feat: bundle XTM One in the default stack#574
Open
azubiolo-filigran wants to merge 1 commit into
Open
Conversation
|
Thank you for your contribution, but we need you to sign your commits. Please see https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits |
Adds XTM One alongside OpenCTI in the default compose: - New pgsql-copilot service (pgvector/pgvector:pg17) for XTM One's vector store, with dedicated credentials. - New xtm-one + xtm-one-worker services on port 4000, sharing the existing redis and minio. - PLATFORM_REGISTRATION_TOKEN shared secret plumbed into the opencti service (XTM__XTM_ONE_URL / XTM__XTM_ONE_TOKEN) and into XTM One (OPENCTI_* federation env vars). - .env.sample documents the new XTM ONE block. Refs XTM-One-Platform/xtm-one#1011
azubiolo-filigran
force-pushed
the
feat/xtm-one-default
branch
from
5e4bc64 to
ff2ee3a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Objective
Adds XTM One alongside OpenCTI in the default Docker stack so
docker compose up -dbrings the full XTM One + OpenCTI experience by default.Refs XTM-One-Platform/xtm-one#1011. Companion PRs:
Changes
New services
pgsql-copilot(pgvector/pgvector:pg17) — Postgres+pgvector instance dedicated to XTM One, with its own credentials.xtm-one— exposes the XTM One UI/API on${XTM_ONE_PORT}(default4000), reuses the existingredisandminio.xtm-one-worker— async worker, depends onxtm-onebeing healthy.Inter-platform wiring
PLATFORM_REGISTRATION_TOKENshared secret.openctiservice now receivesXTM__XTM_ONE_URL/XTM__XTM_ONE_TOKEN.xtm-oneservice receivesOPENCTI_*federation env vars (URL, internal API URL, admin token).Documentation
.env.samplegets a newXTM ONEblock documenting admin credentials, image tag, dedicated Postgres credentials, S3 bucket, optional license, and the sharedPLATFORM_REGISTRATION_TOKEN.Scope
docker-compose.ymlis touched.docker-compose.dev.ymlanddocker-compose.opensearch.ymlare intentionally left alone for now and will be handled in follow-ups if needed.Verification
The same configuration has been validated end-to-end inside the unified xtm-docker stack (companion PR FiligranHQ/xtm-docker#15): all services reach
healthy, OpenCTI and XTM One register successfully viaPLATFORM_REGISTRATION_TOKEN, and cross-platform features work as expected.Notes
OPENCTI_ENCRYPTION_KEYmust be a 32-byte base64 string (openssl rand -base64 32), not a UUID. The placeholder in.env.samplealready hints at this; happy to add a more explicit comment if reviewers want.FiligranHQ/xtm-docker(canonical source). Keeping it minimal so future syncs stay easy.