You are viewing the RapidMiner Deployment documentation for version 9.7 - Check here for latest version
Basic production template
The template defined below is meant for a typical production environment.
Use it to deploy RapidMiner AI Hub on a single host, with the following components:
- 1 RapidMiner AI Hub instance
- 3 RapidMiner Job Agents
- Postgres database
- Platform Admin
- 1 JupyterHub instance
- 1 Dashboards instance
- 1 KeyCloak instance
For a detailed description of every Docker image, see the image reference.
System requirements
Minimum recommended hardware configuration
The amount of memory needed depends heavily on the amount of data that will be processed by RapidMiner AI Hub. By themselves, the RapidMiner services can run with as little as 8GB. However, in production environments, we recommend 32GB or more depending on user data, in order to provide users with enough capacity to analyze data from realistic use cases.
Each virtual or physical machine should at least have:
- Quad core
- 32GB RAM
- >20GB free disk space
If you are using Docker Desktop for Windows (or Mac), please make sure that you have allocated enough memory. The default setting in Docker Desktop is too low for RapidMiner AI Hub.
Instructions
You will need the following two files, included in the ZIP file in step (1).
Proceed as follows:
Remember to set the variables
PUBLIC_URLandSSO_PUBLIC_URLin the .env file.
The environment file (.env)
# ############################################ # # Global parameters # # ############################################ # Public URL of the deployment that will be used for external access PUBLIC_URL=https://platform.rapidminer.com # Public URL of the SSO endpoint that will be used for external access. In most cases it should be the same as the PUBLIC_URL SSO_PUBLIC_URL=https://platform.rapidminer.com # Enable/disable the service build into the RapidMiner cloud images, that updates the PUBLIC_URL and SSO_PUBLIC_URL variables to the new dynamic cloud hostname/IP address # Enable/disable the Legacy BASIC authentication support for REST endpoints, like webservices. LEGACY_REST_BASIC_AUTH_ENABLED=false # Timezone setting TZ=UTC # ############################################ # # Deployment parameters # # ############################################ REGISTRY=rapidminer/ INIT_VERSION=9.7 # ############################################ # # KeyCloak (SSO) # # ############################################ KEYCLOAK_VERSION=9.7 KC_DB=kcdb KC_USER=kcdbuser KC_PASSWORD=kcdbpass KEYCLOAK_USER=admin KEYCLOAK_PASSWORD=changeit SSO_IDP_REALM=master SSO_SSL_REQUIRED=external USER_MIGRATION_ENABLED=True USER_MIGRATION_DRY_RUN=False # ############################################ # # Rapidminer server # # ############################################ SERVER_VERSION=9.7 SERVER_DBHOST=rm-postgresql-svc SERVER_DBSCHEMA=rapidminer-server-db SERVER_DBUSER=rmserver-db-user SERVER_DBPASS=w61J784XSb24K4LRV97MbE16i8xa9O SERVER_MAX_MEMORY=2048M RMSERVER_SSO_CLIENT_ID=urn:rapidminer:server RMSERVER_SSO_CLIENT_SECRET= RAPIDMINER_SERVER_HOST=rm-server-svc RAPIDMINER_SERVER_PORT=8080 RAPIDMINER_SERVER_URL=http://rm-server-svc:8080 AUTH_SECRET=TTY5MjUxbzRBN2ZIWThpNGVKNGo4V2xqOHk0dTNV BROKER_ACTIVEMQ_USERNAME=amq-user BROKER_ACTIVEMQ_PASSWORD=M69251o4A7fHY8i4eJ4j8Wlj8y4u3U # ############################################ # # Job Agent # # ############################################ JOBAGENT_QUEUE_ACTIVEMQ_URI=failover:(tcp://rm-server-svc:5672) JOBAGENT_CONTAINER_COUNT=2 JOB_QUEUE=DEFAULT JOBAGENT_CONTAINER_MEMORYLIMIT=2048 RAPIDMINER_JOBAGENT_OPTS="-Djobagent.python.registryBaseUrl=http://platform-admin-webui-svc:82/" RAPIDMINER_SERVER_PROTOCOL=http # ############################################ # # Proxy # # ############################################ PROXY_VERSION=9.7 JUPYTER_BACKEND=http://rm-jupyterhub-svc:8000 JUPYTER_URL_SUFFIX=/jupyter GRAFANA_BACKEND=http://rm-grafana-svc:3000 GRAFANA_URL_SUFFIX=/grafana PA_BACKEND=http://platform-admin-webui-svc:82/ PA_URL_SUFFIX=/platform-admin RTS_WEBUI_BACKEND=http://platform-admin-webui-svc:82/ RTS_WEBUI_URL_SUFFIX=/rts-admin RTS_SCORING_BACKEND=http://rts-agent-svc:8090/ RTS_SCORING_URL_SUFFIX=/rts KEYCLOAK_BACKEND=http://rm-keycloak-svc:8080 LANDING_BACKEND=http://landing-page TOKEN_BACKEND=http://rm-token-tool-svc TOKEN_URL_SUFFIX=/get-token HTTPS_CRT_PATH=/etc/nginx/ssl/certificate.crt HTTPS_KEY_PATH=/etc/nginx/ssl/private.key HTTPS_DH_PATH=/etc/nginx/ssl/dhparam.pem # ############################################ # # Jupyterhub # # ############################################ RM_JUPYTER_VERSION=9.7 JHUB_DOCKER_NOTEBOOK_IMAGE=rapidminer/rapidminer-jupyter_notebook:9.7 JHUB_POSTGRES_HOST=rm-jupyterhub-db-svc JHUB_POSTGRES_DB=jupyterhub JHUB_POSTGRES_USER=jupyterhubdbuser JHUB_POSTGRES_PASSWORD=FoExRExzQsL7UpgEYa5sO7mhiGhi3ne JHUB_HOSTNAME=rm-jupyterhub-svc JUPYTERHUB_CRYPT_KEY=e0084caa38f521cc985d675168bcf7b7137cf5b0d4a3e8b99d2e3542705584eb JHUB_DEBUG=False JHUB_TOKEN_DEBUG=False JHUB_PROXY_DEBUG=False JHUB_DB_DEBUG=False JHUB_SPAWNER_DEBUG=False DOCKER_NOTEBOOK_CPU_LIMIT=100 DOCKER_NOTEBOOK_MEM_LIMIT=2g JHUB_SSO_CLIENT_ID=urn:rapidminer:jupyterhub JHUB_SSO_CLIENT_SECRET= JUPYTER_STACK_NAME=default # ############################################ # # Platform admin # # ############################################ PA_VERSION=9.7 PA_SSO_CLIENT_ID=urn:rapidminer:platform-admin PA_SSO_CLIENT_SECRET= PA_DISABLE_PYTHON=false PA_DISABLE_RTS=true # ############################################ # # Grafana # # ############################################ RM_GRAFANA_VERSION=9.7 GRAFANA_SSO_CLIENT_ID=urn:rapidminer:grafana GRAFANA_SSO_CLIENT_SECRET= # ############################################ # # Landing page # # ############################################ RM_LANDING_VERSION=9.7 LANDING_SSO_CLIENT_ID=urn:rapidminer:landing-page LANDING_SSO_CLIENT_SECRET= # ############################################ # # Token Tool # # ############################################ TOKEN_SSO_CLIENT_ID=urn:rapidminer:token-tool TOKEN_SSO_CLIENT_SECRET=
The docker-compose definition (docker-compose.yml)
version: '3'
services:
rm-proxy-svc:
image: ${REGISTRY}rapidminer-proxy:${PROXY_VERSION}
hostname: rm-proxy-svc
restart: always
environment:
- KEYCLOAK_BACKEND=${KEYCLOAK_BACKEND}
- RMSERVER_BACKEND=${RAPIDMINER_SERVER_URL}
- JUPYTER_BACKEND=${JUPYTER_BACKEND}
- JUPYTER_URL_SUFFIX=${JUPYTER_URL_SUFFIX}
- GRAFANA_BACKEND=${GRAFANA_BACKEND}
- GRAFANA_URL_SUFFIX=${GRAFANA_URL_SUFFIX}
- PA_BACKEND=${PA_BACKEND}
- PA_URL_SUFFIX=${PA_URL_SUFFIX}
- TOKEN_BACKEND=${TOKEN_BACKEND}
- TOKEN_URL_SUFFIX=${TOKEN_URL_SUFFIX}
- RTS_WEBUI_BACKEND=${RTS_WEBUI_BACKEND}
- RTS_WEBUI_URL_SUFFIX=${RTS_WEBUI_URL_SUFFIX}
- RTS_SCORING_BACKEND=${RTS_SCORING_BACKEND}
- RTS_SCORING_URL_SUFFIX=${RTS_SCORING_URL_SUFFIX}
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
- SSO_IDP_REALM=${SSO_IDP_REALM}
- RTS_BASIC_AUTH=true
- LANDING_BACKEND=${LANDING_BACKEND}
- HTTPS_CRT_PATH=${HTTPS_CRT_PATH}
- HTTPS_KEY_PATH=${HTTPS_KEY_PATH}
- HTTPS_DH_PATH=${HTTPS_DH_PATH}
ports:
- 80:80
- 443:443
networks:
rm-platform-int-net:
aliases:
- rm-proxy-svc
volumes:
- ./ssl:/etc/nginx/ssl
- platform-admin-uploaded-vol:/rapidminer/platform-admin/uploaded/
rm-keycloak-db-svc:
image: postgres:9.6
restart: always
hostname: rm-keycloak-db-svc
environment:
- POSTGRES_DB=${KC_DB}
- POSTGRES_USER=${KC_USER}
- POSTGRES_PASSWORD=${KC_PASSWORD}
volumes:
- keycloak-postgresql-vol:/var/lib/postgresql/data
networks:
rm-idp-db-net:
aliases:
- rm-keycloak-db-svc
rm-keycloak-svc:
image: ${REGISTRY}rapidminer-keycloak:${KEYCLOAK_VERSION}
restart: always
hostname: rm-keycloak-svc
environment:
- DB_VENDOR=POSTGRES
- DB_ADDR=rm-keycloak-db-svc
- DB_DATABASE=${KC_DB}
- DB_USER=${KC_USER}
- DB_SCHEMA=public
- DB_PASSWORD=${KC_PASSWORD}
- KEYCLOAK_USER=${KEYCLOAK_USER}
- KEYCLOAK_PASSWORD=${KEYCLOAK_PASSWORD}
- PROXY_ADDRESS_FORWARDING=true
depends_on:
- rm-keycloak-db-svc
- rm-proxy-svc
networks:
rm-platform-int-net:
aliases:
- rm-keycloak-svc
rm-idp-db-net:
aliases:
- rm-keycloak-svc
rm-init-svc:
image: ${REGISTRY}rapidminer-deployment-init:${INIT_VERSION}
restart: 'no'
hostname: rm-keycloak-init-svc
depends_on:
- rm-keycloak-svc
- rm-postgresql-svc
environment:
- LEGACY_REST_BASIC_AUTH_ENABLED=${LEGACY_REST_BASIC_AUTH_ENABLED}
- PUBLIC_URL=${PUBLIC_URL}
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
volumes:
- ./.env:/.env
- ./docker-compose.yml:/docker-compose.yml:ro
- keycloak-admin-cli-vol:/root/.keycloak/
- deployed-services-vol:/rapidminer/deployed-services/
networks:
rm-platform-int-net:
aliases:
- rm-init-svc
rm-server-db-net:
aliases:
- rm-init-svc
rm-postgresql-svc:
image: postgres:9.6
hostname: rm-postgresql-svc
restart: always
environment:
- POSTGRES_DB=${SERVER_DBSCHEMA}
- POSTGRES_USER=${SERVER_DBUSER}
- POSTGRES_PASSWORD=${SERVER_DBPASS}
volumes:
- rm-postgresql-vol:/var/lib/postgresql/data
networks:
rm-server-db-net:
aliases:
- rm-postgresql-svc
rm-server-svc:
image: ${REGISTRY}rapidminer-server:${SERVER_VERSION}
hostname: rm-server-svc
restart: always
environment:
- PA_BASE_URL=${PA_BACKEND}
- PA_SYNC_DEBUG=False
- DBHOST=${SERVER_DBHOST}
- DBSCHEMA=${SERVER_DBSCHEMA}
- DBUSER=${SERVER_DBUSER}
- DBPASS=${SERVER_DBPASS}
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
- SSO_IDP_REALM=${SSO_IDP_REALM}
- SSO_CLIENT_ID=${RMSERVER_SSO_CLIENT_ID}
- SSO_CLIENT_SECRET=${RMSERVER_SSO_CLIENT_SECRET}
- SSO_SSL_REQUIRED=${SSO_SSL_REQUIRED}
- LEGACY_REST_BASIC_AUTH_ENABLED=${LEGACY_REST_BASIC_AUTH_ENABLED}
- SERVER_MAX_MEMORY=${SERVER_MAX_MEMORY}
- BROKER_ACTIVEMQ_USERNAME=${BROKER_ACTIVEMQ_USERNAME}
- BROKER_ACTIVEMQ_PASSWORD=${BROKER_ACTIVEMQ_PASSWORD}
- JOBSERVICE_AUTH_SECRET=${AUTH_SECRET}
- JUPYTER_URL_SUFFIX=${JUPYTER_URL_SUFFIX}
- GRAFANA_URL_SUFFIX=${GRAFANA_URL_SUFFIX}
- TZ=${TZ}
volumes:
- rm-server-bootstrap-vol:/bootstrap.d
- rm-server-home-vol:/persistent-rapidminer-home
depends_on:
- rm-postgresql-svc
networks:
jupyterhub-user-net:
aliases:
- rm-server-svc
rm-platform-int-net:
aliases:
- rm-server-svc
rm-server-db-net:
aliases:
- rm-server-svc
rm-server-job-agent-svc:
image: ${REGISTRY}rapidminer-execution-jobagent:${SERVER_VERSION}
hostname: rm-server-job-agent-svc
restart: always
environment:
- RAPIDMINER_SERVER_HOST=${RAPIDMINER_SERVER_HOST}
- RAPIDMINER_SERVER_PROTOCOL=${RAPIDMINER_SERVER_PROTOCOL}
- RAPIDMINER_SERVER_PORT=${RAPIDMINER_SERVER_PORT}
- JOBAGENT_QUEUE_ACTIVEMQ_URI=${JOBAGENT_QUEUE_ACTIVEMQ_URI}
- JOBAGENT_QUEUE_ACTIVEMQ_USERNAME=${BROKER_ACTIVEMQ_USERNAME}
- JOBAGENT_QUEUE_ACTIVEMQ_PASSWORD=${BROKER_ACTIVEMQ_PASSWORD}
- JOBAGENT_AUTH_SECRET=${AUTH_SECRET}
- JOBAGENT_CONTAINER_COUNT=${JOBAGENT_CONTAINER_COUNT}
- JOB_QUEUE=${JOB_QUEUE}
- JOBAGENT_CONTAINER_MEMORYLIMIT=${JOBAGENT_CONTAINER_MEMORYLIMIT}
- RAPIDMINER_JOBAGENT_OPTS=${RAPIDMINER_JOBAGENT_OPTS}
- TZ=${TZ}
volumes:
- rm-server-bootstrap-ja-vol:/bootstrap.d
depends_on:
- rm-server-svc
networks:
rm-platform-int-net:
aliases:
- rm-server-job-agent-svc
platform-admin-webui-svc:
image: ${REGISTRY}rapidminer-platform-admin-webui:${PA_VERSION}
hostname: platform-admin-webui-svc
restart: always
environment:
- PA_URL_SUFFIX=${PA_URL_SUFFIX}
- RTS_SCORING_URL_SUFFIX=${RTS_SCORING_URL_SUFFIX}
- RTS_SCORING_BACKEND=${RTS_SCORING_BACKEND}
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
- SSO_IDP_REALM=${SSO_IDP_REALM}
- SSO_CLIENT_ID=${PA_SSO_CLIENT_ID}
- SSO_CLIENT_SECRET=${PA_SSO_CLIENT_SECRET}
- PA_DISABLE_PYTHON=${PA_DISABLE_PYTHON}
- PA_DISABLE_RTS=${PA_DISABLE_RTS}
- DEBUG=false
volumes:
- platform-admin-uploaded-vol:/var/www/html/uploaded/
networks:
jupyterhub-user-net:
aliases:
- platform-admin-webui-svc
rm-platform-int-net:
aliases:
- platform-admin-webui-svc
rm-jupyterhub-db-svc:
image: postgres:9.6
hostname: rm-jupyterhub-db-svc
restart: always
environment:
- POSTGRES_DB=${JHUB_POSTGRES_DB}
- POSTGRES_USER=${JHUB_POSTGRES_USER}
- POSTGRES_PASSWORD=${JHUB_POSTGRES_PASSWORD}
volumes:
- jupyterhub-postgresql-vol:/var/lib/postgresql/data
networks:
jupyterhub-db-net:
aliases:
- rm-jupyterhub-db-svc
rm-jupyterhub-svc:
image: ${REGISTRY}rapidminer-jupyterhub-jupyterhub:${RM_JUPYTER_VERSION}
hostname: rm-jupyterhub-svc
restart: always
environment:
- JHUB_HOSTNAME=${JHUB_HOSTNAME}
- SERVER_BASE_URL=${RAPIDMINER_SERVER_URL}
- POSTGRES_HOST=${JHUB_POSTGRES_HOST}
- POSTGRES_DB=${JHUB_POSTGRES_DB}
- POSTGRES_USER=${JHUB_POSTGRES_USER}
- POSTGRES_PASSWORD=${JHUB_POSTGRES_PASSWORD}
- DOCKER_NOTEBOOK_IMAGE=${JHUB_DOCKER_NOTEBOOK_IMAGE}
- JUPYTERHUB_CRYPT_KEY=${JUPYTERHUB_CRYPT_KEY}
- DOCKER_NOTEBOOK_CPU_LIMIT=${DOCKER_NOTEBOOK_CPU_LIMIT}
- DOCKER_NOTEBOOK_MEM_LIMIT=${DOCKER_NOTEBOOK_MEM_LIMIT}
- JHUB_DEBUG=${JHUB_DEBUG}
- JHUB_TOKEN_DEBUG=${JHUB_TOKEN_DEBUG}
- JHUB_PROXY_DEBUG=${JHUB_PROXY_DEBUG}
- JHUB_DB_DEBUG=${JHUB_DB_DEBUG}
- JHUB_SPAWNER_DEBUG=${JHUB_SPAWNER_DEBUG}
- JUPYTER_STACK_NAME=${JUPYTER_STACK_NAME}
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
- SSO_IDP_REALM=${SSO_IDP_REALM}
- SSO_CLIENT_ID=${JHUB_SSO_CLIENT_ID}
- SSO_CLIENT_SECRET=${JHUB_SSO_CLIENT_SECRET}
- PUBLIC_URL=${PUBLIC_URL}
- JUPYTER_URL_SUFFIX=${JUPYTER_URL_SUFFIX}
- SSO_USERNAME_KEY=preferred_username
- SSO_RESOURCE_ACCESS_KEY=resource_access
volumes:
- /var/run/docker.sock:/var/run/docker.sock:rw
depends_on:
- rm-jupyterhub-db-svc
- rm-server-svc
networks:
rm-platform-int-net:
aliases:
- rm-jupyterhub-svc
jupyterhub-db-net:
aliases:
- rm-jupyterhub-svc
jupyterhub-user-net:
aliases:
- rm-jupyterhub-svc
rm-grafana-svc:
image: ${REGISTRY}rapidminer-grafana:${RM_GRAFANA_VERSION}
hostname: rm-grafana-svc
restart: always
environment:
- PUBLIC_URL=${PUBLIC_URL}
- GRAFANA_URL_SUFFIX=${GRAFANA_URL_SUFFIX}
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
- SSO_IDP_REALM=${SSO_IDP_REALM}
- SSO_CLIENT_ID=${GRAFANA_SSO_CLIENT_ID}
- SSO_CLIENT_SECRET=${GRAFANA_SSO_CLIENT_SECRET}
- TZ=${TZ}
volumes:
- grafana-home:/var/lib/grafana
depends_on:
- rm-grafana-proxy-svc
networks:
rm-platform-int-net:
aliases:
- rm-grafana-svc
rm-grafana-proxy-svc:
image: ${REGISTRY}rapidminer-grafana-proxy:${RM_GRAFANA_VERSION}
hostname: rm-grafana-proxy-svc
restart: always
environment:
- RAPIDMINER_URL=${RAPIDMINER_SERVER_URL}
depends_on:
- rm-server-svc
networks:
rm-platform-int-net:
aliases:
- rm-grafana-proxy-svc
landing-page:
image: ${REGISTRY}rapidminer-deployment-landing-page:${RM_LANDING_VERSION}
restart: always
hostname: landing-page
environment:
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
- SSO_IDP_REALM=${SSO_IDP_REALM}
- SSO_CLIENT_ID=${LANDING_SSO_CLIENT_ID}
- SSO_CLIENT_SECRET=${LANDING_SSO_CLIENT_SECRET}
- DEBUG=false
volumes:
- rm-landing-page-vol:/var/www/html/uploaded/
- deployed-services-vol:/rapidminer/deployed-services/
networks:
rm-platform-int-net:
aliases:
- landing-page
rm-token-tool-svc:
image: ${REGISTRY}rapidminer-deployment-landing-page:${RM_LANDING_VERSION}
restart: always
hostname: rm-token-tool
environment:
- PUBLIC_URL=${PUBLIC_URL}
- SSO_PUBLIC_URL=${SSO_PUBLIC_URL}
- SSO_IDP_REALM=${SSO_IDP_REALM}
- SSO_CLIENT_ID=${TOKEN_SSO_CLIENT_ID}
- SSO_CLIENT_SECRET=${TOKEN_SSO_CLIENT_SECRET}
- DEBUG=false
- SSO_CUSTOM_SCOPE=openid info offline_access
- CUSTOM_URL_SUFFIX=${TOKEN_URL_SUFFIX}
- CUSTOM_CONTENT=get-token
volumes:
- rm-token-tool-vol:/var/www/html/uploaded/
networks:
rm-platform-int-net:
aliases:
- rm-token-tool
volumes:
rm-postgresql-vol:
rm-server-bootstrap-vol:
rm-server-home-vol:
rm-server-bootstrap-ja-vol:
platform-admin-uploaded-vol:
jupyterhub-postgresql-vol:
grafana-home:
keycloak-postgresql-vol:
keycloak-admin-cli-vol:
rm-landing-page-vol:
rm-token-tool-vol:
deployed-services-vol:
networks:
rm-platform-int-net:
rm-idp-db-net:
jupyterhub-db-net:
rm-server-db-net:
jupyterhub-user-net:
external:
name: jupyterhub-user-net-${JUPYTER_STACK_NAME}