Chg: update image tag in helm values to v2.9.0-RC3

.github/workflows/ci.yml

@@ -9,7 +9,6 @@ on:
     branches:
       - main
       - 'release/*'
-  workflow_dispatch: {}
 
 defaults:
   run:
@@ -44,12 +43,12 @@ jobs:
         echo "tag=$(git tag | grep -v RC | tail -2 | head -1)" >> $GITHUB_OUTPUT
 
   trigger-docker-compose-testing:
-    if: startsWith(github.ref, 'DISABLEDrefs/pull/')
+    if: startsWith(github.ref, 'refs/pull/')
     runs-on: ubuntu-latest
     needs: envs
     steps:
     - name: Checkout actions repo
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
       with:
         repository: Telecominfraproject/.github
         path: github
@@ -67,12 +66,12 @@ jobs:
         inputs: '{"deployment_version": "${{ env.PR_BRANCH }}", "microservice": "all"}'
 
   trigger-k8s-testing:
-    if: startsWith(github.ref, 'DISABLEDrefs/pull/')
+    if: startsWith(github.ref, 'refs/pull/')
     runs-on: ubuntu-latest
     needs: envs
     steps:
     - name: Checkout actions repo
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
       with:
         repository: Telecominfraproject/.github
         path: github
@@ -90,12 +89,12 @@ jobs:
         inputs: '{"deployment_version": "${{ env.PR_BRANCH }}", "microservice": "all"}'
 
   trigger-docker-compose-upgrade-testing:
-    if: startsWith(github.ref, 'DISABLEDrefs/tags/v')
+    if: startsWith(github.ref, 'refs/tags/v')
     runs-on: ubuntu-latest
     needs: envs
     steps:
     - name: Checkout actions repo
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
       with:
         repository: Telecominfraproject/.github
         path: github

.github/workflows/clustersysteminfo_image_ci.yml

@@ -17,12 +17,12 @@ defaults:
 
 jobs:
   docker:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     env:
       DOCKER_REGISTRY_URL: tip-tip-wlan-cloud-ucentral.jfrog.io
       DOCKER_REGISTRY_USERNAME: ucentral
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v3
 
     - name: Build Docker image
       working-directory: chart/docker

.github/workflows/enforce-jira-issue-key.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout actions repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
         with:
           repository: Telecominfraproject/.github
           path: github

.github/workflows/git-release.yml

@@ -28,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repo
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
       with:
         path: wlan-cloud-ucentral-deploy
 
@@ -36,7 +36,7 @@ jobs:
       run: |
         pip3 install yq
         helm plugin install https://github.com/databus23/helm-diff
-        helm plugin install https://github.com/aslafy-z/helm-git --version 0.16.0
+        helm plugin install https://github.com/aslafy-z/helm-git
         ls ~/.local/share/helm/plugins/helm-git/helm-git-plugin.sh || true
         sed 's/--skip-refresh //' -i ~/.local/share/helm/plugins/helm-git/helm-git-plugin.sh
 
@@ -54,6 +54,6 @@ jobs:
         git config --global credential.helper store
         git config --global user.email "tip-automation@telecominfraproject.com"
         git config --global user.name "TIP Automation User"
-        #helm repo add bitnami https://charts.bitnami.com/bitnami
-        #helm repo update
+        helm repo add bitnami https://charts.bitnami.com/bitnami
+        helm repo update
         ./git-release-tool.sh

.github/workflows/release.yml

@@ -11,13 +11,13 @@ defaults:
 
 jobs:
   helm-package:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     env:
       HELM_REPO_URL: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
       HELM_REPO_USERNAME: ucentral
     steps:
       - name: Checkout uCentral assembly chart repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
         with:
           path: wlan-cloud-ucentral-deploy
           repository: Telecominfraproject/wlan-cloud-ucentral-deploy
@@ -42,7 +42,9 @@ jobs:
       - name: Build package
         working-directory: wlan-cloud-ucentral-deploy/chart
         run: |
-          helm plugin install https://github.com/aslafy-z/helm-git --version 0.16.0
+          helm plugin install https://github.com/aslafy-z/helm-git --version 0.10.0
+          helm repo add bitnami https://charts.bitnami.com/bitnami
+          helm repo update
           helm dependency update
           mkdir dist
           helm package . -d dist
@@ -68,7 +70,7 @@ jobs:
           cat Chart.yaml | yq -r '.dependencies[] | "\(.name) - \(.repository) v\(.version)"' >> release.txt
 
       - name: Create GitHub release
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@v1
         with:
           body_path: wlan-cloud-ucentral-deploy/chart/release.txt
           files: wlan-cloud-ucentral-deploy/chart/dist/*
@@ -78,7 +80,7 @@ jobs:
     needs: helm-package
     steps:
     - name: Trigger testing of release
-      uses: peter-evans/repository-dispatch@v3
+      uses: peter-evans/repository-dispatch@v1
       with:
         token: ${{ secrets.WLAN_TESTING_PAT }}
         repository: Telecominfraproject/wlan-testing

.gitignore

@@ -1,8 +1,7 @@
 *.swp
-tmp/
 chart/charts/*
 chart/Chart.lock
 chart/environment-values/wlan-cloud-ucentral-deploy/
-docker-compose/certs/websocket*pem
-docker-compose/*_data
-docker-compose/owls/*_data
+/docker-compose/certs/
+/docker-compose/*_data
+/docker-compose/owls/*_data

README.PKI2.0.md

@@ -1,74 +0,0 @@
-# PKI 2.0 Upgrade
-
-## Reference Cluster (QA01) and Deployment updates
-- Updated QA01 and DEV01 deployments to use new QA Insta Chain certificates - 2026/03
-- Removed digicert chain certificates - 2025/12/16
-- Added support for insta only chain certificates - 2025/09/23
-- Added Insta chain certificates - 2025/08/12
-
-## Checklist when upgrading or installing a new OpenWiFi Cloud SDK
-For PKI 2.0 support we will need to:
-- [ ] Upgrade to the latest version of the OpenWiFi Cloud SDK.
-- [ ] Switch to using the Insta certificates for the server certificate when all APs are updated to 4.1.0+.
-
-### Upgrade OpenWiFi Cloud SDK
-The latest version of the OpenWiFi Cloud SDK is available at https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main. This is also the location for this README.PKI2.0.md file.
-
-### Docker Compose
-The file `docker-compose/certs/clientcas.pem` already contains the Insta chain certificates.
-
-**Do this only once all APs have been upgraded to support PKI2.0**:
-Request your server certificate package using the [OpenLAN PKI tools Cert Client](https://github.com/Telecominfraproject/openlan-pki-tools/tree/main/cert_client).
-Once you receive your server certificate package, please update the `websocket-cert.pem` and `websocket-key.pem` files in the `docker-compose/certs` directory.
-Restart the SDK by running the appropriate `docker-compose` command: `./dco stop && ./dco start`.
-
-Once the switch-over to Insta is complete, TIP will update the `docker-compose/certs/cert.pem` and `key.pem` files to contain the Insta versions of the `*.wlan.local` certificate. This is only a concern if you are using *wlan.local* has your host name. The Digicert chain certificates will also be removed at this time.
-
-## Advanced
-
-## Checklist when updating an existing deployment (4.0.0+)
-If you have a recent 4.0.0 based deployment already running.
-- [ ] Phase 1: Switch to using the Insta chain certificates (still allowing non PKI 2.0 devices).
-- [ ] Update 2 SDK components.
-- [ ] Phase 2: Switch to using the Insta certificates and remove the digicert chain certificates when all APs are updated to 4.1.1+.
-
-### Phase 1: Switch to using the Insta chain certificates (and accept non PKI 2.0 devices)
-
-#### Docker Compose
-The file `docker-compose/certs/clientcas_digicert.pem` contains the Insta chain certificates (along with the previous Digicert ones.) This file needs to be updated locally. Please use this file instead of `clientcas.pem` if you still wish to support PKI1.0 devices.
-
-#### Kubernetes
-The file `charts/environment-values/values.openwifi-qa.yaml` under `clientcas.pem` already contains the Insta chain certificates. Please make sure that this file gets updated in any existing deployments. It should be reflected in the `owgw-certs` secret under `clientcas.pem`.
-
-### Update 2 SDK components
-Make sure the image for OWGW is `tip-tip-wlan-cloud-ucentral.jfrog.io/owgw:master` or a specific tag like `v4.2.0` (when version 4.2.0 is released.)
-Use `tip-tip-wlan-cloud-ucentral.jfrog.io/owgwui:main` for owgwui.
-
-#### Docker Compose
-Change your .env file to set the tags (use the release tag once available `v4.2.0`):
-```bash
-OWGW_TAG=master
-OWGWUI_TAG=main
-```
-Restart the stack by running the appropriate `docker-compose` command: `./dco relaunch`.
-
-#### Kubernetes
-If you are already running the 'main' version of the SDK, you can delete the owgw and owgw-ui pods and a new version should be retrieved. Otherwise change your deployment to switch to the images specified above, either by editing your deployments directly or upgrading the 2 respective helm charts of owgw to master owgw-ui to main (or *v4.1.0* release tag when available.)
-
-### Phase 2: Switch to using the Insta only chain certificates
-*Do this only once all APs have been upgraded to support PKI2.0!*
-
-Request your server certificate package using the [OpenLAN PKI tools Cert Client](https://github.com/Telecominfraproject/openlan-pki-tools/tree/main/cert_client).
-
-#### Docker Compose
-The file `docker-compose/certs/clientcas.pem` contains the Insta chain certificates only. This file needs to be updated locally. Please use this file to replace your copy of `clientcas.pem`.
-Once you receive your server certificate package, please update the `websocket-cert.pem` and `websocket-key.pem` secrets in the `docker-compose/certs` directory.
-Restart the stack by running the appropriate `docker-compose` command: `./dco relaunch`.
-
-#### Kubernetes
-The file `charts/environment-values/values.openwifi-qa-insta.yaml` under `clientcas.pem` already contains the Insta chain certificates. Please make sure that this file gets updated in any existing deployments. It should be reflected in the `owgw-certs` secret under `clientcas.pem`.
-
-Make sure you update the certificate and key referred to as `websocket-cert` and `websocket-key` in the `owgw-certs` secret. This is done by setting the following helm variables:
-- owgw.certs."websocket-cert\\.pem"
-- owgw.certs."websocket-key\\.pem"
-If you are making a change to the secret then a GW restart is also required (by deleting the owgw pod.)

cgw/.gitignore

@@ -1,3 +0,0 @@
-values/certs.device.yaml
-websocket-key.pem
-websocket-cert.pem

cgw/.sops.yaml

@@ -1,2 +0,0 @@
-creation_rules:
-- kms: 'arn:aws:kms:us-east-2:289708231103:alias/helm-secrets'

cgw/README.md

@@ -1,44 +0,0 @@
-# CGW Charts
-
-## Pre-requisites
-
-The following binaries are needed:
-- [helmfile](https://github.com/helmfile/helmfile/releases/download/v0.165.0/helmfile_0.165.0_linux_amd64.tar.gz)
-- helm
-- kubectl
-
-The following helm plugins are needed:
-```bash
-helm plugin install https://github.com/aslafy-z/helm-git --version 0.16.0
-helm plugin install https://github.com/databus23/helm-diff
-```
-
-## Configuration
-
-_helmfile.yaml_ contains the configuration for all the environments. External values files are used for secrets or where appropriate. Each environment needs to be created in this file before it can be deployed. The _values/certs.device.yaml_ file is generated in github workflows.
-This file should contain the device cert and key for the domain you are deploying.
-```
-certs:
-  websocket-cert.pem: 5c0lvd0RRWUpLb1pJa...
-  websocket-key.pem: V6WEFqWEhNVFk3RGda...
-```
-To generate this file manually (with the two websocket pem files available):
-```
-./mkcertconfig websocket-cert.pem websocket-key.pem > values/certs.device.yaml
-```
-
-## Installation
-
-To install the entire stack: `helm --environment ENVNAME apply`.
-To install just cgw: `helm --environment ENVNAME -l app=cgw apply`.
-To install just cgw with a specific image tag: `helm --environment ENVNAME -l app=cgw apply --state-values-set "cgw.tag=main"`.
-
-## Removal
-
-To remove the entire stack: `helm --environment ENVNAME delete`.
-To remove just cgw: `helm --environment ENVNAME -l app=cgw delete`.
-Delete the namespace manually if it is no longer required.
-
-# Re-installation
-
-Note that the kafka, postgres and redis charts do not want to be reinstalled so will have to be removed and installed. If you wish to upgrade these then you must follow the respective Bitnami instructions on how to upgrade these charts.

cgw/helmfile.yaml

@@ -1,285 +0,0 @@
-environments:
-  default:
-    values:
-    - global:
-        name: devcgw
-        namespace: openwifi-devcgw
-        domain: cicd.lab.wlan.tip.build
-        certificateARN: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be
-    - kafka:
-        enabled: true
-    - redis:
-        enabled: true
-    - postgres:
-        enabled: true
-        pgUser:
-          password: postgres
-        cgwUser:
-          name: cgw
-          password: 123
-    - cgw:
-        enabled: true
-        tag: next
-    - cgw2:
-        enabled: true
-  cgw01:
-    values:
-    - global:
-        name: cgw01
-        namespace: openlan-cgw01
-        domain: cicd.lab.wlan.tip.build
-        certificateARN: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
-    - kafka:
-        enabled: true
-    - redis:
-        enabled: true
-    - postgres:
-        enabled: true
-        pgUser:
-          password: openlancgw
-        cgwUser:
-          name: cgw
-          password: openlancgw
-    - cgw:
-        enabled: true
-        tag: next
-    - cgw2:
-        enabled: true
-
----
-
-helmDefaults:
-  force: false
-  timeout: 300
-  createNamespace: true
-
-releases:
-- name: kafka
-  version: 28.3.0
-  namespace: {{ .Environment.Values.global.namespace }}
-  condition: kafka.enabled
-  chart: oci://registry-1.docker.io/bitnamicharts/kafka
-  labels:
-    group: base
-    app: kafka
-  values:
-    - image:
-        repository: bitnamilegacy/kafka
-    - defaultInitContainers:
-        volumePermissions:
-          image:
-            repository: bitnamilegacy/os-shell
-    - autoDiscovery:
-        volumePermissions:
-          image:
-            repository: bitnamilegacy/kubectl
-    - metrics:
-        jmx:
-          image:
-            repository: bitnamilegacy/jmx-exporter
-    - fullnameOverride: kafka
-    - volumePermissions:
-        enabled: true
-    - commonAnnotations:
-        cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-    - readinessProbe:
-        initialDelaySeconds: 45
-    - livenessProbe:
-        initialDelaySeconds: 60
-    - heapOpts: -Xmx1024m -Xms1024m
-    - kraft:
-        enabled: true
-    - zookeeper:
-        enabled: false
-    - provisioning:
-        enabled: true
-        topics:
-          - name: CnC
-            partitions: 1
-            replicationFactor: 1
-          - name: CnC_Res
-            partitions: 1
-            replicationFactor: 1
-    - controller:
-        persistence:
-          size: 80Gi
-        replicaCount: 1
-        extraConfig: |-
-          maxMessageBytes = 1048588
-          offsets.topic.replication.factor = 1
-          transaction.state.log.replication.factor = 1
-        extraEnvVars:
-          - name: ALLOW_PLAINTEXT_LISTENER
-            value: "yes"
-        resources:
-          requests:
-            cpu: 500m
-            memory: 512Mi
-          limits:
-            cpu: 750m
-            memory: 2Gi
-    - listeners:
-        client:
-          protocol: PLAINTEXT
-          containerPort: 9092
-        controller:
-          protocol: "PLAINTEXT"
-    - broker:
-        replicaCount: 0
-        persistence:
-          size: 80Gi
-        resources:
-          requests:
-            cpu: 500m
-            memory: 512Mi
-          limits:
-            cpu: 750m
-            memory: 2Gi
-
-- name: postgres
-  namespace: {{ .Environment.Values.global.namespace }}
-  chart: oci://registry-1.docker.io/bitnamicharts/postgresql
-  version: 13.4.3
-  condition: postgres.enabled
-  labels:
-    group: base
-    app: postgres
-  values:
-    - image:
-        repository: bitnamilegacy/postgresql
-    - volumePermissions:
-        image:
-          repository: bitnamilegacy/os-shell
-    - metrics:
-        image:
-          repository: bitnamilegacy/postgres-exporter
-    - fullnameOverride: pgsql
-    # workaround for: postgresql.conf file not detected. Generating it...
-    # cp: cannot create regular file '/bitnami/postgresql/conf/postgresql.conf': Permission denied
-    - volumePermissions:
-        enabled: true
-    - global:
-        postgresql:
-          auth:
-            postgresPassword: {{ .Environment.Values.postgres.pgUser.password }}
-    - auth:
-        postgresPassword: {{ .Environment.Values.postgres.pgUser.password }}
-    - primary:
-        persistence:
-          size: 40Gi
-        extendedConfiguration: |-
-          max_connections = 550
-          shared_buffers = 128MB
-          log_error_verbosity = verbose
-          tcp_keepalives_idle = 300
-          tcp_keepalives_interval = 30
-          tcp_user_timeout = 300
-        initdb:
-          scripts:
-            initusers.sql: |-
-              CREATE USER {{ .Environment.Values.postgres.cgwUser.name }};
-              ALTER USER cgw WITH ENCRYPTED PASSWORD '{{ .Environment.Values.postgres.cgwUser.password }}';
-              CREATE DATABASE cgw OWNER {{ .Environment.Values.postgres.cgwUser.name }};
-              \c cgw
-              CREATE TABLE infrastructure_groups (id INT PRIMARY KEY, reserved_size INT, actual_size INT);
-              ALTER TABLE infrastructure_groups OWNER TO {{ .Environment.Values.postgres.cgwUser.name }};
-              CREATE TABLE infras (mac MACADDR PRIMARY KEY, infra_group_id INT, FOREIGN KEY(infra_group_id) REFERENCES infrastructure_groups(id) ON DELETE CASCADE);
-              ALTER TABLE infras OWNER TO {{ .Environment.Values.postgres.cgwUser.name }};
-
-- name: redis
-  namespace: {{ .Environment.Values.global.namespace }}
-  chart: oci://registry-1.docker.io/bitnamicharts/redis
-  version: 19.5.2
-  condition: redis.enabled
-  labels:
-    group: base
-    app: redis
-  values:
-    - image:
-        repository: bitnamilegacy/redis
-    - sentinel:
-        image:
-          repository: bitnamilegacy/redis-sentinel
-    - metrics:
-        image:
-          repository: bitnamilegacy/redis-exporter
-    - volumePermissions:
-        image:
-          repository: bitnamilegacy/os-shell
-    - kubectl:
-        image:
-          repository: bitnamilegacy/kubectl
-    - sysctl:
-        image:
-          repository: bitnamilegacy/os-shell
-    - architecture: standalone
-    - auth:
-        enabled: false
-    - master:
-        persistence:
-          size: 20Gi
-        extraEnvVars:
-          - name: ALLOW_EMPTY_PASSWORD
-            value: "yes"
-
-- name: cgw
-  namespace: {{ .Environment.Values.global.namespace }}
-  chart: ../../openlan-cgw/helm
-  #chart: "git+https://github.com/Telecominfraproject/openlan-cgw@helm?ref=main"
-  version: 0.1.0
-  condition: cgw.enabled
-  labels:
-    group: apps
-    app: cgw
-  values:
-    - values/certs.tip.yaml
-    # this one is generated from GH secrets:
-    - values/certs.device.yaml
-    - values/cgw.yaml
-    - values/cgw-{{ .Environment.Values.global.name }}-1.yaml
-    - images:
-        cgw:
-          tag: {{ .Environment.Values.cgw.tag }}
-    - public_env_variables:
-        CGW_ID: 0
-        CGW_DB_USERNAME: "{{ .Environment.Values.postgres.cgwUser.name }}"
-        CGW_GRPC_PUBLIC_HOST: cgw-cgw
-        CGW_GRPC_PUBLIC_PORT: 50051
-    - secret_env_variables:
-        CGW_DB_PASSWORD: "{{ .Environment.Values.postgres.cgwUser.password }}"
-    - services:
-        cgw:
-          annotations:
-            external-dns.alpha.kubernetes.io/hostname: cgw-{{ .Environment.Values.global.name }}.{{ .Environment.Values.global.domain }}
-            service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Environment.Values.global.certificateARN }}
-
-- name: cgw2
-  namespace: {{ .Environment.Values.global.namespace }}
-  chart: ../../openlan-cgw/helm
-  #chart: "git+https://github.com/Telecominfraproject/openlan-cgw@helm?ref=main"
-  version: 0.1.0
-  condition: cgw2.enabled
-  labels:
-    group: apps
-    app: cgw2
-  values:
-    - values/certs.tip.yaml
-    # this one is generated from GH secrets:
-    - values/certs.device.yaml
-    - values/cgw.yaml
-    - values/cgw-{{ .Environment.Values.global.name }}-2.yaml
-    - images:
-        cgw:
-          tag: {{ .Environment.Values.cgw.tag }}
-    - public_env_variables:
-        CGW_ID: 1
-        CGW_DB_USERNAME: "{{ .Environment.Values.postgres.cgwUser.name }}"
-        CGW_GRPC_PUBLIC_HOST: cgw2-cgw2
-        CGW_GRPC_PUBLIC_PORT: 50051
-    - secret_env_variables:
-        CGW_DB_PASSWORD: "{{ .Environment.Values.postgres.cgwUser.password }}"
-    - services:
-        cgw:
-          annotations:
-            external-dns.alpha.kubernetes.io/hostname: cgw2-{{ .Environment.Values.global.name }}.{{ .Environment.Values.global.domain }}
-            service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Environment.Values.global.certificateARN }}

cgw/mkcertconfig

@@ -1,6 +0,0 @@
-#!/bin/bash
-echo "certs:"
-for f in $* ; do
-    echo "  $f: |"
-    sed -e 's/^/    /' < "$f"
-done

cgw/secrets/values.postgres.yaml

@@ -1,21 +0,0 @@
-postgres:
-    pgUser:
-        password: ENC[AES256_GCM,data:QHV7Y5Jfes4=,iv:QTs0fu7behn1g2CLheoJROFHNYvN6OpS/vcQQC0NrMs=,tag:PeaRcoDsOrEjDN9KgHUEPA==,type:str]
-    cgwUser:
-        name: ENC[AES256_GCM,data:g6J6,iv:H4HxE5orLFXZFDDVD2tAS0PkOqNJ9j6SNu1ief7Snk0=,tag:Tuj9yjBcJzZBBZRtwAY33w==,type:str]
-        password: ENC[AES256_GCM,data:5K0f,iv:+g61dhYOOTbr8TwnwwLHgW17R+6zXpQT2PfgjvofvlI=,tag:1nSVXgkTC41d1AnDDE19Hg==,type:int]
-sops:
-    kms:
-        - arn: arn:aws:kms:us-east-2:289708231103:alias/helm-secrets
-          created_at: "2024-06-12T13:45:13Z"
-          enc: AQICAHiG/4CitJjM31GdYxTw9OLz/Zs5oK+DCq0cU2fAjtAA3AEPrxIAaT+xE4C1IFYmWvmkAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMrFaPNxf0atKVKnFsAgEQgDu8uqj035qrcelG0Dq4/Ond4H5bmpUHNRVEj0C8BFxg+a4R3loIk4NBeyuA0yqC0cQeWnA5e+/SjVtGAA==
-          aws_profile: ""
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age: []
-    lastmodified: "2024-06-25T17:29:15Z"
-    mac: ENC[AES256_GCM,data:gbXt2MRhlx9zGcm9ZvXjWuwSPh/QHkNngGx0j0UQ61jZTINRh4ZgERuUj7Vpo1tg/blIFWbl768wB89RAGq3n1C4AcQpX3xvC33QyCT0i4pitQmnec9RnJL0L197mioOikPxl8z56WE1014EV+Vvbk7rf1CQkqrrEIJINoqSdfE=,iv:ThbvKhY0fsaXJz9rORnvxY64vMWyM/IOgSI+kuFFbAQ=,tag:fSF4tdyf3wc5+uIfoYLc5g==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1

cgw/values/certs.tip.yaml

@@ -1,103 +0,0 @@
-certs:
-    root.pem: |
-        -----BEGIN CERTIFICATE-----
-        MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-        BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-        dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-        b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-        CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-        Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-        IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-        AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-        KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-        aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-        t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-        Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-        720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-        lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-        AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-        dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-        PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-        19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-        L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-        5IOM7ItsRmen6u3qu+JXros54e4juQ==
-        -----END CERTIFICATE-----
-    cas.pem: |
-        -----BEGIN CERTIFICATE-----
-        MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
-        BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-        dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-        b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
-        CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-        Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-        IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
-        qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
-        yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
-        4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
-        ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
-        UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
-        YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
-        DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
-        98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
-        BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
-        AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
-        cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
-        ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
-        KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
-        IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
-        XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
-        IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
-        DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
-        EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
-        -----END CERTIFICATE-----
-        -----BEGIN CERTIFICATE-----
-        MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-        BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-        dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-        b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-        CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-        Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-        IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-        AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-        KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-        aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-        t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-        Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-        720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-        lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-        AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-        dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-        PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-        19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-        L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-        5IOM7ItsRmen6u3qu+JXros54e4juQ==
-        -----END CERTIFICATE-----
-        -----BEGIN CERTIFICATE-----
-        MIIE5DCCAsygAwIBAgIUJdCMN900+sZN4pJmZ4SVd2KRNBowDQYJKoZIhvcNAQEL
-        BQAwDTELMAkGA1UEAwwCQ0EwHhcNMjQwNjEzMTc1ODMwWhcNMjUwNjEzMTc1ODMw
-        WjANMQswCQYDVQQDDAJDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
-        ALHSZH2fO1ho8aETiRwJZw1dlzk4ny364TdfY35AfhocvCozxmoKTcT69RqMtUIM
-        dStOoHhRenKnEPKHF4SrgrebsYJeXysLVb3UMEkrV6I9sKeBbUq2neAAibv+Xq0X
-        KpgJM8ZSq3WugI7pJ9kRIrRbErm8FycIW+BhBTn5g/thBnwtBn0FJ4QpnBkl38bZ
-        vYoOp77oVSk42hijD56hJwyg9yVo4MbZRhpROkL8/rPrLXDfeM3yXKx+kvNCY01m
-        8IxGUMh/3UuU8wWXaGRIAcWapZpDrDaM8YdDdVfoIv6pqCU6zLhrDm2gyYABkM2q
-        VKNruHDvrcV6BT1ldW59RkRWWW8UqsIUYuvjHMBSgEijiCCmCcrNTdd1dg+9ycdU
-        p2ZHw4g5QwyGrosUMC34Hl7zz+Aj+gA3gBAyeX2Mg9E0WtDoX6as9fRZebP5fYwj
-        Qh4bjv3Rx+a68G8DrPE7CJAJHTmthgyjINLn8/RcPpo0MYh/r47Sy1+nWBCnibYZ
-        vKkDCsRjVd5mDwRAQE0YCEiissgNgVdV6LjW4pnkIsPlHpI15A7PiDRQEKHdmRYL
-        NaIQKrn6x7Tj+o9Bs3VEoyIR1qNEYuuRGeXgTRWT1QWGX+0oN5OMzkcEKtLzPRJR
-        wW+h5C+gyp2KB7pU3umk5pFMVPlT7hbAaCyzuhNWQL5fAgMBAAGjPDA6MAwGA1Ud
-        EwQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTEa33fF8DibprD2kyGKfts
-        +Gk2QTANBgkqhkiG9w0BAQsFAAOCAgEAjad+ygI3Cp5wFHyjc9cjkU5+6qQM8qXM
-        g6B9QAqbsejzBC2euFfkLKGPGTxyPoX5fjNGreMFu6bYVS4MdObMPfaEgUdJeTLA
-        t/FGw22/zJDsKceZDFvIGoW2BvyXbqKUXXzonhE1/OXSKI1Me5cJo8GqA8J97VGh
-        TooDNzNXjvOeMMXzvugoFtXGXey/4tus1S1pSYglW/rB/exhBgZVrW5ElOPqLeK4
-        QEiP90jD303Rhw7aogrMVMcQWQ8ONyBEuQdno8/Ypil4uQXh4kYbbhgbrzT6Ux4Y
-        x9KIGbydYkNlqU4M/B1GPDsOfYauJmDpMvoUxPTolaPbIhrPmONudbUZVnrSEgOo
-        NAREI2hWRTnsqb76ugQayr7UQCzX4gQ99UllDLuvoAsc45s2pY3fJlQHkhl1JkGw
-        YlB1lF22Z35aWxkhXaYJHvhtZpt0oJ9vN//JJveBPOSajNsVnY6MIk4numI30BlZ
-        YSKHKYrYvD1yR/MSCeKVGWqsWRGfFk2bZGFjVgdlusFrjZM8JNbZtTVnKzTdoDiW
-        BnVJcd552gsT2yhaIvBoqoq4ufVa1gDGM4qRz0dxTW7850Qp++iWHMbwXRoJ3dow
-        /vreJoe6yYx8dQDw/Adl8SNV5Uo0ws36VUI/Vkuj3vG2oMP0P5DSRVQIzKxZ8FM1
-        0bJQwZgh3Is=
-        -----END CERTIFICATE-----

cgw/values/cgw-cgw01-1.yaml

@@ -1 +0,0 @@
-# set the node affinity and tolerations here

cgw/values/cgw-cgw01-2.yaml

@@ -1 +0,0 @@
-# set the node affinity and tolerations here

cgw/values/cgw-devcgw-1.yaml

@@ -1,16 +0,0 @@
-# set the node affinity and tolerations here
-affinity:
-  nodeAffinity:
-    requiredDuringSchedulingIgnoredDuringExecution:
-      nodeSelectorTerms:
-      - matchExpressions:
-        - key: alpha.eksctl.io/nodegroup-name
-          operator: In
-          values:
-          - gwm5lrg
-
-tolerations:
-- effect: NoSchedule
-  key: type
-  operator: Equal
-  value: onlygwm5lrg

cgw/values/cgw-devcgw-2.yaml

@@ -1,16 +0,0 @@
-# set the node affinity and tolerations here
-affinity:
-  nodeAffinity:
-    requiredDuringSchedulingIgnoredDuringExecution:
-      nodeSelectorTerms:
-      - matchExpressions:
-        - key: alpha.eksctl.io/nodegroup-name
-          operator: In
-          values:
-          - gwmed
-
-tolerations:
-- effect: NoSchedule
-  key: type
-  operator: Equal
-  value: onlygwmed

cgw/values/cgw.yaml

@@ -1,24 +0,0 @@
-public_env_variables:
-  CGW_DB_HOST: pgsql
-  CGW_DB_PORT: "5432"
-  CGW_KAFKA_HOST: kafka
-  CGW_KAFKA_PORT: "9092"
-  CGW_REDIS_HOST: redis-master
-  CGW_REDIS_PORT: "6379"
-  CGW_ALLOW_CERT_MISMATCH: "yes"
-  # use (#cpus * 2) - 2
-  DEFAULT_WSS_THREAD_NUM: "4"
-  # Useful for debugging:
-  #CGW_LOG_LEVEL: "debug"
-  #RUST_BACKTRACE: "full"
-services:
-  cgw:
-    type: LoadBalancer
-    annotations:
-      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-      service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: metrics
-      service.beta.kubernetes.io/aws-load-balancer-healthcheck-path: /health
-      service.beta.kubernetes.io/aws-load-balancer-healthcheck-protocol: http
-      service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true
-      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002"

chaincerts/OpenLAN_Demo_Birth_CA.pem

@@ -1,31 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFajCCA1KgAwIBAgICXQ4wDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3Bl
-bkxBTiBEZW1vIFJvb3QgQ0EwHhcNMjUwMjIxMTUwMDAwWhcNNDUwMjIxMTUwMDAw
-WjAgMR4wHAYDVQQDExVPcGVuTEFOIERlbW8gQmlydGggQ0EwggIiMA0GCSqGSIb3
-DQEBAQUAA4ICDwAwggIKAoICAQDVWIyySul6Fv4wl1O+DQpaLRa0p+Az5L/jcqTp
-dVf6w+8tlmeIY9C28uDQoDjewrIkvf3lcfK86nshs02s9ehqZUnEP8+GvKM19x3J
-bWxeTvWwFirjHir4x897iQ606bAMbrHHtntI9ZyBZyXDGeElGJxJQNX+0d50SFq6
-09cB3yxpBPJ67ag+4Oq0uHgROHjEQMrfwLwlAune0c1fjQDrN14PDNjMZHvvhc/p
-kAHxR1PP6LOFNV5NuQ58tC5N7R2EqqFbIJ8VZgcagrGRYuAuFFTaV+D7RIt9xGTu
-WlCyxHI7VkRBJ1mRoEr4GOrP9QFjBD8NzNK+/wnR/fZwhpEnRsgHiI33wKHBDg+l
-3r8tvRzuB5X6Gl/SfuAeaoCuDHMncTjQg1zGhyEwjQhUe4RY3w+yHAjeeOE6c5sp
-OMDDdaBibkzLmSjXztuLeAdzsUcD3fvGeOvh9vG14TKEmF8puNkqEcc0W8NyUWKF
-dr9umdJEMbaRSSsMGtp8bDj3Ddh4PhEJrIFeo89+HwXhU6sk+wzE9BULTohahsfw
-OV/08t1cZ3Q04Oj1KI+4YWu8BJns5gX35rQ8GIbkXQwfvFMwqmbg+ij2o9HWdkSL
-4bcqW/83Ho+31ce210rVGPK9cav0CjA2Eexgxi45cbgnfoade74Qa5zXboJEBmp7
-rbo4swIDAQABo4GuMIGrMB8GA1UdIwQYMBaAFDzIg8eyTI3xc4A2R60f8HanhBZD
-MB0GA1UdDgQWBBS5xC3inqLQl+vxzn9PsjNzlZ5hYDAOBgNVHQ8BAf8EBAMCAQYw
-EgYDVR0TAQH/BAgwBgEB/wIBADBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vZGVt
-by5jZXJ0aWZpY2F0ZS5maS9jcmwvT3BlbkxBTkRlbW9Sb290Q0EuY3JsMA0GCSqG
-SIb3DQEBCwUAA4ICAQC0UUiTX/BpfbjxnTxQfWgK8cMS0opr9AA7Ta1ZAqu/wJpb
-pSEbcd41YkLDfL+aXOV3RU3sO8VSrnvGe1r5ikF3y2DOmegLBury1K05WPASjn2i
-8wioE3O0JtesijnX1tUlFYqpdX3+XSoHmRV1L6O2tptiACSLcx42uBtGI7Fhsfby
-2yv9VNkMiW59bcAlex2higrnIfGcbA7Fgx3REKe1fN6Q4nxIXC/VLm8nRr8g3g4w
-rIkcly/PgfsMHF+FXGXWl3D/4v6HMV5nm1PPMPvSp5f9G2ftx+zBw5qQbVSoOmxZ
-1a5XzBhrqCnKXPpn2v8FQJ+Nk7FcgmtCURL7BUlm2cnZg+pgXpacQo9nN9uMoMI9
-yCrHRa+sTsfL5+Ar4sMqkNJVXsRBv57ls7wr2Bix9Mla+9zGAFK7Yg9UPpjlzGZ4
-BpiGdNqJcX6a1bIjDe66Pah2P/O8riSX4UMf8ypPsO4h9KNM+XIjQw2VtpEoLNTF
-6AqyvrrWfsJwGdXSg+GpNPJ1Gsu1Y6ataMGvsrot6OxTrg+TpUMuacfwc8zN7+JI
-2XO+PgAf9M1URMYar5v8NKFQ4NX6lMUzNiJnIaoCnbd0zoh/Ui3cbpI46z3UHthw
-qq3/VWS7WlXQZXJ2qNg6c4yEz8iUogod4B1p9badXZBSmpsEcY1m3NzE/OKYgA==
------END CERTIFICATE-----

chaincerts/OpenLAN_Demo_Controller_CA.pem

@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFbzCCA1egAwIBAgICYwwwDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3Bl
-bkxBTiBEZW1vIFJvb3QgQ0EwHhcNMjUwMjIxMTUwMDAwWhcNNDUwMjIxMTUwMDAw
-WjAlMSMwIQYDVQQDExpPcGVuTEFOIERlbW8gQ29udHJvbGxlciBDQTCCAiIwDQYJ
-KoZIhvcNAQEBBQADggIPADCCAgoCggIBAJauwpN+LAd/VubBpX3O3u/E5CXkmxLZ
-di/F9zOTimAOPqfWP7K046TfbNj4twPYSzVzjawkenRkEK0yZQ1DOXmzkGWVnsih
-gR/CA+IUUY1yCnmg6t9Dx9l5K0ZnAox90HO/ybIymcoSfRXhotuhle//eDNmGccd
-XFsndvGdmxshaV1zN1h2POw7biCBZuypCzwvRitFfcpv3pdIk5xTt2G/yMbHPCNo
-dUJHYHLWotridJIJ7DdhYoir5q+iSqWIqjKfDBlqCsvO7e+KidcW9ctljWspAHvl
-B3/yHdJwJz816YTZ7r37I/DsXk9gmjj317gWRkGLMTx9fk6SiMfGW4kfUvClfg1v
-0aRrDGPEcCagHM6ViqbW2+Tc5K38fySgNZKSTBPPI+59iAHd5RADEJDGankEYvzN
-Le0sgB90RDjhTMleOpp5agtd2Yk/ZVjHtKfCnq13OLJfcgX76iY1Ko6AmKqiaxiE
-V2zi9/UFVTIURT8S7JgiwF4ZNIZzHmcr4R4n5O7aSgYUlVjwFp/IEMC3ylTAX8cP
-d4VW0p1f4D3HK7TRcaaqsERuxNh2KVtR48Au2MPGC/8YRKsz/qzH2GfsfFgjKxfF
-z/mZYOA7913DvgVbDQoR9/6odGXZH0XDwH1e1w59dqbXBnIv2VVzElgZsPimIr+M
-UxlZXZHMYtL3AgMBAAGjga4wgaswHwYDVR0jBBgwFoAUPMiDx7JMjfFzgDZHrR/w
-dqeEFkMwHQYDVR0OBBYEFKqr/2rLqvEtxLDRsPCJ1L8WMr7VMA4GA1UdDwEB/wQE
-AwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6
-Ly9kZW1vLmNlcnRpZmljYXRlLmZpL2NybC9PcGVuTEFORGVtb1Jvb3RDQS5jcmww
-DQYJKoZIhvcNAQELBQADggIBAAmSU3aAV3YrPk9F4yaatF2H3E9PTZ/G/3kuJhBR
-Oag4trkewFoII+O0YQ2enqYeZ6AncGVRWeI1R2TmN8lpsBSG0IXQ8dhO9gCwSyxF
-Rito63OjZEaqbLY+1xs4ybkfHKnQ6wGOxDiDMY84kr/UbhpPgHDIufO3FWCp6ucu
-chN67J0hAMfiMbeQ5BZ3LLG2/To0Zl9S5L8C696YlSdBvp0V64vkXYxfAaIoHYEu
-coatg8hgSuugRN/eiOH2ppYShQXNGJvysi/DBtxZecStVJ8SGhWHhP3uM/9TiSfC
-ZCWp3xj65q1hWg0FgvQKDxaa3Qqq6r4/z7cbBI9Tg0VMJnIvhWTsLCssFzoqEvfL
-g53+kbZbQkJAJ4qEirPopKeTBgnm6pEeA5YOTp+bBSgPKNx7G1sT94+LO819aIXt
-ezP4AaO3cW6EomXojMyZl46NcUU3ZnL1AxbtWa9H4TdnBtYG2ewntCXkrqSuRry6
-lhgRZh6q9SDyKW6qjTN2/u91MgoRBndXfsCGX825yxKL0beFCpHFeG3r40zWB3xl
-s5zf/Ny7ZMp5gtVQOlmlN29HHN+Hzzhook8VrXLk5GXHQM0anfTffCHpw0UIivpA
-wJE9bOfha3mTd8LHXOP0OFH6OlqKNX943hQdblsOIVNNbxz3OfQm/ybNcHDUhlWV
-RDdm
------END CERTIFICATE-----

chaincerts/OpenLAN_Demo_Operating_CA.pem

@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFbjCCA1agAwIBAgICcp4wDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3Bl
-bkxBTiBEZW1vIFJvb3QgQ0EwHhcNMjUwMjIxMTUwMDAwWhcNNDUwMjIxMTUwMDAw
-WjAkMSIwIAYDVQQDExlPcGVuTEFOIERlbW8gT3BlcmF0aW5nIENBMIICIjANBgkq
-hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4Q5dx+CWyaPxOlAGUC462FgnO4umYEqF
-LQCuK31kgg0tBbbfaq0XApUnjH5IOMI1IGtYgZmm48q1noHaRwk4WFxxvr/dyS51
-hAEa2GFb2S3pkG7VXAF/XYv33yyfM+1K0tyZPRm9tbBShUIfflGFjnrSwxkNhoOH
-IIOVXxCHLBD/Aor74JAkEGtkIo30FPx2vQ+fg4rnQsm9aSffgWwWua7T590tnSMG
-ljDMm++nCQIgONFQC7RQXeL0Ruu14FxB639oJxPmwDQhD/R5zQz/wFBhinjHuzYl
-i0bmxHevdDQluNUxf2lHwJRy6eC/TzdRFOgDUre9kzu929skgNouM0q0y/Rpz7QU
-bd5s1i8JnKebAqADqMT8Yz1Hph0oCvOT0Dc2joxmjGh3loolWRKufKTVe431pvdv
-iV/rAooOSnm5Htmd8ClOADudhrheX886cSd9Z5JKucHhW34Lf1ze7uj1LjxoTh3O
-eo7XedhjmJYcQavpQlVRLTbbY/LJHegPtqJAIvQkrwtOpe05rShl06MxO9wj0BPJ
-0PFp/MxJd0ESDV0EM9dxWIWgXwZftowPzfj3ai5OQEazpTr1IMRehsbCn3JEJ77N
-hCqKPaZmRtKRD9e5cu0YiGfRddr7xaXiwtPGId/ZHsNUASbv7NMDdemRv3TiFwv4
-z8OKCm8QeisCAwEAAaOBrjCBqzAfBgNVHSMEGDAWgBQ8yIPHskyN8XOANketH/B2
-p4QWQzAdBgNVHQ4EFgQUe/uhewyjB6GNj5Dbq9s+I5mWexMwDgYDVR0PAQH/BAQD
-AgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDov
-L2RlbW8uY2VydGlmaWNhdGUuZmkvY3JsL09wZW5MQU5EZW1vUm9vdENBLmNybDAN
-BgkqhkiG9w0BAQsFAAOCAgEAXiCsunaML25vERDeclBVvUGHviqTh6WOFgezHQc/
-NGYl3yFEt2wn+XWjunjI+bfIhiG/98EJCqtT0X5hIn8NqiaGuMX+bI3bI3oIS9qF
-qaUuIX0Vt4RrhFhiPkgk25BVCxtMu8XA7OGARz5kRWedTANPh8FRaGIu2yAgPpP1
-Af6HAZYhwSMYm98Gp+9hN1yYDV8Yn58hVnWYEvJTDuaxlgbrsMZDfcGHJybZdNtZ
-WdZaVDHYCcjnPtvg/++e0GWC9ePjFbKy56Xv5lUsq/kUIbUAMwuGQm+fWF8bjWmX
-/251Ib1YlMp8MpLKofssN6WlcxE928djOyLZd0RLMRq7Uu15YCiImTax78cxptlu
-2EkKcJenpfSawGJepSfMuGBgpPg5Ud9Z/tVsTUhEC0YSKKokt0+t4VuFWk8ug3GK
-T6DMW0J7ajGNry5fxmIF/sDcFuY1q++y8aCL2I5BSf0Y9JM8N7BiB9w91qjVU6zM
-T22ioz7OydYq6wBKCSqGghqbm0ZbRbj1+j08CzwC0HQX5xo0ZPipIstk+DMZLy30
-ZerFlfzZSCNcpQsBJffE0mEA8D8+7u0MuyskrpUOGrJaAx0qt7BJpTlE8FGl41D9
-+fzIUJcTh+3+PAD7VvraobiLRFN2PqpoZAPI/frdT+EJrDkKj/FLIsQiUxxAG9F0
-Gvo=
------END CERTIFICATE-----

chaincerts/OpenLAN_Demo_Root_CA.pem

@@ -1,30 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFIjCCAwqgAwIBAgICCOMwDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3Bl
-bkxBTiBEZW1vIFJvb3QgQ0EwIBcNMjUwMjIxMTUwMDAwWhgPMjA1NTAyMjExNTAw
-MDBaMB8xHTAbBgNVBAMMFE9wZW5MQU4gRGVtbyBSb290IENBMIICIjANBgkqhkiG
-9w0BAQEFAAOCAg8AMIICCgKCAgEAyMTHKUp0lagm72Y4c8nrJkVcp7WUTjrsbrlp
-ylLYUohac9UWM0KYBMymQw4gXMQXDIV1tCPM6J22Iv7vfOUTnaU4mlcJ85zEMWoN
-gMknz/8nX+BBawFoqlK+AuIdT/RrCRCD7IlhmmPxhlrg2QV77NONBJxJ86yo89ve
-tnsM5DYEoCGNVKEqZVu02KXSI7TOby8TwM2SS1M0xESnanNvwxsICB86TCWtvLpP
-6tXdO+aNOEZ0VRvmVYMXFa2UXxbRJQgj2qPunlN0amvJ4uw7SdlMG1LgfFk12+Yo
-4d+BxEeZJkgmKAHY3Mos2tcX0kFbRadRLBklkAbYLVFPHqUAMgs+5666zJ9H+Fne
-SgqLg8edKJPBCCHOJr0r1CM0ernP1H1mgKeEGDVXJTgsqanzrYvSwina+Cc5i6cQ
-iL1oJgFoPCj7QW5WNm5fIMhq3BW4DtM3khY8cDpct063WaaR5jLUt2vhceN2id2G
-07J56LVQVebLIubb6SZFh9Ob3VOpiY3NGBtFXY0c7nQCaycGSdfhG/eCKyEZ7T51
-XnIVxTBm53TPatIKS6hqLm0qs9P7pjo2qRP270cWJ8gFecvATNVSodG1bpK5aPYM
-KVVAhchRm0WeFjga5O5/oOXOCdc7nygNUJmYJbhQsiluoZ5Gy8EdHxLDklc//X5M
-xRiETxMCAwEAAaNmMGQwHwYDVR0jBBgwFoAUPMiDx7JMjfFzgDZHrR/wdqeEFkMw
-HQYDVR0OBBYEFDzIg8eyTI3xc4A2R60f8HanhBZDMA4GA1UdDwEB/wQEAwIBBjAS
-BgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4ICAQCHG+fNWIrRZ1Cw
-1bykJcfMf+EdkRB79kaKMwKkmot94s5d8Me+nXKzNMvJk2emlHkgk/ke0ojyPJ0b
-7/5M3u7T8sNHoy/H7cHWpV/H31jgeF3yOtFFhQ7X0gQBh05tsmSO7hE6i8os+qg2
-QdAWlOipYHMVz/AVV2nls1OAflt3oEfvxVPlQyVY0GyOUS4dKBBRJwcRuqQBt2EX
-SHzcU1/Gd3wvwQxDLtV5gHHfCI7G39M3KmcMxlIYjIh2cn1c4Bd2PHS3NtwIXDsm
-WP8e5qLOUFtjMjYFKjaD2kpmihRKRDpHFyV1Ch6i4Xh7BIUnluAqf10iEfkG9Syc
-L5Ctnl9xkn9Bf9Md6H+M8e0HXJ4zw0WB/9IFBywkFP5ijvdyIVStQ+Fxsiqk62k+
-0XtidT3ma+Z0tTIVokbPsSxUafZo0DWKpWfnEg1RbKZ6PygGNhvwrqcojf4/vHYi
-9bAlpF4QFo4psZ7k/oxsAKSDHWfqm34qZq78RQI7OF5N/Bs0hkfYgg3RXt9oLVyl
-r8R0ZPfyTzchJVrtdxi9pwdyyYuBOwnCzyWs+z4QRAzHHylXQRut7SJR6lvSyMQs
-YiJfiHbhUa7nfLi93uoTv4b2Zx1XOT/7OaXnTldLKkijRu2sSAOJKf77lFpv8929
-9V/T79RyDPMvhRQaxyV7tBGOss3Smw==
------END CERTIFICATE-----

chaincerts/OpenLAN_Prod_Birth_Issuing_CA.pem

@@ -1,35 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGBjCCA+6gAwIBAgICAxMwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3Bl
-bkxBTiBSb290IENBMB4XDTI1MDUxNDA4NDcyNVoXDTQ1MDUxNDA5MTcyNVowIzEh
-MB8GA1UEAwwYT3BlbkxBTiBCaXJ0aCBJc3N1aW5nIENBMIICIjANBgkqhkiG9w0B
-AQEFAAOCAg8AMIICCgKCAgEAqkekr6rYqlnicopx8WgKhEUctfrMD3J8jC2YshEI
-hlVFI6lRbA9EFjv1hq0BhXhOY52lwOTOQtIgdn7HNcViSoiKqrVBYRskbhVqIA+7
-nPhwB/4BYYZnbzCELjROHnMn/drFScNUaUvf+EDh9WmO4vZHD5xstK729RDZE51n
-vLlFwe5O4ckekPH17r4WojoVSczkXXRhKJXV3GXdrA/epoIUn0poUM6bCjddiEbJ
-NPknqqkS8Z9a8GYt2IX33kZD3NdHjTQRnMd7g+xroJiQ/faZ9zc0ul6l85sl1G43
-AqriEI2aOWYhSxY7sDleuy5ggz8UA5lR6/z6ZIR8IfMSJag8aVkvxt51Gx2aDaVu
-PixyMFoXyhKQPSP+cL3rzSF/767iXqINw4oOb83Jy77Ocwgp2cfW06KI4l4CTymy
-83wCBEZ6pvLmjCmbz0DIg7V7yGPGjEePNyxYG0sM+aHQEpJnaib2yza9adiXlJ4s
-M+UEMnLjEu0i8Xy15hvItgo7FYTZgWh89LIhE63HDk6qteV836K2oL9PWtVUEg9v
-pElapnq+v+8BUsvmY6Nr8eYeAnCPyW2e49a91/vCP8B1Ydbe5ms3mYcGO3Kdx/k5
-QWLquKnt5ZAeJ2werO/8mUabq8eyt4EH9tZzDKJvV/xbmhluKmamfSg4GHCpOUl1
-+IcCAwEAAaOCAUswggFHMB8GA1UdIwQYMBaAFJRoW6g4+ThAsHJk/juSPinUhsIm
-MB0GA1UdDgQWBBRO5RI5Dr0FesZ3+QQ9ugAapLBaeDAOBgNVHQ8BAf8EBAMCAYYw
-EgYDVR0TAQH/BAgwBgEB/wIBADBHBgNVHR8EQDA+MDygOqA4hjZodHRwOi8vY3Js
-LmNlcnRpZmljYXRlcy5vcGVuLWxhbi5vcmcvb3BlbmxhbnJvb3RjYS5jcmwwgZcG
-CCsGAQUFBwEBBIGKMIGHMEQGCCsGAQUFBzAChjhodHRwOi8vY2VydHMuY2VydGlm
-aWNhdGVzLm9wZW4tbGFuLm9yZy9vcGVubGFucm9vdGNhLmNlcjA/BggrBgEFBQcw
-AYYzaHR0cDovL29jc3AuY2VydGlmaWNhdGVzLm9wZW4tbGFuLm9yZy9vcGVubGFu
-cm9vdGNhMA0GCSqGSIb3DQEBCwUAA4ICAQBQq28kQUcK88zs5YzZ3b6Y3t77yrSF
-lZLWsbNE/KVlvEuTIrtkRMX9PAC4tRjOpV0oxp6NdrqUKJ35gt4EKjw1vbtyXZD0
-VQwimBv1qapZEuNe5lwNssyySAnXxUIyhCV6QVD4G9vmRPzNVtIwssjffVPjjpZ9
-LBQdliOG3FBbcCWGuRiUMysVxHxdO2rokoFuO1ye+oURrqe9zeDtE0k9QNzAi36F
-FhuWYQnn+2QHfTX58cpMb1Aql3yTO/pz5fQRUF/hmfTuuk+dLlkWoem55oRGfMVL
-coAnW3We251iEawqrR9ZDgcIWlmloZFSNylpZ/iIZOIQdYFqreRo0DiSZG4kPxcW
-RKQTSJ9F3v2j0BZan2xxaSE1tJ54IJUPUND/O6ITVQLfexVLIggRfeIAsURdhPn9
-1KUrZu3HoIYX6kcpuhl++BQgOx3qr6RomAVDhXSGRVRQ2B76N0N1ZC+mEEhJUYbb
-0DlZntDp7q2ZDzn6gFYOnrGhoXe55Yrx8c45wMOBZmz0Q6xzc0jydgZoAG9/20l8
-6S9G2j+UuMYRBCSzouILsGwTloU7XR3qIuO2WbYcG+UV0o/3lVOkAk5992HPG7DT
-hZ1qNe72WFHmtKVwfYJTcQG/TucWFvplUE3hMDMqS80tmx9TrXiRdI4R5IrTxfsS
-znGN0LCQ5YzAAw==
------END CERTIFICATE-----

chaincerts/OpenLAN_Prod_Device_Issuing_CA.pem

@@ -1,35 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGBzCCA++gAwIBAgICBAYwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3Bl
-bkxBTiBSb290IENBMB4XDTI1MDUxNDA4NTQwNVoXDTQ1MDUxNDA5MjQwNVowJDEi
-MCAGA1UEAwwZT3BlbkxBTiBEZXZpY2UgSXNzdWluZyBDQTCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBALrPh3nxxKWaPQbcQeZdihRrGwJNYgdrzz/YAsss
-EbKXYKAOwb/EJKSv52eUysI59lcvfJrsqn4wyUaXQvgYxJUatCSpmCCKEzftgudS
-UAlPY8L/4qeqUvxz6CN3qiKivxQ31Z7SJTLgR7OTXxk5ckXHkc8QPB2GPWkU3BzV
-RbBNKcVxwMK6JaZbB0ZlR6r1ImnLnsDUI0qkgSV8NBO7bJd1yvqfn04yc0/pIo+1
-9uX/gh7AA0RsZeXw1SO3wCfUO5Cr65X+MW2T3LsbnBPbKOqHnF0YWJGx5RPOWVIS
-wudAy4zlqdwPInrb4BCMkJUoZlRhhx7vvNmP9HwNwCp8+COjE77caAEAi+0VHamY
-spu9IgDZCr5FmgHBMu9WiaWpB3RxxbFa6UdVl3sMzRFS6SEHhs6RCAXwQj7KiZLf
-tb3UCRps5XMlhmjAApyDKsJEXKnd5cSpSYxCQQlOB9BCG6QVc6vQLdu/uq8X6Z+2
-0EcP7NVyzMDgHdozp4jP+M4Sow6pv7KE4SZaBfpbgM+Ht22sYoBwMouRYbzSAhJS
-8qBH+IiDqwMRWyox8TuhCsn9WJr9t6l8p3O1pUB0IccraUTVo7XydZWaprtrvMTf
-RtudowCxea9Iz6md9zlqNZAQu2QNUpH9YQT408N02qukp2uaAGvQjbSfAtnWduTD
-F6AbAgMBAAGjggFLMIIBRzAfBgNVHSMEGDAWgBSUaFuoOPk4QLByZP47kj4p1IbC
-JjAdBgNVHQ4EFgQUVRP31JMaQoUd6psw0tjQpKbhmvUwDgYDVR0PAQH/BAQDAgGG
-MBIGA1UdEwEB/wQIMAYBAf8CAQAwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL2Ny
-bC5jZXJ0aWZpY2F0ZXMub3Blbi1sYW4ub3JnL29wZW5sYW5yb290Y2EuY3JsMIGX
-BggrBgEFBQcBAQSBijCBhzBEBggrBgEFBQcwAoY4aHR0cDovL2NlcnRzLmNlcnRp
-ZmljYXRlcy5vcGVuLWxhbi5vcmcvb3BlbmxhbnJvb3RjYS5jZXIwPwYIKwYBBQUH
-MAGGM2h0dHA6Ly9vY3NwLmNlcnRpZmljYXRlcy5vcGVuLWxhbi5vcmcvb3Blbmxh
-bnJvb3RjYTANBgkqhkiG9w0BAQsFAAOCAgEALMFsYRqB8NDMMWZV8NqbjNT5QA3Y
-O3ODxYOuFC4NjSzUSh3Lh73f5+Ec4slQNFuOQeqhqFJaDAPIxUI5ekKtVjzmt7St
-crbW1dE47+ZHkPXrWVRwRmlV1qP5TqS5oTH6dvpEpEcSxT/IKGQB1cwQ1C+Qp3dd
-3rZnylXfL5dimIpKDGHYqiHyltktlv3uMWnQhUwrKjt2GW0TnF7bVJ0OJko7aDL7
-wdY0TGUH9eLQOoz/a0e9sKSsqOxrq9grN7npbUHOr23CdQBnSjF1Q5dXKvza8kRj
-+agDJW5h/fyBvZ5I4U6m4jFyUnAKso6Xd0+feejPCH7f6kYY+pT7NKO4dVqaRLrj
-yDmtXGsMza6C0h8wBgYwg4d7jxTqOx6iJfJLyLGWKT94HeChiWOL2X0HpF+Gn9Uf
-C7rtLO4QwQzGHdEGyFlw/pBTs6g3wTYVv7ZZfh8DJ9PIedqJmUdwMVE89ThEpu4Z
-q1bFfqENwDmrj2erS3fweEY3G+w2m8f24tJiLWOW/hBRcR3fm+73C8svmtwVGo5Q
-2i6yJxQ12Q42oa1sfsohr22J2NxotqbQz0gq1J9QparEJ5qUjMKkO9Rj3s24KW2t
-E6WIb5d1WpIxownlqOgFE7FftxXmQdJNJ2t4XyUMWhwXbOxfc2RlLek0LtnHPA8N
-hCFqyfjUtMPqafk=
------END CERTIFICATE-----

chaincerts/OpenLAN_Prod_Root_CA.pem

@@ -1,30 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFFTCCAv2gAwIBAgICAxIwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3Bl
-bkxBTiBSb290IENBMCAXDTI1MDUxNDA4NDcxMFoYDzIwNTUwNTE0MDg0NzEwWjAa
-MRgwFgYDVQQDDA9PcGVuTEFOIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4IC
-DwAwggIKAoICAQDGibJ04A55kSURTBSKgcBmLnND2I5wws1taKqqU9aaRhB7NtvM
-Hwh2voH9b1brUiulZaZwTN/9kzd4AnXeKQ+0u5tV7Ofk0fzF2MK47n17TS30Yenq
-c4NuQEKdpKK/pM3VvOEppR/bqtgyLtDmbDnmFOx+zTj/+smTgouwA+Iier0P4s5O
-ohYxn/bjOqwQbHbU79VpGBIWv6/kt55AhH7zvsqqKHkrzTxnsRBv3SBIufrjJr9P
-IhZBLDrqr56P6KgAi0eoutNt2ToiJbE0WfjU7GI1RSiSN5bGj1zXhjNVzQWs1H9Q
-zRf3c9pl3+haHQZ7FZ1UqiTRewmbNrQ6I9k81au3SttUlb87MyAuDSzatkiq7CjQ
-8VE1J6te6ZBt2zWpUhHsR/Lg7g3eOw5dL4oZJdK5GgGu/MUajLUXifIqM13Mvg0V
-TzDhN69VLXLSL0gPcicsQCwJuAza1IC/VqmBGx19fAkyJhOurCXWOgisi0g1+xzP
-KRphUNwMPUf8vBVOM/Vc6xDIvwVGE3+eWXyhixneFlSpAI03nWWjpwWXihTBoxbf
-RXO3Y/ilJqrgFN+U4PJcCPA+Wo7ThH0mgX6bOTPcgXMUzT3v3FF6Bx5/PNV3kYrw
-2yLzribUiS6AGvVGnW4hX2Z6OQvA/aHME8KF+6y6m4pC7FkUjVaRlzWu/wIDAQAB
-o2MwYTAfBgNVHSMEGDAWgBSUaFuoOPk4QLByZP47kj4p1IbCJjAdBgNVHQ4EFgQU
-lGhbqDj5OECwcmT+O5I+KdSGwiYwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
-MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAB+/RUC2X6eVoPsFNMkaXO5Iib/ub0Jo
-WhODQm8j2Mr5dpGXESSpXjfDcqDOLuJbWWoflXBLdr8BsVCBqOA9YgCX0H8Br7dU
-WmCScixxLW0he592/424EvdwifxcKHZLjv9CKV5Txhqnm2djc5RY/nTH5MYVrIh/
-If2TNO5ydDP6+vgy9GQ4en04VK7rz+PW17O8l7k9/lOmYptZmHgSDAPj/cT3PlG+
-McqaI5rMSHeEHlzH+PvgWjtSeEhF4FwFBXroDl4/yb4l2JB8bqAZ3vsOXSkigFcZ
-h5MXPe+zuSSW+G8iLr4xoi0CFsP2DaHEyxgqP4B1FtE9nFPo6cvWbwqTVT7QSzqf
-H+jPJuQvpFXeRF5UFegNZTFT5/uFFPamihakFslEYxeJey1y+OJdLcP6ef87ruSt
-8amsq56OAETYpnW4JFowlEh0C+QwLGHGGY6WrOgHY/90hJmPgXBdBVg/IoOhzbvk
-5A+LqZDvxV2/rLNfClw8Kr3g5e8obcB6dWgMCy2z+us0H79ucnmhzQKsjpxM9T1n
-cHovAQfiD3jVqfHULY53avh0wIAjosoTGbe8dyx80quHe+16qWan7C9idXeAYYJX
-bZt5hs6hLw4I8M1LsjTg6vwsqiaHZpsmDyyQLdFjNJldG7aosfS9F+BIpuwijF+1
-dashL0CPsbIJ
------END CERTIFICATE-----

chaincerts/OpenLAN_Prod_Server_Issuing_CA.pem

@@ -1,35 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGBzCCA++gAwIBAgICCQYwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3Bl
-bkxBTiBSb290IENBMB4XDTI1MDUxNDA4NTY0MVoXDTQ1MDUxNDA5MjY0MVowJDEi
-MCAGA1UEAwwZT3BlbkxBTiBTZXJ2ZXIgSXNzdWluZyBDQTCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBALSdJpzwPfQM9oHBGt6w8UDLDJNznxI7cpfl0u0x
-VCHN1YY7onpwxFVkFRzUx/JrQ/tbEGZH19XtngaCZ91KbGbqVao9S32H0tyn2t3e
-TJ5h+klJ7+7YAbZr8UfOi3nG4bZzNSa5dDBPaNPvI51byKDN7siXXnALV3f0l6lZ
-gDpLQco/E7ANU3lslUVjVNALfFUEonDyP7XV+lFAyidpjIn6dRn7oYs3SUwkzZUn
-tYJAhAykmxXMWox+85gDkdb+2O3G8ci0uHVbb0A9LP+MeIhzxHgnnAMfWLfEZexd
-mEd2PwVHaz/D2Xp/gYrpPDTsbqWjQ9NmgdASwqN5j8BuJ8vHDVBVCztVDltm6JPw
-3Y6GQPN1LmiSLUzst7VYpydUJRDHYIAKJhT9DYxQ126VfiyMo6Xl4IQO8YZ/J6r8
-yR7gyvyUiBW+wvvC1bCY5+VuI4P/cY+6iA1qwC1SOWjYlccy+tbfGj9zr32Qf27e
-9RXSAkcATHen1rc/9AGEeAuSpKrzhmZIIvM4+EtYgbBvf91NkP51zbGpvsAbfWN/
-ecNmqH9SeyrrVgv68Z34hMijCcvJNyIvloo3nkb/gHYV4tAiwTTrX13Rio/8qNF4
-nwHLsjw0t7jEyRiXdOciePyhGbtdicuiUxrShzbGY7ID0yNwyTKcJYhorL/8r+YF
-psXrAgMBAAGjggFLMIIBRzAfBgNVHSMEGDAWgBSUaFuoOPk4QLByZP47kj4p1IbC
-JjAdBgNVHQ4EFgQUBwUkiaCh5hdY+ZH6O8NmEE/nH5EwDgYDVR0PAQH/BAQDAgGG
-MBIGA1UdEwEB/wQIMAYBAf8CAQAwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL2Ny
-bC5jZXJ0aWZpY2F0ZXMub3Blbi1sYW4ub3JnL29wZW5sYW5yb290Y2EuY3JsMIGX
-BggrBgEFBQcBAQSBijCBhzBEBggrBgEFBQcwAoY4aHR0cDovL2NlcnRzLmNlcnRp
-ZmljYXRlcy5vcGVuLWxhbi5vcmcvb3BlbmxhbnJvb3RjYS5jZXIwPwYIKwYBBQUH
-MAGGM2h0dHA6Ly9vY3NwLmNlcnRpZmljYXRlcy5vcGVuLWxhbi5vcmcvb3Blbmxh
-bnJvb3RjYTANBgkqhkiG9w0BAQsFAAOCAgEAqEk5ZJdpMVr2U0YhmqEU6gqxEeih
-9MWKcQfmsT/lhf5m5V7VuLMc3r+EBCsPssw60umdQcAU2IPlJXLAeWwdRyY7ZNNw
-QVgl9GBI/CM2b7x18+12/llCdXW9FOagdChTuuhwRnGTt71jcrJkleQyEYhqwwIE
-N82hxq4HSZO6XJDev4IsMRF00+qt8biJcf7OVGOSLoyiU6Dm/EzxoB+DZf3HdUc0
-vzfVjD4Im+yYzqXuwWV6c9oIBQH6obzaqlpg926CtEBFR8E1LQe93ahMvF7pExpI
-OkE5PTuqONvy7Xn3Ui8NRxHhmm8j/unql6bUTGENz9s68n8Im7weq6awC9Hfu8aG
-WjcnXI7tsDY5uJEguP5fSwCUrdTE85XgPgPHeKaIwBZsyRZTqVSvbky+c15Yv6IT
-XLWoA0AUxz9ste3WpqiWCNJVI90MCruSYKdpXGV0KU3QQXJDMKhHJBF5DLpuKibo
-Ffh9O8pB7B4/tJ76JpAc6Z0rfaQUo2vxSpb3Sbd/IHNcL08zB8Ay+YUBULspxe+1
-StKthmCzCHI9DOhIgeASyNBpcL7uZPjCXiYGhUuzsFGv4sQ+d267Jyvql/Piw/vY
-g1k2aVBfdIoIU4TpIEVyQqPz4aAW+0SgL7OM+/zD9jxn3gVdusCpmHcoTzOfZRri
-H0FGIeDSQydpOJU=
------END CERTIFICATE-----

chaincerts/README.md

@@ -1,42 +0,0 @@
-# Purpose
-
-These utilities update the clientCAS configuration to set the supported chain certificates. It would be used in case of reissued or expired chain certificates.
-
-# Usage
-
-## Kubernetes
-
-The *mkclientcas* utility generates the clientcas.pem section of the 
-*values.openwifi-qa.yaml* and *values.openwifi-qa-insta.yaml* files inside
-*../chart/environment-values/*.
-
-To create the *clientcas.pem* section for *values.openwifi-qa.yaml*:
-```
-./mkclientcas -d -o clientcas.digicert
-```
-
-To create the *clientcas.pem* section for *values.openwifi-qa-insta.yaml*:
-```
-./mkclientcas -o clientcas.insta
-```
-
-Then edit the *values.openwifi-qa.yaml* and/or *values.openwifi-qa-insta.yaml* files accordingly to replace the *owgw.certs.clientcas.pem* section with the content from the respective clientcas.\* file.
-
-## Docker Compose
-
-The *mkclientcas* utility generates the *clientcas.pem* files for docker-compose using the -D flag.
-
-To create the clientcas files:
-```
-./mkclientcas -D -d -o ../docker-compose/certs/clientcas_digicert.pem
-./mkclientcas -D -o ../docker-compose/certs/clientcas.pem
-```
-
-## AP-NOS
-
-The *mkclientcas* utility generates the *insta.pem* file using the -I flag.
-
-To create the *insta.pem* file:
-```
-./mkclientcas -I -o insta.pem
-```

chaincerts/TIP_Issuing_CA.pem

@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
-BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
-CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
-qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
-yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
-4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
-ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
-UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
-YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
-DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
-98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
-BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
-AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
-cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
-ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
-KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
-IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
-XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
-IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
-DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
-EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
------END CERTIFICATE-----

chaincerts/TIP_Root_CA.pem

@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-5IOM7ItsRmen6u3qu+JXros54e4juQ==
------END CERTIFICATE-----

chaincerts/mkclientcas

@@ -1,94 +0,0 @@
-#!/bin/bash
-# This script is used to generate the clientcas.pem files.
-
-function help {
-    echo "Usage: $0 [-h] [-d] [-D] [-i] [-o <file>]"
-    echo "  -h    Show this help text"
-    echo "  -d    Use Digicert certificates"
-    echo "  -D    Use Docker Compose certificates"
-    echo "  -i    Use insta.pem for AP-NOS"
-    echo "  -o    Output file (- for stdout)"
-}
-
-set -e
-digicert="false"
-dco="false"
-output="/dev/stdout"
-while getopts ":dDIo:" opt; do
-    case $opt in
-        d)
-            digicert="true"
-            ;;
-        D)
-            dco="true"
-            insta="false"
-            ;;
-        h)
-            help
-            exit
-            ;;
-        I)
-            insta="true"
-            dco="false"
-            ;;
-        o)
-            output="$OPTARG"
-            if [[ "$output" == "-" ]]; then
-                output="/dev/stdout"
-            fi
-            ;;
-        \?)
-            echo "Invalid option: -$OPTARG" >&2
-            help
-            exit 1
-            ;;
-    esac
-done
-
-# Available cert files:
-#   OpenLAN_Demo_Birth_CA.pem
-#   OpenLAN_Demo_Controller_CA.pem
-#   OpenLAN_Demo_Operating_CA.pem
-#   OpenLAN_Demo_Root_CA.pem
-#   OpenLAN_Prod_Birth_Issuing_CA.pem
-#   OpenLAN_Prod_Device_Issuing_CA.pem
-#   OpenLAN_Prod_Root_CA.pem
-#   OpenLAN_Prod_Server_Issuing_CA.pem
-#   TIP_Issuing_CA.pem
-#   TIP_Root_CA.pem
-
-> "$output"
-
-# Docker compose:
-if [[ "$dco" == "true" ]]; then
-    > "$output"
-    if [[ "$digicert" == "true" ]] ; then
-        cat TIP*.pem >> "$output"
-    fi
-    cat OpenLAN_Prod*.pem >> "$output"
-    cat OpenLAN_Demo*.pem >> "$output"
-    exit 0
-# insta.pem for AP-NOS
-elif [[ "$insta" == "true" ]]; then
-    files="OpenLAN_Demo_Birth_CA.pem OpenLAN_Demo_Root_CA.pem"
-    cat $files >> "$output"
-    files="OpenLAN_Prod_Root_CA.pem OpenLAN_Prod_Server_Issuing_CA.pem"
-    cat $files >> "$output"
-    exit 0
-fi
-
-# Kubernetes:
-dt=$(date)
-echo "    # Generated: $dt" >> "$output"
-if [[ "$digicert" == "true" ]] ; then
-    files=$(ls TIP*.pem)
-    echo "$files" | sed -e 's/^/    # /' >> "$output"
-fi
-files=$(ls OpenLAN_Prod*.pem OpenLAN_Demo*.pem)
-echo "$files" | sed -e 's/^/    # /' >> "$output"
-echo "    clientcas.pem: |" >> "$output"
-if [[ "$1" == "digicert" ]]; then
-    sed -e 's/^/      /' TIP*.pem >> "$output"
-fi
-sed -e 's/^/      /' OpenLAN_Prod*.pem >> "$output"
-sed -e 's/^/      /' OpenLAN_Demo*.pem >> "$output"

chart/Chart.yaml

@@ -2,32 +2,39 @@ apiVersion: v2
 name: openwifi
 appVersion: "1.0"
 description: A Helm chart for Kubernetes
-version: 0.1.0
+version: 2.9.0-RC3
 dependencies:
 - name: owgw
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=master"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.9.0-RC2"
   version: 0.1.0
 - name: owsec
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.9.0-RC2"
   version: 0.1.0
 - name: owfms
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.9.0-RC2"
   version: 0.1.0
 - name: owprov
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=v2.9.0-RC2"
   version: 0.1.0
 - name: owanalytics
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-analytics@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-analytics@helm?ref=v2.9.0-RC2"
   version: 0.1.0
 - name: owgwui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.9.0-RC2"
   version: 0.1.0
 - name: owprovui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=v2.9.0-RC1"
   version: 0.1.0
 - name: owsub
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-userportal@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-userportal@helm?ref=v2.9.0-RC2"
   version: 0.1.0
+- name: owrrm
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-rrm@helm?ref=v2.8.0"
+  version: 0.1.0
+- name: kafka
+  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
+  version: 13.0.2
+  condition: kafka.enabled
 - name: owls
   repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owls@helm?ref=main"
   version: 0.1.0
@@ -36,15 +43,11 @@ dependencies:
   repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owls-ui@helm?ref=master"
   version: 0.1.0
   condition: owlsui.enabled
-- name: kafka
-  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 28.2.3
-  condition: kafka.enabled
 - name: haproxy
-  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 0.13.3
+  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
+  version: 0.2.21
   condition: haproxy.enabled
-- name: postgresql
-  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 13.4.3
-  condition: postgresql.enabled
+- name: postgresql-ha
+  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
+  version: 8.6.13
+  condition: postgresql-ha.enabled

chart/README.md

@@ -1,10 +1,10 @@
 # openwifi
 
-This Helm chart helps to deploy OpenWIFI Cloud SDK with all required dependencies to the Kubernetes clusters. The purpose of this chart is to set up the correct connections between other microservices and other dependencies with correct Values and other charts as dependencies in [chart definition](Chart.yaml)
+This Helm chart helps to deploy OpenWIFI Cloud SDK with all required dependencies to the Kubernetes clusters. Purpose of this chart is to setup correct connections between other microservices and other dependencies with correct Values and other charts as dependencies in [chart definition](Chart.yaml)
 
 ## TL;DR;
 
-[helm-git](https://github.com/aslafy-z/helm-git) is required for remote the installation as it pull charts from other repositories for the deployment, so install it if you don't have it already.
+[helm-git](https://github.com/aslafy-z/helm-git) is required for remote the installation as it pull charts from other repositories for the deployment, so intall it if you don't have it already.
 
 Using that you can deploy Cloud SDK with 2 setups - without TLS certificates for RESTAPI endpoints and with them.
 
@@ -20,10 +20,11 @@ $ kubectl create secret generic openwifi-certs --from-file=../docker-compose/cer
 $ helm upgrade --install -f environment-values/values.base.secure.yaml openwifi .
 ```
 
-In order to access the UI and other RESTAPI endpoints you should run the following commands after the deployment:
+In order to acces the UI and other RESTAPI endpoints you should run the following commands after the deployment:
 
 ```
 $ kubectl port-forward deployment/proxy 5912 5913 16001 16002 16003 16004 16005 16006 16009 &
+$ kubectl port-forward deployment/owrrm 16789 &
 $ kubectl port-forward deployment/owgwui 8080:80 &
 $ kubectl port-forward deployment/owprovui 8088:80 &
 ```
@@ -42,10 +43,11 @@ $ kubectl create secret generic openwifi-certs --from-file=../docker-compose/cer
 $ helm upgrade --install -f environment-values/values.base.insecure.yaml openwifi .
 ```
 
-In order to access the UI and other RESTAPI endpoints you should run the following commands after the deployment:
+In order to acces the UI and other RESTAPI endpoints you should run the following commands after the deployment:
 
 ```
 $ kubectl port-forward deployment/proxy 5912 5913 16001 16002 16003 16004 16005 16006 16009 &
+$ kubectl port-forward deployment/owrrm 16789 &
 $ kubectl port-forward deployment/owgwui 8080:80 &
 $ kubectl port-forward deployment/owprovui 8088:80 &
 ```
@@ -141,10 +143,12 @@ The following table lists the configurable parameters that overrides microservic
 | `owsub.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Subscription to use Kafka for communication | `'true'` |
 | `owsub.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Subscription to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
 | `owsub.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
+| `owrrm.public_env_variables` | map | Map of public environment variables passed to OpenWIFI RRM service |  |
+| `owrrm.mysql.enabled` | boolean | Flag to enable MySQL database deployment of OpenWIFI RRM service using subchart | `true` |
 | `kafka.enabled` | boolean | Enables [kafka](https://github.com/bitnami/charts/blob/master/bitnami/kafka/) deployment | `true` |
 | `kafka.fullnameOverride` | string | Overrides Kafka Kubernetes service name so it could be predictable and set in microservices configs | `'kafka'` |
 | `kafka.image.registry` | string | Kafka Docker image registry | `'docker.io'` |
-| `kafka.image.repository` | string | Kafka Docker image repository | `'bitnamilegacy/kafka'` |
+| `kafka.image.repository` | string | Kafka Docker image repository | `'bitnami/kafka'` |
 | `kafka.image.tag` | string | Kafka Docker image tag | `'2.8.0-debian-10-r43'` |
 | `kafka.minBrokerId` | number | Sets Kafka minimal broker ID (useful for multi-node Kafka installations) | `100` |
 | `clustersysteminfo.enabled` | boolean | Enables post-install check that makes sure that all services are working correctly using systeminfo RESTAPI method | `false` |
@@ -163,7 +167,7 @@ The following table lists the configurable parameters that overrides microservic
 | `restapiCerts.services` | array | List of services that require certificates generation |  |
 | `restapiCerts.clusterDomain` | string | Kubernetes cluster domain | `cluster.local` |
 
-If required, further overrides may be passed. They will be merged with default values from this chart and other sub-charts with priority to values you'll pass.
+If required, further overrides may be passed. They will be merged with default values from this chart and other subcharts with priority to values you'll pass.
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 
@@ -196,7 +200,7 @@ By setting `clusterinfo.enabled` to `true` you may enable job on post-install/po
 1. Change default security credentials from credentials set in OWSEC configuration file (see 'Required password changing on the first startup' block above)
 2. Check if all services started responding correctly after the deployment using systeminfo REST API method
 
-In order to do that, you need to additionally set multiple parameters:
+In order to do that, you need to additionaly set multiple parameters:
 
 1. clusterinfo.public_env_variables.OWSEC - OWSEC endpoint to use for CLI tools
 2. clusterinfo.secret_env_variables.OWSEC_DEFAULT_USERNAME - username used for CLI requests (see OWSEC configuration file for details)
@@ -217,17 +221,17 @@ You may see example values to enable this feature in [values.enable-owls.yaml](.
 
 In order to use single point of entry for all services (may be used for one cloud Load Balancer per installation) HAproxy is installed by default with other services. HAproxy is working in TCP proxy mode, so every TLS certificate is managed by services themself, while it is possible to pass requests from cloud load balancer to services using same ports (configuration of cloud load balancer may vary from cloud provider to provider).
 
-By default, this option is enabled, but you may disable it and make per-service LoadBalancer using values in [values.disable-haproxy.yaml](./feature-values/values.disable-haproxy.yaml).
+By default this option is enabled, but you may disable it and make per-service LoadBalancer using values in [values.disable-haproxy.yaml](./feature-values/values.disable-haproxy.yaml).
 
 ### OWGW unsafe sysctls
 
-By default, Linux is using quite adequate sysctl values for TCP keepalive, but OWGW may keep disconnected APs in stuck state preventing it from connecting back. This may be changed by setting some sysctls to lower values:
+By default Linux is using quite adeqate sysctl values for TCP keepalive, but OWGW may keep disconnected APs in stuck state preventing it from connecting back. This may be changed by setting some sysctls to lower values:
 
 - net.ipv4.tcp_keepalive_intvl
 - net.ipv4.tcp_keepalive_probes - 2
 - net.ipv4.tcp_keepalive_time - 45
 
-However, this change is [not considered safe by Kubernetes](https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls), and it requires to pass additional argument to your Kubelets services in your Kubernetes cluster:
+However this change is [not considered safe by Kubernetes](https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls) and it requires to pass additional argument to your Kubelets services in your Kubernetes cluster:
 
 ```
 --allowed-unsafe-sysctls net.ipv4.tcp_keepalive_intvl,net.ipv4.tcp_keepalive_probes,net.ipv4.tcp_keepalive_time
@@ -254,16 +258,16 @@ You may see example values to enable this feature in [values.restapi-disable-tls
 
 ### PostgreSQL storage option for services
 
-By default, all microservices use SQLite as default storage driver, but it is possible to use PostgreSQL for that purpose. Both [cluster-per-microservice](environment-values/values.openwifi-qa.external-db.yaml) and [cluster per installation](environment-values/values.openwifi-qa.single-external-db.yaml) deployments method may be used.
+By default all microservices except RRM service use SQLite as default storage driver, but it is possible to use PostgreSQL for that purpose. Both [cluster-per-microservice](environment-values/values.openwifi-qa.external-db.yaml) and [cluster per installation](environment-values/values.openwifi-qa.single-external-db.yaml) deployments method may be used.
 
 ## Environment specific values
 
-This repository contains values files that may be used in the same manner as feature values above to deploy to specific runtime environments (including different cloud deployments).
+This repository contains values files that may be used in the same manner as feature values above to deploy to specific runtime envionemnts (including different cloud deployments).
 
 Some environments are using [external-dns](https://github.com/kubernetes-sigs/external-dns) service to dynamically set DNS records, but you may manage your records manually
 
 ### AWS EKS
 
-EKS based installation assumes that you are using [AWS Load Balancer controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller) so that all required ALBs and NLBs are created automatically. Also, it is assumed that you have Route53 managed DNS zone, and you've issued wildcard certificate for one of your zones that may be used by Load Balancers.
+EKS based installation assumes that you are using [AWS Load Balancer controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller) so that all required ALBs and NLBs are created automatically. Also it is assumed that you have Route53 managed DNS zone and you've issued wildcard certificate for one of your zones that may be used by Load Balancers.
 
 You may see example values for this environment in [values.aws.yaml](./environment-values/values.aws.yaml).

chart/docker/change_credentials

@@ -61,7 +61,7 @@ then
         echo "Logged in with new credentials:"
     fi
 else
-    echo "Credentials check failed with unexpected ErrorCode, please review the response body:"
+    echo "Credentials check failed with unexpected ErrorCode, please review the responce body:"
     jq < ${result_file}
     exit 2
 fi

chart/environment-values/.gitignore

@@ -1,3 +0,0 @@
-_values.custom-*.yaml
-certs/
-env_*

chart/environment-values/cleanup.sh

@@ -1,15 +0,0 @@
-#!/bin/bash
-[ -z "$NAMESPACE" ] && echo "No NAMESPACE set" && exit 1
-ns="openwifi-$NAMESPACE"
-echo "Cleaning up namespace $ns in 10 seconds..."
-sleep 10
-echo "- delete tip-openwifi helm release in $ns"
-helm -n "$ns" delete tip-openwifi
-if [[ "$1" == "full" ]] ; then
-    echo "- delete $ns namespace in 30 seconds..."
-    sleep 30
-    echo "- delete $ns namespace"
-    kubectl delete ns "$ns"
-fi
-echo "- cleaned up $ns namespace"
-exit 0

chart/environment-values/deploy.sh

@@ -2,77 +2,80 @@
 set -e
 
 # Usage function
-function usage()
-{
-    cat <<-EOF >&2
-This script is intended for OpenWIFI Cloud SDK deployment to TIP QA/Dev environments using assembly Helm chart (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) with configuration through environment variables
-
-Required environment variables:
-- NAMESPACE - namespace suffix that will used added for the Kubernetes environment (i.e. if you pass 'test', kubernetes namespace will be named 'ucentral-test')
-- DEPLOY_METHOD - deployment method for the chart deployment (supported methods - 'git' (will use helm-git from assembly chart), 'bundle' (will use chart stored in the Artifactory) or local
-- CHART_VERSION - version of chart to be deployed from assembly chart (for 'git' method git ref may be passed, for 'bundle' method version of chart may be passed)
-- VALUES_FILE_LOCATION - path to file with override values that may be used for deployment
-- DOMAIN - Domain name. default: cicd.lab.wlan.tip.build
-- OWGW_AUTH_USERNAME - username to be used for requests to OpenWIFI Security
-- OWGW_AUTH_PASSWORD - hashed password for OpenWIFI Security (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)
-- OWFMS_S3_SECRET - secret key that is used for OpenWIFI Firmware access to firmwares S3 bucket
-- OWFMS_S3_KEY - access key that is used for OpenWIFI Firmware access to firmwares S3 bucket
-- OWSEC_NEW_PASSWORD - password that should be set to default user instead of default password from properties
-- CERT_LOCATION - path to certificate in PEM format that will be used for securing all endpoint in all services
-- KEY_LOCATION - path to private key in PEM format that will be used for securing all endpoint in all services
-
-The following environmnet variables may be passed, but will be ignored if CHART_VERSION is set to release (i.e. v2.4.0):
-- OWGW_VERSION - OpenWIFI Gateway version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
-- OWGWUI_VERSION - OpenWIFI Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
-- OWSEC_VERSION - OpenWIFI Security version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
-- OWFMS_VERSION - OpenWIFI Firmware version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
-- OWPROV_VERSION - OpenWIFI Provisioning version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
-- OWPROVUI_VERSION - OpenWIFI Provisioning Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
-- OWANALYTICS_VERSION - OpenWIFI Analytics version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
-- OWSUB_VERSION - OpenWIFI Subscription (Userportal) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
-
-Optional environment variables:
-- EXTRA_VALUES - extra values that should be passed to Helm deployment separated by comma (,)
-- DEVICE_CERT_LOCATION - path to certificate in PEM format that will be used for load simulator
-- DEVICE_KEY_LOCATION - path to private key in PEM format that will be used for load simulator
-- USE_SEPARATE_OWGW_LB - flag that should change split external DNS for OWGW and other services
-- INTERNAL_RESTAPI_ENDPOINT_SCHEMA - what schema to use for internal RESTAPI endpoints (https by default)
-- IPTOCOUNTRY_IPINFO_TOKEN - token that should be set for IPInfo support (owgw/owprov iptocountry.ipinfo.token properties), ommited if not passed
-- MAILER_USERNAME - SMTP username used for OWSEC mailer
-- MAILER_PASSWORD - SMTP password used for OWSEC mailer (only if both MAILER_PASSWORD and MAILER_USERNAME are set, mailer will be enabled)
-- CERTIFICATE_ARN - Certificate ARN (will default to ap-south-1 certificate ARN)
-EOF
+usage () {
+  echo >&2;
+  echo "This script is indended for OpenWIFI Cloud SDK deployment to TIP QA/Dev environments using assembly Helm chart (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) with configuration through environment variables" >&2;
+  echo >&2;
+  echo "Required environment variables:" >&2;
+  echo >&2;
+  echo "- NAMESPACE - namespace suffix that will used added for the Kubernetes environment (i.e. if you pass 'test', kubernetes namespace will be named 'ucentral-test')" >&2;
+  echo "- DEPLOY_METHOD - deployment method for the chart deployment (supported methods - 'git' (will use helm-git from assembly chart) and 'bundle' (will use chart stored in the Artifactory0" >&2;
+  echo "- CHART_VERSION - version of chart to be deployed from assembly chart (for 'git' method git ref may be passed, for 'bundle' method version of chart may be passed)" >&2;
+  echo >&2;
+  echo "- VALUES_FILE_LOCATION - path to file with override values that may be used for deployment" >&2;
+  echo "- OWGW_AUTH_USERNAME - username to be used for requests to OpenWIFI Security" >&2;
+  echo "- OWGW_AUTH_PASSWORD - hashed password for OpenWIFI Security (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)" >&2;
+  echo "- OWFMS_S3_SECRET - secret key that is used for OpenWIFI Firmware access to firmwares S3 bucket" >&2;
+  echo "- OWFMS_S3_KEY - access key that is used for OpenWIFI Firmware access to firmwares S3 bucket" >&2;
+  echo "- OWSEC_NEW_PASSWORD - password that should be set to default user instead of default password from properties" >&2;
+  echo "- CERT_LOCATION - path to certificate in PEM format that will be used for securing all endpoint in all services" >&2;
+  echo "- KEY_LOCATION - path to private key in PEM format that will be used for securing all endpoint in all services" >&2;
+  echo >&2;
+  echo "Following environmnet variables may be passed, but will be ignored if CHART_VERSION is set to release (i.e. v2.4.0):" >&2;
+  echo >&2;
+  echo "- OWGW_VERSION - OpenWIFI Gateway version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWGWUI_VERSION - OpenWIFI Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWSEC_VERSION - OpenWIFI Security version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWFMS_VERSION - OpenWIFI Firmware version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWPROV_VERSION - OpenWIFI Provisioning version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWPROVUI_VERSION - OpenWIFI Provisioning Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWANALYTICS_VERSION - OpenWIFI Analytics version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWSUB_VERSION - OpenWIFI Subscription (Userportal) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWRRM_VERSION - OpenWIFI radio resource management service (RRM) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo >&2;
+  echo "Optional environment variables:" >&2;
+  echo >&2;
+  echo "- EXTRA_VALUES - extra values that should be passed to Helm deployment separated by comma (,)" >&2;
+  echo "- DEVICE_CERT_LOCATION - path to certificate in PEM format that will be used for load simulator" >&2;
+  echo "- DEVICE_KEY_LOCATION - path to private key in PEM format that will be used for load simulator" >&2;
+  echo "- USE_SEPARATE_OWGW_LB - flag that should change split external DNS for OWGW and other services" >&2;
+  echo "- INTERNAL_RESTAPI_ENDPOINT_SCHEMA - what schema to use for internal RESTAPI endpoints (https by default)" >&2;
+  echo "- IPTOCOUNTRY_IPINFO_TOKEN - token that should be set for IPInfo support (owgw/owprov iptocountry.ipinfo.token properties), ommited if not passed" >&2;
+  echo "- MAILER_USERNAME - SMTP username used for OWSEC mailer" >&2;
+  echo "- MAILER_PASSWORD - SMTP password used for OWSEC mailer (only if both MAILER_PASSWORD and MAILER_USERNAME are set, mailer will be enabled)" >&2;
 }
 
 # Global variables
 VALUES_FILE_LOCATION_SPLITTED=()
 EXTRA_VALUES_SPLITTED=()
-DEF_CERT_ARN="arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c"
 
 # Helper functions
-function check_if_chart_version_is_release()
-{
-    [[ "$CHART_VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+ ]]
+check_if_chart_version_is_release() {
+  PARSED_CHART_VERSION=$(echo $CHART_VERSION | grep -xP "v\d+\.\d+\.\d+.*")
+  if [[ -z "$PARSED_CHART_VERSION" ]]; then
+    return 1
+  else
+    return 0
+  fi
 }
 
 # Check if required environment variables were passed
 ## Deployment specifics
 [ -z ${DEPLOY_METHOD+x} ] && echo "DEPLOY_METHOD is unset" >&2 && usage && exit 1
 [ -z ${CHART_VERSION+x} ] && echo "CHART_VERSION is unset" >&2 && usage && exit 1
-if [[ "$DEPLOY_METHOD" != "local" ]] ; then
-    if check_if_chart_version_is_release ; then
-        echo "Chart version ($CHART_VERSION) is a release version, ignoring services versions"
-    else
-        echo "Chart version ($CHART_VERSION) is not a release version, checking if services versions are set"
-        [ -z ${OWGW_VERSION+x} ] && echo "OWGW_VERSION is unset" >&2 && usage && exit 1
-        [ -z ${OWGWUI_VERSION+x} ] && echo "OWGWUI_VERSION is unset" >&2 && usage && exit 1
-        [ -z ${OWSEC_VERSION+x} ] && echo "OWSEC_VERSION is unset" >&2 && usage && exit 1
-        [ -z ${OWFMS_VERSION+x} ] && echo "OWFMS_VERSION is unset" >&2 && usage && exit 1
-        [ -z ${OWPROV_VERSION+x} ] && echo "OWPROV_VERSION is unset" >&2 && usage && exit 1
-        [ -z ${OWPROVUI_VERSION+x} ] && echo "OWPROVUI_VERSION is unset" >&2 && usage && exit 1
-        [ -z ${OWANALYTICS_VERSION+x} ] && echo "OWANALYTICS_VERSION is unset" >&2 && usage && exit 1
-        [ -z ${OWSUB_VERSION+x} ] && echo "OWSUB_VERSION is unset" >&2 && usage && exit 1
-    fi
+if check_if_chart_version_is_release; then
+  echo "Chart version ($CHART_VERSION) is release version, ignoring services versions"
+else
+  echo "Chart version ($CHART_VERSION) is not release version, checking if services versions are set"
+  [ -z ${OWGW_VERSION+x} ] && echo "OWGW_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWGWUI_VERSION+x} ] && echo "OWGWUI_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWSEC_VERSION+x} ] && echo "OWSEC_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWFMS_VERSION+x} ] && echo "OWFMS_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWPROV_VERSION+x} ] && echo "OWPROV_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWPROVUI_VERSION+x} ] && echo "OWPROVUI_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWANALYTICS_VERSION+x} ] && echo "OWANALYTICS_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWSUB_VERSION+x} ] && echo "OWSUB_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWRRM_VERSION+x} ] && echo "OWRRM_VERSION is unset" >&2 && usage && exit 1
 fi
 ## Environment specifics
 [ -z ${NAMESPACE+x} ] && echo "NAMESPACE is unset" >&2 && usage && exit 1
@@ -89,11 +92,8 @@ fi
 [ -z ${DEVICE_CERT_LOCATION+x} ] && echo "DEVICE_CERT_LOCATION is unset, setting it to CERT_LOCATION" && export DEVICE_CERT_LOCATION=$CERT_LOCATION
 [ -z ${DEVICE_KEY_LOCATION+x} ] && echo "DEVICE_KEY_LOCATION is unset, setting it to KEY_LOCATION" && export DEVICE_KEY_LOCATION=$KEY_LOCATION
 [ -z ${INTERNAL_RESTAPI_ENDPOINT_SCHEMA+x} ] && echo "INTERNAL_RESTAPI_ENDPOINT_SCHEMA is unset, setting it to 'https'" && export INTERNAL_RESTAPI_ENDPOINT_SCHEMA=https
-[ -z ${USE_SEPARATE_OWGW_LB+x} ] && echo "USE_SEPARATE_OWGW_LB is unset, setting it to false" && export USE_SEPARATE_OWGW_LB=false
 export MAILER_ENABLED="false"
 [ ! -z ${MAILER_USERNAME+x} ] && [ ! -z ${MAILER_PASSWORD+x} ] && echo "MAILER_USERNAME and MAILER_PASSWORD are set, mailer will be enabled" && export MAILER_ENABLED="true"
-[ -z "${DOMAIN}" ] && echo "DOMAIN is unset, using cicd.lab.wlan.tip.build" && export DOMAIN="cicd.lab.wlan.tip.build"
-[ -z ${CERTIFICATE_ARN+x} ] && export CERTIFICATE_ARN=$DEF_CERT_ARN
 
 # Transform some environment variables
 export OWGW_VERSION_TAG=$(echo ${OWGW_VERSION} | tr '/' '-')
@@ -104,69 +104,130 @@ export OWPROV_VERSION_TAG=$(echo ${OWPROV_VERSION} | tr '/' '-')
 export OWPROVUI_VERSION_TAG=$(echo ${OWPROVUI_VERSION} | tr '/' '-')
 export OWANALYTICS_VERSION_TAG=$(echo ${OWANALYTICS_VERSION} | tr '/' '-')
 export OWSUB_VERSION_TAG=$(echo ${OWSUB_VERSION} | tr '/' '-')
+export OWRRM_VERSION_TAG=$(echo ${OWRRM_VERSION} | tr '/' '-')
+
+# Debug get bash version
+bash --version >&2
 
 # Check deployment method that's required for this environment
 helm plugin install https://github.com/databus23/helm-diff || true
-if [[ "$DEPLOY_METHOD" == "git" ]] ; then
-    helm plugin list | grep "^helm-git" || helm plugin install https://github.com/aslafy-z/helm-git || true
-    rm -rf wlan-cloud-ucentral-deploy || true
-    git clone https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git
-    cd wlan-cloud-ucentral-deploy
-    git checkout $CHART_VERSION
-    cd chart
-    if ! check_if_chart_version_is_release ; then
-        sed -i '/wlan-cloud-ucentralgw@/s/ref=.*/ref='${OWGW_VERSION}'\"/g' Chart.yaml
-        sed -i '/wlan-cloud-ucentralgw-ui@/s/ref=.*/ref='${OWGWUI_VERSION}'\"/g' Chart.yaml
-        sed -i '/wlan-cloud-ucentralsec@/s/ref=.*/ref='${OWSEC_VERSION}'\"/g' Chart.yaml
-        sed -i '/wlan-cloud-ucentralfms@/s/ref=.*/ref='${OWFMS_VERSION}'\"/g' Chart.yaml
-        sed -i '/wlan-cloud-owprov@/s/ref=.*/ref='${OWPROV_VERSION}'\"/g' Chart.yaml
-        sed -i '/wlan-cloud-owprov-ui@/s/ref=.*/ref='${OWPROVUI_VERSION}'\"/g' Chart.yaml
-        sed -i '/wlan-cloud-analytics@/s/ref=.*/ref='${OWANALYTICS_VERSION}'\"/g' Chart.yaml
-        sed -i '/wlan-cloud-userportal@/s/ref=.*/ref='${OWSUB_VERSION}'\"/g' Chart.yaml
-    fi
-    #helm repo add bitnami https://charts.bitnami.com/bitnami && helm repo update
-    [ -z "$SKIP_DEPS" ] && helm dependency update
-    cd ../..
-    export DEPLOY_SOURCE="wlan-cloud-ucentral-deploy/chart"
-elif [[ "$DEPLOY_METHOD" == "bundle" ]] ; then
+if [[ "$DEPLOY_METHOD" == "git" ]]; then
+  helm plugin install https://github.com/aslafy-z/helm-git --version 0.10.0 || true
+  rm -rf wlan-cloud-ucentral-deploy || true
+  git clone https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git
+  cd wlan-cloud-ucentral-deploy
+  git checkout $CHART_VERSION
+  cd chart
+  if ! check_if_chart_version_is_release; then
+    sed -i '/wlan-cloud-ucentralgw@/s/ref=.*/ref='${OWGW_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-ucentralgw-ui@/s/ref=.*/ref='${OWGWUI_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-ucentralsec@/s/ref=.*/ref='${OWSEC_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-ucentralfms@/s/ref=.*/ref='${OWFMS_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-owprov@/s/ref=.*/ref='${OWPROV_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-owprov-ui@/s/ref=.*/ref='${OWPROVUI_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-analytics@/s/ref=.*/ref='${OWANALYTICS_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-userportal@/s/ref=.*/ref='${OWSUB_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-rrm@/s/ref=.*/ref='${OWRRM_VERSION}'\"/g' Chart.yaml
+  fi
+  helm repo add bitnami https://charts.bitnami.com/bitnami
+  helm repo update
+  helm dependency update
+  cd ../..
+  export DEPLOY_SOURCE="wlan-cloud-ucentral-deploy/chart"
+else
+  if [[ "$DEPLOY_METHOD" == "bundle" ]]; then
     helm repo add tip-wlan-cloud-ucentral-helm https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/ || true
     export DEPLOY_SOURCE="tip-wlan-cloud-ucentral-helm/openwifi --version $CHART_VERSION"
-elif [[ "$DEPLOY_METHOD" == "local" ]] ; then
-    export DEPLOY_SOURCE=".."
-    pushd ..
-    [ -z "$SKIP_DEPS" ] && helm dependency update
-    popd
-else
-    echo "Deploy method is not correct: $DEPLOY_METHOD. Valid values: git, bundle or local" >&2
+  else
+    echo "Deploy method is not correct: $DEPLOY_METHOD. Valid value - git or bundle" >&2
     exit 1
+  fi
 fi
 
 VALUES_FILES_FLAGS=()
 IFS=',' read -ra VALUES_FILE_LOCATION_SPLITTED <<< "$VALUES_FILE_LOCATION"
 for VALUE_FILE in ${VALUES_FILE_LOCATION_SPLITTED[*]}; do
-    VALUES_FILES_FLAGS+=("-f" $VALUE_FILE)
+  VALUES_FILES_FLAGS+=("-f" $VALUE_FILE)
 done
 EXTRA_VALUES_FLAGS=()
 IFS=',' read -ra EXTRA_VALUES_SPLITTED <<< "$EXTRA_VALUES"
 for EXTRA_VALUE in ${EXTRA_VALUES_SPLITTED[*]}; do
-    EXTRA_VALUES_FLAGS+=("--set" $EXTRA_VALUE)
+  EXTRA_VALUES_FLAGS+=("--set" $EXTRA_VALUE)
 done
 
-if [[ "$USE_SEPARATE_OWGW_LB" == "true" ]] ; then
-  export HAPROXY_SERVICE_DNS_RECORDS="sec-${NAMESPACE}.${DOMAIN},fms-${NAMESPACE}.${DOMAIN},prov-${NAMESPACE}.${DOMAIN},analytics-${NAMESPACE}.${DOMAIN},sub-${NAMESPACE}.${DOMAIN}"
-  export OWGW_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.${DOMAIN}"
+if [[ "$USE_SEPARATE_OWGW_LB" == "true" ]]; then
+  export HAPROXY_SERVICE_DNS_RECORDS="sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,analytics-${NAMESPACE}.cicd.lab.wlan.tip.build\,sub-${NAMESPACE}.cicd.lab.wlan.tip.build"
+  export OWGW_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build"
 else
-  export HAPROXY_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.${DOMAIN},sec-${NAMESPACE}.${DOMAIN},fms-${NAMESPACE}.${DOMAIN},prov-${NAMESPACE}.${DOMAIN},analytics-${NAMESPACE}.${DOMAIN},sub-${NAMESPACE}.${DOMAIN}"
+  export HAPROXY_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build\,sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,analytics-${NAMESPACE}.cicd.lab.wlan.tip.build\,sub-${NAMESPACE}.cicd.lab.wlan.tip.build"
   export OWGW_SERVICE_DNS_RECORDS=""
 fi
 
-envsubst < values.custom.tpl.yaml > _values.custom-${NAMESPACE}.yaml
-
+# Run the deployment
 helm upgrade --install --create-namespace --wait --timeout 60m \
   --namespace openwifi-${NAMESPACE} \
   ${VALUES_FILES_FLAGS[*]} \
+  --set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."openwifi\.fileuploader\.host\.0\.name"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."rtty\.server"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."openwifi\.system\.uri\.public"=https://gw-${NAMESPACE}.cicd.lab.wlan.tip.build:16002 \
+  --set owgw.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owgw-owgw:17002 \
+  --set owgw.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."iptocountry\.ipinfo\.token"="${IPTOCOUNTRY_IPINFO_TOKEN}" \
+  --set owgw.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owsec.configProperties."authentication\.default\.username"=${OWGW_AUTH_USERNAME} \
+  --set owsec.configProperties."authentication\.default\.password"=${OWGW_AUTH_PASSWORD} \
+  --set owsec.services.owsec.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=sec-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsec.configProperties."openwifi\.system\.uri\.public"=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owsec.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsec-owsec:17001 \
+  --set owsec.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsec.configProperties."mailer\.sender"=sec-${NAMESPACE}@cicd.lab.wlan.tip.build \
+  --set owsec.configProperties."mailer\.enabled"=$MAILER_ENABLED \
+  --set owsec.configProperties."mailer\.username"=$MAILER_USERNAME \
+  --set owsec.configProperties."mailer\.password"=$MAILER_PASSWORD \
+  --set owfms.configProperties."s3\.secret"=${OWFMS_S3_SECRET} \
+  --set owfms.configProperties."s3\.key"=${OWFMS_S3_KEY} \
+  --set owfms.services.owfms.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=fms-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owfms.configProperties."openwifi\.system\.uri\.public"=https://fms-${NAMESPACE}.cicd.lab.wlan.tip.build:16004 \
+  --set owfms.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owfms-owfms:17004 \
+  --set owfms.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owfms.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owgwui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgwui.ingresses.default.hosts={webui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
+  --set owgwui.public_env_variables.REACT_APP_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owprov.services.owprov.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=prov-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owprov.configProperties."openwifi\.system\.uri\.public"=https://prov-${NAMESPACE}.cicd.lab.wlan.tip.build:16005 \
+  --set owprov.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owprov-owprov:17005 \
+  --set owprov.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owprov.configProperties."iptocountry\.ipinfo\.token"="${IPTOCOUNTRY_IPINFO_TOKEN}" \
+  --set owprov.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owprovui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=provui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owprovui.ingresses.default.hosts={provui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
+  --set owprovui.public_env_variables.REACT_APP_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owanalytics.services.owanalytics.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=analytics-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owanalytics.configProperties."openwifi\.system\.uri\.public"=https://analytics-${NAMESPACE}.cicd.lab.wlan.tip.build:16009 \
+  --set owanalytics.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owanalytics-owanalytics:17009 \
+  --set owanalytics.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owanalytics.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owsub.services.owsub.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=sub-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsub.configProperties."openwifi\.system\.uri\.public"=https://sub-${NAMESPACE}.cicd.lab.wlan.tip.build:16006 \
+  --set owsub.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsub-owsub:17006 \
+  --set owsub.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsub.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set clustersysteminfo.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set clustersysteminfo.secret_env_variables.OWSEC_NEW_PASSWORD=${OWSEC_NEW_PASSWORD} \
+  --set owls.services.owls.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=ls-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owls.configProperties."openwifi\.system\.uri\.public"=https://ls-${NAMESPACE}.cicd.lab.wlan.tip.build:16007 \
+  --set owls.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owls-owls:17007 \
+  --set owls.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owlsui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=lsui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owlsui.ingresses.default.hosts={lsui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
+  --set owlsui.public_env_variables.REACT_APP_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owrrm.public_env_variables.SERVICECONFIG_PUBLICENDPOINT=https://rrm-${NAMESPACE}.cicd.lab.wlan.tip.build:16789 \
+  --set owrrm.services.owrrm.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=rrm-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set haproxy.service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$HAPROXY_SERVICE_DNS_RECORDS \
+  --set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$OWGW_SERVICE_DNS_RECORDS \
   ${EXTRA_VALUES_FLAGS[*]} \
-  -f _values.custom-${NAMESPACE}.yaml \
   --set-file owgw.certs."restapi-cert\.pem"=$CERT_LOCATION \
   --set-file owgw.certs."restapi-key\.pem"=$KEY_LOCATION \
   --set-file owgw.certs."websocket-cert\.pem"=$CERT_LOCATION \

chart/environment-values/values.aws.yaml

@@ -15,11 +15,11 @@ owgwui:
   ingresses:
     default:
       enabled: true
-      className: alb
       annotations:
+        kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate
         alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
         alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
         external-dns.alpha.kubernetes.io/hostname: webui.cicd.lab.wlan.tip.build # TODO change FQDN
@@ -65,11 +65,11 @@ owprovui:
   ingresses:
     default:
       enabled: true
-      className: alb
       annotations:
+        kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate
         alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
         alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
         external-dns.alpha.kubernetes.io/hostname: provui.cicd.lab.wlan.tip.build # TODO change FQDN
@@ -99,7 +99,8 @@ haproxy:
       service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
       service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080"
       service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate
       service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009,16007"
       service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
-      external-dns.alpha.kubernetes.io/hostname: "gw.cicd.lab.wlan.tip.build,sec.cicd.lab.wlan.tip.build,fms.cicd.lab.wlan.tip.build,prov.cicd.lab.wlan.tip.build,rtty.cicd.lab.wlan.tip.build,sub.cicd.lab.wlan.tip.build,analytics.cicd.lab.wlan.tip.build" # TODO change FQDNs
+      external-dns.alpha.kubernetes.io/hostname: "gw.cicd.lab.wlan.tip.build,sec.cicd.lab.wlan.tip.build,fms.cicd.lab.wlan.tip.build,prov.cicd.lab.wlan.tip.build,rtty.cicd.lab.wlan.tip.build,sub.cicd.lab.wlan.tip.build,analytics.cicd.lab.wlan.tip.build,rrm.cicd.lab.wlan.tip.build" # TODO change FQDNs
 

chart/environment-values/values.base.insecure.yaml

@@ -52,6 +52,22 @@ owsub:
     openwifi.system.uri.private: http://owsub-owsub:17006
     openwifi.system.uri.ui: http://localhost
 
+owrrm:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+    KAFKACONFIG_BOOTSTRAPSERVER: kafka:9092
+    DATABASECONFIG_SERVER: owrrm-mysql:3306
+    DATABASECONFIG_DBNAME: owrrm
+    DATABASECONFIG_DATARETENTIONINTERVALDAYS: "1"
+
+  secret_env_variables:
+    DATABASECONFIG_USER: root
+    DATABASECONFIG_PASSWORD: openwifi
+
+  mysql:
+    enabled: true
+    fullnameOverride: "owrrm-mysql"
+
 owgwui:
   public_env_variables:
     REACT_APP_UCENTRALSEC_URL: http://localhost:16001
@@ -61,35 +77,10 @@ owprovui:
     REACT_APP_UCENTRALSEC_URL: http://localhost:16001
 
 kafka:
-  volumePermissions:
-    enabled: true
-  commonAnnotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+  heapOpts: -Xmx512m -Xms512m
   readinessProbe:
     initialDelaySeconds: 45
   livenessProbe:
     initialDelaySeconds: 60
-  kraft:
-    enabled: true
-  heapOpts: -Xmx1024m -Xms1024m
   zookeeper:
-    enabled: false
-  controller:
-    replicaCount: 1
-    extraConfig: |-
-      maxMessageBytes = 1048588
-      offsets.topic.replication.factor = 1
-      transaction.state.log.replication.factor = 1
-    extraEnvVars:
-      - name: ALLOW_PLAINTEXT_LISTENER
-        value: "yes"
-  listeners:
-    client:
-      protocol: PLAINTEXT
-      containerPort: 9092
-    controller:
-      protocol: "PLAINTEXT"
-  broker:
-    persistence:
-      size: 20Gi
-    replicaCount: 0
+    heapSize: 256

chart/environment-values/values.base.secure.yaml

@@ -298,6 +298,22 @@ owsub:
           secret:
             secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
 
+owrrm:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+    KAFKACONFIG_BOOTSTRAPSERVER: kafka:9092
+    DATABASECONFIG_SERVER: owrrm-mysql:3306
+    DATABASECONFIG_DBNAME: owrrm
+    DATABASECONFIG_DATARETENTIONINTERVALDAYS: "1"
+
+  secret_env_variables:
+    DATABASECONFIG_USER: root
+    DATABASECONFIG_PASSWORD: openwifi
+
+  mysql:
+    enabled: true
+    fullnameOverride: "owrrm-mysql"
+
 owgwui:
   public_env_variables:
     REACT_APP_UCENTRALSEC_URL: https://localhost:16001
@@ -307,45 +323,13 @@ owprovui:
     REACT_APP_UCENTRALSEC_URL: https://localhost:16001
 
 kafka:
-  volumePermissions:
-    enabled: true
-  commonAnnotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-  #resources:
-  #  requests:
-  #    cpu: 100m
-  #    memory: 512Mi
-  #  limits:
-  #    cpu: 500m
-  #    memory: 1Gi
+  heapOpts: -Xmx512m -Xms512m
   readinessProbe:
     initialDelaySeconds: 45
   livenessProbe:
     initialDelaySeconds: 60
-  kraft:
-    enabled: true
-  heapOpts: -Xmx1024m -Xms1024m
   zookeeper:
-    enabled: false
-  controller:
-    replicaCount: 1
-    extraConfig: |-
-      maxMessageBytes = 1048588
-      offsets.topic.replication.factor = 1
-      transaction.state.log.replication.factor = 1
-    extraEnvVars:
-      - name: ALLOW_PLAINTEXT_LISTENER
-        value: "yes"
-  listeners:
-    client:
-      protocol: PLAINTEXT
-      containerPort: 9092
-    controller:
-      protocol: "PLAINTEXT"
-  broker:
-    persistence:
-      size: 20Gi
-    replicaCount: 0
+    heapSize: 256
 
 restapiCerts:
   enabled: true

chart/environment-values/values.custom.tpl.yaml

@@ -1,132 +0,0 @@
-owgw:
-  services:
-    owgw:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: gw-${NAMESPACE}.${DOMAIN}
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: ${CERTIFICATE_ARN}
-  configProperties:
-    openwifi.fileuploader.host.0.name: gw-${NAMESPACE}.${DOMAIN}
-    rtty.server: gw-${NAMESPACE}.${DOMAIN}
-    openwifi.system.uri.public: https://gw-${NAMESPACE}.${DOMAIN}:16002
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owgw-owgw:17002
-    openwifi.system.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-    iptocountry.ipinfo.token: "${IPTOCOUNTRY_IPINFO_TOKEN}"
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-owsec:
-  configProperties:
-    authentication.default.username: "${OWGW_AUTH_USERNAME}"
-    authentication.default.password: "${OWGW_AUTH_PASSWORD}"
-    openwifi.system.uri.public: https://sec-${NAMESPACE}.${DOMAIN}:16001
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsec-owsec:17001
-    openwifi.ystem.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-    mailer.sender: "sec-${NAMESPACE}@${DOMAIN}"
-    mailer.enabled: $MAILER_ENABLED
-    mailer.username: "$MAILER_USERNAME"
-    mailer.password: "$MAILER_PASSWORD"
-  services:
-    owsec:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: sec-${NAMESPACE}.${DOMAIN}
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: ${CERTIFICATE_ARN}
-owfms:
-  configProperties:
-    s3.secret: "${OWFMS_S3_SECRET}"
-    s3.key: "${OWFMS_S3_KEY}"
-    openwifi.system.uri.public: https://fms-${NAMESPACE}.${DOMAIN}:16004
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owfms-owfms:17004
-    openwifi.system.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-  services:
-    owfms:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: fms-${NAMESPACE}.${DOMAIN}
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: ${CERTIFICATE_ARN}
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-owprov:
-  services:
-    owprov:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: prov-${NAMESPACE}.${DOMAIN}
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: ${CERTIFICATE_ARN}
-  configProperties:
-    openwifi.system.uri.public: https://prov-${NAMESPACE}.${DOMAIN}:16005
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owprov-owprov:17005
-    openwifi.system.uri.ui: https://provui-${NAMESPACE}.${DOMAIN}
-    iptocountry.ipinfo.token: "${IPTOCOUNTRY_IPINFO_TOKEN}"
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-owgwui:
-  ingresses:
-    default:
-      hosts:
-      - webui-${NAMESPACE}.${DOMAIN}
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: webui-${NAMESPACE}.${DOMAIN}
-        alb.ingress.kubernetes.io/certificate-arn: ${CERTIFICATE_ARN}
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://sec-${NAMESPACE}.${DOMAIN}:16001
-owprovui:
-  ingresses:
-    default:
-      hosts:
-      - provui-${NAMESPACE}.${DOMAIN}
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: provui-${NAMESPACE}.${DOMAIN}
-        alb.ingress.kubernetes.io/certificate-arn: ${CERTIFICATE_ARN}
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://sec-${NAMESPACE}.${DOMAIN}:16001
-owanalytics:
-  services:
-    owanalytics:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: analytics-${NAMESPACE}.${DOMAIN}
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: ${CERTIFICATE_ARN}
-  configProperties:
-    openwifi.system.uri.public: https://analytics-${NAMESPACE}.${DOMAIN}:16009
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owanalytics-owanalytics:17009
-    openwifi.system.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-owsub:
-  services:
-    owsub:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: sub-${NAMESPACE}.${DOMAIN}
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: ${CERTIFICATE_ARN}
-  configProperties:
-    openwifi.system.uri.public: https://sub-${NAMESPACE}.${DOMAIN}:16006
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsub-owsub:17006
-    openwifi.system.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-clustersysteminfo:
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-  secret_env_variables:
-    OWSEC_NEW_PASSWORD: "${OWSEC_NEW_PASSWORD}"
-owls:
-  services:
-    owls:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: ls-${NAMESPACE}.${DOMAIN}
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: ${CERTIFICATE_ARN}
-  configProperties:
-    openwifi.system.uri.public: https://ls-${NAMESPACE}.${DOMAIN}:16007
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owls-owls:17007
-    openwifi.system.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-owlsui:
-  ingresses:
-    default:
-      hosts:
-      - lsui-${NAMESPACE}.${DOMAIN}
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: lsui-${NAMESPACE}.${DOMAIN}
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: ${CERTIFICATE_ARN}
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://sec-${NAMESPACE}.${DOMAIN}:16001
-haproxy:
-  service:
-    annotations:
-      external-dns.alpha.kubernetes.io/hostname: "$HAPROXY_SERVICE_DNS_RECORDS"
-      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: ${CERTIFICATE_ARN}

chart/environment-values/values.openwifi-qa.disable-radiusproxy.yaml

@@ -1,7 +0,0 @@
-owgw:
-  configProperties:
-    radius.proxy.enable: "false"
-    radius.proxy.accounting.port: 1813
-    radius.proxy.authentication.port: 1812
-    radius.proxy.coa.port: 3799
-    radsec.keepalive: 120

chart/environment-values/values.openwifi-qa.owls-enabled.yaml

@@ -1,21 +1,43 @@
-# This helm values file is to be used when OWLS is run in the same namespace.
 owgw:
+  services:
+    owgw:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002"
+
   configProperties:
     simulatorid: 53494D020202
-    storage.type.postgresql.maxsessions: 120
-    # this actually disables websocket logging:
-    logging.websocket: true
+    storage.type: postgresql
+    storage.type.postgresql.host: owgw-pgsql
+    storage.type.postgresql.database: owgw
+    storage.type.postgresql.username: owgw
+    storage.type.postgresql.password: owgw
+    openwifi.certificates.allowmismatch: "true"
 
   resources:
     requests:
       cpu: 2000m
-      memory: 3Gi
+      memory: 3000Mi
     limits:
       cpu: 2000m
-      memory: 5Gi
+      memory: 3000Mi
+
+  postgresql:
+    enabled: true
+    fullnameOverride: owgw-pgsql
+
+    postgresqlDatabase: owgw
+    postgresqlUsername: owgw
+    postgresqlPassword: owgw
 
 owls:
   enabled: true
+
   services:
     owls:
       type: LoadBalancer
@@ -24,6 +46,7 @@ owls:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16107"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16007,17007"
         external-dns.alpha.kubernetes.io/ttl: "60"
 
@@ -92,6 +115,7 @@ owls:
       - name: config
         mountPath: /owls-data/owls.properties
         subPath: owls.properties
+        # Template below will be rendered in template
         volumeDefinition: |
           secret:
             secretName: {{ include "owls.fullname" . }}-config
@@ -105,6 +129,7 @@ owls:
         volumeDefinition: |
           secret:
             secretName: {{ include "owls.fullname" . }}-certs-cas
+      # Change this if you want to use another volume type
       - name: persist
         mountPath: /owls-data/persist
         volumeDefinition: |
@@ -123,12 +148,13 @@ owls:
           secret:
             secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
 
-
 owlsui:
   enabled: true
+
   services:
     owlsui:
       type: NodePort
+
   ingresses:
     default:
       enabled: true
@@ -136,6 +162,7 @@ owlsui:
         kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
         alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
         alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
         external-dns.alpha.kubernetes.io/ttl: "60"

chart/environment-values/values.openwifi-qa.owls-external.yaml

@@ -1,51 +0,0 @@
-# This helm values file is to be used when OWLS is run externally.
-owgw:
-  configProperties:
-    # done by default for owgw now:
-    #simulatorid: 53494D020202
-    # on a host with more CPUs you may need to bump this up from default of 64
-    storage.type.postgresql.maxsessions: 120
-    # this actually disables websocket logging:
-    logging.websocket: true
-    # consider lowering the # of days to keep archives in the database
-    #archiver.db.0.name = healthchecks
-    #archiver.db.0.keep = 1
-    #archiver.db.1.name = statistics
-    #archiver.db.1.keep = 1
-    #archiver.db.2.name = devicelogs
-    #archiver.db.2.keep = 1
-    #archiver.db.3.name = commandlist
-    #archiver.db.3.keep = 1
-
-  resources:
-    requests:
-      cpu: 2000m
-      memory: 3Gi
-    limits:
-      cpu: 2000m
-      memory: 5Gi
-
-owprov:
-  resources:
-    requests:
-      cpu: 10m
-      memory: 200Mi
-    limits:
-      cpu: 100m
-      memory: 4Gi
-
-# Postgres tuning for larger # of APs
-#postgresql:
-#  primary:
-#    resourcesPreset: large
-#    persistence:
-#      size: 120Gi
-
-#kafka:
-#  controller:
-#    persistence:
-#      size: 80Gi
-#    extraConfig: |-
-#      # consider tuning this as otherwise kafka storage may be exceeded quickly
-#      # the default is 1 week!
-#      logRetentionHours = 24

chart/environment-values/values.openwifi-qa.separate-lbs.yaml

@@ -7,8 +7,8 @@ owgw:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002,5913"
-        service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002,5912,5913"
 
 owsec:
   services:
@@ -19,8 +19,8 @@ owsec:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16101"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16001,17001"
-        service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true
 
 owfms:
   services:
@@ -31,8 +31,8 @@ owfms:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16104"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004"
-        service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true
 
 owprov:
   services:
@@ -43,8 +43,8 @@ owprov:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16105"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16005,17005"
-        service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true
 
 owanalytics:
   services:
@@ -55,8 +55,8 @@ owanalytics:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16109"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16009,17009"
-        service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true
 
 owsub:
   services:
@@ -67,8 +67,8 @@ owsub:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16106"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16006,17006"
-        service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true
 
 haproxy:
   enabled: false

chart/environment-values/values.openwifi-qa.single-external-db.yaml

@@ -1,8 +1,7 @@
 owgw:
   configProperties:
-    simulatorid: 53494D020202
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql
+    storage.type.postgresql.host: pgsql-pgpool
     storage.type.postgresql.database: owgw
     storage.type.postgresql.username: owgw
     storage.type.postgresql.password: owgw
@@ -10,7 +9,7 @@ owgw:
 owsec:
   configProperties:
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql
+    storage.type.postgresql.host: pgsql-pgpool
     storage.type.postgresql.database: owsec
     storage.type.postgresql.username: owsec
     storage.type.postgresql.password: owsec
@@ -18,7 +17,7 @@ owsec:
 owfms:
   configProperties:
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql
+    storage.type.postgresql.host: pgsql-pgpool
     storage.type.postgresql.database: owfms
     storage.type.postgresql.username: owfms
     storage.type.postgresql.password: owfms
@@ -26,7 +25,7 @@ owfms:
 owprov:
   configProperties:
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql
+    storage.type.postgresql.host: pgsql-pgpool
     storage.type.postgresql.database: owprov
     storage.type.postgresql.username: owprov
     storage.type.postgresql.password: owprov
@@ -34,7 +33,7 @@ owprov:
 owanalytics:
   configProperties:
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql
+    storage.type.postgresql.host: pgsql-pgpool
     storage.type.postgresql.database: owanalytics
     storage.type.postgresql.username: owanalytics
     storage.type.postgresql.password: owanalytics
@@ -42,44 +41,15 @@ owanalytics:
 owsub:
   configProperties:
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql
+    storage.type.postgresql.host: pgsql-pgpool
     storage.type.postgresql.database: owsub
     storage.type.postgresql.username: owsub
     storage.type.postgresql.password: owsub
 
-postgresql:
+postgresql-ha:
   enabled: true
   initDbScriptSecret:
     enabled: true
-    initdbScriptsSecret: tip-openwifi-initdb-scripts
-  volumePermissions:
-    enabled: true
-  global:
-    postgresql:
-      auth:
-        postgresPassword: postgres
-  auth:
-    postgresPassword: postgres
-  primary:
-    # TODO: tweak this next major release - 8Gi default is a bit too low
-    #persistence:
-    #  size: 30Gi
-    # Consider using this resource model for small installations
-    #resourcesPreset: medium
-    extendedConfiguration: |-
-      max_connections = 550
-      shared_buffers = 128MB
-    initdb:
-      scriptsSecret: tip-openwifi-initdb-scripts
-    # Consider using this disk size for small installations
-    #persistence:
-    #  size: 30Gi
-
-postgresql-ha:
-  enabled: false
-  initDbScriptSecret:
-    enabled: false
-    initdbScriptsSecret: tip-openwifi-initdb-scripts
   pgpool:
     adminPassword: admin
     resources:
@@ -91,12 +61,11 @@ postgresql-ha:
         memory: 1024Mi
     initdbScriptsSecret: tip-openwifi-initdb-scripts
   postgresql:
-    replicaCount: 1
-    password: postgres
+    replicaCount: 1 # TODO change after tests
+    password: password
     postgresPassword: postgres
     repmgrPassword: repmgr
     maxConnections: 1000
-
     resources:
       requests:
         cpu: 250m

chart/environment-values/values.openwifi-qa.test-nodes.yaml

@@ -188,6 +188,21 @@ owsub:
         operator: "Exists"
         effect: "NoSchedule"
 
+owrrm:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+  mysql:
+    nodeSelector:
+      env: tests
+    tolerations:
+    - key: "tests"
+      operator: "Exists"
+      effect: "NoSchedule"
+
 kafka:
   nodeSelector:
     env: tests

chart/environment-values/values.openwifi-qa.yaml

@@ -17,20 +17,20 @@ owgw:
       cpu: 2000m
       memory: 2Gi
 
-#  securityContext:
-#    sysctls:
-#    - name: net.ipv4.tcp_keepalive_intvl
-#      value: "5"
-#    - name: net.ipv4.tcp_keepalive_probes
-#      value: "2"
-#    - name: net.ipv4.tcp_keepalive_time
-#      value: "45"
+  securityContext:
+    sysctls:
+    - name: net.ipv4.tcp_keepalive_intvl
+      value: "5"
+    - name: net.ipv4.tcp_keepalive_probes
+      value: "2"
+    - name: net.ipv4.tcp_keepalive_time
+      value: "45"
 
   podAnnotations:
     cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
 
-#  podSecurityPolicy:
-#    enabled: true
+  podSecurityPolicy:
+    enabled: true
 
   certs:
     restapi-ca.pem: |
@@ -56,277 +56,55 @@ owgw:
       L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
       5IOM7ItsRmen6u3qu+JXros54e4juQ==
       -----END CERTIFICATE-----
-    # Generated: Wed  4 Mar 2026 09:38:33 EST
-    # TIP_Issuing_CA.pem
-    # TIP_Root_CA.pem
-    # OpenLAN_Demo_Birth_CA.pem
-    # OpenLAN_Demo_Controller_CA.pem
-    # OpenLAN_Demo_Operating_CA.pem
-    # OpenLAN_Demo_Root_CA.pem
-    # OpenLAN_Prod_Birth_Issuing_CA.pem
-    # OpenLAN_Prod_Device_Issuing_CA.pem
-    # OpenLAN_Prod_Root_CA.pem
-    # OpenLAN_Prod_Server_Issuing_CA.pem
     clientcas.pem: |
       -----BEGIN CERTIFICATE-----
-      MIIGBjCCA+6gAwIBAgICAxMwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3Bl
-      bkxBTiBSb290IENBMB4XDTI1MDUxNDA4NDcyNVoXDTQ1MDUxNDA5MTcyNVowIzEh
-      MB8GA1UEAwwYT3BlbkxBTiBCaXJ0aCBJc3N1aW5nIENBMIICIjANBgkqhkiG9w0B
-      AQEFAAOCAg8AMIICCgKCAgEAqkekr6rYqlnicopx8WgKhEUctfrMD3J8jC2YshEI
-      hlVFI6lRbA9EFjv1hq0BhXhOY52lwOTOQtIgdn7HNcViSoiKqrVBYRskbhVqIA+7
-      nPhwB/4BYYZnbzCELjROHnMn/drFScNUaUvf+EDh9WmO4vZHD5xstK729RDZE51n
-      vLlFwe5O4ckekPH17r4WojoVSczkXXRhKJXV3GXdrA/epoIUn0poUM6bCjddiEbJ
-      NPknqqkS8Z9a8GYt2IX33kZD3NdHjTQRnMd7g+xroJiQ/faZ9zc0ul6l85sl1G43
-      AqriEI2aOWYhSxY7sDleuy5ggz8UA5lR6/z6ZIR8IfMSJag8aVkvxt51Gx2aDaVu
-      PixyMFoXyhKQPSP+cL3rzSF/767iXqINw4oOb83Jy77Ocwgp2cfW06KI4l4CTymy
-      83wCBEZ6pvLmjCmbz0DIg7V7yGPGjEePNyxYG0sM+aHQEpJnaib2yza9adiXlJ4s
-      M+UEMnLjEu0i8Xy15hvItgo7FYTZgWh89LIhE63HDk6qteV836K2oL9PWtVUEg9v
-      pElapnq+v+8BUsvmY6Nr8eYeAnCPyW2e49a91/vCP8B1Ydbe5ms3mYcGO3Kdx/k5
-      QWLquKnt5ZAeJ2werO/8mUabq8eyt4EH9tZzDKJvV/xbmhluKmamfSg4GHCpOUl1
-      +IcCAwEAAaOCAUswggFHMB8GA1UdIwQYMBaAFJRoW6g4+ThAsHJk/juSPinUhsIm
-      MB0GA1UdDgQWBBRO5RI5Dr0FesZ3+QQ9ugAapLBaeDAOBgNVHQ8BAf8EBAMCAYYw
-      EgYDVR0TAQH/BAgwBgEB/wIBADBHBgNVHR8EQDA+MDygOqA4hjZodHRwOi8vY3Js
-      LmNlcnRpZmljYXRlcy5vcGVuLWxhbi5vcmcvb3BlbmxhbnJvb3RjYS5jcmwwgZcG
-      CCsGAQUFBwEBBIGKMIGHMEQGCCsGAQUFBzAChjhodHRwOi8vY2VydHMuY2VydGlm
-      aWNhdGVzLm9wZW4tbGFuLm9yZy9vcGVubGFucm9vdGNhLmNlcjA/BggrBgEFBQcw
-      AYYzaHR0cDovL29jc3AuY2VydGlmaWNhdGVzLm9wZW4tbGFuLm9yZy9vcGVubGFu
-      cm9vdGNhMA0GCSqGSIb3DQEBCwUAA4ICAQBQq28kQUcK88zs5YzZ3b6Y3t77yrSF
-      lZLWsbNE/KVlvEuTIrtkRMX9PAC4tRjOpV0oxp6NdrqUKJ35gt4EKjw1vbtyXZD0
-      VQwimBv1qapZEuNe5lwNssyySAnXxUIyhCV6QVD4G9vmRPzNVtIwssjffVPjjpZ9
-      LBQdliOG3FBbcCWGuRiUMysVxHxdO2rokoFuO1ye+oURrqe9zeDtE0k9QNzAi36F
-      FhuWYQnn+2QHfTX58cpMb1Aql3yTO/pz5fQRUF/hmfTuuk+dLlkWoem55oRGfMVL
-      coAnW3We251iEawqrR9ZDgcIWlmloZFSNylpZ/iIZOIQdYFqreRo0DiSZG4kPxcW
-      RKQTSJ9F3v2j0BZan2xxaSE1tJ54IJUPUND/O6ITVQLfexVLIggRfeIAsURdhPn9
-      1KUrZu3HoIYX6kcpuhl++BQgOx3qr6RomAVDhXSGRVRQ2B76N0N1ZC+mEEhJUYbb
-      0DlZntDp7q2ZDzn6gFYOnrGhoXe55Yrx8c45wMOBZmz0Q6xzc0jydgZoAG9/20l8
-      6S9G2j+UuMYRBCSzouILsGwTloU7XR3qIuO2WbYcG+UV0o/3lVOkAk5992HPG7DT
-      hZ1qNe72WFHmtKVwfYJTcQG/TucWFvplUE3hMDMqS80tmx9TrXiRdI4R5IrTxfsS
-      znGN0LCQ5YzAAw==
+      MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
+      qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
+      yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
+      4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
+      ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
+      UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
+      YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+      DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
+      98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
+      BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
+      AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
+      cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
+      ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
+      KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
+      IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
+      XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
+      IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
+      DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
+      EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
       -----END CERTIFICATE-----
       -----BEGIN CERTIFICATE-----
-      MIIGBzCCA++gAwIBAgICBAYwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3Bl
-      bkxBTiBSb290IENBMB4XDTI1MDUxNDA4NTQwNVoXDTQ1MDUxNDA5MjQwNVowJDEi
-      MCAGA1UEAwwZT3BlbkxBTiBEZXZpY2UgSXNzdWluZyBDQTCCAiIwDQYJKoZIhvcN
-      AQEBBQADggIPADCCAgoCggIBALrPh3nxxKWaPQbcQeZdihRrGwJNYgdrzz/YAsss
-      EbKXYKAOwb/EJKSv52eUysI59lcvfJrsqn4wyUaXQvgYxJUatCSpmCCKEzftgudS
-      UAlPY8L/4qeqUvxz6CN3qiKivxQ31Z7SJTLgR7OTXxk5ckXHkc8QPB2GPWkU3BzV
-      RbBNKcVxwMK6JaZbB0ZlR6r1ImnLnsDUI0qkgSV8NBO7bJd1yvqfn04yc0/pIo+1
-      9uX/gh7AA0RsZeXw1SO3wCfUO5Cr65X+MW2T3LsbnBPbKOqHnF0YWJGx5RPOWVIS
-      wudAy4zlqdwPInrb4BCMkJUoZlRhhx7vvNmP9HwNwCp8+COjE77caAEAi+0VHamY
-      spu9IgDZCr5FmgHBMu9WiaWpB3RxxbFa6UdVl3sMzRFS6SEHhs6RCAXwQj7KiZLf
-      tb3UCRps5XMlhmjAApyDKsJEXKnd5cSpSYxCQQlOB9BCG6QVc6vQLdu/uq8X6Z+2
-      0EcP7NVyzMDgHdozp4jP+M4Sow6pv7KE4SZaBfpbgM+Ht22sYoBwMouRYbzSAhJS
-      8qBH+IiDqwMRWyox8TuhCsn9WJr9t6l8p3O1pUB0IccraUTVo7XydZWaprtrvMTf
-      RtudowCxea9Iz6md9zlqNZAQu2QNUpH9YQT408N02qukp2uaAGvQjbSfAtnWduTD
-      F6AbAgMBAAGjggFLMIIBRzAfBgNVHSMEGDAWgBSUaFuoOPk4QLByZP47kj4p1IbC
-      JjAdBgNVHQ4EFgQUVRP31JMaQoUd6psw0tjQpKbhmvUwDgYDVR0PAQH/BAQDAgGG
-      MBIGA1UdEwEB/wQIMAYBAf8CAQAwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL2Ny
-      bC5jZXJ0aWZpY2F0ZXMub3Blbi1sYW4ub3JnL29wZW5sYW5yb290Y2EuY3JsMIGX
-      BggrBgEFBQcBAQSBijCBhzBEBggrBgEFBQcwAoY4aHR0cDovL2NlcnRzLmNlcnRp
-      ZmljYXRlcy5vcGVuLWxhbi5vcmcvb3BlbmxhbnJvb3RjYS5jZXIwPwYIKwYBBQUH
-      MAGGM2h0dHA6Ly9vY3NwLmNlcnRpZmljYXRlcy5vcGVuLWxhbi5vcmcvb3Blbmxh
-      bnJvb3RjYTANBgkqhkiG9w0BAQsFAAOCAgEALMFsYRqB8NDMMWZV8NqbjNT5QA3Y
-      O3ODxYOuFC4NjSzUSh3Lh73f5+Ec4slQNFuOQeqhqFJaDAPIxUI5ekKtVjzmt7St
-      crbW1dE47+ZHkPXrWVRwRmlV1qP5TqS5oTH6dvpEpEcSxT/IKGQB1cwQ1C+Qp3dd
-      3rZnylXfL5dimIpKDGHYqiHyltktlv3uMWnQhUwrKjt2GW0TnF7bVJ0OJko7aDL7
-      wdY0TGUH9eLQOoz/a0e9sKSsqOxrq9grN7npbUHOr23CdQBnSjF1Q5dXKvza8kRj
-      +agDJW5h/fyBvZ5I4U6m4jFyUnAKso6Xd0+feejPCH7f6kYY+pT7NKO4dVqaRLrj
-      yDmtXGsMza6C0h8wBgYwg4d7jxTqOx6iJfJLyLGWKT94HeChiWOL2X0HpF+Gn9Uf
-      C7rtLO4QwQzGHdEGyFlw/pBTs6g3wTYVv7ZZfh8DJ9PIedqJmUdwMVE89ThEpu4Z
-      q1bFfqENwDmrj2erS3fweEY3G+w2m8f24tJiLWOW/hBRcR3fm+73C8svmtwVGo5Q
-      2i6yJxQ12Q42oa1sfsohr22J2NxotqbQz0gq1J9QparEJ5qUjMKkO9Rj3s24KW2t
-      E6WIb5d1WpIxownlqOgFE7FftxXmQdJNJ2t4XyUMWhwXbOxfc2RlLek0LtnHPA8N
-      hCFqyfjUtMPqafk=
-      -----END CERTIFICATE-----
-      -----BEGIN CERTIFICATE-----
-      MIIFFTCCAv2gAwIBAgICAxIwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3Bl
-      bkxBTiBSb290IENBMCAXDTI1MDUxNDA4NDcxMFoYDzIwNTUwNTE0MDg0NzEwWjAa
-      MRgwFgYDVQQDDA9PcGVuTEFOIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4IC
-      DwAwggIKAoICAQDGibJ04A55kSURTBSKgcBmLnND2I5wws1taKqqU9aaRhB7NtvM
-      Hwh2voH9b1brUiulZaZwTN/9kzd4AnXeKQ+0u5tV7Ofk0fzF2MK47n17TS30Yenq
-      c4NuQEKdpKK/pM3VvOEppR/bqtgyLtDmbDnmFOx+zTj/+smTgouwA+Iier0P4s5O
-      ohYxn/bjOqwQbHbU79VpGBIWv6/kt55AhH7zvsqqKHkrzTxnsRBv3SBIufrjJr9P
-      IhZBLDrqr56P6KgAi0eoutNt2ToiJbE0WfjU7GI1RSiSN5bGj1zXhjNVzQWs1H9Q
-      zRf3c9pl3+haHQZ7FZ1UqiTRewmbNrQ6I9k81au3SttUlb87MyAuDSzatkiq7CjQ
-      8VE1J6te6ZBt2zWpUhHsR/Lg7g3eOw5dL4oZJdK5GgGu/MUajLUXifIqM13Mvg0V
-      TzDhN69VLXLSL0gPcicsQCwJuAza1IC/VqmBGx19fAkyJhOurCXWOgisi0g1+xzP
-      KRphUNwMPUf8vBVOM/Vc6xDIvwVGE3+eWXyhixneFlSpAI03nWWjpwWXihTBoxbf
-      RXO3Y/ilJqrgFN+U4PJcCPA+Wo7ThH0mgX6bOTPcgXMUzT3v3FF6Bx5/PNV3kYrw
-      2yLzribUiS6AGvVGnW4hX2Z6OQvA/aHME8KF+6y6m4pC7FkUjVaRlzWu/wIDAQAB
-      o2MwYTAfBgNVHSMEGDAWgBSUaFuoOPk4QLByZP47kj4p1IbCJjAdBgNVHQ4EFgQU
-      lGhbqDj5OECwcmT+O5I+KdSGwiYwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
-      MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAB+/RUC2X6eVoPsFNMkaXO5Iib/ub0Jo
-      WhODQm8j2Mr5dpGXESSpXjfDcqDOLuJbWWoflXBLdr8BsVCBqOA9YgCX0H8Br7dU
-      WmCScixxLW0he592/424EvdwifxcKHZLjv9CKV5Txhqnm2djc5RY/nTH5MYVrIh/
-      If2TNO5ydDP6+vgy9GQ4en04VK7rz+PW17O8l7k9/lOmYptZmHgSDAPj/cT3PlG+
-      McqaI5rMSHeEHlzH+PvgWjtSeEhF4FwFBXroDl4/yb4l2JB8bqAZ3vsOXSkigFcZ
-      h5MXPe+zuSSW+G8iLr4xoi0CFsP2DaHEyxgqP4B1FtE9nFPo6cvWbwqTVT7QSzqf
-      H+jPJuQvpFXeRF5UFegNZTFT5/uFFPamihakFslEYxeJey1y+OJdLcP6ef87ruSt
-      8amsq56OAETYpnW4JFowlEh0C+QwLGHGGY6WrOgHY/90hJmPgXBdBVg/IoOhzbvk
-      5A+LqZDvxV2/rLNfClw8Kr3g5e8obcB6dWgMCy2z+us0H79ucnmhzQKsjpxM9T1n
-      cHovAQfiD3jVqfHULY53avh0wIAjosoTGbe8dyx80quHe+16qWan7C9idXeAYYJX
-      bZt5hs6hLw4I8M1LsjTg6vwsqiaHZpsmDyyQLdFjNJldG7aosfS9F+BIpuwijF+1
-      dashL0CPsbIJ
-      -----END CERTIFICATE-----
-      -----BEGIN CERTIFICATE-----
-      MIIGBzCCA++gAwIBAgICCQYwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3Bl
-      bkxBTiBSb290IENBMB4XDTI1MDUxNDA4NTY0MVoXDTQ1MDUxNDA5MjY0MVowJDEi
-      MCAGA1UEAwwZT3BlbkxBTiBTZXJ2ZXIgSXNzdWluZyBDQTCCAiIwDQYJKoZIhvcN
-      AQEBBQADggIPADCCAgoCggIBALSdJpzwPfQM9oHBGt6w8UDLDJNznxI7cpfl0u0x
-      VCHN1YY7onpwxFVkFRzUx/JrQ/tbEGZH19XtngaCZ91KbGbqVao9S32H0tyn2t3e
-      TJ5h+klJ7+7YAbZr8UfOi3nG4bZzNSa5dDBPaNPvI51byKDN7siXXnALV3f0l6lZ
-      gDpLQco/E7ANU3lslUVjVNALfFUEonDyP7XV+lFAyidpjIn6dRn7oYs3SUwkzZUn
-      tYJAhAykmxXMWox+85gDkdb+2O3G8ci0uHVbb0A9LP+MeIhzxHgnnAMfWLfEZexd
-      mEd2PwVHaz/D2Xp/gYrpPDTsbqWjQ9NmgdASwqN5j8BuJ8vHDVBVCztVDltm6JPw
-      3Y6GQPN1LmiSLUzst7VYpydUJRDHYIAKJhT9DYxQ126VfiyMo6Xl4IQO8YZ/J6r8
-      yR7gyvyUiBW+wvvC1bCY5+VuI4P/cY+6iA1qwC1SOWjYlccy+tbfGj9zr32Qf27e
-      9RXSAkcATHen1rc/9AGEeAuSpKrzhmZIIvM4+EtYgbBvf91NkP51zbGpvsAbfWN/
-      ecNmqH9SeyrrVgv68Z34hMijCcvJNyIvloo3nkb/gHYV4tAiwTTrX13Rio/8qNF4
-      nwHLsjw0t7jEyRiXdOciePyhGbtdicuiUxrShzbGY7ID0yNwyTKcJYhorL/8r+YF
-      psXrAgMBAAGjggFLMIIBRzAfBgNVHSMEGDAWgBSUaFuoOPk4QLByZP47kj4p1IbC
-      JjAdBgNVHQ4EFgQUBwUkiaCh5hdY+ZH6O8NmEE/nH5EwDgYDVR0PAQH/BAQDAgGG
-      MBIGA1UdEwEB/wQIMAYBAf8CAQAwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL2Ny
-      bC5jZXJ0aWZpY2F0ZXMub3Blbi1sYW4ub3JnL29wZW5sYW5yb290Y2EuY3JsMIGX
-      BggrBgEFBQcBAQSBijCBhzBEBggrBgEFBQcwAoY4aHR0cDovL2NlcnRzLmNlcnRp
-      ZmljYXRlcy5vcGVuLWxhbi5vcmcvb3BlbmxhbnJvb3RjYS5jZXIwPwYIKwYBBQUH
-      MAGGM2h0dHA6Ly9vY3NwLmNlcnRpZmljYXRlcy5vcGVuLWxhbi5vcmcvb3Blbmxh
-      bnJvb3RjYTANBgkqhkiG9w0BAQsFAAOCAgEAqEk5ZJdpMVr2U0YhmqEU6gqxEeih
-      9MWKcQfmsT/lhf5m5V7VuLMc3r+EBCsPssw60umdQcAU2IPlJXLAeWwdRyY7ZNNw
-      QVgl9GBI/CM2b7x18+12/llCdXW9FOagdChTuuhwRnGTt71jcrJkleQyEYhqwwIE
-      N82hxq4HSZO6XJDev4IsMRF00+qt8biJcf7OVGOSLoyiU6Dm/EzxoB+DZf3HdUc0
-      vzfVjD4Im+yYzqXuwWV6c9oIBQH6obzaqlpg926CtEBFR8E1LQe93ahMvF7pExpI
-      OkE5PTuqONvy7Xn3Ui8NRxHhmm8j/unql6bUTGENz9s68n8Im7weq6awC9Hfu8aG
-      WjcnXI7tsDY5uJEguP5fSwCUrdTE85XgPgPHeKaIwBZsyRZTqVSvbky+c15Yv6IT
-      XLWoA0AUxz9ste3WpqiWCNJVI90MCruSYKdpXGV0KU3QQXJDMKhHJBF5DLpuKibo
-      Ffh9O8pB7B4/tJ76JpAc6Z0rfaQUo2vxSpb3Sbd/IHNcL08zB8Ay+YUBULspxe+1
-      StKthmCzCHI9DOhIgeASyNBpcL7uZPjCXiYGhUuzsFGv4sQ+d267Jyvql/Piw/vY
-      g1k2aVBfdIoIU4TpIEVyQqPz4aAW+0SgL7OM+/zD9jxn3gVdusCpmHcoTzOfZRri
-      H0FGIeDSQydpOJU=
-      -----END CERTIFICATE-----
-      -----BEGIN CERTIFICATE-----
-      MIIFajCCA1KgAwIBAgICXQ4wDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3Bl
-      bkxBTiBEZW1vIFJvb3QgQ0EwHhcNMjUwMjIxMTUwMDAwWhcNNDUwMjIxMTUwMDAw
-      WjAgMR4wHAYDVQQDExVPcGVuTEFOIERlbW8gQmlydGggQ0EwggIiMA0GCSqGSIb3
-      DQEBAQUAA4ICDwAwggIKAoICAQDVWIyySul6Fv4wl1O+DQpaLRa0p+Az5L/jcqTp
-      dVf6w+8tlmeIY9C28uDQoDjewrIkvf3lcfK86nshs02s9ehqZUnEP8+GvKM19x3J
-      bWxeTvWwFirjHir4x897iQ606bAMbrHHtntI9ZyBZyXDGeElGJxJQNX+0d50SFq6
-      09cB3yxpBPJ67ag+4Oq0uHgROHjEQMrfwLwlAune0c1fjQDrN14PDNjMZHvvhc/p
-      kAHxR1PP6LOFNV5NuQ58tC5N7R2EqqFbIJ8VZgcagrGRYuAuFFTaV+D7RIt9xGTu
-      WlCyxHI7VkRBJ1mRoEr4GOrP9QFjBD8NzNK+/wnR/fZwhpEnRsgHiI33wKHBDg+l
-      3r8tvRzuB5X6Gl/SfuAeaoCuDHMncTjQg1zGhyEwjQhUe4RY3w+yHAjeeOE6c5sp
-      OMDDdaBibkzLmSjXztuLeAdzsUcD3fvGeOvh9vG14TKEmF8puNkqEcc0W8NyUWKF
-      dr9umdJEMbaRSSsMGtp8bDj3Ddh4PhEJrIFeo89+HwXhU6sk+wzE9BULTohahsfw
-      OV/08t1cZ3Q04Oj1KI+4YWu8BJns5gX35rQ8GIbkXQwfvFMwqmbg+ij2o9HWdkSL
-      4bcqW/83Ho+31ce210rVGPK9cav0CjA2Eexgxi45cbgnfoade74Qa5zXboJEBmp7
-      rbo4swIDAQABo4GuMIGrMB8GA1UdIwQYMBaAFDzIg8eyTI3xc4A2R60f8HanhBZD
-      MB0GA1UdDgQWBBS5xC3inqLQl+vxzn9PsjNzlZ5hYDAOBgNVHQ8BAf8EBAMCAQYw
-      EgYDVR0TAQH/BAgwBgEB/wIBADBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vZGVt
-      by5jZXJ0aWZpY2F0ZS5maS9jcmwvT3BlbkxBTkRlbW9Sb290Q0EuY3JsMA0GCSqG
-      SIb3DQEBCwUAA4ICAQC0UUiTX/BpfbjxnTxQfWgK8cMS0opr9AA7Ta1ZAqu/wJpb
-      pSEbcd41YkLDfL+aXOV3RU3sO8VSrnvGe1r5ikF3y2DOmegLBury1K05WPASjn2i
-      8wioE3O0JtesijnX1tUlFYqpdX3+XSoHmRV1L6O2tptiACSLcx42uBtGI7Fhsfby
-      2yv9VNkMiW59bcAlex2higrnIfGcbA7Fgx3REKe1fN6Q4nxIXC/VLm8nRr8g3g4w
-      rIkcly/PgfsMHF+FXGXWl3D/4v6HMV5nm1PPMPvSp5f9G2ftx+zBw5qQbVSoOmxZ
-      1a5XzBhrqCnKXPpn2v8FQJ+Nk7FcgmtCURL7BUlm2cnZg+pgXpacQo9nN9uMoMI9
-      yCrHRa+sTsfL5+Ar4sMqkNJVXsRBv57ls7wr2Bix9Mla+9zGAFK7Yg9UPpjlzGZ4
-      BpiGdNqJcX6a1bIjDe66Pah2P/O8riSX4UMf8ypPsO4h9KNM+XIjQw2VtpEoLNTF
-      6AqyvrrWfsJwGdXSg+GpNPJ1Gsu1Y6ataMGvsrot6OxTrg+TpUMuacfwc8zN7+JI
-      2XO+PgAf9M1URMYar5v8NKFQ4NX6lMUzNiJnIaoCnbd0zoh/Ui3cbpI46z3UHthw
-      qq3/VWS7WlXQZXJ2qNg6c4yEz8iUogod4B1p9badXZBSmpsEcY1m3NzE/OKYgA==
-      -----END CERTIFICATE-----
-      -----BEGIN CERTIFICATE-----
-      MIIFbzCCA1egAwIBAgICYwwwDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3Bl
-      bkxBTiBEZW1vIFJvb3QgQ0EwHhcNMjUwMjIxMTUwMDAwWhcNNDUwMjIxMTUwMDAw
-      WjAlMSMwIQYDVQQDExpPcGVuTEFOIERlbW8gQ29udHJvbGxlciBDQTCCAiIwDQYJ
-      KoZIhvcNAQEBBQADggIPADCCAgoCggIBAJauwpN+LAd/VubBpX3O3u/E5CXkmxLZ
-      di/F9zOTimAOPqfWP7K046TfbNj4twPYSzVzjawkenRkEK0yZQ1DOXmzkGWVnsih
-      gR/CA+IUUY1yCnmg6t9Dx9l5K0ZnAox90HO/ybIymcoSfRXhotuhle//eDNmGccd
-      XFsndvGdmxshaV1zN1h2POw7biCBZuypCzwvRitFfcpv3pdIk5xTt2G/yMbHPCNo
-      dUJHYHLWotridJIJ7DdhYoir5q+iSqWIqjKfDBlqCsvO7e+KidcW9ctljWspAHvl
-      B3/yHdJwJz816YTZ7r37I/DsXk9gmjj317gWRkGLMTx9fk6SiMfGW4kfUvClfg1v
-      0aRrDGPEcCagHM6ViqbW2+Tc5K38fySgNZKSTBPPI+59iAHd5RADEJDGankEYvzN
-      Le0sgB90RDjhTMleOpp5agtd2Yk/ZVjHtKfCnq13OLJfcgX76iY1Ko6AmKqiaxiE
-      V2zi9/UFVTIURT8S7JgiwF4ZNIZzHmcr4R4n5O7aSgYUlVjwFp/IEMC3ylTAX8cP
-      d4VW0p1f4D3HK7TRcaaqsERuxNh2KVtR48Au2MPGC/8YRKsz/qzH2GfsfFgjKxfF
-      z/mZYOA7913DvgVbDQoR9/6odGXZH0XDwH1e1w59dqbXBnIv2VVzElgZsPimIr+M
-      UxlZXZHMYtL3AgMBAAGjga4wgaswHwYDVR0jBBgwFoAUPMiDx7JMjfFzgDZHrR/w
-      dqeEFkMwHQYDVR0OBBYEFKqr/2rLqvEtxLDRsPCJ1L8WMr7VMA4GA1UdDwEB/wQE
-      AwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6
-      Ly9kZW1vLmNlcnRpZmljYXRlLmZpL2NybC9PcGVuTEFORGVtb1Jvb3RDQS5jcmww
-      DQYJKoZIhvcNAQELBQADggIBAAmSU3aAV3YrPk9F4yaatF2H3E9PTZ/G/3kuJhBR
-      Oag4trkewFoII+O0YQ2enqYeZ6AncGVRWeI1R2TmN8lpsBSG0IXQ8dhO9gCwSyxF
-      Rito63OjZEaqbLY+1xs4ybkfHKnQ6wGOxDiDMY84kr/UbhpPgHDIufO3FWCp6ucu
-      chN67J0hAMfiMbeQ5BZ3LLG2/To0Zl9S5L8C696YlSdBvp0V64vkXYxfAaIoHYEu
-      coatg8hgSuugRN/eiOH2ppYShQXNGJvysi/DBtxZecStVJ8SGhWHhP3uM/9TiSfC
-      ZCWp3xj65q1hWg0FgvQKDxaa3Qqq6r4/z7cbBI9Tg0VMJnIvhWTsLCssFzoqEvfL
-      g53+kbZbQkJAJ4qEirPopKeTBgnm6pEeA5YOTp+bBSgPKNx7G1sT94+LO819aIXt
-      ezP4AaO3cW6EomXojMyZl46NcUU3ZnL1AxbtWa9H4TdnBtYG2ewntCXkrqSuRry6
-      lhgRZh6q9SDyKW6qjTN2/u91MgoRBndXfsCGX825yxKL0beFCpHFeG3r40zWB3xl
-      s5zf/Ny7ZMp5gtVQOlmlN29HHN+Hzzhook8VrXLk5GXHQM0anfTffCHpw0UIivpA
-      wJE9bOfha3mTd8LHXOP0OFH6OlqKNX943hQdblsOIVNNbxz3OfQm/ybNcHDUhlWV
-      RDdm
-      -----END CERTIFICATE-----
-      -----BEGIN CERTIFICATE-----
-      MIIFbjCCA1agAwIBAgICcp4wDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3Bl
-      bkxBTiBEZW1vIFJvb3QgQ0EwHhcNMjUwMjIxMTUwMDAwWhcNNDUwMjIxMTUwMDAw
-      WjAkMSIwIAYDVQQDExlPcGVuTEFOIERlbW8gT3BlcmF0aW5nIENBMIICIjANBgkq
-      hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4Q5dx+CWyaPxOlAGUC462FgnO4umYEqF
-      LQCuK31kgg0tBbbfaq0XApUnjH5IOMI1IGtYgZmm48q1noHaRwk4WFxxvr/dyS51
-      hAEa2GFb2S3pkG7VXAF/XYv33yyfM+1K0tyZPRm9tbBShUIfflGFjnrSwxkNhoOH
-      IIOVXxCHLBD/Aor74JAkEGtkIo30FPx2vQ+fg4rnQsm9aSffgWwWua7T590tnSMG
-      ljDMm++nCQIgONFQC7RQXeL0Ruu14FxB639oJxPmwDQhD/R5zQz/wFBhinjHuzYl
-      i0bmxHevdDQluNUxf2lHwJRy6eC/TzdRFOgDUre9kzu929skgNouM0q0y/Rpz7QU
-      bd5s1i8JnKebAqADqMT8Yz1Hph0oCvOT0Dc2joxmjGh3loolWRKufKTVe431pvdv
-      iV/rAooOSnm5Htmd8ClOADudhrheX886cSd9Z5JKucHhW34Lf1ze7uj1LjxoTh3O
-      eo7XedhjmJYcQavpQlVRLTbbY/LJHegPtqJAIvQkrwtOpe05rShl06MxO9wj0BPJ
-      0PFp/MxJd0ESDV0EM9dxWIWgXwZftowPzfj3ai5OQEazpTr1IMRehsbCn3JEJ77N
-      hCqKPaZmRtKRD9e5cu0YiGfRddr7xaXiwtPGId/ZHsNUASbv7NMDdemRv3TiFwv4
-      z8OKCm8QeisCAwEAAaOBrjCBqzAfBgNVHSMEGDAWgBQ8yIPHskyN8XOANketH/B2
-      p4QWQzAdBgNVHQ4EFgQUe/uhewyjB6GNj5Dbq9s+I5mWexMwDgYDVR0PAQH/BAQD
-      AgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDov
-      L2RlbW8uY2VydGlmaWNhdGUuZmkvY3JsL09wZW5MQU5EZW1vUm9vdENBLmNybDAN
-      BgkqhkiG9w0BAQsFAAOCAgEAXiCsunaML25vERDeclBVvUGHviqTh6WOFgezHQc/
-      NGYl3yFEt2wn+XWjunjI+bfIhiG/98EJCqtT0X5hIn8NqiaGuMX+bI3bI3oIS9qF
-      qaUuIX0Vt4RrhFhiPkgk25BVCxtMu8XA7OGARz5kRWedTANPh8FRaGIu2yAgPpP1
-      Af6HAZYhwSMYm98Gp+9hN1yYDV8Yn58hVnWYEvJTDuaxlgbrsMZDfcGHJybZdNtZ
-      WdZaVDHYCcjnPtvg/++e0GWC9ePjFbKy56Xv5lUsq/kUIbUAMwuGQm+fWF8bjWmX
-      /251Ib1YlMp8MpLKofssN6WlcxE928djOyLZd0RLMRq7Uu15YCiImTax78cxptlu
-      2EkKcJenpfSawGJepSfMuGBgpPg5Ud9Z/tVsTUhEC0YSKKokt0+t4VuFWk8ug3GK
-      T6DMW0J7ajGNry5fxmIF/sDcFuY1q++y8aCL2I5BSf0Y9JM8N7BiB9w91qjVU6zM
-      T22ioz7OydYq6wBKCSqGghqbm0ZbRbj1+j08CzwC0HQX5xo0ZPipIstk+DMZLy30
-      ZerFlfzZSCNcpQsBJffE0mEA8D8+7u0MuyskrpUOGrJaAx0qt7BJpTlE8FGl41D9
-      +fzIUJcTh+3+PAD7VvraobiLRFN2PqpoZAPI/frdT+EJrDkKj/FLIsQiUxxAG9F0
-      Gvo=
-      -----END CERTIFICATE-----
-      -----BEGIN CERTIFICATE-----
-      MIIFIjCCAwqgAwIBAgICCOMwDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3Bl
-      bkxBTiBEZW1vIFJvb3QgQ0EwIBcNMjUwMjIxMTUwMDAwWhgPMjA1NTAyMjExNTAw
-      MDBaMB8xHTAbBgNVBAMMFE9wZW5MQU4gRGVtbyBSb290IENBMIICIjANBgkqhkiG
-      9w0BAQEFAAOCAg8AMIICCgKCAgEAyMTHKUp0lagm72Y4c8nrJkVcp7WUTjrsbrlp
-      ylLYUohac9UWM0KYBMymQw4gXMQXDIV1tCPM6J22Iv7vfOUTnaU4mlcJ85zEMWoN
-      gMknz/8nX+BBawFoqlK+AuIdT/RrCRCD7IlhmmPxhlrg2QV77NONBJxJ86yo89ve
-      tnsM5DYEoCGNVKEqZVu02KXSI7TOby8TwM2SS1M0xESnanNvwxsICB86TCWtvLpP
-      6tXdO+aNOEZ0VRvmVYMXFa2UXxbRJQgj2qPunlN0amvJ4uw7SdlMG1LgfFk12+Yo
-      4d+BxEeZJkgmKAHY3Mos2tcX0kFbRadRLBklkAbYLVFPHqUAMgs+5666zJ9H+Fne
-      SgqLg8edKJPBCCHOJr0r1CM0ernP1H1mgKeEGDVXJTgsqanzrYvSwina+Cc5i6cQ
-      iL1oJgFoPCj7QW5WNm5fIMhq3BW4DtM3khY8cDpct063WaaR5jLUt2vhceN2id2G
-      07J56LVQVebLIubb6SZFh9Ob3VOpiY3NGBtFXY0c7nQCaycGSdfhG/eCKyEZ7T51
-      XnIVxTBm53TPatIKS6hqLm0qs9P7pjo2qRP270cWJ8gFecvATNVSodG1bpK5aPYM
-      KVVAhchRm0WeFjga5O5/oOXOCdc7nygNUJmYJbhQsiluoZ5Gy8EdHxLDklc//X5M
-      xRiETxMCAwEAAaNmMGQwHwYDVR0jBBgwFoAUPMiDx7JMjfFzgDZHrR/wdqeEFkMw
-      HQYDVR0OBBYEFDzIg8eyTI3xc4A2R60f8HanhBZDMA4GA1UdDwEB/wQEAwIBBjAS
-      BgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4ICAQCHG+fNWIrRZ1Cw
-      1bykJcfMf+EdkRB79kaKMwKkmot94s5d8Me+nXKzNMvJk2emlHkgk/ke0ojyPJ0b
-      7/5M3u7T8sNHoy/H7cHWpV/H31jgeF3yOtFFhQ7X0gQBh05tsmSO7hE6i8os+qg2
-      QdAWlOipYHMVz/AVV2nls1OAflt3oEfvxVPlQyVY0GyOUS4dKBBRJwcRuqQBt2EX
-      SHzcU1/Gd3wvwQxDLtV5gHHfCI7G39M3KmcMxlIYjIh2cn1c4Bd2PHS3NtwIXDsm
-      WP8e5qLOUFtjMjYFKjaD2kpmihRKRDpHFyV1Ch6i4Xh7BIUnluAqf10iEfkG9Syc
-      L5Ctnl9xkn9Bf9Md6H+M8e0HXJ4zw0WB/9IFBywkFP5ijvdyIVStQ+Fxsiqk62k+
-      0XtidT3ma+Z0tTIVokbPsSxUafZo0DWKpWfnEg1RbKZ6PygGNhvwrqcojf4/vHYi
-      9bAlpF4QFo4psZ7k/oxsAKSDHWfqm34qZq78RQI7OF5N/Bs0hkfYgg3RXt9oLVyl
-      r8R0ZPfyTzchJVrtdxi9pwdyyYuBOwnCzyWs+z4QRAzHHylXQRut7SJR6lvSyMQs
-      YiJfiHbhUa7nfLi93uoTv4b2Zx1XOT/7OaXnTldLKkijRu2sSAOJKf77lFpv8929
-      9V/T79RyDPMvhRQaxyV7tBGOss3Smw==
+      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+      5IOM7ItsRmen6u3qu+JXros54e4juQ==
       -----END CERTIFICATE-----
     issuer.pem: |
       -----BEGIN CERTIFICATE-----
@@ -579,9 +357,10 @@ owgwui:
     default:
       enabled: true
       annotations:
+        kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
         alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
         alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
       paths:
@@ -646,8 +425,6 @@ owfms:
 
   public_env_variables:
     SELFSIGNED_CERTS: "true"
-    # This has no effect as template based config is not enabled (see configProperties)
-    FIRMWAREDB_MAXAGE: "360"
 
   configProperties:
     openwifi.internal.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
@@ -656,7 +433,6 @@ owfms:
     openwifi.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
     openwifi.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
     openwifi.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
-    firmwaredb.maxage: 360
 
   volumes:
     owfms:
@@ -785,9 +561,10 @@ owprovui:
     default:
       enabled: true
       annotations:
+        kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
         alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
         alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
       paths:
@@ -964,55 +741,99 @@ owsub:
           secret:
             secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
 
+owrrm:
+  fullnameOverride: owrrm
+
+  services:
+    owrrm:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16789"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16789,17007"
+
+  resources:
+    requests:
+      cpu: 1000m
+      memory: 2048Mi
+    limits:
+      cpu: 1000m
+      memory: 2048Mi
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+    SERVICECONFIG_PRIVATEENDPOINT: http://owrrm-owrrm:16789
+    KAFKACONFIG_BOOTSTRAPSERVER: kafka:9092
+    DATABASECONFIG_DBNAME: owrrm
+    DATABASECONFIG_DATARETENTIONINTERVALDAYS: "1"
+    # Empty string will disable DB usage
+    DATABASECONFIG_SERVER: ""
+    # Uncomment these parameters to enable DB usage + enable mysql below
+    #DATABASECONFIG_SERVER: owrrm-mysql:3306
+
+  secret_env_variables:
+    DATABASECONFIG_USER: root
+    DATABASECONFIG_PASSWORD: openwifi
+
+  volumes:
+    owrrm:
+      - name: persist
+        mountPath: /owrrm-data/
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owrrm.fullname" . }}-pvc
+
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owrrm.fullname" . }}-owrrm-restapi-tls
+
+  mysql:
+    enabled: false
+    fullnameOverride: "owrrm-mysql"
+
+    resources:
+      requests:
+        cpu: 100m
+        memory: 512Mi
+      limits:
+        cpu: 100m
+        memory: 512Mi
+
 kafka:
-  volumePermissions:
-    enabled: true
   commonAnnotations:
     cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+  heapOpts: -Xmx512m -Xms512m
+  resources:
+    requests:
+      cpu: 100m
+      memory: 512Mi
+    limits:
+      cpu: 500m
+      memory: 1Gi
   readinessProbe:
     initialDelaySeconds: 45
   livenessProbe:
     initialDelaySeconds: 60
-  heapOpts: -Xmx1024m -Xms1024m
-  kraft:
-    enabled: true
   zookeeper:
-    enabled: false
-  controller:
-    replicaCount: 1
-    persistence:
-      size: 20Gi
-    extraConfig: |-
-      maxMessageBytes = 1048588
-      offsets.topic.replication.factor = 1
-      transaction.state.log.replication.factor = 1
-    extraEnvVars:
-      - name: ALLOW_PLAINTEXT_LISTENER
-        value: "yes"
+    commonAnnotations:
+      cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+    heapSize: 256
     resources:
       requests:
-        cpu: 500m
-        memory: 512Mi
+        cpu: 100m
+        memory: 256Mi
       limits:
-        cpu: 750m
-        memory: 2Gi
-  listeners:
-    client:
-      protocol: PLAINTEXT
-      containerPort: 9092
-    controller:
-      protocol: "PLAINTEXT"
-  broker:
-    persistence:
-      size: 20Gi
-    replicaCount: 0
-    resources:
-      requests:
-        cpu: 500m
-        memory: 512Mi
-      limits:
-        cpu: 750m
-        memory: 2Gi
+        cpu: 200m
+        memory: 384Mi
 
 clustersysteminfo:
   enabled: true
@@ -1021,17 +842,18 @@ clustersysteminfo:
 haproxy:
   resources:
     requests:
-      cpu: 50m
-      memory: 50Mi
+      cpu: 10m
+      memory: 20Mi
     limits:
-      cpu: 50m
-      memory: 50Mi
+      cpu: 10m
+      memory: 20Mi
   service:
     annotations:
       service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
       service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080"
       service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,5913,16001,17001,16009,16006,17006"
+      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
+      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,5913,16001,17001,16009,16007,16006,17006"
       service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
 
 restapiCerts:

chart/templates/_initdb_sql.tpl

@@ -1,13 +0,0 @@
-{{- define "openwifi.user_creation_script_sql" -}}
-{{- $root := . -}}
-{{- $postgresqlBase := index .Values "postgresql" }}
-{{- $postgresqlEmulatedRoot := (dict "Values" $postgresqlBase "Chart" (dict "Name" "postgresql") "Release" $.Release) }}
-{{ range index .Values "postgresql" "initDbScriptSecret" "services" }}
-CREATE USER {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }};
-ALTER USER {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }} WITH ENCRYPTED PASSWORD '{{ index $root "Values" . "configProperties" "storage.type.postgresql.password" }}';
-CREATE DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }};
-GRANT ALL PRIVILEGES ON DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }} TO {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }};
-ALTER DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }} OWNER TO {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }};
-{{ end }}
-{{- end -}}
-

chart/templates/secret-pgpool-initdb.yaml

@@ -0,0 +1,16 @@
+{{- $root := . -}}
+{{- if index .Values "postgresql-ha" "initDbScriptSecret" "enabled" }}
+---
+apiVersion: v1
+metadata:
+  labels:
+    app.kuberentes.io/name: {{ include "openwifi.name" . }}
+    helm.sh/chart: {{ include "openwifi.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  name: {{ include "openwifi.fullname" . }}-initdb-scripts
+kind: Secret
+type: Opaque
+data:
+  users_creation.sh: {{ include "openwifi.user_creation_script" . | b64enc | quote }}
+{{- end }}

chart/templates/secret-postgresql-initdb.yaml

@@ -1,31 +0,0 @@
-{{- $root := . -}}
-{{- if index .Values "postgresql-ha" "initDbScriptSecret" "enabled" }}
----
-apiVersion: v1
-metadata:
-  labels:
-    app.kubernetes.io/name: {{ include "openwifi.name" . }}
-    helm.sh/chart: {{ include "openwifi.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-  name: {{ include "openwifi.fullname" . }}-initdb-scripts
-kind: Secret
-type: Opaque
-data:
-  users_creation.sh: {{ include "openwifi.user_creation_script" . | b64enc | quote }}
-{{- end }}
-{{- if index .Values "postgresql" "initDbScriptSecret" "enabled" }}
----
-apiVersion: v1
-metadata:
-  labels:
-    app.kubernetes.io/name: {{ include "openwifi.name" . }}
-    helm.sh/chart: {{ include "openwifi.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-  name: {{ include "openwifi.fullname" . }}-initdb-scripts
-kind: Secret
-type: Opaque
-data:
-  initdb.sql: {{ include "openwifi.user_creation_script_sql" . | b64enc | quote }}
-{{- end }}

chart/values.yaml

@@ -1,6 +1,7 @@
 # OpenWIFI Gateway (https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/)
 owgw:
   fullnameOverride: owgw
+
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -8,6 +9,7 @@ owgw:
 # OpenWIFI Security (https://github.com/Telecominfraproject/wlan-cloud-ucentralsec)
 owsec:
   fullnameOverride: owsec
+
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -15,6 +17,7 @@ owsec:
 # OpenWIFI Firmware (https://github.com/Telecominfraproject/wlan-cloud-ucentralfms)
 owfms:
   fullnameOverride: owfms
+
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -22,6 +25,7 @@ owfms:
 # OpenWIFI Provisioning (https://github.com/Telecominfraproject/wlan-cloud-owprov/)
 owprov:
   fullnameOverride: owprov
+
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -29,6 +33,7 @@ owprov:
 # OpenWIFI Analytics (https://github.com/Telecominfraproject/wlan-cloud-analytics)
 owanalytics:
   fullnameOverride: owanalytics
+
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -44,36 +49,43 @@ owprovui:
 # OpenWIFI Subscription (https://github.com/Telecominfraproject/wlan-cloud-userportal/)
 owsub:
   fullnameOverride: owsub
+
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
 
+# OpenWIFI radio resource management (https://github.com/Telecominfraproject/wlan-cloud-rrm/)
+owrrm:
+  fullnameOverride: owrrm
+
+  mysql:
+    enabled: true
+
 # kafka (https://github.com/bitnami/charts/blob/master/bitnami/kafka/)
 kafka:
   enabled: true
+
   fullnameOverride: kafka
+
   image:
-    repository: bitnamilegacy/kafka
-  volumePermissions:
-    image:
-      repository: bitnamilegacy/os-shell
-  autoDiscovery:
-    volumePermissions:
-      image:
-        repository: bitnamilegacy/kubectl
-  metrics:
-    jmx:
-      image:
-        repository: bitnamilegacy/jmx-exporter
+    registry: docker.io
+    repository: bitnami/kafka
+    tag: 2.8.0-debian-10-r43
+
+  minBrokerId: 100
+
+  zookeeper:
+    fullnameOverride: zookeeper
 
 # clustersysteminfo check
 clustersysteminfo:
   enabled: false
   delay: 0 # number of seconds to delay clustersysteminfo execution
+
   images:
     clustersysteminfo:
       repository: tip-tip-wlan-cloud-ucentral.jfrog.io/clustersysteminfo
-      tag: main
+      tag: v2.9.0-RC3
       pullPolicy: Always
 #      regcred:
 #        registry: tip-tip-wlan-cloud-ucentral.jfrog.io
@@ -91,17 +103,23 @@ clustersysteminfo:
     # limits:
     #  cpu: 100m
     #  memory: 128Mi
+
   nodeSelector: {}
+
   tolerations: []
+
   affinity: {}
+
   public_env_variables:
     FLAGS: "-s --connect-timeout 3"
     OWSEC: owsec-owsec:16001
     CHECK_RETRIES: 30
+
   secret_env_variables:
     OWSEC_DEFAULT_USERNAME: tip@ucentral.com
     OWSEC_DEFAULT_PASSWORD: openwifi
     #OWSEC_NEW_PASSWORD: "" # Set this value in order for the check to work. Password must comply https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationvalidationexpression
+
   activeDeadlineSeconds: 2400
   backoffLimit: 5
   restartPolicy: OnFailure
@@ -109,7 +127,9 @@ clustersysteminfo:
 # OpenWIFI Load Simulator (https://github.com/Telecominfraproject/wlan-cloud-owls)
 owls:
   enabled: false
+
   fullnameOverride: owls
+
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -117,15 +137,17 @@ owls:
 # OpenWIFI Load Simulator UI (https://github.com/Telecominfraproject/wlan-cloud-owls-ui)
 owlsui:
   enabled: false
+
   fullnameOverride: owlsui
 
 # HAproxy (https://github.com/bitnami/charts/tree/master/bitnami/haproxy)
 haproxy:
-  image:
-    repository: bitnamilegacy/haproxy
   enabled: true
+
   fullnameOverride: proxy
-  replicaCount: 1
+
+  replicaCount: 3
+
   service:
     type: LoadBalancer
     ports:
@@ -406,6 +428,7 @@ haproxy:
 # Cert-manager RESTAPI certs
 restapiCerts:
   enabled: false
+
   services:
     - owgw-owgw
     - owsec-owsec
@@ -414,43 +437,11 @@ restapiCerts:
     - owls-owls
     - owanalytics-owanalytics
     - owsub-owsub
+    - owrrm-owrrm
+
   clusterDomain: cluster.local
 
-postgresql:
-  image:
-    repository: bitnamilegacy/postgresql
-  volumePermissions:
-    image:
-      repository: bitnamilegacy/os-shell
-  metrics:
-    image:
-      repository: bitnamilegacy/postgres-exporter
-  enabled: false
-  nameOverride: pgsql
-  fullnameOverride: pgsql
-  initDbScriptSecret:
-    enabled: false
-    services:
-      - owgw
-      - owsec
-      - owfms
-      - owprov
-      - owanalytics
-      - owsub
-
 postgresql-ha:
-  postgresql:
-    image:
-      repository: bitnamilegacy/postgresql-repl
-  pgpool:
-    image:
-      repository: bitnamilegacy/pgpool
-  volumePermissions:
-    image:
-      repository: bitnamilegacy/os-shell
-  metrics:
-    image:
-      repository: bitnamilegacy/postgres-exporter
   enabled: false
   nameOverride: pgsql
   fullnameOverride: pgsql

docker-compose/.env

@@ -1,21 +1,19 @@
-COMPOSE_PROJECT_NAME=openwifi
-# set either default, selfsigned or letsencrypt
-# if not default then please look at .env.letsencrypt or .env.selfsigned
-# instead for configuration!
-DEPLOY_TYPE=default
-
 # Image tags
-OWGW_TAG=master
-OWGWUI_TAG=main
-OWSEC_TAG=main
-OWFMS_TAG=main
-OWPROV_TAG=main
-OWPROVUI_TAG=main
-OWANALYTICS_TAG=main
-OWSUB_TAG=main
-
-KAFKA_TAG=3.7-debian-12
+COMPOSE_PROJECT_NAME=openwifi
+OWGW_TAG=v2.9.0-RC2
+OWGWUI_TAG=v2.9.0-RC2
+OWSEC_TAG=v2.9.0-RC2
+OWFMS_TAG=v2.9.0-RC2
+OWPROV_TAG=v2.9.0-RC2
+OWPROVUI_TAG=v2.9.0-RC1
+OWANALYTICS_TAG=v2.9.0-RC2
+OWSUB_TAG=v2.9.0-RC2
+KAFKA_TAG=latest
+ZOOKEEPER_TAG=3.8
 POSTGRESQL_TAG=15.0
+MYSQL_TAG=latest
+# NOTE currently OWRRM is only supported in LB installations
+#OWRRM_TAG=v2.8.0
 
 # Microservice root/config directories
 OWGW_ROOT=/owgw-data
@@ -38,3 +36,4 @@ INTERNAL_OWFMS_HOSTNAME=owfms.wlan.local
 INTERNAL_OWPROV_HOSTNAME=owprov.wlan.local
 INTERNAL_OWANALYTICS_HOSTNAME=owanalytics.wlan.local
 INTERNAL_OWSUB_HOSTNAME=owsub.wlan.local
+#INTERNAL_OWRRM_HOSTNAME=owrrm.wlan.local

docker-compose/.env.letsencrypt

@@ -1,19 +1,19 @@
-COMPOSE_PROJECT_NAME=openwifi
-
 # Image tags
-OWGW_TAG=master
-OWGWUI_TAG=main
-OWSEC_TAG=main
-OWFMS_TAG=main
-OWPROV_TAG=main
-OWPROVUI_TAG=main
-OWANALYTICS_TAG=main
-OWSUB_TAG=main
-
-KAFKA_TAG=3.7-debian-12
-POSTGRESQL_TAG=15.0
+COMPOSE_PROJECT_NAME=openwifi
+OWGW_TAG=v2.9.0-RC2
+OWGWUI_TAG=v2.9.0-RC2
+OWSEC_TAG=v2.9.0-RC2
+OWFMS_TAG=v2.9.0-RC2
+OWPROV_TAG=v2.9.0-RC2
+OWPROVUI_TAG=v2.9.0-RC1
+OWANALYTICS_TAG=v2.9.0-RC2
+OWSUB_TAG=v2.9.0-RC2
+OWRRM_TAG=v2.8.0
+KAFKA_TAG=latest
+ZOOKEEPER_TAG=3.8
 ACMESH_TAG=latest
-TRAEFIK_TAG=v3.1.0
+TRAEFIK_TAG=latest
+MYSQL_TAG=latest
 
 # Microservice root/config directories
 OWGW_ROOT=/owgw-data
@@ -39,5 +39,5 @@ INTERNAL_OWPROVUI_HOSTNAME=owprov-ui.wlan.local
 INTERNAL_OWANALYTICS_HOSTNAME=owanalytics.wlan.local
 INTERNAL_RTTYS_HOSTNAME=rttys.wlan.local
 INTERNAL_OWSUB_HOSTNAME=owsub.wlan.local
+INTERNAL_OWRRM_HOSTNAME=owrrm.wlan.local
 SDKHOSTNAME=
-#SDKHOSTNAME=openwifi.example.com

docker-compose/.env.selfsigned

@@ -1,19 +1,19 @@
-COMPOSE_PROJECT_NAME=openwifi
-
 # Image tags
-OWGW_TAG=master
-OWGWUI_TAG=main
-OWSEC_TAG=main
-OWFMS_TAG=main
-OWPROV_TAG=main
-OWPROVUI_TAG=main
-OWANALYTICS_TAG=main
-OWSUB_TAG=main
-
-KAFKA_TAG=3.7-debian-12
-POSTGRESQL_TAG=15.0
+COMPOSE_PROJECT_NAME=openwifi
+OWGW_TAG=v2.9.0-RC2
+OWGWUI_TAG=v2.9.0-RC2
+OWSEC_TAG=v2.9.0-RC2
+OWFMS_TAG=v2.9.0-RC2
+OWPROV_TAG=v2.9.0-RC2
+OWPROVUI_TAG=v2.9.0-RC1
+OWANALYTICS_TAG=v2.9.0-RC2
+OWSUB_TAG=v2.9.0-RC2
+OWRRM_TAG=v2.8.0
+KAFKA_TAG=latest
+ZOOKEEPER_TAG=3.8
 ACMESH_TAG=latest
 TRAEFIK_TAG=latest
+MYSQL_TAG=latest
 
 # Microservice root/config directories
 OWGW_ROOT=/owgw-data
@@ -38,3 +38,4 @@ INTERNAL_OWPROV_HOSTNAME=owprov.wlan.local
 INTERNAL_OWPROVUI_HOSTNAME=owprov-ui.wlan.local
 INTERNAL_OWANALYTICS_HOSTNAME=owanalytics.wlan.local
 INTERNAL_OWSUB_HOSTNAME=owsub.wlan.local
+INTERNAL_OWRRM_HOSTNAME=owrrm.wlan.local

docker-compose/README.md

@@ -1,10 +1,10 @@
 # OpenWifi SDK Docker Compose
-
 ### Overview
 With the provided Docker Compose files you can instantiate a deployment of the OpenWifi microservices and related components. The repository contains a self-signed certificate and a TIP-signed gateway certificate which are valid for the `*.wlan.local` domain. You also have the possibility to either generate and use Let's Encrypt certs or provide your own certificates. Furthermore the deployments are split by whether Traefik is used as a reverse proxy/load balancer in front of the microservices or if they are exposed directly on the host. The advantage of using the deployments with Traefik is that you can use Let's Encrypt certs (automatic certificate generation and renewal) and you have the ability to scale specific containers to multiple replicas.
 The repository also contains a separate Docker Compose deployment to set up the [OWLS microservice](https://github.com/Telecominfraproject/wlan-cloud-owls) and related components for running a load simulation test against an existing controller.
 - [Non-LB deployment with self-signed certificates](#non-lb-deployment-with-self-signed-certificates)
 - [Non-LB deployment with own certificates](#non-lb-deployment-with-own-certificates)
+- [Non-LB deployment with PostgreSQL](#non-lb-deployment-with-postgresql)
 - [LB deployment with self-signed certificates](#lb-deployment-with-self-signed-certificates)
 - [LB deployment with Let's Encrypt certificates](#lb-deployment-with-letsencrypt-certificates)
 - [OWLS deployment with self-signed certificates](owls/README.md)
@@ -13,21 +13,92 @@ The repository also contains a separate Docker Compose deployment to set up the
 ### Configuration
 Config files for the microservices are generated on every startup based on the environment variables in the microservice specific env files. For an overview of the supported configuration properties have a look into these files. For an explanation of the configuration properties please see the README in the respective microservice repository.
 Be aware that local changes to the config files will be overwritten on every startup if `TEMPLATE_CONFIG` is set to `true` in the microservice env files. If you want to bind mount your own config file or make local changes, please set this variable to `false`.
-
 #### Required password changing on the first startup
 One important action that must be done before using the deployment is changing password for the default user in owsec as described in [owsec docs](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/tree/main#changing-default-password). Please use these docs to find the actions that must be done **after** the deployment in order to start using your deployment.
-
 ### Ports
 Every OpenWifi service is exposed via a separate port either directly on the host or through Traefik. For an overview of the exposed ports have a look into the deployment specific Docker Compose file. If you use your own certificates, you can also configure different hostnames for the microservices.
 Please note that the OWProv-UI is exposed on port `8080(HTTP)/8443(HTTPS)` by default.
-
 ### owsec templates and wwwassets
 On the startup of owsec directories for wwwassets and mailer templates are created from the base files included in Docker image. After the initial startup you may edit those files as you wish in the [owsec-data/persist](./owsec-data/persist) directory.
+## Non-LB deployment with self-signed certificates
+1. Switch into the project directory with `cd docker-compose/`.
+2. Add an entry for `openwifi.wlan.local` in your hosts file which points to `127.0.0.1` or whatever the IP of the host running the deployment is.
+3. Spin up the deployment with `docker-compose up -d`.
+4. Check if the containers are up and running with `docker-compose ps`.
+5. Add SSL certificate exceptions in your browser by visiting https://openwifi.wlan.local:16001, https://openwifi.wlan.local:16002, https://openwifi.wlan.local:16004, https://openwifi.wlan.local:16005, https://openwifi.wlan.local:16006 and https://openwifi.wlan.local:16009.
+6. Connect to your AP via SSH and add a static hosts entry in `/etc/hosts` for `openwifi.wlan.local`. This should point to the address of the host the Compose deployment runs on.
+7. Login to the UI `https://openwifi.wlan.local` and follow the instructions to change your default password.
+8. To use the curl test scripts included in the microservice repositories set the following environment variables:
+```
+export OWSEC="openwifi.wlan.local:16001"
+export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-compose/certs/restapi-ca.pem"
+```
+⚠️**Note**: When deploying with self-signed certificates you can not use the 'Trace' and 'Connect' features in the UI since the AP will throw a TLS error. Please use the Let's Encrypt deployment or provide your own valid certificates if you want to use these features.
+## Non-LB deployment with own certificates
+1. Switch into the project directory with `cd docker-compose/`. Copy your websocket and REST API certificates into the `certs/` directory. Make sure to reference the certificates accordingly in the service config if you use different file names or if you want to use different certificates for the respective microservices.
+2. Adapt the following hostname and URI variables according to your environment:
+### .env
+| Variable                        | Description                                                                        |
+| ------------------------------- | ---------------------------------------------------------------------------------- |
+| `INTERNAL_OWGW_HOSTNAME`        | Set this to your OWGW hostname, for example `owgw.example.com`.                    |
+| `INTERNAL_OWSEC_HOSTNAME`       | Set this to your OWSec hostname, for example `owsec.example.com`.                  |
+| `INTERNAL_OWFMS_HOSTNAME`       | Set this to your OWFms hostname, for example `owfms.example.com`.                  |
+| `INTERNAL_OWPROV_HOSTNAME`      | Set this to your OWProv hostname, for example `owprov.example.com`.                |
+| `INTERNAL_OWANALYTICS_HOSTNAME` | Set this to your OWAnalytics hostname, for example `owanalytics.example.com`.      |
+| `INTERNAL_OWSUB_HOSTNAME`       | Set this to your OWSub hostname, for example `owsub.example.com`.                  |
+| `INTERNAL_OWRRM_HOSTNAME`       | Set this to your OWRRM hostname, for example `owrrm.example.com`.                  |
+### owgw.env
+| Variable                                 | Description                                                                         |
+| ---------------------------------------- | ----------------------------------------------------------------------------------- |
+| `FILEUPLOADER_HOST_NAME`                 | Set this to your OWGW fileupload hostname, for example `owgw.example.com`.          |
+| `FILEUPLOADER_URI`                       | Set this to your OWGW fileupload URL, for example `https://owgw.example.com:16003`. |
+| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWGW REST API URL, for example `https://owgw.example.com:16002`.   |
+| `RTTY_SERVER`                            | Set this to your OWGW RTTYS hostname, for example `owgw.example.com`.               |
+| `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
+### owgw-ui.env
+| Variable                    | Description                                                                |
+| --------------------------- | -------------------------------------------------------------------------- |
+| `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
+### owsec.env
+| Variable                                 | Description                                                                         |
+| ---------------------------------------- | ----------------------------------------------------------------------------------- |
+| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
+| `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
+### owfms.env
+| Variable                                 | Description                                                                         |
+| ---------------------------------------- | ----------------------------------------------------------------------------------- |
+| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWFms URL, for example `https://owfms.example.com:16004`. |
+| `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
+### owprov.env
+| Variable                                 | Description                                                                           |
+| ---------------------------------------- | ------------------------------------------------------------------------------------- |
+| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWProv URL, for example `https://owprov.example.com:16005`. |
+| `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.              |
+### owprov-ui.env
+| Variable                    | Description                                                                |
+| --------------------------- | -------------------------------------------------------------------------- |
+| `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
+### owanalytics.env
+| Variable                                 | Description                                                                            |
+| ---------------------------------------- | -------------------------------------------------------------------------------------- |
+| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWAnalytics URL, for example `https://owanalytics.example.com:16009`. |
+| `SYSTEM_URI_UI`                          | Set this to your OWProv-UI URL, for example `https://owprov-ui.example.com`.           |
+### owrrm.env
+| Variable                                 | Description                                                                                     |
+| ---------------------------------------- | ----------------------------------------------------------------------------------------------- |
+| `SERVICECONFIG_PRIVATEENDPOINT`, `SERVICECONFIG_PUBLICENDPOINT` | Set this to your OWRRM URL, for example https://owrrm.example.com:16789. |
+| `DATABASECONFIG_PASSWORD`                                       | Set this to a random and safe password.                                  |
+### mysql.env
+| Variable                                 | Description                                      |
+| ---------------- | ------------------------------------------------------------------------ |
+| `MYSQL_PASSWORD` | Set this to the same value as `$DATABASECONFIG_PASSWORD` in `owrrm.env`. |
 
-## PostgreSQL
-PostgreSQL is used by default for the database for all components.
-The following variables may be set in the env files. It is highly recommended that you change the DB passwords to some random string. The defaults are shown here.
-
+3. Spin up the deployment with `docker-compose up -d`.
+4. Check if the containers are up and running with `docker-compose ps`.
+5. Login to the UI and and follow the instructions to change your default password.
+## Non-LB deployment with PostgreSQL
+1. Switch into the project directory with `cd docker-compose/`.
+2. Set the following variables in the env files and make sure to uncomment the lines. It is highly recommended that you change the DB passwords to some random string.
 ### owgw.env
 | Variable                           | Value/Description |
 | ---------------------------------- | ----------------- |
@@ -36,7 +107,6 @@ The following variables may be set in the env files. It is highly recommended th
 | `STORAGE_TYPE_POSTGRESQL_USERNAME` | `owgw`            |
 | `STORAGE_TYPE_POSTGRESQL_PASSWORD` | `owgw`            |
 | `STORAGE_TYPE_POSTGRESQL_DATABASE` | `owgw`            |
-
 ### owsec.env
 | Variable                           | Value/Description |
 | ---------------------------------- | ----------------- |
@@ -45,7 +115,6 @@ The following variables may be set in the env files. It is highly recommended th
 | `STORAGE_TYPE_POSTGRESQL_USERNAME` | `owsec`           |
 | `STORAGE_TYPE_POSTGRESQL_PASSWORD` | `owsec`           |
 | `STORAGE_TYPE_POSTGRESQL_DATABASE` | `owsec`           |
-
 ### owfms.env
 | Variable                           | Value/Description |
 | ---------------------------------- | ----------------- |
@@ -54,7 +123,6 @@ The following variables may be set in the env files. It is highly recommended th
 | `STORAGE_TYPE_POSTGRESQL_USERNAME` | `owfms`           |
 | `STORAGE_TYPE_POSTGRESQL_PASSWORD` | `owfms`           |
 | `STORAGE_TYPE_POSTGRESQL_DATABASE` | `owfms`           |
-
 ### owprov.env
 | Variable                           | Value/Description |
 | ---------------------------------- | ----------------- |
@@ -63,7 +131,6 @@ The following variables may be set in the env files. It is highly recommended th
 | `STORAGE_TYPE_POSTGRESQL_USERNAME` | `owprov`          |
 | `STORAGE_TYPE_POSTGRESQL_PASSWORD` | `owprov`          |
 | `STORAGE_TYPE_POSTGRESQL_DATABASE` | `owprov`          |
-
 ### owanalytics.env
 | Variable                           | Value/Description |
 | ---------------------------------- | ----------------- |
@@ -72,7 +139,6 @@ The following variables may be set in the env files. It is highly recommended th
 | `STORAGE_TYPE_POSTGRESQL_USERNAME` | `owanalytics`     |
 | `STORAGE_TYPE_POSTGRESQL_PASSWORD` | `owanalytics`     |
 | `STORAGE_TYPE_POSTGRESQL_DATABASE` | `owanalytics`     |
-
 ### postgresql.env
 | Variable                  | Value         |
 | --------------------------| ------------- |
@@ -96,91 +162,13 @@ The following variables may be set in the env files. It is highly recommended th
 | `OWSUB_DB`                | `owsub`       |
 | `OWSUB_DB_USER`           | `owsub`       |
 | `OWSUB_DB_PASSWORD`       | `owsub`       |
-
-## Non-LB deployment with self-signed certificates
-1. Switch into the project directory with `cd docker-compose/`.
-2. Add an entry for `openwifi.wlan.local` in your hosts file which points to `127.0.0.1` or whatever the IP of the host running the deployment is.
-3. Spin up the deployment with `docker-compose up -d`.
-4. Check if the containers are up and running with `docker-compose ps`.
-5. Add SSL certificate exceptions in your browser by visiting https://openwifi.wlan.local:16001, https://openwifi.wlan.local:16002, https://openwifi.wlan.local:16004, https://openwifi.wlan.local:16005, https://openwifi.wlan.local:16006 and https://openwifi.wlan.local:16009.
-6. Connect to your AP via SSH and add a static hosts entry in `/etc/hosts` for `openwifi.wlan.local`. This should point to the address of the host the Compose deployment runs on.
-7. Login to the UI `https://openwifi.wlan.local` and follow the instructions to change your default password.
-8. To use the curl test scripts included in the microservice repositories set the following environment variables:
-```
-export OWSEC="openwifi.wlan.local:16001"
-export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-compose/certs/restapi-ca.pem"
-```
-⚠️**Note**: When deploying with self-signed certificates you can not use the 'Trace' and 'Connect' features in the UI since the AP will throw a TLS error. Please use the Let's Encrypt deployment or provide your own valid certificates if you want to use these features.
-
-## Non-LB deployment with own certificates
-1. Switch into the project directory with `cd docker-compose/`. Copy your websocket and REST API certificates into the `certs/` directory. Make sure to reference the certificates accordingly in the service config if you use different file names or if you want to use different certificates for the respective microservices.
-2. Adapt the following hostname and URI variables according to your environment:
-
-### .env
-| Variable                        | Description                                                                        |
-| ------------------------------- | ---------------------------------------------------------------------------------- |
-| `INTERNAL_OWGW_HOSTNAME`        | Set this to your OWGW hostname, for example `owgw.example.com`.                    |
-| `INTERNAL_OWSEC_HOSTNAME`       | Set this to your OWSec hostname, for example `owsec.example.com`.                  |
-| `INTERNAL_OWFMS_HOSTNAME`       | Set this to your OWFms hostname, for example `owfms.example.com`.                  |
-| `INTERNAL_OWPROV_HOSTNAME`      | Set this to your OWProv hostname, for example `owprov.example.com`.                |
-| `INTERNAL_OWANALYTICS_HOSTNAME` | Set this to your OWAnalytics hostname, for example `owanalytics.example.com`.      |
-| `INTERNAL_OWSUB_HOSTNAME`       | Set this to your OWSub hostname, for example `owsub.example.com`.                  |
-
-### owgw.env
-| Variable                                 | Description                                                                         |
-| ---------------------------------------- | ----------------------------------------------------------------------------------- |
-| `FILEUPLOADER_HOST_NAME`                 | Set this to your OWGW fileupload hostname, for example `owgw.example.com`.          |
-| `FILEUPLOADER_URI`                       | Set this to your OWGW fileupload URL, for example `https://owgw.example.com:16003`. |
-| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWGW REST API URL, for example `https://owgw.example.com:16002`.   |
-| `RTTY_SERVER`                            | Set this to your OWGW RTTYS hostname, for example `owgw.example.com`.               |
-| `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
-
-### owgw-ui.env
-| Variable                    | Description                                                                |
-| --------------------------- | -------------------------------------------------------------------------- |
-| `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
-
-### owsec.env
-| Variable                                 | Description                                                                         |
-| ---------------------------------------- | ----------------------------------------------------------------------------------- |
-| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
-| `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
-
-### owfms.env
-| Variable                                 | Description                                                                         |
-| ---------------------------------------- | ----------------------------------------------------------------------------------- |
-| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWFms URL, for example `https://owfms.example.com:16004`. |
-| `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
-
-### owprov.env
-| Variable                                 | Description                                                                           |
-| ---------------------------------------- | ------------------------------------------------------------------------------------- |
-| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWProv URL, for example `https://owprov.example.com:16005`. |
-| `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.              |
-
-### owprov-ui.env
-| Variable                    | Description                                                                |
-| --------------------------- | -------------------------------------------------------------------------- |
-| `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
-
-### owanalytics.env
-| Variable                                 | Description                                                                            |
-| ---------------------------------------- | -------------------------------------------------------------------------------------- |
-| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWAnalytics URL, for example `https://owanalytics.example.com:16009`. |
-| `SYSTEM_URI_UI`                          | Set this to your OWProv-UI URL, for example `https://owprov-ui.example.com`.           |
-
-3. Spin up the deployment with `docker-compose up -d`.
-4. Check if the containers are up and running with `docker-compose ps`.
-5. Login to the UI and and follow the instructions to change your default password.
-
+3. Depending on whether you want to use [self-signed certificates](#non-lb-deployment-with-self-signed-certificates) or [provide your own](#non-lb-deployment-with-own-certificates), follow the instructions of the according deployment model. Spin up the deployment with `docker-compose -f docker-compose.yml -f docker-compose.postgresql.yml up -d`. It is recommended to create an alias for this deployment model with `alias docker-compose-postgresql="docker-compose -f docker-compose.yml -f docker-compose.postgresql.yml"`.
 ## LB deployment with self-signed certificates
 Follow the same instructions as for the self-signed deployment without Traefik. The only difference is that you have to spin up the deployment with `docker-compose -f docker-compose.lb.selfsigned.yml --env-file .env.selfsigned up -d`. Make sure to specify the Compose and the according .env file every time you're working with the deployment or create an alias, for example `alias docker-compose-lb-selfsigned="docker-compose -f docker-compose.lb.selfsigned.yml --env-file .env.selfsigned"`. You also have the possibility to scale specific services to a specified number of instances with `docker-compose-lb-selfsigned up -d --scale SERVICE=NUM`, where `SERVICE` is the service name as defined in the Compose file.
-
 ## LB deployment with Let's Encrypt certificates
 For the Let's Encrypt challenge to work you need a public IP address. The hostname which you set in the `$SDKHOSTNAME` env variable has to resolve to this IP address to pass the HTTP-01 challenge (https://letsencrypt.org/docs/challenge-types/#http-01-challenge).
 1. Switch into the project directory with `cd docker-compose/`.
 2. Adapt the following hostname and URI variables according to your environment.
-
 ### .env.letsencrypt
 | Variable      | Description                                                                                                |
 | ------------- | ---------------------------------------------------------------------------------------------------------- |
@@ -211,31 +199,34 @@ For the Let's Encrypt challenge to work you need a public IP address. The hostna
 | ------------------- | ----------------------------------------------------------------------------- |
 | `SYSTEM_URI_PUBLIC` | Set this to your OWFms URL, for example `https://openwifi.example.com:16004`. |
 | `SYSTEM_URI_UI`     | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.     |
-
 ### owprov.env
-| Variable             | Description                                                                    |
+| Variable             | Description                                                                    | 
 | -------------------- | ------------------------------------------------------------------------------ |
 | `SYSTEM_URI_PUBLIC`  | Set this to your OWProv URL, for example `https://openwifi.example.com:16005`. |
 | `SYSTEM_URI_UI`      | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.      |
-
 ### owprov-ui.env
 | Variable                    | Description                                                                   |
 | --------------------------- | ----------------------------------------------------------------------------- |
 | `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://openwifi.example.com:16001`. |
-
 ### owanalytics.env
 | Variable             | Description                                                                         |
 | -------------------- | ----------------------------------------------------------------------------------- |
 | `SYSTEM_URI_PUBLIC`  | Set this to your OWAnalytics URL, for example `https://openwifi.example.com:16009`. |
 | `SYSTEM_URI_UI`      | Set this to your OWProv-UI URL, for example `https://openwifi.example.com`.         |
-
 ### owsub.env
 | Variable             | Description                                                                   |
 | -------------------- | ----------------------------------------------------------------------------- |
 | `SYSTEM_URI_PUBLIC`  | Set this to your OWSub URL, for example `https://openwifi.example.com:16006`. |
-
 | `SYSTEM_URI_UI`      | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.     |
-
+### owrrm.env
+| Variable                                 | Description                     |
+| ---------------------------------------- | ------------------------------- |
+| `SERVICECONFIG_PUBLICENDPOINT`   | Set this to your OWRRM URL, for example https://openwifi.example.com:16789. |
+| `DATABASECONFIG_PASSWORD`        | Set this to a random and safe password.                                     |
+### mysql.env
+| Variable         | Description                                                              |
+| ---------------- | ------------------------------------------------------------------------ |
+| `MYSQL_PASSWORD` | Set this to the same value as `$DATABASECONFIG_PASSWORD` in `owrrm.env`. |
 ### traefik.env
 | Variable                                            | Description                               |
 | --------------------------------------------------- | ----------------------------------------- |

docker-compose/certs/clientcas.pem

@@ -1,260 +1,49 @@
 -----BEGIN CERTIFICATE-----
-MIIGBjCCA+6gAwIBAgICAxMwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3Bl
-bkxBTiBSb290IENBMB4XDTI1MDUxNDA4NDcyNVoXDTQ1MDUxNDA5MTcyNVowIzEh
-MB8GA1UEAwwYT3BlbkxBTiBCaXJ0aCBJc3N1aW5nIENBMIICIjANBgkqhkiG9w0B
-AQEFAAOCAg8AMIICCgKCAgEAqkekr6rYqlnicopx8WgKhEUctfrMD3J8jC2YshEI
-hlVFI6lRbA9EFjv1hq0BhXhOY52lwOTOQtIgdn7HNcViSoiKqrVBYRskbhVqIA+7
-nPhwB/4BYYZnbzCELjROHnMn/drFScNUaUvf+EDh9WmO4vZHD5xstK729RDZE51n
-vLlFwe5O4ckekPH17r4WojoVSczkXXRhKJXV3GXdrA/epoIUn0poUM6bCjddiEbJ
-NPknqqkS8Z9a8GYt2IX33kZD3NdHjTQRnMd7g+xroJiQ/faZ9zc0ul6l85sl1G43
-AqriEI2aOWYhSxY7sDleuy5ggz8UA5lR6/z6ZIR8IfMSJag8aVkvxt51Gx2aDaVu
-PixyMFoXyhKQPSP+cL3rzSF/767iXqINw4oOb83Jy77Ocwgp2cfW06KI4l4CTymy
-83wCBEZ6pvLmjCmbz0DIg7V7yGPGjEePNyxYG0sM+aHQEpJnaib2yza9adiXlJ4s
-M+UEMnLjEu0i8Xy15hvItgo7FYTZgWh89LIhE63HDk6qteV836K2oL9PWtVUEg9v
-pElapnq+v+8BUsvmY6Nr8eYeAnCPyW2e49a91/vCP8B1Ydbe5ms3mYcGO3Kdx/k5
-QWLquKnt5ZAeJ2werO/8mUabq8eyt4EH9tZzDKJvV/xbmhluKmamfSg4GHCpOUl1
-+IcCAwEAAaOCAUswggFHMB8GA1UdIwQYMBaAFJRoW6g4+ThAsHJk/juSPinUhsIm
-MB0GA1UdDgQWBBRO5RI5Dr0FesZ3+QQ9ugAapLBaeDAOBgNVHQ8BAf8EBAMCAYYw
-EgYDVR0TAQH/BAgwBgEB/wIBADBHBgNVHR8EQDA+MDygOqA4hjZodHRwOi8vY3Js
-LmNlcnRpZmljYXRlcy5vcGVuLWxhbi5vcmcvb3BlbmxhbnJvb3RjYS5jcmwwgZcG
-CCsGAQUFBwEBBIGKMIGHMEQGCCsGAQUFBzAChjhodHRwOi8vY2VydHMuY2VydGlm
-aWNhdGVzLm9wZW4tbGFuLm9yZy9vcGVubGFucm9vdGNhLmNlcjA/BggrBgEFBQcw
-AYYzaHR0cDovL29jc3AuY2VydGlmaWNhdGVzLm9wZW4tbGFuLm9yZy9vcGVubGFu
-cm9vdGNhMA0GCSqGSIb3DQEBCwUAA4ICAQBQq28kQUcK88zs5YzZ3b6Y3t77yrSF
-lZLWsbNE/KVlvEuTIrtkRMX9PAC4tRjOpV0oxp6NdrqUKJ35gt4EKjw1vbtyXZD0
-VQwimBv1qapZEuNe5lwNssyySAnXxUIyhCV6QVD4G9vmRPzNVtIwssjffVPjjpZ9
-LBQdliOG3FBbcCWGuRiUMysVxHxdO2rokoFuO1ye+oURrqe9zeDtE0k9QNzAi36F
-FhuWYQnn+2QHfTX58cpMb1Aql3yTO/pz5fQRUF/hmfTuuk+dLlkWoem55oRGfMVL
-coAnW3We251iEawqrR9ZDgcIWlmloZFSNylpZ/iIZOIQdYFqreRo0DiSZG4kPxcW
-RKQTSJ9F3v2j0BZan2xxaSE1tJ54IJUPUND/O6ITVQLfexVLIggRfeIAsURdhPn9
-1KUrZu3HoIYX6kcpuhl++BQgOx3qr6RomAVDhXSGRVRQ2B76N0N1ZC+mEEhJUYbb
-0DlZntDp7q2ZDzn6gFYOnrGhoXe55Yrx8c45wMOBZmz0Q6xzc0jydgZoAG9/20l8
-6S9G2j+UuMYRBCSzouILsGwTloU7XR3qIuO2WbYcG+UV0o/3lVOkAk5992HPG7DT
-hZ1qNe72WFHmtKVwfYJTcQG/TucWFvplUE3hMDMqS80tmx9TrXiRdI4R5IrTxfsS
-znGN0LCQ5YzAAw==
+MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
+BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
+CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
+qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
+yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
+4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
+ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
+UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
+YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
+98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
+BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
+AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
+cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
+ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
+KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
+IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
+XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
+IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
+DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
+EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIIGBzCCA++gAwIBAgICBAYwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3Bl
-bkxBTiBSb290IENBMB4XDTI1MDUxNDA4NTQwNVoXDTQ1MDUxNDA5MjQwNVowJDEi
-MCAGA1UEAwwZT3BlbkxBTiBEZXZpY2UgSXNzdWluZyBDQTCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBALrPh3nxxKWaPQbcQeZdihRrGwJNYgdrzz/YAsss
-EbKXYKAOwb/EJKSv52eUysI59lcvfJrsqn4wyUaXQvgYxJUatCSpmCCKEzftgudS
-UAlPY8L/4qeqUvxz6CN3qiKivxQ31Z7SJTLgR7OTXxk5ckXHkc8QPB2GPWkU3BzV
-RbBNKcVxwMK6JaZbB0ZlR6r1ImnLnsDUI0qkgSV8NBO7bJd1yvqfn04yc0/pIo+1
-9uX/gh7AA0RsZeXw1SO3wCfUO5Cr65X+MW2T3LsbnBPbKOqHnF0YWJGx5RPOWVIS
-wudAy4zlqdwPInrb4BCMkJUoZlRhhx7vvNmP9HwNwCp8+COjE77caAEAi+0VHamY
-spu9IgDZCr5FmgHBMu9WiaWpB3RxxbFa6UdVl3sMzRFS6SEHhs6RCAXwQj7KiZLf
-tb3UCRps5XMlhmjAApyDKsJEXKnd5cSpSYxCQQlOB9BCG6QVc6vQLdu/uq8X6Z+2
-0EcP7NVyzMDgHdozp4jP+M4Sow6pv7KE4SZaBfpbgM+Ht22sYoBwMouRYbzSAhJS
-8qBH+IiDqwMRWyox8TuhCsn9WJr9t6l8p3O1pUB0IccraUTVo7XydZWaprtrvMTf
-RtudowCxea9Iz6md9zlqNZAQu2QNUpH9YQT408N02qukp2uaAGvQjbSfAtnWduTD
-F6AbAgMBAAGjggFLMIIBRzAfBgNVHSMEGDAWgBSUaFuoOPk4QLByZP47kj4p1IbC
-JjAdBgNVHQ4EFgQUVRP31JMaQoUd6psw0tjQpKbhmvUwDgYDVR0PAQH/BAQDAgGG
-MBIGA1UdEwEB/wQIMAYBAf8CAQAwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL2Ny
-bC5jZXJ0aWZpY2F0ZXMub3Blbi1sYW4ub3JnL29wZW5sYW5yb290Y2EuY3JsMIGX
-BggrBgEFBQcBAQSBijCBhzBEBggrBgEFBQcwAoY4aHR0cDovL2NlcnRzLmNlcnRp
-ZmljYXRlcy5vcGVuLWxhbi5vcmcvb3BlbmxhbnJvb3RjYS5jZXIwPwYIKwYBBQUH
-MAGGM2h0dHA6Ly9vY3NwLmNlcnRpZmljYXRlcy5vcGVuLWxhbi5vcmcvb3Blbmxh
-bnJvb3RjYTANBgkqhkiG9w0BAQsFAAOCAgEALMFsYRqB8NDMMWZV8NqbjNT5QA3Y
-O3ODxYOuFC4NjSzUSh3Lh73f5+Ec4slQNFuOQeqhqFJaDAPIxUI5ekKtVjzmt7St
-crbW1dE47+ZHkPXrWVRwRmlV1qP5TqS5oTH6dvpEpEcSxT/IKGQB1cwQ1C+Qp3dd
-3rZnylXfL5dimIpKDGHYqiHyltktlv3uMWnQhUwrKjt2GW0TnF7bVJ0OJko7aDL7
-wdY0TGUH9eLQOoz/a0e9sKSsqOxrq9grN7npbUHOr23CdQBnSjF1Q5dXKvza8kRj
-+agDJW5h/fyBvZ5I4U6m4jFyUnAKso6Xd0+feejPCH7f6kYY+pT7NKO4dVqaRLrj
-yDmtXGsMza6C0h8wBgYwg4d7jxTqOx6iJfJLyLGWKT94HeChiWOL2X0HpF+Gn9Uf
-C7rtLO4QwQzGHdEGyFlw/pBTs6g3wTYVv7ZZfh8DJ9PIedqJmUdwMVE89ThEpu4Z
-q1bFfqENwDmrj2erS3fweEY3G+w2m8f24tJiLWOW/hBRcR3fm+73C8svmtwVGo5Q
-2i6yJxQ12Q42oa1sfsohr22J2NxotqbQz0gq1J9QparEJ5qUjMKkO9Rj3s24KW2t
-E6WIb5d1WpIxownlqOgFE7FftxXmQdJNJ2t4XyUMWhwXbOxfc2RlLek0LtnHPA8N
-hCFqyfjUtMPqafk=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFFTCCAv2gAwIBAgICAxIwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3Bl
-bkxBTiBSb290IENBMCAXDTI1MDUxNDA4NDcxMFoYDzIwNTUwNTE0MDg0NzEwWjAa
-MRgwFgYDVQQDDA9PcGVuTEFOIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4IC
-DwAwggIKAoICAQDGibJ04A55kSURTBSKgcBmLnND2I5wws1taKqqU9aaRhB7NtvM
-Hwh2voH9b1brUiulZaZwTN/9kzd4AnXeKQ+0u5tV7Ofk0fzF2MK47n17TS30Yenq
-c4NuQEKdpKK/pM3VvOEppR/bqtgyLtDmbDnmFOx+zTj/+smTgouwA+Iier0P4s5O
-ohYxn/bjOqwQbHbU79VpGBIWv6/kt55AhH7zvsqqKHkrzTxnsRBv3SBIufrjJr9P
-IhZBLDrqr56P6KgAi0eoutNt2ToiJbE0WfjU7GI1RSiSN5bGj1zXhjNVzQWs1H9Q
-zRf3c9pl3+haHQZ7FZ1UqiTRewmbNrQ6I9k81au3SttUlb87MyAuDSzatkiq7CjQ
-8VE1J6te6ZBt2zWpUhHsR/Lg7g3eOw5dL4oZJdK5GgGu/MUajLUXifIqM13Mvg0V
-TzDhN69VLXLSL0gPcicsQCwJuAza1IC/VqmBGx19fAkyJhOurCXWOgisi0g1+xzP
-KRphUNwMPUf8vBVOM/Vc6xDIvwVGE3+eWXyhixneFlSpAI03nWWjpwWXihTBoxbf
-RXO3Y/ilJqrgFN+U4PJcCPA+Wo7ThH0mgX6bOTPcgXMUzT3v3FF6Bx5/PNV3kYrw
-2yLzribUiS6AGvVGnW4hX2Z6OQvA/aHME8KF+6y6m4pC7FkUjVaRlzWu/wIDAQAB
-o2MwYTAfBgNVHSMEGDAWgBSUaFuoOPk4QLByZP47kj4p1IbCJjAdBgNVHQ4EFgQU
-lGhbqDj5OECwcmT+O5I+KdSGwiYwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
-MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAB+/RUC2X6eVoPsFNMkaXO5Iib/ub0Jo
-WhODQm8j2Mr5dpGXESSpXjfDcqDOLuJbWWoflXBLdr8BsVCBqOA9YgCX0H8Br7dU
-WmCScixxLW0he592/424EvdwifxcKHZLjv9CKV5Txhqnm2djc5RY/nTH5MYVrIh/
-If2TNO5ydDP6+vgy9GQ4en04VK7rz+PW17O8l7k9/lOmYptZmHgSDAPj/cT3PlG+
-McqaI5rMSHeEHlzH+PvgWjtSeEhF4FwFBXroDl4/yb4l2JB8bqAZ3vsOXSkigFcZ
-h5MXPe+zuSSW+G8iLr4xoi0CFsP2DaHEyxgqP4B1FtE9nFPo6cvWbwqTVT7QSzqf
-H+jPJuQvpFXeRF5UFegNZTFT5/uFFPamihakFslEYxeJey1y+OJdLcP6ef87ruSt
-8amsq56OAETYpnW4JFowlEh0C+QwLGHGGY6WrOgHY/90hJmPgXBdBVg/IoOhzbvk
-5A+LqZDvxV2/rLNfClw8Kr3g5e8obcB6dWgMCy2z+us0H79ucnmhzQKsjpxM9T1n
-cHovAQfiD3jVqfHULY53avh0wIAjosoTGbe8dyx80quHe+16qWan7C9idXeAYYJX
-bZt5hs6hLw4I8M1LsjTg6vwsqiaHZpsmDyyQLdFjNJldG7aosfS9F+BIpuwijF+1
-dashL0CPsbIJ
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIGBzCCA++gAwIBAgICCQYwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3Bl
-bkxBTiBSb290IENBMB4XDTI1MDUxNDA4NTY0MVoXDTQ1MDUxNDA5MjY0MVowJDEi
-MCAGA1UEAwwZT3BlbkxBTiBTZXJ2ZXIgSXNzdWluZyBDQTCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBALSdJpzwPfQM9oHBGt6w8UDLDJNznxI7cpfl0u0x
-VCHN1YY7onpwxFVkFRzUx/JrQ/tbEGZH19XtngaCZ91KbGbqVao9S32H0tyn2t3e
-TJ5h+klJ7+7YAbZr8UfOi3nG4bZzNSa5dDBPaNPvI51byKDN7siXXnALV3f0l6lZ
-gDpLQco/E7ANU3lslUVjVNALfFUEonDyP7XV+lFAyidpjIn6dRn7oYs3SUwkzZUn
-tYJAhAykmxXMWox+85gDkdb+2O3G8ci0uHVbb0A9LP+MeIhzxHgnnAMfWLfEZexd
-mEd2PwVHaz/D2Xp/gYrpPDTsbqWjQ9NmgdASwqN5j8BuJ8vHDVBVCztVDltm6JPw
-3Y6GQPN1LmiSLUzst7VYpydUJRDHYIAKJhT9DYxQ126VfiyMo6Xl4IQO8YZ/J6r8
-yR7gyvyUiBW+wvvC1bCY5+VuI4P/cY+6iA1qwC1SOWjYlccy+tbfGj9zr32Qf27e
-9RXSAkcATHen1rc/9AGEeAuSpKrzhmZIIvM4+EtYgbBvf91NkP51zbGpvsAbfWN/
-ecNmqH9SeyrrVgv68Z34hMijCcvJNyIvloo3nkb/gHYV4tAiwTTrX13Rio/8qNF4
-nwHLsjw0t7jEyRiXdOciePyhGbtdicuiUxrShzbGY7ID0yNwyTKcJYhorL/8r+YF
-psXrAgMBAAGjggFLMIIBRzAfBgNVHSMEGDAWgBSUaFuoOPk4QLByZP47kj4p1IbC
-JjAdBgNVHQ4EFgQUBwUkiaCh5hdY+ZH6O8NmEE/nH5EwDgYDVR0PAQH/BAQDAgGG
-MBIGA1UdEwEB/wQIMAYBAf8CAQAwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL2Ny
-bC5jZXJ0aWZpY2F0ZXMub3Blbi1sYW4ub3JnL29wZW5sYW5yb290Y2EuY3JsMIGX
-BggrBgEFBQcBAQSBijCBhzBEBggrBgEFBQcwAoY4aHR0cDovL2NlcnRzLmNlcnRp
-ZmljYXRlcy5vcGVuLWxhbi5vcmcvb3BlbmxhbnJvb3RjYS5jZXIwPwYIKwYBBQUH
-MAGGM2h0dHA6Ly9vY3NwLmNlcnRpZmljYXRlcy5vcGVuLWxhbi5vcmcvb3Blbmxh
-bnJvb3RjYTANBgkqhkiG9w0BAQsFAAOCAgEAqEk5ZJdpMVr2U0YhmqEU6gqxEeih
-9MWKcQfmsT/lhf5m5V7VuLMc3r+EBCsPssw60umdQcAU2IPlJXLAeWwdRyY7ZNNw
-QVgl9GBI/CM2b7x18+12/llCdXW9FOagdChTuuhwRnGTt71jcrJkleQyEYhqwwIE
-N82hxq4HSZO6XJDev4IsMRF00+qt8biJcf7OVGOSLoyiU6Dm/EzxoB+DZf3HdUc0
-vzfVjD4Im+yYzqXuwWV6c9oIBQH6obzaqlpg926CtEBFR8E1LQe93ahMvF7pExpI
-OkE5PTuqONvy7Xn3Ui8NRxHhmm8j/unql6bUTGENz9s68n8Im7weq6awC9Hfu8aG
-WjcnXI7tsDY5uJEguP5fSwCUrdTE85XgPgPHeKaIwBZsyRZTqVSvbky+c15Yv6IT
-XLWoA0AUxz9ste3WpqiWCNJVI90MCruSYKdpXGV0KU3QQXJDMKhHJBF5DLpuKibo
-Ffh9O8pB7B4/tJ76JpAc6Z0rfaQUo2vxSpb3Sbd/IHNcL08zB8Ay+YUBULspxe+1
-StKthmCzCHI9DOhIgeASyNBpcL7uZPjCXiYGhUuzsFGv4sQ+d267Jyvql/Piw/vY
-g1k2aVBfdIoIU4TpIEVyQqPz4aAW+0SgL7OM+/zD9jxn3gVdusCpmHcoTzOfZRri
-H0FGIeDSQydpOJU=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFajCCA1KgAwIBAgICXQ4wDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3Bl
-bkxBTiBEZW1vIFJvb3QgQ0EwHhcNMjUwMjIxMTUwMDAwWhcNNDUwMjIxMTUwMDAw
-WjAgMR4wHAYDVQQDExVPcGVuTEFOIERlbW8gQmlydGggQ0EwggIiMA0GCSqGSIb3
-DQEBAQUAA4ICDwAwggIKAoICAQDVWIyySul6Fv4wl1O+DQpaLRa0p+Az5L/jcqTp
-dVf6w+8tlmeIY9C28uDQoDjewrIkvf3lcfK86nshs02s9ehqZUnEP8+GvKM19x3J
-bWxeTvWwFirjHir4x897iQ606bAMbrHHtntI9ZyBZyXDGeElGJxJQNX+0d50SFq6
-09cB3yxpBPJ67ag+4Oq0uHgROHjEQMrfwLwlAune0c1fjQDrN14PDNjMZHvvhc/p
-kAHxR1PP6LOFNV5NuQ58tC5N7R2EqqFbIJ8VZgcagrGRYuAuFFTaV+D7RIt9xGTu
-WlCyxHI7VkRBJ1mRoEr4GOrP9QFjBD8NzNK+/wnR/fZwhpEnRsgHiI33wKHBDg+l
-3r8tvRzuB5X6Gl/SfuAeaoCuDHMncTjQg1zGhyEwjQhUe4RY3w+yHAjeeOE6c5sp
-OMDDdaBibkzLmSjXztuLeAdzsUcD3fvGeOvh9vG14TKEmF8puNkqEcc0W8NyUWKF
-dr9umdJEMbaRSSsMGtp8bDj3Ddh4PhEJrIFeo89+HwXhU6sk+wzE9BULTohahsfw
-OV/08t1cZ3Q04Oj1KI+4YWu8BJns5gX35rQ8GIbkXQwfvFMwqmbg+ij2o9HWdkSL
-4bcqW/83Ho+31ce210rVGPK9cav0CjA2Eexgxi45cbgnfoade74Qa5zXboJEBmp7
-rbo4swIDAQABo4GuMIGrMB8GA1UdIwQYMBaAFDzIg8eyTI3xc4A2R60f8HanhBZD
-MB0GA1UdDgQWBBS5xC3inqLQl+vxzn9PsjNzlZ5hYDAOBgNVHQ8BAf8EBAMCAQYw
-EgYDVR0TAQH/BAgwBgEB/wIBADBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vZGVt
-by5jZXJ0aWZpY2F0ZS5maS9jcmwvT3BlbkxBTkRlbW9Sb290Q0EuY3JsMA0GCSqG
-SIb3DQEBCwUAA4ICAQC0UUiTX/BpfbjxnTxQfWgK8cMS0opr9AA7Ta1ZAqu/wJpb
-pSEbcd41YkLDfL+aXOV3RU3sO8VSrnvGe1r5ikF3y2DOmegLBury1K05WPASjn2i
-8wioE3O0JtesijnX1tUlFYqpdX3+XSoHmRV1L6O2tptiACSLcx42uBtGI7Fhsfby
-2yv9VNkMiW59bcAlex2higrnIfGcbA7Fgx3REKe1fN6Q4nxIXC/VLm8nRr8g3g4w
-rIkcly/PgfsMHF+FXGXWl3D/4v6HMV5nm1PPMPvSp5f9G2ftx+zBw5qQbVSoOmxZ
-1a5XzBhrqCnKXPpn2v8FQJ+Nk7FcgmtCURL7BUlm2cnZg+pgXpacQo9nN9uMoMI9
-yCrHRa+sTsfL5+Ar4sMqkNJVXsRBv57ls7wr2Bix9Mla+9zGAFK7Yg9UPpjlzGZ4
-BpiGdNqJcX6a1bIjDe66Pah2P/O8riSX4UMf8ypPsO4h9KNM+XIjQw2VtpEoLNTF
-6AqyvrrWfsJwGdXSg+GpNPJ1Gsu1Y6ataMGvsrot6OxTrg+TpUMuacfwc8zN7+JI
-2XO+PgAf9M1URMYar5v8NKFQ4NX6lMUzNiJnIaoCnbd0zoh/Ui3cbpI46z3UHthw
-qq3/VWS7WlXQZXJ2qNg6c4yEz8iUogod4B1p9badXZBSmpsEcY1m3NzE/OKYgA==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFbzCCA1egAwIBAgICYwwwDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3Bl
-bkxBTiBEZW1vIFJvb3QgQ0EwHhcNMjUwMjIxMTUwMDAwWhcNNDUwMjIxMTUwMDAw
-WjAlMSMwIQYDVQQDExpPcGVuTEFOIERlbW8gQ29udHJvbGxlciBDQTCCAiIwDQYJ
-KoZIhvcNAQEBBQADggIPADCCAgoCggIBAJauwpN+LAd/VubBpX3O3u/E5CXkmxLZ
-di/F9zOTimAOPqfWP7K046TfbNj4twPYSzVzjawkenRkEK0yZQ1DOXmzkGWVnsih
-gR/CA+IUUY1yCnmg6t9Dx9l5K0ZnAox90HO/ybIymcoSfRXhotuhle//eDNmGccd
-XFsndvGdmxshaV1zN1h2POw7biCBZuypCzwvRitFfcpv3pdIk5xTt2G/yMbHPCNo
-dUJHYHLWotridJIJ7DdhYoir5q+iSqWIqjKfDBlqCsvO7e+KidcW9ctljWspAHvl
-B3/yHdJwJz816YTZ7r37I/DsXk9gmjj317gWRkGLMTx9fk6SiMfGW4kfUvClfg1v
-0aRrDGPEcCagHM6ViqbW2+Tc5K38fySgNZKSTBPPI+59iAHd5RADEJDGankEYvzN
-Le0sgB90RDjhTMleOpp5agtd2Yk/ZVjHtKfCnq13OLJfcgX76iY1Ko6AmKqiaxiE
-V2zi9/UFVTIURT8S7JgiwF4ZNIZzHmcr4R4n5O7aSgYUlVjwFp/IEMC3ylTAX8cP
-d4VW0p1f4D3HK7TRcaaqsERuxNh2KVtR48Au2MPGC/8YRKsz/qzH2GfsfFgjKxfF
-z/mZYOA7913DvgVbDQoR9/6odGXZH0XDwH1e1w59dqbXBnIv2VVzElgZsPimIr+M
-UxlZXZHMYtL3AgMBAAGjga4wgaswHwYDVR0jBBgwFoAUPMiDx7JMjfFzgDZHrR/w
-dqeEFkMwHQYDVR0OBBYEFKqr/2rLqvEtxLDRsPCJ1L8WMr7VMA4GA1UdDwEB/wQE
-AwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6
-Ly9kZW1vLmNlcnRpZmljYXRlLmZpL2NybC9PcGVuTEFORGVtb1Jvb3RDQS5jcmww
-DQYJKoZIhvcNAQELBQADggIBAAmSU3aAV3YrPk9F4yaatF2H3E9PTZ/G/3kuJhBR
-Oag4trkewFoII+O0YQ2enqYeZ6AncGVRWeI1R2TmN8lpsBSG0IXQ8dhO9gCwSyxF
-Rito63OjZEaqbLY+1xs4ybkfHKnQ6wGOxDiDMY84kr/UbhpPgHDIufO3FWCp6ucu
-chN67J0hAMfiMbeQ5BZ3LLG2/To0Zl9S5L8C696YlSdBvp0V64vkXYxfAaIoHYEu
-coatg8hgSuugRN/eiOH2ppYShQXNGJvysi/DBtxZecStVJ8SGhWHhP3uM/9TiSfC
-ZCWp3xj65q1hWg0FgvQKDxaa3Qqq6r4/z7cbBI9Tg0VMJnIvhWTsLCssFzoqEvfL
-g53+kbZbQkJAJ4qEirPopKeTBgnm6pEeA5YOTp+bBSgPKNx7G1sT94+LO819aIXt
-ezP4AaO3cW6EomXojMyZl46NcUU3ZnL1AxbtWa9H4TdnBtYG2ewntCXkrqSuRry6
-lhgRZh6q9SDyKW6qjTN2/u91MgoRBndXfsCGX825yxKL0beFCpHFeG3r40zWB3xl
-s5zf/Ny7ZMp5gtVQOlmlN29HHN+Hzzhook8VrXLk5GXHQM0anfTffCHpw0UIivpA
-wJE9bOfha3mTd8LHXOP0OFH6OlqKNX943hQdblsOIVNNbxz3OfQm/ybNcHDUhlWV
-RDdm
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFbjCCA1agAwIBAgICcp4wDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3Bl
-bkxBTiBEZW1vIFJvb3QgQ0EwHhcNMjUwMjIxMTUwMDAwWhcNNDUwMjIxMTUwMDAw
-WjAkMSIwIAYDVQQDExlPcGVuTEFOIERlbW8gT3BlcmF0aW5nIENBMIICIjANBgkq
-hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4Q5dx+CWyaPxOlAGUC462FgnO4umYEqF
-LQCuK31kgg0tBbbfaq0XApUnjH5IOMI1IGtYgZmm48q1noHaRwk4WFxxvr/dyS51
-hAEa2GFb2S3pkG7VXAF/XYv33yyfM+1K0tyZPRm9tbBShUIfflGFjnrSwxkNhoOH
-IIOVXxCHLBD/Aor74JAkEGtkIo30FPx2vQ+fg4rnQsm9aSffgWwWua7T590tnSMG
-ljDMm++nCQIgONFQC7RQXeL0Ruu14FxB639oJxPmwDQhD/R5zQz/wFBhinjHuzYl
-i0bmxHevdDQluNUxf2lHwJRy6eC/TzdRFOgDUre9kzu929skgNouM0q0y/Rpz7QU
-bd5s1i8JnKebAqADqMT8Yz1Hph0oCvOT0Dc2joxmjGh3loolWRKufKTVe431pvdv
-iV/rAooOSnm5Htmd8ClOADudhrheX886cSd9Z5JKucHhW34Lf1ze7uj1LjxoTh3O
-eo7XedhjmJYcQavpQlVRLTbbY/LJHegPtqJAIvQkrwtOpe05rShl06MxO9wj0BPJ
-0PFp/MxJd0ESDV0EM9dxWIWgXwZftowPzfj3ai5OQEazpTr1IMRehsbCn3JEJ77N
-hCqKPaZmRtKRD9e5cu0YiGfRddr7xaXiwtPGId/ZHsNUASbv7NMDdemRv3TiFwv4
-z8OKCm8QeisCAwEAAaOBrjCBqzAfBgNVHSMEGDAWgBQ8yIPHskyN8XOANketH/B2
-p4QWQzAdBgNVHQ4EFgQUe/uhewyjB6GNj5Dbq9s+I5mWexMwDgYDVR0PAQH/BAQD
-AgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDov
-L2RlbW8uY2VydGlmaWNhdGUuZmkvY3JsL09wZW5MQU5EZW1vUm9vdENBLmNybDAN
-BgkqhkiG9w0BAQsFAAOCAgEAXiCsunaML25vERDeclBVvUGHviqTh6WOFgezHQc/
-NGYl3yFEt2wn+XWjunjI+bfIhiG/98EJCqtT0X5hIn8NqiaGuMX+bI3bI3oIS9qF
-qaUuIX0Vt4RrhFhiPkgk25BVCxtMu8XA7OGARz5kRWedTANPh8FRaGIu2yAgPpP1
-Af6HAZYhwSMYm98Gp+9hN1yYDV8Yn58hVnWYEvJTDuaxlgbrsMZDfcGHJybZdNtZ
-WdZaVDHYCcjnPtvg/++e0GWC9ePjFbKy56Xv5lUsq/kUIbUAMwuGQm+fWF8bjWmX
-/251Ib1YlMp8MpLKofssN6WlcxE928djOyLZd0RLMRq7Uu15YCiImTax78cxptlu
-2EkKcJenpfSawGJepSfMuGBgpPg5Ud9Z/tVsTUhEC0YSKKokt0+t4VuFWk8ug3GK
-T6DMW0J7ajGNry5fxmIF/sDcFuY1q++y8aCL2I5BSf0Y9JM8N7BiB9w91qjVU6zM
-T22ioz7OydYq6wBKCSqGghqbm0ZbRbj1+j08CzwC0HQX5xo0ZPipIstk+DMZLy30
-ZerFlfzZSCNcpQsBJffE0mEA8D8+7u0MuyskrpUOGrJaAx0qt7BJpTlE8FGl41D9
-+fzIUJcTh+3+PAD7VvraobiLRFN2PqpoZAPI/frdT+EJrDkKj/FLIsQiUxxAG9F0
-Gvo=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFIjCCAwqgAwIBAgICCOMwDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3Bl
-bkxBTiBEZW1vIFJvb3QgQ0EwIBcNMjUwMjIxMTUwMDAwWhgPMjA1NTAyMjExNTAw
-MDBaMB8xHTAbBgNVBAMMFE9wZW5MQU4gRGVtbyBSb290IENBMIICIjANBgkqhkiG
-9w0BAQEFAAOCAg8AMIICCgKCAgEAyMTHKUp0lagm72Y4c8nrJkVcp7WUTjrsbrlp
-ylLYUohac9UWM0KYBMymQw4gXMQXDIV1tCPM6J22Iv7vfOUTnaU4mlcJ85zEMWoN
-gMknz/8nX+BBawFoqlK+AuIdT/RrCRCD7IlhmmPxhlrg2QV77NONBJxJ86yo89ve
-tnsM5DYEoCGNVKEqZVu02KXSI7TOby8TwM2SS1M0xESnanNvwxsICB86TCWtvLpP
-6tXdO+aNOEZ0VRvmVYMXFa2UXxbRJQgj2qPunlN0amvJ4uw7SdlMG1LgfFk12+Yo
-4d+BxEeZJkgmKAHY3Mos2tcX0kFbRadRLBklkAbYLVFPHqUAMgs+5666zJ9H+Fne
-SgqLg8edKJPBCCHOJr0r1CM0ernP1H1mgKeEGDVXJTgsqanzrYvSwina+Cc5i6cQ
-iL1oJgFoPCj7QW5WNm5fIMhq3BW4DtM3khY8cDpct063WaaR5jLUt2vhceN2id2G
-07J56LVQVebLIubb6SZFh9Ob3VOpiY3NGBtFXY0c7nQCaycGSdfhG/eCKyEZ7T51
-XnIVxTBm53TPatIKS6hqLm0qs9P7pjo2qRP270cWJ8gFecvATNVSodG1bpK5aPYM
-KVVAhchRm0WeFjga5O5/oOXOCdc7nygNUJmYJbhQsiluoZ5Gy8EdHxLDklc//X5M
-xRiETxMCAwEAAaNmMGQwHwYDVR0jBBgwFoAUPMiDx7JMjfFzgDZHrR/wdqeEFkMw
-HQYDVR0OBBYEFDzIg8eyTI3xc4A2R60f8HanhBZDMA4GA1UdDwEB/wQEAwIBBjAS
-BgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4ICAQCHG+fNWIrRZ1Cw
-1bykJcfMf+EdkRB79kaKMwKkmot94s5d8Me+nXKzNMvJk2emlHkgk/ke0ojyPJ0b
-7/5M3u7T8sNHoy/H7cHWpV/H31jgeF3yOtFFhQ7X0gQBh05tsmSO7hE6i8os+qg2
-QdAWlOipYHMVz/AVV2nls1OAflt3oEfvxVPlQyVY0GyOUS4dKBBRJwcRuqQBt2EX
-SHzcU1/Gd3wvwQxDLtV5gHHfCI7G39M3KmcMxlIYjIh2cn1c4Bd2PHS3NtwIXDsm
-WP8e5qLOUFtjMjYFKjaD2kpmihRKRDpHFyV1Ch6i4Xh7BIUnluAqf10iEfkG9Syc
-L5Ctnl9xkn9Bf9Md6H+M8e0HXJ4zw0WB/9IFBywkFP5ijvdyIVStQ+Fxsiqk62k+
-0XtidT3ma+Z0tTIVokbPsSxUafZo0DWKpWfnEg1RbKZ6PygGNhvwrqcojf4/vHYi
-9bAlpF4QFo4psZ7k/oxsAKSDHWfqm34qZq78RQI7OF5N/Bs0hkfYgg3RXt9oLVyl
-r8R0ZPfyTzchJVrtdxi9pwdyyYuBOwnCzyWs+z4QRAzHHylXQRut7SJR6lvSyMQs
-YiJfiHbhUa7nfLi93uoTv4b2Zx1XOT/7OaXnTldLKkijRu2sSAOJKf77lFpv8929
-9V/T79RyDPMvhRQaxyV7tBGOss3Smw==
+MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+5IOM7ItsRmen6u3qu+JXros54e4juQ==
 -----END CERTIFICATE-----

docker-compose/certs/clientcas_digicert.pem

@@ -1,309 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
-BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
-CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
-qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
-yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
-4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
-ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
-UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
-YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
-DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
-98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
-BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
-AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
-cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
-ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
-KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
-IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
-XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
-IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
-DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
-EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-5IOM7ItsRmen6u3qu+JXros54e4juQ==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIGBjCCA+6gAwIBAgICAxMwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3Bl
-bkxBTiBSb290IENBMB4XDTI1MDUxNDA4NDcyNVoXDTQ1MDUxNDA5MTcyNVowIzEh
-MB8GA1UEAwwYT3BlbkxBTiBCaXJ0aCBJc3N1aW5nIENBMIICIjANBgkqhkiG9w0B
-AQEFAAOCAg8AMIICCgKCAgEAqkekr6rYqlnicopx8WgKhEUctfrMD3J8jC2YshEI
-hlVFI6lRbA9EFjv1hq0BhXhOY52lwOTOQtIgdn7HNcViSoiKqrVBYRskbhVqIA+7
-nPhwB/4BYYZnbzCELjROHnMn/drFScNUaUvf+EDh9WmO4vZHD5xstK729RDZE51n
-vLlFwe5O4ckekPH17r4WojoVSczkXXRhKJXV3GXdrA/epoIUn0poUM6bCjddiEbJ
-NPknqqkS8Z9a8GYt2IX33kZD3NdHjTQRnMd7g+xroJiQ/faZ9zc0ul6l85sl1G43
-AqriEI2aOWYhSxY7sDleuy5ggz8UA5lR6/z6ZIR8IfMSJag8aVkvxt51Gx2aDaVu
-PixyMFoXyhKQPSP+cL3rzSF/767iXqINw4oOb83Jy77Ocwgp2cfW06KI4l4CTymy
-83wCBEZ6pvLmjCmbz0DIg7V7yGPGjEePNyxYG0sM+aHQEpJnaib2yza9adiXlJ4s
-M+UEMnLjEu0i8Xy15hvItgo7FYTZgWh89LIhE63HDk6qteV836K2oL9PWtVUEg9v
-pElapnq+v+8BUsvmY6Nr8eYeAnCPyW2e49a91/vCP8B1Ydbe5ms3mYcGO3Kdx/k5
-QWLquKnt5ZAeJ2werO/8mUabq8eyt4EH9tZzDKJvV/xbmhluKmamfSg4GHCpOUl1
-+IcCAwEAAaOCAUswggFHMB8GA1UdIwQYMBaAFJRoW6g4+ThAsHJk/juSPinUhsIm
-MB0GA1UdDgQWBBRO5RI5Dr0FesZ3+QQ9ugAapLBaeDAOBgNVHQ8BAf8EBAMCAYYw
-EgYDVR0TAQH/BAgwBgEB/wIBADBHBgNVHR8EQDA+MDygOqA4hjZodHRwOi8vY3Js
-LmNlcnRpZmljYXRlcy5vcGVuLWxhbi5vcmcvb3BlbmxhbnJvb3RjYS5jcmwwgZcG
-CCsGAQUFBwEBBIGKMIGHMEQGCCsGAQUFBzAChjhodHRwOi8vY2VydHMuY2VydGlm
-aWNhdGVzLm9wZW4tbGFuLm9yZy9vcGVubGFucm9vdGNhLmNlcjA/BggrBgEFBQcw
-AYYzaHR0cDovL29jc3AuY2VydGlmaWNhdGVzLm9wZW4tbGFuLm9yZy9vcGVubGFu
-cm9vdGNhMA0GCSqGSIb3DQEBCwUAA4ICAQBQq28kQUcK88zs5YzZ3b6Y3t77yrSF
-lZLWsbNE/KVlvEuTIrtkRMX9PAC4tRjOpV0oxp6NdrqUKJ35gt4EKjw1vbtyXZD0
-VQwimBv1qapZEuNe5lwNssyySAnXxUIyhCV6QVD4G9vmRPzNVtIwssjffVPjjpZ9
-LBQdliOG3FBbcCWGuRiUMysVxHxdO2rokoFuO1ye+oURrqe9zeDtE0k9QNzAi36F
-FhuWYQnn+2QHfTX58cpMb1Aql3yTO/pz5fQRUF/hmfTuuk+dLlkWoem55oRGfMVL
-coAnW3We251iEawqrR9ZDgcIWlmloZFSNylpZ/iIZOIQdYFqreRo0DiSZG4kPxcW
-RKQTSJ9F3v2j0BZan2xxaSE1tJ54IJUPUND/O6ITVQLfexVLIggRfeIAsURdhPn9
-1KUrZu3HoIYX6kcpuhl++BQgOx3qr6RomAVDhXSGRVRQ2B76N0N1ZC+mEEhJUYbb
-0DlZntDp7q2ZDzn6gFYOnrGhoXe55Yrx8c45wMOBZmz0Q6xzc0jydgZoAG9/20l8
-6S9G2j+UuMYRBCSzouILsGwTloU7XR3qIuO2WbYcG+UV0o/3lVOkAk5992HPG7DT
-hZ1qNe72WFHmtKVwfYJTcQG/TucWFvplUE3hMDMqS80tmx9TrXiRdI4R5IrTxfsS
-znGN0LCQ5YzAAw==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIGBzCCA++gAwIBAgICBAYwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3Bl
-bkxBTiBSb290IENBMB4XDTI1MDUxNDA4NTQwNVoXDTQ1MDUxNDA5MjQwNVowJDEi
-MCAGA1UEAwwZT3BlbkxBTiBEZXZpY2UgSXNzdWluZyBDQTCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBALrPh3nxxKWaPQbcQeZdihRrGwJNYgdrzz/YAsss
-EbKXYKAOwb/EJKSv52eUysI59lcvfJrsqn4wyUaXQvgYxJUatCSpmCCKEzftgudS
-UAlPY8L/4qeqUvxz6CN3qiKivxQ31Z7SJTLgR7OTXxk5ckXHkc8QPB2GPWkU3BzV
-RbBNKcVxwMK6JaZbB0ZlR6r1ImnLnsDUI0qkgSV8NBO7bJd1yvqfn04yc0/pIo+1
-9uX/gh7AA0RsZeXw1SO3wCfUO5Cr65X+MW2T3LsbnBPbKOqHnF0YWJGx5RPOWVIS
-wudAy4zlqdwPInrb4BCMkJUoZlRhhx7vvNmP9HwNwCp8+COjE77caAEAi+0VHamY
-spu9IgDZCr5FmgHBMu9WiaWpB3RxxbFa6UdVl3sMzRFS6SEHhs6RCAXwQj7KiZLf
-tb3UCRps5XMlhmjAApyDKsJEXKnd5cSpSYxCQQlOB9BCG6QVc6vQLdu/uq8X6Z+2
-0EcP7NVyzMDgHdozp4jP+M4Sow6pv7KE4SZaBfpbgM+Ht22sYoBwMouRYbzSAhJS
-8qBH+IiDqwMRWyox8TuhCsn9WJr9t6l8p3O1pUB0IccraUTVo7XydZWaprtrvMTf
-RtudowCxea9Iz6md9zlqNZAQu2QNUpH9YQT408N02qukp2uaAGvQjbSfAtnWduTD
-F6AbAgMBAAGjggFLMIIBRzAfBgNVHSMEGDAWgBSUaFuoOPk4QLByZP47kj4p1IbC
-JjAdBgNVHQ4EFgQUVRP31JMaQoUd6psw0tjQpKbhmvUwDgYDVR0PAQH/BAQDAgGG
-MBIGA1UdEwEB/wQIMAYBAf8CAQAwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL2Ny
-bC5jZXJ0aWZpY2F0ZXMub3Blbi1sYW4ub3JnL29wZW5sYW5yb290Y2EuY3JsMIGX
-BggrBgEFBQcBAQSBijCBhzBEBggrBgEFBQcwAoY4aHR0cDovL2NlcnRzLmNlcnRp
-ZmljYXRlcy5vcGVuLWxhbi5vcmcvb3BlbmxhbnJvb3RjYS5jZXIwPwYIKwYBBQUH
-MAGGM2h0dHA6Ly9vY3NwLmNlcnRpZmljYXRlcy5vcGVuLWxhbi5vcmcvb3Blbmxh
-bnJvb3RjYTANBgkqhkiG9w0BAQsFAAOCAgEALMFsYRqB8NDMMWZV8NqbjNT5QA3Y
-O3ODxYOuFC4NjSzUSh3Lh73f5+Ec4slQNFuOQeqhqFJaDAPIxUI5ekKtVjzmt7St
-crbW1dE47+ZHkPXrWVRwRmlV1qP5TqS5oTH6dvpEpEcSxT/IKGQB1cwQ1C+Qp3dd
-3rZnylXfL5dimIpKDGHYqiHyltktlv3uMWnQhUwrKjt2GW0TnF7bVJ0OJko7aDL7
-wdY0TGUH9eLQOoz/a0e9sKSsqOxrq9grN7npbUHOr23CdQBnSjF1Q5dXKvza8kRj
-+agDJW5h/fyBvZ5I4U6m4jFyUnAKso6Xd0+feejPCH7f6kYY+pT7NKO4dVqaRLrj
-yDmtXGsMza6C0h8wBgYwg4d7jxTqOx6iJfJLyLGWKT94HeChiWOL2X0HpF+Gn9Uf
-C7rtLO4QwQzGHdEGyFlw/pBTs6g3wTYVv7ZZfh8DJ9PIedqJmUdwMVE89ThEpu4Z
-q1bFfqENwDmrj2erS3fweEY3G+w2m8f24tJiLWOW/hBRcR3fm+73C8svmtwVGo5Q
-2i6yJxQ12Q42oa1sfsohr22J2NxotqbQz0gq1J9QparEJ5qUjMKkO9Rj3s24KW2t
-E6WIb5d1WpIxownlqOgFE7FftxXmQdJNJ2t4XyUMWhwXbOxfc2RlLek0LtnHPA8N
-hCFqyfjUtMPqafk=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFFTCCAv2gAwIBAgICAxIwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3Bl
-bkxBTiBSb290IENBMCAXDTI1MDUxNDA4NDcxMFoYDzIwNTUwNTE0MDg0NzEwWjAa
-MRgwFgYDVQQDDA9PcGVuTEFOIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4IC
-DwAwggIKAoICAQDGibJ04A55kSURTBSKgcBmLnND2I5wws1taKqqU9aaRhB7NtvM
-Hwh2voH9b1brUiulZaZwTN/9kzd4AnXeKQ+0u5tV7Ofk0fzF2MK47n17TS30Yenq
-c4NuQEKdpKK/pM3VvOEppR/bqtgyLtDmbDnmFOx+zTj/+smTgouwA+Iier0P4s5O
-ohYxn/bjOqwQbHbU79VpGBIWv6/kt55AhH7zvsqqKHkrzTxnsRBv3SBIufrjJr9P
-IhZBLDrqr56P6KgAi0eoutNt2ToiJbE0WfjU7GI1RSiSN5bGj1zXhjNVzQWs1H9Q
-zRf3c9pl3+haHQZ7FZ1UqiTRewmbNrQ6I9k81au3SttUlb87MyAuDSzatkiq7CjQ
-8VE1J6te6ZBt2zWpUhHsR/Lg7g3eOw5dL4oZJdK5GgGu/MUajLUXifIqM13Mvg0V
-TzDhN69VLXLSL0gPcicsQCwJuAza1IC/VqmBGx19fAkyJhOurCXWOgisi0g1+xzP
-KRphUNwMPUf8vBVOM/Vc6xDIvwVGE3+eWXyhixneFlSpAI03nWWjpwWXihTBoxbf
-RXO3Y/ilJqrgFN+U4PJcCPA+Wo7ThH0mgX6bOTPcgXMUzT3v3FF6Bx5/PNV3kYrw
-2yLzribUiS6AGvVGnW4hX2Z6OQvA/aHME8KF+6y6m4pC7FkUjVaRlzWu/wIDAQAB
-o2MwYTAfBgNVHSMEGDAWgBSUaFuoOPk4QLByZP47kj4p1IbCJjAdBgNVHQ4EFgQU
-lGhbqDj5OECwcmT+O5I+KdSGwiYwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
-MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAB+/RUC2X6eVoPsFNMkaXO5Iib/ub0Jo
-WhODQm8j2Mr5dpGXESSpXjfDcqDOLuJbWWoflXBLdr8BsVCBqOA9YgCX0H8Br7dU
-WmCScixxLW0he592/424EvdwifxcKHZLjv9CKV5Txhqnm2djc5RY/nTH5MYVrIh/
-If2TNO5ydDP6+vgy9GQ4en04VK7rz+PW17O8l7k9/lOmYptZmHgSDAPj/cT3PlG+
-McqaI5rMSHeEHlzH+PvgWjtSeEhF4FwFBXroDl4/yb4l2JB8bqAZ3vsOXSkigFcZ
-h5MXPe+zuSSW+G8iLr4xoi0CFsP2DaHEyxgqP4B1FtE9nFPo6cvWbwqTVT7QSzqf
-H+jPJuQvpFXeRF5UFegNZTFT5/uFFPamihakFslEYxeJey1y+OJdLcP6ef87ruSt
-8amsq56OAETYpnW4JFowlEh0C+QwLGHGGY6WrOgHY/90hJmPgXBdBVg/IoOhzbvk
-5A+LqZDvxV2/rLNfClw8Kr3g5e8obcB6dWgMCy2z+us0H79ucnmhzQKsjpxM9T1n
-cHovAQfiD3jVqfHULY53avh0wIAjosoTGbe8dyx80quHe+16qWan7C9idXeAYYJX
-bZt5hs6hLw4I8M1LsjTg6vwsqiaHZpsmDyyQLdFjNJldG7aosfS9F+BIpuwijF+1
-dashL0CPsbIJ
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIGBzCCA++gAwIBAgICCQYwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3Bl
-bkxBTiBSb290IENBMB4XDTI1MDUxNDA4NTY0MVoXDTQ1MDUxNDA5MjY0MVowJDEi
-MCAGA1UEAwwZT3BlbkxBTiBTZXJ2ZXIgSXNzdWluZyBDQTCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBALSdJpzwPfQM9oHBGt6w8UDLDJNznxI7cpfl0u0x
-VCHN1YY7onpwxFVkFRzUx/JrQ/tbEGZH19XtngaCZ91KbGbqVao9S32H0tyn2t3e
-TJ5h+klJ7+7YAbZr8UfOi3nG4bZzNSa5dDBPaNPvI51byKDN7siXXnALV3f0l6lZ
-gDpLQco/E7ANU3lslUVjVNALfFUEonDyP7XV+lFAyidpjIn6dRn7oYs3SUwkzZUn
-tYJAhAykmxXMWox+85gDkdb+2O3G8ci0uHVbb0A9LP+MeIhzxHgnnAMfWLfEZexd
-mEd2PwVHaz/D2Xp/gYrpPDTsbqWjQ9NmgdASwqN5j8BuJ8vHDVBVCztVDltm6JPw
-3Y6GQPN1LmiSLUzst7VYpydUJRDHYIAKJhT9DYxQ126VfiyMo6Xl4IQO8YZ/J6r8
-yR7gyvyUiBW+wvvC1bCY5+VuI4P/cY+6iA1qwC1SOWjYlccy+tbfGj9zr32Qf27e
-9RXSAkcATHen1rc/9AGEeAuSpKrzhmZIIvM4+EtYgbBvf91NkP51zbGpvsAbfWN/
-ecNmqH9SeyrrVgv68Z34hMijCcvJNyIvloo3nkb/gHYV4tAiwTTrX13Rio/8qNF4
-nwHLsjw0t7jEyRiXdOciePyhGbtdicuiUxrShzbGY7ID0yNwyTKcJYhorL/8r+YF
-psXrAgMBAAGjggFLMIIBRzAfBgNVHSMEGDAWgBSUaFuoOPk4QLByZP47kj4p1IbC
-JjAdBgNVHQ4EFgQUBwUkiaCh5hdY+ZH6O8NmEE/nH5EwDgYDVR0PAQH/BAQDAgGG
-MBIGA1UdEwEB/wQIMAYBAf8CAQAwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL2Ny
-bC5jZXJ0aWZpY2F0ZXMub3Blbi1sYW4ub3JnL29wZW5sYW5yb290Y2EuY3JsMIGX
-BggrBgEFBQcBAQSBijCBhzBEBggrBgEFBQcwAoY4aHR0cDovL2NlcnRzLmNlcnRp
-ZmljYXRlcy5vcGVuLWxhbi5vcmcvb3BlbmxhbnJvb3RjYS5jZXIwPwYIKwYBBQUH
-MAGGM2h0dHA6Ly9vY3NwLmNlcnRpZmljYXRlcy5vcGVuLWxhbi5vcmcvb3Blbmxh
-bnJvb3RjYTANBgkqhkiG9w0BAQsFAAOCAgEAqEk5ZJdpMVr2U0YhmqEU6gqxEeih
-9MWKcQfmsT/lhf5m5V7VuLMc3r+EBCsPssw60umdQcAU2IPlJXLAeWwdRyY7ZNNw
-QVgl9GBI/CM2b7x18+12/llCdXW9FOagdChTuuhwRnGTt71jcrJkleQyEYhqwwIE
-N82hxq4HSZO6XJDev4IsMRF00+qt8biJcf7OVGOSLoyiU6Dm/EzxoB+DZf3HdUc0
-vzfVjD4Im+yYzqXuwWV6c9oIBQH6obzaqlpg926CtEBFR8E1LQe93ahMvF7pExpI
-OkE5PTuqONvy7Xn3Ui8NRxHhmm8j/unql6bUTGENz9s68n8Im7weq6awC9Hfu8aG
-WjcnXI7tsDY5uJEguP5fSwCUrdTE85XgPgPHeKaIwBZsyRZTqVSvbky+c15Yv6IT
-XLWoA0AUxz9ste3WpqiWCNJVI90MCruSYKdpXGV0KU3QQXJDMKhHJBF5DLpuKibo
-Ffh9O8pB7B4/tJ76JpAc6Z0rfaQUo2vxSpb3Sbd/IHNcL08zB8Ay+YUBULspxe+1
-StKthmCzCHI9DOhIgeASyNBpcL7uZPjCXiYGhUuzsFGv4sQ+d267Jyvql/Piw/vY
-g1k2aVBfdIoIU4TpIEVyQqPz4aAW+0SgL7OM+/zD9jxn3gVdusCpmHcoTzOfZRri
-H0FGIeDSQydpOJU=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFajCCA1KgAwIBAgICXQ4wDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3Bl
-bkxBTiBEZW1vIFJvb3QgQ0EwHhcNMjUwMjIxMTUwMDAwWhcNNDUwMjIxMTUwMDAw
-WjAgMR4wHAYDVQQDExVPcGVuTEFOIERlbW8gQmlydGggQ0EwggIiMA0GCSqGSIb3
-DQEBAQUAA4ICDwAwggIKAoICAQDVWIyySul6Fv4wl1O+DQpaLRa0p+Az5L/jcqTp
-dVf6w+8tlmeIY9C28uDQoDjewrIkvf3lcfK86nshs02s9ehqZUnEP8+GvKM19x3J
-bWxeTvWwFirjHir4x897iQ606bAMbrHHtntI9ZyBZyXDGeElGJxJQNX+0d50SFq6
-09cB3yxpBPJ67ag+4Oq0uHgROHjEQMrfwLwlAune0c1fjQDrN14PDNjMZHvvhc/p
-kAHxR1PP6LOFNV5NuQ58tC5N7R2EqqFbIJ8VZgcagrGRYuAuFFTaV+D7RIt9xGTu
-WlCyxHI7VkRBJ1mRoEr4GOrP9QFjBD8NzNK+/wnR/fZwhpEnRsgHiI33wKHBDg+l
-3r8tvRzuB5X6Gl/SfuAeaoCuDHMncTjQg1zGhyEwjQhUe4RY3w+yHAjeeOE6c5sp
-OMDDdaBibkzLmSjXztuLeAdzsUcD3fvGeOvh9vG14TKEmF8puNkqEcc0W8NyUWKF
-dr9umdJEMbaRSSsMGtp8bDj3Ddh4PhEJrIFeo89+HwXhU6sk+wzE9BULTohahsfw
-OV/08t1cZ3Q04Oj1KI+4YWu8BJns5gX35rQ8GIbkXQwfvFMwqmbg+ij2o9HWdkSL
-4bcqW/83Ho+31ce210rVGPK9cav0CjA2Eexgxi45cbgnfoade74Qa5zXboJEBmp7
-rbo4swIDAQABo4GuMIGrMB8GA1UdIwQYMBaAFDzIg8eyTI3xc4A2R60f8HanhBZD
-MB0GA1UdDgQWBBS5xC3inqLQl+vxzn9PsjNzlZ5hYDAOBgNVHQ8BAf8EBAMCAQYw
-EgYDVR0TAQH/BAgwBgEB/wIBADBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vZGVt
-by5jZXJ0aWZpY2F0ZS5maS9jcmwvT3BlbkxBTkRlbW9Sb290Q0EuY3JsMA0GCSqG
-SIb3DQEBCwUAA4ICAQC0UUiTX/BpfbjxnTxQfWgK8cMS0opr9AA7Ta1ZAqu/wJpb
-pSEbcd41YkLDfL+aXOV3RU3sO8VSrnvGe1r5ikF3y2DOmegLBury1K05WPASjn2i
-8wioE3O0JtesijnX1tUlFYqpdX3+XSoHmRV1L6O2tptiACSLcx42uBtGI7Fhsfby
-2yv9VNkMiW59bcAlex2higrnIfGcbA7Fgx3REKe1fN6Q4nxIXC/VLm8nRr8g3g4w
-rIkcly/PgfsMHF+FXGXWl3D/4v6HMV5nm1PPMPvSp5f9G2ftx+zBw5qQbVSoOmxZ
-1a5XzBhrqCnKXPpn2v8FQJ+Nk7FcgmtCURL7BUlm2cnZg+pgXpacQo9nN9uMoMI9
-yCrHRa+sTsfL5+Ar4sMqkNJVXsRBv57ls7wr2Bix9Mla+9zGAFK7Yg9UPpjlzGZ4
-BpiGdNqJcX6a1bIjDe66Pah2P/O8riSX4UMf8ypPsO4h9KNM+XIjQw2VtpEoLNTF
-6AqyvrrWfsJwGdXSg+GpNPJ1Gsu1Y6ataMGvsrot6OxTrg+TpUMuacfwc8zN7+JI
-2XO+PgAf9M1URMYar5v8NKFQ4NX6lMUzNiJnIaoCnbd0zoh/Ui3cbpI46z3UHthw
-qq3/VWS7WlXQZXJ2qNg6c4yEz8iUogod4B1p9badXZBSmpsEcY1m3NzE/OKYgA==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFbzCCA1egAwIBAgICYwwwDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3Bl
-bkxBTiBEZW1vIFJvb3QgQ0EwHhcNMjUwMjIxMTUwMDAwWhcNNDUwMjIxMTUwMDAw
-WjAlMSMwIQYDVQQDExpPcGVuTEFOIERlbW8gQ29udHJvbGxlciBDQTCCAiIwDQYJ
-KoZIhvcNAQEBBQADggIPADCCAgoCggIBAJauwpN+LAd/VubBpX3O3u/E5CXkmxLZ
-di/F9zOTimAOPqfWP7K046TfbNj4twPYSzVzjawkenRkEK0yZQ1DOXmzkGWVnsih
-gR/CA+IUUY1yCnmg6t9Dx9l5K0ZnAox90HO/ybIymcoSfRXhotuhle//eDNmGccd
-XFsndvGdmxshaV1zN1h2POw7biCBZuypCzwvRitFfcpv3pdIk5xTt2G/yMbHPCNo
-dUJHYHLWotridJIJ7DdhYoir5q+iSqWIqjKfDBlqCsvO7e+KidcW9ctljWspAHvl
-B3/yHdJwJz816YTZ7r37I/DsXk9gmjj317gWRkGLMTx9fk6SiMfGW4kfUvClfg1v
-0aRrDGPEcCagHM6ViqbW2+Tc5K38fySgNZKSTBPPI+59iAHd5RADEJDGankEYvzN
-Le0sgB90RDjhTMleOpp5agtd2Yk/ZVjHtKfCnq13OLJfcgX76iY1Ko6AmKqiaxiE
-V2zi9/UFVTIURT8S7JgiwF4ZNIZzHmcr4R4n5O7aSgYUlVjwFp/IEMC3ylTAX8cP
-d4VW0p1f4D3HK7TRcaaqsERuxNh2KVtR48Au2MPGC/8YRKsz/qzH2GfsfFgjKxfF
-z/mZYOA7913DvgVbDQoR9/6odGXZH0XDwH1e1w59dqbXBnIv2VVzElgZsPimIr+M
-UxlZXZHMYtL3AgMBAAGjga4wgaswHwYDVR0jBBgwFoAUPMiDx7JMjfFzgDZHrR/w
-dqeEFkMwHQYDVR0OBBYEFKqr/2rLqvEtxLDRsPCJ1L8WMr7VMA4GA1UdDwEB/wQE
-AwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6
-Ly9kZW1vLmNlcnRpZmljYXRlLmZpL2NybC9PcGVuTEFORGVtb1Jvb3RDQS5jcmww
-DQYJKoZIhvcNAQELBQADggIBAAmSU3aAV3YrPk9F4yaatF2H3E9PTZ/G/3kuJhBR
-Oag4trkewFoII+O0YQ2enqYeZ6AncGVRWeI1R2TmN8lpsBSG0IXQ8dhO9gCwSyxF
-Rito63OjZEaqbLY+1xs4ybkfHKnQ6wGOxDiDMY84kr/UbhpPgHDIufO3FWCp6ucu
-chN67J0hAMfiMbeQ5BZ3LLG2/To0Zl9S5L8C696YlSdBvp0V64vkXYxfAaIoHYEu
-coatg8hgSuugRN/eiOH2ppYShQXNGJvysi/DBtxZecStVJ8SGhWHhP3uM/9TiSfC
-ZCWp3xj65q1hWg0FgvQKDxaa3Qqq6r4/z7cbBI9Tg0VMJnIvhWTsLCssFzoqEvfL
-g53+kbZbQkJAJ4qEirPopKeTBgnm6pEeA5YOTp+bBSgPKNx7G1sT94+LO819aIXt
-ezP4AaO3cW6EomXojMyZl46NcUU3ZnL1AxbtWa9H4TdnBtYG2ewntCXkrqSuRry6
-lhgRZh6q9SDyKW6qjTN2/u91MgoRBndXfsCGX825yxKL0beFCpHFeG3r40zWB3xl
-s5zf/Ny7ZMp5gtVQOlmlN29HHN+Hzzhook8VrXLk5GXHQM0anfTffCHpw0UIivpA
-wJE9bOfha3mTd8LHXOP0OFH6OlqKNX943hQdblsOIVNNbxz3OfQm/ybNcHDUhlWV
-RDdm
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFbjCCA1agAwIBAgICcp4wDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3Bl
-bkxBTiBEZW1vIFJvb3QgQ0EwHhcNMjUwMjIxMTUwMDAwWhcNNDUwMjIxMTUwMDAw
-WjAkMSIwIAYDVQQDExlPcGVuTEFOIERlbW8gT3BlcmF0aW5nIENBMIICIjANBgkq
-hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4Q5dx+CWyaPxOlAGUC462FgnO4umYEqF
-LQCuK31kgg0tBbbfaq0XApUnjH5IOMI1IGtYgZmm48q1noHaRwk4WFxxvr/dyS51
-hAEa2GFb2S3pkG7VXAF/XYv33yyfM+1K0tyZPRm9tbBShUIfflGFjnrSwxkNhoOH
-IIOVXxCHLBD/Aor74JAkEGtkIo30FPx2vQ+fg4rnQsm9aSffgWwWua7T590tnSMG
-ljDMm++nCQIgONFQC7RQXeL0Ruu14FxB639oJxPmwDQhD/R5zQz/wFBhinjHuzYl
-i0bmxHevdDQluNUxf2lHwJRy6eC/TzdRFOgDUre9kzu929skgNouM0q0y/Rpz7QU
-bd5s1i8JnKebAqADqMT8Yz1Hph0oCvOT0Dc2joxmjGh3loolWRKufKTVe431pvdv
-iV/rAooOSnm5Htmd8ClOADudhrheX886cSd9Z5JKucHhW34Lf1ze7uj1LjxoTh3O
-eo7XedhjmJYcQavpQlVRLTbbY/LJHegPtqJAIvQkrwtOpe05rShl06MxO9wj0BPJ
-0PFp/MxJd0ESDV0EM9dxWIWgXwZftowPzfj3ai5OQEazpTr1IMRehsbCn3JEJ77N
-hCqKPaZmRtKRD9e5cu0YiGfRddr7xaXiwtPGId/ZHsNUASbv7NMDdemRv3TiFwv4
-z8OKCm8QeisCAwEAAaOBrjCBqzAfBgNVHSMEGDAWgBQ8yIPHskyN8XOANketH/B2
-p4QWQzAdBgNVHQ4EFgQUe/uhewyjB6GNj5Dbq9s+I5mWexMwDgYDVR0PAQH/BAQD
-AgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDov
-L2RlbW8uY2VydGlmaWNhdGUuZmkvY3JsL09wZW5MQU5EZW1vUm9vdENBLmNybDAN
-BgkqhkiG9w0BAQsFAAOCAgEAXiCsunaML25vERDeclBVvUGHviqTh6WOFgezHQc/
-NGYl3yFEt2wn+XWjunjI+bfIhiG/98EJCqtT0X5hIn8NqiaGuMX+bI3bI3oIS9qF
-qaUuIX0Vt4RrhFhiPkgk25BVCxtMu8XA7OGARz5kRWedTANPh8FRaGIu2yAgPpP1
-Af6HAZYhwSMYm98Gp+9hN1yYDV8Yn58hVnWYEvJTDuaxlgbrsMZDfcGHJybZdNtZ
-WdZaVDHYCcjnPtvg/++e0GWC9ePjFbKy56Xv5lUsq/kUIbUAMwuGQm+fWF8bjWmX
-/251Ib1YlMp8MpLKofssN6WlcxE928djOyLZd0RLMRq7Uu15YCiImTax78cxptlu
-2EkKcJenpfSawGJepSfMuGBgpPg5Ud9Z/tVsTUhEC0YSKKokt0+t4VuFWk8ug3GK
-T6DMW0J7ajGNry5fxmIF/sDcFuY1q++y8aCL2I5BSf0Y9JM8N7BiB9w91qjVU6zM
-T22ioz7OydYq6wBKCSqGghqbm0ZbRbj1+j08CzwC0HQX5xo0ZPipIstk+DMZLy30
-ZerFlfzZSCNcpQsBJffE0mEA8D8+7u0MuyskrpUOGrJaAx0qt7BJpTlE8FGl41D9
-+fzIUJcTh+3+PAD7VvraobiLRFN2PqpoZAPI/frdT+EJrDkKj/FLIsQiUxxAG9F0
-Gvo=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFIjCCAwqgAwIBAgICCOMwDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3Bl
-bkxBTiBEZW1vIFJvb3QgQ0EwIBcNMjUwMjIxMTUwMDAwWhgPMjA1NTAyMjExNTAw
-MDBaMB8xHTAbBgNVBAMMFE9wZW5MQU4gRGVtbyBSb290IENBMIICIjANBgkqhkiG
-9w0BAQEFAAOCAg8AMIICCgKCAgEAyMTHKUp0lagm72Y4c8nrJkVcp7WUTjrsbrlp
-ylLYUohac9UWM0KYBMymQw4gXMQXDIV1tCPM6J22Iv7vfOUTnaU4mlcJ85zEMWoN
-gMknz/8nX+BBawFoqlK+AuIdT/RrCRCD7IlhmmPxhlrg2QV77NONBJxJ86yo89ve
-tnsM5DYEoCGNVKEqZVu02KXSI7TOby8TwM2SS1M0xESnanNvwxsICB86TCWtvLpP
-6tXdO+aNOEZ0VRvmVYMXFa2UXxbRJQgj2qPunlN0amvJ4uw7SdlMG1LgfFk12+Yo
-4d+BxEeZJkgmKAHY3Mos2tcX0kFbRadRLBklkAbYLVFPHqUAMgs+5666zJ9H+Fne
-SgqLg8edKJPBCCHOJr0r1CM0ernP1H1mgKeEGDVXJTgsqanzrYvSwina+Cc5i6cQ
-iL1oJgFoPCj7QW5WNm5fIMhq3BW4DtM3khY8cDpct063WaaR5jLUt2vhceN2id2G
-07J56LVQVebLIubb6SZFh9Ob3VOpiY3NGBtFXY0c7nQCaycGSdfhG/eCKyEZ7T51
-XnIVxTBm53TPatIKS6hqLm0qs9P7pjo2qRP270cWJ8gFecvATNVSodG1bpK5aPYM
-KVVAhchRm0WeFjga5O5/oOXOCdc7nygNUJmYJbhQsiluoZ5Gy8EdHxLDklc//X5M
-xRiETxMCAwEAAaNmMGQwHwYDVR0jBBgwFoAUPMiDx7JMjfFzgDZHrR/wdqeEFkMw
-HQYDVR0OBBYEFDzIg8eyTI3xc4A2R60f8HanhBZDMA4GA1UdDwEB/wQEAwIBBjAS
-BgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4ICAQCHG+fNWIrRZ1Cw
-1bykJcfMf+EdkRB79kaKMwKkmot94s5d8Me+nXKzNMvJk2emlHkgk/ke0ojyPJ0b
-7/5M3u7T8sNHoy/H7cHWpV/H31jgeF3yOtFFhQ7X0gQBh05tsmSO7hE6i8os+qg2
-QdAWlOipYHMVz/AVV2nls1OAflt3oEfvxVPlQyVY0GyOUS4dKBBRJwcRuqQBt2EX
-SHzcU1/Gd3wvwQxDLtV5gHHfCI7G39M3KmcMxlIYjIh2cn1c4Bd2PHS3NtwIXDsm
-WP8e5qLOUFtjMjYFKjaD2kpmihRKRDpHFyV1Ch6i4Xh7BIUnluAqf10iEfkG9Syc
-L5Ctnl9xkn9Bf9Md6H+M8e0HXJ4zw0WB/9IFBywkFP5ijvdyIVStQ+Fxsiqk62k+
-0XtidT3ma+Z0tTIVokbPsSxUafZo0DWKpWfnEg1RbKZ6PygGNhvwrqcojf4/vHYi
-9bAlpF4QFo4psZ7k/oxsAKSDHWfqm34qZq78RQI7OF5N/Bs0hkfYgg3RXt9oLVyl
-r8R0ZPfyTzchJVrtdxi9pwdyyYuBOwnCzyWs+z4QRAzHHylXQRut7SJR6lvSyMQs
-YiJfiHbhUa7nfLi93uoTv4b2Zx1XOT/7OaXnTldLKkijRu2sSAOJKf77lFpv8929
-9V/T79RyDPMvhRQaxyV7tBGOss3Smw==
------END CERTIFICATE-----

docker-compose/certs/issuer_insta.pem

@@ -1,35 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGBzCCA++gAwIBAgICCQYwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3Bl
-bkxBTiBSb290IENBMB4XDTI1MDUxNDA4NTY0MVoXDTQ1MDUxNDA5MjY0MVowJDEi
-MCAGA1UEAwwZT3BlbkxBTiBTZXJ2ZXIgSXNzdWluZyBDQTCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBALSdJpzwPfQM9oHBGt6w8UDLDJNznxI7cpfl0u0x
-VCHN1YY7onpwxFVkFRzUx/JrQ/tbEGZH19XtngaCZ91KbGbqVao9S32H0tyn2t3e
-TJ5h+klJ7+7YAbZr8UfOi3nG4bZzNSa5dDBPaNPvI51byKDN7siXXnALV3f0l6lZ
-gDpLQco/E7ANU3lslUVjVNALfFUEonDyP7XV+lFAyidpjIn6dRn7oYs3SUwkzZUn
-tYJAhAykmxXMWox+85gDkdb+2O3G8ci0uHVbb0A9LP+MeIhzxHgnnAMfWLfEZexd
-mEd2PwVHaz/D2Xp/gYrpPDTsbqWjQ9NmgdASwqN5j8BuJ8vHDVBVCztVDltm6JPw
-3Y6GQPN1LmiSLUzst7VYpydUJRDHYIAKJhT9DYxQ126VfiyMo6Xl4IQO8YZ/J6r8
-yR7gyvyUiBW+wvvC1bCY5+VuI4P/cY+6iA1qwC1SOWjYlccy+tbfGj9zr32Qf27e
-9RXSAkcATHen1rc/9AGEeAuSpKrzhmZIIvM4+EtYgbBvf91NkP51zbGpvsAbfWN/
-ecNmqH9SeyrrVgv68Z34hMijCcvJNyIvloo3nkb/gHYV4tAiwTTrX13Rio/8qNF4
-nwHLsjw0t7jEyRiXdOciePyhGbtdicuiUxrShzbGY7ID0yNwyTKcJYhorL/8r+YF
-psXrAgMBAAGjggFLMIIBRzAfBgNVHSMEGDAWgBSUaFuoOPk4QLByZP47kj4p1IbC
-JjAdBgNVHQ4EFgQUBwUkiaCh5hdY+ZH6O8NmEE/nH5EwDgYDVR0PAQH/BAQDAgGG
-MBIGA1UdEwEB/wQIMAYBAf8CAQAwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL2Ny
-bC5jZXJ0aWZpY2F0ZXMub3Blbi1sYW4ub3JnL29wZW5sYW5yb290Y2EuY3JsMIGX
-BggrBgEFBQcBAQSBijCBhzBEBggrBgEFBQcwAoY4aHR0cDovL2NlcnRzLmNlcnRp
-ZmljYXRlcy5vcGVuLWxhbi5vcmcvb3BlbmxhbnJvb3RjYS5jZXIwPwYIKwYBBQUH
-MAGGM2h0dHA6Ly9vY3NwLmNlcnRpZmljYXRlcy5vcGVuLWxhbi5vcmcvb3Blbmxh
-bnJvb3RjYTANBgkqhkiG9w0BAQsFAAOCAgEAqEk5ZJdpMVr2U0YhmqEU6gqxEeih
-9MWKcQfmsT/lhf5m5V7VuLMc3r+EBCsPssw60umdQcAU2IPlJXLAeWwdRyY7ZNNw
-QVgl9GBI/CM2b7x18+12/llCdXW9FOagdChTuuhwRnGTt71jcrJkleQyEYhqwwIE
-N82hxq4HSZO6XJDev4IsMRF00+qt8biJcf7OVGOSLoyiU6Dm/EzxoB+DZf3HdUc0
-vzfVjD4Im+yYzqXuwWV6c9oIBQH6obzaqlpg926CtEBFR8E1LQe93ahMvF7pExpI
-OkE5PTuqONvy7Xn3Ui8NRxHhmm8j/unql6bUTGENz9s68n8Im7weq6awC9Hfu8aG
-WjcnXI7tsDY5uJEguP5fSwCUrdTE85XgPgPHeKaIwBZsyRZTqVSvbky+c15Yv6IT
-XLWoA0AUxz9ste3WpqiWCNJVI90MCruSYKdpXGV0KU3QQXJDMKhHJBF5DLpuKibo
-Ffh9O8pB7B4/tJ76JpAc6Z0rfaQUo2vxSpb3Sbd/IHNcL08zB8Ay+YUBULspxe+1
-StKthmCzCHI9DOhIgeASyNBpcL7uZPjCXiYGhUuzsFGv4sQ+d267Jyvql/Piw/vY
-g1k2aVBfdIoIU4TpIEVyQqPz4aAW+0SgL7OM+/zD9jxn3gVdusCpmHcoTzOfZRri
-H0FGIeDSQydpOJU=
------END CERTIFICATE-----

docker-compose/certs/root_insta.pem

@@ -1,30 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFFTCCAv2gAwIBAgICAxIwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3Bl
-bkxBTiBSb290IENBMCAXDTI1MDUxNDA4NDcxMFoYDzIwNTUwNTE0MDg0NzEwWjAa
-MRgwFgYDVQQDDA9PcGVuTEFOIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4IC
-DwAwggIKAoICAQDGibJ04A55kSURTBSKgcBmLnND2I5wws1taKqqU9aaRhB7NtvM
-Hwh2voH9b1brUiulZaZwTN/9kzd4AnXeKQ+0u5tV7Ofk0fzF2MK47n17TS30Yenq
-c4NuQEKdpKK/pM3VvOEppR/bqtgyLtDmbDnmFOx+zTj/+smTgouwA+Iier0P4s5O
-ohYxn/bjOqwQbHbU79VpGBIWv6/kt55AhH7zvsqqKHkrzTxnsRBv3SBIufrjJr9P
-IhZBLDrqr56P6KgAi0eoutNt2ToiJbE0WfjU7GI1RSiSN5bGj1zXhjNVzQWs1H9Q
-zRf3c9pl3+haHQZ7FZ1UqiTRewmbNrQ6I9k81au3SttUlb87MyAuDSzatkiq7CjQ
-8VE1J6te6ZBt2zWpUhHsR/Lg7g3eOw5dL4oZJdK5GgGu/MUajLUXifIqM13Mvg0V
-TzDhN69VLXLSL0gPcicsQCwJuAza1IC/VqmBGx19fAkyJhOurCXWOgisi0g1+xzP
-KRphUNwMPUf8vBVOM/Vc6xDIvwVGE3+eWXyhixneFlSpAI03nWWjpwWXihTBoxbf
-RXO3Y/ilJqrgFN+U4PJcCPA+Wo7ThH0mgX6bOTPcgXMUzT3v3FF6Bx5/PNV3kYrw
-2yLzribUiS6AGvVGnW4hX2Z6OQvA/aHME8KF+6y6m4pC7FkUjVaRlzWu/wIDAQAB
-o2MwYTAfBgNVHSMEGDAWgBSUaFuoOPk4QLByZP47kj4p1IbCJjAdBgNVHQ4EFgQU
-lGhbqDj5OECwcmT+O5I+KdSGwiYwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
-MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAB+/RUC2X6eVoPsFNMkaXO5Iib/ub0Jo
-WhODQm8j2Mr5dpGXESSpXjfDcqDOLuJbWWoflXBLdr8BsVCBqOA9YgCX0H8Br7dU
-WmCScixxLW0he592/424EvdwifxcKHZLjv9CKV5Txhqnm2djc5RY/nTH5MYVrIh/
-If2TNO5ydDP6+vgy9GQ4en04VK7rz+PW17O8l7k9/lOmYptZmHgSDAPj/cT3PlG+
-McqaI5rMSHeEHlzH+PvgWjtSeEhF4FwFBXroDl4/yb4l2JB8bqAZ3vsOXSkigFcZ
-h5MXPe+zuSSW+G8iLr4xoi0CFsP2DaHEyxgqP4B1FtE9nFPo6cvWbwqTVT7QSzqf
-H+jPJuQvpFXeRF5UFegNZTFT5/uFFPamihakFslEYxeJey1y+OJdLcP6ef87ruSt
-8amsq56OAETYpnW4JFowlEh0C+QwLGHGGY6WrOgHY/90hJmPgXBdBVg/IoOhzbvk
-5A+LqZDvxV2/rLNfClw8Kr3g5e8obcB6dWgMCy2z+us0H79ucnmhzQKsjpxM9T1n
-cHovAQfiD3jVqfHULY53avh0wIAjosoTGbe8dyx80quHe+16qWan7C9idXeAYYJX
-bZt5hs6hLw4I8M1LsjTg6vwsqiaHZpsmDyyQLdFjNJldG7aosfS9F+BIpuwijF+1
-dashL0CPsbIJ
------END CERTIFICATE-----

docker-compose/certs/websocket-cert.pem

@@ -1,27 +1,27 @@
 -----BEGIN CERTIFICATE-----
-MIIEijCCA3KgAwIBAgIUOmn9ubcITrhJKE6uLJYw9J3CfCkwDQYJKoZIhvcNAQEL
+MIIEgDCCA2igAwIBAgIUaKVB2xg9gr/sS6FvzMex0xSbEzswDQYJKoZIhvcNAQEL
 BQAwbDELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
 dCwgSW5jLjEMMAoGA1UECxMDVElQMSkwJwYDVQQDEyBUZWxlY29tIEluZnJhIFBy
-b2plY3QgSXNzdWluZyBDQTAeFw0yNTA3MTUyMzU3NTlaFw0yNjA0MTMyMjM4NDZa
+b2plY3QgSXNzdWluZyBDQTAeFw0yMTA3MDgxMDQ5MTVaFw0yNTA3MDgxMDQ5MTVa
 MDIxCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNUSVAxFTATBgNVBAMMDCoud2xhbi5s
-b2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL0vG6Ol1JiIPrSQ
-D046Nj2zmw2lUh00gNFU7rvAzfH+Lj5fKjyi7ejZQL41r9kvfOYJGNVl9Jca4TBJ
-Nyfved/i8LAMyywaAaQyCrITzcFdw3MfnO5Eo4KAAP2kvqsufYKYxbeiNEIyWhHV
-B2iUAX1PLegnPSuHIZeHLrDB/mX/xxmY5z3u0inIVeG/xjbD1deA59xLLzrxhwGx
-pMz/cx9NLWymfAUBJVGfj2M8fJNK9D0wqljzHMFe9r/jCVvBmEpXklTVd0AXvrZr
-4b9BbqU9FT4QIhq0Qi2yIcOaUHZY81NvGcNc8gSJyiDG5zlLfeOU3HfHxViQZYhr
-hbeOj9cCAwEAAaOCAVwwggFYMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDm+cEul
-fwzf7rkuJp25mFzvYKNTMB8GA1UdIwQYMBaAFLMbVLjgR6s98ziA5Dzl/QBhbdHo
-MA4GA1UdDwEB/wQEAwIFoDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUH
-AwIwgYYGCCsGAQUFBwEBBHoweDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3Aub25l
-LmRpZ2ljZXJ0LmNvbTBMBggrBgEFBQcwAoZAaHR0cDovL2NhY2VydHMub25lLmRp
-Z2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQcm9qZWN0SXNzdWluZ0NBLmNydDBNBgNV
-HR8ERjBEMEKgQKA+hjxodHRwOi8vY3JsLm9uZS5kaWdpY2VydC5jb20vVGVsZWNv
-bUluZnJhUHJvamVjdElzc3VpbmdDQS5jcmwwDQYJKoZIhvcNAQELBQADggEBAKab
-NayATB4dIy5M7spBHHpbT4eqCNHRxXnw+ph7DGtUCx5InjSVjJU7HVzHDHzOTSl5
-TCkxWJ1pCTn6ZodphUWYax+e6Dm7mvOjohAQRvUwvZp+4w7PwqiwjM+wfvCAPM/f
-ln9EfDTvBxTUXk7xGmPWSexAeL2PyoNLbyMJS6MzSiJmHodbocpib8uMXz3a7J4e
-UcqbX1HGXDuDFBZdOcd2pjqBYnnHv5eL6W1hf/wSgkUeKsBRpYkcz7oulSD67eWx
-zXI5Ynmd2WIHVGONsoSySnSkEVW/KlzpZK4bec2hG9hIHbJo1vO2cg4qBvHxmLUs
-bKkYh7fah/VjfkcSuzk=
------END CERTIFICATE-----
+b2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2rlMfV7/Si2Svx
+J1YOEz6KJLvey995/0MkQvAG0RM6TpFwgUNnpYFFozcWME8MGSxws+6hOzDoMmHC
+pgpP/KZ/Fyu9iUdzTxsJMyMxIW9sYbBMkQgBmvjkBlXDk5NfHh+yJBVxb7JlJ6vJ
+oT7EJMzgKpYpFnO+bddalUVsDp3qQIjSvJIxl77vwgZQUJx0qCm17VTBhyM2RTJ3
+jtr7kcWDm3jyyTVUvlM9g3DM9g0hUPMN0R5PP2HuqDdtYoY51krsm2mmVIYYnyAN
+BDawmwYnZJfcC4gFzZJ5wK5NFjSKmd1mYp0damlSh0/uHxPyd4rm2QhUCQH92yKM
++9qYU70CAwEAAaOCAVIwggFOMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFM0mIZuE
+6aly7ZKXl0KWjprcO9/uMB8GA1UdIwQYMBaAFLMbVLjgR6s98ziA5Dzl/QBhbdHo
+MA4GA1UdDwEB/wQEAwIFoDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDATCBhgYIKwYB
+BQUHAQEEejB4MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5vbmUuZGlnaWNlcnQu
+Y29tMEwGCCsGAQUFBzAChkBodHRwOi8vY2FjZXJ0cy5vbmUuZGlnaWNlcnQuY29t
+L1RlbGVjb21JbmZyYVByb2plY3RJc3N1aW5nQ0EuY3J0ME0GA1UdHwRGMEQwQqBA
+oD6GPGh0dHA6Ly9jcmwub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQcm9q
+ZWN0SXNzdWluZ0NBLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAAyb7X9qW0z0QJrl2
+oAalMCh/gSJy5oER3L7iu/pnP3GREbr6bh6+1/MAf2bgnN2CUOKQHbozB7yCkM6V
+8m5RnL4ePKVP5yIrbs48uM5Hl14QFLU4ZtFao6js0haoWWEgMo3sfbeyfOU0ScyW
+ET5zfbDub3gUbWYmlz6hyV5aJoznaFjJTNP7SRQ9CHMTMHh3wAPfVlvG2TdcwwbM
+ZKkdAHpl1NwRxyiBPJfkejGWrY3ZAs10te7u9Lsc9yZZKL8SU9J/mrO9tM5HLeUr
+nCJN4RI7RyTuDw4LdMZW1Ju5QBXoZL9mj4KXIbUkDwryhbAxdQ1OnwD4O/avMChk
+TNJzIw==
+-----END CERTIFICATE-----

docker-compose/certs/websocket-key.pem

@@ -1,27 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAvS8bo6XUmIg+tJAPTjo2PbObDaVSHTSA0VTuu8DN8f4uPl8q
-PKLt6NlAvjWv2S985gkY1WX0lxrhMEk3J+953+LwsAzLLBoBpDIKshPNwV3Dcx+c
-7kSjgoAA/aS+qy59gpjFt6I0QjJaEdUHaJQBfU8t6Cc9K4chl4cusMH+Zf/HGZjn
-Pe7SKchV4b/GNsPV14Dn3EsvOvGHAbGkzP9zH00tbKZ8BQElUZ+PYzx8k0r0PTCq
-WPMcwV72v+MJW8GYSleSVNV3QBe+tmvhv0FupT0VPhAiGrRCLbIhw5pQdljzU28Z
-w1zyBInKIMbnOUt945Tcd8fFWJBliGuFt46P1wIDAQABAoIBAGCYyB0UFGxZzOK3
-WAlScdWpendKPZZJ86hvHILjnIR+i7AvOUrCyoWFQKiekw5rT/PJG1QC/hOVlvvn
-tnD+txUZNFo//hGjqcjkAFATCpE8RgrnTmLeyzpcD6VzVCPl1hIz3Wi5OsO+H/1Q
-77p3MBeCsWcDehlao01SqgV42GPNhliYHi4jjtMTYIH6A+UvfJbd9hcvB2dHtVfI
-Vbv2KKCP8NTlVckR38DoriZSrrK8AoocLh2qe7te0EYMn5v59plgODsBgVMQCzvK
-ZiYUqflLu4NpztvDQParL6kzlCOU8Acm6/V8GEb4BB4miFHxglpgvrzwT2ujAWwl
-kD8b07ECgYEA+/KdruR57XN7BBK+R7I31dFWHAcSs0lIJVMvV0ZDEKPrzFTqL9fE
-gsNngWqZOGZfrB/6vrs6f2d9JJ9ofuUIanSp6e/C0W3pnuR4UZWEWfUHQpwYfxzV
-OCbM5qw0bvWQze2DKF9caoDJMCj0VU5Rz0tAFp787T0aSvR/St6E2VkCgYEAwDoQ
-rFFF2jQX6KVM5V22GeETGJoZQk/3Hlkgi0rGLCjkIljA76DvHc9rLEv5Hf1rw/Ci
-g4knGKyRw4YLR0RhYWcA8u/hfg7xdpka9GaFbMYEA3aKx4Jy9WrzqBq3Ykk1uyqM
-a9Js28v/vPtf+yiZbKadB0oXkNCpY/0FmktyXK8CgYEAurKKTnNYNrEAU4BgKFjU
-L0m0eYh0Pw7qu13tEssqH0aZEQ1LjLBjGlMafDg12ilic/YupO+w5YAWp/DISmAF
-4H0a/BODVhYQrIG49xvIu7Bq9N0e+fKvvbBi3fx1zlOCPlbmfiBMJ0/PxjRS+nPT
-A71LfHfMDTDeLvUG7r/9yeECgYBxIrulb8AZCQf5WTDE3j7LRHkkxa2QJdhf+Dz7
-PmscmoSK4onLf4C8ntOJIr3gNMM0c3By0ko8b3TrCv2gWFKoLSOV2DFzLABZuQrw
-RVbKClFaaG6Nte1LHEOD8RV1t3j0S7qRyytewdYmuBxpih+inv1UyPrNtMG9o7Gk
-ejs46QKBgQChL0z/Ezw/57TGqX7Z5pF2Ej2pckGu3BqObWL2SIALvgog5XpdAess
-sF8DMVXWs4g4YjgDV3HA3WB6u3b/YX9LEuWwIFQ7yxAZXn3RQBigf7SZdZZrrY0H
-argG3/1a52PtwAHjCwpu/JlePgMFEOhK8rjaLj+4trBmTRjK+s/VjQ==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC9q5TH1e/0otkr
+8SdWDhM+iiS73svfef9DJELwBtETOk6RcIFDZ6WBRaM3FjBPDBkscLPuoTsw6DJh
+wqYKT/ymfxcrvYlHc08bCTMjMSFvbGGwTJEIAZr45AZVw5OTXx4fsiQVcW+yZSer
+yaE+xCTM4CqWKRZzvm3XWpVFbA6d6kCI0rySMZe+78IGUFCcdKgpte1UwYcjNkUy
+d47a+5HFg5t48sk1VL5TPYNwzPYNIVDzDdEeTz9h7qg3bWKGOdZK7JtpplSGGJ8g
+DQQ2sJsGJ2SX3AuIBc2SecCuTRY0ipndZmKdHWppUodP7h8T8neK5tkIVAkB/dsi
+jPvamFO9AgMBAAECggEBAJgYoaRmcJfShyhvp8WgX9pE2RQ2o3I/2Gy1BWCJdtte
+ZGbIuz+cO+IgP7QK/Q5Ge2Fht0hizp53dP9kIdYfMlEplSEkSpObahIaHIHaAh/h
+36yKmbq73tQ7tsDLpuoE2pk8Nydi4dlCuL9PXxiAHaqVEFF9/V0vldGd+BnFfyst
+retXgockCH+fqddM5Kp+H0bmjXzLke/b8T9KsdSBz7lg1Z67kmMrHLe14Q4Hgmr/
+pFBkGGWKTFn48OXfncrv+oQAGED7r9c5UEdpOB6SBDxuddfzgkw9urnpKrYC/KOs
+HLBTaGew73O81BsbaZlUiVxTdewrmFk2nG6UIPoGaxkCgYEA7IYOjIfNJOEPIWYP
+zj4eipTy6zFk4L7tX3wX4wsor93rz8ArlF8sgNoyUhbKm6H++ZfVezLs2jcjJJ8Q
+sXLwQ6L/D8aVb6AOVeC1WYJu5+wXIDX0H+1318a5+3bKVPn+hktJGEgCBvplVRnh
+yzpQ+2v1SBp9qEzoSl1sV6gm1tsCgYEAzUnZcjUhHvoXLXJ1lfagCC6QsmjqzpJv
+VdTKJlDuZ0qQGC6Ts+wKfM3MoiOsXW0pByC5lWwE43c/KU8J358j3OSSNafIFeD1
+cxtYzJlMgnw5Y2Zt9tj+QW/1BOMdOftnPSOnsk6rpdCBMW6a2tYubJjbAuge+a2O
+939XGnV0R0cCgYEA0bvmNtNNJAC2LAWWymnnJzgBWHFKZMipMNyXSethPuHo8yYS
+/tSOYAwcRxKSwwMZWDY9RavYv3/ZF+Y9JT0otLFav6B2bq9dRuWlqiOxONLvhs6R
+Faa7eIlt7gBeVpAAFRG5VWC0+38aUCZNRKsHmIsYy8FB3/Winh7NrcUb+7UCgYBi
+egCTZqUixPmFVZjOfWY7Rosm6mlo+pnp5I+sXbpfVkdVMlKsRpipUdfOF6rBjnHV
+937PDOgzbaqg2Ed2PFLpzcPNdVToGefkdcPdMdSf65Nj+WjatzEQlvJEi+YjQFQ/
+4fC5+j8g5apz2gjy3Teb5J96/3qMbxNb6nwQNzO2VQKBgHyHUJOrhvv9+vs7v8nu
+9DgV0b5eNO0g6Q4Ji7oqs24PssPQRA4gMtwmPT8Ha+wWGVzQt2U5LmjsLlrqAO6O
++Fa3c63sgmt672A8BJ3PL8LI8E2keZiH6rwADSUFp3TZoU2SHamw5NEruNRMIF1R
+0LMsuAs2KEdnwAth2ZmUF2+S
+-----END PRIVATE KEY-----

docker-compose/cloudformation/README.md

@@ -3,7 +3,7 @@ With the YAML template included in this directory you can create an OpenWiFi Clo
 The template creates a CloudFormation stack based on the Docker Compose Let's Encrypt deployment (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/docker-compose#lb-deployment-with-letsencrypt-certificates). The created stack consists of an EC2 instance, and depending on the input parameters, also adds a Route53 hosted zone and a DNS record.  
 ⚠️**Note**: Please be aware that you will be billed for the AWS resources if you create a stack from this template.
 1. Login into the AWS Management Console (https://aws.amazon.com/de/console).
-2. Go to the AWS Systems Manager Parameter Store page and create two parameters according to these instructions https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-create-console.html: one for your Digicert or Insta signed websocket certificate and the other one for the corresponding key. You can leave the default parameter details: you need two standard parameters with type `String` and data type `text`. Just copy and paste your certificate and key into the `Value` field of the respective parameter and remember the parameter names.
+2. Go to the AWS Systems Manager Parameter Store page and create two parameters according to these instructions https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-create-console.html: one for your Digicert-signed websocket certificate and the other one for the corresponding key. You can leave the default parameter details: you need two standard parameters with type `String` and data type `text`. Just copy and paste your certificate and key into the `Value` field of the respective parameter and remember the parameter names.
 3. Go to the CloudFormation service page and follow the instructions described here https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-using-console-create-stack-template.html to upload a template file and choose the template included in this repository.
 4. In the next step you have to enter multiple input parameters required for a successful deployment. Here's an explanation of all parameters:
 
@@ -15,6 +15,6 @@ The template creates a CloudFormation stack based on the Docker Compose Let's En
 **HostedZoneName**: If you didn't create the hosted zone yet which you want to use for your Route53 record, please specify the domain name of the hosted zone you want to create. Be aware that if you set **CreateRoute53Record** to `True`, you only have to specify either `ExistingHostedZoneId` or `HostedZoneName`. If you decide to create the DNS record yourself, you can leave both parameters empty.  
 **SDKVersion**: The SDK version you want to use for your deployment. You can either use release names (e.g. `v2.6.0`) or Git branch names (for example `release/v2.6.0`).  
 **SDKHostname**: Enter a valid public hostname which you want to use for your deployment. This has to resolve to the public IP address of the created EC2 instance. If you set **CreateRoute53Record** to `False`, don't forget to create a DNS entry manually afterwards.  
-**WebsocketCertParameter**: The name of the AWS Systems Manager parameter containing your Digicert or Insta signed websocket certificate.  
-**WebsocketKeyParameter**: The name of the AWS Systems Manager parameter containing the key to your Digicert or Insta signed websocket certificate.  
+**WebsocketCertParameter**: The name of the AWS Systems Manager parameter containing your Digicert-signed websocket certificate.  
+**WebsocketKeyParameter**: The name of the AWS Systems Manager parameter containing the key to your Digicert-signed websocket certificate.  
 **TraefikAcmeEmail**: Enter a valid email address to complete Let's Encrypt ACME registration.  

docker-compose/cloudformation/openwifi-cloudsdk-docker-compose.yml

@@ -57,7 +57,7 @@ Parameters:
   ExistingHostedZoneId:
     Description: |
       If you want to create the Route53 record in an existing hosted zone,
-      please specify the according hosted zone ID.
+      please specify the according hosted zone ID. 
     Type: String
 #    MinLength: 21
 #    MaxLength: 21
@@ -205,6 +205,8 @@ Resources:
                 docker-compose.lb.letsencrypt.yml --env-file .env.letsencrypt"
                 alias docker-compose-lb-selfsigned="docker-compose -f \
                 docker-compose.lb.selfsigned.yml --env-file .env.selfsigned"
+                alias docker-compose-postgresql="docker-compose -f \
+                docker-compose.yml -f docker-compose.postgresql.yml"
               mode: "000644"
               owner: "root"
               group: "root"
@@ -233,6 +235,8 @@ Resources:
                 OWPROV_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16005"
                 OWANALYTICS_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16009"
                 OWSUB_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16006"
+                OWRRM_SERVICECONFIG_PRIVATEENDPOINT: !Sub "http://owrrm.wlan.local:17007"
+                OWRRM_SERVICECONFIG_PUBLICENDPOINT: !Sub "https://${SDKHostname}:16789"
                 TRAEFIK_ACME_EMAIL: !Sub "${TraefikAcmeEmail}"
               cwd: "~/wlan-cloud-ucentral-deploy/docker-compose"
     Properties:
@@ -289,6 +293,10 @@ Resources:
           FromPort: "16009"
           ToPort: "16009"
           CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "16789"
+          ToPort: "16789"
+          CidrIp: 0.0.0.0/0
         - IpProtocol: tcp
           FromPort: "5912"
           ToPort: "5913"
@@ -300,7 +308,7 @@ Resources:
   CloudSDKHostedZone:
     Condition: HasHostedZoneName
     Type: AWS::Route53::HostedZone
-    Properties:
+    Properties: 
       Name: !Ref HostedZoneName
   CloudSDKRoute53RecordExistingHostedZone:
     Condition: CreateRecordInExistingZone

docker-compose/dco

@@ -1,45 +0,0 @@
-#!/bin/bash
-# Wrapper around docker-compose that will use the correct command line options
-# depending on what type of setup you have.
-# It captures $1 == clean and performs cleanup of the volumes and data directories,
-# It captures $1 == launch or l and runs: ... up -d,
-# but passes everything else straight to the docker-compose command.
-cmd="docker-compose"
-if command -v docker-compose > /dev/null 2>&1 ; then
-    cmd="docker-compose"
-elif command -v docker > /dev/null 2>&1 ; then
-    cmd="docker compose"
-else
-    echo "Could not find docker-compose or docker commands."
-    exit 1
-fi
-deploy_type=$(grep "^DEPLOY_TYPE=" .env | awk -F= '{ print $2 }')
-[ -z "$deploy_type" ] && deploy_type="default"
-if [[ "$deploy_type" == "letsencrypt" ]] ; then
-    cmd="$cmd -f docker-compose.lb.letsencrypt.yml --env-file .env.letsencrypt"
-elif [[ "$deploy_type" == "selfsigned" ]] ; then
-    cmd="$cmd -f docker-compose.lb.selfsigned.yml --env-file .env.selfsigned"
-elif [[ "$deploy_type" == "default" ]] ; then
-    # ok
-    true
-else
-    echo "Invalid DEPLOY_TYPE: $deploy_type"
-    echo "Should be one of: default, letsencrypt or selfsigned"
-    exit 1
-fi
-if [[ "$1" == "clean" ]] ; then
-    set -x
-    $cmd down -v
-    rm -rf *_data
-elif [[ "$1" == "launch" || "$1" == "l" ]] ; then
-    set -x
-    $cmd up -d
-elif [[ "$1" == "relaunch" || "$1" == "rel" ]] ; then
-    set -x
-    $cmd down
-    sleep 5
-    $cmd up -d
-else
-    set -x
-    $cmd "$@"
-fi

docker-compose/deploy.sh

@@ -39,9 +39,12 @@ usage () {
 #  echo "- OWSUB_SYSTEM_URI_PRIVATE - private URL to be used for OWSub";
   echo "- OWSUB_SYSTEM_URI_PUBLIC - public URL to be used for OWSub";
   echo;
+  echo "- OWRRM_SERVICECONFIG_PRIVATEENDPOINT - private URL to be used for OWRRM";
+  echo "- OWRRM_SERVICECONFIG_PUBLICENDPOINT - public URL to be used for OWRRM";
+  echo;
   echo "Optional environment variables:"
-  echo "- WEBSOCKET_CERT - Your Digicert or Insta signed websocket certificate"
-  echo "- WEBSOCKET_KEY - The key to your Digicert or Insta signed websocket certificate"
+  echo "- WEBSOCKET_CERT - Your Digicert-signed websocket certificate"
+  echo "- WEBSOCKET_KEY - The key to your Digicert-signed websocket certificate"
   echo;
   echo "- OWSEC_AUTHENTICATION_DEFAULT_USERNAME - username to be used for requests to OWSec";
   echo "- OWSEC_AUTHENTICATION_DEFAULT_PASSWORD - hashed password for OWSec (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)";
@@ -88,6 +91,9 @@ usage () {
 ## OWSub configuration variables
 #[ -z ${OWSUB_SYSTEM_URI_PRIVATE+x} ] && echo "OWSUB_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
 [ -z ${OWSUB_SYSTEM_URI_PUBLIC+x} ] && echo "OWSUB_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
+## OWRRM configuration variables
+[ -z ${OWRRM_SERVICECONFIG_PRIVATEENDPOINT+x} ] && echo "OWRRM_SERVICECONFIG_PRIVATEENDPOINT is unset" && usage && exit 1
+[ -z ${OWRRM_SERVICECONFIG_PUBLICENDPOINT+x} ] && echo "OWRRM_SERVICECONFIG_PUBLICENDPOINT is unset" && usage && exit 1
 
 # Search and replace image version tags if set
 if [[ ! -z "$OWGW_VERSION" ]]; then
@@ -175,6 +181,9 @@ sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owanalytics.env
 sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWSUB_SYSTEM_URI_PUBLIC~" owsub.env
 sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owsub.env
 
+sed -i "s~.*SERVICECONFIG_PRIVATEENDPOINT=.*~SERVICECONFIG_PRIVATEENDPOINT=$OWRRM_SERVICECONFIG_PRIVATEENDPOINT~" owrrm.env
+sed -i "s~.*SERVICECONFIG_PUBLICENDPOINT=.*~SERVICECONFIG_PUBLICENDPOINT=$OWRRM_SERVICECONFIG_PUBLICENDPOINT~" owrrm.env
+
 if [[ ! -z "$TRAEFIK_ACME_EMAIL" ]]; then
   sed -i "s~.*TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=.*~TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=$TRAEFIK_ACME_EMAIL~" traefik.env
 fi

docker-compose/docker-compose.lb.letsencrypt.yml

@@ -1,3 +1,5 @@
+version: '3'
+
 volumes:
   owgw_data:
     driver: local
@@ -11,9 +13,15 @@ volumes:
     driver: local
   owsub_data:
     driver: local
+  owrrm_data:
+    driver: local
+  zookeeper_data:
+    driver: local
+  zookeeper_datalog:
+    driver: local
   kafka_data:
     driver: local
-  postgresql_data:
+  mysql_data:
     driver: local
   letsencrypt_certs:
     driver: local
@@ -32,11 +40,7 @@ services:
       - .env.letsencrypt
       - owgw.env
     depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-      postgresql:
-        condition: service_healthy
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owgw"]
+      - kafka
     restart: unless-stopped
     volumes:
       - owgw_data:${OWGW_ROOT}/persist
@@ -71,11 +75,7 @@ services:
       - .env.letsencrypt
       - owsec.env
     depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-      postgresql:
-        condition: service_healthy
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owsec"]
+      - kafka
     restart: unless-stopped
     volumes:
       - owsec_data:${OWSEC_ROOT}/persist
@@ -91,11 +91,7 @@ services:
       - .env.letsencrypt
       - owfms.env
     depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-      postgresql:
-        condition: service_healthy
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owfms"]
+      - kafka
     restart: unless-stopped
     volumes:
       - owfms_data:${OWFMS_ROOT}/persist
@@ -111,11 +107,7 @@ services:
       - .env.letsencrypt
       - owprov.env
     depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-      postgresql:
-        condition: service_healthy
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owprov"]
+      - kafka
     restart: unless-stopped
     volumes:
       - owprov_data:${OWPROV_ROOT}
@@ -146,11 +138,7 @@ services:
       - .env.letsencrypt
       - owanalytics.env
     depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-      postgresql:
-        condition: service_healthy
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owanalytics"]
+      - kafka
     restart: unless-stopped
     volumes:
       - owanalytics_data:${OWANALYTICS_ROOT}
@@ -166,28 +154,50 @@ services:
       - .env.letsencrypt
       - owsub.env
     depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-      postgresql:
-        condition: service_healthy
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owsub"]
+      - kafka
     restart: unless-stopped
     volumes:
       - owsub_data:${OWSUB_ROOT}
       - ./certs:/${OWSUB_ROOT}/certs
 
+  owrrm:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owrrm:${OWRRM_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWRRM_HOSTNAME}
+    env_file:
+      - owrrm.env
+    depends_on:
+      - mysql
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owrrm_data:/owrrm-data
+
+  zookeeper:
+    image: "zookeeper:${ZOOKEEPER_TAG}"
+    networks:
+      openwifi:
+    restart: unless-stopped
+    volumes:
+      - zookeeper_data:/data
+      - zookeeper_datalog:/datalog
+
   kafka:
-    image: "docker.io/bitnamilegacy/kafka:${KAFKA_TAG}"
+    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
     networks:
       openwifi:
     env_file:
       - kafka.env
     restart: unless-stopped
+    depends_on:
+      - zookeeper
     volumes:
       - kafka_data:/bitnami/kafka
 
   init-kafka:
-    image: "docker.io/bitnamilegacy/kafka:${KAFKA_TAG}"
+    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
     networks:
       openwifi:
     depends_on:
@@ -198,8 +208,6 @@ services:
       - /bin/sh
       - -c
       - |
-        echo "Sleeping to allow kafka to start up..."
-        sleep 10
         echo "Creating all required Kafka topics..."
         for topic in $$TOPICS; do
           /opt/bitnami/kafka/bin/kafka-topics.sh \
@@ -207,6 +215,16 @@ services:
           --partitions 1 --bootstrap-server kafka:9092
         done && echo "Successfully created Kafka topics, exiting." && exit 0
 
+  mysql:
+    image: "mysql:${MYSQL_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - mysql.env
+    restart: unless-stopped
+    volumes:
+      - mysql_data:/var/lib/mysql
+
   traefik:
     image: "traefik:${TRAEFIK_TAG}"
     networks:
@@ -223,6 +241,7 @@ services:
       - owprov-ui
       - owanalytics
       - owsub
+      - owrrm
     restart: unless-stopped
     volumes:
       - "./traefik/openwifi_letsencrypt.yaml:/etc/traefik/openwifi.yaml"
@@ -249,30 +268,7 @@ services:
       - "16006:16006"
       - "5912:5912"
       - "5913:5913"
+      - "16789:16789"
       - "1812:1812/udp"
       - "1813:1813/udp"
       - "3799:3799/udp"
-
-  postgresql:
-    image: "postgres:${POSTGRESQL_TAG}"
-    networks:
-      openwifi:
-    command:
-      - "postgres"
-      - "-c"
-      - "max_connections=400"
-      - "-c"
-      - "shared_buffers=20MB"
-    env_file:
-      - postgresql.env
-    restart: unless-stopped
-    volumes:
-      - postgresql_data:/var/lib/postgresql/data
-      - ./postgresql/init-db.sh:/docker-entrypoint-initdb.d/init-db.sh
-    healthcheck:
-      # owsub is the last DB created in init-db.sh
-      test: ["CMD-SHELL", "pg_isready -U postgres -d owsub"]
-      interval: 10s
-      retries: 5
-      start_period: 30s
-      timeout: 10s

docker-compose/docker-compose.lb.selfsigned.yml

@@ -1,3 +1,5 @@
+version: '3'
+
 volumes:
   owgw_data:
     driver: local
@@ -11,9 +13,15 @@ volumes:
     driver: local
   owsub_data:
     driver: local
+  owrrm_data:
+    driver: local
+  zookeeper_data:
+    driver: local
+  zookeeper_datalog:
+    driver: local
   kafka_data:
     driver: local
-  postgresql_data:
+  mysql_data:
     driver: local
 
 networks:
@@ -30,11 +38,7 @@ services:
       - .env.selfsigned
       - owgw.env
     depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-      postgresql:
-        condition: service_healthy
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owgw"]
+      - kafka
     restart: unless-stopped
     volumes:
       - owgw_data:${OWGW_ROOT}/persist
@@ -46,6 +50,8 @@ services:
 
   owgw-ui:
     image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owgw-ui:${OWGWUI_TAG}"
+    env_file: 
+      - owgw-ui.env
     networks:
       openwifi:
         aliases:
@@ -69,11 +75,7 @@ services:
       - .env.selfsigned
       - owsec.env
     depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-      postgresql:
-        condition: service_healthy
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owsec"]
+      - kafka
     restart: unless-stopped
     volumes:
       - owsec_data:${OWSEC_ROOT}/persist
@@ -89,11 +91,7 @@ services:
       - .env.selfsigned
       - owfms.env
     depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-      postgresql:
-        condition: service_healthy
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owfms"]
+      - kafka
     restart: unless-stopped
     volumes:
       - owfms_data:${OWFMS_ROOT}/persist
@@ -109,11 +107,7 @@ services:
       - .env.selfsigned
       - owprov.env
     depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-      postgresql:
-        condition: service_healthy
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owprov"]
+      - kafka
     restart: unless-stopped
     volumes:
       - owprov_data:${OWPROV_ROOT}
@@ -144,11 +138,7 @@ services:
       - .env.selfsigned
       - owanalytics.env
     depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-      postgresql:
-        condition: service_healthy
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owanalytics"]
+      - kafka
     restart: unless-stopped
     volumes:
       - owanalytics_data:${OWANALYTICS_ROOT}
@@ -164,28 +154,50 @@ services:
       - .env.selfsigned
       - owsub.env
     depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-      postgresql:
-        condition: service_healthy
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owsub"]
+      - kafka
     restart: unless-stopped
     volumes:
       - owsub_data:${OWSUB_ROOT}
       - ./certs:/${OWSUB_ROOT}/certs
 
+  owrrm:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owrrm:${OWRRM_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWRRM_HOSTNAME}
+    env_file:
+      - owrrm.env
+    depends_on:
+      - mysql
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owrrm_data:/owrrm-data
+
+  zookeeper:
+    image: "zookeeper:${ZOOKEEPER_TAG}"
+    networks:
+      openwifi:
+    restart: unless-stopped
+    volumes:
+      - zookeeper_data:/data
+      - zookeeper_datalog:/datalog
+
   kafka:
-    image: "docker.io/bitnamilegacy/kafka:${KAFKA_TAG}"
+    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
     networks:
       openwifi:
     env_file:
       - kafka.env
     restart: unless-stopped
+    depends_on:
+      - zookeeper
     volumes:
       - kafka_data:/bitnami/kafka
 
   init-kafka:
-    image: "docker.io/bitnamilegacy/kafka:${KAFKA_TAG}"
+    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
     networks:
       openwifi:
     depends_on:
@@ -196,8 +208,6 @@ services:
       - /bin/sh
       - -c
       - |
-        echo "Sleeping to allow kafka to start up..."
-        sleep 10
         echo "Creating all required Kafka topics..."
         for topic in $$TOPICS; do
           /opt/bitnami/kafka/bin/kafka-topics.sh \
@@ -205,6 +215,16 @@ services:
           --partitions 1 --bootstrap-server kafka:9092
         done && echo "Successfully created Kafka topics, exiting." && exit 0
 
+  mysql:
+    image: "mysql:${MYSQL_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - mysql.env
+    restart: unless-stopped
+    volumes:
+      - mysql_data:/var/lib/mysql
+
   traefik:
     image: "traefik:${TRAEFIK_TAG}"
     networks:
@@ -220,6 +240,7 @@ services:
       - owprov-ui
       - owanalytics
       - owsub
+      - owrrm
     restart: unless-stopped
     volumes:
       - "./traefik/openwifi_selfsigned.yaml:/etc/traefik/openwifi.yaml"
@@ -241,30 +262,7 @@ services:
       - "16006:16006"
       - "5912:5912"
       - "5913:5913"
+      - "16789:16789"
       - "1812:1812/udp"
       - "1813:1813/udp"
       - "3799:3799/udp"
-
-  postgresql:
-    image: "postgres:${POSTGRESQL_TAG}"
-    networks:
-      openwifi:
-    command:
-      - "postgres"
-      - "-c"
-      - "max_connections=400"
-      - "-c"
-      - "shared_buffers=20MB"
-    env_file:
-      - postgresql.env
-    restart: unless-stopped
-    volumes:
-      - postgresql_data:/var/lib/postgresql/data
-      - ./postgresql/init-db.sh:/docker-entrypoint-initdb.d/init-db.sh
-    healthcheck:
-      # owsub is the last DB created in init-db.sh
-      test: ["CMD-SHELL", "pg_isready -U postgres -d owsub"]
-      interval: 10s
-      retries: 5
-      start_period: 30s
-      timeout: 10s

docker-compose/docker-compose.postgresql.yml

@@ -0,0 +1,47 @@
+version: '3'
+
+volumes:
+  postgresql_data:
+    driver: local
+
+services:
+  owgw:
+    depends_on:
+      - postgresql
+    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owgw"]
+
+  owsec:
+    depends_on:
+      - postgresql
+    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owsec"]
+
+  owfms:
+    depends_on:
+      - postgresql
+    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owfms"]
+
+  owprov:
+    depends_on:
+      - postgresql
+    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owprov"]
+
+  owanalytics:
+    depends_on:
+      - postgresql
+    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owanalytics"]
+
+  owsub:
+    depends_on:
+      - postgresql
+    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owsub"]
+
+  postgresql:
+    image: "postgres:${POSTGRESQL_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - postgresql.env
+    restart: unless-stopped
+    volumes:
+      - postgresql_data:/var/lib/postgresql/data
+      - ./postgresql/init-db.sh:/docker-entrypoint-initdb.d/init-db.sh

docker-compose/docker-compose.yml

@@ -1,9 +1,18 @@
+version: '3'
+
 volumes:
+#  owrrm_data:
+#    driver: local
+  zookeeper_data:
+    driver: local
+  zookeeper_datalog:
+    driver: local
   kafka_data:
     driver: local
-  postgresql_data:
+  mysql_data:
     driver: local
 
+
 networks:
   openwifi:
 
@@ -17,11 +26,7 @@ services:
     env_file:
       - owgw.env
     depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-      postgresql:
-        condition: service_healthy
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owgw"]
+      - kafka
     restart: unless-stopped
     volumes:
       - "./owgw_data:${OWGW_ROOT}"
@@ -72,11 +77,7 @@ services:
     env_file:
       - owsec.env
     depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-      postgresql:
-        condition: service_healthy
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owsec"]
+      - kafka
     restart: unless-stopped
     volumes:
       - "./owsec_data:${OWSEC_ROOT}"
@@ -94,11 +95,7 @@ services:
     env_file:
       - owfms.env
     depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-      postgresql:
-        condition: service_healthy
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owfms"]
+      - kafka
     restart: unless-stopped
     volumes:
       - "./owfms_data:${OWFMS_ROOT}"
@@ -116,11 +113,7 @@ services:
     env_file:
       - owprov.env
     depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-      postgresql:
-        condition: service_healthy
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owprov"]
+      - kafka
     restart: unless-stopped
     volumes:
       - "./owprov_data:${OWPROV_ROOT}"
@@ -160,11 +153,7 @@ services:
     env_file:
       - owanalytics.env
     depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-      postgresql:
-        condition: service_healthy
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owanalytics"]
+      - kafka
     restart: unless-stopped
     volumes:
       - "./owanalytics_data:${OWANALYTICS_ROOT}"
@@ -182,11 +171,7 @@ services:
     env_file:
       - owsub.env
     depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-      postgresql:
-        condition: service_healthy
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owsub"]
+      - kafka
     restart: unless-stopped
     volumes:
       - "./owsub_data:${OWSUB_ROOT}"
@@ -195,18 +180,30 @@ services:
       - "16006:16006"
       - "16106:16106"
 
+
+  zookeeper:
+    image: "zookeeper:${ZOOKEEPER_TAG}"
+    networks:
+      openwifi:
+    restart: unless-stopped
+    volumes:
+      - zookeeper_data:/data
+      - zookeeper_datalog:/datalog
+
   kafka:
-    image: "docker.io/bitnamilegacy/kafka:${KAFKA_TAG}"
+    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
     networks:
       openwifi:
     env_file:
       - kafka.env
     restart: unless-stopped
+    depends_on:
+      - zookeeper
     volumes:
       - kafka_data:/bitnami/kafka
 
   init-kafka:
-    image: "docker.io/bitnamilegacy/kafka:${KAFKA_TAG}"
+    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
     networks:
       openwifi:
     depends_on:
@@ -217,8 +214,6 @@ services:
       - /bin/sh
       - -c
       - |
-        echo "Sleeping to allow kafka to start up..."
-        sleep 10
         echo "Creating all required Kafka topics..."
         for topic in $$TOPICS; do
           /opt/bitnami/kafka/bin/kafka-topics.sh \
@@ -226,26 +221,29 @@ services:
           --partitions 1 --bootstrap-server kafka:9092
         done && echo "Successfully created Kafka topics, exiting." && exit 0
 
-  postgresql:
-    image: "postgres:${POSTGRESQL_TAG}"
-    networks:
-      openwifi:
-    command:
-      - "postgres"
-      - "-c"
-      - "max_connections=400"
-      - "-c"
-      - "shared_buffers=20MB"
-    env_file:
-      - postgresql.env
-    restart: unless-stopped
-    volumes:
-      - postgresql_data:/var/lib/postgresql/data
-      - ./postgresql/init-db.sh:/docker-entrypoint-initdb.d/init-db.sh
-    healthcheck:
-      # owsub is the last DB created in init-db.sh
-      test: ["CMD-SHELL", "pg_isready -U postgres -d owsub"]
-      interval: 10s
-      retries: 5
-      start_period: 30s
-      timeout: 10s
+# NOTE currently OWRRM is only supported in LB installations
+#  owrrm:
+#    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owrrm:${OWRRM_TAG}"
+#    networks:
+#      openwifi:
+#        aliases:
+#          - ${INTERNAL_OWRRM_HOSTNAME}
+#    env_file:
+#      - owrrm.env
+#    depends_on:
+#      - mysql
+#      - kafka
+#    restart: unless-stopped
+#    volumes:
+#      - owrrm_data:/owrrm-data
+#    ports:
+#      - "16789:16789"
+#  mysql:
+#    image: "mysql:${MYSQL_TAG}"
+#    networks:
+#      openwifi:
+#    env_file:
+#      - mysql.env
+#    restart: unless-stopped
+#    volumes:
+#      - mysql_data:/var/lib/mysql

docker-compose/kafka.env

@@ -1,10 +1,3 @@
+KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper:2181
 ALLOW_PLAINTEXT_LISTENER=yes
-TOPICS=command connection device_event_queue device_telemetry healthcheck provisioning_change service_events state wifiscan
-KAFKA_CFG_NODE_ID=0
-KAFKA_CFG_PROCESS_ROLES=controller,broker
-KAFKA_CFG_CONTROLLER_QUORUM_VOTERS=0@kafka:9093
-KAFKA_CFG_LISTENERS=PLAINTEXT://:9092,CONTROLLER://:9093
-KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://:9092
-KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT
-KAFKA_CFG_CONTROLLER_LISTENER_NAMES=CONTROLLER
-KAFKA_CFG_INTER_BROKER_LISTENER_NAME=PLAINTEXT
+TOPICS=command connection device_event_queue device telemetry healthcheck provisioning_change service_events state wifiscan

docker-compose/mysql.env

@@ -0,0 +1,5 @@
+#MYSQL_RANDOM_ROOT_PASSWORD=yes
+MYSQL_ROOT_PASSWORD=openwifi
+MYSQL_DATABASE=owrrm
+#MYSQL_USER=owrrm
+#MYSQL_PASSWORD=openwifi

docker-compose/owanalytics.env

@@ -23,19 +23,17 @@ SYSTEM_DATA=$OWANALYTICS_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owanalytics.wlan.local:17009
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16009
 SYSTEM_URI_UI=https://openwifi.wlan.local
-
 #SECURITY_RESTAPI_DISABLE=false
 #KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
-STORAGE_TYPE=postgresql
-STORAGE_TYPE_POSTGRESQL_HOST=postgresql
-STORAGE_TYPE_POSTGRESQL_USERNAME=owanalytics
-STORAGE_TYPE_POSTGRESQL_PASSWORD=owanalytics
-STORAGE_TYPE_POSTGRESQL_DATABASE=owanalytics
-STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owanalytics
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owanalytics
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owanalytics
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
 #STORAGE_TYPE_MYSQL_HOST=localhost
 #STORAGE_TYPE_MYSQL_USERNAME=owanalytics
 #STORAGE_TYPE_MYSQL_PASSWORD=owanalytics
 #STORAGE_TYPE_MYSQL_DATABASE=owanalytics
 #STORAGE_TYPE_MYSQL_PORT=3306
-#STORAGE_TYPE=sqlite

docker-compose/owfms.env

@@ -29,15 +29,14 @@ S3_KEY=AKIAUG47UZG7R6SRLD7F
 #S3_BUCKET_URI=ucentral-ap-firmware.s3.amazonaws.com
 #KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
-STORAGE_TYPE=postgresql
-STORAGE_TYPE_POSTGRESQL_HOST=postgresql
-STORAGE_TYPE_POSTGRESQL_USERNAME=owfms
-STORAGE_TYPE_POSTGRESQL_PASSWORD=owfms
-STORAGE_TYPE_POSTGRESQL_DATABASE=owfms
-STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owfms
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owfms
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owfms
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
 #STORAGE_TYPE_MYSQL_HOST=localhost
 #STORAGE_TYPE_MYSQL_USERNAME=owfms
 #STORAGE_TYPE_MYSQL_PASSWORD=owfms
 #STORAGE_TYPE_MYSQL_DATABASE=owfms
 #STORAGE_TYPE_MYSQL_PORT=3306
-#STORAGE_TYPE=sqlite

docker-compose/owgw.env

@@ -56,17 +56,15 @@ RADIUS_PROXY_ENABLE=true
 #RADIUS_PROXY_COA_PORT=3799
 #KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
-STORAGE_TYPE=postgresql
-STORAGE_TYPE_POSTGRESQL_HOST=postgresql
-STORAGE_TYPE_POSTGRESQL_USERNAME=owgw
-STORAGE_TYPE_POSTGRESQL_PASSWORD=owgw
-STORAGE_TYPE_POSTGRESQL_DATABASE=owgw
-STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owgw
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owgw
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owgw
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
 #STORAGE_TYPE_MYSQL_HOST=localhost
 #STORAGE_TYPE_MYSQL_USERNAME=owgw
 #STORAGE_TYPE_MYSQL_PASSWORD=owgw
 #STORAGE_TYPE_MYSQL_DATABASE=owgw
 #STORAGE_TYPE_MYSQL_PORT=3306
-#STORAGE_TYPE=sqlite
-
 #CERTIFICATES_ALLOWMISMATCH=false

docker-compose/owls/.env

@@ -1,28 +1,17 @@
-COMPOSE_PROJECT_NAME=owls
-
 # Image tags
-# Currently main branches don't work - owlsui is not compatible with owls.
-#OWSEC_TAG=main
-#OWLSUI_TAG=master
-OWSEC_TAG=v2.9.0
-OWFMS_TAG=v2.9.0
-OWLSUI_TAG=v2.9.0
+COMPOSE_PROJECT_NAME=owls
+OWSEC_TAG=main
 OWLS_TAG=main
-
-KAFKA_TAG=3.7-debian-12
-ACMESH_TAG=latest
-TRAEFIK_TAG=v3.1.2
+OWLSUI_TAG=master
+KAFKA_TAG=latest
+ZOOKEEPER_TAG=latest
 
 # Microservice root/config directories
 OWSEC_ROOT=/owsec-data
 OWSEC_CONFIG=/owsec-data
-OWFMS_ROOT=/owfms-data
-OWFMS_CONFIG=/owfms-data
 OWLS_ROOT=/owls-data
 OWLS_CONFIG=/owls-data
 
 # Microservice hostnames
 INTERNAL_OWSEC_HOSTNAME=owsec.wlan.local
 INTERNAL_OWLS_HOSTNAME=owls.wlan.local
-INTERNAL_OWFMS_HOSTNAME=owfms.wlan.local
-INTERNAL_OWLSUI_HOSTNAME=owls-ui.wlan.local

docker-compose/owls/README.md

@@ -1,6 +1,6 @@
 # OpenWifi OWLS Docker Compose
 ## Deployment with self-signed certificates
-To run a load simulation you need to generate a specific Digicert or Insta signed AP certificate which will be used to connect to the gateway. The certificate serial number has to start with the digits `53494d` since otherwise the gateway won't allow a load simulation. The rest of the serial number and the specified redirector URL can be chosen randomly. You only need to generate one AP certificate for your simulations.
+To run a load simulation you need to generate a specific Digicert-signed AP certificate which will be used to connect to the gateway. The certificate serial number has to start with the digits `53494d` since otherwise the gateway won't allow a load simulation. The rest of the serial number and the specified redirector URL can be chosen randomly. You only need to generate one AP certificate for your simulations.  
 Be aware that since the OWLS deployment partly exposes the same ports on the host as the OpenWifi deployment, it is not intended that both run on the same host.
 1. Copy or move your AP load simulation certificate into the `docker-compose/certs` directory. Don't forget to name the files `device-cert.pem` and `device-key.pem` or adapt the path names in the OWLS configuration if you're using different file names.
 2. To be able to run load simulation tests against your OpenWifi SDK deployment, you'll have to [add the serial number of your generated AP certificate to the gateway configuration](https://github.com/Telecominfraproject/wlan-cloud-owls#prepare-your-openwifi-gateway). You can do that by either editing [owgw.env](../owgw.env) or doing the changes directly in your OWGW configuration file if it is exposed on your Docker host.
@@ -14,22 +14,3 @@ Be aware that since the OWLS deployment partly exposes the same ports on the hos
 10. In the Simulation tab, click on the + sign on the right side to add a load simulation.
 11. Fill out the required fields. MAC prefix is used for the MAC addresses of the simulated devices, so you can use any six-digit hexadecimal number. Specify the remote address of your OpenWifi gateway in the Gateway field, for example `https://openwifi.wlan.local:15002`. Adapt the rest of the settings according to your needs.
 12. Click on the floppy disk icon to save your load simulation. You can run it by clicking the play symbol in the table view.
-
-## Deployment with Let's Encrypt certificates
-To run a load simulation you need to generate a specific Digicert or Insta signed AP certificate which will be used to connect to the gateway. The certificate serial number has to start with the digits `53494d` since otherwise the gateway won't allow a load simulation. The rest of the serial number and the specified redirector URL can be chosen randomly. You only need to generate one AP certificate for your simulations.  Be aware that since the OWLS deployment partly exposes the same ports on the host as the OpenWifi deployment, it is not intended that both run on the same host.
-1. Copy or move your AP load simulation certificate into the `docker-compose/certs` directory. Don't forget to name the files `device-cert.pem` and `device-key.pem` or adapt the path names in the OWLS configuration if you're using different file names.
-2. To be able to run load simulation tests against your OpenWifi SDK deployment, you'll have to [add the serial number of your generated AP certificate to the gateway configuration](https://github.com/Telecominfraproject/wlan-cloud-owls#prepare-your-openwifi-gateway). You can do that by either editing [owgw.env](../owgw.env) or doing the changes directly in your OWGW configuration file if it is exposed on your Docker host.
-3. Switch into the project directory with `cd docker-compose/owls`.
-4. Add an entry for `openwifi-owls.wlan.local` in your hosts file which points to `127.0.0.1` or whatever the IP of the host running the OWLS deployment is.
-5. Create an alias `alias dcowls='docker-compose -f docker-compose.lb.letsencrypt.yml`.
-6. Change SDKHOSTNAME in .env to the desired externally reachable host name. This name must resolve to the IP of the host. ie. SDKHOSTNAME=owls.example.com
-7. Change in owls-ui.env: `REACT_APP_UCENTRALSEC_URL=https://owls.example.com:16001`
-8. Change SYSTEM_URI_PUBLIC in owsec.env, owfms.env and owls.env.
-ie. for owls.env: `SYSTEM_URI_PUBLIC=https://owls.example.com:16007 SYSTEM_URI_UI=https://owls.example.com`. Make sure you maintain the correct port for each service in SYSTEM_URI_PUBLIC.
-9. Make sure the following ports are open: 80, 443, 16001, 16004, 16007 (80 is required by the initial Let's Encrypt challenge.)
-10. Spin up the deployment with `dcowls up -d`.
-11. Check if the containers are up and running with `dcowls ps`.
-12. Login to the UI by visiting ie. https://owls.example.com and follow the instructions to change your default password.
-13. In the Simulation tab, click on the + sign on the right side to add a load simulation.
-14. Fill out the required fields. MAC prefix is used for the MAC addresses of the simulated devices, so you can use any six-digit hexadecimal number. Specify the remote address of your OpenWifi gateway in the Gateway field, for example `https://gw.sdk.example.com:15002`. Adapt the rest of the settings according to your needs.
-15. Click on the floppy disk icon to save your load simulation. You can run it by clicking the play symbol in the table view.

docker-compose/owls/docker-compose.lb.letsencrypt.yml

@@ -1,136 +0,0 @@
-volumes:
-  kafka_data:
-    driver: local
-
-networks:
-  owls:
-
-services:
-  owsec:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owsec:${OWSEC_TAG}"
-    networks:
-      owls:
-        aliases:
-          - ${INTERNAL_OWSEC_HOSTNAME}
-    env_file:
-      - owsec.env
-    depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-    restart: unless-stopped
-    volumes:
-      - "./owsec_data:${OWSEC_ROOT}"
-      - "../certs:/${OWSEC_ROOT}/certs"
-
-  owfms:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owfms:${OWFMS_TAG}"
-    networks:
-      owls:
-        aliases:
-          - ${INTERNAL_OWFMS_HOSTNAME}
-    env_file:
-      - owfms.env
-    depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-    restart: unless-stopped
-    volumes:
-      - "./owfms_data:${OWFMS_ROOT}"
-      - "../certs:/${OWFMS_ROOT}/certs"
-
-  owls:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owls:${OWLS_TAG}"
-    networks:
-      owls:
-        aliases:
-          - ${INTERNAL_OWLS_HOSTNAME}
-    env_file:
-      - owls.env
-    depends_on:
-      owsec:
-        condition: service_started
-      init-kafka:
-        condition: service_completed_successfully
-    restart: unless-stopped
-    volumes:
-      - "./owls_data:${OWLS_ROOT}"
-      - "../certs:/${OWLS_ROOT}/certs"
-
-  owls-ui:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owls-ui:${OWLSUI_TAG}"
-    networks:
-      owls:
-        aliases:
-          - ${INTERNAL_OWLSUI_HOSTNAME}
-    env_file:
-      - owls-ui.env
-    depends_on:
-      - owsec
-      - owfms
-      - owls
-    restart: unless-stopped
-    volumes:
-      - "./owls-ui/default.conf:/etc/nginx/conf.d/default.conf"
-      - "../certs/restapi-cert.pem:/etc/nginx/restapi-cert.pem"
-      - "../certs/restapi-key.pem:/etc/nginx/restapi-key.pem"
-
-  traefik:
-    image: "traefik:${TRAEFIK_TAG}"
-    networks:
-      owls:
-    env_file:
-      - traefik.env
-    depends_on:
-      - owsec
-      - owfms
-      - owls
-      - owls-ui
-    restart: unless-stopped
-    volumes:
-      - "./traefik/openwifi_letsencrypt.yaml:/etc/traefik/openwifi.yaml"
-      - "../certs/restapi-ca.pem:/certs/restapi-ca.pem"
-      - "./letsencrypt_certs:/letsencrypt"
-    entrypoint:
-      - /bin/sh
-      - -c
-      - |
-        timeout 10m sh -c 'until [[ "$$(getent hosts $SDKHOSTNAME)" ]]; do echo "Waiting until DNS record for $SDKHOSTNAME is resolvable"; sleep 5; done' \
-        && ./entrypoint.sh traefik
-    ports:
-      - "80:80"
-      - "443:443"
-      - "8080:8080"
-      - "16001:16001"
-      - "16004:16004"
-      - "16007:16007"
-
-  kafka:
-    image: "docker.io/bitnamilegacy/kafka:${KAFKA_TAG}"
-    networks:
-      owls:
-    env_file:
-      - kafka.env
-    restart: unless-stopped
-    volumes:
-      - kafka_data:/bitnami/kafka
-
-  init-kafka:
-    image: "docker.io/bitnamilegacy/kafka:${KAFKA_TAG}"
-    networks:
-      owls:
-    depends_on:
-      - kafka
-    env_file:
-      - kafka.env
-    entrypoint:
-      - /bin/sh
-      - -c
-      - |
-        echo "Sleeping to allow kafka to start up..."
-        sleep 10
-        echo "Creating all required Kafka topics..."
-        for topic in $$TOPICS; do
-          /opt/bitnami/kafka/bin/kafka-topics.sh \
-          --create --if-not-exists --topic $$topic --replication-factor 1 \
-          --partitions 1 --bootstrap-server kafka:9092
-        done && echo "Successfully created Kafka topics, exiting." && exit 0

docker-compose/owls/docker-compose.yml

@@ -1,4 +1,10 @@
+version: '3'
+
 volumes:
+  zookeeper_data:
+    driver: local
+  zookeeper_datalog:
+    driver: local
   kafka_data:
     driver: local
 
@@ -15,8 +21,7 @@ services:
     env_file:
       - owsec.env
     depends_on:
-      init-kafka:
-        condition: service_completed_successfully
+      - kafka
     restart: unless-stopped
     volumes:
       - "./owsec_data:${OWSEC_ROOT}"
@@ -25,25 +30,6 @@ services:
       - "16001:16001"
       - "16101:16101"
 
-  owfms:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owfms:${OWFMS_TAG}"
-    networks:
-      owls:
-        aliases:
-          - ${INTERNAL_OWFMS_HOSTNAME}
-    env_file:
-      - owfms.env
-    depends_on:
-      init-kafka:
-        condition: service_completed_successfully
-    restart: unless-stopped
-    volumes:
-      - "./owfms_data:${OWFMS_ROOT}"
-      - "../certs:/${OWFMS_ROOT}/certs"
-    ports:
-      - "16004:16004"
-      - "16104:16104"
-
   owls:
     image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owls:${OWLS_TAG}"
     networks:
@@ -53,10 +39,8 @@ services:
     env_file:
       - owls.env
     depends_on:
-      owsec:
-        condition: service_started
-      init-kafka:
-        condition: service_completed_successfully
+      - owsec
+      - kafka
     restart: unless-stopped
     volumes:
       - "./owls_data:${OWLS_ROOT}"
@@ -74,7 +58,6 @@ services:
     depends_on:
       - owsec
       - owls
-      - owfms
     restart: unless-stopped
     volumes:
       - "./owls-ui/default.conf:/etc/nginx/conf.d/default.conf"
@@ -84,33 +67,23 @@ services:
       - "80:80"
       - "443:443"
 
+  zookeeper:
+    image: "zookeeper:${ZOOKEEPER_TAG}"
+    networks:
+      owls:
+    restart: unless-stopped
+    volumes:
+      - zookeeper_data:/data
+      - zookeeper_datalog:/datalog
+
   kafka:
-    image: "docker.io/bitnamilegacy/kafka:${KAFKA_TAG}"
+    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
     networks:
       owls:
     env_file:
       - kafka.env
     restart: unless-stopped
+    depends_on:
+      - zookeeper
     volumes:
       - kafka_data:/bitnami/kafka
-
-  init-kafka:
-    image: "docker.io/bitnamilegacy/kafka:${KAFKA_TAG}"
-    networks:
-      owls:
-    depends_on:
-      - kafka
-    env_file:
-      - kafka.env
-    entrypoint:
-      - /bin/sh
-      - -c
-      - |
-        echo "Sleeping to allow kafka to start up..."
-        sleep 10
-        echo "Creating all required Kafka topics..."
-        for topic in $$TOPICS; do
-          /opt/bitnami/kafka/bin/kafka-topics.sh \
-          --create --if-not-exists --topic $$topic --replication-factor 1 \
-          --partitions 1 --bootstrap-server kafka:9092
-        done && echo "Successfully created Kafka topics, exiting." && exit 0

docker-compose/owls/environments/create_tip_deploy.sh

@@ -1,62 +0,0 @@
-#!/bin/bash
-# Create a deploy directory for a particular environment.
-# Only support the letsencrypt setup here!
-# Optionally copy it over.
-
-set -e
-USAGE="$0 environment"
-
-env="$1"
-if [ -z "$env" ] ; then
-    echo $USAGE
-    exit 1
-fi
-dir="$env"
-dhost=""
-if [[ "$env" == "owls1" ]] ; then
-    hostname="owls1.lab.wlan.tip.build"
-    dhost="tipowlsls"
-    destdir="deploy-owls"
-elif [[ "$env" == "owls2" ]] ; then
-    hostname="owls2.lab.wlan.tip.build"
-    dhost="tipowlsgw"
-    destdir="deploy-owls"
-else
-    echo "Unknown environment: $env"
-    exit 1
-fi
-
-# need newer GNU sed (mac one isn't compatible) [on mac install sed using homebrew]
-sed=$(command -v gsed)
-[ -z "$sed" ] && sed="sed"
-
-set -x
-
-
-echo
-echo "Make sure you have created/updated the device-cert.pem and device-key.pem files!"
-echo
-url="https://$hostname"
-[ -d "$dir" ] || mkdir "$dir"
-cd "$dir"
-mkdir -p owls-ui traefik certs/cas || true
-cp ../../.env ../../*.env .
-cp ../../docker-compose.lb.letsencrypt.yml docker-compose.yml
-cp ../../owls-ui/default-lb.conf owls-ui/default.conf
-cp ../../traefik/* traefik
-cp ../../../certs/cas/* certs/cas 2>/dev/null || true
-cp ../../../certs/*.pem certs
-echo "SDKHOSTNAME=$hostname" >> .env
-$sed -i "s~REACT_APP_UCENTRALSEC_URL=.*~REACT_APP_UCENTRALSEC_URL=$url:16001~" owls-ui.env
-$sed -i "s~SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$url:16001~" owsec.env
-$sed -i "s~SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$url~" owsec.env
-$sed -i "s~SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$url:16004~" owfms.env
-$sed -i "s~SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$url~" owfms.env
-$sed -i "s~SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$url:16007~" owls.env
-$sed -i "s~SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$url~" owls.env
-$sed -i "s~../certs:~./certs:~" docker-compose.yml
-
-
-if [[ -n "$dhost" && -n "$destdir" ]] ; then
-    rsync -avh --progress ./ $dhost:$destdir
-fi

docker-compose/owls/kafka.env

@@ -1,10 +1,2 @@
+KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper:2181
 ALLOW_PLAINTEXT_LISTENER=yes
-TOPICS=service_events
-KAFKA_CFG_NODE_ID=0
-KAFKA_CFG_PROCESS_ROLES=controller,broker
-KAFKA_CFG_CONTROLLER_QUORUM_VOTERS=0@kafka:9093
-KAFKA_CFG_LISTENERS=PLAINTEXT://:9092,CONTROLLER://:9093
-KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://:9092
-KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT
-KAFKA_CFG_CONTROLLER_LISTENER_NAMES=CONTROLLER
-KAFKA_CFG_INTER_BROKER_LISTENER_NAME=PLAINTEXT

docker-compose/owls/owfms.env

@@ -1,43 +0,0 @@
-RUN_CHOWN=true
-TEMPLATE_CONFIG=true
-SELFSIGNED_CERTS=true
-
-OWFMS_ROOT=/owfms-data
-OWFMS_CONFIG=/owfms-data
-
-#RESTAPI_HOST_ROOTCA=$OWFMS_ROOT/certs/restapi-ca.pem
-#RESTAPI_HOST_PORT=16004
-#RESTAPI_HOST_CERT=$OWFMS_ROOT/certs/restapi-cert.pem
-#RESTAPI_HOST_KEY=$OWFMS_ROOT/certs/restapi-key.pem
-#RESTAPI_HOST_KEY_PASSWORD=mypassword
-#INTERNAL_RESTAPI_HOST_ROOTCA=$OWFMS_ROOT/certs/restapi-ca.pem
-#INTERNAL_RESTAPI_HOST_PORT=17004
-#INTERNAL_RESTAPI_HOST_CERT=$OWFMS_ROOT/certs/restapi-cert.pem
-#INTERNAL_RESTAPI_HOST_KEY=$OWFMS_ROOT/certs/restapi-key.pem
-#INTERNAL_RESTAPI_HOST_KEY_PASSWORD=mypassword
-#SERVICE_KEY=$OWFMS_ROOT/certs/restapi-key.pem
-#SERVICE_KEY_PASSWORD=mypassword
-SYSTEM_DATA=$OWFMS_ROOT/persist
-SYSTEM_URI_PRIVATE=https://owfms.wlan.local:17004
-SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16004
-SYSTEM_URI_UI=https://openwifi.wlan.local
-#SECURITY_RESTAPI_DISABLE=false
-#S3_BUCKETNAME=ucentral-ap-firmware
-#S3_REGION=us-east-1
-S3_SECRET=b0S6EiR5RLIxoe7Xvz9YXPPdxQCoZ6ze37qunTAI
-S3_KEY=AKIAUG47UZG7R6SRLD7F
-#S3_BUCKET_URI=ucentral-ap-firmware.s3.amazonaws.com
-#KAFKA_ENABLE=true
-KAFKA_BROKERLIST=kafka:9092
-#STORAGE_TYPE=postgresql
-#STORAGE_TYPE_POSTGRESQL_HOST=postgresql
-#STORAGE_TYPE_POSTGRESQL_USERNAME=owfms
-#STORAGE_TYPE_POSTGRESQL_PASSWORD=owfms
-#STORAGE_TYPE_POSTGRESQL_DATABASE=owfms
-#STORAGE_TYPE_POSTGRESQL_PORT=5432
-#STORAGE_TYPE_MYSQL_HOST=localhost
-#STORAGE_TYPE_MYSQL_USERNAME=owfms
-#STORAGE_TYPE_MYSQL_PASSWORD=owfms
-#STORAGE_TYPE_MYSQL_DATABASE=owfms
-#STORAGE_TYPE_MYSQL_PORT=3306
-STORAGE_TYPE=sqlite

docker-compose/owls/owls-ui/default-lb.conf

@@ -1,41 +0,0 @@
-server {
-    listen       80;
-    listen  [::]:80;
-
-    # Disable emitting nginx version
-    server_tokens off;
-
-    #return 301 https://$host$request_uri;
-    location / {
-        root   /usr/share/nginx/html;
-        index  index.html index.htm;
-    }
-
-    # redirect server error pages to the static page /50x.html
-    error_page   500 502 503 504  /50x.html;
-    location = /50x.html {
-        root   /usr/share/nginx/html;
-    }
-}
-
-server {
-    listen       443 ssl;
-    listen       [::]:443 ssl;
-
-    # Disable emitting nginx version
-    server_tokens off;
-
-    ssl_certificate     /etc/nginx/restapi-cert.pem;
-    ssl_certificate_key /etc/nginx/restapi-key.pem;
-
-    location / {
-        root   /usr/share/nginx/html;
-        index  index.html index.htm;
-    }
-
-    # redirect server error pages to the static page /50x.html
-    error_page   500 502 503 504  /50x.html;
-    location = /50x.html {
-        root   /usr/share/nginx/html;
-    }
-}

docker-compose/owls/traefik.env

@@ -1,15 +0,0 @@
-TRAEFIK_ENTRYPOINTS_OWLSUIHTTP_ADDRESS=:80
-TRAEFIK_ENTRYPOINTS_OWLSUIHTTP_HTTP_REDIRECTIONS_ENTRYPOINT_TO=owlsuihttps
-TRAEFIK_ENTRYPOINTS_OWLSUIHTTPS_ADDRESS=:443
-TRAEFIK_ENTRYPOINTS_OWSECRESTAPI_ADDRESS=:16001
-TRAEFIK_ENTRYPOINTS_OWLSRESTAPI_ADDRESS=:16007
-TRAEFIK_ENTRYPOINTS_OWFMSRESTAPI_ADDRESS=:16004
-TRAEFIK_PROVIDERS_FILE_FILENAME=/etc/traefik/openwifi.yaml
-TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=
-TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_HTTPCHALLENGE=true
-TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_HTTPCHALLENGE_ENTRYPOINT=owlsuihttp
-TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_STORAGE=/letsencrypt/acme.json
-TRAEFIK_SERVERSTRANSPORT_ROOTCAS=/certs/restapi-ca.pem
-SDKHOSTNAME=owls2.lab.wlan.tip.build
-TRAEFIK_LOG=true
-TRAEFIK_LOG_LEVEL=DEBUG

docker-compose/owls/traefik/openwifi_letsencrypt.yaml

@@ -1,50 +0,0 @@
-log:
-  level: DEBUG
-http:
-  services:
-    owls-ui:
-      loadBalancer:
-        servers:
-          - url: "http://owls-ui.wlan.local:80/"
-    owsec-restapi:
-      loadBalancer:
-        servers:
-          - url: "https://owsec.wlan.local:16001/"
-    owfms-restapi:
-      loadBalancer:
-        servers:
-          - url: "https://owfms.wlan.local:16004/"
-    owls-restapi:
-      loadBalancer:
-        servers:
-          - url: "https://owls.wlan.local:16007/"
-
-  routers:
-    owls-ui-http:
-      entryPoints: "owlsuihttp"
-      service: "owls-ui"
-      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
-    owls-ui-https:
-      entryPoints: "owlsuihttps"
-      service: "owls-ui"
-      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
-      tls:
-        certResolver: "openwifi"
-    owls-restapi:
-      entryPoints: "owlsrestapi"
-      service: "owls-restapi"
-      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
-      tls:
-        certResolver: "openwifi"
-    owsec-restapi:
-      entryPoints: "owsecrestapi"
-      service: "owsec-restapi"
-      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
-      tls:
-        certResolver: "openwifi"
-    owfms-restapi:
-      entryPoints: "owfmsrestapi"
-      service: "owfms-restapi"
-      rule: "Host(`{{env "SDKHOSTNAME"}}`)"
-      tls:
-        certResolver: "openwifi"

docker-compose/owprov.env

@@ -26,15 +26,14 @@ SYSTEM_URI_UI=https://openwifi.wlan.local
 #SECURITY_RESTAPI_DISABLE=false
 #KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
-STORAGE_TYPE=postgresql
-STORAGE_TYPE_POSTGRESQL_HOST=postgresql
-STORAGE_TYPE_POSTGRESQL_USERNAME=owprov
-STORAGE_TYPE_POSTGRESQL_PASSWORD=owprov
-STORAGE_TYPE_POSTGRESQL_DATABASE=owprov
-STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owprov
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owprov
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owprov
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
 #STORAGE_TYPE_MYSQL_HOST=localhost
 #STORAGE_TYPE_MYSQL_USERNAME=owprov
 #STORAGE_TYPE_MYSQL_PASSWORD=owprov
 #STORAGE_TYPE_MYSQL_DATABASE=owprov
 #STORAGE_TYPE_MYSQL_PORT=3306
-#STORAGE_TYPE=sqlite

docker-compose/owrrm.env

@@ -0,0 +1,8 @@
+SELFSIGNED_CERTS=true
+SERVICECONFIG_PRIVATEENDPOINT=https://owrrm.wlan.local:16789
+SERVICECONFIG_PUBLICENDPOINT=https://openwifi.wlan.local:16789
+KAFKACONFIG_BOOTSTRAPSERVER=kafka:9092
+DATABASECONFIG_SERVER=mysql:3306
+DATABASECONFIG_USER=root
+#DATABASECONFIG_PASSWORD=openwifi
+DATABASECONFIG_DBNAME=owrrm

docker-compose/owsec.env

@@ -35,15 +35,14 @@ SYSTEM_URI_UI=https://openwifi.wlan.local
 KAFKA_BROKERLIST=kafka:9092
 #DOCUMENT_POLICY_ACCESS=$OWSEC_ROOT/wwwassets/access_policy.html
 #DOCUMENT_POLICY_PASSWORD=$OWSEC_ROOT/wwwassets/password_policy.html
-STORAGE_TYPE=postgresql
-STORAGE_TYPE_POSTGRESQL_HOST=postgresql
-STORAGE_TYPE_POSTGRESQL_USERNAME=owsec
-STORAGE_TYPE_POSTGRESQL_PASSWORD=owsec
-STORAGE_TYPE_POSTGRESQL_DATABASE=owsec
-STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owsec
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owsec
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owsec
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
 #STORAGE_TYPE_MYSQL_HOST=localhost
 #STORAGE_TYPE_MYSQL_USERNAME=owsec
 #STORAGE_TYPE_MYSQL_PASSWORD=owsec
 #STORAGE_TYPE_MYSQL_DATABASE=owsec
 #STORAGE_TYPE_MYSQL_PORT=3306
-#STORAGE_TYPE=sqlite

docker-compose/owsub.env

@@ -26,15 +26,14 @@ SYSTEM_URI_UI=https://openwifi.wlan.local
 #SECURITY_RESTAPI_DISABLE=false
 #KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
-STORAGE_TYPE=postgresql
-STORAGE_TYPE_POSTGRESQL_HOST=postgresql
-STORAGE_TYPE_POSTGRESQL_USERNAME=owsub
-STORAGE_TYPE_POSTGRESQL_PASSWORD=owsub
-STORAGE_TYPE_POSTGRESQL_DATABASE=owsub
-STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owsub
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owsub
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owsub
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
 #STORAGE_TYPE_MYSQL_HOST=localhost
 #STORAGE_TYPE_MYSQL_USERNAME=owsub
 #STORAGE_TYPE_MYSQL_PASSWORD=owsub
 #STORAGE_TYPE_MYSQL_DATABASE=owsub
 #STORAGE_TYPE_MYSQL_PORT=3306
-#STORAGE_TYPE=sqlite

docker-compose/traefik.env

@@ -17,6 +17,7 @@ TRAEFIK_ENTRYPOINTS_OWFMSRESTAPI_ADDRESS=:16004
 TRAEFIK_ENTRYPOINTS_OWPROVRESTAPI_ADDRESS=:16005
 TRAEFIK_ENTRYPOINTS_OWANALYTICSRESTAPI_ADDRESS=:16009
 TRAEFIK_ENTRYPOINTS_OWSUBRESTAPI_ADDRESS=:16006
+TRAEFIK_ENTRYPOINTS_OWRRMOPENAPI_ADDRESS=:16789
 TRAEFIK_PROVIDERS_FILE_FILENAME=/etc/traefik/openwifi.yaml
 TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=
 TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_HTTPCHALLENGE=true

docker-compose/traefik/openwifi_letsencrypt.yaml

@@ -40,6 +40,10 @@ http:
       loadBalancer:
         servers:
           - url: "https://owgw.wlan.local:5913/"
+    owrrm-openapi:
+      loadBalancer:
+        servers:
+          - url: "http://owrrm.wlan.local:16789/"
 
   routers:
     owgw-ui-http:
@@ -110,6 +114,12 @@ http:
       rule: "Host(`{{env "SDKHOSTNAME"}}`)"
       tls:
         certResolver: "openwifi"
+    owrrm-openapi:
+      entryPoints: "owrrmopenapi"
+      service: "owrrm-openapi"
+      rule: "Host(`{{env "SDKHOSTNAME"}}`)"
+      tls:
+        certResolver: "openwifi"
 
 tcp:
   services:

docker-compose/traefik/openwifi_selfsigned.yaml

@@ -15,6 +15,11 @@ http:
         servers:
           - url: "http://owprov-ui.wlan.local:80/"
 
+    owrrm-openapi:
+      loadBalancer:
+        servers:
+          - url: "http://owrrm.wlan.local:16789/"
+
   routers:
     owgw-ui-http:
       entryPoints: "owgwuihttp"
@@ -38,6 +43,12 @@ http:
       rule: "PathPrefix(`/`)"
       tls: {}
 
+    owrrm-openapi:
+      entryPoints: "owrrmopenapi"
+      service: "owrrm-openapi"
+      rule: "PathPrefix(`/`)"
+      tls: {}
+
 tcp:
   services:
     owgw-websocket: