Leverage the pre-built images as the default way to start Guardian locally

[Neurone]

Problem description

Multiple users want to run Guardian without major changes and start testing it locally quickly. The default option is to use docker to build from scratch any images. That takes time and, on specific hardware configurations, that can also lead to problems not trivial for new developers to fix.

Leveraging the pre-built images is a fast and ready solution for that.

At the moment, the repo does not contain a pre-build docker compose file, but a template to start from is present in the documentation (https://docs.hedera.com/guardian/guardian/readme/getting-started/installation/building-from-pre-build-containers)

Requirements

• Update docker-compose.yml to leverage pre-built images from the latest release
• Create a docker-compose-build.yml with the same content as the current docker-compose.yml file to allow developers to build images locally via docker
• Update the docs accordingly

Definition of done

• Leveraging the docker pre-built images is the default option for running Guardian from scratch
• If developers follow the documentation, the shortest path leads them to start docker containers leveraging the pre-built images.
• The documentation provides information about how to proceed if developers want to build the docker images locally instead.

Additional context

Here an example of the docker-compose.yml file I'm currently using for the purpose above:

services:
  mongo:
    image: mongo:6.0.13
    command: "--setParameter allowDiskUseByDefault=true"
    restart: always
    expose:
      - 27017

  mongo-express:
    image: mongo-express:1.0.2-20
    expose:
      - 8081
    environment:
      ME_CONFIG_MONGODB_SERVER: mongo
      ME_CONFIG_MONGODB_PORT: 27017
      ME_CONFIG_SITE_BASEURL: /mongo-admin # default credentials: admin/pass
    depends_on:
      - mongo

  ipfs-node:
    image: ipfs/kubo:v0.26.0
    ports:
      - "5001:5001"
      - "4001:4001"
      - "8080:8080"
    volumes:
      - ipfs_data:/data/ipfs:rw
      - ipfs_export:/export:rw

  message-broker:
    image: nats:2.9.24
    expose:
      - 4222
    ports:
      - '8222:8222'
    command: '--http_port 8222'

  vault:
    image: hashicorp/vault:1.12.11
    expose:
      - 8200
    ports:
      - '8200:8200'
    environment:
      VAULT_SERVER: "http://0.0.0.0:8200"
      VAULT_DEV_ROOT_TOKEN_ID: "1234"
    cap_add:
      - IPC_LOCK
    volumes:
      - ./file:/vault/file:rw
      - ./config:/vault/config:rw

  notification-service:
    image: gcr.io/hedera-registry/notification-service:2.23.1
    env_file:
      - ./configs/.env.${GUARDIAN_ENV}.guardian.system
    depends_on:
      - message-broker
    environment:
      - GUARDIAN_ENV=${GUARDIAN_ENV}
    volumes:
      - ./notification-service/configs:/usr/local/notification-service/configs:ro

  logger-service:
    image: gcr.io/hedera-registry/logger-service:2.23.1
    env_file:
      - ./configs/.env.${GUARDIAN_ENV}.guardian.system
    depends_on:
      - message-broker
    environment:
      - GUARDIAN_ENV=${GUARDIAN_ENV}
    expose:
      - 6555
    volumes:
      - ./logger-service/configs:/usr/local/logger-service/configs:ro

  worker-service:
    image: gcr.io/hedera-registry/worker-service:2.23.1
    env_file:
      - ./configs/.env.${GUARDIAN_ENV}.guardian.system
    depends_on:
      ipfs-node:
        condition: service_healthy
      auth-service:
        condition: service_started
    environment:
      - GUARDIAN_ENV=${GUARDIAN_ENV}
    expose:
      - 6555
    volumes:
      - ./worker-service/tls:/usr/local/worker-service/tls:ro
      - ./worker-service/configs:/usr/local/worker-service/configs:ro
    deploy:
      replicas: 2

  auth-service:
    image: gcr.io/hedera-registry/auth-service:2.23.1
    env_file:
      - ./configs/.env.${GUARDIAN_ENV}.guardian.system
    ports:
      - '5005:5005'
    volumes:
      - ./auth-service/tls:/usr/local/auth-service/tls:ro
      - ./auth-service/configs:/usr/local/auth-service/configs:ro
    depends_on:
      - mongo
      - vault
      - message-broker
      - logger-service
    environment:
      - GUARDIAN_ENV=${GUARDIAN_ENV}
    expose:
      - 6555
      - 5005

  api-gateway:
    image: gcr.io/hedera-registry/api-gateway:2.23.1
    env_file:
      - ./configs/.env.${GUARDIAN_ENV}.guardian.system
    expose:
      - 3002
      - 6555
    depends_on:
      - mongo
      - message-broker
      - guardian-service
      - auth-service
      - logger-service
    environment:
      - GUARDIAN_ENV=${GUARDIAN_ENV}
    volumes:
      - ./api-gateway/configs:/usr/local/api-gateway/configs:ro

  ai-service:
    image: gcr.io/hedera-registry/ai-service:2.23.1
    env_file:
      - ./configs/.env.${GUARDIAN_ENV}.guardian.system
    expose:
      - 3013
    depends_on:
      - mongo
      - message-broker
      - logger-service
    volumes:
      - ./ai-service/data:/usr/local/ai-service/data:rw
    environment:
      - GUARDIAN_ENV=${GUARDIAN_ENV}
      - VECTOR_STORAGE_PATH=./faiss-vector
      - DOCS_STORAGE_PATH=./data/generated-data

  policy-service:
    image: gcr.io/hedera-registry/policy-service:2.23.1
    env_file:
      - ./configs/.env.${GUARDIAN_ENV}.guardian.system
    ports:
      - "5006:5006"
    depends_on:
      - mongo
      - message-broker
      - auth-service
      - logger-service
    environment:
      - GUARDIAN_ENV=${GUARDIAN_ENV}
    expose:
      - 50000-60000
      - 5006
    volumes:
      - ./policy-service/tls:/usr/local/policy-service/tls:ro
      - ./policy-service/configs:/usr/local/policy-service/configs:ro

  guardian-service:
    image: gcr.io/hedera-registry/guardian-service:2.23.1
    env_file:
      - ./configs/.env.${GUARDIAN_ENV}.guardian.system
    ports:
      - "5007:5007"
    volumes:
      - ./guardian-service/tls:/usr/local/guardian-service/tls:ro
      - ./guardian-service/configs:/usr/local/guardian-service/configs:ro
    depends_on:
      - mongo
      - message-broker
      - auth-service
      - logger-service
      - worker-service
      - policy-service
    environment:
      - GUARDIAN_ENV=${GUARDIAN_ENV}
    expose:
      - 6555
      - 5007

  application-events:
    image: gcr.io/hedera-registry/application-events:2.23.1
    ports:
      - "3012:3012"
    depends_on:
      - mongo
      - message-broker
      - guardian-service
      - auth-service
      - logger-service
    expose:
    - 3012

  mrv-sender:
    build:
      context: .
      dockerfile: ./mrv-sender/Dockerfile
    init: true
    ports:
      - "5008:5008"
    expose:
      - 3003
      - 5008

  topic-viewer:
    build:
      context: .
      dockerfile: ./topic-viewer/Dockerfile
    init: true
    expose:
      - 3006
      - 5009
    ports:
      - "5009:5009"

  web-proxy:
    build:
      context: .
      dockerfile: ./web-proxy/Dockerfile
    init: true
    ports:
      - "3000:80"
    depends_on:
      - guardian-service
      - auth-service
      - api-gateway
      - mrv-sender
      - mongo-express

  prometheus:
    image: prom/prometheus:v2.44.0
    restart: unless-stopped
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
      - prometheus_data:/prometheus
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--storage.tsdb.path=/prometheus'
      - '--web.console.libraries=/etc/prometheus/console_libraries'
      - '--web.console.templates=/etc/prometheus/consoles'
      - '--web.enable-lifecycle'
    ports:
      - "9090:9090"
    networks:
      - monitoring

  grafana:
    image: grafana/grafana:10.0.10
    volumes:
      - grafana_data:/var/lib/grafana
      - ./grafana/provisioning:/etc/grafana/provisioning
      - ./grafana/dashboards:/etc/grafana/dashboards
    environment:
      - GF_AUTH_DISABLE_LOGIN_FORM=true
      - GF_AUTH_ANONYMOUS_ENABLED=true
      - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
      - GF_SERVER_HTTP_PORT=9080
      - GF_DASHBOARDS_DEFAULT_HOME_DASHBOARD_PATH=/etc/grafana/dashboards/prometheus-dashboard.json
    ports:
      - "9080:9080"
    networks:
      - monitoring

volumes:
  prometheus_data:
  grafana_data:
  ipfs_data:
  ipfs_export:

networks:
  monitoring:
    driver: bridge

[bbosch-d]

Can confirm building from scratch was (and continues to be) a hurlde for me.

That said, the pre built docker images are not available for ARM so the docker-compose you posted will not work for some Macs and other non x86 machines.

[Neurone]

Yes, that example is for Linux, but you can make it work for M1 by adding the platform: linux/amd64 after the image attribute.

See docs here: https://docs.hedera.com/guardian/guardian/readme/getting-started/installation/building-from-pre-build-containers#docker-compose-configuration-for-apple-m1-using-images

  guardian-service:
    image: gcr.io/hedera-registry/guardian-service:2.23.1
    platform: linux/amd64
    env_file:
      - ./configs/.env.${GUARDIAN_ENV}.guardian.system
    ports:
      - "5007:5007"
    volumes:
      - ./guardian-service/tls:/usr/local/guardian-service/tls:ro
      - ./guardian-service/configs:/usr/local/guardian-service/configs:ro
    depends_on:
      - mongo
      - message-broker
      - auth-service
      - logger-service
      - worker-service
      - policy-service
    environment:
      - GUARDIAN_ENV=${GUARDIAN_ENV}
    expose:
      - 6555
      - 5007

In that way, you are actually running the container in emulation mode, so not the best for performance but enough for local development.

We can definitely think about introducing also a specific build for ARM chip, but I think we need to tweak with the GitHub build pipeline, I'm not sure our GitHub already offer a MacOS env for the build. It's worth digging more.