ucentral: development update

* more CI fixes * update poco * update ucentralgw Signed-off-by: John Crispin <john@phrozen.org>
2025-10-29 09:32:34 +00:00 · 2021-05-08 07:47:38 +02:00
parent df8f1d8bd7
commit 2de4f501ca
16 changed files with 163 additions and 115 deletions
--- a/.github/workflows/build-dev.yml
+++ b/.github/workflows/build-dev.yml
@@ -10,7 +10,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        target: ['cig_wf188', 'cig_wf194c', 'cig_wf160d', 'edgecore_eap101', 'edgecore_eap102', 'edgecore_ecs4100-12ph', 'edgecore_ecw5211', 'linksys_e8450-ubi', 'linksys_ea8300', 'mikrotik_rb91x', 'tplink_cpe210_v3', 'tplink_ex227', 'tplink_ex447', 'zyxel_gs1900-10hp']
+        target: ['cig_wf188', 'cig_wf194c', 'cig_wf160d', 'edgecore_eap101', 'edgecore_eap102', 'edgecore_ecs4100-12ph', 'edgecore_ecw5211', 'linksys_e8450-ubi', 'linksys_ea8300', 'mikrotik_nand-large', 'tplink_cpe210_v3', 'tplink_ex227', 'tplink_ex447', 'zyxel_gs1900-10hp']

    steps:
    - uses: actions/checkout@v2
--- a/feeds/ucentral/poco/Makefile
+++ b/feeds/ucentral/poco/Makefile
@@ -78,7 +78,7 @@ CONFIGURE_ARGS += \
 ifeq ($(BUILD_VARIANT),all)
 	CONFIGURE_ARGS += \
 		--typical
-	POCO_LIBS={Foundation,XML,JSON,Net,Util,Crypto,NetSSL,Encodings,Util,Data,DataSQLite}
+	POCO_LIBS={Foundation,XML,JSON,Net,Util,Crypto,NetSSL,Encodings,Util,Data,DataSQLite,JWT}
 else
 	CONFIGURE_ARGS += \
 		--poquito \
--- a/feeds/ucentral/ucentralgw/Makefile
+++ b/feeds/ucentral/ucentralgw/Makefile
@@ -6,7 +6,7 @@ PKG_RELEASE:=1
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=git@github.com:Telecominfraproject/wlan-cloud-ucentralgw.git
 PKG_SOURCE_DATE:=2021-03-28
-PKG_SOURCE_VERSION:=a42e9608df8a465f9899cc23c5261a263a00b154
+PKG_SOURCE_VERSION:=555b5fefc6337f6bc7eab9988b2d05fdc76b2381
 CMAKE_INSTALL:=1

 PKG_LICENSE:=BSD-3-Clause
@@ -44,9 +44,9 @@ endef
 define Package/ucentralgw/install
 	$(INSTALL_DIR) $(1)/usr/bin $(1)/usr/libexec/ucentral/

+	$(CP) ./files/* $(1)
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ucentralgw $(1)/usr/bin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/cert_scripts/* $(1)/usr/libexec/ucentral/
-	$(CP) ./files/* $(1)
 endef

 $(eval $(call BuildPackage,ucentralgw))
--- a/feeds/ucentral/ucentralgw/files/etc/init.d/ucentralgw
+++ b/feeds/ucentral/ucentralgw/files/etc/init.d/ucentralgw
@@ -10,5 +10,6 @@ start_service() {
 	procd_set_param command "$PROG"
 	procd_append_param command --file /etc/ucentral/ucentral.properties
 	procd_set_param respawn 3600 5 0
+	procd_add_mdns "ucentral" "tcp" "15002" "daemon=ucentralgw"
 	procd_close_instance
 }
--- a/feeds/ucentral/ucentralgw/files/etc/ucentral/ucentral.properties
+++ b/feeds/ucentral/ucentralgw/files/etc/ucentral/ucentral.properties
@@ -1,108 +1,50 @@
-########################################################################
-########################################################################
-########################################################################
-########################################################################
-#
-# TIP Portal API access. To be ignored in non TIP uCentral deployments
-#
-########################################################################
-########################################################################
-########################################################################
-tip.certs.key = /etc/ucentral/certs/clientkey.pem
-tip.certs.cert = /etc/ucentral/certs/clientcert.pem
-tip.certs.ca = /etc/ucentral/certs/clientcert.pem
-tip.certs.password = mypassword
-tip.api.login.username = support@example.com
-tip.api.login.password = support
-tip.api.host = debfarm1-node-a1.arilia.com
-tip.api.port = 9051
-tip.gateway.host.0.address = *
-tip.gateway.host.0.port = 9031
-tip.gateway.host.0.key = /etc/ucentral/certs/ws-key.pem
-tip.gateway.host.0.cert = /etc/ucentral/certs/ws-cert.pem
-tip.gateway.host.0.password = mypassword
-#
-# uCentral - TIP Gateway Bridge
-#
-ucentral.tipgateway.host.0.address = *
-ucentral.tipgateway.host.0.port = 14001
-ucentral.tipgateway.host.0.cert = /etc/ucentral/certs/server-cert.pem
-ucentral.tipgateway.host.0.key = /etc/ucentral/certs/server-key.pem
-ucentral.tipgateway.host.0.key.password = mypassword
-########################################################################
-########################################################################
-########################################################################
-
-########################################################################
-########################################################################
-#
-# Thw following sections apply to the uCentral service
-#
-# Logging: please leave as is for now.
-#
-########################################################################
-########################################################################
-
-logging.formatters.f1.class = PatternFormatter
-logging.formatters.f1.pattern = %s: [%p] %t
-logging.formatters.f1.times = UTC
-logging.channels.c1.class = ConsoleChannel
-logging.channels.c1.formatter = f1
-logging.channels.c2.class = FileChannel
-# This is where the logs will be written. This path MUST exist
-logging.channels.c2.path = /tmp/ucentral.log
-logging.channels.c2.formatter.class = PatternFormatter
-logging.channels.c2.formatter.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
-logging.channels.c3.class = ConsoleChannel
-logging.channels.c3.pattern = %s: [%p] %t
-# External Channel
-logging.loggers.root.channel = c2
-logging.loggers.root.level = information
-# Inline Channel with PatternFormatter
-# logging.loggers.l1.name = logger1
-# logging.loggers.l1.channel.class = ConsoleChannel
-# logging.loggers.l1.channel.pattern = %s: [%p] %t
-# logging.loggers.l1.level = information
-# SplitterChannel
-# logging.channels.splitter.class = SplitterChannel
-# logging.channels.splitter.channels = l1,l2
-# logging.loggers.l2.name = logger2
-# logging.loggers.l2.channel = splitter
-openSSL.client.privateKeyFile = /etc/ucentral/certs/clientkey.pem
-openSSL.client.certificateFile = /etc/ucentral/certs/clientcert.pem
-openSSL.client.caConfig = /etc/ucentral/certs/cacert.pem
-openSSL.client.verificationMode = once
-openSSL.client.verificationDepth = 9
-openSSL.client.loadDefaultCAFile = true
-openSSL.client.cypherList = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
-openSSL.client.privateKeyPassphraseHandler.name = KeyFileHandler
-openSSL.client.privateKeyPassphraseHandler.options.password = mypassword
-openSSL.client.invalidCertificateHandler = AcceptCertificateHandler
-openSSL.client.invalidCertificateHandler.options.ignoreError = true
-openSSL.client.extendedVerification = false
-openSSL.client.cacheSessions = true
-openSSL.client.requireTLSv1 = true
-
 #
 # uCentral protocol server for devices. This is where you point
-# all your devices.
+# all your devices. You can replace the * for address by the specific
+# address of one of your interfaces
 #
+ucentral.websocket.host.0.backlog = 500
+ucentral.websocket.host.0.rootca = /etc/ucentral/certs/root.pem
+ucentral.websocket.host.0.issuer = /etc/ucentral/certs/issuer.pem
+ucentral.websocket.host.0.cert = /etc/ucentral/certs/websocket-cert.pem
+ucentral.websocket.host.0.key = /etc/ucentral/certs/websocket-key.pem
+ucentral.websocket.host.0.clientcas = /etc/ucentral/certs/clientcas.pem
+ucentral.websocket.host.0.cas = /etc/ucentral/certs/cas
 ucentral.websocket.host.0.address = *
 ucentral.websocket.host.0.port = 15002
-ucentral.websocket.host.0.cert = /etc/ucentral/certs/server-cert.pem
-ucentral.websocket.host.0.key = /etc/ucentral/certs/server-key.pem
+ucentral.websocket.host.0.security = relaxed
 ucentral.websocket.host.0.key.password = mypassword
-ucentral.websocket.maxreactors = 5
+ucentral.websocket.maxreactors = 20

 #
 # REST API access
 #
+ucentral.restapi.host.0.backlog = 100
+ucentral.restapi.host.0.security = relaxed
+ucentral.restapi.host.0.rootca = /etc/ucentral/certs/restapi-ca.pem
 ucentral.restapi.host.0.address = *
 ucentral.restapi.host.0.port = 16001
-ucentral.restapi.host.0.cert = /etc/ucentral/certs/server-cert.pem
-ucentral.restapi.host.0.key = /etc/ucentral/certs/server-key.pem
+ucentral.restapi.host.0.cert = /etc/ucentral/certs/restapi-cert.pem
+ucentral.restapi.host.0.key = /etc/ucentral/certs/restapi-key.pem
 ucentral.restapi.host.0.key.password = mypassword

+#
+# Used to upload files to the service.
+# You should replace the 'name' vaalue with the IP address of your gateway or an FQDN
+# that your devices can reach
+#
+ucentral.fileuploader.host.0.backlog = 100
+ucentral.fileuploader.host.0.rootca = /etc/ucentral/certs/restapi-ca.pem
+ucentral.fileuploader.host.0.security = relaxed
+ucentral.fileuploader.host.0.address = *
+ucentral.fileuploader.host.0.name = 192.168.1.176
+ucentral.fileuploader.host.0.port = 16003
+ucentral.fileuploader.host.0.cert = /etc/ucentral/certs/restapi-cert.pem
+ucentral.fileuploader.host.0.key = /etc/ucentral/certs/restapi-key.pem
+ucentral.fileuploader.host.0.key.password = mypassword
+ucentral.fileuploader.path = /etc/ucentral/uploads
+ucentral.fileuploader.maxsize = 10000
+
 #
 # This section descrive how to do autoprovisioning
 # When enabled, it will allow devices that are not in the system
@@ -112,7 +54,13 @@ ucentral.autoprovisioning = true
 ucentral.autoprovisioning.type.0 = AP:ea8300,edge
 ucentral.autoprovisioning.type.1 = IOT:ea8301,edge2
 ucentral.autoprovisioning.type.2 = AP:ea8302,edge6
+ucentral.service.key = /etc/ucentral/certs/websocket-key.pem

+#
+# Kafka
+#
+ucentral.kafka.enable = false
+ucentral.kafka.brokerlist = 127.0.0.1:9092

 #
 # This section select which form of persistence you need
@@ -152,4 +100,54 @@ storage.type.mysql.connectiontimeout = 60
 authentication.enabled = true
 authentication.default.username = support@example.com
 authentication.default.password = support
+authentication.default.access = master
 authentication.service.type = internal
+
+ucentral.system.debug = true
+ucentral.system.id = 1
+ucentral.system.commandchannel = /tmp/app.ucentralgw
+ucentral.system.host.0.path = https://host2.com:9010
+ucentral.system.host.0.id = 2
+ucentral.system.host.1.path = https://host3.com:9010
+ucentral.system.host.1.id = 3
+ucentral.system.host.2.path = https://host4.com:9010
+ucentral.system.host.2.id = 4
+
+########################################################################
+########################################################################
+#
+# Thw following sections apply to the uCentral service
+#
+# Logging: please leave as is for now.
+#
+########################################################################
+########################################################################
+
+logging.formatters.f1.class = PatternFormatter
+logging.formatters.f1.pattern = %s: [%p] %t
+logging.formatters.f1.times = UTC
+logging.channels.c1.class = ConsoleChannel
+logging.channels.c1.formatter = f1
+logging.channels.c2.class = FileChannel
+# This is where the logs will be written. This path MUST exist
+logging.channels.c2.path = /tmp/ucentral.log
+logging.channels.c2.formatter.class = PatternFormatter
+logging.channels.c2.formatter.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
+logging.channels.c3.class = ConsoleChannel
+logging.channels.c3.pattern = %s: [%p] %t
+# External Channel
+logging.loggers.root.channel = c2
+logging.loggers.root.level = information
+# Inline Channel with PatternFormatter
+# logging.loggers.l1.name = logger1
+# logging.loggers.l1.channel.class = ConsoleChannel
+# logging.loggers.l1.channel.pattern = %s: [%p] %t
+# logging.loggers.l1.level = information
+# SplitterChannel
+# logging.channels.splitter.class = SplitterChannel
+# logging.channels.splitter.channels = l1,l2
+# logging.loggers.l2.name = logger2
+# logging.loggers.l2.channel = splitter
+
+
+
--- a/feeds/ucentral/ucentralgw/files/etc/uci-defaults/99-ucentral-certs
+++ b/feeds/ucentral/ucentralgw/files/etc/uci-defaults/99-ucentral-certs
@@ -1,6 +1,6 @@
-#!/bin.sh
+#!/bin/sh

-[ -f /etc/ucentral/server-key.pem ] && exit 0
+[ -f /etc/ucentral/certs/server-key.pem ] && exit 0
 /usr/libexec/ucentral/create_certificates.sh

 exit 0
--- a/feeds/ucentral/ucentralgw/files/etc/uci-defaults/99-ucentral-firewall
+++ b/feeds/ucentral/ucentralgw/files/etc/uci-defaults/99-ucentral-firewall
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+uci set firewall.wan.input=ACCEPT
+uci commit firewall
+
+exit 0
--- a/feeds/ucentral/ucentralgw/files/etc/uci-defaults/99-ucentral-hostname
+++ b/feeds/ucentral/ucentralgw/files/etc/uci-defaults/99-ucentral-hostname
@@ -1,4 +1,4 @@
-#!/bin.sh
+#!/bin/sh

 hname=$(cat /sys/class/net/eth0/address | tr -d : | awk '{print tolower($0)}')
-uci set system.@system[-1].hostname=$hname
+uci set system.@system[-1].hostname="ucentral-$hname"
--- a/feeds/ucentral/ucentralgw/files/etc/uci-defaults/99-ucentral-mdns
+++ b/feeds/ucentral/ucentralgw/files/etc/uci-defaults/99-ucentral-mdns
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+uci add_list umdns.@umdns[-1].network=foo
+uci commit umdns
+
+exit 0
--- a/feeds/ucentral/ucentralgw/patches/100-bash.patch
+++ b/feeds/ucentral/ucentralgw/patches/100-bash.patch
@@ -1,45 +1,57 @@
-Index: ucentralgw-2021-03-28-a42e9608/cert_scripts/clean.sh
+Index: ucentralgw-2021-03-28-555b5fef/cert_scripts/clean.sh
 ===================================================================
--- ucentralgw-2021-03-28-a42e9608.orig/cert_scripts/clean.sh
-+++ ucentralgw-2021-03-28-a42e9608/cert_scripts/clean.sh
+--- ucentralgw-2021-03-28-555b5fef.orig/cert_scripts/clean.sh
+++ ucentralgw-2021-03-28-555b5fef/cert_scripts/clean.sh
@@ -1,3 +1,3 @@
 -#!/bin/bash
 +#!/bin/sh
 
 rm *.pem *.csr
-Index: ucentralgw-2021-03-28-a42e9608/cert_scripts/create_certificates.sh
+Index: ucentralgw-2021-03-28-555b5fef/cert_scripts/create_certificates.sh
 ===================================================================
--- ucentralgw-2021-03-28-a42e9608.orig/cert_scripts/create_certificates.sh
-+++ ucentralgw-2021-03-28-a42e9608/cert_scripts/create_certificates.sh
-@@ -1,15 +1,15 @@
+--- ucentralgw-2021-03-28-555b5fef.orig/cert_scripts/create_certificates.sh
+++ ucentralgw-2021-03-28-555b5fef/cert_scripts/create_certificates.sh
+@@ -1,15 +1,27 @@
 -#!/bin/bash
 +#!/bin/sh
 
 -hn=$(hostname)
+mkdir -p /etc/ucentral/certs/cas
+
 +hn=$(cat /proc/sys/kernel/hostname)
 howmany=10
 -cert_life=365
 -subject="/C=CA/ST=British Columbia/L=Vancouver/O=Arilia Wireless/OU=Engineering/CN=$hn/emailAddress=support@example.com"
 +cert_life=1825
-+subject="/C=uC/ST=uCentral/L=uCentral/O=uCentral/OU=Nerdinging/CN=$hn/emailAddress=support@example.com"
+subject="/C=uC/ST=uCentral/L=uCentral/O=uCentral/OU=uCentral/CN=$hn/emailAddress=support@example.com"
+
+openssl genrsa -out /etc/ucentral/certs/server-key.pem 2048
+openssl req -new -key /etc/ucentral/certs/server-key.pem -subj "$subject" -out /etc/ucentral/certs/server.csr
+openssl x509 -req -days $cert_life -in /etc/ucentral/certs/server.csr -signkey /etc/ucentral/certs/server-key.pem -out /etc/ucentral/certs/server-cert.pem
+
+for a in clientcas.pem issuer.pem restapi-ca.pem restapi-cert.pem root.pem websocket-cert.pem; do
+	cp /etc/ucentral/certs/server-cert.pem /etc/ucentral/certs/$a
+done
+
+for a in restapi-key.pem websocket-key.pem; do
+	cp /etc/ucentral/certs/server-key.pem /etc/ucentral/certs/$a
+done
 
 -openssl genrsa -out server-key.pem 2048
 -openssl req -new -key server-key.pem -subj "$subject" -out server.csr
 -openssl x509 -req -days $cert_life -in server.csr -signkey server-key.pem -out server-cert.pem
-+openssl genrsa -out /etc/ucentral/server-key.pem 2048
-+openssl req -new -key /etc/ucentral/server-key.pem -subj "$subject" -out /etc/ucentral/server.csr
-+openssl x509 -req -days $cert_life -in /etc/ucentral/server.csr -signkey /etc/ucentral/server-key.pem -out /etc/ucentral/server-cert.pem
+cp  /etc/ucentral/certs/server-cert.pem /etc/ucentral/certs/cas/
 
 -for i in `eval echo {1..$howmany}`
 +for i in `seq 1 $howmany`
 do
 -  openssl x509 -signkey server-key.pem -in server.csr -req -days $cert_life -out dev-$i-cert.pem
-+  openssl x509 -signkey /etc/ucentral/server-key.pem -in /etc/ucentral/server.csr -req -days $cert_life -out /etc/ucentral/dev-$i-cert.pem
+  openssl x509 -signkey /etc/ucentral/certs/server-key.pem -in /etc/ucentral/certs/server.csr -req -days $cert_life -out /etc/ucentral/certs/dev-$i-cert.pem
 done
-Index: ucentralgw-2021-03-28-a42e9608/cert_scripts/more_devices.sh
+Index: ucentralgw-2021-03-28-555b5fef/cert_scripts/more_devices.sh
 ===================================================================
--- ucentralgw-2021-03-28-a42e9608.orig/cert_scripts/more_devices.sh
-+++ ucentralgw-2021-03-28-a42e9608/cert_scripts/more_devices.sh
+--- ucentralgw-2021-03-28-555b5fef.orig/cert_scripts/more_devices.sh
+++ ucentralgw-2021-03-28-555b5fef/cert_scripts/more_devices.sh
@@ -1,4 +1,4 @@
 -#!/usr/bin/env bash
 +#!/bin/sh
--- a/feeds/ucentral/ucentralgw/patches/200-jwt.patch
+++ b/feeds/ucentral/ucentralgw/patches/200-jwt.patch
@@ -0,0 +1,20 @@
+Index: ucentralgw-2021-03-28-555b5fef/CMakeLists.txt
+===================================================================
+--- ucentralgw-2021-03-28-555b5fef.orig/CMakeLists.txt
+++ ucentralgw-2021-03-28-555b5fef/CMakeLists.txt
+@@ -40,7 +40,7 @@ find_package(ZLIB REQUIRED)
+ find_package(Lua REQUIRED)
+ 
+ if(SMALL_BUILD)
+-    find_package(Poco REQUIRED COMPONENTS Crypto Net Util NetSSL Data DataSQLite)
+    find_package(Poco REQUIRED COMPONENTS Crypto JWT Net Util NetSSL Data DataSQLite)
+ else()
+     find_package(CppKafka REQUIRED)
+     find_package(PostgreSQL REQUIRED)
+@@ -81,4 +81,4 @@ if(NOT SMALL_BUILD)
+             ${MySQL_LIBRARIES} ${ODBC_LIBRARIES} ${ZLIB_LIBRARIES} ${LUA_LIBRARIES}
+             CppKafka::cppkafka
+              )
+-endif()
+\ No newline at end of file
+endif()
--- a/profiles/linksys_ea8300.yml
+++ b/profiles/linksys_ea8300.yml
@@ -3,7 +3,7 @@ profile: linksys_ea8300
 target: ipq40xx
 subtarget: generic
 description: Build image for the Linksys ea8300
-image: bin/targets/ipq40xx/generic/openwrt-ipq40xx-generic-edgecore_ecw5211-squashfs-nand-sysupgrade.bin
+image: bin/targets/ipq40xx/generic/openwrt-ipq40xx-generic-linksys_ea8300-squashfs-sysupgrade.bin
 include:
  - ucentral-ap
 packages:
--- a/profiles/mikrotik_nand-large.yml
+++ b/profiles/mikrotik_nand-large.yml
@@ -3,5 +3,6 @@ profile: nand-large
 target: ar71xx
 subtarget: mikrotik
 description: Build image for the Mikrotik RouterBoards
+image: bin/targets/ar71xx/mikrotik/openwrt-ar71xx-mikrotik-nand-large-squashfs-sysupgrade.bin
 include:
  - ucentral-ap-light
--- a/profiles/ubnt_edgerouter-x.yml
+++ b/profiles/ubnt_edgerouter-x.yml
@@ -3,5 +3,6 @@ profile: ubnt_edgerouter-x
 target: ramips
 subtarget: mt7621
 description: Build image for the Ubiquity ER-X
+image: bin/targets/ramips/mt7621/openwrt-ramips-mt7621-ubnt_edgerouter-x-squashfs-sysupgrade.bin
 include:
  - ucentral-gateway
--- a/profiles/ucentral-gateway.yml
+++ b/profiles/ucentral-gateway.yml
@@ -22,10 +22,12 @@ packages:
  - rpcd-mod-iwinfo
  - rpcd-mod-luci
  - rpcd-mod-rrdns
+  - tmate
  - ucentralgw
  - ucentral-freeradius
  - uhttpd
  - uhttpd-mod-ubus
+  - umdns
 diffconfig: |
  CONFIG_IMAGEOPT=y
  CONFIG_PREINITOPT=y
--- a/profiles/zyxel_gs1900-10hp.yml
+++ b/profiles/zyxel_gs1900-10hp.yml
@@ -3,6 +3,7 @@ profile: zyxel_gs1900-10hp
 target: realtek
 subtarget: generic
 description: Build image for the Zyxel GS1900-10HP
+image: bin/targets/realtek/generic/openwrt-realtek-generic-zyxel_gs1900-10hp-squashfs-sysupgrade.bin
 include:
 - realtek
 - ucentral-switch