Update values.openwifi-qa.yaml

Changed FMS max age default to 360

.github/git-release-tool/git-release-tool.sh

@@ -0,0 +1,400 @@
+#!/bin/bash
+set -e
+
+# git-release-tool
+# This script is used to manually cut releases for the TIP OpenWIFI CloudSDK 2.x repos
+# For other details, see "usage" function or simply run script
+
+# Constants
+export PAGER=cat
+
+# Internal vars
+LOG_VERBOSITY_NUMBER=0
+REPO_TAGS_ARRAY=()
+
+# Helper functions
+## Logging functions
+log_notice() {
+  echo "[Notice] "$1
+}
+
+log_error() {
+  if [[ "$LOG_VERBOSITY_NUMBER" -ge 0 ]]; then
+    echo "[Error] "$1 >/dev/stderr
+  fi
+}
+
+log_info() {
+  if [[ "$LOG_VERBOSITY_NUMBER" -ge 1 ]]; then
+    echo "[Info] "$1
+  fi
+}
+
+log_debug() {
+  if [[ "$LOG_VERBOSITY_NUMBER" -ge 2 ]]; then
+    echo "[Debug] "$1
+  fi
+}
+
+## Usage info
+usage() {
+  echo
+  log_notice "$0 - script to cut releases for TIP OpenWIFI CloudSDK 2.x repos"
+  log_notice
+  log_notice "This script requires configuration file 'repositories.yaml' near the script and list of environment variables to work"
+  log_notice
+  log_notice "repositories.yaml file format:"
+  echo "deploy_repo_url: git@github.com:Telecominfraproject/wlan-cloud-ucentral-deploy.git # modify if repo name changes"
+  echo "repositories:"
+  echo "  - name: owgw-ui # should be the same as in image repository in helm values (i.e. tip-tip-wlan-cloud-ucentral.jfrog.io/owgw-ui)"
+  echo "    url: git@github.com:Telecominfraproject/wlan-cloud-owprov-ui.git # it's up to you to use SSH or HTTPS format and setup credentials for push/pull"
+  echo "    docker_compose_name: OWPROVUI # name of environment variable in docker-compose .env file containing image tag for the service"
+  log_notice
+  log_notice "List of required environment variables:"
+  log_notice "- RELEASE_VERSION - release version that should be applied to repositories. Should comply release nameing policy (valid example - 'v2.0.0' or 'v2.0.1')"
+  log_notice "- TAG_TYPE - type of tag that should be created for release (supported values - RC / FINAL)"
+  log_notice "- GIT_PUSH_CONFIRMED - confirmation that any changes should be pushed to git (dry-run if unset, set to 'true' to enable)"
+  log_notice
+  log_notice "You may increase log verbosity by setting environment variable LOG_VERBOSITY to required level (ERROR/INFO/DEBUG)"
+#
+}
+
+## Setting functions
+set_log_verbosity_number() {
+  # Log verbosity levels:
+  # 0 - ERROR
+  # 1 - INFO
+  # 2 - DEBUG
+  case $LOG_VERBOSITY in
+    ERROR )
+      LOG_VERBOSITY_NUMBER=0
+    ;;
+    INFO )
+      LOG_VERBOSITY_NUMBER=1
+    ;;
+    DEBUG )
+      LOG_VERBOSITY_NUMBER=2
+    ;;
+    * )
+      log_notice "Setting LOG_VERBOSITY to INFO by default"
+      LOG_VERBOSITY_NUMBER=1
+    ;;
+  esac
+}
+
+## Git manipulation functions
+modify_deploy_repo_values() {
+  NEW_RELEASE_TAG=$1
+  log_debug "NEW_RELEASE_TAG - $NEW_RELEASE_TAG"
+  REPOSITORIES_AMOUNT=$(cat ../release.repositories.yaml | yq ".repositories[].name" -r | wc -l)
+  for REPO_INDEX in $(seq 0 $(expr $REPOSITORIES_AMOUNT - 1)); do
+    REPO_URL=$(cat ../release.repositories.yaml | yq ".repositories[$REPO_INDEX].url" -r)
+    REPO_NAME_SUFFIXED=$(echo $REPO_URL | awk -F '/' '{print $NF}')
+    REPO_NAME_WITHOUT_SUFFIX=${REPO_NAME_SUFFIXED%.git}
+    REPO_DOCKER_COMPOSE_NAME=$(cat ../release.repositories.yaml | yq ".repositories[$REPO_INDEX].docker_compose_name" -r)
+    SERVICE_TAG="${REPO_TAGS_ARRAY[$REPO_INDEX]}"
+    log_debug "REPO_NAME_WITHOUT_SUFFIX - $REPO_NAME_WITHOUT_SUFFIX"
+    sed "s/$REPO_DOCKER_COMPOSE_NAME=.*/$REPO_DOCKER_COMPOSE_NAME=$SERVICE_TAG/" -i docker-compose/.env
+    sed "s/$REPO_DOCKER_COMPOSE_NAME=.*/$REPO_DOCKER_COMPOSE_NAME=$SERVICE_TAG/" -i docker-compose/.env.letsencrypt
+    sed "s/$REPO_DOCKER_COMPOSE_NAME=.*/$REPO_DOCKER_COMPOSE_NAME=$SERVICE_TAG/" -i docker-compose/.env.selfsigned
+    sed "/${REPO_NAME_WITHOUT_SUFFIX#*/}@/s/ref=.*/ref=$SERVICE_TAG\"/g" -i chart/Chart.yaml
+    sed "/repository: tip-tip-wlan-cloud-ucentral.jfrog.io\/clustersysteminfo/!b;n;s/tag: .*/tag: $NEW_RELEASE_TAG/" -i chart/values.yaml
+  done
+  LATEST_RELEASE_TAG=$(git tag | grep $RELEASE_VERSION | tail -1)
+  if [[ "$(git diff | wc -l)" -eq "0" ]] && [[ "$(git diff $LATEST_RELEASE_TAG)" -eq "0" ]]; then
+    log_info "No changes in microservices and since the latest tag are found, new release is not required"
+  else
+    sed 's/^version: .*/version: '${NEW_RELEASE_TAG#v}'/' chart/Chart.yaml -i
+  fi
+  git diff
+}
+
+modify_values() {
+  NEW_RELEASE_TAG=$1
+  if [[ "$(basename $PWD)" == "deploy" ]]; then
+    modify_deploy_repo_values $NEW_RELEASE_TAG
+  else
+    sed "/repository: tip-tip-wlan-cloud-ucentral.jfrog.io\/$(basename $PWD)/!b;n;s/tag: .*/tag: $NEW_RELEASE_TAG/" -i helm/values.yaml
+  fi
+  if [[ "$LOG_VERBOSITY_NUMBER" -ge 2 ]]; then
+    log_debug "Diff to me commited:"
+    git diff
+  fi
+  git add .
+  git commit -m"Chg: update image tag in helm values to $NEW_RELEASE_TAG"
+}
+
+push_changes() {
+  CURRENT_RELEASE=$(git rev-parse --abbrev-ref HEAD)
+  if [[ "$GIT_PUSH_CONFIRMED" == "true" ]]; then
+    log_info "Pushing branch changes and tags:"
+    git push -u origin $CURRENT_RELEASE
+    git push --tags
+  else
+    log_info "Skipping pushing of branch and tags due to GIT_PUSH_CONFIRMED not being set to 'true'"
+  fi
+}
+
+create_tag() {
+  TAG_TYPE_LOWERED=$(echo $TAG_TYPE | tr '[:upper:]' '[:lower:]')
+  if [[ "$TAG_TYPE_LOWERED" == "final" ]]; then
+    log_debug "Creating final tag"
+    modify_values $RELEASE_VERSION
+    git tag $RELEASE_VERSION
+    push_changes
+    REPO_TAGS_ARRAY+=($RELEASE_VERSION)
+  else
+    log_debug "Checking if there are tags in the current release branch"
+    LATEST_RELEASE_TAG=$(git tag | grep $RELEASE_VERSION | tail -1)
+    log_debug "Latest release tag found - '$LATEST_RELEASE_TAG'"
+    if [[ -z "$LATEST_RELEASE_TAG" ]]; then
+      log_info "There are no tags in the release branch, creating the first one"
+      NEW_RELEASE_TAG=$RELEASE_VERSION-RC1
+      log_debug "New tag - $NEW_RELEASE_TAG"
+      modify_values $NEW_RELEASE_TAG
+      git tag $NEW_RELEASE_TAG
+      push_changes
+      REPO_TAGS_ARRAY+=($NEW_RELEASE_TAG)
+    else
+      if [[ "$(basename $PWD)" == "deploy" ]]; then
+        NEW_RC=$(echo $LATEST_RELEASE_TAG | awk -F 'RC' '{print $2}')
+        NEW_RC=$(expr $NEW_RC + 1)
+        log_debug "New RC to create - $NEW_RC"
+        NEW_RELEASE_TAG=$RELEASE_VERSION-RC$NEW_RC
+        modify_deploy_repo_values $NEW_RELEASE_TAG
+        if [[ "v$(cat chart/Chart.yaml | yq '.version' -r)" == "$NEW_RELEASE_TAG" ]]; then
+          git add .
+          git commit -m"Chg: update image tag in helm values to $NEW_RELEASE_TAG"
+          git tag $NEW_RELEASE_TAG
+          push_changes
+          log_info "New tag $NEW_RELEASE_TAG was created and pushed"
+          REPO_TAGS_ARRAY+=($NEW_RELEASE_TAG)
+        else
+          log_info "New tag for deploy repo is not required, saving existing one ($LATEST_RELEASE_TAG)"
+          REPO_TAGS_ARRAY+=($LATEST_RELEASE_TAG)
+        fi
+      else
+        log_debug "Checking if the latest tag is on the latest commit"
+        LATEST_REVISION=$(git rev-parse HEAD)
+        LATEST_RELEASE_TAG_REVISION=$(git rev-parse $LATEST_RELEASE_TAG)
+        log_debug "Latest revision ----- $LATEST_REVISION"
+        log_debug "Latest tag revision - $LATEST_RELEASE_TAG_REVISION"
+        if [[ "$LATEST_REVISION" == "$LATEST_RELEASE_TAG_REVISION" ]]; then
+          log_info "Existing tag $LATEST_RELEASE_TAG is pointing to the latest commit in the release branch"
+          REPO_TAGS_ARRAY+=($LATEST_RELEASE_TAG)
+        else
+          NEW_RC=$(echo $LATEST_RELEASE_TAG | awk -F 'RC' '{print $2}')
+          NEW_RC=$(expr $NEW_RC + 1)
+          log_debug "New RC to create - $NEW_RC"
+          NEW_RELEASE_TAG=$RELEASE_VERSION-RC$NEW_RC
+          modify_values $NEW_RELEASE_TAG
+          git tag $NEW_RELEASE_TAG
+          push_changes
+          log_info "New tag $NEW_RELEASE_TAG was created and pushed"
+          REPO_TAGS_ARRAY+=($NEW_RELEASE_TAG)
+        fi
+      fi
+    fi
+  fi
+}
+
+check_final_tag() {
+  log_debug "Amount of final tags found - $(git tag | grep -x $RELEASE_VERSION | wc -l)"
+  if [[ "$(git tag | grep -x $RELEASE_VERSION | wc -l)" -gt "0" ]]; then
+    log_error "Final tag $RELEASE_VERSION already exists in release branch"
+    exit 1
+  fi
+}
+
+check_git_tags() {
+  if [[ "${#REPO_TAGS_ARRAY[@]}" -eq "0" ]] && [[ "$(basename $PWD)" == "deploy" ]]; then
+    log_info "This deploy clone run is required to get repositories tied to the release, we will make changes later."
+  else
+    RELEASE_TAGS_AMOUNT=$(git tag | grep $RELEASE_VERSION | wc -l)
+    log_info "Checking if there are any tags for current version ($RELEASE_VERSION)"
+    log_debug "Amount of tags linked with the release - $RELEASE_TAGS_AMOUNT"
+    if [[ "$RELEASE_TAGS_AMOUNT" -gt "0" ]]; then
+      log_info "Tags for release $RELEASE_VERSION are found, checking if final tag exist"
+      check_final_tag
+      create_tag
+    else
+      log_info "No tags found for current version, checking if there are any tags for release branch ($RELEASE_BRANCH_VERSION_BASE)"
+      RELEASE_BRANCH_TAGS_AMOUNT=$(git tag | grep $RELEASE_BRANCH_VERSION_BASE | wc -l)
+      log_debug "Amount of tags linked with the release branch - $RELEASE_BRANCH_TAGS_AMOUNT"
+      if [[ "$RELEASE_BRANCH_TAGS_AMOUNT" -gt "0" ]]; then
+        log_info "Tags for $RELEASE_BRANCH_VERSION_BASE are found, finding the latest one"
+        RELEASE_BRANCH_TAG_FINAL=$(git tag | grep $RELEASE_BRANCH_VERSION_BASE | grep -v 'RC' | tail -1)
+        if [[ ! -z "$RELEASE_BRANCH_TAG_FINAL" ]]; then
+          RELEASE_BRANCH_TAG=$RELEASE_BRANCH_TAG_FINAL
+        else
+          RELEASE_BRANCH_TAG=$(git tag | grep $RELEASE_BRANCH_VERSION_BASE | tail -1)
+        fi
+        log_info "Latest release tag in $RELEASE_BRANCH_VERSION_BASE - $RELEASE_BRANCH_TAG. Checking if there are changes since then"
+        DIFF_LINES_AMOUNT=$(git diff $RELEASE_BRANCH_TAG | wc -l)
+        if [[ "$DIFF_LINES_AMOUNT" -eq "0" ]]; then
+          log_info "No changes found since the latest release tag ($RELEASE_BRANCH_TAG), using it for new version"
+          REPO_TAGS_ARRAY+=($RELEASE_BRANCH_TAG)
+        else
+          log_info "Changes are found in the branch, creating a new tag"
+          create_tag
+        fi
+      else
+        log_info "Tags for $RELEASE_BRANCH_VERSION_BASE not found, creating new one"
+        create_tag
+      fi
+    fi
+  fi
+}
+
+check_release_branch() {
+  RELEASE_BRANCH=$1
+  git checkout $RELEASE_BRANCH -q
+  check_git_tags
+}
+
+create_release_branch() {
+  git checkout -b release/$RELEASE_BRANCH_VERSION -q
+  check_release_branch release/$RELEASE_BRANCH_VERSION
+}
+
+check_if_release_branch_required() {
+  LATEST_RELEASE_BRANCH=$(git branch -r | grep 'release/' | tail -1 | xargs)
+  log_debug "Latest release branch available - $LATEST_RELEASE_BRANCH"
+  if [[ -z "$LATEST_RELEASE_BRANCH" ]]; then
+    log_info "Could not find a single release branch, creating it"
+    create_release_branch $RELEASE_BRANCH_VERSION
+  else
+    LAST_RELEASE_DIFF_LINES_AMOUNT=$(git diff $LATEST_RELEASE_BRANCH ':(exclude)helm/values.yaml' | wc -l)
+    if [[ "$LAST_RELEASE_DIFF_LINES_AMOUNT" -eq "0" ]]; then
+      log_info "There are no changes in project since the latest release branch $LATEST_RELEASE_BRANCH so we will use tag from it"
+      LATEST_RELEASE=$(echo $LATEST_RELEASE_BRANCH | awk -F 'origin/release/' '{print $2}')
+      LATEST_RELEASE_BASE=$(echo $LATEST_RELEASE | cut -f 1,2 -d '.')
+      LATEST_RELEASE_TAG_FINAL=$(git tag | grep $LATEST_RELEASE_BASE | grep -v 'RC' | tail -1)
+      if [[ ! -z "$LATEST_RELEASE_TAG_FINAL" ]]; then
+        LATEST_RELEASE_TAG=$LATEST_RELEASE_TAG_FINAL
+      else
+        LATEST_RELEASE=$(git tag | grep $LATEST_RELEASE_BASE | tail -1)
+      fi
+      log_debug "Latest release - $LATEST_RELEASE"
+      log_debug "Latest release base - $LATEST_RELEASE_BASE"
+      log_debug "Latest release tag - $LATEST_RELEASE_TAG"
+      if [[ -z "$LATEST_RELEASE_TAG" ]]; then
+        log_info "Could not find any tags for $LATEST_RELEASE release, creating it"
+        check_release_branch $LATEST_RELEASE
+      else
+        log_info "Latest release tag found - $LATEST_RELEASE_TAG"
+        REPO_TAGS_ARRAY+=($LATEST_RELEASE_TAG)
+      fi 
+    else
+      log_info "New release branch for $RELEASE_BRANCH_VERSION is required, creating it"
+      create_release_branch $RELEASE_BRANCH_VERSION
+    fi
+  fi
+}
+
+get_release_branch_version() {
+  RELEASE_BRANCH_VERSION_BASE=$(echo $RELEASE_VERSION | cut -f 1,2 -d '.')
+  RELEASE_BRANCH_VERSION="$RELEASE_BRANCH_VERSION_BASE.0"
+  if [[ "$RELEASE_BRANCH_VERSION" != "$RELEASE_VERSION" ]]; then
+    log_info "Minor release version ($RELEASE_VERSION) deployment is detected, work will be checked in branch for $RELEASE_BRANCH_VERSION"
+  fi
+}
+
+create_repo_version() {
+  CWD=$PWD
+  REPO_NAME=$1
+  REPO_URL=$2
+  rm -rf $REPO_NAME
+  git clone -q $REPO_URL $REPO_NAME
+  cd $REPO_NAME
+  get_release_branch_version
+  log_debug "Release branch version - $RELEASE_BRANCH_VERSION"
+  DEFAULT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
+  RELEASE_BRANCH=$(git branch -r | grep $RELEASE_BRANCH_VERSION | awk -F 'origin/' '{print $2}' | xargs)
+  log_debug "Release branch to check - '$RELEASE_BRANCH'"
+  if [[ ! -z "$RELEASE_BRANCH" ]]; then
+    log_info "Release branch $RELEASE_BRANCH exists in the repository, checking if it has tags"
+    check_release_branch $RELEASE_BRANCH
+  else
+    log_info "Release branch does not exists in the repository, checking if we need to create it"
+    check_if_release_branch_required $DEFAULT_BRANCH
+  fi
+  log_info "Release commit info:"
+  git show
+  cd $CWD
+}
+
+# Log level setup
+set_log_verbosity_number
+
+# Check system requirements
+if ! command -v yq &> /dev/null; then
+    log_error "Command yq could not be found"
+    usage
+    exit 2
+fi
+if ! command -v sed &> /dev/null; then
+    log_error "Command sed could not be found"
+    usage
+    exit 2
+fi
+if ! command -v helm &> /dev/null; then
+    log_error "Command helm could not be found"
+    usage
+    exit 2
+fi
+if [[ "$(helm plugin list | grep -wP '(helm-git|diff)' | wc -l)" -ne "2" ]]; then
+    log_error "Helm plugins (helm-git and/or diff) are missing"
+    usage
+    exit 2
+fi
+
+# Check variables
+log_debug "Release version: ${RELEASE_VERSION}"
+[ -z ${RELEASE_VERSION+x} ] && echo "RELEASE_VERSION is unset" && usage && exit 3
+echo "${RELEASE_VERSION}" | grep -xP "v(\d)+\.(\d)+\.\d+" >/dev/null || (log_error "RELEASE_VERSION is not in the right notation (correct example - v2.2.0 or v2.2.2)" && usage && exit 3)
+log_debug "Tag type: ${TAG_TYPE}"
+[ -z ${TAG_TYPE+x} ] && echo "TAG_TYPE is unset" && usage && exit 3
+echo "${TAG_TYPE}" | tr '[:upper:]' '[:lower:]' | grep -xP "(rc|final)" >/dev/null || (log_error "TAG_TYPE is not in the supported values ('rc' or 'final', case insensitive)" && usage && exit 3)
+
+# Main body
+DEPLOY_REPO_URL=$(cat repositories.yaml | yq ".deploy_repo_url" -r)
+log_debug "DEPLOY_REPO_URL - $DEPLOY_REPO_URL"
+
+log_info "First we need to get repository list for tied deployment version"
+create_repo_version "deploy" $DEPLOY_REPO_URL
+cp deploy/.github/git-release-tool/repositories.yaml release.repositories.yaml
+rm -rf deploy
+
+log_info "Checking repositories"
+REPOSITORIES_AMOUNT=$(cat release.repositories.yaml | yq ".repositories[].name" -r | wc -l)
+log_info "Found $REPOSITORIES_AMOUNT repos to process"
+for REPO_INDEX in $(seq 0 $(expr $REPOSITORIES_AMOUNT - 1)); do
+  echo
+  REPO_NAME=$(cat release.repositories.yaml | yq ".repositories[$REPO_INDEX].name" -r)
+  REPO_URL=$(cat release.repositories.yaml | yq ".repositories[$REPO_INDEX].url" -r)
+  REPO_DOCKER_COMPOSE_NAME=$(cat release.repositories.yaml | yq ".repositories[$REPO_INDEX].docker_compose_name" -r)
+  log_debug "REPO_NAME - $REPO_NAME"
+  log_debug "REPO_URL - $REPO_URL"
+  log_debug "REPO_DOCKER_COMPOSE_NAME - $REPO_DOCKER_COMPOSE_NAME"
+  log_info "Processing repository '$REPO_NAME'"
+  create_repo_version $REPO_NAME $REPO_URL
+  rm -rf $REPO_NAME
+done
+log_debug "Tags per project: ${REPO_TAGS_ARRAY[*]}"
+
+echo
+log_info "Preparing changes in deploy repo"
+create_repo_version "deploy" $DEPLOY_REPO_URL
+
+echo
+log_info "Services versions:"
+for REPO_INDEX in $(seq 0 $(expr $REPOSITORIES_AMOUNT - 1)); do
+  REPO_NAME=$(cat release.repositories.yaml | yq ".repositories[$REPO_INDEX].name" -r)
+  log_info "- $REPO_NAME - ${REPO_TAGS_ARRAY[$REPO_INDEX]}"
+done
+log_info "Deployment repo version - ${REPO_TAGS_ARRAY[-1]}"
+rm release.repositories.yaml
+if [[ "$GIT_PUSH_CONFIRMED" != "true" ]]; then
+  log_info "To apply changes described above, set GIT_PUSH_CONFIRMED to 'true' and rerun this script"
+fi

.github/git-release-tool/repositories.yaml

@@ -0,0 +1,29 @@
+deploy_repo_url: https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git
+repositories:
+  - name: owgw
+    url: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw.git
+    docker_compose_name: OWGW_TAG
+  - name: owsec
+    url: https://github.com/Telecominfraproject/wlan-cloud-ucentralsec.git
+    docker_compose_name: OWSEC_TAG
+  - name: owfms
+    url: https://github.com/Telecominfraproject/wlan-cloud-ucentralfms.git
+    docker_compose_name: OWFMS_TAG
+  - name: owgw-ui
+    url: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui.git
+    docker_compose_name: OWGWUI_TAG
+  - name: owprov-ui
+    url: https://github.com/Telecominfraproject/wlan-cloud-owprov-ui.git
+    docker_compose_name: OWPROVUI_TAG
+  - name: owprov
+    url: https://github.com/Telecominfraproject/wlan-cloud-owprov.git
+    docker_compose_name: OWPROV_TAG
+  - name: owanalytics
+    url: https://github.com/Telecominfraproject/wlan-cloud-analytics.git
+    docker_compose_name: OWANALYTICS_TAG
+  - name: owsub
+    url: https://github.com/Telecominfraproject/wlan-cloud-userportal.git
+    docker_compose_name: OWSUB_TAG
+  - name: owrrm
+    url: https://github.com/Telecominfraproject/wlan-cloud-rrm.git
+    docker_compose_name: OWRRM_TAG

.github/workflows/ci.yml

@@ -0,0 +1,113 @@
+name: CI
+
+on:
+  push:
+    tags:
+      - 'v*'
+      - '!v*-RC*'
+  pull_request:
+    branches:
+      - main
+      - 'release/*'
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  envs:
+    name: Setup environment variables for further tests
+    if: startsWith(github.ref, 'refs/pull/') || startsWith(github.ref, 'refs/tags/v')
+    runs-on: ubuntu-latest
+    outputs:
+      pr_branch: ${{ steps.get_branch_names.outputs.pr_branch }}
+      deployment_upgrade_tag: ${{ steps.get_deployment_upgrade_tag.outputs.tag }}
+      deployment_tag: ${{ steps.get_deployment_tag.outputs.tag }}
+    steps:
+    - name: Get branch names and set as outputs
+      id: get_branch_names
+      if: startsWith(github.ref, 'refs/pull/')
+      run: |
+        echo "pr_branch=$(echo ${GITHUB_HEAD_REF})" >> $GITHUB_OUTPUT
+
+    - name: Get created deployment tag and set as output
+      id: get_deployment_upgrade_tag
+      if: startsWith(github.ref, 'refs/tags/v')
+      run: |
+        echo "tag=$(echo ${GITHUB_REF#refs/tags/})" >> $GITHUB_OUTPUT
+
+    - name: Get previous deployment tag
+      id: get_deployment_tag
+      if: startsWith(github.ref, 'refs/tags/v')
+      run: |
+        echo "tag=$(git tag | grep -v RC | tail -2 | head -1)" >> $GITHUB_OUTPUT
+
+  trigger-docker-compose-testing:
+    if: startsWith(github.ref, 'refs/pull/')
+    runs-on: ubuntu-latest
+    needs: envs
+    steps:
+    - name: Checkout actions repo
+      uses: actions/checkout@v3
+      with:
+        repository: Telecominfraproject/.github
+        path: github
+
+    - name: Trigger testing of OpenWifi Docker Compose deployment and wait for result
+      uses: ./github/composite-actions/trigger-workflow-and-wait
+      env:
+        PR_BRANCH: ${{ needs.envs.outputs.pr_branch }}
+      with:
+        owner: Telecominfraproject
+        repo: wlan-testing
+        workflow: ow_docker-compose.yml
+        token: ${{ secrets.WLAN_TESTING_PAT }}
+        ref: master
+        inputs: '{"deployment_version": "${{ env.PR_BRANCH }}", "microservice": "all"}'
+
+  trigger-k8s-testing:
+    if: startsWith(github.ref, 'refs/pull/')
+    runs-on: ubuntu-latest
+    needs: envs
+    steps:
+    - name: Checkout actions repo
+      uses: actions/checkout@v3
+      with:
+        repository: Telecominfraproject/.github
+        path: github
+
+    - name: Trigger testing of OpenWifi Docker Compose deployment and wait for result
+      uses: ./github/composite-actions/trigger-workflow-and-wait
+      env:
+        PR_BRANCH: ${{ needs.envs.outputs.pr_branch }}
+      with:
+        owner: Telecominfraproject
+        repo: wlan-testing
+        workflow: ow_k8s.yml
+        token: ${{ secrets.WLAN_TESTING_PAT }}
+        ref: master
+        inputs: '{"deployment_version": "${{ env.PR_BRANCH }}", "microservice": "all"}'
+
+  trigger-docker-compose-upgrade-testing:
+    if: startsWith(github.ref, 'refs/tags/v')
+    runs-on: ubuntu-latest
+    needs: envs
+    steps:
+    - name: Checkout actions repo
+      uses: actions/checkout@v3
+      with:
+        repository: Telecominfraproject/.github
+        path: github
+
+    - name: Trigger testing of OpenWifi Docker Compose deployment upgrade and wait for result
+      uses: ./github/composite-actions/trigger-workflow-and-wait
+      env:
+        DEPLOYMENT_TAG: ${{ needs.envs.outputs.deployment_tag }}
+        DEPLOYMENT_UPGRADE_TAG: ${{ needs.envs.outputs.deployment_upgrade_tag }}
+      with:
+        owner: Telecominfraproject
+        repo: wlan-testing
+        workflow: ow_docker-compose-upgrade-test.yml
+        token: ${{ secrets.WLAN_TESTING_PAT }}
+        ref: master
+        inputs: '{"deployment_version": "${{ env.DEPLOYMENT_TAG }}", "deployment_upgrade_version": "${{ env.DEPLOYMENT_UPGRADE_TAG }}"}'

.github/workflows/clustersysteminfo_image_ci.yml

@@ -0,0 +1,67 @@
+name: Build cluster systeminfo checker image
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - 'v*'
+  # TODO delete after tests
+  pull_request:
+    branches:
+      - main
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  docker:
+    runs-on: ubuntu-20.04
+    env:
+      DOCKER_REGISTRY_URL: tip-tip-wlan-cloud-ucentral.jfrog.io
+      DOCKER_REGISTRY_USERNAME: ucentral
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Build Docker image
+      working-directory: chart/docker
+      run: docker build -t wlan-cloud-clustersysteminfo:${{ github.sha }} .
+
+    - name: Tag Docker image
+      run: |
+        TAGS="${{ github.sha }}"
+
+        if [[ ${GITHUB_REF} == "refs/heads/"* ]]
+        then
+          CURRENT_TAG=$(echo ${GITHUB_REF#refs/heads/} | tr '/' '-')
+          TAGS="$TAGS $CURRENT_TAG"
+        else
+          if [[ ${GITHUB_REF} == "refs/tags/"* ]]
+          then
+            CURRENT_TAG=$(echo ${GITHUB_REF#refs/tags/} | tr '/' '-')
+            TAGS="$TAGS $CURRENT_TAG"
+          else # PR build
+            CURRENT_TAG=$(echo ${GITHUB_HEAD_REF#refs/heads/} | tr '/' '-')
+            TAGS="$TAGS $CURRENT_TAG"
+          fi
+        fi
+
+        echo "Result tags: $TAGS"
+
+        for tag in $TAGS; do
+          docker tag wlan-cloud-clustersysteminfo:${{ github.sha }} ${{ env.DOCKER_REGISTRY_URL }}/clustersysteminfo:$tag
+        done
+
+    - name: Log into Docker registry
+      if: startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/pull/') || github.ref == 'refs/heads/main'
+      uses: docker/login-action@v2
+      with:
+        registry: ${{ env.DOCKER_REGISTRY_URL }}
+        username: ${{ env.DOCKER_REGISTRY_USERNAME }}
+        password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
+
+    - name: Push Docker images
+      if: startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/pull/') || github.ref == 'refs/heads/main'
+      run: |
+        docker images | grep ${{ env.DOCKER_REGISTRY_URL }}/clustersysteminfo | awk -F ' ' '{print $1":"$2}' | xargs -I {} docker push {}

.github/workflows/enforce-jira-issue-key.yml

@@ -0,0 +1,22 @@
+name: Ensure Jira issue is linked
+
+on:
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+jobs:
+  check_for_issue_key:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout actions repo
+        uses: actions/checkout@v3
+        with:
+          repository: Telecominfraproject/.github
+          path: github
+
+      - name: Run JIRA check
+        uses: ./github/composite-actions/enforce-jira-issue-key
+        with:
+          jira_base_url: ${{ secrets.TIP_JIRA_URL }}
+          jira_user_email: ${{ secrets.TIP_JIRA_USER_EMAIL }}
+          jira_api_token: ${{ secrets.TIP_JIRA_API_TOKEN }}

.github/workflows/git-release.yml

@@ -0,0 +1,59 @@
+name: Create new release for OpenWIFI 2.x services
+
+on:
+  workflow_dispatch:
+    inputs:
+      release_version:
+        description: 'Release version to create (i.e. v2.4.0)'
+        required: true
+      tag_type:
+        default: 'rc'
+        description: 'Tag type to create (final OR rc)'
+        required: true
+      push_confirm:
+        default: ''
+        description: 'Set to "true" if changes should be pushed (dry-run enabled by default)'
+        required: false
+      log_level:
+        default: 'INFO'
+        description: 'Log level for the script (ERROR/INFO/DEBUG)'
+        required: false
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  create_release:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repo
+      uses: actions/checkout@v3
+      with:
+        path: wlan-cloud-ucentral-deploy
+
+    - name: Install system dependencies
+      run: |
+        pip3 install yq
+        helm plugin install https://github.com/databus23/helm-diff
+        helm plugin install https://github.com/aslafy-z/helm-git
+        ls ~/.local/share/helm/plugins/helm-git/helm-git-plugin.sh || true
+        sed 's/--skip-refresh //' -i ~/.local/share/helm/plugins/helm-git/helm-git-plugin.sh
+
+    - name: Run release creation script
+      working-directory: wlan-cloud-ucentral-deploy/.github/git-release-tool
+      run: |
+        export RELEASE_VERSION=${{ github.event.inputs.release_version }}
+        export TAG_TYPE=${{ github.event.inputs.tag_type }}
+        export GIT_PUSH_CONFIRMED=${{ github.event.inputs.push_confirm }}
+        export LOG_VERBOSITY=${{ github.event.inputs.log_level }}
+        mkdir -p ~/.ssh
+        chmod -R 700 ~/.ssh
+        ssh-keyscan -H github.com >> ~/.ssh/known_hosts
+        echo https://tip-automation:${{ secrets.GIT_PUSH_PAT }}@github.com > ~/.git-credentials
+        git config --global credential.helper store
+        git config --global user.email "tip-automation@telecominfraproject.com"
+        git config --global user.name "TIP Automation User"
+        helm repo add bitnami https://charts.bitnami.com/bitnami
+        helm repo update
+        ./git-release-tool.sh

.github/workflows/release.yml

@@ -17,27 +17,27 @@ jobs:
       HELM_REPO_USERNAME: ucentral
     steps:
       - name: Checkout uCentral assembly chart repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           path: wlan-cloud-ucentral-deploy
           repository: Telecominfraproject/wlan-cloud-ucentral-deploy
 
-      - name: Run pre-checks
-        working-directory: wlan-cloud-ucentral-deploy/chart
-        run: |
-          pip3 install yq -q
-          export CHART_VERSION=$(cat Chart.yaml | yq .version -r)
-          export GIT_TAG=$(echo ${GITHUB_REF} | sed -e 's/refs\/tags\/[v]//' | tr '/' '-')
-          if [ "$CHART_VERSION" != "$GIT_TAG" ]; then
-            echo "Chart version in Chart.yaml ($CHART_VERSION) is different from Git tag ($GIT_TAG)";
-            exit 1
-          fi
-
-          if [ "$(cat Chart.yaml | yq '.dependencies[].repository' -r | grep -E 'ref=(main|master)' | wc -l)" != "0" ]; then
-            echo "Some of the dependencies does not have a fixed version set. List of affected dependencies:";
-            cat Chart.yaml | yq '.dependencies[].repository' -r | grep -E 'ref=(main|master)';
-            exit 1
-          fi
+#      - name: Run pre-checks
+#        working-directory: wlan-cloud-ucentral-deploy/chart
+#        run: |
+#          pip3 install yq -q
+#          export CHART_VERSION=$(cat Chart.yaml | yq .version -r)
+#          export GIT_TAG=$(echo ${GITHUB_REF} | sed -e 's/refs\/tags\/[v]//' | tr '/' '-')
+#          if [ "$CHART_VERSION" != "$GIT_TAG" ]; then
+#            echo "Chart version in Chart.yaml ($CHART_VERSION) is different from Git tag ($GIT_TAG)";
+#            exit 1
+#          fi
+#
+#          if [ "$(cat Chart.yaml | yq '.dependencies[].repository' -r | grep -E 'ref=(main|master)' | wc -l)" != "0" ]; then
+#            echo "Some of the dependencies does not have a fixed version set. List of affected dependencies:";
+#            cat Chart.yaml | yq '.dependencies[].repository' -r | grep -E 'ref=(main|master)';
+#            exit 1
+#          fi
 
       - name: Build package
         working-directory: wlan-cloud-ucentral-deploy/chart
@@ -74,3 +74,15 @@ jobs:
         with:
           body_path: wlan-cloud-ucentral-deploy/chart/release.txt
           files: wlan-cloud-ucentral-deploy/chart/dist/*
+
+  trigger-testing:
+    runs-on: ubuntu-latest
+    needs: helm-package
+    steps:
+    - name: Trigger testing of release
+      uses: peter-evans/repository-dispatch@v1
+      with:
+        token: ${{ secrets.WLAN_TESTING_PAT }}
+        repository: Telecominfraproject/wlan-testing
+        event-type: new-ap-release
+        client-payload: '{"ref": "${GITHUB_REF#refs/tags/}", "sha": "${{ github.sha }}"}'

.gitignore

@@ -1,8 +1,7 @@
 *.swp
 chart/charts/*
-!chart/charts/.gitkeep
+chart/Chart.lock
+chart/environment-values/wlan-cloud-ucentral-deploy/
 /docker-compose/certs/
-/docker-compose/*-data/data/
-/docker-compose/*-data/uploads/
-/docker-compose/.env
-/docker-compose/.env_*
+/docker-compose/*_data
+/docker-compose/owls/*_data

README.md

@@ -15,6 +15,6 @@ This is a short version of [uCentral branching model](https://telecominfraprojec
 
 1. Create release branch with next Chart version (check Git tags for the latest version - for example if latest tag was `v0.1.0`, create release branch `release/v0.1.1`), set required microservices tags in refs in Chart.yaml (for example, if we want to have this version to be tied to ucentralgw release version `v2.0.0`, we should set it’s repository to `"git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.0.0"`).
 2. Increase Helm version in [Chart.yaml](./chart/Chart.yaml) to the same version as Git tag (for example if the latest git tag is `v0.1.0`, set version `0.1.1` (**without v in it**) in Chart.yaml).
-3. Also increase the microservice image tags used by the Docker Compose deployment according to the release in the [.env](./docker-compose/.env) file.
+3. Also increase the microservice image tags used by the Docker Compose deployments according to the release in the 'Image tags' section of the `docker-compose/.env`, `docker-compose/.env.selfsigned` and `docker-compose/.env.letsencrypt` files.
 4. Create new git tag from release branch. The Git tag should have the same name as the intended release version. Once the tag is pushed to the repo, Github will trigger a build process that will create an assembly Helm chart bundle with all version fixed to the release equal to the Git tag name and will publish it to the public Artifactory and as GitHub release asset.
 5. Release to the QA namespace using the packaged Helm assembly chart to verify there are no issues related to the deployment.

chart/.helmignore

@@ -20,3 +20,7 @@
 .idea/
 *.tmproj
 .vscode/
+# Chart dependencies
+docker/
+environment-values/
+feature-values/

chart/Chart.lock

@@ -1,21 +0,0 @@
-dependencies:
-- name: ucentralgw
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=master
-  version: 0.1.0
-- name: ucentralsec
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=main
-  version: 0.1.0
-- name: ucentralfms
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=main
-  version: 0.1.0
-- name: ucentralgwui
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=main
-  version: 0.1.0
-- name: rttys
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty@chart?ref=main
-  version: 0.1.0
-- name: kafka
-  repository: https://charts.bitnami.com/bitnami
-  version: 13.0.2
-digest: sha256:1e144681dd3b4edcb831cb37d342820dfc82ab05ccfa0be004d7c7450a402011
-generated: "2021-08-04T19:26:33.071800266+03:00"

chart/Chart.yaml

@@ -1,27 +1,53 @@
 apiVersion: v2
-name: wlan-cloud-ucentral
+name: openwifi
 appVersion: "1.0"
 description: A Helm chart for Kubernetes
-version: 2.1.0-RC1
+version: 0.1.0
 dependencies:
-- name: ucentralgw
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.1.0-RC1"
+- name: owgw
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=master"
   version: 0.1.0
-- name: ucentralsec
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.1.0-RC1"
+- name: owsec
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=main"
   version: 0.1.0
-- name: ucentralfms
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.1.0-RC1"
+- name: owfms
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=main"
   version: 0.1.0
-- name: ucentralgwui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.1.0-RC1"
+- name: owprov
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=main"
   version: 0.1.0
-  condition: ucentralgwui.enabled
-- name: rttys
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty@chart?ref=v0.1.0"
+- name: owanalytics
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-analytics@helm?ref=main"
+  version: 0.1.0
+- name: owgwui
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=main"
+  version: 0.1.0
+- name: owprovui
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=main"
+  version: 0.1.0
+- name: owsub
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-userportal@helm?ref=main"
+  version: 0.1.0
+- name: owrrm
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-rrm@helm?ref=main"
   version: 0.1.0
-  condition: rttys.enabled
 - name: kafka
-  repository: https://charts.bitnami.com/bitnami
+  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
   version: 13.0.2
   condition: kafka.enabled
+- name: owls
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owls@helm?ref=main"
+  version: 0.1.0
+  condition: owls.enabled
+- name: owlsui
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owls-ui@helm?ref=master"
+  version: 0.1.0
+  condition: owlsui.enabled
+- name: haproxy
+  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
+  version: 0.2.21
+  condition: haproxy.enabled
+- name: postgresql-ha
+  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
+  version: 8.6.13
+  condition: postgresql-ha.enabled

chart/README.md

@@ -1,39 +1,112 @@
-# ucentralgw
+# openwifi
 
-This Helm chart helps to deploy uCentral with all required dependencies to the Kubernetes clusters. Purpose of this chart is to setup correct connections between other microservices and other dependencies with correct Values and other charts as dependencies in [chart definition](Chart.yaml)
+This Helm chart helps to deploy OpenWIFI Cloud SDK with all required dependencies to the Kubernetes clusters. Purpose of this chart is to setup correct connections between other microservices and other dependencies with correct Values and other charts as dependencies in [chart definition](Chart.yaml)
 
 ## TL;DR;
 
 [helm-git](https://github.com/aslafy-z/helm-git) is required for remote the installation as it pull charts from other repositories for the deployment, so intall it if you don't have it already.
 
+Using that you can deploy Cloud SDK with 2 setups - without TLS certificates for RESTAPI endpoints and with them.
+
+In both cases Websocket endpoint should be exposed through LoadBalancer. In order to get IP address or DNS FQDN of that endpoint you may refer to `kubectl get svc | grep proxy | awk -F ' ' '{print $4}'`. Used port is 15002, but you would need to disable TLS check on AP side since certificate is issued for `*.wlan.local`.
+
+### Deployment with TLS certificates
+
+This deployment method requires usage of [cert-manager](https://cert-manager.io/docs/) (tested minimal Helm chart version is `v1.6.1`) in your Kubernetes installation in order to issue self-signed PKI for internal communication. In this case you will have to trust the self-signed certificates via your browser. Just like in previous method you still need OWGW Websocket TLS certificate, so you can use the same certificates with another values file using these commands:
+
 ```bash
-$ helm install .
+$ helm dependency update
+$ kubectl create secret generic openwifi-certs --from-file=../docker-compose/certs/
+$ helm upgrade --install -f environment-values/values.base.secure.yaml openwifi .
 ```
 
+In order to acces the UI and other RESTAPI endpoints you should run the following commands after the deployment:
+
+```
+$ kubectl port-forward deployment/proxy 5912 5913 16001 16002 16003 16004 16005 16006 16009 &
+$ kubectl port-forward deployment/owrrm 16789 &
+$ kubectl port-forward deployment/owgwui 8080:80 &
+$ kubectl port-forward deployment/owprovui 8088:80 &
+```
+
+From here Web UI may be accessed using http://localhost:8080 and Provisioning UI may be accessed using http://localhost:8088 .
+
+### Deployment without TLS certificates
+
+**IMPORTANT** Currently this method is not available due to issues in current implementation on microservices side (not being able to use Web UI because of error on Websocket upgrade on OWGW connections), please use TLS method for now.
+
+For this deployment method you will need to disable usage of TLS certificates, yet you will still need a TLS certificate for Websocket endpoint of OWGW. Here are the required steps for the deployment where websocket certificates from [docker-compose certs directory](../docker-compose/certs) and special values file to disable TLS for REST API endpoint will be used:
+
+```bash
+$ helm dependency update
+$ kubectl create secret generic openwifi-certs --from-file=../docker-compose/certs/
+$ helm upgrade --install -f environment-values/values.base.insecure.yaml openwifi .
+```
+
+In order to acces the UI and other RESTAPI endpoints you should run the following commands after the deployment:
+
+```
+$ kubectl port-forward deployment/proxy 5912 5913 16001 16002 16003 16004 16005 16006 16009 &
+$ kubectl port-forward deployment/owrrm 16789 &
+$ kubectl port-forward deployment/owgwui 8080:80 &
+$ kubectl port-forward deployment/owprovui 8088:80 &
+```
+
+From here Web UI may be accessed using http://localhost:8080 and Provisioning UI may be accessed using http://localhost:8088 .
+
+During the requests through UI errors may happen - that means that you haven't added certificate exception in browser. In order to that open browser dev tools (F12), open Network tab and see what requests are failing, open them and accept the exceptions.
+
+### Default password change
+
+Then change the default password as described in [owsec docs](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/tree/main#changing-default-password).
+
+Values files passed in the installation is using default certificates that may be used for initial evaluation (same certificates are used in [docker-compose](../docker-compose/certs) method) using `*.wlan.local` domains. If you want to change those certificates, please set them in Helm values files instead of default certificates (see default values in `values.yaml` file).
+
+If you are using default values without changing [OWSEC config properties](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/939869948f77575ba0e92c0fb12f2197802ffe71/helm/values.yaml#L212-L213) in your values file, you may access the WebUI using following credentials:
+
+> Username: tip@ucentral.com
+> Password: openwifi
+
 ## Introduction
 
-This chart bootstraps an uCentral on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+This chart bootstraps the OpenWIFI Cloud SDK on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
 
 Current dependencies may be found in [chart definition](Chart.yaml) and list will be extended when new services will be introduced.
 
 ## Installing the Chart
 
-To install the chart with the release name `my-release`:
+There are multiple ways to install this chart. Described commands will deploy the OpenWIFI Cloud SDK on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that will be overwritten above default values from dependent charts.
+
+### Installation using local git repo
+
+To install the chart from local git repo with the release name `my-release` you need to first update dependencies as it is required with dependencies deployed by helm-git:
 
 ```bash
-$ helm install --name my-release git+https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/@chart?ref=main
+$ helm dependency update
+$ helm install .
 ```
 
-The command deploys ucentralgw on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that will be overwritten above default values from dependent charts.
+### Installation using remote chart
 
-> **Tip**: List all releases using `helm list`
-
-If you need to update your release, it could be required to update your helm charts dependencies before installation:
+To install the chart with the release name `my-release` you need to first update dependencies as it is required with dependencies deployed by helm-git:
 
 ```bash
-helm dependency update
+$ helm install --name my-release git+https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy@chart/openwifi-0.1.0.tgz?ref=main
 ```
 
+### Installation using external repo
+
+This approach requires adding external helm repo and new versions are build for every [release](https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/releases):
+
+```bash
+helm repo add tip-wlan https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
+helm install my-release tip-wlan/openwifi
+```
+
+## Required password changing on the first startup
+
+One important action that must be done before using the deployment is changing password for the default user in owsec as described in [owsec docs](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/tree/main#changing-default-password). Please use these docs to find the actions that must be done **after** the deployment in order to start using your deployment.
+
 ## Uninstalling the Chart
 
 To uninstall/delete the `my-release` deployment:
@@ -50,19 +123,49 @@ The following table lists the configurable parameters that overrides microservic
 
 | Parameter | Type | Description | Default |
 |-----------|------|-------------|---------|
-| `ucentralgw.configProperties."ucentral\.kafka\.enable"` | string | Configures uCentralGW to use Kafka for communication | `'true'` |
-| `ucentralgw.configProperties."ucentral\.kafka\.brokerlist"` | string | Sets up Kafka broker list for uCentralGW to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
-| `ucentralsec.configProperties."ucentral\.kafka\.enable"` | string | Configures uCentralSec to use Kafka for communication | `'true'` |
-| `ucentralsec.configProperties."ucentral\.kafka\.brokerlist"` | string | Sets up Kafka broker list for uCentralSec to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
-| `rttys.enabled` | boolean | Enables [rttys](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty) deployment | `True` |
-| `rttys.config.token` | string | Sets default rttys token |  |
-| `kafka.enabled` | boolean | Enables [kafka](https://github.com/bitnami/charts/blob/master/bitnami/kafka/) deployment | `True` |
+| `owgw.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Gateway to use Kafka for communication | `'true'` |
+| `owgw.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Gateway to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
+| `owgw.certs` | map | Map with multiline string containing TLS certificates and private keys required for service (see [OWGW repo](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/) for details) |  |
+| `owgw.certsCAs` | map | Map with multiline string containing TLS CAs required for service (see [OWGW repo](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/) for details) |  |
+| `owsec.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Security to use Kafka for communication | `'true'` |
+| `owsec.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
+| `owsec.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Security to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
+| `owfms.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Firmware to use Kafka for communication | `'true'` |
+| `owfms.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Firmware to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
+| `owfms.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
+| `owprov.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Provisioning to use Kafka for communication | `'true'` |
+| `owprov.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Provisioning to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
+| `owprov.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
+| `owanalytics.enabled` | boolean | Install OpenWIFI Analytics in the release | `false` |
+| `owanalytics.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Analytics to use Kafka for communication | `'true'` |
+| `owanalytics.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Analytics to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
+| `owanalytics.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
+| `owsub.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Subscription to use Kafka for communication | `'true'` |
+| `owsub.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Subscription to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
+| `owsub.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
+| `owrrm.public_env_variables` | map | Map of public environment variables passed to OpenWIFI RRM service |  |
+| `owrrm.mysql.enabled` | boolean | Flag to enable MySQL database deployment of OpenWIFI RRM service using subchart | `true` |
+| `kafka.enabled` | boolean | Enables [kafka](https://github.com/bitnami/charts/blob/master/bitnami/kafka/) deployment | `true` |
 | `kafka.fullnameOverride` | string | Overrides Kafka Kubernetes service name so it could be predictable and set in microservices configs | `'kafka'` |
 | `kafka.image.registry` | string | Kafka Docker image registry | `'docker.io'` |
 | `kafka.image.repository` | string | Kafka Docker image repository | `'bitnami/kafka'` |
 | `kafka.image.tag` | string | Kafka Docker image tag | `'2.8.0-debian-10-r43'` |
 | `kafka.minBrokerId` | number | Sets Kafka minimal broker ID (useful for multi-node Kafka installations) | `100` |
-| `ucentralgwui.enabled` | boolean | Enables [uCentralGW-UI](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui) deployment | `True` |
+| `clustersysteminfo.enabled` | boolean | Enables post-install check that makes sure that all services are working correctly using systeminfo RESTAPI method | `false` |
+| `clustersysteminfo.delay` | integer | Number of seconds to delay clustersysteminfo execution | `0` |
+| `clustersysteminfo.public_env_variables` | hash | Map of public environment variables that will be passed to the script (required for configuration) |  |
+| `clustersysteminfo.secret_env_variables` | hash | Map of secret environment variables that will be passed to the script (for example, password) |  |
+| `clustersysteminfo.activeDeadlineSeconds` | integer | Number of seconds that are allowed for job to run before failing with Dealine Exceeded error | `2400` |
+| `clustersysteminfo.backoffLimit` | integer | Number of jobs retries before job failure | `5` |
+| `owls.enabled` | boolean | Install OpenWIFI Load Simulator in the release | `false` |
+| `owls.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Load Simulator to use Kafka for communication | `'true'` |
+| `owls.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Load Simulator to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
+| `owlsui.enabled` | boolean | Install OpenWIFI Load Simulator Web UI in the release | `false` |
+| `haproxy.enabled` | boolean | Install HAproxy as a unified TCP proxy for services | `true` |
+| `haproxy.replicaCount` | Integer | Amount of HAproxy pods to start | `3` |
+| `restapiCerts.enabled` | boolean | Enable generation of self-signed certificates for REST API private endpoints (see details below) | `false` |
+| `restapiCerts.services` | array | List of services that require certificates generation |  |
+| `restapiCerts.clusterDomain` | string | Kubernetes cluster domain | `cluster.local` |
 
 If required, further overrides may be passed. They will be merged with default values from this chart and other subcharts with priority to values you'll pass.
 
@@ -70,11 +173,11 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
 
 ```bash
 $ helm install --name my-release \
-  --set ucentralgw.replicaCount=1 \
+  --set owgw.replicaCount=1 \
     .
 ```
 
-The above command sets that only 1 instance of ucentralgw to be running
+The above command sets that only 1 instance of OpenWIFI Gateway to be running
 
 Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
 
@@ -83,3 +186,88 @@ $ helm install --name my-release -f values.yaml .
 ```
 
 > **Tip**: You can use the default [values.yaml](values.yaml) as a base for customization.
+
+## Optional features
+
+Some features of the SDK are not enabled by default, but you may enable them by changing your values file. Below you may find information about supported features and values that may be used as a base to enable these changes. As an example of used values you may check values files in [wlan-testing](https://github.com/Telecominfraproject/wlan-testing/tree/master/helm/ucentral) repository that are used for different automated testing pipelines.
+
+If you want to enable different features, you may try passing additional values files using `-f` flag during `helm install/upgrade` commands.
+
+### Cluster systeminfo check
+
+By setting `clusterinfo.enabled` to `true` you may enable job on post-install/post-upgrade step that will do the following:
+
+1. Change default security credentials from credentials set in OWSEC configuration file (see 'Required password changing on the first startup' block above)
+2. Check if all services started responding correctly after the deployment using systeminfo REST API method
+
+In order to do that, you need to additionaly set multiple parameters:
+
+1. clusterinfo.public_env_variables.OWSEC - OWSEC endpoint to use for CLI tools
+2. clusterinfo.secret_env_variables.OWSEC_DEFAULT_USERNAME - username used for CLI requests (see OWSEC configuration file for details)
+3. clusterinfo.secret_env_variables.OWSEC_DEFAULT_PASSWORD - default password stored in OWSEC configuration that is required for initial password change
+4. clusterinfo.secret_env_variables.OWSEC_NEW_PASSWORD - new password that should be set instead of default OWSEC password. It is set only once, then used all the time. Password must comply https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationvalidationexpression
+
+If you are interested in script itself, see [script](https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/blob/main/chart/docker/clustersysteminfo).
+
+You may see example values to enable this feature in [values.enable-clustersysteminfo.yaml](./feature-values/values.enable-clustersysteminfo.yaml).
+
+### Load simulation
+
+Chart also allows to install [OWLS](https://github.com/Telecominfraproject/wlan-cloud-owls) and [OWLS-UI](https://github.com/Telecominfraproject/wlan-cloud-owls-ui) alongside your installation if you are interested in load testing your installation. See services repositories for available options and configuration details.
+
+You may see example values to enable this feature in [values.enable-owls.yaml](./feature-values/values.enable-owls.yaml).
+
+### HAproxy
+
+In order to use single point of entry for all services (may be used for one cloud Load Balancer per installation) HAproxy is installed by default with other services. HAproxy is working in TCP proxy mode, so every TLS certificate is managed by services themself, while it is possible to pass requests from cloud load balancer to services using same ports (configuration of cloud load balancer may vary from cloud provider to provider).
+
+By default this option is enabled, but you may disable it and make per-service LoadBalancer using values in [values.disable-haproxy.yaml](./feature-values/values.disable-haproxy.yaml).
+
+### OWGW unsafe sysctls
+
+By default Linux is using quite adeqate sysctl values for TCP keepalive, but OWGW may keep disconnected APs in stuck state preventing it from connecting back. This may be changed by setting some sysctls to lower values:
+
+- net.ipv4.tcp_keepalive_intvl
+- net.ipv4.tcp_keepalive_probes - 2
+- net.ipv4.tcp_keepalive_time - 45
+
+However this change is [not considered safe by Kubernetes](https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls) and it requires to pass additional argument to your Kubelets services in your Kubernetes cluster:
+
+```
+--allowed-unsafe-sysctls net.ipv4.tcp_keepalive_intvl,net.ipv4.tcp_keepalive_probes,net.ipv4.tcp_keepalive_time
+```
+
+After this change you may pass additional parameters to OWGW helm chart. You may see example values in [values.owgw-unsafe-sysctl.yaml](./feature-values/values.owgw-unsafe-sysctl.yaml)
+
+### Private REST API cert-manager managed certificates
+
+All services have 2 REST API endpoints - private and public one. Private endpoint is used for inter-service communication and should not be exposed to the world, but since it also requires TLS in order to work correctly, additional optional logic was implemented that allows to manage TLS certificates for such endpoints to be managed by [cert-manager](https://github.com/jetstack/cert-manager). In order to activate this feature following steps are required:
+
+0. Install and configure [cert-manager](https://cert-manager.io/docs/) in your cluster
+1. Enable option by setting `restapiCerts.enabled`
+2. If you have a different Kubernetes cluster domain, adapt `restapiCerts.clusterDomain` to your cluster domain
+3. Add additional parameters for services in order to mount certificates secrets in pods, use certificates by service and add public environment variable that will add cert-manager managed CA certificate to pod's trusted chain (see [OWGW docker-entrypoint.sh](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/docker-entrypoint.sh) as example of how it is done)
+
+You may see example values to enable this feature in [values.restapi-certmanager-certs.yaml](./feature-values/values.restapi-certmanager-certs.yaml).
+
+### Unsecure REST API endpoints
+
+If you want, you may use configuration property `openwifi.security.restapi.disable=true` in order to disable TLS requirements on REST API endpoints which basically only requires OWGW Websocket TLS certificate in order to deploy the whole environment. If you will pass certificates into the container they will be ignored.
+
+You may see example values to enable this feature in [values.restapi-disable-tls.yaml](./feature-values/values.restapi-disable-tls.yaml).
+
+### PostgreSQL storage option for services
+
+By default all microservices except RRM service use SQLite as default storage driver, but it is possible to use PostgreSQL for that purpose. Both [cluster-per-microservice](environment-values/values.openwifi-qa.external-db.yaml) and [cluster per installation](environment-values/values.openwifi-qa.single-external-db.yaml) deployments method may be used.
+
+## Environment specific values
+
+This repository contains values files that may be used in the same manner as feature values above to deploy to specific runtime envionemnts (including different cloud deployments).
+
+Some environments are using [external-dns](https://github.com/kubernetes-sigs/external-dns) service to dynamically set DNS records, but you may manage your records manually
+
+### AWS EKS
+
+EKS based installation assumes that you are using [AWS Load Balancer controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller) so that all required ALBs and NLBs are created automatically. Also it is assumed that you have Route53 managed DNS zone and you've issued wildcard certificate for one of your zones that may be used by Load Balancers.
+
+You may see example values for this environment in [values.aws.yaml](./environment-values/values.aws.yaml).

chart/docker/Dockerfile

@@ -0,0 +1,64 @@
+FROM alpine:latest AS base
+
+RUN apk add curl git jq bash
+
+WORKDIR /cli
+
+# OWGW
+ARG OWGW_VERSION=master
+RUN git clone https://github.com/Telecominfraproject/wlan-cloud-ucentralgw.git owgw \
+  && cd owgw \
+  && git checkout $OWGW_VERSION \
+  && cd /cli \
+  && cp owgw/test_scripts/curl/cli owgw_cli \
+  && rm -rf owgw
+
+# OWSEC
+ARG OWSEC_VERSION=main
+RUN git clone https://github.com/Telecominfraproject/wlan-cloud-ucentralsec.git owsec \
+  && cd owsec \
+  && git checkout $OWSEC_VERSION \
+  && cd /cli \
+  && cp owsec/test_scripts/curl/cli owsec_cli \
+  && rm -rf owsec
+
+# OWFMS
+ARG OWFMS_VERSION=main
+RUN git clone https://github.com/Telecominfraproject/wlan-cloud-ucentralfms.git owfms \
+  && cd owfms \
+  && git checkout $OWFMS_VERSION \
+  && cd /cli \
+  && cp owfms/test_scripts/curl/cli owfms_cli \
+  && rm -rf owfms
+
+# OWPROV
+ARG OWPROV_VERSION=main
+RUN git clone https://github.com/Telecominfraproject/wlan-cloud-owprov.git owprov \
+  && cd owprov \
+  && git checkout $OWPROV_VERSION \
+  && cd /cli \
+  && cp owprov/test_scripts/curl/cli owprov_cli \
+  && rm -rf owprov
+
+# OWAnalytics
+ARG OWANALYTICS_VERSION=main
+RUN git clone https://github.com/Telecominfraproject/wlan-cloud-analytics.git owanalytics \
+  && cd owanalytics \
+  && git checkout $OWANALYTICS_VERSION \
+  && cd /cli \
+  && cp owanalytics/test_scripts/curl/cli owanalytics_cli \
+  && rm -rf owanalytics
+
+# OWSub
+ARG OWSUB_VERSION=main
+RUN git clone https://github.com/Telecominfraproject/wlan-cloud-userportal.git owsub \
+  && cd owsub \
+  && git checkout $OWSUB_VERSION \
+  && cd /cli \
+  && cp owsub/test_scripts/curl/cli owsub_cli \
+  && rm -rf owsub
+
+COPY clustersysteminfo clustersysteminfo
+COPY change_credentials change_credentials
+
+ENTRYPOINT ["/cli/clustersysteminfo"]

chart/docker/change_credentials

@@ -0,0 +1,68 @@
+#!/bin/bash
+# Constants
+export DEFAULT_CHECK_RETRIES=10
+
+# Usage function
+usage () {
+  echo;
+  echo "- OWSEC - owsec endpoint to make requests to (i.e. openwifi.wlan.local:16001)";
+  echo "- OWSEC_DEFAULT_USERNAME - default owsec username from properties";
+  echo "- OWSEC_DEFAULT_PASSWORD - default owsec password (in cleartext) from properties";
+  echo "- OWSEC_NEW_PASSWORD - new owsec password (in cleartext) that should be set for login";
+}
+
+# Check if required environment variables were passed
+## Login specifics
+[ -z ${OWSEC+x} ] && echo "OWSEC is unset" && usage && exit 1
+[ -z ${OWSEC_DEFAULT_USERNAME+x} ] && echo "OWSEC_DEFAULT_USERNAME is unset" && usage && exit 1
+[ -z ${OWSEC_DEFAULT_PASSWORD+x} ] && echo "OWSEC_DEFAULT_PASSWORD is unset" && usage && exit 1
+[ -z ${OWSEC_NEW_PASSWORD+x} ] && echo "OWSEC_NEW_PASSWORD is unset" && usage && exit 1
+
+# Check credentials
+export result_file=result.json
+
+# Try logging in with default credentials
+payload="{ \"userId\" : \"${OWSEC_DEFAULT_USERNAME}\" , \"password\" : \"${OWSEC_DEFAULT_PASSWORD}\" }"
+curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2" \
+    -H "Content-Type: application/json" \
+    -d "$payload" > ${result_file}
+errorCode=$(cat ${result_file} | jq -r '.ErrorCode')
+# If ErrorCode == 1, we must change password
+if [[ "${errorCode}" == "1" ]]
+then
+    payload="{ \"userId\" : \"${OWSEC_DEFAULT_USERNAME}\" , \"password\" : \"${OWSEC_DEFAULT_PASSWORD}\", \"newPassword\" : \"${OWSEC_NEW_PASSWORD}\" }"
+    curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2" \
+        -H "Content-Type: application/json" \
+        -d "$payload" > ${result_file}
+    # Check if password was changed correctly
+    token=$(cat ${result_file} | jq -r '.access_token')
+    if [[ "${token}" == "null" ]] || [[ "${token}" == "" ]] || [[ ! -s ${result_file} ]]
+    then
+        echo "Could not change credentials:"
+        jq < ${result_file}
+        exit 1
+    else
+        echo "Login credentials were changed:"
+    fi
+# If ErrorCode == 2 then new credentials were applied already OR user was deleted OR credentials are wrong
+elif [[ "${errorCode}" == "2" ]]
+then
+    # Let's try logging in using new credentials
+    payload="{ \"userId\" : \"${OWSEC_DEFAULT_USERNAME}\" , \"password\" : \"${OWSEC_NEW_PASSWORD}\" }"
+    curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2" \
+            -H "Content-Type: application/json" \
+            -d "$payload" > ${result_file}
+    token=$(cat ${result_file} | jq -r '.access_token')
+    # TODO check if there are any response
+    if [[ "${token}" == "null" ]] || [[ "${token}" == "" ]] || [[ ! -s ${result_file} ]]
+    then
+        echo "Could not login with new credentials. Probably new login credentials are wrong OR user was deleted. Since we cannot check if user is really deleted, skipping this issue:"
+    else
+        echo "Logged in with new credentials:"
+    fi
+else
+    echo "Credentials check failed with unexpected ErrorCode, please review the responce body:"
+    jq < ${result_file}
+    exit 2
+fi
+jq < ${result_file}

chart/docker/clustersysteminfo

@@ -0,0 +1,121 @@
+#!/bin/bash
+
+# Constants
+export DEFAULT_CHECK_RETRIES=30
+
+# Check dependencies
+[[ "$(which jq)" == "" ]] && echo "You need the package jq installed to use this script." && exit 1
+[[ "$(which curl)" == "" ]] && echo "You need the package curl installed to use this script." && exit 1
+
+# Check if required environment variables were passed
+[[ -z ${OWSEC+x} ]] && echo "You must set the variable OWSEC in order to use this script. Something like" && echo "OWSEC=security.isp.com:16001" && exit 1
+[[ -z ${OWSEC_DEFAULT_USERNAME+x} ]] && echo "You must set the variable OWSEC_DEFAULT_USERNAME in order to use this script. Something like" && echo "OWSEC_DEFAULT_USERNAME=tip@ucentral.com" && exit 1
+[[ -z ${OWSEC_DEFAULT_PASSWORD+x} ]] && echo "You must set the variable OWSEC_DEFAULT_PASSWORD in order to use this script. Something like" && echo "OWSEC_DEFAULT_PASSWORD=openwifi" && exit 1
+[[ -z ${OWSEC_NEW_PASSWORD+x} ]] && echo "You must set the variable OWSEC_NEW_PASSWORD in order to use this script. Something like" && echo "OWSEC_NEW_PASSWORD=NewPass123%" && exit 1
+
+[[ "${CHECK_RETRIES}" == "" ]] && [[ "${CHECK_RETRIES}" -eq "${CHECK_RETRIES}" ]] && echo "Environment variable CHECK_RETRIES is not set or is not number, setting it to the default value (${DEFAULT_CHECK_RETRIES})" && export CHECK_RETRIES=$DEFAULT_CHECK_RETRIES
+
+# Make sure owsec is resolvable
+export OWSEC_FQDN=$(echo $OWSEC | awk -F ':' '{print $1}')
+echo "Waiting for OWSEC FQDN ($OWSEC_FQDN) to be resolvable"
+exit_code=1
+until [[ "$exit_code" -eq "0" ]]
+do
+  getent hosts $OWSEC_FQDN
+  exit_code=$?
+  sleep 1
+done
+echo
+
+# Change/check password for owsec AND set owsec credentials
+export CHANGE_CHECK_RETRIES=${CHECK_RETRIES}
+until ./change_credentials || [[ "${CHANGE_CHECK_RETRIES}" -eq "0" ]]
+do
+  echo "Change/check failed"
+  let "CHANGE_CHECK_RETRIES-=1"
+  echo "Retries left - $CHANGE_CHECK_RETRIES"
+  echo
+  sleep 5
+done
+
+if [[ "$ONLY_CHANGE_CREDENTIALS" == "true" ]]; then
+  echo "Flag ONLY_CHANGE_CREDENTIALS was set to true, exiting without services checks";
+  exit 0
+fi
+
+if [[ "${CHANGE_CHECK_RETRIES}" -eq "0" ]]
+then
+  echo "Run out of retries to change/check login credentials"
+  exit 3
+fi
+
+# Prepare security credentials for cli usage
+export OWSEC_USERNAME=${OWSEC_DEFAULT_USERNAME}
+export OWSEC_PASSWORD=${OWSEC_NEW_PASSWORD}
+
+echo "Running systeminfo checks for all components until all of them are available OR check tries are exausted ($CHECK_RETRIES)"
+exit_code_sum=1
+until [[ "$exit_code_sum" -eq "0" ]] || [[ "${CHECK_RETRIES}" -eq "0" ]]
+do
+  exit_code_sum=0
+  ./owsec_cli systeminfo
+  let "exit_code_sum+=$?"
+  if [[ ! -s result.json ]]
+  then
+    let "exit_code_sum+=1"
+  fi
+  let "exit_code_sum+=$(grep ErrorCode result.json | wc -l)"
+  sleep 1
+
+  ./owgw_cli systeminfo
+  let "exit_code_sum+=$?"
+  if [[ ! -s result.json ]]
+  then
+    let "exit_code_sum+=1"
+  fi
+  let "exit_code_sum+=$(grep ErrorCode result.json | wc -l)"
+  sleep 1
+
+  ./owfms_cli systeminfo
+  let "exit_code_sum+=$?"
+  if [[ ! -s result.json ]]
+  then
+    let "exit_code_sum+=1"
+  fi
+  let "exit_code_sum+=$(grep ErrorCode result.json | wc -l)"
+  sleep 1
+
+  ./owprov_cli systeminfo
+  let "exit_code_sum+=$?"
+  if [[ ! -s result.json ]]
+  then
+    let "exit_code_sum+=1"
+  fi
+  let "exit_code_sum+=$(grep ErrorCode result.json | wc -l)"
+  sleep 1
+
+  ./owanalytics_cli systeminfo
+  let "exit_code_sum+=$?"
+  if [[ ! -s result.json ]]
+  then
+    let "exit_code_sum+=1"
+  fi
+  let "exit_code_sum+=$(grep ErrorCode result.json | wc -l)"
+  sleep 1
+
+  ./owsub_cli systeminfo
+  let "exit_code_sum+=$?"
+  if [[ ! -s result.json ]]
+  then
+    let "exit_code_sum+=1"
+  fi
+  let "exit_code_sum+=$(grep ErrorCode result.json | wc -l)"
+  sleep 1
+
+  let "CHECK_RETRIES-=1"
+  echo "Exit code sum: $exit_code_sum"
+  echo "Left retries: $CHECK_RETRIES"
+  sleep 5
+  echo
+done
+exit $exit_code_sum

chart/environment-values/deploy.sh

@@ -0,0 +1,249 @@
+#!/bin/bash
+set -e
+
+# Usage function
+usage () {
+  echo >&2;
+  echo "This script is indended for OpenWIFI Cloud SDK deployment to TIP QA/Dev environments using assembly Helm chart (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) with configuration through environment variables" >&2;
+  echo >&2;
+  echo "Required environment variables:" >&2;
+  echo >&2;
+  echo "- NAMESPACE - namespace suffix that will used added for the Kubernetes environment (i.e. if you pass 'test', kubernetes namespace will be named 'ucentral-test')" >&2;
+  echo "- DEPLOY_METHOD - deployment method for the chart deployment (supported methods - 'git' (will use helm-git from assembly chart) and 'bundle' (will use chart stored in the Artifactory0" >&2;
+  echo "- CHART_VERSION - version of chart to be deployed from assembly chart (for 'git' method git ref may be passed, for 'bundle' method version of chart may be passed)" >&2;
+  echo >&2;
+  echo "- VALUES_FILE_LOCATION - path to file with override values that may be used for deployment" >&2;
+  echo "- OWGW_AUTH_USERNAME - username to be used for requests to OpenWIFI Security" >&2;
+  echo "- OWGW_AUTH_PASSWORD - hashed password for OpenWIFI Security (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)" >&2;
+  echo "- OWFMS_S3_SECRET - secret key that is used for OpenWIFI Firmware access to firmwares S3 bucket" >&2;
+  echo "- OWFMS_S3_KEY - access key that is used for OpenWIFI Firmware access to firmwares S3 bucket" >&2;
+  echo "- OWSEC_NEW_PASSWORD - password that should be set to default user instead of default password from properties" >&2;
+  echo "- CERT_LOCATION - path to certificate in PEM format that will be used for securing all endpoint in all services" >&2;
+  echo "- KEY_LOCATION - path to private key in PEM format that will be used for securing all endpoint in all services" >&2;
+  echo >&2;
+  echo "Following environmnet variables may be passed, but will be ignored if CHART_VERSION is set to release (i.e. v2.4.0):" >&2;
+  echo >&2;
+  echo "- OWGW_VERSION - OpenWIFI Gateway version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWGWUI_VERSION - OpenWIFI Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWSEC_VERSION - OpenWIFI Security version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWFMS_VERSION - OpenWIFI Firmware version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWPROV_VERSION - OpenWIFI Provisioning version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWPROVUI_VERSION - OpenWIFI Provisioning Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWANALYTICS_VERSION - OpenWIFI Analytics version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWSUB_VERSION - OpenWIFI Subscription (Userportal) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWRRM_VERSION - OpenWIFI radio resource management service (RRM) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo >&2;
+  echo "Optional environment variables:" >&2;
+  echo >&2;
+  echo "- EXTRA_VALUES - extra values that should be passed to Helm deployment separated by comma (,)" >&2;
+  echo "- DEVICE_CERT_LOCATION - path to certificate in PEM format that will be used for load simulator" >&2;
+  echo "- DEVICE_KEY_LOCATION - path to private key in PEM format that will be used for load simulator" >&2;
+  echo "- USE_SEPARATE_OWGW_LB - flag that should change split external DNS for OWGW and other services" >&2;
+  echo "- INTERNAL_RESTAPI_ENDPOINT_SCHEMA - what schema to use for internal RESTAPI endpoints (https by default)" >&2;
+  echo "- IPTOCOUNTRY_IPINFO_TOKEN - token that should be set for IPInfo support (owgw/owprov iptocountry.ipinfo.token properties), ommited if not passed" >&2;
+  echo "- MAILER_USERNAME - SMTP username used for OWSEC mailer" >&2;
+  echo "- MAILER_PASSWORD - SMTP password used for OWSEC mailer (only if both MAILER_PASSWORD and MAILER_USERNAME are set, mailer will be enabled)" >&2;
+}
+
+# Global variables
+VALUES_FILE_LOCATION_SPLITTED=()
+EXTRA_VALUES_SPLITTED=()
+
+# Helper functions
+check_if_chart_version_is_release() {
+  PARSED_CHART_VERSION=$(echo $CHART_VERSION | grep -xP "v\d+\.\d+\.\d+.*")
+  if [[ -z "$PARSED_CHART_VERSION" ]]; then
+    return 1
+  else
+    return 0
+  fi
+}
+
+# Check if required environment variables were passed
+## Deployment specifics
+[ -z ${DEPLOY_METHOD+x} ] && echo "DEPLOY_METHOD is unset" >&2 && usage && exit 1
+[ -z ${CHART_VERSION+x} ] && echo "CHART_VERSION is unset" >&2 && usage && exit 1
+if check_if_chart_version_is_release; then
+  echo "Chart version ($CHART_VERSION) is release version, ignoring services versions"
+else
+  echo "Chart version ($CHART_VERSION) is not release version, checking if services versions are set"
+  [ -z ${OWGW_VERSION+x} ] && echo "OWGW_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWGWUI_VERSION+x} ] && echo "OWGWUI_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWSEC_VERSION+x} ] && echo "OWSEC_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWFMS_VERSION+x} ] && echo "OWFMS_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWPROV_VERSION+x} ] && echo "OWPROV_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWPROVUI_VERSION+x} ] && echo "OWPROVUI_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWANALYTICS_VERSION+x} ] && echo "OWANALYTICS_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWSUB_VERSION+x} ] && echo "OWSUB_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWRRM_VERSION+x} ] && echo "OWRRM_VERSION is unset" >&2 && usage && exit 1
+fi
+## Environment specifics
+[ -z ${NAMESPACE+x} ] && echo "NAMESPACE is unset" >&2 && usage && exit 1
+## Variables specifics
+[ -z ${VALUES_FILE_LOCATION+x} ] && echo "VALUES_FILE_LOCATION is unset" >&2 && usage && exit 1
+[ -z ${OWGW_AUTH_USERNAME+x} ] && echo "OWGW_AUTH_USERNAME is unset" >&2 && usage && exit 1
+[ -z ${OWGW_AUTH_PASSWORD+x} ] && echo "OWGW_AUTH_PASSWORD is unset" >&2 && usage && exit 1
+[ -z ${OWFMS_S3_SECRET+x} ] && echo "OWFMS_S3_SECRET is unset" >&2 && usage && exit 1
+[ -z ${OWFMS_S3_KEY+x} ] && echo "OWFMS_S3_KEY is unset" >&2 && usage && exit 1
+[ -z ${OWSEC_NEW_PASSWORD+x} ] && echo "OWSEC_NEW_PASSWORD is unset" >&2 && usage && exit 1
+[ -z ${CERT_LOCATION+x} ] && echo "CERT_LOCATION is unset" >&2 && usage && exit 1
+[ -z ${KEY_LOCATION+x} ] && echo "KEY_LOCATION is unset" >&2 && usage && exit 1
+
+[ -z ${DEVICE_CERT_LOCATION+x} ] && echo "DEVICE_CERT_LOCATION is unset, setting it to CERT_LOCATION" && export DEVICE_CERT_LOCATION=$CERT_LOCATION
+[ -z ${DEVICE_KEY_LOCATION+x} ] && echo "DEVICE_KEY_LOCATION is unset, setting it to KEY_LOCATION" && export DEVICE_KEY_LOCATION=$KEY_LOCATION
+[ -z ${INTERNAL_RESTAPI_ENDPOINT_SCHEMA+x} ] && echo "INTERNAL_RESTAPI_ENDPOINT_SCHEMA is unset, setting it to 'https'" && export INTERNAL_RESTAPI_ENDPOINT_SCHEMA=https
+export MAILER_ENABLED="false"
+[ ! -z ${MAILER_USERNAME+x} ] && [ ! -z ${MAILER_PASSWORD+x} ] && echo "MAILER_USERNAME and MAILER_PASSWORD are set, mailer will be enabled" && export MAILER_ENABLED="true"
+
+# Transform some environment variables
+export OWGW_VERSION_TAG=$(echo ${OWGW_VERSION} | tr '/' '-')
+export OWGWUI_VERSION_TAG=$(echo ${OWGWUI_VERSION} | tr '/' '-')
+export OWSEC_VERSION_TAG=$(echo ${OWSEC_VERSION} | tr '/' '-')
+export OWFMS_VERSION_TAG=$(echo ${OWFMS_VERSION} | tr '/' '-')
+export OWPROV_VERSION_TAG=$(echo ${OWPROV_VERSION} | tr '/' '-')
+export OWPROVUI_VERSION_TAG=$(echo ${OWPROVUI_VERSION} | tr '/' '-')
+export OWANALYTICS_VERSION_TAG=$(echo ${OWANALYTICS_VERSION} | tr '/' '-')
+export OWSUB_VERSION_TAG=$(echo ${OWSUB_VERSION} | tr '/' '-')
+export OWRRM_VERSION_TAG=$(echo ${OWRRM_VERSION} | tr '/' '-')
+
+# Debug get bash version
+bash --version >&2
+
+# Check deployment method that's required for this environment
+helm plugin install https://github.com/databus23/helm-diff || true
+if [[ "$DEPLOY_METHOD" == "git" ]]; then
+  helm plugin install https://github.com/aslafy-z/helm-git --version 0.10.0 || true
+  rm -rf wlan-cloud-ucentral-deploy || true
+  git clone https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git
+  cd wlan-cloud-ucentral-deploy
+  git checkout $CHART_VERSION
+  cd chart
+  if ! check_if_chart_version_is_release; then
+    sed -i '/wlan-cloud-ucentralgw@/s/ref=.*/ref='${OWGW_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-ucentralgw-ui@/s/ref=.*/ref='${OWGWUI_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-ucentralsec@/s/ref=.*/ref='${OWSEC_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-ucentralfms@/s/ref=.*/ref='${OWFMS_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-owprov@/s/ref=.*/ref='${OWPROV_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-owprov-ui@/s/ref=.*/ref='${OWPROVUI_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-analytics@/s/ref=.*/ref='${OWANALYTICS_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-userportal@/s/ref=.*/ref='${OWSUB_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-rrm@/s/ref=.*/ref='${OWRRM_VERSION}'\"/g' Chart.yaml
+  fi
+  helm repo add bitnami https://charts.bitnami.com/bitnami
+  helm repo update
+  helm dependency update
+  cd ../..
+  export DEPLOY_SOURCE="wlan-cloud-ucentral-deploy/chart"
+else
+  if [[ "$DEPLOY_METHOD" == "bundle" ]]; then
+    helm repo add tip-wlan-cloud-ucentral-helm https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/ || true
+    export DEPLOY_SOURCE="tip-wlan-cloud-ucentral-helm/openwifi --version $CHART_VERSION"
+  else
+    echo "Deploy method is not correct: $DEPLOY_METHOD. Valid value - git or bundle" >&2
+    exit 1
+  fi
+fi
+
+VALUES_FILES_FLAGS=()
+IFS=',' read -ra VALUES_FILE_LOCATION_SPLITTED <<< "$VALUES_FILE_LOCATION"
+for VALUE_FILE in ${VALUES_FILE_LOCATION_SPLITTED[*]}; do
+  VALUES_FILES_FLAGS+=("-f" $VALUE_FILE)
+done
+EXTRA_VALUES_FLAGS=()
+IFS=',' read -ra EXTRA_VALUES_SPLITTED <<< "$EXTRA_VALUES"
+for EXTRA_VALUE in ${EXTRA_VALUES_SPLITTED[*]}; do
+  EXTRA_VALUES_FLAGS+=("--set" $EXTRA_VALUE)
+done
+
+if [[ "$USE_SEPARATE_OWGW_LB" == "true" ]]; then
+  export HAPROXY_SERVICE_DNS_RECORDS="sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,analytics-${NAMESPACE}.cicd.lab.wlan.tip.build\,sub-${NAMESPACE}.cicd.lab.wlan.tip.build"
+  export OWGW_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build"
+else
+  export HAPROXY_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build\,sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,analytics-${NAMESPACE}.cicd.lab.wlan.tip.build\,sub-${NAMESPACE}.cicd.lab.wlan.tip.build"
+  export OWGW_SERVICE_DNS_RECORDS=""
+fi
+
+# Run the deployment
+helm upgrade --install --create-namespace --wait --timeout 60m \
+  --namespace openwifi-${NAMESPACE} \
+  ${VALUES_FILES_FLAGS[*]} \
+  --set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."openwifi\.fileuploader\.host\.0\.name"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."rtty\.server"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."openwifi\.system\.uri\.public"=https://gw-${NAMESPACE}.cicd.lab.wlan.tip.build:16002 \
+  --set owgw.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owgw-owgw:17002 \
+  --set owgw.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."iptocountry\.ipinfo\.token"="${IPTOCOUNTRY_IPINFO_TOKEN}" \
+  --set owgw.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owsec.configProperties."authentication\.default\.username"=${OWGW_AUTH_USERNAME} \
+  --set owsec.configProperties."authentication\.default\.password"=${OWGW_AUTH_PASSWORD} \
+  --set owsec.services.owsec.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=sec-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsec.configProperties."openwifi\.system\.uri\.public"=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owsec.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsec-owsec:17001 \
+  --set owsec.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsec.configProperties."mailer\.sender"=sec-${NAMESPACE}@cicd.lab.wlan.tip.build \
+  --set owsec.configProperties."mailer\.enabled"=$MAILER_ENABLED \
+  --set owsec.configProperties."mailer\.username"=$MAILER_USERNAME \
+  --set owsec.configProperties."mailer\.password"=$MAILER_PASSWORD \
+  --set owfms.configProperties."s3\.secret"=${OWFMS_S3_SECRET} \
+  --set owfms.configProperties."s3\.key"=${OWFMS_S3_KEY} \
+  --set owfms.services.owfms.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=fms-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owfms.configProperties."openwifi\.system\.uri\.public"=https://fms-${NAMESPACE}.cicd.lab.wlan.tip.build:16004 \
+  --set owfms.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owfms-owfms:17004 \
+  --set owfms.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owfms.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owgwui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgwui.ingresses.default.hosts={webui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
+  --set owgwui.public_env_variables.REACT_APP_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owprov.services.owprov.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=prov-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owprov.configProperties."openwifi\.system\.uri\.public"=https://prov-${NAMESPACE}.cicd.lab.wlan.tip.build:16005 \
+  --set owprov.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owprov-owprov:17005 \
+  --set owprov.configProperties."openwifi\.system\.uri\.ui"=https://provui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owprov.configProperties."iptocountry\.ipinfo\.token"="${IPTOCOUNTRY_IPINFO_TOKEN}" \
+  --set owprov.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owprovui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=provui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owprovui.ingresses.default.hosts={provui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
+  --set owprovui.public_env_variables.REACT_APP_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owanalytics.services.owanalytics.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=analytics-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owanalytics.configProperties."openwifi\.system\.uri\.public"=https://analytics-${NAMESPACE}.cicd.lab.wlan.tip.build:16009 \
+  --set owanalytics.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owanalytics-owanalytics:17009 \
+  --set owanalytics.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owanalytics.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owsub.services.owsub.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=sub-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsub.configProperties."openwifi\.system\.uri\.public"=https://sub-${NAMESPACE}.cicd.lab.wlan.tip.build:16006 \
+  --set owsub.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsub-owsub:17006 \
+  --set owsub.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsub.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set clustersysteminfo.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set clustersysteminfo.secret_env_variables.OWSEC_NEW_PASSWORD=${OWSEC_NEW_PASSWORD} \
+  --set owls.services.owls.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=ls-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owls.configProperties."openwifi\.system\.uri\.public"=https://ls-${NAMESPACE}.cicd.lab.wlan.tip.build:16007 \
+  --set owls.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owls-owls:17007 \
+  --set owls.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owlsui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=lsui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owlsui.ingresses.default.hosts={lsui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
+  --set owlsui.public_env_variables.REACT_APP_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owrrm.public_env_variables.SERVICECONFIG_PUBLICENDPOINT=https://rrm-${NAMESPACE}.cicd.lab.wlan.tip.build:16789 \
+  --set owrrm.services.owrrm.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=rrm-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set haproxy.service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$HAPROXY_SERVICE_DNS_RECORDS \
+  --set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$OWGW_SERVICE_DNS_RECORDS \
+  ${EXTRA_VALUES_FLAGS[*]} \
+  --set-file owgw.certs."restapi-cert\.pem"=$CERT_LOCATION \
+  --set-file owgw.certs."restapi-key\.pem"=$KEY_LOCATION \
+  --set-file owgw.certs."websocket-cert\.pem"=$CERT_LOCATION \
+  --set-file owgw.certs."websocket-key\.pem"=$KEY_LOCATION \
+  --set-file owsec.certs."restapi-cert\.pem"=$CERT_LOCATION \
+  --set-file owsec.certs."restapi-key\.pem"=$KEY_LOCATION \
+  --set-file owfms.certs."restapi-cert\.pem"=$CERT_LOCATION \
+  --set-file owfms.certs."restapi-key\.pem"=$KEY_LOCATION \
+  --set-file owprov.certs."restapi-cert\.pem"=$CERT_LOCATION \
+  --set-file owprov.certs."restapi-key\.pem"=$KEY_LOCATION \
+  --set-file owls.certs."restapi-cert\.pem"=$CERT_LOCATION \
+  --set-file owls.certs."restapi-key\.pem"=$KEY_LOCATION \
+  --set-file owls.certs."device-cert\.pem"=$DEVICE_CERT_LOCATION \
+  --set-file owls.certs."device-key\.pem"=$DEVICE_KEY_LOCATION \
+  --set-file owanalytics.certs."restapi-cert\.pem"=$CERT_LOCATION \
+  --set-file owanalytics.certs."restapi-key\.pem"=$KEY_LOCATION \
+  --set-file owsub.certs."restapi-cert\.pem"=$CERT_LOCATION \
+  --set-file owsub.certs."restapi-key\.pem"=$KEY_LOCATION \
+  tip-openwifi $DEPLOY_SOURCE

chart/environment-values/values.aws.yaml

@@ -0,0 +1,106 @@
+# TODO adapt config for your environments - change FQDNs, certificates and security credentials
+owgw:
+  configProperties: # TODO change FQDNs
+    openwifi.fileuploader.host.0.name: gw.cicd.lab.wlan.tip.build
+    openwifi.system.uri.public: https://gw.cicd.lab.wlan.tip.build:16002
+    openwifi.system.uri.private: https://gw.cicd.lab.wlan.tip.build:17002
+    openwifi.system.uri.ui: https://webui.cicd.lab.wlan.tip.build
+    rtty.server: rtty.cicd.lab.wlan.tip.build
+
+owgwui:
+  services:
+    owgwui:
+      type: NodePort
+
+  ingresses:
+    default:
+      enabled: true
+      annotations:
+        kubernetes.io/ingress.class: alb
+        alb.ingress.kubernetes.io/scheme: internet-facing
+        alb.ingress.kubernetes.io/group.name: wlan-cicd
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate
+        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
+        external-dns.alpha.kubernetes.io/hostname: webui.cicd.lab.wlan.tip.build # TODO change FQDN
+      paths:
+      - path: /*
+        serviceName: owgwui
+        servicePort: http
+
+  public_env_variables:
+    REACT_APP_UCENTRALSEC_URL: https://sec.cicd.lab.wlan.tip.build:16001 # TODO change to OWSEC RESTAPI url
+
+owsec:
+  configProperties: # TODO change FQDNs and credentials
+    authentication.default.username: tip@ucentral.com
+    authentication.default.password: TOFILL # TODO change password to default hashed password (see OWSEC readme for details)
+    openwifi.system.uri.public: https://sec.cicd.lab.wlan.tip.build:16001
+    openwifi.system.uri.private: https://sec.cicd.lab.wlan.tip.build:17001
+    openwifi.system.uri.ui: https://webui.cicd.lab.wlan.tip.build
+
+owfms:
+  configProperties: # TODO change FQDNs and credentials
+    s3.key: TOFILL # TODO change these values to S3 credentials to get firmwares from bucket
+    s3.secret: TOFILL
+    # TODO uncomment and change these values if you are using your own S3 bucket with firmwares
+    #s3.bucketname: ucentral-ap-firmware
+    #s3.region: us-east-1
+    #s3.bucket.uri: ucentral-ap-firmware.s3.amazonaws.com
+    openwifi.system.uri.public: https://fms.cicd.lab.wlan.tip.build:16004
+    openwifi.system.uri.private: https://fms.cicd.lab.wlan.tip.build:17004
+    openwifi.system.uri.ui: https://webui.cicd.lab.wlan.tip.build
+
+owprov:
+  configProperties: # TODO change FQDNs
+    openwifi.system.uri.public: https://prov.cicd.lab.wlan.tip.build:16005
+    openwifi.system.uri.private: https://prov.cicd.lab.wlan.tip.build:17005
+    openwifi.system.uri.ui: https://webui.cicd.lab.wlan.tip.build
+
+owprovui:
+  services:
+    owprovui:
+      type: NodePort
+
+  ingresses:
+    default:
+      enabled: true
+      annotations:
+        kubernetes.io/ingress.class: alb
+        alb.ingress.kubernetes.io/scheme: internet-facing
+        alb.ingress.kubernetes.io/group.name: wlan-cicd
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate
+        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
+        external-dns.alpha.kubernetes.io/hostname: provui.cicd.lab.wlan.tip.build # TODO change FQDN
+      paths:
+      - path: /*
+        serviceName: owprovui
+        servicePort: http
+
+  public_env_variables:
+    REACT_APP_UCENTRALSEC_URL: https://sec.cicd.lab.wlan.tip.build:16001 # TODO change to OWSEC RESTAPI url
+
+owsub:
+  configProperties: # TODO change FQDNs
+    openwifi.system.uri.public: https://sub.cicd.lab.wlan.tip.build:16007
+    openwifi.system.uri.private: https://sub.cicd.lab.wlan.tip.build:17007
+    openwifi.system.uri.ui: https://webui.cicd.lab.wlan.tip.build
+
+owanalytics:
+  configProperties: # TODO change FQDNs
+    openwifi.system.uri.public: https://analytics.cicd.lab.wlan.tip.build:16009
+    openwifi.system.uri.private: https://analytics.cicd.lab.wlan.tip.build:17009
+    openwifi.system.uri.ui: https://webui.cicd.lab.wlan.tip.build
+
+haproxy:
+  service:
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+      service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080"
+      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate
+      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009,16007"
+      service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
+      external-dns.alpha.kubernetes.io/hostname: "gw.cicd.lab.wlan.tip.build,sec.cicd.lab.wlan.tip.build,fms.cicd.lab.wlan.tip.build,prov.cicd.lab.wlan.tip.build,rtty.cicd.lab.wlan.tip.build,sub.cicd.lab.wlan.tip.build,analytics.cicd.lab.wlan.tip.build,rrm.cicd.lab.wlan.tip.build" # TODO change FQDNs
+

chart/environment-values/values.base.insecure.yaml

@@ -0,0 +1,86 @@
+owgw:
+  existingCertsSecret: openwifi-certs
+
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+    openwifi.system.uri.public: http://localhost:16002
+    openwifi.system.uri.private: http://owgw-owgw:17002
+    openwifi.system.uri.ui: http://localhost
+
+owsec:
+  existingCertsSecret: openwifi-certs
+
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+    openwifi.system.uri.public: http://localhost:16001
+    openwifi.system.uri.private: http://owsec-owsec:17001
+    openwifi.system.uri.ui: http://localhost
+
+owfms:
+  existingCertsSecret: openwifi-certs
+
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+    openwifi.system.uri.public: http://localhost:16004
+    openwifi.system.uri.private: http://owfms-owfms:17004
+    openwifi.system.uri.ui: http://localhost
+
+owprov:
+  existingCertsSecret: openwifi-certs
+
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+    openwifi.system.uri.public: http://localhost:16005
+    openwifi.system.uri.private: http://owprov-owprov:17005
+    openwifi.system.uri.ui: http://localhost
+
+owanalytics:
+  existingCertsSecret: openwifi-certs
+
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+    openwifi.system.uri.public: http://localhost:16009
+    openwifi.system.uri.private: http://owanalytics-owanalytics:17009
+    openwifi.system.uri.ui: http://localhost
+
+owsub:
+  existingCertsSecret: openwifi-certs
+
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+    openwifi.system.uri.public: http://localhost:16006
+    openwifi.system.uri.private: http://owsub-owsub:17006
+    openwifi.system.uri.ui: http://localhost
+
+owrrm:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+    KAFKACONFIG_BOOTSTRAPSERVER: kafka:9092
+    DATABASECONFIG_SERVER: owrrm-mysql:3306
+    DATABASECONFIG_DBNAME: owrrm
+    DATABASECONFIG_DATARETENTIONINTERVALDAYS: "1"
+
+  secret_env_variables:
+    DATABASECONFIG_USER: root
+    DATABASECONFIG_PASSWORD: openwifi
+
+  mysql:
+    enabled: true
+    fullnameOverride: "owrrm-mysql"
+
+owgwui:
+  public_env_variables:
+    REACT_APP_UCENTRALSEC_URL: http://localhost:16001
+
+owprovui:
+  public_env_variables:
+    REACT_APP_UCENTRALSEC_URL: http://localhost:16001
+
+kafka:
+  heapOpts: -Xmx512m -Xms512m
+  readinessProbe:
+    initialDelaySeconds: 45
+  livenessProbe:
+    initialDelaySeconds: 60
+  zookeeper:
+    heapSize: 256

chart/environment-values/values.base.secure.yaml

@@ -0,0 +1,335 @@
+owgw:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  existingCertsSecret: openwifi-certs
+
+  configProperties:
+    openwifi.system.uri.public: https://localhost:16002
+    openwifi.system.uri.private: https://owgw-owgw:17002
+    openwifi.system.uri.ui: http://localhost:8443
+    openwifi.internal.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owgw:
+      - name: config
+        mountPath: /owgw-data/owgw.properties
+        subPath: owgw.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-config
+      - name: certs
+        mountPath: /owgw-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owgw.fullname" . }}-certs{{ end }}
+      - name: certs-cas
+        mountPath: /owgw-data/certs/cas
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-certs-cas
+      - name: persist
+        mountPath: /owgw-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owgw.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owgw-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
+
+owsec:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  existingCertsSecret: openwifi-certs
+
+  configProperties:
+    openwifi.system.uri.public: https://localhost:16001
+    openwifi.system.uri.private: https://owsec-owsec:17001
+    openwifi.system.uri.ui: http://localhost:8080
+    openwifi.internal.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owsec:
+      - name: config
+        mountPath: /owsec-data/owsec.properties
+        subPath: owsec.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsec.fullname" . }}-config
+      - name: certs
+        mountPath: /owsec-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owsec.fullname" . }}-certs{{ end }}
+      - name: persist
+        mountPath: /owsec-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owsec.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owsec-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
+
+owfms:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  existingCertsSecret: openwifi-certs
+
+  configProperties:
+    openwifi.system.uri.public: https://localhost:16004
+    openwifi.system.uri.private: https://owfms-owfms:17004
+    openwifi.system.uri.ui: http://localhost:8080
+    openwifi.internal.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owfms:
+      - name: config
+        mountPath: /owfms-data/owfms.properties
+        subPath: owfms.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owfms.fullname" . }}-config
+      - name: certs
+        mountPath: /owfms-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owfms.fullname" . }}-certs{{ end }}
+      - name: persist
+        mountPath: /owfms-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owfms.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owfms-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
+
+owprov:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  existingCertsSecret: openwifi-certs
+
+  configProperties:
+    openwifi.system.uri.public: https://localhost:16005
+    openwifi.system.uri.private: https://owprov-owprov:17005
+    openwifi.system.uri.ui: http://localhost:8080
+    openwifi.internal.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owprov:
+      - name: config
+        mountPath: /owprov-data/owprov.properties
+        subPath: owprov.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owprov.fullname" . }}-config
+      - name: certs
+        mountPath: /owprov-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owprov.fullname" . }}-certs{{ end }}
+      - name: persist
+        mountPath: /owprov-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owprov.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owprov-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
+
+owanalytics:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  existingCertsSecret: openwifi-certs
+
+  configProperties:
+    openwifi.system.uri.public: https://localhost:16009
+    openwifi.system.uri.private: https://owanalytics-owanalytics:17009
+    openwifi.system.uri.ui: http://localhost:8080
+    openwifi.internal.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owanalytics:
+      - name: config
+        mountPath: /owanalytics-data/owanalytics.properties
+        subPath: owanalytics.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owanalytics.fullname" . }}-config
+      - name: certs
+        mountPath: /owanalytics-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owanalytics.fullname" . }}-certs{{ end }}
+      - name: persist
+        mountPath: /owanalytics-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owanalytics.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owanalytics-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
+
+
+owsub:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  existingCertsSecret: openwifi-certs
+
+  configProperties:
+    openwifi.system.uri.public: https://localhost:16006
+    openwifi.system.uri.private: https://owsub-owsub:17006
+    openwifi.system.uri.ui: http://localhost:8080
+    openwifi.internal.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owsub:
+      - name: config
+        mountPath: /owsub-data/owsub.properties
+        subPath: owsub.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsub.fullname" . }}-config
+      - name: certs
+        mountPath: /owsub-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owsub.fullname" . }}-certs{{ end }}
+      - name: persist
+        mountPath: /owsub-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owsub.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owsub-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
+
+owrrm:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+    KAFKACONFIG_BOOTSTRAPSERVER: kafka:9092
+    DATABASECONFIG_SERVER: owrrm-mysql:3306
+    DATABASECONFIG_DBNAME: owrrm
+    DATABASECONFIG_DATARETENTIONINTERVALDAYS: "1"
+
+  secret_env_variables:
+    DATABASECONFIG_USER: root
+    DATABASECONFIG_PASSWORD: openwifi
+
+  mysql:
+    enabled: true
+    fullnameOverride: "owrrm-mysql"
+
+owgwui:
+  public_env_variables:
+    REACT_APP_UCENTRALSEC_URL: https://localhost:16001
+
+owprovui:
+  public_env_variables:
+    REACT_APP_UCENTRALSEC_URL: https://localhost:16001
+
+kafka:
+  heapOpts: -Xmx512m -Xms512m
+  readinessProbe:
+    initialDelaySeconds: 45
+  livenessProbe:
+    initialDelaySeconds: 60
+  zookeeper:
+    heapSize: 256
+
+restapiCerts:
+  enabled: true

chart/environment-values/values.openwifi-qa.disable-tls.yaml

@@ -0,0 +1,29 @@
+# NOTE: using of this values files will require you to use http schema in 'openwifi.system.uri.private' (and maybe 'openwifi.system.uri.public') configuration properties (i.e. http://owgw-owgw:17002)
+owgw:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+
+owsec:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+
+owfms:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+
+owprov:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+
+owanalytics:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+
+owsub:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+
+haproxy:
+  service:
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp

chart/environment-values/values.openwifi-qa.external-db.yaml

@@ -0,0 +1,137 @@
+owgw:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: owgw-pgsql
+    storage.type.postgresql.database: owgw
+    storage.type.postgresql.username: owgw
+    storage.type.postgresql.password: owgw
+
+  postgresql:
+    enabled: true
+    nameOverride: owgw-pgsql
+    fullnameOverride: owgw-pgsql
+    postgresqlDatabase: owgw
+    postgresqlUsername: owgw
+    postgresqlPassword: owgw
+    resources:
+      requests:
+        cpu: 250m
+        memory: 1024Mi
+      limits:
+        cpu: 250m
+        memory: 1024Mi
+
+owsec:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: owsec-pgsql
+    storage.type.postgresql.database: owsec
+    storage.type.postgresql.username: owsec
+    storage.type.postgresql.password: owsec
+
+  postgresql:
+    enabled: true
+    nameOverride: owsec-pgsql
+    fullnameOverride: owsec-pgsql
+    postgresqlDatabase: owsec
+    postgresqlUsername: owsec
+    postgresqlPassword: owsec
+    resources:
+      requests:
+        cpu: 250m
+        memory: 1024Mi
+      limits:
+        cpu: 250m
+        memory: 1024Mi
+
+owfms:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: owfms-pgsql
+    storage.type.postgresql.database: owfms
+    storage.type.postgresql.username: owfms
+    storage.type.postgresql.password: owfms
+
+  postgresql:
+    enabled: true
+    nameOverride: owfms-pgsql
+    fullnameOverride: owfms-pgsql
+    postgresqlDatabase: owfms
+    postgresqlUsername: owfms
+    postgresqlPassword: owfms
+    resources:
+      requests:
+        cpu: 250m
+        memory: 1024Mi
+      limits:
+        cpu: 250m
+        memory: 1024Mi
+
+owprov:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: owprov-pgsql
+    storage.type.postgresql.database: owprov
+    storage.type.postgresql.username: owprov
+    storage.type.postgresql.password: owprov
+
+  postgresql:
+    enabled: true
+    nameOverride: owprov-pgsql
+    fullnameOverride: owprov-pgsql
+    postgresqlDatabase: owprov
+    postgresqlUsername: owprov
+    postgresqlPassword: owprov
+    resources:
+      requests:
+        cpu: 250m
+        memory: 1024Mi
+      limits:
+        cpu: 250m
+        memory: 1024Mi
+
+owanalytics:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: owanalytics-pgsql
+    storage.type.postgresql.database: owanalytics
+    storage.type.postgresql.username: owanalytics
+    storage.type.postgresql.password: owanalytics
+
+  postgresql:
+    enabled: true
+    nameOverride: owanalytics-pgsql
+    fullnameOverride: owanalytics-pgsql
+    postgresqlDatabase: owanalytics
+    postgresqlUsername: owanalytics
+    postgresqlPassword: owanalytics
+    resources:
+      requests:
+        cpu: 250m
+        memory: 1024Mi
+      limits:
+        cpu: 250m
+        memory: 1024Mi
+
+owsub:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: owsub-pgsql
+    storage.type.postgresql.database: owsub
+    storage.type.postgresql.username: owsub
+    storage.type.postgresql.password: owsub
+
+  postgresql:
+    enabled: true
+    nameOverride: owsub-pgsql
+    fullnameOverride: owsub-pgsql
+    postgresqlDatabase: owsub
+    postgresqlUsername: owsub
+    postgresqlPassword: owsub
+    resources:
+      requests:
+        cpu: 250m
+        memory: 1024Mi
+      limits:
+        cpu: 250m
+        memory: 1024Mi

chart/environment-values/values.openwifi-qa.owls-enabled.yaml

@@ -0,0 +1,175 @@
+owgw:
+  services:
+    owgw:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002"
+
+  configProperties:
+    simulatorid: 53494D020202
+    storage.type: postgresql
+    storage.type.postgresql.host: owgw-pgsql
+    storage.type.postgresql.database: owgw
+    storage.type.postgresql.username: owgw
+    storage.type.postgresql.password: owgw
+    openwifi.certificates.allowmismatch: "true"
+
+  resources:
+    requests:
+      cpu: 2000m
+      memory: 3000Mi
+    limits:
+      cpu: 2000m
+      memory: 3000Mi
+
+  postgresql:
+    enabled: true
+    fullnameOverride: owgw-pgsql
+
+    postgresqlDatabase: owgw
+    postgresqlUsername: owgw
+    postgresqlPassword: owgw
+
+owls:
+  enabled: true
+
+  services:
+    owls:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16107"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16007,17007"
+        external-dns.alpha.kubernetes.io/ttl: "60"
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+  resources:
+    requests:
+      cpu: 6000m
+      memory: 8000Mi
+    limits:
+      cpu: 6000m
+      memory: 8000Mi
+
+  checks:
+    owls:
+      liveness:
+        httpGet:
+          path: /
+          port: 16107
+        failureThreshold: 900
+      readiness:
+        httpGet:
+          path: /
+          port: 16107
+        failureThreshold: 900
+
+  certs:
+    restapi-ca.pem: |
+      -----BEGIN CERTIFICATE-----
+      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+      5IOM7ItsRmen6u3qu+JXros54e4juQ==
+      -----END CERTIFICATE-----
+
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owls:
+      - name: config
+        mountPath: /owls-data/owls.properties
+        subPath: owls.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owls.fullname" . }}-config
+      - name: certs
+        mountPath: /owls-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owls.fullname" . }}-certs
+      - name: certs-cas
+        mountPath: /owls-data/certs/cas
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owls.fullname" . }}-certs-cas
+      # Change this if you want to use another volume type
+      - name: persist
+        mountPath: /owls-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owls.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owls-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
+
+owlsui:
+  enabled: true
+
+  services:
+    owlsui:
+      type: NodePort
+
+  ingresses:
+    default:
+      enabled: true
+      annotations:
+        kubernetes.io/ingress.class: alb
+        alb.ingress.kubernetes.io/scheme: internet-facing
+        alb.ingress.kubernetes.io/group.name: wlan-cicd
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
+        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
+        external-dns.alpha.kubernetes.io/ttl: "60"
+      paths:
+      - path: /*
+        serviceName: owlsui
+        servicePort: http
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"

chart/environment-values/values.openwifi-qa.separate-lbs.yaml

@@ -0,0 +1,74 @@
+owgw:
+  services:
+    owgw:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002,5912,5913"
+
+owsec:
+  services:
+    owsec:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16101"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16001,17001"
+
+owfms:
+  services:
+    owfms:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16104"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004"
+
+owprov:
+  services:
+    owprov:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16105"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16005,17005"
+
+owanalytics:
+  services:
+    owanalytics:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16109"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16009,17009"
+
+owsub:
+  services:
+    owsub:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16106"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16006,17006"
+
+haproxy:
+  enabled: false

chart/environment-values/values.openwifi-qa.single-external-db.yaml

@@ -0,0 +1,75 @@
+owgw:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.database: owgw
+    storage.type.postgresql.username: owgw
+    storage.type.postgresql.password: owgw
+
+owsec:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.database: owsec
+    storage.type.postgresql.username: owsec
+    storage.type.postgresql.password: owsec
+
+owfms:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.database: owfms
+    storage.type.postgresql.username: owfms
+    storage.type.postgresql.password: owfms
+
+owprov:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.database: owprov
+    storage.type.postgresql.username: owprov
+    storage.type.postgresql.password: owprov
+
+owanalytics:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.database: owanalytics
+    storage.type.postgresql.username: owanalytics
+    storage.type.postgresql.password: owanalytics
+
+owsub:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.database: owsub
+    storage.type.postgresql.username: owsub
+    storage.type.postgresql.password: owsub
+
+postgresql-ha:
+  enabled: true
+  initDbScriptSecret:
+    enabled: true
+  pgpool:
+    adminPassword: admin
+    resources:
+      requests:
+        cpu: 250m
+        memory: 1024Mi
+      limits:
+        cpu: 250m
+        memory: 1024Mi
+    initdbScriptsSecret: tip-openwifi-initdb-scripts
+  postgresql:
+    replicaCount: 1 # TODO change after tests
+    password: password
+    postgresPassword: postgres
+    repmgrPassword: repmgr
+    maxConnections: 1000
+    resources:
+      requests:
+        cpu: 250m
+        memory: 1024Mi
+      limits:
+        cpu: 250m
+        memory: 1024Mi

chart/environment-values/values.openwifi-qa.test-nodes.yaml

@@ -0,0 +1,235 @@
+owgw:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+  postgresql:
+    primary:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+    readReplicas:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+
+owsec:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+  postgresql:
+    primary:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+    readReplicas:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+
+owgwui:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+owfms:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+  postgresql:
+    primary:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+    readReplicas:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+
+owprov:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+  postgresql:
+    primary:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+    readReplicas:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+
+owprovui:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+owls:
+  nodeSelector:
+    env: owls
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+  postgresql:
+    primary:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+    readReplicas:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+
+owlsui:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+owanalytics:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+  postgresql:
+    primary:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+    readReplicas:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+
+owsub:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+  postgresql:
+    primary:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+    readReplicas:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+
+owrrm:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+  mysql:
+    nodeSelector:
+      env: tests
+    tolerations:
+    - key: "tests"
+      operator: "Exists"
+      effect: "NoSchedule"
+
+kafka:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+  zookeeper:
+    nodeSelector:
+      env: tests
+    tolerations:
+    - key: "tests"
+      operator: "Exists"
+      effect: "NoSchedule"
+
+postgresql-ha:
+  pgpool:
+    nodeSelector:
+      env: tests
+    tolerations:
+    - key: "tests"
+      operator: "Exists"
+      effect: "NoSchedule"
+  postgresql:
+    nodeSelector:
+      env: tests
+    tolerations:
+    - key: "tests"
+      operator: "Exists"
+      effect: "NoSchedule"

chart/environment-values/values.openwifi-qa.yaml

@@ -0,0 +1,862 @@
+owgw:
+  # https://telecominfraproject.atlassian.net/browse/WIFI-5840
+  checks:
+    owgw:
+      readiness:
+        exec:
+          command: ["true"]
+        failureThreshold: 5
+      readiness:
+        failureThreshold: 5
+
+  resources:
+    requests:
+      cpu: 2000m
+      memory: 100Mi
+    limits:
+      cpu: 2000m
+      memory: 2Gi
+
+  securityContext:
+    sysctls:
+    - name: net.ipv4.tcp_keepalive_intvl
+      value: "5"
+    - name: net.ipv4.tcp_keepalive_probes
+      value: "2"
+    - name: net.ipv4.tcp_keepalive_time
+      value: "45"
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+  podSecurityPolicy:
+    enabled: true
+
+  certs:
+    restapi-ca.pem: |
+      -----BEGIN CERTIFICATE-----
+      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+      5IOM7ItsRmen6u3qu+JXros54e4juQ==
+      -----END CERTIFICATE-----
+    clientcas.pem: |
+      -----BEGIN CERTIFICATE-----
+      MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
+      qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
+      yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
+      4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
+      ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
+      UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
+      YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+      DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
+      98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
+      BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
+      AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
+      cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
+      ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
+      KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
+      IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
+      XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
+      IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
+      DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
+      EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
+      -----END CERTIFICATE-----
+      -----BEGIN CERTIFICATE-----
+      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+      5IOM7ItsRmen6u3qu+JXros54e4juQ==
+      -----END CERTIFICATE-----
+    issuer.pem: |
+      -----BEGIN CERTIFICATE-----
+      MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
+      qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
+      yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
+      4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
+      ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
+      UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
+      YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+      DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
+      98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
+      BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
+      AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
+      cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
+      ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
+      KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
+      IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
+      XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
+      IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
+      DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
+      EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
+      -----END CERTIFICATE-----
+    root.pem: |
+      -----BEGIN CERTIFICATE-----
+      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+      5IOM7ItsRmen6u3qu+JXros54e4juQ==
+      -----END CERTIFICATE-----
+
+  certsCAs:
+    issuer.pem: |
+      -----BEGIN CERTIFICATE-----
+      MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
+      qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
+      yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
+      4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
+      ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
+      UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
+      YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+      DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
+      98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
+      BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
+      AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
+      cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
+      ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
+      KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
+      IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
+      XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
+      IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
+      DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
+      EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
+      -----END CERTIFICATE-----
+    root.pem: |
+      -----BEGIN CERTIFICATE-----
+      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+      5IOM7ItsRmen6u3qu+JXros54e4juQ==
+      -----END CERTIFICATE-----
+
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owgw:
+      - name: config
+        mountPath: /owgw-data/owgw.properties
+        subPath: owgw.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-config
+      - name: certs
+        mountPath: /owgw-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-certs
+      - name: certs-cas
+        mountPath: /owgw-data/certs/cas
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-certs-cas
+      - name: persist
+        mountPath: /owgw-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owgw.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owgw-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
+
+owsec:
+  # https://telecominfraproject.atlassian.net/browse/WIFI-5840
+  checks:
+    owsec:
+      readiness:
+        exec:
+          command: ["true"]
+
+  resources:
+    requests:
+      cpu: 10m
+      memory: 15Mi
+    limits:
+      cpu: 100m
+      memory: 100Mi
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+  certs:
+    restapi-ca.pem: |
+      -----BEGIN CERTIFICATE-----
+      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+      5IOM7ItsRmen6u3qu+JXros54e4juQ==
+      -----END CERTIFICATE-----
+
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
+    mailer.hostname: email-smtp.us-east-2.amazonaws.com
+    openwifi.certificates.allowmismatch: "false"
+
+  volumes:
+    owsec:
+      - name: config
+        mountPath: /owsec-data/owsec.properties
+        subPath: owsec.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsec.fullname" . }}-config
+      - name: certs
+        mountPath: /owsec-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsec.fullname" . }}-certs
+      - name: persist
+        mountPath: /owsec-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owsec.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owsec-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
+
+owgwui:
+  services:
+    owgwui:
+      type: NodePort
+
+  ingresses:
+    default:
+      enabled: true
+      annotations:
+        kubernetes.io/ingress.class: alb
+        alb.ingress.kubernetes.io/scheme: internet-facing
+        alb.ingress.kubernetes.io/group.name: wlan-cicd
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
+        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
+      paths:
+      - path: /*
+        serviceName: owgwui
+        servicePort: http
+
+  resources:
+    requests:
+      cpu: 10m
+      memory: 30Mi
+    limits:
+      cpu: 10m
+      memory: 30Mi
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+owfms:
+  # https://telecominfraproject.atlassian.net/browse/WIFI-5840
+  checks:
+    owfms:
+      readiness:
+        exec:
+          command: ["true"]
+
+  resources:
+    requests:
+      cpu: 10m
+      memory: 80Mi
+    limits:
+      cpu: 100m
+      memory: 160Mi
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+  certs:
+    restapi-ca.pem: |
+      -----BEGIN CERTIFICATE-----
+      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+      5IOM7ItsRmen6u3qu+JXros54e4juQ==
+      -----END CERTIFICATE-----
+
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+    FIRMWAREDB_MAXAGE: "360"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owfms:
+      - name: config
+        mountPath: /owfms-data/owfms.properties
+        subPath: owfms.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owfms.fullname" . }}-config
+      - name: certs
+        mountPath: /owfms-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owfms.fullname" . }}-certs
+      - name: persist
+        mountPath: /owfms-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owfms.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owfms-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
+
+owprov:
+  checks:
+    owprov:
+      readiness:
+        exec:
+          command: ["true"]
+
+  resources:
+    requests:
+      cpu: 10m
+      memory: 20Mi
+    limits:
+      cpu: 100m
+      memory: 100Mi
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+  certs:
+    restapi-ca.pem: |
+      -----BEGIN CERTIFICATE-----
+      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+      5IOM7ItsRmen6u3qu+JXros54e4juQ==
+      -----END CERTIFICATE-----
+
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
+    rrm.providers: owrrm
+
+  volumes:
+    owprov:
+      - name: config
+        mountPath: /owprov-data/owprov.properties
+        subPath: owprov.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owprov.fullname" . }}-config
+      - name: certs
+        mountPath: /owprov-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owprov.fullname" . }}-certs
+      - name: persist
+        mountPath: /owprov-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owprov.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owprov-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
+
+owprovui:
+  services:
+    owprovui:
+      type: NodePort
+
+  ingresses:
+    default:
+      enabled: true
+      annotations:
+        kubernetes.io/ingress.class: alb
+        alb.ingress.kubernetes.io/scheme: internet-facing
+        alb.ingress.kubernetes.io/group.name: wlan-cicd
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
+        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
+      paths:
+      - path: /*
+        serviceName: owprovui
+        servicePort: http
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+owanalytics:
+  checks:
+    owanalytics:
+      readiness:
+        exec:
+          command: ["true"]
+
+  resources:
+    requests:
+      cpu: 10m
+      memory: 100Mi
+    limits:
+      cpu: 100m
+      memory: 500Mi
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+  certs:
+    restapi-ca.pem: |
+      -----BEGIN CERTIFICATE-----
+      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+      5IOM7ItsRmen6u3qu+JXros54e4juQ==
+      -----END CERTIFICATE-----
+
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owanalytics:
+      - name: config
+        mountPath: /owanalytics-data/owanalytics.properties
+        subPath: owanalytics.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owanalytics.fullname" . }}-config
+      - name: certs
+        mountPath: /owanalytics-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owanalytics.fullname" . }}-certs
+      - name: persist
+        mountPath: /owanalytics-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owanalytics.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owanalytics-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
+
+owsub:
+  resources:
+    requests:
+      cpu: 10m
+      memory: 100Mi
+    limits:
+      cpu: 100m
+      memory: 500Mi
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+  certs:
+    restapi-ca.pem: |
+      -----BEGIN CERTIFICATE-----
+      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+      5IOM7ItsRmen6u3qu+JXros54e4juQ==
+      -----END CERTIFICATE-----
+
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owsub:
+      - name: config
+        mountPath: /owsub-data/owsub.properties
+        subPath: owsub.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsub.fullname" . }}-config
+      - name: certs
+        mountPath: /owsub-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsub.fullname" . }}-certs
+      - name: persist
+        mountPath: /owsub-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owsub.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owsub-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
+
+owrrm:
+  fullnameOverride: owrrm
+
+  services:
+    owrrm:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16789"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16789,17007"
+
+  resources:
+    requests:
+      cpu: 1000m
+      memory: 2048Mi
+    limits:
+      cpu: 1000m
+      memory: 2048Mi
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+    SERVICECONFIG_PRIVATEENDPOINT: http://owrrm-owrrm:16789
+    KAFKACONFIG_BOOTSTRAPSERVER: kafka:9092
+    DATABASECONFIG_DBNAME: owrrm
+    DATABASECONFIG_DATARETENTIONINTERVALDAYS: "1"
+    # Empty string will disable DB usage
+    DATABASECONFIG_SERVER: ""
+    # Uncomment these parameters to enable DB usage + enable mysql below
+    #DATABASECONFIG_SERVER: owrrm-mysql:3306
+
+  secret_env_variables:
+    DATABASECONFIG_USER: root
+    DATABASECONFIG_PASSWORD: openwifi
+
+  volumes:
+    owrrm:
+      - name: persist
+        mountPath: /owrrm-data/
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owrrm.fullname" . }}-pvc
+
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owrrm.fullname" . }}-owrrm-restapi-tls
+
+  mysql:
+    enabled: false
+    fullnameOverride: "owrrm-mysql"
+
+    resources:
+      requests:
+        cpu: 100m
+        memory: 512Mi
+      limits:
+        cpu: 100m
+        memory: 512Mi
+
+kafka:
+  commonAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+  heapOpts: -Xmx512m -Xms512m
+  resources:
+    requests:
+      cpu: 100m
+      memory: 512Mi
+    limits:
+      cpu: 500m
+      memory: 1Gi
+  readinessProbe:
+    initialDelaySeconds: 45
+  livenessProbe:
+    initialDelaySeconds: 60
+  zookeeper:
+    commonAnnotations:
+      cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+    heapSize: 256
+    resources:
+      requests:
+        cpu: 100m
+        memory: 256Mi
+      limits:
+        cpu: 200m
+        memory: 384Mi
+
+clustersysteminfo:
+  enabled: true
+  delay: 60 # delaying to wait for AWS Route53 DNS propagation
+
+haproxy:
+  resources:
+    requests:
+      cpu: 10m
+      memory: 20Mi
+    limits:
+      cpu: 10m
+      memory: 20Mi
+  service:
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+      service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080"
+      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
+      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,5913,16001,17001,16009,16007,16006,17006"
+      service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
+
+restapiCerts:
+  enabled: true

chart/feature-values/values.disable-haproxy.yaml

@@ -0,0 +1,27 @@
+owgw:
+  services:
+    owgw:
+      type: LoadBalancer
+
+owsec:
+  services:
+    owsec:
+      type: LoadBalancer
+
+rttys:
+  services:
+    rttys:
+      type: LoadBalancer
+
+owfms:
+  services:
+    owfms:
+      type: LoadBalancer
+
+owprov:
+  services:
+    owprov:
+      type: LoadBalancer
+
+haproxy:
+  enabled: false

chart/feature-values/values.enable-clustersysteminfo.yaml

@@ -0,0 +1,15 @@
+clustersysteminfo:
+  enabled: true
+  delay: 0 # you may change this if you need to wait for DNS propogation or other things
+
+  public_env_variables:
+    OWSEC: owsec-owsec:16001
+    # Uncomment these options if you want to run systeminfo checks inside of cluster
+    #OWGW_OVERRIDE: owgw-owgw:16002
+    #OWFMS_OVERRIDE: owfms-owfms:16004
+    #OWPROV_OVERRIDE: owprov-owprov:16005
+
+  secret_env_variables:
+    OWSEC_DEFAULT_USERNAME: tip@ucentral.com
+    OWSEC_DEFAULT_PASSWORD: openwifi
+    OWSEC_NEW_PASSWORD: TOFILL # TODO adapt password to your new password with password policy in mind

chart/feature-values/values.enable-owls.yaml

@@ -0,0 +1,9 @@
+owgw:
+  configProperties:
+    simulatorid: 53494D020202 # This value should be set to serial number of certificate that was provided to OWLS
+
+owls:
+  enabled: true
+
+owlsui:
+  enabled: true

chart/feature-values/values.owgw-unsafe-sysctl.yaml

@@ -0,0 +1,12 @@
+owgw:
+  securityContext:
+    sysctls:
+    - name: net.ipv4.tcp_keepalive_intvl
+      value: "5"
+    - name: net.ipv4.tcp_keepalive_probes
+      value: "2"
+    - name: net.ipv4.tcp_keepalive_time
+      value: "45"
+
+  podSecurityPolicy:
+    enabled: true

chart/feature-values/values.restapi-certmanager-certs.yaml

@@ -0,0 +1,271 @@
+owgw:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owgw:
+      - name: config
+        mountPath: /owgw-data/owgw.properties
+        subPath: owgw.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-config
+      - name: certs
+        mountPath: /owgw-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-certs
+      - name: certs-cas
+        mountPath: /owgw-data/certs/cas
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-certs-cas
+      - name: persist
+        mountPath: /owgw-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owgw.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owgw-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
+
+owsec:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owsec:
+      - name: config
+        mountPath: /owsec-data/owsec.properties
+        subPath: owsec.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsec.fullname" . }}-config
+      - name: certs
+        mountPath: /owsec-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsec.fullname" . }}-certs
+      - name: persist
+        mountPath: /owsec-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owsec.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owsec-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
+
+owfms:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owfms:
+      - name: config
+        mountPath: /owfms-data/owfms.properties
+        subPath: owfms.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owfms.fullname" . }}-config
+      - name: certs
+        mountPath: /owfms-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owfms.fullname" . }}-certs
+      - name: persist
+        mountPath: /owfms-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owfms.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owfms-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
+
+owprov:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owprov:
+      - name: config
+        mountPath: /owprov-data/owprov.properties
+        subPath: owprov.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owprov.fullname" . }}-config
+      - name: certs
+        mountPath: /owprov-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owprov.fullname" . }}-certs
+      - name: persist
+        mountPath: /owprov-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owprov.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owprov-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
+
+owanalytics:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owanalytics:
+      - name: config
+        mountPath: /owanalytics-data/owanalytics.properties
+        subPath: owanalytics.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owanalytics.fullname" . }}-config
+      - name: certs
+        mountPath: /owanalytics-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owanalytics.fullname" . }}-certs
+      - name: persist
+        mountPath: /owanalytics-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owanalytics.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owanalytics-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
+
+owsub:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owsub:
+      - name: config
+        mountPath: /owsub-data/owsub.properties
+        subPath: owsub.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsub.fullname" . }}-config
+      - name: certs
+        mountPath: /owsub-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsub.fullname" . }}-certs
+      - name: persist
+        mountPath: /owsub-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owsub.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owsub-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
+
+restapiCerts:
+  enabled: true

chart/feature-values/values.restapi-disable-tls.yaml

@@ -0,0 +1,30 @@
+# NOTE: using of this values files will require you to use http schema in 'openwifi.system.uri.public' configuration properties (i.e. "openwifi.system.uri.public=http://owgw.openwifi.local:16002")
+owgw:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+    openwifi.system.uri.private: http://owsec-owsec:17002
+
+owsec:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+    openwifi.system.uri.private: http://owsec-owsec:17001
+
+owfms:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+    openwifi.system.uri.private: http://owsec-owsec:17004
+
+owprov:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+    openwifi.system.uri.private: http://owsec-owsec:17005
+
+owanalytics:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+    openwifi.system.uri.private: http://owsec-owsec:17009
+
+owsub:
+  configProperties:
+    openwifi.security.restapi.disable: "true"
+    openwifi.system.uri.private: http://owsec-owsec:17006

chart/templates/_helpers.tpl

@@ -2,7 +2,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "wlanclouducentral.name" -}}
+{{- define "openwifi.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
@@ -11,7 +11,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "wlanclouducentral.fullname" -}}
+{{- define "openwifi.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
@@ -27,6 +27,6 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "wlanclouducentral.chart" -}}
+{{- define "openwifi.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

chart/templates/_initdb_scripts.tpl

@@ -0,0 +1,21 @@
+{{- define "openwifi.user_creation_script" -}}
+{{- $root := . -}}
+{{- $postgresqlBase := index .Values "postgresql-ha" }}
+{{- $postgresqlEmulatedRoot := (dict "Values" $postgresqlBase "Chart" (dict "Name" "postgresql-ha") "Release" $.Release) }}
+#!/bin/bash
+export PGPASSWORD=$PGPOOL_POSTGRES_PASSWORD
+
+until psql -h {{ include "postgresql-ha.postgresql" $postgresqlEmulatedRoot }} postgres postgres -c '\q'; do
+  >&2 echo "Postgres is unavailable - sleeping"
+  sleep 1
+done
+
+{{ range index .Values "postgresql-ha" "initDbScriptSecret" "services" }}
+echo "{{ . }}"
+echo "SELECT 'CREATE USER {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }}' WHERE NOT EXISTS (SELECT FROM pg_user WHERE usename = '{{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }}')\gexec" | psql -h {{ include "postgresql-ha.postgresql" $postgresqlEmulatedRoot }} postgres postgres
+echo "ALTER USER {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }} WITH ENCRYPTED PASSWORD '{{ index $root "Values" . "configProperties" "storage.type.postgresql.password" }}'" | psql -h {{ include "postgresql-ha.postgresql" $postgresqlEmulatedRoot }} postgres postgres
+echo "SELECT 'CREATE DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }}' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '{{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }}')\gexec" | psql -h {{ include "postgresql-ha.postgresql" $postgresqlEmulatedRoot }} postgres postgres
+echo "GRANT ALL PRIVILEGES ON DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }} TO {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }}" | psql -h {{ include "postgresql-ha.postgresql" $postgresqlEmulatedRoot }} postgres postgres
+
+{{ end }}
+{{- end -}}

chart/templates/certificate-restapi.yaml

@@ -0,0 +1,52 @@
+{{- $root := . -}}
+{{- if .Values.restapiCerts.enabled }}
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: selfsigned-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: ow-wildcard
+spec:
+  secretName: ow-wildcard-tls
+  commonName: {{ .Release.Namespace }}.svc.{{ .Values.restapiCerts.clusterDomain }}
+  isCA: true
+  duration: 87600h
+  usages:
+    - server auth
+    - client auth
+  issuerRef:
+    name: selfsigned-issuer
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: ow-ca-issuer
+spec:
+  ca:
+    secretName: ow-wildcard-tls
+{{ range .Values.restapiCerts.services }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ . }}-restapi
+spec:
+  secretName: {{ . }}-restapi-tls
+  isCA: false
+  usages:
+    - server auth
+    - client auth
+  dnsNames:
+  - "{{ . }}"
+  - "{{ . }}.{{ $root.Release.Namespace }}.svc"
+  - "{{ . }}.{{ $root.Release.Namespace }}.svc.{{ $root.Values.restapiCerts.clusterDomain }}"
+  issuerRef:
+    name: ow-ca-issuer
+{{- end }}
+{{- end }}

chart/templates/job-clustersysteminfo.yaml

@@ -0,0 +1,86 @@
+{{- $root := . -}}
+{{- if .Values.clustersysteminfo.enabled }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "openwifi.fullname" . }}-clustersysteminfo-check
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-weight": "10"
+    "helm.sh/hook-delete-policy": before-hook-creation
+  labels:
+    app.kubernetes.io/name: {{ include "openwifi.name" . }}
+    helm.sh/chart: {{ include "openwifi.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  {{- with .Values.clustersysteminfo.activeDeadlineSeconds }}
+  activeDeadlineSeconds: {{ . }}
+  {{- end }}
+  {{- with .Values.clustersysteminfo.backoffLimit }}
+  backoffLimit: {{ . }}
+  {{- end }}
+  template:
+    metadata:
+      name: {{ include "openwifi.fullname" . }}-clustersysteminfo-check
+      labels:
+        app.kubernetes.io/name: {{ include "openwifi.name" . }}
+        helm.sh/chart: {{ include "openwifi.chart" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+    spec:
+      initContainers:
+        - name: delay
+          image: "alpine:latest"
+          command: ["/bin/sleep","{{ default 0 .Values.clustersysteminfo.delay }}"]
+      containers:
+        - name: clustersysteminfo-check
+          image: "{{ .Values.clustersysteminfo.images.clustersysteminfo.repository }}:{{ .Values.clustersysteminfo.images.clustersysteminfo.tag }}"
+          imagePullPolicy: {{ .Values.clustersysteminfo.images.clustersysteminfo.pullPolicy }}
+
+          env:
+            - name: KUBERNETES_DEPLOYED
+              value: "{{ now }}"
+          {{- range $key, $value := .Values.clustersysteminfo.public_env_variables }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+          {{- end }}
+          {{- range $key, $value := .Values.clustersysteminfo.secret_env_variables }}
+            - name: {{ $key }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "openwifi.fullname" $root }}-clustersysteminfo-env
+                  key: {{ $key }}
+          {{- end }}
+
+          {{- with .Values.clustersysteminfo.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+
+      restartPolicy: {{ .Values.clustersysteminfo.restartPolicy }}
+
+      imagePullSecrets:
+      {{- range $image, $imageValue := .Values.clustersysteminfo.images }}
+        {{- if $imageValue.regcred }}
+      - name: {{ include "openwifi.fullname" $root }}-{{ $image }}-clustersysteminfo-regcred
+        {{- end }}
+      {{- end }}
+
+      {{- with .Values.clustersysteminfo.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      {{- with .Values.clustersysteminfo.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      {{- with .Values.clustersysteminfo.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+{{- end }}

chart/templates/secret-clustersysteminfo-env.yaml

@@ -0,0 +1,19 @@
+{{- $root := . -}}
+{{- if .Values.clustersysteminfo.enabled }}
+---
+apiVersion: v1
+metadata:
+  labels:
+    app.kuberentes.io/name: {{ include "openwifi.name" . }}
+    helm.sh/chart: {{ include "openwifi.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  name: {{ include "openwifi.fullname" . }}-clustersysteminfo-env
+kind: Secret
+type: Opaque
+data:
+  # Secret env variables
+  {{- range $key, $value := .Values.clustersysteminfo.secret_env_variables }}
+  {{ $key }}: {{ $value | b64enc | quote }}
+  {{- end }}
+{{- end }}

chart/templates/secret-clustersysteminfo-regcred.yaml

@@ -0,0 +1,20 @@
+{{- $root := . -}}
+{{- if .Values.clustersysteminfo.enabled }}
+{{- range $image, $imageValue := .Values.clustersysteminfo.images }}
+{{- if $imageValue.regcred }}
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+  labels:
+    app.kuberentes.io/name: {{ include "openwifi.name" $root }}
+    helm.sh/chart: {{ include "openwifi.chart" $root }}
+    app.kubernetes.io/instance: {{ $root.Release.Name }}
+    app.kubernetes.io/managed-by: {{ $root.Release.Service }}
+  name: {{ include "openwifi.fullname" $root }}-{{ $image }}-clustersysteminfo-regcred
+data:
+  .dockerconfigjson: {{ $imageValue.regcred | quote }}
+{{- end }}
+{{- end }}
+{{- end }}

chart/templates/secret-pgpool-initdb.yaml

@@ -0,0 +1,16 @@
+{{- $root := . -}}
+{{- if index .Values "postgresql-ha" "initDbScriptSecret" "enabled" }}
+---
+apiVersion: v1
+metadata:
+  labels:
+    app.kuberentes.io/name: {{ include "openwifi.name" . }}
+    helm.sh/chart: {{ include "openwifi.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  name: {{ include "openwifi.fullname" . }}-initdb-scripts
+kind: Secret
+type: Opaque
+data:
+  users_creation.sh: {{ include "openwifi.user_creation_script" . | b64enc | quote }}
+{{- end }}

chart/values.yaml

@@ -1,35 +1,65 @@
-# uCentralGW (https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/)
-ucentralgw:
-  fullnameOverride: ucentralgw
+# OpenWIFI Gateway (https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/)
+owgw:
+  fullnameOverride: owgw
 
   configProperties:
-    ucentral.kafka.enable: "true"
-    ucentral.kafka.brokerlist: kafka:9092
+    openwifi.kafka.enable: "true"
+    openwifi.kafka.brokerlist: kafka:9092
 
-# uCentralSec (https://github.com/Telecominfraproject/wlan-cloud-ucentralsec)
-ucentralsec:
-  fullnameOverride: ucentralsec
+# OpenWIFI Security (https://github.com/Telecominfraproject/wlan-cloud-ucentralsec)
+owsec:
+  fullnameOverride: owsec
 
   configProperties:
-    ucentral.kafka.enable: "true"
-    ucentral.kafka.brokerlist: kafka:9092
+    openwifi.kafka.enable: "true"
+    openwifi.kafka.brokerlist: kafka:9092
 
-# uCentralFMS (https://github.com/Telecominfraproject/wlan-cloud-ucentralfms)
-ucentralfms:
-  fullnameOverride: ucentralfms
+# OpenWIFI Firmware (https://github.com/Telecominfraproject/wlan-cloud-ucentralfms)
+owfms:
+  fullnameOverride: owfms
 
   configProperties:
-    ucentral.kafka.enable: "true"
-    ucentral.kafka.brokerlist: kafka:9092
+    openwifi.kafka.enable: "true"
+    openwifi.kafka.brokerlist: kafka:9092
 
-# rttys (https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty)
-rttys:
-  enabled: true
+# OpenWIFI Provisioning (https://github.com/Telecominfraproject/wlan-cloud-owprov/)
+owprov:
+  fullnameOverride: owprov
 
-  fullnameOverride: rttys
+  configProperties:
+    openwifi.kafka.enable: "true"
+    openwifi.kafka.brokerlist: kafka:9092
 
-  config:
-    token: 96181c567b4d0d98c50f127230068fa8
+# OpenWIFI Analytics (https://github.com/Telecominfraproject/wlan-cloud-analytics)
+owanalytics:
+  fullnameOverride: owanalytics
+
+  configProperties:
+    openwifi.kafka.enable: "true"
+    openwifi.kafka.brokerlist: kafka:9092
+
+# OpenWIFI Web UI (https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui/)
+owgwui:
+  fullnameOverride: owgwui
+
+# OpenWIFI Provisioning Web UI (https://github.com/Telecominfraproject/wlan-cloud-owprov-ui/)
+owprovui:
+  fullnameOverride: owprovui
+
+# OpenWIFI Subscription (https://github.com/Telecominfraproject/wlan-cloud-userportal/)
+owsub:
+  fullnameOverride: owsub
+
+  configProperties:
+    openwifi.kafka.enable: "true"
+    openwifi.kafka.brokerlist: kafka:9092
+
+# OpenWIFI radio resource management (https://github.com/Telecominfraproject/wlan-cloud-rrm/)
+owrrm:
+  fullnameOverride: owrrm
+
+  mysql:
+    enabled: true
 
 # kafka (https://github.com/bitnami/charts/blob/master/bitnami/kafka/)
 kafka:
@@ -47,8 +77,380 @@ kafka:
   zookeeper:
     fullnameOverride: zookeeper
 
-# uCentral UI (https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui/)
-ucentralgwui:
+# clustersysteminfo check
+clustersysteminfo:
+  enabled: false
+  delay: 0 # number of seconds to delay clustersysteminfo execution
+
+  images:
+    clustersysteminfo:
+      repository: tip-tip-wlan-cloud-ucentral.jfrog.io/clustersysteminfo
+      tag: main
+      pullPolicy: Always
+#      regcred:
+#        registry: tip-tip-wlan-cloud-ucentral.jfrog.io
+#        username: username
+#        password: password
+
+  resources: {}
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    # requests:
+    #  cpu: 100m
+    #  memory: 128Mi
+    # limits:
+    #  cpu: 100m
+    #  memory: 128Mi
+
+  nodeSelector: {}
+
+  tolerations: []
+
+  affinity: {}
+
+  public_env_variables:
+    FLAGS: "-s --connect-timeout 3"
+    OWSEC: owsec-owsec:16001
+    CHECK_RETRIES: 30
+
+  secret_env_variables:
+    OWSEC_DEFAULT_USERNAME: tip@ucentral.com
+    OWSEC_DEFAULT_PASSWORD: openwifi
+    #OWSEC_NEW_PASSWORD: "" # Set this value in order for the check to work. Password must comply https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationvalidationexpression
+
+  activeDeadlineSeconds: 2400
+  backoffLimit: 5
+  restartPolicy: OnFailure
+
+# OpenWIFI Load Simulator (https://github.com/Telecominfraproject/wlan-cloud-owls)
+owls:
+  enabled: false
+
+  fullnameOverride: owls
+
+  configProperties:
+    openwifi.kafka.enable: "true"
+    openwifi.kafka.brokerlist: kafka:9092
+
+# OpenWIFI Load Simulator UI (https://github.com/Telecominfraproject/wlan-cloud-owls-ui)
+owlsui:
+  enabled: false
+
+  fullnameOverride: owlsui
+
+# HAproxy (https://github.com/bitnami/charts/tree/master/bitnami/haproxy)
+haproxy:
   enabled: true
 
-  fullnameOverride: ucentralgwui
+  fullnameOverride: proxy
+
+  replicaCount: 3
+
+  service:
+    type: LoadBalancer
+    ports:
+      # healthcheck
+      - name: health
+        protocol: TCP
+        port: 8080
+        targetPort: health
+      # owfms
+      - name: owfmsrest
+        protocol: TCP
+        port: 16004
+        targetPort: owfmsrest
+      - name: owfmsrestint
+        protocol: TCP
+        port: 17004
+        targetPort: owfmsrestint
+      # owgw
+      - name: owgwws
+        protocol: TCP
+        port: 15002
+        targetPort: owgwws
+      - name: owgwrest
+        protocol: TCP
+        port: 16002
+        targetPort: owgwrest
+      - name: owgwfileup
+        protocol: TCP
+        port: 16003
+        targetPort: owgwfileup
+      - name: owgwrestint
+        protocol: TCP
+        port: 17002
+        targetPort: owgwrestint
+      - name: owgwrttys
+        protocol: TCP
+        port: 5912
+        targetPort: owgwrttys
+      - name: owgwrttysview
+        protocol: TCP
+        port: 5913
+        targetPort: owgwrttysview
+      # owprov
+      - name: owprovrest
+        protocol: TCP
+        port: 16005
+        targetPort: owprovrest
+      - name: owprovrestint
+        protocol: TCP
+        port: 17005
+        targetPort: owprovrestint
+      # owsec
+      - name: owsecrest
+        protocol: TCP
+        port: 16001
+        targetPort: owsecrest
+      - name: owsecrestint
+        protocol: TCP
+        port: 17001
+        targetPort: owsecrestint
+      # owanalytics
+      - name: owanalyticsrest
+        protocol: TCP
+        port: 16009
+        targetPort: owanalyticsrest
+      - name: owanalyticsrint
+        protocol: TCP
+        port: 17009
+        targetPort: owanalyticsrint
+      # owsub
+      - name: owsubrest
+        protocol: TCP
+        port: 16006
+        targetPort: owsubrest
+      - name: owsubrint
+        protocol: TCP
+        port: 17006
+        targetPort: owsubrint
+
+  containerPorts:
+    # healthcheck
+    - name: health
+      containerPort: 8080
+    # owfms
+    - name: owfmsrest
+      containerPort: 16004
+    - name: owfmsrestint
+      containerPort: 17004
+    # owgw
+    - name: owgwws
+      containerPort: 15002
+    - name: owgwrest
+      containerPort: 16002
+    - name: owgwfileup
+      containerPort: 16003
+    - name: owgwrestint
+      containerPort: 17002
+    - name: owgwrttys
+      containerPort: 5912
+    - name: owgwrttysview
+      containerPort: 5913
+    # owprov
+    - name: owprovrest
+      containerPort: 16005
+    - name: owprovrestint
+      containerPort: 17005
+    # owsec
+    - name: owsecrest
+      containerPort: 16001
+    - name: owsecrestint
+      containerPort: 17001
+    # owanalytics
+    - name: owanalyticsrest
+      containerPort: 16009
+    - name: owanalyticsrint
+      containerPort: 17009
+    # owsub
+    - name: owsubrest
+      containerPort: 16006
+    - name: owsubrint
+      containerPort: 17006
+
+  configuration: |
+    global
+      log stdout format raw local0
+      maxconn 1024
+    defaults
+      log global
+      timeout client 360s
+      timeout connect 60s
+      timeout server 360s
+
+    # healthcheck
+    frontend front_healthcheck
+      bind :8080
+      mode http
+      default_backend back_healthcheck
+    backend back_healthcheck
+      mode http
+      http-after-response set-header Access-Control-Allow-Origin "*"
+      http-after-response set-header Access-Control-Max-Age "31536000"
+      http-request return status 200 content-type "text/plain" string "Pong"
+
+    # owfms
+    frontend front_owfms_rest
+      bind :16004
+      mode tcp
+      default_backend back_owfms_rest
+    backend back_owfms_rest
+      mode tcp
+      server svc_owfms_rest owfms-owfms:16004
+
+    frontend front_owfms_rest_internal
+      bind :17004
+      mode tcp
+      default_backend back_owfms_rest_internal
+    backend back_owfms_rest_internal
+      mode tcp
+      server svc_owfms_rest_internal owfms-owfms:17004
+
+    # owgw
+    frontend front_owgw_websocket
+      bind :15002
+      mode tcp
+      default_backend back_owgw_websocket
+    backend back_owgw_websocket
+      mode tcp
+      server svc_owgw_websocket owgw-owgw:15002
+
+    frontend front_owgw_rest
+      bind :16002
+      mode tcp
+      default_backend back_owgw_rest
+    backend back_owgw_rest
+      mode tcp
+      server svc_owgw_rest owgw-owgw:16002
+
+    frontend front_owgw_fileuploader
+      bind :16003
+      mode tcp
+      default_backend back_owgw_fileuploader
+    backend back_owgw_fileuploader
+      mode tcp
+      server svc_owgw_fileuploader owgw-owgw:16003
+
+    frontend front_owgw_rest_internal
+      bind :17002
+      mode tcp
+      default_backend back_owgw_rest_internal
+    backend back_owgw_rest_internal
+      mode tcp
+      server svc_owgw_rest_internal owgw-owgw:17002
+
+    frontend front_owgw_rttys
+      bind :5912
+      mode tcp
+      default_backend back_owgw_rttys
+    backend back_owgw_rttys
+      mode tcp
+      server svc_owgw_rttys owgw-owgw:5912
+
+    frontend front_owgw_rttys_view
+      bind :5913
+      mode tcp
+      default_backend back_owgw_rttys_view
+    backend back_owgw_rttys_view
+      mode tcp
+      server svc_owgw_rttys_view owgw-owgw:5913
+
+    # owprov
+    frontend front_owprov_rest
+      bind :16005
+      mode tcp
+      default_backend back_owprov_rest
+    backend back_owprov_rest
+      mode tcp
+      server svc_owprov_rest owprov-owprov:16005
+
+    frontend front_owprov_rest_internal
+      bind :17005
+      mode tcp
+      default_backend back_owprov_rest_internal
+    backend back_owprov_rest_internal
+      mode tcp
+      server svc_owprov_rest_internal owprov-owprov:17005
+
+    # owsec
+    frontend front_owsec_rest
+      bind :16001
+      mode tcp
+      default_backend back_owsec_rest
+    backend back_owsec_rest
+      mode tcp
+      server svc_owsec_rest owsec-owsec:16001
+
+    frontend front_owsec_rest_internal
+      bind :17001
+      mode tcp
+      default_backend back_owsec_rest_internal
+    backend back_owsec_rest_internal
+      mode tcp
+      server svc_owsec_rest_internal owsec-owsec:17001
+
+    # owanalytics
+    frontend front_owanalytics_rest
+      bind :16009
+      mode tcp
+      default_backend back_owanalytics_rest
+    backend back_owanalytics_rest
+      mode tcp
+      server svc_owanalytics_rest owanalytics-owanalytics:16009
+
+    frontend front_owanalytics_rest_internal
+      bind :17009
+      mode tcp
+      default_backend back_owanalytics_rest_internal
+    backend back_owanalytics_rest_internal
+      mode tcp
+      server svc_owanalytics_rest_internal owanalytics-owanalytics:17009
+
+    # owsub
+    frontend front_owsub_rest
+      bind :16006
+      mode tcp
+      default_backend back_owsub_rest
+    backend back_owsub_rest
+      mode tcp
+      server svc_owsub_rest owsub-owsub:16006
+
+    frontend front_owsub_rest_internal
+      bind :17006
+      mode tcp
+      default_backend back_owsub_rest_internal
+    backend back_owsub_rest_internal
+      mode tcp
+      server svc_owsub_rest_internal owsub-owsub:17006
+
+# Cert-manager RESTAPI certs
+restapiCerts:
+  enabled: false
+
+  services:
+    - owgw-owgw
+    - owsec-owsec
+    - owfms-owfms
+    - owprov-owprov
+    - owls-owls
+    - owanalytics-owanalytics
+    - owsub-owsub
+    - owrrm-owrrm
+
+  clusterDomain: cluster.local
+
+postgresql-ha:
+  enabled: false
+  nameOverride: pgsql
+  fullnameOverride: pgsql
+  initDbScriptSecret:
+    enabled: false
+    services:
+      - owgw
+      - owsec
+      - owfms
+      - owprov
+      - owanalytics
+      - owsub

docker-compose/.env

@@ -1,8 +1,39 @@
-COMPOSE_PROJECT_NAME=ucentral
-UCENTRALGW_TAG=v2.1.0-RC1
-UCENTRALGWUI_TAG=v2.1.0-RC1
-UCENTRALSEC_TAG=v2.1.0-RC1
-UCENTRALFMS_TAG=v2.1.0-RC1
-RTTYS_TAG=3.5.0
+# Image tags
+COMPOSE_PROJECT_NAME=openwifi
+OWGW_TAG=master
+OWGWUI_TAG=main
+OWSEC_TAG=main
+OWFMS_TAG=main
+OWPROV_TAG=main
+OWPROVUI_TAG=main
+OWANALYTICS_TAG=main
+OWSUB_TAG=main
 KAFKA_TAG=latest
-ZOOKEEPER_TAG=latest
+ZOOKEEPER_TAG=3.8
+POSTGRESQL_TAG=15.0
+MYSQL_TAG=latest
+# NOTE currently OWRRM is only supported in LB installations
+#OWRRM_TAG=main
+
+# Microservice root/config directories
+OWGW_ROOT=/owgw-data
+OWGW_CONFIG=/owgw-data
+OWSEC_ROOT=/owsec-data
+OWSEC_CONFIG=/owsec-data
+OWFMS_ROOT=/owfms-data
+OWFMS_CONFIG=/owfms-data
+OWPROV_ROOT=/owprov-data
+OWPROV_CONFIG=/owprov-data
+OWANALYTICS_ROOT=/owanalytics-data
+OWANALYTICS_CONFIG=/owanalytics-data
+OWSUB_ROOT=/owsub-data
+OWSUB_CONFIG=/owsub-data
+
+# Microservice hostnames
+INTERNAL_OWGW_HOSTNAME=owgw.wlan.local
+INTERNAL_OWSEC_HOSTNAME=owsec.wlan.local
+INTERNAL_OWFMS_HOSTNAME=owfms.wlan.local
+INTERNAL_OWPROV_HOSTNAME=owprov.wlan.local
+INTERNAL_OWANALYTICS_HOSTNAME=owanalytics.wlan.local
+INTERNAL_OWSUB_HOSTNAME=owsub.wlan.local
+#INTERNAL_OWRRM_HOSTNAME=owrrm.wlan.local

docker-compose/.env.letsencrypt

@@ -0,0 +1,43 @@
+# Image tags
+COMPOSE_PROJECT_NAME=openwifi
+OWGW_TAG=master
+OWGWUI_TAG=main
+OWSEC_TAG=main
+OWFMS_TAG=main
+OWPROV_TAG=main
+OWPROVUI_TAG=main
+OWANALYTICS_TAG=main
+OWSUB_TAG=main
+OWRRM_TAG=main
+KAFKA_TAG=latest
+ZOOKEEPER_TAG=3.8
+ACMESH_TAG=latest
+TRAEFIK_TAG=latest
+MYSQL_TAG=latest
+
+# Microservice root/config directories
+OWGW_ROOT=/owgw-data
+OWGW_CONFIG=/owgw-data
+OWSEC_ROOT=/owsec-data
+OWSEC_CONFIG=/owsec-data
+OWFMS_ROOT=/owfms-data
+OWFMS_CONFIG=/owfms-data
+OWPROV_ROOT=/owprov-data
+OWPROV_CONFIG=/owprov-data
+OWANALYTICS_ROOT=/owanalytics-data
+OWANALYTICS_CONFIG=/owanalytics-data
+OWSUB_ROOT=/owsub-data
+OWSUB_CONFIG=/owsub-data
+
+# Microservice hostnames
+INTERNAL_OWGW_HOSTNAME=owgw.wlan.local
+INTERNAL_OWGWUI_HOSTNAME=owgw-ui.wlan.local
+INTERNAL_OWSEC_HOSTNAME=owsec.wlan.local
+INTERNAL_OWFMS_HOSTNAME=owfms.wlan.local
+INTERNAL_OWPROV_HOSTNAME=owprov.wlan.local
+INTERNAL_OWPROVUI_HOSTNAME=owprov-ui.wlan.local
+INTERNAL_OWANALYTICS_HOSTNAME=owanalytics.wlan.local
+INTERNAL_RTTYS_HOSTNAME=rttys.wlan.local
+INTERNAL_OWSUB_HOSTNAME=owsub.wlan.local
+INTERNAL_OWRRM_HOSTNAME=owrrm.wlan.local
+SDKHOSTNAME=

docker-compose/.env.selfsigned

@@ -0,0 +1,41 @@
+# Image tags
+COMPOSE_PROJECT_NAME=openwifi
+OWGW_TAG=master
+OWGWUI_TAG=main
+OWSEC_TAG=main
+OWFMS_TAG=main
+OWPROV_TAG=main
+OWPROVUI_TAG=main
+OWANALYTICS_TAG=main
+OWSUB_TAG=main
+OWRRM_TAG=main
+KAFKA_TAG=latest
+ZOOKEEPER_TAG=3.8
+ACMESH_TAG=latest
+TRAEFIK_TAG=latest
+MYSQL_TAG=latest
+
+# Microservice root/config directories
+OWGW_ROOT=/owgw-data
+OWGW_CONFIG=/owgw-data
+OWSEC_ROOT=/owsec-data
+OWSEC_CONFIG=/owsec-data
+OWFMS_ROOT=/owfms-data
+OWFMS_CONFIG=/owfms-data
+OWPROV_ROOT=/owprov-data
+OWPROV_CONFIG=/owprov-data
+OWANALYTICS_ROOT=/owanalytics-data
+OWANALYTICS_CONFIG=/owanalytics-data
+OWSUB_ROOT=/owsub-data
+OWSUB_CONFIG=/owsub-data
+
+# Microservice hostnames
+INTERNAL_OWGW_HOSTNAME=owgw.wlan.local
+INTERNAL_OWGWUI_HOSTNAME=owgw-ui.wlan.local
+INTERNAL_OWSEC_HOSTNAME=owsec.wlan.local
+INTERNAL_OWFMS_HOSTNAME=owfms.wlan.local
+INTERNAL_OWPROV_HOSTNAME=owprov.wlan.local
+INTERNAL_OWPROVUI_HOSTNAME=owprov-ui.wlan.local
+INTERNAL_OWANALYTICS_HOSTNAME=owanalytics.wlan.local
+INTERNAL_OWSUB_HOSTNAME=owsub.wlan.local
+INTERNAL_OWRRM_HOSTNAME=owrrm.wlan.local

docker-compose/.env_ucentralfms

@@ -1,3 +0,0 @@
-RUN_CHOWN=true
-UCENTRALFMS_ROOT=/ucentralfms-data
-UCENTRALFMS_CONFIG=/ucentralfms-data

docker-compose/.env_ucentralgw

@@ -1,3 +0,0 @@
-RUN_CHOWN=true
-UCENTRALGW_ROOT=/ucentralgw-data
-UCENTRALGW_CONFIG=/ucentralgw-data

docker-compose/.env_ucentralgw-ui

@@ -1,2 +0,0 @@
-DEFAULT_UCENTRALSEC_URL=https://ucentral.wlan.local:16001
-ALLOW_UCENTRALSEC_CHANGE=false

docker-compose/.env_ucentralsec

@@ -1,3 +0,0 @@
-RUN_CHOWN=true
-UCENTRALSEC_ROOT=/ucentralsec-data
-UCENTRALSEC_CONFIG=/ucentralsec-data

docker-compose/README.md

@@ -1,20 +1,238 @@
-# Docker Compose
-With the provided Docker Compose file you can instantiate a complete deployment of the uCentral microservices and related components for local development purposes. To spin up a local development environment:
+# OpenWifi SDK Docker Compose
+### Overview
+With the provided Docker Compose files you can instantiate a deployment of the OpenWifi microservices and related components. The repository contains a self-signed certificate and a TIP-signed gateway certificate which are valid for the `*.wlan.local` domain. You also have the possibility to either generate and use Let's Encrypt certs or provide your own certificates. Furthermore the deployments are split by whether Traefik is used as a reverse proxy/load balancer in front of the microservices or if they are exposed directly on the host. The advantage of using the deployments with Traefik is that you can use Let's Encrypt certs (automatic certificate generation and renewal) and you have the ability to scale specific containers to multiple replicas.
+The repository also contains a separate Docker Compose deployment to set up the [OWLS microservice](https://github.com/Telecominfraproject/wlan-cloud-owls) and related components for running a load simulation test against an existing controller.
+- [Non-LB deployment with self-signed certificates](#non-lb-deployment-with-self-signed-certificates)
+- [Non-LB deployment with own certificates](#non-lb-deployment-with-own-certificates)
+- [Non-LB deployment with PostgreSQL](#non-lb-deployment-with-postgresql)
+- [LB deployment with self-signed certificates](#lb-deployment-with-self-signed-certificates)
+- [LB deployment with Let's Encrypt certificates](#lb-deployment-with-letsencrypt-certificates)
+- [OWLS deployment with self-signed certificates](owls/README.md)
+- [AWS CloudFormation template](cloudformation/openwifi-cloudsdk-docker-compose.yml)
+
+### Configuration
+Config files for the microservices are generated on every startup based on the environment variables in the microservice specific env files. For an overview of the supported configuration properties have a look into these files. For an explanation of the configuration properties please see the README in the respective microservice repository.
+Be aware that local changes to the config files will be overwritten on every startup if `TEMPLATE_CONFIG` is set to `true` in the microservice env files. If you want to bind mount your own config file or make local changes, please set this variable to `false`.
+#### Required password changing on the first startup
+One important action that must be done before using the deployment is changing password for the default user in owsec as described in [owsec docs](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/tree/main#changing-default-password). Please use these docs to find the actions that must be done **after** the deployment in order to start using your deployment.
+### Ports
+Every OpenWifi service is exposed via a separate port either directly on the host or through Traefik. For an overview of the exposed ports have a look into the deployment specific Docker Compose file. If you use your own certificates, you can also configure different hostnames for the microservices.
+Please note that the OWProv-UI is exposed on port `8080(HTTP)/8443(HTTPS)` by default.
+### owsec templates and wwwassets
+On the startup of owsec directories for wwwassets and mailer templates are created from the base files included in Docker image. After the initial startup you may edit those files as you wish in the [owsec-data/persist](./owsec-data/persist) directory.
+## Non-LB deployment with self-signed certificates
 1. Switch into the project directory with `cd docker-compose/`.
-2. This repository contains a gateway certificate signed by TIP and a self-signed certificate for the REST API and other components which are used by default in the Compose deployment. The certificates are valid for the `*.wlan.local` domain and the Docker Compose uCentral microservice configs use `ucentral.wlan.local` as a hostname, so make sure you add an entry in your hosts file (or in your local DNS solution) which points to `127.0.0.1` or whatever the IP of the host running the deployment is. Be aware that by default only port `15002` (websocket) and `16003` (fileupload) are exposed on all interfaces and the rest only on localhost. Make sure to adapt that according to your needs.
-3. If you have your own certificates and want to use the deployment for anything other than local development copy your certs into the `certs/` directory and reference them in the appropriate sections of the microservice configuration files. Make sure to also adapt the sections which reference the hostname. For more information on certificates please see the [certificates section](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw#certificates) of this README and/or [CERTIFICATES.md](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/CERTIFICATES.md).
-4. Docker Compose pulls the microservice images from the JFrog repository. If you want to change the image tag or some of the image versions which are used for the other services, have a look into the `.env` file. You'll also find service specific `.env` files in this directory. Edit them if you want to change database passwords (highly recommended!) or other configuration data. Don't forget to adapt your changes in the application configuration files.
-5. Open `docker-compose/ucentralgw-data/ucentralgw.properties` to change [authentication data](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw#default-username-and-password) for uCentralGW (again highly recommended!).
-6. Spin up the deployment with `docker-compose up -d`.
-7. Add the self-signed certificates to the system trust store of the containers with `./add-ca-cert.sh`.
-8. Add SSL certificate exceptions in your browser by visiting https://ucentral.wlan.local:16001, https://ucentral.wlan.local:16002 and https://ucentral.wlan.local:16004 (make sure to visit all and add the exceptions).
-9. Connect to your AP via SSH and add a static hosts entry in `/etc/hosts` for `ucentral.wlan.local` which points to the address of the host the Compose deployment runs on.
-10. Navigate to the UI `http://ucentral.wlan.local` and login with your uCentralGW authentication data.
-11. To use the [curl test script](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/main/TEST_CURL.md) to talk to the API set the following environment variables:
+2. Add an entry for `openwifi.wlan.local` in your hosts file which points to `127.0.0.1` or whatever the IP of the host running the deployment is.
+3. Spin up the deployment with `docker-compose up -d`.
+4. Check if the containers are up and running with `docker-compose ps`.
+5. Add SSL certificate exceptions in your browser by visiting https://openwifi.wlan.local:16001, https://openwifi.wlan.local:16002, https://openwifi.wlan.local:16004, https://openwifi.wlan.local:16005, https://openwifi.wlan.local:16006 and https://openwifi.wlan.local:16009.
+6. Connect to your AP via SSH and add a static hosts entry in `/etc/hosts` for `openwifi.wlan.local`. This should point to the address of the host the Compose deployment runs on.
+7. Login to the UI `https://openwifi.wlan.local` and follow the instructions to change your default password.
+8. To use the curl test scripts included in the microservice repositories set the following environment variables:
 ```
-export UCENTRALSEC="ucentral.wlan.local:16001"
+export OWSEC="openwifi.wlan.local:16001"
 export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-compose/certs/restapi-ca.pem"
 ```
-The `--cacert` option is necessary since the REST API certificates are self-signed. Omit the option if you provide your own signed certificates.
+⚠️**Note**: When deploying with self-signed certificates you can not use the 'Trace' and 'Connect' features in the UI since the AP will throw a TLS error. Please use the Let's Encrypt deployment or provide your own valid certificates if you want to use these features.
+## Non-LB deployment with own certificates
+1. Switch into the project directory with `cd docker-compose/`. Copy your websocket and REST API certificates into the `certs/` directory. Make sure to reference the certificates accordingly in the service config if you use different file names or if you want to use different certificates for the respective microservices.
+2. Adapt the following hostname and URI variables according to your environment:
+### .env
+| Variable                        | Description                                                                        |
+| ------------------------------- | ---------------------------------------------------------------------------------- |
+| `INTERNAL_OWGW_HOSTNAME`        | Set this to your OWGW hostname, for example `owgw.example.com`.                    |
+| `INTERNAL_OWSEC_HOSTNAME`       | Set this to your OWSec hostname, for example `owsec.example.com`.                  |
+| `INTERNAL_OWFMS_HOSTNAME`       | Set this to your OWFms hostname, for example `owfms.example.com`.                  |
+| `INTERNAL_OWPROV_HOSTNAME`      | Set this to your OWProv hostname, for example `owprov.example.com`.                |
+| `INTERNAL_OWANALYTICS_HOSTNAME` | Set this to your OWAnalytics hostname, for example `owanalytics.example.com`.      |
+| `INTERNAL_OWSUB_HOSTNAME`       | Set this to your OWSub hostname, for example `owsub.example.com`.                  |
+| `INTERNAL_OWRRM_HOSTNAME`       | Set this to your OWRRM hostname, for example `owrrm.example.com`.                  |
+### owgw.env
+| Variable                                 | Description                                                                         |
+| ---------------------------------------- | ----------------------------------------------------------------------------------- |
+| `FILEUPLOADER_HOST_NAME`                 | Set this to your OWGW fileupload hostname, for example `owgw.example.com`.          |
+| `FILEUPLOADER_URI`                       | Set this to your OWGW fileupload URL, for example `https://owgw.example.com:16003`. |
+| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWGW REST API URL, for example `https://owgw.example.com:16002`.   |
+| `RTTY_SERVER`                            | Set this to your OWGW RTTYS hostname, for example `owgw.example.com`.               |
+| `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
+### owgw-ui.env
+| Variable                    | Description                                                                |
+| --------------------------- | -------------------------------------------------------------------------- |
+| `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
+### owsec.env
+| Variable                                 | Description                                                                         |
+| ---------------------------------------- | ----------------------------------------------------------------------------------- |
+| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
+| `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
+### owfms.env
+| Variable                                 | Description                                                                         |
+| ---------------------------------------- | ----------------------------------------------------------------------------------- |
+| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWFms URL, for example `https://owfms.example.com:16004`. |
+| `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
+### owprov.env
+| Variable                                 | Description                                                                           |
+| ---------------------------------------- | ------------------------------------------------------------------------------------- |
+| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWProv URL, for example `https://owprov.example.com:16005`. |
+| `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.              |
+### owprov-ui.env
+| Variable                    | Description                                                                |
+| --------------------------- | -------------------------------------------------------------------------- |
+| `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
+### owanalytics.env
+| Variable                                 | Description                                                                            |
+| ---------------------------------------- | -------------------------------------------------------------------------------------- |
+| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWAnalytics URL, for example `https://owanalytics.example.com:16009`. |
+| `SYSTEM_URI_UI`                          | Set this to your OWProv-UI URL, for example `https://owprov-ui.example.com`.           |
+### owrrm.env
+| Variable                                 | Description                                                                                     |
+| ---------------------------------------- | ----------------------------------------------------------------------------------------------- |
+| `SERVICECONFIG_PRIVATEENDPOINT`, `SERVICECONFIG_PUBLICENDPOINT` | Set this to your OWRRM URL, for example https://owrrm.example.com:16789. |
+| `DATABASECONFIG_PASSWORD`                                       | Set this to a random and safe password.                                  |
+### mysql.env
+| Variable                                 | Description                                      |
+| ---------------- | ------------------------------------------------------------------------ |
+| `MYSQL_PASSWORD` | Set this to the same value as `$DATABASECONFIG_PASSWORD` in `owrrm.env`. |
 
-PS: The deployment creates local volumes to persist mostly application and database data. In addition to that several bind mounts are created: one for the `docker-compose/certs/` directory which is used by multiple services, and the other ones mount service specific data directories and configuration files located under `docker-compose/` into the appropriate containers. Be aware that for the bind mounts the host directories and files will be owned by the user in the container. Since the files are under version control, you may have to change the ownership to your user again before pulling changes.
+3. Spin up the deployment with `docker-compose up -d`.
+4. Check if the containers are up and running with `docker-compose ps`.
+5. Login to the UI and and follow the instructions to change your default password.
+## Non-LB deployment with PostgreSQL
+1. Switch into the project directory with `cd docker-compose/`.
+2. Set the following variables in the env files and make sure to uncomment the lines. It is highly recommended that you change the DB passwords to some random string.
+### owgw.env
+| Variable                           | Value/Description |
+| ---------------------------------- | ----------------- |
+| `STORAGE_TYPE`                     | `postgresql`      |
+| `STORAGE_TYPE_POSTGRESQL_HOST`     | `postgresql`      |
+| `STORAGE_TYPE_POSTGRESQL_USERNAME` | `owgw`            |
+| `STORAGE_TYPE_POSTGRESQL_PASSWORD` | `owgw`            |
+| `STORAGE_TYPE_POSTGRESQL_DATABASE` | `owgw`            |
+### owsec.env
+| Variable                           | Value/Description |
+| ---------------------------------- | ----------------- |
+| `STORAGE_TYPE`                     | `postgresql`      |
+| `STORAGE_TYPE_POSTGRESQL_HOST`     | `postgresql`      |
+| `STORAGE_TYPE_POSTGRESQL_USERNAME` | `owsec`           |
+| `STORAGE_TYPE_POSTGRESQL_PASSWORD` | `owsec`           |
+| `STORAGE_TYPE_POSTGRESQL_DATABASE` | `owsec`           |
+### owfms.env
+| Variable                           | Value/Description |
+| ---------------------------------- | ----------------- |
+| `STORAGE_TYPE`                     | `postgresql`      |
+| `STORAGE_TYPE_POSTGRESQL_HOST`     | `postgresql`      |
+| `STORAGE_TYPE_POSTGRESQL_USERNAME` | `owfms`           |
+| `STORAGE_TYPE_POSTGRESQL_PASSWORD` | `owfms`           |
+| `STORAGE_TYPE_POSTGRESQL_DATABASE` | `owfms`           |
+### owprov.env
+| Variable                           | Value/Description |
+| ---------------------------------- | ----------------- |
+| `STORAGE_TYPE`                     | `postgresql`      |
+| `STORAGE_TYPE_POSTGRESQL_HOST`     | `postgresql`      |
+| `STORAGE_TYPE_POSTGRESQL_USERNAME` | `owprov`          |
+| `STORAGE_TYPE_POSTGRESQL_PASSWORD` | `owprov`          |
+| `STORAGE_TYPE_POSTGRESQL_DATABASE` | `owprov`          |
+### owanalytics.env
+| Variable                           | Value/Description |
+| ---------------------------------- | ----------------- |
+| `STORAGE_TYPE`                     | `postgresql`      |
+| `STORAGE_TYPE_POSTGRESQL_HOST`     | `postgresql`      |
+| `STORAGE_TYPE_POSTGRESQL_USERNAME` | `owanalytics`     |
+| `STORAGE_TYPE_POSTGRESQL_PASSWORD` | `owanalytics`     |
+| `STORAGE_TYPE_POSTGRESQL_DATABASE` | `owanalytics`     |
+### postgresql.env
+| Variable                  | Value         |
+| --------------------------| ------------- |
+| `POSTGRES_PASSWORD`       | `postgres`    |
+| `POSTGRES_USER`           | `postgres`    |
+| `OWGW_DB`                 | `owgw`        |
+| `OWGW_DB_USER`            | `owgw`        |
+| `OWGW_DB_PASSWORD`        | `owgw`        |
+| `OWSEC_DB`                | `owsec`       |
+| `OWSEC_DB_USER`           | `owsec`       |
+| `OWSEC_DB_PASSWORD`       | `owsec`       |
+| `OWFMS_DB`                | `owfms`       |
+| `OWFMS_DB_USER`           | `owfms`       |
+| `OWFMS_DB_PASSWORD`       | `owfms`       |
+| `OWPROV_DB`               | `owprov`      |
+| `OWPROV_DB_USER`          | `owprov`      |
+| `OWPROV_DB_PASSWORD`      | `owprov`      |
+| `OWANALYTICS_DB`          | `owanalytics` |
+| `OWANALYTICS_DB_USER`     | `owanalytics` |
+| `OWANALYTICS_DB_PASSWORD` | `owanalytics` |
+| `OWSUB_DB`                | `owsub`       |
+| `OWSUB_DB_USER`           | `owsub`       |
+| `OWSUB_DB_PASSWORD`       | `owsub`       |
+3. Depending on whether you want to use [self-signed certificates](#non-lb-deployment-with-self-signed-certificates) or [provide your own](#non-lb-deployment-with-own-certificates), follow the instructions of the according deployment model. Spin up the deployment with `docker-compose -f docker-compose.yml -f docker-compose.postgresql.yml up -d`. It is recommended to create an alias for this deployment model with `alias docker-compose-postgresql="docker-compose -f docker-compose.yml -f docker-compose.postgresql.yml"`.
+## LB deployment with self-signed certificates
+Follow the same instructions as for the self-signed deployment without Traefik. The only difference is that you have to spin up the deployment with `docker-compose -f docker-compose.lb.selfsigned.yml --env-file .env.selfsigned up -d`. Make sure to specify the Compose and the according .env file every time you're working with the deployment or create an alias, for example `alias docker-compose-lb-selfsigned="docker-compose -f docker-compose.lb.selfsigned.yml --env-file .env.selfsigned"`. You also have the possibility to scale specific services to a specified number of instances with `docker-compose-lb-selfsigned up -d --scale SERVICE=NUM`, where `SERVICE` is the service name as defined in the Compose file.
+## LB deployment with Let's Encrypt certificates
+For the Let's Encrypt challenge to work you need a public IP address. The hostname which you set in the `$SDKHOSTNAME` env variable has to resolve to this IP address to pass the HTTP-01 challenge (https://letsencrypt.org/docs/challenge-types/#http-01-challenge).
+1. Switch into the project directory with `cd docker-compose/`.
+2. Adapt the following hostname and URI variables according to your environment.
+### .env.letsencrypt
+| Variable      | Description                                                                                                |
+| ------------- | ---------------------------------------------------------------------------------------------------------- |
+| `SDKHOSTNAME` | Set this to the public hostname you want to use for all microservices, for example `openwifi.example.com`. |
+
+### owgw.env
+| Variable                 | Description                                                                             |
+| -----------------------  | --------------------------------------------------------------------------------------- |
+| `FILEUPLOADER_HOST_NAME` | Set this to your OWGW fileupload hostname, for example `openwifi.example.com`.          |
+| `FILEUPLOADER_URI`       | Set this to your OWGW fileupload URL, for example `https://openwifi.example.com:16003`. |
+| `SYSTEM_URI_PUBLIC`      | Set this to your OWGW REST API URL, for example `https://openwifi.example.com:16002`.   |
+| `RTTY_SERVER`            | Set this to your OWGW RTTYS hostname, for example `openwifi.example.com`.               |
+| `SYSTEM_URI_UI`          | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.               |
+
+### owgw-ui.env
+| Variable                    | Description                                                                   |
+| --------------------------- | ----------------------------------------------------------------------------- |
+| `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://openwifi.example.com:16001`. |
+
+### owsec.env
+| Variable            | Description                                                                   |
+| ------------------- | ----------------------------------------------------------------------------- |
+| `SYSTEM_URI_PUBLIC` | Set this to your OWSec URL, for example `https://openwifi.example.com:16001`. |
+| `SYSTEM_URI_UI`     | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.     |
+
+### owfms.env
+| Variable            | Description                                                                   |
+| ------------------- | ----------------------------------------------------------------------------- |
+| `SYSTEM_URI_PUBLIC` | Set this to your OWFms URL, for example `https://openwifi.example.com:16004`. |
+| `SYSTEM_URI_UI`     | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.     |
+### owprov.env
+| Variable             | Description                                                                    | 
+| -------------------- | ------------------------------------------------------------------------------ |
+| `SYSTEM_URI_PUBLIC`  | Set this to your OWProv URL, for example `https://openwifi.example.com:16005`. |
+| `SYSTEM_URI_UI`      | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.      |
+### owprov-ui.env
+| Variable                    | Description                                                                   |
+| --------------------------- | ----------------------------------------------------------------------------- |
+| `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://openwifi.example.com:16001`. |
+### owanalytics.env
+| Variable             | Description                                                                         |
+| -------------------- | ----------------------------------------------------------------------------------- |
+| `SYSTEM_URI_PUBLIC`  | Set this to your OWAnalytics URL, for example `https://openwifi.example.com:16009`. |
+| `SYSTEM_URI_UI`      | Set this to your OWProv-UI URL, for example `https://openwifi.example.com`.         |
+### owsub.env
+| Variable             | Description                                                                   |
+| -------------------- | ----------------------------------------------------------------------------- |
+| `SYSTEM_URI_PUBLIC`  | Set this to your OWSub URL, for example `https://openwifi.example.com:16006`. |
+| `SYSTEM_URI_UI`      | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.     |
+### owrrm.env
+| Variable                                 | Description                     |
+| ---------------------------------------- | ------------------------------- |
+| `SERVICECONFIG_PUBLICENDPOINT`   | Set this to your OWRRM URL, for example https://openwifi.example.com:16789. |
+| `DATABASECONFIG_PASSWORD`        | Set this to a random and safe password.                                     |
+### mysql.env
+| Variable         | Description                                                              |
+| ---------------- | ------------------------------------------------------------------------ |
+| `MYSQL_PASSWORD` | Set this to the same value as `$DATABASECONFIG_PASSWORD` in `owrrm.env`. |
+### traefik.env
+| Variable                                            | Description                               |
+| --------------------------------------------------- | ----------------------------------------- |
+| `TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL` | Email address used for ACME registration. |
+3. Spin up the deployment with `docker-compose -f docker-compose.lb.letsencrypt.yml --env-file .env.letsencrypt up -d`. Make sure to specify the Compose and the according .env file every time you're working with the deployment or create an alias, for example `alias docker-compose-lb-letsencrypt="docker-compose -f docker-compose.lb.letsencrypt.yml --env-file .env.letsencrypt"`. You also have the possibility to scale specific services to a specified number of instances with `docker-compose-lb-letsencrypt up -d --scale SERVICE=NUM`, where `SERVICE` is the service name as defined in the Compose file.
+4. Check if the containers are up and running with `docker-compose-lb-letsencrypt ps`.
+5. Login to the UI and follow the instructions to change your default password.
+
+**Note**: All deployments create local volumes to persist mostly application, database and certificate data. In addition to that the `certs/` directory is bind mounted into the microservice containers. Be aware that for the bind mounts the host directories and files will be owned by the user in the container. Since the files are under version control, you may have to change the ownership to your user again before pulling changes.

docker-compose/add-ca-cert.sh

@@ -1,10 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-SERVICES="ucentralgw.wlan.local ucentralsec.wlan.local ucentralfms.wlan.local"
-
-for i in $SERVICES; do
-    docker-compose exec -T -u root $i apk add ca-certificates
-    docker cp certs/restapi-ca.pem ucentral_$i\_1:/usr/local/share/ca-certificates/
-    docker-compose exec -T -u root $i update-ca-certificates
-done

docker-compose/certs/restapi-ca.pem

@@ -1,18 +1,18 @@
 -----BEGIN CERTIFICATE-----
-MIIC4DCCAcgCCQC7oc+4dT4WlTANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJD
-QTEMMAoGA1UECgwDVElQMRUwEwYDVQQDDAwqLndsYW4ubG9jYWwwHhcNMjEwNzA3
-MDkyOTAxWhcNMzEwNzA1MDkyOTAxWjAyMQswCQYDVQQGEwJDQTEMMAoGA1UECgwD
-VElQMRUwEwYDVQQDDAwqLndsYW4ubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQD67KEKKHj1xyj0Sc+/WSFeXluhp+76V/8njnGcTus8IsaHWeAj
-O1T1/PnqNMNP3CSgCpAZRn7Eom33HH89pC7iIE5t3aGrFzxZ6AxFgECUCkby1j9D
-j7PawapJ7XNqT4P4ZGEGOWlLGE9oUpF2pr3B3jBwmV9t9d/Zp8na23K7rnsr5kNn
-RXp6iPNPpynppNQFBwzsovyhu9tzk/zz3gohSY9f6oyNNaKcZwN/yrG4B8FnRfa7
-WFNvkPi5zAjJ3oEXMp+Im2/SvSqzptYwZhplb14ILZ5ClkSwAslG8FiOAzXr887r
-hgEPzqP6SNIOwy/B/AMOFQl6wPvXBwz9eNW1AgMBAAEwDQYJKoZIhvcNAQELBQAD
-ggEBAA8Oa8jannqNRdqOuY460Pum1B61kGmf2OK2ZiMaddlxqL3ZBdXPqF02hwSd
-q6uxCVP5NgvqSm+pTHaDcODJiCBrMmGQqHT82LuoCyk1BMqH/PYm+kfazPhKF31x
-Me7E47DQzk4tMyV28HBCHH6UicQ05ryT1yBfmj8JmYNx9ezmJcanu0/eyI2Lv8Ar
-Y7mrgblfOUnsif2w/aUaOsoY1t6/ThgTBc3BTMtUXXAcMiPLu4mSdN6nCm75Qp5q
-4zl/SNPjLnmtpHhLDtr4swf6vZw0RG7ECCf6Av8lv8mJG6g53YM8jfe0EzLqbAFf
-iSuQbt5n6lMWVgv+FKwXjwAda+Q=
+MIIC1zCCAb+gAwIBAgIUcvD8UKybLhglR9dt/btowLEga18wDQYJKoZIhvcNAQEL
+BQAwFzEVMBMGA1UEAwwMKi53bGFuLmxvY2FsMB4XDTIxMDkyMjEwMzExNloXDTMx
+MDkyMDEwMzExNlowFzEVMBMGA1UEAwwMKi53bGFuLmxvY2FsMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFV2AbvlMx9TDgD171Q5eqT8HG5UFoZPEhTW
+87EjnpRYv07sDgnlMKnql4nnZG7ljEZw9Ln+bjJj+aYnBTG3xCAvSjbBJRC7Iyoe
+CqYaBIPFyjSQ3uhTXd17Yu3M5OCudV+R577O2CGBn+5HFCoz88gT06qLwq+XfpKq
+GslR2JToLjAdKIDQmJtmeBJh+FJ9/tJJipxR1M1qj9miqvQxx2+AWUYLzfVQAGCN
+Nuk5DjKzDQ4DU2uFbEMQobXCQsUQka5LZiqi8TgN3v5CqbqKPYV4KRiVmQ+g/ko2
+/z5z1Uz9kxZz7DD4GIO/w9k2c/95eewxjGqGynVK7ibO1Grp2wIDAQABoxswGTAX
+BgNVHREEEDAOggwqLndsYW4ubG9jYWwwDQYJKoZIhvcNAQELBQADggEBAMfB/psY
+ivIHemtBFIPmuGZyan3Wdg5c3cbDLP8XhgS3CovH3+eMfqHfUQMEVnzvn0pb5SPG
+1qEQC6BPPBJexDLQ8PUNNtIeFk9phoJmkkkTLggrCoW5FLgxPJYVU4Lc7fpVdeFd
+UImExdoWQDSiWjMGYlS078c2Gd2eQSZ2So2kQGSRVUXlnr9LFGtSkrtVTXVQyfz4
+oIftZ1FQguMp/a58pmzhkMLQGBm8d0gaFlfKzpnGL/nEwWV5AbvNHgVz1BZn0v5a
+vv3+ex6qQ4Ftbq++G/1rfXQP+KOwOj62zUkXQIwJVVU2HMc4D1CrG98PRZqMuUrk
+SxsLQQSPsKFSqTc=
 -----END CERTIFICATE-----

docker-compose/certs/restapi-cert.pem

@@ -1,18 +1,18 @@
 -----BEGIN CERTIFICATE-----
-MIIC4DCCAcgCCQC7oc+4dT4WlTANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJD
-QTEMMAoGA1UECgwDVElQMRUwEwYDVQQDDAwqLndsYW4ubG9jYWwwHhcNMjEwNzA3
-MDkyOTAxWhcNMzEwNzA1MDkyOTAxWjAyMQswCQYDVQQGEwJDQTEMMAoGA1UECgwD
-VElQMRUwEwYDVQQDDAwqLndsYW4ubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQD67KEKKHj1xyj0Sc+/WSFeXluhp+76V/8njnGcTus8IsaHWeAj
-O1T1/PnqNMNP3CSgCpAZRn7Eom33HH89pC7iIE5t3aGrFzxZ6AxFgECUCkby1j9D
-j7PawapJ7XNqT4P4ZGEGOWlLGE9oUpF2pr3B3jBwmV9t9d/Zp8na23K7rnsr5kNn
-RXp6iPNPpynppNQFBwzsovyhu9tzk/zz3gohSY9f6oyNNaKcZwN/yrG4B8FnRfa7
-WFNvkPi5zAjJ3oEXMp+Im2/SvSqzptYwZhplb14ILZ5ClkSwAslG8FiOAzXr887r
-hgEPzqP6SNIOwy/B/AMOFQl6wPvXBwz9eNW1AgMBAAEwDQYJKoZIhvcNAQELBQAD
-ggEBAA8Oa8jannqNRdqOuY460Pum1B61kGmf2OK2ZiMaddlxqL3ZBdXPqF02hwSd
-q6uxCVP5NgvqSm+pTHaDcODJiCBrMmGQqHT82LuoCyk1BMqH/PYm+kfazPhKF31x
-Me7E47DQzk4tMyV28HBCHH6UicQ05ryT1yBfmj8JmYNx9ezmJcanu0/eyI2Lv8Ar
-Y7mrgblfOUnsif2w/aUaOsoY1t6/ThgTBc3BTMtUXXAcMiPLu4mSdN6nCm75Qp5q
-4zl/SNPjLnmtpHhLDtr4swf6vZw0RG7ECCf6Av8lv8mJG6g53YM8jfe0EzLqbAFf
-iSuQbt5n6lMWVgv+FKwXjwAda+Q=
+MIIC1zCCAb+gAwIBAgIUcvD8UKybLhglR9dt/btowLEga18wDQYJKoZIhvcNAQEL
+BQAwFzEVMBMGA1UEAwwMKi53bGFuLmxvY2FsMB4XDTIxMDkyMjEwMzExNloXDTMx
+MDkyMDEwMzExNlowFzEVMBMGA1UEAwwMKi53bGFuLmxvY2FsMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFV2AbvlMx9TDgD171Q5eqT8HG5UFoZPEhTW
+87EjnpRYv07sDgnlMKnql4nnZG7ljEZw9Ln+bjJj+aYnBTG3xCAvSjbBJRC7Iyoe
+CqYaBIPFyjSQ3uhTXd17Yu3M5OCudV+R577O2CGBn+5HFCoz88gT06qLwq+XfpKq
+GslR2JToLjAdKIDQmJtmeBJh+FJ9/tJJipxR1M1qj9miqvQxx2+AWUYLzfVQAGCN
+Nuk5DjKzDQ4DU2uFbEMQobXCQsUQka5LZiqi8TgN3v5CqbqKPYV4KRiVmQ+g/ko2
+/z5z1Uz9kxZz7DD4GIO/w9k2c/95eewxjGqGynVK7ibO1Grp2wIDAQABoxswGTAX
+BgNVHREEEDAOggwqLndsYW4ubG9jYWwwDQYJKoZIhvcNAQELBQADggEBAMfB/psY
+ivIHemtBFIPmuGZyan3Wdg5c3cbDLP8XhgS3CovH3+eMfqHfUQMEVnzvn0pb5SPG
+1qEQC6BPPBJexDLQ8PUNNtIeFk9phoJmkkkTLggrCoW5FLgxPJYVU4Lc7fpVdeFd
+UImExdoWQDSiWjMGYlS078c2Gd2eQSZ2So2kQGSRVUXlnr9LFGtSkrtVTXVQyfz4
+oIftZ1FQguMp/a58pmzhkMLQGBm8d0gaFlfKzpnGL/nEwWV5AbvNHgVz1BZn0v5a
+vv3+ex6qQ4Ftbq++G/1rfXQP+KOwOj62zUkXQIwJVVU2HMc4D1CrG98PRZqMuUrk
+SxsLQQSPsKFSqTc=
 -----END CERTIFICATE-----

docker-compose/certs/restapi-key.pem

@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD67KEKKHj1xyj0
-Sc+/WSFeXluhp+76V/8njnGcTus8IsaHWeAjO1T1/PnqNMNP3CSgCpAZRn7Eom33
-HH89pC7iIE5t3aGrFzxZ6AxFgECUCkby1j9Dj7PawapJ7XNqT4P4ZGEGOWlLGE9o
-UpF2pr3B3jBwmV9t9d/Zp8na23K7rnsr5kNnRXp6iPNPpynppNQFBwzsovyhu9tz
-k/zz3gohSY9f6oyNNaKcZwN/yrG4B8FnRfa7WFNvkPi5zAjJ3oEXMp+Im2/SvSqz
-ptYwZhplb14ILZ5ClkSwAslG8FiOAzXr887rhgEPzqP6SNIOwy/B/AMOFQl6wPvX
-Bwz9eNW1AgMBAAECggEAZdJT3u1heEqjAc5Z8QnYEpUzlbuxrAC9V23kCEu2BScP
-bKk53NIcvd00BKf4gZWRfygKJVeH5X8MJHR55aeUJsp5SPfgvK6nHMye/iz3B5vM
-AoqSDXZow2JHGcyzQvaVVNxWytHNOl3ZCzpGMOGkquDgwzBZmyNk/Muri5X1TtbH
-DgeYdht2YiHqHdGWsLNU1vZAgzlwD8fXg65XOmNehjWnowhpNRCgpcDeJCtEuNzt
-6iXFWffjO6YTbVnoM5xhLROjLv6gYP4wxsQSZc/NGz9Jow7VxlYZg9wCE75bduFn
-7D5O4OgVgPgYbyCutpB/o4PMNURb4V/5p2OAEgLX2QKBgQD+kHYRAaawRbaY4jGf
-isj0oh2C/Z99Mqf/nnpPwmUwrhpmnQ+pRdWBw940tPrEpVoOcCPWQ5hO1zUET18d
-xQqs3zd6lEhJogmMqkjOT670YBEX/wyALd3M5F3HT/K2aixL1XaCCpAl97JB9RyB
-zGIr5c+mIOVK/uYrlFO28thXzwKBgQD8VumZIYZpWeE7pTyCg0PcDYlNATA/VKoD
-9YrGqEEHGgFNJEWj8Xj8aqBzaPoUk+eGp7NfSoOchVM+Bf3ktWy5doZCmNuxlOyq
-Ix5yrB2jyYceaSf2nxHqlD2VhKB/YJx0yTU1UkB5dG4nYnqiUg7c5JeQOVzwFKm1
-t6/Hk/cXOwKBgGT+yWjL3+cVcXFMZGWouTudSdobZ3hTbaWTqXEVbfIXUPAfJgSB
-aUi3feQpXUhBVe5efUlXvgihhy4zk0gLUcXuNWOTiu5ztBgzwvjfUkkwB/geP0Zn
-bBULEU2vIVtP2k0n3oGPUUtO71ENvwacIOLLpUuCx5WudYEasu/lfwGvAoGBAOiE
-manuF3HaTU3tu20z0YLiwkK/tpqUxDjzuBXIEmudzdcsdjNUHbzR79mIwO/XPf95
-ZjKHcfD3dbXwRXzKpE3dZmfVfJMM/GrmA3d9G67B04z1Lsr01siGIp004cOd3W1L
-vojMqvZ/j8Ug3InX/TQUO4i9IuNi1uLISOQpdwTjAoGAG33swIFnH/mz7ubu8wfE
-9nwe8NNf56kbFBG2FMuHvo8GYj0sqylwtZnh4TCwlTzqUO8e6oFdK8Ot6z7H9Fa3
-vnDD2WRwEFydRP5fbW5eFmGbzLfHlzUY+Do81qrUMF47LEN94X7yaXdb/vNW57lp
-K9hGF1Bdk8089Knm3l1Fc4w=
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDIVXYBu+UzH1MO
+APXvVDl6pPwcblQWhk8SFNbzsSOelFi/TuwOCeUwqeqXiedkbuWMRnD0uf5uMmP5
+picFMbfEIC9KNsElELsjKh4KphoEg8XKNJDe6FNd3Xti7czk4K51X5Hnvs7YIYGf
+7kcUKjPzyBPTqovCr5d+kqoayVHYlOguMB0ogNCYm2Z4EmH4Un3+0kmKnFHUzWqP
+2aKq9DHHb4BZRgvN9VAAYI026TkOMrMNDgNTa4VsQxChtcJCxRCRrktmKqLxOA3e
+/kKpuoo9hXgpGJWZD6D+Sjb/PnPVTP2TFnPsMPgYg7/D2TZz/3l57DGMaobKdUru
+Js7UaunbAgMBAAECggEBAMFh9dMArORnhYYMGVuY4w9n+dH8EoHXzrY2lbSRtz+a
+Ff0+UxHOLYaHT2RPA6Xogv+g8+LZNCjtzaIs6JfUAX96TgwGxPVhrDPqsSs4Yf8f
+sKtbiMkUXX1LkpLR2KrL1LyKr86UWxk5ZuaaXdSyVIosBi+Z/uXFGKlfLINE+RPm
+HNxahajMoNJFqgf3kQKD6hmuPSO/BGAdDk/c8J2adTRz3cjEqaqfxwOxUNnHx0hC
+CGkw/Eszibnl/7KhbsKBcVcCKKcwbifwXb2H4h9yJl1YEzXALhunWhCT6/QQ1F9b
+XV7iVSXYt5QAxFTgGbGHmzfXMq7s2evYodMe87OEl+ECgYEA5qNUa6ol/WkvFy6O
+gnouswspQcR9yuKIIrYuORPI+85HfZEJQvdLyoIQgkDCl14SZRmProFBXXUGZU1D
+9VxW2TIftlFH9wwFhrWMBFPcRvNL3PSFQTzWwsF3IFcXQOlAwxr9KF741OFnSLWh
+LXFXXfQq9wQbBUwbrZDl4PKaGesCgYEA3l0KgRxzQHKnxfSGqk7V21mqYv8XNuVh
+ZhUukJoASQh59zbk2Jthu3HfQPmi83IBbR39QD5FLwNftNMeZf3GSHba8nSYYvtw
+faUMD2far7mDR8wuBPqRWBbNgpiL2Bp93K8kUFqujjZo5E6cVPdvKi9/9oVRZnew
+8AZwVPFqA9ECgYB0/9otm+0Vtqw62FVW/2B9V2YghOtDZtOkuEKOlejZRHWjz1Wh
+cQ4ztvNlADE21HQEcYkf/1YHcPxDm4SkDanJGNJZjLYzLxgGlEZpU5llLLsJZcnL
+pG9V8QrbjxKuzSUbVK+kMTmN1KKukeUnxl2JvfmlwaFreIZ58A2NpcRi7QKBgQDI
+fhWhklhsjLSvbSoa1xhGPhO+TQjOa4YleAXTRbfqIeVuvKUclQVK8IJ+4FdHr8yP
+aVHWIg9ZM26Q6SZoiafF4LzLjct0vAeSkkVMgrSQavFuxC/eN1rjlTPZg9fbkw9W
+8ugIN6tZ+L8c07Brf+pQnCGB0nUxscvsr7GLNV0EcQKBgEo51BY0PFEKcKjSZp0i
+excPcHdSQV3/BLOhc7rzmmQyRUXFTGbiE0lKvu0Y54NLHnb2WP1H8M45mIUH5YTh
+tOKvBtlh/4vbCAGWv8OJzN+sV9Ef/0odCHiWr//prkpdGs2jFS3VDiJALj3hxpox
+oThwxq1WTyi9ln3MJCWUqAQ9
 -----END PRIVATE KEY-----

docker-compose/cloudformation/README.md

@@ -0,0 +1,20 @@
+# OpenWiFi Cloud SDK deployment with CloudFormation
+With the YAML template included in this directory you can create an OpenWiFi Cloud SDK deployment with the help of AWS CloudFormation (https://aws.amazon.com/cloudformation).  
+The template creates a CloudFormation stack based on the Docker Compose Let's Encrypt deployment (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/docker-compose#lb-deployment-with-letsencrypt-certificates). The created stack consists of an EC2 instance, and depending on the input parameters, also adds a Route53 hosted zone and a DNS record.  
+⚠️**Note**: Please be aware that you will be billed for the AWS resources if you create a stack from this template.
+1. Login into the AWS Management Console (https://aws.amazon.com/de/console).
+2. Go to the AWS Systems Manager Parameter Store page and create two parameters according to these instructions https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-create-console.html: one for your Digicert-signed websocket certificate and the other one for the corresponding key. You can leave the default parameter details: you need two standard parameters with type `String` and data type `text`. Just copy and paste your certificate and key into the `Value` field of the respective parameter and remember the parameter names.
+3. Go to the CloudFormation service page and follow the instructions described here https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-using-console-create-stack-template.html to upload a template file and choose the template included in this repository.
+4. In the next step you have to enter multiple input parameters required for a successful deployment. Here's an explanation of all parameters:
+
+**InstanceType**: Choose an AWS EC2 instance type (https://aws.amazon.com/ec2/instance-types). The smallest instance type you can choose is t2.small.  
+**KeyName**: Specify the name of the SSH key pair you want to use to connect the instance. If you don't have a key pair yet, please create or import one according to these instructions https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html.  
+**SSHLocation**: If you want to restrict the IP range which is allowed to connect to the instance via SSH, please specify a valid CIDR IP range here.  
+**CreateRoute53Record**: To expose your SDK installation to the public you need a valid DNS entry for your SDK hostname. This is also required to pass the Let's Encrypt HTTP-01 challenge (https://letsencrypt.org/de/docs/challenge-types/#http-01-challenge). If you set this to `True`, an Amazon Route53 entry (https://aws.amazon.com/route53) for the hostname defined in the **SDKHostname** parameter is automatically created. This Route53 entry will resolve to the public IP address of the EC2 instance. You can also set this to `False` and create a DNS entry manually afterwards.  
+**ExistingHostedZoneId**: If you decide to create a Route53 record and already have an existing hosted zone which you want to use, please specify the according hosted zone ID. You can get the ID by listing your public hosted zones (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ListInfoOnHostedZone.html).  
+**HostedZoneName**: If you didn't create the hosted zone yet which you want to use for your Route53 record, please specify the domain name of the hosted zone you want to create. Be aware that if you set **CreateRoute53Record** to `True`, you only have to specify either `ExistingHostedZoneId` or `HostedZoneName`. If you decide to create the DNS record yourself, you can leave both parameters empty.  
+**SDKVersion**: The SDK version you want to use for your deployment. You can either use release names (e.g. `v2.6.0`) or Git branch names (for example `release/v2.6.0`).  
+**SDKHostname**: Enter a valid public hostname which you want to use for your deployment. This has to resolve to the public IP address of the created EC2 instance. If you set **CreateRoute53Record** to `False`, don't forget to create a DNS entry manually afterwards.  
+**WebsocketCertParameter**: The name of the AWS Systems Manager parameter containing your Digicert-signed websocket certificate.  
+**WebsocketKeyParameter**: The name of the AWS Systems Manager parameter containing the key to your Digicert-signed websocket certificate.  
+**TraefikAcmeEmail**: Enter a valid email address to complete Let's Encrypt ACME registration.  

docker-compose/cloudformation/openwifi-cloudsdk-docker-compose.yml

@@ -0,0 +1,341 @@
+AWSTemplateFormatVersion: 2010-09-09
+Description: |
+  OpenWiFi Cloud SDK Docker Compose Deployment: This template creates an
+  OpenWiFi Cloud SDK deployment using Docker Compose and Letsencrypt for
+  northbound certificates (https://github.com/Telecominfraproject/
+  wlan-cloud-ucentral-deploy/tree/main/docker-compose
+  #lb-deployment-with-letsencrypt-certificates).
+  **WARNING** You will be billed for the AWS resources used if you create a
+  stack from this template.
+Metadata:
+  AWS::CloudFormation::Interface:
+    ParameterGroups:
+      - Label:
+          default: "Amazon EC2 configuration"
+        Parameters:
+          - InstanceType
+          - LatestUbuntuFocalAMI
+          - KeyName
+          - SSHLocation
+      - Label:
+          default: "Amazon Route53 configuration"
+        Parameters:
+          - CreateRoute53Record
+          - ExistingHostedZoneId
+          - HostedZoneName
+      - Label:
+          default: "OpenWiFi cloud SDK configuration"
+        Parameters:
+          - SDKVersion
+          - SDKHostname
+          - WebsocketCertParameter
+          - WebsocketKeyParameter
+          - TraefikAcmeEmail
+Parameters:
+  KeyName:
+    Description: Name of the EC2 KeyPair to enable SSH access to the instance.
+    Type: AWS::EC2::KeyPair::KeyName
+    ConstraintDescription: Must be the name of an existing EC2 KeyPair.
+  SDKHostname:
+    Description: Hostname you want to use for your OpenWiFi Cloud SDK installation.
+    Default: openwifi.wlan.local
+    Type: String
+    AllowedPattern: "^((?!-)[A-Za-z0-9-]{1,63}(?<!-)\\.)+[A-Za-z]{2,6}$"
+  TraefikAcmeEmail:
+    Description: Email address used for ACME registration
+    Type: String
+  CreateRoute53Record:
+    Description: |
+      Set this to "True" if you want to create a DNS record for the SDK
+      hostname.
+      This will resolve to the public IP of the created EC2 instance.
+    AllowedValues:
+      - "True"
+      - "False"
+    Default: "False"
+    Type: String
+  ExistingHostedZoneId:
+    Description: |
+      If you want to create the Route53 record in an existing hosted zone,
+      please specify the according hosted zone ID. 
+    Type: String
+#    MinLength: 21
+#    MaxLength: 21
+#    AllowedPattern: "[A-Z0-9]+"
+  HostedZoneName:
+    Description: |
+      If you want to create a new hosted zone for the Route53 record, please
+      specify the name of the domain.
+    Type: String
+#    AllowedPattern: "^((?!-)[A-Za-z0-9-]{1,63}(?<!-)\\.)+[A-Za-z]{2,6}$"
+  SDKVersion:
+    Description: OpenWiFi Cloud SDK version to be deployed.
+    Default: main
+    Type: String
+  WebsocketCertParameter:
+    Description: |
+      The AWS Systems Manager parameter containing your Digicert-signed
+      websocket certificate.
+    Type: AWS::SSM::Parameter::Value<String>
+  WebsocketKeyParameter:
+    Description: |
+      The AWS Systems Manager parameter containing the key to your
+      Digicert-signed websocket certificate.
+    Type: AWS::SSM::Parameter::Value<String>
+  LatestUbuntuFocalAMI:
+    Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
+    Default: "/aws/service/canonical/ubuntu/server/focal/stable/current/amd64/hvm/ebs-gp2/ami-id"
+  InstanceType:
+    Description: Cloud SDK EC2 instance type
+    Type: String
+    Default: t2.small
+    AllowedValues:
+      - t2.small
+      - t2.medium
+      - t2.large
+      - m1.small
+      - m1.medium
+      - m1.large
+      - m1.xlarge
+      - m2.xlarge
+      - m2.2xlarge
+      - m2.4xlarge
+      - m3.medium
+      - m3.large
+      - m3.xlarge
+      - m3.2xlarge
+      - m4.large
+      - m4.xlarge
+      - m4.2xlarge
+      - m4.4xlarge
+      - m4.10xlarge
+      - c1.medium
+      - c1.xlarge
+      - c3.large
+      - c3.xlarge
+      - c3.2xlarge
+      - c3.4xlarge
+      - c3.8xlarge
+      - c4.large
+      - c4.xlarge
+      - c4.2xlarge
+      - c4.4xlarge
+      - c4.8xlarge
+      - g2.2xlarge
+      - g2.8xlarge
+      - r3.large
+      - r3.xlarge
+      - r3.2xlarge
+      - r3.4xlarge
+      - r3.8xlarge
+      - i2.xlarge
+      - i2.2xlarge
+      - i2.4xlarge
+      - i2.8xlarge
+      - d2.xlarge
+      - d2.2xlarge
+      - d2.4xlarge
+      - d2.8xlarge
+      - hi1.4xlarge
+      - hs1.8xlarge
+      - cr1.8xlarge
+      - cc2.8xlarge
+      - cg1.4xlarge
+    ConstraintDescription: must be a valid EC2 instance type.
+  SSHLocation:
+    Description: |
+      The IP address range that can be used to SSH to the EC2 instances
+    Type: String
+    MinLength: "9"
+    MaxLength: "18"
+    Default: 0.0.0.0/0
+    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
+    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
+Conditions:
+  HasExistingHostedZoneId: !Not [ !Equals [ !Ref ExistingHostedZoneId, "" ] ]
+  HasHostedZoneName: !Not [ !Equals [ !Ref HostedZoneName, "" ] ]
+  CreateRoute53Record: !Equals [ !Ref CreateRoute53Record, "True" ]
+  CreateRecordInExistingZone: !And [ Condition: HasExistingHostedZoneId, Condition: CreateRoute53Record ]
+  CreateRecordInNewZone: !And [ Condition: HasHostedZoneName, Condition: CreateRoute53Record ]
+Resources:
+  CloudSDKInstance:
+    Type: "AWS::EC2::Instance"
+    Metadata:
+      "AWS::CloudFormation::Init":
+        configSets:
+          InstallDockerAndCreateDeployment:
+            - InstallDocker
+            - CreateCloudSDKDeployment
+        InstallDocker:
+          packages:
+            apt:
+              ca-certificates: []
+              curl: []
+              gnupg: []
+              lsb-release: []
+              php-mysql: []
+          commands:
+            a_add_repo_gpg_key:
+              command: |
+                curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
+                | sudo gpg --dearmor -o \
+                /usr/share/keyrings/docker-archive-keyring.gpg
+            b_add_docker_repo:
+              command: |
+                echo "deb [arch=$(dpkg --print-architecture) \
+                signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \
+                https://download.docker.com/linux/ubuntu $(lsb_release -cs) \
+                stable" | sudo tee /etc/apt/sources.list.d/docker.list \
+                > /dev/null
+            c_install_docker:
+              command: |
+                sudo apt-get update \
+                && sudo apt-get install -y docker-ce docker-ce-cli \
+                containerd.io docker-compose-plugin docker-compose
+            d_enable_and_start_docker:
+              command: |
+                sudo systemctl enable docker && sudo systemctl start docker
+            e_add_ubuntu_user_to_docker_group:
+              command: "sudo usermod -aG docker ubuntu"
+        CreateCloudSDKDeployment:
+          files:
+            /etc/profile.d/aliases.sh:
+              content: |
+                alias docker-compose-lb-letsencrypt="docker-compose -f \
+                docker-compose.lb.letsencrypt.yml --env-file .env.letsencrypt"
+                alias docker-compose-lb-selfsigned="docker-compose -f \
+                docker-compose.lb.selfsigned.yml --env-file .env.selfsigned"
+                alias docker-compose-postgresql="docker-compose -f \
+                docker-compose.yml -f docker-compose.postgresql.yml"
+              mode: "000644"
+              owner: "root"
+              group: "root"
+          commands:
+            a_clone_deploy_repo:
+              command: |
+                git clone https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy
+              cwd: "~"
+            b_checkout_deploy_version:
+              command: !Sub "git checkout ${SDKVersion}"
+              cwd: "~/wlan-cloud-ucentral-deploy"
+            c_create_deployment:
+              command: "./deploy.sh"
+              env:
+                DEFAULT_UCENTRALSEC_URL: !Sub "https://${SDKHostname}:16001"
+                SYSTEM_URI_UI: !Sub "https://${SDKHostname}"
+                SDKHOSTNAME: !Sub "${SDKHostname}"
+                WEBSOCKET_CERT: !Ref WebsocketCertParameter
+                WEBSOCKET_KEY: !Ref WebsocketKeyParameter
+                OWGW_FILEUPLOADER_HOST_NAME: !Sub "${SDKHostname}"
+                OWGW_FILEUPLOADER_URI: !Sub "https://${SDKHostname}:16003"
+                OWGW_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16002"
+                OWGW_RTTY_SERVER: !Sub "${SDKHostname}"
+                OWSEC_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16001"
+                OWFMS_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16004"
+                OWPROV_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16005"
+                OWANALYTICS_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16009"
+                OWSUB_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16006"
+                OWRRM_SERVICECONFIG_PRIVATEENDPOINT: !Sub "http://owrrm.wlan.local:17007"
+                OWRRM_SERVICECONFIG_PUBLICENDPOINT: !Sub "https://${SDKHostname}:16789"
+                TRAEFIK_ACME_EMAIL: !Sub "${TraefikAcmeEmail}"
+              cwd: "~/wlan-cloud-ucentral-deploy/docker-compose"
+    Properties:
+      ImageId: !Ref LatestUbuntuFocalAMI
+      InstanceType: !Ref InstanceType
+      SecurityGroups:
+        - !Ref CloudSDKSecurityGroup
+      KeyName: !Ref KeyName
+      UserData:
+        Fn::Base64: !Sub |
+          #!/bin/bash -xe
+          apt-get update -y
+          mkdir -p /opt/aws/bin
+          wget https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz
+          python3 -m easy_install --script-dir /opt/aws/bin aws-cfn-bootstrap-py3-latest.tar.gz
+          /opt/aws/bin/cfn-init -v \
+            --stack ${AWS::StackName} \
+            --resource CloudSDKInstance \
+            --configsets InstallDockerAndCreateDeployment \
+            --region ${AWS::Region}
+          /opt/aws/bin/cfn-signal -e $? \
+            --stack ${AWS::StackName} \
+            --resource CloudSDKInstance \
+            --region ${AWS::Region}
+    CreationPolicy:
+      ResourceSignal:
+        Timeout: PT5M
+  CloudSDKSecurityGroup:
+    Type: "AWS::EC2::SecurityGroup"
+    Properties:
+      GroupDescription: Enable OpenWiFi Cloud SDK and SSH access
+      SecurityGroupIngress:
+        - IpProtocol: icmp
+          FromPort: "-1"
+          ToPort: "-1"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "80"
+          ToPort: "80"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "443"
+          ToPort: "443"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "15002"
+          ToPort: "15002"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "16001"
+          ToPort: "16006"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "16009"
+          ToPort: "16009"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "16789"
+          ToPort: "16789"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "5912"
+          ToPort: "5913"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "22"
+          ToPort: "22"
+          CidrIp: !Ref SSHLocation
+  CloudSDKHostedZone:
+    Condition: HasHostedZoneName
+    Type: AWS::Route53::HostedZone
+    Properties: 
+      Name: !Ref HostedZoneName
+  CloudSDKRoute53RecordExistingHostedZone:
+    Condition: CreateRecordInExistingZone
+    Type: AWS::Route53::RecordSet
+    Properties:
+      HostedZoneId: !Ref ExistingHostedZoneId
+      Name: !Ref SDKHostname
+      Type: A
+      TTL: 900
+      ResourceRecords:
+      - !GetAtt CloudSDKInstance.PublicIp
+  CloudSDKRoute53RecordNewHostedZone:
+    Condition: CreateRecordInNewZone
+    Type: AWS::Route53::RecordSet
+    Properties:
+      HostedZoneId: !GetAtt CloudSDKHostedZone.Id
+      Name: !Ref SDKHostname
+      Type: A
+      TTL: 900
+      ResourceRecords:
+      - !GetAtt CloudSDKInstance.PublicIp
+Outputs:
+  WebsiteURL:
+    Description: |
+      Visit this URL and login with user 'tip@ucentral.com' and password
+      'openwifi'.
+    Value: !Join
+      - ""
+      - - "https://"
+        - !Ref SDKHostname

docker-compose/deploy.sh

@@ -0,0 +1,200 @@
+#!/bin/bash
+set -e
+
+# Usage function
+usage () {
+  echo;
+  echo "This script is intended for OpenWiFi cloud SDK deployment using Docker Compose (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/docker-compose). Configuration is done based on shell environment variables.";
+  echo;
+  echo "Required environment variables:"
+  echo;
+  echo "- DEFAULT_UCENTRALSEC_URL - public URL of the OWSec service"
+  echo "- SYSTEM_URI_UI - public URL of the OWGW-UI service"
+  echo;
+#  echo "- INTERNAL_OWGW_HOSTNAME - OWGW microservice hostname for Docker internal communication"
+#  echo "- INTERNAL_OWSEC_HOSTNAME - OWSec microservice hostname for Docker internal communication"
+#  echo "- INTERNAL_OWFMS_HOSTNAME - OWFms microservice hostname for Docker internal communication"
+#  echo "- INTERNAL_OWPROV_HOSTNAME - OWProv microservice hostname for Docker internal communication"
+#  echo "- INTERNAL_OWANALYTICS_HOSTNAME - OWAnalytics microservice hostname for Docker internal communication"
+#  echo "- INTERNAL_OWSUB_HOSTNAME - OWSub microservice hostname for Docker internal communication"
+#  echo;
+  echo "- OWGW_FILEUPLOADER_HOST_NAME - hostname to be used for OWGW fileupload";
+  echo "- OWGW_FILEUPLOADER_URI - URL to be used for OWGW fileupload";
+#  echo "- OWGW_SYSTEM_URI_PRIVATE - private URL to be used for OWGW";
+  echo "- OWGW_SYSTEM_URI_PUBLIC - public URL to be used for OWGW";
+  echo "- OWGW_RTTY_SERVER - public hostname of the RTTY server";
+  echo;
+#  echo "- OWSEC_SYSTEM_URI_PRIVATE - private URL to be used for OWSec";
+  echo "- OWSEC_SYSTEM_URI_PUBLIC - public URL to be used for OWSec";
+  echo;
+#  echo "- OWFMS_SYSTEM_URI_PRIVATE - private URL to be used for OWFms";
+  echo "- OWFMS_SYSTEM_URI_PUBLIC - public URL to be used for OWFms";
+  echo;
+#  echo "- OWPROV_SYSTEM_URI_PRIVATE - private URL to be used for OWProv";
+  echo "- OWPROV_SYSTEM_URI_PUBLIC - public URL to be used for OWProv";
+  echo;
+#  echo "- OWANALYTICS_SYSTEM_URI_PRIVATE - private URL to be used for OWAnalytics";
+  echo "- OWANALYTICS_SYSTEM_URI_PUBLIC - public URL to be used for OWAnalytics";
+  echo;
+#  echo "- OWSUB_SYSTEM_URI_PRIVATE - private URL to be used for OWSub";
+  echo "- OWSUB_SYSTEM_URI_PUBLIC - public URL to be used for OWSub";
+  echo;
+  echo "- OWRRM_SERVICECONFIG_PRIVATEENDPOINT - private URL to be used for OWRRM";
+  echo "- OWRRM_SERVICECONFIG_PUBLICENDPOINT - public URL to be used for OWRRM";
+  echo;
+  echo "Optional environment variables:"
+  echo "- WEBSOCKET_CERT - Your Digicert-signed websocket certificate"
+  echo "- WEBSOCKET_KEY - The key to your Digicert-signed websocket certificate"
+  echo;
+  echo "- OWSEC_AUTHENTICATION_DEFAULT_USERNAME - username to be used for requests to OWSec";
+  echo "- OWSEC_AUTHENTICATION_DEFAULT_PASSWORD - hashed password for OWSec (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)";
+  echo;
+  echo "- OWFMS_S3_SECRET - secret key that is used for OWFms access to firmwares S3 bucket";
+  echo "- OWFMS_S3_KEY - access key that is used for OWFms access to firmwares S3 bucket";
+  echo;
+  echo "- SDKHOSTNAME - Public hostname which is used for cert generation when using the Letsencrypt deployment method"
+  echo;
+  echo "- TRAEFIK_ACME_EMAIL - Email address used for ACME registration"
+  echo;
+  echo "- CERTIFICATES_ALLOWMISMATCH - boolean flag to allow certificates serial mismatch";
+}
+
+# Check if required environment variables were passed
+## Configuration variables applying to multiple microservices
+[ -z ${DEFAULT_UCENTRALSEC_URL+x} ] && echo "DEFAULT_UCENTRALSEC_URL is unset" && usage && exit 1
+[ -z ${SYSTEM_URI_UI+x} ] && echo "SYSTEM_URI_UI is unset" && usage && exit 1
+## Internal microservice hostnames
+#[ -z ${INTERNAL_OWGW_HOSTNAME+x} ] && echo "INTERNAL_OWGW_HOSTNAME is unset" && usage && exit 1
+#[ -z ${INTERNAL_OWSEC_HOSTNAME+x} ] && echo "INTERNAL_OWSEC_HOSTNAME is unset" && usage && exit 1
+#[ -z ${INTERNAL_OWFMS_HOSTNAME+x} ] && echo "INTERNAL_OWFMS_HOSTNAME is unset" && usage && exit 1
+#[ -z ${INTERNAL_OWPROV_HOSTNAME+x} ] && echo "INTERNAL_OWPROV_HOSTNAME is unset" && usage && exit 1
+#[ -z ${INTERNAL_OWANALYTICS_HOSTNAME+x} ] && echo "INTERNAL_OWANALYTICS_HOSTNAME is unset" && usage && exit 1
+#[ -z ${INTERNAL_OWSUB_HOSTNAME+x} ] && echo "INTERNAL_OWSUB_HOSTNAME is unset" && usage && exit 1
+## OWGW configuration variables
+[ -z ${OWGW_FILEUPLOADER_HOST_NAME+x} ] && echo "OWGW_FILEUPLOADER_HOST_NAME is unset" && usage && exit 1
+[ -z ${OWGW_FILEUPLOADER_URI+x} ] && echo "OWGW_FILEUPLOADER_URI is unset" && usage && exit 1
+#[ -z ${OWGW_SYSTEM_URI_PRIVATE+x} ] && echo "OWGW_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
+[ -z ${OWGW_SYSTEM_URI_PUBLIC+x} ] && echo "OWGW_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
+[ -z ${OWGW_RTTY_SERVER+x} ] && echo "OWGW_RTTY_SERVER is unset" && usage && exit 1
+## OWSec configuration variables
+#[ -z ${OWSEC_SYSTEM_URI_PRIVATE+x} ] && echo "OWSEC_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
+[ -z ${OWSEC_SYSTEM_URI_PUBLIC+x} ] && echo "OWSEC_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
+## OWFms configuration variables
+#[ -z ${OWFMS_SYSTEM_URI_PRIVATE+x} ] && echo "OWFMS_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
+[ -z ${OWFMS_SYSTEM_URI_PUBLIC+x} ] && echo "OWFMS_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
+## OWProv configuration variables
+#[ -z ${OWPROV_SYSTEM_URI_PRIVATE+x} ] && echo "OWPROV_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
+[ -z ${OWPROV_SYSTEM_URI_PUBLIC+x} ] && echo "OWPROV_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
+## OWAnalytics configuration variables
+#[ -z ${OWANALYTICS_SYSTEM_URI_PRIVATE+x} ] && echo "OWANALYTICS_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
+[ -z ${OWANALYTICS_SYSTEM_URI_PUBLIC+x} ] && echo "OWANALYTICS_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
+## OWSub configuration variables
+#[ -z ${OWSUB_SYSTEM_URI_PRIVATE+x} ] && echo "OWSUB_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
+[ -z ${OWSUB_SYSTEM_URI_PUBLIC+x} ] && echo "OWSUB_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
+## OWRRM configuration variables
+[ -z ${OWRRM_SERVICECONFIG_PRIVATEENDPOINT+x} ] && echo "OWRRM_SERVICECONFIG_PRIVATEENDPOINT is unset" && usage && exit 1
+[ -z ${OWRRM_SERVICECONFIG_PUBLICENDPOINT+x} ] && echo "OWRRM_SERVICECONFIG_PUBLICENDPOINT is unset" && usage && exit 1
+
+# Search and replace image version tags if set
+if [[ ! -z "$OWGW_VERSION" ]]; then
+  sed -i "s~.*OWGW_TAG=.*~OWGW_TAG=$OWGW_VERSION~" .env
+fi
+if [[ ! -z "$OWSEC_VERSION" ]]; then
+  sed -i "s~.*OWSEC_TAG=.*~OWSEC_TAG=$OWSEC_VERSION~" .env
+fi
+if [[ ! -z "$OWFMS_VERSION" ]]; then
+  sed -i "s~.*OWFMS_TAG=.*~OWFMS_TAG=$OWFMS_VERSION~" .env
+fi
+if [[ ! -z "$OWPROV_VERSION" ]]; then
+  sed -i "s~.*OWPROV_TAG=.*~OWPROV_TAG=$OWPROV_VERSION~" .env
+fi
+if [[ ! -z "$OWANALYTICS_VERSION" ]]; then
+  sed -i "s~.*OWANALYTICS_TAG=.*~OWANALYTICS_TAG=$OWANALYTICS_VERSION~" .env
+fi
+if [[ ! -z "$OWSUB_VERSION" ]]; then
+  sed -i "s~.*OWSUB_TAG=.*~OWSUB_TAG=$OWSUB_VERSION~" .env
+fi
+
+# Search and replace variable values in env files
+#sed -i "s~\(^INTERNAL_OWGW_HOSTNAME=\).*~\1$INTERNAL_OWGW_HOSTNAME~" .env
+#sed -i "s~\(^INTERNAL_OWSEC_HOSTNAME=\).*~\1$INTERNAL_OWSEC_HOSTNAME~" .env
+#sed -i "s~\(^INTERNAL_OWFMS_HOSTNAME=\).*~\1$INTERNAL_OWFMS_HOSTNAME~" .env
+#sed -i "s~\(^INTERNAL_OWPROV_HOSTNAME=\).*~\1$INTERNAL_OWPROV_HOSTNAME~" .env
+#sed -i "s~\(^INTERNAL_OWANALYTICS_HOSTNAME=\).*~\1$INTERNAL_OWANALYTICS_HOSTNAME~" .env
+#sed -i "s~\(^INTERNAL_OWSUB_HOSTNAME=\).*~\1$INTERNAL_OWSUB_HOSTNAME~" .env
+
+if [[ ! -z "$SDKHOSTNAME" ]]; then
+  sed -i "s~.*SDKHOSTNAME=.*~SDKHOSTNAME=$SDKHOSTNAME~" .env.letsencrypt
+fi
+
+if [[ ! -z "$WEBSOCKET_CERT" ]]; then
+  echo "$WEBSOCKET_CERT" > certs/websocket-cert.pem
+fi
+if [[ ! -z "$WEBSOCKET_KEY" ]]; then
+  echo "$WEBSOCKET_KEY" > certs/websocket-key.pem && chmod 600 certs/websocket-key.pem
+fi
+
+sed -i "s~.*FILEUPLOADER_HOST_NAME=.*~FILEUPLOADER_HOST_NAME=$OWGW_FILEUPLOADER_HOST_NAME~" owgw.env
+sed -i "s~.*FILEUPLOADER_URI=.*~FILEUPLOADER_URI=$OWGW_FILEUPLOADER_URI~" owgw.env
+sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWGW_SYSTEM_URI_PUBLIC~" owgw.env
+#sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWGW_SYSTEM_URI_PRIVATE~" owgw.env
+sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owgw.env
+sed -i "s~.*RTTY_SERVER=.*~RTTY_SERVER=$OWGW_RTTY_SERVER~" owgw.env
+
+if [[ ! -z "$SIMULATORID" ]]; then
+  sed -i "s~.*SIMULATORID=.*~SIMULATORID=$SIMULATORID~" owgw.env
+fi
+
+sed -i "s~.*REACT_APP_UCENTRALSEC_URL=.*~REACT_APP_UCENTRALSEC_URL=$DEFAULT_UCENTRALSEC_URL~" owgw-ui.env
+
+if [[ ! -z "$OWSEC_AUTHENTICATION_DEFAULT_USERNAME" ]]; then
+  sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
+fi
+if [[ ! -z "$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD" ]]; then
+  sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env
+fi
+#sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWSEC_SYSTEM_URI_PRIVATE~" owsec.env
+sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWSEC_SYSTEM_URI_PUBLIC~" owsec.env
+sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owsec.env
+
+#sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWFMS_SYSTEM_URI_PRIVATE~" owfms.env
+sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWFMS_SYSTEM_URI_PUBLIC~" owfms.env
+sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owfms.env
+if [[ ! -z "$OWFMS_S3_SECRET" ]]; then
+  sed -i "s~.*S3_SECRET=.*~S3_SECRET=$OWFMS_S3_SECRET~" owfms.env
+fi
+if [[ ! -z "$OWFMS_S3_KEY" ]]; then
+  sed -i "s~.*S3_KEY=.*~S3_KEY=$OWFMS_S3_KEY~" owfms.env
+fi
+
+#sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWPROV_SYSTEM_URI_PRIVATE~" owprov.env
+sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWPROV_SYSTEM_URI_PUBLIC~" owprov.env
+sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owprov.env
+
+sed -i "s~.*REACT_APP_UCENTRALSEC_URL=.*~REACT_APP_UCENTRALSEC_URL=$DEFAULT_UCENTRALSEC_URL~" owprov-ui.env
+
+#sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWANALYTICS_SYSTEM_URI_PRIVATE~" owanalytics.env
+sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWANALYTICS_SYSTEM_URI_PUBLIC~" owanalytics.env
+sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owanalytics.env
+
+#sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWSUB_SYSTEM_URI_PRIVATE~" owsub.env
+sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWSUB_SYSTEM_URI_PUBLIC~" owsub.env
+sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owsub.env
+
+sed -i "s~.*SERVICECONFIG_PRIVATEENDPOINT=.*~SERVICECONFIG_PRIVATEENDPOINT=$OWRRM_SERVICECONFIG_PRIVATEENDPOINT~" owrrm.env
+sed -i "s~.*SERVICECONFIG_PUBLICENDPOINT=.*~SERVICECONFIG_PUBLICENDPOINT=$OWRRM_SERVICECONFIG_PUBLICENDPOINT~" owrrm.env
+
+if [[ ! -z "$TRAEFIK_ACME_EMAIL" ]]; then
+  sed -i "s~.*TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=.*~TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=$TRAEFIK_ACME_EMAIL~" traefik.env
+fi
+
+if [[ ! -z "$CERTIFICATES_ALLOWMISMATCH" ]]; then
+  sed -i "s~.*CERTIFICATES_ALLOWMISMATCH=.*~CERTIFICATES_ALLOWMISMATCH=$CERTIFICATES_ALLOWMISMATCH~" owgw.env
+fi
+
+# Run the deployment
+if [[ ! -z "$SDKHOSTNAME" ]]; then
+  docker-compose -f docker-compose.lb.letsencrypt.yml --env-file .env.letsencrypt up -d
+else
+  docker-compose up -d
+fi

docker-compose/docker-compose.lb.letsencrypt.yml

@@ -0,0 +1,274 @@
+version: '3'
+
+volumes:
+  owgw_data:
+    driver: local
+  owsec_data:
+    driver: local
+  owfms_data:
+    driver: local
+  owprov_data:
+    driver: local
+  owanalytics_data:
+    driver: local
+  owsub_data:
+    driver: local
+  owrrm_data:
+    driver: local
+  zookeeper_data:
+    driver: local
+  zookeeper_datalog:
+    driver: local
+  kafka_data:
+    driver: local
+  mysql_data:
+    driver: local
+  letsencrypt_certs:
+    driver: local
+
+networks:
+  openwifi:
+
+services:
+  owgw:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owgw:${OWGW_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWGW_HOSTNAME}
+    env_file:
+      - .env.letsencrypt
+      - owgw.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owgw_data:${OWGW_ROOT}/persist
+      - ./certs:/${OWGW_ROOT}/certs
+    sysctls:
+      - net.ipv4.tcp_keepalive_intvl=5
+      - net.ipv4.tcp_keepalive_probes=2
+      - net.ipv4.tcp_keepalive_time=45
+
+  owgw-ui:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owgw-ui:${OWGWUI_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWGWUI_HOSTNAME}
+    env_file:
+      - owgw-ui.env
+    depends_on:
+      - owsec
+      - owgw
+      - owfms
+      - owprov
+    restart: unless-stopped
+
+  owsec:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owsec:${OWSEC_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWSEC_HOSTNAME}
+    env_file:
+      - .env.letsencrypt
+      - owsec.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owsec_data:${OWSEC_ROOT}/persist
+      - ./certs:/${OWSEC_ROOT}/certs
+
+  owfms:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owfms:${OWFMS_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWFMS_HOSTNAME}
+    env_file:
+      - .env.letsencrypt
+      - owfms.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owfms_data:${OWFMS_ROOT}/persist
+      - ./certs:/${OWFMS_ROOT}/certs
+
+  owprov:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owprov:${OWPROV_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWPROV_HOSTNAME}
+    env_file:
+      - .env.letsencrypt
+      - owprov.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owprov_data:${OWPROV_ROOT}
+      - ./certs:/${OWPROV_ROOT}/certs
+
+  owprov-ui:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owprov-ui:${OWPROVUI_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWPROVUI_HOSTNAME}
+    env_file:
+      - owprov-ui.env
+    depends_on:
+      - owsec
+      - owgw
+      - owfms
+      - owprov
+    restart: unless-stopped
+
+  owanalytics:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owanalytics:${OWANALYTICS_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWANALYTICS_HOSTNAME}
+    env_file:
+      - .env.letsencrypt
+      - owanalytics.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owanalytics_data:${OWANALYTICS_ROOT}
+      - ./certs:/${OWANALYTICS_ROOT}/certs
+
+  owsub:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owsub:${OWSUB_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWSUB_HOSTNAME}
+    env_file:
+      - .env.letsencrypt
+      - owsub.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owsub_data:${OWSUB_ROOT}
+      - ./certs:/${OWSUB_ROOT}/certs
+
+  owrrm:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owrrm:${OWRRM_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWRRM_HOSTNAME}
+    env_file:
+      - owrrm.env
+    depends_on:
+      - mysql
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owrrm_data:/owrrm-data
+
+  zookeeper:
+    image: "zookeeper:${ZOOKEEPER_TAG}"
+    networks:
+      openwifi:
+    restart: unless-stopped
+    volumes:
+      - zookeeper_data:/data
+      - zookeeper_datalog:/datalog
+
+  kafka:
+    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - kafka.env
+    restart: unless-stopped
+    depends_on:
+      - zookeeper
+    volumes:
+      - kafka_data:/bitnami/kafka
+
+  init-kafka:
+    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
+    networks:
+      openwifi:
+    depends_on:
+      - kafka
+    env_file:
+      - kafka.env
+    entrypoint:
+      - /bin/sh
+      - -c
+      - |
+        echo "Creating all required Kafka topics..."
+        for topic in $$TOPICS; do
+          /opt/bitnami/kafka/bin/kafka-topics.sh \
+          --create --if-not-exists --topic $$topic --replication-factor 1 \
+          --partitions 1 --bootstrap-server kafka:9092
+        done && echo "Successfully created Kafka topics, exiting." && exit 0
+
+  mysql:
+    image: "mysql:${MYSQL_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - mysql.env
+    restart: unless-stopped
+    volumes:
+      - mysql_data:/var/lib/mysql
+
+  traefik:
+    image: "traefik:${TRAEFIK_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - .env.letsencrypt
+      - traefik.env
+    depends_on:
+      - owsec
+      - owgw
+      - owgw-ui
+      - owfms
+      - owprov
+      - owprov-ui
+      - owanalytics
+      - owsub
+      - owrrm
+    restart: unless-stopped
+    volumes:
+      - "./traefik/openwifi_letsencrypt.yaml:/etc/traefik/openwifi.yaml"
+      - "./certs/restapi-ca.pem:/certs/restapi-ca.pem"
+      - "letsencrypt_certs:/letsencrypt"
+    entrypoint:
+      - /bin/sh
+      - -c
+      - |
+        timeout 10m sh -c 'until [[ "$$(getent hosts $SDKHOSTNAME)" ]]; do echo "Waiting until DNS record for $SDKHOSTNAME is resolvable"; sleep 5; done' \
+        && ./entrypoint.sh traefik
+    ports:
+      - "15002:15002"
+      - "16002:16002"
+      - "16003:16003"
+      - "80:80"
+      - "8080:8080"
+      - "443:443"
+      - "8443:8443"
+      - "16001:16001"
+      - "16004:16004"
+      - "16005:16005"
+      - "16009:16009"
+      - "16006:16006"
+      - "5912:5912"
+      - "5913:5913"
+      - "16789:16789"
+      - "1812:1812/udp"
+      - "1813:1813/udp"
+      - "3799:3799/udp"

docker-compose/docker-compose.lb.selfsigned.yml

@@ -0,0 +1,268 @@
+version: '3'
+
+volumes:
+  owgw_data:
+    driver: local
+  owsec_data:
+    driver: local
+  owfms_data:
+    driver: local
+  owprov_data:
+    driver: local
+  owanalytics_data:
+    driver: local
+  owsub_data:
+    driver: local
+  owrrm_data:
+    driver: local
+  zookeeper_data:
+    driver: local
+  zookeeper_datalog:
+    driver: local
+  kafka_data:
+    driver: local
+  mysql_data:
+    driver: local
+
+networks:
+  openwifi:
+
+services:
+  owgw:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owgw:${OWGW_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWGW_HOSTNAME}
+    env_file:
+      - .env.selfsigned
+      - owgw.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owgw_data:${OWGW_ROOT}/persist
+      - ./certs:/${OWGW_ROOT}/certs
+    sysctls:
+      - net.ipv4.tcp_keepalive_intvl=5
+      - net.ipv4.tcp_keepalive_probes=2
+      - net.ipv4.tcp_keepalive_time=45
+
+  owgw-ui:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owgw-ui:${OWGWUI_TAG}"
+    env_file: 
+      - owgw-ui.env
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWGWUI_HOSTNAME}
+    env_file:
+      - owgw-ui.env
+    depends_on:
+      - owsec
+      - owgw
+      - owfms
+      - owprov
+    restart: unless-stopped
+
+  owsec:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owsec:${OWSEC_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWSEC_HOSTNAME}
+    env_file:
+      - .env.selfsigned
+      - owsec.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owsec_data:${OWSEC_ROOT}/persist
+      - ./certs:/${OWSEC_ROOT}/certs
+
+  owfms:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owfms:${OWFMS_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWFMS_HOSTNAME}
+    env_file:
+      - .env.selfsigned
+      - owfms.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owfms_data:${OWFMS_ROOT}/persist
+      - ./certs:/${OWFMS_ROOT}/certs
+
+  owprov:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owprov:${OWPROV_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWPROV_HOSTNAME}
+    env_file:
+      - .env.selfsigned
+      - owprov.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owprov_data:${OWPROV_ROOT}
+      - ./certs:/${OWPROV_ROOT}/certs
+
+  owprov-ui:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owprov-ui:${OWPROVUI_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWPROVUI_HOSTNAME}
+    env_file:
+      - owprov-ui.env
+    depends_on:
+      - owsec
+      - owgw
+      - owfms
+      - owprov
+    restart: unless-stopped
+
+  owanalytics:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owanalytics:${OWANALYTICS_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWANALYTICS_HOSTNAME}
+    env_file:
+      - .env.selfsigned
+      - owanalytics.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owanalytics_data:${OWANALYTICS_ROOT}
+      - ./certs:/${OWANALYTICS_ROOT}/certs
+
+  owsub:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owsub:${OWSUB_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWSUB_HOSTNAME}
+    env_file:
+      - .env.selfsigned
+      - owsub.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owsub_data:${OWSUB_ROOT}
+      - ./certs:/${OWSUB_ROOT}/certs
+
+  owrrm:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owrrm:${OWRRM_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWRRM_HOSTNAME}
+    env_file:
+      - owrrm.env
+    depends_on:
+      - mysql
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owrrm_data:/owrrm-data
+
+  zookeeper:
+    image: "zookeeper:${ZOOKEEPER_TAG}"
+    networks:
+      openwifi:
+    restart: unless-stopped
+    volumes:
+      - zookeeper_data:/data
+      - zookeeper_datalog:/datalog
+
+  kafka:
+    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - kafka.env
+    restart: unless-stopped
+    depends_on:
+      - zookeeper
+    volumes:
+      - kafka_data:/bitnami/kafka
+
+  init-kafka:
+    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
+    networks:
+      openwifi:
+    depends_on:
+      - kafka
+    env_file:
+      - kafka.env
+    entrypoint:
+      - /bin/sh
+      - -c
+      - |
+        echo "Creating all required Kafka topics..."
+        for topic in $$TOPICS; do
+          /opt/bitnami/kafka/bin/kafka-topics.sh \
+          --create --if-not-exists --topic $$topic --replication-factor 1 \
+          --partitions 1 --bootstrap-server kafka:9092
+        done && echo "Successfully created Kafka topics, exiting." && exit 0
+
+  mysql:
+    image: "mysql:${MYSQL_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - mysql.env
+    restart: unless-stopped
+    volumes:
+      - mysql_data:/var/lib/mysql
+
+  traefik:
+    image: "traefik:${TRAEFIK_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - traefik.env
+    depends_on:
+      - owsec
+      - owgw
+      - owgw-ui
+      - owfms
+      - owprov
+      - owprov-ui
+      - owanalytics
+      - owsub
+      - owrrm
+    restart: unless-stopped
+    volumes:
+      - "./traefik/openwifi_selfsigned.yaml:/etc/traefik/openwifi.yaml"
+      - "./certs/restapi-ca.pem:/certs/restapi-ca.pem"
+      - "./certs/restapi-cert.pem:/certs/restapi-cert.pem"
+      - "./certs/restapi-key.pem:/certs/restapi-key.pem"
+    ports:
+      - "15002:15002"
+      - "16002:16002"
+      - "16003:16003"
+      - "80:80"
+      - "8080:8080"
+      - "443:443"
+      - "8443:8443"
+      - "16001:16001"
+      - "16004:16004"
+      - "16005:16005"
+      - "16009:16009"
+      - "16006:16006"
+      - "5912:5912"
+      - "5913:5913"
+      - "16789:16789"
+      - "1812:1812/udp"
+      - "1813:1813/udp"
+      - "3799:3799/udp"

docker-compose/docker-compose.postgresql.yml

@@ -0,0 +1,47 @@
+version: '3'
+
+volumes:
+  postgresql_data:
+    driver: local
+
+services:
+  owgw:
+    depends_on:
+      - postgresql
+    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owgw"]
+
+  owsec:
+    depends_on:
+      - postgresql
+    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owsec"]
+
+  owfms:
+    depends_on:
+      - postgresql
+    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owfms"]
+
+  owprov:
+    depends_on:
+      - postgresql
+    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owprov"]
+
+  owanalytics:
+    depends_on:
+      - postgresql
+    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owanalytics"]
+
+  owsub:
+    depends_on:
+      - postgresql
+    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owsub"]
+
+  postgresql:
+    image: "postgres:${POSTGRESQL_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - postgresql.env
+    restart: unless-stopped
+    volumes:
+      - postgresql_data:/var/lib/postgresql/data
+      - ./postgresql/init-db.sh:/docker-entrypoint-initdb.d/init-db.sh

docker-compose/docker-compose.yml

@@ -1,84 +1,190 @@
 version: '3'
 
 volumes:
+#  owrrm_data:
+#    driver: local
   zookeeper_data:
     driver: local
   zookeeper_datalog:
     driver: local
   kafka_data:
     driver: local
+  mysql_data:
+    driver: local
+
+
+networks:
+  openwifi:
 
 services:
-  ucentralgw.wlan.local:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/ucentralgw:${UCENTRALGW_TAG}"
+  owgw:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owgw:${OWGW_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWGW_HOSTNAME}
     env_file:
-      - .env_ucentralgw
-    depends_on: 
+      - owgw.env
+    depends_on:
       - kafka
-      - rttys
     restart: unless-stopped
+    volumes:
+      - "./owgw_data:${OWGW_ROOT}"
+      - "./certs:/${OWGW_ROOT}/certs"
     ports:
       - "15002:15002"
-      - "127.0.0.1:16002:16002"
+      - "16002:16002"
+      - "16102:16102"
       - "16003:16003"
-      - "127.0.0.1:16102:16102"
-    volumes:
-      - ./ucentralgw-data:/ucentralgw-data
-      - ./certs:/ucentralgw-data/certs
+      - "5912:5912"
+      - "5913:5913"
+      - "1812:1812/udp"
+      - "1813:1813/udp"
+      - "3799:3799/udp"
+    sysctls:
+      - net.ipv4.tcp_keepalive_intvl=5
+      - net.ipv4.tcp_keepalive_probes=2
+      - net.ipv4.tcp_keepalive_time=45
 
-  ucentralgw-ui:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/ucentralgw-ui:${UCENTRALGWUI_TAG}"
+  owgw-ui:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owgw-ui:${OWGWUI_TAG}"
+    networks:
+      openwifi:
     env_file:
-      - .env_ucentralgw-ui
+      - owgw-ui.env
     depends_on:
-      - ucentralsec.wlan.local
-      - ucentralgw.wlan.local
-      - ucentralfms.wlan.local
+      - owsec
+      - owgw
+      - owfms
+      - owprov
+      - owanalytics
+      - owsub
     restart: unless-stopped
-    ports:
-      - "127.0.0.1:80:80"
-
-  ucentralsec.wlan.local:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/ucentralsec:${UCENTRALSEC_TAG}"
-    env_file:
-      - .env_ucentralsec
-    depends_on: 
-      - kafka
-    restart: unless-stopped
-    ports:
-      - "127.0.0.1:16001:16001"
-      - "127.0.0.1:16101:16101"
     volumes:
-      - ./ucentralsec-data:/ucentralsec-data
-      - ./certs:/ucentralsec-data/certs
+      - "./owgw-ui/default.conf:/etc/nginx/conf.d/default.conf"
+      - "./certs/restapi-cert.pem:/etc/nginx/restapi-cert.pem"
+      - "./certs/restapi-key.pem:/etc/nginx/restapi-key.pem"
+    ports:
+      - "80:80"
+      - "443:443"
 
-  ucentralfms.wlan.local:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/ucentralfms:${UCENTRALFMS_TAG}"
+  owsec:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owsec:${OWSEC_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWSEC_HOSTNAME}
     env_file:
-      - .env_ucentralfms
+      - owsec.env
     depends_on:
       - kafka
     restart: unless-stopped
-    ports:
-      - "127.0.0.1:16004:16004"
-      - "127.0.0.1:16104:16104"
     volumes:
-      - ./ucentralfms-data:/ucentralfms-data
-      - ./certs:/ucentralfms-data/certs
+      - "./owsec_data:${OWSEC_ROOT}"
+      - "./certs:/${OWSEC_ROOT}/certs"
+    ports:
+      - "16001:16001"
+      - "16101:16101"
 
-  rttys:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/rttys:${RTTYS_TAG}"
+  owfms:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owfms:${OWFMS_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWFMS_HOSTNAME}
+    env_file:
+      - owfms.env
+    depends_on:
+      - kafka
     restart: unless-stopped
-    ports:
-    - "127.0.0.1:5912:5912"
-    - "127.0.0.1:5913:5913"
     volumes:
-      - ./certs/restapi-cert.pem:/etc/rttys/restapi-cert.pem
-      - ./certs/restapi-key.pem:/etc/rttys/restapi-key.pem
-      - ./rttys/rttys.conf:/rttys/rttys.conf
+      - "./owfms_data:${OWFMS_ROOT}"
+      - "./certs:/${OWFMS_ROOT}/certs"
+    ports:
+      - "16004:16004"
+      - "16104:16104"
+
+  owprov:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owprov:${OWPROV_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWPROV_HOSTNAME}
+    env_file:
+      - owprov.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - "./owprov_data:${OWPROV_ROOT}"
+      - "./certs:/${OWPROV_ROOT}/certs"
+    ports:
+      - "16005:16005"
+      - "16105:16105"
+
+  owprov-ui:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owprov-ui:${OWPROVUI_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - owprov-ui.env
+    depends_on:
+      - owsec
+      - owgw
+      - owfms
+      - owprov
+      - owanalytics
+      - owsub
+    restart: unless-stopped
+    volumes:
+      - "./owprov-ui/default.conf:/etc/nginx/conf.d/default.conf"
+      - "./certs/restapi-cert.pem:/etc/nginx/restapi-cert.pem"
+      - "./certs/restapi-key.pem:/etc/nginx/restapi-key.pem"
+    ports:
+      - "8080:8080"
+      - "8443:8443"
+
+  owanalytics:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owanalytics:${OWANALYTICS_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWANALYTICS_HOSTNAME}
+    env_file:
+      - owanalytics.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - "./owanalytics_data:${OWANALYTICS_ROOT}"
+      - "./certs:/${OWANALYTICS_ROOT}/certs"
+    ports:
+      - "16009:16009"
+      - "16109:16109"
+
+  owsub:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owsub:${OWSUB_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWSUB_HOSTNAME}
+    env_file:
+      - owsub.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - "./owsub_data:${OWSUB_ROOT}"
+      - "./certs:/${OWSUB_ROOT}/certs"
+    ports:
+      - "16006:16006"
+      - "16106:16106"
+
 
   zookeeper:
     image: "zookeeper:${ZOOKEEPER_TAG}"
+    networks:
+      openwifi:
     restart: unless-stopped
     volumes:
       - zookeeper_data:/data
@@ -86,10 +192,58 @@ services:
 
   kafka:
     image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
+    networks:
+      openwifi:
     env_file:
-      - .env_kafka
+      - kafka.env
     restart: unless-stopped
     depends_on:
       - zookeeper
     volumes:
       - kafka_data:/bitnami/kafka
+
+  init-kafka:
+    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
+    networks:
+      openwifi:
+    depends_on:
+      - kafka
+    env_file:
+      - kafka.env
+    entrypoint:
+      - /bin/sh
+      - -c
+      - |
+        echo "Creating all required Kafka topics..."
+        for topic in $$TOPICS; do
+          /opt/bitnami/kafka/bin/kafka-topics.sh \
+          --create --if-not-exists --topic $$topic --replication-factor 1 \
+          --partitions 1 --bootstrap-server kafka:9092
+        done && echo "Successfully created Kafka topics, exiting." && exit 0
+
+# NOTE currently OWRRM is only supported in LB installations
+#  owrrm:
+#    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owrrm:${OWRRM_TAG}"
+#    networks:
+#      openwifi:
+#        aliases:
+#          - ${INTERNAL_OWRRM_HOSTNAME}
+#    env_file:
+#      - owrrm.env
+#    depends_on:
+#      - mysql
+#      - kafka
+#    restart: unless-stopped
+#    volumes:
+#      - owrrm_data:/owrrm-data
+#    ports:
+#      - "16789:16789"
+#  mysql:
+#    image: "mysql:${MYSQL_TAG}"
+#    networks:
+#      openwifi:
+#    env_file:
+#      - mysql.env
+#    restart: unless-stopped
+#    volumes:
+#      - mysql_data:/var/lib/mysql

docker-compose/kafka.env

@@ -0,0 +1,3 @@
+KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper:2181
+ALLOW_PLAINTEXT_LISTENER=yes
+TOPICS=command connection device_event_queue device telemetry healthcheck provisioning_change service_events state wifiscan

docker-compose/mysql.env

@@ -0,0 +1,5 @@
+#MYSQL_RANDOM_ROOT_PASSWORD=yes
+MYSQL_ROOT_PASSWORD=openwifi
+MYSQL_DATABASE=owrrm
+#MYSQL_USER=owrrm
+#MYSQL_PASSWORD=openwifi

docker-compose/owanalytics.env

@@ -0,0 +1,39 @@
+RUN_CHOWN=true
+TEMPLATE_CONFIG=true
+SELFSIGNED_CERTS=true
+
+OWANALYTICS_ROOT=/owanalytics-data
+OWANALYTICS_CONFIG=/owanalytics-data
+
+#RESTAPI_HOST_ROOTCA=$OWANALYTICS_ROOT/certs/restapi-ca.pem
+#RESTAPI_HOST_PORT=16009
+#RESTAPI_HOST_CERT=$OWANALYTICS_ROOT/certs/restapi-cert.pem
+#RESTAPI_HOST_KEY=$OWANALYTICS_ROOT/certs/restapi-key.pem
+#RESTAPI_HOST_KEY_PASSWORD=mypassword
+#INTERNAL_RESTAPI_HOST_ROOTCA=$OWANALYTICS_ROOT/certs/restapi-ca.pem
+#INTERNAL_RESTAPI_HOST_PORT=17009
+#INTERNAL_RESTAPI_HOST_CERT=$OWANALYTICS_ROOT/certs/restapi-cert.pem
+#INTERNAL_RESTAPI_HOST_KEY=$OWANALYTICS_ROOT/certs/restapi-key.pem
+#INTERNAL_RESTAPI_HOST_KEY_PASSWORD=mypassword
+#FIRMWARE_UPDATER_UPGRADE=yes
+#FIRMWARE_UPDATER_RCONLY=no
+#SERVICE_KEY=$OWANALYTICS_ROOT/certs/restapi-key.pem
+#SERVICE_KEY_PASSWORD=mypassword
+SYSTEM_DATA=$OWANALYTICS_ROOT/persist
+SYSTEM_URI_PRIVATE=https://owanalytics.wlan.local:17009
+SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16009
+SYSTEM_URI_UI=https://openwifi.wlan.local
+#SECURITY_RESTAPI_DISABLE=false
+#KAFKA_ENABLE=true
+KAFKA_BROKERLIST=kafka:9092
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owanalytics
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owanalytics
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owanalytics
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE_MYSQL_HOST=localhost
+#STORAGE_TYPE_MYSQL_USERNAME=owanalytics
+#STORAGE_TYPE_MYSQL_PASSWORD=owanalytics
+#STORAGE_TYPE_MYSQL_DATABASE=owanalytics
+#STORAGE_TYPE_MYSQL_PORT=3306

docker-compose/owfms.env

@@ -0,0 +1,42 @@
+RUN_CHOWN=true
+TEMPLATE_CONFIG=true
+SELFSIGNED_CERTS=true
+
+OWFMS_ROOT=/owfms-data
+OWFMS_CONFIG=/owfms-data
+
+#RESTAPI_HOST_ROOTCA=$OWFMS_ROOT/certs/restapi-ca.pem
+#RESTAPI_HOST_PORT=16004
+#RESTAPI_HOST_CERT=$OWFMS_ROOT/certs/restapi-cert.pem
+#RESTAPI_HOST_KEY=$OWFMS_ROOT/certs/restapi-key.pem
+#RESTAPI_HOST_KEY_PASSWORD=mypassword
+#INTERNAL_RESTAPI_HOST_ROOTCA=$OWFMS_ROOT/certs/restapi-ca.pem
+#INTERNAL_RESTAPI_HOST_PORT=17004
+#INTERNAL_RESTAPI_HOST_CERT=$OWFMS_ROOT/certs/restapi-cert.pem
+#INTERNAL_RESTAPI_HOST_KEY=$OWFMS_ROOT/certs/restapi-key.pem
+#INTERNAL_RESTAPI_HOST_KEY_PASSWORD=mypassword
+#SERVICE_KEY=$OWFMS_ROOT/certs/restapi-key.pem
+#SERVICE_KEY_PASSWORD=mypassword
+SYSTEM_DATA=$OWFMS_ROOT/persist
+SYSTEM_URI_PRIVATE=https://owfms.wlan.local:17004
+SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16004
+SYSTEM_URI_UI=https://openwifi.wlan.local
+#SECURITY_RESTAPI_DISABLE=false
+#S3_BUCKETNAME=ucentral-ap-firmware
+#S3_REGION=us-east-1
+S3_SECRET=b0S6EiR5RLIxoe7Xvz9YXPPdxQCoZ6ze37qunTAI
+S3_KEY=AKIAUG47UZG7R6SRLD7F
+#S3_BUCKET_URI=ucentral-ap-firmware.s3.amazonaws.com
+#KAFKA_ENABLE=true
+KAFKA_BROKERLIST=kafka:9092
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owfms
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owfms
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owfms
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE_MYSQL_HOST=localhost
+#STORAGE_TYPE_MYSQL_USERNAME=owfms
+#STORAGE_TYPE_MYSQL_PASSWORD=owfms
+#STORAGE_TYPE_MYSQL_DATABASE=owfms
+#STORAGE_TYPE_MYSQL_PORT=3306

docker-compose/owgw-ui.env

@@ -0,0 +1 @@
+REACT_APP_UCENTRALSEC_URL=https://openwifi.wlan.local:16001

docker-compose/owgw-ui/default.conf

@@ -0,0 +1,32 @@
+server {
+    listen       80;
+    listen  [::]:80;
+
+    # Disable emitting nginx version
+    server_tokens off;
+
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen       443 ssl;
+    listen       [::]:443 ssl;
+
+    # Disable emitting nginx version
+    server_tokens off;
+
+    ssl_certificate     /etc/nginx/restapi-cert.pem;
+    ssl_certificate_key /etc/nginx/restapi-key.pem;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}

docker-compose/owgw.env

@@ -0,0 +1,70 @@
+RUN_CHOWN=true
+TEMPLATE_CONFIG=true
+SELFSIGNED_CERTS=true
+
+OWGW_ROOT=/owgw-data
+OWGW_CONFIG=/owgw-data
+
+#WEBSOCKET_HOST_ROOTCA=$OWGW_ROOT/certs/root.pem
+#WEBSOCKET_HOST_ISSUER=$OWGW_ROOT/certs/issuer.pem
+#WEBSOCKET_HOST_CERT=$OWGW_ROOT/certs/websocket-cert.pem
+#WEBSOCKET_HOST_KEY=$OWGW_ROOT/certs/websocket-key.pem
+#WEBSOCKET_HOST_CLIENTCAS=$OWGW_ROOT/certs/clientcas.pem
+#WEBSOCKET_HOST_CAS=$OWGW_ROOT/certs/cas
+#WEBSOCKET_HOST_PORT=15002
+#WEBSOCKET_HOST_KEY_PASSWORD=mypassword
+#RESTAPI_HOST_ROOTCA=$OWGW_ROOT/certs/restapi-ca.pem
+#RESTAPI_HOST_PORT=16002
+#RESTAPI_HOST_CERT=$OWGW_ROOT/certs/restapi-cert.pem
+#RESTAPI_HOST_KEY=$OWGW_ROOT/certs/restapi-key.pem
+#RESTAPI_HOST_KEY_PASSWORD=mypassword
+#INTERNAL_RESTAPI_HOST_ROOTCA=$OWGW_ROOT/certs/restapi-ca.pem
+#INTERNAL_RESTAPI_HOST_PORT=17002
+#INTERNAL_RESTAPI_HOST_CERT=$OWGW_ROOT/certs/restapi-cert.pem
+#INTERNAL_RESTAPI_HOST_KEY=$OWGW_ROOT/certs/restapi-key.pem
+#INTERNAL_RESTAPI_HOST_KEY_PASSWORD=mypassword
+#FILEUPLOADER_HOST_ROOTCA=$OWGW_ROOT/certs/restapi-ca.pem
+FILEUPLOADER_HOST_NAME=openwifi.wlan.local
+#FILEUPLOADER_HOST_PORT=16003
+#FILEUPLOADER_HOST_CERT=$OWGW_ROOT/certs/restapi-cert.pem
+#FILEUPLOADER_HOST_KEY=$OWGW_ROOT/certs/restapi-key.pem
+#FILEUPLOADER_HOST_KEY_PASSWORD=mypassword
+FILEUPLOADER_PATH=$OWGW_ROOT/persist/uploads
+FILEUPLOADER_URI=https://openwifi.wlan.local:16003
+#SERVICE_KEY=$OWGW_ROOT/certs/restapi-key.pem
+#SERVICE_KEY_PASSWORD=mypassword
+SYSTEM_DATA=$OWGW_ROOT/persist
+SYSTEM_URI_PRIVATE=https://owgw.wlan.local:17002
+SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16002
+SYSTEM_URI_UI=https://openwifi.wlan.local
+#SECURITY_RESTAPI_DISABLE=false
+#SIMULATORID=
+#IPTOCOUNTRY_PROVIDER=ipinfo
+#IPTOCOUNTRY_IPINFO_TOKEN=
+#IPTOCOUNTRY_IPDATA_APIKEY=
+#RTTY_INTERNAL=true
+#RTTY_ENABLED=true
+RTTY_SERVER=openwifi.wlan.local
+#RTTY_PORT=5912
+#RTTY_TOKEN=
+#RTTY_TIMEOUT=60
+#RTTY_VIEWPORT=5913
+#RTTY_ASSETS=$OWGW_ROOT/rtty_ui
+RADIUS_PROXY_ENABLE=true
+#RADIUS_PROXY_ACCOUNTING_PORT=1813
+#RADIUS_PROXY_AUTHENTICATION_PORT=1812
+#RADIUS_PROXY_COA_PORT=3799
+#KAFKA_ENABLE=true
+KAFKA_BROKERLIST=kafka:9092
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owgw
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owgw
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owgw
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE_MYSQL_HOST=localhost
+#STORAGE_TYPE_MYSQL_USERNAME=owgw
+#STORAGE_TYPE_MYSQL_PASSWORD=owgw
+#STORAGE_TYPE_MYSQL_DATABASE=owgw
+#STORAGE_TYPE_MYSQL_PORT=3306
+#CERTIFICATES_ALLOWMISMATCH=false

docker-compose/owls/.env

@@ -0,0 +1,17 @@
+# Image tags
+COMPOSE_PROJECT_NAME=owls
+OWSEC_TAG=main
+OWLS_TAG=main
+OWLSUI_TAG=master
+KAFKA_TAG=latest
+ZOOKEEPER_TAG=latest
+
+# Microservice root/config directories
+OWSEC_ROOT=/owsec-data
+OWSEC_CONFIG=/owsec-data
+OWLS_ROOT=/owls-data
+OWLS_CONFIG=/owls-data
+
+# Microservice hostnames
+INTERNAL_OWSEC_HOSTNAME=owsec.wlan.local
+INTERNAL_OWLS_HOSTNAME=owls.wlan.local

docker-compose/owls/README.md

@@ -0,0 +1,16 @@
+# OpenWifi OWLS Docker Compose
+## Deployment with self-signed certificates
+To run a load simulation you need to generate a specific Digicert-signed AP certificate which will be used to connect to the gateway. The certificate serial number has to start with the digits `53494d` since otherwise the gateway won't allow a load simulation. The rest of the serial number and the specified redirector URL can be chosen randomly. You only need to generate one AP certificate for your simulations.  
+Be aware that since the OWLS deployment partly exposes the same ports on the host as the OpenWifi deployment, it is not intended that both run on the same host.
+1. Copy or move your AP load simulation certificate into the `docker-compose/certs` directory. Don't forget to name the files `device-cert.pem` and `device-key.pem` or adapt the path names in the OWLS configuration if you're using different file names.
+2. To be able to run load simulation tests against your OpenWifi SDK deployment, you'll have to [add the serial number of your generated AP certificate to the gateway configuration](https://github.com/Telecominfraproject/wlan-cloud-owls#prepare-your-openwifi-gateway). You can do that by either editing [owgw.env](../owgw.env) or doing the changes directly in your OWGW configuration file if it is exposed on your Docker host.
+3. Switch into the project directory with `cd docker-compose/owls`.
+4. Add an entry for `openwifi-owls.wlan.local` in your hosts file which points to `127.0.0.1` or whatever the IP of the host running the OWLS deployment is.
+5. Spin up the deployment with `docker-compose up -d`.
+6. Check if the containers are up and running with `docker-compose ps`.
+7. Add SSL certificate exceptions in your browser by visiting https://openwifi-owls.wlan.local:16001 and https://openwifi-owls.wlan.local:16007.
+8. If you're using an OpenWifi deployment with self-signed certificates, you'll have to add a custom hosts entry for `openwifi.wlan.local` on the machine running the OWLS deployment pointing to the remote IP of your OpenWifi host.
+9. Login to the UI by visiting https://openwifi-owls.wlan.local and follow the instructions to change your default password.
+10. In the Simulation tab, click on the + sign on the right side to add a load simulation.
+11. Fill out the required fields. MAC prefix is used for the MAC addresses of the simulated devices, so you can use any six-digit hexadecimal number. Specify the remote address of your OpenWifi gateway in the Gateway field, for example `https://openwifi.wlan.local:15002`. Adapt the rest of the settings according to your needs.
+12. Click on the floppy disk icon to save your load simulation. You can run it by clicking the play symbol in the table view.

docker-compose/owls/deploy_owls.sh

@@ -0,0 +1,74 @@
+#!/bin/bash
+set -e
+
+# Usage function
+usage () {
+  echo;
+  echo "This script is intended for OpenWifi OWLS deployment using Docker Compose (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/docker-compose) in a Kubernetes pod";
+  echo;
+  echo "Required environment variables:"
+  echo;
+  echo "- DEPLOY_VERSION - version of the wlan-cloud-ucentral-deploy repo to be used";
+  echo;
+  echo "- DEFAULT_UCENTRALSEC_URL - public URL of the OWSec service"
+  echo "- SYSTEM_URI_UI - public URL of the OWGW-UI service"
+  echo;
+  echo "- INTERNAL_OWSEC_HOSTNAME - OWSec microservice hostname for Docker internal communication"
+  echo;
+  echo "- OWSEC_SYSTEM_URI_PRIVATE - private URL to be used for OWSec";
+  echo "- OWSEC_SYSTEM_URI_PUBLIC - public URL to be used for OWSec";
+  echo "- OWSEC_AUTHENTICATION_DEFAULT_USERNAME - username to be used for requests to OWSec";
+  echo "- OWSEC_AUTHENTICATION_DEFAULT_PASSWORD - hashed password for OWSec (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)";
+  echo;
+  echo "- OWLS_SYSTEM_URI_PRIVATE - private URL to be used for OWLS";
+  echo "- OWLS_SYSTEM_URI_PUBLIC - public URL to be used for OWLS";
+  echo;
+  echo "- DEVICE_CERT - path to the device certificate";
+  echo "- DEVICE_KEY - path to the device key";
+}
+
+# Check if required environment variables were passed
+## Deployment specifics
+[ -z ${DEPLOY_VERSION+x} ] && echo "DEPLOY_VERSION is unset" && usage && exit 1
+## Configuration variables applying to multiple microservices
+[ -z ${DEFAULT_UCENTRALSEC_URL+x} ] && echo "DEFAULT_UCENTRALSEC_URL is unset" && usage && exit 1
+[ -z ${SYSTEM_URI_UI+x} ] && echo "SYSTEM_URI_UI is unset" && usage && exit 1
+## Internal microservice hostnames
+[ -z ${INTERNAL_OWSEC_HOSTNAME+x} ] && echo "INTERNAL_OWSEC_HOSTNAME is unset" && usage && exit 1
+## OWSec configuration variables
+[ -z ${OWSEC_AUTHENTICATION_DEFAULT_USERNAME+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_USERNAME is unset" && usage && exit 1
+[ -z ${OWSEC_AUTHENTICATION_DEFAULT_PASSWORD+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_PASSWORD is unset" && usage && exit 1
+[ -z ${OWSEC_SYSTEM_URI_PRIVATE+x} ] && echo "OWSEC_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
+[ -z ${OWSEC_SYSTEM_URI_PUBLIC+x} ] && echo "OWSEC_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
+# OWLS configuration variables
+[ -z ${OWLS_SYSTEM_URI_PRIVATE+x} ] && echo "OWLS_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
+[ -z ${OWLS_SYSTEM_URI_PUBLIC+x} ] && echo "OWLS_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
+## cert related variables
+[ -z ${DEVICE_CERT+x} ] && echo "DEVICE_CERT is unset" && usage && exit 1
+[ -z ${DEVICE_KEY+x} ] && echo "DEVICE_KEY is unset" && usage && exit 1
+
+# Clone repo and copy certificates
+mkdir wlan-cloud-ucentral-deploy-tmp
+git clone --branch $DEPLOY_VERSION https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git /wlan-cloud-ucentral-deploy-tmp 
+mv -f /wlan-cloud-ucentral-deploy-tmp/* /wlan-cloud-ucentral-deploy/ && rm -r wlan-cloud-ucentral-deploy-tmp
+cd wlan-cloud-ucentral-deploy/docker-compose/owls
+
+# Search and replace variable values in env files
+sed -i "s~\(^INTERNAL_OWSEC_HOSTNAME=\).*~\1$INTERNAL_OWSEC_HOSTNAME~" .env
+sed -i "s~\(^INTERNAL_OWLS_HOSTNAME=\).*~\1$INTERNAL_OWLS_HOSTNAME~" .env
+
+sed -i "s~\(^REACT_APP_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owls-ui.env
+
+sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
+sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env
+sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWSEC_SYSTEM_URI_PRIVATE~" owsec.env
+sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWSEC_SYSTEM_URI_PUBLIC~" owsec.env
+sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owsec.env
+
+sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWLS_SYSTEM_URI_PRIVATE~" owls.env
+sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWLS_SYSTEM_URI_PUBLIC~" owls.env
+
+# Run the deployment and attach to logs
+cat $DEVICE_CERT > ../certs/device-cert.pem
+cat $DEVICE_KEY > ../certs/device-key.pem
+exec docker-compose up --attach-dependencies

docker-compose/owls/docker-compose.yml

@@ -0,0 +1,89 @@
+version: '3'
+
+volumes:
+  zookeeper_data:
+    driver: local
+  zookeeper_datalog:
+    driver: local
+  kafka_data:
+    driver: local
+
+networks:
+  owls:
+
+services:
+  owsec:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owsec:${OWSEC_TAG}"
+    networks:
+      owls:
+        aliases:
+          - ${INTERNAL_OWSEC_HOSTNAME}
+    env_file:
+      - owsec.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - "./owsec_data:${OWSEC_ROOT}"
+      - "../certs:/${OWSEC_ROOT}/certs"
+    ports:
+      - "16001:16001"
+      - "16101:16101"
+
+  owls:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owls:${OWLS_TAG}"
+    networks:
+      owls:
+        aliases:
+          - ${INTERNAL_OWLS_HOSTNAME}
+    env_file:
+      - owls.env
+    depends_on:
+      - owsec
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - "./owls_data:${OWLS_ROOT}"
+      - "../certs:/${OWLS_ROOT}/certs"
+    ports:
+      - "16007:16007"
+      - "16107:16107"
+
+  owls-ui:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owls-ui:${OWLSUI_TAG}"
+    networks:
+      owls:
+    env_file:
+      - owls-ui.env
+    depends_on:
+      - owsec
+      - owls
+    restart: unless-stopped
+    volumes:
+      - "./owls-ui/default.conf:/etc/nginx/conf.d/default.conf"
+      - "../certs/restapi-cert.pem:/etc/nginx/restapi-cert.pem"
+      - "../certs/restapi-key.pem:/etc/nginx/restapi-key.pem"
+    ports:
+      - "80:80"
+      - "443:443"
+
+  zookeeper:
+    image: "zookeeper:${ZOOKEEPER_TAG}"
+    networks:
+      owls:
+    restart: unless-stopped
+    volumes:
+      - zookeeper_data:/data
+      - zookeeper_datalog:/datalog
+
+  kafka:
+    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
+    networks:
+      owls:
+    env_file:
+      - kafka.env
+    restart: unless-stopped
+    depends_on:
+      - zookeeper
+    volumes:
+      - kafka_data:/bitnami/kafka

docker-compose/owls/owls-ui.env

@@ -0,0 +1 @@
+REACT_APP_UCENTRALSEC_URL=https://openwifi.wlan.local:16001

docker-compose/owls/owls-ui/default.conf

@@ -0,0 +1,32 @@
+server {
+    listen       80;
+    listen  [::]:80;
+
+    # Disable emitting nginx version
+    server_tokens off;
+
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen       443 ssl;
+    listen       [::]:443 ssl;
+
+    # Disable emitting nginx version
+    server_tokens off;
+
+    ssl_certificate     /etc/nginx/restapi-cert.pem;
+    ssl_certificate_key /etc/nginx/restapi-key.pem;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}

docker-compose/owls/owls.env

@@ -0,0 +1,43 @@
+RUN_CHOWN=true
+TEMPLATE_CONFIG=true
+SELFSIGNED_CERTS=true
+
+OWLS_ROOT=/owls-data
+OWLS_CONFIG=/owls-data
+
+#ROOTCA=$OWLS_ROOT/certs/root.pem
+#ISSUER=$OWLS_ROOT/certs/issuer.pem
+#CERT=$OWLS_ROOT/certs/device-cert.pem
+#KEY=$OWLS_ROOT/certs/device-key.pem
+#CLIENTCAS=$OWLS_ROOT/certs/clientcas.pem
+#CAS=$OWLS_ROOT/certs/cas
+#KEY_PASSWORD=mypassword
+#RESTAPI_HOST_ROOTCA=$OWLS_ROOT/certs/restapi-ca.pem
+#RESTAPI_HOST_PORT=16007
+#RESTAPI_HOST_CERT=$OWLS_ROOT/certs/restapi-cert.pem
+#RESTAPI_HOST_KEY=$OWLS_ROOT/certs/restapi-key.pem
+#RESTAPI_HOST_KEY_PASSWORD=mypassword
+#INTERNAL_RESTAPI_HOST_ROOTCA=$OWLS_ROOT/certs/restapi-ca.pem
+#INTERNAL_RESTAPI_HOST_PORT=17007
+#INTERNAL_RESTAPI_HOST_CERT=$OWLS_ROOT/certs/restapi-cert.pem
+#INTERNAL_RESTAPI_HOST_KEY=$OWLS_ROOT/certs/restapi-key.pem
+#INTERNAL_RESTAPI_HOST_KEY_PASSWORD=mypassword
+#SERVICE_KEY=$OWLS_ROOT/certs/restapi-key.pem
+#SERVICE_KEY_PASSWORD=mypassword
+SYSTEM_DATA=$OWLS_ROOT/persist
+SYSTEM_URI_PRIVATE=https://owls.wlan.local:17007
+SYSTEM_URI_PUBLIC=https://openwifi-owls.wlan.local:16007
+SYSTEM_URI_UI=https://openwifi-owls.wlan.local
+#KAFKA_ENABLE=true
+KAFKA_BROKERLIST=kafka:9092
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owls
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owls
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owls
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE_MYSQL_HOST=localhost
+#STORAGE_TYPE_MYSQL_USERNAME=owls
+#STORAGE_TYPE_MYSQL_PASSWORD=owls
+#STORAGE_TYPE_MYSQL_DATABASE=owls
+#STORAGE_TYPE_MYSQL_PORT=3306

docker-compose/owls/owsec.env

@@ -0,0 +1,47 @@
+RUN_CHOWN=true
+TEMPLATE_CONFIG=true
+SELFSIGNED_CERTS=true
+
+OWSEC_ROOT=/owsec-data
+OWSEC_CONFIG=/owsec-data
+
+#RESTAPI_HOST_ROOTCA=$OWSEC_ROOT/certs/restapi-ca.pem
+#RESTAPI_HOST_PORT=16001
+#RESTAPI_HOST_CERT=$OWSEC_ROOT/certs/restapi-cert.pem
+#RESTAPI_HOST_KEY=$OWSEC_ROOT/certs/restapi-key.pem
+#RESTAPI_HOST_KEY_PASSWORD=mypassword
+#RESTAPI_WWWASSETS=$OWSEC_ROOT/wwwassets
+#INTERNAL_RESTAPI_HOST_ROOTCA=$OWSEC_ROOT/certs/restapi-ca.pem
+#INTERNAL_RESTAPI_HOST_PORT=17001
+#INTERNAL_RESTAPI_HOST_CERT=$OWSEC_ROOT/certs/restapi-cert.pem
+#INTERNAL_RESTAPI_HOST_KEY=$OWSEC_ROOT/certs/restapi-key.pem
+#INTERNAL_RESTAPI_HOST_KEY_PASSWORD=mypassword
+#AUTHENTICATION_DEFAULT_USERNAME=tip@ucentral.com
+#AUTHENTICATION_DEFAULT_PASSWORD=13268b7daa751240369d125e79c873bd8dd3bef7981bdfd38ea03dbb1fbe7dcf
+SYSTEM_DATA=$OWSEC_ROOT/persist
+SYSTEM_URI_PRIVATE=https://owsec.wlan.local:17001
+SYSTEM_URI_PUBLIC=https://openwifi-owls.wlan.local:16001
+SYSTEM_URI_UI=https://openwifi-owls.wlan.local
+#SERVICE_KEY=$OWSEC_ROOT/certs/restapi-key.pem
+#SERVICE_KEY_PASSWORD=mypassword
+#MAILER_HOSTNAME=localhost
+#MAILER_USERNAME=************************
+#MAILER_PASSWORD=************************
+#MAILER_SENDER=OpenWIFI
+#MAILER_PORT=587
+#MAILER_TEMPLATES=$OWSEC_ROOT/templates
+#KAFKA_ENABLE=true
+KAFKA_BROKERLIST=kafka:9092
+#DOCUMENT_POLICY_ACCESS=$OWSEC_ROOT/wwwassets/access_policy.html
+#DOCUMENT_POLICY_PASSWORD=$OWSEC_ROOT/wwwassets/password_policy.html
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owsec
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owsec
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owsec
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE_MYSQL_HOST=localhost
+#STORAGE_TYPE_MYSQL_USERNAME=owsec
+#STORAGE_TYPE_MYSQL_PASSWORD=owsec
+#STORAGE_TYPE_MYSQL_DATABASE=owsec
+#STORAGE_TYPE_MYSQL_PORT=3306

docker-compose/owprov-ui.env

@@ -0,0 +1,2 @@
+ALLOW_UCENTRALSEC_CHANGE=false
+REACT_APP_UCENTRALSEC_URL=https://openwifi.wlan.local:16001

docker-compose/owprov-ui/default.conf

@@ -0,0 +1,32 @@
+server {
+    listen       8080;
+    listen  [::]:8080;
+
+    # Disable emitting nginx version
+    server_tokens off;
+
+    return 301 https://$host:8443$request_uri;
+}
+
+server {
+    listen       8443 ssl;
+    listen       [::]:8443 ssl;
+
+    # Disable emitting nginx version
+    server_tokens off;
+
+    ssl_certificate     /etc/nginx/restapi-cert.pem;
+    ssl_certificate_key /etc/nginx/restapi-key.pem;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}

docker-compose/owprov.env

@@ -0,0 +1,39 @@
+RUN_CHOWN=true
+TEMPLATE_CONFIG=true
+SELFSIGNED_CERTS=true
+
+OWPROV_ROOT=/owprov-data
+OWPROV_CONFIG=/owprov-data
+
+#RESTAPI_HOST_ROOTCA=$OWPROV_ROOT/certs/restapi-ca.pem
+#RESTAPI_HOST_PORT=16005
+#RESTAPI_HOST_CERT=$OWPROV_ROOT/certs/restapi-cert.pem
+#RESTAPI_HOST_KEY=$OWPROV_ROOT/certs/restapi-key.pem
+#RESTAPI_HOST_KEY_PASSWORD=mypassword
+#INTERNAL_RESTAPI_HOST_ROOTCA=$OWPROV_ROOT/certs/restapi-ca.pem
+#INTERNAL_RESTAPI_HOST_PORT=17005
+#INTERNAL_RESTAPI_HOST_CERT=$OWPROV_ROOT/certs/restapi-cert.pem
+#INTERNAL_RESTAPI_HOST_KEY=$OWPROV_ROOT/certs/restapi-key.pem
+#INTERNAL_RESTAPI_HOST_KEY_PASSWORD=mypassword
+#FIRMWARE_UPDATER_UPGRADE=yes
+#FIRMWARE_UPDATER_RCONLY=no
+#SERVICE_KEY=$OWPROV_ROOT/certs/restapi-key.pem
+#SERVICE_KEY_PASSWORD=mypassword
+SYSTEM_DATA=$OWPROV_ROOT/persist
+SYSTEM_URI_PRIVATE=https://owprov.wlan.local:17005
+SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16005
+SYSTEM_URI_UI=https://openwifi.wlan.local
+#SECURITY_RESTAPI_DISABLE=false
+#KAFKA_ENABLE=true
+KAFKA_BROKERLIST=kafka:9092
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owprov
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owprov
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owprov
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE_MYSQL_HOST=localhost
+#STORAGE_TYPE_MYSQL_USERNAME=owprov
+#STORAGE_TYPE_MYSQL_PASSWORD=owprov
+#STORAGE_TYPE_MYSQL_DATABASE=owprov
+#STORAGE_TYPE_MYSQL_PORT=3306

docker-compose/owrrm.env

@@ -0,0 +1,8 @@
+SELFSIGNED_CERTS=true
+SERVICECONFIG_PRIVATEENDPOINT=https://owrrm.wlan.local:16789
+SERVICECONFIG_PUBLICENDPOINT=https://openwifi.wlan.local:16789
+KAFKACONFIG_BOOTSTRAPSERVER=kafka:9092
+DATABASECONFIG_SERVER=mysql:3306
+DATABASECONFIG_USER=root
+#DATABASECONFIG_PASSWORD=openwifi
+DATABASECONFIG_DBNAME=owrrm

docker-compose/owsec.env

@@ -0,0 +1,48 @@
+RUN_CHOWN=true
+TEMPLATE_CONFIG=true
+SELFSIGNED_CERTS=true
+
+OWSEC_ROOT=/owsec-data
+OWSEC_CONFIG=/owsec-data
+
+#RESTAPI_HOST_ROOTCA=$OWSEC_ROOT/certs/restapi-ca.pem
+#RESTAPI_HOST_PORT=16001
+#RESTAPI_HOST_CERT=$OWSEC_ROOT/certs/restapi-cert.pem
+#RESTAPI_HOST_KEY=$OWSEC_ROOT/certs/restapi-key.pem
+#RESTAPI_HOST_KEY_PASSWORD=mypassword
+#RESTAPI_WWWASSETS=$OWSEC_ROOT/wwwassets
+#INTERNAL_RESTAPI_HOST_ROOTCA=$OWSEC_ROOT/certs/restapi-ca.pem
+#INTERNAL_RESTAPI_HOST_PORT=17001
+#INTERNAL_RESTAPI_HOST_CERT=$OWSEC_ROOT/certs/restapi-cert.pem
+#INTERNAL_RESTAPI_HOST_KEY=$OWSEC_ROOT/certs/restapi-key.pem
+#INTERNAL_RESTAPI_HOST_KEY_PASSWORD=mypassword
+#AUTHENTICATION_DEFAULT_USERNAME=tip@ucentral.com
+#AUTHENTICATION_DEFAULT_PASSWORD=13268b7daa751240369d125e79c873bd8dd3bef7981bdfd38ea03dbb1fbe7dcf
+SYSTEM_DATA=$OWSEC_ROOT/persist
+SYSTEM_URI_PRIVATE=https://owsec.wlan.local:17001
+SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16001
+SYSTEM_URI_UI=https://openwifi.wlan.local
+#SECURITY_RESTAPI_DISABLE=false
+#SERVICE_KEY=$OWSEC_ROOT/certs/restapi-key.pem
+#SERVICE_KEY_PASSWORD=mypassword
+#MAILER_HOSTNAME=localhost
+#MAILER_USERNAME=************************
+#MAILER_PASSWORD=************************
+#MAILER_SENDER=OpenWIFI
+#MAILER_PORT=587
+#MAILER_TEMPLATES=$OWSEC_ROOT/templates
+#KAFKA_ENABLE=true
+KAFKA_BROKERLIST=kafka:9092
+#DOCUMENT_POLICY_ACCESS=$OWSEC_ROOT/wwwassets/access_policy.html
+#DOCUMENT_POLICY_PASSWORD=$OWSEC_ROOT/wwwassets/password_policy.html
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owsec
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owsec
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owsec
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE_MYSQL_HOST=localhost
+#STORAGE_TYPE_MYSQL_USERNAME=owsec
+#STORAGE_TYPE_MYSQL_PASSWORD=owsec
+#STORAGE_TYPE_MYSQL_DATABASE=owsec
+#STORAGE_TYPE_MYSQL_PORT=3306

docker-compose/owsub.env

@@ -0,0 +1,39 @@
+RUN_CHOWN=true
+TEMPLATE_CONFIG=true
+SELFSIGNED_CERTS=true
+
+OWSUB_ROOT=/owsub-data
+OWSUB_CONFIG=/owsub-data
+
+#RESTAPI_HOST_ROOTCA=$OWSUB_ROOT/certs/restapi-ca.pem
+#RESTAPI_HOST_PORT=16006
+#RESTAPI_HOST_CERT=$OWSUB_ROOT/certs/restapi-cert.pem
+#RESTAPI_HOST_KEY=$OWSUB_ROOT/certs/restapi-key.pem
+#RESTAPI_HOST_KEY_PASSWORD=mypassword
+#INTERNAL_RESTAPI_HOST_ROOTCA=$OWSUB_ROOT/certs/restapi-ca.pem
+#INTERNAL_RESTAPI_HOST_PORT=17006
+#INTERNAL_RESTAPI_HOST_CERT=$OWSUB_ROOT/certs/restapi-cert.pem
+#INTERNAL_RESTAPI_HOST_KEY=$OWSUB_ROOT/certs/restapi-key.pem
+#INTERNAL_RESTAPI_HOST_KEY_PASSWORD=mypassword
+#FIRMWARE_UPDATER_UPGRADE=yes
+#FIRMWARE_UPDATER_RCONLY=no
+#SERVICE_KEY=$OWSUB_ROOT/certs/restapi-key.pem
+#SERVICE_KEY_PASSWORD=mypassword
+SYSTEM_DATA=$OWSUB_ROOT/persist
+SYSTEM_URI_PRIVATE=https://owsub.wlan.local:17006
+SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16006
+SYSTEM_URI_UI=https://openwifi.wlan.local
+#SECURITY_RESTAPI_DISABLE=false
+#KAFKA_ENABLE=true
+KAFKA_BROKERLIST=kafka:9092
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owsub
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owsub
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owsub
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE_MYSQL_HOST=localhost
+#STORAGE_TYPE_MYSQL_USERNAME=owsub
+#STORAGE_TYPE_MYSQL_PASSWORD=owsub
+#STORAGE_TYPE_MYSQL_DATABASE=owsub
+#STORAGE_TYPE_MYSQL_PORT=3306

docker-compose/postgresql.env

@@ -0,0 +1,20 @@
+POSTGRES_PASSWORD=postgres
+POSTGRES_USER=postgres
+OWGW_DB=owgw
+OWGW_DB_USER=owgw
+OWGW_DB_PASSWORD=owgw
+OWSEC_DB=owsec
+OWSEC_DB_USER=owsec
+OWSEC_DB_PASSWORD=owsec
+OWFMS_DB=owfms
+OWFMS_DB_USER=owfms
+OWFMS_DB_PASSWORD=owfms
+OWPROV_DB=owprov
+OWPROV_DB_USER=owprov
+OWPROV_DB_PASSWORD=owprov
+OWANALYTICS_DB=owanalytics
+OWANALYTICS_DB_USER=owanalytics
+OWANALYTICS_DB_PASSWORD=owanalytics
+OWSUB_DB=owsub
+OWSUB_DB_USER=owsub
+OWSUB_DB_PASSWORD=owsub

docker-compose/postgresql/init-db.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+set -e
+
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
+    CREATE USER $OWGW_DB_USER WITH ENCRYPTED PASSWORD '$OWGW_DB_PASSWORD';
+    CREATE DATABASE $OWGW_DB OWNER $OWGW_DB_USER;
+    CREATE USER $OWSEC_DB_USER WITH ENCRYPTED PASSWORD '$OWSEC_DB_PASSWORD';
+    CREATE DATABASE $OWSEC_DB OWNER $OWSEC_DB_USER;
+    CREATE USER $OWFMS_DB_USER WITH ENCRYPTED PASSWORD '$OWFMS_DB_PASSWORD';
+    CREATE DATABASE $OWFMS_DB OWNER $OWFMS_DB_USER;
+    CREATE USER $OWPROV_DB_USER WITH ENCRYPTED PASSWORD '$OWPROV_DB_PASSWORD';
+    CREATE DATABASE $OWPROV_DB OWNER $OWPROV_DB_USER;
+    CREATE USER $OWANALYTICS_DB_USER WITH ENCRYPTED PASSWORD '$OWANALYTICS_DB_PASSWORD';
+    CREATE DATABASE $OWANALYTICS_DB OWNER $OWANALYTICS_DB_USER;
+    CREATE USER $OWSUB_DB_USER WITH ENCRYPTED PASSWORD '$OWSUB_DB_PASSWORD';
+    CREATE DATABASE $OWSUB_DB OWNER $OWSUB_DB_USER;
+EOSQL

docker-compose/rttys/rttys.conf

@@ -1,16 +0,0 @@
-addr-dev: :5912
-addr-user: :5913
-#addr-web: :5914
-#web-redir-url:# Auth for http
-http-username: rttys
-http-password: rttys
-ssl-cert: /etc/rttys/restapi-cert.pem
-ssl-key: /etc/rttys/restapi-key.pem
-token: 96181c567b4d0d98c50f127230068fa8
-# font-size: 16
-# No login required to connect device.
-# Values can be device IDs separated by spaces,
-# or a "*" indicates that all devices do not require login
-# http://localhost:5913/connect/rtty1
-white-list: "*"
-#white-list: rtty1 rtty2

docker-compose/traefik.env

@@ -0,0 +1,26 @@
+TRAEFIK_ENTRYPOINTS_OWGWWEBSOCKET_ADDRESS=:15002
+TRAEFIK_ENTRYPOINTS_OWGWRESTAPI_ADDRESS=:16002
+TRAEFIK_ENTRYPOINTS_OWGWFILEUPLOAD_ADDRESS=:16003
+TRAEFIK_ENTRYPOINTS_OWGWRTTYS_ADDRESS=:5912
+TRAEFIK_ENTRYPOINTS_OWGWRTTYSVIEW_ADDRESS=:5913
+TRAEFIK_ENTRYPOINTS_OWGWRADACC_ADDRESS=:1813/udp
+TRAEFIK_ENTRYPOINTS_OWGWRADAUTH_ADDRESS=:1812/udp
+TRAEFIK_ENTRYPOINTS_OWGWRADCOA_ADDRESS=:3799/udp
+TRAEFIK_ENTRYPOINTS_OWGWUIHTTP_ADDRESS=:80
+TRAEFIK_ENTRYPOINTS_OWGWUIHTTP_HTTP_REDIRECTIONS_ENTRYPOINT_TO=owgwuihttps
+TRAEFIK_ENTRYPOINTS_OWPROVUIHTTP_ADDRESS=:8080
+TRAEFIK_ENTRYPOINTS_OWPROVUIHTTP_HTTP_REDIRECTIONS_ENTRYPOINT_TO=owprovuihttps
+TRAEFIK_ENTRYPOINTS_OWGWUIHTTPS_ADDRESS=:443
+TRAEFIK_ENTRYPOINTS_OWPROVUIHTTPS_ADDRESS=:8443
+TRAEFIK_ENTRYPOINTS_OWSECRESTAPI_ADDRESS=:16001
+TRAEFIK_ENTRYPOINTS_OWFMSRESTAPI_ADDRESS=:16004
+TRAEFIK_ENTRYPOINTS_OWPROVRESTAPI_ADDRESS=:16005
+TRAEFIK_ENTRYPOINTS_OWANALYTICSRESTAPI_ADDRESS=:16009
+TRAEFIK_ENTRYPOINTS_OWSUBRESTAPI_ADDRESS=:16006
+TRAEFIK_ENTRYPOINTS_OWRRMOPENAPI_ADDRESS=:16789
+TRAEFIK_PROVIDERS_FILE_FILENAME=/etc/traefik/openwifi.yaml
+TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=
+TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_HTTPCHALLENGE=true
+TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_HTTPCHALLENGE_ENTRYPOINT=owgwuihttp
+TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_STORAGE=/letsencrypt/acme.json
+TRAEFIK_SERVERSTRANSPORT_ROOTCAS=/certs/restapi-ca.pem

docker-compose/traefik/openwifi_letsencrypt.yaml

@@ -0,0 +1,175 @@
+http:
+  services:
+    owgw-ui:
+      loadBalancer:
+        servers:
+          - url: "http://owgw-ui.wlan.local:80/"
+    owgw-restapi:
+      loadBalancer:
+        servers:
+          - url: "https://owgw.wlan.local:16002/"
+    owgw-fileupload:
+      loadBalancer:
+        servers:
+          - url: "https://owgw.wlan.local:16003/"
+    owsec-restapi:
+      loadBalancer:
+        servers:
+          - url: "https://owsec.wlan.local:16001/"
+    owfms-restapi:
+      loadBalancer:
+        servers:
+          - url: "https://owfms.wlan.local:16004/"
+    owprov-restapi:
+      loadBalancer:
+        servers:
+          - url: "https://owprov.wlan.local:16005/"
+    owprov-ui:
+      loadBalancer:
+        servers:
+          - url: "http://owprov-ui.wlan.local:80/"
+    owanalytics-restapi:
+      loadBalancer:
+        servers:
+          - url: "https://owanalytics.wlan.local:16009/"
+    owsub-restapi:
+      loadBalancer:
+        servers:
+          - url: "https://owsub.wlan.local:16006/"
+    owgw-rttys-view:
+      loadBalancer:
+        servers:
+          - url: "https://owgw.wlan.local:5913/"
+    owrrm-openapi:
+      loadBalancer:
+        servers:
+          - url: "http://owrrm.wlan.local:16789/"
+
+  routers:
+    owgw-ui-http:
+      entryPoints: "owgwuihttp"
+      service: "owgw-ui"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
+    owgw-ui-https:
+      entryPoints: "owgwuihttps"
+      service: "owgw-ui"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
+      tls:
+        certResolver: "openwifi"
+    owgw-fileupload:
+      entryPoints: "owgwfileupload"
+      service: "owgw-fileupload"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
+      tls:
+        certResolver: "openwifi"
+    owgw-restapi:
+      entryPoints: "owgwrestapi"
+      service: "owgw-restapi"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
+      tls:
+        certResolver: "openwifi"
+    owgw-rttys-view:
+      entryPoints: "owgwrttysview"
+      service: "owgw-rttys-view"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
+      tls:
+        certResolver: "openwifi"
+    owsec-restapi:
+      entryPoints: "owsecrestapi"
+      service: "owsec-restapi"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
+      tls:
+        certResolver: "openwifi"
+    owfms-restapi:
+      entryPoints: "owfmsrestapi"
+      service: "owfms-restapi"
+      rule: "Host(`{{env "SDKHOSTNAME"}}`)"
+      tls:
+        certResolver: "openwifi"
+    owprov-restapi:
+      entryPoints: "owprovrestapi"
+      service: "owprov-restapi"
+      rule: "Host(`{{env "SDKHOSTNAME"}}`)"
+      tls:
+        certResolver: "openwifi"
+    owprov-ui-http:
+      entryPoints: "owprovuihttp"
+      service: "owprov-ui"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
+    owprov-ui-https:
+      entryPoints: "owprovuihttps"
+      service: "owprov-ui"
+      rule: "Host(`{{ env "SDKHOSTNAME" }}`)"
+      tls:
+        certResolver: "openwifi"
+    owanalytics-restapi:
+      entryPoints: "owanalyticsrestapi"
+      service: "owanalytics-restapi"
+      rule: "Host(`{{env "SDKHOSTNAME"}}`)"
+      tls:
+        certResolver: "openwifi"
+    owsub-restapi:
+      entryPoints: "owsubrestapi"
+      service: "owsub-restapi"
+      rule: "Host(`{{env "SDKHOSTNAME"}}`)"
+      tls:
+        certResolver: "openwifi"
+    owrrm-openapi:
+      entryPoints: "owrrmopenapi"
+      service: "owrrm-openapi"
+      rule: "Host(`{{env "SDKHOSTNAME"}}`)"
+      tls:
+        certResolver: "openwifi"
+
+tcp:
+  services:
+    owgw-websocket:
+      loadBalancer:
+        servers:
+          - address: "owgw.wlan.local:15002"
+
+    owgw-rttys:
+      loadBalancer:
+        servers:
+          - address: "owgw.wlan.local:5912"
+
+  routers:
+    owgw-websocket:
+      entryPoints: "owgwwebsocket"
+      service: "owgw-websocket"
+      rule: "HostSNI(`*`)"
+      tls:
+        passthrough: true
+
+    owgw-rttys:
+      entryPoints: "owgwrttys"
+      service: "owgw-rttys"
+      rule: "HostSNI(`*`)"
+      tls:
+        passthrough: true
+
+udp:
+  services:
+    owgw-radius-acc:
+      loadBalancer:
+        servers:
+          - address: "owgw.wlan.local:1813"
+    owgw-radius-auth:
+      loadBalancer:
+        servers:
+          - address: "owgw.wlan.local:1812"
+    owgw-radius-coa:
+      loadBalancer:
+        servers:
+          - address: "owgw.wlan.local:3799"
+
+  routers:
+    owgw-radius-acc:
+      entryPoints: "owgwradacc"
+      service: "owgw-radius-acc"
+    owgw-radius-auth:
+      entryPoints: "owgwradauth"
+      service: "owgw-radius-auth"
+    owgw-radius-coa:
+      entryPoints: "owgwradcoa"
+      service: "owgw-radius-coa"

docker-compose/traefik/openwifi_selfsigned.yaml

@@ -0,0 +1,181 @@
+tls:
+  certificates:
+    - certFile: /certs/restapi-cert.pem
+      keyFile: /certs/restapi-key.pem
+
+http:
+  services:
+    owgw-ui:
+      loadBalancer:
+        servers:
+          - url: "http://owgw-ui.wlan.local:80/"
+
+    owprov-ui:
+      loadBalancer:
+        servers:
+          - url: "http://owprov-ui.wlan.local:80/"
+
+    owrrm-openapi:
+      loadBalancer:
+        servers:
+          - url: "http://owrrm.wlan.local:16789/"
+
+  routers:
+    owgw-ui-http:
+      entryPoints: "owgwuihttp"
+      service: "owgw-ui"
+      rule: "PathPrefix(`/`)"
+
+    owgw-ui-https:
+      entryPoints: "owgwuihttps"
+      service: "owgw-ui"
+      rule: "PathPrefix(`/`)"
+      tls: {}
+
+    owprov-ui-http:
+      entryPoints: "owprovuihttp"
+      service: "owprov-ui"
+      rule: "PathPrefix(`/`)"
+
+    owprov-ui-https:
+      entryPoints: "owprovuihttps"
+      service: "owprov-ui"
+      rule: "PathPrefix(`/`)"
+      tls: {}
+
+    owrrm-openapi:
+      entryPoints: "owrrmopenapi"
+      service: "owrrm-openapi"
+      rule: "PathPrefix(`/`)"
+      tls: {}
+
+tcp:
+  services:
+    owgw-websocket:
+      loadBalancer:
+        servers:
+          - address: "owgw.wlan.local:15002"
+    owgw-restapi:
+      loadBalancer:
+        servers:
+          - address: "owgw.wlan.local:16002"
+    owgw-fileupload:
+      loadBalancer:
+        servers:
+          - address: "owgw.wlan.local:16003"
+    owgw-rttys:
+      loadBalancer:
+        servers:
+          - address: "owgw.wlan.local:5912"
+    owgw-rttys-view:
+      loadBalancer:
+        servers:
+          - address: "owgw.wlan.local:5913"
+    owsec-restapi:
+      loadBalancer:
+        servers:
+          - address: "owsec.wlan.local:16001"
+    owfms-restapi:
+      loadBalancer:
+        servers:
+          - address: "owfms.wlan.local:16004"
+    owprov-restapi:
+      loadBalancer:
+        servers:
+          - address: "owprov.wlan.local:16005"
+    owanalytics-restapi:
+      loadBalancer:
+        servers:
+          - address: "owanalytics.wlan.local:16009"
+    owsub-restapi:
+      loadBalancer:
+        servers:
+          - address: "owsub.wlan.local:16006"
+
+  routers:
+    owgw-websocket:
+      entryPoints: "owgwwebsocket"
+      service: "owgw-websocket"
+      rule: "HostSNI(`*`)"
+      tls:
+        passthrough: true
+    owgw-restapi:
+      entryPoints: "owgwrestapi"
+      service: "owgw-restapi"
+      rule: "HostSNI(`*`)"
+      tls:
+        passthrough: true
+    owgw-fileupload:
+      entryPoints: "owgwfileupload"
+      service: "owgw-fileupload"
+      rule: "HostSNI(`*`)"
+      tls:
+        passthrough: true
+    owgw-rttys:
+      entryPoints: "owgwrttys"
+      service: "owgw-rttys"
+      rule: "HostSNI(`*`)"
+      tls:
+        passthrough: true
+    owgw-rttys-view:
+      entryPoints: "owgwrttysview"
+      service: "owgw-rttys-view"
+      rule: "HostSNI(`*`)"
+      tls:
+        passthrough: true
+    owsec-restapi:
+      entryPoints: "owsecrestapi"
+      service: "owsec-restapi"
+      rule: "HostSNI(`*`)"
+      tls:
+        passthrough: true
+    owfms-restapi:
+      entryPoints: "owfmsrestapi"
+      service: "owfms-restapi"
+      rule: "HostSNI(`*`)"
+      tls:
+        passthrough: true
+    owprov-restapi:
+      entryPoints: "owprovrestapi"
+      service: "owprov-restapi"
+      rule: "HostSNI(`*`)"
+      tls:
+        passthrough: true
+    owanalytics-restapi:
+      entryPoints: "owanalyticsrestapi"
+      service: "owanalytics-restapi"
+      rule: "HostSNI(`*`)"
+      tls:
+        passthrough: true
+    owsub-restapi:
+      entryPoints: "owsubrestapi"
+      service: "owsub-restapi"
+      rule: "HostSNI(`*`)"
+      tls:
+        passthrough: true
+
+udp:
+  services:
+    owgw-radius-acc:
+      loadBalancer:
+        servers:
+          - address: "owgw.wlan.local:1813"
+    owgw-radius-auth:
+      loadBalancer:
+        servers:
+          - address: "owgw.wlan.local:1812"
+    owgw-radius-coa:
+      loadBalancer:
+        servers:
+          - address: "owgw.wlan.local:3799"
+
+  routers:
+    owgw-radius-acc:
+      entryPoints: "owgwradacc"
+      service: "owgw-radius-acc"
+    owgw-radius-auth:
+      entryPoints: "owgwradauth"
+      service: "owgw-radius-auth"
+    owgw-radius-coa:
+      entryPoints: "owgwradcoa"
+      service: "owgw-radius-coa"

docker-compose/ucentralfms-data/ucentralfms.properties

@@ -1,141 +0,0 @@
-#
-# uCentral protocol server for devices. This is where you point
-# all your devices. You can replace the * for address by the specific
-# address of one of your interfaces
-#
-#
-# REST API access
-#
-ucentralfws.restapi.host.0.backlog = 100
-ucentralfws.restapi.host.0.security = relaxed
-ucentralfws.restapi.host.0.rootca = $UCENTRALFMS_ROOT/certs/restapi-ca.pem
-ucentralfws.restapi.host.0.address = *
-ucentralfws.restapi.host.0.port = 16004
-ucentralfws.restapi.host.0.cert = $UCENTRALFMS_ROOT/certs/restapi-cert.pem
-ucentralfws.restapi.host.0.key = $UCENTRALFMS_ROOT/certs/restapi-key.pem
-ucentralfws.restapi.host.0.key.password = mypassword
-
-ucentral.internal.restapi.host.0.backlog = 100
-ucentral.internal.restapi.host.0.security = relaxed
-ucentral.internal.restapi.host.0.rootca = $UCENTRALFMS_ROOT/certs/restapi-ca.pem
-ucentral.internal.restapi.host.0.address = *
-ucentral.internal.restapi.host.0.port = 17004
-ucentral.internal.restapi.host.0.cert = $UCENTRALFMS_ROOT/certs/restapi-cert.pem
-ucentral.internal.restapi.host.0.key = $UCENTRALFMS_ROOT/certs/restapi-key.pem
-ucentral.internal.restapi.host.0.key.password = mypassword
-
-#
-# Generic section that all microservices must have
-#
-ucentral.service.key = $UCENTRALFMS_ROOT/certs/restapi-key.pem
-ucentral.service.key.password = mypassword
-ucentral.system.data = $UCENTRALFMS_ROOT/data
-ucentral.system.debug = false
-ucentral.system.uri.private = https://ucentralfms.wlan.local:17004
-ucentral.system.uri.public = https://ucentral.wlan.local:16004
-ucentral.system.commandchannel = /tmp/app.ucentralfms
-ucentral.system.uri.ui = ucentral.wlan.local
-
-#
-# Firmware Microservice Specific Section
-#
-s3.bucketname = ucentral-ap-firmware
-s3.region = us-east-1
-s3.secret = b0S6EiR5RLIxoe7Xvz9YXPPdxQCoZ6ze37qunTAI
-s3.key = AKIAUG47UZG7R6SRLD7F
-s3.retry = 60
-s3.bucket.uri = ucentral-ap-firmware.s3.amazonaws.com
-
-firmwaredb.refresh = 1800
-#############################
-# Generic information for all micro services
-#############################
-#
-# NLB Support
-#
-alb.enable = true
-alb.port = 16104
-
-#
-# Kafka
-#
-ucentral.kafka.group.id = firmware
-ucentral.kafka.client.id = firmware1
-ucentral.kafka.enable = true
-ucentral.kafka.brokerlist = kafka:9092
-ucentral.kafka.auto.commit = false
-ucentral.kafka.queue.buffering.max.ms = 50
-
-#
-# This section select which form of persistence you need
-# Only one selected at a time. If you select multiple, this service will die if a horrible
-# death and might make your beer flat.
-#
-storage.type = sqlite
-#storage.type = postgresql
-#storage.type = mysql
-#storage.type = odbc
-
-storage.type.sqlite.db = firmware.db
-storage.type.sqlite.idletime = 120
-storage.type.sqlite.maxsessions = 128
-
-storage.type.postgresql.maxsessions = 64
-storage.type.postgresql.idletime = 60
-storage.type.postgresql.host = localhost
-storage.type.postgresql.username = stephb
-storage.type.postgresql.password = snoopy99
-storage.type.postgresql.database = ucentral
-storage.type.postgresql.port = 5432
-storage.type.postgresql.connectiontimeout = 60
-
-storage.type.mysql.maxsessions = 64
-storage.type.mysql.idletime = 60
-storage.type.mysql.host = localhost
-storage.type.mysql.username = stephb
-storage.type.mysql.password = snoopy99
-storage.type.mysql.database = ucentral
-storage.type.mysql.port = 3306
-storage.type.mysql.connectiontimeout = 60
-
-
-########################################################################
-########################################################################
-#
-# Logging: please leave as is for now.
-#
-########################################################################
-logging.formatters.f1.class = PatternFormatter
-logging.formatters.f1.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
-logging.formatters.f1.times = UTC
-logging.channels.c1.class = ConsoleChannel
-logging.channels.c1.formatter = f1
-
-# This is where the logs will be written. This path MUST exist
-logging.channels.c2.class = FileChannel
-logging.channels.c2.path = $UCENTRALFMS_ROOT/logs/log
-logging.channels.c2.formatter.class = PatternFormatter
-logging.channels.c2.formatter.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
-logging.channels.c2.rotation = 20 M
-logging.channels.c2.archive = timestamp
-logging.channels.c2.purgeCount = 20
-logging.channels.c3.class = ConsoleChannel
-logging.channels.c3.pattern = %s: [%p] %t
-
-# External Channel
-logging.loggers.root.channel = c1
-logging.loggers.root.level = debug
-
-# Inline Channel with PatternFormatter
-# logging.loggers.l1.name = logger1
-# logging.loggers.l1.channel.class = ConsoleChannel
-# logging.loggers.l1.channel.pattern = %s: [%p] %t
-# logging.loggers.l1.level = information
-# SplitterChannel
-# logging.channels.splitter.class = SplitterChannel
-# logging.channels.splitter.channels = l1,l2
-# logging.loggers.l2.name = logger2
-# logging.loggers.l2.channel = splitter
-
-
-

docker-compose/ucentralgw-data/ucentralgw.properties

@@ -1,194 +0,0 @@
-#
-# uCentral protocol server for devices. This is where you point
-# all your devices. You can replace the * for address by the specific
-# address of one of your interfaces
-#
-ucentral.websocket.host.0.backlog = 500
-ucentral.websocket.host.0.rootca = $UCENTRALGW_ROOT/certs/root.pem
-ucentral.websocket.host.0.issuer = $UCENTRALGW_ROOT/certs/issuer.pem
-ucentral.websocket.host.0.cert = $UCENTRALGW_ROOT/certs/websocket-cert.pem
-ucentral.websocket.host.0.key = $UCENTRALGW_ROOT/certs/websocket-key.pem
-ucentral.websocket.host.0.clientcas = $UCENTRALGW_ROOT/certs/clientcas.pem
-ucentral.websocket.host.0.cas = $UCENTRALGW_ROOT/certs/cas
-ucentral.websocket.host.0.address = *
-ucentral.websocket.host.0.port = 15002
-ucentral.websocket.host.0.security = strict
-ucentral.websocket.host.0.key.password = mypassword
-ucentral.websocket.maxreactors = 20
-
-#
-# REST API access
-#
-ucentral.restapi.host.0.backlog = 100
-ucentral.restapi.host.0.security = relaxed
-ucentral.restapi.host.0.rootca = $UCENTRALGW_ROOT/certs/restapi-ca.pem
-ucentral.restapi.host.0.address = *
-ucentral.restapi.host.0.port = 16002
-ucentral.restapi.host.0.cert = $UCENTRALGW_ROOT/certs/restapi-cert.pem
-ucentral.restapi.host.0.key = $UCENTRALGW_ROOT/certs/restapi-key.pem
-ucentral.restapi.host.0.key.password = mypassword
-
-ucentral.internal.restapi.host.0.backlog = 100
-ucentral.internal.restapi.host.0.security = relaxed
-ucentral.internal.restapi.host.0.rootca = $UCENTRALGW_ROOT/certs/restapi-ca.pem
-ucentral.internal.restapi.host.0.address = *
-ucentral.internal.restapi.host.0.port = 17002
-ucentral.internal.restapi.host.0.cert = $UCENTRALGW_ROOT/certs/restapi-cert.pem
-ucentral.internal.restapi.host.0.key = $UCENTRALGW_ROOT/certs/restapi-key.pem
-ucentral.internal.restapi.host.0.key.password = mypassword
-
-#
-# Used to upload files to the service.
-# You should replace the 'name' vaalue with the IP address of your gateway or an FQDN
-# that your devices can reach
-#
-ucentral.fileuploader.host.0.backlog = 100
-ucentral.fileuploader.host.0.rootca = $UCENTRALGW_ROOT/certs/restapi-ca.pem
-ucentral.fileuploader.host.0.security = relaxed
-ucentral.fileuploader.host.0.address = *
-ucentral.fileuploader.host.0.name = ucentral.wlan.local
-ucentral.fileuploader.host.0.port = 16003
-ucentral.fileuploader.host.0.cert = $UCENTRALGW_ROOT/certs/restapi-cert.pem
-ucentral.fileuploader.host.0.key = $UCENTRALGW_ROOT/certs/restapi-key.pem
-ucentral.fileuploader.host.0.key.password = mypassword
-ucentral.fileuploader.path = $UCENTRALGW_ROOT/uploads
-ucentral.fileuploader.maxsize = 10000
-
-#
-# Generic section that all microservices must have
-#
-ucentral.service.key = $UCENTRALGW_ROOT/certs/restapi-key.pem
-ucentral.system.data = $UCENTRALGW_ROOT/data
-ucentral.system.debug = true
-#ucentral.system.uri.private = https://localhost:17002
-#ucentral.system.uri.public = https://local.dpaas.arilia.com:16002
-#ucentral.system.uri.ui = https://ucentral-ui.arilia.com
-ucentral.system.uri.private = https://ucentralgw.wlan.local:17002
-ucentral.system.uri.public = https://ucentral.wlan.local:16002
-ucentral.system.uri.ui = http://127.0.0.1
-ucentral.system.commandchannel = /tmp/app.ucentralgw
-
-#
-# Gateway Microservice Specific Section
-#
-ucentral.autoprovisioning = true
-ucentral.devicetypes.0 = AP:linksys_ea8300,edgecore_eap101,linksys_e8450-ubi
-ucentral.devicetypes.1 = SWITCH:edgecore_ecs4100-12ph
-ucentral.devicetypes.2 = IOT:esp32
-oui.download.uri = https://linuxnet.ca/ieee/oui.txt
-firmware.autoupdate.policy.default = auto
-
-#
-# rtty
-#
-rtty.enabled = true
-rtty.server = ucentral.wlan.local
-rtty.port = 5912
-rtty.token = 96181c567b4d0d98c50f127230068fa8
-rtty.timeout = 60
-rtty.viewport = 5913
-
-#############################
-# Generic information for all micro services
-#############################
-#
-# NLB Support
-#
-alb.enable = true
-alb.port = 16102
-
-#
-# Kafka
-#
-ucentral.kafka.group.id = gateway
-ucentral.kafka.client.id = gateway1
-ucentral.kafka.enable = true
-ucentral.kafka.brokerlist = kafka:9092
-# ucentral.kafka.brokerlist = debfarm1-node-c.arilia.com:9092
-ucentral.kafka.auto.commit = false
-ucentral.kafka.queue.buffering.max.ms = 50
-
-#
-# This section select which form of persistence you need
-# Only one selected at a time. If you select multiple, this service will die if a horrible
-# death and might make your beer flat.
-#
-storage.type = sqlite
-#storage.type = postgresql
-#storage.type = mysql
-#storage.type = odbc
-
-storage.type.sqlite.db = devices.db
-storage.type.sqlite.idletime = 120
-storage.type.sqlite.maxsessions = 128
-
-storage.type.postgresql.maxsessions = 64
-storage.type.postgresql.idletime = 60
-storage.type.postgresql.host = postgresql
-storage.type.postgresql.username = ucentralgw
-storage.type.postgresql.password = ucentralgw
-storage.type.postgresql.database = ucentralgw
-storage.type.postgresql.port = 5432
-storage.type.postgresql.connectiontimeout = 60
-
-storage.type.mysql.maxsessions = 64
-storage.type.mysql.idletime = 60
-storage.type.mysql.host = localhost
-storage.type.mysql.username = stephb
-storage.type.mysql.password = snoopy99
-storage.type.mysql.database = ucentral
-storage.type.mysql.port = 3306
-storage.type.mysql.connectiontimeout = 60
-
-archiver.enabled = true
-archiver.schedule = 03:00
-archiver.db.0.name = healthchecks
-archiver.db.0.keep = 7
-archiver.db.1.name = statistics
-archiver.db.1.keep = 7
-archiver.db.2.name = devicelogs
-archiver.db.2.keep = 7
-archiver.db.3.name = commandlist
-archiver.db.3.keep = 7
-
-########################################################################
-########################################################################
-#
-# Logging: please leave as is for now.
-#
-########################################################################
-
-logging.formatters.f1.class = PatternFormatter
-logging.formatters.f1.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
-logging.formatters.f1.times = UTC
-logging.channels.c1.class = ConsoleChannel
-logging.channels.c1.formatter = f1
-
-# This is where the logs will be written. This path MUST exist
-logging.channels.c2.class = FileChannel
-logging.channels.c2.path = $UCENTRALGW_ROOT/logs/log
-logging.channels.c2.formatter.class = PatternFormatter
-logging.channels.c2.formatter.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
-logging.channels.c2.rotation = 20 M
-logging.channels.c2.archive = timestamp
-logging.channels.c2.purgeCount = 20
-logging.channels.c3.class = ConsoleChannel
-logging.channels.c3.pattern = %s: [%p] %t
-
-# External Channel
-logging.loggers.root.channel = c1
-logging.loggers.root.level = debug
-
-# Inline Channel with PatternFormatter
-# logging.loggers.l1.name = logger1
-# logging.loggers.l1.channel.class = ConsoleChannel
-# logging.loggers.l1.channel.pattern = %s: [%p] %t
-# logging.loggers.l1.level = information
-# SplitterChannel
-# logging.channels.splitter.class = SplitterChannel
-# logging.channels.splitter.channels = l1,l2
-# logging.loggers.l2.name = logger2
-# logging.loggers.l2.channel = splitter
-
-
-

docker-compose/ucentralsec-data/ucentralsec.properties

@@ -1,145 +0,0 @@
-#
-# uCentral protocol server for devices. This is where you point
-# all your devices. You can replace the * for address by the specific
-# address of one of your interfaces
-#
-
-#
-# REST API access
-#
-ucentral.restapi.host.0.backlog = 100
-ucentral.restapi.host.0.security = relaxed
-ucentral.restapi.host.0.rootca = $UCENTRALSEC_ROOT/certs/restapi-ca.pem
-ucentral.restapi.host.0.address = *
-ucentral.restapi.host.0.port = 16001
-ucentral.restapi.host.0.cert = $UCENTRALSEC_ROOT/certs/restapi-cert.pem
-ucentral.restapi.host.0.key = $UCENTRALSEC_ROOT/certs/restapi-key.pem
-ucentral.restapi.host.0.key.password = mypassword
-ucentral.restapi.wwwassets = $UCENTRALSEC_ROOT/wwwassets
-
-ucentral.internal.restapi.host.0.backlog = 100
-ucentral.internal.restapi.host.0.security = relaxed
-ucentral.internal.restapi.host.0.rootca = $UCENTRALSEC_ROOT/certs/restapi-ca.pem
-ucentral.internal.restapi.host.0.address = *
-ucentral.internal.restapi.host.0.port = 17001
-ucentral.internal.restapi.host.0.cert = $UCENTRALSEC_ROOT/certs/restapi-cert.pem
-ucentral.internal.restapi.host.0.key = $UCENTRALSEC_ROOT/certs/restapi-key.pem
-ucentral.internal.restapi.host.0.key.password = mypassword
-
-#
-# Generic section that all microservices must have
-#
-authentication.enabled = true
-authentication.default.username = tip@ucentral.com
-authentication.default.password = 13268b7daa751240369d125e79c873bd8dd3bef7981bdfd38ea03dbb1fbe7dcf
-ucentral.system.data = $UCENTRALSEC_ROOT/data
-ucentral.system.uri.private = https://ucentralsec.wlan.local:17001
-ucentral.system.uri.public = https://ucentral.wlan.local:16001
-ucentral.system.uri.ui = http://127.0.0.1
-ucentral.system.commandchannel = /tmp/app.ucentralsec
-ucentral.service.key = $UCENTRALSEC_ROOT/certs/restapi-key.pem
-
-#
-# Security Microservice Specific Section
-#
-mailer.hostname = smtp.gmail.com
-mailer.username = no-reply@arilia.com
-mailer.password = pink-elephants-play-hockey
-mailer.loginmethod = login
-mailer.port = 587
-mailer.templates = $UCENTRALSEC_ROOT/templates
-
-
-#############################
-# Generic information for all micro services
-#############################
-#
-# NLB Support
-#
-alb.enable = true
-alb.port = 16101
-
-#
-# Kafka
-#
-ucentral.kafka.group.id = security
-ucentral.kafka.client.id = security1
-ucentral.kafka.enable = true
-# ucentral.kafka.brokerlist = a1.arilia.com:9092
-ucentral.kafka.brokerlist = kafka:9092
-ucentral.kafka.auto.commit = false
-ucentral.kafka.queue.buffering.max.ms = 50
-
-#
-# This section select which form of persistence you need
-# Only one selected at a time. If you select multiple, this service will die if a horrible
-# death and might make your beer flat.
-#
-storage.type = sqlite
-#storage.type = postgresql
-#storage.type = mysql
-#storage.type = odbc
-
-storage.type.sqlite.db = security.db
-storage.type.sqlite.idletime = 120
-storage.type.sqlite.maxsessions = 128
-
-storage.type.postgresql.maxsessions = 64
-storage.type.postgresql.idletime = 60
-storage.type.postgresql.host = postgresql
-storage.type.postgresql.username = ucentralsec
-storage.type.postgresql.password = ucentralsec
-storage.type.postgresql.database = ucentralsec
-storage.type.postgresql.port = 5432
-storage.type.postgresql.connectiontimeout = 60
-
-storage.type.mysql.maxsessions = 64
-storage.type.mysql.idletime = 60
-storage.type.mysql.host = localhost
-storage.type.mysql.username = stephb
-storage.type.mysql.password = snoopy99
-storage.type.mysql.database = ucentral
-storage.type.mysql.port = 3306
-storage.type.mysql.connectiontimeout = 60
-
-
-########################################################################
-########################################################################
-#
-# Logging: please leave as is for now.
-#
-########################################################################
-logging.formatters.f1.class = PatternFormatter
-logging.formatters.f1.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
-logging.formatters.f1.times = UTC
-logging.channels.c1.class = ConsoleChannel
-logging.channels.c1.formatter = f1
-
-# This is where the logs will be written. This path MUST exist
-logging.channels.c2.class = FileChannel
-logging.channels.c2.path = $UCENTRALSEC_ROOT/logs/log
-logging.channels.c2.formatter.class = PatternFormatter
-logging.channels.c2.formatter.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
-logging.channels.c2.rotation = 20 M
-logging.channels.c2.archive = timestamp
-logging.channels.c2.purgeCount = 20
-logging.channels.c3.class = ConsoleChannel
-logging.channels.c3.pattern = %s: [%p] %t
-
-# External Channel
-logging.loggers.root.channel = c1
-logging.loggers.root.level = debug
-
-# Inline Channel with PatternFormatter
-# logging.loggers.l1.name = logger1
-# logging.loggers.l1.channel.class = ConsoleChannel
-# logging.loggers.l1.channel.pattern = %s: [%p] %t
-# logging.loggers.l1.level = information
-# SplitterChannel
-# logging.channels.splitter.class = SplitterChannel
-# logging.channels.splitter.channels = l1,l2
-# logging.loggers.l2.name = logger2
-# logging.loggers.l2.channel = splitter
-
-
-