[WIFI-3294] Docker support for Provisioning Service (#2)

* Add Dockerfile and related config

Signed-off-by: oblom0v <johann.hoffmann@mailbox.org>

* Add Github workflows

Signed-off-by: oblom0v <johann.hoffmann@mailbox.org>

* Fix image name

Signed-off-by: oblom0v <johann.hoffmann@mailbox.org>

.github/workflows/ci.yml

@@ -0,0 +1,65 @@
+name: CI
+
+on:
+  push:
+    paths-ignore:
+      - 'openapi/**'
+      - '**.md'
+    branches:
+      - main
+      - 'release/*'
+    tags:
+      - 'v*'
+  pull_request:
+    branches:
+      - main
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  docker:
+    runs-on: ubuntu-20.04
+    env:
+      DOCKER_REGISTRY_URL: tip-tip-wlan-cloud-ucentral.jfrog.io
+      DOCKER_REGISTRY_USERNAME: ucentral
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Build Docker image
+      run: docker build -t wlan-cloud-owprov:${{ github.sha }} .
+
+    - name: Tag Docker image
+      run: |
+        TAGS="${{ github.sha }}"
+        if [[ ${GITHUB_REF} == "refs/heads/"* ]]
+        then
+          CURRENT_TAG=$(echo ${GITHUB_REF#refs/heads/} | tr '/' '-')
+          TAGS="$TAGS $CURRENT_TAG"
+        else
+          if [[ ${GITHUB_REF} == "refs/tags/"* ]]
+          then
+            CURRENT_TAG=$(echo ${GITHUB_REF#refs/tags/} | tr '/' '-')
+            TAGS="$TAGS $CURRENT_TAG"
+          else # PR build
+            CURRENT_TAG=$(echo ${GITHUB_HEAD_REF#refs/heads/} | tr '/' '-')
+            TAGS="$TAGS $CURRENT_TAG"
+          fi
+        fi
+        echo "Result tags: $TAGS"
+        for tag in $TAGS; do
+          docker tag wlan-cloud-owprov:${{ github.sha }} ${{ env.DOCKER_REGISTRY_URL }}/owprov:$tag
+        done
+    - name: Log into Docker registry
+      if: startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/pull/') || github.ref == 'refs/heads/main'
+      uses: docker/login-action@v1
+      with:
+        registry: ${{ env.DOCKER_REGISTRY_URL }}
+        username: ${{ env.DOCKER_REGISTRY_USERNAME }}
+        password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
+
+    - name: Push Docker images
+      if: startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/pull/') || github.ref == 'refs/heads/main'
+      run: |
+        docker images | grep ${{ env.DOCKER_REGISTRY_URL }}/owprov | awk -F ' ' '{print $1":"$2}' | xargs -I {} docker push {}

.github/workflows/cleanup.yml

@@ -0,0 +1,19 @@
+name: Clean up PR Docker images
+
+on:
+  pull_request:
+    branches:
+      - main
+    types: [ closed ]
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  cleanup:
+    runs-on: ubuntu-latest
+    steps:
+      - run: |
+          export PR_BRANCH_TAG=$(echo ${GITHUB_HEAD_REF#refs/heads/} | tr '/' '-')
+          curl -uucentral:${{ secrets.DOCKER_REGISTRY_PASSWORD }} -X DELETE "https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral/owprov/$PR_BRANCH_TAG"

Dockerfile

@@ -0,0 +1,83 @@
+FROM alpine AS builder
+
+RUN apk add --update --no-cache \
+    make cmake gcc g++ libstdc++ libgcc git zlib-dev \
+    openssl-dev boost-dev curl-dev \
+    postgresql-dev mariadb-dev \
+    librdkafka-dev nlohmann-json
+
+RUN git clone https://github.com/stephb9959/poco /poco
+RUN git clone https://github.com/stephb9959/cppkafka /cppkafka
+RUN git clone --recurse-submodules https://github.com/aws/aws-sdk-cpp /aws-sdk-cpp
+RUN git clone https://github.com/pboettch/json-schema-validator /json-schema-validator
+
+WORKDIR /aws-sdk-cpp
+RUN mkdir cmake-build
+WORKDIR cmake-build
+RUN cmake .. -DBUILD_ONLY="s3" \
+             -DCMAKE_BUILD_TYPE=Release \
+             -DCMAKE_CXX_FLAGS="-Wno-error=stringop-overflow -Wno-error=uninitialized" \ 
+             -DAUTORUN_UNIT_TESTS=OFF
+RUN cmake --build . --config Release -j8
+RUN cmake --build . --target install
+
+WORKDIR /cppkafka
+RUN mkdir cmake-build
+WORKDIR cmake-build
+RUN cmake ..
+RUN cmake --build . --config Release -j8
+RUN cmake --build . --target install
+
+WORKDIR /poco
+RUN mkdir cmake-build
+WORKDIR cmake-build
+RUN cmake ..
+RUN cmake --build . --config Release -j8
+RUN cmake --build . --target install
+
+WORKDIR /json-schema-validator
+RUN mkdir cmake-build
+WORKDIR cmake-build
+RUN cmake ..
+RUN make
+RUN make install
+
+ADD CMakeLists.txt build /owprov/
+ADD cmake /owprov/cmake
+ADD src /owprov/src
+
+WORKDIR /owprov
+RUN mkdir cmake-build
+WORKDIR /owprov/cmake-build
+RUN cmake ..
+RUN cmake --build . --config Release -j8
+
+FROM alpine
+
+ENV OWPROV_USER=owprov \
+    OWPROV_ROOT=/owprov-data \
+    OWPROV_CONFIG=/owprov-data
+
+RUN addgroup -S "$OWPROV_USER" && \
+    adduser -S -G "$OWPROV_USER" "$OWPROV_USER"
+
+RUN mkdir /openwifi
+RUN mkdir -p "$OWPROV_ROOT" "$OWPROV_CONFIG" && \
+    chown "$OWPROV_USER": "$OWPROV_ROOT" "$OWPROV_CONFIG"
+RUN apk add --update --no-cache librdkafka curl-dev mariadb-connector-c libpq su-exec gettext ca-certificates
+
+COPY --from=builder /owprov/cmake-build/owprov /openwifi/owprov
+COPY --from=builder /cppkafka/cmake-build/src/lib/* /lib/
+COPY --from=builder /poco/cmake-build/lib/* /lib/
+COPY --from=builder /aws-sdk-cpp/cmake-build/aws-cpp-sdk-core/libaws-cpp-sdk-core.so /lib/
+COPY --from=builder /aws-sdk-cpp/cmake-build/aws-cpp-sdk-s3/libaws-cpp-sdk-s3.so /lib/
+
+COPY owprov.properties.tmpl ${OWPROV_CONFIG}/
+COPY docker-entrypoint.sh /
+RUN wget https://raw.githubusercontent.com/Telecominfraproject/wlan-cloud-ucentral-deploy/main/docker-compose/certs/restapi-ca.pem \
+    -O /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+
+EXPOSE 16005 17005 16105
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD ["/openwifi/owprov"]

docker-entrypoint.sh

@@ -0,0 +1,48 @@
+#!/bin/sh
+set -e
+
+if [ "$SELFSIGNED_CERTS" = 'true' ]; then
+    update-ca-certificates
+fi
+
+if [[ "$TEMPLATE_CONFIG" = 'true' && ! -f "$OWPROV_CONFIG"/owprov.properties ]]; then
+  RESTAPI_HOST_ROOTCA=${RESTAPI_HOST_ROOTCA:-"\$OWPROV_ROOT/certs/restapi-ca.pem"} \
+  RESTAPI_HOST_PORT=${RESTAPI_HOST_PORT:-"16005"} \
+  RESTAPI_HOST_CERT=${RESTAPI_HOST_CERT:-"\$OWPROV_ROOT/certs/restapi-cert.pem"} \
+  RESTAPI_HOST_KEY=${RESTAPI_HOST_KEY:-"\$OWPROV_ROOT/certs/restapi-key.pem"} \
+  RESTAPI_HOST_KEY_PASSWORD=${RESTAPI_HOST_KEY_PASSWORD:-"mypassword"} \
+  INTERNAL_RESTAPI_HOST_ROOTCA=${INTERNAL_RESTAPI_HOST_ROOTCA:-"\$OWPROV_ROOT/certs/restapi-ca.pem"} \
+  INTERNAL_RESTAPI_HOST_PORT=${INTERNAL_RESTAPI_HOST_PORT:-"17005"} \
+  INTERNAL_RESTAPI_HOST_CERT=${INTERNAL_RESTAPI_HOST_CERT:-"\$OWPROV_ROOT/certs/restapi-cert.pem"} \
+  INTERNAL_RESTAPI_HOST_KEY=${INTERNAL_RESTAPI_HOST_KEY:-"\$OWPROV_ROOT/certs/restapi-key.pem"} \
+  INTERNAL_RESTAPI_HOST_KEY_PASSWORD=${INTERNAL_RESTAPI_HOST_KEY_PASSWORD:-"mypassword"} \
+  SERVICE_KEY=${SERVICE_KEY:-"\$OWPROV_ROOT/certs/restapi-key.pem"} \
+  SERVICE_KEY_PASSWORD=${SERVICE_KEY_PASSWORD:-"mypassword"} \
+  SYSTEM_DATA=${SYSTEM_DATA:-"\$OWPROV_ROOT/data"} \
+  SYSTEM_URI_PRIVATE=${SYSTEM_URI_PRIVATE:-"https://localhost:17005"} \
+  SYSTEM_URI_PUBLIC=${SYSTEM_URI_PUBLIC:-"https://localhost:16005"} \
+  SYSTEM_URI_UI=${SYSTEM_URI_UI:-"http://localhost"} \
+  KAFKA_ENABLE=${KAFKA_ENABLE:-"true"} \
+  KAFKA_BROKERLIST=${KAFKA_BROKERLIST:-"localhost:9092"} \
+  STORAGE_TYPE=${STORAGE_TYPE:-"sqlite"} \
+  STORAGE_TYPE_POSTGRESQL_HOST=${STORAGE_TYPE_POSTGRESQL_HOST:-"localhost"} \
+  STORAGE_TYPE_POSTGRESQL_USERNAME=${STORAGE_TYPE_POSTGRESQL_USERNAME:-"owprov"} \
+  STORAGE_TYPE_POSTGRESQL_PASSWORD=${STORAGE_TYPE_POSTGRESQL_PASSWORD:-"owprov"} \
+  STORAGE_TYPE_POSTGRESQL_DATABASE=${STORAGE_TYPE_POSTGRESQL_DATABASE:-"owprov"} \
+  STORAGE_TYPE_POSTGRESQL_PORT=${STORAGE_TYPE_POSTGRESQL_PORT:-"5432"} \
+  STORAGE_TYPE_MYSQL_HOST=${STORAGE_TYPE_MYSQL_HOST:-"localhost"} \
+  STORAGE_TYPE_MYSQL_USERNAME=${STORAGE_TYPE_MYSQL_USERNAME:-"owprov"} \
+  STORAGE_TYPE_MYSQL_PASSWORD=${STORAGE_TYPE_MYSQL_PASSWORD:-"owprov"} \
+  STORAGE_TYPE_MYSQL_DATABASE=${STORAGE_TYPE_MYSQL_DATABASE:-"owprov"} \
+  STORAGE_TYPE_MYSQL_PORT=${STORAGE_TYPE_MYSQL_PORT:-"3306"} \
+  envsubst < $OWPROV_CONFIG/owprov.properties.tmpl > $OWPROV_CONFIG/owprov.properties
+fi
+
+if [ "$1" = '/openwifi/owprov' -a "$(id -u)" = '0' ]; then
+    if [ "$RUN_CHOWN" = 'true' ]; then
+      chown -R "$OWPROV_USER": "$OWPROV_ROOT" "$OWPROV_CONFIG"
+    fi
+    exec su-exec "$OWPROV_USER" "$@"
+fi
+
+exec "$@"

owprov.properties.tmpl

@@ -0,0 +1,128 @@
+#
+# uCentral protocol server for devices. This is where you point
+# all your devices. You can replace the * for address by the specific
+# address of one of your interfaces
+#
+
+#
+# REST API access
+#
+openwifi.restapi.host.0.backlog = 100
+openwifi.restapi.host.0.security = relaxed
+openwifi.restapi.host.0.rootca = ${RESTAPI_HOST_ROOTCA}
+openwifi.restapi.host.0.address = *
+openwifi.restapi.host.0.port = ${RESTAPI_HOST_PORT}
+openwifi.restapi.host.0.cert = ${RESTAPI_HOST_CERT}
+openwifi.restapi.host.0.key = ${RESTAPI_HOST_KEY}
+openwifi.restapi.host.0.key.password = ${RESTAPI_HOST_KEY_PASSWORD}
+
+openwifi.internal.restapi.host.0.backlog = 100
+openwifi.internal.restapi.host.0.security = relaxed
+openwifi.internal.restapi.host.0.rootca = ${INTERNAL_RESTAPI_HOST_ROOTCA}
+openwifi.internal.restapi.host.0.address = *
+openwifi.internal.restapi.host.0.port = ${INTERNAL_RESTAPI_HOST_PORT}
+openwifi.internal.restapi.host.0.cert = ${INTERNAL_RESTAPI_HOST_CERT}
+openwifi.internal.restapi.host.0.key = ${INTERNAL_RESTAPI_HOST_KEY}
+openwifi.internal.restapi.host.0.key.password = ${INTERNAL_RESTAPI_HOST_KEY_PASSWORD}
+
+#
+# Generic section that all microservices must have
+#
+openwifi.service.key = ${SERVICE_KEY}
+openwifi.service.key.password = ${SERVICE_KEY_PASSWORD}
+openwifi.system.data = ${SYSTEM_DATA}
+openwifi.system.debug = false
+openwifi.system.uri.private = ${SYSTEM_URI_PRIVATE}
+openwifi.system.uri.public = ${SYSTEM_URI_PUBLIC}
+openwifi.system.commandchannel = /tmp/app.ucentralfms
+openwifi.system.uri.ui = ${SYSTEM_URI_UI}
+
+#############################
+# Generic information for all micro services
+#############################
+#
+# NLB Support
+#
+alb.enable = true
+alb.port = 16105
+
+#
+# Kafka
+#
+openwifi.kafka.group.id = prov
+openwifi.kafka.client.id = prov1
+openwifi.kafka.enable = ${KAFKA_ENABLE}
+openwifi.kafka.brokerlist = ${KAFKA_BROKERLIST}
+openwifi.kafka.auto.commit = false
+openwifi.kafka.queue.buffering.max.ms = 50
+
+#
+# This section select which form of persistence you need
+# Only one selected at a time. If you select multiple, this service will die if a horrible
+# death and might make your beer flat.
+#
+storage.type = ${STORAGE_TYPE}
+
+storage.type.sqlite.db = prov.db
+storage.type.sqlite.idletime = 120
+storage.type.sqlite.maxsessions = 128
+
+storage.type.postgresql.maxsessions = 64
+storage.type.postgresql.idletime = 60
+storage.type.postgresql.host = ${STORAGE_TYPE_POSTGRESQL_HOST}
+storage.type.postgresql.username = ${STORAGE_TYPE_POSTGRESQL_USERNAME}
+storage.type.postgresql.password = ${STORAGE_TYPE_POSTGRESQL_PASSWORD}
+storage.type.postgresql.database = ${STORAGE_TYPE_POSTGRESQL_DATABASE}
+storage.type.postgresql.port = ${STORAGE_TYPE_POSTGRESQL_PORT}
+storage.type.postgresql.connectiontimeout = 60
+
+storage.type.mysql.maxsessions = 64
+storage.type.mysql.idletime = 60
+storage.type.mysql.host = ${STORAGE_TYPE_MYSQL_HOST}
+storage.type.mysql.username = ${STORAGE_TYPE_MYSQL_USERNAME}
+storage.type.mysql.password = ${STORAGE_TYPE_MYSQL_PASSWORD}
+storage.type.mysql.database = ${STORAGE_TYPE_MYSQL_DATABASE}
+storage.type.mysql.port = ${STORAGE_TYPE_MYSQL_PORT}
+storage.type.mysql.connectiontimeout = 60
+
+
+########################################################################
+########################################################################
+#
+# Logging: please leave as is for now.
+#
+########################################################################
+logging.formatters.f1.class = PatternFormatter
+logging.formatters.f1.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
+logging.formatters.f1.times = UTC
+logging.channels.c1.class = ConsoleChannel
+logging.channels.c1.formatter = f1
+
+# This is where the logs will be written. This path MUST exist
+logging.channels.c2.class = FileChannel
+logging.channels.c2.path = $OWPROV_ROOT/logs/log
+logging.channels.c2.formatter.class = PatternFormatter
+logging.channels.c2.formatter.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
+logging.channels.c2.rotation = 20 M
+logging.channels.c2.archive = timestamp
+logging.channels.c2.purgeCount = 20
+logging.channels.c3.class = ConsoleChannel
+logging.channels.c3.pattern = %s: [%p] %t
+
+# External Channel
+logging.loggers.root.channel = c1
+logging.loggers.root.level = debug
+
+# Inline Channel with PatternFormatter
+# logging.loggers.l1.name = logger1
+# logging.loggers.l1.channel.class = ConsoleChannel
+# logging.loggers.l1.channel.pattern = %s: [%p] %t
+# logging.loggers.l1.level = information
+# SplitterChannel
+# logging.channels.splitter.class = SplitterChannel
+# logging.channels.splitter.channels = l1,l2
+# logging.loggers.l2.name = logger2
+# logging.loggers.l2.channel = splitter
+
+
+