Create a project directory for Horizon core and create a docker-compose.yml file. mkdir minion cd minion vi docker-compose.yml --- version: '3' services: minion: image: opennms/minion:bleeding container_name: minion(1) environment: TZ: 'America/New_York'(2) JAVA_MIN_MEM: 512M(3) JAVA_MAX_MEM: 2048M(4) command: ["-c"] volumes: - ./minion-config.yaml:/opt/minion/minion-config.yaml(5) - ./scv.jce:/opt/minion/scv.jce(6) healthcheck: test: "/health.sh"(7) interval: 30s timeout: 6s retries: 3 ports:(8) - '514:1514/udp' - '162:1162/udp' - '8201:8201/tcp' 1 Friendly container name 2 Set the time zone and the Minion configuration via environment variables. To list all available time zones, use timedatectl list-timezones. 3 Optional. Use to control the minimal Java heap size. 4 Optional. Use to control the maximum Java heap size. 5 Configuration file for connectivity and features 6 Keystore file with encrypted credentials for authenticating broker endpoints. 7 Run our health check to indicate the Minion is ready. It uses the opennms:health-check internally running in Karaf. 8 Publish ports for Syslog, SNMP trap listener, and the SSH access to the Karaf shell. The Minion process in the container runs as a non-root user and can’t open privileged ports < 1024. We open the listener for privileged (514/udp, 162/udp) and don’t have to give additional permissions to the Minion process in the container. Some environments do not allow the use of ICMP (ping) for non-root users. Horizon Minion runs as a non-privileged user in the container with userid=10001, groupid=10001. You can verify with sysctl -n net.ipv4.ping_group_range if the group id 10001 is in the allowed group range. If not, add the following lines in your service definition in the docker-compose.yml file. sysctls: net.ipv4.ping_group_range: "10001 10001" Create a file with the configuration for connectivity and features --- broker-url: 'failover:tcp://core-instance-ip:61616'(1) id: 'my-minion'(2) location: 'my-location'(3) netmgt: syslog:(4) syslog.listen.interface: "0.0.0.0" syslog.listen.port: 1514 traps:(5) trapd.listen.interface: "0.0.0.0" trapd.listen.port: 1162 1 Replace the broker endpoint URL that goes to your Horizon Core instance. If you have ActiveMQ with SSL running, replace tcp with ssl. 2 Replace my-location with a location name that represents the remote location where the Minion is running. 3 Optional. You can set a unique human-readable Minion identifier; if not set, a unique identifier is generated. 4 Enable the Syslog listener on the Minion on port 1514/udp. 5 Enable the SNMP trap listener on the Minion on port 1162/udp. To run with Apache Kafka or configure flow listeners, see the configuration reference in the Confd readme. Initialize the keystore with credentials docker-compose run -v $(pwd):/keystore minion -s Validate your Docker Compose file docker-compose config -q Start the service in background docker-compose up -d Verify the connectivity and the configuration with the health check docker-compose exec minion bin/client opennms:health-check The endpoints should be reachable and the bundles should be installed successful Verifying installed bundles [ Success ] Connecting to JMS Broker [ Success ] => Everything is awesome