You are viewing the RapidMiner Hub documentation for version 10.2 - Check here for latest version
Docker-compose deployment
This document will help you to deploy RapidMiner AI Hub on a single host. For multi-host deployments, see Kubernetes deployment with Helm.
To deploy RapidMiner AI Hub with docker compose:
- [Download] the production template, and follow instructions.
All versions: [10.2]
Table of contents
- System requirements
- Upgrade notes
- Profiles
- Instructions
- PUBLIC_URL
- Panopticon Licensing
- The environment file (.env)
- The definition file (docker-compose.yml)
- Change the default port
System requirements
Rootless Docker was introduced in Docker Engine version 19.03 as an experimental feature, and graduated from that status in version 20.10.
Hence, it is recommended that you use version >= 20.10 of the Docker Engine.
For details related to the operating system, see the distribution-specific hints. Note that CentOS 6/7 are not supported, because unprivileged user namespaces are not supported in Linux kernel versions < 3.19.
Minimum recommended hardware configuration
The amount of memory needed depends heavily on the amount of data that will be processed by RapidMiner AI Hub. By themselves, the RapidMiner services can run with as little as 16 GB. However, in production environments, we recommend 32GB or more depending on user data, in order to provide users with enough capacity to analyze data from realistic use cases.
Each virtual or physical machine should at least have:
- Quad core
- 32GB RAM
- >30GB free disk space
Upgrade notes
For upgrading to 10.2 version the PROXY_DATA_UPLOAD_LIMIT
value's needs to be modified, remove the B suffix from the configuration value, where the value is expressed in units such as GB,KB,MB, etc.
Profiles
If you only want a subset of the features provided by RapidMiner AI Hub, you can use the profiles feature of docker compose to pick and choose from the following set:
Profile | Description |
---|---|
aihub-activemq | aihub-activemq |
aihub-backend | aihub-backend |
aihub-frontend | aihub-frontend |
aihub-job-agent | Job Agent |
altair-license | Licensing |
ces | Coding environment storage |
deployment-init | deployment-init |
grafana | Dashboards |
jupyter | JupyterHub |
keycloak | Keycloak |
landing-page | Landing page |
letsencrypt | letsencrypt |
panopticon | Panopticon |
platform-admin | Platform Admin |
proxy | Proxy |
scoring-agent | Scoring Agent |
token-tool | Token generator |
In the environment file, edit the variable COMPOSE_PROFILES
to choose your subset.
Note that value of COMPOSE_PROFILES
is a comma-separated list with no spaces.
# Maximum set
# COMPOSE_PROFILES=deployment-init,proxy,keycloak,altair-license,landing-page,aihub-frontend,aihub-backend,aihub-activemq,aihub-job-agent,jupyter,grafana,scoring-agent,platform-admin,ces,token-tool,letsencrypt,panopticon
# Minimum set
# COMPOSE_PROFILES=deployment-init,proxy,keycloak,altair-license,landing-page,aihub-frontend,aihub-backend,aihub-activemq,aihub-job-agent
# Default set
COMPOSE_PROFILES=deployment-init,proxy,keycloak,altair-license,landing-page,aihub-frontend,aihub-backend,aihub-activemq,aihub-job-agent,jupyter,grafana,scoring-agent,platform-admin,ces,token-tool,letsencrypt,panopticon
Instructions
To deploy this template, take the following steps.
If you have not yet done so, install Docker.
Download the ZIP file. Unzip and examine the contents:
- .env (note that because of the preceding dot, this file is usually hidden)
- docker-compose.yml
panopticon
folderssl
folder- numerous READMEs
(optional) By default, RapidMiner AI Hub will start with the set of services identified in the
COMPOSE_PROFILES
variable, as discussed above. You can choose a different set of profiles by setting the following variable in the.env
file:COMPOSE_PROFILES
If you are using the traditional RapidMiner License, you should disable the
altair-license
profile.As discussed in detail below, set the following variables in the
.env
file:PUBLIC_DOMAIN
,PUBLIC_PROTOCOL
,PUBLIC_PORT
PUBLIC_URL
SSO_PUBLIC_DOMAIN
SSO_PUBLIC_URL
(Altair Units license only) Skip to the next step if you are using RapidMiner licensing.
By default, AI Hub uses Altair Unit licensing. Make sure that
altair-license
is enabled in your profiles.(RapidMiner license only) Skip to the next step if you are using Altair Units licensing.
In the
.env
file, set the following variable with a copy of your license from my.rapidminer.com:LICENSE
With
SCORING_AGENT_ENABLE_SERVER_LICENSE=true
, the AI Hub license will be used also for the bundled scoring agent. The Scoring Agent Status is visible after logging in, via Platform Administration.(Panopticon license only) If you are not using Panopticon, skip to the next step.
If you are using Panopitocon, make sure that
panopticon
is enabled in your profiles. See the detailed instructions for Panopticon licensing below.Within the
.env
file, set additional frequently used configuration values:- The initial admin password can be set using the variable
KEYCLOAK_PASSWORD
(default: "changeit"). - Replace
AUTH_SECRET
(an internal authentication encryption key) andBROKER_ACTIVEMQ_PASSWORD
with any base64 encoded string. - The secret key
JUPYTERHUB_CRYPT_KEY
is used to encrypt user data in the JupyterHub DB. We propose to change the default value to a random string, i.e. openssl rand -hex 32
# echo $RANDOM | md5sum | head -c 20; echo | base64; AUTH_SECRET="<AUTH-SECRET-PLACEHOLDER>" -- BROKER_ACTIVEMQ_PASSWORD="<SERVER-AMQ-PASS-PLACEHOLDER>" -- # Jupyterhub crypt key can be generated with the command: openssl rand -hex 32 JUPYTERHUB_CRYPT_KEY="<JUPYTERHUB-CRYPT-KEY-PLACEHOLDER>"
- The initial admin password can be set using the variable
Transfer the contents of the ZIP file, with URLs and licenses configured, to the server host, the machine where you installed Docker.
Connect to the server host, and change directory to the folder containing those files. Please make sure the
.env
file has the following permissions:sudo chmod a+rw .env
If SSO configuration is not disabled (this is the case by default), then the platform deployment needs to be initialized before the first startup. In the directory containing
docker-compose.yml
, type:docker compose up -d deployment-init
If immediately afterwards you type
docker compose logs -f deployment-init
you can observe the initialization taking place, and you will know that you are ready to execute the next step when you see the following text printed repeatedly to the screen, typically after 1-2 minutes:
[DEPLOYMENT INIT] Successfully finished.
Alternatively, if you observe the following error message:
| [RM INIT] Starting... | [RM INIT] Starting job /rapidminer/provision/tasks/01_check_permissions.sh | touch: cannot touch '/tmp/ssl/.test_permission': Permission denied | Permission denied on file/directory ssl/ ! | Please make sure about good permissions of these files/dirs: | - .env : it should be writable by anyone (666, or -rw-rw-rw-) | - ssl : it should be writable by anyone (777, or drwxrwxrwx)
make sure to set the appropriate permissions on the
ssl
directory:sudo chown -R 2011:0 ssl/ sudo chmod -R ug+w ssl/ sudo chmod -R o-rwx ssl/
before reissuing the initial command:
docker compose up -d deployment-init
Finally, start the stack by running the command:
docker compose up -d
Again, you can observe the progress of startup with the command:
docker compose logs -f deployment-init
The service
deployment-init
will exit without error when complete.
If the Docker images are not available on the host, they will be automatically downloaded from the Docker Hub.
PUBLIC_URL
The deployed stack needs to have a valid public URL, both for internal communication and so that external clients (like RapidMiner Studio and a browser) can connect to it. In the .env
file, before first startup, set the values of the environment variables PUBLIC_URL
and SSO_PUBLIC_URL
to this public URL.
The values
http://localhost
andhttp://127.0.0.1
are not supported, because this URL will be used also for internal container-to-container communication between our services.If deploying on a single host, use the host's public IP address, such as
http://192.168.1.101
or a publicly resolvable hostname that resolves to this IP address, likehttp://platform.rapidminer.com
.If the deployment cannot listen on the default HTTP and HTTPS ports (80 and 443), then read Change the default port.
It is highly preferred to use HTTPS for the connection. In this case the
PUBLIC_URL
,SSO_PUBLIC_URL
,PUBLIC_PROTOCOL
andWEBAPI_REGISTRY_PROTOCOL
variables should be configured using thehttps://
prefix and the certificate chain and private key files should be provided in PEM format in thessl
sub-folder using the filenamescertificate.crt
andprivate.key
. The default filenames can be changed using the environment variables in the Proxy section of the.env
file. Make sure to set the permissions of thessl
directory as indicated above in the final point of the instructions. Also setPUBLIC_PORT
variable to443
which is used by WebAPI.
Once the deployment is running, the configured reverse proxy listens by default on the standard HTTP (80) port, and also on the HTTPS (443) port if an HTTPS certificate is configured.
The initial login credentials are set in the .env file (by the variables KEYCLOAK_USER
and KEYCLOAK_PASSWORD
).
By default you can log in using the username "admin" and password: "changeit".
From the landing page at PUBLIC_URL, the full range of services of RapidMiner AI Hub is available.
Panopticon Licensing
The deployment-init
phase tries to derive the licensing of Panopticon from the licensing of RapidMiner AI Hub.
The following table shows the Panopticon licensing modes and their RapidMiner AI Hub equivalents:
RapidMiner AI Hub licensing | Panopticon Licensing |
---|---|
Legacy Rapidminer License | License file |
ALTAIR_UNIT + altair_one | hosted HWU |
ALTAIR_UNIT + on_prem | not hosted HWU |
Altair Unit Hosted (Altair One)
When using LICENSE_MODE=ALTAIR_UNIT
and LICENSE_PROXY_MODE=altair_one
licensing, the following settings will be copied over from RapidMiner AI Hub:
(This is the mapping from the .env file to the Panopticon.properties file)
.env | Panopticon.properties |
---|---|
LICENSE_PROXY_MODE=altair_one | license.hwu.hosted=true |
LICENSE_UNIT_MANAGER_USER_NAME | license.hwu.hosted.authorization.username |
LICENSE_UNIT_MANAGER_PASSWORD | license.hwu.hosted.authorization.password |
LICENSE_UNIT_MANAGER_AUTH_CODE | license.hwu.hosted.authorization.token |
Altair Unit On-Prem
When using LICENSE_MODE=ALTAIR_UNIT
and LICENSE_PROXY_MODE=on_prem
licensing, the following settings will be copied over from RapidMiner AI Hub:
(This is the mapping from the .env file to the Panopticon.properties file)
.env | Panopticon.properties |
---|---|
LICENSE_PROXY_MODE=on_prem | license.hwu.hosted=false |
ALTAIR_LICENSE_PATH | license.hwu.uri |
In this case you don't need any manual setup, you can start up the deployment as usual.
Rapidminer legacy and Panopticon file based licensing
When using LICENSE_MODE=RAPIDMINER
, you need to provide both the LICENSE
variable containing your legacy RapidMiner license in the .env file and also provide your Panopticon license
using the filename: PanopticonLicense.xml
in the panopticon/AppData
folder.
In this case you don't need any manual setup, you can start up the deployment as usual.
Other options
If you want to use different licensing for Panopticon and RapidMiner AI Hub, set the PANOPTICON_DETACHED_LICENSE
variable to true
.
In this case you can configure Panopticon separately and there's no license related mapping from the .env file.
Altough the Panopticon licensing configuration will be independent from RapidMiner AI Hub, there are several settings, that are automatically set up by the deployment-init (for example Keycloak configuration).
To start up Panopicon:
- Run the
deployment-init
profile as you would normally. - Edit the newly created
panopticon/AppData/Panopticon_overide.properties
file according to the official Panopticon documentation. - Start the rest of the platform.
The environment file (.env)
# ############################################ # # Global parameters # # ############################################ # Public domain of the deployment PUBLIC_DOMAIN=platform.rapidminer.com PUBLIC_PROTOCOL=http PUBLIC_PORT=80 # Public URL of the deployment that will be used for external access (Public domain + protocol + port) PUBLIC_URL=http://platform.rapidminer.com # Public domain of the SSO endpoint that will be used for external access. In most cases it should be the same as the PUBLIC_DOMAIN SSO_PUBLIC_DOMAIN=platform.rapidminer.com # Public URL of the SSO endpoint that will be used for external access. In most cases it should be the same as the PUBLIC_URL SSO_PUBLIC_URL=http://platform.rapidminer.com # SSO default parameters SSO_IDP_REALM=master # Valid values are 'all', 'external' and 'none'. SSO_SSL_REQUIRED=none WEBMASTER_MAIL=operations@sampleorg.com # Enable/disable the service build into the RapidMiner cloud images, that updates the PUBLIC_URL and SSO_PUBLIC_URL variables to the new dynamic cloud hostname/IP address AUTOMATIC_PUBLIC_URL_UPDATE_FOR_CLOUD_IMAGES=false # Enable/disable the Legacy BASIC authentication support for REST endpoints, like webservices. (lowercase true/false) LEGACY_REST_BASIC_AUTH_ENABLED=false # Timezone setting TZ=UTC # License mode for the platform # Supported modes are 'ALTAIR_UNIT' and 'RAPIDMINER' LICENSE_MODE=ALTAIR_UNIT # Legacy RapidMiner License # Please provide the LICENSE variable only if you have a legacy license. LICENSE= # Profiles # A coma separated list of active profiles # For deployments with legacy licensing please disable altair-license in your profile # Maximum set # COMPOSE_PROFILES=deployment-init,proxy,keycloak,altair-license,landing-page,aihub-frontend,aihub-backend,aihub-activemq,aihub-job-agent,jupyter,grafana,scoring-agent,platform-admin,ces,token-tool,letsencrypt,panopticon # Minimum set # COMPOSE_PROFILES=deployment-init,proxy,keycloak,altair-license,landing-page,aihub-frontend,aihub-backend,aihub-activemq,aihub-job-agent # Default set COMPOSE_PROFILES=deployment-init,proxy,keycloak,altair-license,landing-page,aihub-frontend,aihub-backend,aihub-activemq,aihub-job-agent,jupyter,grafana,scoring-agent,platform-admin,ces,token-tool,letsencrypt,panopticon # Docker-compose timeout setting COMPOSE_HTTP_TIMEOUT=600 # ############################################ # # Deployment parameters # # ############################################ # Prefix to use for docker registry REGISTRY=rapidminer/ # Version of the Init container INIT_VERSION=10.2.0 # Enable configuring server settings for Python Scripting extension INIT_SHARED_CONDA_SETTINGS=true # ############################################ # # Proxy # # ############################################ PROXY_VERSION=10.2.0 UNPRIVILEGED_PORTS=false PROXY_DATA_UPLOAD_LIMIT=10240M # Backends AIHUB_FRONTEND=http://aihub-frontend AIHUB_BACKEND=http://aihub-backend:8080 WEBAPI_GATEWAY_BACKEND=http://webapi-gateway:8099 GRAFANA_BACKEND=http://grafana:3000/ JUPYTERHUB_BACKEND=http://jupyterhub:8000/ KEYCLOAK_BACKEND=http://keycloak:8080 KIBANA_BACKEND=http://rm-kibana:5601 LANDING_BACKEND=http://landing-page:1080/ LETSENCRYPT_BACKEND=http://letsencrypt:1084/ METRICS_BACKEND=http://prometheus:9090/ PLATFORM_ADMIN_BACKEND=http://platform-admin:1082/ SCORING_AGENT_BACKEND=http://scoring-agent:8090/ SCORING_AGENT_WEBUI_BACKEND=http://platform-admin:1082/ STANDPY_BACKEND=http://standpy-router/ TOKEN_BACKEND=http://token-tool:1080/ PANOPTICON_BACKEND=http://panopticon-vizapp:8080 # Backend suffixes GRAFANA_URL_SUFFIX=/grafana JUPYTERHUB_URL_SUFFIX=/jupyter/ KIBANA_URL_SUFFIX=/kibana METRICS_URL_SUFFIX=/metrics PLATFORM_ADMIN_URL_SUFFIX=/platform-admin SCORING_AGENT_URL_SUFFIX=/rts SCORING_AGENT_WEBUI_URL_SUFFIX=/rts-admin STANDPY_URL_SUFFIX=/standpy TOKEN_TOOL_URL_SUFFIX=/get-token # Default Basic Auth Accesses PLATFORM_ADMIN_ENVIRONMENT_EXPORT_AUTH_BASIC_USER=foobar PLATFORM_ADMIN_ENVIRONMENT_EXPORT_AUTH_BASIC_PASSWORD=secret METRICS_AUTH_BASIC_USER=admin METRICS_AUTH_BASIC_PASS=changeit LOGS_AUTH_BASIC_USER=admin LOGS_AUTH_BASIC_PASS=changeit SCORING_AGENT_BASIC_AUTH=true # Change these when you want to use non-default pair to login SCORING_AGENT_ADMIN_USER=admin SCORING_AGENT_ADMIN_PASSWORD=changeit # HTTPS settings ALLOW_LETSENCRYPT=true HTTPS_CRT_PATH=/etc/nginx/ssl/certificate.crt HTTPS_KEY_PATH=/etc/nginx/ssl/private.key HTTPS_KEY_PASSWORD_FILE_PATH=/etc/nginx/ssl/password.txt HTTPS_DH_PATH=/etc/nginx/ssl/dhparam.pem WAIT_FOR_DHPARAM=true DEBUG_CONF_INIT=false # ############################################ # # KeyCloak (SSO) # # ############################################ # Keycloak container version KEYCLOAK_VERSION=10.2.0 # Keycloak database parameters KEYCLOAK_POSTGRES_VERSION=10.2.0 KEYCLOAK_DBSCHEMA=kcdb KEYCLOAK_DBUSER=kcdbuser KEYCLOAK_DBPASS=changeit KEYCLOAK_POSTGRES_INITDB_ARGS="--encoding UTF8 --locale=C /var/lib/postgresql/data" # Default platform admin user credentials KEYCLOAK_USER=admin KEYCLOAK_PASSWORD=changeit KC_FEATURES=token-exchange,upload_scripts KC_HOSTNAME_STRICT="false" KC_HOSTNAME_STRICT_BACKCHANNEL="false" KC_HOSTNAME_STRICT_HTTPS="false" KC_LOG_LEVEL=info KC_PROXY=edge KC_HTTP_ENABLED="true" # ############################################ # # License Proxy # # ############################################ SKIP_LICENSE_CHECK=false LICENSE_PROXY_VERSION=10.2.0 # License Proxy url with protocol and port LICENSE_PROXY_INTERNAL_URL=http://license-proxy:9898 # Unique machine id of the deployment # may be generated with the command: echo "$(openssl rand -hex 4)-$(openssl rand -hex 2)-$(openssl rand -hex 2)-$(openssl rand -hex 2)-$(openssl rand -hex 6)" LICENSE_AGENT_MACHINE_ID="00000000-0000-0000-0000-000000000000" # supported modes are 'on_prem' and 'altair_one' LICENSE_PROXY_MODE=on_prem # ## settings for 'on_prem' mode ### # Altair License Manager path for on-prem mode pointing to an Altair Lincense Manager endpoint in format of port@host # must be set if mode is 'on_prem' ALTAIR_LICENSE_PATH= # ## # ## settings for 'altair_one' mode ### # Authentication type while connecting to the license server # possible values are 'credentials', 'auth_code' and 'static_token' LICENSE_UNIT_MANAGER_AUTHENTICATION_TYPE=credentials # ##### settings for 'credentials' authentication type # Altair One username. Must be set if the authentication type is 'credentials' and License Proxy mode is 'altair_one' LICENSE_UNIT_MANAGER_USER_NAME= # Altair One password. Must be set if the authentication type is 'credentials' and License Proxy mode is 'altair_one' LICENSE_UNIT_MANAGER_PASSWORD= # When mode is 'altair_one', resets any stored auth code when 'credentials' already persisted a valid auth token LICENSE_UNIT_MANAGER_RESET_AUTH_TOKEN=false # ##### # ##### settings for 'static_token' authentication type # License Server access token. Must be set if the authentication type is 'static_token' and License Proxy mode is 'altair_one' LICENSE_UNIT_MANAGER_TOKEN= # ##### LICENSE_UNIT_MANAGER_AUTH_CODE= # ## # ############################################ # # Rapidminer AiHub # # ############################################ AIHUB_FRONTEND_VERSION=10.2.0 AIHUB_BACKEND_VERSION=10.2.0 AIHUB_POSTGRES_VERSION=10.2.0 AIHUB_DBHOST=aihub-postgresql AIHUB_DBSCHEMA=aihub-db AIHUB_DBUSER=aihub-db-user AIHUB_DBPASS=changeit AIHUB_POSTGRES_INITDB_ARGS="--encoding UTF8 --locale=C /var/lib/postgresql/data" AIHUB_FRONTEND_SSO_CLIENT_ID=aihub-frontend AIHUB_BACKEND_SSO_CLIENT_ID=aihub-backend AIHUB_BACKEND_SSO_CLIENT_SECRET= AIHUB_BACKEND_HOSTNAME=aihub-backend AIHUB_BACKEND_PORT=8080 AIHUB_BACKEND_INTERNAL_URL=http://aihub-backend:8080 # AiHub and JA authenticates using this shared secret, which shall be a random string in base64 encoded format # echo $RANDOM | md5sum | head -c 20; echo | base64; AUTH_SECRET="" RAPIDMINER_LOAD_USER_CERTIFICATES=true # ############################################ # # Job Agent # # ############################################ JOBAGENT_VERSION=10.2.0 JOBAGENT_QUEUE_ACTIVEMQ_URI=failover:(tcp://aihub-activemq:61616) JOBAGENT_CONTAINER_COUNT=2 JOBAGENT_SSO_CLIENT_ID=aihub-jobagent JOBAGENT_SSO_CLIENT_SECRET= JOBAGENT_QUEUE_JOB_REQUEST=DEFAULT JOBAGENT_CONTAINER_MEMORYLIMIT=2048 AIHUB_BACKEND_PROTOCOL=http JOBAGENT_NAME=JOBAGENT-1 JOBAGENT_CONTAINER_LOAD_USER_CERTIFICATES=true # ############################################ # # ActiveMQ # # ############################################ ACTIVEMQ_VERSION=10.2.0 BROKER_ACTIVEMQ_USERNAME=amq-user BROKER_ACTIVEMQ_PASSWORD=" " # ############################################ # # Jupyterhub # # ############################################ JUPYTERHUB_VERSION=10.2.0 JUPYTERHUB_DBHOST=jupyterhub-db JUPYTERHUB_DBSCHEMA=jupyterhub JUPYTERHUB_DBUSER=jupyterhubdbuser JUPYTERHUB_DBPASS=changeit JUPYTERHUB_HOSTNAME=jupyterhub JUPYTERHUB_POSTGRES_INITDB_ARGS="--encoding UTF8 --locale=C /var/lib/postgresql/data" # Jupyterhub crypt key can be generated with the command: openssl rand -hex 32 JUPYTERHUB_CRYPT_KEY=" " JUPYTERHUB_DEBUG=False JUPYTERHUB_TOKEN_DEBUG=False JUPYTERHUB_PROXY_DEBUG=False JUPYTERHUB_DB_DEBUG=False JUPYTERHUB_SPAWNER_DEBUG=False JUPYTERHUB_STACK_NAME=default JUPYTERHUB_SSO_CLIENT_ID=jupyterhub JUPYTERHUB_SSO_CLIENT_SECRET= JUPYTERHUB_SPAWNER=dockerspawner JUPYTERHUB_API_PROTOCOL=http JUPYTERHUB_API_HOSTNAME=jupyterhub JUPYTERHUB_PROXY_PORT=8000 JUPYTERHUB_API_PORT=8001 JUPYTERHUB_APP_PORT=8081 # JUPYTERHUB_CUSTOM_CA_CERTS=${PWD}/ssl/deb_cacerts/ JUPYTERHUB_DOCKER_DISABLE_NOTEBOOK_IMAGE_PULL_AT_STARTUP=False # ############################################ # # Jupyter Notebook # # ############################################ JUPYTERHUB_NOTEBOOK_VERSION=10.2.0 JUPYTERHUB_NOTEBOOK_SSO_NB_UID_KEY=X_NB_UID JUPYTERHUB_NOTEBOOK_SSO_NB_GID_KEY=X_NB_GID JUPYTERHUB_NOTEBOOK_SSO_CUSTOM_BIND_MOUNTS_KEY=X_NB_CUSTOM_BIND_MOUNTS # Content should be in json format, use quotes here instead of apostrophes # JUPYTERHUB_NOTEBOOK_CUSTOM_BIND_MOUNTS={"/usr/share/doc/apt":"/tmp/apt","/usr/share/doc/mount/":"/tmp/mount"} JUPYTERHUB_NOTEBOOK_CUSTOM_BIND_MOUNTS= JUPYTERHUB_NOTEBOOK_CPU_LIMIT=100 # Docker JUPYTERHUB_NOTEBOOK_MEM_LIMIT=2g #k8s # JUPYTERHUB_NOTEBOOK_MEM_LIMIT=2G JUPYTERHUB_NOTEBOOK_SHARED_ENV_VOLUME_NAME_DOCKERSPAWNER=coding-shared-vol # kubespawner # JUPYTERHUB_NOTEBOOK_KUBERNETES_CMD: '/entrypoint.sh' # JUPYTERHUB_NOTEBOOK_KUBERNETES_ARGS: '' # JUPYTERHUB_NOTEBOOK_KUBERNETES_NAMESPACE=rapidminer # JUPYTERHUB_NOTEBOOK_KUBERNETES_NODE_SELECTOR_NAME: 'rapidminer.node' # JUPYTERHUB_NOTEBOOK_KUBERNETES_NODE_SELECTOR_VALUE: 'notebook' # JUPYTERHUB_NOTEBOOK_HOME_KUBERNETES_STORAGE_ACCESS_MODE=ReadWriteOnce # JUPYTERHUB_NOTEBOOK_HOME_KUBERNETES_STORAGE_CAPACITY=5Gi # JUPYTERHUB_NOTEBOOK_HOME_KUBERNETES_STORAGE_CLASS=ms-ebs-us-west-2b # JUPYTERHUB_NOTEBOOK_IMAGE_PULL_SECRET=rm-docker-login-secret # JUPYTERHUB_NOTEBOOK_SHARED_ENV_VOLUME_NAME_KUBESPAWNER=python-envs-pvc # JUPYTERHUB_NOTEBOOK_SHARED_ENV_VOLUME_SUBPATH_KUBESPAWNER=coding-shared # ############################################ # # Platform admin # # ############################################ PLATFORM_ADMIN_VERSION=10.2.0 PLATFORM_ADMIN_SSO_CLIENT_ID=platform-admin PLATFORM_ADMIN_SSO_CLIENT_SECRET= PLATFORM_ADMIN_DISABLE_PYTHON=false PLATFORM_ADMIN_DISABLE_RTS=false # ############################################ # # Coding Environment Storage # # ############################################ CES_VERSION=10.2.0 DISABLE_DEFAULT_CHANNELS=False # ############################################ # # Real-Time Scoring Agent # # ############################################ SCORING_AGENT_VERSION=10.1.3 # WebApi WEBAPI_GATEWAY_VERSION=10.2.0 REACT_APP_WEBAPI_GATEWAY_URL=http://webapi-gateway:8099 #WEBAPI_REGISTRY_HOST=platform.rapidminer.com #WEBAPI_REGISTRY_HOST=aihub-backend WEBAPIAGENT_OPTS="-Xmx2g" WEBAPI_REGISTRY_PROTOCOL=http #WEBAPI_REGISTRY_PORT=80 #WEBAPI_REGISTRY_PORT=8099 WEBAPI_REGISTRY_USERNAME=foobar WEBAPI_REGISTRY_PASSWORD=secret WEBAPI_AIHUB_CONNECTION_PROTOCOL=http WEBAPI_AIHUB_CONNECTION_HOST=aihub-backend WEBAPI_AIHUB_CONNECTION_PORT=8080 WEBAPI_AGENT_VERSION=10.2.0 WEBAPI_GROUP_NAME=DEFAULT WAIT_FOR_LICENSES=1 SCORING_AGENT_ENABLE_SERVER_LICENSE=true SCORING_AGENT_SPRING_PROFILES_ACTIVE=webapi SCORING_AGENT_SSO_CLIENT_ID=aihub-scoringagent SCORING_AGENT_SSO_CLIENT_SECRET= WEBAPI_AGENT_SSO_CLIENT_ID=aihub-webapiagent WEBAPI_AGENT_SSO_CLIENT_SECRET= # Supported modes are 'ALTAIR_UNIT', 'RAPIDMINER' and 'ALTAIR_STANDALONE' # Uncomment this to use 'SCORING_AGENT_LICENSE_MODE' in Scoring Agent instead of LICENSE_MODE variable declared above # SCORING_AGENT_LICENSE_MODE=ALTAIR_STANDALONE SCORING_AGENT_RAPIDMINER_LOAD_USER_CERTIFICATES=true # ############################################ # # Grafana # # ############################################ # Official grafana image from: https://hub.docker.com/r/grafana/grafana/ OFFICIAL_GRAFANA_IMAGE=grafana/grafana:10.0.3-ubuntu # Image tag used by grafana-proxy and grafana-init GRAFANA_UTILS_VERSION=10.2.0 GF_AUTH_GENERIC_OAUTH_SCOPES=email,openid # # Grafana Proxy # # Possible values: NOTSET, DEBUG, INFO, WARNING, ERROR, CRITICAL GRAFANA_PROXY_LOGGING_LEVEL=INFO # Comma spearated list of Scoring Agent URLs (http://scoring-agent-1:8090,https://scoring-agent-2:8888) GRAFANA_SCORING_AGENT_BACKENDS=http://scoring-agent:8090/ # Set this to 'True' to log data (eg. result from webservice) returned from GF proxy GRAFANA_PROXY_LOG_RESPONSE_DATA=False # ############################################ # # Grafana Direct (these values injected directly to Grafana) # # ############################################ GF_AUTH_GENERIC_OAUTH_AUTH_URL= GF_AUTH_GENERIC_OAUTH_TOKEN_URL= GF_AUTH_GENERIC_OAUTH_API_URL= GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET= GF_AUTH_SIGNOUT_REDIRECT_URL= GF_SERVER_ROOT_URL= # ############################################ # # LetsEncrypt Client # # ############################################ LETSENCRYPT_VERSION=10.2.0 # ############################################ # # Docker Deployment Manager # # ############################################ DDM_VERSION=10.2.0 # ############################################ # # Landing page # # ############################################ LANDING_PAGE_VERSION=10.2.0 LANDING_PAGE_SSO_CLIENT_ID=landing-page LANDING_PAGE_SSO_CLIENT_SECRET= LANDING_PAGE_DEBUG=false # ############################################ # # Token Tool # # ############################################ TOKEN_TOOL_SSO_CLIENT_ID=token-tool TOKEN_TOOL_SSO_CLIENT_SECRET= TOKEN_TOOL_DEBUG=false # ############################################ # # Service overrides # - true/false - false means automatic detection # # ############################################ DEPLOYED_GRAFANA=false DEPLOYED_JUPYTERHUB=false DEPLOYED_LANDINGPAGE=false DEPLOYED_PLATFORMADMIN=false DEPLOYED_SERVER=false DEPLOYED_TOKENTOOL=false DEPLOYED_PANOPTICON=false # ############################################ # # Panopticon # # ############################################ PANOPTICON_VIZAPP_VERSION=10.2.0 PANOPTICON_VIZAPP_PYTHON_VERSION=10.2.0 PANOPTICON_MONETDB_IMAGE_VERSION=10.2.0 PANOPTICON_RSERVE_IMAGE_VERSION=10.2.0 PANOPTICON_SSO_CLIENT_ID=panopticon PANOPTICON_SSO_CLIENT_SECRET= # If set to false, platform license will be used as pano licensing. # If set to true, set your panopticon licensing in the 'Panopticon_overide.properties' and 'Panopticon_overide.properties.template' files. PANOPTICON_DETACHED_LICENSE=false PANOPTICON_MONETDB_ADMIN_PASS=changeit PANOPTICON_CATALINA_OPTS='-Xms900m -Xmx1900m' PANOPTICON_LMX_USE_EPOLL='1'
The definition file (docker-compose.yml)
Notice that you can link directly to any of the services in the docker-compose file using the service name as an ID, for example #aihub-job-agent. You can also link to the #volumes and #networks.
- #proxy
- #letsencrypt
- #keycloak-db
- #keycloak
- #deployment-init
- #license-proxy
- #aihub-postgresql
- #aihub-frontend
- #aihub-activemq
- #aihub-backend
- #aihub-job-agent
- #platform-admin
- #webapi-gateway
- #webapi-agent-1
- #webapi-agent-2
- #scoring-agent
- #jupyterhub-db
- #jupyterhub
- #coding-environment-storage
- #grafana-init
- #grafana
- #grafana-proxy
- #landing-page
- #token-tool
- #panopticon-vizapp
- #panopticon-vizapp-python
- #panopticon-monetdb
- #panopticon-rserve
- #volumes
- #networks
services:
proxy:
image: "${REGISTRY}rapidminer-proxy:${PROXY_VERSION}"
hostname: proxy
restart: always
environment:
- PLATFORM_ADMIN_ENVIRONMENT_EXPORT_AUTH_BASIC_USER=${PLATFORM_ADMIN_ENVIRONMENT_EXPORT_AUTH_BASIC_USER}
- PLATFORM_ADMIN_ENVIRONMENT_EXPORT_AUTH_BASIC_PASSWORD=${PLATFORM_ADMIN_ENVIRONMENT_EXPORT_AUTH_BASIC_PASSWORD}
- UNPRIVILEGED_PORTS=${UNPRIVILEGED_PORTS}
- PROXY_DATA_UPLOAD_LIMIT=${PROXY_DATA_UPLOAD_LIMIT}
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
- PUBLIC_URL=${PUBLIC_URL}
- SSO_IDP_REALM=${SSO_IDP_REALM}
# Backends
- AIHUB_BACKEND=${AIHUB_BACKEND}
- AIHUB_FRONTEND=${AIHUB_FRONTEND}
- GRAFANA_BACKEND=${GRAFANA_BACKEND}
- JUPYTERHUB_BACKEND=${JUPYTERHUB_BACKEND}
- KEYCLOAK_BACKEND=${KEYCLOAK_BACKEND}
- KIBANA_BACKEND=${KIBANA_BACKEND}
- LANDING_BACKEND=${LANDING_BACKEND}
- LETSENCRYPT_BACKEND=${LETSENCRYPT_BACKEND}
- METRICS_BACKEND=${METRICS_BACKEND}
- PLATFORM_ADMIN_BACKEND=${PLATFORM_ADMIN_BACKEND}
- SCORING_AGENT_BACKEND=${SCORING_AGENT_BACKEND}
- SCORING_AGENT_WEBUI_BACKEND=${SCORING_AGENT_WEBUI_BACKEND}
- STANDPY_BACKEND=${STANDPY_BACKEND}
- TOKEN_BACKEND=${TOKEN_BACKEND}
- PANOPTICON_BACKEND=${PANOPTICON_BACKEND}
# Backend suffixes
- GRAFANA_URL_SUFFIX=${GRAFANA_URL_SUFFIX}
- JUPYTERHUB_URL_SUFFIX=${JUPYTERHUB_URL_SUFFIX}
- KIBANA_URL_SUFFIX=${KIBANA_URL_SUFFIX}
- METRICS_URL_SUFFIX=${METRICS_URL_SUFFIX}
- PLATFORM_ADMIN_URL_SUFFIX=${PLATFORM_ADMIN_URL_SUFFIX}
- SCORING_AGENT_URL_SUFFIX=${SCORING_AGENT_URL_SUFFIX}
- SCORING_AGENT_WEBUI_URL_SUFFIX=${SCORING_AGENT_WEBUI_URL_SUFFIX}
- STANDPY_URL_SUFFIX=${STANDPY_URL_SUFFIX}
- TOKEN_TOOL_URL_SUFFIX=${TOKEN_TOOL_URL_SUFFIX}
# Default Basic Auth Accesses
- METRICS_AUTH_BASIC_USER=${METRICS_AUTH_BASIC_USER}
- METRICS_AUTH_BASIC_PASS=${METRICS_AUTH_BASIC_PASS}
- SCORING_AGENT_BASIC_AUTH=${SCORING_AGENT_BASIC_AUTH}
- SCORING_AGENT_ADMIN_USER=${SCORING_AGENT_ADMIN_USER}
- SCORING_AGENT_ADMIN_PASSWORD=${SCORING_AGENT_ADMIN_PASSWORD}
# HTTPS settings
- ALLOW_LETSENCRYPT=${ALLOW_LETSENCRYPT}
- HTTPS_CRT_PATH=${HTTPS_CRT_PATH}
- HTTPS_KEY_PATH=${HTTPS_KEY_PATH}
- HTTPS_KEY_PASSWORD_FILE_PATH=${HTTPS_KEY_PASSWORD_FILE_PATH}
- HTTPS_DH_PATH=${HTTPS_DH_PATH}
- WAIT_FOR_DHPARAM=${WAIT_FOR_DHPARAM}
- DEBUG_CONF_INIT=${DEBUG_CONF_INIT}
ports:
- 0.0.0.0:80:80
- 0.0.0.0:443:443
networks:
panopticon-net:
platform-int-net:
aliases:
- proxy
- ${PUBLIC_DOMAIN}
jupyterhub-user-net:
aliases:
- ${PUBLIC_DOMAIN}
volumes:
- ./ssl:/etc/nginx/ssl
- platform-admin-uploaded-vol:/rapidminer/platform-admin/uploaded/
profiles:
- proxy
- deployment-init
letsencrypt:
image: "${REGISTRY}rm-letsencrypt-client:${LETSENCRYPT_VERSION}"
hostname: letsencrypt
restart: always
environment:
- PUBLIC_URL=${PUBLIC_URL}
- LETSENCRYPT_HOME=/certificates/
- DOMAIN=${PUBLIC_URL}
- WEBMASTER_MAIL=${WEBMASTER_MAIL}
- TZ=${TZ}
networks:
platform-int-net:
aliases:
- letsencrypt
volumes:
- ./ssl:/etc/letsencrypt/
profiles:
- letsencrypt
keycloak-db:
image: "${REGISTRY}postgres-14:${KEYCLOAK_POSTGRES_VERSION}"
restart: always
hostname: keycloak-db
environment:
- POSTGRES_DB=${KEYCLOAK_DBSCHEMA}
- POSTGRES_USER=${KEYCLOAK_DBUSER}
- POSTGRES_PASSWORD=${KEYCLOAK_DBPASS}
- POSTGRES_INITDB_ARGS=${KEYCLOAK_POSTGRES_INITDB_ARGS}
volumes:
- keycloak-db-vol:/var/lib/postgresql/data
networks:
idp-db-net:
aliases:
- keycloak-db
profiles:
- keycloak
- deployment-init
keycloak:
image: "${REGISTRY}rapidminer-keycloak:${KEYCLOAK_VERSION}"
restart: always
hostname: keycloak
environment:
- KC_DB=postgres
- KC_DB_SCHEMA=public
- KC_DB_URL_HOST=keycloak-db
- KC_DB_URL_DATABASE=${KEYCLOAK_DBSCHEMA}
- KC_DB_USERNAME=${KEYCLOAK_DBUSER}
- KC_DB_PASSWORD=${KEYCLOAK_DBPASS}
- KC_FEATURES=${KC_FEATURES}
- KC_HOSTNAME=${PUBLIC_DOMAIN}
- KC_HOSTNAME_PATH=/auth
- KC_HTTP_RELATIVE_PATH=/auth
- KC_HOSTNAME_STRICT_BACKCHANNEL=${KC_HOSTNAME_STRICT_BACKCHANNEL}
- KC_HOSTNAME_STRICT=${KC_HOSTNAME_STRICT}
- KC_HOSTNAME_STRICT_HTTPS=${KC_HOSTNAME_STRICT_HTTPS}
- KEYCLOAK_ADMIN=${KEYCLOAK_USER}
- KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_PASSWORD}
- KC_LOG_LEVEL=${KC_LOG_LEVEL}
- KC_PROXY=${KC_PROXY}
- KC_HTTP_ENABLED=${KC_HTTP_ENABLED}
depends_on:
- keycloak-db
- proxy
networks:
panopticon-net:
platform-int-net:
aliases:
- keycloak
idp-db-net:
aliases:
- keycloak
profiles:
- keycloak
- deployment-init
deployment-init:
image: "${REGISTRY}rapidminer-deployment-init:${INIT_VERSION}"
restart: "no"
hostname: deployment-init
depends_on:
- keycloak
- aihub-postgresql
environment:
- DEBUG=false
- SSO_INTERNAL_URL=${KEYCLOAK_BACKEND}
volumes:
- ./ssl:/tmp/ssl
# Deployment-init reads all variable directly from .env file
- ./.env:/rapidminer/.env
- ./panopticon:/panopticon
- ./docker-compose.yml:/docker-compose.yml:ro
- keycloak-kcadm-vol:/rapidminer/.keycloak/
- deployed-services-vol:/rapidminer/deployed-services/
networks:
platform-int-net:
aliases:
- deployment-init
aihub-db-net:
aliases:
- deployment-init
profiles:
- deployment-init
license-proxy:
image: "${REGISTRY}rapidminer-licenseproxy:${LICENSE_PROXY_VERSION}"
hostname: license-proxy
restart: always
environment:
- KEYCLOAK_AUTH_SERVER_URL=${SSO_PUBLIC_URL}/auth/
- KEYCLOAK_REALM=${SSO_IDP_REALM}
- LICENSE_PROXY_MODE=${LICENSE_PROXY_MODE}
- LICENSE_UNIT_MANAGER_AUTHENTICATION_TYPE=${LICENSE_UNIT_MANAGER_AUTHENTICATION_TYPE}
- LICENSE_UNIT_MANAGER_AUTH_CODE=${LICENSE_UNIT_MANAGER_AUTH_CODE}
- LICENSE_UNIT_MANAGER_USER_NAME=${LICENSE_UNIT_MANAGER_USER_NAME}
- LICENSE_UNIT_MANAGER_PASSWORD=${LICENSE_UNIT_MANAGER_PASSWORD}
- LICENSE_UNIT_MANAGER_RESET_AUTH_TOKEN=${LICENSE_UNIT_MANAGER_RESET_AUTH_TOKEN}
- LICENSE_UNIT_MANAGER_TOKEN=${LICENSE_UNIT_MANAGER_TOKEN}
# - DEBUG=true
- TZ=${TZ}
- ALTAIR_LICENSE_PATH=${ALTAIR_LICENSE_PATH}
volumes:
- license-proxy-vol:/license-proxy/home
depends_on:
- keycloak
networks:
platform-int-net:
aliases:
- license-proxy
profiles:
- altair-license
aihub-postgresql:
image: "${REGISTRY}postgres-14:${AIHUB_POSTGRES_VERSION}"
hostname: aihub-postgresql
restart: always
environment:
- POSTGRES_DB=${AIHUB_DBSCHEMA}
- POSTGRES_USER=${AIHUB_DBUSER}
- POSTGRES_PASSWORD=${AIHUB_DBPASS}
- POSTGRES_INITDB_ARGS=${AIHUB_POSTGRES_INITDB_ARGS}
volumes:
- aihub-db-vol:/var/lib/postgresql/data
networks:
aihub-db-net:
aliases:
- aihub-postgresql
profiles:
- aihub-backend
- deployment-init
aihub-frontend:
image: ${REGISTRY}rapidminer-aihub-ui:${AIHUB_FRONTEND_VERSION}
hostname: aihub-frontend
restart: always
environment:
- REACT_APP_API_URL=${PUBLIC_URL}/api/v1/
- REACT_APP_KEYCLOAK_BASE_URL=${SSO_PUBLIC_URL}/auth
- REACT_APP_KEYCLOAK_REALM=${SSO_IDP_REALM}
- REACT_APP_KEYCLOAK_CLIENT_ID=${AIHUB_FRONTEND_SSO_CLIENT_ID}
- REACT_APP_KEYCLOAK_ON_LOAD=login-required
- REACT_APP_KEYCLOAK_SSL_REQUIRED=${SSO_SSL_REQUIRED}
- REACT_APP_WEBAPI_GATEWAY_URL=${PUBLIC_URL}/webapi
- REACT_APP_GATEWAY=${PUBLIC_URL}/webapi
depends_on:
- proxy
- aihub-backend
- keycloak
networks:
platform-int-net:
aliases:
- aihub-frontend
profiles:
- aihub-frontend
aihub-activemq:
image: ${REGISTRY}rapidminer-activemq-artemis:${ACTIVEMQ_VERSION}
hostname: aihub-activemq
restart: always
environment:
- BROKER_ACTIVEMQ_HOST=aihub-activemq
- BROKER_ACTIVEMQ_PORT=61616
- BROKER_ACTIVEMQ_USERNAME=${BROKER_ACTIVEMQ_USERNAME}
- BROKER_ACTIVEMQ_PASSWORD=${BROKER_ACTIVEMQ_PASSWORD}
- ARTEMIS_USERNAME=${BROKER_ACTIVEMQ_USERNAME}
- ARTEMIS_PASSWORD=${BROKER_ACTIVEMQ_PASSWORD}
networks:
platform-int-net:
aliases:
- aihub-activemq
profiles:
- aihub-activemq
volumes:
- activemq-artemis-vol:/var/lib/artemis/data
aihub-backend:
image: ${REGISTRY}rapidminer-aihub:${AIHUB_BACKEND_VERSION}
hostname: aihub-backend
restart: always
environment:
#- LOGGING_LEVEL_COM_RAPIDMINER=DEBUG
- SERVER_FORWARD_HEADERS_STRATEGY=framework
- DB_HOST=${AIHUB_DBHOST}
- DB_PORT=5432
- DB_NAME=${AIHUB_DBSCHEMA}
- DB_USER=${AIHUB_DBUSER}
- DB_PASSWORD=${AIHUB_DBPASS}
- KEYCLOAK_REALM=${SSO_IDP_REALM}
- AUTH_REALM=${SSO_IDP_REALM}
- KEYCLOAK_AUTH_SERVER_URL=${SSO_PUBLIC_URL}/auth/
- KEYCLOAK_RESOURCE=${AIHUB_BACKEND_SSO_CLIENT_ID}
- KEYCLOAK_SSL_REQUIRED=${SSO_SSL_REQUIRED}
# Here AIHUB_CONNECTION_PROTOCOL, AIHUB_CONNECTION_HOST and AIHUB_CONNECTION_PORT shall be the public facing ones
- AIHUB_CONNECTION_PROTOCOL=${PUBLIC_PROTOCOL}
- AIHUB_CONNECTION_HOST=${PUBLIC_DOMAIN}
- AIHUB_CONNECTION_PORT=${PUBLIC_PORT}
- AUTH_SERVICE_CLIENT_ID=${AIHUB_BACKEND_SSO_CLIENT_ID}
- AUTH_SERVICE_CLIENT_SECRET=${AIHUB_BACKEND_SSO_CLIENT_SECRET}
- WEBAPI_REGISTRY_USERNAME=${WEBAPI_REGISTRY_USERNAME}
- WEBAPI_REGISTRY_PASSWORD=${WEBAPI_REGISTRY_PASSWORD}
- BROKER_ACTIVEMQ_HOST=aihub-activemq
- BROKER_ACTIVEMQ_PORT=61616
- BROKER_ACTIVEMQ_USERNAME=${BROKER_ACTIVEMQ_USERNAME}
- BROKER_ACTIVEMQ_PASSWORD=${BROKER_ACTIVEMQ_PASSWORD}
- LICENSE_MODE=${LICENSE_MODE}
# RapidMiner licensing
- LICENSE_LICENSE=${LICENSE}
# Altair Unit Licensing
- LICENSE_AGENT_PROXY_URL=${LICENSE_PROXY_INTERNAL_URL}
- LICENSE_AGENT_MACHINE_ID=${LICENSE_AGENT_MACHINE_ID}
- RAPIDMINER_LOAD_USER_CERTIFICATES=${RAPIDMINER_LOAD_USER_CERTIFICATES}
volumes:
- aihub-home-vol:/aihub/home
depends_on:
- aihub-postgresql
- aihub-activemq
- license-proxy
networks:
jupyterhub-user-net:
aliases:
- aihub-backend
platform-int-net:
aliases:
- aihub-backend
aihub-db-net:
aliases:
- aihub-backend
profiles:
- aihub-backend
aihub-job-agent:
image: ${REGISTRY}rapidminer-jobagent:${JOBAGENT_VERSION}
hostname: aihub-job-agent
restart: always
environment:
#- LOGGING_LEVEL_COM_RAPIDMINER=DEBUG
- JOBAGENT_NAME=${JOBAGENT_NAME}
- JOBAGENT_AUTH_AUTH_SERVER_URL=${SSO_PUBLIC_URL}/auth
- JOBAGENT_AUTH_REALM=${SSO_IDP_REALM}
- JOBAGENT_AUTH_SERVICE_CLIENT_ID=${JOBAGENT_SSO_CLIENT_ID}
- JOBAGENT_AUTH_SERVICE_CLIENT_SECRET=${JOBAGENT_SSO_CLIENT_SECRET}
- JOBAGENT_QUEUE_ACTIVEMQ_USERNAME=${BROKER_ACTIVEMQ_USERNAME}
- JOBAGENT_QUEUE_ACTIVEMQ_PASSWORD=${BROKER_ACTIVEMQ_PASSWORD}
- BROKER_ACTIVEMQ_HOST=aihub-activemq
- BROKER_ACTIVEMQ_PORT=61616
- BROKER_ACTIVEMQ_USERNAME=${BROKER_ACTIVEMQ_USERNAME}
- BROKER_ACTIVEMQ_PASSWORD=${BROKER_ACTIVEMQ_PASSWORD}
- AIHUB_CONNECTION_PROTOCOL=http
- AIHUB_CONNECTION_HOST=aihub-backend
- AIHUB_CONNECTION_PORT=8080
- JOBAGENT_CONTAINER_COUNT=${JOBAGENT_CONTAINER_COUNT}
- JOBAGENT_QUEUE_JOB_REQUEST=${JOBAGENT_QUEUE_JOB_REQUEST}
- JOBAGENT_CONTAINER_MEMORYLIMIT=${JOBAGENT_CONTAINER_MEMORYLIMIT}
- INIT_SHARED_CONDA_SETTINGS=${INIT_SHARED_CONDA_SETTINGS}
- TZ=${TZ}
- LICENSE_MODE=${LICENSE_MODE}
# Altair Unit Licensing
- JOBAGENT_LICENSE_AGENT_PROXY_URL=${LICENSE_PROXY_INTERNAL_URL}
- JOBAGENT_LICENSE_AGENT_MACHINE_ID=${LICENSE_AGENT_MACHINE_ID}
- JOBAGENT_CONTAINER_LOAD_USER_CERTIFICATES=${JOBAGENT_CONTAINER_LOAD_USER_CERTIFICATES}
volumes:
- coding-shared-vol:/opt/coding-shared/:ro
- job-agent-vol:/jobagent/home
depends_on:
- aihub-backend
- aihub-activemq
- license-proxy
networks:
platform-int-net:
aliases:
- aihub-job-agent
profiles:
- aihub-job-agent
platform-admin:
image: "${REGISTRY}rapidminer-platform-admin-webui:${PLATFORM_ADMIN_VERSION}"
hostname: platform-admin
restart: always
environment:
- PLATFORM_ADMIN_URL_SUFFIX=${PLATFORM_ADMIN_URL_SUFFIX}
- PLATFORM_ADMIN_DATA_UPLOAD_LIMIT=${PROXY_DATA_UPLOAD_LIMIT}
- SCORING_AGENT_URL_SUFFIX=${SCORING_AGENT_URL_SUFFIX}
- SCORING_AGENT_BACKEND=${SCORING_AGENT_BACKEND}
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
- SSO_IDP_REALM=${SSO_IDP_REALM}
- SSO_CLIENT_ID=${PLATFORM_ADMIN_SSO_CLIENT_ID}
- SSO_CLIENT_SECRET=${PLATFORM_ADMIN_SSO_CLIENT_SECRET}
- PLATFORM_ADMIN_DISABLE_PYTHON=${PLATFORM_ADMIN_DISABLE_PYTHON}
- PLATFORM_ADMIN_DISABLE_RTS=${PLATFORM_ADMIN_DISABLE_RTS}
- DEBUG=false
- CES_VERSION=${CES_VERSION}
volumes:
- platform-admin-uploaded-vol:/var/www/html/uploaded/
networks:
jupyterhub-user-net:
aliases:
- platform-admin
platform-int-net:
aliases:
- platform-admin
coding-environment-storage-net:
aliases:
- platform-admin
profiles:
- platform-admin
webapi-gateway:
image: ${REGISTRY}rapidminer-webapi-gateway:${WEBAPI_GATEWAY_VERSION}
hostname: webapi-gateway
container_name: webapi-gateway
restart: always
environment:
- WEBAPI_REGISTRY_HOST=${PUBLIC_DOMAIN}
- WEBAPI_REGISTRY_PROTOCOL=${PUBLIC_PROTOCOL}
- WEBAPI_REGISTRY_PORT=${PUBLIC_PORT}
- WEBAPI_REGISTRY_USERNAME=${WEBAPI_REGISTRY_USERNAME}
- WEBAPI_REGISTRY_PASSWORD=${WEBAPI_REGISTRY_PASSWORD}
depends_on:
- license-proxy
- aihub-backend
networks:
panopticon-net:
platform-int-net:
aliases:
- aihub-webapi-gateway
webapi-agent-1:
image: ${REGISTRY}rapidminer-scoringagent:${WEBAPI_AGENT_VERSION}
hostname: webapi-agent-1
container_name: webapi-agent-1
restart: always
environment:
- TZ=${TZ}
- CES_VERSION=${CES_VERSION}
- INIT_SHARED_CONDA_SETTINGS=true
- SPRING_PROFILES_ACTIVE=${SCORING_AGENT_SPRING_PROFILES_ACTIVE}
- SCORING_AGENT_MAX_UPLOAD_SIZE=${PROXY_DATA_UPLOAD_LIMIT}
- RAPIDMINER_SCORING_AGENT_OPTS=${WEBAPIAGENT_OPTS}
#- LOGGING_LEVEL_ROOT=DEBUG
- SCORING_AGENT_AUTH_REALM=${SSO_IDP_REALM}
- SCORING_AGENT_AUTH_AUTH_SERVER_URL=${SSO_PUBLIC_URL}/auth
- SCORING_AGENT_AUTH_SERVICE_CLIENT_ID=${WEBAPI_AGENT_SSO_CLIENT_ID}
- SCORING_AGENT_AUTH_SERVICE_CLIENT_SECRET=${WEBAPI_AGENT_SSO_CLIENT_SECRET}
- LICENSE_MODE=${SCORING_AGENT_LICENSE_MODE:-$LICENSE_MODE}
# RapidMiner licensing
- WAIT_FOR_LICENSES=${WAIT_FOR_LICENSES}
- SCORING_AGENT_ENABLE_SERVER_LICENSE=${SCORING_AGENT_ENABLE_SERVER_LICENSE}
- LICENSE_LICENSE=${LICENSE}
# Altair Unit Licensing
- SCORING_AGENT_LICENSE_AGENT_PROXY_URL=${LICENSE_PROXY_INTERNAL_URL}
- SCORING_AGENT_LICENSE_AGENT_MACHINE_ID=${LICENSE_AGENT_MACHINE_ID}
- SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=${SSO_PUBLIC_URL}/auth/realms/${SSO_IDP_REALM}
- WEBAPI_REGISTRY_HOST=${PUBLIC_DOMAIN}
- WEBAPI_REGISTRY_PROTOCOL=${WEBAPI_REGISTRY_PROTOCOL}
- WEBAPI_REGISTRY_PORT=${PUBLIC_PORT}
- WEBAPI_REGISTRY_USERNAME=${WEBAPI_REGISTRY_USERNAME}
- WEBAPI_REGISTRY_PASSWORD=${WEBAPI_REGISTRY_PASSWORD}
- AIHUB_CONNECTION_PROTOCOL=${WEBAPI_AIHUB_CONNECTION_PROTOCOL}
- AIHUB_CONNECTION_HOST=${WEBAPI_AIHUB_CONNECTION_HOST}
- AIHUB_CONNECTION_PORT=${WEBAPI_AIHUB_CONNECTION_PORT}
- EUREKA_INSTANCE_HOSTNAME=webapi-agent-1
- EUREKA_INSTANCE_PREFER_IP_ADDRESS=false
- SCORING_AGENT_RAPIDMINER_LOAD_USER_CERTIFICATES=${SCORING_AGENT_RAPIDMINER_LOAD_USER_CERTIFICATES}
networks:
panopticon-net:
platform-int-net:
aliases:
- aihub-webapi-agent-1
volumes:
# Uncomment the below line to specify the Altair license file for Scoring Agent in case of LICENSE_MODE=ALTAIR_STANDALONE
# - ${PWD}/altair_standalone.dat:/scoring-agent/home/resources/licenses/altair_standalone.dat
- webapi-agent-1:/scoring-agent/home
- coding-shared-vol:/opt/coding-shared/:ro
depends_on:
- webapi-gateway
- license-proxy
webapi-agent-2:
image: ${REGISTRY}rapidminer-scoringagent:${WEBAPI_AGENT_VERSION}
hostname: webapi-agent-2
container_name: webapi-agent-2
restart: always
environment:
- TZ=${TZ}
- CES_VERSION=${CES_VERSION}
- INIT_SHARED_CONDA_SETTINGS=true
- SPRING_PROFILES_ACTIVE=${SCORING_AGENT_SPRING_PROFILES_ACTIVE}
- SCORING_AGENT_MAX_UPLOAD_SIZE=${PROXY_DATA_UPLOAD_LIMIT}
- RAPIDMINER_SCORING_AGENT_OPTS=${WEBAPIAGENT_OPTS}
#- LOGGING_LEVEL_ROOT=DEBUG
- SCORING_AGENT_AUTH_REALM=${SSO_IDP_REALM}
- SCORING_AGENT_AUTH_AUTH_SERVER_URL=${SSO_PUBLIC_URL}/auth
- SCORING_AGENT_AUTH_SERVICE_CLIENT_ID=${WEBAPI_AGENT_SSO_CLIENT_ID}
- SCORING_AGENT_AUTH_SERVICE_CLIENT_SECRET=${WEBAPI_AGENT_SSO_CLIENT_SECRET}
- LICENSE_MODE=${SCORING_AGENT_LICENSE_MODE:-$LICENSE_MODE}
# RapidMiner licensing
- WAIT_FOR_LICENSES=${WAIT_FOR_LICENSES}
- SCORING_AGENT_ENABLE_SERVER_LICENSE=${SCORING_AGENT_ENABLE_SERVER_LICENSE}
- LICENSE_LICENSE=${LICENSE}
# Altair Unit Licensing
- SCORING_AGENT_LICENSE_AGENT_PROXY_URL=${LICENSE_PROXY_INTERNAL_URL}
- SCORING_AGENT_LICENSE_AGENT_MACHINE_ID=${LICENSE_AGENT_MACHINE_ID}
- SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=${SSO_PUBLIC_URL}/auth/realms/${SSO_IDP_REALM}
- WEBAPI_REGISTRY_HOST=${PUBLIC_DOMAIN}
- WEBAPI_REGISTRY_PROTOCOL=${WEBAPI_REGISTRY_PROTOCOL}
- WEBAPI_REGISTRY_PORT=${PUBLIC_PORT}
- WEBAPI_REGISTRY_USERNAME=${WEBAPI_REGISTRY_USERNAME}
- WEBAPI_REGISTRY_PASSWORD=${WEBAPI_REGISTRY_PASSWORD}
- AIHUB_CONNECTION_PROTOCOL=${WEBAPI_AIHUB_CONNECTION_PROTOCOL}
- AIHUB_CONNECTION_HOST=${WEBAPI_AIHUB_CONNECTION_HOST}
- AIHUB_CONNECTION_PORT=${WEBAPI_AIHUB_CONNECTION_PORT}
- EUREKA_INSTANCE_HOSTNAME=webapi-agent-2
- EUREKA_INSTANCE_PREFER_IP_ADDRESS=false
- SCORING_AGENT_RAPIDMINER_LOAD_USER_CERTIFICATES=${SCORING_AGENT_RAPIDMINER_LOAD_USER_CERTIFICATES}
networks:
panopticon-net:
platform-int-net:
aliases:
- aihub-webapi-agent-2
volumes:
- webapi-agent-2:/scoring-agent/home
- coding-shared-vol:/opt/coding-shared/:ro
depends_on:
- webapi-gateway
- license-proxy
scoring-agent:
image: "${REGISTRY}rapidminer-scoringagent:${SCORING_AGENT_VERSION}"
hostname: scoring-agent
restart: always
environment:
- TZ=${TZ}
- CES_VERSION=${CES_VERSION}
- INIT_SHARED_CONDA_SETTINGS=true
- SPRING_PROFILES_ACTIVE=${SCORING_AGENT_SPRING_PROFILES_ACTIVE}
- SCORING_AGENT_MAX_UPLOAD_SIZE=${PROXY_DATA_UPLOAD_LIMIT}
# - DEBUG=true
- SCORING_AGENT_AUTH_REALM=${SSO_IDP_REALM}
- SCORING_AGENT_AUTH_AUTH_SERVER_URL=${SSO_PUBLIC_URL}/auth
- SCORING_AGENT_AUTH_SERVICE_CLIENT_ID=${SCORING_AGENT_SSO_CLIENT_ID}
- SCORING_AGENT_AUTH_SERVICE_CLIENT_SECRET=${SCORING_AGENT_SSO_CLIENT_SECRET}
- LICENSE_MODE=${SCORING_AGENT_LICENSE_MODE:-$LICENSE_MODE}
# RapidMiner licensing
- WAIT_FOR_LICENSES=${WAIT_FOR_LICENSES}
- SCORING_AGENT_ENABLE_SERVER_LICENSE=${SCORING_AGENT_ENABLE_SERVER_LICENSE}
- LICENSE_LICENSE=${LICENSE}
# Altair Unit Licensing
- SCORING_AGENT_LICENSE_AGENT_PROXY_URL=${LICENSE_PROXY_INTERNAL_URL}
- SCORING_AGENT_LICENSE_AGENT_MACHINE_ID=${LICENSE_AGENT_MACHINE_ID}
- SCORING_AGENT_RAPIDMINER_LOAD_USER_CERTIFICATES=${SCORING_AGENT_RAPIDMINER_LOAD_USER_CERTIFICATES}
volumes:
# Uncomment the below line to specify the Altair license file for Scoring Agent in case of LICENSE_MODE=ALTAIR_STANDALONE
# - ${PWD}/altair_standalone.dat:/scoring-agent/home/resources/licenses/altair_standalone.dat
- coding-shared-vol:/opt/coding-shared/:ro
- scoring-agent-vol:/scoring-agent/home
depends_on:
# In case of LICENSE_MODE=ALTAIR_STANDALONE, set mac_address according to the Ethernet address of the docker host.
# It shall match the MAC address in your license.
# mac_address: 00:00:00:00:00:00
- license-proxy
networks:
platform-int-net:
aliases:
- scoring-agent
profiles:
- scoring-agent
jupyterhub-db:
image: ${REGISTRY}rapidminer-jupyterhub-postgres:${JUPYTERHUB_VERSION}
hostname: jupyterhub-db
restart: always
environment:
- POSTGRESQL_DATABASE=${JUPYTERHUB_DBSCHEMA}
- POSTGRESQL_USER=${JUPYTERHUB_DBUSER}
- POSTGRESQL_PASSWORD=${JUPYTERHUB_DBPASS}
- POSTGRES_INITDB_ARGS=${JUPYTERHUB_POSTGRES_INITDB_ARGS}
volumes:
- jupyterhub-db-vol:/var/lib/postgresql/data
networks:
jupyterhub-user-net:
aliases:
- jupyterhub-db
profiles:
- jupyter
jupyterhub:
image: "${REGISTRY}rapidminer-jupyterhub-jupyterhub:${JUPYTERHUB_VERSION}"
hostname: jupyterhub
restart: always
environment:
- JUPYTERHUB_VERSION=${JUPYTERHUB_VERSION}
- AIHUB_BACKEND=${AIHUB_BACKEND}
- JUPYTERHUB_DBHOST=${JUPYTERHUB_DBHOST}
- JUPYTERHUB_DBSCHEMA=${JUPYTERHUB_DBSCHEMA}
- JUPYTERHUB_DBUSER=${JUPYTERHUB_DBUSER}
- JUPYTERHUB_DBPASS=${JUPYTERHUB_DBPASS}
- JUPYTERHUB_HOSTNAME=${JUPYTERHUB_HOSTNAME}
- JUPYTERHUB_CRYPT_KEY=${JUPYTERHUB_CRYPT_KEY}
- JUPYTERHUB_DEBUG=${JUPYTERHUB_DEBUG}
- JUPYTERHUB_TOKEN_DEBUG=${JUPYTERHUB_TOKEN_DEBUG}
- JUPYTERHUB_PROXY_DEBUG=${JUPYTERHUB_PROXY_DEBUG}
- JUPYTERHUB_DB_DEBUG=${JUPYTERHUB_DB_DEBUG}
- JUPYTERHUB_SPAWNER_DEBUG=${JUPYTERHUB_SPAWNER_DEBUG}
- JUPYTERHUB_STACK_NAME=${JUPYTERHUB_STACK_NAME}
- PUBLIC_URL=${PUBLIC_URL}
- JUPYTERHUB_URL_SUFFIX=${JUPYTERHUB_URL_SUFFIX}
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
- SSO_IDP_REALM=${SSO_IDP_REALM}
- SSO_CLIENT_ID=${JUPYTERHUB_SSO_CLIENT_ID}
- SSO_CLIENT_SECRET=${JUPYTERHUB_SSO_CLIENT_SECRET}
- JUPYTERHUB_SPAWNER=${JUPYTERHUB_SPAWNER}
- JUPYTERHUB_API_PROTOCOL=${JUPYTERHUB_API_PROTOCOL}
- JUPYTERHUB_API_HOSTNAME=${JUPYTERHUB_API_HOSTNAME}
- JUPYTERHUB_PROXY_PORT=${JUPYTERHUB_PROXY_PORT}
- JUPYTERHUB_API_PORT=${JUPYTERHUB_API_PORT}
- JUPYTERHUB_APP_PORT=${JUPYTERHUB_APP_PORT}
# - JUPYTERHUB_CUSTOM_CA_CERTS=${JUPYTERHUB_CUSTOM_CA_CERTS}
- JUPYTERHUB_DOCKER_DISABLE_NOTEBOOK_IMAGE_PULL_AT_STARTUP=${JUPYTERHUB_DOCKER_DISABLE_NOTEBOOK_IMAGE_PULL_AT_STARTUP}
- SSO_USERNAME_KEY=preferred_username
- SSO_RESOURCE_ACCESS_KEY=resource_access
- JUPYTERHUB_DEFAULT_ENV_NAME=aihub-${JUPYTERHUB_VERSION}-python
# Notebook
# kubespawner
# - JUPYTERHUB_NOTEBOOK_KUBERNETES_NAMESPACE=${JUPYTERHUB_NOTEBOOK_KUBERNETES_NAMESPACE}
# - JUPYTERHUB_NOTEBOOK_KUBERNETES_NODE_SELECTOR_NAME=${JUPYTERHUB_NOTEBOOK_KUBERNETES_NODE_SELECTOR_NAME}
# - JUPYTERHUB_NOTEBOOK_KUBERNETES_NODE_SELECTOR_VALUE=${JUPYTERHUB_NOTEBOOK_KUBERNETES_NODE_SELECTOR_VALUE}
# - JUPYTERHUB_NOTEBOOK_HOME_KUBERNETES_STORAGE_ACCESS_MODE=${JUPYTERHUB_NOTEBOOK_HOME_KUBERNETES_STORAGE_ACCESS_MODE}
# - JUPYTERHUB_NOTEBOOK_HOME_KUBERNETES_STORAGE_CAPACITY=${JUPYTERHUB_NOTEBOOK_HOME_KUBERNETES_STORAGE_CAPACITY}
# - JUPYTERHUB_NOTEBOOK_HOME_KUBERNETES_STORAGE_CLASS=${JUPYTERHUB_NOTEBOOK_HOME_KUBERNETES_STORAGE_CLASS}
# - JUPYTERHUB_NOTEBOOK_IMAGE_PULL_SECRET=${JUPYTERHUB_NOTEBOOK_IMAGE_PULL_SECRET}
# - JUPYTERHUB_NOTEBOOK_SHARED_ENV_VOLUME_NAME_KUBESPAWNER=${JUPYTERHUB_NOTEBOOK_SHARED_ENV_VOLUME_NAME_KUBESPAWNER}
# - JUPYTERHUB_NOTEBOOK_SHARED_ENV_VOLUME_SUBPATH_KUBESPAWNER=${JUPYTERHUB_NOTEBOOK_SHARED_ENV_VOLUME_SUBPATH_KUBESPAWNER}
- DOCKER_NOTEBOOK_IMAGE=${REGISTRY}rapidminer-jupyter_notebook:${JUPYTERHUB_NOTEBOOK_VERSION}
- JUPYTERHUB_NOTEBOOK_VERSION=${JUPYTERHUB_NOTEBOOK_VERSION}
- JUPYTERHUB_NOTEBOOK_SSO_NB_UID_KEY=${JUPYTERHUB_NOTEBOOK_SSO_NB_UID_KEY}
- JUPYTERHUB_NOTEBOOK_SSO_NB_GID_KEY=${JUPYTERHUB_NOTEBOOK_SSO_NB_GID_KEY}
- JUPYTERHUB_NOTEBOOK_SSO_CUSTOM_BIND_MOUNTS_KEY=${JUPYTERHUB_NOTEBOOK_SSO_CUSTOM_BIND_MOUNTS_KEY}
- JUPYTERHUB_NOTEBOOK_CUSTOM_BIND_MOUNTS=${JUPYTERHUB_NOTEBOOK_CUSTOM_BIND_MOUNTS}
- JUPYTERHUB_NOTEBOOK_CPU_LIMIT=${JUPYTERHUB_NOTEBOOK_CPU_LIMIT}
- JUPYTERHUB_NOTEBOOK_MEM_LIMIT=${JUPYTERHUB_NOTEBOOK_MEM_LIMIT}
- JUPYTERHUB_NOTEBOOK_SHARED_ENV_VOLUME_NAME_DOCKERSPAWNER=${JUPYTERHUB_NOTEBOOK_SHARED_ENV_VOLUME_NAME_DOCKERSPAWNER}
volumes:
- /var/run/docker.sock:/var/run/docker.sock:rw
depends_on:
- jupyterhub-db
networks:
platform-int-net:
aliases:
- jupyterhub
jupyterhub-user-net:
aliases:
- jupyterhub
profiles:
- jupyter
coding-environment-storage:
image: "${REGISTRY}rapidminer-coding-environment-storage:${CES_VERSION}"
hostname: coding-environment-storage
restart: always
environment:
- PLATFORM_ADMIN_BACKEND=${PLATFORM_ADMIN_BACKEND}
- PLATFORM_ADMIN_SYNC_DEBUG=False
- DISABLE_DEFAULT_CHANNELS=${DISABLE_DEFAULT_CHANNELS}
networks:
coding-environment-storage-net:
aliases:
- coding-environment-storage
depends_on:
- platform-admin
volumes:
- coding-shared-vol:/opt/coding-shared/
profiles:
- ces
grafana-init:
image: "${REGISTRY}rapidminer-grafana-init:${GRAFANA_UTILS_VERSION}"
restart: "no"
volumes:
- grafana-home-vol:/var/lib/grafana
- grafana-provisioning:/etc/grafana/provisioning
profiles:
- grafana
grafana:
image: "${OFFICIAL_GRAFANA_IMAGE}"
hostname: grafana
restart: always
environment:
- GF_PATHS_DATA=${GF_PATHS_DATA:-/var/lib/grafana/aihub}
- GF_PATHS_PLUGINS=${GF_PATHS_PLUGINS:-/var/lib/grafana/aihub/plugins}
- GF_AUTH_GENERIC_OAUTH_AUTH_URL=${GF_AUTH_GENERIC_OAUTH_AUTH_URL}
- GF_AUTH_GENERIC_OAUTH_TOKEN_URL=${GF_AUTH_GENERIC_OAUTH_TOKEN_URL}
- GF_AUTH_GENERIC_OAUTH_API_URL=${GF_AUTH_GENERIC_OAUTH_API_URL}
- GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=${GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET}
- GF_AUTH_SIGNOUT_REDIRECT_URL=${GF_AUTH_SIGNOUT_REDIRECT_URL}
- GF_SERVER_ROOT_URL=${GF_SERVER_ROOT_URL}
- GF_USERS_DEFAULT_THEME=${GF_USERS_DEFAULT_THEME:-light}
- GF_PANELS_DISABLE_SANITIZE_HTML=${GF_PANELS_DISABLE_SANITIZE_HTML:-true}
- GF_SERVER_SERVE_FROM_SUB_PATH=${GF_SERVER_SERVE_FROM_SUB_PATH:-true}
- GF_AUTH_DISABLE_LOGIN_FORM=${GF_AUTH_DISABLE_LOGIN_FORM:-true}
- GF_AUTH_OAUTH_AUTO_LOGIN=${GF_AUTH_OAUTH_AUTO_LOGIN:-true}
- GF_AUTH_BASIC_ENABLED=${GF_AUTH_BASIC_ENABLED:-false}
- GF_AUTH_GENERIC_OAUTH_ENABLED=${GF_AUTH_GENERIC_OAUTH_ENABLED:-true}
- GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=${GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP:-true}
- GF_AUTH_GENERIC_OAUTH_CLIENT_ID=${GF_AUTH_GENERIC_OAUTH_CLIENT_ID:-grafana}
- GF_USERS_EXTERNAL_MANAGE_LINK_NAME=${GF_USERS_EXTERNAL_MANAGE_LINK_NAME:-false}
- GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=${GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH:-contains(grafana_roles[*], 'admin') && 'Admin' || contains(grafana_roles[*], 'editor') && 'Editor' || 'Viewer'}
- GF_PLUGINS_ALLOW_LOADING_UNSIGNED_PLUGINS=${GF_PLUGINS_ALLOW_LOADING_UNSIGNED_PLUGINS:-rapidminer-aihub-datasource}
- GF_AUTH_GENERIC_OAUTH_SCOPES=${GF_AUTH_GENERIC_OAUTH_SCOPES:-email}
- TZ=${TZ}
volumes:
- grafana-home-vol:/var/lib/grafana
- grafana-provisioning:/etc/grafana/provisioning
depends_on:
grafana-proxy:
condition: service_started
grafana-init:
condition: service_completed_successfully
networks:
platform-int-net:
aliases:
- grafana
profiles:
- grafana
grafana-proxy:
image: "${REGISTRY}rapidminer-grafana-proxy:${GRAFANA_UTILS_VERSION}"
hostname: grafana-proxy
restart: always
environment:
- AIHUB_BACKEND_INTERNAL_URL=${AIHUB_BACKEND_INTERNAL_URL}
# Comma spearated list of RTSA URLs (http://scoring-agent:8090,https://scoring-agent-2:8888)
- GRAFANA_SCORING_AGENT_BACKENDS=${GRAFANA_SCORING_AGENT_BACKENDS}
- ENPOINTS_GATEWAY_INTERNAL_URL=${REACT_APP_WEBAPI_GATEWAY_URL}
- GRAFANA_PROXY_LOGGING_LEVEL=${GRAFANA_PROXY_LOGGING_LEVEL}
- LOG_RESPONSE_DATA=${GRAFANA_PROXY_LOG_RESPONSE_DATA}
depends_on:
- aihub-backend
networks:
platform-int-net:
aliases:
- grafana-proxy
profiles:
- grafana
landing-page:
image: "${REGISTRY}rapidminer-deployment-landing-page:${LANDING_PAGE_VERSION}"
restart: always
hostname: landing-page
environment:
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
- SSO_IDP_REALM=${SSO_IDP_REALM}
- SSO_CLIENT_ID=${LANDING_PAGE_SSO_CLIENT_ID}
- SSO_CLIENT_SECRET=${LANDING_PAGE_SSO_CLIENT_SECRET}
- DEBUG=${LANDING_PAGE_DEBUG}
volumes:
- landing-page-vol:/var/www/html/uploaded/
- deployed-services-vol:/rapidminer/deployed-services/
networks:
platform-int-net:
aliases:
- landing-page
profiles:
- landing-page
token-tool:
image: "${REGISTRY}rapidminer-deployment-landing-page:${LANDING_PAGE_VERSION}"
restart: always
hostname: token-tool
environment:
- PUBLIC_URL=${PUBLIC_URL}
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
- SSO_IDP_REALM=${SSO_IDP_REALM}
- SSO_CLIENT_ID=${TOKEN_TOOL_SSO_CLIENT_ID}
- SSO_CLIENT_SECRET=${TOKEN_TOOL_SSO_CLIENT_SECRET}
- DEBUG=${TOKEN_TOOL_DEBUG}
- SSO_CUSTOM_SCOPE=openid offline_access
- CUSTOM_URL_SUFFIX=${TOKEN_TOOL_URL_SUFFIX}
- CUSTOM_CONTENT=get-token
volumes:
- token-tool-vol:/var/www/html/uploaded/
networks:
platform-int-net:
aliases:
- token-tool
profiles:
- token-tool
panopticon-vizapp:
image: "${REGISTRY}panopticonviz:${PANOPTICON_VIZAPP_VERSION}"
environment:
LMX_USE_EPOLL: ${PANOPTICON_LMX_USE_EPOLL}
CATALINA_OPTS: ${PANOPTICON_CATALINA_OPTS}
SERVER_ID: panopticon-vizapp
volumes:
- panopticon-data-panoviz:/etc/panopticon/appdata
- panopticon-shared-vol:/etc/panopticon/sharedata
- ./panopticon/AppData/:/etc/panopticon/appdata_default/
- ./panopticon/logging.properties:/usr/local/tomcat/conf/logging.properties
networks:
- panopticon-net
profiles:
- panopticon
panopticon-vizapp-python:
image: "${REGISTRY}panopticon-pythonsetup:${PANOPTICON_VIZAPP_PYTHON_VERSION}"
environment:
MY_POD_NAME: "panopticon-vizapp-python" # localhost
volumes:
- ./panopticon/requirements.txt:/etc/panopticon/python_default/requirements.txt
- panopticon-python-ext:/etc/panopticon/python_extensions
networks:
- panopticon-net
profiles:
- panopticon
panopticon-monetdb:
image: "${REGISTRY}panopticon-monetdb:${PANOPTICON_MONETDB_IMAGE_VERSION}"
environment:
- MDB_DB_ADMIN_PASS=${PANOPTICON_MONETDB_ADMIN_PASS}
volumes:
- panopticon-data-monetdb:/var/monetdb5/dbfarm
networks:
- panopticon-net
profiles:
- panopticon
panopticon-rserve:
image: "${REGISTRY}panopticon-rserve:${PANOPTICON_RSERVE_IMAGE_VERSION}"
volumes:
- ./panopticon/init_R_env_overide.R:/etc/panopticon/rserve_default/init_R_env_overide.R
- panopticon-rserve-ext:/etc/panopticon/rserve_extensions
networks:
- panopticon-net
profiles:
- panopticon
volumes:
webapi-agent-1:
webapi-agent-2:
panopticon-data-panoviz:
panopticon-shared-vol:
panopticon-python-ext:
panopticon-data-monetdb:
panopticon-rserve-ext:
license-proxy-vol:
aihub-db-vol:
aihub-home-vol:
job-agent-vol:
platform-admin-uploaded-vol:
scoring-agent-vol:
jupyterhub-db-vol:
grafana-home-vol:
grafana-provisioning:
keycloak-db-vol:
keycloak-kcadm-vol:
landing-page-vol:
token-tool-vol:
deployed-services-vol:
coding-shared-vol:
name: ${JUPYTERHUB_NOTEBOOK_SHARED_ENV_VOLUME_NAME_DOCKERSPAWNER}
activemq-artemis-vol:
networks:
panopticon-net:
platform-int-net:
idp-db-net:
aihub-db-net:
coding-environment-storage-net:
jupyterhub-user-net:
name: jupyterhub-user-net-${JUPYTERHUB_STACK_NAME}