基本的な本番テンプレート
以下で紹介されているテンプレートは、典型的な本番環境用です。
以下のコンポーネントを使用して、シングルホストでRapidMiner AI Hubをデプロイするの用いられます。
- 1 RapidMiner AI Hub インスタンス
- 3 RapidMiner Job Agents
- Postgres データベース
- Platform Admin
- 1 JupyterHub インスタンス
- 1 Dashboards インスタンス
- 1 KeyCloak インスタンス
各Dockerイメージの詳細な説明は、イメージ集をご覧ください。
システム要件
最低限の推移ハードウェア構成
必要とされるメモリ量は、RapidMiner AI Hubで処理されるデータ量に大きく依存します。RapidMinerサービス単体では、8GBくらいで実行できます。しかし、本番環境では、ユーザーのデータ量にもよりますが、現実的なユースケースからデータを分析すると、十分な機能をユーザーに提供するには32GB以上を推奨します。
各仮想、もしくは物理マシンは少なくとも以下が必要です。
- クアッドコア
- 32GB RAM
- >20GB以上の空きディスク容量
Docker Desktop for Windows (または Mac)を使用している場合は、十分なメモリ量を割り当てられるかを確認してください。Docker Desktopのデフォルトの設定では、RapidMiner AI Hubを使用するには低すぎます。
手順
ステップ(1)のZIPファイルに含まれる、以下の二つのファイルが必要です。
以下のように進めます。
- テンプレートファイルのダウンロード
- 一般的なデプロイメント手順に従います。
- .envファイルにあるPUBLIC_URL と SSO_PUBLIC_URL 変数の設定を必ず行います
環境ファイル(.env)
# ############################################
#
# Global parameters
#
# ############################################
# Public URL of the deployment that will be used for external access
PUBLIC_URL=https://platform.rapidminer.com
# Public URL of the SSO endpoint that will be used for external access. In most cases it should be the same as the PUBLIC_URL
SSO_PUBLIC_URL=https://platform.rapidminer.com
# Enable/disable the service build into the RapidMiner cloud images, that updates the PUBLIC_URL and SSO_PUBLIC_URL variables to the new dynamic cloud hostname/IP address
# Enable/disable the Legacy BASIC authentication support for REST endpoints, like webservices.
LEGACY_REST_BASIC_AUTH_ENABLED=false
# Timezone setting
TZ=UTC
# ############################################
#
# Deployment parameters
#
# ############################################
REGISTRY=rapidminer/
INIT_VERSION=9.7
# ############################################
#
# KeyCloak (SSO)
#
# ############################################
KEYCLOAK_VERSION=9.7
KC_DB=kcdb
KC_USER=kcdbuser
KC_PASSWORD=kcdbpass
KEYCLOAK_USER=admin
KEYCLOAK_PASSWORD=changeit
SSO_IDP_REALM=master
SSO_SSL_REQUIRED=external
USER_MIGRATION_ENABLED=True
USER_MIGRATION_DRY_RUN=False
# ############################################
#
# Rapidminer server
#
# ############################################
SERVER_VERSION=9.7
SERVER_DBHOST=rm-postgresql-svc
SERVER_DBSCHEMA=rapidminer-server-db
SERVER_DBUSER=rmserver-db-user
SERVER_DBPASS=w61J784XSb24K4LRV97MbE16i8xa9O
SERVER_MAX_MEMORY=2048M
RMSERVER_SSO_CLIENT_ID=urn:rapidminer:server
RMSERVER_SSO_CLIENT_SECRET=
RAPIDMINER_SERVER_HOST=rm-server-svc
RAPIDMINER_SERVER_PORT=8080
RAPIDMINER_SERVER_URL=http://rm-server-svc:8080
AUTH_SECRET=TTY5MjUxbzRBN2ZIWThpNGVKNGo4V2xqOHk0dTNV
BROKER_ACTIVEMQ_USERNAME=amq-user
BROKER_ACTIVEMQ_PASSWORD=M69251o4A7fHY8i4eJ4j8Wlj8y4u3U
# ############################################
#
# Job Agent
#
# ############################################
JOBAGENT_QUEUE_ACTIVEMQ_URI=failover:(tcp://rm-server-svc:5672)
JOBAGENT_CONTAINER_COUNT=2
JOB_QUEUE=DEFAULT
JOBAGENT_CONTAINER_MEMORYLIMIT=2048
RAPIDMINER_JOBAGENT_OPTS="-Djobagent.python.registryBaseUrl=http://platform-admin-webui-svc:82/"
RAPIDMINER_SERVER_PROTOCOL=http
# ############################################
#
# Proxy
#
# ############################################
PROXY_VERSION=9.7
JUPYTER_BACKEND=http://rm-jupyterhub-svc:8000
JUPYTER_URL_SUFFIX=/jupyter
GRAFANA_BACKEND=http://rm-grafana-svc:3000
GRAFANA_URL_SUFFIX=/grafana
PA_BACKEND=http://platform-admin-webui-svc:82/
PA_URL_SUFFIX=/platform-admin
RTS_WEBUI_BACKEND=http://platform-admin-webui-svc:82/
RTS_WEBUI_URL_SUFFIX=/rts-admin
RTS_SCORING_BACKEND=http://rts-agent-svc:8090/
RTS_SCORING_URL_SUFFIX=/rts
KEYCLOAK_BACKEND=http://rm-keycloak-svc:8080
LANDING_BACKEND=http://landing-page
TOKEN_BACKEND=http://rm-token-tool-svc
TOKEN_URL_SUFFIX=/get-token
HTTPS_CRT_PATH=/etc/nginx/ssl/certificate.crt
HTTPS_KEY_PATH=/etc/nginx/ssl/private.key
HTTPS_DH_PATH=/etc/nginx/ssl/dhparam.pem
# ############################################
#
# Jupyterhub
#
# ############################################
RM_JUPYTER_VERSION=9.7
JHUB_DOCKER_NOTEBOOK_IMAGE=rapidminer/rapidminer-jupyter_notebook:9.7
JHUB_POSTGRES_HOST=rm-jupyterhub-db-svc
JHUB_POSTGRES_DB=jupyterhub
JHUB_POSTGRES_USER=jupyterhubdbuser
JHUB_POSTGRES_PASSWORD=FoExRExzQsL7UpgEYa5sO7mhiGhi3ne
JHUB_HOSTNAME=rm-jupyterhub-svc
JUPYTERHUB_CRYPT_KEY=e0084caa38f521cc985d675168bcf7b7137cf5b0d4a3e8b99d2e3542705584eb
JHUB_DEBUG=False
JHUB_TOKEN_DEBUG=False
JHUB_PROXY_DEBUG=False
JHUB_DB_DEBUG=False
JHUB_SPAWNER_DEBUG=False
DOCKER_NOTEBOOK_CPU_LIMIT=100
DOCKER_NOTEBOOK_MEM_LIMIT=2g
JHUB_SSO_CLIENT_ID=urn:rapidminer:jupyterhub
JHUB_SSO_CLIENT_SECRET=
JUPYTER_STACK_NAME=default
# ############################################
#
# Platform admin
#
# ############################################
PA_VERSION=9.7
PA_SSO_CLIENT_ID=urn:rapidminer:platform-admin
PA_SSO_CLIENT_SECRET=
PA_DISABLE_PYTHON=false
PA_DISABLE_RTS=true
# ############################################
#
# Grafana
#
# ############################################
RM_GRAFANA_VERSION=9.7
GRAFANA_SSO_CLIENT_ID=urn:rapidminer:grafana
GRAFANA_SSO_CLIENT_SECRET=
# ############################################
#
# Landing page
#
# ############################################
RM_LANDING_VERSION=9.7
LANDING_SSO_CLIENT_ID=urn:rapidminer:landing-page
LANDING_SSO_CLIENT_SECRET=
# ############################################
#
# Token Tool
#
# ############################################
TOKEN_SSO_CLIENT_ID=urn:rapidminer:token-tool
TOKEN_SSO_CLIENT_SECRET=
docker-compose定義ファイル (docker-compose.yml)
version: '3'
services:
rm-proxy-svc:
image: ${REGISTRY}rapidminer-proxy:${PROXY_VERSION}
hostname: rm-proxy-svc
restart: always
environment:
- KEYCLOAK_BACKEND=${KEYCLOAK_BACKEND}
- RMSERVER_BACKEND=${RAPIDMINER_SERVER_URL}
- JUPYTER_BACKEND=${JUPYTER_BACKEND}
- JUPYTER_URL_SUFFIX=${JUPYTER_URL_SUFFIX}
- GRAFANA_BACKEND=${GRAFANA_BACKEND}
- GRAFANA_URL_SUFFIX=${GRAFANA_URL_SUFFIX}
- PA_BACKEND=${PA_BACKEND}
- PA_URL_SUFFIX=${PA_URL_SUFFIX}
- TOKEN_BACKEND=${TOKEN_BACKEND}
- TOKEN_URL_SUFFIX=${TOKEN_URL_SUFFIX}
- RTS_WEBUI_BACKEND=${RTS_WEBUI_BACKEND}
- RTS_WEBUI_URL_SUFFIX=${RTS_WEBUI_URL_SUFFIX}
- RTS_SCORING_BACKEND=${RTS_SCORING_BACKEND}
- RTS_SCORING_URL_SUFFIX=${RTS_SCORING_URL_SUFFIX}
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
- SSO_IDP_REALM=${SSO_IDP_REALM}
- RTS_BASIC_AUTH=true
- LANDING_BACKEND=${LANDING_BACKEND}
- HTTPS_CRT_PATH=${HTTPS_CRT_PATH}
- HTTPS_KEY_PATH=${HTTPS_KEY_PATH}
- HTTPS_DH_PATH=${HTTPS_DH_PATH}
ports:
- 80:80
- 443:443
networks:
rm-platform-int-net:
aliases:
- rm-proxy-svc
volumes:
- ./ssl:/etc/nginx/ssl
- platform-admin-uploaded-vol:/rapidminer/platform-admin/uploaded/
rm-keycloak-db-svc:
image: postgres:9.6
restart: always
hostname: rm-keycloak-db-svc
environment:
- POSTGRES_DB=${KC_DB}
- POSTGRES_USER=${KC_USER}
- POSTGRES_PASSWORD=${KC_PASSWORD}
volumes:
- keycloak-postgresql-vol:/var/lib/postgresql/data
networks:
rm-idp-db-net:
aliases:
- rm-keycloak-db-svc
rm-keycloak-svc:
image: ${REGISTRY}rapidminer-keycloak:${KEYCLOAK_VERSION}
restart: always
hostname: rm-keycloak-svc
environment:
- DB_VENDOR=POSTGRES
- DB_ADDR=rm-keycloak-db-svc
- DB_DATABASE=${KC_DB}
- DB_USER=${KC_USER}
- DB_SCHEMA=public
- DB_PASSWORD=${KC_PASSWORD}
- KEYCLOAK_USER=${KEYCLOAK_USER}
- KEYCLOAK_PASSWORD=${KEYCLOAK_PASSWORD}
- PROXY_ADDRESS_FORWARDING=true
depends_on:
- rm-keycloak-db-svc
- rm-proxy-svc
networks:
rm-platform-int-net:
aliases:
- rm-keycloak-svc
rm-idp-db-net:
aliases:
- rm-keycloak-svc
rm-init-svc:
image: ${REGISTRY}rapidminer-deployment-init:${INIT_VERSION}
restart: 'no'
hostname: rm-keycloak-init-svc
depends_on:
- rm-keycloak-svc
- rm-postgresql-svc
environment:
- LEGACY_REST_BASIC_AUTH_ENABLED=${LEGACY_REST_BASIC_AUTH_ENABLED}
- PUBLIC_URL=${PUBLIC_URL}
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
volumes:
- ./.env:/.env
- ./docker-compose.yml:/docker-compose.yml:ro
- keycloak-admin-cli-vol:/root/.keycloak/
- deployed-services-vol:/rapidminer/deployed-services/
networks:
rm-platform-int-net:
aliases:
- rm-init-svc
rm-server-db-net:
aliases:
- rm-init-svc
rm-postgresql-svc:
image: postgres:9.6
hostname: rm-postgresql-svc
restart: always
environment:
- POSTGRES_DB=${SERVER_DBSCHEMA}
- POSTGRES_USER=${SERVER_DBUSER}
- POSTGRES_PASSWORD=${SERVER_DBPASS}
volumes:
- rm-postgresql-vol:/var/lib/postgresql/data
networks:
rm-server-db-net:
aliases:
- rm-postgresql-svc
rm-server-svc:
image: ${REGISTRY}rapidminer-server:${SERVER_VERSION}
hostname: rm-server-svc
restart: always
environment:
- PA_BASE_URL=${PA_BACKEND}
- PA_SYNC_DEBUG=False
- DBHOST=${SERVER_DBHOST}
- DBSCHEMA=${SERVER_DBSCHEMA}
- DBUSER=${SERVER_DBUSER}
- DBPASS=${SERVER_DBPASS}
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
- SSO_IDP_REALM=${SSO_IDP_REALM}
- SSO_CLIENT_ID=${RMSERVER_SSO_CLIENT_ID}
- SSO_CLIENT_SECRET=${RMSERVER_SSO_CLIENT_SECRET}
- SSO_SSL_REQUIRED=${SSO_SSL_REQUIRED}
- LEGACY_REST_BASIC_AUTH_ENABLED=${LEGACY_REST_BASIC_AUTH_ENABLED}
- SERVER_MAX_MEMORY=${SERVER_MAX_MEMORY}
- BROKER_ACTIVEMQ_USERNAME=${BROKER_ACTIVEMQ_USERNAME}
- BROKER_ACTIVEMQ_PASSWORD=${BROKER_ACTIVEMQ_PASSWORD}
- JOBSERVICE_AUTH_SECRET=${AUTH_SECRET}
- JUPYTER_URL_SUFFIX=${JUPYTER_URL_SUFFIX}
- GRAFANA_URL_SUFFIX=${GRAFANA_URL_SUFFIX}
- TZ=${TZ}
volumes:
- rm-server-bootstrap-vol:/bootstrap.d
- rm-server-home-vol:/persistent-rapidminer-home
depends_on:
- rm-postgresql-svc
networks:
jupyterhub-user-net:
aliases:
- rm-server-svc
rm-platform-int-net:
aliases:
- rm-server-svc
rm-server-db-net:
aliases:
- rm-server-svc
rm-server-job-agent-svc:
image: ${REGISTRY}rapidminer-execution-jobagent:${SERVER_VERSION}
hostname: rm-server-job-agent-svc
restart: always
environment:
- RAPIDMINER_SERVER_HOST=${RAPIDMINER_SERVER_HOST}
- RAPIDMINER_SERVER_PROTOCOL=${RAPIDMINER_SERVER_PROTOCOL}
- RAPIDMINER_SERVER_PORT=${RAPIDMINER_SERVER_PORT}
- JOBAGENT_QUEUE_ACTIVEMQ_URI=${JOBAGENT_QUEUE_ACTIVEMQ_URI}
- JOBAGENT_QUEUE_ACTIVEMQ_USERNAME=${BROKER_ACTIVEMQ_USERNAME}
- JOBAGENT_QUEUE_ACTIVEMQ_PASSWORD=${BROKER_ACTIVEMQ_PASSWORD}
- JOBAGENT_AUTH_SECRET=${AUTH_SECRET}
- JOBAGENT_CONTAINER_COUNT=${JOBAGENT_CONTAINER_COUNT}
- JOB_QUEUE=${JOB_QUEUE}
- JOBAGENT_CONTAINER_MEMORYLIMIT=${JOBAGENT_CONTAINER_MEMORYLIMIT}
- RAPIDMINER_JOBAGENT_OPTS=${RAPIDMINER_JOBAGENT_OPTS}
- TZ=${TZ}
volumes:
- rm-server-bootstrap-ja-vol:/bootstrap.d
depends_on:
- rm-server-svc
networks:
rm-platform-int-net:
aliases:
- rm-server-job-agent-svc
platform-admin-webui-svc:
image: ${REGISTRY}rapidminer-platform-admin-webui:${PA_VERSION}
hostname: platform-admin-webui-svc
restart: always
environment:
- PA_URL_SUFFIX=${PA_URL_SUFFIX}
- RTS_SCORING_URL_SUFFIX=${RTS_SCORING_URL_SUFFIX}
- RTS_SCORING_BACKEND=${RTS_SCORING_BACKEND}
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
- SSO_IDP_REALM=${SSO_IDP_REALM}
- SSO_CLIENT_ID=${PA_SSO_CLIENT_ID}
- SSO_CLIENT_SECRET=${PA_SSO_CLIENT_SECRET}
- PA_DISABLE_PYTHON=${PA_DISABLE_PYTHON}
- PA_DISABLE_RTS=${PA_DISABLE_RTS}
- DEBUG=false
volumes:
- platform-admin-uploaded-vol:/var/www/html/uploaded/
networks:
jupyterhub-user-net:
aliases:
- platform-admin-webui-svc
rm-platform-int-net:
aliases:
- platform-admin-webui-svc
rm-jupyterhub-db-svc:
image: postgres:9.6
hostname: rm-jupyterhub-db-svc
restart: always
environment:
- POSTGRES_DB=${JHUB_POSTGRES_DB}
- POSTGRES_USER=${JHUB_POSTGRES_USER}
- POSTGRES_PASSWORD=${JHUB_POSTGRES_PASSWORD}
volumes:
- jupyterhub-postgresql-vol:/var/lib/postgresql/data
networks:
jupyterhub-db-net:
aliases:
- rm-jupyterhub-db-svc
rm-jupyterhub-svc:
image: ${REGISTRY}rapidminer-jupyterhub-jupyterhub:${RM_JUPYTER_VERSION}
hostname: rm-jupyterhub-svc
restart: always
environment:
- JHUB_HOSTNAME=${JHUB_HOSTNAME}
- SERVER_BASE_URL=${RAPIDMINER_SERVER_URL}
- POSTGRES_HOST=${JHUB_POSTGRES_HOST}
- POSTGRES_DB=${JHUB_POSTGRES_DB}
- POSTGRES_USER=${JHUB_POSTGRES_USER}
- POSTGRES_PASSWORD=${JHUB_POSTGRES_PASSWORD}
- DOCKER_NOTEBOOK_IMAGE=${JHUB_DOCKER_NOTEBOOK_IMAGE}
- JUPYTERHUB_CRYPT_KEY=${JUPYTERHUB_CRYPT_KEY}
- DOCKER_NOTEBOOK_CPU_LIMIT=${DOCKER_NOTEBOOK_CPU_LIMIT}
- DOCKER_NOTEBOOK_MEM_LIMIT=${DOCKER_NOTEBOOK_MEM_LIMIT}
- JHUB_DEBUG=${JHUB_DEBUG}
- JHUB_TOKEN_DEBUG=${JHUB_TOKEN_DEBUG}
- JHUB_PROXY_DEBUG=${JHUB_PROXY_DEBUG}
- JHUB_DB_DEBUG=${JHUB_DB_DEBUG}
- JHUB_SPAWNER_DEBUG=${JHUB_SPAWNER_DEBUG}
- JUPYTER_STACK_NAME=${JUPYTER_STACK_NAME}
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
- SSO_IDP_REALM=${SSO_IDP_REALM}
- SSO_CLIENT_ID=${JHUB_SSO_CLIENT_ID}
- SSO_CLIENT_SECRET=${JHUB_SSO_CLIENT_SECRET}
- PUBLIC_URL=${PUBLIC_URL}
- JUPYTER_URL_SUFFIX=${JUPYTER_URL_SUFFIX}
- SSO_USERNAME_KEY=preferred_username
- SSO_RESOURCE_ACCESS_KEY=resource_access
volumes:
- /var/run/docker.sock:/var/run/docker.sock:rw
depends_on:
- rm-jupyterhub-db-svc
- rm-server-svc
networks:
rm-platform-int-net:
aliases:
- rm-jupyterhub-svc
jupyterhub-db-net:
aliases:
- rm-jupyterhub-svc
jupyterhub-user-net:
aliases:
- rm-jupyterhub-svc
rm-grafana-svc:
image: ${REGISTRY}rapidminer-grafana:${RM_GRAFANA_VERSION}
hostname: rm-grafana-svc
restart: always
environment:
- PUBLIC_URL=${PUBLIC_URL}
- GRAFANA_URL_SUFFIX=${GRAFANA_URL_SUFFIX}
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
- SSO_IDP_REALM=${SSO_IDP_REALM}
- SSO_CLIENT_ID=${GRAFANA_SSO_CLIENT_ID}
- SSO_CLIENT_SECRET=${GRAFANA_SSO_CLIENT_SECRET}
- TZ=${TZ}
volumes:
- grafana-home:/var/lib/grafana
depends_on:
- rm-grafana-proxy-svc
networks:
rm-platform-int-net:
aliases:
- rm-grafana-svc
rm-grafana-proxy-svc:
image: ${REGISTRY}rapidminer-grafana-proxy:${RM_GRAFANA_VERSION}
hostname: rm-grafana-proxy-svc
restart: always
environment:
- RAPIDMINER_URL=${RAPIDMINER_SERVER_URL}
depends_on:
- rm-server-svc
networks:
rm-platform-int-net:
aliases:
- rm-grafana-proxy-svc
landing-page:
image: ${REGISTRY}rapidminer-deployment-landing-page:${RM_LANDING_VERSION}
restart: always
hostname: landing-page
environment:
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
- SSO_IDP_REALM=${SSO_IDP_REALM}
- SSO_CLIENT_ID=${LANDING_SSO_CLIENT_ID}
- SSO_CLIENT_SECRET=${LANDING_SSO_CLIENT_SECRET}
- DEBUG=false
volumes:
- rm-landing-page-vol:/var/www/html/uploaded/
- deployed-services-vol:/rapidminer/deployed-services/
networks:
rm-platform-int-net:
aliases:
- landing-page
rm-token-tool-svc:
image: ${REGISTRY}rapidminer-deployment-landing-page:${RM_LANDING_VERSION}
restart: always
hostname: rm-token-tool
environment:
- PUBLIC_URL=${PUBLIC_URL}
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
- SSO_IDP_REALM=${SSO_IDP_REALM}
- SSO_CLIENT_ID=${TOKEN_SSO_CLIENT_ID}
- SSO_CLIENT_SECRET=${TOKEN_SSO_CLIENT_SECRET}
- DEBUG=false
- SSO_CUSTOM_SCOPE=openid info offline_access
- CUSTOM_URL_SUFFIX=${TOKEN_URL_SUFFIX}
- CUSTOM_CONTENT=get-token
volumes:
- rm-token-tool-vol:/var/www/html/uploaded/
networks:
rm-platform-int-net:
aliases:
- rm-token-tool
volumes:
rm-postgresql-vol:
rm-server-bootstrap-vol:
rm-server-home-vol:
rm-server-bootstrap-ja-vol:
platform-admin-uploaded-vol:
jupyterhub-postgresql-vol:
grafana-home:
keycloak-postgresql-vol:
keycloak-admin-cli-vol:
rm-landing-page-vol:
rm-token-tool-vol:
deployed-services-vol:
networks:
rm-platform-int-net:
rm-idp-db-net:
jupyterhub-db-net:
rm-server-db-net:
jupyterhub-user-net:
external:
name: jupyterhub-user-net-${JUPYTER_STACK_NAME}
