# ############################################
#
# Global parameters
#
# ############################################

# Public domain of the deployment
PUBLIC_DOMAIN=platform.rapidminer.com
PUBLIC_PROTOCOL=http
PUBLIC_PORT=80

# Public URL of the deployment that will be used for external access (Public domain + protocol + port)
PUBLIC_URL=http://platform.rapidminer.com

# Public domain of the SSO endpoint that will be used for external access. In most cases it should be the same as the PUBLIC_DOMAIN
SSO_PUBLIC_DOMAIN=platform.rapidminer.com

# Public URL of the SSO endpoint that will be used for external access. In most cases it should be the same as the PUBLIC_URL
SSO_PUBLIC_URL=http://platform.rapidminer.com

# SSO default parameters
SSO_IDP_REALM=master
# Valid values are 'all', 'external' and 'none'.
SSO_SSL_REQUIRED=none

WEBMASTER_MAIL=operations@sampleorg.com

# Enable/disable the service build into the RapidMiner cloud images, that updates the PUBLIC_URL and SSO_PUBLIC_URL variables to the new dynamic cloud hostname/IP address
AUTOMATIC_PUBLIC_URL_UPDATE_FOR_CLOUD_IMAGES=false

# Enable/disable the Legacy BASIC authentication support for REST endpoints, like webservices. (lowercase true/false)
LEGACY_REST_BASIC_AUTH_ENABLED=false

# Timezone setting
TZ=UTC

# License mode for the platform
# Supported modes are 'ALTAIR_UNIT' and 'RAPIDMINER'
LICENSE_MODE=ALTAIR_UNIT

# Legacy RapidMiner License
# Please provide the LICENSE variable only if you have a legacy license.
LICENSE=

# Profiles
# A coma separated list of active profiles

# For deployments with legacy licensing please disable altair-license in your profile

# Maximum set
# COMPOSE_PROFILES=deployment-init,proxy,keycloak,altair-license,landing-page,aihub-frontend,aihub-backend,aihub-activemq,aihub-job-agent,jupyter,grafana,scoring-agent,platform-admin,ces,token-tool,letsencrypt,panopticon,aihub-webapi-agent-1,aihub-webapi-agent-2,aihub-webapi-gateway

# Minimum set
# COMPOSE_PROFILES=deployment-init,proxy,keycloak,altair-license,landing-page,aihub-frontend,aihub-backend,aihub-activemq,aihub-job-agent

# Default set
COMPOSE_PROFILES=deployment-init,proxy,keycloak,altair-license,landing-page,aihub-frontend,aihub-backend,aihub-activemq,aihub-job-agent,jupyter,grafana,scoring-agent,platform-admin,ces,token-tool,letsencrypt,panopticon,aihub-webapi-agent-1,aihub-webapi-gateway

# Docker-compose timeout setting
COMPOSE_HTTP_TIMEOUT=600

# ############################################
#
# Deployment parameters
#
# ############################################

# Prefix to use for docker registry
REGISTRY=rapidminerstaging/

# Version of the Init container
INIT_VERSION=10.3.0-BETA

# Enable configuring server settings for Python Scripting extension
INIT_SHARED_CONDA_SETTINGS=true

# ############################################
#
# Proxy
#
# ############################################

PROXY_VERSION=10.3.0-BETA

UNPRIVILEGED_PORTS=false
PROXY_DATA_UPLOAD_LIMIT=10240MB

# Backends
AIHUB_FRONTEND=http://aihub-frontend
AIHUB_BACKEND=http://aihub-backend:8080
WEBAPI_GATEWAY_BACKEND=http://webapi-gateway:8099
GRAFANA_BACKEND=http://grafana:3000/
JUPYTERHUB_BACKEND=http://jupyterhub:8000/
KEYCLOAK_BACKEND=http://keycloak:8080
KIBANA_BACKEND=http://rm-kibana:5601
LANDING_BACKEND=http://landing-page:1080/
LETSENCRYPT_BACKEND=http://letsencrypt:1084/
METRICS_BACKEND=http://prometheus:9090/
PLATFORM_ADMIN_BACKEND=http://platform-admin:1082/
SCORING_AGENT_BACKEND=http://scoring-agent:8090/
SCORING_AGENT_WEBUI_BACKEND=http://platform-admin:1082/
STANDPY_BACKEND=http://standpy-router/
TOKEN_BACKEND=http://token-tool:1080/
PANOPTICON_BACKEND=http://panopticon-vizapp:8080
# Backend suffixes
GRAFANA_URL_SUFFIX=/grafana
JUPYTERHUB_URL_SUFFIX=/jupyter/
KIBANA_URL_SUFFIX=/kibana
METRICS_URL_SUFFIX=/metrics
PLATFORM_ADMIN_URL_SUFFIX=/platform-admin
SCORING_AGENT_URL_SUFFIX=/rts
SCORING_AGENT_WEBUI_URL_SUFFIX=/rts-admin
STANDPY_URL_SUFFIX=/standpy
TOKEN_TOOL_URL_SUFFIX=/get-token
# Default Basic Auth Accesses
PLATFORM_ADMIN_ENVIRONMENT_EXPORT_AUTH_BASIC_USER=foobar
PLATFORM_ADMIN_ENVIRONMENT_EXPORT_AUTH_BASIC_PASSWORD=secret
METRICS_AUTH_BASIC_USER=admin
METRICS_AUTH_BASIC_PASS=changeit
LOGS_AUTH_BASIC_USER=admin
LOGS_AUTH_BASIC_PASS=changeit
SCORING_AGENT_BASIC_AUTH=true
# Change these when you want to use non-default pair to login
SCORING_AGENT_ADMIN_USER=admin
SCORING_AGENT_ADMIN_PASSWORD=changeit
# HTTPS settings
ALLOW_LETSENCRYPT=true
HTTPS_CRT_PATH=/etc/nginx/ssl/certificate.crt
HTTPS_KEY_PATH=/etc/nginx/ssl/private.key
HTTPS_KEY_PASSWORD_FILE_PATH=/etc/nginx/ssl/password.txt
HTTPS_DH_PATH=/etc/nginx/ssl/dhparam.pem

WAIT_FOR_DHPARAM=true
DEBUG_CONF_INIT=false

# ############################################
#
# KeyCloak (SSO)
#
# ############################################

# Keycloak container version
KEYCLOAK_VERSION=10.3.0-BETA

# Keycloak database parameters
KEYCLOAK_POSTGRES_VERSION=10.3.0-BETA
KEYCLOAK_DBSCHEMA=kcdb
KEYCLOAK_DBUSER=kcdbuser
KEYCLOAK_DBPASS=changeit
KEYCLOAK_POSTGRES_INITDB_ARGS="--encoding UTF8 --locale=C /var/lib/postgresql/data"

# Default platform admin user credentials
KEYCLOAK_USER=admin
KEYCLOAK_PASSWORD=changeit

KC_FEATURES=token-exchange,upload_scripts
KC_HOSTNAME_STRICT="false"
KC_HOSTNAME_STRICT_BACKCHANNEL="false"
KC_HOSTNAME_STRICT_HTTPS="false"
KC_LOG_LEVEL=info
KC_PROXY=edge
KC_HTTP_ENABLED="true"

# ############################################
#
# License Proxy
#
# ############################################

SKIP_LICENSE_CHECK=false

LICENSE_PROXY_VERSION=10.3.0-BETA
# License Proxy url with protocol and port
LICENSE_PROXY_INTERNAL_URL=http://license-proxy:9898
# Unique machine id of the deployment
# may be generated with the command: echo "$(openssl rand -hex 4)-$(openssl rand -hex 2)-$(openssl rand -hex 2)-$(openssl rand -hex 2)-$(openssl rand -hex 6)"
LICENSE_AGENT_MACHINE_ID="00000000-0000-0000-0000-000000000000"
# supported modes are 'on_prem' and 'altair_one'
LICENSE_PROXY_MODE=on_prem

# ## settings for 'on_prem' mode ###
# Altair License Manager path for on-prem mode pointing to an Altair Lincense Manager endpoint in format of port@host
# must be set if mode is 'on_prem'
ALTAIR_LICENSE_PATH=
# ##

# ## settings for 'altair_one' mode ###
# Authentication type while connecting to the license server
# possible values are 'credentials', 'auth_code' and 'static_token'
LICENSE_UNIT_MANAGER_AUTHENTICATION_TYPE=credentials

# ##### settings for 'credentials' authentication type
# Altair One username. Must be set if the authentication type is 'credentials' and License Proxy mode is 'altair_one'
LICENSE_UNIT_MANAGER_USER_NAME=
# Altair One password. Must be set if the authentication type is 'credentials' and License Proxy mode is 'altair_one'
LICENSE_UNIT_MANAGER_PASSWORD=
# When mode is 'altair_one', resets any stored auth code when 'credentials' already persisted a valid auth token
LICENSE_UNIT_MANAGER_RESET_AUTH_TOKEN=false
# #####

# ##### settings for 'static_token' authentication type
# License Server access token. Must be set if the authentication type is 'static_token' and License Proxy mode is 'altair_one'
LICENSE_UNIT_MANAGER_TOKEN=
# #####
LICENSE_UNIT_MANAGER_AUTH_CODE=
# ##

# ############################################
#
# Rapidminer AiHub
#
# ############################################

AIHUB_FRONTEND_VERSION=10.3.0-BETA
AIHUB_BACKEND_VERSION=10.3.0-BETA
AIHUB_POSTGRES_VERSION=10.3.0-BETA
AIHUB_DBHOST=aihub-postgresql
AIHUB_DBSCHEMA=aihub-db
AIHUB_DBUSER=aihub-db-user
AIHUB_DBPASS=changeit
AIHUB_POSTGRES_INITDB_ARGS="--encoding UTF8 --locale=C /var/lib/postgresql/data"
AIHUB_FRONTEND_SSO_CLIENT_ID=aihub-frontend
AIHUB_BACKEND_SSO_CLIENT_ID=aihub-backend
AIHUB_BACKEND_SSO_CLIENT_SECRET=
AIHUB_BACKEND_HOSTNAME=aihub-backend
AIHUB_BACKEND_PORT=8080
AIHUB_BACKEND_INTERNAL_URL=http://aihub-backend:8080
# AiHub and JA authenticates using this shared secret, which shall be a random string in base64 encoded format
# echo $RANDOM | md5sum | head -c 20; echo | base64;
AUTH_SECRET="<AUTH-SECRET-PLACEHOLDER>"
RAPIDMINER_LOAD_USER_CERTIFICATES=true

# ############################################
#
# Job Agent
#
# ############################################

JOBAGENT_VERSION=10.3.0-BETA
JOBAGENT_QUEUE_ACTIVEMQ_URI=failover:(tcp://aihub-activemq:61616)
JOBAGENT_CONTAINER_COUNT=2
JOBAGENT_SSO_CLIENT_ID=aihub-jobagent
JOBAGENT_SSO_CLIENT_SECRET=
JOBAGENT_QUEUE_JOB_REQUEST=DEFAULT
JOBAGENT_CONTAINER_MEMORYLIMIT=2048
AIHUB_BACKEND_PROTOCOL=http
JOBAGENT_NAME=JOBAGENT-1
JOBAGENT_CONTAINER_LOAD_USER_CERTIFICATES=true

# ############################################
#
# ActiveMQ
#
# ############################################

ACTIVEMQ_VERSION=10.3.0-BETA
BROKER_ACTIVEMQ_USERNAME=amq-user
BROKER_ACTIVEMQ_PASSWORD="<SERVER-AMQ-PASS-PLACEHOLDER>"

# ############################################
#
# Jupyterhub
#
# ############################################

JUPYTERHUB_VERSION=10.3.0-BETA
JUPYTERHUB_DBHOST=jupyterhub-db
JUPYTERHUB_DBSCHEMA=jupyterhub
JUPYTERHUB_DBUSER=jupyterhubdbuser
JUPYTERHUB_DBPASS=changeit
JUPYTERHUB_HOSTNAME=jupyterhub
JUPYTERHUB_POSTGRES_INITDB_ARGS="--encoding UTF8 --locale=C /var/lib/postgresql/data"
# Jupyterhub crypt key can be generated with the command: openssl rand -hex 32
JUPYTERHUB_CRYPT_KEY="<JUPYTERHUB-CRYPT-KEY-PLACEHOLDER>"
JUPYTERHUB_DEBUG=False
JUPYTERHUB_TOKEN_DEBUG=False
JUPYTERHUB_PROXY_DEBUG=False
JUPYTERHUB_DB_DEBUG=False
JUPYTERHUB_SPAWNER_DEBUG=False
JUPYTERHUB_STACK_NAME=default
JUPYTERHUB_SSO_CLIENT_ID=jupyterhub
JUPYTERHUB_SSO_CLIENT_SECRET=
JUPYTERHUB_SPAWNER=dockerspawner
JUPYTERHUB_API_PROTOCOL=http
JUPYTERHUB_API_HOSTNAME=jupyterhub
JUPYTERHUB_PROXY_PORT=8000
JUPYTERHUB_API_PORT=8001
JUPYTERHUB_APP_PORT=8081
# JUPYTERHUB_CUSTOM_CA_CERTS=${PWD}/ssl/deb_cacerts/
JUPYTERHUB_DOCKER_DISABLE_NOTEBOOK_IMAGE_PULL_AT_STARTUP=False

# ############################################
#
# Jupyter Notebook
#
# ############################################

JUPYTERHUB_NOTEBOOK_VERSION=10.3.0-BETA

JUPYTERHUB_NOTEBOOK_SSO_NB_UID_KEY=X_NB_UID
JUPYTERHUB_NOTEBOOK_SSO_NB_GID_KEY=X_NB_GID
JUPYTERHUB_NOTEBOOK_SSO_CUSTOM_BIND_MOUNTS_KEY=X_NB_CUSTOM_BIND_MOUNTS
# Content should be in json format, use quotes here instead of apostrophes
# JUPYTERHUB_NOTEBOOK_CUSTOM_BIND_MOUNTS={"/usr/share/doc/apt":"/tmp/apt","/usr/share/doc/mount/":"/tmp/mount"}
JUPYTERHUB_NOTEBOOK_CUSTOM_BIND_MOUNTS=
JUPYTERHUB_NOTEBOOK_CPU_LIMIT=100
# Docker
JUPYTERHUB_NOTEBOOK_MEM_LIMIT=2g
#k8s
# JUPYTERHUB_NOTEBOOK_MEM_LIMIT=2G
JUPYTERHUB_NOTEBOOK_SHARED_ENV_VOLUME_NAME_DOCKERSPAWNER=coding-shared-vol
# kubespawner
# JUPYTERHUB_NOTEBOOK_KUBERNETES_CMD: '/entrypoint.sh'
# JUPYTERHUB_NOTEBOOK_KUBERNETES_ARGS: ''
# JUPYTERHUB_NOTEBOOK_KUBERNETES_NAMESPACE=rapidminer
# JUPYTERHUB_NOTEBOOK_KUBERNETES_NODE_SELECTOR_NAME: 'rapidminer.node'
# JUPYTERHUB_NOTEBOOK_KUBERNETES_NODE_SELECTOR_VALUE: 'notebook'
# JUPYTERHUB_NOTEBOOK_HOME_KUBERNETES_STORAGE_ACCESS_MODE=ReadWriteOnce
# JUPYTERHUB_NOTEBOOK_HOME_KUBERNETES_STORAGE_CAPACITY=5Gi
# JUPYTERHUB_NOTEBOOK_HOME_KUBERNETES_STORAGE_CLASS=ms-ebs-us-west-2b
# JUPYTERHUB_NOTEBOOK_IMAGE_PULL_SECRET=rm-docker-login-secret
# JUPYTERHUB_NOTEBOOK_SHARED_ENV_VOLUME_NAME_KUBESPAWNER=python-envs-pvc
# JUPYTERHUB_NOTEBOOK_SHARED_ENV_VOLUME_SUBPATH_KUBESPAWNER=coding-shared

# ############################################
#
# Platform admin
#
# ############################################

PLATFORM_ADMIN_VERSION=10.3.0-BETA
PLATFORM_ADMIN_SSO_CLIENT_ID=platform-admin
PLATFORM_ADMIN_SSO_CLIENT_SECRET=
PLATFORM_ADMIN_DISABLE_PYTHON=false
PLATFORM_ADMIN_DISABLE_RTS=false

# ############################################
#
# Coding Environment Storage
#
# ############################################

CES_VERSION=10.3.0-BETA
DISABLE_DEFAULT_CHANNELS=False

# ############################################
#
# Real-Time Scoring Agent
#
# ############################################

SCORING_AGENT_VERSION=10.1.3
# WebApi
WEBAPI_GATEWAY_VERSION=10.3.0-BETA
REACT_APP_WEBAPI_GATEWAY_URL=http://webapi-gateway:8099
WEBAPIAGENT_OPTS="-Xmx2g"
WEBAPI_REGISTRY_USERNAME=foobar
WEBAPI_REGISTRY_PASSWORD=secret
WEBAPI_AIHUB_CONNECTION_PROTOCOL=http
WEBAPI_AIHUB_CONNECTION_HOST=aihub-backend
WEBAPI_AIHUB_CONNECTION_PORT=8080
WEBAPI_AGENT_VERSION=10.3.0-BETA
WEBAPI_GROUP_NAME=DEFAULT
WAIT_FOR_LICENSES=1
SCORING_AGENT_ENABLE_SERVER_LICENSE=true
SCORING_AGENT_SPRING_PROFILES_ACTIVE=webapi
SCORING_AGENT_SSO_CLIENT_ID=aihub-scoringagent
SCORING_AGENT_SSO_CLIENT_SECRET=
WEBAPI_AGENT_SSO_CLIENT_ID=aihub-webapiagent
WEBAPI_AGENT_SSO_CLIENT_SECRET=
# Supported modes are 'ALTAIR_UNIT', 'RAPIDMINER' and 'ALTAIR_STANDALONE'
# Uncomment this to use 'SCORING_AGENT_LICENSE_MODE' in Scoring Agent instead of LICENSE_MODE variable declared above
# SCORING_AGENT_LICENSE_MODE=ALTAIR_STANDALONE
SCORING_AGENT_RAPIDMINER_LOAD_USER_CERTIFICATES=true

# ############################################
#
# Grafana
#
# ############################################

# Official grafana image from: https://hub.docker.com/r/grafana/grafana/
OFFICIAL_GRAFANA_IMAGE=grafana/grafana:10.1.2-ubuntu
# Image tag used by grafana-proxy and grafana-init
GRAFANA_UTILS_VERSION=10.3.0-BETA
GF_AUTH_GENERIC_OAUTH_SCOPES=email,openid

#
# Grafana Proxy
#
# Possible values: NOTSET, DEBUG, INFO, WARNING, ERROR, CRITICAL
GRAFANA_PROXY_LOGGING_LEVEL=INFO
# Comma spearated list of Scoring Agent URLs (http://scoring-agent-1:8090,https://scoring-agent-2:8888)
GRAFANA_SCORING_AGENT_BACKENDS=http://scoring-agent:8090/
# Set this to 'True' to log data (eg. result from webservice) returned from GF proxy
GRAFANA_PROXY_LOG_RESPONSE_DATA=False

# ############################################
#
# Grafana Direct (these values injected directly to Grafana)
#
# ############################################

GF_AUTH_GENERIC_OAUTH_AUTH_URL=
GF_AUTH_GENERIC_OAUTH_TOKEN_URL=
GF_AUTH_GENERIC_OAUTH_API_URL=
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=
GF_AUTH_SIGNOUT_REDIRECT_URL=
GF_SERVER_ROOT_URL=

# ############################################
#
# LetsEncrypt Client
#
# ############################################

LETSENCRYPT_VERSION=10.3.0-BETA

# ############################################
#
# Docker Deployment Manager
#
# ############################################

DDM_VERSION=10.3.0-BETA

# ############################################
#
# Landing page
#
# ############################################

LANDING_PAGE_VERSION=10.3.0-BETA
LANDING_PAGE_SSO_CLIENT_ID=landing-page
LANDING_PAGE_SSO_CLIENT_SECRET=
LANDING_PAGE_DEBUG=false

# ############################################
#
# Token Tool
#
# ############################################

TOKEN_TOOL_SSO_CLIENT_ID=token-tool
TOKEN_TOOL_SSO_CLIENT_SECRET=
TOKEN_TOOL_DEBUG=false

# ############################################
#
# Service overrides
#  - true/false - false means automatic detection
#
# ############################################

DEPLOYED_GRAFANA=false
DEPLOYED_JUPYTERHUB=false
DEPLOYED_LANDINGPAGE=false
DEPLOYED_PLATFORMADMIN=false
DEPLOYED_SERVER=false
DEPLOYED_TOKENTOOL=false
DEPLOYED_PANOPTICON=false

# ############################################
#
# Panopticon
#
# ############################################

PANOPTICON_VIZAPP_VERSION=10.3.0-BETA
PANOPTICON_VIZAPP_PYTHON_VERSION=10.3.0-BETA
PANOPTICON_MONETDB_IMAGE_VERSION=10.3.0-BETA
PANOPTICON_RSERVE_IMAGE_VERSION=10.3.0-BETA

PANOPTICON_SSO_CLIENT_ID=panopticon
PANOPTICON_SSO_CLIENT_SECRET=

# If set to false, platform license will be used as pano licensing.
# If set to true, set your panopticon licensing in the 'Panopticon_overide.properties' and 'Panopticon_overide.properties.template' files.
PANOPTICON_DETACHED_LICENSE=false

PANOPTICON_MONETDB_ADMIN_PASS=changeit
PANOPTICON_CATALINA_OPTS='-Xms900m -Xmx1900m'
PANOPTICON_LMX_USE_EPOLL='1'
