--- # yamllint disable rule:line-length # The following environment variables are part of the Infrahub configuration options. # For detailed information on these configuration options, please refer to the Infrahub documentation: # https://docs.infrahub.app/reference/configuration x-infrahub-config: &infrahub_config AWS_ACCESS_KEY_ID: AWS_DEFAULT_ACL: ${AWS_DEFAULT_ACL:-private} AWS_QUERYSTRING_AUTH: ${AWS_QUERYSTRING_AUTH:-false} AWS_S3_BUCKET_NAME: AWS_S3_CUSTOM_DOMAIN: AWS_S3_ENDPOINT_URL: AWS_S3_USE_SSL: ${AWS_S3_USE_SSL:-true} AWS_SECRET_ACCESS_KEY: DB_TYPE: ${DB_TYPE:-neo4j} INFRAHUB_ADDRESS: INFRAHUB_ALLOW_ANONYMOUS_ACCESS: ${INFRAHUB_ALLOW_ANONYMOUS_ACCESS:-true} INFRAHUB_ANALYTICS_ADDRESS: INFRAHUB_ANALYTICS_API_KEY: INFRAHUB_ANALYTICS_ENABLE: ${INFRAHUB_ANALYTICS_ENABLE:-true} INFRAHUB_ANONYMOUS_ACCESS_ROLE: ${INFRAHUB_ANONYMOUS_ACCESS_ROLE:-Anonymous User} INFRAHUB_API_CORS_ALLOW_CREDENTIALS: ${INFRAHUB_API_CORS_ALLOW_CREDENTIALS:-true} INFRAHUB_API_CORS_ALLOW_HEADERS: INFRAHUB_API_CORS_ALLOW_METHODS: INFRAHUB_API_CORS_ALLOW_ORIGINS: INFRAHUB_BROKER_ADDRESS: ${INFRAHUB_BROKER_ADDRESS:-localhost} INFRAHUB_BROKER_DRIVER: ${INFRAHUB_BROKER_DRIVER:-rabbitmq} INFRAHUB_BROKER_ENABLE: ${INFRAHUB_BROKER_ENABLE:-true} INFRAHUB_BROKER_MAXIMUM_CONCURRENT_MESSAGES: ${INFRAHUB_BROKER_MAXIMUM_CONCURRENT_MESSAGES:-2} INFRAHUB_BROKER_MAXIMUM_MESSAGE_RETRIES: ${INFRAHUB_BROKER_MAXIMUM_MESSAGE_RETRIES:-10} INFRAHUB_BROKER_NAMESPACE: ${INFRAHUB_BROKER_NAMESPACE:-infrahub} INFRAHUB_BROKER_PASSWORD: &broker_password ${INFRAHUB_BROKER_PASSWORD:-infrahub} INFRAHUB_BROKER_PORT: INFRAHUB_BROKER_RABBITMQ_HTTP_PORT: INFRAHUB_BROKER_TLS_CA_FILE: INFRAHUB_BROKER_TLS_ENABLED: ${INFRAHUB_BROKER_TLS_ENABLED:-false} INFRAHUB_BROKER_TLS_INSECURE: ${INFRAHUB_BROKER_TLS_INSECURE:-false} INFRAHUB_BROKER_USERNAME: &broker_username ${INFRAHUB_BROKER_USERNAME:-infrahub} INFRAHUB_BROKER_VIRTUALHOST: ${INFRAHUB_BROKER_VIRTUALHOST:-/} INFRAHUB_CACHE_ADDRESS: ${INFRAHUB_CACHE_ADDRESS:-localhost} INFRAHUB_CACHE_DATABASE: ${INFRAHUB_CACHE_DATABASE:-0} INFRAHUB_CACHE_DRIVER: ${INFRAHUB_CACHE_DRIVER:-redis} INFRAHUB_CACHE_ENABLE: ${INFRAHUB_CACHE_ENABLE:-true} INFRAHUB_CACHE_PASSWORD: &cache_password ${INFRAHUB_CACHE_PASSWORD:-} INFRAHUB_CACHE_PORT: INFRAHUB_CACHE_TLS_CA_FILE: INFRAHUB_CACHE_TLS_ENABLED: ${INFRAHUB_CACHE_TLS_ENABLED:-false} INFRAHUB_CACHE_TLS_INSECURE: ${INFRAHUB_CACHE_TLS_INSECURE:-false} INFRAHUB_CACHE_USERNAME: &cache_username ${INFRAHUB_CACHE_USERNAME:-} INFRAHUB_CONFIG: INFRAHUB_DB_ADDRESS: ${INFRAHUB_DB_ADDRESS:-localhost} INFRAHUB_DB_DATABASE: INFRAHUB_DB_MAX_DEPTH_SEARCH_HIERARCHY: ${INFRAHUB_DB_MAX_DEPTH_SEARCH_HIERARCHY:-5} INFRAHUB_DB_PASSWORD: ${INFRAHUB_DB_PASSWORD:-admin} INFRAHUB_DB_PORT: ${INFRAHUB_DB_PORT:-7687} INFRAHUB_DB_PROTOCOL: ${INFRAHUB_DB_PROTOCOL:-bolt} INFRAHUB_DB_QUERY_SIZE_LIMIT: ${INFRAHUB_DB_QUERY_SIZE_LIMIT:-5000} INFRAHUB_DB_RETRY_LIMIT: ${INFRAHUB_DB_RETRY_LIMIT:-3} INFRAHUB_DB_TLS_CA_FILE: INFRAHUB_DB_TLS_ENABLED: ${INFRAHUB_DB_TLS_ENABLED:-false} INFRAHUB_DB_TLS_INSECURE: ${INFRAHUB_DB_TLS_INSECURE:-false} INFRAHUB_DB_TYPE: ${INFRAHUB_DB_TYPE:-neo4j} INFRAHUB_DB_USERNAME: ${INFRAHUB_DB_USERNAME:-neo4j} INFRAHUB_DOCS_INDEX_PATH: ${INFRAHUB_DOCS_INDEX_PATH:-/opt/infrahub/docs/build/search-index.json} INFRAHUB_EXPERIMENTAL_GRAPHQL_ENUMS: ${INFRAHUB_EXPERIMENTAL_GRAPHQL_ENUMS:-false} INFRAHUB_GIT_APPEND_GIT_SUFFIX: INFRAHUB_GIT_REPOSITORIES_DIRECTORY: ${INFRAHUB_GIT_REPOSITORIES_DIRECTORY:-repositories} INFRAHUB_GIT_SYNC_INTERVAL: ${INFRAHUB_GIT_SYNC_INTERVAL:-10} INFRAHUB_HTTP_TIMEOUT: ${INFRAHUB_HTTP_TIMEOUT:-10} INFRAHUB_HTTP_TLS_CA_BUNDLE: INFRAHUB_HTTP_TLS_INSECURE: ${INFRAHUB_HTTP_TLS_INSECURE:-false} INFRAHUB_INITIAL_ADMIN_PASSWORD: ${INFRAHUB_INITIAL_ADMIN_PASSWORD:-infrahub} INFRAHUB_INITIAL_ADMIN_TOKEN: INFRAHUB_INITIAL_AGENT_PASSWORD: INFRAHUB_INITIAL_AGENT_TOKEN: INFRAHUB_INITIAL_DEFAULT_BRANCH: ${INFRAHUB_INITIAL_DEFAULT_BRANCH:-main} INFRAHUB_INTERNAL_ADDRESS: INFRAHUB_LOGGING_REMOTE_API_SERVER_DSN: INFRAHUB_LOGGING_REMOTE_ENABLE: ${INFRAHUB_LOGGING_REMOTE_ENABLE:-false} INFRAHUB_LOGGING_REMOTE_FRONTEND_DSN: INFRAHUB_LOGGING_REMOTE_GIT_AGENT_DSN: INFRAHUB_LOG_LEVEL: INFRAHUB_MISC_MAXIMUM_VALIDATOR_EXECUTION_TIME: ${INFRAHUB_MISC_MAXIMUM_VALIDATOR_EXECUTION_TIME:-1800} INFRAHUB_MISC_PRINT_QUERY_DETAILS: ${INFRAHUB_MISC_PRINT_QUERY_DETAILS:-false} INFRAHUB_MISC_RESPONSE_DELAY: ${INFRAHUB_MISC_RESPONSE_DELAY:-0} INFRAHUB_MISC_START_BACKGROUND_RUNNER: ${INFRAHUB_MISC_START_BACKGROUND_RUNNER:-true} INFRAHUB_PERMISSION_BACKENDS: ${INFRAHUB_PERMISSION_BACKENDS:-["infrahub.permissions.LocalPermissionBackend"]} INFRAHUB_PRODUCTION: INFRAHUB_PUBLIC_URL: INFRAHUB_SECURITY_ACCESS_TOKEN_LIFETIME: ${INFRAHUB_SECURITY_ACCESS_TOKEN_LIFETIME:-3600} INFRAHUB_SECURITY_OAUTH2_PROVIDERS: INFRAHUB_SECURITY_OAUTH2_PROVIDER_SETTINGS: INFRAHUB_SECURITY_OIDC_PROVIDERS: INFRAHUB_SECURITY_OIDC_PROVIDER_SETTINGS: INFRAHUB_SECURITY_REFRESH_TOKEN_LIFETIME: ${INFRAHUB_SECURITY_REFRESH_TOKEN_LIFETIME:-2592000} INFRAHUB_SECURITY_SECRET_KEY: INFRAHUB_SECURITY_SSO_USER_DEFAULT_GROUP: INFRAHUB_STORAGE_BUCKET_NAME: INFRAHUB_STORAGE_CUSTOM_DOMAIN: INFRAHUB_STORAGE_DEFAULT_ACL: ${INFRAHUB_STORAGE_DEFAULT_ACL:-private} INFRAHUB_STORAGE_DRIVER: ${INFRAHUB_STORAGE_DRIVER:-local} INFRAHUB_STORAGE_ENDPOINT_URL: INFRAHUB_STORAGE_LOCAL_PATH: ${INFRAHUB_STORAGE_LOCAL_PATH:-/opt/infrahub/storage} INFRAHUB_STORAGE_QUERYSTRING_AUTH: ${INFRAHUB_STORAGE_QUERYSTRING_AUTH:-false} INFRAHUB_STORAGE_USE_SSL: ${INFRAHUB_STORAGE_USE_SSL:-true} INFRAHUB_TELEMETRY_ENDPOINT: ${INFRAHUB_TELEMETRY_ENDPOINT:-https://telemetry.opsmill.cloud/infrahub} INFRAHUB_TELEMETRY_INTERVAL: INFRAHUB_TELEMETRY_OPTOUT: ${INFRAHUB_TELEMETRY_OPTOUT:-false} INFRAHUB_TIMEOUT: INFRAHUB_TRACE_ENABLE: ${INFRAHUB_TRACE_ENABLE:-false} INFRAHUB_TRACE_EXPORTER_ENDPOINT: INFRAHUB_TRACE_EXPORTER_PROTOCOL: ${INFRAHUB_TRACE_EXPORTER_PROTOCOL:-grpc} INFRAHUB_TRACE_EXPORTER_TYPE: ${INFRAHUB_TRACE_EXPORTER_TYPE:-console} INFRAHUB_TRACE_INSECURE: ${INFRAHUB_TRACE_INSECURE:-true} INFRAHUB_WORKFLOW_ADDRESS: ${INFRAHUB_WORKFLOW_ADDRESS:-localhost} INFRAHUB_WORKFLOW_DEFAULT_WORKER_TYPE: ${INFRAHUB_WORKFLOW_DEFAULT_WORKER_TYPE:-infrahubasync} INFRAHUB_WORKFLOW_DRIVER: ${INFRAHUB_WORKFLOW_DRIVER:-worker} INFRAHUB_WORKFLOW_ENABLE: ${INFRAHUB_WORKFLOW_ENABLE:-true} INFRAHUB_WORKFLOW_EXTRA_LOGGERS: INFRAHUB_WORKFLOW_EXTRA_LOG_LEVEL: ${INFRAHUB_WORKFLOW_EXTRA_LOG_LEVEL:-INFO} INFRAHUB_WORKFLOW_PORT: INFRAHUB_WORKFLOW_TLS_ENABLED: ${INFRAHUB_WORKFLOW_TLS_ENABLED:-false} INFRAHUB_WORKFLOW_WORKER_POLLING_INTERVAL: ${INFRAHUB_WORKFLOW_WORKER_POLLING_INTERVAL:-2} OTEL_RESOURCE_ATTRIBUTES: x-task-manager-config: INFRAHUB_TASKMANAGER_DB_USER: ${INFRAHUB_TASKMANAGER_DB_USER:-postgres} INFRAHUB_TASKMANAGER_DB_PASSWORD: ${INFRAHUB_TASKMANAGER_DB_PASSWORD:-postgres} INFRAHUB_TASKMANAGER_DB_DATABASE: ${INFRAHUB_TASKMANAGER_DB_DATABASE:-prefect} services: message-queue: image: ${MESSAGE_QUEUE_DOCKER_IMAGE:-rabbitmq:3.13.7-management} restart: unless-stopped environment: RABBITMQ_DEFAULT_USER: *broker_username RABBITMQ_DEFAULT_PASS: *broker_password healthcheck: test: rabbitmq-diagnostics -q check_port_connectivity interval: 5s timeout: 30s retries: 10 start_period: 3s ports: - 15692:15692 cache: image: ${CACHE_DOCKER_IMAGE:-redis:7.2.4} restart: unless-stopped healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] interval: 5s timeout: 5s retries: 3 database: image: ${NEO4J_DOCKER_IMAGE:-neo4j:5.20.0-community} restart: unless-stopped environment: NEO4J_AUTH: ${INFRAHUB_DB_USERNAME:-neo4j}/${INFRAHUB_DB_PASSWORD:-admin} NEO4J_dbms_security_procedures_unrestricted: "apoc.*" NEO4J_dbms_security_auth__minimum__password__length: 4 volumes: - "database_data:/data" - "database_logs:/logs" healthcheck: test: wget http://localhost:7474 || exit 1 interval: 2s timeout: 10s retries: 20 start_period: 3s ports: - 2004:2004 - 6362:6362 task-manager: image: "${TASK_MANAGER_DOCKER_IMAGE:-prefecthq/prefect:3.0.11-python3.12}" command: prefect server start --host 0.0.0.0 --ui restart: unless-stopped depends_on: task-manager-db: condition: service_healthy environment: PREFECT_API_DATABASE_CONNECTION_URL: postgresql+asyncpg://${INFRAHUB_TASKMANAGER_DB_USER:-postgres}:${INFRAHUB_TASKMANAGER_DB_PASSWORD:-postgres}@task-manager-db:5432/${INFRAHUB_TASKMANAGER_DB_DATABASE:-prefect} healthcheck: test: /usr/local/bin/httpx http://localhost:4200/api/health || exit 1 interval: 5s timeout: 5s retries: 20 start_period: 10s task-manager-db: image: "${POSTGRES_DOCKER_IMAGE:-postgres:16-alpine}" restart: unless-stopped environment: - POSTGRES_USER=${INFRAHUB_TASKMANAGER_DB_USER:-postgres} - POSTGRES_PASSWORD=${INFRAHUB_TASKMANAGER_DB_PASSWORD:-postgres} - POSTGRES_DB=${INFRAHUB_TASKMANAGER_DB_DATABASE:-prefect} volumes: - workflow_db:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready"] interval: 10s timeout: 5s retries: 5 infrahub-server: image: "${INFRAHUB_DOCKER_IMAGE:-registry.opsmill.io/opsmill/infrahub}:${VERSION:-1.1.4}" restart: unless-stopped command: > gunicorn --config backend/infrahub/serve/gunicorn_config.py -w ${WEB_CONCURRENCY:-4} --logger-class infrahub.serve.log.GunicornLogger infrahub.server:app depends_on: database: condition: service_healthy message-queue: condition: service_healthy cache: condition: service_healthy task-manager: condition: service_healthy environment: <<: *infrahub_config INFRAHUB_PRODUCTION: ${INFRAHUB_PRODUCTION:-false} INFRAHUB_LOG_LEVEL: ${INFRAHUB_LOG_LEVEL:-INFO} INFRAHUB_BROKER_ADDRESS: ${INFRAHUB_BROKER_ADDRESS:-message-queue} INFRAHUB_CACHE_ADDRESS: ${INFRAHUB_CACHE_ADDRESS:-cache} INFRAHUB_DB_ADDRESS: ${INFRAHUB_DB_ADDRESS:-database} INFRAHUB_WORKFLOW_ADDRESS: ${INFRAHUB_WORKFLOW_ADDRESS:-task-manager} INFRAHUB_INITIAL_ADMIN_TOKEN: ${INFRAHUB_INITIAL_ADMIN_TOKEN:-06438eb2-8019-4776-878c-0941b1f1d1ec} INFRAHUB_INITIAL_AGENT_TOKEN: ${INFRAHUB_INITIAL_AGENT_TOKEN:-44af444d-3b26-410d-9546-b758657e026c} INFRAHUB_SECURITY_SECRET_KEY: ${INFRAHUB_SECURITY_SECRET_KEY:-327f747f-efac-42be-9e73-999f08f86b92"} INFRAHUB_WORKFLOW_PORT: ${INFRAHUB_WORKFLOW_PORT:-4200} PREFECT_API_URL: http://${INFRAHUB_WORKFLOW_ADDRESS:-task-manager}:${INFRAHUB_WORKFLOW_PORT:-4200}/api ports: - 8000:8000 volumes: - "storage_data:${INFRAHUB_STORAGE_LOCAL_PATH:-/opt/infrahub/storage}" - "workflow_data:/opt/infrahub/workflow" tty: true healthcheck: test: curl -s -f -o /dev/null http://localhost:8000/api/schema/summary || exit 1 interval: 5s timeout: 5s retries: 20 start_period: 10s task-worker: deploy: mode: replicated replicas: 2 image: "${INFRAHUB_DOCKER_IMAGE:-registry.opsmill.io/opsmill/infrahub}:${VERSION:-1.1.4}" command: prefect worker start --type infrahubasync --pool infrahub-worker --with-healthcheck restart: unless-stopped depends_on: - infrahub-server environment: <<: *infrahub_config INFRAHUB_PRODUCTION: ${INFRAHUB_PRODUCTION:-false} INFRAHUB_LOG_LEVEL: ${INFRAHUB_LOG_LEVEL:-DEBUG} INFRAHUB_GIT_REPOSITORIES_DIRECTORY: ${INFRAHUB_GIT_REPOSITORIES_DIRECTORY:-/opt/infrahub/git} INFRAHUB_API_TOKEN: ${INFRAHUB_INITIAL_AGENT_TOKEN:-44af444d-3b26-410d-9546-b758657e026c} INFRAHUB_SECURITY_SECRET_KEY: ${INFRAHUB_SECURITY_SECRET_KEY:-327f747f-efac-42be-9e73-999f08f86b92"} INFRAHUB_ADDRESS: ${INFRAHUB_ADDRESS:-http://infrahub-server:8000} INFRAHUB_INTERNAL_ADDRESS: ${INFRAHUB_INTERNAL_ADDRESS:-http://infrahub-server:8000} INFRAHUB_BROKER_ADDRESS: ${INFRAHUB_BROKER_ADDRESS:-message-queue} INFRAHUB_CACHE_ADDRESS: ${INFRAHUB_CACHE_ADDRESS:-cache} INFRAHUB_DB_ADDRESS: ${INFRAHUB_DB_ADDRESS:-database} INFRAHUB_WORKFLOW_ADDRESS: ${INFRAHUB_WORKFLOW_ADDRESS:-task-manager} INFRAHUB_TIMEOUT: ${INFRAHUB_TIMEOUT:-60} INFRAHUB_WORKFLOW_PORT: ${INFRAHUB_WORKFLOW_PORT:-4200} PREFECT_API_URL: http://${INFRAHUB_WORKFLOW_ADDRESS:-task-manager}:${INFRAHUB_WORKFLOW_PORT:-4200}/api tty: true volumes: database_data: database_logs: storage_data: workflow_db: workflow_data: