Merge remote-tracking branch 'origin/dev-2.2' into dev-2.2

# Conflicts: # build # src/RESTAPI_handler.cpp # src/RESTAPI_handler.h # src/RESTAPI_system_command.cpp
2026-01-27 10:23:12 +00:00 · 2021-09-27 09:32:30 -07:00
parent e16c97ba51 5b1fe4a037
commit 5f14599ee7
3 changed files with 187 additions and 2 deletions
--- a/8
+++ b/8
@@ -59,7 +59,7 @@ RUN addgroup -S "$UCENTRALFMS_USER" && \
 RUN mkdir /ucentral
 RUN mkdir -p "$UCENTRALFMS_ROOT" "$UCENTRALFMS_CONFIG" && \
    chown "$UCENTRALFMS_USER": "$UCENTRALFMS_ROOT" "$UCENTRALFMS_CONFIG"
-RUN apk add --update --no-cache librdkafka curl-dev mariadb-connector-c libpq unixodbc su-exec
+RUN apk add --update --no-cache librdkafka curl-dev mariadb-connector-c libpq unixodbc su-exec gettext ca-certificates

 COPY --from=builder /ucentralfms/cmake-build/ucentralfms /ucentral/ucentralfms
 COPY --from=builder /cppkafka/cmake-build/src/lib/* /lib/
@@ -67,8 +67,12 @@ COPY --from=builder /poco/cmake-build/lib/* /lib/
 COPY --from=builder /aws-sdk-cpp/cmake-build/aws-cpp-sdk-core/libaws-cpp-sdk-core.so /lib/
 COPY --from=builder /aws-sdk-cpp/cmake-build/aws-cpp-sdk-s3/libaws-cpp-sdk-s3.so /lib/

+COPY ucentralfms.properties.tmpl ${UCENTRALFMS_CONFIG}/
+COPY docker-entrypoint.sh /
+RUN wget https://raw.githubusercontent.com/Telecominfraproject/wlan-cloud-ucentral-deploy/main/docker-compose/certs/restapi-ca.pem \
+    -O /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+
 EXPOSE 16004 17004 16104

-COPY docker-entrypoint.sh /
 ENTRYPOINT ["/docker-entrypoint.sh"]
 CMD ["/ucentral/ucentralfms"]
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -1,6 +1,48 @@
 #!/bin/sh
 set -e

+if [ "$SELFSIGNED_CERTS" = 'true' ]; then
+    update-ca-certificates
+fi
+
+if [[ "$TEMPLATE_CONFIG" = 'true' && ! -f "$UCENTRALFMS_CONFIG"/ucentralfms.properties ]]; then
+  RESTAPI_HOST_ROOTCA=${RESTAPI_HOST_ROOTCA:-"\$UCENTRALFMS_ROOT/certs/restapi-ca.pem"} \
+  RESTAPI_HOST_PORT=${RESTAPI_HOST_PORT:-"16004"} \
+  RESTAPI_HOST_CERT=${RESTAPI_HOST_CERT:-"\$UCENTRALFMS_ROOT/certs/restapi-cert.pem"} \
+  RESTAPI_HOST_KEY=${RESTAPI_HOST_KEY:-"\$UCENTRALFMS_ROOT/certs/restapi-key.pem"} \
+  RESTAPI_HOST_KEY_PASSWORD=${RESTAPI_HOST_KEY_PASSWORD:-"mypassword"} \
+  INTERNAL_RESTAPI_HOST_ROOTCA=${INTERNAL_RESTAPI_HOST_ROOTCA:-"\$UCENTRALFMS_ROOT/certs/restapi-ca.pem"} \
+  INTERNAL_RESTAPI_HOST_PORT=${INTERNAL_RESTAPI_HOST_PORT:-"17004"} \
+  INTERNAL_RESTAPI_HOST_CERT=${INTERNAL_RESTAPI_HOST_CERT:-"\$UCENTRALFMS_ROOT/certs/restapi-cert.pem"} \
+  INTERNAL_RESTAPI_HOST_KEY=${INTERNAL_RESTAPI_HOST_KEY:-"\$UCENTRALFMS_ROOT/certs/restapi-key.pem"} \
+  INTERNAL_RESTAPI_HOST_KEY_PASSWORD=${INTERNAL_RESTAPI_HOST_KEY_PASSWORD:-"mypassword"} \
+  SERVICE_KEY=${SERVICE_KEY:-"\$UCENTRALFMS_ROOT/certs/restapi-key.pem"} \
+  SERVICE_KEY_PASSWORD=${SERVICE_KEY_PASSWORD:-"mypassword"} \
+  SYSTEM_DATA=${SYSTEM_DATA:-"\$UCENTRALFMS_ROOT/data"} \
+  SYSTEM_URI_PRIVATE=${SYSTEM_URI_PRIVATE:-"https://localhost:17004"} \
+  SYSTEM_URI_PUBLIC=${SYSTEM_URI_PUBLIC:-"https://localhost:16004"} \
+  SYSTEM_URI_UI=${SYSTEM_URI_UI:-"http://localhost"} \
+  S3_BUCKETNAME=${S3_BUCKETNAME:-"ucentral-ap-firmware"} \
+  S3_REGION=${S3_REGION:-"us-east-1"} \
+  S3_SECRET=${S3_SECRET:-"*******************************************"} \
+  S3_KEY=${S3_KEY:-"*******************************************"} \
+  S3_BUCKET_URI=${S3_BUCKET_URI:-"ucentral-ap-firmware.s3.amazonaws.com"} \
+  KAFKA_ENABLE=${KAFKA_ENABLE:-"true"} \
+  KAFKA_BROKERLIST=${KAFKA_BROKERLIST:-"localhost:9092"} \
+  STORAGE_TYPE=${STORAGE_TYPE:-"sqlite"} \
+  STORAGE_TYPE_POSTGRESQL_HOST=${STORAGE_TYPE_POSTGRESQL_HOST:-"localhost"} \
+  STORAGE_TYPE_POSTGRESQL_USERNAME=${STORAGE_TYPE_POSTGRESQL_USERNAME:-"ucentralfms"} \
+  STORAGE_TYPE_POSTGRESQL_PASSWORD=${STORAGE_TYPE_POSTGRESQL_PASSWORD:-"ucentralfms"} \
+  STORAGE_TYPE_POSTGRESQL_DATABASE=${STORAGE_TYPE_POSTGRESQL_DATABASE:-"ucentralfms"} \
+  STORAGE_TYPE_POSTGRESQL_PORT=${STORAGE_TYPE_POSTGRESQL_PORT:-"5432"} \
+  STORAGE_TYPE_MYSQL_HOST=${STORAGE_TYPE_MYSQL_HOST:-"localhost"} \
+  STORAGE_TYPE_MYSQL_USERNAME=${STORAGE_TYPE_MYSQL_USERNAME:-"ucentralfms"} \
+  STORAGE_TYPE_MYSQL_PASSWORD=${STORAGE_TYPE_MYSQL_PASSWORD:-"ucentralfms"} \
+  STORAGE_TYPE_MYSQL_DATABASE=${STORAGE_TYPE_MYSQL_DATABASE:-"ucentralfms"} \
+  STORAGE_TYPE_MYSQL_PORT=${STORAGE_TYPE_MYSQL_PORT:-"3306"} \
+  envsubst < $UCENTRALFMS_CONFIG/ucentralfms.properties.tmpl > $UCENTRALFMS_CONFIG/ucentralfms.properties
+fi
+
 if [ "$1" = '/ucentral/ucentralfms' -a "$(id -u)" = '0' ]; then
    if [ "$RUN_CHOWN" = 'true' ]; then
      chown -R "$UCENTRALFMS_USER": "$UCENTRALFMS_ROOT" "$UCENTRALFMS_CONFIG"
--- a/ucentralfms.properties.tmpl
+++ b/ucentralfms.properties.tmpl
@@ -0,0 +1,139 @@
+#
+# uCentral protocol server for devices. This is where you point
+# all your devices. You can replace the * for address by the specific
+# address of one of your interfaces
+#
+
+#
+# REST API access
+#
+ucentralfws.restapi.host.0.backlog = 100
+ucentralfws.restapi.host.0.security = relaxed
+ucentralfws.restapi.host.0.rootca = ${RESTAPI_HOST_ROOTCA}
+ucentralfws.restapi.host.0.address = *
+ucentralfws.restapi.host.0.port = ${RESTAPI_HOST_PORT}
+ucentralfws.restapi.host.0.cert = ${RESTAPI_HOST_CERT}
+ucentralfws.restapi.host.0.key = ${RESTAPI_HOST_KEY}
+ucentralfws.restapi.host.0.key.password = ${RESTAPI_HOST_KEY_PASSWORD}
+
+ucentral.internal.restapi.host.0.backlog = 100
+ucentral.internal.restapi.host.0.security = relaxed
+ucentral.internal.restapi.host.0.rootca = ${INTERNAL_RESTAPI_HOST_ROOTCA}
+ucentral.internal.restapi.host.0.address = *
+ucentral.internal.restapi.host.0.port = ${INTERNAL_RESTAPI_HOST_PORT}
+ucentral.internal.restapi.host.0.cert = ${INTERNAL_RESTAPI_HOST_CERT}
+ucentral.internal.restapi.host.0.key = ${INTERNAL_RESTAPI_HOST_KEY}
+ucentral.internal.restapi.host.0.key.password = ${INTERNAL_RESTAPI_HOST_KEY_PASSWORD}
+
+#
+# Generic section that all microservices must have
+#
+ucentral.service.key = ${SERVICE_KEY}
+ucentral.service.key.password = ${SERVICE_KEY_PASSWORD}
+ucentral.system.data = ${SYSTEM_DATA}
+ucentral.system.debug = false
+ucentral.system.uri.private = ${SYSTEM_URI_PRIVATE}
+ucentral.system.uri.public = ${SYSTEM_URI_PUBLIC}
+ucentral.system.commandchannel = /tmp/app.ucentralfms
+ucentral.system.uri.ui = ${SYSTEM_URI_UI}
+
+#
+# Firmware Microservice Specific Section
+#
+s3.bucketname = ${S3_BUCKETNAME}
+s3.region = ${S3_REGION}
+s3.secret = ${S3_SECRET}
+s3.key = ${S3_KEY}
+s3.retry = 60
+s3.bucket.uri = ${S3_BUCKET_URI}
+
+firmwaredb.refresh = 1800
+#############################
+# Generic information for all micro services
+#############################
+#
+# NLB Support
+#
+alb.enable = true
+alb.port = 16104
+
+#
+# Kafka
+#
+ucentral.kafka.group.id = firmware
+ucentral.kafka.client.id = firmware1
+ucentral.kafka.enable = ${KAFKA_ENABLE}
+ucentral.kafka.brokerlist = ${KAFKA_BROKERLIST}
+ucentral.kafka.auto.commit = false
+ucentral.kafka.queue.buffering.max.ms = 50
+
+#
+# This section select which form of persistence you need
+# Only one selected at a time. If you select multiple, this service will die if a horrible
+# death and might make your beer flat.
+#
+storage.type = ${STORAGE_TYPE}
+
+storage.type.sqlite.db = firmware.db
+storage.type.sqlite.idletime = 120
+storage.type.sqlite.maxsessions = 128
+
+storage.type.postgresql.maxsessions = 64
+storage.type.postgresql.idletime = 60
+storage.type.postgresql.host = ${STORAGE_TYPE_POSTGRESQL_HOST}
+storage.type.postgresql.username = ${STORAGE_TYPE_POSTGRESQL_USERNAME}
+storage.type.postgresql.password = ${STORAGE_TYPE_POSTGRESQL_PASSWORD}
+storage.type.postgresql.database = ${STORAGE_TYPE_POSTGRESQL_DATABASE}
+storage.type.postgresql.port = ${STORAGE_TYPE_POSTGRESQL_PORT}
+storage.type.postgresql.connectiontimeout = 60
+
+storage.type.mysql.maxsessions = 64
+storage.type.mysql.idletime = 60
+storage.type.mysql.host = ${STORAGE_TYPE_MYSQL_HOST}
+storage.type.mysql.username = ${STORAGE_TYPE_MYSQL_USERNAME}
+storage.type.mysql.password = ${STORAGE_TYPE_MYSQL_PASSWORD}
+storage.type.mysql.database = ${STORAGE_TYPE_MYSQL_DATABASE}
+storage.type.mysql.port = ${STORAGE_TYPE_MYSQL_PORT}
+storage.type.mysql.connectiontimeout = 60
+
+
+########################################################################
+########################################################################
+#
+# Logging: please leave as is for now.
+#
+########################################################################
+logging.formatters.f1.class = PatternFormatter
+logging.formatters.f1.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
+logging.formatters.f1.times = UTC
+logging.channels.c1.class = ConsoleChannel
+logging.channels.c1.formatter = f1
+
+# This is where the logs will be written. This path MUST exist
+logging.channels.c2.class = FileChannel
+logging.channels.c2.path = $UCENTRALSEC_ROOT/logs/log
+logging.channels.c2.formatter.class = PatternFormatter
+logging.channels.c2.formatter.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
+logging.channels.c2.rotation = 20 M
+logging.channels.c2.archive = timestamp
+logging.channels.c2.purgeCount = 20
+logging.channels.c3.class = ConsoleChannel
+logging.channels.c3.pattern = %s: [%p] %t
+
+# External Channel
+logging.loggers.root.channel = c1
+logging.loggers.root.level = debug
+
+# Inline Channel with PatternFormatter
+# logging.loggers.l1.name = logger1
+# logging.loggers.l1.channel.class = ConsoleChannel
+# logging.loggers.l1.channel.pattern = %s: [%p] %t
+# logging.loggers.l1.level = information
+# SplitterChannel
+# logging.channels.splitter.class = SplitterChannel
+# logging.channels.splitter.channels = l1,l2
+# logging.loggers.l2.name = logger2
+# logging.loggers.l2.channel = splitter
+
+
+