ogomaemmanuel · January 2, 2025 13:16
diff --git a/compose-file b/compose-file
 # version: "3.5"
 services:
  opensearch:
    container_name: temporal-opensearch
    restart: always
    environment:
      - discovery.type=single-node
      - OPENSEARCH_JAVA_OPTS=-Xms256m -Xmx256m
      - cluster.routing.allocation.disk.threshold_enabled=true
      - cluster.routing.allocation.disk.watermark.low=512mb
      - cluster.routing.allocation.disk.watermark.high=256mb
      - cluster.routing.allocation.disk.watermark.flood_stage=128mb
      - plugins.security.disabled=true
    image: opensearchproject/opensearch:${OPENSEARCH_VERSION}
    ulimits:
 #      memlock:
 #        soft: -1 # Set memlock to unlimited (no soft or hard limit)
 #        hard: -1
      nofile:
        soft: 65536 # Maximum number of open files for the opensearch user - set to at least 65536
        hard: 65536
    networks:
      - temporal-network
    expose:
      - 9200
    volumes:
      - /usr/share/opensearch/data
  postgresql:
    container_name: temporal-postgresql
    restart: always
    environment:
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_USER: ${POSTGRES_USER}
    image: postgres:${POSTGRESQL_VERSION}
    networks:
      - temporal-network
    ports:
    - 54320:5432
    expose:
      - 5432
    volumes:
    - ./init-database.sh:/docker-entrypoint-initdb.d/init-database.sh
    - pgdata:/var/lib/postgresql/data
  
  temporal:
    container_name: temporal
    restart: always
    depends_on:
      - postgresql
      - opensearch
    environment:
      - DB=postgres12
      - DB_PORT=5432
      - POSTGRES_USER=temporal
      - POSTGRES_PWD=temporal
      - POSTGRES_SEEDS=postgresql
      - DYNAMIC_CONFIG_FILE_PATH=config/dynamicconfig/development-sql.yaml
      - ENABLE_ES=true
      - ES_SEEDS=opensearch
      - ES_VERSION=v7
    image: temporalio/auto-setup:${TEMPORAL_VERSION}
    networks:
      - temporal-network
    ports:
      - 7233:7233
    volumes:
      - ./dynamicconfig:/etc/temporal/config/dynamicconfig
  temporal-admin-tools:
    restart: always
    container_name: temporal-admin-tools
    depends_on:
      - temporal
    environment:
      - TEMPORAL_ADDRESS=temporal:7233
      - TEMPORAL_CLI_ADDRESS=temporal:7233
    image: temporalio/admin-tools:${TEMPORAL_ADMINTOOLS_VERSION}
    networks:
      - temporal-network
    stdin_open: true
    tty: true
  temporal-ui:
    container_name: temporal-ui
    restart: always
    depends_on:
      - temporal
    environment:
      - TEMPORAL_CSRF_COOKIE_INSECURE=true
      - TEMPORAL_AUTH_ENABLED=true
      - TEMPORAL_AUTH_PROVIDER_URL=http://${KEYCLOAK_HOSTNAME}:${KEYCLOAK_HOSTNAME_PORT}/realms/keycloak
      - TEMPORAL_AUTH_ISSUER_URL=http://${KEYCLOAK_HOSTNAME}:${KEYCLOAK_HOSTNAME_PORT}/realms/keycloak
      - TEMPORAL_AUTH_CLIENT_ID=temporal
      - TEMPORAL_AUTH_CLIENT_SECRET=wAb0RGjLeqZk8XcqDNnGhiHiRVX6SViB
      - TEMPORAL_AUTH_CALLBACK_URL=${TEMPORAL_CALLBACK_URL}/auth/sso/callback
      - TEMPORAL_AUTH_SCOPES=openid,profile,email
      - TEMPORAL_ADDRESS=temporal:7233
      - TEMPORAL_CORS_ORIGINS=http://localhost:3000
    image: temporalio/ui:${TEMPORAL_UI_VERSION}
    networks:
      - temporal-network
    ports:
      - 55001:8080
  keycloak: 
    command: start
    container_name: keycloak-sso
    ports:
    - "55002:8080"
    restart: always
    depends_on: 
    - postgresql
    image: keycloak/keycloak:${KEYCLOAK_VERSION}
    networks:
     - temporal-network
    environment:
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://postgresql:5432/keycloak
      KC_DB_USERNAME: ${POSTGRES_USER}
      KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
      KC_HOSTNAME_STRICT_BACKCHANNEL: false
      KC_HOSTNAME_STRICT_HTTPS: false
      KC_HOSTNAME: ${KEYCLOAK_HOSTNAME}
      KC_HOSTNAME_PORT: ${KEYCLOAK_HOSTNAME_PORT}
      KC_HTTP_ENABLED: true
      KC_HOSTNAME_STRICT: false
      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
      KC_LOG_LEVEL: info
      KC_METRICS_ENABLED: 'true'
      KC_HEALTH_ENABLED: 'true'
 volumes:
  pgdata:
    driver: local
 networks:
  temporal-network:
    driver: bridge
    name: temporal-network
diff --git a/env file b/env file
 COMPOSE_PROJECT_NAME=temporal
 ELASTICSEARCH_VERSION=7.16.2
 TEMPORAL_VERSION=1.25.2
 TEMPORAL_ADMINTOOLS_VERSION=1.25.2-tctl-1.18.1-cli-1.1.1
 TEMPORAL_UI_VERSION=2.31.2
 POSTGRESQL_VERSION=13
 POSTGRES_PASSWORD=temporal
 POSTGRES_USER=temporal
 POSTGRES_DEFAULT_PORT=5432
 OPENSEARCH_VERSION=2.5.0
 KEYCLOAK_VERSION=23.0.0
 POSTGRES_PASSWORD=temporal
 POSTGRES_USER=temporal
 KEYCLOAK_ADMIN=admin
 KEYCLOAK_ADMIN_PASSWORD=keycloakadminpass
 KEYCLOAK_HOSTNAME=192.168.1.14
 KEYCLOAK_HOSTNAME_PORT=55002
 TEMPORAL_CALLBACK_URL=http://192.168.1.14:55001
diff --git a/gistfile1.txt b/gistfile1.txt
   docker-compose  -f docker-compose-postgres-opensearch.yml up -d
	# version: "3.5"
	services:
	opensearch:
	container_name: temporal-opensearch
	restart: always
	environment:
	- discovery.type=single-node
	- OPENSEARCH_JAVA_OPTS=-Xms256m -Xmx256m
	- cluster.routing.allocation.disk.threshold_enabled=true
	- cluster.routing.allocation.disk.watermark.low=512mb
	- cluster.routing.allocation.disk.watermark.high=256mb
	- cluster.routing.allocation.disk.watermark.flood_stage=128mb
	- plugins.security.disabled=true
	image: opensearchproject/opensearch:${OPENSEARCH_VERSION}
	ulimits:
	# memlock:
	# soft: -1 # Set memlock to unlimited (no soft or hard limit)
	# hard: -1
	nofile:
	soft: 65536 # Maximum number of open files for the opensearch user - set to at least 65536
	hard: 65536
	networks:
	- temporal-network
	expose:
	- 9200
	volumes:
	- /usr/share/opensearch/data
	postgresql:
	container_name: temporal-postgresql
	restart: always
	environment:
	POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
	POSTGRES_USER: ${POSTGRES_USER}
	image: postgres:${POSTGRESQL_VERSION}
	networks:
	- temporal-network
	ports:
	- 54320:5432
	expose:
	- 5432
	volumes:
	- ./init-database.sh:/docker-entrypoint-initdb.d/init-database.sh
	- pgdata:/var/lib/postgresql/data

	temporal:
	container_name: temporal
	restart: always
	depends_on:
	- postgresql
	- opensearch
	environment:
	- DB=postgres12
	- DB_PORT=5432
	- POSTGRES_USER=temporal
	- POSTGRES_PWD=temporal
	- POSTGRES_SEEDS=postgresql
	- DYNAMIC_CONFIG_FILE_PATH=config/dynamicconfig/development-sql.yaml
	- ENABLE_ES=true
	- ES_SEEDS=opensearch
	- ES_VERSION=v7
	image: temporalio/auto-setup:${TEMPORAL_VERSION}
	networks:
	- temporal-network
	ports:
	- 7233:7233
	volumes:
	- ./dynamicconfig:/etc/temporal/config/dynamicconfig
	temporal-admin-tools:
	restart: always
	container_name: temporal-admin-tools
	depends_on:
	- temporal
	environment:
	- TEMPORAL_ADDRESS=temporal:7233
	- TEMPORAL_CLI_ADDRESS=temporal:7233
	image: temporalio/admin-tools:${TEMPORAL_ADMINTOOLS_VERSION}
	networks:
	- temporal-network
	stdin_open: true
	tty: true
	temporal-ui:
	container_name: temporal-ui
	restart: always
	depends_on:
	- temporal
	environment:
	- TEMPORAL_CSRF_COOKIE_INSECURE=true
	- TEMPORAL_AUTH_ENABLED=true
	- TEMPORAL_AUTH_PROVIDER_URL=http://${KEYCLOAK_HOSTNAME}:${KEYCLOAK_HOSTNAME_PORT}/realms/keycloak
	- TEMPORAL_AUTH_ISSUER_URL=http://${KEYCLOAK_HOSTNAME}:${KEYCLOAK_HOSTNAME_PORT}/realms/keycloak
	- TEMPORAL_AUTH_CLIENT_ID=temporal
	- TEMPORAL_AUTH_CLIENT_SECRET=wAb0RGjLeqZk8XcqDNnGhiHiRVX6SViB
	- TEMPORAL_AUTH_CALLBACK_URL=${TEMPORAL_CALLBACK_URL}/auth/sso/callback
	- TEMPORAL_AUTH_SCOPES=openid,profile,email
	- TEMPORAL_ADDRESS=temporal:7233
	- TEMPORAL_CORS_ORIGINS=http://localhost:3000
	image: temporalio/ui:${TEMPORAL_UI_VERSION}
	networks:
	- temporal-network
	ports:
	- 55001:8080
	keycloak:
	command: start
	container_name: keycloak-sso
	ports:
	- "55002:8080"
	restart: always
	depends_on:
	- postgresql
	image: keycloak/keycloak:${KEYCLOAK_VERSION}
	networks:
	- temporal-network
	environment:
	KC_DB: postgres
	KC_DB_URL: jdbc:postgresql://postgresql:5432/keycloak
	KC_DB_USERNAME: ${POSTGRES_USER}
	KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
	KC_HOSTNAME_STRICT_BACKCHANNEL: false
	KC_HOSTNAME_STRICT_HTTPS: false
	KC_HOSTNAME: ${KEYCLOAK_HOSTNAME}
	KC_HOSTNAME_PORT: ${KEYCLOAK_HOSTNAME_PORT}
	KC_HTTP_ENABLED: true
	KC_HOSTNAME_STRICT: false
	KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
	KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
	KC_LOG_LEVEL: info
	KC_METRICS_ENABLED: 'true'
	KC_HEALTH_ENABLED: 'true'
	volumes:
	pgdata:
	driver: local
	networks:
	temporal-network:
	driver: bridge
	name: temporal-network
	COMPOSE_PROJECT_NAME=temporal
	ELASTICSEARCH_VERSION=7.16.2
	TEMPORAL_VERSION=1.25.2
	TEMPORAL_ADMINTOOLS_VERSION=1.25.2-tctl-1.18.1-cli-1.1.1
	TEMPORAL_UI_VERSION=2.31.2
	POSTGRESQL_VERSION=13
	POSTGRES_PASSWORD=temporal
	POSTGRES_USER=temporal
	POSTGRES_DEFAULT_PORT=5432
	OPENSEARCH_VERSION=2.5.0
	KEYCLOAK_VERSION=23.0.0
	POSTGRES_PASSWORD=temporal
	POSTGRES_USER=temporal
	KEYCLOAK_ADMIN=admin
	KEYCLOAK_ADMIN_PASSWORD=keycloakadminpass
	KEYCLOAK_HOSTNAME=192.168.1.14
	KEYCLOAK_HOSTNAME_PORT=55002
	TEMPORAL_CALLBACK_URL=http://192.168.1.14:55001