
|
||||
# Check Fuseki
|
||||
echo -n "Checking Fuseki status... "
|
||||
if curl -s http://localhost:3030/$/ping > /dev/null; then
|
||||
echo "✓ Fuseki is running"
|
||||
echo " - Fuseki UI: http://localhost:3030"
|
||||
echo " - SPARQL endpoint: http://localhost:3030/openmetadata/sparql"
|
||||
echo " - Login: admin/admin"
|
||||
else
|
||||
echo "✗ Fuseki is not responding"
|
||||
fi
|
||||
|
||||
# Check OpenSearch
|
||||
echo -n "Checking OpenSearch status... "
|
||||
if curl -s http://localhost:9200/_cluster/health > /dev/null; then
|
||||
echo "✓ OpenSearch is running"
|
||||
echo " - OpenSearch API: http://localhost:9200"
|
||||
echo " - OpenSearch Dashboards: http://localhost:5601"
|
||||
echo " - No authentication required (security disabled)"
|
||||
|
||||
# Show cluster health
|
||||
echo ""
|
||||
echo "OpenSearch cluster health:"
|
||||
curl -s http://localhost:9200/_cluster/health?pretty | head -10
|
||||
else
|
||||
echo "✗ OpenSearch is not responding"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "=== Services Started ==="
|
||||
echo ""
|
||||
echo "To stop services:"
|
||||
echo " docker-compose -f docker-compose-fuseki-standalone.yml down"
|
||||
echo " docker-compose -f docker-compose-opensearch-standalone.yml down"
|
||||
echo ""
|
||||
echo "To view logs:"
|
||||
echo " docker logs -f fuseki-standalone"
|
||||
echo " docker logs -f opensearch-standalone"
|
||||
echo ""
|
||||
echo "To clean up data:"
|
||||
echo " rm -rf fuseki-volume/* search-volume/*"
|
||||
+38
@@ -0,0 +1,38 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Script to stop Fuseki and OpenSearch services
|
||||
|
||||
echo "=== Stopping RDF Services ==="
|
||||
|
||||
# Stop Fuseki
|
||||
echo "Stopping Apache Jena Fuseki..."
|
||||
# Try to stop all possible Fuseki configurations
|
||||
docker compose -f docker-compose-fuseki-rosetta.yml down 2>/dev/null || true
|
||||
docker compose -f docker-compose-fuseki-multiarch.yml down 2>/dev/null || true
|
||||
docker compose -f docker-compose-fuseki-arm64.yml down 2>/dev/null || true
|
||||
docker compose -f docker-compose-fuseki-standalone.yml down 2>/dev/null || true
|
||||
|
||||
# Stop OpenSearch
|
||||
echo "Stopping OpenSearch..."
|
||||
docker compose -f docker-compose-opensearch-standalone.yml down
|
||||
|
||||
# Load environment variables if .env exists
|
||||
if [ -f .env ]; then
|
||||
export $(grep -v '^#' .env | xargs)
|
||||
fi
|
||||
|
||||
# Use default path if not set
|
||||
VOLUMES_PATH=${DOCKER_VOLUMES_PATH:-./docker-volumes}
|
||||
|
||||
echo ""
|
||||
echo "=== Services Stopped ==="
|
||||
echo ""
|
||||
echo "Data is preserved in:"
|
||||
echo " - Fuseki: $VOLUMES_PATH/fuseki"
|
||||
echo " - OpenSearch: $VOLUMES_PATH/opensearch"
|
||||
echo ""
|
||||
echo "To remove all data:"
|
||||
echo " rm -rf $VOLUMES_PATH/*"
|
||||
echo ""
|
||||
echo "To remove Docker volumes:"
|
||||
echo " docker volume prune"
|
||||
+56
@@ -0,0 +1,56 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Test script for RDF services
|
||||
|
||||
echo "=== Testing RDF Services ==="
|
||||
echo ""
|
||||
|
||||
# Test Fuseki
|
||||
echo "Testing Apache Jena Fuseki..."
|
||||
echo -n " Checking health: "
|
||||
if curl -s http://localhost:3030/$/ping > /dev/null 2>&1; then
|
||||
echo "✓ OK"
|
||||
|
||||
echo -n " Checking datasets: "
|
||||
if curl -s http://localhost:3030/$/datasets | grep -q "openmetadata"; then
|
||||
echo "✓ openmetadata dataset found"
|
||||
else
|
||||
echo "✗ openmetadata dataset not found"
|
||||
fi
|
||||
|
||||
echo -n " Testing SPARQL endpoint: "
|
||||
SPARQL_TEST=$(curl -s -X POST http://localhost:3030/openmetadata/sparql \
|
||||
-H "Content-Type: application/x-www-form-urlencoded" \
|
||||
-d 'query=SELECT ?s WHERE { ?s ?p ?o } LIMIT 1' 2>&1)
|
||||
if echo "$SPARQL_TEST" | grep -q "results"; then
|
||||
echo "✓ SPARQL endpoint working"
|
||||
else
|
||||
echo "✗ SPARQL endpoint not responding correctly"
|
||||
fi
|
||||
else
|
||||
echo "✗ Fuseki not responding on port 3030"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
|
||||
# Test OpenSearch
|
||||
echo "Testing OpenSearch..."
|
||||
echo -n " Checking health: "
|
||||
HEALTH=$(curl -s http://localhost:9200/_cluster/health 2>/dev/null)
|
||||
if echo "$HEALTH" | grep -q "status"; then
|
||||
STATUS=$(echo "$HEALTH" | grep -o '"status":"[^"]*"' | cut -d'"' -f4)
|
||||
echo "✓ OK (status: $STATUS)"
|
||||
|
||||
echo -n " Checking version: "
|
||||
VERSION=$(curl -s http://localhost:9200 | grep -o '"number":"[^"]*"' | cut -d'"' -f4)
|
||||
echo "✓ Version $VERSION"
|
||||
|
||||
echo -n " Checking indices: "
|
||||
INDICES=$(curl -s http://localhost:9200/_cat/indices?v 2>/dev/null | wc -l)
|
||||
echo "✓ $((INDICES-1)) indices"
|
||||
else
|
||||
echo "✗ OpenSearch not responding on port 9200"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "=== Test Complete ==="
|
||||
Reference in New Issue
Block a user