From 56b53875f33565ab38cfd0a4666485fbc3b8b74a Mon Sep 17 00:00:00 2001 From: Tarun Date: Wed, 27 Nov 2024 18:16:02 +0530 Subject: [PATCH 01/10] Updated docker compose files --- .../development/docker-compose-postgres.yml | 325 ++++----------- docker/development/docker-compose.yml | 376 +++++------------- .../docker-compose-postgres.yml | 325 +++------------ .../docker-compose.yml | 369 +++++------------ 4 files changed, 335 insertions(+), 1060 deletions(-) diff --git a/docker/development/docker-compose-postgres.yml b/docker/development/docker-compose-postgres.yml index b37302925189..b42d7d433af2 100644 --- a/docker/development/docker-compose-postgres.yml +++ b/docker/development/docker-compose-postgres.yml @@ -9,78 +9,13 @@ # See the License for the specific language governing permissions and # limitations under the License. -version: "3.9" -volumes: - ingestion-volume-dag-airflow: - ingestion-volume-dags: - ingestion-volume-tmp: - es-data: -services: - postgresql: - build: - context: ../../. - dockerfile: docker/postgresql/Dockerfile_postgres - container_name: openmetadata_postgresql - restart: always - command: "--work_mem=10MB" - depends_on: - - opensearch - environment: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: password - expose: - - 5432 - ports: - - "5432:5432" - volumes: - - ./docker-volume/db-data-postgres:/var/lib/postgresql/data - networks: - - local_app_net - healthcheck: - test: psql -U postgres -tAc 'select 1' -d openmetadata_db - interval: 15s - timeout: 10s - retries: 10 - - opensearch: - image: opensearchproject/opensearch:latest - container_name: openmetadata_opensearch - environment: - - discovery.type=single-node - - ES_JAVA_OPTS=-Xms1024m -Xmx1024m - - plugins.security.disabled=true - - OPENSEARCH_INITIAL_ADMIN_PASSWORD=OpenMetadata_password123!!! - networks: - - local_app_net - expose: - - 9200 - - 9300 - ports: - - "9200:9200" - - "9300:9300" - healthcheck: - test: "curl -s http://localhost:9200/_cluster/health?pretty | grep status | grep -qE 'green|yellow' || exit 1" - interval: 15s - timeout: 10s - retries: 10 - volumes: - - es-data:/usr/share/opensearch/data - execute-migrate-all: - build: - context: ../../. - dockerfile: docker/development/Dockerfile - container_name: execute_migrate_all - command: "./bootstrap/openmetadata-ops.sh -d migrate --force" - environment: +x-environment: &common-env OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata} SERVER_PORT: ${SERVER_PORT:-8585} SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586} LOG_LEVEL: ${LOG_LEVEL:-INFO} - # Migration - MIGRATION_LIMIT_PARAM: ${MIGRATION_LIMIT_PARAM:-1200} - # OpenMetadata Server Authentication Configuration AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} @@ -173,20 +108,18 @@ services: DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-org.postgresql.Driver} DB_SCHEME: ${DB_SCHEME:-postgresql} DB_PARAMS: ${DB_PARAMS:-allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC} - DB_USE_SSL: ${DB_USE_SSL:-false} DB_USER: ${DB_USER:-openmetadata_user} DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password} DB_HOST: ${DB_HOST:-postgresql} DB_PORT: ${DB_PORT:-5432} OM_DATABASE: ${OM_DATABASE:-openmetadata_db} # ElasticSearch Configurations - ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-opensearch} + ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:- elasticsearch} ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} ELASTICSEARCH_SCHEME: ${ELASTICSEARCH_SCHEME:-http} ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""} ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""} - SEARCH_TYPE: ${SEARCH_TYPE:- "opensearch"} - ELASTICSEARCH_CLUSTER_ALIAS: ${ELASTICSEARCH_CLUSTER_ALIAS:- "openmetadata"} + SEARCH_TYPE: ${SEARCH_TYPE:- "elasticsearch"} ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} @@ -203,6 +136,7 @@ services: EVENT_MONITOR_LATENCY: ${EVENT_MONITOR_LATENCY:-[]} #pipelineServiceClientConfiguration + PIPELINE_SERVICE_CLIENT_ENABLED: ${PIPELINE_SERVICE_CLIENT_ENABLED:-true} PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"} PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false} PIPELINE_SERVICE_CLIENT_HOST_IP: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""} @@ -217,16 +151,11 @@ services: #secretsManagerConfiguration SECRET_MANAGER: ${SECRET_MANAGER:-db} - # AWS: + #parameters: OM_SM_REGION: ${OM_SM_REGION:-""} OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""} OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""} - # Azure: - OM_SM_VAULT_NAME: ${OM_SM_VAULT_NAME:-""} - OM_SM_CLIENT_ID: ${OM_SM_CLIENT_ID:-""} - OM_SM_CLIENT_SECRET: ${OM_SM_CLIENT_SECRET:-""} - OM_SM_TENANT_ID: ${OM_SM_TENANT_ID:-""} - + #email configuration: OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"} OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"} @@ -239,15 +168,11 @@ services: SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""} SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"} - #extensionConfiguration - OM_RESOURCE_PACKAGES: ${OM_RESOURCE_PACKAGES:-[]} - OM_EXTENSIONS: ${OM_EXTENSIONS:-[]} - # Heap OPTS Configurations OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G} # Mask passwords values in UI MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} - + #OpenMetadata Web Configuration WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} #HSTS @@ -269,15 +194,69 @@ services: WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} - #Referrer-Policy - WEB_CONF_REFERRER_POLICY_ENABLED: ${WEB_CONF_REFERRER_POLICY_ENABLED:-false} - WEB_CONF_REFERRER_POLICY_OPTION: ${WEB_CONF_REFERRER_POLICY_OPTION:-"SAME_ORIGIN"} - #Permission-Policy - WEB_CONF_PERMISSION_POLICY_ENABLED: ${WEB_CONF_PERMISSION_POLICY_ENABLED:-false} - WEB_CONF_PERMISSION_POLICY_OPTION: ${WEB_CONF_PERMISSION_POLICY_OPTION:-""} #Cache WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""} WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""} + +services: + postgresql: + build: + context: ../../. + dockerfile: docker/postgresql/Dockerfile_postgres + container_name: openmetadata_postgresql + restart: always + command: "--work_mem=10MB" + depends_on: + - opensearch + environment: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: password + expose: + - 5432 + ports: + - "5432:5432" + volumes: + - ./docker-volume/db-data-postgres:/var/lib/postgresql/data + networks: + - local_app_net + healthcheck: + test: psql -U postgres -tAc 'select 1' -d openmetadata_db + interval: 15s + timeout: 10s + retries: 10 + + opensearch: + image: opensearchproject/opensearch:latest + container_name: openmetadata_opensearch + environment: + - discovery.type=single-node + - ES_JAVA_OPTS=-Xms1024m -Xmx1024m + - plugins.security.disabled=true + - OPENSEARCH_INITIAL_ADMIN_PASSWORD=OpenMetadata_password123!!! + networks: + - local_app_net + expose: + - 9200 + - 9300 + ports: + - "9200:9200" + - "9300:9300" + healthcheck: + test: "curl -s http://localhost:9200/_cluster/health?pretty | grep status | grep -qE 'green|yellow' || exit 1" + interval: 15s + timeout: 10s + retries: 10 + volumes: + - es-data:/usr/share/opensearch/data + + execute-migrate-all: + build: + context: ../../. + dockerfile: docker/development/Dockerfile + container_name: execute_migrate_all + command: "./bootstrap/openmetadata-ops.sh -d migrate --force" + environment: + <<: *common-env depends_on: opensearch: condition: service_healthy @@ -292,169 +271,7 @@ services: dockerfile: docker/development/Dockerfile container_name: openmetadata_server environment: - OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata} - SERVER_PORT: ${SERVER_PORT:-8585} - SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586} - LOG_LEVEL: ${LOG_LEVEL:-INFO} - # OpenMetadata Server Authentication Configuration - AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} - AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} - AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]} - AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]} - AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]} - AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"} - AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false} - AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false} - AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic} - AUTHENTICATION_RESPONSE_TYPE: ${AUTHENTICATION_RESPONSE_TYPE:-id_token} - CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""} - AUTHENTICATION_PUBLIC_KEYS: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]} - AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com} - AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""} - AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""} - AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]} - AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING:-[]} - AUTHENTICATION_ENABLE_SELF_SIGNUP : ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true} - AUTHENTICATION_CLIENT_TYPE: ${AUTHENTICATION_CLIENT_TYPE:-public} - #For OIDC Authentication, when client is confidential - OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-""} - OIDC_TYPE: ${OIDC_TYPE:-""} # google, azure etc. - OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET:-""} - OIDC_SCOPE: ${OIDC_SCOPE:-"openid email profile"} - OIDC_DISCOVERY_URI: ${OIDC_DISCOVERY_URI:-""} - OIDC_USE_NONCE: ${OIDC_USE_NONCE:-true} - OIDC_PREFERRED_JWS: ${OIDC_PREFERRED_JWS:-"RS256"} - OIDC_RESPONSE_TYPE: ${OIDC_RESPONSE_TYPE:-"code"} - OIDC_DISABLE_PKCE: ${OIDC_DISABLE_PKCE:-true} - OIDC_CALLBACK: ${OIDC_CALLBACK:-"http://localhost:8585/callback"} - OIDC_SERVER_URL: ${OIDC_SERVER_URL:-"http://localhost:8585"} - OIDC_CLIENT_AUTH_METHOD: ${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"} - OIDC_TENANT: ${OIDC_TENANT:-""} - OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""} - OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}} - # For SAML Authentication - # SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false} - # SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""} - # SAML_IDP_SSO_LOGIN_URL: ${SAML_IDP_SSO_LOGIN_URL:-""} - # SAML_IDP_CERTIFICATE: ${SAML_IDP_CERTIFICATE:-""} - # SAML_AUTHORITY_URL: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"} - # SAML_IDP_NAME_ID: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"} - # SAML_SP_ENTITY_ID: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"} - # SAML_SP_ACS: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"} - # SAML_SP_CERTIFICATE: ${SAML_SP_CERTIFICATE:-""} - # SAML_SP_CALLBACK: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"} - # SAML_STRICT_MODE: ${SAML_STRICT_MODE:-false} - # SAML_SP_TOKEN_VALIDITY: ${SAML_SP_TOKEN_VALIDITY:-"3600"} - # SAML_SEND_ENCRYPTED_NAME_ID: ${SAML_SEND_ENCRYPTED_NAME_ID:-false} - # SAML_SEND_SIGNED_AUTH_REQUEST: ${SAML_SEND_SIGNED_AUTH_REQUEST:-false} - # SAML_SIGNED_SP_METADATA: ${SAML_SIGNED_SP_METADATA:-false} - # SAML_WANT_MESSAGE_SIGNED: ${SAML_WANT_MESSAGE_SIGNED:-false} - # SAML_WANT_ASSERTION_SIGNED: ${SAML_WANT_ASSERTION_SIGNED:-false} - # SAML_WANT_ASSERTION_ENCRYPTED: ${SAML_WANT_ASSERTION_ENCRYPTED:-false} - # SAML_WANT_NAME_ID_ENCRYPTED: ${SAML_WANT_NAME_ID_ENCRYPTED:-false} - # SAML_KEYSTORE_FILE_PATH: ${SAML_KEYSTORE_FILE_PATH:-""} - # SAML_KEYSTORE_ALIAS: ${SAML_KEYSTORE_ALIAS:-""} - # SAML_KEYSTORE_PASSWORD: ${SAML_KEYSTORE_PASSWORD:-""} - # For LDAP Authentication - # AUTHENTICATION_LDAP_HOST: ${AUTHENTICATION_LDAP_HOST:-} - # AUTHENTICATION_LDAP_PORT: ${AUTHENTICATION_LDAP_PORT:-} - # AUTHENTICATION_LOOKUP_ADMIN_DN: ${AUTHENTICATION_LOOKUP_ADMIN_DN:-""} - # AUTHENTICATION_LOOKUP_ADMIN_PWD: ${AUTHENTICATION_LOOKUP_ADMIN_PWD:-""} - # AUTHENTICATION_USER_LOOKUP_BASEDN: ${AUTHENTICATION_USER_LOOKUP_BASEDN:-""} - # AUTHENTICATION_USER_MAIL_ATTR: ${AUTHENTICATION_USER_MAIL_ATTR:-} - # AUTHENTICATION_LDAP_POOL_SIZE: ${AUTHENTICATION_LDAP_POOL_SIZE:-3} - # AUTHENTICATION_LDAP_SSL_ENABLED: ${AUTHENTICATION_LDAP_SSL_ENABLED:-} - # AUTHENTICATION_LDAP_TRUSTSTORE_TYPE: ${AUTHENTICATION_LDAP_TRUSTSTORE_TYPE:-TrustAll} - # AUTHENTICATION_LDAP_TRUSTSTORE_PATH: ${AUTHENTICATION_LDAP_TRUSTSTORE_PATH:-} - # AUTHENTICATION_LDAP_KEYSTORE_PASSWORD: ${AUTHENTICATION_LDAP_KEYSTORE_PASSWORD:-} - # AUTHENTICATION_LDAP_SSL_KEY_FORMAT: ${AUTHENTICATION_LDAP_SSL_KEY_FORMAT:-} - # AUTHENTICATION_LDAP_ALLOW_WILDCARDS: ${AUTHENTICATION_LDAP_ALLOW_WILDCARDS:-} - # AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES: ${AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES:-[]} - # AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST: ${AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST:-} - # AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES: ${AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES:-true} - - # JWT Configuration - RSA_PUBLIC_KEY_FILE_PATH: ${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"} - RSA_PRIVATE_KEY_FILE_PATH: ${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"} - JWT_ISSUER: ${JWT_ISSUER:-"open-metadata.org"} - JWT_KEY_ID: ${JWT_KEY_ID:-"Gb389a-9f76-gdjs-a92j-0242bk94356"} - # OpenMetadata Server Pipeline Service Client Configuration - PIPELINE_SERVICE_CLIENT_ENDPOINT: ${PIPELINE_SERVICE_CLIENT_ENDPOINT:-http://ingestion:8080} - PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL: ${PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL:-300} - SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api} - PIPELINE_SERVICE_CLIENT_VERIFY_SSL: ${PIPELINE_SERVICE_CLIENT_VERIFY_SSL:-"no-ssl"} - PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH: ${PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH:-""} - # Database configuration for Postgres - DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-org.postgresql.Driver} - DB_SCHEME: ${DB_SCHEME:-postgresql} - DB_PARAMS: ${DB_PARAMS:-allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC} - DB_USE_SSL: ${DB_USE_SSL:-false} - DB_USER: ${DB_USER:-openmetadata_user} - DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password} - DB_HOST: ${DB_HOST:-postgresql} - DB_PORT: ${DB_PORT:-5432} - OM_DATABASE: ${OM_DATABASE:-openmetadata_db} - # ElasticSearch Configurations - ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-opensearch} - ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} - ELASTICSEARCH_SCHEME: ${ELASTICSEARCH_SCHEME:-http} - ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""} - ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-"OpenMetadata_password123!!!"} - SEARCH_TYPE: ${SEARCH_TYPE:- "opensearch"} - ELASTICSEARCH_CLUSTER_ALIAS: ${ELASTICSEARCH_CLUSTER_ALIAS:- "openmetadata"} - ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} - ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} - ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} - ELASTICSEARCH_SOCKET_TIMEOUT_SECS: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60} - ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS: ${ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS:-600} - ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-100} - ELASTICSEARCH_PAYLOAD_BYTES_SIZE: ${ELASTICSEARCH_PAYLOAD_BYTES_SIZE:-10485760} #max payLoadSize in Bytes - ELASTICSEARCH_INDEX_MAPPING_LANG: ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN} - - #eventMonitoringConfiguration - EVENT_MONITOR: ${EVENT_MONITOR:-prometheus} - EVENT_MONITOR_BATCH_SIZE: ${EVENT_MONITOR_BATCH_SIZE:-10} - EVENT_MONITOR_PATH_PATTERN: ${EVENT_MONITOR_PATH_PATTERN:-["/api/v1/tables/*", "/api/v1/health-check"]} - EVENT_MONITOR_LATENCY: ${EVENT_MONITOR_LATENCY:-[]} - - #pipelineServiceClientConfiguration - PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"} - PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false} - PIPELINE_SERVICE_CLIENT_HOST_IP: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""} - PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER: ${PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER:-"noop"} - #airflow parameters - AIRFLOW_USERNAME: ${AIRFLOW_USERNAME:-admin} - AIRFLOW_PASSWORD: ${AIRFLOW_PASSWORD:-admin} - AIRFLOW_TIMEOUT: ${AIRFLOW_TIMEOUT:-10} - AIRFLOW_TRUST_STORE_PATH: ${AIRFLOW_TRUST_STORE_PATH:-""} - AIRFLOW_TRUST_STORE_PASSWORD: ${AIRFLOW_TRUST_STORE_PASSWORD:-""} - FERNET_KEY: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=} - - #secretsManagerConfiguration - SECRET_MANAGER: ${SECRET_MANAGER:-db} - #parameters: - OM_SM_REGION: ${OM_SM_REGION:-""} - OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""} - OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""} - - #email configuration: - OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"} - OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"} - AUTHORIZER_ENABLE_SMTP : ${AUTHORIZER_ENABLE_SMTP:-false} - OPENMETADATA_SERVER_URL: ${OPENMETADATA_SERVER_URL:-""} - OPENMETADATA_SMTP_SENDER_MAIL: ${OPENMETADATA_SMTP_SENDER_MAIL:-""} - SMTP_SERVER_ENDPOINT: ${SMTP_SERVER_ENDPOINT:-""} - SMTP_SERVER_PORT: ${SMTP_SERVER_PORT:-""} - SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""} - SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""} - SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"} - - #extensionConfiguration - OM_RESOURCE_PACKAGES: ${OM_RESOURCE_PACKAGES:-[]} - OM_EXTENSIONS: ${OM_EXTENSIONS:-[]} - - # Heap OPTS Configurations - OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G} + <<: *common-env MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-true} expose: - 8585 @@ -524,7 +341,11 @@ services: - ingestion-volume-dags:/opt/airflow/dags - ingestion-volume-tmp:/tmp - /var/run/docker.sock:/var/run/docker.sock:z # Need 600 permissions to run DockerOperator - +volumes: + ingestion-volume-dag-airflow: + ingestion-volume-dags: + ingestion-volume-tmp: + es-data: networks: local_app_net: diff --git a/docker/development/docker-compose.yml b/docker/development/docker-compose.yml index b5509137a521..e41348d5e36f 100644 --- a/docker/development/docker-compose.yml +++ b/docker/development/docker-compose.yml @@ -9,83 +9,19 @@ # See the License for the specific language governing permissions and # limitations under the License. -version: "3.9" -volumes: - ingestion-volume-dag-airflow: - ingestion-volume-dags: - ingestion-volume-tmp: - es-data: -services: - mysql: - build: - context: ../../. - dockerfile: docker/mysql/Dockerfile_mysql - command: "--sort_buffer_size=10M" - container_name: openmetadata_mysql - restart: always - depends_on: - - elasticsearch - environment: - MYSQL_ROOT_PASSWORD: password - expose: - - 3306 - ports: - - "3306:3306" - networks: - - local_app_net - healthcheck: - test: mysql --user=root --password=$$MYSQL_ROOT_PASSWORD --silent --execute "use openmetadata_db" - interval: 15s - timeout: 10s - retries: 10 - volumes: - - ./docker-volume/db-data:/var/lib/mysql - - elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.11.4 - container_name: openmetadata_elasticsearch - environment: - - discovery.type=single-node - - ES_JAVA_OPTS=-Xms1024m -Xmx1024m - - xpack.security.enabled=false - networks: - - local_app_net - expose: - - 9200 - - 9300 - ports: - - "9200:9200" - - "9300:9300" - healthcheck: - test: "curl -s http://localhost:9200/_cluster/health?pretty | grep status | grep -qE 'green|yellow' || exit 1" - interval: 15s - timeout: 10s - retries: 10 - volumes: - - es-data:/usr/share/elasticsearch/data - - execute-migrate-all: - build: - context: ../../. - dockerfile: docker/development/Dockerfile - container_name: execute_migrate_all - command: "./bootstrap/openmetadata-ops.sh -d migrate --force" - environment: +# version: "3.9" +x-environment: &common-env OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata} SERVER_PORT: ${SERVER_PORT:-8585} SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586} LOG_LEVEL: ${LOG_LEVEL:-INFO} - - # Migration - MIGRATION_LIMIT_PARAM: ${MIGRATION_LIMIT_PARAM:-1200} - # OpenMetadata Server Authentication Configuration AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]} AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]} AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]} - AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"} + AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"openmetadata.org"} AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false} AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false} AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic} @@ -97,7 +33,7 @@ services: AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""} AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]} AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING:-[]} - AUTHENTICATION_ENABLE_SELF_SIGNUP: ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true} + AUTHENTICATION_ENABLE_SELF_SIGNUP : ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true} AUTHENTICATION_CLIENT_TYPE: ${AUTHENTICATION_CLIENT_TYPE:-public} #For OIDC Authentication, when client is confidential OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-""} @@ -155,7 +91,6 @@ services: # AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES: ${AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES:-[]} # AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST: ${AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST:-} # AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES: ${AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES:-true} - # JWT Configuration RSA_PUBLIC_KEY_FILE_PATH: ${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"} RSA_PRIVATE_KEY_FILE_PATH: ${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"} @@ -184,22 +119,19 @@ services: ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""} ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""} SEARCH_TYPE: ${SEARCH_TYPE:- "elasticsearch"} - ELASTICSEARCH_CLUSTER_ALIAS: ${ELASTICSEARCH_CLUSTER_ALIAS:- "openmetadata"} ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} ELASTICSEARCH_SOCKET_TIMEOUT_SECS: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60} ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS: ${ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS:-600} - ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-100} + ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-10} ELASTICSEARCH_PAYLOAD_BYTES_SIZE: ${ELASTICSEARCH_PAYLOAD_BYTES_SIZE:-10485760} #max payLoadSize in Bytes ELASTICSEARCH_INDEX_MAPPING_LANG: ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN} - #eventMonitoringConfiguration EVENT_MONITOR: ${EVENT_MONITOR:-prometheus} EVENT_MONITOR_BATCH_SIZE: ${EVENT_MONITOR_BATCH_SIZE:-10} EVENT_MONITOR_PATH_PATTERN: ${EVENT_MONITOR_PATH_PATTERN:-["/api/v1/tables/*", "/api/v1/health-check"]} EVENT_MONITOR_LATENCY: ${EVENT_MONITOR_LATENCY:-[]} - #pipelineServiceClientConfiguration PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"} PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false} @@ -212,14 +144,17 @@ services: AIRFLOW_TRUST_STORE_PATH: ${AIRFLOW_TRUST_STORE_PATH:-""} AIRFLOW_TRUST_STORE_PASSWORD: ${AIRFLOW_TRUST_STORE_PASSWORD:-""} FERNET_KEY: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=} - #secretsManagerConfiguration SECRET_MANAGER: ${SECRET_MANAGER:-db} - #parameters: + # AWS: OM_SM_REGION: ${OM_SM_REGION:-""} OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""} OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""} - + # Azure: + OM_SM_VAULT_NAME: ${OM_SM_VAULT_NAME:-""} + OM_SM_CLIENT_ID: ${OM_SM_CLIENT_ID:-""} + OM_SM_CLIENT_SECRET: ${OM_SM_CLIENT_SECRET:-""} + OM_SM_TENANT_ID: ${OM_SM_TENANT_ID:-""} #email configuration: OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"} OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"} @@ -231,47 +166,109 @@ services: SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""} SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""} SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"} - #extensionConfiguration OM_RESOURCE_PACKAGES: ${OM_RESOURCE_PACKAGES:-[]} OM_EXTENSIONS: ${OM_EXTENSIONS:-[]} - - # Heap OPTS Configurations OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G} - # Mask passwords values in UI - MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} - - #OpenMetadata Web Configuration - WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} + #Cache + WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""} + WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""} + #CSP + WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} + WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} + WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} + #XSS-Protection + WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} + WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true} + WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} + #Content Type + WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} + #Frame Options + WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} + WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} + WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""} #HSTS WEB_CONF_HSTS_ENABLED: ${WEB_CONF_HSTS_ENABLED:-false} WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"} WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"} WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"} - #Frame Options - WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} - WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} - WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""} - #Content Type - WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} - #XSS-Protection - WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} - WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true} - WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} - #CSP - WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} - WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} - WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} + #OpenMetadata Web Configuration + WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} + # Mask passwords values in UI + MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} + + + + +services: + mysql: + build: + context: ../../. + dockerfile: docker/mysql/Dockerfile_mysql + command: "--sort_buffer_size=10M" + container_name: openmetadata_mysql + restart: always + depends_on: + - elasticsearch + environment: + MYSQL_ROOT_PASSWORD: password + expose: + - 3306 + ports: + - "3306:3306" + networks: + - local_app_net + healthcheck: + test: mysql --user=root --password=$$MYSQL_ROOT_PASSWORD --silent --execute "use openmetadata_db" + interval: 15s + timeout: 10s + retries: 10 + volumes: + - ./docker-volume/db-data:/var/lib/mysql + + elasticsearch: + image: docker.elastic.co/elasticsearch/elasticsearch:8.11.4 + platform: linux/amd64 + + container_name: openmetadata_elasticsearch + environment: + - discovery.type=single-node + - ES_JAVA_OPTS=-Xms1024m -Xmx1024m + - xpack.security.enabled=false + networks: + - local_app_net + expose: + - 9200 + - 9300 + ports: + - "9200:9200" + - "9300:9300" + healthcheck: + test: "curl -s http://localhost:9200/_cluster/health?pretty | grep status | grep -qE 'green|yellow' || exit 1" + interval: 15s + timeout: 10s + retries: 10 + volumes: + - es-data:/usr/share/elasticsearch/data + + execute-migrate-all: + build: + context: ../../. + dockerfile: docker/development/Dockerfile + container_name: execute_migrate_all + command: "./bootstrap/openmetadata-ops.sh -d migrate --force" + environment: + <<: *common-env + # Migration + MIGRATION_LIMIT_PARAM: ${MIGRATION_LIMIT_PARAM:-1200} #Referrer-Policy WEB_CONF_REFERRER_POLICY_ENABLED: ${WEB_CONF_REFERRER_POLICY_ENABLED:-false} WEB_CONF_REFERRER_POLICY_OPTION: ${WEB_CONF_REFERRER_POLICY_OPTION:-"SAME_ORIGIN"} #Permission-Policy WEB_CONF_PERMISSION_POLICY_ENABLED: ${WEB_CONF_PERMISSION_POLICY_ENABLED:-false} WEB_CONF_PERMISSION_POLICY_OPTION: ${WEB_CONF_PERMISSION_POLICY_OPTION:-""} - #Cache - WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""} - WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""} + depends_on: elasticsearch: condition: service_healthy @@ -286,177 +283,7 @@ services: dockerfile: docker/development/Dockerfile container_name: openmetadata_server environment: - OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata} - SERVER_PORT: ${SERVER_PORT:-8585} - SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586} - LOG_LEVEL: ${LOG_LEVEL:-INFO} - - # OpenMetadata Server Authentication Configuration - AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} - AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} - AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]} - AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]} - AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]} - AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"} - AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false} - AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false} - AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic} - AUTHENTICATION_RESPONSE_TYPE: ${AUTHENTICATION_RESPONSE_TYPE:-id_token} - CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""} - AUTHENTICATION_PUBLIC_KEYS: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]} - AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com} - AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""} - AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""} - AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]} - AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING:-[]} - AUTHENTICATION_ENABLE_SELF_SIGNUP : ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true} - AUTHENTICATION_CLIENT_TYPE: ${AUTHENTICATION_CLIENT_TYPE:-public} - #For OIDC Authentication, when client is confidential - OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-""} - OIDC_TYPE: ${OIDC_TYPE:-""} # google, azure etc. - OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET:-""} - OIDC_SCOPE: ${OIDC_SCOPE:-"openid email profile"} - OIDC_DISCOVERY_URI: ${OIDC_DISCOVERY_URI:-""} - OIDC_USE_NONCE: ${OIDC_USE_NONCE:-true} - OIDC_PREFERRED_JWS: ${OIDC_PREFERRED_JWS:-"RS256"} - OIDC_RESPONSE_TYPE: ${OIDC_RESPONSE_TYPE:-"code"} - OIDC_DISABLE_PKCE: ${OIDC_DISABLE_PKCE:-true} - OIDC_CALLBACK: ${OIDC_CALLBACK:-"http://localhost:8585/callback"} - OIDC_SERVER_URL: ${OIDC_SERVER_URL:-"http://localhost:8585"} - OIDC_CLIENT_AUTH_METHOD: ${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"} - OIDC_TENANT: ${OIDC_TENANT:-""} - OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""} - OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}} - # For SAML Authentication - # SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false} - # SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""} - # SAML_IDP_SSO_LOGIN_URL: ${SAML_IDP_SSO_LOGIN_URL:-""} - # SAML_IDP_CERTIFICATE: ${SAML_IDP_CERTIFICATE:-""} - # SAML_AUTHORITY_URL: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"} - # SAML_IDP_NAME_ID: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"} - # SAML_SP_ENTITY_ID: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"} - # SAML_SP_ACS: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"} - # SAML_SP_CERTIFICATE: ${SAML_SP_CERTIFICATE:-""} - # SAML_SP_CALLBACK: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"} - # SAML_STRICT_MODE: ${SAML_STRICT_MODE:-false} - # SAML_SP_TOKEN_VALIDITY: ${SAML_SP_TOKEN_VALIDITY:-"3600"} - # SAML_SEND_ENCRYPTED_NAME_ID: ${SAML_SEND_ENCRYPTED_NAME_ID:-false} - # SAML_SEND_SIGNED_AUTH_REQUEST: ${SAML_SEND_SIGNED_AUTH_REQUEST:-false} - # SAML_SIGNED_SP_METADATA: ${SAML_SIGNED_SP_METADATA:-false} - # SAML_WANT_MESSAGE_SIGNED: ${SAML_WANT_MESSAGE_SIGNED:-false} - # SAML_WANT_ASSERTION_SIGNED: ${SAML_WANT_ASSERTION_SIGNED:-false} - # SAML_WANT_ASSERTION_ENCRYPTED: ${SAML_WANT_ASSERTION_ENCRYPTED:-false} - # SAML_WANT_NAME_ID_ENCRYPTED: ${SAML_WANT_NAME_ID_ENCRYPTED:-false} - # SAML_KEYSTORE_FILE_PATH: ${SAML_KEYSTORE_FILE_PATH:-""} - # SAML_KEYSTORE_ALIAS: ${SAML_KEYSTORE_ALIAS:-""} - # SAML_KEYSTORE_PASSWORD: ${SAML_KEYSTORE_PASSWORD:-""} - # For LDAP Authentication - # AUTHENTICATION_LDAP_HOST: ${AUTHENTICATION_LDAP_HOST:-} - # AUTHENTICATION_LDAP_PORT: ${AUTHENTICATION_LDAP_PORT:-} - # AUTHENTICATION_LOOKUP_ADMIN_DN: ${AUTHENTICATION_LOOKUP_ADMIN_DN:-""} - # AUTHENTICATION_LOOKUP_ADMIN_PWD: ${AUTHENTICATION_LOOKUP_ADMIN_PWD:-""} - # AUTHENTICATION_USER_LOOKUP_BASEDN: ${AUTHENTICATION_USER_LOOKUP_BASEDN:-""} - # AUTHENTICATION_USER_MAIL_ATTR: ${AUTHENTICATION_USER_MAIL_ATTR:-} - # AUTHENTICATION_LDAP_POOL_SIZE: ${AUTHENTICATION_LDAP_POOL_SIZE:-3} - # AUTHENTICATION_LDAP_SSL_ENABLED: ${AUTHENTICATION_LDAP_SSL_ENABLED:-} - # AUTHENTICATION_LDAP_TRUSTSTORE_TYPE: ${AUTHENTICATION_LDAP_TRUSTSTORE_TYPE:-TrustAll} - # AUTHENTICATION_LDAP_TRUSTSTORE_PATH: ${AUTHENTICATION_LDAP_TRUSTSTORE_PATH:-} - # AUTHENTICATION_LDAP_KEYSTORE_PASSWORD: ${AUTHENTICATION_LDAP_KEYSTORE_PASSWORD:-} - # AUTHENTICATION_LDAP_SSL_KEY_FORMAT: ${AUTHENTICATION_LDAP_SSL_KEY_FORMAT:-} - # AUTHENTICATION_LDAP_ALLOW_WILDCARDS: ${AUTHENTICATION_LDAP_ALLOW_WILDCARDS:-} - # AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES: ${AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES:-[]} - # AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST: ${AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST:-} - # AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES: ${AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES:-true} - - # JWT Configuration - RSA_PUBLIC_KEY_FILE_PATH: ${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"} - RSA_PRIVATE_KEY_FILE_PATH: ${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"} - JWT_ISSUER: ${JWT_ISSUER:-"open-metadata.org"} - JWT_KEY_ID: ${JWT_KEY_ID:-"Gb389a-9f76-gdjs-a92j-0242bk94356"} - # OpenMetadata Server Pipeline Service Client Configuration - PIPELINE_SERVICE_CLIENT_ENDPOINT: ${PIPELINE_SERVICE_CLIENT_ENDPOINT:-http://ingestion:8080} - PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL: ${PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL:-300} - SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api} - PIPELINE_SERVICE_CLIENT_VERIFY_SSL: ${PIPELINE_SERVICE_CLIENT_VERIFY_SSL:-"no-ssl"} - PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH: ${PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH:-""} - # Database configuration for MySQL - DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-com.mysql.cj.jdbc.Driver} - DB_SCHEME: ${DB_SCHEME:-mysql} - DB_PARAMS: ${DB_PARAMS:-allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC} - DB_USE_SSL: ${DB_USE_SSL:-false} - DB_USER: ${DB_USER:-openmetadata_user} - DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password} - DB_HOST: ${DB_HOST:-mysql} - DB_PORT: ${DB_PORT:-3306} - OM_DATABASE: ${OM_DATABASE:-openmetadata_db} - # ElasticSearch Configurations - ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:- elasticsearch} - ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} - ELASTICSEARCH_SCHEME: ${ELASTICSEARCH_SCHEME:-http} - ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""} - ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""} - SEARCH_TYPE: ${SEARCH_TYPE:- "elasticsearch"} - ELASTICSEARCH_CLUSTER_ALIAS: ${ELASTICSEARCH_CLUSTER_ALIAS:- "openmetadata"} - ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} - ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} - ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} - ELASTICSEARCH_SOCKET_TIMEOUT_SECS: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60} - ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS: ${ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS:-600} - ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-100} - ELASTICSEARCH_PAYLOAD_BYTES_SIZE: ${ELASTICSEARCH_PAYLOAD_BYTES_SIZE:-10485760} #max payLoadSize in Bytes - ELASTICSEARCH_INDEX_MAPPING_LANG: ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN} - - #eventMonitoringConfiguration - EVENT_MONITOR: ${EVENT_MONITOR:-prometheus} - EVENT_MONITOR_BATCH_SIZE: ${EVENT_MONITOR_BATCH_SIZE:-10} - EVENT_MONITOR_PATH_PATTERN: ${EVENT_MONITOR_PATH_PATTERN:-["/api/v1/tables/*", "/api/v1/health-check"]} - EVENT_MONITOR_LATENCY: ${EVENT_MONITOR_LATENCY:-[]} - - #pipelineServiceClientConfiguration - PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"} - PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false} - PIPELINE_SERVICE_CLIENT_HOST_IP: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""} - PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER: ${PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER:-"noop"} - #airflow parameters - AIRFLOW_USERNAME: ${AIRFLOW_USERNAME:-admin} - AIRFLOW_PASSWORD: ${AIRFLOW_PASSWORD:-admin} - AIRFLOW_TIMEOUT: ${AIRFLOW_TIMEOUT:-10} - AIRFLOW_TRUST_STORE_PATH: ${AIRFLOW_TRUST_STORE_PATH:-""} - AIRFLOW_TRUST_STORE_PASSWORD: ${AIRFLOW_TRUST_STORE_PASSWORD:-""} - FERNET_KEY: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=} - - #secretsManagerConfiguration - SECRET_MANAGER: ${SECRET_MANAGER:-db} - # AWS: - OM_SM_REGION: ${OM_SM_REGION:-""} - OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""} - OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""} - # Azure: - OM_SM_VAULT_NAME: ${OM_SM_VAULT_NAME:-""} - OM_SM_CLIENT_ID: ${OM_SM_CLIENT_ID:-""} - OM_SM_CLIENT_SECRET: ${OM_SM_CLIENT_SECRET:-""} - OM_SM_TENANT_ID: ${OM_SM_TENANT_ID:-""} - # GCP: - OM_SM_PROJECT_ID: ${OM_SM_PROJECT_ID:-""} - - #email configuration: - OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"} - OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"} - AUTHORIZER_ENABLE_SMTP : ${AUTHORIZER_ENABLE_SMTP:-false} - OPENMETADATA_SERVER_URL: ${OPENMETADATA_SERVER_URL:-""} - OPENMETADATA_SMTP_SENDER_MAIL: ${OPENMETADATA_SMTP_SENDER_MAIL:-""} - SMTP_SERVER_ENDPOINT: ${SMTP_SERVER_ENDPOINT:-""} - SMTP_SERVER_PORT: ${SMTP_SERVER_PORT:-""} - SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""} - SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""} - SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"} - - #extensionConfiguration - OM_RESOURCE_PACKAGES: ${OM_RESOURCE_PACKAGES:-[]} - OM_EXTENSIONS: ${OM_EXTENSIONS:-[]} - - # Heap OPTS Configurations - OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G} + <<: *common-env MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-true} expose: - 8585 @@ -544,6 +371,11 @@ services: - ingestion-volume-tmp:/tmp - /var/run/docker.sock:/var/run/docker.sock:z # Need 600 permissions to run DockerOperator +volumes: + ingestion-volume-dag-airflow: + ingestion-volume-dags: + ingestion-volume-tmp: + es-data: networks: local_app_net: diff --git a/docker/docker-compose-quickstart/docker-compose-postgres.yml b/docker/docker-compose-quickstart/docker-compose-postgres.yml index 4b279df6cb28..d6817148c579 100644 --- a/docker/docker-compose-quickstart/docker-compose-postgres.yml +++ b/docker/docker-compose-quickstart/docker-compose-postgres.yml @@ -9,69 +9,13 @@ # See the License for the specific language governing permissions and # limitations under the License. -version: "3.9" -volumes: - ingestion-volume-dag-airflow: - ingestion-volume-dags: - ingestion-volume-tmp: - es-data: -services: - postgresql: - container_name: openmetadata_postgresql - image: docker.getcollate.io/openmetadata/postgresql:1.5.0-SNAPSHOT - restart: always - command: "--work_mem=10MB" - environment: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: password - expose: - - 5432 - ports: - - "5432:5432" - volumes: - - ./docker-volume/db-data-postgres:/var/lib/postgresql/data - - networks: - - app_net - healthcheck: - test: psql -U postgres -tAc 'select 1' -d openmetadata_db - interval: 15s - timeout: 10s - retries: 10 - - elasticsearch: - container_name: openmetadata_elasticsearch - image: docker.elastic.co/elasticsearch/elasticsearch:8.11.4 - environment: - - discovery.type=single-node - - ES_JAVA_OPTS=-Xms1024m -Xmx1024m - - xpack.security.enabled=false - networks: - - app_net - ports: - - "9200:9200" - - "9300:9300" - healthcheck: - test: "curl -s http://localhost:9200/_cluster/health?pretty | grep status | grep -qE 'green|yellow' || exit 1" - interval: 15s - timeout: 10s - retries: 10 - volumes: - - es-data:/usr/share/elasticsearch/data - - execute-migrate-all: - container_name: execute_migrate_all - image: docker.getcollate.io/openmetadata/server:1.5.0-SNAPSHOT - command: "./bootstrap/openmetadata-ops.sh migrate" - environment: +# version: "3.9" +x-environment: &common-env OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata} SERVER_PORT: ${SERVER_PORT:-8585} SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586} LOG_LEVEL: ${LOG_LEVEL:-INFO} - # Migration - MIGRATION_LIMIT_PARAM: ${MIGRATION_LIMIT_PARAM:-1200} - # OpenMetadata Server Authentication Configuration AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} @@ -207,16 +151,11 @@ services: #secretsManagerConfiguration SECRET_MANAGER: ${SECRET_MANAGER:-db} - # AWS: + #parameters: OM_SM_REGION: ${OM_SM_REGION:-""} OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""} OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""} - # Azure: - OM_SM_VAULT_NAME: ${OM_SM_VAULT_NAME:-""} - OM_SM_CLIENT_ID: ${OM_SM_CLIENT_ID:-""} - OM_SM_CLIENT_SECRET: ${OM_SM_CLIENT_SECRET:-""} - OM_SM_TENANT_ID: ${OM_SM_TENANT_ID:-""} - + #email configuration: OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"} OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"} @@ -228,12 +167,12 @@ services: SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""} SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""} SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"} - + # Heap OPTS Configurations OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G} # Mask passwords values in UI MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} - + #OpenMetadata Web Configuration WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} #HSTS @@ -255,15 +194,62 @@ services: WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} - #Referrer-Policy - WEB_CONF_REFERRER_POLICY_ENABLED: ${WEB_CONF_REFERRER_POLICY_ENABLED:-false} - WEB_CONF_REFERRER_POLICY_OPTION: ${WEB_CONF_REFERRER_POLICY_OPTION:-"SAME_ORIGIN"} - #Permission-Policy - WEB_CONF_PERMISSION_POLICY_ENABLED: ${WEB_CONF_PERMISSION_POLICY_ENABLED:-false} - WEB_CONF_PERMISSION_POLICY_OPTION: ${WEB_CONF_PERMISSION_POLICY_OPTION:-""} #Cache WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""} WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""} + + + +services: + postgresql: + container_name: openmetadata_postgresql + image: docker.getcollate.io/openmetadata/postgresql:1.5.0-SNAPSHOT + restart: always + command: "--work_mem=10MB" + environment: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: password + expose: + - 5432 + ports: + - "5432:5432" + volumes: + - ./docker-volume/db-data-postgres:/var/lib/postgresql/data + networks: + - app_net + healthcheck: + test: psql -U postgres -tAc 'select 1' -d openmetadata_db + interval: 15s + timeout: 10s + retries: 10 + + elasticsearch: + container_name: openmetadata_elasticsearch + image: docker.elastic.co/elasticsearch/elasticsearch:8.11.4 + platform: linux/amd64 + environment: + - discovery.type=single-node + - ES_JAVA_OPTS=-Xms1024m -Xmx1024m + - xpack.security.enabled=false + networks: + - app_net + ports: + - "9200:9200" + - "9300:9300" + healthcheck: + test: "curl -s http://localhost:9200/_cluster/health?pretty | grep status | grep -qE 'green|yellow' || exit 1" + interval: 15s + timeout: 10s + retries: 10 + volumes: + - es-data:/usr/share/elasticsearch/data + + execute-migrate-all: + container_name: execute_migrate_all + image: docker.getcollate.io/openmetadata/server:1.5.0-SNAPSHOT + command: "./bootstrap/openmetadata-ops.sh migrate" + environment: + <<: *common-env depends_on: elasticsearch: condition: service_healthy @@ -277,192 +263,7 @@ services: restart: always image: docker.getcollate.io/openmetadata/server:1.5.0-SNAPSHOT environment: - OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata} - SERVER_PORT: ${SERVER_PORT:-8585} - SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586} - LOG_LEVEL: ${LOG_LEVEL:-INFO} - - # OpenMetadata Server Authentication Configuration - AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} - AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} - AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]} - AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]} - AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]} - AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"} - AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false} - AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false} - AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic} - AUTHENTICATION_RESPONSE_TYPE: ${AUTHENTICATION_RESPONSE_TYPE:-id_token} - CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""} - AUTHENTICATION_PUBLIC_KEYS: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]} - AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com} - AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""} - AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""} - AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]} - AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING:-[]} - AUTHENTICATION_ENABLE_SELF_SIGNUP: ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true} - AUTHENTICATION_CLIENT_TYPE: ${AUTHENTICATION_CLIENT_TYPE:-public} - #For OIDC Authentication, when client is confidential - OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-""} - OIDC_TYPE: ${OIDC_TYPE:-""} # google, azure etc. - OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET:-""} - OIDC_SCOPE: ${OIDC_SCOPE:-"openid email profile"} - OIDC_DISCOVERY_URI: ${OIDC_DISCOVERY_URI:-""} - OIDC_USE_NONCE: ${OIDC_USE_NONCE:-true} - OIDC_PREFERRED_JWS: ${OIDC_PREFERRED_JWS:-"RS256"} - OIDC_RESPONSE_TYPE: ${OIDC_RESPONSE_TYPE:-"code"} - OIDC_DISABLE_PKCE: ${OIDC_DISABLE_PKCE:-true} - OIDC_CALLBACK: ${OIDC_CALLBACK:-"http://localhost:8585/callback"} - OIDC_SERVER_URL: ${OIDC_SERVER_URL:-"http://localhost:8585"} - OIDC_CLIENT_AUTH_METHOD: ${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"} - OIDC_TENANT: ${OIDC_TENANT:-""} - OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""} - OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}} - # For SAML Authentication - # SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false} - # SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""} - # SAML_IDP_SSO_LOGIN_URL: ${SAML_IDP_SSO_LOGIN_URL:-""} - # SAML_IDP_CERTIFICATE: ${SAML_IDP_CERTIFICATE:-""} - # SAML_AUTHORITY_URL: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"} - # SAML_IDP_NAME_ID: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"} - # SAML_SP_ENTITY_ID: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"} - # SAML_SP_ACS: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"} - # SAML_SP_CERTIFICATE: ${SAML_SP_CERTIFICATE:-""} - # SAML_SP_CALLBACK: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"} - # SAML_STRICT_MODE: ${SAML_STRICT_MODE:-false} - # SAML_SP_TOKEN_VALIDITY: ${SAML_SP_TOKEN_VALIDITY:-"3600"} - # SAML_SEND_ENCRYPTED_NAME_ID: ${SAML_SEND_ENCRYPTED_NAME_ID:-false} - # SAML_SEND_SIGNED_AUTH_REQUEST: ${SAML_SEND_SIGNED_AUTH_REQUEST:-false} - # SAML_SIGNED_SP_METADATA: ${SAML_SIGNED_SP_METADATA:-false} - # SAML_WANT_MESSAGE_SIGNED: ${SAML_WANT_MESSAGE_SIGNED:-false} - # SAML_WANT_ASSERTION_SIGNED: ${SAML_WANT_ASSERTION_SIGNED:-false} - # SAML_WANT_ASSERTION_ENCRYPTED: ${SAML_WANT_ASSERTION_ENCRYPTED:-false} - # SAML_WANT_NAME_ID_ENCRYPTED: ${SAML_WANT_NAME_ID_ENCRYPTED:-false} - # SAML_KEYSTORE_FILE_PATH: ${SAML_KEYSTORE_FILE_PATH:-""} - # SAML_KEYSTORE_ALIAS: ${SAML_KEYSTORE_ALIAS:-""} - # SAML_KEYSTORE_PASSWORD: ${SAML_KEYSTORE_PASSWORD:-""} - # For LDAP Authentication - # AUTHENTICATION_LDAP_HOST: ${AUTHENTICATION_LDAP_HOST:-} - # AUTHENTICATION_LDAP_PORT: ${AUTHENTICATION_LDAP_PORT:-} - # AUTHENTICATION_LOOKUP_ADMIN_DN: ${AUTHENTICATION_LOOKUP_ADMIN_DN:-""} - # AUTHENTICATION_LOOKUP_ADMIN_PWD: ${AUTHENTICATION_LOOKUP_ADMIN_PWD:-""} - # AUTHENTICATION_USER_LOOKUP_BASEDN: ${AUTHENTICATION_USER_LOOKUP_BASEDN:-""} - # AUTHENTICATION_USER_MAIL_ATTR: ${AUTHENTICATION_USER_MAIL_ATTR:-} - # AUTHENTICATION_LDAP_POOL_SIZE: ${AUTHENTICATION_LDAP_POOL_SIZE:-3} - # AUTHENTICATION_LDAP_SSL_ENABLED: ${AUTHENTICATION_LDAP_SSL_ENABLED:-} - # AUTHENTICATION_LDAP_TRUSTSTORE_TYPE: ${AUTHENTICATION_LDAP_TRUSTSTORE_TYPE:-TrustAll} - # AUTHENTICATION_LDAP_TRUSTSTORE_PATH: ${AUTHENTICATION_LDAP_TRUSTSTORE_PATH:-} - # AUTHENTICATION_LDAP_KEYSTORE_PASSWORD: ${AUTHENTICATION_LDAP_KEYSTORE_PASSWORD:-} - # AUTHENTICATION_LDAP_SSL_KEY_FORMAT: ${AUTHENTICATION_LDAP_SSL_KEY_FORMAT:-} - # AUTHENTICATION_LDAP_ALLOW_WILDCARDS: ${AUTHENTICATION_LDAP_ALLOW_WILDCARDS:-} - # AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES: ${AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES:-[]} - # AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST: ${AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST:-} - # AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES: ${AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES:-true} - - # JWT Configuration - RSA_PUBLIC_KEY_FILE_PATH: ${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"} - RSA_PRIVATE_KEY_FILE_PATH: ${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"} - JWT_ISSUER: ${JWT_ISSUER:-"open-metadata.org"} - JWT_KEY_ID: ${JWT_KEY_ID:-"Gb389a-9f76-gdjs-a92j-0242bk94356"} - # OpenMetadata Server Pipeline Service Client Configuration - PIPELINE_SERVICE_CLIENT_ENDPOINT: ${PIPELINE_SERVICE_CLIENT_ENDPOINT:-http://ingestion:8080} - PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL: ${PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL:-300} - SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api} - PIPELINE_SERVICE_CLIENT_VERIFY_SSL: ${PIPELINE_SERVICE_CLIENT_VERIFY_SSL:-"no-ssl"} - PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH: ${PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH:-""} - #Database configuration for postgresql - DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-org.postgresql.Driver} - DB_SCHEME: ${DB_SCHEME:-postgresql} - DB_PARAMS: ${DB_PARAMS:-allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC} - DB_USER: ${DB_USER:-openmetadata_user} - DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password} - DB_HOST: ${DB_HOST:-postgresql} - DB_PORT: ${DB_PORT:-5432} - OM_DATABASE: ${OM_DATABASE:-openmetadata_db} - # ElasticSearch Configurations - ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:- elasticsearch} - ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} - ELASTICSEARCH_SCHEME: ${ELASTICSEARCH_SCHEME:-http} - ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""} - ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""} - SEARCH_TYPE: ${SEARCH_TYPE:- "elasticsearch"} - ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} - ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} - ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} - ELASTICSEARCH_SOCKET_TIMEOUT_SECS: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60} - ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS: ${ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS:-600} - ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-100} - ELASTICSEARCH_PAYLOAD_BYTES_SIZE: ${ELASTICSEARCH_PAYLOAD_BYTES_SIZE:-10485760} #max payLoadSize in Bytes - ELASTICSEARCH_INDEX_MAPPING_LANG: ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN} - - #eventMonitoringConfiguration - EVENT_MONITOR: ${EVENT_MONITOR:-prometheus} - EVENT_MONITOR_BATCH_SIZE: ${EVENT_MONITOR_BATCH_SIZE:-10} - EVENT_MONITOR_PATH_PATTERN: ${EVENT_MONITOR_PATH_PATTERN:-["/api/v1/tables/*", "/api/v1/health-check"]} - EVENT_MONITOR_LATENCY: ${EVENT_MONITOR_LATENCY:-[]} - - #pipelineServiceClientConfiguration - PIPELINE_SERVICE_CLIENT_ENABLED: ${PIPELINE_SERVICE_CLIENT_ENABLED:-true} - PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"} - PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false} - PIPELINE_SERVICE_CLIENT_HOST_IP: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""} - PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER: ${PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER:-"noop"} - #airflow parameters - AIRFLOW_USERNAME: ${AIRFLOW_USERNAME:-admin} - AIRFLOW_PASSWORD: ${AIRFLOW_PASSWORD:-admin} - AIRFLOW_TIMEOUT: ${AIRFLOW_TIMEOUT:-10} - AIRFLOW_TRUST_STORE_PATH: ${AIRFLOW_TRUST_STORE_PATH:-""} - AIRFLOW_TRUST_STORE_PASSWORD: ${AIRFLOW_TRUST_STORE_PASSWORD:-""} - FERNET_KEY: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=} - - #secretsManagerConfiguration - SECRET_MANAGER: ${SECRET_MANAGER:-db} - #parameters: - OM_SM_REGION: ${OM_SM_REGION:-""} - OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""} - OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""} - - #email configuration: - OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"} - OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"} - AUTHORIZER_ENABLE_SMTP : ${AUTHORIZER_ENABLE_SMTP:-false} - OPENMETADATA_SERVER_URL: ${OPENMETADATA_SERVER_URL:-""} - OPENMETADATA_SMTP_SENDER_MAIL: ${OPENMETADATA_SMTP_SENDER_MAIL:-""} - SMTP_SERVER_ENDPOINT: ${SMTP_SERVER_ENDPOINT:-""} - SMTP_SERVER_PORT: ${SMTP_SERVER_PORT:-""} - SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""} - SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""} - SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"} - - # Heap OPTS Configurations - OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G} - # Mask passwords values in UI - MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} - - #OpenMetadata Web Configuration - WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} - #HSTS - WEB_CONF_HSTS_ENABLED: ${WEB_CONF_HSTS_ENABLED:-false} - WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"} - WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"} - WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"} - #Frame Options - WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} - WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} - WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""} - #Content Type - WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} - #XSS-Protection - WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} - WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true} - WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} - #CSP - WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} - WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} - WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} - #Cache - WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""} - WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""} + <<: *common-env expose: - 8585 - 8586 @@ -525,6 +326,12 @@ services: - ingestion-volume-dags:/opt/airflow/dags - ingestion-volume-tmp:/tmp +volumes: + ingestion-volume-dag-airflow: + ingestion-volume-dags: + ingestion-volume-tmp: + es-data: + networks: app_net: ipam: diff --git a/docker/docker-compose-quickstart/docker-compose.yml b/docker/docker-compose-quickstart/docker-compose.yml index a66b57ddfb63..b819d08f79f3 100644 --- a/docker/docker-compose-quickstart/docker-compose.yml +++ b/docker/docker-compose-quickstart/docker-compose.yml @@ -9,74 +9,18 @@ # See the License for the specific language governing permissions and # limitations under the License. -version: "3.9" -volumes: - ingestion-volume-dag-airflow: - ingestion-volume-dags: - ingestion-volume-tmp: - es-data: -services: - mysql: - container_name: openmetadata_mysql - image: docker.getcollate.io/openmetadata/db:1.5.0-SNAPSHOT - command: "--sort_buffer_size=10M" - restart: always - environment: - MYSQL_ROOT_PASSWORD: password - expose: - - 3306 - ports: - - "3306:3306" - volumes: - - ./docker-volume/db-data:/var/lib/mysql - networks: - - app_net - healthcheck: - test: mysql --user=root --password=$$MYSQL_ROOT_PASSWORD --silent --execute "use openmetadata_db" - interval: 15s - timeout: 10s - retries: 10 - - elasticsearch: - container_name: openmetadata_elasticsearch - image: docker.elastic.co/elasticsearch/elasticsearch:8.11.4 - environment: - - discovery.type=single-node - - ES_JAVA_OPTS=-Xms1024m -Xmx1024m - - xpack.security.enabled=false - networks: - - app_net - ports: - - "9200:9200" - - "9300:9300" - healthcheck: - test: "curl -s http://localhost:9200/_cluster/health?pretty | grep status | grep -qE 'green|yellow' || exit 1" - interval: 15s - timeout: 10s - retries: 10 - volumes: - - es-data:/usr/share/elasticsearch/data - - execute-migrate-all: - container_name: execute_migrate_all - image: docker.getcollate.io/openmetadata/server:1.5.0-SNAPSHOT - command: "./bootstrap/openmetadata-ops.sh migrate" - environment: +x-environment: &common-env OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata} SERVER_PORT: ${SERVER_PORT:-8585} SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586} LOG_LEVEL: ${LOG_LEVEL:-INFO} - - # Migration - MIGRATION_LIMIT_PARAM: ${MIGRATION_LIMIT_PARAM:-1200} - # OpenMetadata Server Authentication Configuration AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]} AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]} AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]} - AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"} + AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"openmetadata.org"} AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false} AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false} AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic} @@ -88,7 +32,7 @@ services: AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""} AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]} AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING:-[]} - AUTHENTICATION_ENABLE_SELF_SIGNUP: ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true} + AUTHENTICATION_ENABLE_SELF_SIGNUP : ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true} AUTHENTICATION_CLIENT_TYPE: ${AUTHENTICATION_CLIENT_TYPE:-public} #For OIDC Authentication, when client is confidential OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-""} @@ -146,7 +90,6 @@ services: # AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES: ${AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES:-[]} # AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST: ${AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST:-} # AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES: ${AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES:-true} - # JWT Configuration RSA_PUBLIC_KEY_FILE_PATH: ${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"} RSA_PRIVATE_KEY_FILE_PATH: ${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"} @@ -162,6 +105,7 @@ services: DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-com.mysql.cj.jdbc.Driver} DB_SCHEME: ${DB_SCHEME:-mysql} DB_PARAMS: ${DB_PARAMS:-allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC} + DB_USE_SSL: ${DB_USE_SSL:-false} DB_USER: ${DB_USER:-openmetadata_user} DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password} DB_HOST: ${DB_HOST:-mysql} @@ -179,18 +123,15 @@ services: ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} ELASTICSEARCH_SOCKET_TIMEOUT_SECS: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60} ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS: ${ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS:-600} - ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-100} + ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-10} ELASTICSEARCH_PAYLOAD_BYTES_SIZE: ${ELASTICSEARCH_PAYLOAD_BYTES_SIZE:-10485760} #max payLoadSize in Bytes ELASTICSEARCH_INDEX_MAPPING_LANG: ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN} - #eventMonitoringConfiguration EVENT_MONITOR: ${EVENT_MONITOR:-prometheus} EVENT_MONITOR_BATCH_SIZE: ${EVENT_MONITOR_BATCH_SIZE:-10} EVENT_MONITOR_PATH_PATTERN: ${EVENT_MONITOR_PATH_PATTERN:-["/api/v1/tables/*", "/api/v1/health-check"]} EVENT_MONITOR_LATENCY: ${EVENT_MONITOR_LATENCY:-[]} - #pipelineServiceClientConfiguration - PIPELINE_SERVICE_CLIENT_ENABLED: ${PIPELINE_SERVICE_CLIENT_ENABLED:-true} PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"} PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false} PIPELINE_SERVICE_CLIENT_HOST_IP: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""} @@ -202,7 +143,6 @@ services: AIRFLOW_TRUST_STORE_PATH: ${AIRFLOW_TRUST_STORE_PATH:-""} AIRFLOW_TRUST_STORE_PASSWORD: ${AIRFLOW_TRUST_STORE_PASSWORD:-""} FERNET_KEY: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=} - #secretsManagerConfiguration SECRET_MANAGER: ${SECRET_MANAGER:-db} # AWS: @@ -214,7 +154,6 @@ services: OM_SM_CLIENT_ID: ${OM_SM_CLIENT_ID:-""} OM_SM_CLIENT_SECRET: ${OM_SM_CLIENT_SECRET:-""} OM_SM_TENANT_ID: ${OM_SM_TENANT_ID:-""} - #email configuration: OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"} OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"} @@ -226,42 +165,97 @@ services: SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""} SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""} SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"} - + #extensionConfiguration + OM_RESOURCE_PACKAGES: ${OM_RESOURCE_PACKAGES:-[]} + OM_EXTENSIONS: ${OM_EXTENSIONS:-[]} # Heap OPTS Configurations OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G} - # Mask passwords values in UI - MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} - - #OpenMetadata Web Configuration - WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} + #Cache + WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""} + WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""} + #CSP + WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} + WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} + WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} + #XSS-Protection + WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} + WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true} + WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} + #Content Type + WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} + #Frame Options + WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} + WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} + WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""} #HSTS WEB_CONF_HSTS_ENABLED: ${WEB_CONF_HSTS_ENABLED:-false} WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"} WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"} WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"} - #Frame Options - WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} - WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} - WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""} - #Content Type - WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} - #XSS-Protection - WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} - WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true} - WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} - #CSP - WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} - WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} - WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} + #OpenMetadata Web Configuration + WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} + # Mask passwords values in UI + MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} + + +services: + mysql: + container_name: openmetadata_mysql + image: docker.getcollate.io/openmetadata/db:1.5.0-SNAPSHOT + command: "--sort_buffer_size=10M" + restart: always + environment: + MYSQL_ROOT_PASSWORD: password + expose: + - 3306 + ports: + - "3306:3306" + volumes: + - ./docker-volume/db-data:/var/lib/mysql + networks: + - app_net + healthcheck: + test: mysql --user=root --password=$$MYSQL_ROOT_PASSWORD --silent --execute "use openmetadata_db" + interval: 15s + timeout: 10s + retries: 10 + + + elasticsearch: + container_name: openmetadata_elasticsearch + image: docker.elastic.co/elasticsearch/elasticsearch:8.11.4 + environment: + - discovery.type=single-node + - ES_JAVA_OPTS=-Xms1024m -Xmx1024m + - xpack.security.enabled=false + networks: + - app_net + ports: + - "9200:9200" + - "9300:9300" + healthcheck: + test: "curl -s http://localhost:9200/_cluster/health?pretty | grep status | grep -qE 'green|yellow' || exit 1" + interval: 15s + timeout: 10s + retries: 10 + volumes: + - es-data:/usr/share/elasticsearch/data + + + execute-migrate-all: + container_name: execute_migrate_all + image: docker.getcollate.io/openmetadata/server:1.5.0-SNAPSHOT + command: "./bootstrap/openmetadata-ops.sh migrate" + environment: + <<: *common-env + # Migration + MIGRATION_LIMIT_PARAM: ${MIGRATION_LIMIT_PARAM:-1200} #Referrer-Policy WEB_CONF_REFERRER_POLICY_ENABLED: ${WEB_CONF_REFERRER_POLICY_ENABLED:-false} WEB_CONF_REFERRER_POLICY_OPTION: ${WEB_CONF_REFERRER_POLICY_OPTION:-"SAME_ORIGIN"} #Permission-Policy WEB_CONF_PERMISSION_POLICY_ENABLED: ${WEB_CONF_PERMISSION_POLICY_ENABLED:-false} - WEB_CONF_PERMISSION_POLICY_OPTION: ${WEB_CONF_PERMISSION_POLICY_OPTION:-""} - #Cache - WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""} - WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""} + WEB_CONF_PERMISSION_POLICY_OPTION: ${WEB_CONF_PERMISSION_POLICY_OPTION:-""} depends_on: elasticsearch: condition: service_healthy @@ -275,193 +269,8 @@ services: restart: always image: docker.getcollate.io/openmetadata/server:1.5.0-SNAPSHOT environment: - OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata} - SERVER_PORT: ${SERVER_PORT:-8585} - SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586} - LOG_LEVEL: ${LOG_LEVEL:-INFO} - - # OpenMetadata Server Authentication Configuration - AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} - AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} - AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]} - AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]} - AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]} - AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"} - AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false} - AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false} - AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic} - AUTHENTICATION_RESPONSE_TYPE: ${AUTHENTICATION_RESPONSE_TYPE:-id_token} - CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""} - AUTHENTICATION_PUBLIC_KEYS: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]} - AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com} - AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""} - AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""} - AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]} - AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING:-[]} - AUTHENTICATION_ENABLE_SELF_SIGNUP: ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true} - AUTHENTICATION_CLIENT_TYPE: ${AUTHENTICATION_CLIENT_TYPE:-public} - #For OIDC Authentication, when client is confidential - OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-""} - OIDC_TYPE: ${OIDC_TYPE:-""} # google, azure etc. - OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET:-""} - OIDC_SCOPE: ${OIDC_SCOPE:-"openid email profile"} - OIDC_DISCOVERY_URI: ${OIDC_DISCOVERY_URI:-""} - OIDC_USE_NONCE: ${OIDC_USE_NONCE:-true} - OIDC_PREFERRED_JWS: ${OIDC_PREFERRED_JWS:-"RS256"} - OIDC_RESPONSE_TYPE: ${OIDC_RESPONSE_TYPE:-"code"} - OIDC_DISABLE_PKCE: ${OIDC_DISABLE_PKCE:-true} - OIDC_CALLBACK: ${OIDC_CALLBACK:-"http://localhost:8585/callback"} - OIDC_SERVER_URL: ${OIDC_SERVER_URL:-"http://localhost:8585"} - OIDC_CLIENT_AUTH_METHOD: ${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"} - OIDC_TENANT: ${OIDC_TENANT:-""} - OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""} - OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}} - # For SAML Authentication - # SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false} - # SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""} - # SAML_IDP_SSO_LOGIN_URL: ${SAML_IDP_SSO_LOGIN_URL:-""} - # SAML_IDP_CERTIFICATE: ${SAML_IDP_CERTIFICATE:-""} - # SAML_AUTHORITY_URL: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"} - # SAML_IDP_NAME_ID: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"} - # SAML_SP_ENTITY_ID: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"} - # SAML_SP_ACS: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"} - # SAML_SP_CERTIFICATE: ${SAML_SP_CERTIFICATE:-""} - # SAML_SP_CALLBACK: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"} - # SAML_STRICT_MODE: ${SAML_STRICT_MODE:-false} - # SAML_SP_TOKEN_VALIDITY: ${SAML_SP_TOKEN_VALIDITY:-"3600"} - # SAML_SEND_ENCRYPTED_NAME_ID: ${SAML_SEND_ENCRYPTED_NAME_ID:-false} - # SAML_SEND_SIGNED_AUTH_REQUEST: ${SAML_SEND_SIGNED_AUTH_REQUEST:-false} - # SAML_SIGNED_SP_METADATA: ${SAML_SIGNED_SP_METADATA:-false} - # SAML_WANT_MESSAGE_SIGNED: ${SAML_WANT_MESSAGE_SIGNED:-false} - # SAML_WANT_ASSERTION_SIGNED: ${SAML_WANT_ASSERTION_SIGNED:-false} - # SAML_WANT_ASSERTION_ENCRYPTED: ${SAML_WANT_ASSERTION_ENCRYPTED:-false} - # SAML_WANT_NAME_ID_ENCRYPTED: ${SAML_WANT_NAME_ID_ENCRYPTED:-false} - # SAML_KEYSTORE_FILE_PATH: ${SAML_KEYSTORE_FILE_PATH:-""} - # SAML_KEYSTORE_ALIAS: ${SAML_KEYSTORE_ALIAS:-""} - # SAML_KEYSTORE_PASSWORD: ${SAML_KEYSTORE_PASSWORD:-""} - # For LDAP Authentication - # AUTHENTICATION_LDAP_HOST: ${AUTHENTICATION_LDAP_HOST:-} - # AUTHENTICATION_LDAP_PORT: ${AUTHENTICATION_LDAP_PORT:-} - # AUTHENTICATION_LOOKUP_ADMIN_DN: ${AUTHENTICATION_LOOKUP_ADMIN_DN:-""} - # AUTHENTICATION_LOOKUP_ADMIN_PWD: ${AUTHENTICATION_LOOKUP_ADMIN_PWD:-""} - # AUTHENTICATION_USER_LOOKUP_BASEDN: ${AUTHENTICATION_USER_LOOKUP_BASEDN:-""} - # AUTHENTICATION_USER_MAIL_ATTR: ${AUTHENTICATION_USER_MAIL_ATTR:-} - # AUTHENTICATION_LDAP_POOL_SIZE: ${AUTHENTICATION_LDAP_POOL_SIZE:-3} - # AUTHENTICATION_LDAP_SSL_ENABLED: ${AUTHENTICATION_LDAP_SSL_ENABLED:-} - # AUTHENTICATION_LDAP_TRUSTSTORE_TYPE: ${AUTHENTICATION_LDAP_TRUSTSTORE_TYPE:-TrustAll} - # AUTHENTICATION_LDAP_TRUSTSTORE_PATH: ${AUTHENTICATION_LDAP_TRUSTSTORE_PATH:-} - # AUTHENTICATION_LDAP_KEYSTORE_PASSWORD: ${AUTHENTICATION_LDAP_KEYSTORE_PASSWORD:-} - # AUTHENTICATION_LDAP_SSL_KEY_FORMAT: ${AUTHENTICATION_LDAP_SSL_KEY_FORMAT:-} - # AUTHENTICATION_LDAP_ALLOW_WILDCARDS: ${AUTHENTICATION_LDAP_ALLOW_WILDCARDS:-} - # AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES: ${AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES:-[]} - # AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST: ${AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST:-} - # AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES: ${AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES:-true} - - # JWT Configuration - RSA_PUBLIC_KEY_FILE_PATH: ${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"} - RSA_PRIVATE_KEY_FILE_PATH: ${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"} - JWT_ISSUER: ${JWT_ISSUER:-"open-metadata.org"} - JWT_KEY_ID: ${JWT_KEY_ID:-"Gb389a-9f76-gdjs-a92j-0242bk94356"} - # OpenMetadata Server Pipeline Service Client Configuration - PIPELINE_SERVICE_CLIENT_ENDPOINT: ${PIPELINE_SERVICE_CLIENT_ENDPOINT:-http://ingestion:8080} - PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL: ${PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL:-300} - SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api} - PIPELINE_SERVICE_CLIENT_VERIFY_SSL: ${PIPELINE_SERVICE_CLIENT_VERIFY_SSL:-"no-ssl"} - PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH: ${PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH:-""} - # Database configuration for MySQL - DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-com.mysql.cj.jdbc.Driver} - DB_SCHEME: ${DB_SCHEME:-mysql} - DB_PARAMS: ${DB_PARAMS:-allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC} - DB_USER: ${DB_USER:-openmetadata_user} - DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password} - DB_HOST: ${DB_HOST:-mysql} - DB_PORT: ${DB_PORT:-3306} - OM_DATABASE: ${OM_DATABASE:-openmetadata_db} - # ElasticSearch Configurations - ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:- elasticsearch} - ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} - ELASTICSEARCH_SCHEME: ${ELASTICSEARCH_SCHEME:-http} - ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""} - ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""} - SEARCH_TYPE: ${SEARCH_TYPE:- "elasticsearch"} - ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} - ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} - ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} - ELASTICSEARCH_SOCKET_TIMEOUT_SECS: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60} - ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS: ${ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS:-600} - ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-100} - ELASTICSEARCH_PAYLOAD_BYTES_SIZE: ${ELASTICSEARCH_PAYLOAD_BYTES_SIZE:-10485760} #max payLoadSize in Bytes - ELASTICSEARCH_INDEX_MAPPING_LANG: ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN} - - #eventMonitoringConfiguration - EVENT_MONITOR: ${EVENT_MONITOR:-prometheus} - EVENT_MONITOR_BATCH_SIZE: ${EVENT_MONITOR_BATCH_SIZE:-10} - EVENT_MONITOR_PATH_PATTERN: ${EVENT_MONITOR_PATH_PATTERN:-["/api/v1/tables/*", "/api/v1/health-check"]} - EVENT_MONITOR_LATENCY: ${EVENT_MONITOR_LATENCY:-[]} - - #pipelineServiceClientConfiguration - PIPELINE_SERVICE_CLIENT_ENABLED: ${PIPELINE_SERVICE_CLIENT_ENABLED:-true} - PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"} - PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false} - PIPELINE_SERVICE_CLIENT_HOST_IP: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""} - PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER: ${PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER:-"noop"} - #airflow parameters - AIRFLOW_USERNAME: ${AIRFLOW_USERNAME:-admin} - AIRFLOW_PASSWORD: ${AIRFLOW_PASSWORD:-admin} - AIRFLOW_TIMEOUT: ${AIRFLOW_TIMEOUT:-10} - AIRFLOW_TRUST_STORE_PATH: ${AIRFLOW_TRUST_STORE_PATH:-""} - AIRFLOW_TRUST_STORE_PASSWORD: ${AIRFLOW_TRUST_STORE_PASSWORD:-""} - FERNET_KEY: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=} - - #secretsManagerConfiguration - SECRET_MANAGER: ${SECRET_MANAGER:-db} - #parameters: - OM_SM_REGION: ${OM_SM_REGION:-""} - OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""} - OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""} - - #email configuration: - OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"} - OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"} - AUTHORIZER_ENABLE_SMTP : ${AUTHORIZER_ENABLE_SMTP:-false} - OPENMETADATA_SERVER_URL: ${OPENMETADATA_SERVER_URL:-""} - OPENMETADATA_SMTP_SENDER_MAIL: ${OPENMETADATA_SMTP_SENDER_MAIL:-""} - SMTP_SERVER_ENDPOINT: ${SMTP_SERVER_ENDPOINT:-""} - SMTP_SERVER_PORT: ${SMTP_SERVER_PORT:-""} - SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""} - SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""} - SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"} - - # Heap OPTS Configurations - OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G} - # Mask passwords values in UI - MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} - - #OpenMetadata Web Configuration - WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} - #HSTS - WEB_CONF_HSTS_ENABLED: ${WEB_CONF_HSTS_ENABLED:-false} - WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"} - WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"} - WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"} - #Frame Options - WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} - WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} - WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""} - #Content Type - WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} - #XSS-Protection - WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} - WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true} - WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} - #CSP - WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} - WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} - WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} - #Cache - WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""} - WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""} - + <<: *common-env + MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-true} expose: - 8585 - 8586 @@ -524,6 +333,12 @@ services: - ingestion-volume-dags:/opt/airflow/dags - ingestion-volume-tmp:/tmp +volumes: + ingestion-volume-dag-airflow: + ingestion-volume-dags: + ingestion-volume-tmp: + es-data: + networks: app_net: From 5bfa29e2dee3ca862d4cdaa05ed0ac7c6c844dfb Mon Sep 17 00:00:00 2001 From: Tarun Date: Thu, 28 Nov 2024 01:17:14 +0530 Subject: [PATCH 02/10] Updated files --- docker/development/docker-compose.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/docker/development/docker-compose.yml b/docker/development/docker-compose.yml index e41348d5e36f..59b18aaf9aed 100644 --- a/docker/development/docker-compose.yml +++ b/docker/development/docker-compose.yml @@ -229,8 +229,6 @@ services: elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:8.11.4 - platform: linux/amd64 - container_name: openmetadata_elasticsearch environment: - discovery.type=single-node From 6a972a3e114adb5373beab47bb60df5a00d641fb Mon Sep 17 00:00:00 2001 From: Tarun Date: Thu, 28 Nov 2024 01:21:16 +0530 Subject: [PATCH 03/10] updated file --- docker/docker-compose-quickstart/docker-compose-postgres.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/docker/docker-compose-quickstart/docker-compose-postgres.yml b/docker/docker-compose-quickstart/docker-compose-postgres.yml index d6817148c579..4fed4f2925fb 100644 --- a/docker/docker-compose-quickstart/docker-compose-postgres.yml +++ b/docker/docker-compose-quickstart/docker-compose-postgres.yml @@ -226,7 +226,6 @@ services: elasticsearch: container_name: openmetadata_elasticsearch image: docker.elastic.co/elasticsearch/elasticsearch:8.11.4 - platform: linux/amd64 environment: - discovery.type=single-node - ES_JAVA_OPTS=-Xms1024m -Xmx1024m From 68936c9b9131bc95bd0d61d1e912dd15b8b71eb7 Mon Sep 17 00:00:00 2001 From: Tarun Date: Wed, 27 Nov 2024 18:16:02 +0530 Subject: [PATCH 04/10] Updated docker compose files --- .../development/docker-compose-postgres.yml | 325 ++++----------- docker/development/docker-compose.yml | 376 +++++------------- .../docker-compose-postgres.yml | 325 +++------------ .../docker-compose.yml | 369 +++++------------ 4 files changed, 335 insertions(+), 1060 deletions(-) diff --git a/docker/development/docker-compose-postgres.yml b/docker/development/docker-compose-postgres.yml index b37302925189..b42d7d433af2 100644 --- a/docker/development/docker-compose-postgres.yml +++ b/docker/development/docker-compose-postgres.yml @@ -9,78 +9,13 @@ # See the License for the specific language governing permissions and # limitations under the License. -version: "3.9" -volumes: - ingestion-volume-dag-airflow: - ingestion-volume-dags: - ingestion-volume-tmp: - es-data: -services: - postgresql: - build: - context: ../../. - dockerfile: docker/postgresql/Dockerfile_postgres - container_name: openmetadata_postgresql - restart: always - command: "--work_mem=10MB" - depends_on: - - opensearch - environment: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: password - expose: - - 5432 - ports: - - "5432:5432" - volumes: - - ./docker-volume/db-data-postgres:/var/lib/postgresql/data - networks: - - local_app_net - healthcheck: - test: psql -U postgres -tAc 'select 1' -d openmetadata_db - interval: 15s - timeout: 10s - retries: 10 - - opensearch: - image: opensearchproject/opensearch:latest - container_name: openmetadata_opensearch - environment: - - discovery.type=single-node - - ES_JAVA_OPTS=-Xms1024m -Xmx1024m - - plugins.security.disabled=true - - OPENSEARCH_INITIAL_ADMIN_PASSWORD=OpenMetadata_password123!!! - networks: - - local_app_net - expose: - - 9200 - - 9300 - ports: - - "9200:9200" - - "9300:9300" - healthcheck: - test: "curl -s http://localhost:9200/_cluster/health?pretty | grep status | grep -qE 'green|yellow' || exit 1" - interval: 15s - timeout: 10s - retries: 10 - volumes: - - es-data:/usr/share/opensearch/data - execute-migrate-all: - build: - context: ../../. - dockerfile: docker/development/Dockerfile - container_name: execute_migrate_all - command: "./bootstrap/openmetadata-ops.sh -d migrate --force" - environment: +x-environment: &common-env OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata} SERVER_PORT: ${SERVER_PORT:-8585} SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586} LOG_LEVEL: ${LOG_LEVEL:-INFO} - # Migration - MIGRATION_LIMIT_PARAM: ${MIGRATION_LIMIT_PARAM:-1200} - # OpenMetadata Server Authentication Configuration AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} @@ -173,20 +108,18 @@ services: DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-org.postgresql.Driver} DB_SCHEME: ${DB_SCHEME:-postgresql} DB_PARAMS: ${DB_PARAMS:-allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC} - DB_USE_SSL: ${DB_USE_SSL:-false} DB_USER: ${DB_USER:-openmetadata_user} DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password} DB_HOST: ${DB_HOST:-postgresql} DB_PORT: ${DB_PORT:-5432} OM_DATABASE: ${OM_DATABASE:-openmetadata_db} # ElasticSearch Configurations - ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-opensearch} + ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:- elasticsearch} ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} ELASTICSEARCH_SCHEME: ${ELASTICSEARCH_SCHEME:-http} ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""} ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""} - SEARCH_TYPE: ${SEARCH_TYPE:- "opensearch"} - ELASTICSEARCH_CLUSTER_ALIAS: ${ELASTICSEARCH_CLUSTER_ALIAS:- "openmetadata"} + SEARCH_TYPE: ${SEARCH_TYPE:- "elasticsearch"} ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} @@ -203,6 +136,7 @@ services: EVENT_MONITOR_LATENCY: ${EVENT_MONITOR_LATENCY:-[]} #pipelineServiceClientConfiguration + PIPELINE_SERVICE_CLIENT_ENABLED: ${PIPELINE_SERVICE_CLIENT_ENABLED:-true} PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"} PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false} PIPELINE_SERVICE_CLIENT_HOST_IP: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""} @@ -217,16 +151,11 @@ services: #secretsManagerConfiguration SECRET_MANAGER: ${SECRET_MANAGER:-db} - # AWS: + #parameters: OM_SM_REGION: ${OM_SM_REGION:-""} OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""} OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""} - # Azure: - OM_SM_VAULT_NAME: ${OM_SM_VAULT_NAME:-""} - OM_SM_CLIENT_ID: ${OM_SM_CLIENT_ID:-""} - OM_SM_CLIENT_SECRET: ${OM_SM_CLIENT_SECRET:-""} - OM_SM_TENANT_ID: ${OM_SM_TENANT_ID:-""} - + #email configuration: OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"} OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"} @@ -239,15 +168,11 @@ services: SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""} SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"} - #extensionConfiguration - OM_RESOURCE_PACKAGES: ${OM_RESOURCE_PACKAGES:-[]} - OM_EXTENSIONS: ${OM_EXTENSIONS:-[]} - # Heap OPTS Configurations OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G} # Mask passwords values in UI MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} - + #OpenMetadata Web Configuration WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} #HSTS @@ -269,15 +194,69 @@ services: WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} - #Referrer-Policy - WEB_CONF_REFERRER_POLICY_ENABLED: ${WEB_CONF_REFERRER_POLICY_ENABLED:-false} - WEB_CONF_REFERRER_POLICY_OPTION: ${WEB_CONF_REFERRER_POLICY_OPTION:-"SAME_ORIGIN"} - #Permission-Policy - WEB_CONF_PERMISSION_POLICY_ENABLED: ${WEB_CONF_PERMISSION_POLICY_ENABLED:-false} - WEB_CONF_PERMISSION_POLICY_OPTION: ${WEB_CONF_PERMISSION_POLICY_OPTION:-""} #Cache WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""} WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""} + +services: + postgresql: + build: + context: ../../. + dockerfile: docker/postgresql/Dockerfile_postgres + container_name: openmetadata_postgresql + restart: always + command: "--work_mem=10MB" + depends_on: + - opensearch + environment: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: password + expose: + - 5432 + ports: + - "5432:5432" + volumes: + - ./docker-volume/db-data-postgres:/var/lib/postgresql/data + networks: + - local_app_net + healthcheck: + test: psql -U postgres -tAc 'select 1' -d openmetadata_db + interval: 15s + timeout: 10s + retries: 10 + + opensearch: + image: opensearchproject/opensearch:latest + container_name: openmetadata_opensearch + environment: + - discovery.type=single-node + - ES_JAVA_OPTS=-Xms1024m -Xmx1024m + - plugins.security.disabled=true + - OPENSEARCH_INITIAL_ADMIN_PASSWORD=OpenMetadata_password123!!! + networks: + - local_app_net + expose: + - 9200 + - 9300 + ports: + - "9200:9200" + - "9300:9300" + healthcheck: + test: "curl -s http://localhost:9200/_cluster/health?pretty | grep status | grep -qE 'green|yellow' || exit 1" + interval: 15s + timeout: 10s + retries: 10 + volumes: + - es-data:/usr/share/opensearch/data + + execute-migrate-all: + build: + context: ../../. + dockerfile: docker/development/Dockerfile + container_name: execute_migrate_all + command: "./bootstrap/openmetadata-ops.sh -d migrate --force" + environment: + <<: *common-env depends_on: opensearch: condition: service_healthy @@ -292,169 +271,7 @@ services: dockerfile: docker/development/Dockerfile container_name: openmetadata_server environment: - OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata} - SERVER_PORT: ${SERVER_PORT:-8585} - SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586} - LOG_LEVEL: ${LOG_LEVEL:-INFO} - # OpenMetadata Server Authentication Configuration - AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} - AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} - AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]} - AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]} - AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]} - AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"} - AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false} - AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false} - AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic} - AUTHENTICATION_RESPONSE_TYPE: ${AUTHENTICATION_RESPONSE_TYPE:-id_token} - CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""} - AUTHENTICATION_PUBLIC_KEYS: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]} - AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com} - AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""} - AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""} - AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]} - AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING:-[]} - AUTHENTICATION_ENABLE_SELF_SIGNUP : ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true} - AUTHENTICATION_CLIENT_TYPE: ${AUTHENTICATION_CLIENT_TYPE:-public} - #For OIDC Authentication, when client is confidential - OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-""} - OIDC_TYPE: ${OIDC_TYPE:-""} # google, azure etc. - OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET:-""} - OIDC_SCOPE: ${OIDC_SCOPE:-"openid email profile"} - OIDC_DISCOVERY_URI: ${OIDC_DISCOVERY_URI:-""} - OIDC_USE_NONCE: ${OIDC_USE_NONCE:-true} - OIDC_PREFERRED_JWS: ${OIDC_PREFERRED_JWS:-"RS256"} - OIDC_RESPONSE_TYPE: ${OIDC_RESPONSE_TYPE:-"code"} - OIDC_DISABLE_PKCE: ${OIDC_DISABLE_PKCE:-true} - OIDC_CALLBACK: ${OIDC_CALLBACK:-"http://localhost:8585/callback"} - OIDC_SERVER_URL: ${OIDC_SERVER_URL:-"http://localhost:8585"} - OIDC_CLIENT_AUTH_METHOD: ${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"} - OIDC_TENANT: ${OIDC_TENANT:-""} - OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""} - OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}} - # For SAML Authentication - # SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false} - # SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""} - # SAML_IDP_SSO_LOGIN_URL: ${SAML_IDP_SSO_LOGIN_URL:-""} - # SAML_IDP_CERTIFICATE: ${SAML_IDP_CERTIFICATE:-""} - # SAML_AUTHORITY_URL: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"} - # SAML_IDP_NAME_ID: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"} - # SAML_SP_ENTITY_ID: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"} - # SAML_SP_ACS: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"} - # SAML_SP_CERTIFICATE: ${SAML_SP_CERTIFICATE:-""} - # SAML_SP_CALLBACK: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"} - # SAML_STRICT_MODE: ${SAML_STRICT_MODE:-false} - # SAML_SP_TOKEN_VALIDITY: ${SAML_SP_TOKEN_VALIDITY:-"3600"} - # SAML_SEND_ENCRYPTED_NAME_ID: ${SAML_SEND_ENCRYPTED_NAME_ID:-false} - # SAML_SEND_SIGNED_AUTH_REQUEST: ${SAML_SEND_SIGNED_AUTH_REQUEST:-false} - # SAML_SIGNED_SP_METADATA: ${SAML_SIGNED_SP_METADATA:-false} - # SAML_WANT_MESSAGE_SIGNED: ${SAML_WANT_MESSAGE_SIGNED:-false} - # SAML_WANT_ASSERTION_SIGNED: ${SAML_WANT_ASSERTION_SIGNED:-false} - # SAML_WANT_ASSERTION_ENCRYPTED: ${SAML_WANT_ASSERTION_ENCRYPTED:-false} - # SAML_WANT_NAME_ID_ENCRYPTED: ${SAML_WANT_NAME_ID_ENCRYPTED:-false} - # SAML_KEYSTORE_FILE_PATH: ${SAML_KEYSTORE_FILE_PATH:-""} - # SAML_KEYSTORE_ALIAS: ${SAML_KEYSTORE_ALIAS:-""} - # SAML_KEYSTORE_PASSWORD: ${SAML_KEYSTORE_PASSWORD:-""} - # For LDAP Authentication - # AUTHENTICATION_LDAP_HOST: ${AUTHENTICATION_LDAP_HOST:-} - # AUTHENTICATION_LDAP_PORT: ${AUTHENTICATION_LDAP_PORT:-} - # AUTHENTICATION_LOOKUP_ADMIN_DN: ${AUTHENTICATION_LOOKUP_ADMIN_DN:-""} - # AUTHENTICATION_LOOKUP_ADMIN_PWD: ${AUTHENTICATION_LOOKUP_ADMIN_PWD:-""} - # AUTHENTICATION_USER_LOOKUP_BASEDN: ${AUTHENTICATION_USER_LOOKUP_BASEDN:-""} - # AUTHENTICATION_USER_MAIL_ATTR: ${AUTHENTICATION_USER_MAIL_ATTR:-} - # AUTHENTICATION_LDAP_POOL_SIZE: ${AUTHENTICATION_LDAP_POOL_SIZE:-3} - # AUTHENTICATION_LDAP_SSL_ENABLED: ${AUTHENTICATION_LDAP_SSL_ENABLED:-} - # AUTHENTICATION_LDAP_TRUSTSTORE_TYPE: ${AUTHENTICATION_LDAP_TRUSTSTORE_TYPE:-TrustAll} - # AUTHENTICATION_LDAP_TRUSTSTORE_PATH: ${AUTHENTICATION_LDAP_TRUSTSTORE_PATH:-} - # AUTHENTICATION_LDAP_KEYSTORE_PASSWORD: ${AUTHENTICATION_LDAP_KEYSTORE_PASSWORD:-} - # AUTHENTICATION_LDAP_SSL_KEY_FORMAT: ${AUTHENTICATION_LDAP_SSL_KEY_FORMAT:-} - # AUTHENTICATION_LDAP_ALLOW_WILDCARDS: ${AUTHENTICATION_LDAP_ALLOW_WILDCARDS:-} - # AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES: ${AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES:-[]} - # AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST: ${AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST:-} - # AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES: ${AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES:-true} - - # JWT Configuration - RSA_PUBLIC_KEY_FILE_PATH: ${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"} - RSA_PRIVATE_KEY_FILE_PATH: ${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"} - JWT_ISSUER: ${JWT_ISSUER:-"open-metadata.org"} - JWT_KEY_ID: ${JWT_KEY_ID:-"Gb389a-9f76-gdjs-a92j-0242bk94356"} - # OpenMetadata Server Pipeline Service Client Configuration - PIPELINE_SERVICE_CLIENT_ENDPOINT: ${PIPELINE_SERVICE_CLIENT_ENDPOINT:-http://ingestion:8080} - PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL: ${PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL:-300} - SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api} - PIPELINE_SERVICE_CLIENT_VERIFY_SSL: ${PIPELINE_SERVICE_CLIENT_VERIFY_SSL:-"no-ssl"} - PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH: ${PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH:-""} - # Database configuration for Postgres - DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-org.postgresql.Driver} - DB_SCHEME: ${DB_SCHEME:-postgresql} - DB_PARAMS: ${DB_PARAMS:-allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC} - DB_USE_SSL: ${DB_USE_SSL:-false} - DB_USER: ${DB_USER:-openmetadata_user} - DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password} - DB_HOST: ${DB_HOST:-postgresql} - DB_PORT: ${DB_PORT:-5432} - OM_DATABASE: ${OM_DATABASE:-openmetadata_db} - # ElasticSearch Configurations - ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-opensearch} - ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} - ELASTICSEARCH_SCHEME: ${ELASTICSEARCH_SCHEME:-http} - ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""} - ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-"OpenMetadata_password123!!!"} - SEARCH_TYPE: ${SEARCH_TYPE:- "opensearch"} - ELASTICSEARCH_CLUSTER_ALIAS: ${ELASTICSEARCH_CLUSTER_ALIAS:- "openmetadata"} - ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} - ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} - ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} - ELASTICSEARCH_SOCKET_TIMEOUT_SECS: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60} - ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS: ${ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS:-600} - ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-100} - ELASTICSEARCH_PAYLOAD_BYTES_SIZE: ${ELASTICSEARCH_PAYLOAD_BYTES_SIZE:-10485760} #max payLoadSize in Bytes - ELASTICSEARCH_INDEX_MAPPING_LANG: ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN} - - #eventMonitoringConfiguration - EVENT_MONITOR: ${EVENT_MONITOR:-prometheus} - EVENT_MONITOR_BATCH_SIZE: ${EVENT_MONITOR_BATCH_SIZE:-10} - EVENT_MONITOR_PATH_PATTERN: ${EVENT_MONITOR_PATH_PATTERN:-["/api/v1/tables/*", "/api/v1/health-check"]} - EVENT_MONITOR_LATENCY: ${EVENT_MONITOR_LATENCY:-[]} - - #pipelineServiceClientConfiguration - PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"} - PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false} - PIPELINE_SERVICE_CLIENT_HOST_IP: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""} - PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER: ${PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER:-"noop"} - #airflow parameters - AIRFLOW_USERNAME: ${AIRFLOW_USERNAME:-admin} - AIRFLOW_PASSWORD: ${AIRFLOW_PASSWORD:-admin} - AIRFLOW_TIMEOUT: ${AIRFLOW_TIMEOUT:-10} - AIRFLOW_TRUST_STORE_PATH: ${AIRFLOW_TRUST_STORE_PATH:-""} - AIRFLOW_TRUST_STORE_PASSWORD: ${AIRFLOW_TRUST_STORE_PASSWORD:-""} - FERNET_KEY: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=} - - #secretsManagerConfiguration - SECRET_MANAGER: ${SECRET_MANAGER:-db} - #parameters: - OM_SM_REGION: ${OM_SM_REGION:-""} - OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""} - OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""} - - #email configuration: - OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"} - OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"} - AUTHORIZER_ENABLE_SMTP : ${AUTHORIZER_ENABLE_SMTP:-false} - OPENMETADATA_SERVER_URL: ${OPENMETADATA_SERVER_URL:-""} - OPENMETADATA_SMTP_SENDER_MAIL: ${OPENMETADATA_SMTP_SENDER_MAIL:-""} - SMTP_SERVER_ENDPOINT: ${SMTP_SERVER_ENDPOINT:-""} - SMTP_SERVER_PORT: ${SMTP_SERVER_PORT:-""} - SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""} - SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""} - SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"} - - #extensionConfiguration - OM_RESOURCE_PACKAGES: ${OM_RESOURCE_PACKAGES:-[]} - OM_EXTENSIONS: ${OM_EXTENSIONS:-[]} - - # Heap OPTS Configurations - OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G} + <<: *common-env MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-true} expose: - 8585 @@ -524,7 +341,11 @@ services: - ingestion-volume-dags:/opt/airflow/dags - ingestion-volume-tmp:/tmp - /var/run/docker.sock:/var/run/docker.sock:z # Need 600 permissions to run DockerOperator - +volumes: + ingestion-volume-dag-airflow: + ingestion-volume-dags: + ingestion-volume-tmp: + es-data: networks: local_app_net: diff --git a/docker/development/docker-compose.yml b/docker/development/docker-compose.yml index b5509137a521..e41348d5e36f 100644 --- a/docker/development/docker-compose.yml +++ b/docker/development/docker-compose.yml @@ -9,83 +9,19 @@ # See the License for the specific language governing permissions and # limitations under the License. -version: "3.9" -volumes: - ingestion-volume-dag-airflow: - ingestion-volume-dags: - ingestion-volume-tmp: - es-data: -services: - mysql: - build: - context: ../../. - dockerfile: docker/mysql/Dockerfile_mysql - command: "--sort_buffer_size=10M" - container_name: openmetadata_mysql - restart: always - depends_on: - - elasticsearch - environment: - MYSQL_ROOT_PASSWORD: password - expose: - - 3306 - ports: - - "3306:3306" - networks: - - local_app_net - healthcheck: - test: mysql --user=root --password=$$MYSQL_ROOT_PASSWORD --silent --execute "use openmetadata_db" - interval: 15s - timeout: 10s - retries: 10 - volumes: - - ./docker-volume/db-data:/var/lib/mysql - - elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.11.4 - container_name: openmetadata_elasticsearch - environment: - - discovery.type=single-node - - ES_JAVA_OPTS=-Xms1024m -Xmx1024m - - xpack.security.enabled=false - networks: - - local_app_net - expose: - - 9200 - - 9300 - ports: - - "9200:9200" - - "9300:9300" - healthcheck: - test: "curl -s http://localhost:9200/_cluster/health?pretty | grep status | grep -qE 'green|yellow' || exit 1" - interval: 15s - timeout: 10s - retries: 10 - volumes: - - es-data:/usr/share/elasticsearch/data - - execute-migrate-all: - build: - context: ../../. - dockerfile: docker/development/Dockerfile - container_name: execute_migrate_all - command: "./bootstrap/openmetadata-ops.sh -d migrate --force" - environment: +# version: "3.9" +x-environment: &common-env OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata} SERVER_PORT: ${SERVER_PORT:-8585} SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586} LOG_LEVEL: ${LOG_LEVEL:-INFO} - - # Migration - MIGRATION_LIMIT_PARAM: ${MIGRATION_LIMIT_PARAM:-1200} - # OpenMetadata Server Authentication Configuration AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]} AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]} AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]} - AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"} + AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"openmetadata.org"} AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false} AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false} AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic} @@ -97,7 +33,7 @@ services: AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""} AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]} AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING:-[]} - AUTHENTICATION_ENABLE_SELF_SIGNUP: ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true} + AUTHENTICATION_ENABLE_SELF_SIGNUP : ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true} AUTHENTICATION_CLIENT_TYPE: ${AUTHENTICATION_CLIENT_TYPE:-public} #For OIDC Authentication, when client is confidential OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-""} @@ -155,7 +91,6 @@ services: # AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES: ${AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES:-[]} # AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST: ${AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST:-} # AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES: ${AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES:-true} - # JWT Configuration RSA_PUBLIC_KEY_FILE_PATH: ${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"} RSA_PRIVATE_KEY_FILE_PATH: ${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"} @@ -184,22 +119,19 @@ services: ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""} ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""} SEARCH_TYPE: ${SEARCH_TYPE:- "elasticsearch"} - ELASTICSEARCH_CLUSTER_ALIAS: ${ELASTICSEARCH_CLUSTER_ALIAS:- "openmetadata"} ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} ELASTICSEARCH_SOCKET_TIMEOUT_SECS: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60} ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS: ${ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS:-600} - ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-100} + ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-10} ELASTICSEARCH_PAYLOAD_BYTES_SIZE: ${ELASTICSEARCH_PAYLOAD_BYTES_SIZE:-10485760} #max payLoadSize in Bytes ELASTICSEARCH_INDEX_MAPPING_LANG: ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN} - #eventMonitoringConfiguration EVENT_MONITOR: ${EVENT_MONITOR:-prometheus} EVENT_MONITOR_BATCH_SIZE: ${EVENT_MONITOR_BATCH_SIZE:-10} EVENT_MONITOR_PATH_PATTERN: ${EVENT_MONITOR_PATH_PATTERN:-["/api/v1/tables/*", "/api/v1/health-check"]} EVENT_MONITOR_LATENCY: ${EVENT_MONITOR_LATENCY:-[]} - #pipelineServiceClientConfiguration PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"} PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false} @@ -212,14 +144,17 @@ services: AIRFLOW_TRUST_STORE_PATH: ${AIRFLOW_TRUST_STORE_PATH:-""} AIRFLOW_TRUST_STORE_PASSWORD: ${AIRFLOW_TRUST_STORE_PASSWORD:-""} FERNET_KEY: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=} - #secretsManagerConfiguration SECRET_MANAGER: ${SECRET_MANAGER:-db} - #parameters: + # AWS: OM_SM_REGION: ${OM_SM_REGION:-""} OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""} OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""} - + # Azure: + OM_SM_VAULT_NAME: ${OM_SM_VAULT_NAME:-""} + OM_SM_CLIENT_ID: ${OM_SM_CLIENT_ID:-""} + OM_SM_CLIENT_SECRET: ${OM_SM_CLIENT_SECRET:-""} + OM_SM_TENANT_ID: ${OM_SM_TENANT_ID:-""} #email configuration: OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"} OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"} @@ -231,47 +166,109 @@ services: SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""} SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""} SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"} - #extensionConfiguration OM_RESOURCE_PACKAGES: ${OM_RESOURCE_PACKAGES:-[]} OM_EXTENSIONS: ${OM_EXTENSIONS:-[]} - - # Heap OPTS Configurations OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G} - # Mask passwords values in UI - MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} - - #OpenMetadata Web Configuration - WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} + #Cache + WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""} + WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""} + #CSP + WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} + WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} + WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} + #XSS-Protection + WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} + WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true} + WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} + #Content Type + WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} + #Frame Options + WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} + WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} + WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""} #HSTS WEB_CONF_HSTS_ENABLED: ${WEB_CONF_HSTS_ENABLED:-false} WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"} WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"} WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"} - #Frame Options - WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} - WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} - WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""} - #Content Type - WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} - #XSS-Protection - WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} - WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true} - WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} - #CSP - WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} - WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} - WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} + #OpenMetadata Web Configuration + WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} + # Mask passwords values in UI + MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} + + + + +services: + mysql: + build: + context: ../../. + dockerfile: docker/mysql/Dockerfile_mysql + command: "--sort_buffer_size=10M" + container_name: openmetadata_mysql + restart: always + depends_on: + - elasticsearch + environment: + MYSQL_ROOT_PASSWORD: password + expose: + - 3306 + ports: + - "3306:3306" + networks: + - local_app_net + healthcheck: + test: mysql --user=root --password=$$MYSQL_ROOT_PASSWORD --silent --execute "use openmetadata_db" + interval: 15s + timeout: 10s + retries: 10 + volumes: + - ./docker-volume/db-data:/var/lib/mysql + + elasticsearch: + image: docker.elastic.co/elasticsearch/elasticsearch:8.11.4 + platform: linux/amd64 + + container_name: openmetadata_elasticsearch + environment: + - discovery.type=single-node + - ES_JAVA_OPTS=-Xms1024m -Xmx1024m + - xpack.security.enabled=false + networks: + - local_app_net + expose: + - 9200 + - 9300 + ports: + - "9200:9200" + - "9300:9300" + healthcheck: + test: "curl -s http://localhost:9200/_cluster/health?pretty | grep status | grep -qE 'green|yellow' || exit 1" + interval: 15s + timeout: 10s + retries: 10 + volumes: + - es-data:/usr/share/elasticsearch/data + + execute-migrate-all: + build: + context: ../../. + dockerfile: docker/development/Dockerfile + container_name: execute_migrate_all + command: "./bootstrap/openmetadata-ops.sh -d migrate --force" + environment: + <<: *common-env + # Migration + MIGRATION_LIMIT_PARAM: ${MIGRATION_LIMIT_PARAM:-1200} #Referrer-Policy WEB_CONF_REFERRER_POLICY_ENABLED: ${WEB_CONF_REFERRER_POLICY_ENABLED:-false} WEB_CONF_REFERRER_POLICY_OPTION: ${WEB_CONF_REFERRER_POLICY_OPTION:-"SAME_ORIGIN"} #Permission-Policy WEB_CONF_PERMISSION_POLICY_ENABLED: ${WEB_CONF_PERMISSION_POLICY_ENABLED:-false} WEB_CONF_PERMISSION_POLICY_OPTION: ${WEB_CONF_PERMISSION_POLICY_OPTION:-""} - #Cache - WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""} - WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""} + depends_on: elasticsearch: condition: service_healthy @@ -286,177 +283,7 @@ services: dockerfile: docker/development/Dockerfile container_name: openmetadata_server environment: - OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata} - SERVER_PORT: ${SERVER_PORT:-8585} - SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586} - LOG_LEVEL: ${LOG_LEVEL:-INFO} - - # OpenMetadata Server Authentication Configuration - AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} - AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} - AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]} - AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]} - AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]} - AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"} - AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false} - AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false} - AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic} - AUTHENTICATION_RESPONSE_TYPE: ${AUTHENTICATION_RESPONSE_TYPE:-id_token} - CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""} - AUTHENTICATION_PUBLIC_KEYS: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]} - AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com} - AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""} - AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""} - AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]} - AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING:-[]} - AUTHENTICATION_ENABLE_SELF_SIGNUP : ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true} - AUTHENTICATION_CLIENT_TYPE: ${AUTHENTICATION_CLIENT_TYPE:-public} - #For OIDC Authentication, when client is confidential - OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-""} - OIDC_TYPE: ${OIDC_TYPE:-""} # google, azure etc. - OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET:-""} - OIDC_SCOPE: ${OIDC_SCOPE:-"openid email profile"} - OIDC_DISCOVERY_URI: ${OIDC_DISCOVERY_URI:-""} - OIDC_USE_NONCE: ${OIDC_USE_NONCE:-true} - OIDC_PREFERRED_JWS: ${OIDC_PREFERRED_JWS:-"RS256"} - OIDC_RESPONSE_TYPE: ${OIDC_RESPONSE_TYPE:-"code"} - OIDC_DISABLE_PKCE: ${OIDC_DISABLE_PKCE:-true} - OIDC_CALLBACK: ${OIDC_CALLBACK:-"http://localhost:8585/callback"} - OIDC_SERVER_URL: ${OIDC_SERVER_URL:-"http://localhost:8585"} - OIDC_CLIENT_AUTH_METHOD: ${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"} - OIDC_TENANT: ${OIDC_TENANT:-""} - OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""} - OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}} - # For SAML Authentication - # SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false} - # SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""} - # SAML_IDP_SSO_LOGIN_URL: ${SAML_IDP_SSO_LOGIN_URL:-""} - # SAML_IDP_CERTIFICATE: ${SAML_IDP_CERTIFICATE:-""} - # SAML_AUTHORITY_URL: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"} - # SAML_IDP_NAME_ID: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"} - # SAML_SP_ENTITY_ID: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"} - # SAML_SP_ACS: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"} - # SAML_SP_CERTIFICATE: ${SAML_SP_CERTIFICATE:-""} - # SAML_SP_CALLBACK: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"} - # SAML_STRICT_MODE: ${SAML_STRICT_MODE:-false} - # SAML_SP_TOKEN_VALIDITY: ${SAML_SP_TOKEN_VALIDITY:-"3600"} - # SAML_SEND_ENCRYPTED_NAME_ID: ${SAML_SEND_ENCRYPTED_NAME_ID:-false} - # SAML_SEND_SIGNED_AUTH_REQUEST: ${SAML_SEND_SIGNED_AUTH_REQUEST:-false} - # SAML_SIGNED_SP_METADATA: ${SAML_SIGNED_SP_METADATA:-false} - # SAML_WANT_MESSAGE_SIGNED: ${SAML_WANT_MESSAGE_SIGNED:-false} - # SAML_WANT_ASSERTION_SIGNED: ${SAML_WANT_ASSERTION_SIGNED:-false} - # SAML_WANT_ASSERTION_ENCRYPTED: ${SAML_WANT_ASSERTION_ENCRYPTED:-false} - # SAML_WANT_NAME_ID_ENCRYPTED: ${SAML_WANT_NAME_ID_ENCRYPTED:-false} - # SAML_KEYSTORE_FILE_PATH: ${SAML_KEYSTORE_FILE_PATH:-""} - # SAML_KEYSTORE_ALIAS: ${SAML_KEYSTORE_ALIAS:-""} - # SAML_KEYSTORE_PASSWORD: ${SAML_KEYSTORE_PASSWORD:-""} - # For LDAP Authentication - # AUTHENTICATION_LDAP_HOST: ${AUTHENTICATION_LDAP_HOST:-} - # AUTHENTICATION_LDAP_PORT: ${AUTHENTICATION_LDAP_PORT:-} - # AUTHENTICATION_LOOKUP_ADMIN_DN: ${AUTHENTICATION_LOOKUP_ADMIN_DN:-""} - # AUTHENTICATION_LOOKUP_ADMIN_PWD: ${AUTHENTICATION_LOOKUP_ADMIN_PWD:-""} - # AUTHENTICATION_USER_LOOKUP_BASEDN: ${AUTHENTICATION_USER_LOOKUP_BASEDN:-""} - # AUTHENTICATION_USER_MAIL_ATTR: ${AUTHENTICATION_USER_MAIL_ATTR:-} - # AUTHENTICATION_LDAP_POOL_SIZE: ${AUTHENTICATION_LDAP_POOL_SIZE:-3} - # AUTHENTICATION_LDAP_SSL_ENABLED: ${AUTHENTICATION_LDAP_SSL_ENABLED:-} - # AUTHENTICATION_LDAP_TRUSTSTORE_TYPE: ${AUTHENTICATION_LDAP_TRUSTSTORE_TYPE:-TrustAll} - # AUTHENTICATION_LDAP_TRUSTSTORE_PATH: ${AUTHENTICATION_LDAP_TRUSTSTORE_PATH:-} - # AUTHENTICATION_LDAP_KEYSTORE_PASSWORD: ${AUTHENTICATION_LDAP_KEYSTORE_PASSWORD:-} - # AUTHENTICATION_LDAP_SSL_KEY_FORMAT: ${AUTHENTICATION_LDAP_SSL_KEY_FORMAT:-} - # AUTHENTICATION_LDAP_ALLOW_WILDCARDS: ${AUTHENTICATION_LDAP_ALLOW_WILDCARDS:-} - # AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES: ${AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES:-[]} - # AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST: ${AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST:-} - # AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES: ${AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES:-true} - - # JWT Configuration - RSA_PUBLIC_KEY_FILE_PATH: ${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"} - RSA_PRIVATE_KEY_FILE_PATH: ${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"} - JWT_ISSUER: ${JWT_ISSUER:-"open-metadata.org"} - JWT_KEY_ID: ${JWT_KEY_ID:-"Gb389a-9f76-gdjs-a92j-0242bk94356"} - # OpenMetadata Server Pipeline Service Client Configuration - PIPELINE_SERVICE_CLIENT_ENDPOINT: ${PIPELINE_SERVICE_CLIENT_ENDPOINT:-http://ingestion:8080} - PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL: ${PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL:-300} - SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api} - PIPELINE_SERVICE_CLIENT_VERIFY_SSL: ${PIPELINE_SERVICE_CLIENT_VERIFY_SSL:-"no-ssl"} - PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH: ${PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH:-""} - # Database configuration for MySQL - DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-com.mysql.cj.jdbc.Driver} - DB_SCHEME: ${DB_SCHEME:-mysql} - DB_PARAMS: ${DB_PARAMS:-allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC} - DB_USE_SSL: ${DB_USE_SSL:-false} - DB_USER: ${DB_USER:-openmetadata_user} - DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password} - DB_HOST: ${DB_HOST:-mysql} - DB_PORT: ${DB_PORT:-3306} - OM_DATABASE: ${OM_DATABASE:-openmetadata_db} - # ElasticSearch Configurations - ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:- elasticsearch} - ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} - ELASTICSEARCH_SCHEME: ${ELASTICSEARCH_SCHEME:-http} - ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""} - ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""} - SEARCH_TYPE: ${SEARCH_TYPE:- "elasticsearch"} - ELASTICSEARCH_CLUSTER_ALIAS: ${ELASTICSEARCH_CLUSTER_ALIAS:- "openmetadata"} - ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} - ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} - ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} - ELASTICSEARCH_SOCKET_TIMEOUT_SECS: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60} - ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS: ${ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS:-600} - ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-100} - ELASTICSEARCH_PAYLOAD_BYTES_SIZE: ${ELASTICSEARCH_PAYLOAD_BYTES_SIZE:-10485760} #max payLoadSize in Bytes - ELASTICSEARCH_INDEX_MAPPING_LANG: ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN} - - #eventMonitoringConfiguration - EVENT_MONITOR: ${EVENT_MONITOR:-prometheus} - EVENT_MONITOR_BATCH_SIZE: ${EVENT_MONITOR_BATCH_SIZE:-10} - EVENT_MONITOR_PATH_PATTERN: ${EVENT_MONITOR_PATH_PATTERN:-["/api/v1/tables/*", "/api/v1/health-check"]} - EVENT_MONITOR_LATENCY: ${EVENT_MONITOR_LATENCY:-[]} - - #pipelineServiceClientConfiguration - PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"} - PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false} - PIPELINE_SERVICE_CLIENT_HOST_IP: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""} - PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER: ${PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER:-"noop"} - #airflow parameters - AIRFLOW_USERNAME: ${AIRFLOW_USERNAME:-admin} - AIRFLOW_PASSWORD: ${AIRFLOW_PASSWORD:-admin} - AIRFLOW_TIMEOUT: ${AIRFLOW_TIMEOUT:-10} - AIRFLOW_TRUST_STORE_PATH: ${AIRFLOW_TRUST_STORE_PATH:-""} - AIRFLOW_TRUST_STORE_PASSWORD: ${AIRFLOW_TRUST_STORE_PASSWORD:-""} - FERNET_KEY: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=} - - #secretsManagerConfiguration - SECRET_MANAGER: ${SECRET_MANAGER:-db} - # AWS: - OM_SM_REGION: ${OM_SM_REGION:-""} - OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""} - OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""} - # Azure: - OM_SM_VAULT_NAME: ${OM_SM_VAULT_NAME:-""} - OM_SM_CLIENT_ID: ${OM_SM_CLIENT_ID:-""} - OM_SM_CLIENT_SECRET: ${OM_SM_CLIENT_SECRET:-""} - OM_SM_TENANT_ID: ${OM_SM_TENANT_ID:-""} - # GCP: - OM_SM_PROJECT_ID: ${OM_SM_PROJECT_ID:-""} - - #email configuration: - OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"} - OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"} - AUTHORIZER_ENABLE_SMTP : ${AUTHORIZER_ENABLE_SMTP:-false} - OPENMETADATA_SERVER_URL: ${OPENMETADATA_SERVER_URL:-""} - OPENMETADATA_SMTP_SENDER_MAIL: ${OPENMETADATA_SMTP_SENDER_MAIL:-""} - SMTP_SERVER_ENDPOINT: ${SMTP_SERVER_ENDPOINT:-""} - SMTP_SERVER_PORT: ${SMTP_SERVER_PORT:-""} - SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""} - SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""} - SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"} - - #extensionConfiguration - OM_RESOURCE_PACKAGES: ${OM_RESOURCE_PACKAGES:-[]} - OM_EXTENSIONS: ${OM_EXTENSIONS:-[]} - - # Heap OPTS Configurations - OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G} + <<: *common-env MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-true} expose: - 8585 @@ -544,6 +371,11 @@ services: - ingestion-volume-tmp:/tmp - /var/run/docker.sock:/var/run/docker.sock:z # Need 600 permissions to run DockerOperator +volumes: + ingestion-volume-dag-airflow: + ingestion-volume-dags: + ingestion-volume-tmp: + es-data: networks: local_app_net: diff --git a/docker/docker-compose-quickstart/docker-compose-postgres.yml b/docker/docker-compose-quickstart/docker-compose-postgres.yml index 4b279df6cb28..d6817148c579 100644 --- a/docker/docker-compose-quickstart/docker-compose-postgres.yml +++ b/docker/docker-compose-quickstart/docker-compose-postgres.yml @@ -9,69 +9,13 @@ # See the License for the specific language governing permissions and # limitations under the License. -version: "3.9" -volumes: - ingestion-volume-dag-airflow: - ingestion-volume-dags: - ingestion-volume-tmp: - es-data: -services: - postgresql: - container_name: openmetadata_postgresql - image: docker.getcollate.io/openmetadata/postgresql:1.5.0-SNAPSHOT - restart: always - command: "--work_mem=10MB" - environment: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: password - expose: - - 5432 - ports: - - "5432:5432" - volumes: - - ./docker-volume/db-data-postgres:/var/lib/postgresql/data - - networks: - - app_net - healthcheck: - test: psql -U postgres -tAc 'select 1' -d openmetadata_db - interval: 15s - timeout: 10s - retries: 10 - - elasticsearch: - container_name: openmetadata_elasticsearch - image: docker.elastic.co/elasticsearch/elasticsearch:8.11.4 - environment: - - discovery.type=single-node - - ES_JAVA_OPTS=-Xms1024m -Xmx1024m - - xpack.security.enabled=false - networks: - - app_net - ports: - - "9200:9200" - - "9300:9300" - healthcheck: - test: "curl -s http://localhost:9200/_cluster/health?pretty | grep status | grep -qE 'green|yellow' || exit 1" - interval: 15s - timeout: 10s - retries: 10 - volumes: - - es-data:/usr/share/elasticsearch/data - - execute-migrate-all: - container_name: execute_migrate_all - image: docker.getcollate.io/openmetadata/server:1.5.0-SNAPSHOT - command: "./bootstrap/openmetadata-ops.sh migrate" - environment: +# version: "3.9" +x-environment: &common-env OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata} SERVER_PORT: ${SERVER_PORT:-8585} SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586} LOG_LEVEL: ${LOG_LEVEL:-INFO} - # Migration - MIGRATION_LIMIT_PARAM: ${MIGRATION_LIMIT_PARAM:-1200} - # OpenMetadata Server Authentication Configuration AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} @@ -207,16 +151,11 @@ services: #secretsManagerConfiguration SECRET_MANAGER: ${SECRET_MANAGER:-db} - # AWS: + #parameters: OM_SM_REGION: ${OM_SM_REGION:-""} OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""} OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""} - # Azure: - OM_SM_VAULT_NAME: ${OM_SM_VAULT_NAME:-""} - OM_SM_CLIENT_ID: ${OM_SM_CLIENT_ID:-""} - OM_SM_CLIENT_SECRET: ${OM_SM_CLIENT_SECRET:-""} - OM_SM_TENANT_ID: ${OM_SM_TENANT_ID:-""} - + #email configuration: OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"} OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"} @@ -228,12 +167,12 @@ services: SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""} SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""} SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"} - + # Heap OPTS Configurations OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G} # Mask passwords values in UI MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} - + #OpenMetadata Web Configuration WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} #HSTS @@ -255,15 +194,62 @@ services: WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} - #Referrer-Policy - WEB_CONF_REFERRER_POLICY_ENABLED: ${WEB_CONF_REFERRER_POLICY_ENABLED:-false} - WEB_CONF_REFERRER_POLICY_OPTION: ${WEB_CONF_REFERRER_POLICY_OPTION:-"SAME_ORIGIN"} - #Permission-Policy - WEB_CONF_PERMISSION_POLICY_ENABLED: ${WEB_CONF_PERMISSION_POLICY_ENABLED:-false} - WEB_CONF_PERMISSION_POLICY_OPTION: ${WEB_CONF_PERMISSION_POLICY_OPTION:-""} #Cache WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""} WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""} + + + +services: + postgresql: + container_name: openmetadata_postgresql + image: docker.getcollate.io/openmetadata/postgresql:1.5.0-SNAPSHOT + restart: always + command: "--work_mem=10MB" + environment: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: password + expose: + - 5432 + ports: + - "5432:5432" + volumes: + - ./docker-volume/db-data-postgres:/var/lib/postgresql/data + networks: + - app_net + healthcheck: + test: psql -U postgres -tAc 'select 1' -d openmetadata_db + interval: 15s + timeout: 10s + retries: 10 + + elasticsearch: + container_name: openmetadata_elasticsearch + image: docker.elastic.co/elasticsearch/elasticsearch:8.11.4 + platform: linux/amd64 + environment: + - discovery.type=single-node + - ES_JAVA_OPTS=-Xms1024m -Xmx1024m + - xpack.security.enabled=false + networks: + - app_net + ports: + - "9200:9200" + - "9300:9300" + healthcheck: + test: "curl -s http://localhost:9200/_cluster/health?pretty | grep status | grep -qE 'green|yellow' || exit 1" + interval: 15s + timeout: 10s + retries: 10 + volumes: + - es-data:/usr/share/elasticsearch/data + + execute-migrate-all: + container_name: execute_migrate_all + image: docker.getcollate.io/openmetadata/server:1.5.0-SNAPSHOT + command: "./bootstrap/openmetadata-ops.sh migrate" + environment: + <<: *common-env depends_on: elasticsearch: condition: service_healthy @@ -277,192 +263,7 @@ services: restart: always image: docker.getcollate.io/openmetadata/server:1.5.0-SNAPSHOT environment: - OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata} - SERVER_PORT: ${SERVER_PORT:-8585} - SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586} - LOG_LEVEL: ${LOG_LEVEL:-INFO} - - # OpenMetadata Server Authentication Configuration - AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} - AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} - AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]} - AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]} - AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]} - AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"} - AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false} - AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false} - AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic} - AUTHENTICATION_RESPONSE_TYPE: ${AUTHENTICATION_RESPONSE_TYPE:-id_token} - CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""} - AUTHENTICATION_PUBLIC_KEYS: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]} - AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com} - AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""} - AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""} - AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]} - AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING:-[]} - AUTHENTICATION_ENABLE_SELF_SIGNUP: ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true} - AUTHENTICATION_CLIENT_TYPE: ${AUTHENTICATION_CLIENT_TYPE:-public} - #For OIDC Authentication, when client is confidential - OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-""} - OIDC_TYPE: ${OIDC_TYPE:-""} # google, azure etc. - OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET:-""} - OIDC_SCOPE: ${OIDC_SCOPE:-"openid email profile"} - OIDC_DISCOVERY_URI: ${OIDC_DISCOVERY_URI:-""} - OIDC_USE_NONCE: ${OIDC_USE_NONCE:-true} - OIDC_PREFERRED_JWS: ${OIDC_PREFERRED_JWS:-"RS256"} - OIDC_RESPONSE_TYPE: ${OIDC_RESPONSE_TYPE:-"code"} - OIDC_DISABLE_PKCE: ${OIDC_DISABLE_PKCE:-true} - OIDC_CALLBACK: ${OIDC_CALLBACK:-"http://localhost:8585/callback"} - OIDC_SERVER_URL: ${OIDC_SERVER_URL:-"http://localhost:8585"} - OIDC_CLIENT_AUTH_METHOD: ${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"} - OIDC_TENANT: ${OIDC_TENANT:-""} - OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""} - OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}} - # For SAML Authentication - # SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false} - # SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""} - # SAML_IDP_SSO_LOGIN_URL: ${SAML_IDP_SSO_LOGIN_URL:-""} - # SAML_IDP_CERTIFICATE: ${SAML_IDP_CERTIFICATE:-""} - # SAML_AUTHORITY_URL: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"} - # SAML_IDP_NAME_ID: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"} - # SAML_SP_ENTITY_ID: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"} - # SAML_SP_ACS: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"} - # SAML_SP_CERTIFICATE: ${SAML_SP_CERTIFICATE:-""} - # SAML_SP_CALLBACK: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"} - # SAML_STRICT_MODE: ${SAML_STRICT_MODE:-false} - # SAML_SP_TOKEN_VALIDITY: ${SAML_SP_TOKEN_VALIDITY:-"3600"} - # SAML_SEND_ENCRYPTED_NAME_ID: ${SAML_SEND_ENCRYPTED_NAME_ID:-false} - # SAML_SEND_SIGNED_AUTH_REQUEST: ${SAML_SEND_SIGNED_AUTH_REQUEST:-false} - # SAML_SIGNED_SP_METADATA: ${SAML_SIGNED_SP_METADATA:-false} - # SAML_WANT_MESSAGE_SIGNED: ${SAML_WANT_MESSAGE_SIGNED:-false} - # SAML_WANT_ASSERTION_SIGNED: ${SAML_WANT_ASSERTION_SIGNED:-false} - # SAML_WANT_ASSERTION_ENCRYPTED: ${SAML_WANT_ASSERTION_ENCRYPTED:-false} - # SAML_WANT_NAME_ID_ENCRYPTED: ${SAML_WANT_NAME_ID_ENCRYPTED:-false} - # SAML_KEYSTORE_FILE_PATH: ${SAML_KEYSTORE_FILE_PATH:-""} - # SAML_KEYSTORE_ALIAS: ${SAML_KEYSTORE_ALIAS:-""} - # SAML_KEYSTORE_PASSWORD: ${SAML_KEYSTORE_PASSWORD:-""} - # For LDAP Authentication - # AUTHENTICATION_LDAP_HOST: ${AUTHENTICATION_LDAP_HOST:-} - # AUTHENTICATION_LDAP_PORT: ${AUTHENTICATION_LDAP_PORT:-} - # AUTHENTICATION_LOOKUP_ADMIN_DN: ${AUTHENTICATION_LOOKUP_ADMIN_DN:-""} - # AUTHENTICATION_LOOKUP_ADMIN_PWD: ${AUTHENTICATION_LOOKUP_ADMIN_PWD:-""} - # AUTHENTICATION_USER_LOOKUP_BASEDN: ${AUTHENTICATION_USER_LOOKUP_BASEDN:-""} - # AUTHENTICATION_USER_MAIL_ATTR: ${AUTHENTICATION_USER_MAIL_ATTR:-} - # AUTHENTICATION_LDAP_POOL_SIZE: ${AUTHENTICATION_LDAP_POOL_SIZE:-3} - # AUTHENTICATION_LDAP_SSL_ENABLED: ${AUTHENTICATION_LDAP_SSL_ENABLED:-} - # AUTHENTICATION_LDAP_TRUSTSTORE_TYPE: ${AUTHENTICATION_LDAP_TRUSTSTORE_TYPE:-TrustAll} - # AUTHENTICATION_LDAP_TRUSTSTORE_PATH: ${AUTHENTICATION_LDAP_TRUSTSTORE_PATH:-} - # AUTHENTICATION_LDAP_KEYSTORE_PASSWORD: ${AUTHENTICATION_LDAP_KEYSTORE_PASSWORD:-} - # AUTHENTICATION_LDAP_SSL_KEY_FORMAT: ${AUTHENTICATION_LDAP_SSL_KEY_FORMAT:-} - # AUTHENTICATION_LDAP_ALLOW_WILDCARDS: ${AUTHENTICATION_LDAP_ALLOW_WILDCARDS:-} - # AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES: ${AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES:-[]} - # AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST: ${AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST:-} - # AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES: ${AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES:-true} - - # JWT Configuration - RSA_PUBLIC_KEY_FILE_PATH: ${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"} - RSA_PRIVATE_KEY_FILE_PATH: ${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"} - JWT_ISSUER: ${JWT_ISSUER:-"open-metadata.org"} - JWT_KEY_ID: ${JWT_KEY_ID:-"Gb389a-9f76-gdjs-a92j-0242bk94356"} - # OpenMetadata Server Pipeline Service Client Configuration - PIPELINE_SERVICE_CLIENT_ENDPOINT: ${PIPELINE_SERVICE_CLIENT_ENDPOINT:-http://ingestion:8080} - PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL: ${PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL:-300} - SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api} - PIPELINE_SERVICE_CLIENT_VERIFY_SSL: ${PIPELINE_SERVICE_CLIENT_VERIFY_SSL:-"no-ssl"} - PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH: ${PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH:-""} - #Database configuration for postgresql - DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-org.postgresql.Driver} - DB_SCHEME: ${DB_SCHEME:-postgresql} - DB_PARAMS: ${DB_PARAMS:-allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC} - DB_USER: ${DB_USER:-openmetadata_user} - DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password} - DB_HOST: ${DB_HOST:-postgresql} - DB_PORT: ${DB_PORT:-5432} - OM_DATABASE: ${OM_DATABASE:-openmetadata_db} - # ElasticSearch Configurations - ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:- elasticsearch} - ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} - ELASTICSEARCH_SCHEME: ${ELASTICSEARCH_SCHEME:-http} - ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""} - ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""} - SEARCH_TYPE: ${SEARCH_TYPE:- "elasticsearch"} - ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} - ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} - ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} - ELASTICSEARCH_SOCKET_TIMEOUT_SECS: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60} - ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS: ${ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS:-600} - ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-100} - ELASTICSEARCH_PAYLOAD_BYTES_SIZE: ${ELASTICSEARCH_PAYLOAD_BYTES_SIZE:-10485760} #max payLoadSize in Bytes - ELASTICSEARCH_INDEX_MAPPING_LANG: ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN} - - #eventMonitoringConfiguration - EVENT_MONITOR: ${EVENT_MONITOR:-prometheus} - EVENT_MONITOR_BATCH_SIZE: ${EVENT_MONITOR_BATCH_SIZE:-10} - EVENT_MONITOR_PATH_PATTERN: ${EVENT_MONITOR_PATH_PATTERN:-["/api/v1/tables/*", "/api/v1/health-check"]} - EVENT_MONITOR_LATENCY: ${EVENT_MONITOR_LATENCY:-[]} - - #pipelineServiceClientConfiguration - PIPELINE_SERVICE_CLIENT_ENABLED: ${PIPELINE_SERVICE_CLIENT_ENABLED:-true} - PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"} - PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false} - PIPELINE_SERVICE_CLIENT_HOST_IP: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""} - PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER: ${PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER:-"noop"} - #airflow parameters - AIRFLOW_USERNAME: ${AIRFLOW_USERNAME:-admin} - AIRFLOW_PASSWORD: ${AIRFLOW_PASSWORD:-admin} - AIRFLOW_TIMEOUT: ${AIRFLOW_TIMEOUT:-10} - AIRFLOW_TRUST_STORE_PATH: ${AIRFLOW_TRUST_STORE_PATH:-""} - AIRFLOW_TRUST_STORE_PASSWORD: ${AIRFLOW_TRUST_STORE_PASSWORD:-""} - FERNET_KEY: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=} - - #secretsManagerConfiguration - SECRET_MANAGER: ${SECRET_MANAGER:-db} - #parameters: - OM_SM_REGION: ${OM_SM_REGION:-""} - OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""} - OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""} - - #email configuration: - OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"} - OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"} - AUTHORIZER_ENABLE_SMTP : ${AUTHORIZER_ENABLE_SMTP:-false} - OPENMETADATA_SERVER_URL: ${OPENMETADATA_SERVER_URL:-""} - OPENMETADATA_SMTP_SENDER_MAIL: ${OPENMETADATA_SMTP_SENDER_MAIL:-""} - SMTP_SERVER_ENDPOINT: ${SMTP_SERVER_ENDPOINT:-""} - SMTP_SERVER_PORT: ${SMTP_SERVER_PORT:-""} - SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""} - SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""} - SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"} - - # Heap OPTS Configurations - OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G} - # Mask passwords values in UI - MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} - - #OpenMetadata Web Configuration - WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} - #HSTS - WEB_CONF_HSTS_ENABLED: ${WEB_CONF_HSTS_ENABLED:-false} - WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"} - WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"} - WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"} - #Frame Options - WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} - WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} - WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""} - #Content Type - WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} - #XSS-Protection - WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} - WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true} - WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} - #CSP - WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} - WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} - WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} - #Cache - WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""} - WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""} + <<: *common-env expose: - 8585 - 8586 @@ -525,6 +326,12 @@ services: - ingestion-volume-dags:/opt/airflow/dags - ingestion-volume-tmp:/tmp +volumes: + ingestion-volume-dag-airflow: + ingestion-volume-dags: + ingestion-volume-tmp: + es-data: + networks: app_net: ipam: diff --git a/docker/docker-compose-quickstart/docker-compose.yml b/docker/docker-compose-quickstart/docker-compose.yml index a66b57ddfb63..b819d08f79f3 100644 --- a/docker/docker-compose-quickstart/docker-compose.yml +++ b/docker/docker-compose-quickstart/docker-compose.yml @@ -9,74 +9,18 @@ # See the License for the specific language governing permissions and # limitations under the License. -version: "3.9" -volumes: - ingestion-volume-dag-airflow: - ingestion-volume-dags: - ingestion-volume-tmp: - es-data: -services: - mysql: - container_name: openmetadata_mysql - image: docker.getcollate.io/openmetadata/db:1.5.0-SNAPSHOT - command: "--sort_buffer_size=10M" - restart: always - environment: - MYSQL_ROOT_PASSWORD: password - expose: - - 3306 - ports: - - "3306:3306" - volumes: - - ./docker-volume/db-data:/var/lib/mysql - networks: - - app_net - healthcheck: - test: mysql --user=root --password=$$MYSQL_ROOT_PASSWORD --silent --execute "use openmetadata_db" - interval: 15s - timeout: 10s - retries: 10 - - elasticsearch: - container_name: openmetadata_elasticsearch - image: docker.elastic.co/elasticsearch/elasticsearch:8.11.4 - environment: - - discovery.type=single-node - - ES_JAVA_OPTS=-Xms1024m -Xmx1024m - - xpack.security.enabled=false - networks: - - app_net - ports: - - "9200:9200" - - "9300:9300" - healthcheck: - test: "curl -s http://localhost:9200/_cluster/health?pretty | grep status | grep -qE 'green|yellow' || exit 1" - interval: 15s - timeout: 10s - retries: 10 - volumes: - - es-data:/usr/share/elasticsearch/data - - execute-migrate-all: - container_name: execute_migrate_all - image: docker.getcollate.io/openmetadata/server:1.5.0-SNAPSHOT - command: "./bootstrap/openmetadata-ops.sh migrate" - environment: +x-environment: &common-env OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata} SERVER_PORT: ${SERVER_PORT:-8585} SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586} LOG_LEVEL: ${LOG_LEVEL:-INFO} - - # Migration - MIGRATION_LIMIT_PARAM: ${MIGRATION_LIMIT_PARAM:-1200} - # OpenMetadata Server Authentication Configuration AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]} AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]} AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]} - AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"} + AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"openmetadata.org"} AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false} AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false} AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic} @@ -88,7 +32,7 @@ services: AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""} AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]} AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING:-[]} - AUTHENTICATION_ENABLE_SELF_SIGNUP: ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true} + AUTHENTICATION_ENABLE_SELF_SIGNUP : ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true} AUTHENTICATION_CLIENT_TYPE: ${AUTHENTICATION_CLIENT_TYPE:-public} #For OIDC Authentication, when client is confidential OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-""} @@ -146,7 +90,6 @@ services: # AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES: ${AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES:-[]} # AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST: ${AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST:-} # AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES: ${AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES:-true} - # JWT Configuration RSA_PUBLIC_KEY_FILE_PATH: ${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"} RSA_PRIVATE_KEY_FILE_PATH: ${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"} @@ -162,6 +105,7 @@ services: DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-com.mysql.cj.jdbc.Driver} DB_SCHEME: ${DB_SCHEME:-mysql} DB_PARAMS: ${DB_PARAMS:-allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC} + DB_USE_SSL: ${DB_USE_SSL:-false} DB_USER: ${DB_USER:-openmetadata_user} DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password} DB_HOST: ${DB_HOST:-mysql} @@ -179,18 +123,15 @@ services: ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} ELASTICSEARCH_SOCKET_TIMEOUT_SECS: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60} ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS: ${ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS:-600} - ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-100} + ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-10} ELASTICSEARCH_PAYLOAD_BYTES_SIZE: ${ELASTICSEARCH_PAYLOAD_BYTES_SIZE:-10485760} #max payLoadSize in Bytes ELASTICSEARCH_INDEX_MAPPING_LANG: ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN} - #eventMonitoringConfiguration EVENT_MONITOR: ${EVENT_MONITOR:-prometheus} EVENT_MONITOR_BATCH_SIZE: ${EVENT_MONITOR_BATCH_SIZE:-10} EVENT_MONITOR_PATH_PATTERN: ${EVENT_MONITOR_PATH_PATTERN:-["/api/v1/tables/*", "/api/v1/health-check"]} EVENT_MONITOR_LATENCY: ${EVENT_MONITOR_LATENCY:-[]} - #pipelineServiceClientConfiguration - PIPELINE_SERVICE_CLIENT_ENABLED: ${PIPELINE_SERVICE_CLIENT_ENABLED:-true} PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"} PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false} PIPELINE_SERVICE_CLIENT_HOST_IP: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""} @@ -202,7 +143,6 @@ services: AIRFLOW_TRUST_STORE_PATH: ${AIRFLOW_TRUST_STORE_PATH:-""} AIRFLOW_TRUST_STORE_PASSWORD: ${AIRFLOW_TRUST_STORE_PASSWORD:-""} FERNET_KEY: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=} - #secretsManagerConfiguration SECRET_MANAGER: ${SECRET_MANAGER:-db} # AWS: @@ -214,7 +154,6 @@ services: OM_SM_CLIENT_ID: ${OM_SM_CLIENT_ID:-""} OM_SM_CLIENT_SECRET: ${OM_SM_CLIENT_SECRET:-""} OM_SM_TENANT_ID: ${OM_SM_TENANT_ID:-""} - #email configuration: OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"} OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"} @@ -226,42 +165,97 @@ services: SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""} SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""} SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"} - + #extensionConfiguration + OM_RESOURCE_PACKAGES: ${OM_RESOURCE_PACKAGES:-[]} + OM_EXTENSIONS: ${OM_EXTENSIONS:-[]} # Heap OPTS Configurations OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G} - # Mask passwords values in UI - MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} - - #OpenMetadata Web Configuration - WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} + #Cache + WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""} + WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""} + #CSP + WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} + WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} + WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} + #XSS-Protection + WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} + WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true} + WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} + #Content Type + WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} + #Frame Options + WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} + WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} + WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""} #HSTS WEB_CONF_HSTS_ENABLED: ${WEB_CONF_HSTS_ENABLED:-false} WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"} WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"} WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"} - #Frame Options - WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} - WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} - WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""} - #Content Type - WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} - #XSS-Protection - WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} - WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true} - WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} - #CSP - WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} - WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} - WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} + #OpenMetadata Web Configuration + WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} + # Mask passwords values in UI + MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} + + +services: + mysql: + container_name: openmetadata_mysql + image: docker.getcollate.io/openmetadata/db:1.5.0-SNAPSHOT + command: "--sort_buffer_size=10M" + restart: always + environment: + MYSQL_ROOT_PASSWORD: password + expose: + - 3306 + ports: + - "3306:3306" + volumes: + - ./docker-volume/db-data:/var/lib/mysql + networks: + - app_net + healthcheck: + test: mysql --user=root --password=$$MYSQL_ROOT_PASSWORD --silent --execute "use openmetadata_db" + interval: 15s + timeout: 10s + retries: 10 + + + elasticsearch: + container_name: openmetadata_elasticsearch + image: docker.elastic.co/elasticsearch/elasticsearch:8.11.4 + environment: + - discovery.type=single-node + - ES_JAVA_OPTS=-Xms1024m -Xmx1024m + - xpack.security.enabled=false + networks: + - app_net + ports: + - "9200:9200" + - "9300:9300" + healthcheck: + test: "curl -s http://localhost:9200/_cluster/health?pretty | grep status | grep -qE 'green|yellow' || exit 1" + interval: 15s + timeout: 10s + retries: 10 + volumes: + - es-data:/usr/share/elasticsearch/data + + + execute-migrate-all: + container_name: execute_migrate_all + image: docker.getcollate.io/openmetadata/server:1.5.0-SNAPSHOT + command: "./bootstrap/openmetadata-ops.sh migrate" + environment: + <<: *common-env + # Migration + MIGRATION_LIMIT_PARAM: ${MIGRATION_LIMIT_PARAM:-1200} #Referrer-Policy WEB_CONF_REFERRER_POLICY_ENABLED: ${WEB_CONF_REFERRER_POLICY_ENABLED:-false} WEB_CONF_REFERRER_POLICY_OPTION: ${WEB_CONF_REFERRER_POLICY_OPTION:-"SAME_ORIGIN"} #Permission-Policy WEB_CONF_PERMISSION_POLICY_ENABLED: ${WEB_CONF_PERMISSION_POLICY_ENABLED:-false} - WEB_CONF_PERMISSION_POLICY_OPTION: ${WEB_CONF_PERMISSION_POLICY_OPTION:-""} - #Cache - WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""} - WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""} + WEB_CONF_PERMISSION_POLICY_OPTION: ${WEB_CONF_PERMISSION_POLICY_OPTION:-""} depends_on: elasticsearch: condition: service_healthy @@ -275,193 +269,8 @@ services: restart: always image: docker.getcollate.io/openmetadata/server:1.5.0-SNAPSHOT environment: - OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata} - SERVER_PORT: ${SERVER_PORT:-8585} - SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586} - LOG_LEVEL: ${LOG_LEVEL:-INFO} - - # OpenMetadata Server Authentication Configuration - AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} - AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} - AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]} - AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]} - AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]} - AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"} - AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false} - AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false} - AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic} - AUTHENTICATION_RESPONSE_TYPE: ${AUTHENTICATION_RESPONSE_TYPE:-id_token} - CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""} - AUTHENTICATION_PUBLIC_KEYS: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]} - AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com} - AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""} - AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""} - AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]} - AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING:-[]} - AUTHENTICATION_ENABLE_SELF_SIGNUP: ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true} - AUTHENTICATION_CLIENT_TYPE: ${AUTHENTICATION_CLIENT_TYPE:-public} - #For OIDC Authentication, when client is confidential - OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-""} - OIDC_TYPE: ${OIDC_TYPE:-""} # google, azure etc. - OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET:-""} - OIDC_SCOPE: ${OIDC_SCOPE:-"openid email profile"} - OIDC_DISCOVERY_URI: ${OIDC_DISCOVERY_URI:-""} - OIDC_USE_NONCE: ${OIDC_USE_NONCE:-true} - OIDC_PREFERRED_JWS: ${OIDC_PREFERRED_JWS:-"RS256"} - OIDC_RESPONSE_TYPE: ${OIDC_RESPONSE_TYPE:-"code"} - OIDC_DISABLE_PKCE: ${OIDC_DISABLE_PKCE:-true} - OIDC_CALLBACK: ${OIDC_CALLBACK:-"http://localhost:8585/callback"} - OIDC_SERVER_URL: ${OIDC_SERVER_URL:-"http://localhost:8585"} - OIDC_CLIENT_AUTH_METHOD: ${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"} - OIDC_TENANT: ${OIDC_TENANT:-""} - OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""} - OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}} - # For SAML Authentication - # SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false} - # SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""} - # SAML_IDP_SSO_LOGIN_URL: ${SAML_IDP_SSO_LOGIN_URL:-""} - # SAML_IDP_CERTIFICATE: ${SAML_IDP_CERTIFICATE:-""} - # SAML_AUTHORITY_URL: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"} - # SAML_IDP_NAME_ID: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"} - # SAML_SP_ENTITY_ID: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"} - # SAML_SP_ACS: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"} - # SAML_SP_CERTIFICATE: ${SAML_SP_CERTIFICATE:-""} - # SAML_SP_CALLBACK: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"} - # SAML_STRICT_MODE: ${SAML_STRICT_MODE:-false} - # SAML_SP_TOKEN_VALIDITY: ${SAML_SP_TOKEN_VALIDITY:-"3600"} - # SAML_SEND_ENCRYPTED_NAME_ID: ${SAML_SEND_ENCRYPTED_NAME_ID:-false} - # SAML_SEND_SIGNED_AUTH_REQUEST: ${SAML_SEND_SIGNED_AUTH_REQUEST:-false} - # SAML_SIGNED_SP_METADATA: ${SAML_SIGNED_SP_METADATA:-false} - # SAML_WANT_MESSAGE_SIGNED: ${SAML_WANT_MESSAGE_SIGNED:-false} - # SAML_WANT_ASSERTION_SIGNED: ${SAML_WANT_ASSERTION_SIGNED:-false} - # SAML_WANT_ASSERTION_ENCRYPTED: ${SAML_WANT_ASSERTION_ENCRYPTED:-false} - # SAML_WANT_NAME_ID_ENCRYPTED: ${SAML_WANT_NAME_ID_ENCRYPTED:-false} - # SAML_KEYSTORE_FILE_PATH: ${SAML_KEYSTORE_FILE_PATH:-""} - # SAML_KEYSTORE_ALIAS: ${SAML_KEYSTORE_ALIAS:-""} - # SAML_KEYSTORE_PASSWORD: ${SAML_KEYSTORE_PASSWORD:-""} - # For LDAP Authentication - # AUTHENTICATION_LDAP_HOST: ${AUTHENTICATION_LDAP_HOST:-} - # AUTHENTICATION_LDAP_PORT: ${AUTHENTICATION_LDAP_PORT:-} - # AUTHENTICATION_LOOKUP_ADMIN_DN: ${AUTHENTICATION_LOOKUP_ADMIN_DN:-""} - # AUTHENTICATION_LOOKUP_ADMIN_PWD: ${AUTHENTICATION_LOOKUP_ADMIN_PWD:-""} - # AUTHENTICATION_USER_LOOKUP_BASEDN: ${AUTHENTICATION_USER_LOOKUP_BASEDN:-""} - # AUTHENTICATION_USER_MAIL_ATTR: ${AUTHENTICATION_USER_MAIL_ATTR:-} - # AUTHENTICATION_LDAP_POOL_SIZE: ${AUTHENTICATION_LDAP_POOL_SIZE:-3} - # AUTHENTICATION_LDAP_SSL_ENABLED: ${AUTHENTICATION_LDAP_SSL_ENABLED:-} - # AUTHENTICATION_LDAP_TRUSTSTORE_TYPE: ${AUTHENTICATION_LDAP_TRUSTSTORE_TYPE:-TrustAll} - # AUTHENTICATION_LDAP_TRUSTSTORE_PATH: ${AUTHENTICATION_LDAP_TRUSTSTORE_PATH:-} - # AUTHENTICATION_LDAP_KEYSTORE_PASSWORD: ${AUTHENTICATION_LDAP_KEYSTORE_PASSWORD:-} - # AUTHENTICATION_LDAP_SSL_KEY_FORMAT: ${AUTHENTICATION_LDAP_SSL_KEY_FORMAT:-} - # AUTHENTICATION_LDAP_ALLOW_WILDCARDS: ${AUTHENTICATION_LDAP_ALLOW_WILDCARDS:-} - # AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES: ${AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES:-[]} - # AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST: ${AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST:-} - # AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES: ${AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES:-true} - - # JWT Configuration - RSA_PUBLIC_KEY_FILE_PATH: ${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"} - RSA_PRIVATE_KEY_FILE_PATH: ${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"} - JWT_ISSUER: ${JWT_ISSUER:-"open-metadata.org"} - JWT_KEY_ID: ${JWT_KEY_ID:-"Gb389a-9f76-gdjs-a92j-0242bk94356"} - # OpenMetadata Server Pipeline Service Client Configuration - PIPELINE_SERVICE_CLIENT_ENDPOINT: ${PIPELINE_SERVICE_CLIENT_ENDPOINT:-http://ingestion:8080} - PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL: ${PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL:-300} - SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api} - PIPELINE_SERVICE_CLIENT_VERIFY_SSL: ${PIPELINE_SERVICE_CLIENT_VERIFY_SSL:-"no-ssl"} - PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH: ${PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH:-""} - # Database configuration for MySQL - DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-com.mysql.cj.jdbc.Driver} - DB_SCHEME: ${DB_SCHEME:-mysql} - DB_PARAMS: ${DB_PARAMS:-allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC} - DB_USER: ${DB_USER:-openmetadata_user} - DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password} - DB_HOST: ${DB_HOST:-mysql} - DB_PORT: ${DB_PORT:-3306} - OM_DATABASE: ${OM_DATABASE:-openmetadata_db} - # ElasticSearch Configurations - ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:- elasticsearch} - ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} - ELASTICSEARCH_SCHEME: ${ELASTICSEARCH_SCHEME:-http} - ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""} - ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""} - SEARCH_TYPE: ${SEARCH_TYPE:- "elasticsearch"} - ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} - ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} - ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} - ELASTICSEARCH_SOCKET_TIMEOUT_SECS: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60} - ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS: ${ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS:-600} - ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-100} - ELASTICSEARCH_PAYLOAD_BYTES_SIZE: ${ELASTICSEARCH_PAYLOAD_BYTES_SIZE:-10485760} #max payLoadSize in Bytes - ELASTICSEARCH_INDEX_MAPPING_LANG: ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN} - - #eventMonitoringConfiguration - EVENT_MONITOR: ${EVENT_MONITOR:-prometheus} - EVENT_MONITOR_BATCH_SIZE: ${EVENT_MONITOR_BATCH_SIZE:-10} - EVENT_MONITOR_PATH_PATTERN: ${EVENT_MONITOR_PATH_PATTERN:-["/api/v1/tables/*", "/api/v1/health-check"]} - EVENT_MONITOR_LATENCY: ${EVENT_MONITOR_LATENCY:-[]} - - #pipelineServiceClientConfiguration - PIPELINE_SERVICE_CLIENT_ENABLED: ${PIPELINE_SERVICE_CLIENT_ENABLED:-true} - PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"} - PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false} - PIPELINE_SERVICE_CLIENT_HOST_IP: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""} - PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER: ${PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER:-"noop"} - #airflow parameters - AIRFLOW_USERNAME: ${AIRFLOW_USERNAME:-admin} - AIRFLOW_PASSWORD: ${AIRFLOW_PASSWORD:-admin} - AIRFLOW_TIMEOUT: ${AIRFLOW_TIMEOUT:-10} - AIRFLOW_TRUST_STORE_PATH: ${AIRFLOW_TRUST_STORE_PATH:-""} - AIRFLOW_TRUST_STORE_PASSWORD: ${AIRFLOW_TRUST_STORE_PASSWORD:-""} - FERNET_KEY: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=} - - #secretsManagerConfiguration - SECRET_MANAGER: ${SECRET_MANAGER:-db} - #parameters: - OM_SM_REGION: ${OM_SM_REGION:-""} - OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""} - OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""} - - #email configuration: - OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"} - OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"} - AUTHORIZER_ENABLE_SMTP : ${AUTHORIZER_ENABLE_SMTP:-false} - OPENMETADATA_SERVER_URL: ${OPENMETADATA_SERVER_URL:-""} - OPENMETADATA_SMTP_SENDER_MAIL: ${OPENMETADATA_SMTP_SENDER_MAIL:-""} - SMTP_SERVER_ENDPOINT: ${SMTP_SERVER_ENDPOINT:-""} - SMTP_SERVER_PORT: ${SMTP_SERVER_PORT:-""} - SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""} - SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""} - SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"} - - # Heap OPTS Configurations - OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G} - # Mask passwords values in UI - MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} - - #OpenMetadata Web Configuration - WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} - #HSTS - WEB_CONF_HSTS_ENABLED: ${WEB_CONF_HSTS_ENABLED:-false} - WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"} - WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"} - WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"} - #Frame Options - WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} - WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} - WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""} - #Content Type - WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} - #XSS-Protection - WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} - WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true} - WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} - #CSP - WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} - WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} - WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} - #Cache - WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""} - WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""} - + <<: *common-env + MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-true} expose: - 8585 - 8586 @@ -524,6 +333,12 @@ services: - ingestion-volume-dags:/opt/airflow/dags - ingestion-volume-tmp:/tmp +volumes: + ingestion-volume-dag-airflow: + ingestion-volume-dags: + ingestion-volume-tmp: + es-data: + networks: app_net: From c029639066f0ae686c45d269f33bf53d7bb61d52 Mon Sep 17 00:00:00 2001 From: Tarun Date: Thu, 28 Nov 2024 01:17:14 +0530 Subject: [PATCH 05/10] Updated files --- docker/development/docker-compose.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/docker/development/docker-compose.yml b/docker/development/docker-compose.yml index e41348d5e36f..59b18aaf9aed 100644 --- a/docker/development/docker-compose.yml +++ b/docker/development/docker-compose.yml @@ -229,8 +229,6 @@ services: elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:8.11.4 - platform: linux/amd64 - container_name: openmetadata_elasticsearch environment: - discovery.type=single-node From 3ebbde0e482ceb7c05820ed9c1b18826781d4777 Mon Sep 17 00:00:00 2001 From: Tarun Date: Thu, 28 Nov 2024 01:21:16 +0530 Subject: [PATCH 06/10] updated file --- docker/docker-compose-quickstart/docker-compose-postgres.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/docker/docker-compose-quickstart/docker-compose-postgres.yml b/docker/docker-compose-quickstart/docker-compose-postgres.yml index d6817148c579..4fed4f2925fb 100644 --- a/docker/docker-compose-quickstart/docker-compose-postgres.yml +++ b/docker/docker-compose-quickstart/docker-compose-postgres.yml @@ -226,7 +226,6 @@ services: elasticsearch: container_name: openmetadata_elasticsearch image: docker.elastic.co/elasticsearch/elasticsearch:8.11.4 - platform: linux/amd64 environment: - discovery.type=single-node - ES_JAVA_OPTS=-Xms1024m -Xmx1024m From 6060f18b04533509cdb4ec823af61b2b0b176d1f Mon Sep 17 00:00:00 2001 From: Tarun Date: Wed, 11 Dec 2024 16:55:56 +0530 Subject: [PATCH 07/10] Updated docker compose yaml files --- .../development/docker-compose-postgres.yml | 5 ---- docker/development/docker-compose.yml | 25 +++++++----------- .../docker-compose.yml | 26 +++++++------------ 3 files changed, 19 insertions(+), 37 deletions(-) diff --git a/docker/development/docker-compose-postgres.yml b/docker/development/docker-compose-postgres.yml index b42d7d433af2..2ed10a6c4223 100644 --- a/docker/development/docker-compose-postgres.yml +++ b/docker/development/docker-compose-postgres.yml @@ -167,12 +167,8 @@ x-environment: &common-env SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""} SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""} SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"} - # Heap OPTS Configurations OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G} - # Mask passwords values in UI - MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} - #OpenMetadata Web Configuration WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} #HSTS @@ -272,7 +268,6 @@ services: container_name: openmetadata_server environment: <<: *common-env - MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-true} expose: - 8585 - 8586 diff --git a/docker/development/docker-compose.yml b/docker/development/docker-compose.yml index 59b18aaf9aed..d1deff852ca0 100644 --- a/docker/development/docker-compose.yml +++ b/docker/development/docker-compose.yml @@ -193,13 +193,16 @@ x-environment: &common-env WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"} WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"} WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"} - #OpenMetadata Web Configuration + #OpenMetadata Web Configuration WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} - # Mask passwords values in UI - MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} - - - + # Migration + MIGRATION_LIMIT_PARAM: ${MIGRATION_LIMIT_PARAM:-1200} + #Referrer-Policy + WEB_CONF_REFERRER_POLICY_ENABLED: ${WEB_CONF_REFERRER_POLICY_ENABLED:-false} + WEB_CONF_REFERRER_POLICY_OPTION: ${WEB_CONF_REFERRER_POLICY_OPTION:-"SAME_ORIGIN"} + #Permission-Policy + WEB_CONF_PERMISSION_POLICY_ENABLED: ${WEB_CONF_PERMISSION_POLICY_ENABLED:-false} + WEB_CONF_PERMISSION_POLICY_OPTION: ${WEB_CONF_PERMISSION_POLICY_OPTION:-""} services: mysql: @@ -258,15 +261,6 @@ services: command: "./bootstrap/openmetadata-ops.sh -d migrate --force" environment: <<: *common-env - # Migration - MIGRATION_LIMIT_PARAM: ${MIGRATION_LIMIT_PARAM:-1200} - #Referrer-Policy - WEB_CONF_REFERRER_POLICY_ENABLED: ${WEB_CONF_REFERRER_POLICY_ENABLED:-false} - WEB_CONF_REFERRER_POLICY_OPTION: ${WEB_CONF_REFERRER_POLICY_OPTION:-"SAME_ORIGIN"} - #Permission-Policy - WEB_CONF_PERMISSION_POLICY_ENABLED: ${WEB_CONF_PERMISSION_POLICY_ENABLED:-false} - WEB_CONF_PERMISSION_POLICY_OPTION: ${WEB_CONF_PERMISSION_POLICY_OPTION:-""} - depends_on: elasticsearch: condition: service_healthy @@ -282,7 +276,6 @@ services: container_name: openmetadata_server environment: <<: *common-env - MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-true} expose: - 8585 - 8586 diff --git a/docker/docker-compose-quickstart/docker-compose.yml b/docker/docker-compose-quickstart/docker-compose.yml index b819d08f79f3..c2aa25d61eec 100644 --- a/docker/docker-compose-quickstart/docker-compose.yml +++ b/docker/docker-compose-quickstart/docker-compose.yml @@ -173,17 +173,17 @@ x-environment: &common-env #Cache WEB_CONF_CACHE_CONTROL: ${WEB_CONF_CACHE_CONTROL:-""} WEB_CONF_PRAGMA: ${WEB_CONF_PRAGMA:-""} - #CSP + #CSP WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} - #XSS-Protection + #XSS-Protection WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true} WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} #Content Type WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} - #Frame Options + #Frame Options WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""} @@ -192,11 +192,14 @@ x-environment: &common-env WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"} WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"} WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"} - #OpenMetadata Web Configuration + #OpenMetadata Web Configuration WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} - # Mask passwords values in UI - MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} - + #Referrer-Policy + WEB_CONF_REFERRER_POLICY_ENABLED: ${WEB_CONF_REFERRER_POLICY_ENABLED:-false} + WEB_CONF_REFERRER_POLICY_OPTION: ${WEB_CONF_REFERRER_POLICY_OPTION:-"SAME_ORIGIN"} + #Permission-Policy + WEB_CONF_PERMISSION_POLICY_ENABLED: ${WEB_CONF_PERMISSION_POLICY_ENABLED:-false} + WEB_CONF_PERMISSION_POLICY_OPTION: ${WEB_CONF_PERMISSION_POLICY_OPTION:-""} services: mysql: @@ -248,14 +251,6 @@ services: command: "./bootstrap/openmetadata-ops.sh migrate" environment: <<: *common-env - # Migration - MIGRATION_LIMIT_PARAM: ${MIGRATION_LIMIT_PARAM:-1200} - #Referrer-Policy - WEB_CONF_REFERRER_POLICY_ENABLED: ${WEB_CONF_REFERRER_POLICY_ENABLED:-false} - WEB_CONF_REFERRER_POLICY_OPTION: ${WEB_CONF_REFERRER_POLICY_OPTION:-"SAME_ORIGIN"} - #Permission-Policy - WEB_CONF_PERMISSION_POLICY_ENABLED: ${WEB_CONF_PERMISSION_POLICY_ENABLED:-false} - WEB_CONF_PERMISSION_POLICY_OPTION: ${WEB_CONF_PERMISSION_POLICY_OPTION:-""} depends_on: elasticsearch: condition: service_healthy @@ -270,7 +265,6 @@ services: image: docker.getcollate.io/openmetadata/server:1.5.0-SNAPSHOT environment: <<: *common-env - MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-true} expose: - 8585 - 8586 From c4abd776dea344334b632e0dafdafa3e24dca6cf Mon Sep 17 00:00:00 2001 From: Tarun Date: Tue, 7 Jan 2025 13:07:59 +0530 Subject: [PATCH 08/10] updated --- docker/development/docker-compose-postgres.yml | 4 ++-- docker/docker-compose-quickstart/docker-compose-postgres.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docker/development/docker-compose-postgres.yml b/docker/development/docker-compose-postgres.yml index 2ed10a6c4223..e127d348c169 100644 --- a/docker/development/docker-compose-postgres.yml +++ b/docker/development/docker-compose-postgres.yml @@ -114,12 +114,12 @@ x-environment: &common-env DB_PORT: ${DB_PORT:-5432} OM_DATABASE: ${OM_DATABASE:-openmetadata_db} # ElasticSearch Configurations - ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:- elasticsearch} + ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:- opensearch} ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} ELASTICSEARCH_SCHEME: ${ELASTICSEARCH_SCHEME:-http} ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""} ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""} - SEARCH_TYPE: ${SEARCH_TYPE:- "elasticsearch"} + SEARCH_TYPE: ${SEARCH_TYPE:- "opensearch"} ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} diff --git a/docker/docker-compose-quickstart/docker-compose-postgres.yml b/docker/docker-compose-quickstart/docker-compose-postgres.yml index 4fed4f2925fb..103ddef790d5 100644 --- a/docker/docker-compose-quickstart/docker-compose-postgres.yml +++ b/docker/docker-compose-quickstart/docker-compose-postgres.yml @@ -114,12 +114,12 @@ x-environment: &common-env DB_PORT: ${DB_PORT:-5432} OM_DATABASE: ${OM_DATABASE:-openmetadata_db} # ElasticSearch Configurations - ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:- elasticsearch} + ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:- opensearch} ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} ELASTICSEARCH_SCHEME: ${ELASTICSEARCH_SCHEME:-http} ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""} ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""} - SEARCH_TYPE: ${SEARCH_TYPE:- "elasticsearch"} + SEARCH_TYPE: ${SEARCH_TYPE:- "opensearch"} ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} From bb97b0cf5d068dc1cf82efbdb18d6c75c69cacdf Mon Sep 17 00:00:00 2001 From: Tarun Date: Thu, 9 Jan 2025 17:54:34 +0530 Subject: [PATCH 09/10] Updated compose files --- docker/development/docker-compose-postgres.yml | 1 + docker/development/docker-compose.yml | 1 + docker/docker-compose-quickstart/docker-compose-postgres.yml | 1 + docker/docker-compose-quickstart/docker-compose.yml | 1 + 4 files changed, 4 insertions(+) diff --git a/docker/development/docker-compose-postgres.yml b/docker/development/docker-compose-postgres.yml index e127d348c169..d75600733175 100644 --- a/docker/development/docker-compose-postgres.yml +++ b/docker/development/docker-compose-postgres.yml @@ -120,6 +120,7 @@ x-environment: &common-env ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""} ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""} SEARCH_TYPE: ${SEARCH_TYPE:- "opensearch"} + ELASTICSEARCH_CLUSTER_ALIAS: ${ELASTICSEARCH_CLUSTER_ALIAS:- "openmetadata"} ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} diff --git a/docker/development/docker-compose.yml b/docker/development/docker-compose.yml index d1deff852ca0..4fed562895d3 100644 --- a/docker/development/docker-compose.yml +++ b/docker/development/docker-compose.yml @@ -119,6 +119,7 @@ x-environment: &common-env ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""} ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""} SEARCH_TYPE: ${SEARCH_TYPE:- "elasticsearch"} + ELASTICSEARCH_CLUSTER_ALIAS: ${ELASTICSEARCH_CLUSTER_ALIAS:- "openmetadata"} ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} diff --git a/docker/docker-compose-quickstart/docker-compose-postgres.yml b/docker/docker-compose-quickstart/docker-compose-postgres.yml index 103ddef790d5..395b3e12481a 100644 --- a/docker/docker-compose-quickstart/docker-compose-postgres.yml +++ b/docker/docker-compose-quickstart/docker-compose-postgres.yml @@ -120,6 +120,7 @@ x-environment: &common-env ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""} ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""} SEARCH_TYPE: ${SEARCH_TYPE:- "opensearch"} + ELASTICSEARCH_CLUSTER_ALIAS: ${ELASTICSEARCH_CLUSTER_ALIAS:- "openmetadata"} ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} diff --git a/docker/docker-compose-quickstart/docker-compose.yml b/docker/docker-compose-quickstart/docker-compose.yml index c2aa25d61eec..b45b830f92f3 100644 --- a/docker/docker-compose-quickstart/docker-compose.yml +++ b/docker/docker-compose-quickstart/docker-compose.yml @@ -118,6 +118,7 @@ x-environment: &common-env ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""} ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""} SEARCH_TYPE: ${SEARCH_TYPE:- "elasticsearch"} + ELASTICSEARCH_CLUSTER_ALIAS: ${ELASTICSEARCH_CLUSTER_ALIAS:- "openmetadata"} ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} From c86d4aa3e1f50d0381703a6d7f714547b562a6fa Mon Sep 17 00:00:00 2001 From: Tarun Date: Mon, 20 Jan 2025 20:52:39 +0530 Subject: [PATCH 10/10] updated docker-compose.yml file --- docker/development/docker-compose.yml | 2 +- docker/docker-compose-quickstart/docker-compose.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/development/docker-compose.yml b/docker/development/docker-compose.yml index 4fed562895d3..12a4e4d0e9fb 100644 --- a/docker/development/docker-compose.yml +++ b/docker/development/docker-compose.yml @@ -21,7 +21,7 @@ x-environment: &common-env AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]} AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]} AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]} - AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"openmetadata.org"} + AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"} AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false} AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false} AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic} diff --git a/docker/docker-compose-quickstart/docker-compose.yml b/docker/docker-compose-quickstart/docker-compose.yml index b45b830f92f3..f86a698bb267 100644 --- a/docker/docker-compose-quickstart/docker-compose.yml +++ b/docker/docker-compose-quickstart/docker-compose.yml @@ -20,7 +20,7 @@ x-environment: &common-env AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]} AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]} AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]} - AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"openmetadata.org"} + AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"} AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false} AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false} AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic}