Fix for pointing to v2.9.0 OWLS version

Signed-off-by: Dmitry Dunaev <dmitry@opsfleet.com>

.github/workflows/ci.yml

@@ -28,19 +28,19 @@ jobs:
       id: get_branch_names
       if: startsWith(github.ref, 'refs/pull/')
       run: |
-        echo ::set-output name=pr_branch::$(echo ${GITHUB_HEAD_REF})
+        echo "pr_branch=$(echo ${GITHUB_HEAD_REF})" >> $GITHUB_OUTPUT
 
     - name: Get created deployment tag and set as output
       id: get_deployment_upgrade_tag
       if: startsWith(github.ref, 'refs/tags/v')
       run: |
-        echo ::set-output name=tag::$(echo ${GITHUB_REF#refs/tags/})
+        echo "tag=$(echo ${GITHUB_REF#refs/tags/})" >> $GITHUB_OUTPUT
 
     - name: Get previous deployment tag
       id: get_deployment_tag
       if: startsWith(github.ref, 'refs/tags/v')
       run: |
-        echo ::set-output name=tag::$(git tag | grep -v RC | tail -2 | head -1)
+        echo "tag=$(git tag | grep -v RC | tail -2 | head -1)" >> $GITHUB_OUTPUT
 
   trigger-docker-compose-testing:
     if: startsWith(github.ref, 'refs/pull/')
@@ -48,7 +48,7 @@ jobs:
     needs: envs
     steps:
     - name: Checkout actions repo
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
       with:
         repository: Telecominfraproject/.github
         path: github
@@ -71,7 +71,7 @@ jobs:
     needs: envs
     steps:
     - name: Checkout actions repo
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
       with:
         repository: Telecominfraproject/.github
         path: github
@@ -94,7 +94,7 @@ jobs:
     needs: envs
     steps:
     - name: Checkout actions repo
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
       with:
         repository: Telecominfraproject/.github
         path: github

.github/workflows/clustersysteminfo_image_ci.yml

@@ -22,7 +22,7 @@ jobs:
       DOCKER_REGISTRY_URL: tip-tip-wlan-cloud-ucentral.jfrog.io
       DOCKER_REGISTRY_USERNAME: ucentral
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Build Docker image
       working-directory: chart/docker
@@ -55,7 +55,7 @@ jobs:
 
     - name: Log into Docker registry
       if: startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/pull/') || github.ref == 'refs/heads/main'
-      uses: docker/login-action@v1
+      uses: docker/login-action@v2
       with:
         registry: ${{ env.DOCKER_REGISTRY_URL }}
         username: ${{ env.DOCKER_REGISTRY_USERNAME }}

.github/workflows/enforce-jira-issue-key.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout actions repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           repository: Telecominfraproject/.github
           path: github

.github/workflows/git-release.yml

@@ -28,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repo
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
       with:
         path: wlan-cloud-ucentral-deploy
 

.github/workflows/release.yml

@@ -17,7 +17,7 @@ jobs:
       HELM_REPO_USERNAME: ucentral
     steps:
       - name: Checkout uCentral assembly chart repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           path: wlan-cloud-ucentral-deploy
           repository: Telecominfraproject/wlan-cloud-ucentral-deploy

chart/Chart.yaml

@@ -2,40 +2,41 @@ apiVersion: v2
 name: openwifi
 appVersion: "1.0"
 description: A Helm chart for Kubernetes
-version: 0.1.0
+version: 2.9.0
 dependencies:
 - name: owgw
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=master"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.9.0"
   version: 0.1.0
 - name: owsec
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.9.0"
   version: 0.1.0
 - name: owfms
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.9.0"
   version: 0.1.0
 - name: owprov
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=v2.9.0"
   version: 0.1.0
 - name: owanalytics
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-analytics@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-analytics@helm?ref=v2.9.0"
   version: 0.1.0
 - name: owgwui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.9.0"
   version: 0.1.0
 - name: owprovui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=v2.9.0"
   version: 0.1.0
 - name: owsub
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-userportal@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-userportal@helm?ref=v2.9.0"
   version: 0.1.0
 - name: owrrm
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-rrm@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-rrm@helm?ref=v2.8.0"
   version: 0.1.0
 - name: kafka
   repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
   version: 13.0.2
+  condition: kafka.enabled
 - name: owls
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owls@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owls@helm?ref=v2.9.0"
   version: 0.1.0
   condition: owls.enabled
 - name: owlsui

chart/environment-values/deploy.sh

@@ -194,7 +194,7 @@ helm upgrade --install --create-namespace --wait --timeout 60m \
   --set owfms.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
   --set owgwui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
   --set owgwui.ingresses.default.hosts={webui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
-  --set owgwui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owgwui.public_env_variables.REACT_APP_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
   --set owprov.services.owprov.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=prov-${NAMESPACE}.cicd.lab.wlan.tip.build \
   --set owprov.configProperties."openwifi\.system\.uri\.public"=https://prov-${NAMESPACE}.cicd.lab.wlan.tip.build:16005 \
   --set owprov.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owprov-owprov:17005 \
@@ -203,7 +203,6 @@ helm upgrade --install --create-namespace --wait --timeout 60m \
   --set owprov.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
   --set owprovui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=provui-${NAMESPACE}.cicd.lab.wlan.tip.build \
   --set owprovui.ingresses.default.hosts={provui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
-  --set owprovui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
   --set owprovui.public_env_variables.REACT_APP_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
   --set owanalytics.services.owanalytics.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=analytics-${NAMESPACE}.cicd.lab.wlan.tip.build \
   --set owanalytics.configProperties."openwifi\.system\.uri\.public"=https://analytics-${NAMESPACE}.cicd.lab.wlan.tip.build:16009 \
@@ -223,7 +222,7 @@ helm upgrade --install --create-namespace --wait --timeout 60m \
   --set owls.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
   --set owlsui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=lsui-${NAMESPACE}.cicd.lab.wlan.tip.build \
   --set owlsui.ingresses.default.hosts={lsui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
-  --set owlsui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owlsui.public_env_variables.REACT_APP_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
   --set owrrm.public_env_variables.SERVICECONFIG_PUBLICENDPOINT=https://rrm-${NAMESPACE}.cicd.lab.wlan.tip.build:16789 \
   --set owrrm.services.owrrm.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=rrm-${NAMESPACE}.cicd.lab.wlan.tip.build \
   --set haproxy.service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$HAPROXY_SERVICE_DNS_RECORDS \

chart/environment-values/values.aws.yaml

@@ -29,7 +29,7 @@ owgwui:
         servicePort: http
 
   public_env_variables:
-    DEFAULT_UCENTRALSEC_URL: https://sec.cicd.lab.wlan.tip.build:16001 # TODO change to OWSEC RESTAPI url
+    REACT_APP_UCENTRALSEC_URL: https://sec.cicd.lab.wlan.tip.build:16001 # TODO change to OWSEC RESTAPI url
 
 owsec:
   configProperties: # TODO change FQDNs and credentials

chart/environment-values/values.base.insecure.yaml

@@ -70,11 +70,10 @@ owrrm:
 
 owgwui:
   public_env_variables:
-    DEFAULT_UCENTRALSEC_URL: http://localhost:16001
+    REACT_APP_UCENTRALSEC_URL: http://localhost:16001
 
 owprovui:
   public_env_variables:
-    DEFAULT_UCENTRALSEC_URL: http://localhost:16001
     REACT_APP_UCENTRALSEC_URL: http://localhost:16001
 
 kafka:

chart/environment-values/values.base.secure.yaml

@@ -316,11 +316,10 @@ owrrm:
 
 owgwui:
   public_env_variables:
-    DEFAULT_UCENTRALSEC_URL: https://localhost:16001
+    REACT_APP_UCENTRALSEC_URL: https://localhost:16001
 
 owprovui:
   public_env_variables:
-    DEFAULT_UCENTRALSEC_URL: https://localhost:16001
     REACT_APP_UCENTRALSEC_URL: https://localhost:16001
 
 kafka:

chart/environment-values/values.openwifi-qa.owls-enabled.yaml

@@ -17,6 +17,7 @@ owgw:
     storage.type.postgresql.database: owgw
     storage.type.postgresql.username: owgw
     storage.type.postgresql.password: owgw
+    openwifi.certificates.allowmismatch: "true"
 
   resources:
     requests:
@@ -36,6 +37,7 @@ owgw:
 
 owls:
   enabled: true
+
   services:
     owls:
       type: LoadBalancer
@@ -53,10 +55,10 @@ owls:
 
   resources:
     requests:
-      cpu: 3000m
+      cpu: 6000m
       memory: 8000Mi
     limits:
-      cpu: 3000m
+      cpu: 6000m
       memory: 8000Mi
 
   checks:
@@ -140,7 +142,7 @@ owls:
           secret:
             secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
       - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
         subPath: ca.crt
         volumeDefinition: |
           secret:

chart/environment-values/values.openwifi-qa.single-external-db.yaml

@@ -65,6 +65,7 @@ postgresql-ha:
     password: password
     postgresPassword: postgres
     repmgrPassword: repmgr
+    maxConnections: 1000
     resources:
       requests:
         cpu: 250m

chart/environment-values/values.openwifi-qa.test-nodes.yaml

@@ -112,7 +112,7 @@ owprovui:
 
 owls:
   nodeSelector:
-    env: tests
+    env: owls
   tolerations:
   - key: "tests"
     operator: "Exists"

chart/environment-values/values.openwifi-qa.yaml

@@ -15,7 +15,7 @@ owgw:
       memory: 100Mi
     limits:
       cpu: 2000m
-      memory: 500Mi
+      memory: 2Gi
 
   securityContext:
     sysctls:
@@ -314,6 +314,7 @@ owsec:
     openwifi.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
     openwifi.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
     mailer.hostname: email-smtp.us-east-2.amazonaws.com
+    openwifi.certificates.allowmismatch: "false"
 
   volumes:
     owsec:
@@ -769,9 +770,12 @@ owrrm:
     SELFSIGNED_CERTS: "true"
     SERVICECONFIG_PRIVATEENDPOINT: http://owrrm-owrrm:16789
     KAFKACONFIG_BOOTSTRAPSERVER: kafka:9092
-    DATABASECONFIG_SERVER: owrrm-mysql:3306
     DATABASECONFIG_DBNAME: owrrm
     DATABASECONFIG_DATARETENTIONINTERVALDAYS: "1"
+    # Empty string will disable DB usage
+    DATABASECONFIG_SERVER: ""
+    # Uncomment these parameters to enable DB usage + enable mysql below
+    #DATABASECONFIG_SERVER: owrrm-mysql:3306
 
   secret_env_variables:
     DATABASECONFIG_USER: root
@@ -793,7 +797,7 @@ owrrm:
             secretName: {{ include "owrrm.fullname" . }}-owrrm-restapi-tls
 
   mysql:
-    enabled: true
+    enabled: false
     fullnameOverride: "owrrm-mysql"
 
     resources:
@@ -849,7 +853,7 @@ haproxy:
       service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080"
       service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
       service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
-      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009,16007,16006,17006"
+      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,5913,16001,17001,16009,16007,16006,17006"
       service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
 
 restapiCerts:

chart/values.yaml

@@ -58,9 +58,6 @@ owsub:
 owrrm:
   fullnameOverride: owrrm
 
-  public_env_variables:
-    UCENTRALCONFIG_PRIVATEENDPOINT: http://owrrm-owrrm:17007
-
   mysql:
     enabled: true
 
@@ -88,7 +85,7 @@ clustersysteminfo:
   images:
     clustersysteminfo:
       repository: tip-tip-wlan-cloud-ucentral.jfrog.io/clustersysteminfo
-      tag: main
+      tag: v2.9.0
       pullPolicy: Always
 #      regcred:
 #        registry: tip-tip-wlan-cloud-ucentral.jfrog.io

docker-compose/.env

@@ -1,19 +1,19 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=master
-OWGWUI_TAG=main
-OWSEC_TAG=main
-OWFMS_TAG=main
-OWPROV_TAG=main
-OWPROVUI_TAG=main
-OWANALYTICS_TAG=main
-OWSUB_TAG=main
+OWGW_TAG=v2.9.0
+OWGWUI_TAG=v2.9.0
+OWSEC_TAG=v2.9.0
+OWFMS_TAG=v2.9.0
+OWPROV_TAG=v2.9.0
+OWPROVUI_TAG=v2.9.0
+OWANALYTICS_TAG=v2.9.0
+OWSUB_TAG=v2.9.0
 KAFKA_TAG=latest
 ZOOKEEPER_TAG=3.8
-POSTGRESQL_TAG=latest
+POSTGRESQL_TAG=15.0
 MYSQL_TAG=latest
 # NOTE currently OWRRM is only supported in LB installations
-#OWRRM_TAG=main
+#OWRRM_TAG=v2.8.0
 
 # Microservice root/config directories
 OWGW_ROOT=/owgw-data

docker-compose/.env.letsencrypt

@@ -1,16 +1,16 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=master
-OWGWUI_TAG=main
-OWSEC_TAG=main
-OWFMS_TAG=main
-OWPROV_TAG=main
-OWPROVUI_TAG=main
-OWANALYTICS_TAG=main
-OWSUB_TAG=main
-OWRRM_TAG=main
+OWGW_TAG=v2.9.0
+OWGWUI_TAG=v2.9.0
+OWSEC_TAG=v2.9.0
+OWFMS_TAG=v2.9.0
+OWPROV_TAG=v2.9.0
+OWPROVUI_TAG=v2.9.0
+OWANALYTICS_TAG=v2.9.0
+OWSUB_TAG=v2.9.0
+OWRRM_TAG=v2.8.0
 KAFKA_TAG=latest
-ZOOKEEPER_TAG=latest
+ZOOKEEPER_TAG=3.8
 ACMESH_TAG=latest
 TRAEFIK_TAG=latest
 MYSQL_TAG=latest

docker-compose/.env.selfsigned

@@ -1,16 +1,16 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=master
-OWGWUI_TAG=main
-OWSEC_TAG=main
-OWFMS_TAG=main
-OWPROV_TAG=main
-OWPROVUI_TAG=main
-OWANALYTICS_TAG=main
-OWSUB_TAG=main
-OWRRM_TAG=main
+OWGW_TAG=v2.9.0
+OWGWUI_TAG=v2.9.0
+OWSEC_TAG=v2.9.0
+OWFMS_TAG=v2.9.0
+OWPROV_TAG=v2.9.0
+OWPROVUI_TAG=v2.9.0
+OWANALYTICS_TAG=v2.9.0
+OWSUB_TAG=v2.9.0
+OWRRM_TAG=v2.8.0
 KAFKA_TAG=latest
-ZOOKEEPER_TAG=latest
+ZOOKEEPER_TAG=3.8
 ACMESH_TAG=latest
 TRAEFIK_TAG=latest
 MYSQL_TAG=latest

docker-compose/README.md

@@ -56,9 +56,9 @@ export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-comp
 | `RTTY_SERVER`                            | Set this to your OWGW RTTYS hostname, for example `owgw.example.com`.               |
 | `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
 ### owgw-ui.env
-| Variable                  | Description                                                                |
-| ------------------------- | -------------------------------------------------------------------------- |
-| `DEFAULT_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
+| Variable                    | Description                                                                |
+| --------------------------- | -------------------------------------------------------------------------- |
+| `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
 ### owsec.env
 | Variable                                 | Description                                                                         |
 | ---------------------------------------- | ----------------------------------------------------------------------------------- |
@@ -184,9 +184,9 @@ For the Let's Encrypt challenge to work you need a public IP address. The hostna
 | `SYSTEM_URI_UI`          | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.               |
 
 ### owgw-ui.env
-| Variable            | Description                                                                   |
-| ------------------- | ----------------------------------------------------------------------------- |
-| `DEFAULT_OWSEC_URL` | Set this to your OWSec URL, for example `https://openwifi.example.com:16001`. |
+| Variable                    | Description                                                                   |
+| --------------------------- | ----------------------------------------------------------------------------- |
+| `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://openwifi.example.com:16001`. |
 
 ### owsec.env
 | Variable            | Description                                                                   |

docker-compose/deploy.sh

@@ -53,7 +53,10 @@ usage () {
   echo "- OWFMS_S3_KEY - access key that is used for OWFms access to firmwares S3 bucket";
   echo;
   echo "- SDKHOSTNAME - Public hostname which is used for cert generation when using the Letsencrypt deployment method"
+  echo;
   echo "- TRAEFIK_ACME_EMAIL - Email address used for ACME registration"
+  echo;
+  echo "- CERTIFICATES_ALLOWMISMATCH - boolean flag to allow certificates serial mismatch";
 }
 
 # Check if required environment variables were passed
@@ -142,7 +145,7 @@ if [[ ! -z "$SIMULATORID" ]]; then
   sed -i "s~.*SIMULATORID=.*~SIMULATORID=$SIMULATORID~" owgw.env
 fi
 
-sed -i "s~.*DEFAULT_UCENTRALSEC_URL=.*~DEFAULT_UCENTRALSEC_URL=$DEFAULT_UCENTRALSEC_URL~" owgw-ui.env
+sed -i "s~.*REACT_APP_UCENTRALSEC_URL=.*~REACT_APP_UCENTRALSEC_URL=$DEFAULT_UCENTRALSEC_URL~" owgw-ui.env
 
 if [[ ! -z "$OWSEC_AUTHENTICATION_DEFAULT_USERNAME" ]]; then
   sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
@@ -185,6 +188,10 @@ if [[ ! -z "$TRAEFIK_ACME_EMAIL" ]]; then
   sed -i "s~.*TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=.*~TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=$TRAEFIK_ACME_EMAIL~" traefik.env
 fi
 
+if [[ ! -z "$CERTIFICATES_ALLOWMISMATCH" ]]; then
+  sed -i "s~.*CERTIFICATES_ALLOWMISMATCH=.*~CERTIFICATES_ALLOWMISMATCH=$CERTIFICATES_ALLOWMISMATCH~" owgw.env
+fi
+
 # Run the deployment
 if [[ ! -z "$SDKHOSTNAME" ]]; then
   docker-compose -f docker-compose.lb.letsencrypt.yml --env-file .env.letsencrypt up -d

docker-compose/docker-compose.yml

@@ -12,6 +12,7 @@ volumes:
   mysql_data:
     driver: local
 
+
 networks:
   openwifi:
 
@@ -179,23 +180,6 @@ services:
       - "16006:16006"
       - "16106:16106"
 
-# NOTE currently OWRRM is only supported in LB installations
-#  owrrm:
-#    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owrrm:${OWRRM_TAG}"
-#    networks:
-#      openwifi:
-#        aliases:
-#          - ${INTERNAL_OWRRM_HOSTNAME}
-#    env_file:
-#      - owrrm.env
-#    depends_on:
-#      - mysql
-#      - kafka
-#    restart: unless-stopped
-#    volumes:
-#      - owrrm_data:/owrrm-data
-#    ports:
-#      - "16789:16789"
 
   zookeeper:
     image: "zookeeper:${ZOOKEEPER_TAG}"
@@ -237,12 +221,29 @@ services:
           --partitions 1 --bootstrap-server kafka:9092
         done && echo "Successfully created Kafka topics, exiting." && exit 0
 
-  mysql:
-    image: "mysql:${MYSQL_TAG}"
-    networks:
-      openwifi:
-    env_file:
-      - mysql.env
-    restart: unless-stopped
-    volumes:
-      - mysql_data:/var/lib/mysql
+# NOTE currently OWRRM is only supported in LB installations
+#  owrrm:
+#    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owrrm:${OWRRM_TAG}"
+#    networks:
+#      openwifi:
+#        aliases:
+#          - ${INTERNAL_OWRRM_HOSTNAME}
+#    env_file:
+#      - owrrm.env
+#    depends_on:
+#      - mysql
+#      - kafka
+#    restart: unless-stopped
+#    volumes:
+#      - owrrm_data:/owrrm-data
+#    ports:
+#      - "16789:16789"
+#  mysql:
+#    image: "mysql:${MYSQL_TAG}"
+#    networks:
+#      openwifi:
+#    env_file:
+#      - mysql.env
+#    restart: unless-stopped
+#    volumes:
+#      - mysql_data:/var/lib/mysql

docker-compose/owgw-ui.env

@@ -1,2 +1 @@
-DEFAULT_UCENTRALSEC_URL=https://openwifi.wlan.local:16001
-ALLOW_UCENTRALSEC_CHANGE=false
+REACT_APP_UCENTRALSEC_URL=https://openwifi.wlan.local:16001

docker-compose/owgw.env

@@ -67,3 +67,4 @@ KAFKA_BROKERLIST=kafka:9092
 #STORAGE_TYPE_MYSQL_PASSWORD=owgw
 #STORAGE_TYPE_MYSQL_DATABASE=owgw
 #STORAGE_TYPE_MYSQL_PORT=3306
+#CERTIFICATES_ALLOWMISMATCH=false

docker-compose/owls/.env

@@ -1,7 +1,7 @@
 # Image tags
 COMPOSE_PROJECT_NAME=owls
 OWSEC_TAG=main
-OWLS_TAG=main
+OWLS_TAG=v2.9.0
 OWLSUI_TAG=master
 KAFKA_TAG=latest
 ZOOKEEPER_TAG=latest

docker-compose/owls/deploy_owls.sh

@@ -57,7 +57,7 @@ cd wlan-cloud-ucentral-deploy/docker-compose/owls
 sed -i "s~\(^INTERNAL_OWSEC_HOSTNAME=\).*~\1$INTERNAL_OWSEC_HOSTNAME~" .env
 sed -i "s~\(^INTERNAL_OWLS_HOSTNAME=\).*~\1$INTERNAL_OWLS_HOSTNAME~" .env
 
-sed -i "s~\(^DEFAULT_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owls-ui.env
+sed -i "s~\(^REACT_APP_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owls-ui.env
 
 sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
 sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env

docker-compose/owls/owls-ui.env

@@ -1,2 +1 @@
-DEFAULT_UCENTRALSEC_URL=https://openwifi-owls.wlan.local:16001
-ALLOW_UCENTRALSEC_CHANGE=false
+REACT_APP_UCENTRALSEC_URL=https://openwifi.wlan.local:16001

docker-compose/postgresql.env

@@ -15,6 +15,6 @@ OWPROV_DB_PASSWORD=owprov
 OWANALYTICS_DB=owanalytics
 OWANALYTICS_DB_USER=owanalytics
 OWANALYTICS_DB_PASSWORD=owanalytics
-OWUSB_DB=owsub
-OWUSB_DB_USER=owsub
-OWUSB_DB_PASSWORD=owsub
+OWSUB_DB=owsub
+OWSUB_DB_USER=owsub
+OWSUB_DB_PASSWORD=owsub

docker-compose/postgresql/init-db.sh

@@ -3,21 +3,15 @@ set -e
 
 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
     CREATE USER $OWGW_DB_USER WITH ENCRYPTED PASSWORD '$OWGW_DB_PASSWORD';
-    CREATE DATABASE $OWGW_DB;
-    GRANT ALL PRIVILEGES ON DATABASE $OWGW_DB TO $OWGW_DB_USER;
+    CREATE DATABASE $OWGW_DB OWNER $OWGW_DB_USER;
     CREATE USER $OWSEC_DB_USER WITH ENCRYPTED PASSWORD '$OWSEC_DB_PASSWORD';
-    CREATE DATABASE $OWSEC_DB;
-    GRANT ALL PRIVILEGES ON DATABASE $OWSEC_DB TO $OWSEC_DB_USER;
+    CREATE DATABASE $OWSEC_DB OWNER $OWSEC_DB_USER;
     CREATE USER $OWFMS_DB_USER WITH ENCRYPTED PASSWORD '$OWFMS_DB_PASSWORD';
-    CREATE DATABASE $OWFMS_DB;
-    GRANT ALL PRIVILEGES ON DATABASE $OWFMS_DB TO $OWFMS_DB_USER;
+    CREATE DATABASE $OWFMS_DB OWNER $OWFMS_DB_USER;
     CREATE USER $OWPROV_DB_USER WITH ENCRYPTED PASSWORD '$OWPROV_DB_PASSWORD';
-    CREATE DATABASE $OWPROV_DB;
-    GRANT ALL PRIVILEGES ON DATABASE $OWPROV_DB TO $OWPROV_DB_USER;
+    CREATE DATABASE $OWPROV_DB OWNER $OWPROV_DB_USER;
     CREATE USER $OWANALYTICS_DB_USER WITH ENCRYPTED PASSWORD '$OWANALYTICS_DB_PASSWORD';
-    CREATE DATABASE $OWANALYTICS_DB;
-    GRANT ALL PRIVILEGES ON DATABASE $OWANALYTICS_DB TO $OWANALYTICS_DB_USER;
+    CREATE DATABASE $OWANALYTICS_DB OWNER $OWANALYTICS_DB_USER;
     CREATE USER $OWSUB_DB_USER WITH ENCRYPTED PASSWORD '$OWSUB_DB_PASSWORD';
-    CREATE DATABASE $OWSUB_DB;
-    GRANT ALL PRIVILEGES ON DATABASE $OWSUB_DB TO $OWSUB_DB_USER;
+    CREATE DATABASE $OWSUB_DB OWNER $OWSUB_DB_USER;
 EOSQL