In my ansible configuration there is the deployment of the service, to create the folder structure and these.
The docker compose is the next one:
version: "3.5"
networks:
default:
name: openc3-cosmos-network
services:
openc3-minio:
image: "${OPENC3_REGISTRY}/${OPENC3_NAMESPACE}/openc3-minio${OPENC3_IMAGE_SUFFIX}:${OPENC3_TAG}"
# Uncomment to run unit tests against the minio server
# ports:
# - "127.0.0.1:9000:9000"
volumes:
- "openc3-minio-v:/data"
- "${CONF_CACERT}:/devel/cacert.pem:z"
command: server --address ":9000" --console-address ":9001" /data
restart: "unless-stopped"
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
environment:
MINIO_ROOT_USER: "${OPENC3_BUCKET_USERNAME}"
MINIO_ROOT_PASSWORD: "${OPENC3_BUCKET_PASSWORD}"
# Domain doesn't really matter but it's required. We really want the /minio path.
# This is handled by our traefik configuration via rule: PathPrefix(`/minio`)
# and forwarded on to the console at http://openc3-minio:9001
MINIO_BROWSER_REDIRECT_URL: "http://openc3.com/minio"
SSL_CERT_FILE: "/devel/cacert.pem"
CURL_CA_BUNDLE: "/devel/cacert.pem"
REQUESTS_CA_BUNDLE: "/devel/cacert.pem"
NODE_EXTRA_CA_CERTS: "/devel/cacert.pem"
openc3-redis:
image: "${OPENC3_REGISTRY}/${OPENC3_NAMESPACE}/openc3-redis${OPENC3_IMAGE_SUFFIX}:${OPENC3_TAG}"
volumes:
- "openc3-redis-v:/data"
- "${CONF_CACERT}:/devel/cacert.pem:z"
- "${CONF_USERS}:/config/users.acl:z"
restart: "unless-stopped"
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
environment:
SSL_CERT_FILE: "/devel/cacert.pem"
CURL_CA_BUNDLE: "/devel/cacert.pem"
REQUESTS_CA_BUNDLE: "/devel/cacert.pem"
NODE_EXTRA_CA_CERTS: "/devel/cacert.pem"
openc3-redis-ephemeral:
image: "${OPENC3_REGISTRY}/${OPENC3_NAMESPACE}/openc3-redis${OPENC3_IMAGE_SUFFIX}:${OPENC3_TAG}"
volumes:
- "openc3-redis-ephemeral-v:/data"
- "${CONF_CACERT}:/devel/cacert.pem:z"
- "${CONF_USERS}:/config/users.acl:z"
restart: "unless-stopped"
command: ["redis-server", "/config/redis_ephemeral.conf"]
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
environment:
SSL_CERT_FILE: "/devel/cacert.pem"
CURL_CA_BUNDLE: "/devel/cacert.pem"
REQUESTS_CA_BUNDLE: "/devel/cacert.pem"
NODE_EXTRA_CA_CERTS: "/devel/cacert.pem"
openc3-cosmos-cmd-tlm-api:
# For rootless podman - Uncomment this user line and comment out the next
# user: 0:0
user: "${OPENC3_USER_ID:-1000}:${OPENC3_GROUP_ID:-1000}"
image: "${OPENC3_REGISTRY}/${OPENC3_NAMESPACE}/openc3-cosmos-cmd-tlm-api${OPENC3_IMAGE_SUFFIX}:${OPENC3_TAG}"
restart: "unless-stopped"
depends_on:
- "openc3-redis"
- "openc3-redis-ephemeral"
- "openc3-minio"
volumes:
- "openc3-gems-v:/gems"
- "openc3-plugins-v:/plugins:z"
- "${CONF_CACERT}:/devel/cacert.pem:z"
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
environment:
RAILS_ENV: "production"
GEM_HOME: "/gems"
PYTHONUSERBASE: "/gems/python_packages"
OPENC3_REDIS_USERNAME: "${OPENC3_REDIS_USERNAME}"
OPENC3_REDIS_PASSWORD: "${OPENC3_REDIS_PASSWORD}"
OPENC3_BUCKET_USERNAME: "${OPENC3_BUCKET_USERNAME}"
OPENC3_BUCKET_PASSWORD: "${OPENC3_BUCKET_PASSWORD}"
OPENC3_SERVICE_PASSWORD: "${OPENC3_SERVICE_PASSWORD}"
env_file: "stack.env"
openc3-cosmos-script-runner-api:
# For rootless podman - Uncomment this user line and comment out the next
# user: 0:0
user: "${OPENC3_USER_ID:-1000}:${OPENC3_GROUP_ID:-1000}"
image: "${OPENC3_REGISTRY}/${OPENC3_NAMESPACE}/openc3-cosmos-script-runner-api${OPENC3_IMAGE_SUFFIX}:${OPENC3_TAG}"
restart: "unless-stopped"
depends_on:
- "openc3-redis"
- "openc3-redis-ephemeral"
- "openc3-minio"
volumes:
- "openc3-gems-v:/gems:ro"
- "openc3-plugins-v:/plugins:z"
- "${CONF_CACERT}:/devel/cacert.pem:z"
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
environment:
RAILS_ENV: "production"
GEM_HOME: "/gems"
PYTHONUSERBASE: "/gems/python_packages"
OPENC3_REDIS_USERNAME: "${OPENC3_REDIS_USERNAME}"
OPENC3_REDIS_PASSWORD: "${OPENC3_REDIS_PASSWORD}"
OPENC3_BUCKET_USERNAME: "${OPENC3_BUCKET_USERNAME}"
OPENC3_BUCKET_PASSWORD: "${OPENC3_BUCKET_PASSWORD}"
OPENC3_SR_REDIS_USERNAME: "${OPENC3_SR_REDIS_USERNAME}"
OPENC3_SR_REDIS_PASSWORD: "${OPENC3_SR_REDIS_PASSWORD}"
OPENC3_SR_BUCKET_USERNAME: "${OPENC3_SR_BUCKET_USERNAME}"
OPENC3_SR_BUCKET_PASSWORD: "${OPENC3_SR_BUCKET_PASSWORD}"
OPENC3_SERVICE_PASSWORD: "${OPENC3_SERVICE_PASSWORD}"
env_file: "stack.env"
openc3-operator:
# For rootless podman - Uncomment this user line and comment out the next
# user: 0:0
user: "${OPENC3_USER_ID:-1000}:${OPENC3_GROUP_ID:-1000}"
image: "${OPENC3_REGISTRY}/${OPENC3_NAMESPACE}/openc3-operator${OPENC3_IMAGE_SUFFIX}:${OPENC3_TAG}"
restart: "unless-stopped"
ports:
- "0.0.0.0:8002:8002" # Open port for example
depends_on:
- "openc3-redis"
- "openc3-redis-ephemeral"
- "openc3-minio"
volumes:
- "openc3-gems-v:/gems:ro"
- "openc3-plugins-v:/plugins:z"
- "${CONF_CACERT}:/devel/cacert.pem:z"
# Add access to the entire C drive on Windows
# - "/c:/c"
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
environment:
GEM_HOME: "/gems"
PYTHONUSERBASE: "/gems/python_packages"
OPENC3_REDIS_USERNAME: "${OPENC3_REDIS_USERNAME}"
OPENC3_REDIS_PASSWORD: "${OPENC3_REDIS_PASSWORD}"
OPENC3_BUCKET_USERNAME: "${OPENC3_BUCKET_USERNAME}"
OPENC3_BUCKET_PASSWORD: "${OPENC3_BUCKET_PASSWORD}"
OPENC3_SERVICE_PASSWORD: "${OPENC3_SERVICE_PASSWORD}"
extra_hosts:
- host.docker.internal:host-gateway
env_file: "stack.env"
openc3-traefik:
image: "${OPENC3_REGISTRY}/${OPENC3_NAMESPACE}/openc3-traefik${OPENC3_IMAGE_SUFFIX}:${OPENC3_TAG}"
volumes:
- "${CONF_CACERT}:/devel/cacert.pem:z"
# - "./openc3-traefik/traefik.yaml:/etc/traefik/traefik.yaml:z"
- "${CONF_TRAEFIK}:/etc/traefik/traefik.yaml:z"
# - "./openc3-traefik/traefik-ssl.yaml:/etc/traefik/traefik.yaml:z"
# - "./openc3-traefik/traefik-letsencrypt.yaml:/etc/traefik/traefik.yaml:z"
# - "./openc3-traefik/cert.key:/etc/traefik/cert.key:z"
# - "./openc3-traefik/cert.crt:/etc/traefik/cert.crt:z"
ports:
- "0.0.0.0:2900:80"
- "0.0.0.0:2943:443"
# - "80:80"
# - "443:443"
restart: "unless-stopped"
depends_on:
- "openc3-redis"
- "openc3-redis-ephemeral"
- "openc3-minio"
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
environment:
SSL_CERT_FILE: "/devel/cacert.pem"
CURL_CA_BUNDLE: "/devel/cacert.pem"
REQUESTS_CA_BUNDLE: "/devel/cacert.pem"
NODE_EXTRA_CA_CERTS: "/devel/cacert.pem"
env_file: "stack.env"
openc3-cosmos-init:
# For rootless podman - Uncomment this user line and comment out the next
# user: 0:0
user: "${OPENC3_USER_ID:-1000}:${OPENC3_GROUP_ID:-1000}"
image: "${OPENC3_REGISTRY}/${OPENC3_NAMESPACE}/openc3-cosmos-init${OPENC3_IMAGE_SUFFIX}:${OPENC3_TAG}"
restart: on-failure
depends_on:
- "openc3-traefik"
- "openc3-redis"
- "openc3-redis-ephemeral"
- "openc3-minio"
volumes:
- "openc3-gems-v:/gems"
- "openc3-plugins-v:/plugins:z"
- "${CONF_CACERT}:/devel/cacert.pem:z"
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
environment:
GEM_HOME: "/gems"
PYTHONUSERBASE: "/gems/python_packages"
OPENC3_REDIS_USERNAME: "${OPENC3_REDIS_USERNAME}"
OPENC3_REDIS_PASSWORD: "${OPENC3_REDIS_PASSWORD}"
OPENC3_BUCKET_USERNAME: "${OPENC3_BUCKET_USERNAME}"
OPENC3_BUCKET_PASSWORD: "${OPENC3_BUCKET_PASSWORD}"
OPENC3_SR_BUCKET_USERNAME: "${OPENC3_SR_BUCKET_USERNAME}"
OPENC3_SR_BUCKET_PASSWORD: "${OPENC3_SR_BUCKET_PASSWORD}"
env_file: "stack.env"
volumes:
openc3-redis-v:
driver: local
driver_opts:
type: none
o: bind
device: /data/cosmos/redis
openc3-redis-ephemeral-v:
driver: local
driver_opts:
type: none
o: bind
device: /data/cosmos/redis-ephemeral
openc3-minio-v:
driver: local
driver_opts:
type: none
o: bind
device: /data/cosmos/minio
openc3-gems-v:
driver: local
driver_opts:
type: none
o: bind
device: /data/cosmos/gems
openc3-plugins-v:
driver: local
driver_opts:
type: none
o: bind
device: /data/cosmos/plugins
Then the tricky part, you need to create a document called “stack.env” with the next content:
OPENC3_TAG=5.12.0
OPENC3_LOCAL_MODE=1
OPENC3_DEMO=0
OPENC3_REGISTRY=docker.io
OPENC3_NAMESPACE=openc3inc
OPENC3_DEPENDENCY_REGISTRY=docker.io
OPENC3_ENTERPRISE_REGISTRY=ghcr.io
OPENC3_ENTERPRISE_NAMESPACE=openc3
OPENC3_UBI_REGISTRY=registry1.dso.mil
OPENC3_UBI_IMAGE=ironbank/redhat/ubi/ubi8-minimal
OPENC3_UBI_TAG=8.8
OPENC3_IMAGE_SUFFIX=
OPENC3_LOGS_BUCKET=logs
OPENC3_TOOLS_BUCKET=tools
OPENC3_CONFIG_BUCKET=config
OPENC3_GEMS_VOLUME=/gems
OPENC3_PLUGIN_DEFAULT_VOLUME=/plugins/DEFAULT
OPENC3_REDIS_HOSTNAME=openc3-redis
OPENC3_REDIS_PORT=6379
OPENC3_REDIS_EPHEMERAL_HOSTNAME=openc3-redis-ephemeral
OPENC3_REDIS_EPHEMERAL_PORT=6380
OPENC3_REDIS_USERNAME=openc3
OPENC3_REDIS_PASSWORD=openc3password
OPENC3_BUCKET_USERNAME=openc3minio
OPENC3_BUCKET_PASSWORD=openc3miniopassword
OPENC3_SR_REDIS_USERNAME=scriptrunner
OPENC3_SR_REDIS_PASSWORD=scriptrunnerpassword
OPENC3_SR_BUCKET_USERNAME=scriptrunnerminio
OPENC3_SR_BUCKET_PASSWORD=scriptrunnerminiopassword
OPENC3_SERVICE_PASSWORD=openc3service
ALPINE_VERSION=3.18
ALPINE_BUILD=4
APK_URL=https://dl-cdn.alpinelinux.org
RUBYGEMS_URL=https://rubygems.org
NPM_URL=https://registry.npmjs.org
SECRET_KEY_BASE=bdb4300d46c9d4f116ce3dbbd54cac6b20802d8be1c2333cf5f6f90b1627799ac5d043e8460744077bc0bd6aacdd5c4bf53f499a68303c6752e7f327b874b96a
OPENC3_CLOUD=local
CONF_CACERT=/data/cosmos/conf/cacert.pem
CONF_TRAEFIK=/data/cosmos/conf/traefik-allow-http.yaml
CONF_USERS=/data/cosmos/conf/users.acl
And in portainer you need to add the environmental variables from the files.