├── .gitignore
├── taf
    └── .gitignore
├── openziti-init.Dockerfile
├── compose-builder
    ├── .gitignore
    ├── add-taf-mqtt-broker-mosquitto.yml
    ├── add-taf-mqtt-broker-nanomq.yml
    ├── add-secure-device-mqtt.yml
    ├── common-non-security.env
    ├── common-security.env
    ├── add-runtime-token-config-template.yml
    ├── gen-header
    ├── add-taf-device-services-mods.yml
    ├── add-mqtt-broker-nanomq.yml
    ├── add-mqtt-broker-mosquitto.yml
    ├── add-modbus-simulator.yml
    ├── add-postgres.yml
    ├── add-device-uart.yml
    ├── add-device-onvif-camera.yml
    ├── add-mqtt-messagebus.yml
    ├── add-device-s7.yml
    ├── add-device-gpio.yml
    ├── add-device-rest.yml
    ├── add-device-snmp.yml
    ├── add-service-secure-template.yml
    ├── add-device-opc-ua.yml
    ├── add-device-modbus.yml
    ├── add-device-virtual.yml
    ├── add-device-rfid-llrp.yml
    ├── add-app-record-replay.yml
    ├── add-device-mqtt.yml
    ├── add-device-usb-camera.yml
    ├── add-asc-metrics-influxdb.yml
    ├── common-sec-stage-gate.env
    ├── add-secure-mqtt-broker.yml
    ├── add-device-coap.yml
    ├── add-app-rfid-llrp-inventory.yml
    ├── gen_runtime_token_config_compose_ext.sh
    ├── add-device-can.yml
    ├── add-secure-mqtt-messagebus.yml
    ├── add-asc-sample.yml
    ├── add-device-bacnet-ip.yml
    ├── add-asc-http-export.yml
    ├── add-secure-postgres.yml
    ├── add-device-bacnet-mstp.yml
    ├── get-api-gateway-token.sh
    ├── add-asc-mqtt-export.yml
    ├── add-asc-external-mqtt-trigger.yml
    ├── add-taf-app-services-secure.yml
    ├── add-nats-messagebus.yml
    ├── .env
    ├── upload-api-gateway-cert.sh
    ├── add-taf-app-services.yml
    ├── add-security-zero-trust.yml
    ├── add-security-proxy.yml
    ├── gen_secure_compose_ext.sh
    ├── add-delayed-start-services.yml
    ├── add-security.yml
    ├── docker-compose-base.yml
    └── tui-generator.sh
├── .github
    ├── semantic.yml
    ├── PULL_REQUEST_TEMPLATE.md
    └── Contributing.md
├── OWNERS.md
├── GOVERNANCE.md
├── docker-compose-portainer.yml
├── Jenkinsfile
├── Makefile
├── docker-compose-openziti.yml
├── openziti-init-entrypoint.sh
├── README.md
├── LICENSE
├── docker-compose-no-secty.yml
└── docker-compose-no-secty-arm64.yml


/.gitignore:
--------------------------------------------------------------------------------
1 | .idea/
2 | .vscode
3 | 


--------------------------------------------------------------------------------
/taf/.gitignore:
--------------------------------------------------------------------------------
1 | docker-compose-taf-no-secty-mqtt-bus-nanomq.yml
2 | docker-compose-taf-perf-no-secty-mqtt-bus-nanomq.yml


--------------------------------------------------------------------------------
/openziti-init.Dockerfile:
--------------------------------------------------------------------------------
1 | FROM openziti/ziti-cli:0.33.1
2 | 
3 | COPY ./openziti-init-entrypoint.sh /entrypoint.sh
4 | 
5 | ENTRYPOINT [ "/entrypoint.sh" ]
6 |  


--------------------------------------------------------------------------------
/compose-builder/.gitignore:
--------------------------------------------------------------------------------
1 | # docker-compose.yml is generated by the `make gen [options]` command
2 | docker-compose.yml
3 | # staging directory is generated by the shell script gen_secure_compose_ext.sh
4 | gen_ext_scty/
5 | gen_ext_compose
6 | res/
7 | 


--------------------------------------------------------------------------------
/.github/semantic.yml:
--------------------------------------------------------------------------------
 1 | allowMergeCommits: true
 2 | # Always validate the PR title AND all the commits
 3 | titleAndCommits: true
 4 | types:
 5 |     - feat
 6 |     - fix
 7 |     - docs
 8 |     - style
 9 |     - refactor
10 |     - perf
11 |     - test
12 |     - build
13 |     - ci
14 |     - revert
15 | 
16 | 
17 | 


--------------------------------------------------------------------------------
/compose-builder/add-taf-mqtt-broker-mosquitto.yml:
--------------------------------------------------------------------------------
 1 | services:
 2 |   mqtt-taf-broker:
 3 |     image: eclipse-mosquitto:${MOSQUITTO_VERSION}
 4 |     command: "/usr/sbin/mosquitto -c /mosquitto-no-auth.conf"
 5 |     ports:
 6 |       - "127.0.0.1:1884:1883"
 7 |     container_name: edgex-taf-mqtt-broker
 8 |     hostname: edgex-taf-mqtt-broker
 9 |     read_only: true
10 |     restart: always
11 |     networks:
12 |       - edgex-network
13 |     security_opt:
14 |       - no-new-privileges:true
15 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"


--------------------------------------------------------------------------------
/compose-builder/add-taf-mqtt-broker-nanomq.yml:
--------------------------------------------------------------------------------
 1 | volumes:
 2 |   taf-nanomq-log:
 3 | 
 4 | services:
 5 |   mqtt-taf-broker:
 6 |     image: emqx/nanomq:${NANOMQ_VERSION}
 7 |     ports:
 8 |       - "127.0.0.1:1884:1883"
 9 |     container_name: edgex-taf-mqtt-broker
10 |     hostname: edgex-taf-mqtt-broker
11 |     read_only: true
12 |     restart: always
13 |     networks:
14 |       - edgex-network
15 |     security_opt:
16 |       - no-new-privileges:true
17 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
18 |     volumes:
19 |       - taf-nanomq-log:/tmp
20 | 


--------------------------------------------------------------------------------
/OWNERS.md:
--------------------------------------------------------------------------------
1 | # Repository Owners
2 | 
3 | This repository is managed by the EdgeX Core Working Group.  As such, the **Core Working Group** chairman is considered the "owner" of the repository and approves all committers of the repository.
4 | 
5 | See the [project Wiki TSC page](https://wiki.edgexfoundry.org/pages/viewpage.action?pageId=329436#TechnicalSteeringCommittee(TSC)-WorkingGroups) for information on the current EdgeX TSC and who occupies the role of Core Working Group chair.
6 | 
7 | For a complete list of current committers see: https://github.com/orgs/edgexfoundry/teams/edgex-compose-committers/members.
8 | 
9 | 


--------------------------------------------------------------------------------
/GOVERNANCE.md:
--------------------------------------------------------------------------------
1 | # Governance
2 | 
3 | Project governance as well as policies, procedures and instructions for contributing to EdgeX Foundry can be found on our Wiki site at the following locations:
4 | 
5 | - [EdgeX Technical Steering Committee](https://wiki.edgexfoundry.org/pages/viewpage.action?pageId=329436)
6 | - [Contributor's Guide](https://wiki.edgexfoundry.org/display/FA/Contributor%27s+Guide)
7 | - [Contributor's Process](https://wiki.edgexfoundry.org/display/FA/Contributor%27s+Process)
8 | - [Technical Work](https://wiki.edgexfoundry.org/display/FA/Technical+Work+in+the+EdgeX+Foundry+Project)
9 | - [Contributors, Committers & Maintainers](https://wiki.edgexfoundry.org/pages/viewpage.action?pageId=21823860)


--------------------------------------------------------------------------------
/compose-builder/add-secure-device-mqtt.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2022 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   device-mqtt:
18 |     environment:
19 |       MQTTBROKERINFO_AUTHMODE: none
20 |       MQTTBROKERINFO_CREDENTIALSNAME: message-bus
21 | 


--------------------------------------------------------------------------------
/compose-builder/common-non-security.env:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2023 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | #
16 | # This file contains the common non-security related environment overrides used many Edgex services.
17 | #
18 | 
19 | EDGEX_SECURITY_SECRET_STORE=false
20 | 


--------------------------------------------------------------------------------
/compose-builder/common-security.env:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2021 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | #
16 | # This file contains the common security related environment overrides used many Edgex services.
17 | #
18 | 
19 | EDGEX_SECURITY_SECRET_STORE=true
20 | SECRETSTORE_HOST=edgex-secret-store
21 | CLIENTS_SECURITY_SECRETSTORE_SETUP_HOST=edgex-security-secretstore-setup
22 | 


--------------------------------------------------------------------------------
/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
 1 | <!-- Expected Commit Message Description (imported automatically by GitHub) -->
 2 | <!-- Must conform to [conventional commits guidelines](https://github.com/edgexfoundry/edgex-compose/blob/main/.github/Contributing.md) -->
 3 | <!-- Expected Commit message must contain Closes/Fixes #IssueNumber statement when there is a related issue -->
 4 | 
 5 | <!-- Add additional detailed description of need for change if no related issue -->
 6 | 
 7 | **If your build fails** due to your commit message not passing the build checks, please review the guidelines here: https://github.com/edgexfoundry/edgex-compose/blob/main/.github/Contributing.md
 8 | 
 9 | ## PR Checklist
10 | Please check if your PR fulfills the following requirements:
11 | 
12 | - [ ] I am not introducing a breaking change (if you are, flag in conventional commit message with `BREAKING CHANGE:` describing the break)
13 | - [ ] I have fully tested (add details below) this the new feature or bug fix (if not, why?)
14 | - [ ] I have opened a PR for the related docs change (if not, why?)
15 |   <link to docs PR>
16 | 
17 | 
18 | ## Testing Instructions
19 | <!-- How can the reviewers test your change? -->
20 | 


--------------------------------------------------------------------------------
/compose-builder/add-runtime-token-config-template.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2022 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   ${SERVICE_NAME}:
18 |     environment:
19 |       SECRETSTORE_RUNTIMETOKENPROVIDER_ENABLED: "true"
20 |       SECRETSTORE_RUNTIMETOKENPROVIDER_HOST: edgex-security-spiffe-token-provider
21 |     volumes:
22 |       - /tmp/edgex/secrets/spiffe/public:/tmp/edgex/secrets/spiffe/public:ro,z
23 |     depends_on:
24 |       - security-spiffe-token-provider
25 | 


--------------------------------------------------------------------------------
/docker-compose-portainer.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2021 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | version: '3.7'
17 | 
18 | volumes:
19 |   portainer_data:
20 | 
21 | services:
22 |   portainer:
23 |     image:  portainer/portainer-ce
24 |     ports:
25 |       - "127.0.0.1:9000:9000"
26 |     container_name: portainer
27 |     restart: always
28 |     command: -H unix:///var/run/docker.sock
29 |     volumes:
30 |       - ${DOCKER_SOCKET_PATH}:/var/run/docker.sock
31 |       - portainer_data:/data
32 | 
33 | 


--------------------------------------------------------------------------------
/compose-builder/gen-header:
--------------------------------------------------------------------------------
 1 | #  * Copyright 2024 Intel Corporation.
 2 | #  *
 3 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 4 | #  * in compliance with the License. You may obtain a copy of the License at
 5 | #  *
 6 | #  * http://www.apache.org/licenses/LICENSE-2.0
 7 | #  *
 8 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
 9 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
10 | #  * or implied. See the License for the specific language governing permissions and limitations under
11 | #  * the License.
12 | #  *
13 | #  * EdgeX Foundry, Odessa WIP release
14 | #  *******************************************************************************/
15 | #
16 | #
17 | #
18 | # ************************ This is a generated compose file ****************************
19 | #
20 | # DO NOT MAKE CHANGES that are intended to be permanent to EdgeX edgex-compose repo.
21 | #
22 | # Permanent changes can be made to the source compose files located in the compose-builder folder
23 | # at the top level of the edgex-compose repo.
24 | #
25 | # From the compose-builder folder use `make build` to regenerate all standard compose files variations
26 | #
27 | 


--------------------------------------------------------------------------------
/compose-builder/add-taf-device-services-mods.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2021 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   device-virtual:
18 |     command: "${CP_FLAGS} --registry --configDir=CONFIG_DIR_PLACE_HOLDER"
19 |     volumes:
20 |       - /PROFILE_VOLUME_PLACE_HOLDER:CONFIG_DIR_PLACE_HOLDER:z
21 | 
22 |   device-modbus:
23 |     command: "${CP_FLAGS} --registry --configDir=CONFIG_DIR_PLACE_HOLDER"
24 |     volumes:
25 |       - /PROFILE_VOLUME_PLACE_HOLDER:CONFIG_DIR_PLACE_HOLDER:z
26 |     depends_on:
27 |       - modbus-simulator
28 | 


--------------------------------------------------------------------------------
/compose-builder/add-mqtt-broker-nanomq.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2021 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | volumes:
17 |   nanomq-log:
18 | 
19 | services:
20 |   mqtt-broker:
21 |     image: emqx/nanomq:${NANOMQ_VERSION}
22 |     ports:
23 |       - "127.0.0.1:1883:1883"
24 |     container_name: edgex-mqtt-broker
25 |     hostname: edgex-mqtt-broker
26 |     read_only: true
27 |     restart: always
28 |     networks:
29 |       - edgex-network
30 |     security_opt:
31 |       - no-new-privileges:true
32 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
33 |     volumes:
34 |       - nanomq-log:/tmp
35 | 


--------------------------------------------------------------------------------
/compose-builder/add-mqtt-broker-mosquitto.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2021 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   mqtt-broker:
18 |     image: eclipse-mosquitto:${MOSQUITTO_VERSION}
19 |     command: "/usr/sbin/mosquitto ${MQTT_VERBOSE} -c /mosquitto-no-auth.conf"
20 |     ports:
21 |       - "127.0.0.1:1883:1883"
22 |     container_name: edgex-mqtt-broker
23 |     hostname: edgex-mqtt-broker
24 |     read_only: true
25 |     restart: always
26 |     networks:
27 |       - edgex-network
28 |     security_opt:
29 |       - no-new-privileges:true
30 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
31 | 


--------------------------------------------------------------------------------
/compose-builder/add-modbus-simulator.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2021 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   modbus-simulator:
18 |     image: nexus3.edgexfoundry.org:10003/edgex-devops/edgex-modbus-simulator${ARCH}:latest
19 |     container_name: edgex-modbus-simulator
20 |     hostname: edgex-modbus-simulator
21 |     ports:
22 |       - 127.0.0.1:1502:1502/tcp
23 |     networks:
24 |       - edgex-network
25 |     read_only: true
26 |     restart: always
27 |     security_opt:
28 |       - no-new-privileges:true
29 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
30 |     volumes:
31 |       # use host timezone
32 |       - /etc/localtime:/etc/localtime:ro
33 | 


--------------------------------------------------------------------------------
/compose-builder/add-postgres.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 IOTech Ltd
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | volumes:
17 |   db-data:
18 | 
19 | services:
20 |   database:
21 |     image: postgres:${POSTGRES_VERSION}
22 |     ports:
23 |       - "127.0.0.1:5432:5432"
24 |     container_name: edgex-postgres
25 |     hostname: edgex-postgres
26 |     read_only: true
27 |     restart: always
28 |     networks:
29 |       - edgex-network
30 |     environment:
31 |       POSTGRES_PASSWORD: postgres
32 |       POSTGRES_DB: edgex_db
33 |     volumes:
34 |       # use host timezone
35 |       - /etc/localtime:/etc/localtime:ro
36 |       - db-data:/var/lib/postgresql/data
37 |     security_opt:
38 |       - no-new-privileges:true
39 |     tmpfs:
40 |       - /run
41 | 


--------------------------------------------------------------------------------
/compose-builder/add-device-uart.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   device-uart:
18 |     image: ${DEVICE_SVC_REPOSITORY}/device-uart${ARCH}:${DEVICE_UART_VERSION}
19 |     command: "${CP_FLAGS} --registry"
20 |     ports:
21 |       - "127.0.0.1:59995:59995"
22 |     container_name: edgex-device-uart
23 |     hostname: edgex-device-uart
24 |     read_only: true
25 |     restart: always
26 |     networks:
27 |       - edgex-network
28 |     env_file:
29 |       - common-non-security.env
30 |     environment:
31 |       SERVICE_HOST: edgex-device-uart
32 |     depends_on:
33 |       - core-keeper
34 |       - core-data
35 |       - core-metadata
36 |       - core-common-config-bootstrapper
37 |     security_opt:
38 |       - no-new-privileges:true
39 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
40 | 


--------------------------------------------------------------------------------
/compose-builder/add-device-onvif-camera.yml:
--------------------------------------------------------------------------------
 1 | #
 2 | # Copyright (c) 2024 Intel Corporation
 3 | #
 4 | # Licensed under the Apache License, Version 2.0 (the "License");
 5 | # you may not use this file except in compliance with the License.
 6 | # You may obtain a copy of the License at
 7 | #
 8 | #      http://www.apache.org/licenses/LICENSE-2.0
 9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | 
17 | services:
18 |   device-onvif-camera:
19 |     image: ${DEVICE_SVC_REPOSITORY}/device-onvif-camera${ARCH}:${DEVICE_ONVIFCAM_VERSION}
20 |     command: "${CP_FLAGS} --registry"
21 |     ports:
22 |       - "127.0.0.1:59984:59984"
23 |     container_name: edgex-device-onvif-camera
24 |     hostname: edgex-device-onvif-camera
25 |     read_only: true
26 |     restart: always
27 |     networks:
28 |       - edgex-network
29 |     env_file:
30 |       - common-non-security.env
31 |     environment:
32 |       SERVICE_HOST: edgex-device-onvif-camera
33 |       MESSAGEBUS_HOST: edgex-mqtt-broker
34 |     depends_on:
35 |       - core-keeper
36 |       - core-data
37 |       - core-metadata
38 |       - core-common-config-bootstrapper
39 |     security_opt:
40 |       - no-new-privileges:true
41 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
42 |     volumes:
43 |       # use host timezone
44 |       - /etc/localtime:/etc/localtime:ro
45 | 


--------------------------------------------------------------------------------
/compose-builder/add-mqtt-messagebus.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2022 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   rules-engine:
18 |     environment:
19 |       CONNECTION__EDGEX__MQTTMSGBUS__PORT: 1883
20 |       CONNECTION__EDGEX__MQTTMSGBUS__PROTOCOL: tcp
21 |       CONNECTION__EDGEX__MQTTMSGBUS__SERVER: edgex-mqtt-broker
22 |       CONNECTION__EDGEX__MQTTMSGBUS__TYPE: mqtt
23 |       CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__CLIENTID: kuiper-rules-engine
24 |       CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__KEEPALIVE: 500
25 |       EDGEX__DEFAULT__PORT: 1883
26 |       EDGEX__DEFAULT__PROTOCOL: tcp
27 |       EDGEX__DEFAULT__SERVER: edgex-mqtt-broker
28 |       EDGEX__DEFAULT__TYPE: mqtt
29 |       EDGEX__DEFAULT__OPTIONAL__CLIENTID: kuiper-rules-engine
30 |       EDGEX__DEFAULT__OPTIONAL__KEEPALIVE: 500
31 |     depends_on:
32 |       - mqtt-broker
33 | 


--------------------------------------------------------------------------------
/compose-builder/add-device-s7.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 YIQISOFT.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   device-s7:
18 |     image: ${DEVICE_SVC_REPOSITORY}/device-s7${ARCH}:${DEVICE_S7_VERSION}
19 |     command: "${CP_FLAGS} --registry"
20 |     ports:
21 |       - '127.0.0.1:59994:59994'
22 |     container_name: edgex-device-s7
23 |     hostname: edgex-device-s7
24 |     networks:
25 |       - edgex-network
26 |     env_file:
27 |       - common-non-security.env
28 |     environment:
29 |       SERVICE_HOST: edgex-device-s7
30 |     depends_on:
31 |       - core-keeper
32 |       - core-data
33 |       - core-metadata
34 |       - core-common-config-bootstrapper
35 |     security_opt:
36 |       - no-new-privileges:true
37 |     read_only: true
38 |     restart: always
39 |     user: '${EDGEX_USER}:${EDGEX_GROUP}'
40 |     volumes:
41 |       # use host timezone
42 |       - /etc/localtime:/etc/localtime:ro
43 | 


--------------------------------------------------------------------------------
/compose-builder/add-device-gpio.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   device-gpio:
18 |     image: ${DEVICE_SVC_REPOSITORY}/device-gpio${ARCH}:${DEVICE_GPIO_VERSION}
19 |     command: "${CP_FLAGS} --registry"
20 |     ports:
21 |     - "127.0.0.1:59910:59910"
22 |     container_name: edgex-device-gpio
23 |     hostname: edgex-device-gpio
24 |     read_only: true
25 |     restart: always
26 |     networks:
27 |       - edgex-network
28 |     env_file:
29 |       - common-non-security.env
30 |     environment:
31 |       SERVICE_HOST: edgex-device-gpio
32 |     depends_on:
33 |       - core-keeper
34 |       - core-data
35 |       - core-metadata
36 |       - core-common-config-bootstrapper
37 |     security_opt:
38 |       - no-new-privileges:true
39 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
40 |     volumes:
41 |       # use host timezone
42 |       - /etc/localtime:/etc/localtime:ro
43 | 


--------------------------------------------------------------------------------
/compose-builder/add-device-rest.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   device-rest:
18 |     image: ${DEVICE_SVC_REPOSITORY}/device-rest${ARCH}:${DEVICE_REST_VERSION}
19 |     command: "${CP_FLAGS} --registry"
20 |     ports:
21 |       - "127.0.0.1:59986:59986"
22 |     container_name: edgex-device-rest
23 |     hostname: edgex-device-rest
24 |     read_only: true
25 |     restart: always
26 |     networks:
27 |       - edgex-network
28 |     env_file:
29 |       - common-non-security.env
30 |     environment:
31 |       SERVICE_HOST: edgex-device-rest
32 |     depends_on:
33 |       - core-keeper
34 |       - core-data
35 |       - core-metadata
36 |       - core-common-config-bootstrapper
37 |     security_opt:
38 |       - no-new-privileges:true
39 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
40 |     volumes:
41 |       # use host timezone
42 |       - /etc/localtime:/etc/localtime:ro
43 | 


--------------------------------------------------------------------------------
/compose-builder/add-device-snmp.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   device-snmp:
18 |     image: ${DEVICE_SVC_REPOSITORY}/device-snmp${ARCH}:${DEVICE_SNMP_VERSION}
19 |     command: "${CP_FLAGS} --registry"
20 |     ports:
21 |       - "127.0.0.1:59993:59993"
22 |     container_name: edgex-device-snmp
23 |     hostname: edgex-device-snmp
24 |     networks:
25 |       - edgex-network
26 |     env_file:
27 |       - common-non-security.env
28 |     environment:
29 |       SERVICE_HOST: edgex-device-snmp
30 |     depends_on:
31 |       - core-keeper
32 |       - core-data
33 |       - core-metadata
34 |       - core-common-config-bootstrapper
35 |     security_opt:
36 |       - no-new-privileges:true
37 |     read_only: true
38 |     restart: always
39 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
40 |     volumes:
41 |       # use host timezone
42 |       - /etc/localtime:/etc/localtime:ro
43 | 


--------------------------------------------------------------------------------
/compose-builder/add-service-secure-template.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2021 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   security-secretstore-setup:
18 |     environment:
19 |       EDGEX_ADD_SECRETSTORE_TOKENS: ${TOKEN_LIST}
20 |       EDGEX_ADD_KNOWN_SECRETS: ${KNOWN_SECRETS_LIST}
21 | 
22 |   ${ZERO_TRUST}security-proxy-setup:
23 |   ${ZERO_TRUST}  environment:
24 |   ${ZERO_TRUST}    EDGEX_ADD_PROXY_ROUTE: ${EXTRA_PROXY_ROUTE_LIST}
25 | 
26 |   ${SERVICE_NAME}:
27 |     entrypoint: [${SHELL_OVERRIDE} "/edgex-init/ready_to_run_wait_install.sh"]
28 |     command: "/${EXECUTABLE} --registry ${CP_FLAGS}"
29 |     env_file:
30 |       - common-security.env
31 |       - common-sec-stage-gate.env
32 |     ##${ENVIRONMENT_SECTION}
33 |     volumes:
34 |       - edgex-init:/edgex-init:ro
35 |       - /tmp/edgex/secrets/${SERVICE_KEY}:/tmp/edgex/secrets/${SERVICE_KEY}:ro,z
36 |     depends_on:
37 |       - security-bootstrapper
38 | 


--------------------------------------------------------------------------------
/compose-builder/add-device-opc-ua.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2025 YIQISOFT.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   device-opc-ua:
18 |     image: ${DEVICE_SVC_REPOSITORY}/device-opc-ua${ARCH}:${DEVICE_OPCUA_VERSION}
19 |     command: "${CP_FLAGS} --registry"
20 |     ports:
21 |       - '127.0.0.1:59997:59997'
22 |     container_name: edgex-device-opc-ua
23 |     hostname: edgex-device-opc-ua
24 |     networks:
25 |       - edgex-network
26 |     env_file:
27 |       - common-non-security.env
28 |     environment:
29 |       SERVICE_HOST: edgex-device-opc-ua
30 |     depends_on:
31 |       - core-keeper
32 |       - core-data
33 |       - core-metadata
34 |       - core-common-config-bootstrapper
35 |     security_opt:
36 |       - no-new-privileges:true
37 |     read_only: true
38 |     restart: always
39 |     user: '${EDGEX_USER}:${EDGEX_GROUP}'
40 |     volumes:
41 |       # use host timezone
42 |       - /etc/localtime:/etc/localtime:ro
43 | 


--------------------------------------------------------------------------------
/compose-builder/add-device-modbus.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   device-modbus:
18 |     image: ${DEVICE_SVC_REPOSITORY}/device-modbus${ARCH}:${DEVICE_MODBUS_VERSION}
19 |     command: "${CP_FLAGS} --registry"
20 |     ports:
21 |       - "127.0.0.1:59901:59901"
22 |     container_name: edgex-device-modbus
23 |     hostname: edgex-device-modbus
24 |     networks:
25 |       - edgex-network
26 |     env_file:
27 |       - common-non-security.env
28 |     environment:
29 |       SERVICE_HOST: edgex-device-modbus
30 |     depends_on:
31 |       - core-keeper
32 |       - core-data
33 |       - core-metadata
34 |       - core-common-config-bootstrapper
35 |     security_opt:
36 |       - no-new-privileges:true
37 |     read_only: true
38 |     restart: always
39 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
40 |     volumes:
41 |       # use host timezone
42 |       - /etc/localtime:/etc/localtime:ro
43 | 


--------------------------------------------------------------------------------
/compose-builder/add-device-virtual.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   device-virtual:
18 |     image: ${DEVICE_SVC_REPOSITORY}/device-virtual${ARCH}:${DEVICE_VIRTUAL_VERSION}
19 |     command: "${CP_FLAGS} --registry"
20 |     ports:
21 |     - "127.0.0.1:59900:59900"
22 |     container_name: edgex-device-virtual
23 |     hostname: edgex-device-virtual
24 |     read_only: true
25 |     restart: always
26 |     networks:
27 |       - edgex-network
28 |     env_file:
29 |       - common-non-security.env
30 |     environment:
31 |       SERVICE_HOST: edgex-device-virtual
32 |     depends_on:
33 |       - core-keeper
34 |       - core-data
35 |       - core-metadata
36 |       - core-common-config-bootstrapper
37 |     security_opt:
38 |       - no-new-privileges:true
39 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
40 |     volumes:
41 |       # use host timezone
42 |       - /etc/localtime:/etc/localtime:ro
43 | 


--------------------------------------------------------------------------------
/compose-builder/add-device-rfid-llrp.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   device-rfid-llrp:
18 |     image: ${DEVICE_SVC_REPOSITORY}/device-rfid-llrp${ARCH}:${DEVICE_LLRP_VERSION}
19 |     command: "${CP_FLAGS} --registry"
20 |     ports:
21 |     - "127.0.0.1:59989:59989"
22 |     container_name: edgex-device-rfid-llrp
23 |     hostname: edgex-device-rfid-llrp
24 |     read_only: true
25 |     restart: always
26 |     networks:
27 |       - edgex-network
28 |     env_file:
29 |       - common-non-security.env
30 |     environment:
31 |       SERVICE_HOST: edgex-device-rfid-llrp
32 |     depends_on:
33 |       - core-keeper
34 |       - core-data
35 |       - core-metadata
36 |       - core-common-config-bootstrapper
37 |     security_opt:
38 |       - no-new-privileges:true
39 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
40 |     volumes:
41 |       # use host timezone
42 |       - /etc/localtime:/etc/localtime:ro
43 | 


--------------------------------------------------------------------------------
/compose-builder/add-app-record-replay.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   app-record-replay:
18 |     image: ${APP_SVC_REPOSITORY}/app-record-replay${ARCH}:${APP_RECORD_REPLAY_VERSION}
19 |     command: "--registry ${CP_FLAGS}"
20 |     ports:
21 |       - 127.0.0.1:59712:59712/tcp
22 |     container_name: edgex-app-record-replay
23 |     hostname: edgex-app-record-replay
24 |     env_file:
25 |       - common-non-security.env
26 |     environment:
27 |       SERVICE_HOST: edgex-app-record-replay
28 |     depends_on:
29 |       - core-keeper
30 |       - database
31 |       - core-metadata
32 |       - core-common-config-bootstrapper
33 |     read_only: true
34 |     restart: always
35 |     networks:
36 |       - edgex-network
37 |     security_opt:
38 |       - no-new-privileges:true
39 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
40 |     volumes:
41 |       # use host timezone
42 |       - /etc/localtime:/etc/localtime:ro
43 | 
44 | 


--------------------------------------------------------------------------------
/compose-builder/add-device-mqtt.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   device-mqtt:
18 |     image: ${DEVICE_SVC_REPOSITORY}/device-mqtt${ARCH}:${DEVICE_MQTT_VERSION}
19 |     command: "${CP_FLAGS} --registry"
20 |     ports:
21 |       - "127.0.0.1:59982:59982"
22 |     container_name: edgex-device-mqtt
23 |     hostname: edgex-device-mqtt
24 |     read_only: true
25 |     restart: always
26 |     networks:
27 |       - edgex-network
28 |     env_file:
29 |       - common-non-security.env
30 |     environment:
31 |       SERVICE_HOST: edgex-device-mqtt
32 |       MQTTBROKERINFO_HOST: edgex-mqtt-broker
33 |     depends_on:
34 |       - core-keeper
35 |       - core-data
36 |       - core-metadata
37 |       - mqtt-broker
38 |       - core-common-config-bootstrapper
39 |     security_opt: 
40 |       - no-new-privileges:true
41 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
42 |     volumes:
43 |       # use host timezone
44 |       - /etc/localtime:/etc/localtime:ro    
45 | 


--------------------------------------------------------------------------------
/compose-builder/add-device-usb-camera.yml:
--------------------------------------------------------------------------------
 1 | #
 2 | # Copyright (c) 2024 Intel Corporation
 3 | #
 4 | # Licensed under the Apache License, Version 2.0 (the "License");
 5 | # you may not use this file except in compliance with the License.
 6 | # You may obtain a copy of the License at
 7 | #
 8 | #      http://www.apache.org/licenses/LICENSE-2.0
 9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | 
17 | services:
18 |   device-usb-camera:
19 |     image: ${DEVICE_SVC_REPOSITORY}/device-usb-camera${ARCH}:${DEVICE_USBCAM_VERSION}
20 |     command: "${CP_FLAGS} --registry"
21 |     ports:
22 |       - "127.0.0.1:59983:59983"
23 |       - "127.0.0.1:8554:8554/tcp"
24 |     container_name: edgex-device-usb-camera
25 |     hostname: edgex-device-usb-camera
26 |     read_only: true
27 |     restart: always
28 |     networks:
29 |       - edgex-network
30 |     env_file:
31 |       - common-non-security.env
32 |     environment:
33 |       SERVICE_HOST: edgex-device-usb-camera
34 |     depends_on:
35 |       - core-keeper
36 |       - core-data
37 |       - core-metadata
38 |       - core-common-config-bootstrapper
39 |     security_opt:
40 |       - no-new-privileges:true
41 |     user: root:root
42 |     device_cgroup_rules:
43 |       - 'c 81:* rw' # c:character device 81:device major number(81=webcam) *:device minor number rw:read/write
44 |     volumes:
45 |       # use host timezone
46 |       - /etc/localtime:/etc/localtime:ro
47 |       - /dev:/dev
48 |       - /run/udev:/run/udev:ro
49 | 


--------------------------------------------------------------------------------
/compose-builder/add-asc-metrics-influxdb.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   app-metrics-influxdb:
18 |     image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION}
19 |     command: "--registry ${CP_FLAGS}"
20 |     ports:
21 |       - 127.0.0.1:59707:59707/tcp
22 |     container_name: edgex-app-metrics-influxdb
23 |     hostname: edgex-app-metrics-influxdb
24 |     env_file:
25 |       - common-non-security.env
26 |     environment:
27 |       SERVICE_HOST: edgex-app-metrics-influxdb
28 |       EDGEX_PROFILE: metrics-influxdb
29 |     depends_on:
30 |       - core-keeper
31 |       - core-metadata
32 |       - core-common-config-bootstrapper
33 |     read_only: true
34 |     restart: always
35 |     networks:
36 |       - edgex-network
37 |     security_opt:
38 |       - no-new-privileges:true
39 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
40 |     volumes:
41 |       # use host timezone
42 |       - /etc/localtime:/etc/localtime:ro
43 | 


--------------------------------------------------------------------------------
/compose-builder/common-sec-stage-gate.env:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2021 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | #
16 | # This file contains the common security bootstrapper related environment overrides used many Edgex services.
17 | #
18 | 
19 | STAGEGATE_WAITFOR_TIMEOUT=60s
20 | STAGEGATE_BOOTSTRAPPER_HOST=edgex-security-bootstrapper
21 | STAGEGATE_BOOTSTRAPPER_STARTPORT=54321
22 | STAGEGATE_SECRETSTORESETUP_HOST=edgex-security-secretstore-setup
23 | STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT=54322
24 | # this is intended to be the same as Database.Host/.Port for other services
25 | STAGEGATE_DATABASE_HOST=${DATABASE_HOST}
26 | STAGEGATE_DATABASE_PORT=${DATABASE_PORT}
27 | STAGEGATE_DATABASE_READYPORT=${DATABASE_PORT}
28 | # this is intended to be the same as Registry.Host/.Port for other services
29 | STAGEGATE_REGISTRY_HOST=edgex-core-keeper
30 | STAGEGATE_REGISTRY_PORT=59890
31 | STAGEGATE_REGISTRY_READYPORT=54324
32 | STAGEGATE_READY_TORUNPORT=54329
33 | PROXY_SETUP_HOST=edgex-security-proxy-setup
34 | STAGEGATE_PROXYSETUP_READYPORT=54325
35 | 


--------------------------------------------------------------------------------
/compose-builder/add-secure-mqtt-broker.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2022 Intel Corporation.
 3 | #  * Copyright 2024 IOTech Ltd
 4 | #  *
 5 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 6 | #  * in compliance with the License. You may obtain a copy of the License at
 7 | #  *
 8 | #  * http://www.apache.org/licenses/LICENSE-2.0
 9 | #  *
10 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
11 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
12 | #  * or implied. See the License for the specific language governing permissions and limitations under
13 | #  * the License.
14 | #  *
15 | #  *******************************************************************************/
16 | 
17 | volumes:
18 |   mqtt:
19 | 
20 | services:
21 |   mqtt-broker:
22 |     command: "/usr/sbin/mosquitto ${MQTT_VERBOSE} -c /mosquitto/config/mosquitto.conf"
23 |     entrypoint: ["/edgex-init/messagebus_wait_install.sh"]
24 |     env_file:
25 |       - common-security.env
26 |       - common-sec-stage-gate.env
27 |     environment:
28 |       BROKER_TYPE: mosquitto
29 |       CONF_DIR: /edgex-init/bootstrap-mosquitto/res
30 |       ENTRYPOINT: /docker-entrypoint.sh /usr/sbin/mosquitto ${MQTT_VERBOSE} -c  /mosquitto/config/mosquitto.conf
31 |     volumes:
32 |     - mqtt:/mosquitto
33 |     - edgex-init:/edgex-init:ro
34 |     - /tmp/edgex/secrets/security-bootstrapper-messagebus:/tmp/edgex/secrets/security-bootstrapper-messagebus:ro,z
35 |     depends_on:
36 |       - security-bootstrapper
37 |       - security-secretstore-setup 
38 |     # root privilege required for bootstrapper's process
39 |     user: root:root
40 | 


--------------------------------------------------------------------------------
/compose-builder/add-device-coap.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   device-coap:
18 |     image: ${DEVICE_SVC_REPOSITORY}/device-coap${ARCH}:${DEVICE_COAP_VERSION}
19 |     command: "${CP_FLAGS} --registry"
20 |     ports:
21 |     - "127.0.0.1:59988:59988"
22 |     container_name: edgex-device-coap
23 |     hostname: edgex-device-coap
24 |     read_only: true
25 |     restart: always
26 |     networks:
27 |       - edgex-network
28 |     env_file:
29 |       - common-non-security.env
30 |     environment:
31 |       SERVICE_HOST: edgex-device-coap
32 |       DATABASE_HOST: ${DATABASE_HOST}
33 |       MESSAGEBUS_HOST: ${MESSAGEBUS_HOST}
34 |       CLIENTS_CORE_METADATA_HOST: edgex-core-metadata
35 |     depends_on:
36 |       - core-keeper
37 |       - core-data
38 |       - core-metadata
39 |       - core-common-config-bootstrapper
40 |     security_opt:
41 |       - no-new-privileges:true
42 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
43 |     volumes:
44 |       # use host timezone
45 |       - /etc/localtime:/etc/localtime:ro
46 | 


--------------------------------------------------------------------------------
/compose-builder/add-app-rfid-llrp-inventory.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | volumes:
17 |   llrp-inventory-data:
18 | 
19 | services:
20 |   app-rfid-llrp-inventory:
21 |     image: ${APP_SVC_REPOSITORY}/app-rfid-llrp-inventory${ARCH}:${APP_LLRP_VERSION}
22 |     command: "--registry ${CP_FLAGS}"
23 |     ports:
24 |       - 127.0.0.1:59711:59711/tcp
25 |     container_name: edgex-app-rfid-llrp-inventory
26 |     hostname: edgex-app-rfid-llrp-inventory
27 |     env_file:
28 |       - common-non-security.env
29 |     environment:
30 |       SERVICE_HOST: edgex-app-rfid-llrp-inventory
31 |     depends_on:
32 |       - core-keeper
33 |       - core-data
34 |       - core-metadata
35 |       - core-common-config-bootstrapper
36 |     read_only: true
37 |     restart: always
38 |     networks:
39 |       - edgex-network
40 |     security_opt:
41 |       - no-new-privileges:true
42 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
43 |     volumes:
44 |       # use host timezone
45 |       - /etc/localtime:/etc/localtime:ro
46 |       - llrp-inventory-data:/cache
47 | 
48 | 


--------------------------------------------------------------------------------
/compose-builder/gen_runtime_token_config_compose_ext.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | # /*******************************************************************************
 3 | #  * Copyright 2022 Intel Corporation.
 4 | #  *
 5 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 6 | #  * in compliance with the License. You may obtain a copy of the License at
 7 | #  *
 8 | #  * http://www.apache.org/licenses/LICENSE-2.0
 9 | #  *
10 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
11 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
12 | #  * or implied. See the License for the specific language governing permissions and limitations under
13 | #  * the License.
14 | #  *******************************************************************************/
15 | 
16 | # This shell script is used to generate the extension of docker-compose yaml file in secure mode dynamically
17 | # for adding configuration of runtime token provider
18 | 
19 | num_of_args=$#
20 | # the positional input arguments are <"service_name">
21 | 
22 | service_name=''
23 | if [ "$num_of_args" -ne 1 ]; then
24 |   echo "ERROR: Invalid number of arguments, should be at 1: <service-name> required"
25 |   exit 1
26 | fi
27 | 
28 | service_name=$1
29 | 
30 | DEFAULT_GEN_EXT_DIR="gen_ext_compose"
31 | GEN_EXT_DIR="${GEN_EXT_DIR:-$DEFAULT_GEN_EXT_DIR}"
32 | mkdir -p "$GEN_EXT_DIR"
33 | 
34 | ADD_RUNTIME_TOKEN_CONFIG_FILE_TEMPLATE="add-runtime-token-config-template.yml"
35 | 
36 | SERVICE_EXT_COMPOSE_PATH=./"$GEN_EXT_DIR"/add-"$service_name"-runtime-token-config.yml
37 | sed 's/${SERVICE_NAME}:/'"$service_name"':/g' "$ADD_RUNTIME_TOKEN_CONFIG_FILE_TEMPLATE" > "$SERVICE_EXT_COMPOSE_PATH"
38 | 
39 | # return the extension compose file path
40 | echo "$SERVICE_EXT_COMPOSE_PATH"
41 | 


--------------------------------------------------------------------------------
/compose-builder/add-device-can.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2025 IOTech Ltd
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   device-can:
18 |     image: ${DEVICE_SVC_REPOSITORY}/device-can${ARCH}:${DEVICE_CAN_VERSION}
19 |     command: "${CP_FLAGS} --registry"
20 |     ports:
21 |     - "127.0.0.1:59999:59999"
22 |     container_name: edgex-device-can
23 |     hostname: edgex-device-can
24 |     read_only: true
25 |     restart: always
26 |     networks:
27 |       - edgex-network
28 |     env_file:
29 |       - common-non-security.env
30 |     environment:
31 |       SERVICE_HOST: edgex-device-can
32 |       DATABASE_HOST: ${DATABASE_HOST}
33 |       MESSAGEBUS_HOST: ${MESSAGEBUS_HOST}
34 |       CLIENTS_CORE_METADATA_HOST: edgex-core-metadata
35 |       CLIENTS_CORE_DATA_HOST: edgex-core-data
36 |     depends_on:
37 |       - core-keeper
38 |       - core-data
39 |       - core-metadata
40 |       - core-common-config-bootstrapper
41 |     security_opt:
42 |       - no-new-privileges:true
43 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
44 |     volumes:
45 |       # use host timezone
46 |       - /etc/localtime:/etc/localtime:ro
47 | 


--------------------------------------------------------------------------------
/compose-builder/add-secure-mqtt-messagebus.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2022 Intel Corporation.
 3 | #  * Copyright 2024 IOTech Ltd
 4 | #  *
 5 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 6 | #  * in compliance with the License. You may obtain a copy of the License at
 7 | #  *
 8 | #  * http://www.apache.org/licenses/LICENSE-2.0
 9 | #  *
10 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
11 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
12 | #  * or implied. See the License for the specific language governing permissions and limitations under
13 | #  * the License.
14 | #  *
15 | #  *******************************************************************************/
16 | 
17 | volumes:
18 |   kuiper-sources:
19 |   kuiper-connections:
20 | 
21 | services:
22 |   security-secretstore-setup:
23 |     environment:
24 |       SECUREMESSAGEBUS_TYPE: mqtt
25 |     volumes:
26 |       - kuiper-sources:/tmp/kuiper
27 |       - kuiper-connections:/tmp/kuiper-connections
28 | 
29 |   core-common-config-bootstrapper:
30 |     environment:
31 |       ALL_SERVICES_MESSAGEBUS_AUTHMODE: usernamepassword
32 |       ALL_SERVICES_MESSAGEBUS_SECRETNAME: message-bus
33 |   
34 |   rules-engine:
35 |     entrypoint: [ "/edgex-init/kuiper_wait_install.sh" ]
36 |     env_file:
37 |       - common-sec-stage-gate.env
38 |     environment:
39 |       EDGEX__DEFAULT__CONNECTIONSELECTOR: mqttmsgbus
40 |     volumes:
41 |       - kuiper-sources:/kuiper/etc/sources
42 |       - kuiper-connections:/kuiper/etc/connections
43 |       - edgex-init:/edgex-init:ro
44 |     depends_on:
45 |       - security-bootstrapper
46 |       - security-secretstore-setup
47 |       - database
48 | 
49 | 


--------------------------------------------------------------------------------
/compose-builder/add-asc-sample.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   app-sample:
18 |     image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION}
19 |     command: "--registry ${CP_FLAGS}"
20 |     ports:
21 |       - 127.0.0.1:59700:59700/tcp
22 |     container_name: edgex-app-sample
23 |     hostname: edgex-app-sample
24 |     env_file:
25 |       - common-non-security.env
26 |     environment:
27 |       EDGEX_PROFILE: sample
28 |       SERVICE_HOST: edgex-app-sample
29 |       CLIENTS_CORE_DATA_HOST: edgex-core-data
30 |       CLIENTS_CORE_COMMAND_HOST: edgex-core-command
31 |       CLIENTS_SUPPORT-NOTIFICATIONS_HOST: edgex-support-notifications
32 |     depends_on:
33 |       - core-keeper
34 |       - core-metadata
35 |       - core-common-config-bootstrapper
36 |     read_only: true
37 |     restart: always
38 |     networks:
39 |       - edgex-network
40 |     security_opt:
41 |       - no-new-privileges:true
42 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
43 |     volumes:
44 |       # use host timezone
45 |       - /etc/localtime:/etc/localtime:ro
46 | 


--------------------------------------------------------------------------------
/compose-builder/add-device-bacnet-ip.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 Intel Corporation.
 3 | #  * Copyright 2023 IOTech.
 4 | #  *
 5 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 6 | #  * in compliance with the License. You may obtain a copy of the License at
 7 | #  *
 8 | #  * http://www.apache.org/licenses/LICENSE-2.0
 9 | #  *
10 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
11 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
12 | #  * or implied. See the License for the specific language governing permissions and limitations under
13 | #  * the License.
14 | #  *
15 | #  *******************************************************************************/
16 | 
17 | services:
18 |   device-bacnet-ip:
19 |     image: ${DEVICE_SVC_REPOSITORY}/device-bacnet${ARCH}:${DEVICE_BACNET_VERSION}
20 |     command: "${CP_FLAGS} --registry"
21 |     ports:
22 |       - "127.0.0.1:59980:59980"
23 |     container_name: edgex-device-bacnet-ip
24 |     hostname: edgex-device-bacnet-ip
25 |     networks:
26 |       - edgex-network
27 |     env_file:
28 |       - common-non-security.env
29 |     environment:
30 |       SERVICE_HOST: edgex-device-bacnet-ip
31 |       DATABASE_HOST: ${DATABASE_HOST}
32 |       MESSAGEBUS_HOST: ${MESSAGEBUS_HOST}
33 |       CLIENTS_CORE_METADATA_HOST: edgex-core-metadata
34 |     depends_on:
35 |       - core-keeper
36 |       - core-data
37 |       - core-metadata
38 |       - core-common-config-bootstrapper
39 |     security_opt:
40 |       - no-new-privileges:true
41 |     read_only: true
42 |     restart: always
43 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
44 |     volumes:
45 |       # use host timezone
46 |       - /etc/localtime:/etc/localtime:ro
47 | 


--------------------------------------------------------------------------------
/compose-builder/add-asc-http-export.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   app-http-export:
18 |     image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION}
19 |     command: "--registry ${CP_FLAGS}"
20 |     ports:
21 |       - 127.0.0.1:59704:59704/tcp
22 |     container_name: edgex-app-http-export
23 |     hostname: edgex-app-http-export
24 |     env_file:
25 |       - common-non-security.env
26 |     environment:
27 |       SERVICE_HOST: edgex-app-http-export
28 |       EDGEX_PROFILE: http-export
29 |       WRITABLE_PIPELINE_FUNCTIONS_HTTPEXPORT_PARAMETERS_URL: "http://EXPORT_HOST_PLACE_HOLDER:7770"
30 |       WRITABLE_LOGLEVEL: INFO  # allows scripts to find and change with sed
31 |     depends_on:
32 |       - core-keeper
33 |       - core-data
34 |       - core-metadata
35 |       - core-common-config-bootstrapper
36 |     read_only: true
37 |     restart: always
38 |     networks:
39 |       - edgex-network
40 |     security_opt:
41 |       - no-new-privileges:true
42 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
43 |     volumes:
44 |       # use host timezone
45 |       - /etc/localtime:/etc/localtime:ro
46 | 


--------------------------------------------------------------------------------
/compose-builder/add-secure-postgres.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024-2025 IOTech Ltd
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | volumes:
17 |   postgres-data:
18 | 
19 | services:
20 |   database:
21 |     entrypoint: ["/edgex-init/postgres_wait_install.sh"]
22 |     image: postgres:${POSTGRES_VERSION}
23 |     ports:
24 |       - "127.0.0.1:5432:5432"
25 |     container_name: edgex-postgres
26 |     hostname: edgex-postgres
27 |     read_only: true
28 |     restart: always
29 |     networks:
30 |       - edgex-network
31 |     env_file:
32 |       - common-security.env
33 |       - common-sec-stage-gate.env
34 |     environment:
35 |       DATABASECONFIG_PATH: /tmp/postgres-init-scripts
36 |       DATABASECONFIG_NAME: create-users.sh
37 |       POSTGRES_DB: edgex_db
38 |     security_opt:
39 |       - no-new-privileges:true
40 |     tmpfs:
41 |       - /run
42 |       - /tmp
43 |     volumes:
44 |       - /etc/localtime:/etc/localtime:ro
45 |       - edgex-init:/edgex-init:ro
46 |       - db-data:/var/lib/postgresql/data
47 |       - /tmp/edgex/secrets/security-bootstrapper-postgres:/tmp/edgex/secrets/security-bootstrapper-postgres:ro,z
48 |     depends_on:
49 |       - security-bootstrapper
50 |       - security-secretstore-setup
51 | 


--------------------------------------------------------------------------------
/compose-builder/add-device-bacnet-mstp.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 Intel Corporation.
 3 | #  * Copyright 2023 IOTech.
 4 | #  *
 5 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 6 | #  * in compliance with the License. You may obtain a copy of the License at
 7 | #  *
 8 | #  * http://www.apache.org/licenses/LICENSE-2.0
 9 | #  *
10 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
11 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
12 | #  * or implied. See the License for the specific language governing permissions and limitations under
13 | #  * the License.
14 | #  *
15 | #  *******************************************************************************/
16 | 
17 | services:
18 |   device-bacnet-mstp:
19 |     image: ${DEVICE_SVC_REPOSITORY}/device-bacnet${ARCH}:${DEVICE_BACNET_VERSION}
20 |     command: "${CP_FLAGS} --registry"
21 |     entrypoint:
22 |       - /device-bacnet-mstp/device-bacnet-c
23 |     ports:
24 |       - "127.0.0.1:59981:59980"
25 |     container_name: edgex-device-bacnet-mstp
26 |     hostname: edgex-device-bacnet-mstp
27 |     networks:
28 |       - edgex-network
29 |     env_file:
30 |       - common-non-security.env
31 |     environment:
32 |       SERVICE_HOST: edgex-device-bacnet-mstp
33 |       DATABASE_HOST: ${DATABASE_HOST}
34 |       MESSAGEBUS_HOST: ${MESSAGEBUS_HOST}
35 |       CLIENTS_CORE_METADATA_HOST: edgex-core-metadata
36 |     depends_on:
37 |       - core-keeper
38 |       - core-data
39 |       - core-metadata
40 |       - core-common-config-bootstrapper
41 |     security_opt:
42 |       - no-new-privileges:true
43 |     read_only: true
44 |     restart: always
45 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
46 |     volumes:
47 |       # use host timezone
48 |       - /etc/localtime:/etc/localtime:ro
49 | 


--------------------------------------------------------------------------------
/compose-builder/get-api-gateway-token.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | # /*******************************************************************************
 3 | #  * Copyright 2022-2023 Intel Corporation.
 4 | #  *
 5 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 6 | #  * in compliance with the License. You may obtain a copy of the License at
 7 | #  *
 8 | #  * http://www.apache.org/licenses/LICENSE-2.0
 9 | #  *
10 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
11 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
12 | #  * or implied. See the License for the specific language governing permissions and limitations under
13 | #  * the License.
14 | #  *******************************************************************************/
15 | 
16 | username=edgexuser
17 | 
18 | # Start afresh by deleting old user
19 | docker exec -ti edgex-security-proxy-setup ./secrets-config proxy deluser --user "${username}" --useRootToken > /dev/null
20 | 
21 | # Create new user, log in, and exchange for JWT
22 | password=$(docker exec -ti edgex-security-proxy-setup ./secrets-config proxy adduser --user "${username}" --useRootToken | jq -r '.password')
23 | secret_store_token=$(curl -ks "http://localhost:8200/v1/auth/userpass/login/${username}" -d "{\"password\":\"${password}\"}" | jq -r '.auth.client_token')
24 | id_token=$(curl -ks -H "Authorization: Bearer ${secret_store_token}" "http://localhost:8200/v1/identity/oidc/token/${username}" | jq -r '.data.token')
25 | 
26 | # Check that we got sane output from the previous commands before coughing up the token
27 | introspect_result=$(curl -ks -H "Authorization: Bearer ${secret_store_token}" "http://localhost:8200/v1/identity/oidc/introspect" -d "{\"token\":\"${id_token}\"}" | jq -r '.active')
28 | if [ "${introspect_result}" = "true" ]; then
29 | 	echo "${id_token}"
30 | 	exit 0
31 | else
32 | 	echo "ERROR" >&2
33 | 	exit 1
34 | fi
35 | 


--------------------------------------------------------------------------------
/compose-builder/add-asc-mqtt-export.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   app-mqtt-export:
18 |     image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION}
19 |     command: "--registry ${CP_FLAGS}"
20 |     ports:
21 |       - 127.0.0.1:59703:59703/tcp
22 |     container_name: edgex-app-mqtt-export
23 |     hostname: edgex-app-mqtt-export
24 |     env_file:
25 |       - common-non-security.env
26 |     environment:
27 |       SERVICE_HOST: edgex-app-mqtt-export
28 |       EDGEX_PROFILE: mqtt-export
29 |       WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER
30 |       WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events
31 |       WRITABLE_LOGLEVEL: INFO # allows scripts to find and change with sed
32 |     depends_on:
33 |       - core-keeper
34 |       - core-metadata
35 |       - core-common-config-bootstrapper
36 |     read_only: true
37 |     restart: always
38 |     networks:
39 |       - edgex-network
40 |     security_opt:
41 |       - no-new-privileges:true
42 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
43 |     volumes:
44 |       # use host timezone
45 |       - /etc/localtime:/etc/localtime:ro
46 | 


--------------------------------------------------------------------------------
/compose-builder/add-asc-external-mqtt-trigger.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   app-external-mqtt-trigger:
18 |     image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION}
19 |     command: "--registry ${CP_FLAGS}"
20 |     ports:
21 |       - 127.0.0.1:59706:59706/tcp
22 |     container_name: edgex-app-external-mqtt-trigger
23 |     hostname: edgex-app-external-mqtt-trigger
24 |     env_file:
25 |       - common-non-security.env
26 |     environment:
27 |       SERVICE_HOST: edgex-app-external-mqtt-trigger
28 |       EDGEX_PROFILE: external-mqtt-trigger
29 |       TRIGGER_EXTERNALMQTT_URL: MQTT_BROKER_ADDRESS_PLACE_HOLDER
30 |       WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER
31 |       WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-export
32 |       WRITABLE_LOGLEVEL: INFO
33 |     depends_on:
34 |       - core-keeper
35 |       - core-data
36 |       - core-metadata
37 |       - core-common-config-bootstrapper
38 |     read_only: true
39 |     restart: always
40 |     networks:
41 |       - edgex-network
42 |     security_opt:
43 |       - no-new-privileges:true
44 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
45 |     volumes:
46 |       # use host timezone
47 |       - /etc/localtime:/etc/localtime:ro
48 | 


--------------------------------------------------------------------------------
/compose-builder/add-taf-app-services-secure.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   security-secretstore-setup:
18 |     environment:
19 |       EDGEX_ADD_SECRETSTORE_TOKENS: ${TOKEN_LIST}
20 |       EDGEX_ADD_KNOWN_SECRETS: ${KNOWN_SECRETS_LIST}
21 | 
22 |   app-functional-tests:
23 |     entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"]
24 |     command: "/app-service-configurable --registry ${CP_FLAGS}"
25 |     env_file:
26 |       - common-security.env
27 |       - common-sec-stage-gate.env
28 |     volumes:
29 |       - edgex-init:/edgex-init:ro
30 |       - /tmp/edgex/secrets/app-functional-tests:/tmp/edgex/secrets/app-functional-tests:ro,z
31 |     depends_on:
32 |       - security-bootstrapper
33 |       - core-metadata
34 |       - core-common-config-bootstrapper
35 | 
36 |   app-scalability-test-mqtt-export:
37 |     entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"]
38 |     command: "/app-service-configurable --registry ${CP_FLAGS}"
39 |     env_file:
40 |       - common-security.env
41 |       - common-sec-stage-gate.env
42 |     volumes:
43 |       - edgex-init:/edgex-init:ro
44 |       - /tmp/edgex/secrets/app-scalability-test-mqtt-export:/tmp/edgex/secrets/app-scalability-test-mqtt-export:ro,z
45 |     depends_on:
46 |       - security-bootstrapper
47 |       - core-metadata
48 |       - core-common-config-bootstrapper
49 | 
50 | 


--------------------------------------------------------------------------------
/Jenkinsfile:
--------------------------------------------------------------------------------
 1 | pipeline {
 2 |     agent {
 3 |         label 'centos7-docker-4c-2g' 
 4 |     }
 5 |     options {
 6 |         timestamps()
 7 |         quietPeriod(5) // wait a few seconds before starting to aggregate builds...??
 8 |         durabilityHint 'PERFORMANCE_OPTIMIZED'
 9 |         timeout(360)
10 |     }
11 |     parameters {
12 |         booleanParam defaultValue: false, description: 'Archive 3rd Party Images', name: 'ARCHIVE'
13 |     }
14 |     triggers {
15 |         issueCommentTrigger('.*^recheck$.*')
16 |     }
17 |     stages {
18 |         stage('Smoke Tests') {
19 |             when {
20 |                 expression { !edgex.isReleaseStream() && !params.ARCHIVE }
21 |             }
22 |             steps {
23 |                 build job: '/edgexfoundry/edgex-taf-pipelines/smoke-test', parameters: [string(name: 'SHA1', value: env.GIT_COMMIT), string(name: 'TEST_ARCH', value: 'All'), string(name: 'WITH_SECURITY', value: 'All')]
24 |             }
25 |         }
26 | 
27 |         stage('Archive 3rd Party Images') {
28 |             when {
29 |                 expression { params.ARCHIVE }
30 |             }
31 |             steps {
32 |                 edgeXDockerLogin(settingsFile: 'ci-build-images-settings')
33 |                 bootstrapBuildX()
34 | 
35 |                 script {
36 |                     def images = sh(script: "grep image docker-compose.yml | grep -v edgexfoundry | awk '{print \$2}'", returnStdout: true).trim()
37 |                     images.split('\n').each { image ->
38 |                         sh "echo -e 'FROM ${image}' | docker buildx build --platform 'linux/amd64,linux/arm64' -t nexus3.edgexfoundry.org:10002/archive/${image} --push -"
39 |                     }
40 |                 }
41 |             }
42 |         }
43 |     }
44 |     post {
45 |         always {
46 |             edgeXInfraPublish()
47 |         }
48 |         cleanup {
49 |             cleanWs()
50 |         }
51 |     }
52 | }
53 | 
54 | def bootstrapBuildX() {
55 |     sh 'docker buildx ls'
56 |     sh 'docker buildx create --name edgex-builder --platform linux/amd64,linux/arm64 --use'
57 |     sh 'docker buildx inspect --bootstrap'
58 |     sh 'docker buildx ls'
59 | }


--------------------------------------------------------------------------------
/compose-builder/add-nats-messagebus.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2022 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | volumes:
17 |   nats-data:
18 | 
19 | services:
20 |   nats:
21 |     image: nats:${NATS_VERSION}
22 |     command: [ "-js" ]
23 |     ports:
24 |       - "127.0.0.1:4222:4222"
25 |     container_name: edgex-nats-server
26 |     hostname: edgex-nats-server
27 |     read_only: true
28 |     restart: always
29 |     networks:
30 |       - edgex-network
31 |     security_opt:
32 |       - no-new-privileges:true
33 |     user: "root:root"
34 |     volumes:
35 |       - nats-data:/tmp/nats
36 | 
37 |   core-common-config-bootstrapper:
38 |     environment:
39 |       ALL_SERVICES_MESSAGEBUS_TYPE: nats-jetstream
40 |       ALL_SERVICES_MESSAGEBUS_PROTOCOL: tcp
41 |       ALL_SERVICES_MESSAGEBUS_HOST: edgex-nats-server
42 |       ALL_SERVICES_MESSAGEBUS_PORT: "4222"
43 |       ALL_SERVICES_MESSAGEBUS_AUTHMODE: none
44 | 
45 |   rules-engine:
46 |     environment:
47 |       CONNECTION__EDGEX__NATSMSGBUS__PORT: 4222
48 |       CONNECTION__EDGEX__NATSMSGBUS__PROTOCOL: tcp
49 |       CONNECTION__EDGEX__NATSMSGBUS__SERVER: edgex-nats-server
50 |       CONNECTION__EDGEX__NATSMSGBUS__TYPE: nats-jetstream
51 |       CONNECTION__EDGEX__NATSMSGBUS__OPTIONAL__CLIENTID: kuiper-rules-engine
52 |       EDGEX__DEFAULT__PORT: 4222
53 |       EDGEX__DEFAULT__PROTOCOL: tcp
54 |       EDGEX__DEFAULT__SERVER: edgex-nats-server
55 |       EDGEX__DEFAULT__TYPE: nats-jetstream
56 |       EDGEX__DEFAULT__TOPIC: edgex/rules-events
57 |       EDGEX__DEFAULT__OPTIONAL__CLIENTID: kuiper-rules-engine
58 |     depends_on:
59 |       - nats
60 | 


--------------------------------------------------------------------------------
/compose-builder/.env:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2022 Intel
 3 | #  * Copyright 2024 IOTech Ltd
 4 | #  *
 5 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 6 | #  * in compliance with the License. You may obtain a copy of the License at
 7 | #  *
 8 | #  * http://www.apache.org/licenses/LICENSE-2.0
 9 | #  *
10 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
11 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
12 | #  * or implied. See the License for the specific language governing permissions and limitations under
13 | #  * the License.
14 | #  *
15 | #  *******************************************************************************/
16 | #
17 | # This file contains the registry and image versions variables referenced in compose files.
18 | # Docker compose implicitly use the ".env" file, if it exists, so you will not see it referenced in the compose files.
19 | # It is referenced in the Makefile so that it can also use these settings.
20 | #
21 | 
22 | RELEASE_FOLDER=../
23 | CORE_EDGEX_REPOSITORY=nexus3.edgexfoundry.org:10004
24 | APP_SVC_REPOSITORY=nexus3.edgexfoundry.org:10004
25 | DEVICE_SVC_REPOSITORY=nexus3.edgexfoundry.org:10004
26 | UI_REPOSITORY=nexus3.edgexfoundry.org:10004
27 | CORE_EDGEX_VERSION=latest
28 | APP_SERVICE_CONFIG_VERSION=latest
29 | APP_LLRP_VERSION=latest
30 | APP_RECORD_REPLAY_VERSION=latest
31 | EDGEX_UI_VERSION=latest
32 | DEVICE_BACNET_VERSION=latest
33 | DEVICE_MODBUS_VERSION=latest
34 | DEVICE_MQTT_VERSION=latest
35 | DEVICE_REST_VERSION=latest
36 | DEVICE_SNMP_VERSION=latest
37 | DEVICE_VIRTUAL_VERSION=latest
38 | DEVICE_LLRP_VERSION=latest
39 | DEVICE_COAP_VERSION=latest
40 | DEVICE_GPIO_VERSION=latest
41 | DEVICE_UART_VERSION=latest
42 | DEVICE_ONVIFCAM_VERSION=latest
43 | DEVICE_USBCAM_VERSION=latest
44 | DEVICE_S7_VERSION=latest
45 | DEVICE_OPCUA_VERSION=latest
46 | DEVICE_CAN_VERSION=latest
47 | 
48 | BAO_VERSION=2.4
49 | POSTGRES_VERSION=18.1-alpine
50 | KUIPER_VERSION=2.3-alpine
51 | MOSQUITTO_VERSION=2.0
52 | NANOMQ_VERSION=0.24
53 | NATS_VERSION=2.12-alpine
54 | NGINX_VERSION=1.29-alpine-slim
55 | EDGEX_USER=2002
56 | EDGEX_GROUP=2001
57 | 
58 | CP_FLAGS='-cp=keeper.http://edgex-core-keeper:59890'
59 | DATABASE_HOST=edgex-postgres
60 | DATABASE_PORT=5432
61 | MESSAGEBUS_HOST=edgex-mqtt-broker
62 | MESSAGEBUS_SECRETNAME=message-bus
63 | MESSAGEBUS_AUTHMODE=usernamepassword
64 | MESSAGEBUS_PORT=1883
65 | MESSAGEBUS_PROTOCOL=tcp
66 | MESSAGEBUS_TYPE=mqtt
67 | 


--------------------------------------------------------------------------------
/compose-builder/upload-api-gateway-cert.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | # /*******************************************************************************
 3 | #  * Copyright 2022 Intel Corporation.
 4 | #  *
 5 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 6 | #  * in compliance with the License. You may obtain a copy of the License at
 7 | #  *
 8 | #  * http://www.apache.org/licenses/LICENSE-2.0
 9 | #  *
10 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
11 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
12 | #  * or implied. See the License for the specific language governing permissions and limitations under
13 | #  * the License.
14 | #  *******************************************************************************/
15 | 
16 | 
17 | # usage function for uploading tls cert:
18 | usage()
19 | {
20 |   echo "Usage: CERT_INPUT_FILE=<full-path-for-cert-input-file> KEY_INPUT_FILE=<full-path-for-key-input-file> ./upload-api-gateway-cert.sh"
21 |   echo "\tBoth CERT_INPUT_FILE and KEY_INPUT_FILE are required."
22 |   exit 1
23 | }
24 | 
25 | # DEV and ARCH are set in environment prior to calling script
26 | # example: DEV=-dev ARCH=-arm64 ./upload-api-gateway-cert.sh
27 | 
28 | # versions are loaded from .env file
29 | . ./.env
30 | 
31 | if [ "x$DEV" = "x-dev" ]; then
32 |   export CORE_EDGEX_REPOSITORY=edgexfoundry
33 |   export CORE_EDGEX_VERSION=0.0.0-dev
34 | fi
35 | 
36 | # required input sanity checks
37 | if [ "$CERT_INPUT_FILE" = "" ]; then
38 |   echo "Missing env parameter: CERT_INPUT_FILE"
39 |   usage
40 | fi
41 | if [ "$KEY_INPUT_FILE" = "" ]; then
42 |   echo "Missing  env parameter: KEY_INPUT_FILE"
43 |   usage
44 | fi
45 | 
46 | # staging the input files into temporary files
47 | STAGING="staging-cert"
48 | rm -rf ${STAGING}
49 | mkdir -p ${STAGING}
50 | 
51 | cp ${CERT_INPUT_FILE} ${STAGING}
52 | cp ${KEY_INPUT_FILE} ${STAGING}
53 | 
54 | CERT_FILE_NAME=$(basename ${CERT_INPUT_FILE})
55 | KEY_FILE_NAME=$(basename ${KEY_INPUT_FILE})
56 | 
57 | echo "Uploading API Gateway TLS certificate with certificate file: ${CERT_FILE_NAME}, key file: ${KEY_FILE_NAME}"
58 | docker run --rm -it --network edgex_edgex-network --entrypoint "" -v ${PWD}/${STAGING}:/${STAGING} -v edgex_nginx-tls:/etc/ssl/nginx \
59 |        ${CORE_EDGEX_REPOSITORY}/security-proxy-setup${ARCH}:${CORE_EDGEX_VERSION} \
60 |         /edgex/secrets-config proxy tls --inCert /${STAGING}/${CERT_FILE_NAME} \
61 |         --inKey /${STAGING}/${KEY_FILE_NAME}
62 | 
63 | docker exec edgex-nginx nginx -s reload
64 | 
65 | if [ $? = 0 ]; then
66 |   echo "API Gateway TLS certificate uploaded"
67 | else
68 |   echo "Failed to upload API Gateway TLS certificate"
69 | fi
70 | 
71 | rm -rf ${STAGING}
72 | 


--------------------------------------------------------------------------------
/compose-builder/add-taf-app-services.yml:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2024 Intel Corporation.
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | services:
17 |   app-functional-tests:
18 |     image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION}
19 |     command: "--registry ${CP_FLAGS}"
20 |     ports:
21 |       - 59705:59705/tcp
22 |     container_name: edgex-app-functional-tests
23 |     hostname: edgex-app-functional-tests
24 |     env_file:
25 |       - common-non-security.env
26 |     environment:
27 |       EDGEX_PROFILE: functional-tests
28 |       SERVICE_HOST: edgex-app-functional-tests
29 |     depends_on:
30 |       - core-keeper
31 |       - core-metadata
32 |       - core-common-config-bootstrapper
33 |     read_only: true
34 |     networks:
35 |       - edgex-network
36 |     security_opt:
37 |       - no-new-privileges:true
38 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
39 |     volumes:
40 |       # use host timezone
41 |       - /etc/localtime:/etc/localtime:ro
42 | 
43 |   app-scalability-test-mqtt-export:
44 |     image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION}
45 |     command: "--registry ${CP_FLAGS}"
46 |     ports:
47 |       - "59710:59703" #Exposing as different port to avoid conflict with other MQTT export instance
48 |     container_name: edgex-app-scalability-test-mqtt-export
49 |     hostname: edgex-app-scalability-test-mqtt-export
50 |     env_file:
51 |       - common-non-security.env
52 |     environment:
53 |       EDGEX_PROFILE: mqtt-export
54 |       EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export
55 |       SERVICE_HOST: edgex-app-scalability-test-mqtt-export
56 |       WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: app-scalability-test-mqtt-export
57 |       WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER
58 |       WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events
59 | 
60 |       MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export
61 |       WRITABLE_LOGLEVEL: DEBUG
62 |     depends_on:
63 |       - core-keeper
64 |       - core-metadata
65 |       - core-common-config-bootstrapper
66 |     read_only: true
67 |     networks:
68 |       - edgex-network
69 |     security_opt:
70 |       - no-new-privileges:true
71 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
72 |     volumes:
73 |       # use host timezone
74 |       - /etc/localtime:/etc/localtime:ro
75 | 


--------------------------------------------------------------------------------
/.github/Contributing.md:
--------------------------------------------------------------------------------
 1 | ## <a name="commit"></a> Commit Message Guidelines
 2 | 
 3 | We have very precise rules over how our git commit messages can be formatted.  This leads to **more readable messages** that are easy to follow when looking through the **project history**. For full contribution guidelines visit
 4 | the [Contributors Guide](https://wiki.edgexfoundry.org/display/FA/Committing+Code+Guidelines#CommittingCodeGuidelines-Commits) on the EdgeX Wiki
 5 | 
 6 | ### Commit Message Format
 7 | Each commit message consists of a **header**, a **body** and a **footer**.  The header has a special format that includes a **type**, a **scope** and a **subject**:
 8 | 
 9 | ```
10 | <type>(<scope>): <subject>
11 | <BLANK LINE>
12 | <body>
13 | <BLANK LINE>
14 | <footer>
15 | ```
16 | 
17 | The **header** with **type** is mandatory.  The **scope** of the header is optional.  This repository has no predefined scopes.  A custom scope can be used for clarity if desired.
18 | 
19 | Any line of the commit message cannot be longer 100 characters! This allows the message to be easier to read on GitHub as well as in various git tools.
20 | 
21 | The footer should contain a [closing reference to an issue](https://help.github.com/articles/closing-issues-via-commit-messages/) if any.
22 | 
23 | Example 1:
24 | ```
25 | feat: add new device wizard
26 | ```
27 | 
28 | Example 2:
29 | ```
30 | fix: correct default database port configuration 
31 | 
32 | Previously configuration used to the wrong default database port. This commit fixes the default database port for Redis in the configuration.
33 | 
34 | Closes: #123
35 | ```
36 | 
37 | ### Revert
38 | If the commit reverts a previous commit, it should begin with `revert: `, followed by the header of the reverted commit. In the body it should say: `This reverts commit <hash>.`, where the hash is the SHA of the commit being reverted.
39 | 
40 | ### Type
41 | Must be one of the following:
42 | 
43 | * **feat**: A new feature
44 | * **fix**: A bug fix
45 | * **docs**: Documentation only changes
46 | * **style**: Changes that do not affect the meaning of the code (white-space, formatting, etc)
47 | * **refactor**: A code change that neither fixes a bug nor adds a feature
48 | * **perf**: A code change that improves performance
49 | * **test**: Adding missing tests or correcting existing tests
50 | * **build**: Changes that affect the CI/CD pipeline or build system or external dependencies (example scopes: travis, jenkins, makefile)
51 | * **ci**: Changes provided by DevOps for CI purposes.
52 | * **revert**: Reverts a previous commit.
53 | 
54 | ### Scope
55 | There are no predefined scopes for this repository.  A custom scope can be provided for  clarity.
56 | 
57 | ### Subject
58 | The subject contains a succinct description of the change:
59 | 
60 | * use the imperative, present tense: "change" not "changed" nor "changes"
61 | * don't capitalize the first letter
62 | * no dot (.) at the end
63 | 
64 | ### Body
65 | Just as in the **subject**, use the imperative, present tense: "change" not "changed" nor "changes".
66 | The body should include the motivation for the change and contrast this with previous behavior.
67 | 
68 | ### Footer
69 | The footer should contain any information about **Breaking Changes** and is also the place to
70 | reference GitHub issues that this commit **Closes**.
71 | 
72 | **Breaking Changes** should start with the word `BREAKING CHANGE:` with a space or two newlines. The rest of the commit message is then used for this.
73 | 
74 | 


--------------------------------------------------------------------------------
/compose-builder/add-security-zero-trust.yml:
--------------------------------------------------------------------------------
 1 | name: edgex
 2 | services:
 3 |   app-rules-engine:
 4 |     environment:
 5 |       SERVICE_HOST: app-rules-engine.edgex.ziti
 6 |       SERVICE_PORT: 80
 7 |     ports: !reset []
 8 |   core-command:
 9 |     environment:
10 |       SERVICE_HOST: core-command.edgex.ziti
11 |       SERVICE_PORT: 80
12 |       CLIENTS_CORE_METADATA_HOST: "core-metadata.edgex.ziti"
13 |       CLIENTS_CORE_METADATA_PORT: 80
14 |       CLIENTS_CORE_METADATA_SECURITYOPTIONS_MODE: "zerotrust"
15 |     ports: !reset []
16 |   core-common-config-bootstrapper:
17 |     environment:
18 |       ALL_SERVICES_SERVICE_SECURITYOPTIONS_MODE: "zerotrust"
19 |       APP_SERVICES_CLIENTS_CORE_METADATA_HOST: core-metadata.edgex.ziti
20 |       APP_SERVICES_CLIENTS_CORE_METADATA_PORT: 80
21 |       APP_SERVICES_CLIENTS_CORE_METADATA_SECURITYOPTIONS_MODE: "zerotrust"
22 |       DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: core-metadata.edgex.ziti
23 |       DEVICE_SERVICES_CLIENTS_CORE_METADATA_PORT: 80
24 |       DEVICE_SERVICES_CLIENTS_CORE_METADATA_SECURITYOPTIONS_MODE: "zerotrust"
25 |     ports: !reset []
26 |   core-data:
27 |     environment:
28 |       SERVICE_HOST: core-data.edgex.ziti
29 |       SERVICE_PORT: 80
30 |     ports: !reset []
31 |   core-metadata:
32 |     environment:
33 |       SERVICE_HOST: core-metadata.edgex.ziti
34 |       SERVICE_PORT: "80"
35 |     ports: !reset []
36 |   rules-engine:
37 |     environment:
38 |       EDGEX_CREDENTIAL_NAME: rules-engine
39 |       EDGEX_CREDENTIALS: /tmp/edgex/secrets/rules-engine/secrets-token.json
40 |       KUIPER__BASIC__ENABLEOPENZITI: true
41 |       OPENZITI_CONTROLLER: openziti:1280
42 |     ports: !reset []
43 |     volumes:
44 |       - edgex-init:/edgex-init
45 |       - /tmp/edgex/secrets/rules-engine:/tmp/edgex/secrets/rules-engine:ro,z
46 |   support-notifications:
47 |     environment:
48 |       SERVICE_HOST: support-notifications.edgex.ziti
49 |       SERVICE_PORT: 80
50 |     ports: !reset []
51 |   ui:
52 |     command:
53 |       - "./edgex-ui-server"
54 |       - "--configDir=res/docker"
55 |     container_name: edgex-ui-go
56 |     depends_on:
57 |       - core-keeper
58 |       - core-common-config-bootstrapper
59 |       - core-metadata
60 |       - security-bootstrapper
61 |     env_file:
62 |       - common-security.env
63 |       - common-sec-stage-gate.env
64 |     environment:
65 |       SERVICE_HOST: edgex-ui-go
66 |       CLIENTS_CORE_COMMAND_SECURITYOPTIONS_MODE: "zerotrust"
67 |       CLIENTS_CORE_COMMAND_HOST: "core-command.edgex.ziti"
68 |       CLIENTS_CORE_COMMAND_PORT: 80
69 |       CLIENTS_CORE_DATA_SECURITYOPTIONS_MODE: "zerotrust"
70 |       CLIENTS_CORE_DATA_HOST: "core-data.edgex.ziti"
71 |       CLIENTS_CORE_DATA_PORT: 80
72 |       CLIENTS_CORE_METADATA_SECURITYOPTIONS_MODE: "zerotrust"
73 |       CLIENTS_CORE_METADATA_HOST: "core-metadata.edgex.ziti"
74 |       CLIENTS_CORE_METADATA_PORT: 80
75 |       CLIENTS_RULES_ENGINE_SECURITYOPTIONS_MODE: "zerotrust"
76 |       CLIENTS_RULES_ENGINE_HOST: "rules-engine.edgex.ziti"
77 |       CLIENTS_RULES_ENGINE_PORT: 80
78 |       CLIENTS_SUPPORT_NOTIFICATIONS_SECURITYOPTIONS_MODE: "zerotrust"
79 |       CLIENTS_SUPPORT_NOTIFICATIONS_HOST: "support-notifications.edgex.ziti"
80 |       CLIENTS_SUPPORT_NOTIFICATIONS_PORT: 80
81 |       BAO_ADDR: http://edgex-secret-store:8200
82 |     entrypoint:
83 |       - /edgex-init/ready_to_run_wait_install.sh
84 |     volumes:
85 |       - edgex-init:/edgex-init
86 |       - /tmp/edgex/secrets/ui:/tmp/edgex/secrets/ui:ro,z
87 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | # /*******************************************************************************
 2 | #  * Copyright 2021 Intel
 3 | #  *
 4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 5 | #  * in compliance with the License. You may obtain a copy of the License at
 6 | #  *
 7 | #  * http://www.apache.org/licenses/LICENSE-2.0
 8 | #  *
 9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11 | #  * or implied. See the License for the specific language governing permissions and limitations under
12 | #  * the License.
13 | #  *
14 | #  *******************************************************************************/
15 | 
16 | .PHONY: help portainer portainer-down pull run pull-ui run-ui down-ui down clean get-token openziti openziti-down zero-trust
17 | .SILENT: help get-token
18 | 
19 | help:
20 | 	echo "See README.md in this folder"
21 | 
22 | ARGS:=$(wordlist 2,$(words $(MAKECMDGOALS)),$(MAKECMDGOALS))
23 | $(eval $(ARGS):;@:)
24 | 
25 | OPTIONS:=" arm64 no-secty app-sample zero-trust " # Must have spaces around words for `filter-out` function to work properly
26 | 
27 | # This tool now only supports compose V2, aka "docker compose" as it has replaced to old docker-compose tool.
28 | DOCKER_COMPOSE=docker compose
29 | 
30 | # Resolve user ID for rootless docker port mapping
31 | export USERID:=$(shell id -u)
32 | 
33 | # Set default rootful docker socket path otherwise detect rootless path
34 | export DOCKER_SOCKET_PATH=/var/run/docker.sock
35 | ifneq (,$(wildcard /run/user/$(USERID)/docker.sock))
36 |     export DOCKER_SOCKET_PATH := /run/user/$(USERID)/docker.sock
37 | endif
38 | 
39 | ifeq (arm64, $(filter arm64,$(ARGS)))
40 | 	ARM64=-arm64
41 | 	ARM64_OPTION=arm64
42 | endif
43 | ifeq (no-secty, $(filter no-secty,$(ARGS)))
44 | 	NO_SECURITY:=-no-secty
45 | endif
46 | ifeq (app-sample, $(filter app-sample,$(ARGS)))
47 | 	APP_SAMPLE:=-with-app-sample
48 | endif
49 | ifeq (zero-trust, $(filter zero-trust,$(ARGS)))
50 | 	ZERO_TRUST_OPTION=-zero-trust
51 | endif
52 | 
53 | SERVICES:=$(filter-out $(OPTIONS),$(ARGS))
54 | 
55 | define COMPOSE_DOWN
56 | 	${DOCKER_COMPOSE} -p edgex -f docker-compose-with-app-sample.yml down $1
57 | endef
58 | 
59 | # Define additional phony targets for all options to enable support for tab-completion in shell
60 | # Note: This must be defined after the options are parsed otherwise it will interfere with them
61 | .PHONY: $(OPTIONS)
62 | 
63 | portainer:
64 | 	${DOCKER_COMPOSE} -p portainer -f docker-compose-portainer.yml up -d
65 | 
66 | portainer-down:
67 | 	${DOCKER_COMPOSE} -p portainer -f docker-compose-portainer.yml down
68 | 
69 | openziti:
70 | 	${DOCKER_COMPOSE} -p edgex -f docker-compose-openziti.yml up -d --build
71 | 
72 | openziti-down:
73 | 	${DOCKER_COMPOSE} -p edgex -f docker-compose-openziti.yml down
74 | 
75 | openziti-logs:
76 | 	${DOCKER_COMPOSE} -p edgex -f docker-compose-openziti.yml logs -f
77 | 
78 | openziti-clean:
79 | 	${DOCKER_COMPOSE} -p edgex -f docker-compose-openziti.yml down -v
80 | 
81 | pull:
82 | 	${DOCKER_COMPOSE} -f docker-compose${NO_SECURITY}${ZERO_TRUST_OPTION}${ARM64}.yml pull ${SERVICES}
83 | 
84 | run:
85 | 	${DOCKER_COMPOSE} -p edgex -f docker-compose${NO_SECURITY}${APP_SAMPLE}${ZERO_TRUST_OPTION}${ARM64}.yml up -d ${SERVICES}
86 | 
87 | down:
88 | 	$(COMPOSE_DOWN)
89 | 
90 | clean:
91 | 	$(call COMPOSE_DOWN,-v)
92 | 
93 | get-token:
94 | 	DEV=$(DEV) \
95 | 	ARCH=$(ARCH) \
96 | 	cd ./compose-builder; sh get-api-gateway-token.sh
97 | 


--------------------------------------------------------------------------------
/compose-builder/add-security-proxy.yml:
--------------------------------------------------------------------------------
  1 | # /*******************************************************************************
  2 | #  * Copyright 2024 Intel Corporation.
  3 | #  * Copyright 2024 IOTech Ltd
  4 | #  *
  5 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  6 | #  * in compliance with the License. You may obtain a copy of the License at
  7 | #  *
  8 | #  * http://www.apache.org/licenses/LICENSE-2.0
  9 | #  *
 10 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
 11 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 12 | #  * or implied. See the License for the specific language governing permissions and limitations under
 13 | #  * the License.
 14 | #  *
 15 | #  *******************************************************************************/
 16 | 
 17 | volumes:
 18 |   nginx-templates:
 19 |   nginx-tls:
 20 | 
 21 | services:
 22 | # containers for reverse proxy
 23 | 
 24 |   nginx:
 25 |     image: nginx:${NGINX_VERSION}
 26 |     container_name: edgex-nginx
 27 |     hostname: edgex-nginx
 28 |     ports:
 29 |       - "8443:8443"  # port 8000 (insecure) is not mapped externally)
 30 |     read_only: true
 31 |     restart: always
 32 |     networks:
 33 |       edgex-network:
 34 |     entrypoint: ["/bin/sh", "/edgex-init/nginx_wait_install.sh"]
 35 |     command:
 36 |       - "/docker-entrypoint.sh"
 37 |       - nginx
 38 |       - "-g"
 39 |       - "daemon off;"
 40 |     env_file:
 41 |       - common-sec-stage-gate.env
 42 |     volumes:
 43 |       - edgex-init:/edgex-init:ro
 44 |       - nginx-templates:/etc/nginx/templates
 45 |       - nginx-tls:/etc/ssl/nginx
 46 |     depends_on:
 47 |       - security-secretstore-setup
 48 |     security_opt:
 49 |       - no-new-privileges:true
 50 |     tmpfs:
 51 |       - /etc/nginx/conf.d
 52 |       - /var/cache/nginx
 53 |       - /var/log/nginx
 54 |       - /var/run
 55 | 
 56 |   security-proxy-setup:
 57 |     image: ${CORE_EDGEX_REPOSITORY}/security-proxy-setup${ARCH}:${CORE_EDGEX_VERSION}
 58 |     user: "root:root"
 59 |     container_name: edgex-security-proxy-setup
 60 |     hostname: edgex-security-proxy-setup
 61 |     entrypoint: ["/edgex-init/proxy_setup_wait_install.sh"]
 62 |     read_only: true
 63 |     restart: always
 64 |     networks:
 65 |       - edgex-network
 66 |     env_file:
 67 |       - common-security.env
 68 |       - common-sec-stage-gate.env
 69 |     volumes:
 70 |       # use host timezone
 71 |       - /etc/localtime:/etc/localtime:ro
 72 |       - edgex-init:/edgex-init:ro
 73 |       - secret-store-config:/openbao/config
 74 |       - nginx-templates:/etc/nginx/templates
 75 |       - nginx-tls:/etc/ssl/nginx
 76 |       - /tmp/edgex/secrets/security-proxy-setup:/tmp/edgex/secrets/security-proxy-setup:ro,z
 77 |     depends_on:
 78 |       - security-bootstrapper
 79 |       - security-secretstore-setup
 80 |     security_opt:
 81 |       - no-new-privileges:true
 82 | 
 83 |   security-proxy-auth:
 84 |     image: ${CORE_EDGEX_REPOSITORY}/security-proxy-auth${ARCH}:${CORE_EDGEX_VERSION}
 85 |     container_name: edgex-proxy-auth
 86 |     hostname: edgex-proxy-auth
 87 |     ports:
 88 |       - "127.0.0.1:59842:59842"
 89 |     read_only: true
 90 |     restart: always
 91 |     networks:
 92 |       - edgex-network
 93 |     entrypoint: ["/bin/sh", "/edgex-init/ready_to_run_wait_install.sh"]
 94 |     command: entrypoint.sh /security-proxy-auth --registry ${CP_FLAGS}
 95 |     env_file:
 96 |       - common-security.env
 97 |       - common-sec-stage-gate.env
 98 |     environment:
 99 |       SERVICE_HOST: edgex-proxy-auth
100 |     volumes:
101 |       # use host timezone
102 |       - /etc/localtime:/etc/localtime:ro
103 |       - edgex-init:/edgex-init:ro
104 |       - /tmp/edgex/secrets/security-proxy-auth:/tmp/edgex/secrets/security-proxy-auth:ro,z
105 |     depends_on:
106 |       - security-secretstore-setup
107 |       - core-common-config-bootstrapper
108 |     security_opt:
109 |       - no-new-privileges:true
110 | 
111 | # end of containers for reverse proxy
112 | 


--------------------------------------------------------------------------------
/compose-builder/gen_secure_compose_ext.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | # /*******************************************************************************
 3 | #  * Copyright 2021 Intel Corporation.
 4 | #  *
 5 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 6 | #  * in compliance with the License. You may obtain a copy of the License at
 7 | #  *
 8 | #  * http://www.apache.org/licenses/LICENSE-2.0
 9 | #  *
10 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
11 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
12 | #  * or implied. See the License for the specific language governing permissions and limitations under
13 | #  * the License.
14 | #  *******************************************************************************/
15 | 
16 | # This shell script is used to generate the extension of docker-compose yaml file in secure mode dynamically
17 | 
18 | num_of_args=$#
19 | # the positional input arguments are <"service_name"> <"service_key"> <"executable"> ["parameters"]
20 | # where the last argument is optional with default value
21 | # we use the inherited pattern to reduce the input number of arguments from the caller
22 | # i.e. if only provided one input argument, then the 2nd and 3rd argument will be the same as the first argument
23 | 
24 | service_name='' service_key='' executable='' params=' ${CP_FLAGS}'
25 | case "$num_of_args" in
26 | 0)
27 |   echo "ERROR: Invalid number of arguments, should be at least 1"
28 |   exit 1
29 |   ;;
30 | 1)
31 |   service_name=$1 service_key=$1 executable=$1
32 |   ;;
33 | 2)
34 |   service_name=$1 service_key=$2 executable=$2
35 |   ;;
36 | 3)
37 |   service_name=$1 service_key=$2 executable=$3
38 |   ;;
39 | 4 | *)
40 |   service_name=$1 service_key=$2 executable=$3 params=$4
41 |   ;;
42 | esac
43 | 
44 | DEFAULT_GEN_EXT_DIR="gen_ext_compose"
45 | GEN_EXT_DIR="${GEN_EXT_DIR:-$DEFAULT_GEN_EXT_DIR}"
46 | mkdir -p "$GEN_EXT_DIR"
47 | 
48 | ADD_SERVICE_SECURE_FILE_TEMPLATE="add-service-secure-template.yml"
49 | 
50 | SERVICE_EXT_COMPOSE_PATH="./${GEN_EXT_DIR}/add-${service_name}-secure.yml"
51 | sed 's/${SERVICE_NAME}:/'"$service_name"':/g' "$ADD_SERVICE_SECURE_FILE_TEMPLATE" > "$SERVICE_EXT_COMPOSE_PATH"
52 | sed -i 's/${SERVICE_KEY}/'"$service_key"'/g' "$SERVICE_EXT_COMPOSE_PATH"
53 | sed -i 's,${EXECUTABLE},'"$executable"',g' "$SERVICE_EXT_COMPOSE_PATH"
54 | if [ "$ZERO_TRUST" = "1" ]; then
55 |   sed -i 's,${ZERO_TRUST},#,g' "$SERVICE_EXT_COMPOSE_PATH"
56 |   cat >> "$SERVICE_EXT_COMPOSE_PATH" <<HERE
57 |     # env_file does not override environment and these values are set in the add-* templates
58 |     # use a heredoc and append it to the generated file accordingly so that docker compose will
59 |     # reduce it down and override as expected
60 |     environment:
61 |       SERVICE_HOST: ${service_name}.edgex.ziti
62 |       SERVICE_PORT: 80
63 |     ports: !reset []
64 | HERE
65 | else
66 |   sed -i 's,${ZERO_TRUST},,g' "$SERVICE_EXT_COMPOSE_PATH"
67 | fi
68 | case "${service_name}" in
69 |   device-bacnet-ip | device-bacnet-mstp | device-coap | device-gpio)
70 |     # These services don't have dumb-init in their containers, causing an issue for the wait script, use sh instead
71 |     sed -i 's/${SHELL_OVERRIDE}/"\/bin\/sh", /g' "$SERVICE_EXT_COMPOSE_PATH"
72 |     ;;
73 |   *)
74 |     sed -i 's/${SHELL_OVERRIDE}//g' "$SERVICE_EXT_COMPOSE_PATH"
75 |     ;;
76 | esac
77 | # optional with default value
78 | if [ "$num_of_args" -eq 4 ]; then
79 |     sed -i 's, ${CP_FLAGS},'"$params"',g' "$SERVICE_EXT_COMPOSE_PATH"
80 | fi
81 | 
82 | 
83 | if [ "$IS_MQTT_BUS" = "1" ]; then
84 |   if [ "$service_name" = "app-service-mqtt-export" ] || [ "$service_name" = "app-scalability-test-mqtt-export" ]; then
85 |     ENV_SECTION='environment:\r      WRITABLE_INSECURESECRETS_MQTT_SECRETS_USERNAME: USERNAME_PLACEH_OLDER\r      WRITABLE_INSECURESECRETS_MQTT_SECRETS_PASSWORD: PASSWORD_PLACE_HOLDER'
86 |     sed -i 's/##${ENVIRONMENT_SECTION}/'"$ENV_SECTION"'/g' "$SERVICE_EXT_COMPOSE_PATH"
87 |   fi
88 |   if [ "$service_name" = "device-mqtt" ]; then
89 |     ENV_SECTION='environment:\r      MQTTBROKERINFO_AUTHMODE: usernamepassword'
90 |     sed -i 's/##${ENVIRONMENT_SECTION}/'"$ENV_SECTION"'/g' "$SERVICE_EXT_COMPOSE_PATH"
91 |   fi
92 | fi
93 | 
94 | # return the extension compose file path
95 | echo "$SERVICE_EXT_COMPOSE_PATH"
96 | 


--------------------------------------------------------------------------------
/docker-compose-openziti.yml:
--------------------------------------------------------------------------------
  1 | services:
  2 |   openziti:
  3 |     container_name: edgex-openziti
  4 |     image: openziti/ziti-cli:0.34.1
  5 |     restart: unless-stopped
  6 |     networks:
  7 |       edgex-network:
  8 |         aliases:
  9 |           - openziti
 10 |           - ziti-controller
 11 |           - ziti-edge-controller
 12 |           - ziti-router
 13 |     entrypoint:
 14 |       - bash
 15 |       - -euc
 16 |       - |
 17 |         ZITI_CMD+=" --ctrl-address ${OPENZITI_ADVERTISED_ADDRESS:-openziti}"\
 18 |         " --ctrl-port ${OPENZITI_ADVERTISED_PORT:-1280}"\
 19 |         " --router-address ${OPENZITI_ADVERTISED_ADDRESS:-openziti}"\
 20 |         " --router-port ${ZITI_ROUTER_PORT:-3022}"\
 21 |         " --username ${ZITI_USER:-admin}"\
 22 |         " --password ${ZITI_PWD:-admin}"\
 23 |         " --home /edgex_openziti"
 24 |         exec ziti "$${@}" $${ZITI_CMD}
 25 |     command: -- edge quickstart
 26 |     user: 2002:2001
 27 |     environment:
 28 |       HOME: /edgex_openziti
 29 |       PFXLOG_NO_JSON: "${PFXLOG_NO_JSON:-true}"
 30 |     volumes:
 31 |       - edgex_openziti:/edgex_openziti
 32 |     ports:
 33 |       - ${ZITI_INTERFACE:-0.0.0.0}:${OPENZITI_ADVERTISED_PORT:-1280}:${OPENZITI_ADVERTISED_PORT:-1280}
 34 |       - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_ROUTER_PORT:-3022}:${ZITI_ROUTER_PORT:-3022}
 35 |     depends_on:
 36 |       openziti-initialize:
 37 |         condition: service_completed_successfully
 38 |   openziti-initialize:
 39 |     container_name: edgex-openziti-initialize
 40 |     image: busybox
 41 |     command: chown -Rc 2002:2001 /edgex_openziti
 42 |     user: root
 43 |     environment:
 44 |       HOME: /edgex_openziti
 45 |       PFXLOG_NO_JSON: "true"
 46 |     volumes:
 47 |       - edgex_openziti:/edgex_openziti
 48 |   openziti-configure:
 49 |     container_name: edgex-openziti-configure
 50 |     build:
 51 |       dockerfile: openziti-init.Dockerfile
 52 |     user: root
 53 |     environment:
 54 |       - ZITI_USER=${ZITI_USER:-admin}
 55 |       - ZITI_PWD=${ZITI_PWD:-admin}
 56 |       - OPENZITI_PERSISTENCE_PATH=${OPENZITI_PERSISTENCE_PATH:-/edgex_openziti}
 57 |       - OPENZITI_ADVERTISED_ADDRESS=${OPENZITI_ADVERTISED_ADDRESS:-openziti}
 58 |       - OPENZITI_ADVERTISED_PORT=${OPENZITI_ADVERTISED_PORT:-1280}
 59 |     volumes:
 60 |       - edgex_openziti:/edgex_openziti
 61 |     networks:
 62 |       edgex-network:
 63 |   openziti-underlay-proxy:
 64 |     container_name: edgex-underlay-proxy
 65 |     image: ghcr.io/openziti-test-kitchen/healthcheck-proxy/healthcheck-proxy:latest
 66 |     environment:
 67 |       HOME: /edgex_openziti
 68 |       OPENZITI_HEALTHCHECK_ALLOWED_PATH: '^.*/ping$'
 69 |       OPENZITI_HEALTHCHECK_SEARCH_REGEX: '(.*).edgex.ziti'
 70 |       OPENZITI_HEALTHCHECK_REPLACE_REGEX: 'edgex.$1'
 71 |       OPENZITI_HEALTHCHECK_PROXY_PORT: 80
 72 |       OPENZITI_HEALTHCHECK_IDENTITY: /edgex_openziti/healthcheck.json
 73 |     volumes:
 74 |       - edgex_openziti:/edgex_openziti
 75 |     command: >
 76 |       sh -c "
 77 |       while [ ! -f /edgex_openziti/healthcheck.json ]; do
 78 |         sleep 1
 79 |         echo 'waiting for /edgex_openziti/healthcheck.json...'
 80 |       done &&
 81 |       /app/zerotrust-healthcheck"
 82 |     restart: unless-stopped
 83 |     networks:
 84 |       edgex-network:
 85 |         aliases:
 86 |           - app-external-mqtt-trigger.edgex.ziti
 87 |           - app-http-export.edgex.ziti
 88 |           - app-metrics-influxdb.edgex.ziti
 89 |           - app-mqtt-export.edgex.ziti
 90 |           - app-rfid-llrp-inventory.edgex.ziti
 91 |           - app-rules-engine.edgex.ziti
 92 |           - app-sample.edgex.ziti
 93 |           - core-command.edgex.ziti
 94 |           - core-data.edgex.ziti
 95 |           - core-metadata.edgex.ziti
 96 |           - rules-engine.edgex.ziti
 97 |           - support-notifications.edgex.ziti
 98 |           - support-scheduler.edgex.ziti
 99 |           - device-bacnet-ip.edgex.ziti
100 |           - device-coap.edgex.ziti
101 |           - device-gpio.edgex.ziti
102 |           - device-modbus.edgex.ziti
103 |           - device-mqtt.edgex.ziti
104 |           - device-onvif-camera.edgex.ziti
105 |           - device-rest.edgex.ziti
106 |           - device-rfid-llrp.edgex.ziti
107 |           - device-snmp.edgex.ziti
108 |           - device-uart.edgex.ziti
109 |           - device-usb-camera.edgex.ziti
110 |           - device-virtual.edgex.ziti
111 | networks:
112 |   edgex-network:
113 |     name: edgex_edgex-network
114 |     driver: bridge
115 | volumes:
116 |   edgex_openziti:
117 |     driver: local
118 | 


--------------------------------------------------------------------------------
/openziti-init-entrypoint.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | if [ -e "${OPENZITI_PERSISTENCE_PATH}/healthcheck.json" ]; then
  3 |     echo "${OPENZITI_PERSISTENCE_PATH}/healthcheck.json exists. already initialized."
  4 |     exit 0
  5 | fi
  6 |  
  7 | 
  8 | # should be user settable through docker-compose/env/env vars
  9 | openziti_server_and_port="${OPENZITI_ADVERTISED_ADDRESS}:${OPENZITI_ADVERTISED_PORT}"
 10 | 
 11 | # expected to not change
 12 | oidc_server="vault:8200"
 13 | ext_signer_name="vault.clients"
 14 | auth_policy_name="${ext_signer_name}.auth.policy"
 15 | iss="/v1/identity/oidc"
 16 | jwks="http://vault:8200/v1/identity/oidc/.well-known/keys"
 17 | aud="edgex"
 18 | claim="name"
 19 | 
 20 | while [[ "$(curl -w "%{http_code}" -m 1 -s -k -o /dev/null https://${openziti_server_and_port}/version)" != "200" ]]; do echo "waiting for https://${openziti_server_and_port}"; sleep 3; done; echo "controller online"
 21 | ziti edge login ${openziti_server_and_port} -u $ZITI_USER -p $ZITI_PWD -y
 22 | 
 23 | ext_jwt_id=$(ziti edge create ext-jwt-signer "${ext_signer_name}" $iss -u $jwks -a $aud -c $claim)
 24 | 
 25 | edgex_auth_policy=$(ziti edge create auth-policy "${auth_policy_name}" \
 26 |   --primary-ext-jwt-allowed \
 27 |   --primary-ext-jwt-allowed-signers "${ext_jwt_id}")
 28 | 
 29 | function makeEdgeXService {
 30 |   local svc="edgex.$1"
 31 |   local idAttr="$2.id"
 32 |   local svcAttr="$2.svc"
 33 |   local int="$1.edgex.ziti"
 34 |   ziti edge create identity "${svc}" --external-id "${1}" -a "${idAttr},${svc}.server" -P "${edgex_auth_policy}"
 35 |   ziti edge create config "${svc}.intercept" intercept.v1 '{"protocols":["tcp"],"addresses":["'"${int}"'"], "portRanges":[{"low":80, "high":80}]}'
 36 |   ziti edge create service "${svc}" -a "${svcAttr},${svc}.server" --configs "${svc}.intercept"
 37 |   ziti edge create service-policy "${svc}.bind" Bind --service-roles "#${svc}.server" --identity-roles "#${svc}.server"
 38 | }
 39 | 
 40 | function makeCoreService {
 41 |   makeEdgeXService $1 "core"
 42 | }
 43 | function makeSupportService {
 44 |   makeEdgeXService $1 "support"
 45 | }
 46 | function makeDeviceService {
 47 |   makeEdgeXService $1 "device"
 48 | }
 49 | function makeApplicationService {
 50 |   makeEdgeXService $1 "application"
 51 | }
 52 | 
 53 | sleep 1
 54 | 
 55 | makeCoreService 'core-command'
 56 | makeCoreService 'core-data'
 57 | makeCoreService 'core-metadata'
 58 | makeCoreService 'ui'
 59 | 
 60 | makeSupportService 'rules-engine'
 61 | makeSupportService 'support-notifications'
 62 | 
 63 | makeDeviceService 'device-bacnet-ip'
 64 | makeDeviceService 'device-coap'
 65 | makeDeviceService 'device-gpio'
 66 | makeDeviceService 'device-modbus'
 67 | makeDeviceService 'device-mqtt'
 68 | makeDeviceService 'device-onvif-camera'
 69 | makeDeviceService 'device-rest'
 70 | makeDeviceService 'device-rfid-llrp'
 71 | makeDeviceService 'device-snmp'
 72 | makeDeviceService 'device-uart'
 73 | makeDeviceService 'device-usb-camera'
 74 | makeDeviceService 'device-virtual'
 75 | 
 76 | makeApplicationService 'app-external-mqtt-trigger'
 77 | makeApplicationService 'app-http-export'
 78 | makeApplicationService 'app-metrics-influxdb'
 79 | makeApplicationService 'app-mqtt-export'
 80 | makeApplicationService 'app-rfid-llrp-inventory'
 81 | makeApplicationService 'app-rules-engine'
 82 | makeApplicationService 'app-record-replay'
 83 | makeApplicationService 'app-sample'
 84 |   
 85 | ziti edge create service-policy app-core-dial Dial --identity-roles "#application.id" --service-roles "#core.svc"
 86 | ziti edge create service-policy app-support-dial Dial --identity-roles "#application.id" --service-roles "#support.svc"
 87 | ziti edge create service-policy ds-core-dial Dial --identity-roles "#device.id" --service-roles "@edgex.core-metadata"
 88 | ziti edge create service-policy core-core-dial Dial --identity-roles "#core.id" --service-roles "#core.svc"
 89 | ziti edge create service-policy corecmd-device-dial Dial --identity-roles "#edgex.core-command.server" --service-roles "#device.svc"
 90 | ziti edge create service-policy support-core-dial Dial --identity-roles "#support.id" --service-roles "#core.svc"
 91 | 
 92 | echo " "
 93 | echo "ext-jwt-id     : ${ext_jwt_id}"
 94 | echo "auth policy id : ${edgex_auth_policy}"
 95 | echo " "
 96 | 
 97 | echo "creating the healthcheck proxy identity"
 98 | ziti edge create identity \
 99 |   healthcheck -o ${OPENZITI_PERSISTENCE_PATH}/healthcheck.jwt \
100 |   -a 'healthchecker'
101 | ziti edge create service-policy healthcheck-core-dial Dial --identity-roles "#healthchecker" --service-roles "#core.svc"
102 | ziti edge create service-policy healthcheck-support-dial Dial --identity-roles "#healthchecker" --service-roles "#support.svc"
103 | ziti edge create service-policy healthcheck-device-dial Dial --identity-roles "#healthchecker" --service-roles "#device.svc"
104 | ziti edge create service-policy healthcheck-application-dial Dial --identity-roles "#healthchecker" --service-roles "#application.svc"
105 | 
106 | ziti edge create service-policy ui-support-dial Dial --identity-roles "#edgex.ui.server" --service-roles "#support.svc"
107 | 
108 | ziti edge enroll ${OPENZITI_PERSISTENCE_PATH}/healthcheck.jwt
109 | 
110 | 


--------------------------------------------------------------------------------
/compose-builder/add-delayed-start-services.yml:
--------------------------------------------------------------------------------
  1 | # /*******************************************************************************
  2 | #  * Copyright 2022 Intel Corporation.
  3 | #  *
  4 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  5 | #  * in compliance with the License. You may obtain a copy of the License at
  6 | #  *
  7 | #  * http://www.apache.org/licenses/LICENSE-2.0
  8 | #  *
  9 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
 10 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 11 | #  * or implied. See the License for the specific language governing permissions and limitations under
 12 | #  * the License.
 13 | #  *
 14 | #  *******************************************************************************/
 15 | 
 16 | volumes:
 17 |   spire-ca:
 18 |   spire-server:
 19 |   spire-agent:
 20 | 
 21 | services:
 22 |   security-spire-server:
 23 |     image: ${CORE_EDGEX_REPOSITORY}/security-spire-server${ARCH}:${CORE_EDGEX_VERSION}
 24 |     entrypoint:
 25 |       - /edgex-init/ready_to_run_wait_install.sh
 26 |     command: docker-entrypoint.sh
 27 |     user: "root:root"
 28 |     container_name: edgex-security-spire-server
 29 |     hostname: edgex-security-spire-server
 30 |     networks:
 31 |       - edgex-network
 32 |     ports:
 33 |       - 127.0.0.1:59840:59840
 34 |     read_only: true
 35 |     restart: always
 36 |     env_file:
 37 |       - common-security.env
 38 |       - common-sec-stage-gate.env
 39 |     tmpfs:
 40 |       - /run
 41 |     volumes:
 42 |       # use host timezone
 43 |       - /etc/localtime:/etc/localtime:ro
 44 |       - edgex-init:/edgex-init
 45 |       - spire-ca:/srv/spiffe/ca
 46 |       - spire-server:/srv/spiffe/server
 47 |       - /tmp/edgex/secrets/spiffe:/tmp/edgex/secrets/spiffe:z
 48 |     depends_on:
 49 |       - security-bootstrapper
 50 |     pid: host
 51 |     security_opt:
 52 |       - no-new-privileges:true
 53 | 
 54 |   security-spire-agent:
 55 |     image: ${CORE_EDGEX_REPOSITORY}/security-spire-agent${ARCH}:${CORE_EDGEX_VERSION}
 56 |     entrypoint:
 57 |       - /edgex-init/ready_to_run_wait_install.sh
 58 |     command: docker-entrypoint.sh
 59 |     user: "root:root"
 60 |     container_name: edgex-security-spire-agent
 61 |     hostname: edgex-security-spire-agent
 62 |     networks:
 63 |       - edgex-network
 64 |     read_only: true
 65 |     restart: always
 66 |     env_file:
 67 |       - common-security.env
 68 |       - common-sec-stage-gate.env
 69 |     tmpfs:
 70 |       - /run
 71 |     volumes:
 72 |       # use host timezone
 73 |       - /etc/localtime:/etc/localtime:ro
 74 |       - edgex-init:/edgex-init
 75 |       - spire-ca:/srv/spiffe/ca
 76 |       - spire-agent:/srv/spiffe/agent
 77 |       - /tmp/edgex/secrets/spiffe:/tmp/edgex/secrets/spiffe:z
 78 |       - ${DOCKER_SOCKET_PATH}:/var/run/docker.sock
 79 |     depends_on:
 80 |       - security-spire-server
 81 |     pid: host
 82 |     privileged: true
 83 |     security_opt:
 84 |       - no-new-privileges:true
 85 | 
 86 |   security-spire-config:
 87 |     image: ${CORE_EDGEX_REPOSITORY}/security-spire-config${ARCH}:${CORE_EDGEX_VERSION}
 88 |     entrypoint:
 89 |       - /edgex-init/ready_to_run_wait_install.sh
 90 |     command: docker-entrypoint.sh
 91 |     user: "root:root"
 92 |     container_name: edgex-security-spire-config
 93 |     hostname: edgex-security-spire-config
 94 |     networks:
 95 |       - edgex-network
 96 |     read_only: true
 97 |     restart: always
 98 |     env_file:
 99 |       - common-security.env
100 |       - common-sec-stage-gate.env
101 |     tmpfs:
102 |       - /run
103 |     volumes:
104 |       # use host timezone
105 |       - /etc/localtime:/etc/localtime:ro
106 |       - edgex-init:/edgex-init
107 |       - /tmp/edgex/secrets/spiffe:/tmp/edgex/secrets/spiffe:z
108 |     depends_on:
109 |       - security-spire-agent
110 |     security_opt:
111 |       - no-new-privileges:true
112 | 
113 |   security-spiffe-token-provider:
114 |     image: ${CORE_EDGEX_REPOSITORY}/security-spiffe-token-provider${ARCH}:${CORE_EDGEX_VERSION}
115 |     entrypoint:
116 |       - /edgex-init/ready_to_run_wait_install.sh
117 |     command: /security-spiffe-token-provider --registry ${CP_FLAGS}
118 |     user: "root:root"
119 |     container_name: edgex-security-spiffe-token-provider
120 |     hostname: edgex-security-spiffe-token-provider
121 |     networks:
122 |       - edgex-network
123 |     ports:
124 |       - 127.0.0.1:59841:59841
125 |     read_only: true
126 |     restart: always
127 |     env_file:
128 |       - common-security.env
129 |       - common-sec-stage-gate.env
130 |     environment:
131 |       SERVICE_HOST: edgex-security-spiffe-token-provider
132 |     tmpfs:
133 |       - /run
134 |     volumes:
135 |       # use host timezone
136 |       - /etc/localtime:/etc/localtime:ro
137 |       - edgex-init:/edgex-init
138 |       - /tmp/edgex/secrets/spiffe:/tmp/edgex/secrets/spiffe:z
139 |       - /tmp/edgex/secrets/security-spiffe-token-provider:/tmp/edgex/secrets/security-spiffe-token-provider:z
140 |     depends_on:
141 |       - core-keeper
142 |       - security-spire-agent
143 |       - security-bootstrapper
144 |     security_opt:
145 |       - no-new-privileges:true
146 | 


--------------------------------------------------------------------------------
/compose-builder/add-security.yml:
--------------------------------------------------------------------------------
  1 | # /*******************************************************************************
  2 | #  * Copyright 2024 Intel Corporation.
  3 | #  * Copyright 2025 IOTech Ltd
  4 | #  *
  5 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  6 | #  * in compliance with the License. You may obtain a copy of the License at
  7 | #  *
  8 | #  * http://www.apache.org/licenses/LICENSE-2.0
  9 | #  *
 10 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
 11 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 12 | #  * or implied. See the License for the specific language governing permissions and limitations under
 13 | #  * the License.
 14 | #  *
 15 | #  *******************************************************************************/
 16 | 
 17 | volumes:
 18 |   edgex-init:
 19 |   secret-store-config:
 20 |   secret-store-file:
 21 |   secret-store-logs:
 22 | 
 23 | services:
 24 |   security-bootstrapper:
 25 |     image: ${CORE_EDGEX_REPOSITORY}/security-bootstrapper${ARCH}:${CORE_EDGEX_VERSION}
 26 |     user: "root:root" # Must run as root
 27 |     container_name: edgex-security-bootstrapper
 28 |     hostname: edgex-security-bootstrapper
 29 |     networks:
 30 |       - edgex-network
 31 |     read_only: true
 32 |     restart: always
 33 |     env_file:
 34 |       - common-sec-stage-gate.env
 35 |     environment:
 36 |       EDGEX_USER: ${EDGEX_USER}
 37 |       EDGEX_GROUP: ${EDGEX_GROUP}
 38 |     volumes:
 39 |       # use host timezone
 40 |       - /etc/localtime:/etc/localtime:ro
 41 |       - edgex-init:/edgex-init
 42 |     security_opt:
 43 |       - no-new-privileges:true
 44 | 
 45 |   security-secretstore-setup:
 46 |     image: ${CORE_EDGEX_REPOSITORY}/security-secretstore-setup${ARCH}:${CORE_EDGEX_VERSION}
 47 |     user: "root:root" # must run as root
 48 |     container_name: edgex-security-secretstore-setup
 49 |     hostname: edgex-security-secretstore-setup
 50 |     env_file:
 51 |       - common-security.env
 52 |       - common-sec-stage-gate.env
 53 |     environment:
 54 |       EDGEX_USER: ${EDGEX_USER}
 55 |       EDGEX_GROUP: ${EDGEX_GROUP}
 56 |       SERVICE_HOST: edgex-security-secretstore-setup
 57 |       # Uncomment and modify the following "EDGEX_ADD_SECRETSTORE_TOKENS" to add the additional secret store tokens on the fly
 58 |       # the secret store token is required if you have added registry acl roles from env "EDGEX_ADD_REGISTRY_ACL_ROLES"
 59 |       # in registry service.
 60 |       #EDGEX_ADD_SECRETSTORE_TOKENS: app-sample,app-rules-engine, app-push-to-core
 61 |     read_only: true
 62 |     restart: always
 63 |     networks:
 64 |       - edgex-network
 65 |     tmpfs:
 66 |       - /run
 67 |       - /openbao
 68 |     volumes:
 69 |       # use host timezone
 70 |       - /etc/localtime:/etc/localtime:ro
 71 |       - edgex-init:/edgex-init:ro
 72 |       - secret-store-config:/openbao/config
 73 |       - /tmp/edgex/secrets:/tmp/edgex/secrets:z
 74 |     depends_on:
 75 |       - security-bootstrapper
 76 |       - secret-store
 77 |     security_opt:
 78 |       - no-new-privileges:true
 79 | 
 80 |   secret-store:
 81 |     image: openbao/openbao:${BAO_VERSION}
 82 |     user: "root:root" # Note that OpenBao is run under the 'openbao' user, but entry point scripts need to first run as root
 83 |     container_name: edgex-secret-store
 84 |     hostname: edgex-secret-store
 85 |     networks:
 86 |       - edgex-network
 87 |     ports:
 88 |       - "127.0.0.1:8200:8200"
 89 |     deploy:
 90 |       resources:
 91 |         limits:
 92 |           memory: "${TOTAL_SYSTEM_MEMORY}"
 93 |     memswap_limit: "${TOTAL_SYSTEM_MEMORY}"
 94 |     tmpfs:
 95 |       - /openbao/config
 96 |     entrypoint: [ "/edgex-init/secretstore_wait_install.sh" ]
 97 |     env_file:
 98 |       - common-sec-stage-gate.env
 99 |     command: server
100 |     environment:
101 |       BAO_ADDR: http://edgex-secret-store:8200
102 |       BAO_CONFIG_DIR: /openbao/config
103 |       SKIP_SETCAP: "true"
104 |       BAO_LOCAL_CONFIG: |
105 |         listener "tcp" { 
106 |           address = "edgex-secret-store:8200" 
107 |           tls_disable = "1" 
108 |           cluster_address = "edgex-secret-store:8201" 
109 |         } 
110 |         backend "file" {
111 |           path = "/openbao/file"
112 |         }
113 |         default_lease_ttl = "168h" 
114 |         max_lease_ttl = "720h"
115 |         disable_mlock = true
116 |     volumes:
117 |       - edgex-init:/edgex-init:ro
118 |       - secret-store-file:/openbao/file
119 |       - secret-store-logs:/openbao/logs
120 |     depends_on:
121 |       - security-bootstrapper
122 |     restart: always
123 | 
124 |   core-keeper:
125 |     command: "/core-keeper"
126 |     env_file:
127 |       - common-security.env
128 |       - common-sec-stage-gate.env
129 |     environment:
130 |       CLIENTS_SECURITY_PROXY_AUTH_HOST: security-proxy-auth
131 |     volumes:
132 |       - edgex-init:/edgex-init:ro
133 |       - /tmp/edgex/secrets/core-keeper:/tmp/edgex/secrets/core-keeper:ro,z
134 |     depends_on:
135 |       - security-bootstrapper
136 |       - security-secretstore-setup
137 | 
138 |   support-notifications:
139 |     env_file:
140 |       - common-security.env
141 |       - common-sec-stage-gate.env
142 |     entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"]
143 |     command: "/support-notifications --registry ${CP_FLAGS}"
144 |     volumes:
145 |       - edgex-init:/edgex-init:ro
146 |       - /tmp/edgex/secrets/support-notifications:/tmp/edgex/secrets/support-notifications:ro,z
147 |     depends_on:
148 |       - security-bootstrapper
149 |       - security-secretstore-setup
150 | 
151 |   support-scheduler:
152 |     env_file:
153 |       - common-security.env
154 |       - common-sec-stage-gate.env
155 |     entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"]
156 |     command: "/support-scheduler --registry ${CP_FLAGS}"
157 |     volumes:
158 |       - edgex-init:/edgex-init:ro
159 |       - /tmp/edgex/secrets/support-scheduler:/tmp/edgex/secrets/support-scheduler:ro,z
160 |     depends_on:
161 |       - security-bootstrapper
162 |       - security-secretstore-setup
163 | 
164 |   core-metadata:
165 |     env_file:
166 |       - common-security.env
167 |       - common-sec-stage-gate.env
168 |     entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"]
169 |     command: "/core-metadata --registry ${CP_FLAGS}"
170 |     volumes:
171 |       - edgex-init:/edgex-init:ro
172 |       - /tmp/edgex/secrets/core-metadata:/tmp/edgex/secrets/core-metadata:ro,z
173 |     depends_on:
174 |       - security-bootstrapper
175 |       - security-secretstore-setup
176 | 
177 |   core-data:
178 |     env_file:
179 |       - common-security.env
180 |       - common-sec-stage-gate.env
181 |     entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"]
182 |     command: "/core-data --registry ${CP_FLAGS}"
183 |     volumes:
184 |       - edgex-init:/edgex-init:ro
185 |       - /tmp/edgex/secrets/core-data:/tmp/edgex/secrets/core-data:ro,z
186 |     depends_on:
187 |       - security-bootstrapper
188 |       - security-secretstore-setup
189 | 
190 |   core-command:
191 |     env_file:
192 |       - common-security.env
193 |       - common-sec-stage-gate.env
194 |     entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"]
195 |     command: "/core-command --registry ${CP_FLAGS}"
196 |     volumes:
197 |       - edgex-init:/edgex-init:ro
198 |       - /tmp/edgex/secrets/core-command:/tmp/edgex/secrets/core-command:ro,z
199 |     depends_on:
200 |       - security-bootstrapper
201 |       - security-secretstore-setup
202 | 
203 |   core-common-config-bootstrapper:
204 |     env_file:
205 |       - common-security.env
206 |       - common-sec-stage-gate.env
207 |     environment:
208 |       ALL_SERVICES_CLIENTS_SECURITY_PROXY_AUTH_HOST: security-proxy-auth
209 |     entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"]
210 |     command: /entrypoint.sh /core-common-config-bootstrapper --registry ${CP_FLAGS}
211 |     volumes:
212 |       - edgex-init:/edgex-init:ro
213 |       - /tmp/edgex/secrets/core-common-config-bootstrapper:/tmp/edgex/secrets/core-common-config-bootstrapper:ro,z
214 |     depends_on:
215 |       - security-bootstrapper
216 |       - security-secretstore-setup
217 | 
218 |   # this is to make sure the service is started after security-bootstrapper process is done
219 |   app-rules-engine:
220 |     entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"]
221 |     command: "/app-service-configurable --registry ${CP_FLAGS}"
222 |     env_file:
223 |       - common-security.env
224 |       - common-sec-stage-gate.env
225 |     volumes:
226 |       - edgex-init:/edgex-init:ro
227 |       - /tmp/edgex/secrets/app-rules-engine:/tmp/edgex/secrets/app-rules-engine:ro,z
228 |     depends_on:
229 |       - security-bootstrapper
230 | 
231 |   ui:
232 |     env_file:
233 |       - common-security.env
234 |       - common-sec-stage-gate.env
235 |     entrypoint: [ "/edgex-init/ready_to_run_wait_install.sh" ]
236 |     command: "./edgex-ui-server --configDir=res/docker"
237 |     volumes:
238 |       - edgex-init:/edgex-init:ro
239 |       - /tmp/edgex/secrets/ui:/tmp/edgex/secrets/ui:ro,z
240 |     depends_on:
241 |       - security-bootstrapper
242 |       - security-secretstore-setup
243 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | ## Edgex Docker Compose
  2 | [![Build Status](https://jenkins.edgexfoundry.org/view/EdgeX%20Foundry%20Project/job/edgexfoundry/job/edgex-compose/job/main/badge/icon)](https://jenkins.edgexfoundry.org/view/EdgeX%20Foundry%20Project/job/edgexfoundry/job/edgex-compose/job/main/) [![GitHub License](https://img.shields.io/github/license/edgexfoundry/edgex-compose)](https://choosealicense.com/licenses/apache-2.0/) [![GitHub Pull Requests](https://img.shields.io/github/issues-pr-raw/edgexfoundry/edgex-compose)](https://github.com/edgexfoundry/edgex-compose/pulls) [![GitHub Contributors](https://img.shields.io/github/contributors/edgexfoundry/edgex-compose)](https://github.com/edgexfoundry/edgex-compose/contributors) [![GitHub Committers](https://img.shields.io/badge/team-committers-green)](https://github.com/orgs/edgexfoundry/teams/edgex-compose-committers/members) [![GitHub Commit Activity](https://img.shields.io/github/commit-activity/m/edgexfoundry/edgex-compose)](https://github.com/edgexfoundry/edgex-compose/commits)
  3 | 
  4 | 
  5 | This repository contains the docker compose files for EdgeX releases. 
  6 | 
  7 | > **Note:** Each release is now on it's own branch named after the release codename. You can view all branches [here](https://github.com/edgexfoundry/edgex-compose/branches/all).
  8 | 
  9 | This `branch` contains the `pre-release` docker compose files that pull and run the EdgeX images from the Nexus3 docker registry that are tagged with `master`. These images are built from the Edgex CI Pipeline when PRs are merged into the `master` branch.
 10 | 
 11 | > **Note**: Docker does not re-pull newer instances of these images. You must pull the new image instances. See the `make pull` command described below that will do this for you.
 12 | 
 13 | These `pre-release` docker compose files are generated from the multiple source compose files located in the `compose-builder` folder. See [README](compose-builder/README.md) there for details on regenerating these files after making changes to the source files. 
 14 | 
 15 | 
 16 | 
 17 | ### Compose Tool
 18 | 
 19 | The Makefile in this folder expects the `docker compose` CLI command.
 20 | The old stand-alone `docker-compose` tool is no longer supported.
 21 | See https://docs.docker.com/compose/install/ for installation details for the latest `docker compose` CLI command.
 22 | 
 23 | ### Compose Files
 24 | 
 25 | This folder contains the following compose files:
 26 | 
 27 | #### Generated Compose files
 28 | 
 29 | > **NOTES: **
 30 | >
 31 | > - *DO NOT EDIT the files directly for permanent changes. Make all permanent changes to the source compose files in the `compose-builder` folder and then regenerate these files*
 32 | > - Use `make build` from `Compose Builder` to regenerate all the following compose files.
 33 | > - See each description for the convenience `make` commands that are provided to work with each of these compose files.
 34 | 
 35 | - **docker-compose.yml**
 36 |     Contains all the services required to run in secure configuration. Includes the Device Virtual & Device REST device services and the UI.
 37 |     **Make Commands** 
 38 |     
 39 |      - Use `make run <service(s)>` and `make down` to start and stop the services using this compose file.
 40 |     
 41 |      - Use `make pull <service(s)>` to pull all or some images for the services in this compose file.
 42 |     
 43 |      - Use `make get-token` to generate a Kong access token for remote access of the services running from this compose file.
 44 |     
 45 | - **docker-compose-arm64.yml**
 46 |     Contains all the services required to run in secure configuration on `ARM64` system.  Includes the Device Virtual & Device REST device services and the UI.
 47 |     **Make Commands** 
 48 |     
 49 |      - Use `make run arm64` and `make down` to start and stop the services using this compose file.
 50 |      - Use `make pull arm64 <service(s)>` to pull all or some images for the services in this compose file.
 51 |      - Use `make get-token arm64` to generate a Kong access token for remote access of the services running from this compose file.
 52 |     
 53 | - **docker-compose-with-app-sample.yml**
 54 |     Contains all the services required to run in secure configuration with Sample application service.  Includes the Device Virtual, Device REST, UI & App Sample services. Use this version when using the UI to make changes to the configurable pipeline on the Sample application service.
 55 |     **Make Commands**
 56 | 
 57 |     - Use `make run app-sample` and `make down` to start and stop the services using this compose file.
 58 |     - Use `make pull app-sample <service(s)>` to pull all or some images for the services in this compose file.
 59 |     
 60 | - **docker-compose-with-app-sample-arm64.yml**
 61 |     Contains all the services required to run in secure configuration with the Sample application service on `ARM64` system .  Includes the Device Virtual, Device REST, UI & App Sample services. Use this version when using the UI to make changes to the configurable pipeline on the Sample application service.
 62 | 
 63 |     **Make Commands**
 64 | 
 65 |     - Use `make run no-secty app-sample arm64` and `make down` to start and stop the services using this compose file.
 66 |     - Use `make pull no-secty ui app-sample <service(s)>` to pull all or some images for the services in this compose file.
 67 | 
 68 | - **docker-compose-no-secty.yml**
 69 |     Contains just the services needed to run in non-secure configuration.  Includes the Device Virtual & Device REST device services and the UI.
 70 |     **Make Commands**
 71 | 
 72 |     - Use `make run no-secty` and `make down` to start and stop the services using this compose file.
 73 |     - Use `make pull no-secty <service(s)>` to pull all or some images for the services in this compose file.
 74 |     
 75 | - **docker-compose-no-secty-arm64.yml**
 76 |     Contains just the services needed to run in non-secure configuration on `ARM64` system.  Includes the Device Virtual & Device REST device services and the UI.
 77 | 
 78 |     **Make Commands**
 79 | 
 80 |     - Use `make run no-secty arm64` and `make down` to start and stop the services using this compose file.
 81 |     - Use `make pull no-secty arm64 <service(s)>` to pull all or some images for the services in this compose file.
 82 | 
 83 | 
 84 | - **docker-compose-no-secty-with-app-sample.yml**
 85 |   Contains just the services needed to run in non-secure configuration with Sample application service.  Includes the Device Virtual, Device REST, UI & App Sample services. Use this version when using the UI to make changes to the configurable pipeline on the Sample application service.
 86 |   **Make Commands**
 87 | 
 88 |   - Use `make run no-secty app-sample` and `make down` to start and stop the services using this compose file.
 89 |   - Use `make pull no-secty app-sample <service(s)>` to pull all or some images for the services in this compose file.
 90 | 
 91 | - **docker-compose-no-secty-with-app-sample-arm64.yml**
 92 |   Contains just the services needed to run in non-secure configuration with the Sample application service on `ARM64` system .  Includes the Device Virtual, Device REST, UI & App Sample services. Use this version when using the UI to make changes to the configurable pipeline on the Sample application service.
 93 | 
 94 |   **Make Commands**
 95 | 
 96 |   - Use `make run no-secty app-sample arm64` and `make down` to start and stop the services using this compose file.
 97 |   - Use `make pull no-secty app-sample <service(s)>` to pull all or some images for the services in this compose file.
 98 | 
 99 | - **docker-compose-openziti.yml**
100 |   Contains the services needed to bring OpenZiti online, configure it, and enable consul to perform underlay-based health checking. Used in conjunction with `make run (pull) zero-trust`. This compose file should be started before starting the `make run zero-trust` compose file.
101 | 
102 |   **Make Commands**
103 | 
104 |     - Use `make openziti` and `make openziti-down` to start and stop the services using this compose file.
105 |     - Use `make openziti-clean` to remove all stopped containers, all volumes and all networks used by the EdgeX stack. Use this command when needing to do a fresh restart. **Note** You must _also_ run the corresponding `make down zero-trust` command to fully clean up.
106 |     - Use `make openziti-logs` to follow the logs
107 |   
108 | ### TAF Compose files
109 | 
110 | The compose files under the `taf` subfolder are used for the automated TAF tests. These compose files are also generated from `Compose Builder` when the `make build` command is used.
111 | 
112 | ### Additional make commands
113 | 
114 | - `make clean`
115 | 
116 |     Runs `down` command and removes all stopped containers, all volumes and all networks used by the EdgeX stack. Use this command when needing to do a fresh restart.
117 |     
118 | - `make get-token`
119 |     For secure mode only. Runs commands via docker to generate a new API Gateway token.
120 | 
121 | ### Additional compose files
122 | 
123 | - **docker-compose-portainer.yml**
124 |     Stand-alone compose file for running Portainer which is a  Docker container management tool. Visit here https://www.portainer.io/ for more details on Portianer.
125 |     Use `make portainer`and `make portainer-down` to start and stop Portainer.
126 | 
127 | ### Use PostgreSQL as the persistence layer in EdgeX
128 | EdgeX services can be configured to use PostgreSQL as the persistence layer. The compose builder now supports generating compose files that use PostgreSQL.
129 | 
130 | **To use PostgreSQL as the persistence layer, follow these steps**
131 | 
132 | - Go to `/compose-builder` folder
133 | - `make run no-secty keeper mqtt-bus postgres`
134 | 
135 |     Runs the services with PostgreSQL as the persistence layer in non-secure mode.
136 | - `make run keeper mqtt-bus postgres`
137 | 
138 |     Runs the services with PostgreSQL as the persistence layer in secure mode.
139 | 
140 | > **Note:** `keeper` and `mqtt-bus` are required services for EdgeX to run with PostgreSQL as the persistence layer.


--------------------------------------------------------------------------------
/compose-builder/docker-compose-base.yml:
--------------------------------------------------------------------------------
  1 | # /*******************************************************************************
  2 | #  * Copyright 2020 Redis Labs Inc.
  3 | #  * Copyright 2024 Intel Corporation.
  4 | #  * Copyright 2024 IOTech Ltd.
  5 | #  *
  6 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  7 | #  * in compliance with the License. You may obtain a copy of the License at
  8 | #  *
  9 | #  * http://www.apache.org/licenses/LICENSE-2.0
 10 | #  *
 11 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
 12 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 13 | #  * or implied. See the License for the specific language governing permissions and limitations under
 14 | #  * the License.
 15 | #  *******************************************************************************/
 16 | 
 17 | # NOTE:  this Docker Compose file does not contain the security services required to run in secure mode
 18 | 
 19 | networks:
 20 |   edgex-network:
 21 |     driver: "bridge"
 22 | 
 23 | volumes:
 24 |   db-data:
 25 |   kuiper-data:
 26 |   kuiper-etc:
 27 |   kuiper-log:
 28 |   kuiper-plugins:
 29 | 
 30 | services:
 31 |   core-keeper:
 32 |     image: ${CORE_EDGEX_REPOSITORY}/core-keeper${ARCH}:${CORE_EDGEX_VERSION}
 33 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
 34 |     ports:
 35 |       - "127.0.0.1:59890:59890"
 36 |     container_name: edgex-core-keeper
 37 |     hostname: edgex-core-keeper
 38 |     read_only: true
 39 |     restart: always
 40 |     networks:
 41 |       - edgex-network
 42 |     env_file:
 43 |       - common-non-security.env
 44 |     environment:
 45 |       MESSAGEBUS_HOST: ${MESSAGEBUS_HOST}
 46 |       MESSAGEBUS_AUTHMODE: ${MESSAGEBUS_AUTHMODE}
 47 |       MESSAGEBUS_SECRETNAME: ${MESSAGEBUS_SECRETNAME}
 48 |       MESSAGEBUS_PORT: ${MESSAGEBUS_PORT}
 49 |       MESSAGEBUS_PROTOCOL: ${MESSAGEBUS_PROTOCOL}
 50 |       MESSAGEBUS_TYPE: ${MESSAGEBUS_TYPE}
 51 |       SERVICE_HOST: edgex-core-keeper
 52 |       DATABASE_HOST: ${DATABASE_HOST}
 53 |     security_opt:
 54 |       - no-new-privileges:true
 55 |     volumes:
 56 |       # use host timezone
 57 |       - /etc/localtime:/etc/localtime:ro
 58 |     depends_on:
 59 |       - database
 60 | 
 61 |   support-notifications:
 62 |     image: ${CORE_EDGEX_REPOSITORY}/support-notifications${ARCH}:${CORE_EDGEX_VERSION}
 63 |     command: --registry ${CP_FLAGS}
 64 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
 65 |     ports:
 66 |       - "127.0.0.1:59860:59860"
 67 |     container_name: edgex-support-notifications
 68 |     hostname: edgex-support-notifications
 69 |     read_only: true
 70 |     restart: always
 71 |     networks:
 72 |       - edgex-network
 73 |     env_file:
 74 |       - common-non-security.env
 75 |     environment:
 76 |       SERVICE_HOST: edgex-support-notifications
 77 |     depends_on:
 78 |       - core-keeper
 79 |       - database
 80 |       - core-common-config-bootstrapper
 81 |     security_opt:
 82 |       - no-new-privileges:true
 83 |     volumes:
 84 |       # use host timezone
 85 |       - /etc/localtime:/etc/localtime:ro
 86 | 
 87 |   support-scheduler:
 88 |     image: ${CORE_EDGEX_REPOSITORY}/support-scheduler${ARCH}:${CORE_EDGEX_VERSION}
 89 |     command: --registry ${CP_FLAGS}
 90 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
 91 |     ports:
 92 |       - "127.0.0.1:59863:59863"
 93 |     container_name: edgex-support-scheduler
 94 |     hostname: edgex-support-scheduler
 95 |     read_only: true
 96 |     restart: always
 97 |     networks:
 98 |       - edgex-network
 99 |     env_file:
100 |       - common-non-security.env
101 |     environment:
102 |       SERVICE_HOST: edgex-support-scheduler
103 |     depends_on:
104 |       - core-keeper
105 |       - database
106 |       - core-common-config-bootstrapper
107 |     security_opt:
108 |       - no-new-privileges:true
109 |     volumes:
110 |       # use host timezone
111 |       - /etc/localtime:/etc/localtime:ro
112 | 
113 |   core-metadata:
114 |     image: ${CORE_EDGEX_REPOSITORY}/core-metadata${ARCH}:${CORE_EDGEX_VERSION}
115 |     command: --registry ${CP_FLAGS}
116 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
117 |     ports:
118 |       - "127.0.0.1:59881:59881"
119 |     container_name: edgex-core-metadata
120 |     hostname: edgex-core-metadata
121 |     read_only: true
122 |     restart: always
123 |     networks:
124 |       - edgex-network
125 |     env_file:
126 |       - common-non-security.env
127 |     environment:
128 |       SERVICE_HOST: edgex-core-metadata
129 |     depends_on:
130 |       - core-keeper
131 |       - database
132 |     security_opt:
133 |       - no-new-privileges:true
134 |     volumes:
135 |       # use host timezone
136 |       - /etc/localtime:/etc/localtime:ro
137 | 
138 |   core-data:
139 |     image: ${CORE_EDGEX_REPOSITORY}/core-data${ARCH}:${CORE_EDGEX_VERSION}
140 |     command: --registry ${CP_FLAGS}
141 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
142 |     ports:
143 |       - "127.0.0.1:59880:59880"
144 |     container_name: edgex-core-data
145 |     hostname: edgex-core-data
146 |     read_only: true
147 |     restart: always
148 |     networks:
149 |       - edgex-network
150 |     env_file:
151 |       - common-non-security.env
152 |     environment:
153 |       SERVICE_HOST: edgex-core-data
154 |     depends_on:
155 |       - core-keeper
156 |       - database
157 |       - core-common-config-bootstrapper
158 |     security_opt:
159 |       - no-new-privileges:true
160 |     volumes:
161 |       # use host timezone
162 |       - /etc/localtime:/etc/localtime:ro
163 | 
164 |   core-command:
165 |     image: ${CORE_EDGEX_REPOSITORY}/core-command${ARCH}:${CORE_EDGEX_VERSION}
166 |     command: --registry ${CP_FLAGS}
167 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
168 |     ports:
169 |       - "127.0.0.1:59882:59882"
170 |     container_name: edgex-core-command
171 |     hostname: edgex-core-command
172 |     read_only: true
173 |     restart: always
174 |     networks:
175 |       - edgex-network
176 |     env_file:
177 |       - common-non-security.env
178 |     environment:
179 |       SERVICE_HOST: edgex-core-command
180 |       EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883
181 |     depends_on:
182 |       - core-keeper
183 |       - database
184 |       - core-metadata
185 |       - core-common-config-bootstrapper
186 |     security_opt:
187 |       - no-new-privileges:true
188 |     volumes:
189 |       # use host timezone
190 |       - /etc/localtime:/etc/localtime:ro
191 | 
192 |   core-common-config-bootstrapper:
193 |     image: ${CORE_EDGEX_REPOSITORY}/core-common-config-bootstrapper${ARCH}:${CORE_EDGEX_VERSION}
194 |     command: /core-common-config-bootstrapper --registry ${CP_FLAGS}
195 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
196 |     container_name: edgex-core-common-config-bootstrapper
197 |     hostname: edgex-core-common-config-bootstrapper
198 |     read_only: true
199 |     networks:
200 |       - edgex-network
201 |     env_file:
202 |       - common-non-security.env
203 |     environment:
204 |       ALL_SERVICES_REGISTRY_HOST: edgex-core-keeper
205 |       ALL_SERVICES_DATABASE_HOST: ${DATABASE_HOST}
206 |       ALL_SERVICES_MESSAGEBUS_HOST: ${MESSAGEBUS_HOST}
207 |       APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata
208 |       DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata
209 |     depends_on:
210 |       - core-keeper
211 |     security_opt:
212 |       - no-new-privileges:true
213 |     volumes:
214 |       # use host timezone
215 |       - /etc/localtime:/etc/localtime:ro
216 | 
217 |   app-rules-engine:
218 |     image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION}
219 |     command: --registry ${CP_FLAGS}
220 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
221 |     ports:
222 |       - "127.0.0.1:59701:59701"
223 |     container_name: edgex-app-rules-engine
224 |     hostname: edgex-app-rules-engine
225 |     read_only: true
226 |     restart: always
227 |     networks:
228 |       - edgex-network
229 |     env_file:
230 |       - common-non-security.env
231 |     environment:
232 |       EDGEX_PROFILE: rules-engine
233 |       SERVICE_HOST: edgex-app-rules-engine
234 |     depends_on:
235 |       - core-keeper
236 |       - core-metadata
237 |       - core-common-config-bootstrapper
238 |     security_opt:
239 |       - no-new-privileges:true
240 |     volumes:
241 |       # use host timezone
242 |       - /etc/localtime:/etc/localtime:ro
243 | 
244 |   rules-engine:
245 |     image: lfedge/ekuiper:${KUIPER_VERSION}
246 |     user: "kuiper:kuiper"
247 |     ports:
248 |       - "127.0.0.1:59720:59720"
249 |     container_name: edgex-kuiper
250 |     hostname: edgex-kuiper
251 |     read_only: true
252 |     restart: always
253 |     networks:
254 |       - edgex-network
255 |     volumes:
256 |       # use host timezone
257 |       - /etc/localtime:/etc/localtime:ro
258 |       - kuiper-data:/kuiper/data
259 |       - kuiper-etc:/kuiper/etc
260 |       - kuiper-log:/kuiper/log
261 |       - kuiper-plugins:/kuiper/plugins
262 |     environment:
263 | #      KUIPER__BASIC__DEBUG: "true"
264 |       KUIPER__BASIC__CONSOLELOG: "true"
265 |       KUIPER__BASIC__ENABLEOPENZITI: false
266 |       KUIPER__BASIC__RESTPORT: 59720
267 |       EDGEX__DEFAULT__TOPIC: edgex/rules-events
268 |     depends_on:
269 |       - database
270 |     security_opt:
271 |       - no-new-privileges:true
272 | 
273 |   ui:
274 |     image: ${UI_REPOSITORY}/edgex-ui${ARCH}:${EDGEX_UI_VERSION}
275 |     ports:
276 |       - "4000:4000"
277 |     container_name: edgex-ui-go
278 |     hostname: edgex-ui-go
279 |     env_file:
280 |       - common-non-security.env
281 |     environment:
282 |       SERVICE_HOST: edgex-ui-go
283 |     read_only: true
284 |     restart: always
285 |     networks:
286 |       - edgex-network
287 |     security_opt:
288 |       - no-new-privileges:true
289 |     user: "${EDGEX_USER}:${EDGEX_GROUP}"
290 |     volumes:
291 |       # use host timezone
292 |       - /etc/localtime:/etc/localtime:ro
293 | 


--------------------------------------------------------------------------------
/compose-builder/tui-generator.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | 
  3 | # /*******************************************************************************
  4 | #  * Copyright 2022 Shantanoo Desai <shantanoo.desai@gmail.com>
  5 | #  *
  6 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  7 | #  * in compliance with the License. You may obtain a copy of the License at
  8 | #  *
  9 | #  * http://www.apache.org/licenses/LICENSE-2.0
 10 | #  *
 11 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
 12 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 13 | #  * or implied. See the License for the specific language governing permissions and limitations under
 14 | #  * the License.
 15 | #  *
 16 | #  *******************************************************************************/
 17 | 
 18 | # generator.sh - provide a Terminal User Interface to make generation of different EdgeX Foundry
 19 | # services more comprehensible.
 20 | # Author: Shantanoo (Shan) Desai <shantanoo.desai@gmail.com>
 21 | 
 22 | # Map the available options in `make compose` either as standalone strings or array of strings
 23 | 
 24 | # Individual Compose Descriptions that may not fall into EdgeX-Foundry Architecture Components
 25 | # Or may be an initial "out-of-the-box" configuration
 26 | 
 27 | # Check if whiptail exists to render the UI, if not, exit script
 28 | WHIPTAIL=$(which whiptail)
 29 | 
 30 | if [ -z $WHIPTAIL ]
 31 | then
 32 |     echo "This script requires whiptail to render the UI."
 33 |     exit 1;
 34 | fi
 35 | 
 36 | MAKE=$(which make)
 37 | 
 38 | SELECTED_DEVSERVICES=()
 39 | SELECTED_APPSERVICES=()
 40 | SELECTED_BUS=()
 41 | LINES=$(tput lines)
 42 | COLUMNS=$(tput cols)
 43 | 
 44 | ## General Options Description
 45 | declare -A additionalOptsDesc=(
 46 |     [modbus-sim]="Include ModBus Simulator"
 47 |     [mqtt-broker]="Include MQTT Broker"
 48 |     [mqtt-verbose]="Enable MQTT Broker verbose logging"
 49 | )
 50 | 
 51 | ## App Service Descriptions
 52 | declare -A appServiceDesc=(
 53 |     [asc-http]="Include HTTP Export App Service"
 54 |     [asc-mqtt]="Include MQTT Export App Service"
 55 |     [asc-metrics]="Include Metrics to InfluxDB App Service"
 56 |     [asc-sample]="Include Sample App Service"
 57 |     [as-llrp]="Include RFID LLRP Inventory App Service"
 58 |     [as-record-replay]="Include Record & Replay App Service"
 59 |     [asc-ex-mqtt]="Include External MQTT Trigger App Service"
 60 | )
 61 | 
 62 | ## Device Service Descriptions
 63 | declare -A deviceServiceDesc=(
 64 |     [ds-bacnet-ip]="Include BACnet-IP Device Service"
 65 |     [ds-bacnet-mstp]="Include BACnet-MSTP Device Service"
 66 |     [ds-onvif-camera]="Include ONVIF Camera Device Service"
 67 |     [ds-usb-camera]="Include USB Camera Device Service"
 68 |     [ds-modbus]="Include ModBus Device Service"
 69 |     [ds-mqtt]="Include MQTT Device Service"
 70 |     [ds-rest]="Include REST Device Service"
 71 |     [ds-snmp]="Include SNMP Device Service"
 72 |     [ds-virtual]="Include Virtual Device Service"
 73 |     [ds-coap]="Include CoAP Device Service"
 74 |     [ds-gpio]="Include GPIO Device Service"
 75 |     [ds-uart]="Include UART Device Service"
 76 |     [ds-llrp]="Include RFID LLRP Device Service"
 77 |     [ds-s7]="Include S7 Device Service"
 78 |     [ds-opc-ua]="Include OPC-UA Device Service"
 79 |     [ds-can]="Include CAN Device Service"
 80 | )
 81 | 
 82 | ## Message Bus Descriptions
 83 | declare -A msgBusDesc=(
 84 |     [mqtt-bus]="Configure MQTT Message Bus"
 85 |     [nats-bus]="Configure NATS Message Bus"
 86 | )
 87 | 
 88 | 
 89 | ####################################################################
 90 | #    Additional Services Options Display Function                  #
 91 | ####################################################################
 92 | function additionalServiceOption() {
 93 |     local message="Some Additional Services are available that can also be included. \n
 94 |             Press <SPACEBAR> to Select \n
 95 |             Press <ENTER> to Skip
 96 |             "
 97 | 
 98 |     # Generate a Specific form of Array required by whiptail checklist
 99 |     # FORMAT: "<INDEX> <DESCRIPTION> <OFF>"
100 |     local arglist=()
101 |     for index in "${!additionalOptsDesc[@]}";
102 |     do
103 |         arglist+=("$index" "${additionalOptsDesc[$index]}" "OFF") # Nothing is selected by-default
104 |     done
105 |     readarray -t SELECTED_OTHERS < <("$WHIPTAIL" --title "Additional Services" \
106 |                 --notags --separate-output \
107 |                 --ok-button Next \
108 |                 --nocancel \
109 |                 --checklist "$message" $LINES $COLUMNS $(( LINES - 12 )) \
110 |                 -- "${arglist[@]}" \
111 |                 3>&1 1>&2 2>&3)
112 | }
113 | 
114 | 
115 | ####################################################################
116 | #    App Services Options Display Function                         #
117 | ####################################################################
118 | function appServiceOption() {
119 |     local message="Available App Services to include in your compose file. \n
120 |             Press <SPACEBAR> to Select \n
121 |             Press <ENTER> to Skip
122 |             "
123 | 
124 |     # Generate a Specific form of Array required by whiptail checklist
125 |     # FORMAT: "<INDEX> <DESCRIPTION> <OFF>"
126 |     local arglist=()
127 |     for index in "${!appServiceDesc[@]}";
128 |     do
129 |         arglist+=("$index" "${appServiceDesc[$index]}" "OFF") # Nothing is selected by-default
130 |     done
131 |     readarray -t SELECTED_APPSERVICES < <("$WHIPTAIL" --title "App Services" \
132 |                 --ok-button Next \
133 |                 --nocancel \
134 |                 --notags --separate-output \
135 |                 --checklist "$message" $LINES $COLUMNS $(( LINES - 12 )) \
136 |                 -- "${arglist[@]}" \
137 |                 3>&1 1>&2 2>&3)
138 | }
139 | 
140 | 
141 | 
142 | ####################################################################
143 | #    ARM64 Question Display Function                               #
144 | ####################################################################
145 | function displayArm64() {
146 |     local message="Would you like to use ARM64 Images to generate the Compose file?"
147 |     $WHIPTAIL --title "Images Architecture" --yesno --defaultno "$message" $LINES $COLUMNS
148 | }
149 | 
150 | 
151 | ####################################################################
152 | #    No-Security Question Display Function                         #
153 | ####################################################################
154 | function displayNoSecty() {
155 |     local message="Select a Security Configuration for EdgeX"
156 |     $WHIPTAIL --title "Security Configuration for EdgeX" \
157 |             --yes-button "Secure" \
158 |             --no-button "Non-Secure" \
159 |             --yesno "$message" $LINES $COLUMNS
160 | }
161 | 
162 | 
163 | ####################################################################
164 | #    Device Services Options Display Function                      #
165 | ####################################################################
166 | function devServiceOption() {
167 |     local message="Available Device Services to include in your compose file.\n
168 |             Press <SPACEBAR> to Select \n
169 |             Press <ENTER> to Skip
170 |             "
171 | 
172 |     # Generate a Specific form of Array required by whiptail checklist
173 |     # FORMAT: "<INDEX> <DESCRIPTION> <OFF>"
174 |     local arglist=()
175 |     for index in "${!deviceServiceDesc[@]}";
176 |     do
177 |         arglist+=("$index" "${deviceServiceDesc[$index]}" "OFF") # Nothing is selected by-default
178 |     done
179 |     readarray -t SELECTED_DEVSERVICES < <("$WHIPTAIL" --title "Device Services" \
180 |                 --ok-button Next \
181 |                 --nocancel \
182 |                 --notags --separate-output \
183 |                 --checklist "$message" $LINES $COLUMNS $(( LINES - 12 )) \
184 |                 -- "${arglist[@]}" \
185 |                 3>&1 1>&2 2>&3)
186 | }
187 | 
188 | ####################################################################
189 | #    Message Bus Options Display Function                          #
190 | ####################################################################
191 | function msgBusOption() {
192 |     local message="Alternative Message Buses to replace the default one.\n
193 |             Press <SPACEBAR> to Select \n
194 |             Press <ENTER> to Skip
195 |             "
196 | 
197 |     # Generate a Specific form of Array required by whiptail checklist
198 |     # FORMAT: "<INDEX> <DESCRIPTION> <OFF>"
199 |     local arglist=()
200 |     for index in "${!msgBusDesc[@]}";
201 |     do
202 |         arglist+=("$index" "${msgBusDesc[$index]}" "OFF") # Nothing is selected by-default
203 |     done
204 |     readarray -t SELECTED_BUS < <("$WHIPTAIL" --title "Message Bus Alternatives" \
205 |                 --ok-button Next \
206 |                 --nocancel \
207 |                 --notags --separate-output \
208 |                 --radiolist "$message" $LINES $COLUMNS $(( LINES - 12 )) \
209 |                 -- "${arglist[@]}" \
210 |                 3>&1 1>&2 2>&3)
211 | }
212 | 
213 | ####################################################################
214 | #    Generate / Generate & Run Option Display Function             #
215 | ####################################################################
216 | function finalStep() {
217 |     local message="What would you like to do?"
218 |     $WHIPTAIL --title "Generate / Run EdgeX" \
219 |         --yes-button "Generate File" \
220 |         --no-button "Generate File and Run" \
221 |          --yesno "$message" $LINES $COLUMNS
222 | }
223 | 
224 | ## Step - 1: Start by Asking about whether Images should be pulled for ARM64?
225 | ARM64_OPT=""
226 | if displayArm64; then
227 |     ARM64_OPT="arm64"
228 | fi
229 | 
230 | ## Step - 2: Ask for Security Configuration is needed
231 | ## DEFAULT: always secure, only if user selects Non-Secure in TUI, should `no-secty` be set
232 | SECURITY_OPT=""
233 | if ! displayNoSecty; then
234 |     SECURITY_OPT="no-secty"
235 | fi  
236 | 
237 | ## Step - 3: Add Device Services Option
238 | devServiceOption
239 | 
240 | ## Step - 4: App Services Option
241 | appServiceOption
242 | 
243 | ## Step - 5: Configure Message Bus
244 | msgBusOption
245 | 
246 | ## Step -6: Ask for Additional Options
247 | additionalServiceOption
248 | 
249 | if finalStep; then
250 |     echo "Generating Compose file..."
251 |     $MAKE gen ${ARM64_OPT} ${SECURITY_OPT} ${SELECTED_OTHERS[@]} ${SELECTED_DEVSERVICES[@]} ${SELECTED_APPSERVICES[@]} ${SELECTED_BUS[@]}
252 | else
253 |     echo "Generating Compose file and Running the Stack....\n"
254 |     $MAKE run  ${ARM64_OPT} ${SECURITY_OPT} ${SELECTED_OTHERS[@]} ${SELECTED_DEVSERVICES[@]} ${SELECTED_APPSERVICES[@]} ${SELECTED_BUS[@]}
255 | fi
256 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 | 
  2 |                                  Apache License
  3 |                            Version 2.0, January 2004
  4 |                         https://www.apache.org/licenses/
  5 | 
  6 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  7 | 
  8 |    1. Definitions.
  9 | 
 10 |       "License" shall mean the terms and conditions for use, reproduction,
 11 |       and distribution as defined by Sections 1 through 9 of this document.
 12 | 
 13 |       "Licensor" shall mean the copyright owner or entity authorized by
 14 |       the copyright owner that is granting the License.
 15 | 
 16 |       "Legal Entity" shall mean the union of the acting entity and all
 17 |       other entities that control, are controlled by, or are under common
 18 |       control with that entity. For the purposes of this definition,
 19 |       "control" means (i) the power, direct or indirect, to cause the
 20 |       direction or management of such entity, whether by contract or
 21 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 22 |       outstanding shares, or (iii) beneficial ownership of such entity.
 23 | 
 24 |       "You" (or "Your") shall mean an individual or Legal Entity
 25 |       exercising permissions granted by this License.
 26 | 
 27 |       "Source" form shall mean the preferred form for making modifications,
 28 |       including but not limited to software source code, documentation
 29 |       source, and configuration files.
 30 | 
 31 |       "Object" form shall mean any form resulting from mechanical
 32 |       transformation or translation of a Source form, including but
 33 |       not limited to compiled object code, generated documentation,
 34 |       and conversions to other media types.
 35 | 
 36 |       "Work" shall mean the work of authorship, whether in Source or
 37 |       Object form, made available under the License, as indicated by a
 38 |       copyright notice that is included in or attached to the work
 39 |       (an example is provided in the Appendix below).
 40 | 
 41 |       "Derivative Works" shall mean any work, whether in Source or Object
 42 |       form, that is based on (or derived from) the Work and for which the
 43 |       editorial revisions, annotations, elaborations, or other modifications
 44 |       represent, as a whole, an original work of authorship. For the purposes
 45 |       of this License, Derivative Works shall not include works that remain
 46 |       separable from, or merely link (or bind by name) to the interfaces of,
 47 |       the Work and Derivative Works thereof.
 48 | 
 49 |       "Contribution" shall mean any work of authorship, including
 50 |       the original version of the Work and any modifications or additions
 51 |       to that Work or Derivative Works thereof, that is intentionally
 52 |       submitted to Licensor for inclusion in the Work by the copyright owner
 53 |       or by an individual or Legal Entity authorized to submit on behalf of
 54 |       the copyright owner. For the purposes of this definition, "submitted"
 55 |       means any form of electronic, verbal, or written communication sent
 56 |       to the Licensor or its representatives, including but not limited to
 57 |       communication on electronic mailing lists, source code control systems,
 58 |       and issue tracking systems that are managed by, or on behalf of, the
 59 |       Licensor for the purpose of discussing and improving the Work, but
 60 |       excluding communication that is conspicuously marked or otherwise
 61 |       designated in writing by the copyright owner as "Not a Contribution."
 62 | 
 63 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 64 |       on behalf of whom a Contribution has been received by Licensor and
 65 |       subsequently incorporated within the Work.
 66 | 
 67 |    2. Grant of Copyright License. Subject to the terms and conditions of
 68 |       this License, each Contributor hereby grants to You a perpetual,
 69 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 70 |       copyright license to reproduce, prepare Derivative Works of,
 71 |       publicly display, publicly perform, sublicense, and distribute the
 72 |       Work and such Derivative Works in Source or Object form.
 73 | 
 74 |    3. Grant of Patent License. Subject to the terms and conditions of
 75 |       this License, each Contributor hereby grants to You a perpetual,
 76 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 77 |       (except as stated in this section) patent license to make, have made,
 78 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 79 |       where such license applies only to those patent claims licensable
 80 |       by such Contributor that are necessarily infringed by their
 81 |       Contribution(s) alone or by combination of their Contribution(s)
 82 |       with the Work to which such Contribution(s) was submitted. If You
 83 |       institute patent litigation against any entity (including a
 84 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 85 |       or a Contribution incorporated within the Work constitutes direct
 86 |       or contributory patent infringement, then any patent licenses
 87 |       granted to You under this License for that Work shall terminate
 88 |       as of the date such litigation is filed.
 89 | 
 90 |    4. Redistribution. You may reproduce and distribute copies of the
 91 |       Work or Derivative Works thereof in any medium, with or without
 92 |       modifications, and in Source or Object form, provided that You
 93 |       meet the following conditions:
 94 | 
 95 |       (a) You must give any other recipients of the Work or
 96 |           Derivative Works a copy of this License; and
 97 | 
 98 |       (b) You must cause any modified files to carry prominent notices
 99 |           stating that You changed the files; and
100 | 
101 |       (c) You must retain, in the Source form of any Derivative Works
102 |           that You distribute, all copyright, patent, trademark, and
103 |           attribution notices from the Source form of the Work,
104 |           excluding those notices that do not pertain to any part of
105 |           the Derivative Works; and
106 | 
107 |       (d) If the Work includes a "NOTICE" text file as part of its
108 |           distribution, then any Derivative Works that You distribute must
109 |           include a readable copy of the attribution notices contained
110 |           within such NOTICE file, excluding those notices that do not
111 |           pertain to any part of the Derivative Works, in at least one
112 |           of the following places: within a NOTICE text file distributed
113 |           as part of the Derivative Works; within the Source form or
114 |           documentation, if provided along with the Derivative Works; or,
115 |           within a display generated by the Derivative Works, if and
116 |           wherever such third-party notices normally appear. The contents
117 |           of the NOTICE file are for informational purposes only and
118 |           do not modify the License. You may add Your own attribution
119 |           notices within Derivative Works that You distribute, alongside
120 |           or as an addendum to the NOTICE text from the Work, provided
121 |           that such additional attribution notices cannot be construed
122 |           as modifying the License.
123 | 
124 |       You may add Your own copyright statement to Your modifications and
125 |       may provide additional or different license terms and conditions
126 |       for use, reproduction, or distribution of Your modifications, or
127 |       for any such Derivative Works as a whole, provided Your use,
128 |       reproduction, and distribution of the Work otherwise complies with
129 |       the conditions stated in this License.
130 | 
131 |    5. Submission of Contributions. Unless You explicitly state otherwise,
132 |       any Contribution intentionally submitted for inclusion in the Work
133 |       by You to the Licensor shall be under the terms and conditions of
134 |       this License, without any additional terms or conditions.
135 |       Notwithstanding the above, nothing herein shall supersede or modify
136 |       the terms of any separate license agreement you may have executed
137 |       with Licensor regarding such Contributions.
138 | 
139 |    6. Trademarks. This License does not grant permission to use the trade
140 |       names, trademarks, service marks, or product names of the Licensor,
141 |       except as required for reasonable and customary use in describing the
142 |       origin of the Work and reproducing the content of the NOTICE file.
143 | 
144 |    7. Disclaimer of Warranty. Unless required by applicable law or
145 |       agreed to in writing, Licensor provides the Work (and each
146 |       Contributor provides its Contributions) on an "AS IS" BASIS,
147 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
148 |       implied, including, without limitation, any warranties or conditions
149 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
150 |       PARTICULAR PURPOSE. You are solely responsible for determining the
151 |       appropriateness of using or redistributing the Work and assume any
152 |       risks associated with Your exercise of permissions under this License.
153 | 
154 |    8. Limitation of Liability. In no event and under no legal theory,
155 |       whether in tort (including negligence), contract, or otherwise,
156 |       unless required by applicable law (such as deliberate and grossly
157 |       negligent acts) or agreed to in writing, shall any Contributor be
158 |       liable to You for damages, including any direct, indirect, special,
159 |       incidental, or consequential damages of any character arising as a
160 |       result of this License or out of the use or inability to use the
161 |       Work (including but not limited to damages for loss of goodwill,
162 |       work stoppage, computer failure or malfunction, or any and all
163 |       other commercial damages or losses), even if such Contributor
164 |       has been advised of the possibility of such damages.
165 | 
166 |    9. Accepting Warranty or Additional Liability. While redistributing
167 |       the Work or Derivative Works thereof, You may choose to offer,
168 |       and charge a fee for, acceptance of support, warranty, indemnity,
169 |       or other liability obligations and/or rights consistent with this
170 |       License. However, in accepting such obligations, You may act only
171 |       on Your own behalf and on Your sole responsibility, not on behalf
172 |       of any other Contributor, and only if You agree to indemnify,
173 |       defend, and hold each Contributor harmless for any liability
174 |       incurred by, or claims asserted against, such Contributor by reason
175 |       of your accepting any such warranty or additional liability.
176 | 
177 |    END OF TERMS AND CONDITIONS
178 | 
179 |    Copyright 2017 Dell
180 | 
181 |    Licensed under the Apache License, Version 2.0 (the "License");
182 |    you may not use this file except in compliance with the License.
183 |    You may obtain a copy of the License at
184 | 
185 |        https://www.apache.org/licenses/LICENSE-2.0
186 | 
187 |    Unless required by applicable law or agreed to in writing, software
188 |    distributed under the License is distributed on an "AS IS" BASIS,
189 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
190 |    See the License for the specific language governing permissions and
191 |    limitations under the License.


--------------------------------------------------------------------------------
/docker-compose-no-secty.yml:
--------------------------------------------------------------------------------
  1 | #  * Copyright 2024 Intel Corporation.
  2 | #  *
  3 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  4 | #  * in compliance with the License. You may obtain a copy of the License at
  5 | #  *
  6 | #  * http://www.apache.org/licenses/LICENSE-2.0
  7 | #  *
  8 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
  9 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 10 | #  * or implied. See the License for the specific language governing permissions and limitations under
 11 | #  * the License.
 12 | #  *
 13 | #  * EdgeX Foundry, Odessa WIP release
 14 | #  *******************************************************************************/
 15 | #
 16 | #
 17 | #
 18 | # ************************ This is a generated compose file ****************************
 19 | #
 20 | # DO NOT MAKE CHANGES that are intended to be permanent to EdgeX edgex-compose repo.
 21 | #
 22 | # Permanent changes can be made to the source compose files located in the compose-builder folder
 23 | # at the top level of the edgex-compose repo.
 24 | #
 25 | # From the compose-builder folder use `make build` to regenerate all standard compose files variations
 26 | #
 27 | # Generated with: Docker Compose version v2.38.1
 28 | name: edgex
 29 | services:
 30 |   app-rules-engine:
 31 |     command:
 32 |       - --registry
 33 |       - -cp=keeper.http://edgex-core-keeper:59890
 34 |     container_name: edgex-app-rules-engine
 35 |     depends_on:
 36 |       core-common-config-bootstrapper:
 37 |         condition: service_started
 38 |         required: true
 39 |       core-keeper:
 40 |         condition: service_started
 41 |         required: true
 42 |       core-metadata:
 43 |         condition: service_started
 44 |         required: true
 45 |     environment:
 46 |       EDGEX_PROFILE: rules-engine
 47 |       EDGEX_SECURITY_SECRET_STORE: "false"
 48 |       SERVICE_HOST: edgex-app-rules-engine
 49 |     hostname: edgex-app-rules-engine
 50 |     image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest
 51 |     networks:
 52 |       edgex-network: null
 53 |     ports:
 54 |       - mode: ingress
 55 |         host_ip: 127.0.0.1
 56 |         target: 59701
 57 |         published: "59701"
 58 |         protocol: tcp
 59 |     read_only: true
 60 |     restart: always
 61 |     security_opt:
 62 |       - no-new-privileges:true
 63 |     user: 2002:2001
 64 |     volumes:
 65 |       - type: bind
 66 |         source: /etc/localtime
 67 |         target: /etc/localtime
 68 |         read_only: true
 69 |         bind:
 70 |           create_host_path: true
 71 |   core-command:
 72 |     command:
 73 |       - --registry
 74 |       - -cp=keeper.http://edgex-core-keeper:59890
 75 |     container_name: edgex-core-command
 76 |     depends_on:
 77 |       core-common-config-bootstrapper:
 78 |         condition: service_started
 79 |         required: true
 80 |       core-keeper:
 81 |         condition: service_started
 82 |         required: true
 83 |       core-metadata:
 84 |         condition: service_started
 85 |         required: true
 86 |       database:
 87 |         condition: service_started
 88 |         required: true
 89 |     environment:
 90 |       EDGEX_SECURITY_SECRET_STORE: "false"
 91 |       EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883
 92 |       SERVICE_HOST: edgex-core-command
 93 |     hostname: edgex-core-command
 94 |     image: nexus3.edgexfoundry.org:10004/core-command:latest
 95 |     networks:
 96 |       edgex-network: null
 97 |     ports:
 98 |       - mode: ingress
 99 |         host_ip: 127.0.0.1
100 |         target: 59882
101 |         published: "59882"
102 |         protocol: tcp
103 |     read_only: true
104 |     restart: always
105 |     security_opt:
106 |       - no-new-privileges:true
107 |     user: 2002:2001
108 |     volumes:
109 |       - type: bind
110 |         source: /etc/localtime
111 |         target: /etc/localtime
112 |         read_only: true
113 |         bind:
114 |           create_host_path: true
115 |   core-common-config-bootstrapper:
116 |     command:
117 |       - /core-common-config-bootstrapper
118 |       - --registry
119 |       - -cp=keeper.http://edgex-core-keeper:59890
120 |     container_name: edgex-core-common-config-bootstrapper
121 |     depends_on:
122 |       core-keeper:
123 |         condition: service_started
124 |         required: true
125 |     environment:
126 |       ALL_SERVICES_DATABASE_HOST: edgex-postgres
127 |       ALL_SERVICES_MESSAGEBUS_HOST: edgex-mqtt-broker
128 |       ALL_SERVICES_REGISTRY_HOST: edgex-core-keeper
129 |       APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata
130 |       DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata
131 |       EDGEX_SECURITY_SECRET_STORE: "false"
132 |     hostname: edgex-core-common-config-bootstrapper
133 |     image: nexus3.edgexfoundry.org:10004/core-common-config-bootstrapper:latest
134 |     networks:
135 |       edgex-network: null
136 |     read_only: true
137 |     security_opt:
138 |       - no-new-privileges:true
139 |     user: 2002:2001
140 |     volumes:
141 |       - type: bind
142 |         source: /etc/localtime
143 |         target: /etc/localtime
144 |         read_only: true
145 |         bind:
146 |           create_host_path: true
147 |   core-data:
148 |     command:
149 |       - --registry
150 |       - -cp=keeper.http://edgex-core-keeper:59890
151 |     container_name: edgex-core-data
152 |     depends_on:
153 |       core-common-config-bootstrapper:
154 |         condition: service_started
155 |         required: true
156 |       core-keeper:
157 |         condition: service_started
158 |         required: true
159 |       database:
160 |         condition: service_started
161 |         required: true
162 |     environment:
163 |       EDGEX_SECURITY_SECRET_STORE: "false"
164 |       SERVICE_HOST: edgex-core-data
165 |     hostname: edgex-core-data
166 |     image: nexus3.edgexfoundry.org:10004/core-data:latest
167 |     networks:
168 |       edgex-network: null
169 |     ports:
170 |       - mode: ingress
171 |         host_ip: 127.0.0.1
172 |         target: 59880
173 |         published: "59880"
174 |         protocol: tcp
175 |     read_only: true
176 |     restart: always
177 |     security_opt:
178 |       - no-new-privileges:true
179 |     user: 2002:2001
180 |     volumes:
181 |       - type: bind
182 |         source: /etc/localtime
183 |         target: /etc/localtime
184 |         read_only: true
185 |         bind:
186 |           create_host_path: true
187 |   core-keeper:
188 |     container_name: edgex-core-keeper
189 |     depends_on:
190 |       database:
191 |         condition: service_started
192 |         required: true
193 |     environment:
194 |       DATABASE_HOST: edgex-postgres
195 |       EDGEX_SECURITY_SECRET_STORE: "false"
196 |       MESSAGEBUS_AUTHMODE: none
197 |       MESSAGEBUS_HOST: edgex-mqtt-broker
198 |       MESSAGEBUS_PORT: "1883"
199 |       MESSAGEBUS_PROTOCOL: tcp
200 |       MESSAGEBUS_SECRETNAME: ""
201 |       MESSAGEBUS_TYPE: mqtt
202 |       SERVICE_HOST: edgex-core-keeper
203 |     hostname: edgex-core-keeper
204 |     image: nexus3.edgexfoundry.org:10004/core-keeper:latest
205 |     networks:
206 |       edgex-network: null
207 |     ports:
208 |       - mode: ingress
209 |         host_ip: 127.0.0.1
210 |         target: 59890
211 |         published: "59890"
212 |         protocol: tcp
213 |     read_only: true
214 |     restart: always
215 |     security_opt:
216 |       - no-new-privileges:true
217 |     user: 2002:2001
218 |     volumes:
219 |       - type: bind
220 |         source: /etc/localtime
221 |         target: /etc/localtime
222 |         read_only: true
223 |         bind:
224 |           create_host_path: true
225 |   core-metadata:
226 |     command:
227 |       - --registry
228 |       - -cp=keeper.http://edgex-core-keeper:59890
229 |     container_name: edgex-core-metadata
230 |     depends_on:
231 |       core-keeper:
232 |         condition: service_started
233 |         required: true
234 |       database:
235 |         condition: service_started
236 |         required: true
237 |     environment:
238 |       EDGEX_SECURITY_SECRET_STORE: "false"
239 |       SERVICE_HOST: edgex-core-metadata
240 |     hostname: edgex-core-metadata
241 |     image: nexus3.edgexfoundry.org:10004/core-metadata:latest
242 |     networks:
243 |       edgex-network: null
244 |     ports:
245 |       - mode: ingress
246 |         host_ip: 127.0.0.1
247 |         target: 59881
248 |         published: "59881"
249 |         protocol: tcp
250 |     read_only: true
251 |     restart: always
252 |     security_opt:
253 |       - no-new-privileges:true
254 |     user: 2002:2001
255 |     volumes:
256 |       - type: bind
257 |         source: /etc/localtime
258 |         target: /etc/localtime
259 |         read_only: true
260 |         bind:
261 |           create_host_path: true
262 |   database:
263 |     container_name: edgex-postgres
264 |     environment:
265 |       POSTGRES_DB: edgex_db
266 |       POSTGRES_PASSWORD: postgres
267 |     hostname: edgex-postgres
268 |     image: postgres:18.1-alpine
269 |     networks:
270 |       edgex-network: null
271 |     ports:
272 |       - mode: ingress
273 |         host_ip: 127.0.0.1
274 |         target: 5432
275 |         published: "5432"
276 |         protocol: tcp
277 |     read_only: true
278 |     restart: always
279 |     security_opt:
280 |       - no-new-privileges:true
281 |     tmpfs:
282 |       - /run
283 |     volumes:
284 |       - type: bind
285 |         source: /etc/localtime
286 |         target: /etc/localtime
287 |         read_only: true
288 |         bind:
289 |           create_host_path: true
290 |       - type: volume
291 |         source: db-data
292 |         target: /var/lib/postgresql/data
293 |         volume: {}
294 |   device-rest:
295 |     command:
296 |       - -cp=keeper.http://edgex-core-keeper:59890
297 |       - --registry
298 |     container_name: edgex-device-rest
299 |     depends_on:
300 |       core-common-config-bootstrapper:
301 |         condition: service_started
302 |         required: true
303 |       core-data:
304 |         condition: service_started
305 |         required: true
306 |       core-keeper:
307 |         condition: service_started
308 |         required: true
309 |       core-metadata:
310 |         condition: service_started
311 |         required: true
312 |     environment:
313 |       EDGEX_SECURITY_SECRET_STORE: "false"
314 |       SERVICE_HOST: edgex-device-rest
315 |     hostname: edgex-device-rest
316 |     image: nexus3.edgexfoundry.org:10004/device-rest:latest
317 |     networks:
318 |       edgex-network: null
319 |     ports:
320 |       - mode: ingress
321 |         host_ip: 127.0.0.1
322 |         target: 59986
323 |         published: "59986"
324 |         protocol: tcp
325 |     read_only: true
326 |     restart: always
327 |     security_opt:
328 |       - no-new-privileges:true
329 |     user: 2002:2001
330 |     volumes:
331 |       - type: bind
332 |         source: /etc/localtime
333 |         target: /etc/localtime
334 |         read_only: true
335 |         bind:
336 |           create_host_path: true
337 |   device-virtual:
338 |     command:
339 |       - -cp=keeper.http://edgex-core-keeper:59890
340 |       - --registry
341 |     container_name: edgex-device-virtual
342 |     depends_on:
343 |       core-common-config-bootstrapper:
344 |         condition: service_started
345 |         required: true
346 |       core-data:
347 |         condition: service_started
348 |         required: true
349 |       core-keeper:
350 |         condition: service_started
351 |         required: true
352 |       core-metadata:
353 |         condition: service_started
354 |         required: true
355 |     environment:
356 |       EDGEX_SECURITY_SECRET_STORE: "false"
357 |       SERVICE_HOST: edgex-device-virtual
358 |     hostname: edgex-device-virtual
359 |     image: nexus3.edgexfoundry.org:10004/device-virtual:latest
360 |     networks:
361 |       edgex-network: null
362 |     ports:
363 |       - mode: ingress
364 |         host_ip: 127.0.0.1
365 |         target: 59900
366 |         published: "59900"
367 |         protocol: tcp
368 |     read_only: true
369 |     restart: always
370 |     security_opt:
371 |       - no-new-privileges:true
372 |     user: 2002:2001
373 |     volumes:
374 |       - type: bind
375 |         source: /etc/localtime
376 |         target: /etc/localtime
377 |         read_only: true
378 |         bind:
379 |           create_host_path: true
380 |   mqtt-broker:
381 |     command:
382 |       - /usr/sbin/mosquitto
383 |       - -c
384 |       - /mosquitto-no-auth.conf
385 |     container_name: edgex-mqtt-broker
386 |     hostname: edgex-mqtt-broker
387 |     image: eclipse-mosquitto:2.0
388 |     networks:
389 |       edgex-network: null
390 |     ports:
391 |       - mode: ingress
392 |         host_ip: 127.0.0.1
393 |         target: 1883
394 |         published: "1883"
395 |         protocol: tcp
396 |     read_only: true
397 |     restart: always
398 |     security_opt:
399 |       - no-new-privileges:true
400 |     user: 2002:2001
401 |   rules-engine:
402 |     container_name: edgex-kuiper
403 |     depends_on:
404 |       database:
405 |         condition: service_started
406 |         required: true
407 |       mqtt-broker:
408 |         condition: service_started
409 |         required: true
410 |     environment:
411 |       CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__CLIENTID: kuiper-rules-engine
412 |       CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__KEEPALIVE: "500"
413 |       CONNECTION__EDGEX__MQTTMSGBUS__PORT: "1883"
414 |       CONNECTION__EDGEX__MQTTMSGBUS__PROTOCOL: tcp
415 |       CONNECTION__EDGEX__MQTTMSGBUS__SERVER: edgex-mqtt-broker
416 |       CONNECTION__EDGEX__MQTTMSGBUS__TYPE: mqtt
417 |       EDGEX__DEFAULT__OPTIONAL__CLIENTID: kuiper-rules-engine
418 |       EDGEX__DEFAULT__OPTIONAL__KEEPALIVE: "500"
419 |       EDGEX__DEFAULT__PORT: "1883"
420 |       EDGEX__DEFAULT__PROTOCOL: tcp
421 |       EDGEX__DEFAULT__SERVER: edgex-mqtt-broker
422 |       EDGEX__DEFAULT__TOPIC: edgex/rules-events
423 |       EDGEX__DEFAULT__TYPE: mqtt
424 |       KUIPER__BASIC__CONSOLELOG: "true"
425 |       KUIPER__BASIC__ENABLEOPENZITI: "false"
426 |       KUIPER__BASIC__RESTPORT: "59720"
427 |     hostname: edgex-kuiper
428 |     image: lfedge/ekuiper:2.3-alpine
429 |     networks:
430 |       edgex-network: null
431 |     ports:
432 |       - mode: ingress
433 |         host_ip: 127.0.0.1
434 |         target: 59720
435 |         published: "59720"
436 |         protocol: tcp
437 |     read_only: true
438 |     restart: always
439 |     security_opt:
440 |       - no-new-privileges:true
441 |     user: kuiper:kuiper
442 |     volumes:
443 |       - type: bind
444 |         source: /etc/localtime
445 |         target: /etc/localtime
446 |         read_only: true
447 |         bind:
448 |           create_host_path: true
449 |       - type: volume
450 |         source: kuiper-data
451 |         target: /kuiper/data
452 |         volume: {}
453 |       - type: volume
454 |         source: kuiper-etc
455 |         target: /kuiper/etc
456 |         volume: {}
457 |       - type: volume
458 |         source: kuiper-log
459 |         target: /kuiper/log
460 |         volume: {}
461 |       - type: volume
462 |         source: kuiper-plugins
463 |         target: /kuiper/plugins
464 |         volume: {}
465 |   support-notifications:
466 |     command:
467 |       - --registry
468 |       - -cp=keeper.http://edgex-core-keeper:59890
469 |     container_name: edgex-support-notifications
470 |     depends_on:
471 |       core-common-config-bootstrapper:
472 |         condition: service_started
473 |         required: true
474 |       core-keeper:
475 |         condition: service_started
476 |         required: true
477 |       database:
478 |         condition: service_started
479 |         required: true
480 |     environment:
481 |       EDGEX_SECURITY_SECRET_STORE: "false"
482 |       SERVICE_HOST: edgex-support-notifications
483 |     hostname: edgex-support-notifications
484 |     image: nexus3.edgexfoundry.org:10004/support-notifications:latest
485 |     networks:
486 |       edgex-network: null
487 |     ports:
488 |       - mode: ingress
489 |         host_ip: 127.0.0.1
490 |         target: 59860
491 |         published: "59860"
492 |         protocol: tcp
493 |     read_only: true
494 |     restart: always
495 |     security_opt:
496 |       - no-new-privileges:true
497 |     user: 2002:2001
498 |     volumes:
499 |       - type: bind
500 |         source: /etc/localtime
501 |         target: /etc/localtime
502 |         read_only: true
503 |         bind:
504 |           create_host_path: true
505 |   support-scheduler:
506 |     command:
507 |       - --registry
508 |       - -cp=keeper.http://edgex-core-keeper:59890
509 |     container_name: edgex-support-scheduler
510 |     depends_on:
511 |       core-common-config-bootstrapper:
512 |         condition: service_started
513 |         required: true
514 |       core-keeper:
515 |         condition: service_started
516 |         required: true
517 |       database:
518 |         condition: service_started
519 |         required: true
520 |     environment:
521 |       EDGEX_SECURITY_SECRET_STORE: "false"
522 |       SERVICE_HOST: edgex-support-scheduler
523 |     hostname: edgex-support-scheduler
524 |     image: nexus3.edgexfoundry.org:10004/support-scheduler:latest
525 |     networks:
526 |       edgex-network: null
527 |     ports:
528 |       - mode: ingress
529 |         host_ip: 127.0.0.1
530 |         target: 59863
531 |         published: "59863"
532 |         protocol: tcp
533 |     read_only: true
534 |     restart: always
535 |     security_opt:
536 |       - no-new-privileges:true
537 |     user: 2002:2001
538 |     volumes:
539 |       - type: bind
540 |         source: /etc/localtime
541 |         target: /etc/localtime
542 |         read_only: true
543 |         bind:
544 |           create_host_path: true
545 |   ui:
546 |     container_name: edgex-ui-go
547 |     environment:
548 |       EDGEX_SECURITY_SECRET_STORE: "false"
549 |       SERVICE_HOST: edgex-ui-go
550 |     hostname: edgex-ui-go
551 |     image: nexus3.edgexfoundry.org:10004/edgex-ui:latest
552 |     networks:
553 |       edgex-network: null
554 |     ports:
555 |       - mode: ingress
556 |         target: 4000
557 |         published: "4000"
558 |         protocol: tcp
559 |     read_only: true
560 |     restart: always
561 |     security_opt:
562 |       - no-new-privileges:true
563 |     user: 2002:2001
564 |     volumes:
565 |       - type: bind
566 |         source: /etc/localtime
567 |         target: /etc/localtime
568 |         read_only: true
569 |         bind:
570 |           create_host_path: true
571 | networks:
572 |   edgex-network:
573 |     name: edgex_edgex-network
574 |     driver: bridge
575 | volumes:
576 |   db-data:
577 |     name: edgex_db-data
578 |   kuiper-data:
579 |     name: edgex_kuiper-data
580 |   kuiper-etc:
581 |     name: edgex_kuiper-etc
582 |   kuiper-log:
583 |     name: edgex_kuiper-log
584 |   kuiper-plugins:
585 |     name: edgex_kuiper-plugins
586 | 


--------------------------------------------------------------------------------
/docker-compose-no-secty-arm64.yml:
--------------------------------------------------------------------------------
  1 | #  * Copyright 2024 Intel Corporation.
  2 | #  *
  3 | #  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  4 | #  * in compliance with the License. You may obtain a copy of the License at
  5 | #  *
  6 | #  * http://www.apache.org/licenses/LICENSE-2.0
  7 | #  *
  8 | #  * Unless required by applicable law or agreed to in writing, software distributed under the License
  9 | #  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 10 | #  * or implied. See the License for the specific language governing permissions and limitations under
 11 | #  * the License.
 12 | #  *
 13 | #  * EdgeX Foundry, Odessa WIP release
 14 | #  *******************************************************************************/
 15 | #
 16 | #
 17 | #
 18 | # ************************ This is a generated compose file ****************************
 19 | #
 20 | # DO NOT MAKE CHANGES that are intended to be permanent to EdgeX edgex-compose repo.
 21 | #
 22 | # Permanent changes can be made to the source compose files located in the compose-builder folder
 23 | # at the top level of the edgex-compose repo.
 24 | #
 25 | # From the compose-builder folder use `make build` to regenerate all standard compose files variations
 26 | #
 27 | # Generated with: Docker Compose version v2.38.1
 28 | name: edgex
 29 | services:
 30 |   app-rules-engine:
 31 |     command:
 32 |       - --registry
 33 |       - -cp=keeper.http://edgex-core-keeper:59890
 34 |     container_name: edgex-app-rules-engine
 35 |     depends_on:
 36 |       core-common-config-bootstrapper:
 37 |         condition: service_started
 38 |         required: true
 39 |       core-keeper:
 40 |         condition: service_started
 41 |         required: true
 42 |       core-metadata:
 43 |         condition: service_started
 44 |         required: true
 45 |     environment:
 46 |       EDGEX_PROFILE: rules-engine
 47 |       EDGEX_SECURITY_SECRET_STORE: "false"
 48 |       SERVICE_HOST: edgex-app-rules-engine
 49 |     hostname: edgex-app-rules-engine
 50 |     image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest
 51 |     networks:
 52 |       edgex-network: null
 53 |     ports:
 54 |       - mode: ingress
 55 |         host_ip: 127.0.0.1
 56 |         target: 59701
 57 |         published: "59701"
 58 |         protocol: tcp
 59 |     read_only: true
 60 |     restart: always
 61 |     security_opt:
 62 |       - no-new-privileges:true
 63 |     user: 2002:2001
 64 |     volumes:
 65 |       - type: bind
 66 |         source: /etc/localtime
 67 |         target: /etc/localtime
 68 |         read_only: true
 69 |         bind:
 70 |           create_host_path: true
 71 |   core-command:
 72 |     command:
 73 |       - --registry
 74 |       - -cp=keeper.http://edgex-core-keeper:59890
 75 |     container_name: edgex-core-command
 76 |     depends_on:
 77 |       core-common-config-bootstrapper:
 78 |         condition: service_started
 79 |         required: true
 80 |       core-keeper:
 81 |         condition: service_started
 82 |         required: true
 83 |       core-metadata:
 84 |         condition: service_started
 85 |         required: true
 86 |       database:
 87 |         condition: service_started
 88 |         required: true
 89 |     environment:
 90 |       EDGEX_SECURITY_SECRET_STORE: "false"
 91 |       EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883
 92 |       SERVICE_HOST: edgex-core-command
 93 |     hostname: edgex-core-command
 94 |     image: nexus3.edgexfoundry.org:10004/core-command-arm64:latest
 95 |     networks:
 96 |       edgex-network: null
 97 |     ports:
 98 |       - mode: ingress
 99 |         host_ip: 127.0.0.1
100 |         target: 59882
101 |         published: "59882"
102 |         protocol: tcp
103 |     read_only: true
104 |     restart: always
105 |     security_opt:
106 |       - no-new-privileges:true
107 |     user: 2002:2001
108 |     volumes:
109 |       - type: bind
110 |         source: /etc/localtime
111 |         target: /etc/localtime
112 |         read_only: true
113 |         bind:
114 |           create_host_path: true
115 |   core-common-config-bootstrapper:
116 |     command:
117 |       - /core-common-config-bootstrapper
118 |       - --registry
119 |       - -cp=keeper.http://edgex-core-keeper:59890
120 |     container_name: edgex-core-common-config-bootstrapper
121 |     depends_on:
122 |       core-keeper:
123 |         condition: service_started
124 |         required: true
125 |     environment:
126 |       ALL_SERVICES_DATABASE_HOST: edgex-postgres
127 |       ALL_SERVICES_MESSAGEBUS_HOST: edgex-mqtt-broker
128 |       ALL_SERVICES_REGISTRY_HOST: edgex-core-keeper
129 |       APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata
130 |       DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata
131 |       EDGEX_SECURITY_SECRET_STORE: "false"
132 |     hostname: edgex-core-common-config-bootstrapper
133 |     image: nexus3.edgexfoundry.org:10004/core-common-config-bootstrapper-arm64:latest
134 |     networks:
135 |       edgex-network: null
136 |     read_only: true
137 |     security_opt:
138 |       - no-new-privileges:true
139 |     user: 2002:2001
140 |     volumes:
141 |       - type: bind
142 |         source: /etc/localtime
143 |         target: /etc/localtime
144 |         read_only: true
145 |         bind:
146 |           create_host_path: true
147 |   core-data:
148 |     command:
149 |       - --registry
150 |       - -cp=keeper.http://edgex-core-keeper:59890
151 |     container_name: edgex-core-data
152 |     depends_on:
153 |       core-common-config-bootstrapper:
154 |         condition: service_started
155 |         required: true
156 |       core-keeper:
157 |         condition: service_started
158 |         required: true
159 |       database:
160 |         condition: service_started
161 |         required: true
162 |     environment:
163 |       EDGEX_SECURITY_SECRET_STORE: "false"
164 |       SERVICE_HOST: edgex-core-data
165 |     hostname: edgex-core-data
166 |     image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest
167 |     networks:
168 |       edgex-network: null
169 |     ports:
170 |       - mode: ingress
171 |         host_ip: 127.0.0.1
172 |         target: 59880
173 |         published: "59880"
174 |         protocol: tcp
175 |     read_only: true
176 |     restart: always
177 |     security_opt:
178 |       - no-new-privileges:true
179 |     user: 2002:2001
180 |     volumes:
181 |       - type: bind
182 |         source: /etc/localtime
183 |         target: /etc/localtime
184 |         read_only: true
185 |         bind:
186 |           create_host_path: true
187 |   core-keeper:
188 |     container_name: edgex-core-keeper
189 |     depends_on:
190 |       database:
191 |         condition: service_started
192 |         required: true
193 |     environment:
194 |       DATABASE_HOST: edgex-postgres
195 |       EDGEX_SECURITY_SECRET_STORE: "false"
196 |       MESSAGEBUS_AUTHMODE: none
197 |       MESSAGEBUS_HOST: edgex-mqtt-broker
198 |       MESSAGEBUS_PORT: "1883"
199 |       MESSAGEBUS_PROTOCOL: tcp
200 |       MESSAGEBUS_SECRETNAME: ""
201 |       MESSAGEBUS_TYPE: mqtt
202 |       SERVICE_HOST: edgex-core-keeper
203 |     hostname: edgex-core-keeper
204 |     image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest
205 |     networks:
206 |       edgex-network: null
207 |     ports:
208 |       - mode: ingress
209 |         host_ip: 127.0.0.1
210 |         target: 59890
211 |         published: "59890"
212 |         protocol: tcp
213 |     read_only: true
214 |     restart: always
215 |     security_opt:
216 |       - no-new-privileges:true
217 |     user: 2002:2001
218 |     volumes:
219 |       - type: bind
220 |         source: /etc/localtime
221 |         target: /etc/localtime
222 |         read_only: true
223 |         bind:
224 |           create_host_path: true
225 |   core-metadata:
226 |     command:
227 |       - --registry
228 |       - -cp=keeper.http://edgex-core-keeper:59890
229 |     container_name: edgex-core-metadata
230 |     depends_on:
231 |       core-keeper:
232 |         condition: service_started
233 |         required: true
234 |       database:
235 |         condition: service_started
236 |         required: true
237 |     environment:
238 |       EDGEX_SECURITY_SECRET_STORE: "false"
239 |       SERVICE_HOST: edgex-core-metadata
240 |     hostname: edgex-core-metadata
241 |     image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest
242 |     networks:
243 |       edgex-network: null
244 |     ports:
245 |       - mode: ingress
246 |         host_ip: 127.0.0.1
247 |         target: 59881
248 |         published: "59881"
249 |         protocol: tcp
250 |     read_only: true
251 |     restart: always
252 |     security_opt:
253 |       - no-new-privileges:true
254 |     user: 2002:2001
255 |     volumes:
256 |       - type: bind
257 |         source: /etc/localtime
258 |         target: /etc/localtime
259 |         read_only: true
260 |         bind:
261 |           create_host_path: true
262 |   database:
263 |     container_name: edgex-postgres
264 |     environment:
265 |       POSTGRES_DB: edgex_db
266 |       POSTGRES_PASSWORD: postgres
267 |     hostname: edgex-postgres
268 |     image: postgres:18.1-alpine
269 |     networks:
270 |       edgex-network: null
271 |     ports:
272 |       - mode: ingress
273 |         host_ip: 127.0.0.1
274 |         target: 5432
275 |         published: "5432"
276 |         protocol: tcp
277 |     read_only: true
278 |     restart: always
279 |     security_opt:
280 |       - no-new-privileges:true
281 |     tmpfs:
282 |       - /run
283 |     volumes:
284 |       - type: bind
285 |         source: /etc/localtime
286 |         target: /etc/localtime
287 |         read_only: true
288 |         bind:
289 |           create_host_path: true
290 |       - type: volume
291 |         source: db-data
292 |         target: /var/lib/postgresql/data
293 |         volume: {}
294 |   device-rest:
295 |     command:
296 |       - -cp=keeper.http://edgex-core-keeper:59890
297 |       - --registry
298 |     container_name: edgex-device-rest
299 |     depends_on:
300 |       core-common-config-bootstrapper:
301 |         condition: service_started
302 |         required: true
303 |       core-data:
304 |         condition: service_started
305 |         required: true
306 |       core-keeper:
307 |         condition: service_started
308 |         required: true
309 |       core-metadata:
310 |         condition: service_started
311 |         required: true
312 |     environment:
313 |       EDGEX_SECURITY_SECRET_STORE: "false"
314 |       SERVICE_HOST: edgex-device-rest
315 |     hostname: edgex-device-rest
316 |     image: nexus3.edgexfoundry.org:10004/device-rest-arm64:latest
317 |     networks:
318 |       edgex-network: null
319 |     ports:
320 |       - mode: ingress
321 |         host_ip: 127.0.0.1
322 |         target: 59986
323 |         published: "59986"
324 |         protocol: tcp
325 |     read_only: true
326 |     restart: always
327 |     security_opt:
328 |       - no-new-privileges:true
329 |     user: 2002:2001
330 |     volumes:
331 |       - type: bind
332 |         source: /etc/localtime
333 |         target: /etc/localtime
334 |         read_only: true
335 |         bind:
336 |           create_host_path: true
337 |   device-virtual:
338 |     command:
339 |       - -cp=keeper.http://edgex-core-keeper:59890
340 |       - --registry
341 |     container_name: edgex-device-virtual
342 |     depends_on:
343 |       core-common-config-bootstrapper:
344 |         condition: service_started
345 |         required: true
346 |       core-data:
347 |         condition: service_started
348 |         required: true
349 |       core-keeper:
350 |         condition: service_started
351 |         required: true
352 |       core-metadata:
353 |         condition: service_started
354 |         required: true
355 |     environment:
356 |       EDGEX_SECURITY_SECRET_STORE: "false"
357 |       SERVICE_HOST: edgex-device-virtual
358 |     hostname: edgex-device-virtual
359 |     image: nexus3.edgexfoundry.org:10004/device-virtual-arm64:latest
360 |     networks:
361 |       edgex-network: null
362 |     ports:
363 |       - mode: ingress
364 |         host_ip: 127.0.0.1
365 |         target: 59900
366 |         published: "59900"
367 |         protocol: tcp
368 |     read_only: true
369 |     restart: always
370 |     security_opt:
371 |       - no-new-privileges:true
372 |     user: 2002:2001
373 |     volumes:
374 |       - type: bind
375 |         source: /etc/localtime
376 |         target: /etc/localtime
377 |         read_only: true
378 |         bind:
379 |           create_host_path: true
380 |   mqtt-broker:
381 |     command:
382 |       - /usr/sbin/mosquitto
383 |       - -c
384 |       - /mosquitto-no-auth.conf
385 |     container_name: edgex-mqtt-broker
386 |     hostname: edgex-mqtt-broker
387 |     image: eclipse-mosquitto:2.0
388 |     networks:
389 |       edgex-network: null
390 |     ports:
391 |       - mode: ingress
392 |         host_ip: 127.0.0.1
393 |         target: 1883
394 |         published: "1883"
395 |         protocol: tcp
396 |     read_only: true
397 |     restart: always
398 |     security_opt:
399 |       - no-new-privileges:true
400 |     user: 2002:2001
401 |   rules-engine:
402 |     container_name: edgex-kuiper
403 |     depends_on:
404 |       database:
405 |         condition: service_started
406 |         required: true
407 |       mqtt-broker:
408 |         condition: service_started
409 |         required: true
410 |     environment:
411 |       CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__CLIENTID: kuiper-rules-engine
412 |       CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__KEEPALIVE: "500"
413 |       CONNECTION__EDGEX__MQTTMSGBUS__PORT: "1883"
414 |       CONNECTION__EDGEX__MQTTMSGBUS__PROTOCOL: tcp
415 |       CONNECTION__EDGEX__MQTTMSGBUS__SERVER: edgex-mqtt-broker
416 |       CONNECTION__EDGEX__MQTTMSGBUS__TYPE: mqtt
417 |       EDGEX__DEFAULT__OPTIONAL__CLIENTID: kuiper-rules-engine
418 |       EDGEX__DEFAULT__OPTIONAL__KEEPALIVE: "500"
419 |       EDGEX__DEFAULT__PORT: "1883"
420 |       EDGEX__DEFAULT__PROTOCOL: tcp
421 |       EDGEX__DEFAULT__SERVER: edgex-mqtt-broker
422 |       EDGEX__DEFAULT__TOPIC: edgex/rules-events
423 |       EDGEX__DEFAULT__TYPE: mqtt
424 |       KUIPER__BASIC__CONSOLELOG: "true"
425 |       KUIPER__BASIC__ENABLEOPENZITI: "false"
426 |       KUIPER__BASIC__RESTPORT: "59720"
427 |     hostname: edgex-kuiper
428 |     image: lfedge/ekuiper:2.3-alpine
429 |     networks:
430 |       edgex-network: null
431 |     ports:
432 |       - mode: ingress
433 |         host_ip: 127.0.0.1
434 |         target: 59720
435 |         published: "59720"
436 |         protocol: tcp
437 |     read_only: true
438 |     restart: always
439 |     security_opt:
440 |       - no-new-privileges:true
441 |     user: kuiper:kuiper
442 |     volumes:
443 |       - type: bind
444 |         source: /etc/localtime
445 |         target: /etc/localtime
446 |         read_only: true
447 |         bind:
448 |           create_host_path: true
449 |       - type: volume
450 |         source: kuiper-data
451 |         target: /kuiper/data
452 |         volume: {}
453 |       - type: volume
454 |         source: kuiper-etc
455 |         target: /kuiper/etc
456 |         volume: {}
457 |       - type: volume
458 |         source: kuiper-log
459 |         target: /kuiper/log
460 |         volume: {}
461 |       - type: volume
462 |         source: kuiper-plugins
463 |         target: /kuiper/plugins
464 |         volume: {}
465 |   support-notifications:
466 |     command:
467 |       - --registry
468 |       - -cp=keeper.http://edgex-core-keeper:59890
469 |     container_name: edgex-support-notifications
470 |     depends_on:
471 |       core-common-config-bootstrapper:
472 |         condition: service_started
473 |         required: true
474 |       core-keeper:
475 |         condition: service_started
476 |         required: true
477 |       database:
478 |         condition: service_started
479 |         required: true
480 |     environment:
481 |       EDGEX_SECURITY_SECRET_STORE: "false"
482 |       SERVICE_HOST: edgex-support-notifications
483 |     hostname: edgex-support-notifications
484 |     image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest
485 |     networks:
486 |       edgex-network: null
487 |     ports:
488 |       - mode: ingress
489 |         host_ip: 127.0.0.1
490 |         target: 59860
491 |         published: "59860"
492 |         protocol: tcp
493 |     read_only: true
494 |     restart: always
495 |     security_opt:
496 |       - no-new-privileges:true
497 |     user: 2002:2001
498 |     volumes:
499 |       - type: bind
500 |         source: /etc/localtime
501 |         target: /etc/localtime
502 |         read_only: true
503 |         bind:
504 |           create_host_path: true
505 |   support-scheduler:
506 |     command:
507 |       - --registry
508 |       - -cp=keeper.http://edgex-core-keeper:59890
509 |     container_name: edgex-support-scheduler
510 |     depends_on:
511 |       core-common-config-bootstrapper:
512 |         condition: service_started
513 |         required: true
514 |       core-keeper:
515 |         condition: service_started
516 |         required: true
517 |       database:
518 |         condition: service_started
519 |         required: true
520 |     environment:
521 |       EDGEX_SECURITY_SECRET_STORE: "false"
522 |       SERVICE_HOST: edgex-support-scheduler
523 |     hostname: edgex-support-scheduler
524 |     image: nexus3.edgexfoundry.org:10004/support-scheduler-arm64:latest
525 |     networks:
526 |       edgex-network: null
527 |     ports:
528 |       - mode: ingress
529 |         host_ip: 127.0.0.1
530 |         target: 59863
531 |         published: "59863"
532 |         protocol: tcp
533 |     read_only: true
534 |     restart: always
535 |     security_opt:
536 |       - no-new-privileges:true
537 |     user: 2002:2001
538 |     volumes:
539 |       - type: bind
540 |         source: /etc/localtime
541 |         target: /etc/localtime
542 |         read_only: true
543 |         bind:
544 |           create_host_path: true
545 |   ui:
546 |     container_name: edgex-ui-go
547 |     environment:
548 |       EDGEX_SECURITY_SECRET_STORE: "false"
549 |       SERVICE_HOST: edgex-ui-go
550 |     hostname: edgex-ui-go
551 |     image: nexus3.edgexfoundry.org:10004/edgex-ui-arm64:latest
552 |     networks:
553 |       edgex-network: null
554 |     ports:
555 |       - mode: ingress
556 |         target: 4000
557 |         published: "4000"
558 |         protocol: tcp
559 |     read_only: true
560 |     restart: always
561 |     security_opt:
562 |       - no-new-privileges:true
563 |     user: 2002:2001
564 |     volumes:
565 |       - type: bind
566 |         source: /etc/localtime
567 |         target: /etc/localtime
568 |         read_only: true
569 |         bind:
570 |           create_host_path: true
571 | networks:
572 |   edgex-network:
573 |     name: edgex_edgex-network
574 |     driver: bridge
575 | volumes:
576 |   db-data:
577 |     name: edgex_db-data
578 |   kuiper-data:
579 |     name: edgex_kuiper-data
580 |   kuiper-etc:
581 |     name: edgex_kuiper-etc
582 |   kuiper-log:
583 |     name: edgex_kuiper-log
584 |   kuiper-plugins:
585 |     name: edgex_kuiper-plugins
586 | 


--------------------------------------------------------------------------------