2022-08-30 23:55:46 +02:00
|
|
|
# Copyright 2021 Collate
|
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
|
# limitations under the License.
|
|
|
|
|
|
|
|
|
|
version: "3.9"
|
2022-09-29 21:44:12 +05:30
|
|
|
volumes:
|
|
|
|
|
ingestion-volume-dag-airflow:
|
|
|
|
|
ingestion-volume-dags:
|
|
|
|
|
ingestion-volume-tmp:
|
2022-08-30 23:55:46 +02:00
|
|
|
services:
|
|
|
|
|
postgresql:
|
|
|
|
|
build:
|
|
|
|
|
context: ../../.
|
|
|
|
|
dockerfile: docker/local-metadata/Dockerfile_postgres
|
|
|
|
|
container_name: openmetadata_postgresql
|
|
|
|
|
restart: always
|
|
|
|
|
depends_on:
|
|
|
|
|
- elasticsearch
|
|
|
|
|
environment:
|
|
|
|
|
POSTGRES_USER: postgres
|
|
|
|
|
POSTGRES_PASSWORD: password
|
|
|
|
|
expose:
|
|
|
|
|
- 5432
|
|
|
|
|
ports:
|
2022-08-31 21:30:24 +02:00
|
|
|
- "5432:5432"
|
2022-08-30 23:55:46 +02:00
|
|
|
networks:
|
2022-09-19 09:20:54 +05:30
|
|
|
- local_app_net
|
2022-08-30 23:55:46 +02:00
|
|
|
healthcheck:
|
|
|
|
|
test: psql -U postgres -tAc 'select 1' -d openmetadata_db
|
|
|
|
|
interval: 15s
|
|
|
|
|
timeout: 10s
|
|
|
|
|
retries: 10
|
|
|
|
|
|
|
|
|
|
elasticsearch:
|
|
|
|
|
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
|
|
|
|
|
container_name: openmetadata_elasticsearch
|
|
|
|
|
environment:
|
|
|
|
|
- discovery.type=single-node
|
|
|
|
|
- ES_JAVA_OPTS=-Xms1024m -Xmx1024m
|
|
|
|
|
networks:
|
2022-09-19 09:20:54 +05:30
|
|
|
- local_app_net
|
2022-08-30 23:55:46 +02:00
|
|
|
expose:
|
|
|
|
|
- 9200
|
|
|
|
|
- 9300
|
|
|
|
|
ports:
|
2022-08-31 21:30:24 +02:00
|
|
|
- "9200:9200"
|
|
|
|
|
- "9300:9300"
|
2022-08-30 23:55:46 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
openmetadata-server:
|
|
|
|
|
build:
|
|
|
|
|
context: ../../.
|
|
|
|
|
dockerfile: docker/local-metadata/Dockerfile
|
|
|
|
|
container_name: openmetadata_server
|
|
|
|
|
environment:
|
2022-08-31 21:30:24 +02:00
|
|
|
# Elasticsearch configuration
|
2022-08-30 23:55:46 +02:00
|
|
|
ELASTICSEARCH_HOST: elasticsearch
|
|
|
|
|
# OpenMetadata Server Authentication Configuration
|
2022-09-23 23:52:28 +05:30
|
|
|
AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer}
|
|
|
|
|
AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter}
|
2022-08-30 23:55:46 +02:00
|
|
|
AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]}
|
2022-09-23 23:52:28 +05:30
|
|
|
AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]}
|
2022-08-30 23:55:46 +02:00
|
|
|
AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]}
|
2022-09-23 23:52:28 +05:30
|
|
|
AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"openmetadata.org"}
|
2022-08-30 23:55:46 +02:00
|
|
|
AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false}
|
|
|
|
|
AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false}
|
2022-09-23 23:52:28 +05:30
|
|
|
AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic}
|
2022-08-30 23:55:46 +02:00
|
|
|
CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""}
|
2022-09-23 23:52:28 +05:30
|
|
|
AUTHENTICATION_PUBLIC_KEYS: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/config/jwks]}
|
2022-08-30 23:55:46 +02:00
|
|
|
AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
|
|
|
|
|
AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""}
|
|
|
|
|
AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""}
|
|
|
|
|
AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]}
|
2022-09-23 23:52:28 +05:30
|
|
|
AUTHENTICATION_ENABLE_SELF_SIGNUP : ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true}
|
|
|
|
|
# JWT Configuration
|
|
|
|
|
RSA_PUBLIC_KEY_FILE_PATH: ${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"}
|
|
|
|
|
RSA_PRIVATE_KEY_FILE_PATH: ${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"}
|
|
|
|
|
JWT_ISSUER: ${JWT_ISSUER:-"open-metadata.org"}
|
|
|
|
|
JWT_KEY_ID: ${JWT_KEY_ID:-"Gb389a-9f76-gdjs-a92j-0242bk94356"}
|
2022-08-30 23:55:46 +02:00
|
|
|
# OpenMetadata Server Airflow Configuration
|
|
|
|
|
AIRFLOW_HOST: ${AIRFLOW_HOST:-http://ingestion:8080}
|
2022-08-31 21:30:24 +02:00
|
|
|
SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api}
|
2022-08-30 23:55:46 +02:00
|
|
|
AIRFLOW_AUTH_PROVIDER: ${AIRFLOW_AUTH_PROVIDER:-no-auth}
|
2022-09-23 23:52:28 +05:30
|
|
|
# OpenMetadata Airflow Azure SSO Configuration
|
2022-08-30 23:55:46 +02:00
|
|
|
OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""}
|
|
|
|
|
OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""}
|
|
|
|
|
OM_AUTH_AIRFLOW_AZURE_SCOPES: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]}
|
|
|
|
|
OM_AUTH_AIRFLOW_AZURE_CLIENT_ID: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""}
|
|
|
|
|
# OpenMetadata Airflow Google SSO Configuration
|
|
|
|
|
OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH:- ""}
|
|
|
|
|
OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE: ${OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE:-"https://www.googleapis.com/oauth2/v4/token"}
|
|
|
|
|
# OpenMetadata Airflow Okta SSO Configuration
|
|
|
|
|
OM_AUTH_AIRFLOW_OKTA_CLIENT_ID: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""}
|
|
|
|
|
OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""}
|
|
|
|
|
OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""}
|
|
|
|
|
OM_AUTH_AIRFLOW_OKTA_SA_EMAIL: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""}
|
|
|
|
|
OM_AUTH_AIRFLOW_OKTA_SCOPES: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]}
|
|
|
|
|
# OpenMetadata Airflow Auth0 SSO Configuration
|
|
|
|
|
OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID:-""}
|
|
|
|
|
OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET:-""}
|
|
|
|
|
OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL: ${OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL:-""}
|
|
|
|
|
# OpenMetadata Airflow Custom OIDC SSO Configuration
|
|
|
|
|
OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID:-""}
|
|
|
|
|
OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY:-""}
|
|
|
|
|
OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL:-""}
|
2022-09-23 23:52:28 +05:30
|
|
|
# OpenMetadata Airflow JWT Token Configuration
|
|
|
|
|
OM_AUTH_JWT_TOKEN: ${OM_AUTH_JWT_TOKEN:-""}
|
2022-08-30 23:55:46 +02:00
|
|
|
# Database configuration for Postgres
|
|
|
|
|
DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-org.postgresql.Driver}
|
|
|
|
|
DB_SCHEME: ${DB_SCHEME:-postgresql}
|
|
|
|
|
DB_USE_SSL: ${DB_USE_SSL:-false}
|
|
|
|
|
DB_USER: ${DB_USER:-openmetadata_user}
|
|
|
|
|
DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password}
|
|
|
|
|
DB_HOST: ${DB_HOST:-postgresql}
|
|
|
|
|
DB_PORT: ${DB_PORT:-5432}
|
2022-08-31 21:30:24 +02:00
|
|
|
OM_DATABASE: ${OM_DATABASE:-openmetadata_db}
|
2022-09-16 09:39:27 +02:00
|
|
|
# Airflow SSL Configurations
|
|
|
|
|
AIRFLOW_VERIFY_SSL: ${AIRFLOW_VERIFY_SSL:-"no-ssl"}
|
|
|
|
|
AIRFLOW_SSL_CERT_PATH: ${AIRFLOW_SSL_CERT_PATH:-""}
|
2022-08-30 23:55:46 +02:00
|
|
|
expose:
|
|
|
|
|
- 8585
|
|
|
|
|
- 8586
|
|
|
|
|
ports:
|
2022-08-31 21:30:24 +02:00
|
|
|
- "8585:8585"
|
|
|
|
|
- "8586:8586"
|
2022-08-30 23:55:46 +02:00
|
|
|
depends_on:
|
|
|
|
|
elasticsearch:
|
|
|
|
|
condition: service_started
|
|
|
|
|
postgresql:
|
|
|
|
|
condition: service_healthy
|
|
|
|
|
networks:
|
2022-09-19 09:20:54 +05:30
|
|
|
- local_app_net
|
2022-08-30 23:55:46 +02:00
|
|
|
healthcheck:
|
|
|
|
|
test: [ "CMD", "curl", "-f", "http://localhost:8586/healthcheck" ]
|
|
|
|
|
|
|
|
|
|
ingestion:
|
|
|
|
|
build:
|
|
|
|
|
context: ../../.
|
2022-09-19 09:20:54 +05:30
|
|
|
dockerfile: ingestion/Dockerfile.ci
|
2022-08-30 23:55:46 +02:00
|
|
|
args:
|
|
|
|
|
INGESTION_DEPENDENCY: ${INGESTION_DEPENDENCY:-all}
|
|
|
|
|
container_name: openmetadata_ingestion
|
|
|
|
|
depends_on:
|
|
|
|
|
elasticsearch:
|
|
|
|
|
condition: service_started
|
|
|
|
|
postgresql:
|
|
|
|
|
condition: service_healthy
|
|
|
|
|
openmetadata-server:
|
|
|
|
|
condition: service_healthy
|
|
|
|
|
environment:
|
2022-09-19 09:20:54 +05:30
|
|
|
AIRFLOW__API__AUTH_BACKENDS: airflow.api.auth.backend.basic_auth
|
|
|
|
|
AIRFLOW__CORE__EXECUTOR: LocalExecutor
|
|
|
|
|
AIRFLOW__LINEAGE__BACKEND: airflow_provider_openmetadata.lineage.openmetadata.OpenMetadataLineageBackend
|
|
|
|
|
AIRFLOW__LINEAGE__AIRFLOW_SERVICE_NAME: airflow_docker
|
|
|
|
|
AIRFLOW__LINEAGE__OPENMETADATA_API_ENDPOINT: http://openmetadata-server:8585/api
|
|
|
|
|
AIRFLOW__LINEAGE__AUTH_PROVIDER_TYPE: no-auth # Update this if you are using SSO
|
|
|
|
|
AIRFLOW__OPENMETADATA_AIRFLOW_APIS__DAG_GENERATED_CONFIGS: "/opt/airflow/dag_generated_configs"
|
2022-08-30 23:55:46 +02:00
|
|
|
DB_HOST: ${DB_HOST:-postgresql}
|
|
|
|
|
DB_PORT: ${DB_PORT:-5432}
|
|
|
|
|
AIRFLOW_DB: ${AIRFLOW_DB:-airflow_db}
|
|
|
|
|
DB_USER: ${DB_USER:-airflow_user}
|
|
|
|
|
DB_SCHEME: ${DB_SCHEME:-postgresql+psycopg2}
|
|
|
|
|
DB_PASSWORD: ${DB_PASSWORD:-airflow_pass}
|
2022-09-19 09:20:54 +05:30
|
|
|
entrypoint: /bin/bash
|
|
|
|
|
command:
|
|
|
|
|
- "/opt/airflow/ingestion_dependency.sh"
|
2022-08-30 23:55:46 +02:00
|
|
|
expose:
|
|
|
|
|
- 8080
|
|
|
|
|
ports:
|
2022-08-31 21:30:24 +02:00
|
|
|
- "8080:8080"
|
2022-08-30 23:55:46 +02:00
|
|
|
networks:
|
|
|
|
|
- local_app_net
|
|
|
|
|
volumes:
|
2022-09-29 21:44:12 +05:30
|
|
|
- ingestion-volume-dag-airflow:/airflow/dag_generated_configs
|
|
|
|
|
- ingestion-volume-dags:/opt/airflow/dags
|
|
|
|
|
- ingestion-volume-tmp:/tmp
|
2022-08-31 21:30:24 +02:00
|
|
|
|
2022-08-30 23:55:46 +02:00
|
|
|
networks:
|
|
|
|
|
local_app_net:
|
|
|
|
|
name: ometa_network
|
|
|
|
|
ipam:
|
|
|
|
|
driver: default
|
|
|
|
|
config:
|
|
|
|
|
- subnet: "172.16.239.0/24"
|
