[docker] Bundle XTM One in the default stack#131
Open
SamuelHassine wants to merge 5 commits into
Open
Conversation
Adds XTM One alongside OpenAEV in the default compose stack:
- New redis service (required by XTM One) and a dedicated
pgsql-xtm-one service (pgvector/pgvector:pg17) with its own
credentials and volume, isolated from the OpenAEV pg cluster.
- New xtm-one + xtm-one-worker services (published filigran images),
reusing the existing minio.
- xtm-one exposed on host port 8090; BASE_URL and FRONTEND_URL both
resolve to the templated
${XTM_ONE_EXTERNAL_SCHEME}://${XTM_ONE_HOST}:${XTM_ONE_PORT}.
- OpenAEV wired to XTM One via OPENAEV_XTM_ONE_URL / OPENAEV_XTM_ONE_TOKEN
and the shared PLATFORM_REGISTRATION_TOKEN.
- .env.sample documents the XTM ONE block and the mandatory-to-rotate
PLATFORM_REGISTRATION_TOKEN.
The XTM One images are published on Docker Hub as xtmone/platform and xtmone/worker, not filigran/xtm-one(-worker).
Use admin@filigran.io as the default admin email for OpenAEV and XTM One in .env.sample (with a default password) so the shared JWT email claim resolves on the platform. Admin emails live in .env.sample only; none are hard-coded in the compose file. Unify the XTM One comments to match the other docker repos.
There was a problem hiding this comment.
Pull request overview
Bundles XTM One into the default Compose stack so a single docker compose up -d starts OpenAEV alongside XTM One. Adds the supporting infrastructure (Redis, dedicated pgvector Postgres) and wires OpenAEV to XTM One via a shared registration token.
Changes:
- Add
redis,pgsql-xtm-one,xtm-one, andxtm-one-workerservices plusredisdata/pgsqlxtmonedatavolumes indocker-compose.yml, and wire OpenAEV withOPENAEV_XTM_ONE_URL/OPENAEV_XTM_ONE_TOKEN. - Add a new
XTM ONEblock and a sharedPLATFORM_REGISTRATION_TOKENto.env.sample. - Replace blank
OPENAEV_ADMIN_EMAIL/OPENAEV_ADMIN_PASSWORDplaceholders with default values (admin@filigran.io/changeme).
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| docker-compose.yml | Adds Redis, dedicated pgvector Postgres, XTM One platform/worker services, related volumes, and OpenAEV→XTM One wiring. |
| .env.sample | Documents new XTM One variables and PLATFORM_REGISTRATION_TOKEN; gives OpenAEV admin email/password concrete defaults. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Use xtmone/platform:latest and xtmone/worker:latest directly, matching the opencti/platform:latest convention, and drop the XTM_ONE_VERSION variable from .env.sample.
Use curl for the XTM One healthcheck (the xtmone/platform image ships curl, not wget), matching the HTTP-probe style of the other services.
Member
Author
|
All review threads addressed and resolved.
Note: I can't self-approve this PR (I opened it) — it needs a maintainer approval to merge. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed changes
Adds XTM One alongside OpenAEV in the default compose stack so
docker compose up -dbrings up the AI assistant next to the platform.redisservice (required by XTM One) and a dedicatedpgsql-xtm-oneservice (pgvector/pgvector:pg17) with its own credentials and volume, isolated from the OpenAEV pg cluster.xtm-oneandxtm-one-workerservices pulled from the publishedxtmone/platform:latestandxtmone/worker:latestimages (hub.docker.com/u/xtmone), reusing the existingminio. Images are pinned to:latestlikeopenaev/platform.xtm-oneis exposed on host port8090;BASE_URLandFRONTEND_URLboth resolve to the templated${XTM_ONE_EXTERNAL_SCHEME}://${XTM_ONE_HOST}:${XTM_ONE_PORT}(no hard-coded internal hostnames). Its healthcheck usescurl(present in the image;wgetis not).OPENAEV_XTM_ONE_URL/OPENAEV_XTM_ONE_TOKENand the sharedPLATFORM_REGISTRATION_TOKEN..env.sampledocuments the newXTM ONEblock and the mandatory-to-rotatePLATFORM_REGISTRATION_TOKEN. Admin email defaults toadmin@filigran.io.This mirrors the unified
xtm-dockerstack (FiligranHQ/xtm-docker#15); the OpenCTI docker repo receives the same treatment via OpenCTI-Platform/docker#578.Related issues