Skip to content

feat: bundle XTM One in the default stack#130

Open
azubiolo-filigran wants to merge 3 commits into
masterfrom
feat/xtm-one-default
Open

feat: bundle XTM One in the default stack#130
azubiolo-filigran wants to merge 3 commits into
masterfrom
feat/xtm-one-default

Conversation

@azubiolo-filigran
Copy link
Copy Markdown
Member

@azubiolo-filigran azubiolo-filigran commented May 28, 2026

Testing: OpenAEV + XTM One Docker Setup

Steps to reproduce

# 1. Clone repos side-by-side
git clone git@github.com:OpenAEV-Platform/docker.git openaev-docker
git clone git@github.com:XTM-One-Platform/xtm-one.git xtm-one
cd openaev-docker
git checkout feat/xtm-one-default

# 2. Create .env from sample
cp .env.sample .env
sed -i "s/OPENAEV_ADMIN_TOKEN=00000000-0000-0000-0000-000000000000/OPENAEV_ADMIN_TOKEN=$(uuidgen)/" .env
sed -i "s/XTM_ONE_SECRET_KEY=ChangeMeWithGeneratedRandomString/XTM_ONE_SECRET_KEY=$(openssl rand -hex 32)/" .env

# 3. Build and start
docker compose up -d --build

# 4. Wait (~2-3 min) then verify
docker compose ps  # all services healthy

Note: The compose file has build: context: ../xtm-one directives for xtm-one and xtm-one-worker services. This requires the xtm-one repo cloned adjacent to this repo. Alternatively, remove the build: blocks and pull a pre-built image.

Credentials

Service URL Email Password
OpenAEV http://localhost:8080 admin@openaev.io changeme
XTM One http://localhost:4000 admin@openaev.io changeme

Key fixes in this commit

  1. OPENAEV_BASE-URL=http://openaev:8080 — JWT audience validation must match the internal hostname
  2. BASE_URL=http://xtm-one:4000 — JWT issuer + JWKS fetch must use internal hostname
  3. XTM_ONE_ADMIN_EMAIL=admin@openaev.io — must match OpenAEV admin so JWT email resolves
  4. Build directivesbuild: context: ../xtm-one for local builds without registry access

Dependency

Requires XTM-One-Platform/xtm-one#1070 (fix/platform-registration-api-url-override) — adds OPENAEV_API_URL env var support so the registration stores the internal Docker URL instead of the platform-reported external URL.

Status

  • ⚠️ OpenAEV JVM did not fully start during testing (stuck after banner, no Spring Boot logs after 3+ min). Likely a resource/config issue unrelated to XTM One integration. The XTM One side starts correctly.
  • The JWT auth fix pattern is identical to what was verified working on the OpenCTI docker stack.

@azubiolo-filigran
feat: bundle XTM One in the default stack
2979d68 
Adds XTM One alongside OpenAEV in the default compose:

- New pgsql-copilot service (pgvector/pgvector:pg17) for XTM One's
  vector store, with dedicated credentials (kept separate from the
  OpenAEV pg cluster).
- New redis service (required by XTM One for queues, cache,
  websockets) \u2014 OpenAEV itself does not need it.
- New xtm-one + xtm-one-worker services on port 4000, sharing the
  existing minio.
- PLATFORM_REGISTRATION_TOKEN shared secret plumbed into the openaev
  service (OPENAEV_XTM_ONE_URL / OPENAEV_XTM_ONE_TOKEN) and into XTM
  One (OPENAEV_* federation env vars).
- .env.sample documents the new XTM ONE block.

Refs XTM-One-Platform/xtm-one#1011
@azubiolo-filigran
fix: align BASE_URL, add build context, fix admin email
703dc03 
- Set OPENAEV_BASE-URL to internal hostname (http://openaev:8080)
- Set BASE_URL to internal hostname (http://xtm-one:4000)
- Add build directives for xtm-one and xtm-one-worker (context: ../xtm-one)
- Align XTM_ONE_ADMIN_EMAIL with OPENAEV_ADMIN_EMAIL in .env.sample
@azubiolo-filigran
fix: use actuator health endpoint and add ES URI for health check
cf9d789 
- Switch healthcheck from /api/health to /actuator/health/ping (the custom
  endpoint returns 503 even when the platform is operational)
- Add SPRING_ELASTICSEARCH_URIS so Spring's health indicator connects to
  the correct ES instance
- Disable mail health indicator (no real SMTP in dev stack)
- Add start_period=120s to give OpenAEV time to boot
@gregoirelafay gregoirelafay self-requested a review May 28, 2026 14:01
gregoirelafay
gregoirelafay approved these changes May 28, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@gregoirelafay gregoirelafay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tested locally, LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gregoirelafay gregoirelafay gregoirelafay approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@azubiolo-filigran @gregoirelafay