diff --git a/INSTALL b/INSTALL
index 40ed287e87..a2a2168555 100644
--- a/INSTALL
+++ b/INSTALL
@@ -1,13 +1,15 @@
For detailed installation and further instructions please refer http://airavata.apache.org/:
Documentation section in left hand panel. The website lists step by step instructions
-Installing Apache Airavata 0.17
+Installing Apache Airavata 0.21-SNAPSHOT
------------------------------------------------
Prerequisites
-------------
-Java 1.8 or later
-Maven 3 or later
+Java 17 or later (Java 21 recommended)
+Maven 3.8 or later
+Docker 20.10+ (optional, for containerized deployment)
+Docker Compose 2.0+ (optional, for containerized deployment)
Build Apache Airavata from Source
---------------------------------
@@ -27,6 +29,31 @@ Running Tests
- Extract the binary distributions and once the binary is unzipped, instructions to run the tests should be followed
from README files found within.
+Docker Deployment (Recommended)
+--------------------------------
+* Build the project first:
+ $ mvn clean install -DskipTests
+* Start all services with Docker Compose:
+ $ docker-compose up -d
+* View logs:
+ $ docker-compose logs -f
+* Stop all services:
+ $ docker-compose down
+
+Service Endpoints (Docker):
+- API Server: localhost:8930
+- RabbitMQ Management: localhost:15672
+- MySQL: localhost:3306
+
+Security Note
+-------------
+The default Docker configuration uses default passwords for development.
+For production deployments, ALWAYS:
+1. Change all default passwords
+2. Use environment variables for credentials
+3. Implement proper secrets management
+4. See docker-compose.yml for configuration options
+
Tutorials
----------
The airavata documentation has instructions for basic tutorials at https://airavata.readthedocs.io/en/latest/
\ No newline at end of file
diff --git a/README.md b/README.md
index 1535840944..ad98257e3b 100644
--- a/README.md
+++ b/README.md
@@ -237,9 +237,16 @@ multitail apache-airavata-*/logs/*.log
```
-### 🐳 Option 2 - Run with Docker (Experimental)
-
-> ⚠️ **Note:** Docker deployment is experimental and not recommended for production use.
+### 🐳 Option 2 - Run with Docker
+
+> ⚠️ **SECURITY WARNING:** The default Docker configuration uses hardcoded passwords for development only.
+> **For production deployments:**
+> 1. Copy `env.example` to `.env` and update all passwords
+> 2. Use environment variables for all sensitive credentials
+> 3. Implement proper secrets management (HashiCorp Vault, AWS Secrets Manager, etc.)
+> 4. Never commit `.env` file to version control
+>
+> See `env.example` for configuration template.
Before setting up Apache Airavata, ensure that you have:
diff --git a/docker-compose.yml b/docker-compose.yml
index 2403ca741d..b9da36e25a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,10 +3,10 @@ services:
image: mariadb:10.11
container_name: mariadb
environment:
- MYSQL_ROOT_PASSWORD: rootpass
+ MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD:-rootpass}
MYSQL_DATABASE: experiment_catalog
MYSQL_USER: airavata
- MYSQL_PASSWORD: 123456
+ MYSQL_PASSWORD: ${MYSQL_PASSWORD:-123456}
ports:
- "3306:3306"
volumes:
@@ -14,13 +14,21 @@ services:
- ./.devcontainer/database_scripts/init:/docker-entrypoint-initdb.d:ro
networks:
- airavata-network
+ deploy:
+ resources:
+ limits:
+ cpus: '2'
+ memory: 2G
+ reservations:
+ cpus: '0.5'
+ memory: 512M
rabbitmq:
image: rabbitmq:3-management
container_name: airavata-rabbitmq
environment:
- RABBITMQ_DEFAULT_USER: airavata
- RABBITMQ_DEFAULT_PASS: airavata
+ RABBITMQ_DEFAULT_USER: ${RABBITMQ_USER:-airavata}
+ RABBITMQ_DEFAULT_PASS: ${RABBITMQ_PASSWORD:-airavata}
ports:
- "5672:5672"
- "15672:15672"
@@ -28,6 +36,14 @@ services:
- rabbitmq-data:/var/lib/rabbitmq
networks:
- airavata-network
+ deploy:
+ resources:
+ limits:
+ cpus: '1'
+ memory: 1G
+ reservations:
+ cpus: '0.25'
+ memory: 256M
zookeeper:
image: confluentinc/cp-zookeeper:7.4.0
@@ -40,6 +56,14 @@ services:
- zookeeper-logs:/var/lib/zookeeper/log
networks:
- airavata-network
+ deploy:
+ resources:
+ limits:
+ cpus: '1'
+ memory: 1G
+ reservations:
+ cpus: '0.25'
+ memory: 256M
kafka:
image: confluentinc/cp-kafka:7.4.0
@@ -62,6 +86,14 @@ services:
airavata-network:
aliases:
- airavata.host
+ deploy:
+ resources:
+ limits:
+ cpus: '2'
+ memory: 2G
+ reservations:
+ cpus: '0.5'
+ memory: 512M
airavata-monolithic:
build:
@@ -87,6 +119,10 @@ services:
- airavata-logs:/opt/airavata/logs
environment:
- JAVA_OPTS=-Xmx2g -Xms1g -Dthrift.server.max.message.size=1048576000 -Dthrift.server.max.frame.size=1048576000 -Dthrift.server.transport.max.message.size=1048576000 -Dthrift.maxMessageSize=1048576000 -Dthrift.maxFrameSize=1048576000
+ - DB_HOST=${DB_HOST:-mysql}
+ - DB_PORT=${DB_PORT:-3306}
+ - RABBITMQ_HOST=${RABBITMQ_HOST:-rabbitmq}
+ - RABBITMQ_PORT=${RABBITMQ_PORT:-5672}
logging:
driver: "json-file"
options:
@@ -99,6 +135,14 @@ services:
- kafka
networks:
- airavata-network
+ deploy:
+ resources:
+ limits:
+ cpus: '4'
+ memory: 4G
+ reservations:
+ cpus: '1'
+ memory: 2G
volumes:
mysql-data:
diff --git a/env.example b/env.example
new file mode 100644
index 0000000000..a4608dd4d0
--- /dev/null
+++ b/env.example
@@ -0,0 +1,58 @@
+# Apache Airavata Environment Configuration
+# Copy this file to .env and update with your values
+# NEVER commit .env file to version control
+
+# ==============================================================================
+# DATABASE CONFIGURATION
+# ==============================================================================
+MYSQL_ROOT_PASSWORD=CHANGE_ME_ROOT_PASSWORD
+MYSQL_PASSWORD=CHANGE_ME_USER_PASSWORD
+DB_HOST=mysql
+DB_PORT=3306
+
+# ==============================================================================
+# RABBITMQ CONFIGURATION
+# ==============================================================================
+RABBITMQ_USER=airavata
+RABBITMQ_PASSWORD=CHANGE_ME_RABBITMQ_PASSWORD
+RABBITMQ_HOST=rabbitmq
+RABBITMQ_PORT=5672
+
+# ==============================================================================
+# KEYCLOAK CONFIGURATION (for .devcontainer)
+# ==============================================================================
+KEYCLOAK_ADMIN_PASSWORD=CHANGE_ME_KEYCLOAK_ADMIN_PASSWORD
+OAUTH_CLIENT_SECRET=CHANGE_ME_OAUTH_SECRET
+
+# ==============================================================================
+# RESOURCE LIMITS (optional overrides)
+# ==============================================================================
+# MySQL
+MYSQL_CPU_LIMIT=2
+MYSQL_MEMORY_LIMIT=2G
+
+# RabbitMQ
+RABBITMQ_CPU_LIMIT=1
+RABBITMQ_MEMORY_LIMIT=1G
+
+# Kafka
+KAFKA_CPU_LIMIT=2
+KAFKA_MEMORY_LIMIT=2G
+
+# Airavata Monolithic
+AIRAVATA_CPU_LIMIT=4
+AIRAVATA_MEMORY_LIMIT=4G
+
+# ==============================================================================
+# PRODUCTION SECURITY CHECKLIST
+# ==============================================================================
+# Before deploying to production:
+# 1. Generate strong, unique passwords for all services
+# 2. Use a secrets management system (HashiCorp Vault, AWS Secrets Manager, etc.)
+# 3. Enable SSL/TLS for all connections
+# 4. Configure firewall rules
+# 5. Enable authentication and authorization
+# 6. Regular security audits
+# 7. Keep all services updated
+# ==============================================================================
+
diff --git a/pom.xml b/pom.xml
index 2d860dc471..452f5d74df 100644
--- a/pom.xml
+++ b/pom.xml
@@ -612,7 +612,15 @@ under the License.
${skipTests}
${project.build.testOutputDirectory}
false
- -Xmx1024m -XX:MaxPermSize=256m --add-opens java.base/java.lang=ALL-UNNAMED
+ -Xmx1024m
+ --add-opens java.base/java.lang=ALL-UNNAMED
+ --add-opens java.base/java.util=ALL-UNNAMED
+ --add-opens java.base/java.lang.reflect=ALL-UNNAMED
+ --add-opens java.base/java.text=ALL-UNNAMED
+ --add-opens java.desktop/java.awt.font=ALL-UNNAMED
+ --add-opens java.base/sun.nio.ch=ALL-UNNAMED
+ --add-opens java.base/java.io=ALL-UNNAMED
+ --add-opens java.base/java.nio=ALL-UNNAMED
-javaagent:${settings.localRepository}/org/jmockit/jmockit/1.50/jmockit-1.50.jar
false