-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathdocker-compose.yml
179 lines (173 loc) · 6.67 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
version: '3.5'
services:
dev:
depends_on:
- fhir
- warehouse
- elasticsearch
user: root
build:
dockerfile: spark.Dockerfile
context: .
environment:
# These environment variables put the python interpreter into debug mode
# PYTHONDEVMODE: 1
# PYTHONMALLOC: debug
PYTHONASYNCIODEBUG: 1
# PYTHONTRACEMALLOC: 1
LOGLEVEL: DEBUG
# These environment variables are used to configure the spark pipeline framework
FHIR_SERVER_URL: 'http://fhir:3000/4_0_0/'
AUTH_CONFIGURATION_URI: 'http://keycloak:8080/realms/bwell-realm/.well-known/openid-configuration'
FHIR_CLIENT_ID: bwell-client-id
FHIR_CLIENT_SECRET: bwell-secret
ELASTICSEARCH_HOST: https://elasticsearch:9200
volumes:
- ./:/SparkpipelineFramework/
# - ../helix.fhir.client.sdk/helix_fhir_client_sdk:/usr/local/lib/python3.12/dist-packages/helix_fhir_client_sdk
# - ../mockserver_client/mockserver_client:/usr/local/lib/python3.12/dist-packages/mockserver_client
container_name: spf_dev
working_dir: /SparkpipelineFramework
warehouse:
image: mariadb:10.11.9
environment:
MYSQL_ROOT_PASSWORD: root_password
MYSQL_DATABASE: fhir_rpt
ports:
- '33061:3306'
command: --sql-mode="STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION"
healthcheck:
test: [ "CMD", "mysqladmin" ,"ping", "-h", "localhost" ]
mock-server:
image: mockserver/mockserver:mockserver-5.15.0
command: -serverPort 1080
ports:
- '1080:1080'
environment:
- MOCKSERVER_LIVENESS_HTTP_GET_PATH=/health
fhir:
depends_on:
- mongo
- keycloak
image: imranq2/node-fhir-server-mongo:5.10.21
# To use local fhir code, comment above line and uncomment below
# build:
# dockerfile: Dockerfile
# context: ../fhir-server
environment:
SERVER_PORT: 3000
MONGO_DB_NAME: fhir
MONGO_URL: mongodb://mongo:27017
AUDIT_EVENT_MONGO_DB_NAME: fhir
AUDIT_EVENT_MONGO_URL: mongodb://mongo:27017
RESOURCE_SERVER: http://fhir:3000/
AUTH_SERVER_URI: http://myauthzserver.com
AUTH_CUSTOM_SCOPE: "custom:scope"
CLIENT_ID: bwell-client-id
CLIENT_SECRET: bwell-secret
INTROSPECTION_URL: https://myauthzserver.com/introspect
AUTH_CONFIGURATION_URI: http://keycloak:8080/realms/bwell-realm/.well-known/openid-configuration
AUTH_JWKS_URL: http://keycloak:8080/realms/bwell-realm/protocol/openid-connect/certs
EXTERNAL_AUTH_JWKS_URLS: http://keycloak:8080/realms/bwell-realm/protocol/openid-connect/certs
RETURN_BUNDLE: "1"
VALIDATE_SCHEMA: "1"
ENABLE_GRAPHQL: "1"
ENABLE_GRAPHQLV2: "1"
LOGLEVEL: "DEBUG"
SET_INDEX_HINTS: 0
CREATE_INDEX_ON_COLLECTION_CREATION: 1
USE_TWO_STEP_SEARCH_OPTIMIZATION: "0"
STREAM_RESPONSE: "1"
LOG_STREAM_STEPS: "0"
PARTITION_RESOURCES: 'AuditEvent'
COLLECTIONS_ACCESS_INDEX: "all"
USE_ACCESS_INDEX: 1
ACCESS_TAGS_INDEXED: "medstar,Thedacare,bwell"
ports:
- '3000:3000'
command: yarn start
healthcheck:
test: [ "CMD-SHELL", "wget --spider --quiet localhost:3000/health || exit 1" ]
mongo:
image: mongo:8.0.4
ports:
- '27017:27017'
environment:
- ALLOW_EMPTY_PASSWORD=yes
healthcheck:
test: echo 'db.runCommand("ping").ok' | mongosh mongo:27017/test --quiet
elasticsearch:
# image: bitnami/elasticsearch:7.9.3 # AWS ElasticSearch supports upto 7.9
# using OpenDistro for best compatibility with AWS Managed ElasticSearch:
# https://opendistro.github.io/for-elasticsearch/downloads.html
image: opensearchproject/opensearch:1.3.20
container_name: elasticsearch
environment:
- cluster.name=odfe-cluster
- node.name=elasticsearch
- discovery.type=single-node
# - cluster.initial_master_nodes=elasticsearch
- bootstrap.memory_lock=true # along with the memlock settings below, disables swapping
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM
- network.host=0.0.0.0 # required if not using the demo security configuration
# - opendistro_security.disabled=true
- cluster.routing.allocation.disk.threshold_enabled=false
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536 # maximum number of open files for the Elasticsearch user, set to at least 65536 on modern systems
hard: 65536
ports:
- '9200:9200'
- '9600:9600' # required for Performance Analyzer
healthcheck:
test: ["CMD-SHELL", "curl --silent --fail https://admin:admin@localhost:9200/_cluster/health --insecure || exit 1"]
keycloak:
# https://github.com/keycloak/keycloak/releases
image: quay.io/keycloak/keycloak:25.0.1
# container_name: keycloak
# build:
# dockerfile: keycloak.Dockerfile
# context: .
# depends_on:
# - postgres
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: password
# KC_DB: postgres
# KC_DB_URL: jdbc:postgresql://postgres/pdb
# KC_DB_USERNAME: admin
# KC_DB_PASSWORD: admin
# The below settings are for test data creation
# This is the user and password that will be created in the realm
MY_ADMIN_USER_NAME: admin
MY_ADMIN_USER_PASSWORD: password
MY_ADMIN_USER_SCOPE: user/*.* access/*.*
MY_ADMIN_USER_GROUPS: user/*.* access/*.*
MY_ADMIN_USER_TOKEN_USERNAME: admin
# This is the user and password that will be created in the realm
MY_USER_NAME: tester
MY_USER_PASSWORD: password
# These groups get specified as scopes in the token
MY_USER_GROUPS: user/*.*,access/*.* launch/patient,patient/*.read
MY_USER_SCOPE: user/*.* access/*.* launch/patient patient/*.read
MY_USER_TOKEN_USERNAME: tester
# This is the client setup
CLIENT_ID: bwell-client-id
CLIENT_SECRET: bwell-secret
# This is the service account that will be created in the realm
SERVICE_ACCOUNT_NAME: service-account
SERVICE_ACCOUNT_SCOPE: user/*.* access/*.*
SERVICE_ACCOUNT_GROUPS: user/*.* access/*.*
# These are the custom claims that will be added to any generated token
MY_USER_CLIENT_PERSON_ID: 0b2ad38a-20bc-5cf5-9739-13f242b05892
MY_USER_CLIENT_PATIENT_ID: 22aa18af-af51-5799-bc55-367c22c85407
MY_USER_BWELL_PERSON_ID: 0eb80391-0f61-5ce6-b221-a5428f2f38a7
MY_USER_BWELL_PATIENT_ID: patient2
ports:
- "8080:8080"
command: ["start-dev", "--import-realm", "--verbose"]
volumes:
- ./keycloak-config/realm-import.json:/opt/keycloak/data/import/realm-import.json