Chg: chart version of owsec

upgraded security to RC2
Upgraded security to RC2
2026-03-20 03:40:49 +00:00 · 2021-11-02 13:50:23 +03:00 · 2021-11-01 12:26:22 -04:00 · 2021-11-01 12:25:51 -04:00 · 2021-11-01 12:25:04 -04:00 · 2021-10-29 15:01:28 +03:00
32 changed files with 103 additions and 845 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -33,11 +33,11 @@ jobs:
            exit 1
          fi

-          #if [ "$(cat Chart.yaml | yq '.dependencies[].repository' -r | grep -E 'ref=(main|master)' | wc -l)" != "0" ]; then
-          #  echo "Some of the dependencies does not have a fixed version set. List of affected dependencies:";
-          #  cat Chart.yaml | yq '.dependencies[].repository' -r | grep -E 'ref=(main|master)';
-          #  exit 1
-          #fi
+#          if [ "$(cat Chart.yaml | yq '.dependencies[].repository' -r | grep -E 'ref=(main|master)' | wc -l)" != "0" ]; then
+#            echo "Some of the dependencies does not have a fixed version set. List of affected dependencies:";
+#            cat Chart.yaml | yq '.dependencies[].repository' -r | grep -E 'ref=(main|master)';
+#            exit 1
+#          fi

      - name: Build package
        working-directory: wlan-cloud-ucentral-deploy/chart
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,3 @@
 *.swp
 chart/charts/*
 /docker-compose/certs/
-/docker-compose/*_data
-/docker-compose/owls/*_data
--- a/chart/Chart.lock
+++ b/chart/Chart.lock
@@ -1,18 +1,18 @@
 dependencies:
 - name: owgw
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.4.0
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.3.0-RC1
  version: 0.1.0
 - name: owsec
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.4.0
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.3.0-RC2
  version: 0.1.0
 - name: owfms
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.4.0
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.3.0-RC1
  version: 0.1.0
 - name: owprov
  repository: git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=main
  version: 0.1.0
 - name: owgwui
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.4.0
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.3.0-RC1
  version: 0.1.0
 - name: owprovui
  repository: git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=main
@@ -23,11 +23,5 @@ dependencies:
 - name: kafka
  repository: https://charts.bitnami.com/bitnami
  version: 13.0.2
- name: owls
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-owls@helm?ref=main
-  version: 0.1.0
- name: owlsui
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-owls-ui@helm?ref=master
-  version: 0.1.0
-digest: sha256:3a71cf3bac846757ed3c60cce296c73c7ecdb31bef474126d4205053019f842e
-generated: "2021-12-17T05:46:32.701924621+03:00"
+digest: sha256:ab8140580964cc85efa40e84afe199e44fc52ea055597a08d2ee49ff64f7a826
+generated: "2021-11-02T13:26:26.27920095+03:00"
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -2,22 +2,22 @@ apiVersion: v2
 name: openwifi
 appVersion: "1.0"
 description: A Helm chart for Kubernetes
-version: 2.4.0
+version: 2.3.0-RC2
 dependencies:
 - name: owgw
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.4.0"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.3.0-RC1"
  version: 0.1.0
 - name: owsec
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.4.0"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.3.0-RC2"
  version: 0.1.0
 - name: owfms
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.4.0"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.3.0-RC1"
  version: 0.1.0
 - name: owprov
  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=main"
  version: 0.1.0
 - name: owgwui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.4.0"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.3.0-RC1"
  version: 0.1.0
 - name: owprovui
  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=main"
@@ -25,18 +25,8 @@ dependencies:
 - name: rttys
  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty@chart?ref=v0.1.0"
  version: 0.1.0
+  condition: rttys.enabled
 - name: kafka
  repository: https://charts.bitnami.com/bitnami
  version: 13.0.2
- name: owls
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owls@helm?ref=main"
-  version: 0.1.0
-  condition: owls.enabled
- name: owlsui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owls-ui@helm?ref=master"
-  version: 0.1.0
-  condition: owlsui.enabled
- name: haproxy
-  repository: https://charts.bitnami.com/bitnami
-  version: 0.2.21
-  condition: haproxy.enabled
+  condition: kafka.enabled
--- a/chart/README.md
+++ b/chart/README.md
@@ -10,8 +10,6 @@ This Helm chart helps to deploy OpenWIFI Cloud SDK with all required dependencie
 $ helm install .
 ```

-Then change the default password as described in [owsec docs](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/tree/main#changing-default-password).
-
 ## Introduction

 This chart bootstraps the OpenWIFI Cloud SDK on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
@@ -36,10 +34,6 @@ If you need to update your release, it could be required to update your helm cha
 helm dependency update
 ```

-#### Required password changing on the first startup
-
-One important action that must be done before using the deployment is changing password for the default user in owsec as described in [owsec docs](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/tree/main#changing-default-password). Please use these docs to find the actions that must be done **after** the deployment in order to start using your deployment.
-
 ## Uninstalling the Chart

 To uninstall/delete the `my-release` deployment:
--- a/chart/docker/Dockerfile
+++ b/chart/docker/Dockerfile
@@ -41,6 +41,5 @@ RUN git clone https://github.com/Telecominfraproject/wlan-cloud-owprov.git owpro
  && rm -rf owprov

 COPY clustersysteminfo clustersysteminfo
-COPY change_credentials change_credentials

 ENTRYPOINT ["/cli/clustersysteminfo"]
--- a/chart/docker/change_credentials
+++ b/chart/docker/change_credentials
@@ -1,68 +0,0 @@
-#!/bin/bash
-# Constants
-export DEFAULT_CHECK_RETRIES=10
-
-# Usage function
-usage () {
-  echo;
-  echo "- OWSEC - owsec endpoint to make requests to (i.e. openwifi.wlan.local:16001)";
-  echo "- OWSEC_DEFAULT_USERNAME - default owsec username from properties";
-  echo "- OWSEC_DEFAULT_PASSWORD - default owsec password (in cleartext) from properties";
-  echo "- OWSEC_NEW_PASSWORD - new owsec password (in cleartext) that should be set for login";
-}
-
-# Check if required environment variables were passed
-## Login specifics
-[ -z ${OWSEC+x} ] && echo "OWSEC is unset" && usage && exit 1
-[ -z ${OWSEC_DEFAULT_USERNAME+x} ] && echo "OWSEC_DEFAULT_USERNAME is unset" && usage && exit 1
-[ -z ${OWSEC_DEFAULT_PASSWORD+x} ] && echo "OWSEC_DEFAULT_PASSWORD is unset" && usage && exit 1
-[ -z ${OWSEC_NEW_PASSWORD+x} ] && echo "OWSEC_NEW_PASSWORD is unset" && usage && exit 1
-
-# Check credentials
-export result_file=result.json
-
-# Try logging in with default credentials
-payload="{ \"userId\" : \"${OWSEC_DEFAULT_USERNAME}\" , \"password\" : \"${OWSEC_DEFAULT_PASSWORD}\" }"
-curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2" \
-    -H "Content-Type: application/json" \
-    -d "$payload" > ${result_file}
-errorCode=$(cat ${result_file} | jq -r '.ErrorCode')
-# If ErrorCode == 1, we must change password
-if [[ "${errorCode}" == "1" ]]
-then
-    payload="{ \"userId\" : \"${OWSEC_DEFAULT_USERNAME}\" , \"password\" : \"${OWSEC_DEFAULT_PASSWORD}\", \"newPassword\" : \"${OWSEC_NEW_PASSWORD}\" }"
-    curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2" \
-        -H "Content-Type: application/json" \
-        -d "$payload" > ${result_file}
-    # Check if password was changed correctly
-    token=$(cat ${result_file} | jq -r '.access_token')
-    if [[ "${token}" == "null" ]] || [[ "${token}" == "" ]] || [[ ! -s ${result_file} ]]
-    then
-        echo "Could not change credentials:"
-        jq < ${result_file}
-        exit 1
-    else
-        echo "Login credentials were changed:"
-    fi
-# If ErrorCode == 2 then new credentials were applied already OR user was deleted OR credentials are wrong
-elif [[ "${errorCode}" == "2" ]]
-then
-    # Let's try logging in using new credentials
-    payload="{ \"userId\" : \"${OWSEC_DEFAULT_USERNAME}\" , \"password\" : \"${OWSEC_NEW_PASSWORD}\" }"
-    curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2" \
-            -H "Content-Type: application/json" \
-            -d "$payload" > ${result_file}
-    token=$(cat ${result_file} | jq -r '.access_token')
-    # TODO check if there are any response
-    if [[ "${token}" == "null" ]] || [[ "${token}" == "" ]] || [[ ! -s ${result_file} ]]
-    then
-        echo "Could not login with new credentials. Probably new login credentials are wrong OR user was deleted. Since we cannot check if user is really deleted, skipping this issue:"
-    else
-        echo "Logged in with new credentials:"
-    fi
-else
-    echo "Credentials check failed with unexpected ErrorCode, please review the responce body:"
-    jq < ${result_file}
-    exit 2
-fi
-jq < ${result_file}
--- a/chart/docker/clustersysteminfo
+++ b/chart/docker/clustersysteminfo
@@ -1,21 +1,56 @@
 #!/bin/bash

-# Constants
-export DEFAULT_CHECK_RETRIES=30
+if [[ "$(which jq)" == "" ]]
+then
+  echo "You need the package jq installed to use this script."
+  exit 1
+fi

-# Check dependencies
-[[ "$(which jq)" == "" ]] && echo "You need the package jq installed to use this script." && exit 1
-[[ "$(which curl)" == "" ]] && echo "You need the package curl installed to use this script." && exit 1
+if [[ "$(which curl)" == "" ]]
+then
+  echo "You need the package curl installed to use this script."
+  exit 1
+fi

-# Check if required environment variables were passed
-[[ -z ${OWSEC+x} ]] && echo "You must set the variable OWSEC in order to use this script. Something like" && echo "OWSEC=security.isp.com:16001" && exit 1
-[[ -z ${OWSEC_DEFAULT_USERNAME+x} ]] && echo "You must set the variable OWSEC_DEFAULT_USERNAME in order to use this script. Something like" && echo "OWSEC_DEFAULT_USERNAME=tip@ucentral.com" && exit 1
-[[ -z ${OWSEC_DEFAULT_PASSWORD+x} ]] && echo "You must set the variable OWSEC_DEFAULT_PASSWORD in order to use this script. Something like" && echo "OWSEC_DEFAULT_PASSWORD=openwifi" && exit 1
-[[ -z ${OWSEC_NEW_PASSWORD+x} ]] && echo "You must set the variable OWSEC_NEW_PASSWORD in order to use this script. Something like" && echo "OWSEC_NEW_PASSWORD=NewPass123%" && exit 1
+if [[ "${OWSEC}" == "" ]]
+then
+  echo "You must set the variable OWSEC in order to use this script. Something like"
+  echo "OWSEC=security.isp.com:16001"
+  exit 1
+fi

-[[ "${CHECK_RETRIES}" == "" ]] && [[ "${CHECK_RETRIES}" -eq "${CHECK_RETRIES}" ]] && echo "Environment variable CHECK_RETRIES is not set or is not number, setting it to the default value (${DEFAULT_CHECK_RETRIES})" && export CHECK_RETRIES=$DEFAULT_CHECK_RETRIES
+if [[ "${OWSEC_USERNAME}" == "" ]]
+then
+  echo "You must set the variable OWSEC_USERNAME in order to use this script. Something like"
+  echo "OWSEC_USERNAME=tip@ucentral.com"
+  exit 1
+fi
+
+if [[ "${OWSEC_PASSWORD}" == "" ]]
+then
+  echo "You must set the variable OWSEC_PASSWORD in order to use this script. Something like"
+  echo "OWSEC_PASSWORD=openwifi"
+  exit 1
+fi
+
+if [[ "${CHECK_RETRIES}" == "" ]] && [[ "${CHECK_RETRIES}" -eq "${CHECK_RETRIES}" ]]
+then
+  echo "Environment variable CHECK_RETRIES is not set or is not number, setting it to the default value "
+  export CHECK_RETRIES=10
+fi
+
+# Adapt scripts for the security credentials
+# -> Username
+sed '/^username/s/username=.*/username="'$OWSEC_USERNAME'"/' owsec_cli -i
+sed '/^username/s/username=.*/username="'$OWSEC_USERNAME'"/' owgw_cli -i
+sed '/^username/s/username=.*/username="'$OWSEC_USERNAME'"/' owfms_cli -i
+sed '/^username/s/username=.*/username="'$OWSEC_USERNAME'"/' owprov_cli -i
+# -> Password
+sed '/^password/s/password=.*/password="'$OWSEC_PASSWORD'"/' owsec_cli -i
+sed '/^password/s/password=.*/password="'$OWSEC_PASSWORD'"/' owgw_cli  -i
+sed '/^password/s/password=.*/password="'$OWSEC_PASSWORD'"/' owfms_cli -i
+sed '/^password/s/password=.*/password="'$OWSEC_PASSWORD'"/' owprov_cli -i

-# Make sure owsec is resolvable
 export OWSEC_FQDN=$(echo $OWSEC | awk -F ':' '{print $1}')
 echo "Waiting for OWSEC FQDN ($OWSEC_FQDN) to be resolvable"
 exit_code=1
@@ -23,38 +58,24 @@ until [[ "$exit_code" -eq "0" ]]
 do
  getent hosts $OWSEC_FQDN
  exit_code=$?
-  sleep 1
 done
 echo

-# Change/check password for owsec AND set owsec credentials
-export CHANGE_CHECK_RETRIES=${CHECK_RETRIES}
-until ./change_credentials || [[ "${CHANGE_CHECK_RETRIES}" -eq "0" ]]
+echo "Waiting for OWSEC to be ready to respond to systeminfo requests"
+exit_code_sum=1
+until [[ "$exit_code_sum" -eq "0" ]]
 do
-  echo "Change/check failed"
-  let "CHANGE_CHECK_RETRIES-=1"
-  echo "Retries left - $CHANGE_CHECK_RETRIES"
-  echo
+  exit_code_sum=0
+  ./owsec_cli systeminfo
+  let "exit_code_sum+=$?"
+  if [[ ! -s result.json ]]
+  then
+    let "exit_code_sum+=1"
+  fi
+  let "exit_code_sum+=$(grep ErrorCode result.json | wc -l)"
  sleep 5
 done
-
-if [[ "${CHANGE_CHECK_RETRIES}" -eq "0" ]]
-then
-  echo "Run out of retries to change/check login credentials"
-  exit 3
-fi
-
-# Adapt scripts for the security credentials
-# -> Username
-sed '/^username/s/username=.*/username="'$OWSEC_DEFAULT_USERNAME'"/' owsec_cli -i
-sed '/^username/s/username=.*/username="'$OWSEC_DEFAULT_USERNAME'"/' owgw_cli -i
-sed '/^username/s/username=.*/username="'$OWSEC_DEFAULT_USERNAME'"/' owfms_cli -i
-sed '/^username/s/username=.*/username="'$OWSEC_DEFAULT_USERNAME'"/' owprov_cli -i
-# -> Password
-sed '/^password/s/password=.*/password="'$OWSEC_NEW_PASSWORD'"/' owsec_cli -i
-sed '/^password/s/password=.*/password="'$OWSEC_NEW_PASSWORD'"/' owgw_cli  -i
-sed '/^password/s/password=.*/password="'$OWSEC_NEW_PASSWORD'"/' owfms_cli -i
-sed '/^password/s/password=.*/password="'$OWSEC_NEW_PASSWORD'"/' owprov_cli -i
+echo

 echo "Running systeminfo checks for all components until all of them are available OR check tries are exausted ($CHECK_RETRIES)"
 exit_code_sum=1
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -103,266 +103,10 @@ clustersysteminfo:
    CHECK_RETRIES: 30

  secret_env_variables:
-    OWSEC_DEFAULT_USERNAME: tip@ucentral.com
-    OWSEC_DEFAULT_PASSWORD: openwifi
-    #OWSEC_NEW_PASSWORD: "" # Set this value in order for the check to work. Password must comply https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationvalidationexpression
+    OWSEC_USERNAME: tip@ucentral.com
+    OWSEC_PASSWORD: openwifi

-  activeDeadlineSeconds: 2400
+  activeDeadlineSeconds: 1200
  backoffLimit: 5
  restartPolicy: OnFailure

-# OpenWIFI Load Simulator (https://github.com/Telecominfraproject/wlan-cloud-owls)
-owls:
-  enabled: false
-
-  fullnameOverride: owls
-
-  configProperties:
-    openwifi.kafka.enable: "true"
-    openwifi.kafka.brokerlist: kafka:9092
-
-# OpenWIFI Load Simulator UI (https://github.com/Telecominfraproject/wlan-cloud-owls-ui)
-owlsui:
-  enabled: false
-
-  fullnameOverride: owlsui
-
-# HAproxy (https://github.com/bitnami/charts/tree/master/bitnami/haproxy)
-haproxy:
-  enabled: false
-
-  fullnameOverride: proxy
-
-  replicaCount: 3
-
-  service:
-    type: LoadBalancer
-    ports:
-      # healthcheck
-      - name: health
-        protocol: TCP
-        port: 8080
-        targetPort: health
-      # owfms
-      - name: owfmsrest
-        protocol: TCP
-        port: 16004
-        targetPort: owfmsrest
-      - name: owfmsrestint
-        protocol: TCP
-        port: 17004
-        targetPort: owfmsrestint
-      # owgw
-      - name: owgwws
-        protocol: TCP
-        port: 15002
-        targetPort: owgwws
-      - name: owgwrest
-        protocol: TCP
-        port: 16002
-        targetPort: owgwrest
-      - name: owgwfileup
-        protocol: TCP
-        port: 16003
-        targetPort: owgwfileup
-      - name: owgwrestint
-        protocol: TCP
-        port: 17002
-        targetPort: owgwrestint
-      # owprov
-      - name: owprovrest
-        protocol: TCP
-        port: 16005
-        targetPort: owprovrest
-      - name: owprovrestint
-        protocol: TCP
-        port: 17005
-        targetPort: owprovrestint
-      # owsec
-      - name: owsecrest
-        protocol: TCP
-        port: 16001
-        targetPort: owsecrest
-      - name: owsecrestint
-        protocol: TCP
-        port: 17001
-        targetPort: owsecrestint
-      # rttys
-      - name: rttysdev
-        protocol: TCP
-        port: 5912
-        targetPort: rttysdev
-      - name: rttysuser
-        protocol: TCP
-        port: 5913
-        targetPort: rttysuser
-      - name: rttysweb
-        protocol: TCP
-        port: 5914
-        targetPort: rttysweb
-
-  containerPorts:
-    # healthcheck
-    - name: health
-      containerPort: 8080
-    # owfms
-    - name: owfmsrest
-      containerPort: 16004
-    - name: owfmsrestint
-      containerPort: 17004
-    # owgw
-    - name: owgwws
-      containerPort: 15002
-    - name: owgwrest
-      containerPort: 16002
-    - name: owgwfileup
-      containerPort: 16003
-    - name: owgwrestint
-      containerPort: 17002
-    # owprov
-    - name: owprovrest
-      containerPort: 16005
-    - name: owprovrestint
-      containerPort: 17005
-    # owsec
-    - name: owsecrest
-      containerPort: 16001
-    - name: owsecrestint
-      containerPort: 17001
-    # rttys
-    - name: rttysdev
-      containerPort: 5912
-    - name: rttysuser
-      containerPort: 5913
-    - name: rttysweb
-      containerPort: 5914
-
-  configuration: |
-    global
-      log stdout format raw local0
-      maxconn 1024
-    defaults
-      log global
-      timeout client 360s
-      timeout connect 60s
-      timeout server 360s
-
-    # healthcheck
-    frontend front_healthcheck
-      bind :8080
-      mode http
-      default_backend back_healthcheck
-    backend back_healthcheck
-      mode http
-      http-after-response set-header Access-Control-Allow-Origin "*"
-      http-after-response set-header Access-Control-Max-Age "31536000"
-      http-request return status 200 content-type "text/plain" string "Pong"
-
-    # owfms
-    frontend front_owfms_rest
-      bind :16004
-      mode tcp
-      default_backend back_owfms_rest
-    backend back_owfms_rest
-      mode tcp
-      server svc_owfms_rest owfms-owfms:16004
-
-    frontend front_owfms_rest_internal
-      bind :17004
-      mode tcp
-      default_backend back_owfms_rest_internal
-    backend back_owfms_rest_internal
-      mode tcp
-      server svc_owfms_rest_internal owfms-owfms:17004
-
-    # owgw
-    frontend front_owgw_websocket
-      bind :15002
-      mode tcp
-      default_backend back_owgw_websocket
-    backend back_owgw_websocket
-      mode tcp
-      server svc_owgw_websocket owgw-owgw:15002
-
-    frontend front_owgw_rest
-      bind :16002
-      mode tcp
-      default_backend back_owgw_rest
-    backend back_owgw_rest
-      mode tcp
-      server svc_owgw_rest owgw-owgw:16002
-
-    frontend front_owgw_fileuploader
-      bind :16003
-      mode tcp
-      default_backend back_owgw_fileuploader
-    backend back_owgw_fileuploader
-      mode tcp
-      server svc_owgw_fileuploader owgw-owgw:16003
-
-    frontend front_owgw_rest_internal
-      bind :17002
-      mode tcp
-      default_backend back_owgw_rest_internal
-    backend back_owgw_rest_internal
-      mode tcp
-      server svc_owgw_rest_internal owgw-owgw:17002
-
-    # owprov
-    frontend front_owprov_rest
-      bind :16005
-      mode tcp
-      default_backend back_owprov_rest
-    backend back_owprov_rest
-      mode tcp
-      server svc_owprov_rest owprov-owprov:16005
-
-    frontend front_owprov_rest_internal
-      bind :17005
-      mode tcp
-      default_backend back_owprov_rest_internal
-    backend back_owprov_rest_internal
-      mode tcp
-      server svc_owprov_rest_internal owprov-owprov:17005
-
-    # owsec
-    frontend front_owsec_rest
-      bind :16001
-      mode tcp
-      default_backend back_owsec_rest
-    backend back_owsec_rest
-      mode tcp
-      server svc_owsec_rest owsec-owsec:16001
-
-    frontend front_owsec_rest_internal
-      bind :17001
-      mode tcp
-      default_backend back_owsec_rest_internal
-    backend back_owsec_rest_internal
-      mode tcp
-      server svc_owsec_rest_internal owsec-owsec:17001
-
-    # rttys
-    frontend front_rttys_dev
-      bind :5912
-      mode tcp
-      default_backend back_rttys_dev
-    backend back_rttys_dev
-      mode tcp
-      server svc_rttys_dev rttys-rttys:5912
-
-    frontend front_rttys_user
-      bind :5913
-      mode tcp
-      default_backend back_rttys_user
-    backend back_rttys_user
-      mode tcp
-      server svc_rttys_user rttys-rttys:5913
-
-    frontend front_rttys_web
-      bind :5914
-      mode tcp
-      default_backend back_rttys_web
-    backend back_rttys_web
-      mode tcp
-      server svc_rttys_web rttys-rttys:5914
--- a/docker-compose/.env
+++ b/docker-compose/.env
@@ -1,15 +1,16 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=v2.4.0
-OWGWUI_TAG=v2.4.0
-OWSEC_TAG=v2.4.0
-OWFMS_TAG=v2.4.0
+OWGW_TAG=v2.3.0-RC1
+OWGWUI_TAG=v2.3.0-RC1
+OWSEC_TAG=v2.3.0-RC2
+OWFMS_TAG=v2.3.0-RC1
 OWPROV_TAG=main
 OWPROVUI_TAG=main
 RTTYS_TAG=3.5.0
 KAFKA_TAG=latest
 ZOOKEEPER_TAG=latest
-POSTGRESQL_TAG=latest
+ACMESH_TAG=latest
+TRAEFIK_TAG=latest

 # Microservice root/config directories
 OWGW_ROOT=/owgw-data
--- a/docker-compose/.env.letsencrypt
+++ b/docker-compose/.env.letsencrypt
@@ -1,9 +1,9 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=v2.4.0
-OWGWUI_TAG=v2.4.0
-OWSEC_TAG=v2.4.0
-OWFMS_TAG=v2.4.0
+OWGW_TAG=v2.3.0-RC1
+OWGWUI_TAG=v2.3.0-RC1
+OWSEC_TAG=v2.3.0-RC2
+OWFMS_TAG=v2.3.0-RC1
 OWPROV_TAG=main
 OWPROVUI_TAG=main
 RTTYS_TAG=3.5.0
--- a/docker-compose/.env.selfsigned
+++ b/docker-compose/.env.selfsigned
@@ -1,9 +1,9 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=v2.4.0
-OWGWUI_TAG=v2.4.0
-OWSEC_TAG=v2.4.0
-OWFMS_TAG=v2.4.0
+OWGW_TAG=v2.3.0-RC1
+OWGWUI_TAG=v2.3.0-RC1
+OWSEC_TAG=v2.3.0-RC2
+OWFMS_TAG=v2.3.0-RC1
 OWPROV_TAG=main
 OWPROVUI_TAG=main
 RTTYS_TAG=3.5.0
--- a/docker-compose/README.md
+++ b/docker-compose/README.md
@@ -1,23 +1,12 @@
 # Docker Compose
 ### Overview
-With the provided Docker Compose files you can instantiate a deployment of the OpenWifi microservices and related components. The repository contains a self-signed certificate and a TIP-signed gateway certificate which are valid for the `*.wlan.local` domain. You also have the possibility to either generate and use Letsencrypt certs or provide your own certificates. Furthermore the deployments are split by whether Traefik is used as a reverse proxy/load balancer in front of the microservices or if they are exposed directly on the host. The advantage of using the deployments with Traefik is that you can use Letsencrypt certs (automatic certificate generation and renewal) and you have the ability to scale specific containers to multiple replicas.  
-The repository also contains a separate Docker Compose deployment to set up the [OWLS microservice](https://github.com/Telecominfraproject/wlan-cloud-owls) and related components for running a load simulation test against an existing controller.
+With the provided Docker Compose files you can instantiate a deployment of the OpenWifi microservices and related components. The repository contains a self-signed certificate and a TIP-signed gateway certificate which are valid for the `*.wlan.local` domain. You also have the possibility to either generate and use Letsencrypt certs or provide your own certificates. Furthermore the deployments are split by whether Traefik is used as a reverse proxy/load balancer in front of the microservices or if they are exposed directly on the host. The advantage of using the deployments with Traefik is that you can use Letsencrypt certs (automatic certificate generation and renewal) and you have the ability to scale specific containers to multiple replicas.
 - [Non-LB deployment with self-signed certificates](#non-lb-deployment-with-self-signed-certificates)
 - [Non-LB deployment with own certificates](#non-lb-deployment-with-own-certificates)
- [Non-LB deployment with PostgreSQL](#non-lb-deployment-with-postgresql)
 - [LB deployment with self-signed certificates](#lb-deployment-with-self-signed-certificates)
 - [LB deployment with Letsencrypt certificates](#lb-deployment-with-letsencrypt-certificates)
- [OWLS deployment with self-signed certificates](#owls-deployment-with-self-signed-certificates)
 ### Configuration
-If you don't bind mount your own config files they are generated on every startup based on the environment variables in the microservice specific env files. For an overview of the supported configuration properties have a look into the microservice specific env files. For an explanation of the configuration properties please see the README in the respective microservice repository.  
-Be aware that the non-LB deployment exposes the generated config files on the host. So if you want to make configuration changes afterwards, please do them directly in the config files located in the microservice data directories.
-#### Required password changing on the first startup
-One important action that must be done before using the deployment is changing password for the default user in owsec as described in [owsec docs](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/tree/main#changing-default-password). Please use these docs to find the actions that must be done **after** the deployment in order to start using your deployment.
-### Ports
-Every OpenWifi service is exposed via a separate port either directly on the host or through Traefik. For an overview of the exposed ports have a look into the deployment specific Docker Compose file. If you use your own certificates or make use of the [Letsencrypt LB deployment](#lb-deployment-with-letsencrypt-certificates), you can also configure different hostnames for the microservices.  
-Please note that the OWProv-UI is exposed on port `8080(HTTP)/8443(HTTPS)` by default except for the Letsencrypt LB deployment, where the service listens on the default `80/443` HTTP(S) ports.
-### owsec templates and wwwassets
-On the startup of owsec directories for wwwassets and mailer templates are created from the base files included in Docker image. After the initial startup you may edit those files as you wish in the [owsec-data/persist](./owsec-data/persist) directory.
+The configuration of the OpenWifi microservices is done via environment variables. For an overview of the supported configuration properties have a look into the microservice specific env files. For an explanation of the configuration properties please see the README in the respective microservice repository.
 ## Non-LB deployment with self-signed certificates
 1. Switch into the project directory with `cd docker-compose/`.
 2. Add an entry for `openwifi.wlan.local` in your hosts file which points to `127.0.0.1` or whatever the IP of the host running the deployment is.
@@ -25,10 +14,10 @@ On the startup of owsec directories for wwwassets and mailer templates are creat
 4. Check if the containers are up and running with `docker-compose ps`.
 5. Add SSL certificate exceptions in your browser by visiting https://openwifi.wlan.local:16001, https://openwifi.wlan.local:16002, https://openwifi.wlan.local:16004 and https://openwifi.wlan.local:16005.
 6. Connect to your AP via SSH and add a static hosts entry in `/etc/hosts` for `openwifi.wlan.local`. This should point to the address of the host the Compose deployment runs on.
-7. Login to the UI `https://openwifi.wlan.local` and follow the instructions to change your default password.
+7. Navigate to the UI `https://openwifi.wlan.local` and login with your OWSec authentication data.
 8. To use the curl test scripts included in the microservice repositories set the following environment variables:
 ```
-export OWSEC="openwifi.wlan.local:16001"
+export UCENTRALSEC="openwifi.wlan.local:16001"
 export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-compose/certs/restapi-ca.pem"
 ```
 ⚠️**Note**: When deploying with self-signed certificates you can not make use of the trace functionality in the UI since the AP will throw a TLS error when uploading the trace to OWGW. Please use the Letsencrypt deployment or provide your own valid certificates if you want to use this function.
@@ -75,60 +64,7 @@ export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-comp
 | `DEFAULT_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
 3. Spin up the deployment with `docker-compose up -d`.
 4. Check if the containers are up and running with `docker-compose ps`.
-5. Login to the UI and and follow the instructions to change your default password.
-## Non-LB deployment with PostgreSQL
-1. Switch into the project directory with `cd docker-compose/`.
-2. Set the following variables in the env files and make sure to uncomment the lines. It is highly recommended that you change the DB passwords to some random string.
-### owgw.env
-| Variable                           | Value/Description |
-| ---------------------------------- | ----------------- |
-| `STORAGE_TYPE`                     | `postgresql`      |
-| `STORAGE_TYPE_POSTGRESQL_HOST`     | `postgresql`      |
-| `STORAGE_TYPE_POSTGRESQL_USERNAME` | `owgw`            |
-| `STORAGE_TYPE_POSTGRESQL_PASSWORD` | `owgw`            |
-| `STORAGE_TYPE_POSTGRESQL_DATABASE` | `owgw`            |
-### owsec.env
-| Variable                           | Value/Description |
-| ---------------------------------- | ----------------- |
-| `STORAGE_TYPE`                     | `postgresql`      |
-| `STORAGE_TYPE_POSTGRESQL_HOST`     | `postgresql`      |
-| `STORAGE_TYPE_POSTGRESQL_USERNAME` | `owsec`           |
-| `STORAGE_TYPE_POSTGRESQL_PASSWORD` | `owsec`           |
-| `STORAGE_TYPE_POSTGRESQL_DATABASE` | `owsec`           |
-### owfms.env
-| Variable                           | Value/Description |
-| ---------------------------------- | ----------------- |
-| `STORAGE_TYPE`                     | `postgresql`      |
-| `STORAGE_TYPE_POSTGRESQL_HOST`     | `postgresql`      |
-| `STORAGE_TYPE_POSTGRESQL_USERNAME` | `owfms`           |
-| `STORAGE_TYPE_POSTGRESQL_PASSWORD` | `owfms`           |
-| `STORAGE_TYPE_POSTGRESQL_DATABASE` | `owfms`           |
-### owprov.env
-| Variable                           | Value/Description |
-| ---------------------------------- | ----------------- |
-| `STORAGE_TYPE`                     | `postgresql`      |
-| `STORAGE_TYPE_POSTGRESQL_HOST`     | `postgresql`      |
-| `STORAGE_TYPE_POSTGRESQL_USERNAME` | `owprov`          |
-| `STORAGE_TYPE_POSTGRESQL_PASSWORD` | `owprov`          |
-| `STORAGE_TYPE_POSTGRESQL_DATABASE` | `owprov`          |
-### postgresql.env
-| Variable             | Value      |
-| -------------------- | ---------- |
-| `POSTGRES_PASSWORD`  | `postgres` |
-| `POSTGRES_USER`      | `postgres` |
-| `OWGW_DB`            | `owgw`     |
-| `OWGW_DB_USER`       | `owgw`     |
-| `OWGW_DB_PASSWORD`   | `owgw`     |
-| `OWSEC_DB`           | `owsec`    |
-| `OWSEC_DB_USER`      | `owsec`    |
-| `OWSEC_DB_PASSWORD`  | `owsec`    |
-| `OWFMS_DB`           | `owfms`    |
-| `OWFMS_DB_USER`      | `owfms`    |
-| `OWFMS_DB_PASSWORD`  | `owfms`    |
-| `OWPROV_DB`          | `owprov`   |
-| `OWPROV_DB_USER`     | `owprov`   |
-| `OWPROV_DB_PASSWORD` | `owprov`   |
-3. Depending on whether you want to use [self-signed certificates](#non-lb-deployment-with-self-signed-certificates) or [provide your own](#non-lb-deployment-with-own-certificates), follow the instructions of the according deployment model. Spin up the deployment with `docker-compose -f docker-compose.yml -f docker-compose.postgresql.yml up -d`. It is recommended to create an alias for this deployment model with `alias docker-compose-postgresql="docker-compose -f docker-compose.yml -f docker-compose.postgresql.yml"`.
+5. Navigate to the UI and login with your OWSec authentication data.
 ## LB deployment with self-signed certificates
 Follow the same instructions as for the self-signed deployment without Traefik. The only difference is that you have to spin up the deployment with `docker-compose -f docker-compose.lb.selfsigned.yml --env-file .env.selfsigned up -d`. Make sure to specify the Compose and the according .env file every time you're working with the deployment or create an alias, for example `alias docker-compose-lb-selfsigned="docker-compose -f docker-compose.lb.selfsigned.yml --env-file .env.selfsigned"`. You also have the possibility to scale specific services to a specified number of instances with `docker-compose-lb-selfsigned up -d --scale SERVICE=NUM`, where `SERVICE` is the service name as defined in the Compose file.
 ## LB deployment with Letsencrypt certificates
@@ -187,20 +123,8 @@ For the Letsencrypt challenge to work you need a public IP address. The hostname
 | `TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL` | Email address used for ACME registration. |
 3. Spin up the deployment with `docker-compose -f docker-compose.lb.letsencrypt.yml --env-file .env.letsencrypt up -d`. Make sure to specify the Compose and the according .env file every time you're working with the deployment or create an alias, for example `alias docker-compose-lb-letsencrypt="docker-compose -f docker-compose.lb.letsencrypt.yml --env-file .env.letsencrypt"`. You also have the possibility to scale specific services to a specified number of instances with `docker-compose-lb-letsencrypt up -d --scale SERVICE=NUM`, where `SERVICE` is the service name as defined in the Compose file.
 4. Check if the containers are up and running with `docker-compose-lb-letsencrypt ps`.
-5. Login to the UI and follow the instructions to change your default password.
-## OWLS deployment with self-signed certificates
-To run a load simulation you need to obtain a TIP signed client certificate which will be used to connect to the gateway. The certificate CN has to start with the characters `53494d` like it is described [here](https://github.com/Telecominfraproject/wlan-cloud-owls#get-a-simulator-key). Be aware that since the OWLS deployment partly exposes the same ports on the host as the OpenWifi deployment, it is not intended that both run on the same host.
-1. Copy or move your TIP signed load simulation client certificate into the `docker-compose/certs` directory. Don't forget to name the files `device-cert.pem` and `device-key.pem` or adapt the path names in the OWLS configuration if you're using different file names.
-2. To be able to run load simulation tests against your OpenWifi deployment, you'll have to [configure the OWGW microservice](https://github.com/Telecominfraproject/wlan-cloud-owls#prepare-your-openwifi-gateway) to allow load simulation tests. You can do that by either editing the OWGW env file or doing the changes directly in the OWGW configuration file if it is exposed on the host.
-3. Switch into the project directory with `cd docker-compose/owls`.
-4. Add an entry for `openwifi-owls.wlan.local` in your hosts file which points to `127.0.0.1` or whatever the IP of the host running the OWLS deployment is.
-5. Spin up the deployment with `docker-compose up -d`.
-6. Check if the containers are up and running with `docker-compose ps`.
-7. Add SSL certificate exceptions in your browser by visiting https://openwifi-owls.wlan.local:16001 and https://openwifi-owls.wlan.local:16007.
-8. If you're using an OpenWifi deployment with self-signed certificates, you'll have to add a custom hosts entry for `openwifi.wlan.local` on the machine running the OWLS deployment pointing to the remote IP of your OpenWifi host.
-9. Login to the UI by visiting https://openwifi-owls.wlan.local and follow the instructions to change your default password.
-10. In the Simulation tab, click on the + sign on the right side to add a load simulation.
-11. Fill out the required fields. MAC prefix is used for the MAC addresses of the simulated devices, so you can use any six-digit hexadecimal number. Specify the remote address of your OpenWifi gateway in the Gateway field, for example `https://openwifi.wlan.local:15002`. Adapt the rest of the settings according to your needs.
-12. Click on the floppy disk icon to save your load simulation. You can run it by clicking the play symbol in the table view.
+5. Navigate to the UI and login with your OWSec authentication data.

-**Note**: All deployments create local volumes to persist mostly application, database and certificate data. In addition to that the `certs/` directory is bind mounted into the microservice containers. Be aware that for the bind mounts the host directories and files will be owned by the user in the container. Since the files are under version control, you may have to change the ownership to your user again before pulling changes.
+**Note**: The deployments create local volumes to persist mostly application, database and certificate data. In addition to that the `certs/` directory is bind mounted into the microservice containers. Be aware that for the bind mounts the host directories and files will be owned by the user in the container. Since the files are under version control, you may have to change the ownership to your user again before pulling changes.
+### owsec templates and wwwassets
+On the startup of owsec directories for wwwassets and mailer templates are created from the base files included in Docker image. After the initial startup you may edit those files as you wish in the [owsec-data/persist](./owsec-data/persist) directory.
--- a/docker-compose/docker-compose.lb.letsencrypt.yml
+++ b/docker-compose/docker-compose.lb.letsencrypt.yml
@@ -38,10 +38,6 @@ services:
    volumes:
      - owgw_data:${OWGW_ROOT}/persist
      - ./certs:/${OWGW_ROOT}/certs
-    sysctls:
-      - net.ipv4.tcp_keepalive_intvl=5
-      - net.ipv4.tcp_keepalive_probes=2
-      - net.ipv4.tcp_keepalive_time=45

  owgw-ui:
    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owgw-ui:${OWGWUI_TAG}"
--- a/docker-compose/docker-compose.lb.selfsigned.yml
+++ b/docker-compose/docker-compose.lb.selfsigned.yml
@@ -36,10 +36,6 @@ services:
    volumes:
      - owgw_data:${OWGW_ROOT}/persist
      - ./certs:/${OWGW_ROOT}/certs
-    sysctls:
-      - net.ipv4.tcp_keepalive_intvl=5
-      - net.ipv4.tcp_keepalive_probes=2
-      - net.ipv4.tcp_keepalive_time=45

  owgw-ui:
    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owgw-ui:${OWGWUI_TAG}"
--- a/docker-compose/docker-compose.postgresql.yml
+++ b/docker-compose/docker-compose.postgresql.yml
@@ -1,37 +0,0 @@
-version: '3'
-
-volumes:
-  postgresql_data:
-    driver: local
-
-services:
-  owgw:
-    depends_on:
-      - postgresql
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owgw"]
-
-  owsec:
-    depends_on:
-      - postgresql
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owsec"]
-
-  owfms:
-    depends_on:
-      - postgresql
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owfms"]
-
-  owprov:
-    depends_on:
-      - postgresql
-    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owprov"]
-
-  postgresql:
-    image: "postgres:${POSTGRESQL_TAG}"
-    networks:
-      openwifi:
-    env_file:
-      - postgresql.env
-    restart: unless-stopped
-    volumes:
-      - postgresql_data:/var/lib/postgresql/data
-      - ./postgresql/init-db.sh:/docker-entrypoint-initdb.d/init-db.sh
--- a/docker-compose/docker-compose.yml
+++ b/docker-compose/docker-compose.yml
@@ -32,10 +32,6 @@ services:
      - "16002:16002"
      - "16102:16102"
      - "16003:16003"
-    sysctls:
-      - net.ipv4.tcp_keepalive_intvl=5
-      - net.ipv4.tcp_keepalive_probes=2
-      - net.ipv4.tcp_keepalive_time=45

  owgw-ui:
    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owgw-ui:${OWGWUI_TAG}"
--- a/docker-compose/owfms.env
+++ b/docker-compose/owfms.env
@@ -2,9 +2,6 @@ RUN_CHOWN=true
 TEMPLATE_CONFIG=true
 SELFSIGNED_CERTS=true

-OWFMS_ROOT=/owfms-data
-OWFMS_CONFIG=/owfms-data
-
 #RESTAPI_HOST_ROOTCA=$OWFMS_ROOT/certs/restapi-ca.pem
 #RESTAPI_HOST_PORT=16004
 #RESTAPI_HOST_CERT=$OWFMS_ROOT/certs/restapi-cert.pem
--- a/docker-compose/owgw-ui/default.conf
+++ b/docker-compose/owgw-ui/default.conf
@@ -1,10 +1,6 @@
 server {
    listen       80;
    listen  [::]:80;
-
-    # Disable emitting nginx version
-    server_tokens off;
-
    return 301 https://$host$request_uri;
 }

@@ -12,9 +8,6 @@ server {
    listen       443 ssl;
    listen       [::]:443 ssl;

-    # Disable emitting nginx version
-    server_tokens off;
-
    ssl_certificate     /etc/nginx/restapi-cert.pem;
    ssl_certificate_key /etc/nginx/restapi-key.pem;

--- a/docker-compose/owgw.env
+++ b/docker-compose/owgw.env
@@ -2,9 +2,6 @@ RUN_CHOWN=true
 TEMPLATE_CONFIG=true
 SELFSIGNED_CERTS=true

-OWGW_ROOT=/owgw-data
-OWGW_CONFIG=/owgw-data
-
 #WEBSOCKET_HOST_ROOTCA=$OWGW_ROOT/certs/root.pem
 #WEBSOCKET_HOST_ISSUER=$OWGW_ROOT/certs/issuer.pem
 #WEBSOCKET_HOST_CERT=$OWGW_ROOT/certs/websocket-cert.pem
@@ -37,7 +34,6 @@ SYSTEM_DATA=$OWGW_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owgw.wlan.local:17002
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16002
 SYSTEM_URI_UI=https://openwifi.wlan.local
-#SIMULATORID=
 RTTY_ENABLED=true
 RTTY_SERVER=openwifi.wlan.local
 #RTTY_PORT=5912
--- a/docker-compose/owls/.env
+++ b/docker-compose/owls/.env
@@ -1,17 +0,0 @@
-# Image tags
-COMPOSE_PROJECT_NAME=owls
-OWSEC_TAG=main
-OWLS_TAG=main
-OWLSUI_TAG=master
-KAFKA_TAG=latest
-ZOOKEEPER_TAG=latest
-
-# Microservice root/config directories
-OWSEC_ROOT=/owsec-data
-OWSEC_CONFIG=/owsec-data
-OWLS_ROOT=/owls-data
-OWLS_CONFIG=/owls-data
-
-# Microservice hostnames
-INTERNAL_OWSEC_HOSTNAME=owsec.wlan.local
-INTERNAL_OWLS_HOSTNAME=owls.wlan.local
--- a/docker-compose/owls/docker-compose.yml
+++ b/docker-compose/owls/docker-compose.yml
@@ -1,89 +0,0 @@
-version: '3'
-
-volumes:
-  zookeeper_data:
-    driver: local
-  zookeeper_datalog:
-    driver: local
-  kafka_data:
-    driver: local
-
-networks:
-  owls:
-
-services:
-  owsec:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owsec:${OWSEC_TAG}"
-    networks:
-      owls:
-        aliases:
-          - ${INTERNAL_OWSEC_HOSTNAME}
-    env_file:
-      - owsec.env
-    depends_on:
-      - kafka
-    restart: unless-stopped
-    volumes:
-      - "./owsec_data:${OWSEC_ROOT}"
-      - "../certs:/${OWSEC_ROOT}/certs"
-    ports:
-      - "16001:16001"
-      - "16101:16101"
-
-  owls:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owls:${OWLS_TAG}"
-    networks:
-      owls:
-        aliases:
-          - ${INTERNAL_OWLS_HOSTNAME}
-    env_file:
-      - owls.env
-    depends_on:
-      - owsec
-      - kafka
-    restart: unless-stopped
-    volumes:
-      - "./owls_data:${OWLS_ROOT}"
-      - "../certs:/${OWLS_ROOT}/certs"
-    ports:
-      - "16007:16007"
-      - "16107:16107"
-
-  owls-ui:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owls-ui:${OWLSUI_TAG}"
-    networks:
-      owls:
-    env_file:
-      - owls-ui.env
-    depends_on:
-      - owsec
-      - owls
-    restart: unless-stopped
-    volumes:
-      - "./owls-ui/default.conf:/etc/nginx/conf.d/default.conf"
-      - "../certs/restapi-cert.pem:/etc/nginx/restapi-cert.pem"
-      - "../certs/restapi-key.pem:/etc/nginx/restapi-key.pem"
-    ports:
-      - "80:80"
-      - "443:443"
-
-  zookeeper:
-    image: "zookeeper:${ZOOKEEPER_TAG}"
-    networks:
-      owls:
-    restart: unless-stopped
-    volumes:
-      - zookeeper_data:/data
-      - zookeeper_datalog:/datalog
-
-  kafka:
-    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
-    networks:
-      owls:
-    env_file:
-      - kafka.env
-    restart: unless-stopped
-    depends_on:
-      - zookeeper
-    volumes:
-      - kafka_data:/bitnami/kafka
--- a/docker-compose/owls/kafka.env
+++ b/docker-compose/owls/kafka.env
@@ -1,2 +0,0 @@
-KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper:2181
-ALLOW_PLAINTEXT_LISTENER=yes
--- a/docker-compose/owls/owls-ui.env
+++ b/docker-compose/owls/owls-ui.env
@@ -1,2 +0,0 @@
-DEFAULT_UCENTRALSEC_URL=https://openwifi-owls.wlan.local:16001
-ALLOW_UCENTRALSEC_CHANGE=false
--- a/docker-compose/owls/owls-ui/default.conf
+++ b/docker-compose/owls/owls-ui/default.conf
@@ -1,32 +0,0 @@
-server {
-    listen       80;
-    listen  [::]:80;
-
-    # Disable emitting nginx version
-    server_tokens off;
-
-    return 301 https://$host$request_uri;
-}
-
-server {
-    listen       443 ssl;
-    listen       [::]:443 ssl;
-
-    # Disable emitting nginx version
-    server_tokens off;
-
-    ssl_certificate     /etc/nginx/restapi-cert.pem;
-    ssl_certificate_key /etc/nginx/restapi-key.pem;
-
-    location / {
-        root   /usr/share/nginx/html;
-        index  index.html index.htm;
-    }
-
-    # redirect server error pages to the static page /50x.html
-    #
-    error_page   500 502 503 504  /50x.html;
-    location = /50x.html {
-        root   /usr/share/nginx/html;
-    }
-}
--- a/docker-compose/owls/owls.env
+++ b/docker-compose/owls/owls.env
@@ -1,43 +0,0 @@
-RUN_CHOWN=true
-TEMPLATE_CONFIG=true
-SELFSIGNED_CERTS=true
-
-OWLS_ROOT=/owls-data
-OWLS_CONFIG=/owls-data
-
-#ROOTCA=$OWLS_ROOT/certs/root.pem
-#ISSUER=$OWLS_ROOT/certs/issuer.pem
-#CERT=$OWLS_ROOT/certs/device-cert.pem
-#KEY=$OWLS_ROOT/certs/device-key.pem
-#CLIENTCAS=$OWLS_ROOT/certs/clientcas.pem
-#CAS=$OWLS_ROOT/certs/cas
-#KEY_PASSWORD=mypassword
-#RESTAPI_HOST_ROOTCA=$OWLS_ROOT/certs/restapi-ca.pem
-#RESTAPI_HOST_PORT=16007
-#RESTAPI_HOST_CERT=$OWLS_ROOT/certs/restapi-cert.pem
-#RESTAPI_HOST_KEY=$OWLS_ROOT/certs/restapi-key.pem
-#RESTAPI_HOST_KEY_PASSWORD=mypassword
-#INTERNAL_RESTAPI_HOST_ROOTCA=$OWLS_ROOT/certs/restapi-ca.pem
-#INTERNAL_RESTAPI_HOST_PORT=17007
-#INTERNAL_RESTAPI_HOST_CERT=$OWLS_ROOT/certs/restapi-cert.pem
-#INTERNAL_RESTAPI_HOST_KEY=$OWLS_ROOT/certs/restapi-key.pem
-#INTERNAL_RESTAPI_HOST_KEY_PASSWORD=mypassword
-#SERVICE_KEY=$OWLS_ROOT/certs/restapi-key.pem
-#SERVICE_KEY_PASSWORD=mypassword
-SYSTEM_DATA=$OWLS_ROOT/persist
-SYSTEM_URI_PRIVATE=https://owls.wlan.local:17007
-SYSTEM_URI_PUBLIC=https://openwifi-owls.wlan.local:16007
-SYSTEM_URI_UI=https://openwifi-owls.wlan.local
-#KAFKA_ENABLE=true
-KAFKA_BROKERLIST=kafka:9092
-#STORAGE_TYPE=sqlite
-#STORAGE_TYPE_POSTGRESQL_HOST=localhost
-#STORAGE_TYPE_POSTGRESQL_USERNAME=owls
-#STORAGE_TYPE_POSTGRESQL_PASSWORD=owls
-#STORAGE_TYPE_POSTGRESQL_DATABASE=owls
-#STORAGE_TYPE_POSTGRESQL_PORT=5432
-#STORAGE_TYPE_MYSQL_HOST=localhost
-#STORAGE_TYPE_MYSQL_USERNAME=owls
-#STORAGE_TYPE_MYSQL_PASSWORD=owls
-#STORAGE_TYPE_MYSQL_DATABASE=owls
-#STORAGE_TYPE_MYSQL_PORT=3306
--- a/docker-compose/owls/owsec.env
+++ b/docker-compose/owls/owsec.env
@@ -1,47 +0,0 @@
-RUN_CHOWN=true
-TEMPLATE_CONFIG=true
-SELFSIGNED_CERTS=true
-
-OWSEC_ROOT=/owsec-data
-OWSEC_CONFIG=/owsec-data
-
-#RESTAPI_HOST_ROOTCA=$OWSEC_ROOT/certs/restapi-ca.pem
-#RESTAPI_HOST_PORT=16001
-#RESTAPI_HOST_CERT=$OWSEC_ROOT/certs/restapi-cert.pem
-#RESTAPI_HOST_KEY=$OWSEC_ROOT/certs/restapi-key.pem
-#RESTAPI_HOST_KEY_PASSWORD=mypassword
-#RESTAPI_WWWASSETS=$OWSEC_ROOT/wwwassets
-#INTERNAL_RESTAPI_HOST_ROOTCA=$OWSEC_ROOT/certs/restapi-ca.pem
-#INTERNAL_RESTAPI_HOST_PORT=17001
-#INTERNAL_RESTAPI_HOST_CERT=$OWSEC_ROOT/certs/restapi-cert.pem
-#INTERNAL_RESTAPI_HOST_KEY=$OWSEC_ROOT/certs/restapi-key.pem
-#INTERNAL_RESTAPI_HOST_KEY_PASSWORD=mypassword
-#AUTHENTICATION_DEFAULT_USERNAME=tip@ucentral.com
-#AUTHENTICATION_DEFAULT_PASSWORD=13268b7daa751240369d125e79c873bd8dd3bef7981bdfd38ea03dbb1fbe7dcf
-SYSTEM_DATA=$OWSEC_ROOT/persist
-SYSTEM_URI_PRIVATE=https://owsec.wlan.local:17001
-SYSTEM_URI_PUBLIC=https://openwifi-owls.wlan.local:16001
-SYSTEM_URI_UI=https://openwifi-owls.wlan.local
-#SERVICE_KEY=$OWSEC_ROOT/certs/restapi-key.pem
-#SERVICE_KEY_PASSWORD=mypassword
-#MAILER_HOSTNAME=localhost
-#MAILER_USERNAME=************************
-#MAILER_PASSWORD=************************
-#MAILER_SENDER=OpenWIFI
-#MAILER_PORT=587
-#MAILER_TEMPLATES=$OWSEC_ROOT/templates
-#KAFKA_ENABLE=true
-KAFKA_BROKERLIST=kafka:9092
-#DOCUMENT_POLICY_ACCESS=$OWSEC_ROOT/wwwassets/access_policy.html
-#DOCUMENT_POLICY_PASSWORD=$OWSEC_ROOT/wwwassets/password_policy.html
-#STORAGE_TYPE=sqlite
-#STORAGE_TYPE_POSTGRESQL_HOST=localhost
-#STORAGE_TYPE_POSTGRESQL_USERNAME=owsec
-#STORAGE_TYPE_POSTGRESQL_PASSWORD=owsec
-#STORAGE_TYPE_POSTGRESQL_DATABASE=owsec
-#STORAGE_TYPE_POSTGRESQL_PORT=5432
-#STORAGE_TYPE_MYSQL_HOST=localhost
-#STORAGE_TYPE_MYSQL_USERNAME=owsec
-#STORAGE_TYPE_MYSQL_PASSWORD=owsec
-#STORAGE_TYPE_MYSQL_DATABASE=owsec
-#STORAGE_TYPE_MYSQL_PORT=3306
--- a/docker-compose/owprov-ui/default.conf
+++ b/docker-compose/owprov-ui/default.conf
@@ -1,10 +1,6 @@
 server {
    listen       8080;
    listen  [::]:8080;
-
-    # Disable emitting nginx version
-    server_tokens off;
-
    return 301 https://$host:8443$request_uri;
 }

@@ -12,9 +8,6 @@ server {
    listen       8443 ssl;
    listen       [::]:8443 ssl;

-    # Disable emitting nginx version
-    server_tokens off;
-
    ssl_certificate     /etc/nginx/restapi-cert.pem;
    ssl_certificate_key /etc/nginx/restapi-key.pem;

--- a/docker-compose/owprov.env
+++ b/docker-compose/owprov.env
@@ -2,9 +2,6 @@ RUN_CHOWN=true
 TEMPLATE_CONFIG=true
 SELFSIGNED_CERTS=true

-OWPROV_ROOT=/owprov-data
-OWPROV_CONFIG=/owprov-data
-
 #RESTAPI_HOST_ROOTCA=$OWPROV_ROOT/certs/restapi-ca.pem
 #RESTAPI_HOST_PORT=16005
 #RESTAPI_HOST_CERT=$OWPROV_ROOT/certs/restapi-cert.pem
--- a/docker-compose/owsec.env
+++ b/docker-compose/owsec.env
@@ -2,9 +2,6 @@ RUN_CHOWN=true
 TEMPLATE_CONFIG=true
 SELFSIGNED_CERTS=true

-OWSEC_ROOT=/owsec-data
-OWSEC_CONFIG=/owsec-data
-
 #RESTAPI_HOST_ROOTCA=$OWSEC_ROOT/certs/restapi-ca.pem
 #RESTAPI_HOST_PORT=16001
 #RESTAPI_HOST_CERT=$OWSEC_ROOT/certs/restapi-cert.pem
--- a/docker-compose/postgresql.env
+++ b/docker-compose/postgresql.env
@@ -1,14 +0,0 @@
-POSTGRES_PASSWORD=postgres
-POSTGRES_USER=postgres
-OWGW_DB=owgw
-OWGW_DB_USER=owgw
-OWGW_DB_PASSWORD=owgw
-OWSEC_DB=owsec
-OWSEC_DB_USER=owsec
-OWSEC_DB_PASSWORD=owsec
-OWFMS_DB=owfms
-OWFMS_DB_USER=owfms
-OWFMS_DB_PASSWORD=owfms
-OWPROV_DB=owprov
-OWPROV_DB_USER=owprov
-OWPROV_DB_PASSWORD=owprov
--- a/docker-compose/postgresql/init-db.sh
+++ b/docker-compose/postgresql/init-db.sh
@@ -1,17 +0,0 @@
-#!/bin/bash
-set -e
-
-psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
-    CREATE USER $OWGW_DB_USER WITH ENCRYPTED PASSWORD '$OWGW_DB_PASSWORD';
-    CREATE DATABASE $OWGW_DB;
-    GRANT ALL PRIVILEGES ON DATABASE $OWGW_DB TO $OWGW_DB_USER;
-    CREATE USER $OWSEC_DB_USER WITH ENCRYPTED PASSWORD '$OWSEC_DB_PASSWORD';
-    CREATE DATABASE $OWSEC_DB;
-    GRANT ALL PRIVILEGES ON DATABASE $OWSEC_DB TO $OWSEC_DB_USER;
-    CREATE USER $OWFMS_DB_USER WITH ENCRYPTED PASSWORD '$OWFMS_DB_PASSWORD';
-    CREATE DATABASE $OWFMS_DB;
-    GRANT ALL PRIVILEGES ON DATABASE $OWFMS_DB TO $OWFMS_DB_USER;
-    CREATE USER $OWPROV_DB_USER WITH ENCRYPTED PASSWORD '$OWPROV_DB_PASSWORD';
-    CREATE DATABASE $OWPROV_DB;
-    GRANT ALL PRIVILEGES ON DATABASE $OWPROV_DB TO $OWPROV_DB_USER;
-EOSQL
Author	SHA1	Message	Date
Dmitry Dunaev	aac75509ef	Chg: chart version of owsec	2021-11-02 13:50:23 +03:00
jaspreetsachdev	18a48df881	upgraded security to RC2	2021-11-01 12:26:22 -04:00
jaspreetsachdev	0caa891210	Upgraded security to RC2	2021-11-01 12:25:51 -04:00
jaspreetsachdev	40e858a6a4	Moved security service to RC2	2021-11-01 12:25:04 -04:00
Johann Hoffmann	d768b24759	Remove fixed version check since prov and prov-ui won't have a release for now Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org>	2021-10-29 15:01:28 +03:00
Johann Hoffmann	1336bcc876	Fix version in chart Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org>	2021-10-29 13:54:42 +03:00
Johann Hoffmann	df934b5f53	Update Helm dependencies to v2.3.0-RC1 Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org>	2021-10-29 13:40:45 +03:00