From 26ccdc214d410b48e528ba434c49e8bb9c072806 Mon Sep 17 00:00:00 2001 From: Dmitry Dunaev Date: Wed, 30 Jun 2021 16:37:23 +0300 Subject: [PATCH] [WIFI-2856] Chg: make configration file to be generated from template --- .gitignore | 1 + helm/templates/_config.tpl | 5 + helm/templates/deployment.yaml | 2 + ...onfimap-config.yaml => secret-config.yaml} | 6 +- helm/values.yaml | 318 ++++++++---------- 5 files changed, 142 insertions(+), 190 deletions(-) create mode 100644 helm/templates/_config.tpl rename helm/templates/{confimap-config.yaml => secret-config.yaml} (77%) diff --git a/.gitignore b/.gitignore index 5809bb14..e3ebc908 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,4 @@ _deps /uploads/ test_scripts/curl/token.json .vscode/c_cpp_properties.json +test_scripts/curl/result.json diff --git a/helm/templates/_config.tpl b/helm/templates/_config.tpl new file mode 100644 index 00000000..652c6ca8 --- /dev/null +++ b/helm/templates/_config.tpl @@ -0,0 +1,5 @@ +{{- define "ucentralgw.config" -}} +{{- range $key, $value := .Values.configProperties }} +{{ $key }} = {{ $value }} +{{- end }} +{{- end -}} diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index bc402a4d..ed316075 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -22,6 +22,8 @@ spec: {{- end }} template: metadata: + annotations: + checksum/config: {{ include "ucentralgw.config" . | sha256sum }} labels: app.kubernetes.io/name: {{ include "ucentralgw.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/helm/templates/confimap-config.yaml b/helm/templates/secret-config.yaml similarity index 77% rename from helm/templates/confimap-config.yaml rename to helm/templates/secret-config.yaml index 596d307f..80e013de 100644 --- a/helm/templates/confimap-config.yaml +++ b/helm/templates/secret-config.yaml @@ -1,6 +1,5 @@ --- apiVersion: v1 -kind: ConfigMap metadata: labels: app.kuberentes.io/name: {{ include "ucentralgw.name" . }} @@ -8,6 +7,7 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} name: {{ include "ucentralgw.fullname" . }}-config +kind: Secret +type: Opaque data: - ucentral.properties: | -{{ .Values.config | indent 4 }} + ucentral.properties: {{ include "ucentralgw.config" . | b64enc }} diff --git a/helm/values.yaml b/helm/values.yaml index 569d24e8..fd02bfc4 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -75,8 +75,8 @@ volumes: subPath: ucentral.properties # Template below will be rendered in template volumeDefinition: | - configMap: - name: {{ include "ucentralgw.fullname" . }}-config + secret: + secretName: {{ include "ucentralgw.fullname" . }}-config - name: certs mountPath: /ucentral-data/certs volumeDefinition: | @@ -127,195 +127,139 @@ public_env_variables: secret_env_variables: {} -config: | - # - # uCentral protocol server for devices. This is where you point - # all your devices. You can replace the * for address by the specific - # address of one of your interfaces - # - ucentral.websocket.host.0.backlog = 500 - ucentral.websocket.host.0.rootca = /ucentral-data/certs/root.pem - ucentral.websocket.host.0.issuer = /ucentral-data/certs/issuer.pem - ucentral.websocket.host.0.cert = /ucentral-data/certs/websocket-cert.pem - ucentral.websocket.host.0.key = /ucentral-data/certs/websocket-key.pem - ucentral.websocket.host.0.clientcas = /ucentral-data/certs/clientcas.pem - ucentral.websocket.host.0.cas = /ucentral-data/certs/cas - ucentral.websocket.host.0.address = * - ucentral.websocket.host.0.port = 15002 - ucentral.websocket.host.0.security = strict - ucentral.websocket.host.0.key.password = mypassword - ucentral.websocket.maxreactors = 20 - - # - # REST API access - # - ucentral.restapi.host.0.backlog = 100 - ucentral.restapi.host.0.security = relaxed - ucentral.restapi.host.0.rootca = /ucentral-data/certs/restapi-ca.pem - ucentral.restapi.host.0.address = * - ucentral.restapi.host.0.port = 16001 - ucentral.restapi.host.0.cert = /ucentral-data/certs/restapi-cert.pem - ucentral.restapi.host.0.key = /ucentral-data/certs/restapi-key.pem - ucentral.restapi.host.0.key.password = mypassword - - # - # Used to upload files to the service. - # You should replace the 'name' vaalue with the IP address of your gateway or an FQDN - # that your devices can reach - # - ucentral.fileuploader.host.0.backlog = 100 - ucentral.fileuploader.host.0.rootca = /ucentral-data/certs/restapi-ca.pem - ucentral.fileuploader.host.0.security = relaxed - ucentral.fileuploader.host.0.address = * - ucentral.fileuploader.host.0.name = fileuploader-ucentral-2.cicd.lab.wlan.tip.build - ucentral.fileuploader.host.0.port = 16003 - ucentral.fileuploader.host.0.cert = /ucentral-data/certs/restapi-cert.pem - ucentral.fileuploader.host.0.key = /ucentral-data/certs/restapi-key.pem - ucentral.fileuploader.host.0.key.password = mypassword - ucentral.fileuploader.path = /ucentral-data/persist/uploads - ucentral.fileuploader.maxsize = 10000 - - # - # This section descrive how to do autoprovisioning - # When enabled, it will allow devices that are not in the system - # to be managed and serviced - # - ucentral.autoprovisioning = true - ucentral.service.key = /ucentral-data/certs/websocket-key.pem - ucentral.devicetypes.0 = AP:linksys_ea8300,edgecore_eap101,linksys_e8450-ubi - ucentral.devicetypes.1 = SWITCH:edgecore_ecs4100-12ph - ucentral.devicetypes.2 = IOT:esp32 - - # - # Callback hosts - # - ucentral.callback.enable = false - ucentral.callback.id = qblat6dfDHxQAZ6yMe6MrypBpgRDhQrhUtTOovOXAKAWU8qOvjjKKiUai4t9hGjA - ucentral.callback.0.local = localhost:16001 - ucentral.callback.0.remote = localhost:15055 - ucentral.callback.0.localkey = t2dEOc88OIxVDb94mw7SLcLocgnCzZzzFoQ4JJv3OCU9UO6Ou5ds5Dh4CfBnHgrk - ucentral.callback.0.remotekey = t2dEOc88OIxVDb94mw7SLcLocgnCzZzzFoQ4JJv3OCU9UO6Ou5ds5Dh4CfBnHgrk - ucentral.callback.0.topics = ucentralfws - - # +configProperties: + # -> Public part + # Websocket + ucentral.websocket.host.0.backlog: 500 + ucentral.websocket.host.0.rootca: $UCENTRAL_ROOT/certs/root.pem + ucentral.websocket.host.0.issuer: $UCENTRAL_ROOT/certs/issuer.pem + ucentral.websocket.host.0.cert: $UCENTRAL_ROOT/certs/websocket-cert.pem + ucentral.websocket.host.0.key: $UCENTRAL_ROOT/certs/websocket-key.pem + ucentral.websocket.host.0.clientcas: $UCENTRAL_ROOT/certs/clientcas.pem + ucentral.websocket.host.0.cas: $UCENTRAL_ROOT/certs/cas + ucentral.websocket.host.0.address: "*" + ucentral.websocket.host.0.port: 15002 + ucentral.websocket.host.0.security: strict + ucentral.websocket.maxreactors: 20 + # REST API + ucentral.restapi.host.0.backlog: 100 + ucentral.restapi.host.0.security: relaxed + ucentral.restapi.host.0.rootca: $UCENTRAL_ROOT/certs/restapi-ca.pem + ucentral.restapi.host.0.address: "*" + ucentral.restapi.host.0.port: 16001 + ucentral.restapi.host.0.cert: $UCENTRAL_ROOT/certs/restapi-cert.pem + ucentral.restapi.host.0.key: $UCENTRAL_ROOT/certs/restapi-key.pem + # File uploader + ucentral.fileuploader.host.0.backlog: 100 + ucentral.fileuploader.host.0.rootca: $UCENTRAL_ROOT/certs/restapi-ca.pem + ucentral.fileuploader.host.0.security: relaxed + ucentral.fileuploader.host.0.address: "*" + ucentral.fileuploader.host.0.name: localhost + ucentral.fileuploader.host.0.port: 16003 + ucentral.fileuploader.host.0.cert: $UCENTRAL_ROOT/certs/restapi-cert.pem + ucentral.fileuploader.host.0.key: $UCENTRAL_ROOT/certs/restapi-key.pem + ucentral.fileuploader.path: $UCENTRAL_ROOT/uploads + ucentral.fileuploader.maxsize: 10000 + # Auto provisioning + ucentral.autoprovisioning: "true" + ucentral.service.key: $UCENTRAL_ROOT/certs/restapi-key.pem + ucentral.devicetypes.0: AP:linksys_ea8300,edgecore_eap101,linksys_e8450-ubi + ucentral.devicetypes.1: SWITCH:edgecore_ecs4100-12ph + ucentral.devicetypes.2: IOT:esp32 + # Callback + ucentral.callback.enable: "false" + ucentral.callback.0.local: localhost:16001 + ucentral.callback.0.remote: localhost:15055 + ucentral.callback.0.topics: ucentralfws # rtty - # - rtty.enabled = false - rtty.server = localhost - rtty.port = 5912 - rtty.token = 96181c567b4d0d98c50f127230068fa8 - rtty.timeout = 60 - rtty.viewport = 5913 - - # - # NLB Support - # - alb.enable = true - alb.port = 15015 - - oui.download.uri = https://linuxnet.ca/ieee/oui.txt - - # + rtty.enabled: "true" + rtty.server: localhost + rtty.port: 5912 + rtty.timeout: 60 + rtty.viewport: 5913 + # ALB + alb.enable: "true" + alb.port: 15015 # Kafka - # - ucentral.kafka.enable = false - ucentral.kafka.brokerlist = 127.0.0.1:9092 - ucentral.kafka.auto.commit = false - ucentral.kafka.queue.buffering.max.ms = 50 - - # - # This section select which form of persistence you need - # Only one selected at a time. If you select multiple, this service will die if a horrible - # death and might make your beer flat. - # - storage.type = sqlite - #storage.type = postgresql - #storage.type = mysql - #storage.type = odbc - - storage.type.sqlite.db = devices.db - storage.type.sqlite.idletime = 120 - storage.type.sqlite.maxsessions = 128 - - storage.type.postgresql.maxsessions = 64 - storage.type.postgresql.idletime = 60 - storage.type.postgresql.host = localhost - storage.type.postgresql.username = stephb - storage.type.postgresql.password = snoopy99 - storage.type.postgresql.database = ucentral - storage.type.postgresql.port = 5432 - storage.type.postgresql.connectiontimeout = 60 - - storage.type.mysql.maxsessions = 64 - storage.type.mysql.idletime = 60 - storage.type.mysql.host = localhost - storage.type.mysql.username = stephb - storage.type.mysql.password = snoopy99 - storage.type.mysql.database = ucentral - storage.type.mysql.port = 3306 - storage.type.mysql.connectiontimeout = 60 - - # + ucentral.kafka.enable: "false" + ucentral.kafka.group.id: 1 + ucentral.kafka.brokerlist: localhost:9092 + ucentral.kafka.auto.commit: false + ucentral.kafka.queue.buffering.max.ms: 50 + # Storage + storage.type: sqlite # (sqlite|postgresql|mysql|odbc) + ## SQLite + storage.type.sqlite.db: devices.db + storage.type.sqlite.idletime: 120 + storage.type.sqlite.maxsessions: 128 + ## PostgreSQL + storage.type.postgresql.maxsessions: 64 + storage.type.postgresql.idletime: 60 + storage.type.postgresql.host: localhost + storage.type.postgresql.database: ucentral + storage.type.postgresql.port: 5432 + storage.type.postgresql.connectiontimeout: 60 + ## MySQL + storage.type.mysql.maxsessions: 64 + storage.type.mysql.idletime: 60 + storage.type.mysql.host: localhost + storage.type.mysql.database: ucentral + storage.type.mysql.port: 3306 + storage.type.mysql.connectiontimeout: 60 # Authentication - # - authentication.enabled = true - authentication.default.username = tip@ucentral.com - authentication.default.password = 13268b7daa751240369d125e79c873bd8dd3bef7981bdfd38ea03dbb1fbe7dcf - authentication.default.access = master - authentication.service.type = internal + authentication.enabled: "true" + authentication.default.access: master + authentication.service.type: internal + # Firmware + firmware.autoupdate.policy.default: auto + # System + ucentral.system.data: $UCENTRAL_ROOT/data + ucentral.system.debug: "true" + ucentral.system.uri.private: https://localhost:16001 + ucentral.system.uri.public: https://localhost:16001 + ucentral.system.commandchannel: /tmp/app_ucentralgw + oui.download.uri: https://linuxnet.ca/ieee/oui.txt + # Logging + logging.formatters.f1.class: PatternFormatter + logging.formatters.f1.pattern: "%s: [%p] %t" + logging.formatters.f1.times: UTC + logging.channels.c1.class: ConsoleChannel + logging.channels.c1.formatter: f1 + logging.channels.c2.class: FileChannel + logging.channels.c2.path: $UCENTRAL_ROOT/logs/log + logging.channels.c2.formatter.class: PatternFormatter + logging.channels.c2.formatter.pattern: "%Y-%m-%d %H:%M:%S %s: [%p] %t" + logging.channels.c2.rotation: "20 M" + logging.channels.c2.archive: timestamp + logging.channels.c2.purgeCount: 20 + logging.channels.c3.class: ConsoleChannel + logging.channels.c3.pattern: "%s: [%p] %t" + logging.loggers.root.channel: c2 + logging.loggers.root.level: debug - firmware.autoupdate.policy.default = auto - - system.directory.data = /ucentral-data/persist/data - - ucentral.system.debug = true - ucentral.system.id = 1 - ucentral.system.commandchannel = /tmp/app.ucentralgw - ucentral.system.host.0.path = https://host2.com:9010 - ucentral.system.host.0.id = 2 - ucentral.system.host.1.path = https://host3.com:9010 - ucentral.system.host.1.id = 3 - ucentral.system.host.2.path = https://host4.com:9010 - ucentral.system.host.2.id = 4 - - ######################################################################## - ######################################################################## - # - # Thw following sections apply to the uCentral service - # - # Logging: please leave as is for now. - # - ######################################################################## - ######################################################################## - - logging.formatters.f1.class = PatternFormatter - logging.formatters.f1.pattern = %s: [%p] %t - logging.formatters.f1.times = UTC - logging.channels.c1.class = ConsoleChannel - logging.channels.c1.formatter = f1 - # This is where the logs will be written. This path MUST exist - logging.channels.c2.class = FileChannel - logging.channels.c2.path = /dev/stdout - logging.channels.c2.formatter.class = PatternFormatter - logging.channels.c2.formatter.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t - logging.channels.c2.rotation = 20 M - logging.channels.c2.archive = timestamp - logging.channels.c2.purgeCount = 20 - logging.channels.c3.class = ConsoleChannel - logging.channels.c3.pattern = %s: [%p] %t - # External Channel - logging.loggers.root.channel = c2 - logging.loggers.root.level = information - # Inline Channel with PatternFormatter - # logging.loggers.l1.name = logger1 - # logging.loggers.l1.channel.class = ConsoleChannel - # logging.loggers.l1.channel.pattern = %s: [%p] %t - # logging.loggers.l1.level = information - # SplitterChannel - # logging.channels.splitter.class = SplitterChannel - # logging.channels.splitter.channels = l1,l2 - # logging.loggers.l2.name = logger2 - # logging.loggers.l2.channel = splitter + # -> Secret part + # Websocket + ucentral.websocket.host.0.key.password: mypassword + # REST API + ucentral.restapi.host.0.key.password: mypassword + # File uploader + ucentral.fileuploader.host.0.key.password: mypassword + # Callback + ucentral.callback.id: qblat6dfDHxQAZ6yMe6MrypBpgRDhQrhUtTOovOXAKAWU8qOvjjKKiUai4t9hGjA + ucentral.callback.0.localkey: t2dEOc88OIxVDb94mw7SLcLocgnCzZzzFoQ4JJv3OCU9UO6Ou5ds5Dh4CfBnHgrk + ucentral.callback.0.remotekey: t2dEOc88OIxVDb94mw7SLcLocgnCzZzzFoQ4JJv3OCU9UO6Ou5ds5Dh4CfBnHgrk + # rtty + rtty.token: 96181c567b4d0d98c50f127230068fa8 + # Storage + ## PostgreSQL + storage.type.postgresql.username: stephb + storage.type.postgresql.password: snoopy99 + ## MySQL + storage.type.mysql.username: stephb + storage.type.mysql.password: snoopy99 + # Authentication + authentication.default.username: tip@ucentral.com + authentication.default.password: 13268b7daa751240369d125e79c873bd8dd3bef7981bdfd38ea03dbb1fbe7dcf certs: clientcas.pem: |