-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yml
136 lines (128 loc) · 3.81 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
version: '3.3'
# Setup network
networks:
default:
name: fedn_default
services:
# Base services
minio:
image: minio/minio:latest
# hostname: minio
environment:
# - GET_HOSTS_FROM=dns
- MINIO_HOST=localhost
- MINIO_PORT=9000
- MINIO_ROOT_USER=fedn_admin
- MINIO_ROOT_PASSWORD=password
command: server /data --console-address localhost:9001
healthcheck:
test:
[
"CMD",
"curl",
"-f",
"http://localhost:9000/minio/health/live"
]
interval: 30s
timeout: 20s
retries: 3
# ports:
# - 9000:9000
# - 9001:9001
network_mode: "host" # TODO: configure network in enclave to avoid this
mongo:
image: mongo:5.0.2
restart: always
environment:
- MONGO_INITDB_ROOT_USERNAME=fedn_admin
- MONGO_INITDB_ROOT_PASSWORD=password
# ports:
# - 6534:6534
command: mongod --port 6534
network_mode: "host" # TODO: configure network in enclave to avoid this
mongo-express:
image: mongo-express:latest
restart: always
depends_on:
- "mongo"
environment:
- ME_CONFIG_MONGODB_SERVER=mongo
- ME_CONFIG_MONGODB_PORT=6534
- ME_CONFIG_MONGODB_ADMINUSERNAME=fedn_admin
- ME_CONFIG_MONGODB_ADMINPASSWORD=password
- ME_CONFIG_BASICAUTH_USERNAME=fedn_admin
- ME_CONFIG_BASICAUTH_PASSWORD=password
# ports:
# - 8081:8081
network_mode: "host" # TODO: configure network in enclave to avoid this
# Attestation
attestation:
build: .
environment:
# - GET_HOSTS_FROM=dns
- RA_TLS_ALLOW_DEBUG_ENCLAVE_INSECURE=1
- RA_TLS_ALLOW_OUTDATED_TCB_INSECURE=1
- RA_TLS_EPID_API_KEY=${RA_TLS_EPID_API_KEY}
- RA_CLIENT_SPID=${RA_CLIENT_SPID}
- RA_CLIENT_LINKABLE=0
entrypoint: /app/server mongodb://fedn_admin:password@localhost:6534
depends_on:
- "mongo"
- "reducer"
privileged: true
# ports:
# - 4433:4433
volumes:
- /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket
network_mode: "host" # TODO: configure network in enclave to avoid this
# Reducer
reducer:
build: .
environment:
# - GET_HOSTS_FROM=dns
- USER=test
- PROJECT=project
command: fedn run reducer -n reducer --init=/app/config/settings-reducer.yaml --secret-key secret
# ports:
# - 8090:8090
network_mode: "host" # TODO: configure network in enclave to avoid this
# Combiner
combiner:
build: .
environment:
# - GET_HOSTS_FROM=dns
- PYTHONUNBUFFERED=0
- RA_TLS_ALLOW_DEBUG_ENCLAVE_INSECURE=1
- RA_TLS_ALLOW_OUTDATED_TCB_INSECURE=1
- RA_TLS_EPID_API_KEY=${RA_TLS_EPID_API_KEY}
- RA_CLIENT_SPID=${RA_CLIENT_SPID}
- RA_CLIENT_LINKABLE=0
command: sleep 10 && ./fedn-enclave combiner # TODO: find a better way to wait for the attestation server to start
depends_on:
- "attestation"
privileged: true # to access SGX devices
# ports:
# - 12080:12080
volumes:
- /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket
network_mode: "host" # TODO: configure network in enclave to avoid this
# Client
client:
build: .
environment:
# - GET_HOSTS_FROM=dns
- TMPDIR=/tmp
- RA_TLS_ALLOW_DEBUG_ENCLAVE_INSECURE=1
- RA_TLS_ALLOW_OUTDATED_TCB_INSECURE=1
- RA_TLS_EPID_API_KEY=${RA_TLS_EPID_API_KEY}
- RA_CLIENT_SPID=${RA_CLIENT_SPID}
- RA_CLIENT_LINKABLE=0
command: sleep 10 && ./fedn-enclave client # TODO: find a better way to wait for the attestation server to start
deploy:
replicas: 2
depends_on:
- "attestation"
privileged: true # to access SGX devices
volumes:
- /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket
network_mode: "host" # TODO: configure network in enclave to avoid this