# ============================================================ # GUARDiA ITSM — Full Stack docker-compose (개발/테스트용) # ============================================================ # 사용법: # docker compose up -d # 전체 스택 시작 # docker compose up -d guardia # GUARDiA만 시작 (DB/Redis는 외부) # docker compose logs -f guardia # docker compose down -v # 볼륨 포함 완전 삭제 # # 환경변수: # .env 파일에 GUARDIA_LICENSE_KEY, SECRET_KEY 등을 설정하세요. # (itsm/.env가 없으면 기본값 사용) # ============================================================ x-common-env: &common-env PYTHONIOENCODING: utf-8 PYTHONUNBUFFERED: "1" DATABASE_URL: postgresql+asyncpg://guardia:guardia@postgres:5432/guardia REDIS_URL: redis://redis:6379/0 OLLAMA_BASE_URL: http://ollama:11434 MESSENGER_BASE_URL: http://messenger:8002 MESSENGER_OPS_ROOM: ops services: # ── GUARDiA ITSM ──────────────────────────────────────── guardia: build: context: . dockerfile: Dockerfile image: guardia-itsm:latest container_name: guardia-itsm ports: - "8001:8001" environment: <<: *common-env SECRET_KEY: ${SECRET_KEY:-change_this_in_production_min_32chars} ALGORITHM: HS256 ACCESS_TOKEN_EXPIRE_MINUTES: 480 GUARDIA_LLM_MODEL: ${GUARDIA_LLM_MODEL:-llama3.1:8b} GUARDIA_LICENSE_KEY: ${GUARDIA_LICENSE_KEY:-} # OAuth 소셜 로그인 (선택) GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID:-} GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET:-} GITHUB_CLIENT_ID: ${GITHUB_CLIENT_ID:-} GITHUB_CLIENT_SECRET: ${GITHUB_CLIENT_SECRET:-} KEYCLOAK_BASE_URL: ${KEYCLOAK_BASE_URL:-} KEYCLOAK_REALM: ${KEYCLOAK_REALM:-master} KEYCLOAK_CLIENT_ID: ${KEYCLOAK_CLIENT_ID:-guardia} KEYCLOAK_CLIENT_SECRET: ${KEYCLOAK_CLIENT_SECRET:-} CATALINA_HOME: /app/tomcat volumes: - guardia-uploads:/app/uploads - guardia-db:/app # SQLite 개발 모드용 (PostgreSQL 사용 시 불필요) depends_on: postgres: condition: service_healthy redis: condition: service_healthy networks: - guardia-net restart: unless-stopped healthcheck: test: ["CMD", "curl", "-sf", "http://localhost:8001/"] interval: 30s timeout: 10s retries: 3 start_period: 40s # ── Nginx 리버스 프록시 ────────────────────────────────── nginx: image: nginx:alpine container_name: guardia-nginx ports: - "80:80" - "443:443" volumes: - ./docker/nginx/guardia.conf:/etc/nginx/conf.d/default.conf:ro - ./docker/nginx/ssl:/etc/nginx/ssl:ro # HTTPS 인증서 (선택) depends_on: - guardia networks: - guardia-net restart: unless-stopped # ── PostgreSQL ─────────────────────────────────────────── postgres: # pgvector/pgvector:pg15 = PostgreSQL 15 + pgvector 확장 포함 # vector 타입 사용: SR 유사도 검색, KB 시맨틱 검색 image: pgvector/pgvector:pg15 container_name: guardia-postgres environment: POSTGRES_DB: guardia POSTGRES_USER: guardia POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-guardia} PGDATA: /var/lib/postgresql/data/pgdata volumes: - guardia-pgdata:/var/lib/postgresql/data ports: - "5432:5432" # 개발용 노출 (운영에서는 제거) networks: - guardia-net restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -U guardia -d guardia"] interval: 10s timeout: 5s retries: 5 start_period: 10s # ── Redis ──────────────────────────────────────────────── redis: image: redis:7-alpine container_name: guardia-redis command: redis-server --appendonly yes --maxmemory 256mb --maxmemory-policy allkeys-lru volumes: - guardia-redis:/data ports: - "6379:6379" # 개발용 노출 networks: - guardia-net restart: unless-stopped healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 10s timeout: 5s retries: 3 # ── Ollama (온프레미스 sLLM) ───────────────────────────── # 모델은 볼륨(guardia-ollama-models)에 저장 — 이미지에 포함 안 함 # GPU 지원: docker-compose.gpu.yml 오버라이드 파일 참조 ollama: image: ollama/ollama:latest container_name: guardia-ollama volumes: - guardia-ollama-models:/root/.ollama # 모델 영구 저장 ports: - "11434:11434" # 내부 전용 (외부 노출 금지 권장) environment: OLLAMA_HOST: 0.0.0.0 networks: - guardia-net restart: unless-stopped # GPU 사용 시 아래 주석 해제 (docker-compose.gpu.yml에서 override) # deploy: # resources: # reservations: # devices: # - driver: nvidia # count: 1 # capabilities: [gpu] healthcheck: test: ["CMD", "curl", "-sf", "http://localhost:11434/api/version"] interval: 30s timeout: 10s retries: 3 start_period: 20s # ── Tomcat 9 (WAS 환경 시뮬레이션) ────────────────────── tomcat: image: tomcat:9.0-jdk17-temurin-jammy container_name: guardia-tomcat ports: - "8080:8080" volumes: - guardia-tomcat-webapps:/usr/local/tomcat/webapps - guardia-tomcat-logs:/usr/local/tomcat/logs - ./docker/tomcat/tomcat-users.xml:/usr/local/tomcat/conf/tomcat-users.xml:ro environment: JAVA_OPTS: "-Xms512m -Xmx1024m -Djava.awt.headless=true" CATALINA_OPTS: "-server -XX:+UseParallelGC" networks: - guardia-net restart: unless-stopped healthcheck: test: ["CMD", "curl", "-sf", "http://localhost:8080/"] interval: 30s timeout: 10s retries: 3 start_period: 30s # ── Scouter Server (Java WAS APM 모니터링 서버) ───────────── # Scouter: Tomcat/JBoss/JEUs 성능 모니터링 (CPU/Heap/TPS/응답시간) # Agent는 대상 WAS 서버에 setup/scouter/scouter-agent.jar 로 배포 scouter-server: image: scouteross/scouter-server:2.20.0 container_name: guardia-scouter ports: - "6100:6100/udp" # 에이전트 데이터 수신 (UDP) - "6100:6100/tcp" # 에이전트 TCP - "6180:6180" # HTTP API volumes: - guardia-scouter-data:/home/scouter-server/database environment: SCOUTER_HTTP_PORT: "6180" networks: - guardia-net restart: unless-stopped healthcheck: test: ["CMD", "curl", "-sf", "http://localhost:6180/scouter/v1/info/version"] interval: 30s timeout: 5s retries: 3 start_period: 20s # ── Qdrant (전용 벡터 DB — 고성능 시맨틱 검색) ─────────── # pgvector보다 빠른 ANN 검색이 필요할 때 사용 # QDRANT_ENABLED=true 시 guardia에서 QDRANT_URL=http://qdrant:6333 설정 qdrant: image: qdrant/qdrant:v1.7.4 container_name: guardia-qdrant profiles: ["vector"] # docker compose --profile vector up 으로 활성화 ports: - "6333:6333" - "6334:6334" volumes: - guardia-qdrant:/qdrant/storage environment: QDRANT__SERVICE__GRPC_PORT: "6334" networks: - guardia-net restart: unless-stopped healthcheck: test: ["CMD", "curl", "-sf", "http://localhost:6333/healthz"] interval: 30s timeout: 5s retries: 3 # ── Gitea (온프레미스 Git 서버) ────────────────────────── # 형상관리: 저장소 생성, 브랜치 보호, PR 워크플로우 gitea: image: gitea/gitea:1.21-rootless container_name: guardia-gitea ports: - "3000:3000" # HTTP (web + API) - "2222:2222" # SSH environment: USER_UID: "1000" USER_GID: "1000" GITEA__DEFAULT__APP_NAME: "GUARDiA Git" GITEA__SERVER__HTTP_PORT: "3000" GITEA__SERVER__SSH_PORT: "2222" GITEA__SERVER__ROOT_URL: "http://localhost:3000/" GITEA__DATABASE__DB_TYPE: "sqlite3" GITEA__DATABASE__PATH: "/var/lib/gitea/data/gitea.db" GITEA__REPOSITORY__DEFAULT_BRANCH: "main" GITEA__GIT__DEFAULT_BRANCH: "main" GITEA__SECURITY__INSTALL_LOCK: "true" GITEA__SERVICE__DISABLE_REGISTRATION: "false" volumes: - guardia-gitea-data:/var/lib/gitea - guardia-gitea-config:/etc/gitea - /etc/timezone:/etc/timezone:ro networks: - guardia-net restart: unless-stopped healthcheck: test: ["CMD", "curl", "-sf", "http://localhost:3000/api/v1/version"] interval: 30s timeout: 5s retries: 3 start_period: 30s # ── 볼륨 ───────────────────────────────────────────────── volumes: guardia-db: guardia-uploads: guardia-pgdata: guardia-redis: guardia-ollama-models: # Ollama 모델 (로컬 경로 마운트 가능) guardia-tomcat-webapps: guardia-tomcat-logs: guardia-qdrant: # Qdrant 벡터 데이터 guardia-gitea-data: # Gitea 저장소 + DB guardia-gitea-config: # Gitea 설정 guardia-scouter-data: # Scouter 성능 데이터 # ── 네트워크 ────────────────────────────────────────────── networks: guardia-net: driver: bridge ipam: config: - subnet: 172.20.0.0/16