Chg: update image tag in helm values to v2.7.0-RC3

[WIFI-10842] Add: docker-compose support for iptocountry

.github/git-release-tool/git-release-tool.sh

@@ -51,7 +51,7 @@ usage() {
   echo "    docker_compose_name: OWPROVUI # name of environment variable in docker-compose .env file containing image tag for the service"
   log_notice
   log_notice "List of required environment variables:"
-  log_notice "- RELEASE_VERSION - release version that should be applied to repositories. Should comply release nameing policy (valid example - 'v2.0.0')"
+  log_notice "- RELEASE_VERSION - release version that should be applied to repositories. Should comply release nameing policy (valid example - 'v2.0.0' or 'v2.0.1')"
   log_notice "- TAG_TYPE - type of tag that should be created for release (supported values - RC / FINAL)"
   log_notice "- GIT_PUSH_CONFIRMED - confirmation that any changes should be pushed to git (dry-run if unset, set to 'true' to enable)"
   log_notice
@@ -86,20 +86,21 @@ set_log_verbosity_number() {
 modify_deploy_repo_values() {
   NEW_RELEASE_TAG=$1
   log_debug "NEW_RELEASE_TAG - $NEW_RELEASE_TAG"
-  REPOSITORIES_AMOUNT=$(cat ../repositories.yaml | yq ".repositories[].name" -r | wc -l)
+  REPOSITORIES_AMOUNT=$(cat ../release.repositories.yaml | yq ".repositories[].name" -r | wc -l)
   for REPO_INDEX in $(seq 0 $(expr $REPOSITORIES_AMOUNT - 1)); do
-    REPO_URL=$(cat ../repositories.yaml | yq ".repositories[$REPO_INDEX].url" -r)
+    REPO_URL=$(cat ../release.repositories.yaml | yq ".repositories[$REPO_INDEX].url" -r)
     REPO_NAME_SUFFIXED=$(echo $REPO_URL | awk -F '/' '{print $NF}')
     REPO_NAME_WITHOUT_SUFFIX=${REPO_NAME_SUFFIXED%.git}
-    REPO_DOCKER_COMPOSE_NAME=$(cat ../repositories.yaml | yq ".repositories[$REPO_INDEX].docker_compose_name" -r)
+    REPO_DOCKER_COMPOSE_NAME=$(cat ../release.repositories.yaml | yq ".repositories[$REPO_INDEX].docker_compose_name" -r)
     SERVICE_TAG="${REPO_TAGS_ARRAY[$REPO_INDEX]}"
     log_debug "REPO_NAME_WITHOUT_SUFFIX - $REPO_NAME_WITHOUT_SUFFIX"
     sed "s/$REPO_DOCKER_COMPOSE_NAME=.*/$REPO_DOCKER_COMPOSE_NAME=$SERVICE_TAG/" -i docker-compose/.env
     sed "s/$REPO_DOCKER_COMPOSE_NAME=.*/$REPO_DOCKER_COMPOSE_NAME=$SERVICE_TAG/" -i docker-compose/.env.letsencrypt
     sed "s/$REPO_DOCKER_COMPOSE_NAME=.*/$REPO_DOCKER_COMPOSE_NAME=$SERVICE_TAG/" -i docker-compose/.env.selfsigned
     sed "/${REPO_NAME_WITHOUT_SUFFIX#*/}@/s/ref=.*/ref=$SERVICE_TAG\"/g" -i chart/Chart.yaml
+    sed "/repository: tip-tip-wlan-cloud-ucentral.jfrog.io\/clustersysteminfo/!b;n;s/tag: .*/tag: $NEW_RELEASE_TAG/" -i chart/values.yaml
   done
-  LATEST_RELEASE_TAG=$(git tag | grep $CURRENT_RELEASE_VERSION | tail -1)
+  LATEST_RELEASE_TAG=$(git tag | grep $RELEASE_VERSION | tail -1)
   if [[ "$(git diff | wc -l)" -eq "0" ]] && [[ "$(git diff $LATEST_RELEASE_TAG)" -eq "0" ]]; then
     log_info "No changes in microservices and since the latest tag are found, new release is not required"
   else
@@ -135,21 +136,20 @@ push_changes() {
 }
 
 create_tag() {
-  CURRENT_RELEASE_VERSION=$(git rev-parse --abbrev-ref HEAD | awk -F 'release/' '{print $2}')
   TAG_TYPE_LOWERED=$(echo $TAG_TYPE | tr '[:upper:]' '[:lower:]')
   if [[ "$TAG_TYPE_LOWERED" == "final" ]]; then
     log_debug "Creating final tag"
-    modify_values $CURRENT_RELEASE_VERSION
-    git tag $CURRENT_RELEASE_VERSION
+    modify_values $RELEASE_VERSION
+    git tag $RELEASE_VERSION
     push_changes
-    REPO_TAGS_ARRAY+=($CURRENT_RELEASE_VERSION)
+    REPO_TAGS_ARRAY+=($RELEASE_VERSION)
   else
     log_debug "Checking if there are tags in the current release branch"
-    LATEST_RELEASE_TAG=$(git tag | grep $CURRENT_RELEASE_VERSION | tail -1)
+    LATEST_RELEASE_TAG=$(git tag | grep $RELEASE_VERSION | tail -1)
     log_debug "Latest release tag found - '$LATEST_RELEASE_TAG'"
     if [[ -z "$LATEST_RELEASE_TAG" ]]; then
       log_info "There are no tags in the release branch, creating the first one"
-      NEW_RELEASE_TAG=$CURRENT_RELEASE_VERSION-RC1
+      NEW_RELEASE_TAG=$RELEASE_VERSION-RC1
       log_debug "New tag - $NEW_RELEASE_TAG"
       modify_values $NEW_RELEASE_TAG
       git tag $NEW_RELEASE_TAG
@@ -160,7 +160,7 @@ create_tag() {
         NEW_RC=$(echo $LATEST_RELEASE_TAG | awk -F 'RC' '{print $2}')
         NEW_RC=$(expr $NEW_RC + 1)
         log_debug "New RC to create - $NEW_RC"
-        NEW_RELEASE_TAG=$CURRENT_RELEASE_VERSION-RC$NEW_RC
+        NEW_RELEASE_TAG=$RELEASE_VERSION-RC$NEW_RC
         modify_deploy_repo_values $NEW_RELEASE_TAG
         if [[ "v$(cat chart/Chart.yaml | yq '.version' -r)" == "$NEW_RELEASE_TAG" ]]; then
           git add .
@@ -186,7 +186,7 @@ create_tag() {
           NEW_RC=$(echo $LATEST_RELEASE_TAG | awk -F 'RC' '{print $2}')
           NEW_RC=$(expr $NEW_RC + 1)
           log_debug "New RC to create - $NEW_RC"
-          NEW_RELEASE_TAG=$CURRENT_RELEASE_VERSION-RC$NEW_RC
+          NEW_RELEASE_TAG=$RELEASE_VERSION-RC$NEW_RC
           modify_values $NEW_RELEASE_TAG
           git tag $NEW_RELEASE_TAG
           push_changes
@@ -199,22 +199,51 @@ create_tag() {
 }
 
 check_final_tag() {
-  CURRENT_RELEASE_VERSION=$(git rev-parse --abbrev-ref HEAD | awk -F 'release/' '{print $2}')
-  log_debug "Amount of final tags found - $(git tag | grep -x $CURRENT_RELEASE_VERSION | wc -l)"
-  if [[ "$(git tag | grep -x $CURRENT_RELEASE_VERSION | wc -l)" -gt "0" ]]; then
-    log_error "Final tag $CURRENT_RELEASE_VERSION already exists in release branch"
+  log_debug "Amount of final tags found - $(git tag | grep -x $RELEASE_VERSION | wc -l)"
+  if [[ "$(git tag | grep -x $RELEASE_VERSION | wc -l)" -gt "0" ]]; then
+    log_error "Final tag $RELEASE_VERSION already exists in release branch"
     exit 1
   fi
 }
 
 check_git_tags() {
-  CURRENT_RELEASE_VERSION=$(git rev-parse --abbrev-ref HEAD | awk -F 'release/' '{print $2}')
-  RELEASE_TAGS_AMOUNT=$(git tag | grep $CURRENT_RELEASE_VERSION | wc -l)
-  log_debug "Amount of tags linked with the release - $RELEASE_TAGS_AMOUNT"
-  if [[ "$RELEASE_TAGS_AMOUNT" -gt "0" ]]; then
-    check_final_tag
+  if [[ "${#REPO_TAGS_ARRAY[@]}" -eq "0" ]] && [[ "$(basename $PWD)" == "deploy" ]]; then
+    log_info "This deploy clone run is required to get repositories tied to the release, we will make changes later."
+  else
+    RELEASE_TAGS_AMOUNT=$(git tag | grep $RELEASE_VERSION | wc -l)
+    log_info "Checking if there are any tags for current version ($RELEASE_VERSION)"
+    log_debug "Amount of tags linked with the release - $RELEASE_TAGS_AMOUNT"
+    if [[ "$RELEASE_TAGS_AMOUNT" -gt "0" ]]; then
+      log_info "Tags for release $RELEASE_VERSION are found, checking if final tag exist"
+      check_final_tag
+      create_tag
+    else
+      log_info "No tags found for current version, checking if there are any tags for release branch ($RELEASE_BRANCH_VERSION_BASE)"
+      RELEASE_BRANCH_TAGS_AMOUNT=$(git tag | grep $RELEASE_BRANCH_VERSION_BASE | wc -l)
+      log_debug "Amount of tags linked with the release branch - $RELEASE_BRANCH_TAGS_AMOUNT"
+      if [[ "$RELEASE_BRANCH_TAGS_AMOUNT" -gt "0" ]]; then
+        log_info "Tags for $RELEASE_BRANCH_VERSION_BASE are found, finding the latest one"
+        RELEASE_BRANCH_TAG_FINAL=$(git tag | grep $RELEASE_BRANCH_VERSION_BASE | grep -v 'RC' | tail -1)
+        if [[ ! -z "$RELEASE_BRANCH_TAG_FINAL" ]]; then
+          RELEASE_BRANCH_TAG=$RELEASE_BRANCH_TAG_FINAL
+        else
+          RELEASE_BRANCH_TAG=$(git tag | grep $RELEASE_BRANCH_VERSION_BASE | tail -1)
+        fi
+        log_info "Latest release tag in $RELEASE_BRANCH_VERSION_BASE - $RELEASE_BRANCH_TAG. Checking if there are changes since then"
+        DIFF_LINES_AMOUNT=$(git diff $RELEASE_BRANCH_TAG | wc -l)
+        if [[ "$DIFF_LINES_AMOUNT" -eq "0" ]]; then
+          log_info "No changes found since the latest release tag ($RELEASE_BRANCH_TAG), using it for new version"
+          REPO_TAGS_ARRAY+=($RELEASE_BRANCH_TAG)
+        else
+          log_info "Changes are found in the branch, creating a new tag"
+          create_tag
+        fi
+      else
+        log_info "Tags for $RELEASE_BRANCH_VERSION_BASE not found, creating new one"
+        create_tag
+      fi
+    fi
   fi
-  create_tag
 }
 
 check_release_branch() {
@@ -224,8 +253,8 @@ check_release_branch() {
 }
 
 create_release_branch() {
-  git checkout -b release/$RELEASE_VERSION -q
-  check_release_branch release/$RELEASE_VERSION
+  git checkout -b release/$RELEASE_BRANCH_VERSION -q
+  check_release_branch release/$RELEASE_BRANCH_VERSION
 }
 
 check_if_release_branch_required() {
@@ -233,13 +262,22 @@ check_if_release_branch_required() {
   log_debug "Latest release branch available - $LATEST_RELEASE_BRANCH"
   if [[ -z "$LATEST_RELEASE_BRANCH" ]]; then
     log_info "Could not find a single release branch, creating it"
-    create_release_branch $RELEASE_VERSION
+    create_release_branch $RELEASE_BRANCH_VERSION
   else
     LAST_RELEASE_DIFF_LINES_AMOUNT=$(git diff $LATEST_RELEASE_BRANCH ':(exclude)helm/values.yaml' | wc -l)
     if [[ "$LAST_RELEASE_DIFF_LINES_AMOUNT" -eq "0" ]]; then
       log_info "There are no changes in project since the latest release branch $LATEST_RELEASE_BRANCH so we will use tag from it"
-      LATEST_RELEASE=$(echo $LATEST_RELEASE_BRANCH | awk -F 'origin/' '{print $2}')
-      LATEST_RELEASE_TAG=$(git tag | grep -x $LATEST_RELEASE | tail -1)
+      LATEST_RELEASE=$(echo $LATEST_RELEASE_BRANCH | awk -F 'origin/release/' '{print $2}')
+      LATEST_RELEASE_BASE=$(echo $LATEST_RELEASE | cut -f 1,2 -d '.')
+      LATEST_RELEASE_TAG_FINAL=$(git tag | grep $LATEST_RELEASE_BASE | grep -v 'RC' | tail -1)
+      if [[ ! -z "$LATEST_RELEASE_TAG_FINAL" ]]; then
+        LATEST_RELEASE_TAG=$LATEST_RELEASE_TAG_FINAL
+      else
+        LATEST_RELEASE=$(git tag | grep $LATEST_RELEASE_BASE | tail -1)
+      fi
+      log_debug "Latest release - $LATEST_RELEASE"
+      log_debug "Latest release base - $LATEST_RELEASE_BASE"
+      log_debug "Latest release tag - $LATEST_RELEASE_TAG"
       if [[ -z "$LATEST_RELEASE_TAG" ]]; then
         log_info "Could not find any tags for $LATEST_RELEASE release, creating it"
         check_release_branch $LATEST_RELEASE
@@ -248,11 +286,20 @@ check_if_release_branch_required() {
         REPO_TAGS_ARRAY+=($LATEST_RELEASE_TAG)
       fi 
     else
-      create_release_branch $RELEASE_VERSION
+      log_info "New release branch for $RELEASE_BRANCH_VERSION is required, creating it"
+      create_release_branch $RELEASE_BRANCH_VERSION
     fi
   fi
 }
 
+get_release_branch_version() {
+  RELEASE_BRANCH_VERSION_BASE=$(echo $RELEASE_VERSION | cut -f 1,2 -d '.')
+  RELEASE_BRANCH_VERSION="$RELEASE_BRANCH_VERSION_BASE.0"
+  if [[ "$RELEASE_BRANCH_VERSION" != "$RELEASE_VERSION" ]]; then
+    log_info "Minor release version ($RELEASE_VERSION) deployment is detected, work will be checked in branch for $RELEASE_BRANCH_VERSION"
+  fi
+}
+
 create_repo_version() {
   CWD=$PWD
   REPO_NAME=$1
@@ -260,8 +307,10 @@ create_repo_version() {
   rm -rf $REPO_NAME
   git clone -q $REPO_URL $REPO_NAME
   cd $REPO_NAME
+  get_release_branch_version
+  log_debug "Release branch version - $RELEASE_BRANCH_VERSION"
   DEFAULT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
-  RELEASE_BRANCH=$(git branch -r | grep $RELEASE_VERSION | awk -F 'origin/' '{print $2}' | xargs)
+  RELEASE_BRANCH=$(git branch -r | grep $RELEASE_BRANCH_VERSION | awk -F 'origin/' '{print $2}' | xargs)
   log_debug "Release branch to check - '$RELEASE_BRANCH'"
   if [[ ! -z "$RELEASE_BRANCH" ]]; then
     log_info "Release branch $RELEASE_BRANCH exists in the repository, checking if it has tags"
@@ -273,7 +322,6 @@ create_repo_version() {
   log_info "Release commit info:"
   git show
   cd $CWD
-  rm -rf $REPO_NAME
 }
 
 # Log level setup
@@ -304,28 +352,34 @@ fi
 # Check variables
 log_debug "Release version: ${RELEASE_VERSION}"
 [ -z ${RELEASE_VERSION+x} ] && echo "RELEASE_VERSION is unset" && usage && exit 3
-echo "${RELEASE_VERSION}" | grep -xP "v(\d)+\.(\d)+\.\d+" >/dev/null || (log_error "RELEASE_VERSION is not in the right notation (correct example - v2.2.0)" && usage && exit 3)
+echo "${RELEASE_VERSION}" | grep -xP "v(\d)+\.(\d)+\.\d+" >/dev/null || (log_error "RELEASE_VERSION is not in the right notation (correct example - v2.2.0 or v2.2.2)" && usage && exit 3)
 log_debug "Tag type: ${TAG_TYPE}"
 [ -z ${TAG_TYPE+x} ] && echo "TAG_TYPE is unset" && usage && exit 3
 echo "${TAG_TYPE}" | tr '[:upper:]' '[:lower:]' | grep -xP "(rc|final)" >/dev/null || (log_error "TAG_TYPE is not in the supported values ('rc' or 'final', case insensitive)" && usage && exit 3)
 
 # Main body
-REPOSITORIES_AMOUNT=$(cat repositories.yaml | yq ".repositories[].name" -r | wc -l)
 DEPLOY_REPO_URL=$(cat repositories.yaml | yq ".deploy_repo_url" -r)
 log_debug "DEPLOY_REPO_URL - $DEPLOY_REPO_URL"
 
+log_info "First we need to get repository list for tied deployment version"
+create_repo_version "deploy" $DEPLOY_REPO_URL
+cp deploy/.github/git-release-tool/repositories.yaml release.repositories.yaml
+rm -rf deploy
+
 log_info "Checking repositories"
+REPOSITORIES_AMOUNT=$(cat release.repositories.yaml | yq ".repositories[].name" -r | wc -l)
 log_info "Found $REPOSITORIES_AMOUNT repos to process"
 for REPO_INDEX in $(seq 0 $(expr $REPOSITORIES_AMOUNT - 1)); do
   echo
-  REPO_NAME=$(cat repositories.yaml | yq ".repositories[$REPO_INDEX].name" -r)
-  REPO_URL=$(cat repositories.yaml | yq ".repositories[$REPO_INDEX].url" -r)
-  REPO_DOCKER_COMPOSE_NAME=$(cat repositories.yaml | yq ".repositories[$REPO_INDEX].docker_compose_name" -r)
+  REPO_NAME=$(cat release.repositories.yaml | yq ".repositories[$REPO_INDEX].name" -r)
+  REPO_URL=$(cat release.repositories.yaml | yq ".repositories[$REPO_INDEX].url" -r)
+  REPO_DOCKER_COMPOSE_NAME=$(cat release.repositories.yaml | yq ".repositories[$REPO_INDEX].docker_compose_name" -r)
   log_debug "REPO_NAME - $REPO_NAME"
   log_debug "REPO_URL - $REPO_URL"
   log_debug "REPO_DOCKER_COMPOSE_NAME - $REPO_DOCKER_COMPOSE_NAME"
   log_info "Processing repository '$REPO_NAME'"
   create_repo_version $REPO_NAME $REPO_URL
+  rm -rf $REPO_NAME
 done
 log_debug "Tags per project: ${REPO_TAGS_ARRAY[*]}"
 
@@ -336,10 +390,11 @@ create_repo_version "deploy" $DEPLOY_REPO_URL
 echo
 log_info "Services versions:"
 for REPO_INDEX in $(seq 0 $(expr $REPOSITORIES_AMOUNT - 1)); do
-  REPO_NAME=$(cat repositories.yaml | yq ".repositories[$REPO_INDEX].name" -r)
+  REPO_NAME=$(cat release.repositories.yaml | yq ".repositories[$REPO_INDEX].name" -r)
   log_info "- $REPO_NAME - ${REPO_TAGS_ARRAY[$REPO_INDEX]}"
 done
 log_info "Deployment repo version - ${REPO_TAGS_ARRAY[-1]}"
+rm release.repositories.yaml
 if [[ "$GIT_PUSH_CONFIRMED" != "true" ]]; then
   log_info "To apply changes described above, set GIT_PUSH_CONFIRMED to 'true' and rerun this script"
 fi

.github/git-release-tool/repositories.yaml

@@ -24,3 +24,6 @@ repositories:
   - name: owsub
     url: https://github.com/Telecominfraproject/wlan-cloud-userportal.git
     docker_compose_name: OWSUB_TAG
+  - name: owrrm
+    url: https://github.com/Telecominfraproject/wlan-cloud-rrm.git
+    docker_compose_name: OWRRM_TAG

.gitignore

@@ -1,6 +1,7 @@
 *.swp
 chart/charts/*
+chart/Chart.lock
+chart/environment-values/wlan-cloud-ucentral-deploy/
 /docker-compose/certs/
 /docker-compose/*_data
 /docker-compose/owls/*_data
-chart/environment-values/wlan-cloud-ucentral-deploy/

chart/Chart.lock

@@ -1,36 +0,0 @@
-dependencies:
-- name: owgw
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=master
-  version: 0.1.0
-- name: owsec
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=main
-  version: 0.1.0
-- name: owfms
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=main
-  version: 0.1.0
-- name: owprov
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=main
-  version: 0.1.0
-- name: owgwui
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=main
-  version: 0.1.0
-- name: owprovui
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=main
-  version: 0.1.0
-- name: rttys
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty@chart?ref=main
-  version: 0.1.0
-- name: kafka
-  repository: https://charts.bitnami.com/bitnami
-  version: 13.0.2
-- name: owls
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-owls@helm?ref=main
-  version: 0.1.0
-- name: owlsui
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-owls-ui@helm?ref=master
-  version: 0.1.0
-- name: haproxy
-  repository: https://charts.bitnami.com/bitnami
-  version: 0.2.21
-digest: sha256:ddb5b39b21822bc3e3c6edef60db3cd5140b8126ec7230d58c42cdb75ec9b333
-generated: "2021-12-30T14:44:40.935566071+03:00"

chart/Chart.yaml

@@ -2,34 +2,37 @@ apiVersion: v2
 name: openwifi
 appVersion: "1.0"
 description: A Helm chart for Kubernetes
-version: 0.1.0
+version: 2.7.0-RC3
 dependencies:
 - name: owgw
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=master"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.7.0-RC3"
   version: 0.1.0
 - name: owsec
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.7.0-RC3"
   version: 0.1.0
 - name: owfms
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.7.0-RC3"
   version: 0.1.0
 - name: owprov
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=v2.7.0-RC3"
   version: 0.1.0
 - name: owanalytics
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-analytics@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-analytics@helm?ref=v2.7.0-RC3"
   version: 0.1.0
 - name: owgwui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.7.0-RC2"
   version: 0.1.0
 - name: owprovui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=v2.7.0-RC2"
   version: 0.1.0
 - name: owsub
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-userportal@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-userportal@helm?ref=v2.7.0-RC3"
+  version: 0.1.0
+- name: owrrm
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-rrm@helm?ref=v2.7.0-RC2"
   version: 0.1.0
 - name: kafka
-  repository: https://charts.bitnami.com/bitnami
+  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
   version: 13.0.2
 - name: owls
   repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owls@helm?ref=main"
@@ -40,6 +43,10 @@ dependencies:
   version: 0.1.0
   condition: owlsui.enabled
 - name: haproxy
-  repository: https://charts.bitnami.com/bitnami
+  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
   version: 0.2.21
   condition: haproxy.enabled
+- name: postgresql-ha
+  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
+  version: 8.6.13
+  condition: postgresql-ha.enabled

chart/docker/Dockerfile

@@ -40,6 +40,24 @@ RUN git clone https://github.com/Telecominfraproject/wlan-cloud-owprov.git owpro
   && cp owprov/test_scripts/curl/cli owprov_cli \
   && rm -rf owprov
 
+# OWAnalytics
+ARG OWANALYTICS_VERSION=main
+RUN git clone https://github.com/Telecominfraproject/wlan-cloud-analytics.git owanalytics \
+  && cd owanalytics \
+  && git checkout $OWANALYTICS_VERSION \
+  && cd /cli \
+  && cp owanalytics/test_scripts/curl/cli owanalytics_cli \
+  && rm -rf owanalytics
+
+# OWSub
+ARG OWSUB_VERSION=main
+RUN git clone https://github.com/Telecominfraproject/wlan-cloud-userportal.git owsub \
+  && cd owsub \
+  && git checkout $OWSUB_VERSION \
+  && cd /cli \
+  && cp owsub/test_scripts/curl/cli owsub_cli \
+  && rm -rf owsub
+
 COPY clustersysteminfo clustersysteminfo
 COPY change_credentials change_credentials
 

chart/docker/clustersysteminfo

@@ -94,6 +94,24 @@ do
   let "exit_code_sum+=$(grep ErrorCode result.json | wc -l)"
   sleep 1
 
+  ./owanalytics_cli systeminfo
+  let "exit_code_sum+=$?"
+  if [[ ! -s result.json ]]
+  then
+    let "exit_code_sum+=1"
+  fi
+  let "exit_code_sum+=$(grep ErrorCode result.json | wc -l)"
+  sleep 1
+
+  ./owsub_cli systeminfo
+  let "exit_code_sum+=$?"
+  if [[ ! -s result.json ]]
+  then
+    let "exit_code_sum+=1"
+  fi
+  let "exit_code_sum+=$(grep ErrorCode result.json | wc -l)"
+  sleep 1
+
   let "CHECK_RETRIES-=1"
   echo "Exit code sum: $exit_code_sum"
   echo "Left retries: $CHECK_RETRIES"

chart/environment-values/deploy.sh

@@ -31,6 +31,7 @@ usage () {
   echo "- OWPROVUI_VERSION - OpenWIFI Provisioning Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
   echo "- OWANALYTICS_VERSION - OpenWIFI Analytics version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
   echo "- OWSUB_VERSION - OpenWIFI Subscription (Userportal) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWRRM_VERSION - OpenWIFI radio resource management service (RRM) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
   echo >&2;
   echo "Optional environment variables:" >&2;
   echo >&2;
@@ -74,6 +75,7 @@ else
   [ -z ${OWPROVUI_VERSION+x} ] && echo "OWPROVUI_VERSION is unset" >&2 && usage && exit 1
   [ -z ${OWANALYTICS_VERSION+x} ] && echo "OWANALYTICS_VERSION is unset" >&2 && usage && exit 1
   [ -z ${OWSUB_VERSION+x} ] && echo "OWSUB_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWRRM_VERSION+x} ] && echo "OWRRM_VERSION is unset" >&2 && usage && exit 1
 fi
 ## Environment specifics
 [ -z ${NAMESPACE+x} ] && echo "NAMESPACE is unset" >&2 && usage && exit 1
@@ -102,6 +104,7 @@ export OWPROV_VERSION_TAG=$(echo ${OWPROV_VERSION} | tr '/' '-')
 export OWPROVUI_VERSION_TAG=$(echo ${OWPROVUI_VERSION} | tr '/' '-')
 export OWANALYTICS_VERSION_TAG=$(echo ${OWANALYTICS_VERSION} | tr '/' '-')
 export OWSUB_VERSION_TAG=$(echo ${OWSUB_VERSION} | tr '/' '-')
+export OWRRM_VERSION_TAG=$(echo ${OWRRM_VERSION} | tr '/' '-')
 
 # Debug get bash version
 bash --version >&2
@@ -124,6 +127,7 @@ if [[ "$DEPLOY_METHOD" == "git" ]]; then
     sed -i '/wlan-cloud-owprov-ui@/s/ref=.*/ref='${OWPROVUI_VERSION}'\"/g' Chart.yaml
     sed -i '/wlan-cloud-analytics@/s/ref=.*/ref='${OWANALYTICS_VERSION}'\"/g' Chart.yaml
     sed -i '/wlan-cloud-userportal@/s/ref=.*/ref='${OWSUB_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-rrm@/s/ref=.*/ref='${OWRRM_VERSION}'\"/g' Chart.yaml
   fi
   helm repo add bitnami https://charts.bitnami.com/bitnami
   helm repo update
@@ -220,6 +224,8 @@ helm upgrade --install --create-namespace --wait --timeout 60m \
   --set owlsui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=lsui-${NAMESPACE}.cicd.lab.wlan.tip.build \
   --set owlsui.ingresses.default.hosts={lsui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
   --set owlsui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owrrm.public_env_variables.SERVICECONFIG_PUBLICENDPOINT=https://rrm-${NAMESPACE}.cicd.lab.wlan.tip.build:16789 \
+  --set owrrm.services.owrrm.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=rrm-${NAMESPACE}.cicd.lab.wlan.tip.build \
   --set haproxy.service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$HAPROXY_SERVICE_DNS_RECORDS \
   --set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$OWGW_SERVICE_DNS_RECORDS \
   ${EXTRA_VALUES_FLAGS[*]} \

chart/environment-values/values.aws.yaml

@@ -102,5 +102,5 @@ haproxy:
       service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate
       service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009,16007"
       service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
-      external-dns.alpha.kubernetes.io/hostname: "gw.cicd.lab.wlan.tip.build,sec.cicd.lab.wlan.tip.build,fms.cicd.lab.wlan.tip.build,prov.cicd.lab.wlan.tip.build,rtty.cicd.lab.wlan.tip.build,sub.cicd.lab.wlan.tip.build,analytics.cicd.lab.wlan.tip.build" # TODO change FQDNs
+      external-dns.alpha.kubernetes.io/hostname: "gw.cicd.lab.wlan.tip.build,sec.cicd.lab.wlan.tip.build,fms.cicd.lab.wlan.tip.build,prov.cicd.lab.wlan.tip.build,rtty.cicd.lab.wlan.tip.build,sub.cicd.lab.wlan.tip.build,analytics.cicd.lab.wlan.tip.build,rrm.cicd.lab.wlan.tip.build" # TODO change FQDNs
 

chart/environment-values/values.openwifi-qa.external-db.yaml

@@ -8,7 +8,130 @@ owgw:
 
   postgresql:
     enabled: true
+    nameOverride: owgw-pgsql
     fullnameOverride: owgw-pgsql
     postgresqlDatabase: owgw
     postgresqlUsername: owgw
     postgresqlPassword: owgw
+    resources:
+      requests:
+        cpu: 250m
+        memory: 1024Mi
+      limits:
+        cpu: 250m
+        memory: 1024Mi
+
+owsec:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: owsec-pgsql
+    storage.type.postgresql.database: owsec
+    storage.type.postgresql.username: owsec
+    storage.type.postgresql.password: owsec
+
+  postgresql:
+    enabled: true
+    nameOverride: owsec-pgsql
+    fullnameOverride: owsec-pgsql
+    postgresqlDatabase: owsec
+    postgresqlUsername: owsec
+    postgresqlPassword: owsec
+    resources:
+      requests:
+        cpu: 250m
+        memory: 1024Mi
+      limits:
+        cpu: 250m
+        memory: 1024Mi
+
+owfms:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: owfms-pgsql
+    storage.type.postgresql.database: owfms
+    storage.type.postgresql.username: owfms
+    storage.type.postgresql.password: owfms
+
+  postgresql:
+    enabled: true
+    nameOverride: owfms-pgsql
+    fullnameOverride: owfms-pgsql
+    postgresqlDatabase: owfms
+    postgresqlUsername: owfms
+    postgresqlPassword: owfms
+    resources:
+      requests:
+        cpu: 250m
+        memory: 1024Mi
+      limits:
+        cpu: 250m
+        memory: 1024Mi
+
+owprov:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: owprov-pgsql
+    storage.type.postgresql.database: owprov
+    storage.type.postgresql.username: owprov
+    storage.type.postgresql.password: owprov
+
+  postgresql:
+    enabled: true
+    nameOverride: owprov-pgsql
+    fullnameOverride: owprov-pgsql
+    postgresqlDatabase: owprov
+    postgresqlUsername: owprov
+    postgresqlPassword: owprov
+    resources:
+      requests:
+        cpu: 250m
+        memory: 1024Mi
+      limits:
+        cpu: 250m
+        memory: 1024Mi
+
+owanalytics:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: owanalytics-pgsql
+    storage.type.postgresql.database: owanalytics
+    storage.type.postgresql.username: owanalytics
+    storage.type.postgresql.password: owanalytics
+
+  postgresql:
+    enabled: true
+    nameOverride: owanalytics-pgsql
+    fullnameOverride: owanalytics-pgsql
+    postgresqlDatabase: owanalytics
+    postgresqlUsername: owanalytics
+    postgresqlPassword: owanalytics
+    resources:
+      requests:
+        cpu: 250m
+        memory: 1024Mi
+      limits:
+        cpu: 250m
+        memory: 1024Mi
+
+owsub:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: owsub-pgsql
+    storage.type.postgresql.database: owsub
+    storage.type.postgresql.username: owsub
+    storage.type.postgresql.password: owsub
+
+  postgresql:
+    enabled: true
+    nameOverride: owsub-pgsql
+    fullnameOverride: owsub-pgsql
+    postgresqlDatabase: owsub
+    postgresqlUsername: owsub
+    postgresqlPassword: owsub
+    resources:
+      requests:
+        cpu: 250m
+        memory: 1024Mi
+      limits:
+        cpu: 250m
+        memory: 1024Mi

chart/environment-values/values.openwifi-qa.single-external-db.yaml

@@ -0,0 +1,74 @@
+owgw:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.database: owgw
+    storage.type.postgresql.username: owgw
+    storage.type.postgresql.password: owgw
+
+owsec:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.database: owsec
+    storage.type.postgresql.username: owsec
+    storage.type.postgresql.password: owsec
+
+owfms:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.database: owfms
+    storage.type.postgresql.username: owfms
+    storage.type.postgresql.password: owfms
+
+owprov:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.database: owprov
+    storage.type.postgresql.username: owprov
+    storage.type.postgresql.password: owprov
+
+owanalytics:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.database: owanalytics
+    storage.type.postgresql.username: owanalytics
+    storage.type.postgresql.password: owanalytics
+
+owsub:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.database: owsub
+    storage.type.postgresql.username: owsub
+    storage.type.postgresql.password: owsub
+
+postgresql-ha:
+  enabled: true
+  initDbScriptSecret:
+    enabled: true
+  pgpool:
+    adminPassword: admin
+    resources:
+      requests:
+        cpu: 250m
+        memory: 1024Mi
+      limits:
+        cpu: 250m
+        memory: 1024Mi
+    initdbScriptsSecret: tip-openwifi-initdb-scripts
+  postgresql:
+    replicaCount: 1 # TODO change after tests
+    password: password
+    postgresPassword: postgres
+    repmgrPassword: repmgr
+    resources:
+      requests:
+        cpu: 250m
+        memory: 1024Mi
+      limits:
+        cpu: 250m
+        memory: 1024Mi

chart/environment-values/values.openwifi-qa.test-nodes.yaml

@@ -30,6 +30,22 @@ owsec:
     operator: "Exists"
     effect: "NoSchedule"
 
+  postgresql:
+    primary:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+    readReplicas:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+
 owgwui:
   nodeSelector:
     env: tests
@@ -46,6 +62,22 @@ owfms:
     operator: "Exists"
     effect: "NoSchedule"
 
+  postgresql:
+    primary:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+    readReplicas:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+
 owprov:
   nodeSelector:
     env: tests
@@ -54,6 +86,22 @@ owprov:
     operator: "Exists"
     effect: "NoSchedule"
 
+  postgresql:
+    primary:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+    readReplicas:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+
 owprovui:
   nodeSelector:
     env: tests
@@ -101,6 +149,59 @@ owanalytics:
   - key: "tests"
     operator: "Exists"
     effect: "NoSchedule"
+  postgresql:
+    primary:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+    readReplicas:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+
+owsub:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+  postgresql:
+    primary:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+    readReplicas:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+
+owrrm:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+  mysql:
+    nodeSelector:
+      env: tests
+    tolerations:
+    - key: "tests"
+      operator: "Exists"
+      effect: "NoSchedule"
 
 kafka:
   nodeSelector:
@@ -116,3 +217,19 @@ kafka:
     - key: "tests"
       operator: "Exists"
       effect: "NoSchedule"
+
+postgresql-ha:
+  pgpool:
+    nodeSelector:
+      env: tests
+    tolerations:
+    - key: "tests"
+      operator: "Exists"
+      effect: "NoSchedule"
+  postgresql:
+    nodeSelector:
+      env: tests
+    tolerations:
+    - key: "tests"
+      operator: "Exists"
+      effect: "NoSchedule"

chart/environment-values/values.openwifi-qa.yaml

@@ -5,10 +5,13 @@ owgw:
       readiness:
         exec:
           command: ["true"]
+        failureThreshold: 5
+      readiness:
+        failureThreshold: 5
 
   resources:
     requests:
-      cpu: 1000m
+      cpu: 2000m
       memory: 100Mi
     limits:
       cpu: 2000m
@@ -583,6 +586,69 @@ owsub:
           secret:
             secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
 
+owrrm:
+  fullnameOverride: owrrm
+
+  services:
+    owrrm:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16789"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16789,17007"
+
+  resources:
+    requests:
+      cpu: 1000m
+      memory: 2048Mi
+    limits:
+      cpu: 1000m
+      memory: 2048Mi
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+    SERVICECONFIG_PRIVATEENDPOINT: http://owrrm-owrrm:16789
+    KAFKACONFIG_BOOTSTRAPSERVER: kafka:9092
+    DATABASECONFIG_SERVER: owrrm-mysql:3306
+    DATABASECONFIG_DBNAME: owrrm
+    DATABASECONFIG_DATARETENTIONINTERVALDAYS: "1"
+
+  secret_env_variables:
+    DATABASECONFIG_USER: root
+    DATABASECONFIG_PASSWORD: openwifi
+
+  volumes:
+    owrrm:
+      - name: persist
+        mountPath: /owrrm-data/
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owrrm.fullname" . }}-pvc
+
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owrrm.fullname" . }}-owrrm-restapi-tls
+
+  mysql:
+    enabled: true
+    fullnameOverride: "owrrm-mysql"
+
+    resources:
+      requests:
+        cpu: 100m
+        memory: 512Mi
+      limits:
+        cpu: 100m
+        memory: 512Mi
 
 kafka:
   commonAnnotations:
@@ -616,13 +682,20 @@ clustersysteminfo:
   delay: 60 # delaying to wait for AWS Route53 DNS propagation
 
 haproxy:
+  resources:
+    requests:
+      cpu: 10m
+      memory: 20Mi
+    limits:
+      cpu: 10m
+      memory: 20Mi
   service:
     annotations:
       service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
       service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080"
       service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
       service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
-      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009,16007"
+      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009,16007,16006,17006"
       service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
 
 restapiCerts:

chart/templates/_initdb_scripts.tpl

@@ -0,0 +1,21 @@
+{{- define "openwifi.user_creation_script" -}}
+{{- $root := . -}}
+{{- $postgresqlBase := index .Values "postgresql-ha" }}
+{{- $postgresqlEmulatedRoot := (dict "Values" $postgresqlBase "Chart" (dict "Name" "postgresql-ha") "Release" $.Release) }}
+#!/bin/bash
+export PGPASSWORD=$PGPOOL_POSTGRES_PASSWORD
+
+until psql -h {{ include "postgresql-ha.postgresql" $postgresqlEmulatedRoot }} postgres postgres -c '\q'; do
+  >&2 echo "Postgres is unavailable - sleeping"
+  sleep 1
+done
+
+{{ range index .Values "postgresql-ha" "initDbScriptSecret" "services" }}
+echo "{{ . }}"
+echo "SELECT 'CREATE USER {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }}' WHERE NOT EXISTS (SELECT FROM pg_user WHERE usename = '{{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }}')\gexec" | psql -h {{ include "postgresql-ha.postgresql" $postgresqlEmulatedRoot }} postgres postgres
+echo "ALTER USER {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }} WITH ENCRYPTED PASSWORD '{{ index $root "Values" . "configProperties" "storage.type.postgresql.password" }}'" | psql -h {{ include "postgresql-ha.postgresql" $postgresqlEmulatedRoot }} postgres postgres
+echo "SELECT 'CREATE DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }}' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '{{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }}')\gexec" | psql -h {{ include "postgresql-ha.postgresql" $postgresqlEmulatedRoot }} postgres postgres
+echo "GRANT ALL PRIVILEGES ON DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }} TO {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }}" | psql -h {{ include "postgresql-ha.postgresql" $postgresqlEmulatedRoot }} postgres postgres
+
+{{ end }}
+{{- end -}}

chart/templates/secret-pgpool-initdb.yaml

@@ -0,0 +1,16 @@
+{{- $root := . -}}
+{{- if index .Values "postgresql-ha" "initDbScriptSecret" "enabled" }}
+---
+apiVersion: v1
+metadata:
+  labels:
+    app.kuberentes.io/name: {{ include "openwifi.name" . }}
+    helm.sh/chart: {{ include "openwifi.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  name: {{ include "openwifi.fullname" . }}-initdb-scripts
+kind: Secret
+type: Opaque
+data:
+  users_creation.sh: {{ include "openwifi.user_creation_script" . | b64enc | quote }}
+{{- end }}

chart/values.yaml

@@ -54,6 +54,16 @@ owsub:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
 
+# OpenWIFI radio resource management (https://github.com/Telecominfraproject/wlan-cloud-rrm/)
+owrrm:
+  fullnameOverride: owrrm
+
+  public_env_variables:
+    UCENTRALCONFIG_PRIVATEENDPOINT: http://owrrm-owrrm:17007
+
+  mysql:
+    enabled: true
+
 # kafka (https://github.com/bitnami/charts/blob/master/bitnami/kafka/)
 kafka:
   enabled: true
@@ -78,7 +88,7 @@ clustersysteminfo:
   images:
     clustersysteminfo:
       repository: tip-tip-wlan-cloud-ucentral.jfrog.io/clustersysteminfo
-      tag: main
+      tag: v2.7.0-RC3
       pullPolicy: Always
 #      regcred:
 #        registry: tip-tip-wlan-cloud-ucentral.jfrog.io
@@ -403,7 +413,7 @@ haproxy:
 
     # owsub
     frontend front_owsub_rest
-      bind :16009
+      bind :16006
       mode tcp
       default_backend back_owsub_rest
     backend back_owsub_rest
@@ -430,5 +440,20 @@ restapiCerts:
     - owls-owls
     - owanalytics-owanalytics
     - owsub-owsub
+    - owrrm-owrrm
 
   clusterDomain: cluster.local
+
+postgresql-ha:
+  enabled: false
+  nameOverride: pgsql
+  fullnameOverride: pgsql
+  initDbScriptSecret:
+    enabled: false
+    services:
+      - owgw
+      - owsec
+      - owfms
+      - owprov
+      - owanalytics
+      - owsub

docker-compose/.env

@@ -1,16 +1,19 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=master
-OWGWUI_TAG=main
-OWSEC_TAG=main
-OWFMS_TAG=main
-OWPROV_TAG=main
-OWPROVUI_TAG=main
-OWANALYTICS_TAG=main
-OWSUB_TAG=main
+OWGW_TAG=v2.7.0-RC3
+OWGWUI_TAG=v2.7.0-RC2
+OWSEC_TAG=v2.7.0-RC3
+OWFMS_TAG=v2.7.0-RC3
+OWPROV_TAG=v2.7.0-RC3
+OWPROVUI_TAG=v2.7.0-RC2
+OWANALYTICS_TAG=v2.7.0-RC3
+OWSUB_TAG=v2.7.0-RC3
 KAFKA_TAG=latest
-ZOOKEEPER_TAG=latest
+ZOOKEEPER_TAG=3.8
 POSTGRESQL_TAG=latest
+MYSQL_TAG=latest
+# NOTE currently OWRRM is only supported in LB installations
+#OWRRM_TAG=v2.7.0-RC2
 
 # Microservice root/config directories
 OWGW_ROOT=/owgw-data
@@ -33,3 +36,4 @@ INTERNAL_OWFMS_HOSTNAME=owfms.wlan.local
 INTERNAL_OWPROV_HOSTNAME=owprov.wlan.local
 INTERNAL_OWANALYTICS_HOSTNAME=owanalytics.wlan.local
 INTERNAL_OWSUB_HOSTNAME=owsub.wlan.local
+#INTERNAL_OWRRM_HOSTNAME=owrrm.wlan.local

docker-compose/.env.letsencrypt

@@ -1,17 +1,19 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=master
-OWGWUI_TAG=main
-OWSEC_TAG=main
-OWFMS_TAG=main
-OWPROV_TAG=main
-OWPROVUI_TAG=main
-OWANALYTICS_TAG=main
-OWSUB_TAG=main
+OWGW_TAG=v2.7.0-RC3
+OWGWUI_TAG=v2.7.0-RC2
+OWSEC_TAG=v2.7.0-RC3
+OWFMS_TAG=v2.7.0-RC3
+OWPROV_TAG=v2.7.0-RC3
+OWPROVUI_TAG=v2.7.0-RC2
+OWANALYTICS_TAG=v2.7.0-RC3
+OWSUB_TAG=v2.7.0-RC3
+OWRRM_TAG=v2.7.0-RC2
 KAFKA_TAG=latest
 ZOOKEEPER_TAG=latest
 ACMESH_TAG=latest
 TRAEFIK_TAG=latest
+MYSQL_TAG=latest
 
 # Microservice root/config directories
 OWGW_ROOT=/owgw-data
@@ -37,12 +39,5 @@ INTERNAL_OWPROVUI_HOSTNAME=owprov-ui.wlan.local
 INTERNAL_OWANALYTICS_HOSTNAME=owanalytics.wlan.local
 INTERNAL_RTTYS_HOSTNAME=rttys.wlan.local
 INTERNAL_OWSUB_HOSTNAME=owsub.wlan.local
-OWGW_HOSTNAME=
-OWGWUI_HOSTNAME=
-OWGWFILEUPLOAD_HOSTNAME=
-OWSEC_HOSTNAME=
-OWFMS_HOSTNAME=
-OWPROV_HOSTNAME=
-OWPROVUI_HOSTNAME=
-OWANALYTICS_HOSTNAME=
-OWSUB_HOSTNAME=
+INTERNAL_OWRRM_HOSTNAME=owrrm.wlan.local
+SDKHOSTNAME=

docker-compose/.env.selfsigned

@@ -1,17 +1,19 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=master
-OWGWUI_TAG=main
-OWSEC_TAG=main
-OWFMS_TAG=main
-OWPROV_TAG=main
-OWPROVUI_TAG=main
-OWANALYTICS_TAG=main
-OWSUB_TAG=main
+OWGW_TAG=v2.7.0-RC3
+OWGWUI_TAG=v2.7.0-RC2
+OWSEC_TAG=v2.7.0-RC3
+OWFMS_TAG=v2.7.0-RC3
+OWPROV_TAG=v2.7.0-RC3
+OWPROVUI_TAG=v2.7.0-RC2
+OWANALYTICS_TAG=v2.7.0-RC3
+OWSUB_TAG=v2.7.0-RC3
+OWRRM_TAG=v2.7.0-RC2
 KAFKA_TAG=latest
 ZOOKEEPER_TAG=latest
 ACMESH_TAG=latest
 TRAEFIK_TAG=latest
+MYSQL_TAG=latest
 
 # Microservice root/config directories
 OWGW_ROOT=/owgw-data
@@ -36,3 +38,4 @@ INTERNAL_OWPROV_HOSTNAME=owprov.wlan.local
 INTERNAL_OWPROVUI_HOSTNAME=owprov-ui.wlan.local
 INTERNAL_OWANALYTICS_HOSTNAME=owanalytics.wlan.local
 INTERNAL_OWSUB_HOSTNAME=owsub.wlan.local
+INTERNAL_OWRRM_HOSTNAME=owrrm.wlan.local

docker-compose/README.md

@@ -1,21 +1,23 @@
 # OpenWifi SDK Docker Compose
 ### Overview
-With the provided Docker Compose files you can instantiate a deployment of the OpenWifi microservices and related components. The repository contains a self-signed certificate and a TIP-signed gateway certificate which are valid for the `*.wlan.local` domain. You also have the possibility to either generate and use Letsencrypt certs or provide your own certificates. Furthermore the deployments are split by whether Traefik is used as a reverse proxy/load balancer in front of the microservices or if they are exposed directly on the host. The advantage of using the deployments with Traefik is that you can use Letsencrypt certs (automatic certificate generation and renewal) and you have the ability to scale specific containers to multiple replicas.
+With the provided Docker Compose files you can instantiate a deployment of the OpenWifi microservices and related components. The repository contains a self-signed certificate and a TIP-signed gateway certificate which are valid for the `*.wlan.local` domain. You also have the possibility to either generate and use Let's Encrypt certs or provide your own certificates. Furthermore the deployments are split by whether Traefik is used as a reverse proxy/load balancer in front of the microservices or if they are exposed directly on the host. The advantage of using the deployments with Traefik is that you can use Let's Encrypt certs (automatic certificate generation and renewal) and you have the ability to scale specific containers to multiple replicas.
 The repository also contains a separate Docker Compose deployment to set up the [OWLS microservice](https://github.com/Telecominfraproject/wlan-cloud-owls) and related components for running a load simulation test against an existing controller.
 - [Non-LB deployment with self-signed certificates](#non-lb-deployment-with-self-signed-certificates)
 - [Non-LB deployment with own certificates](#non-lb-deployment-with-own-certificates)
 - [Non-LB deployment with PostgreSQL](#non-lb-deployment-with-postgresql)
 - [LB deployment with self-signed certificates](#lb-deployment-with-self-signed-certificates)
-- [LB deployment with Letsencrypt certificates](#lb-deployment-with-letsencrypt-certificates)
+- [LB deployment with Let's Encrypt certificates](#lb-deployment-with-letsencrypt-certificates)
 - [OWLS deployment with self-signed certificates](owls/README.md)
+- [AWS CloudFormation template](cloudformation/openwifi-cloudsdk-docker-compose.yml)
+
 ### Configuration
-If you don't bind mount your own config files they are generated on every startup based on the environment variables in the microservice specific env files. For an overview of the supported configuration properties have a look into the microservice specific env files. For an explanation of the configuration properties please see the README in the respective microservice repository.
-Be aware that the non-LB deployment exposes the generated config files on the host. So if you want to make configuration changes afterwards, please do them directly in the config files located in the microservice data directories.
+Config files for the microservices are generated on every startup based on the environment variables in the microservice specific env files. For an overview of the supported configuration properties have a look into these files. For an explanation of the configuration properties please see the README in the respective microservice repository.
+Be aware that local changes to the config files will be overwritten on every startup if `TEMPLATE_CONFIG` is set to `true` in the microservice env files. If you want to bind mount your own config file or make local changes, please set this variable to `false`.
 #### Required password changing on the first startup
 One important action that must be done before using the deployment is changing password for the default user in owsec as described in [owsec docs](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/tree/main#changing-default-password). Please use these docs to find the actions that must be done **after** the deployment in order to start using your deployment.
 ### Ports
-Every OpenWifi service is exposed via a separate port either directly on the host or through Traefik. For an overview of the exposed ports have a look into the deployment specific Docker Compose file. If you use your own certificates or make use of the [Letsencrypt LB deployment](#lb-deployment-with-letsencrypt-certificates), you can also configure different hostnames for the microservices.
-Please note that the OWProv-UI is exposed on port `8080(HTTP)/8443(HTTPS)` by default except for the Letsencrypt LB deployment, where the service listens on the default `80/443` HTTP(S) ports.
+Every OpenWifi service is exposed via a separate port either directly on the host or through Traefik. For an overview of the exposed ports have a look into the deployment specific Docker Compose file. If you use your own certificates, you can also configure different hostnames for the microservices.
+Please note that the OWProv-UI is exposed on port `8080(HTTP)/8443(HTTPS)` by default.
 ### owsec templates and wwwassets
 On the startup of owsec directories for wwwassets and mailer templates are created from the base files included in Docker image. After the initial startup you may edit those files as you wish in the [owsec-data/persist](./owsec-data/persist) directory.
 ## Non-LB deployment with self-signed certificates
@@ -31,19 +33,20 @@ On the startup of owsec directories for wwwassets and mailer templates are creat
 export OWSEC="openwifi.wlan.local:16001"
 export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-compose/certs/restapi-ca.pem"
 ```
-⚠️**Note**: When deploying with self-signed certificates you can not use the 'Trace' and 'Connect' features in the UI since the AP will throw a TLS error. Please use the Letsencrypt deployment or provide your own valid certificates if you want to use these features.
+⚠️**Note**: When deploying with self-signed certificates you can not use the 'Trace' and 'Connect' features in the UI since the AP will throw a TLS error. Please use the Let's Encrypt deployment or provide your own valid certificates if you want to use these features.
 ## Non-LB deployment with own certificates
 1. Switch into the project directory with `cd docker-compose/`. Copy your websocket and REST API certificates into the `certs/` directory. Make sure to reference the certificates accordingly in the service config if you use different file names or if you want to use different certificates for the respective microservices.
 2. Adapt the following hostname and URI variables according to your environment:
 ### .env
-| Variable                   | Description                                                         |
-| -------------------------- | ------------------------------------------------------------------- |
-| `INTERNAL_OWGW_HOSTNAME`   | Set this to your OWGW hostname, for example `owgw.example.com`.     |
-| `INTERNAL_OWSEC_HOSTNAME`  | Set this to your OWSec hostname, for example `owsec.example.com`.   |
-| `INTERNAL_OWFMS_HOSTNAME`  | Set this to your OWFms hostname, for example `owfms.example.com`.   |
-| `INTERNAL_OWPROV_HOSTNAME` | Set this to your OWProv hostname, for example `owprov.example.com`. |
-| `INTERNAL_OWANALYTICS_HOSTNAME` | Set this to your OWAnalytics hostname, for example `owanalytics.example.com`. |
-| `INTERNAL_OWSUB_HOSTNAME`  | Set this to your OWSub hostname, for example `owsub.example.com`.   |
+| Variable                        | Description                                                                        |
+| ------------------------------- | ---------------------------------------------------------------------------------- |
+| `INTERNAL_OWGW_HOSTNAME`        | Set this to your OWGW hostname, for example `owgw.example.com`.                    |
+| `INTERNAL_OWSEC_HOSTNAME`       | Set this to your OWSec hostname, for example `owsec.example.com`.                  |
+| `INTERNAL_OWFMS_HOSTNAME`       | Set this to your OWFms hostname, for example `owfms.example.com`.                  |
+| `INTERNAL_OWPROV_HOSTNAME`      | Set this to your OWProv hostname, for example `owprov.example.com`.                |
+| `INTERNAL_OWANALYTICS_HOSTNAME` | Set this to your OWAnalytics hostname, for example `owanalytics.example.com`.      |
+| `INTERNAL_OWSUB_HOSTNAME`       | Set this to your OWSub hostname, for example `owsub.example.com`.                  |
+| `INTERNAL_OWRRM_HOSTNAME`       | Set this to your OWRRM hostname, for example `owrrm.example.com`.                  |
 ### owgw.env
 | Variable                                 | Description                                                                         |
 | ---------------------------------------- | ----------------------------------------------------------------------------------- |
@@ -80,6 +83,16 @@ export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-comp
 | ---------------------------------------- | -------------------------------------------------------------------------------------- |
 | `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWAnalytics URL, for example `https://owanalytics.example.com:16009`. |
 | `SYSTEM_URI_UI`                          | Set this to your OWProv-UI URL, for example `https://owprov-ui.example.com`.           |
+### owrrm.env
+| Variable                                 | Description                                                                                     |
+| ---------------------------------------- | ----------------------------------------------------------------------------------------------- |
+| `SERVICECONFIG_PRIVATEENDPOINT`, `SERVICECONFIG_PUBLICENDPOINT` | Set this to your OWRRM URL, for example https://owrrm.example.com:16789. |
+| `DATABASECONFIG_PASSWORD`                                       | Set this to a random and safe password.                                  |
+### mysql.env
+| Variable                                 | Description                                      |
+| ---------------- | ------------------------------------------------------------------------ |
+| `MYSQL_PASSWORD` | Set this to the same value as `$DATABASECONFIG_PASSWORD` in `owrrm.env`. |
+
 3. Spin up the deployment with `docker-compose up -d`.
 4. Check if the containers are up and running with `docker-compose ps`.
 5. Login to the UI and and follow the instructions to change your default password.
@@ -152,67 +165,68 @@ export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-comp
 3. Depending on whether you want to use [self-signed certificates](#non-lb-deployment-with-self-signed-certificates) or [provide your own](#non-lb-deployment-with-own-certificates), follow the instructions of the according deployment model. Spin up the deployment with `docker-compose -f docker-compose.yml -f docker-compose.postgresql.yml up -d`. It is recommended to create an alias for this deployment model with `alias docker-compose-postgresql="docker-compose -f docker-compose.yml -f docker-compose.postgresql.yml"`.
 ## LB deployment with self-signed certificates
 Follow the same instructions as for the self-signed deployment without Traefik. The only difference is that you have to spin up the deployment with `docker-compose -f docker-compose.lb.selfsigned.yml --env-file .env.selfsigned up -d`. Make sure to specify the Compose and the according .env file every time you're working with the deployment or create an alias, for example `alias docker-compose-lb-selfsigned="docker-compose -f docker-compose.lb.selfsigned.yml --env-file .env.selfsigned"`. You also have the possibility to scale specific services to a specified number of instances with `docker-compose-lb-selfsigned up -d --scale SERVICE=NUM`, where `SERVICE` is the service name as defined in the Compose file.
-## LB deployment with Letsencrypt certificates
-For the Letsencrypt challenge to work you need a public IP address. The hostnames which you set for the microservices have to resolve to this IP address to pass the HTTP-01 challenge (https://letsencrypt.org/docs/challenge-types/#http-01-challenge).
+## LB deployment with Let's Encrypt certificates
+For the Let's Encrypt challenge to work you need a public IP address. The hostname which you set in the `$SDKHOSTNAME` env variable has to resolve to this IP address to pass the HTTP-01 challenge (https://letsencrypt.org/docs/challenge-types/#http-01-challenge).
 1. Switch into the project directory with `cd docker-compose/`.
 2. Adapt the following hostname and URI variables according to your environment.
 ### .env.letsencrypt
-| Variable                  | Description                                                                   |
-| ------------------------- | ----------------------------------------------------------------------------- |
-| `OWGW_HOSTNAME`           | Set this to your OWGW hostname, for example `owgw.example.com`.               |
-| `OWGWUI_HOSTNAME`         | Set this to your OWGW-UI hostname, for example `owgw-ui.example.com`.         |
-| `OWGWFILEUPLOAD_HOSTNAME` | Set this to your OWGW fileupload hostname, for example `owgw.example.com`.    |
-| `OWSEC_HOSTNAME`          | Set this to your OWSec hostname, for example `owsec.example.com`.             |
-| `OWFMS_HOSTNAME`          | Set this to your OWFms hostname, for example `owfms.example.com`.             |
-| `OWPROV_HOSTNAME`         | Set this to your OWProv hostname, for example `owprov.example.com`.           |
-| `OWPROVUI_HOSTNAME`       | Set this to your OWProv-UI hostname, for example `owprov-ui.example.com`.     |
-| `OWANALYTICS_HOSTNAME`    | Set this to your OWAnalytics hostname, for example `owanalytics.example.com`. |
-| `OWSUB_HOSTNAME`          | Set this to your OWSub hostname, for example `owsub.example.com`.          |
+| Variable      | Description                                                                                                |
+| ------------- | ---------------------------------------------------------------------------------------------------------- |
+| `SDKHOSTNAME` | Set this to the public hostname you want to use for all microservices, for example `openwifi.example.com`. |
 
 ### owgw.env
-| Variable                 | Description                                                                         |
-| -----------------------  | ----------------------------------------------------------------------------------- |
-| `FILEUPLOADER_HOST_NAME` | Set this to your OWGW fileupload hostname, for example `owgw.example.com`.          |
-| `FILEUPLOADER_URI`       | Set this to your OWGW fileupload URL, for example `https://owgw.example.com:16003`. |
-| `SYSTEM_URI_PUBLIC`      | Set this to your OWGW REST API URL, for example `https://owgw.example.com:16002`.   |
-| `RTTY_SERVER`            | Set this to your OWGW RTTYS hostname, for example `owgw.example.com`.               |
-| `SYSTEM_URI_UI`          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
+| Variable                 | Description                                                                             |
+| -----------------------  | --------------------------------------------------------------------------------------- |
+| `FILEUPLOADER_HOST_NAME` | Set this to your OWGW fileupload hostname, for example `openwifi.example.com`.          |
+| `FILEUPLOADER_URI`       | Set this to your OWGW fileupload URL, for example `https://openwifi.example.com:16003`. |
+| `SYSTEM_URI_PUBLIC`      | Set this to your OWGW REST API URL, for example `https://openwifi.example.com:16002`.   |
+| `RTTY_SERVER`            | Set this to your OWGW RTTYS hostname, for example `openwifi.example.com`.               |
+| `SYSTEM_URI_UI`          | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.               |
 
 ### owgw-ui.env
-| Variable            | Description                                                                |
-| ------------------- | -------------------------------------------------------------------------- |
-| `DEFAULT_OWSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
+| Variable            | Description                                                                   |
+| ------------------- | ----------------------------------------------------------------------------- |
+| `DEFAULT_OWSEC_URL` | Set this to your OWSec URL, for example `https://openwifi.example.com:16001`. |
 
 ### owsec.env
-| Variable            | Description                                                                |
-| ------------------- | -------------------------------------------------------------------------- |
-| `SYSTEM_URI_PUBLIC` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
-| `SYSTEM_URI_UI`     | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.   |
+| Variable            | Description                                                                   |
+| ------------------- | ----------------------------------------------------------------------------- |
+| `SYSTEM_URI_PUBLIC` | Set this to your OWSec URL, for example `https://openwifi.example.com:16001`. |
+| `SYSTEM_URI_UI`     | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.     |
 
 ### owfms.env
-| Variable            | Description                                                                |
-| ------------------- | -------------------------------------------------------------------------- |
-| `SYSTEM_URI_PUBLIC` | Set this to your OWFms URL, for example `https://owfms.example.com:16004`. |
-| `SYSTEM_URI_UI`     | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.   |
+| Variable            | Description                                                                   |
+| ------------------- | ----------------------------------------------------------------------------- |
+| `SYSTEM_URI_PUBLIC` | Set this to your OWFms URL, for example `https://openwifi.example.com:16004`. |
+| `SYSTEM_URI_UI`     | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.     |
 ### owprov.env
-| Variable             | Description                                                                  |
-| -------------------- | ---------------------------------------------------------------------------- |
-| `SYSTEM_URI_PUBLIC`  | Set this to your OWProv URL, for example `https://owprov.example.com:16005`. |
-| `SYSTEM_URI_UI`      | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.     |
+| Variable             | Description                                                                    | 
+| -------------------- | ------------------------------------------------------------------------------ |
+| `SYSTEM_URI_PUBLIC`  | Set this to your OWProv URL, for example `https://openwifi.example.com:16005`. |
+| `SYSTEM_URI_UI`      | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.      |
 ### owprov-ui.env
-| Variable                    | Description                                                                |
-| --------------------------- | -------------------------------------------------------------------------- |
-| `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
+| Variable                    | Description                                                                   |
+| --------------------------- | ----------------------------------------------------------------------------- |
+| `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://openwifi.example.com:16001`. |
 ### owanalytics.env
-| Variable             | Description                                                                            |
-| -------------------- | -------------------------------------------------------------------------------------- |
-| `SYSTEM_URI_PUBLIC`  | Set this to your OWAnalytics URL, for example `https://owanalytics.example.com:16009`. |
-| `SYSTEM_URI_UI`      | Set this to your OWProv-UI URL, for example `https://owprov-ui.example.com`.           |
+| Variable             | Description                                                                         |
+| -------------------- | ----------------------------------------------------------------------------------- |
+| `SYSTEM_URI_PUBLIC`  | Set this to your OWAnalytics URL, for example `https://openwifi.example.com:16009`. |
+| `SYSTEM_URI_UI`      | Set this to your OWProv-UI URL, for example `https://openwifi.example.com`.         |
 ### owsub.env
-| Variable             | Description                                                                  |
-| -------------------- | ---------------------------------------------------------------------------- |
-| `SYSTEM_URI_PUBLIC`  | Set this to your OWSub URL, for example `https://owsub.example.com:16006`.   |
-| `SYSTEM_URI_UI`      | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.     |
+| Variable             | Description                                                                   |
+| -------------------- | ----------------------------------------------------------------------------- |
+| `SYSTEM_URI_PUBLIC`  | Set this to your OWSub URL, for example `https://openwifi.example.com:16006`. |
+| `SYSTEM_URI_UI`      | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.     |
+### owrrm.env
+| Variable                                 | Description                     |
+| ---------------------------------------- | ------------------------------- |
+| `SERVICECONFIG_PUBLICENDPOINT`   | Set this to your OWRRM URL, for example https://openwifi.example.com:16789. |
+| `DATABASECONFIG_PASSWORD`        | Set this to a random and safe password.                                     |
+### mysql.env
+| Variable         | Description                                                              |
+| ---------------- | ------------------------------------------------------------------------ |
+| `MYSQL_PASSWORD` | Set this to the same value as `$DATABASECONFIG_PASSWORD` in `owrrm.env`. |
 ### traefik.env
 | Variable                                            | Description                               |
 | --------------------------------------------------- | ----------------------------------------- |

docker-compose/cloudformation/README.md

@@ -0,0 +1,20 @@
+# OpenWiFi Cloud SDK deployment with CloudFormation
+With the YAML template included in this directory you can create an OpenWiFi Cloud SDK deployment with the help of AWS CloudFormation (https://aws.amazon.com/cloudformation).  
+The template creates a CloudFormation stack based on the Docker Compose Let's Encrypt deployment (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/docker-compose#lb-deployment-with-letsencrypt-certificates). The created stack consists of an EC2 instance, and depending on the input parameters, also adds a Route53 hosted zone and a DNS record.  
+⚠️**Note**: Please be aware that you will be billed for the AWS resources if you create a stack from this template.
+1. Login into the AWS Management Console (https://aws.amazon.com/de/console).
+2. Go to the AWS Systems Manager Parameter Store page and create two parameters according to these instructions https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-create-console.html: one for your Digicert-signed websocket certificate and the other one for the corresponding key. You can leave the default parameter details: you need two standard parameters with type `String` and data type `text`. Just copy and paste your certificate and key into the `Value` field of the respective parameter and remember the parameter names.
+3. Go to the CloudFormation service page and follow the instructions described here https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-using-console-create-stack-template.html to upload a template file and choose the template included in this repository.
+4. In the next step you have to enter multiple input parameters required for a successful deployment. Here's an explanation of all parameters:
+
+**InstanceType**: Choose an AWS EC2 instance type (https://aws.amazon.com/ec2/instance-types). The smallest instance type you can choose is t2.small.  
+**KeyName**: Specify the name of the SSH key pair you want to use to connect the instance. If you don't have a key pair yet, please create or import one according to these instructions https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html.  
+**SSHLocation**: If you want to restrict the IP range which is allowed to connect to the instance via SSH, please specify a valid CIDR IP range here.  
+**CreateRoute53Record**: To expose your SDK installation to the public you need a valid DNS entry for your SDK hostname. This is also required to pass the Let's Encrypt HTTP-01 challenge (https://letsencrypt.org/de/docs/challenge-types/#http-01-challenge). If you set this to `True`, an Amazon Route53 entry (https://aws.amazon.com/route53) for the hostname defined in the **SDKHostname** parameter is automatically created. This Route53 entry will resolve to the public IP address of the EC2 instance. You can also set this to `False` and create a DNS entry manually afterwards.  
+**ExistingHostedZoneId**: If you decide to create a Route53 record and already have an existing hosted zone which you want to use, please specify the according hosted zone ID. You can get the ID by listing your public hosted zones (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ListInfoOnHostedZone.html).  
+**HostedZoneName**: If you didn't create the hosted zone yet which you want to use for your Route53 record, please specify the domain name of the hosted zone you want to create. Be aware that if you set **CreateRoute53Record** to `True`, you only have to specify either `ExistingHostedZoneId` or `HostedZoneName`. If you decide to create the DNS record yourself, you can leave both parameters empty.  
+**SDKVersion**: The SDK version you want to use for your deployment. You can either use release names (e.g. `v2.6.0`) or Git branch names (for example `release/v2.6.0`).  
+**SDKHostname**: Enter a valid public hostname which you want to use for your deployment. This has to resolve to the public IP address of the created EC2 instance. If you set **CreateRoute53Record** to `False`, don't forget to create a DNS entry manually afterwards.  
+**WebsocketCertParameter**: The name of the AWS Systems Manager parameter containing your Digicert-signed websocket certificate.  
+**WebsocketKeyParameter**: The name of the AWS Systems Manager parameter containing the key to your Digicert-signed websocket certificate.  
+**TraefikAcmeEmail**: Enter a valid email address to complete Let's Encrypt ACME registration.  

docker-compose/cloudformation/openwifi-cloudsdk-docker-compose.yml

@@ -0,0 +1,341 @@
+AWSTemplateFormatVersion: 2010-09-09
+Description: |
+  OpenWiFi Cloud SDK Docker Compose Deployment: This template creates an
+  OpenWiFi Cloud SDK deployment using Docker Compose and Letsencrypt for
+  northbound certificates (https://github.com/Telecominfraproject/
+  wlan-cloud-ucentral-deploy/tree/main/docker-compose
+  #lb-deployment-with-letsencrypt-certificates).
+  **WARNING** You will be billed for the AWS resources used if you create a
+  stack from this template.
+Metadata:
+  AWS::CloudFormation::Interface:
+    ParameterGroups:
+      - Label:
+          default: "Amazon EC2 configuration"
+        Parameters:
+          - InstanceType
+          - LatestUbuntuFocalAMI
+          - KeyName
+          - SSHLocation
+      - Label:
+          default: "Amazon Route53 configuration"
+        Parameters:
+          - CreateRoute53Record
+          - ExistingHostedZoneId
+          - HostedZoneName
+      - Label:
+          default: "OpenWiFi cloud SDK configuration"
+        Parameters:
+          - SDKVersion
+          - SDKHostname
+          - WebsocketCertParameter
+          - WebsocketKeyParameter
+          - TraefikAcmeEmail
+Parameters:
+  KeyName:
+    Description: Name of the EC2 KeyPair to enable SSH access to the instance.
+    Type: AWS::EC2::KeyPair::KeyName
+    ConstraintDescription: Must be the name of an existing EC2 KeyPair.
+  SDKHostname:
+    Description: Hostname you want to use for your OpenWiFi Cloud SDK installation.
+    Default: openwifi.wlan.local
+    Type: String
+    AllowedPattern: "^((?!-)[A-Za-z0-9-]{1,63}(?<!-)\\.)+[A-Za-z]{2,6}$"
+  TraefikAcmeEmail:
+    Description: Email address used for ACME registration
+    Type: String
+  CreateRoute53Record:
+    Description: |
+      Set this to "True" if you want to create a DNS record for the SDK
+      hostname.
+      This will resolve to the public IP of the created EC2 instance.
+    AllowedValues:
+      - "True"
+      - "False"
+    Default: "False"
+    Type: String
+  ExistingHostedZoneId:
+    Description: |
+      If you want to create the Route53 record in an existing hosted zone,
+      please specify the according hosted zone ID. 
+    Type: String
+#    MinLength: 21
+#    MaxLength: 21
+#    AllowedPattern: "[A-Z0-9]+"
+  HostedZoneName:
+    Description: |
+      If you want to create a new hosted zone for the Route53 record, please
+      specify the name of the domain.
+    Type: String
+#    AllowedPattern: "^((?!-)[A-Za-z0-9-]{1,63}(?<!-)\\.)+[A-Za-z]{2,6}$"
+  SDKVersion:
+    Description: OpenWiFi Cloud SDK version to be deployed.
+    Default: main
+    Type: String
+  WebsocketCertParameter:
+    Description: |
+      The AWS Systems Manager parameter containing your Digicert-signed
+      websocket certificate.
+    Type: AWS::SSM::Parameter::Value<String>
+  WebsocketKeyParameter:
+    Description: |
+      The AWS Systems Manager parameter containing the key to your
+      Digicert-signed websocket certificate.
+    Type: AWS::SSM::Parameter::Value<String>
+  LatestUbuntuFocalAMI:
+    Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
+    Default: "/aws/service/canonical/ubuntu/server/focal/stable/current/amd64/hvm/ebs-gp2/ami-id"
+  InstanceType:
+    Description: Cloud SDK EC2 instance type
+    Type: String
+    Default: t2.small
+    AllowedValues:
+      - t2.small
+      - t2.medium
+      - t2.large
+      - m1.small
+      - m1.medium
+      - m1.large
+      - m1.xlarge
+      - m2.xlarge
+      - m2.2xlarge
+      - m2.4xlarge
+      - m3.medium
+      - m3.large
+      - m3.xlarge
+      - m3.2xlarge
+      - m4.large
+      - m4.xlarge
+      - m4.2xlarge
+      - m4.4xlarge
+      - m4.10xlarge
+      - c1.medium
+      - c1.xlarge
+      - c3.large
+      - c3.xlarge
+      - c3.2xlarge
+      - c3.4xlarge
+      - c3.8xlarge
+      - c4.large
+      - c4.xlarge
+      - c4.2xlarge
+      - c4.4xlarge
+      - c4.8xlarge
+      - g2.2xlarge
+      - g2.8xlarge
+      - r3.large
+      - r3.xlarge
+      - r3.2xlarge
+      - r3.4xlarge
+      - r3.8xlarge
+      - i2.xlarge
+      - i2.2xlarge
+      - i2.4xlarge
+      - i2.8xlarge
+      - d2.xlarge
+      - d2.2xlarge
+      - d2.4xlarge
+      - d2.8xlarge
+      - hi1.4xlarge
+      - hs1.8xlarge
+      - cr1.8xlarge
+      - cc2.8xlarge
+      - cg1.4xlarge
+    ConstraintDescription: must be a valid EC2 instance type.
+  SSHLocation:
+    Description: |
+      The IP address range that can be used to SSH to the EC2 instances
+    Type: String
+    MinLength: "9"
+    MaxLength: "18"
+    Default: 0.0.0.0/0
+    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
+    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
+Conditions:
+  HasExistingHostedZoneId: !Not [ !Equals [ !Ref ExistingHostedZoneId, "" ] ]
+  HasHostedZoneName: !Not [ !Equals [ !Ref HostedZoneName, "" ] ]
+  CreateRoute53Record: !Equals [ !Ref CreateRoute53Record, "True" ]
+  CreateRecordInExistingZone: !And [ Condition: HasExistingHostedZoneId, Condition: CreateRoute53Record ]
+  CreateRecordInNewZone: !And [ Condition: HasHostedZoneName, Condition: CreateRoute53Record ]
+Resources:
+  CloudSDKInstance:
+    Type: "AWS::EC2::Instance"
+    Metadata:
+      "AWS::CloudFormation::Init":
+        configSets:
+          InstallDockerAndCreateDeployment:
+            - InstallDocker
+            - CreateCloudSDKDeployment
+        InstallDocker:
+          packages:
+            apt:
+              ca-certificates: []
+              curl: []
+              gnupg: []
+              lsb-release: []
+              php-mysql: []
+          commands:
+            a_add_repo_gpg_key:
+              command: |
+                curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
+                | sudo gpg --dearmor -o \
+                /usr/share/keyrings/docker-archive-keyring.gpg
+            b_add_docker_repo:
+              command: |
+                echo "deb [arch=$(dpkg --print-architecture) \
+                signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \
+                https://download.docker.com/linux/ubuntu $(lsb_release -cs) \
+                stable" | sudo tee /etc/apt/sources.list.d/docker.list \
+                > /dev/null
+            c_install_docker:
+              command: |
+                sudo apt-get update \
+                && sudo apt-get install -y docker-ce docker-ce-cli \
+                containerd.io docker-compose-plugin docker-compose
+            d_enable_and_start_docker:
+              command: |
+                sudo systemctl enable docker && sudo systemctl start docker
+            e_add_ubuntu_user_to_docker_group:
+              command: "sudo usermod -aG docker ubuntu"
+        CreateCloudSDKDeployment:
+          files:
+            /etc/profile.d/aliases.sh:
+              content: |
+                alias docker-compose-lb-letsencrypt="docker-compose -f \
+                docker-compose.lb.letsencrypt.yml --env-file .env.letsencrypt"
+                alias docker-compose-lb-selfsigned="docker-compose -f \
+                docker-compose.lb.selfsigned.yml --env-file .env.selfsigned"
+                alias docker-compose-postgresql="docker-compose -f \
+                docker-compose.yml -f docker-compose.postgresql.yml"
+              mode: "000644"
+              owner: "root"
+              group: "root"
+          commands:
+            a_clone_deploy_repo:
+              command: |
+                git clone https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy
+              cwd: "~"
+            b_checkout_deploy_version:
+              command: !Sub "git checkout ${SDKVersion}"
+              cwd: "~/wlan-cloud-ucentral-deploy"
+            c_create_deployment:
+              command: "./deploy.sh"
+              env:
+                DEFAULT_UCENTRALSEC_URL: !Sub "https://${SDKHostname}:16001"
+                SYSTEM_URI_UI: !Sub "https://${SDKHostname}"
+                SDKHOSTNAME: !Sub "${SDKHostname}"
+                WEBSOCKET_CERT: !Ref WebsocketCertParameter
+                WEBSOCKET_KEY: !Ref WebsocketKeyParameter
+                OWGW_FILEUPLOADER_HOST_NAME: !Sub "${SDKHostname}"
+                OWGW_FILEUPLOADER_URI: !Sub "https://${SDKHostname}:16003"
+                OWGW_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16002"
+                OWGW_RTTY_SERVER: !Sub "${SDKHostname}"
+                OWSEC_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16001"
+                OWFMS_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16004"
+                OWPROV_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16005"
+                OWANALYTICS_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16009"
+                OWSUB_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16006"
+                OWRRM_SERVICECONFIG_PRIVATEENDPOINT: !Sub "http://owrrm.wlan.local:17007"
+                OWRRM_SERVICECONFIG_PUBLICENDPOINT: !Sub "https://${SDKHostname}:16789"
+                TRAEFIK_ACME_EMAIL: !Sub "${TraefikAcmeEmail}"
+              cwd: "~/wlan-cloud-ucentral-deploy/docker-compose"
+    Properties:
+      ImageId: !Ref LatestUbuntuFocalAMI
+      InstanceType: !Ref InstanceType
+      SecurityGroups:
+        - !Ref CloudSDKSecurityGroup
+      KeyName: !Ref KeyName
+      UserData:
+        Fn::Base64: !Sub |
+          #!/bin/bash -xe
+          apt-get update -y
+          mkdir -p /opt/aws/bin
+          wget https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz
+          python3 -m easy_install --script-dir /opt/aws/bin aws-cfn-bootstrap-py3-latest.tar.gz
+          /opt/aws/bin/cfn-init -v \
+            --stack ${AWS::StackName} \
+            --resource CloudSDKInstance \
+            --configsets InstallDockerAndCreateDeployment \
+            --region ${AWS::Region}
+          /opt/aws/bin/cfn-signal -e $? \
+            --stack ${AWS::StackName} \
+            --resource CloudSDKInstance \
+            --region ${AWS::Region}
+    CreationPolicy:
+      ResourceSignal:
+        Timeout: PT5M
+  CloudSDKSecurityGroup:
+    Type: "AWS::EC2::SecurityGroup"
+    Properties:
+      GroupDescription: Enable OpenWiFi Cloud SDK and SSH access
+      SecurityGroupIngress:
+        - IpProtocol: icmp
+          FromPort: "-1"
+          ToPort: "-1"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "80"
+          ToPort: "80"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "443"
+          ToPort: "443"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "15002"
+          ToPort: "15002"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "16001"
+          ToPort: "16006"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "16009"
+          ToPort: "16009"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "16789"
+          ToPort: "16789"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "5912"
+          ToPort: "5913"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "22"
+          ToPort: "22"
+          CidrIp: !Ref SSHLocation
+  CloudSDKHostedZone:
+    Condition: HasHostedZoneName
+    Type: AWS::Route53::HostedZone
+    Properties: 
+      Name: !Ref HostedZoneName
+  CloudSDKRoute53RecordExistingHostedZone:
+    Condition: CreateRecordInExistingZone
+    Type: AWS::Route53::RecordSet
+    Properties:
+      HostedZoneId: !Ref ExistingHostedZoneId
+      Name: !Ref SDKHostname
+      Type: A
+      TTL: 900
+      ResourceRecords:
+      - !GetAtt CloudSDKInstance.PublicIp
+  CloudSDKRoute53RecordNewHostedZone:
+    Condition: CreateRecordInNewZone
+    Type: AWS::Route53::RecordSet
+    Properties:
+      HostedZoneId: !GetAtt CloudSDKHostedZone.Id
+      Name: !Ref SDKHostname
+      Type: A
+      TTL: 900
+      ResourceRecords:
+      - !GetAtt CloudSDKInstance.PublicIp
+Outputs:
+  WebsiteURL:
+    Description: |
+      Visit this URL and login with user 'tip@ucentral.com' and password
+      'openwifi'.
+    Value: !Join
+      - ""
+      - - "https://"
+        - !Ref SDKHostname

docker-compose/deploy.sh

@@ -26,13 +26,9 @@ usage () {
   echo;
 #  echo "- OWSEC_SYSTEM_URI_PRIVATE - private URL to be used for OWSec";
   echo "- OWSEC_SYSTEM_URI_PUBLIC - public URL to be used for OWSec";
-  echo "- OWSEC_AUTHENTICATION_DEFAULT_USERNAME - username to be used for requests to OWSec";
-  echo "- OWSEC_AUTHENTICATION_DEFAULT_PASSWORD - hashed password for OWSec (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)";
   echo;
 #  echo "- OWFMS_SYSTEM_URI_PRIVATE - private URL to be used for OWFms";
   echo "- OWFMS_SYSTEM_URI_PUBLIC - public URL to be used for OWFms";
-  echo "- OWFMS_S3_SECRET - secret key that is used for OWFms access to firmwares S3 bucket";
-  echo "- OWFMS_S3_KEY - access key that is used for OWFms access to firmwares S3 bucket";
   echo;
 #  echo "- OWPROV_SYSTEM_URI_PRIVATE - private URL to be used for OWProv";
   echo "- OWPROV_SYSTEM_URI_PUBLIC - public URL to be used for OWProv";
@@ -42,6 +38,22 @@ usage () {
   echo;
 #  echo "- OWSUB_SYSTEM_URI_PRIVATE - private URL to be used for OWSub";
   echo "- OWSUB_SYSTEM_URI_PUBLIC - public URL to be used for OWSub";
+  echo;
+  echo "- OWRRM_SERVICECONFIG_PRIVATEENDPOINT - private URL to be used for OWRRM";
+  echo "- OWRRM_SERVICECONFIG_PUBLICENDPOINT - public URL to be used for OWRRM";
+  echo;
+  echo "Optional environment variables:"
+  echo "- WEBSOCKET_CERT - Your Digicert-signed websocket certificate"
+  echo "- WEBSOCKET_KEY - The key to your Digicert-signed websocket certificate"
+  echo;
+  echo "- OWSEC_AUTHENTICATION_DEFAULT_USERNAME - username to be used for requests to OWSec";
+  echo "- OWSEC_AUTHENTICATION_DEFAULT_PASSWORD - hashed password for OWSec (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)";
+  echo;
+  echo "- OWFMS_S3_SECRET - secret key that is used for OWFms access to firmwares S3 bucket";
+  echo "- OWFMS_S3_KEY - access key that is used for OWFms access to firmwares S3 bucket";
+  echo;
+  echo "- SDKHOSTNAME - Public hostname which is used for cert generation when using the Letsencrypt deployment method"
+  echo "- TRAEFIK_ACME_EMAIL - Email address used for ACME registration"
 }
 
 # Check if required environment variables were passed
@@ -62,15 +74,11 @@ usage () {
 [ -z ${OWGW_SYSTEM_URI_PUBLIC+x} ] && echo "OWGW_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
 [ -z ${OWGW_RTTY_SERVER+x} ] && echo "OWGW_RTTY_SERVER is unset" && usage && exit 1
 ## OWSec configuration variables
-[ -z ${OWSEC_AUTHENTICATION_DEFAULT_USERNAME+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_USERNAME is unset" && usage && exit 1
-[ -z ${OWSEC_AUTHENTICATION_DEFAULT_PASSWORD+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_PASSWORD is unset" && usage && exit 1
 #[ -z ${OWSEC_SYSTEM_URI_PRIVATE+x} ] && echo "OWSEC_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
 [ -z ${OWSEC_SYSTEM_URI_PUBLIC+x} ] && echo "OWSEC_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
 ## OWFms configuration variables
 #[ -z ${OWFMS_SYSTEM_URI_PRIVATE+x} ] && echo "OWFMS_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
 [ -z ${OWFMS_SYSTEM_URI_PUBLIC+x} ] && echo "OWFMS_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
-[ -z ${OWFMS_S3_SECRET+x} ] && echo "OWFMS_S3_SECRET is unset" && usage && exit 1
-[ -z ${OWFMS_S3_KEY+x} ] && echo "OWFMS_S3_KEY is unset" && usage && exit 1
 ## OWProv configuration variables
 #[ -z ${OWPROV_SYSTEM_URI_PRIVATE+x} ] && echo "OWPROV_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
 [ -z ${OWPROV_SYSTEM_URI_PUBLIC+x} ] && echo "OWPROV_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
@@ -80,6 +88,9 @@ usage () {
 ## OWSub configuration variables
 #[ -z ${OWSUB_SYSTEM_URI_PRIVATE+x} ] && echo "OWSUB_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
 [ -z ${OWSUB_SYSTEM_URI_PUBLIC+x} ] && echo "OWSUB_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
+## OWRRM configuration variables
+[ -z ${OWRRM_SERVICECONFIG_PRIVATEENDPOINT+x} ] && echo "OWRRM_SERVICECONFIG_PRIVATEENDPOINT is unset" && usage && exit 1
+[ -z ${OWRRM_SERVICECONFIG_PUBLICENDPOINT+x} ] && echo "OWRRM_SERVICECONFIG_PUBLICENDPOINT is unset" && usage && exit 1
 
 # Search and replace image version tags if set
 if [[ ! -z "$OWGW_VERSION" ]]; then
@@ -109,6 +120,17 @@ fi
 #sed -i "s~\(^INTERNAL_OWANALYTICS_HOSTNAME=\).*~\1$INTERNAL_OWANALYTICS_HOSTNAME~" .env
 #sed -i "s~\(^INTERNAL_OWSUB_HOSTNAME=\).*~\1$INTERNAL_OWSUB_HOSTNAME~" .env
 
+if [[ ! -z "$SDKHOSTNAME" ]]; then
+  sed -i "s~.*SDKHOSTNAME=.*~SDKHOSTNAME=$SDKHOSTNAME~" .env.letsencrypt
+fi
+
+if [[ ! -z "$WEBSOCKET_CERT" ]]; then
+  echo "$WEBSOCKET_CERT" > certs/websocket-cert.pem
+fi
+if [[ ! -z "$WEBSOCKET_KEY" ]]; then
+  echo "$WEBSOCKET_KEY" > certs/websocket-key.pem && chmod 600 certs/websocket-key.pem
+fi
+
 sed -i "s~.*FILEUPLOADER_HOST_NAME=.*~FILEUPLOADER_HOST_NAME=$OWGW_FILEUPLOADER_HOST_NAME~" owgw.env
 sed -i "s~.*FILEUPLOADER_URI=.*~FILEUPLOADER_URI=$OWGW_FILEUPLOADER_URI~" owgw.env
 sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWGW_SYSTEM_URI_PUBLIC~" owgw.env
@@ -122,8 +144,12 @@ fi
 
 sed -i "s~.*DEFAULT_UCENTRALSEC_URL=.*~DEFAULT_UCENTRALSEC_URL=$DEFAULT_UCENTRALSEC_URL~" owgw-ui.env
 
-sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
-sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env
+if [[ ! -z "$OWSEC_AUTHENTICATION_DEFAULT_USERNAME" ]]; then
+  sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
+fi
+if [[ ! -z "$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD" ]]; then
+  sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env
+fi
 #sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWSEC_SYSTEM_URI_PRIVATE~" owsec.env
 sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWSEC_SYSTEM_URI_PUBLIC~" owsec.env
 sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owsec.env
@@ -131,8 +157,12 @@ sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owsec.env
 #sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWFMS_SYSTEM_URI_PRIVATE~" owfms.env
 sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWFMS_SYSTEM_URI_PUBLIC~" owfms.env
 sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owfms.env
-sed -i "s~.*S3_SECRET=.*~S3_SECRET=$OWFMS_S3_SECRET~" owfms.env
-sed -i "s~.*S3_KEY=.*~S3_KEY=$OWFMS_S3_KEY~" owfms.env
+if [[ ! -z "$OWFMS_S3_SECRET" ]]; then
+  sed -i "s~.*S3_SECRET=.*~S3_SECRET=$OWFMS_S3_SECRET~" owfms.env
+fi
+if [[ ! -z "$OWFMS_S3_KEY" ]]; then
+  sed -i "s~.*S3_KEY=.*~S3_KEY=$OWFMS_S3_KEY~" owfms.env
+fi
 
 #sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWPROV_SYSTEM_URI_PRIVATE~" owprov.env
 sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWPROV_SYSTEM_URI_PUBLIC~" owprov.env
@@ -148,5 +178,16 @@ sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owanalytics.env
 sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWSUB_SYSTEM_URI_PUBLIC~" owsub.env
 sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owsub.env
 
+sed -i "s~.*SERVICECONFIG_PRIVATEENDPOINT=.*~SERVICECONFIG_PRIVATEENDPOINT=$OWRRM_SERVICECONFIG_PRIVATEENDPOINT~" owrrm.env
+sed -i "s~.*SERVICECONFIG_PUBLICENDPOINT=.*~SERVICECONFIG_PUBLICENDPOINT=$OWRRM_SERVICECONFIG_PUBLICENDPOINT~" owrrm.env
+
+if [[ ! -z "$TRAEFIK_ACME_EMAIL" ]]; then
+  sed -i "s~.*TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=.*~TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=$TRAEFIK_ACME_EMAIL~" traefik.env
+fi
+
 # Run the deployment
-docker-compose up -d
+if [[ ! -z "$SDKHOSTNAME" ]]; then
+  docker-compose -f docker-compose.lb.letsencrypt.yml --env-file .env.letsencrypt up -d
+else
+  docker-compose up -d
+fi

docker-compose/docker-compose.lb.letsencrypt.yml

@@ -13,12 +13,16 @@ volumes:
     driver: local
   owsub_data:
     driver: local
+  owrrm_data:
+    driver: local
   zookeeper_data:
     driver: local
   zookeeper_datalog:
     driver: local
   kafka_data:
     driver: local
+  mysql_data:
+    driver: local
   letsencrypt_certs:
     driver: local
 
@@ -156,6 +160,21 @@ services:
       - owsub_data:${OWSUB_ROOT}
       - ./certs:/${OWSUB_ROOT}/certs
 
+  owrrm:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owrrm:${OWRRM_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWRRM_HOSTNAME}
+    env_file:
+      - owrrm.env
+    depends_on:
+      - mysql
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owrrm_data:/owrrm-data
+
   zookeeper:
     image: "zookeeper:${ZOOKEEPER_TAG}"
     networks:
@@ -177,6 +196,35 @@ services:
     volumes:
       - kafka_data:/bitnami/kafka
 
+  init-kafka:
+    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
+    networks:
+      openwifi:
+    depends_on:
+      - kafka
+    env_file:
+      - kafka.env
+    entrypoint:
+      - /bin/sh
+      - -c
+      - |
+        echo "Creating all required Kafka topics..."
+        for topic in $$TOPICS; do
+          /opt/bitnami/kafka/bin/kafka-topics.sh \
+          --create --if-not-exists --topic $$topic --replication-factor 1 \
+          --partitions 1 --bootstrap-server kafka:9092
+        done && echo "Successfully created Kafka topics, exiting." && exit 0
+
+  mysql:
+    image: "mysql:${MYSQL_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - mysql.env
+    restart: unless-stopped
+    volumes:
+      - mysql_data:/var/lib/mysql
+
   traefik:
     image: "traefik:${TRAEFIK_TAG}"
     networks:
@@ -191,17 +239,28 @@ services:
       - owfms
       - owprov
       - owprov-ui
+      - owanalytics
+      - owsub
+      - owrrm
     restart: unless-stopped
     volumes:
       - "./traefik/openwifi_letsencrypt.yaml:/etc/traefik/openwifi.yaml"
       - "./certs/restapi-ca.pem:/certs/restapi-ca.pem"
       - "letsencrypt_certs:/letsencrypt"
+    entrypoint:
+      - /bin/sh
+      - -c
+      - |
+        timeout 10m sh -c 'until [[ "$$(getent hosts $SDKHOSTNAME)" ]]; do echo "Waiting until DNS record for $SDKHOSTNAME is resolvable"; sleep 5; done' \
+        && ./entrypoint.sh traefik
     ports:
       - "15002:15002"
       - "16002:16002"
       - "16003:16003"
       - "80:80"
+      - "8080:8080"
       - "443:443"
+      - "8443:8443"
       - "16001:16001"
       - "16004:16004"
       - "16005:16005"
@@ -209,3 +268,4 @@ services:
       - "16006:16006"
       - "5912:5912"
       - "5913:5913"
+      - "16789:16789"

docker-compose/docker-compose.lb.selfsigned.yml

@@ -13,12 +13,16 @@ volumes:
     driver: local
   owsub_data:
     driver: local
+  owrrm_data:
+    driver: local
   zookeeper_data:
     driver: local
   zookeeper_datalog:
     driver: local
   kafka_data:
     driver: local
+  mysql_data:
+    driver: local
 
 networks:
   openwifi:
@@ -156,6 +160,21 @@ services:
       - owsub_data:${OWSUB_ROOT}
       - ./certs:/${OWSUB_ROOT}/certs
 
+  owrrm:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owrrm:${OWRRM_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWRRM_HOSTNAME}
+    env_file:
+      - owrrm.env
+    depends_on:
+      - mysql
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owrrm_data:/owrrm-data
+
   zookeeper:
     image: "zookeeper:${ZOOKEEPER_TAG}"
     networks:
@@ -177,6 +196,35 @@ services:
     volumes:
       - kafka_data:/bitnami/kafka
 
+  init-kafka:
+    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
+    networks:
+      openwifi:
+    depends_on:
+      - kafka
+    env_file:
+      - kafka.env
+    entrypoint:
+      - /bin/sh
+      - -c
+      - |
+        echo "Creating all required Kafka topics..."
+        for topic in $$TOPICS; do
+          /opt/bitnami/kafka/bin/kafka-topics.sh \
+          --create --if-not-exists --topic $$topic --replication-factor 1 \
+          --partitions 1 --bootstrap-server kafka:9092
+        done && echo "Successfully created Kafka topics, exiting." && exit 0
+
+  mysql:
+    image: "mysql:${MYSQL_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - mysql.env
+    restart: unless-stopped
+    volumes:
+      - mysql_data:/var/lib/mysql
+
   traefik:
     image: "traefik:${TRAEFIK_TAG}"
     networks:
@@ -190,6 +238,9 @@ services:
       - owfms
       - owprov
       - owprov-ui
+      - owanalytics
+      - owsub
+      - owrrm
     restart: unless-stopped
     volumes:
       - "./traefik/openwifi_selfsigned.yaml:/etc/traefik/openwifi.yaml"
@@ -208,5 +259,7 @@ services:
       - "16004:16004"
       - "16005:16005"
       - "16009:16009"
+      - "16006:16006"
       - "5912:5912"
       - "5913:5913"
+      - "16789:16789"

docker-compose/docker-compose.yml

@@ -1,12 +1,16 @@
 version: '3'
 
 volumes:
+#  owrrm_data:
+#    driver: local
   zookeeper_data:
     driver: local
   zookeeper_datalog:
     driver: local
   kafka_data:
     driver: local
+  mysql_data:
+    driver: local
 
 networks:
   openwifi:
@@ -49,6 +53,8 @@ services:
       - owgw
       - owfms
       - owprov
+      - owanalytics
+      - owsub
     restart: unless-stopped
     volumes:
       - "./owgw-ui/default.conf:/etc/nginx/conf.d/default.conf"
@@ -123,6 +129,8 @@ services:
       - owgw
       - owfms
       - owprov
+      - owanalytics
+      - owsub
     restart: unless-stopped
     volumes:
       - "./owprov-ui/default.conf:/etc/nginx/conf.d/default.conf"
@@ -168,6 +176,24 @@ services:
       - "16006:16006"
       - "16106:16106"
 
+# NOTE currently OWRRM is only supported in LB installations
+#  owrrm:
+#    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owrrm:${OWRRM_TAG}"
+#    networks:
+#      openwifi:
+#        aliases:
+#          - ${INTERNAL_OWRRM_HOSTNAME}
+#    env_file:
+#      - owrrm.env
+#    depends_on:
+#      - mysql
+#      - kafka
+#    restart: unless-stopped
+#    volumes:
+#      - owrrm_data:/owrrm-data
+#    ports:
+#      - "16789:16789"
+
   zookeeper:
     image: "zookeeper:${ZOOKEEPER_TAG}"
     networks:
@@ -188,3 +214,32 @@ services:
       - zookeeper
     volumes:
       - kafka_data:/bitnami/kafka
+
+  init-kafka:
+    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
+    networks:
+      openwifi:
+    depends_on:
+      - kafka
+    env_file:
+      - kafka.env
+    entrypoint:
+      - /bin/sh
+      - -c
+      - |
+        echo "Creating all required Kafka topics..."
+        for topic in $$TOPICS; do
+          /opt/bitnami/kafka/bin/kafka-topics.sh \
+          --create --if-not-exists --topic $$topic --replication-factor 1 \
+          --partitions 1 --bootstrap-server kafka:9092
+        done && echo "Successfully created Kafka topics, exiting." && exit 0
+
+  mysql:
+    image: "mysql:${MYSQL_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - mysql.env
+    restart: unless-stopped
+    volumes:
+      - mysql_data:/var/lib/mysql

docker-compose/kafka.env

@@ -1,2 +1,3 @@
 KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper:2181
 ALLOW_PLAINTEXT_LISTENER=yes
+TOPICS=command connection device_event_queue device telemetry healthcheck provisioning_change service_events state wifiscan

docker-compose/mysql.env

@@ -0,0 +1,5 @@
+#MYSQL_RANDOM_ROOT_PASSWORD=yes
+MYSQL_ROOT_PASSWORD=openwifi
+MYSQL_DATABASE=owrrm
+#MYSQL_USER=owrrm
+#MYSQL_PASSWORD=openwifi

docker-compose/owgw.env

@@ -38,6 +38,9 @@ SYSTEM_URI_PRIVATE=https://owgw.wlan.local:17002
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16002
 SYSTEM_URI_UI=https://openwifi.wlan.local
 #SIMULATORID=
+#IPTOCOUNTRY_PROVIDER=ipinfo
+#IPTOCOUNTRY_IPINFO_TOKEN=
+#IPTOCOUNTRY_IPDATA_APIKEY=
 #RTTY_INTERNAL=true
 #RTTY_ENABLED=true
 RTTY_SERVER=openwifi.wlan.local

docker-compose/owrrm.env

@@ -0,0 +1,8 @@
+SELFSIGNED_CERTS=true
+SERVICECONFIG_PRIVATEENDPOINT=https://owrrm.wlan.local:16789
+SERVICECONFIG_PUBLICENDPOINT=https://openwifi.wlan.local:16789
+KAFKACONFIG_BOOTSTRAPSERVER=kafka:9092
+DATABASECONFIG_SERVER=mysql:3306
+DATABASECONFIG_USER=root
+#DATABASECONFIG_PASSWORD=openwifi
+DATABASECONFIG_DBNAME=owrrm

docker-compose/traefik.env

@@ -14,6 +14,7 @@ TRAEFIK_ENTRYPOINTS_OWFMSRESTAPI_ADDRESS=:16004
 TRAEFIK_ENTRYPOINTS_OWPROVRESTAPI_ADDRESS=:16005
 TRAEFIK_ENTRYPOINTS_OWANALYTICSRESTAPI_ADDRESS=:16009
 TRAEFIK_ENTRYPOINTS_OWSUBRESTAPI_ADDRESS=:16006
+TRAEFIK_ENTRYPOINTS_OWRRMOPENAPI_ADDRESS=:16789
 TRAEFIK_PROVIDERS_FILE_FILENAME=/etc/traefik/openwifi.yaml
 TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=
 TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_HTTPCHALLENGE=true

docker-compose/traefik/openwifi_letsencrypt.yaml

@@ -39,75 +39,85 @@ http:
     owgw-rttys-view:
       loadBalancer:
         servers:
-          - url: "http://owgw.wlan.local:5913/"
+          - url: "https://owgw.wlan.local:5913/"
+    owrrm-openapi:
+      loadBalancer:
+        servers:
+          - url: "http://owrrm.wlan.local:16789/"
 
   routers:
     owgw-ui-http:
       entryPoints: "owgwuihttp"
       service: "owgw-ui"
-      rule: "Host(`{{ env "OWGWUI_HOSTNAME" }}`)"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
     owgw-ui-https:
       entryPoints: "owgwuihttps"
       service: "owgw-ui"
-      rule: "Host(`{{ env "OWGWUI_HOSTNAME" }}`)"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
       tls:
         certResolver: "openwifi"
     owgw-fileupload:
       entryPoints: "owgwfileupload"
       service: "owgw-fileupload"
-      rule: "Host(`{{ env "OWGWFILEUPLOAD_HOSTNAME" }}`)"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
       tls:
         certResolver: "openwifi"
     owgw-restapi:
       entryPoints: "owgwrestapi"
       service: "owgw-restapi"
-      rule: "Host(`{{ env "OWGW_HOSTNAME" }}`)"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
       tls:
         certResolver: "openwifi"
     owgw-rttys-view:
       entryPoints: "owgwrttysview"
       service: "owgw-rttys-view"
-      rule: "Host(`{{ env "OWGW_HOSTNAME" }}`)"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
       tls:
         certResolver: "openwifi"
     owsec-restapi:
       entryPoints: "owsecrestapi"
       service: "owsec-restapi"
-      rule: "Host(`{{ env "OWSEC_HOSTNAME" }}`)"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
       tls:
         certResolver: "openwifi"
     owfms-restapi:
       entryPoints: "owfmsrestapi"
       service: "owfms-restapi"
-      rule: "Host(`{{env "OWFMS_HOSTNAME"}}`)"
+      rule: "Host(`{{env "SDKHOSTNAME"}}`)"
       tls:
         certResolver: "openwifi"
     owprov-restapi:
       entryPoints: "owprovrestapi"
       service: "owprov-restapi"
-      rule: "Host(`{{env "OWPROV_HOSTNAME"}}`)"
+      rule: "Host(`{{env "SDKHOSTNAME"}}`)"
       tls:
         certResolver: "openwifi"
     owprov-ui-http:
-      entryPoints: "owgwuihttp"
+      entryPoints: "owprovuihttp"
       service: "owprov-ui"
-      rule: "Host(`{{ env "OWPROVUI_HOSTNAME" }}`)"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
     owprov-ui-https:
-      entryPoints: "owgwuihttps"
+      entryPoints: "owprovuihttps"
       service: "owprov-ui"
-      rule: "Host(`{{ env "OWPROVUI_HOSTNAME" }}`)"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
       tls:
         certResolver: "openwifi"
     owanalytics-restapi:
       entryPoints: "owanalyticsrestapi"
       service: "owanalytics-restapi"
-      rule: "Host(`{{env "OWANALYTICS_HOSTNAME"}}`)"
+      rule: "Host(`{{env "SDKHOSTNAME"}}`)"
       tls:
         certResolver: "openwifi"
     owsub-restapi:
       entryPoints: "owsubrestapi"
       service: "owsub-restapi"
-      rule: "Host(`{{env "OWSUB_HOSTNAME"}}`)"
+      rule: "Host(`{{env "SDKHOSTNAME"}}`)"
+      tls:
+        certResolver: "openwifi"
+    owrrm-openapi:
+      entryPoints: "owrrmopenapi"
+      service: "owrrm-openapi"
+      rule: "Host(`{{env "SDKHOSTNAME"}}`)"
       tls:
         certResolver: "openwifi"
 
@@ -134,6 +144,6 @@ tcp:
     owgw-rttys:
       entryPoints: "owgwrttys"
       service: "owgw-rttys"
-      rule: "HostSNI(`{{ env "OWGW_HOSTNAME" }}`)"
+      rule: "HostSNI(`*`)"
       tls:
-        certResolver: openwifi
+        passthrough: true

docker-compose/traefik/openwifi_selfsigned.yaml

@@ -15,6 +15,11 @@ http:
         servers:
           - url: "http://owprov-ui.wlan.local:80/"
 
+    owrrm-openapi:
+      loadBalancer:
+        servers:
+          - url: "http://owrrm.wlan.local:16789/"
+
   routers:
     owgw-ui-http:
       entryPoints: "owgwuihttp"
@@ -38,6 +43,12 @@ http:
       rule: "PathPrefix(`/`)"
       tls: {}
 
+    owrrm-openapi:
+      entryPoints: "owrrmopenapi"
+      service: "owrrm-openapi"
+      rule: "PathPrefix(`/`)"
+      tls: {}
+
 tcp:
   services:
     owgw-websocket:
@@ -137,7 +148,7 @@ tcp:
       tls:
         passthrough: true
     owsub-restapi:
-      entryPoints: "owpsubestapi"
+      entryPoints: "owsubrestapi"
       service: "owsub-restapi"
       rule: "HostSNI(`*`)"
       tls: