[WIFI-2856] Chg: make configration file to be generated from template

.gitignore

@@ -23,3 +23,4 @@ _deps
 /uploads/
 test_scripts/curl/token.json
 .vscode/c_cpp_properties.json
+test_scripts/curl/result.json

helm/templates/_config.tpl

@@ -0,0 +1,5 @@
+{{- define "ucentralgw.config" -}}
+{{- range $key, $value := .Values.configProperties }}
+{{ $key }} = {{ $value }}
+{{- end }}
+{{- end -}}

helm/templates/deployment.yaml

@@ -22,6 +22,8 @@ spec:
       {{- end }}
   template:
     metadata:
+      annotations:
+        checksum/config: {{ include "ucentralgw.config" . | sha256sum }}
       labels:
         app.kubernetes.io/name: {{ include "ucentralgw.name" . }}
         app.kubernetes.io/instance: {{ .Release.Name }}

helm/templates/secret-config.yaml

@@ -1,6 +1,5 @@
 ---
 apiVersion: v1
-kind: ConfigMap
 metadata:
   labels:
     app.kuberentes.io/name: {{ include "ucentralgw.name" . }}
@@ -8,6 +7,7 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
   name: {{ include "ucentralgw.fullname" . }}-config
+kind: Secret
+type: Opaque
 data:
-  ucentral.properties: |
+  ucentral.properties: {{ include "ucentralgw.config" . | b64enc }}
-{{ .Values.config | indent 4 }}

helm/values.yaml

@@ -75,8 +75,8 @@ volumes:
       subPath: ucentral.properties
       # Template below will be rendered in template
       volumeDefinition: |
-        configMap:
+        secret:
-          name: {{ include "ucentralgw.fullname" . }}-config
+          secretName: {{ include "ucentralgw.fullname" . }}-config
     - name: certs
       mountPath: /ucentral-data/certs
       volumeDefinition: |
@@ -127,195 +127,139 @@ public_env_variables:
 
 secret_env_variables: {}
 
-config: |
+configProperties:
-  #
+  # -> Public part
-  # uCentral protocol server for devices. This is where you point
+  # Websocket
-  # all your devices. You can replace the * for address by the specific
+  ucentral.websocket.host.0.backlog: 500
-  # address of one of your interfaces
+  ucentral.websocket.host.0.rootca: $UCENTRAL_ROOT/certs/root.pem
-  #
+  ucentral.websocket.host.0.issuer: $UCENTRAL_ROOT/certs/issuer.pem
-  ucentral.websocket.host.0.backlog = 500
+  ucentral.websocket.host.0.cert: $UCENTRAL_ROOT/certs/websocket-cert.pem
-  ucentral.websocket.host.0.rootca = /ucentral-data/certs/root.pem
+  ucentral.websocket.host.0.key: $UCENTRAL_ROOT/certs/websocket-key.pem
-  ucentral.websocket.host.0.issuer = /ucentral-data/certs/issuer.pem
+  ucentral.websocket.host.0.clientcas: $UCENTRAL_ROOT/certs/clientcas.pem
-  ucentral.websocket.host.0.cert = /ucentral-data/certs/websocket-cert.pem
+  ucentral.websocket.host.0.cas: $UCENTRAL_ROOT/certs/cas
-  ucentral.websocket.host.0.key = /ucentral-data/certs/websocket-key.pem
+  ucentral.websocket.host.0.address: "*"
-  ucentral.websocket.host.0.clientcas = /ucentral-data/certs/clientcas.pem
+  ucentral.websocket.host.0.port: 15002
-  ucentral.websocket.host.0.cas = /ucentral-data/certs/cas
+  ucentral.websocket.host.0.security: strict
-  ucentral.websocket.host.0.address = *
+  ucentral.websocket.maxreactors: 20
-  ucentral.websocket.host.0.port = 15002
+  # REST API
-  ucentral.websocket.host.0.security = strict
+  ucentral.restapi.host.0.backlog: 100
-  ucentral.websocket.host.0.key.password = mypassword
+  ucentral.restapi.host.0.security: relaxed
-  ucentral.websocket.maxreactors = 20
+  ucentral.restapi.host.0.rootca: $UCENTRAL_ROOT/certs/restapi-ca.pem
-
+  ucentral.restapi.host.0.address: "*"
-  #
+  ucentral.restapi.host.0.port: 16001
-  # REST API access
+  ucentral.restapi.host.0.cert: $UCENTRAL_ROOT/certs/restapi-cert.pem
-  #
+  ucentral.restapi.host.0.key: $UCENTRAL_ROOT/certs/restapi-key.pem
-  ucentral.restapi.host.0.backlog = 100
+  # File uploader
-  ucentral.restapi.host.0.security = relaxed
+  ucentral.fileuploader.host.0.backlog: 100
-  ucentral.restapi.host.0.rootca = /ucentral-data/certs/restapi-ca.pem
+  ucentral.fileuploader.host.0.rootca: $UCENTRAL_ROOT/certs/restapi-ca.pem
-  ucentral.restapi.host.0.address = *
+  ucentral.fileuploader.host.0.security: relaxed
-  ucentral.restapi.host.0.port = 16001
+  ucentral.fileuploader.host.0.address: "*"
-  ucentral.restapi.host.0.cert = /ucentral-data/certs/restapi-cert.pem
+  ucentral.fileuploader.host.0.name: localhost
-  ucentral.restapi.host.0.key = /ucentral-data/certs/restapi-key.pem
+  ucentral.fileuploader.host.0.port: 16003
-  ucentral.restapi.host.0.key.password = mypassword
+  ucentral.fileuploader.host.0.cert: $UCENTRAL_ROOT/certs/restapi-cert.pem
-
+  ucentral.fileuploader.host.0.key: $UCENTRAL_ROOT/certs/restapi-key.pem
-  #
+  ucentral.fileuploader.path: $UCENTRAL_ROOT/uploads
-  # Used to upload files to the service.
+  ucentral.fileuploader.maxsize: 10000
-  # You should replace the 'name' vaalue with the IP address of your gateway or an FQDN
+  # Auto provisioning
-  # that your devices can reach
+  ucentral.autoprovisioning: "true"
-  #
+  ucentral.service.key: $UCENTRAL_ROOT/certs/restapi-key.pem
-  ucentral.fileuploader.host.0.backlog = 100
+  ucentral.devicetypes.0: AP:linksys_ea8300,edgecore_eap101,linksys_e8450-ubi
-  ucentral.fileuploader.host.0.rootca = /ucentral-data/certs/restapi-ca.pem
+  ucentral.devicetypes.1: SWITCH:edgecore_ecs4100-12ph
-  ucentral.fileuploader.host.0.security = relaxed
+  ucentral.devicetypes.2: IOT:esp32
-  ucentral.fileuploader.host.0.address = *
+  # Callback
-  ucentral.fileuploader.host.0.name = fileuploader-ucentral-2.cicd.lab.wlan.tip.build
+  ucentral.callback.enable: "false"
-  ucentral.fileuploader.host.0.port = 16003
+  ucentral.callback.0.local: localhost:16001
-  ucentral.fileuploader.host.0.cert = /ucentral-data/certs/restapi-cert.pem
+  ucentral.callback.0.remote: localhost:15055
-  ucentral.fileuploader.host.0.key = /ucentral-data/certs/restapi-key.pem
+  ucentral.callback.0.topics: ucentralfws
-  ucentral.fileuploader.host.0.key.password = mypassword
-  ucentral.fileuploader.path = /ucentral-data/persist/uploads
-  ucentral.fileuploader.maxsize = 10000
-
-  #
-  # This section descrive how to do autoprovisioning
-  # When enabled, it will allow devices that are not in the system
-  # to be managed and serviced
-  #
-  ucentral.autoprovisioning = true
-  ucentral.service.key = /ucentral-data/certs/websocket-key.pem
-  ucentral.devicetypes.0 = AP:linksys_ea8300,edgecore_eap101,linksys_e8450-ubi
-  ucentral.devicetypes.1 = SWITCH:edgecore_ecs4100-12ph
-  ucentral.devicetypes.2 = IOT:esp32
-
-  #
-  # Callback hosts
-  #
-  ucentral.callback.enable = false
-  ucentral.callback.id = qblat6dfDHxQAZ6yMe6MrypBpgRDhQrhUtTOovOXAKAWU8qOvjjKKiUai4t9hGjA
-  ucentral.callback.0.local = localhost:16001
-  ucentral.callback.0.remote = localhost:15055
-  ucentral.callback.0.localkey = t2dEOc88OIxVDb94mw7SLcLocgnCzZzzFoQ4JJv3OCU9UO6Ou5ds5Dh4CfBnHgrk
-  ucentral.callback.0.remotekey = t2dEOc88OIxVDb94mw7SLcLocgnCzZzzFoQ4JJv3OCU9UO6Ou5ds5Dh4CfBnHgrk
-  ucentral.callback.0.topics = ucentralfws
-
-  #
   # rtty
-  #
+  rtty.enabled: "true"
-  rtty.enabled = false
+  rtty.server: localhost
-  rtty.server = localhost
+  rtty.port: 5912
-  rtty.port = 5912
+  rtty.timeout: 60
-  rtty.token = 96181c567b4d0d98c50f127230068fa8
+  rtty.viewport: 5913
-  rtty.timeout = 60
+  # ALB
-  rtty.viewport = 5913
+  alb.enable: "true"
-
+  alb.port: 15015
-  #
-  # NLB Support
-  #
-  alb.enable = true
-  alb.port = 15015
-
-  oui.download.uri = https://linuxnet.ca/ieee/oui.txt
-
-  #
   # Kafka
-  #
+  ucentral.kafka.enable: "false"
-  ucentral.kafka.enable = false
+  ucentral.kafka.group.id: 1
-  ucentral.kafka.brokerlist = 127.0.0.1:9092
+  ucentral.kafka.brokerlist: localhost:9092
-  ucentral.kafka.auto.commit = false
+  ucentral.kafka.auto.commit: false
-  ucentral.kafka.queue.buffering.max.ms = 50
+  ucentral.kafka.queue.buffering.max.ms: 50
-
+  # Storage
-  #
+  storage.type: sqlite # (sqlite|postgresql|mysql|odbc)
-  # This section select which form of persistence you need
+  ## SQLite
-  # Only one selected at a time. If you select multiple, this service will die if a horrible
+  storage.type.sqlite.db: devices.db
-  # death and might make your beer flat.
+  storage.type.sqlite.idletime: 120
-  #
+  storage.type.sqlite.maxsessions: 128
-  storage.type = sqlite
+  ## PostgreSQL
-  #storage.type = postgresql
+  storage.type.postgresql.maxsessions: 64
-  #storage.type = mysql
+  storage.type.postgresql.idletime: 60
-  #storage.type = odbc
+  storage.type.postgresql.host: localhost
-
+  storage.type.postgresql.database: ucentral
-  storage.type.sqlite.db = devices.db
+  storage.type.postgresql.port: 5432
-  storage.type.sqlite.idletime = 120
+  storage.type.postgresql.connectiontimeout: 60
-  storage.type.sqlite.maxsessions = 128
+  ## MySQL
-
+  storage.type.mysql.maxsessions: 64
-  storage.type.postgresql.maxsessions = 64
+  storage.type.mysql.idletime: 60
-  storage.type.postgresql.idletime = 60
+  storage.type.mysql.host: localhost
-  storage.type.postgresql.host = localhost
+  storage.type.mysql.database: ucentral
-  storage.type.postgresql.username = stephb
+  storage.type.mysql.port: 3306
-  storage.type.postgresql.password = snoopy99
+  storage.type.mysql.connectiontimeout: 60
-  storage.type.postgresql.database = ucentral
-  storage.type.postgresql.port = 5432
-  storage.type.postgresql.connectiontimeout = 60
-
-  storage.type.mysql.maxsessions = 64
-  storage.type.mysql.idletime = 60
-  storage.type.mysql.host = localhost
-  storage.type.mysql.username = stephb
-  storage.type.mysql.password = snoopy99
-  storage.type.mysql.database = ucentral
-  storage.type.mysql.port = 3306
-  storage.type.mysql.connectiontimeout = 60
-
-  #
   # Authentication
-  #
+  authentication.enabled: "true"
-  authentication.enabled = true
+  authentication.default.access: master
-  authentication.default.username = tip@ucentral.com
+  authentication.service.type: internal
-  authentication.default.password = 13268b7daa751240369d125e79c873bd8dd3bef7981bdfd38ea03dbb1fbe7dcf
+  # Firmware
-  authentication.default.access = master
+  firmware.autoupdate.policy.default: auto
-  authentication.service.type = internal
+  # System
+  ucentral.system.data: $UCENTRAL_ROOT/data
+  ucentral.system.debug: "true"
+  ucentral.system.uri.private: https://localhost:16001
+  ucentral.system.uri.public: https://localhost:16001
+  ucentral.system.commandchannel: /tmp/app_ucentralgw
+  oui.download.uri: https://linuxnet.ca/ieee/oui.txt
+  # Logging
+  logging.formatters.f1.class: PatternFormatter
+  logging.formatters.f1.pattern: "%s: [%p] %t"
+  logging.formatters.f1.times: UTC
+  logging.channels.c1.class: ConsoleChannel
+  logging.channels.c1.formatter: f1
+  logging.channels.c2.class: FileChannel
+  logging.channels.c2.path: $UCENTRAL_ROOT/logs/log
+  logging.channels.c2.formatter.class: PatternFormatter
+  logging.channels.c2.formatter.pattern: "%Y-%m-%d %H:%M:%S %s: [%p] %t"
+  logging.channels.c2.rotation: "20 M"
+  logging.channels.c2.archive: timestamp
+  logging.channels.c2.purgeCount: 20
+  logging.channels.c3.class: ConsoleChannel
+  logging.channels.c3.pattern: "%s: [%p] %t"
+  logging.loggers.root.channel: c2
+  logging.loggers.root.level: debug
 
-  firmware.autoupdate.policy.default = auto
+  # -> Secret part
-
+  # Websocket
-  system.directory.data = /ucentral-data/persist/data
+  ucentral.websocket.host.0.key.password: mypassword
-
+  # REST API
-  ucentral.system.debug = true
+  ucentral.restapi.host.0.key.password: mypassword
-  ucentral.system.id = 1
+  # File uploader
-  ucentral.system.commandchannel = /tmp/app.ucentralgw
+  ucentral.fileuploader.host.0.key.password: mypassword
-  ucentral.system.host.0.path = https://host2.com:9010
+  # Callback
-  ucentral.system.host.0.id = 2
+  ucentral.callback.id: qblat6dfDHxQAZ6yMe6MrypBpgRDhQrhUtTOovOXAKAWU8qOvjjKKiUai4t9hGjA
-  ucentral.system.host.1.path = https://host3.com:9010
+  ucentral.callback.0.localkey: t2dEOc88OIxVDb94mw7SLcLocgnCzZzzFoQ4JJv3OCU9UO6Ou5ds5Dh4CfBnHgrk
-  ucentral.system.host.1.id = 3
+  ucentral.callback.0.remotekey: t2dEOc88OIxVDb94mw7SLcLocgnCzZzzFoQ4JJv3OCU9UO6Ou5ds5Dh4CfBnHgrk
-  ucentral.system.host.2.path = https://host4.com:9010
+  # rtty
-  ucentral.system.host.2.id = 4
+  rtty.token: 96181c567b4d0d98c50f127230068fa8
-
+  # Storage
-  ########################################################################
+  ## PostgreSQL
-  ########################################################################
+  storage.type.postgresql.username: stephb
-  #
+  storage.type.postgresql.password: snoopy99
-  # Thw following sections apply to the uCentral service
+  ## MySQL
-  #
+  storage.type.mysql.username: stephb
-  # Logging: please leave as is for now.
+  storage.type.mysql.password: snoopy99
-  #
+  # Authentication
-  ########################################################################
+  authentication.default.username: tip@ucentral.com
-  ########################################################################
+  authentication.default.password: 13268b7daa751240369d125e79c873bd8dd3bef7981bdfd38ea03dbb1fbe7dcf
-
-  logging.formatters.f1.class = PatternFormatter
-  logging.formatters.f1.pattern = %s: [%p] %t
-  logging.formatters.f1.times = UTC
-  logging.channels.c1.class = ConsoleChannel
-  logging.channels.c1.formatter = f1
-  # This is where the logs will be written. This path MUST exist
-  logging.channels.c2.class = FileChannel
-  logging.channels.c2.path = /dev/stdout
-  logging.channels.c2.formatter.class = PatternFormatter
-  logging.channels.c2.formatter.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
-  logging.channels.c2.rotation = 20 M
-  logging.channels.c2.archive = timestamp
-  logging.channels.c2.purgeCount = 20
-  logging.channels.c3.class = ConsoleChannel
-  logging.channels.c3.pattern = %s: [%p] %t
-  # External Channel
-  logging.loggers.root.channel = c2
-  logging.loggers.root.level = information
-  # Inline Channel with PatternFormatter
-  # logging.loggers.l1.name = logger1
-  # logging.loggers.l1.channel.class = ConsoleChannel
-  # logging.loggers.l1.channel.pattern = %s: [%p] %t
-  # logging.loggers.l1.level = information
-  # SplitterChannel
-  # logging.channels.splitter.class = SplitterChannel
-  # logging.channels.splitter.channels = l1,l2
-  # logging.loggers.l2.name = logger2
-  # logging.loggers.l2.channel = splitter
 
 certs:
   clientcas.pem: |