docker-compose.yml

---
version: '3'
volumes:
  data-volume:
    driver_opts:
      type: none
      device: ${OBMP_DATA_ROOT}/postgres/data
      o: bind
  ts-volume:
    driver_opts:
      type: none
      device: ${OBMP_DATA_ROOT}/postgres/ts
      o: bind

services:

  zookeeper:
    restart: unless-stopped
    container_name: obmp-zookeeper
    image: confluentinc/cp-zookeeper:7.1.1
    volumes:
      - ${OBMP_DATA_ROOT}/zk-data:/var/lib/zookeeper/data
      - ${OBMP_DATA_ROOT}/zk-log:/var/lib/zookeeper/log
    environment:
      ZOOKEEPER_CLIENT_PORT: 2181
      ZOOKEEPER_TICK_TIME: 2000

  kafka:
    restart: unless-stopped
    container_name: obmp-kafka
    image: confluentinc/cp-kafka:7.1.1

    # Change the mount point to where you want to store Kafka data.
    #   Normally 80GB or more
    volumes:
      - ${OBMP_DATA_ROOT}/kafka-data:/var/lib/kafka/data
    depends_on:
      - zookeeper
    ports:
      - "9092:9092"
    environment:
      KAFKA_BROKER_ID: 1
      KAFKA_ZOOKEEPER_CONNECT: obmp-zookeeper:2181

      # Change/add listeners based on your FQDN that the host and other containers can access.  You can use
      #    an IP address as well. By default, only within the compose/containers can Kafka be accesssed
      #    using port 29092.   Outside access can be enabled, but you should use an FQDN listener.
      #KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:29092,PLAINTEXT_HOST://<FQDN>:9092
      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://obmp-kafka:29092
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
      KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
      KAFKA_NUM_PARTITIONS: 8
      KAFKA_LOG_RETENTION_MINUTES: 90
      KAFKA_LOG_ROLL_MS: 3600000
      KAFKA_LOG_SEGMENT_BYTES: 1073741824
      KAFKA_MESSAGE_MAX_BYTES: 100000000
      KAFKA_LOG_CLEANER_THREADS: 2

  # TODO: Move comment to documentation
  # You can use SWAG and Let's Encrypt to front the Grafana HTTP port 3000 instance. Below is an example
  # Create the SWAG direcgtory using "sudo mkdir -m 777 ${OBMP_DATA_ROOT}/swag"
#  swag:
#    image: linuxserver/letsencrypt:version-1.11.0
#    container_name: obmp-swag
#    cap_add:
#      - NET_ADMIN
#    environment:
#      - PUID=1000
#      - PGID=1000
#      - TZ=UTC
#      - URL=<domain of grafana host, this should be the domain only, not the hostname>
#      - SUBDOMAINS=<hostname, without the domain>,
#      - VALIDATION=http
#      - EMAIL=<your email>
#      - ONLY_SUBDOMAINS=true
#      - STAGING=false
#    volumes:
#      - /var/openbmp/swag:/config
#    ports:
#      - 443:443
#      - 80:80 #optional
#    restart: unless-stopped

  grafana:
    restart: unless-stopped
    container_name: obmp-grafana
    image: grafana/grafana:9.1.7
    ports:
      - "3000:3000"
    volumes:
      - ${OBMP_DATA_ROOT}/grafana:/var/lib/grafana
      - ${OBMP_DATA_ROOT}/grafana/provisioning:/etc/grafana/provisioning/
    environment:
      - GF_SECURITY_ADMIN_PASSWORD=openbmp
      - GF_AUTH_ANONYMOUS_ENABLED=true
      - GF_USERS_HOME_PAGE=d/obmp-home/obmp-home
      - GF_INSTALL_PLUGINS=agenty-flowcharting-panel,grafana-piechart-panel,grafana-worldmap-panel,grafana-simple-json-datasource,vonage-status-panel

      # TODO: Move comment block to documentation
      # The below is an example of how to enable OAuth
      #- GF_AUTH_GENERIC_OAUTH_NAME=MyCompany SSO
      #- GF_AUTH_GENERIC_OAUTH_ICON=signin
      #- GF_AUTH_GENERIC_OAUTH_ENABLED=true
      #- GF_AUTH_GENERIC_OAUTH_CLIENT_ID=<the client ID>
      #- GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=<client secret>
      #- GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true
      #- GF_AUTH_GENERIC_OAUTH_AUTH_URL=<auth url, such as https://domain/as/authorization.oauth2>
      #- GF_AUTH_GENERIC_OAUTH_TOKEN_URL=<token url, such as https://domain/as/token.oauth2
      #- GF_AUTH_GENERIC_OAUTH_API_URL=<userinfo url, such as https://domain/idp/userinfo.openid
      #- GF_AUTH_GENERIC_OAUTH_SCOPES=email openid profile
      #- GF_AUTH_GENERIC_OAUTH_SEND_CLIENT_CREDENTIALS_VIA_POST=true
      #- GF_SERVER_ENFORCE_DOMAIN=true
      #- GF_SERVER_PROTOCOL=http
      #- GF_SERVER_HTTP_PORT=3000
      #- GF_SERVER_DOMAIN=<fqdn of grafana server>
      #- GF_SERVER_ROOT_URL=%(protocol)s://%(domain)s:%(http_port)s/

  psql:
    restart: unless-stopped
    container_name: obmp-psql
    image: openbmp/postgres:2.2.1
    privileged: true
    shm_size: 1536m
    sysctls:
      - net.ipv4.tcp_keepalive_intvl=30
      - net.ipv4.tcp_keepalive_probes=5
      - net.ipv4.tcp_keepalive_time=180
    ports:
      - "5432:5432"
    volumes:
      - data-volume:/var/lib/postgresql/data
      - ts-volume:/var/lib/postgresql/ts
    # alter_job max_runtime in _timescaledb_config.bgw_job ( https://docs.timescale.com/latest/api#alter_job )
    command: >
      -c max_wal_size=10GB
    environment:
      - POSTGRES_PASSWORD=openbmp
      - POSTGRES_USER=openbmp
      - POSTGRES_DB=openbmp

  collector:
    restart: unless-stopped
    container_name: obmp-collector
    image: openbmp/collector:2.2.3
    sysctls:
      - net.ipv4.tcp_keepalive_intvl=30
      - net.ipv4.tcp_keepalive_probes=5
      - net.ipv4.tcp_keepalive_time=180
    ports:
      - "5000:5000"
    volumes:
      - ${OBMP_DATA_ROOT}/config:/config
    environment:
      - KAFKA_FQDN=obmp-kafka:29092

  psql-app:
    restart: unless-stopped
    container_name: obmp-psql-app
    image: openbmp/psql-app:2.2.2
    sysctls:
      - net.ipv4.tcp_keepalive_intvl=30
      - net.ipv4.tcp_keepalive_probes=5
      - net.ipv4.tcp_keepalive_time=180
    ports:
      - "9005:9005"

    volumes:
      - ${OBMP_DATA_ROOT}/config:/config
    environment:
      - MEM=3                                           # Set memory to at least 2GB but ideally 4GB
      - KAFKA_FQDN=obmp-kafka:29092
      - RPKI_URL=https://rpki.cloudflare.com/rpki.json  # define the URL to retrieve json endoed RPKI data
      - RPKI_PASS=None
      - RPKI_USER=None
      - ENABLE_RPKI=1                                   # 1 enables, 0 disables RPKI sync
      - ENABLE_IRR=1                                    # 1 enables, 0 disables IRR sync
      - ENABLE_DBIP=1                                   # 1 enables, 0 disables DBIP import
      - POSTGRES_REPORT_WINDOW='8 minute'               # default POSTGRESS window to select when building
                                                        # summary tables. For deployments that absorb large
                                                        # bursts increase the value, ex 60 minute
      - POSTGRES_PASSWORD=openbmp
      - POSTGRES_USER=openbmp
      - POSTGRES_DB=openbmp
      - POSTGRES_HOST=obmp-psql
      - POSTGRES_PORT=5432
      - POSTGRES_DROP_peer_event_log='1 year'
      - POSTGRES_DROP_stat_reports='4 weeks'
      - POSTGRES_DROP_ip_rib_log='4 weeks'
      - POSTGRES_DROP_alerts='4 weeks'
      - POSTGRES_DROP_ls_nodes_log='4 months'
      - POSTGRES_DROP_ls_links_log='4 months'
      - POSTGRES_DROP_ls_prefixes_log='4 months'
      - POSTGRES_DROP_stats_chg_byprefix='4 weeks'
      - POSTGRES_DROP_stats_chg_byasn='4 weeks'
      - POSTGRES_DROP_stats_chg_bypeer='4 weeks'
      - POSTGRES_DROP_stats_ip_origins='4 weeks'
      - POSTGRES_DROP_stats_peer_rib='4 weeks'
      - POSTGRES_DROP_stats_peer_update_counts='4 weeks'

  whois:
    restart: unless-stopped
    container_name: obmp-whois
    image: openbmp/whois:2.2.0
    sysctls:
      - net.ipv4.tcp_keepalive_intvl=30
      - net.ipv4.tcp_keepalive_probes=5
      - net.ipv4.tcp_keepalive_time=180
    ports:
      - "4300:43"
#    volumes:
#      - ${OBMP_DATA_ROOT}/config:/config
    environment:
      - POSTGRES_PASSWORD=openbmp
      - POSTGRES_USER=openbmp
      - POSTGRES_DB=openbmp
      - POSTGRES_HOST=obmp-psql
      - POSTGRES_PORT=5432