Chg: update image tag in helm values to v2.7.0

Fixes for WIFI-10942

Dockerfile

@@ -1,18 +1,17 @@
-ARG ALPINE_VERSION=3.16.2
+ARG DEBIAN_VERSION=11.4-slim
 ARG POCO_VERSION=poco-tip-v1
 ARG FMTLIB_VERSION=9.0.0
 ARG CPPKAFKA_VERSION=tip-v1
 ARG JSON_VALIDATOR_VERSION=2.1.0
 ARG AWS_SDK_VERSION=1.9.315
 
-FROM alpine:$ALPINE_VERSION AS build-base
+FROM debian:$DEBIAN_VERSION AS build-base
 
-RUN apk add --update --no-cache \
+RUN apt-get update && apt-get install --no-install-recommends -y \
     make cmake g++ git \
-    unixodbc-dev postgresql-dev mariadb-dev \
-    librdkafka-dev boost-dev openssl-dev \
-    zlib-dev nlohmann-json \
-    curl-dev
+    libpq-dev libmariadb-dev libmariadbclient-dev-compat \
+    librdkafka-dev libboost-all-dev libssl-dev \
+    zlib1g-dev nlohmann-json3-dev ca-certificates libcurl4-openssl-dev
 
 FROM build-base AS poco-build
 
@@ -82,6 +81,9 @@ RUN mkdir cmake-build
 WORKDIR cmake-build
 RUN cmake .. -DBUILD_ONLY="sns;s3" \
              -DCMAKE_BUILD_TYPE=Release \
+             -DUSE_OPENSSL=ON \
+             -DCPP_STANDARD=17 \
+             -DBUILD_SHARED_LIBS=ON \
              -DCMAKE_CXX_FLAGS="-Wno-error=stringop-overflow -Wno-error=uninitialized" \
              -DAUTORUN_UNIT_TESTS=OFF
 RUN cmake --build . --config Release -j8
@@ -109,26 +111,24 @@ COPY --from=fmtlib-build /usr/local/lib /usr/local/lib
 WORKDIR /owsec
 RUN mkdir cmake-build
 WORKDIR /owsec/cmake-build
-RUN cmake .. \
-          -Dcrypto_LIBRARY=/usr/lib/libcrypto.so \
-          -DBUILD_SHARED_LIBS=ON
+RUN cmake ..
 RUN cmake --build . --config Release -j8
 
-FROM alpine:$ALPINE_VERSION
+FROM debian:$DEBIAN_VERSION
 
 ENV OWSEC_USER=owsec \
     OWSEC_ROOT=/owsec-data \
     OWSEC_CONFIG=/owsec-data
 
-RUN addgroup -S "$OWSEC_USER" && \
-    adduser -S -G "$OWSEC_USER" "$OWSEC_USER"
+RUN useradd "$OWSEC_USER"
 
 RUN mkdir /openwifi
 RUN mkdir -p "$OWSEC_ROOT" "$OWSEC_CONFIG" && \
     chown "$OWSEC_USER": "$OWSEC_ROOT" "$OWSEC_CONFIG"
 
-RUN apk add --update --no-cache librdkafka su-exec gettext ca-certificates bash jq curl \
-    mariadb-connector-c libpq unixodbc postgresql-client
+RUN apt-get update && apt-get install --no-install-recommends -y \
+    librdkafka++1 gosu gettext ca-certificates bash jq curl wget \
+    libmariadb-dev-compat libpq5 unixodbc postgresql-client
 
 COPY readiness_check /readiness_check
 COPY test_scripts/curl/cli /cli
@@ -139,7 +139,7 @@ COPY templates /dist/templates
 COPY docker-entrypoint.sh /
 COPY wait-for-postgres.sh /
 RUN wget https://raw.githubusercontent.com/Telecominfraproject/wlan-cloud-ucentral-deploy/main/docker-compose/certs/restapi-ca.pem \
-    -O /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+    -O /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
 
 COPY --from=owsec-build /owsec/cmake-build/owsec /openwifi/owsec
 COPY --from=cppkafka-build /cppkafka/cmake-build/src/lib/* /usr/local/lib
@@ -148,6 +148,8 @@ COPY --from=aws-sdk-cpp-build /aws-sdk-cpp/cmake-build/aws-cpp-sdk-core/libaws-c
 COPY --from=aws-sdk-cpp-build /aws-sdk-cpp/cmake-build/aws-cpp-sdk-s3/libaws-cpp-sdk-s3.so /usr/local/lib
 COPY --from=aws-sdk-cpp-build /aws-sdk-cpp/cmake-build/aws-cpp-sdk-sns/libaws-cpp-sdk-sns.so /usr/local/lib
 
+RUN ldconfig
+
 EXPOSE 16001 17001 16101
 
 ENTRYPOINT ["/docker-entrypoint.sh"]

build

@@ -1 +1 @@
-21
+23

docker-entrypoint.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 set -e
 
 if [ "$SELFSIGNED_CERTS" = 'true' ]; then
@@ -85,7 +85,7 @@ if [ "$1" = '/openwifi/owsec' -a "$(id -u)" = '0' ]; then
     if [ "$RUN_CHOWN" = 'true' ]; then
       chown -R "$OWSEC_USER": "$OWSEC_ROOT" "$OWSEC_CONFIG"
     fi
-    exec su-exec "$OWSEC_USER" "$@"
+    exec gosu "$OWSEC_USER" "$@"
 fi
 
 exec "$@"

helm/values.yaml

@@ -9,7 +9,7 @@ fullnameOverride: ""
 images:
   owsec:
     repository: tip-tip-wlan-cloud-ucentral.jfrog.io/owsec
-    tag: v2.7.0-RC3
+    tag: v2.7.0
     pullPolicy: Always
 #    regcred:
 #      registry: tip-tip-wlan-cloud-ucentral.jfrog.io
@@ -92,7 +92,7 @@ resources: {}
   #  memory: 128Mi
 
 securityContext:
-  fsGroup: 101
+  fsGroup: 1000
 
 nodeSelector: {}
 

src/framework/MicroService.h

@@ -3075,7 +3075,7 @@ namespace OpenWifi {
 
 	private:
 	    std::vector<std::unique_ptr<Poco::Net::HTTPServer>>   RESTServers_;
-	    Poco::ThreadPool	    Pool_{"x-rest",32,128};
+	    Poco::ThreadPool	    Pool_{"x-rest",8,128};
 	    RESTAPI_GenericServer   Server_;
 
         RESTAPI_ExtServer() noexcept:
@@ -3209,7 +3209,7 @@ namespace OpenWifi {
         const Poco::ThreadPool & Pool() { return Pool_; }
 	private:
 	    std::vector<std::unique_ptr<Poco::Net::HTTPServer>>   RESTServers_;
-	    Poco::ThreadPool	    Pool_{"i-rest",32,96};
+	    Poco::ThreadPool	    Pool_{"i-rest",4,64};
 	    RESTAPI_GenericServer   Server_;
 
         RESTAPI_IntServer() noexcept:
@@ -3406,7 +3406,7 @@ namespace OpenWifi {
         bool                        NoBuiltInCrypto_=false;
         Poco::JWT::Signer	        Signer_;
 		Poco::Logger				&Logger_;
-		Poco::ThreadPool				TimerPool_{"timer:pool",2,16};
+		Poco::ThreadPool				TimerPool_{"timer:pool",2,32};
 		std::unique_ptr<BusEventManager>	BusEventManager_;
     };
 
@@ -3571,7 +3571,7 @@ namespace OpenWifi {
 
             auto LoggingDestination = MicroService::instance().ConfigGetString("logging.type", "file");
             auto LoggingFormat = MicroService::instance().ConfigGetString("logging.format",
-                                                                          "%Y-%m-%d %H:%M:%S %s: [%p] %t");
+                                                                          "%Y-%m-%d %H:%M:%S.%i %s: [%p][thr:%I] %t");
             if (LoggingDestination == "console") {
                 Poco::AutoPtr<Poco::ConsoleChannel> Console(new Poco::ConsoleChannel);
                 Poco::AutoPtr<Poco::AsyncChannel> Async(new Poco::AsyncChannel(Console));
@@ -3602,14 +3602,14 @@ namespace OpenWifi {
                 FileChannel->setProperty("archive", "timestamp");
                 FileChannel->setProperty("path", LoggingLocation);
                 Poco::AutoPtr<Poco::AsyncChannel> Async_File(new Poco::AsyncChannel(FileChannel));
-				Poco::AutoPtr<Poco::AsyncChannel> Async_Muxer(new Poco::AsyncChannel(LogMuxer()));
-                Poco::AutoPtr<Poco::SplitterChannel> Splitter(new Poco::SplitterChannel);
-				Splitter->addChannel(Async_File);
-				Splitter->addChannel(Async_Muxer);
+				// Poco::AutoPtr<Poco::AsyncChannel> Async_Muxer(new Poco::AsyncChannel(LogMuxer()));
+                // Poco::AutoPtr<Poco::SplitterChannel> Splitter(new Poco::SplitterChannel);
+				// Splitter->addChannel(Async_File);
+				// Splitter->addChannel(Async_Muxer);
 				Poco::AutoPtr<Poco::PatternFormatter> Formatter(new Poco::PatternFormatter);
                 Formatter->setProperty("pattern", LoggingFormat);
                 Poco::AutoPtr<Poco::FormattingChannel> FormattingChannel(
-                        new Poco::FormattingChannel(Formatter, Splitter));
+                        new Poco::FormattingChannel(Formatter, Async_File));
                 Poco::Logger::root().setChannel(FormattingChannel);
             }
             auto Level = Poco::Logger::parseLevel(MicroService::instance().ConfigGetString("logging.level", "debug"));

test_scripts/curl/cli

@@ -179,13 +179,19 @@ getlogo() {
 }
 
 createuser() {
-    payload="{ \"id\": \"0\", \"email\" : \"$1\", \"currentPassword\" : \"$2\", \"changePassword\" : true}"
-    curl  ${FLAGS} -X POST "https://${OWSEC}/api/v1/user/0" \
-        -H "Accept: application/json" \
-        -H "Content-Type: application/json" \
-        -H "Authorization: Bearer ${token}" \
-        -d "$payload"  > ${result_file}
-    jq < ${result_file}
+case $3 in
+    root|admin|subscriber|csr|system|installer|noc|accounting)
+        payload="{ \"id\": \"0\", \"email\" : \"$1\", \"currentPassword\" : \"$2\", \"changePassword\" : true, \"userRole\" : \"$3\" }"
+        curl  ${FLAGS} -X POST "https://${OWSEC}/api/v1/user/0" \
+            -H "Accept: application/json" \
+            -H "Content-Type: application/json" \
+            -H "Authorization: Bearer ${token}" \
+            -d "$payload"  > ${result_file}
+        jq < ${result_file} ;;
+    *)
+        echo "Error: userRole has to be one of root|admin|subscriber|csr|system|installer|noc|accounting"
+	exit 1 ;;
+esac
 }
 
 createsub() {
@@ -199,13 +205,19 @@ createsub() {
 }
 
 createuser_v() {
-    payload="{ \"id\": \"0\", \"email\" : \"$1\", \"currentPassword\" : \"$2\", \"changePassword\" : true}"
-    curl  ${FLAGS} -X POST "https://${OWSEC}/api/v1/user/0?email_verification=true" \
-        -H "Accept: application/json" \
-        -H "Content-Type: application/json" \
-        -H "Authorization: Bearer ${token}" \
-        -d "$payload"  > ${result_file}
-    jq < ${result_file}
+case $3 in
+    root|admin|subscriber|csr|system|installer|noc|accounting)
+        payload="{ \"id\": \"0\", \"email\" : \"$1\", \"currentPassword\" : \"$2\", \"changePassword\" : true, \"userRole\" : \"$3\" }"
+        curl  ${FLAGS} -X POST "https://${OWSEC}/api/v1/user/0?email_verification=true" \
+            -H "Accept: application/json" \
+            -H "Content-Type: application/json" \
+            -H "Authorization: Bearer ${token}" \
+            -d "$payload"  > ${result_file}
+        jq < ${result_file} ;;
+    *)
+        echo "Error: userRole has to be one of root|admin|subscriber|csr|system|installer|noc|accounting"
+	exit 1 ;;
+esac
 }
 
 deleteuser() {
@@ -447,7 +459,7 @@ test_service() {
 	echo "----------------"
 	echo "Create test user"
 	echo "----------------"
-	createuser testuser@mail.telecominfraproject.com 'Test123!'
+	createuser testuser@mail.telecominfraproject.com 'Test123!' accounting
 	check_response $result_file
 	USER_ID="$(jq -r '.id' < $result_file)"
 
@@ -481,35 +493,35 @@ help() {
     echo
     echo    "Usage: cli <cmd> [args]"
     echo
-    echo    "listendpoints                          Get all the system endpoints."
-    echo    "emailtest                              Generate a forgot Password e-amil to the logged in user."
-    echo    "me                                     Show information about the logged user."
-    echo    "createuser <email> <password>          Create a user with an initial password and force the user to change password."
-    echo    "createuser_v <email> <password>        Same as create user but also force an e-mail verification."
-    echo    "deleteuser <user UUID>                 Delete the user."
-    echo    "getuser <user UUID>                    Get the user information."
-    echo    "listusers                              List users."
-    echo    "policies                               List the login and access policies."
-    echo    "setavatar <user UUID> <filename>       Sets the avatar for user to the image in filename."
-    echo    "getavatar <user UUID>                  Get the avatar for the user."
-    echo    "deleteavatar <user UUID>               Remove the avatar for a user."
-    echo    "sendemail <recipient> <from>           Sends a test email to see if the e-mail system is working."
-    echo    "setloglevel <subsystem> <loglevel>     Set the log level for s specific subsystem."
-    echo    "getloglevels                           Get the current log levels for all subsystems."
-    echo    "getloglevelnames                       Get the log level names available."
-    echo    "getsubsystemnames                      Get the list of subsystems."
-    echo    "systeminfo                             Get basic system information."
-    echo    "reloadsubsystem <subsystem name>       Reload the configuration for a subsystem."
-    echo    "test_service                           Run a set of CLI commands for testing purposes"
+    echo    "listendpoints                              Get all the system endpoints."
+    echo    "emailtest                                  Generate a forgot Password e-amil to the logged in user."
+    echo    "me                                         Show information about the logged user."
+    echo    "createuser <email> <password> <userrole>   Create a user with an initial password and force the user to change password."
+    echo    "createuser_v <email> <password> <userrole> Same as create user but also force an e-mail verification."
+    echo    "deleteuser <user UUID>                     Delete the user."
+    echo    "getuser <user UUID>                        Get the user information."
+    echo    "listusers                                  List users."
+    echo    "policies                                   List the login and access policies."
+    echo    "setavatar <user UUID> <filename>           Sets the avatar for user to the image in filename."
+    echo    "getavatar <user UUID>                      Get the avatar for the user."
+    echo    "deleteavatar <user UUID>                   Remove the avatar for a user."
+    echo    "sendemail <recipient> <from>               Sends a test email to see if the e-mail system is working."
+    echo    "setloglevel <subsystem> <loglevel>         Set the log level for s specific subsystem."
+    echo    "getloglevels                               Get the current log levels for all subsystems."
+    echo    "getloglevelnames                           Get the log level names available."
+    echo    "getsubsystemnames                          Get the list of subsystems."
+    echo    "systeminfo                                 Get basic system information."
+    echo    "reloadsubsystem <subsystem name>           Reload the configuration for a subsystem."
+    echo    "test_service                               Run a set of CLI commands for testing purposes"
     echo
 }
 
 shopt -s nocasematch
 
 case "$1" in
-    "createuser") login; createuser "$2" "$3"; logout;;
+    "createuser") login; createuser "$2" "$3" "$4"; logout;;
     "createsub") login; createsub "$2" "$3"; logout;;
-    "createuser_v") login; createuser_v "$2" "$3"; logout;;
+    "createuser_v") login; createuser_v "$2" "$3" "$4"; logout;;
     "createsub_v") login; createsub_v "$2" "$3"; logout;;
     "deleteuser") login; deleteuser "$2" ; logout;;
     "deletesub") login; deletesub "$2" ; logout;;

wait-for-postgres.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # wait-for-postgres.sh
 
 set -e
@@ -20,7 +20,7 @@ if [ "$1" = '/openwifi/owsec' -a "$(id -u)" = '0' ]; then
     if [ "$RUN_CHOWN" = 'true' ]; then
       chown -R "$OWSEC_USER": "$OWSEC_ROOT" "$OWSEC_CONFIG"
     fi
-    exec su-exec "$OWSEC_USER" "$@"
+    exec gosu "$OWSEC_USER" "$@"
 fi
 
 exec "$@"