# Copyright 2021 Collate # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # http://www.apache.org/licenses/LICENSE-2.0 # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. version: "3.9" volumes: ingestion-volume-dag-airflow: ingestion-volume-dags: ingestion-volume-tmp: services: postgresql: build: context: ../../. dockerfile: docker/local-metadata/Dockerfile_postgres container_name: openmetadata_postgresql restart: always depends_on: - elasticsearch environment: POSTGRES_USER: postgres POSTGRES_PASSWORD: password expose: - 5432 ports: - "5432:5432" networks: local_app_net: ipv4_address: 172.16.239.10 healthcheck: test: psql -U postgres -tAc 'select 1' -d openmetadata_db interval: 15s timeout: 10s retries: 10 elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2 container_name: openmetadata_elasticsearch environment: - discovery.type=single-node - ES_JAVA_OPTS=-Xms1024m -Xmx1024m networks: local_app_net: ipv4_address: 172.16.239.11 expose: - 9200 - 9300 ports: - "9200:9200" - "9300:9300" openmetadata-server: build: context: ../../. dockerfile: docker/local-metadata/Dockerfile container_name: openmetadata_server environment: # Elasticsearch configuration ELASTICSEARCH_HOST: elasticsearch # OpenMetadata Server Authentication Configuration AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.catalog.security.NoopAuthorizer} AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.catalog.security.NoopFilter} AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]} AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]} AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-""} AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false} AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false} AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-no-auth} CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""} AUTHENTICATION_PUBLIC_KEYS: ${AUTHENTICATION_PUBLIC_KEYS:-[https://www.googleapis.com/oauth2/v3/certs]} AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com} AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""} AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""} AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]} # OpenMetadata Server Airflow Configuration AIRFLOW_HOST: ${AIRFLOW_HOST:-http://ingestion:8080} SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api} # OpenMetadata Airflow Azure SSO Configuration AIRFLOW_AUTH_PROVIDER: ${AIRFLOW_AUTH_PROVIDER:-no-auth} OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""} OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""} OM_AUTH_AIRFLOW_AZURE_SCOPES: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]} OM_AUTH_AIRFLOW_AZURE_CLIENT_ID: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""} # OpenMetadata Airflow Google SSO Configuration OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH:- ""} OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE: ${OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE:-"https://www.googleapis.com/oauth2/v4/token"} # OpenMetadata Airflow Okta SSO Configuration OM_AUTH_AIRFLOW_OKTA_CLIENT_ID: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""} OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""} OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""} OM_AUTH_AIRFLOW_OKTA_SA_EMAIL: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""} OM_AUTH_AIRFLOW_OKTA_SCOPES: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]} # OpenMetadata Airflow Auth0 SSO Configuration OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID:-""} OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET:-""} OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL: ${OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL:-""} # OpenMetadata Airflow Custom OIDC SSO Configuration OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID:-""} OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY:-""} OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL:-""} # Database configuration for Postgres DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-org.postgresql.Driver} DB_SCHEME: ${DB_SCHEME:-postgresql} DB_USE_SSL: ${DB_USE_SSL:-false} DB_USER: ${DB_USER:-openmetadata_user} DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password} DB_HOST: ${DB_HOST:-postgresql} DB_PORT: ${DB_PORT:-5432} OM_DATABASE: ${OM_DATABASE:-openmetadata_db} expose: - 8585 - 8586 - 9200 - 9300 - 5432 ports: - "8585:8585" - "8586:8586" depends_on: elasticsearch: condition: service_started postgresql: condition: service_healthy networks: local_app_net: ipv4_address: 172.16.239.13 healthcheck: test: [ "CMD", "curl", "-f", "http://localhost:8586/healthcheck" ] ingestion: build: context: ../../. dockerfile: ingestion/Dockerfile_local args: INGESTION_DEPENDENCY: ${INGESTION_DEPENDENCY:-all} container_name: openmetadata_ingestion depends_on: elasticsearch: condition: service_started postgresql: condition: service_healthy openmetadata-server: condition: service_healthy environment: DB_HOST: ${DB_HOST:-postgresql} DB_PORT: ${DB_PORT:-5432} AIRFLOW_DB: ${AIRFLOW_DB:-airflow_db} DB_USER: ${DB_USER:-airflow_user} DB_SCHEME: ${DB_SCHEME:-postgresql+psycopg2} DB_PASSWORD: ${DB_PASSWORD:-airflow_pass} expose: - 8080 ports: - "8080:8080" networks: - local_app_net volumes: - /var/run/docker.sock:/var/run/docker.sock - ingestion-volume-dag-airflow:/airflow/dag_generated_configs - ingestion-volume-dags:/ingestion/examples/airflow/dags - ingestion-volume-tmp:/tmp networks: local_app_net: name: ometa_network ipam: driver: default config: - subnet: "172.16.239.0/24"