From 2a23c93148446027891e59e10de8be26624941f5 Mon Sep 17 00:00:00 2001 From: Nathan Phelps Date: Mon, 6 Nov 2023 10:08:50 -0500 Subject: [PATCH 1/2] Issue-48: Updated integration to use FIDO Device Onboard v1.1.6. Updated Golang to 1.21. Signed-off-by: Nathan Phelps --- .github/workflows/build-push.yml | 4 ++-- CHANGELOG.md | 4 ++++ Makefile | 6 +++--- README.md | 10 +++++----- docker/Dockerfile | 5 +++-- docker/run-fdo-owner-service.sh | 6 +++--- docker/start-fdo-owner-service.sh | 2 +- docs/ocs-api-swagger.yml | 2 +- getFDO.sh | 16 ++++++++-------- ocs-api/go.mod | 2 +- sample-mfg/fdo_to.service | 4 ++-- sample-mfg/start-mfg.sh | 2 +- tools/grabCreds.sh | 2 +- 13 files changed, 35 insertions(+), 30 deletions(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 28e50c0..1924f82 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -90,10 +90,10 @@ jobs: path: go/src/github.com/${{ github.repository }} # Prepare the environment - - name: Set up golang 1.19 + - name: Set up golang 1.21 uses: actions/setup-go@v2 with: - go-version: '1.19' + go-version: '1.21' check-latest: true # Configure version variables for later steps, stored in our workflow env. variables diff --git a/CHANGELOG.md b/CHANGELOG.md index a7c8c56..d5d3bad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,10 @@ # Changelog All notable changes to this project will be documented in this file. +## [1.3.0] - 2023-11.06 +- Issue 48: Updated FDO to support FDO Project's `1.1.6` release. +- Updated Golang to version `1.21.3`. + ## [1.2.0] - 2023-06-14 - Issue 29: Completed sample-mfg/start-mfg.sh bash script. diff --git a/Makefile b/Makefile index 7b396dd..3193f3f 100644 --- a/Makefile +++ b/Makefile @@ -1,9 +1,9 @@ SHELL ?= /bin/bash -e # Set this before building the ocs-api binary and FDO-owner-services (for now they use the samme version number) -export VERSION ?= 1.2.0 -export FIDO_DEVICE_ONBOARD_REL_VER ?= 1.1.5 +export VERSION ?= 1.3.0 +export FIDO_DEVICE_ONBOARD_REL_VER ?= 1.1.6 # used by sample-mfg/Makefile. Needs to match what is in fdo/supply-chain-tools-v/docker_manufacturer/docker-compose.yml -STABLE_VERSION ?= 1.2.0 +STABLE_VERSION ?= 1.3.0 #todo: add BUILD_NUMBER like in anax/Makefile diff --git a/README.md b/README.md index 3207191..e69c882 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Open Horizon FDO 1.2.0 +# Open Horizon FDO ## Overview of the Open Horizon FDO Support @@ -28,7 +28,7 @@ The FDO owner service are packaged as a single docker container that can be run # An all-in-1 environment example: export HZN_EXCHANGE_USER_AUTH=admin:password # : export HZN_ORG_ID=myorg # - export FIDO_DEVICE_ONBOARD_REl_VER=1.1.5 # https://github.com/fido-device-onboard/release-fidoiot/releases + export FIDO_DEVICE_ONBOARD_REl_VER=1.1.6 # https://github.com/fido-device-onboard/release-fidoiot/releases export VERBOSE=true # optional, for debug ``` @@ -47,7 +47,7 @@ The FDO owner service are packaged as a single docker container that can be run 5. Start the FDO owner service docker container and view the log: ```bash - ./docker/run-fdo-owner-service.sh 1.2.0 + ./docker/run-fdo-owner-service.sh 1.3.0 docker logs -f fdo-owner-service ``` @@ -115,7 +115,7 @@ The sample script called `start-mfg.sh` downloads and extracts all necessary com ```bash curl -sSLO https://raw.githubusercontent.com/open-horizon/FDO-support/main/sample-mfg/start-mfg.sh chmod +x start-mfg.sh -export FIDO_DEVICE_ONBOARD_REL_VER=1.1.5 # https://github.com/fido-device-onboard/release-fidoiot/releases +export FIDO_DEVICE_ONBOARD_REL_VER=1.1.6 # https://github.com/fido-device-onboard/release-fidoiot/releases export FDO_MFG_SVC_AUTH=apiUser:password # apiUser: export FDO_MFG_PORT=8039 export FDO_OWN_COMP_SVC_PORT=9008 @@ -340,7 +340,7 @@ DROP DATABASE fdo; #### Troubleshooting -- If the edge device does not give a `[INFO ] TO2 completed successfully. [INFO ] Starting Fdo Completed`, check /fdo/pri-fidoiot-v1.1.5/owner/app-data/service.log or use command `docker logs -f fdo-owner-service` for error messages. +- If the edge device does not give a `[INFO ] TO2 completed successfully. [INFO ] Starting Fdo Completed`, check /fdo/pri-fidoiot-v1.1.6/owner/app-data/service.log or use command `docker logs -f fdo-owner-service` for error messages. - If your Owner, RV or Manufacturer service does not respond, you can check the logs in the same location as above. If the logs never printed that it started the service, for example: "Started Owner Service", then make sure you have all dependencies installed and environment variables correctly exported. - If your Service Info Package fails during the process of getting onboarded to the edge device, make sure you posted the file correctly to the owner service DB. Also make sure that you posted the correct To2 address. diff --git a/docker/Dockerfile b/docker/Dockerfile index 6cde191..09b5844 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -78,11 +78,12 @@ USER fdouser WORKDIR $WORKDIR ARG fido_device_onboard_rel_ver -ENV FIDO_DEVICE_ONBOARD_REL_VER=${fido_device_onboard_rel_ver:-1.1.5} +ENV FIDO_DEVICE_ONBOARD_REL_VER=${fido_device_onboard_rel_ver:-1.1.6} # Get the license file COPY LICENSE.txt /licenses/ -COPY fdo/NOTICES-v${FIDO_DEVICE_ONBOARD_REL_VER}/pri-fidoiot/* /licenses/FDOIotPlatformSDK/ +#${FIDO_DEVICE_ONBOARD_REL_VER} 1.1.6 uses 1.1.5. +COPY fdo/NOTICES-v1.1.5/pri-fidoiot/* /licenses/FDOIotPlatformSDK/ # Get owner db files. The owner subdir will be created automatically by COPY # Note: need to use uid and gid to be able to build on non-linux hosts diff --git a/docker/run-fdo-owner-service.sh b/docker/run-fdo-owner-service.sh index 1f619c4..6b71ce4 100755 --- a/docker/run-fdo-owner-service.sh +++ b/docker/run-fdo-owner-service.sh @@ -6,7 +6,7 @@ if [[ "$1" == "-h" || "$1" == "--help" ]]; then cat << EndOfMessage Usage: ${0##*/} [] Arguments: - The image tag to use. Defaults to '1.2.0' + The image tag to use. Defaults to '1.3.0' Required environment variables: HZN_MGMT_HUB_CERT: the base64 encoded content of the management hub cluster ingress self-signed certificate (can be set to 'N/A' if the mgmt hub does not require a cert). If set, this certificate is given to the edge nodes in the HZN_MGMT_HUB_CERT_PATH variable. @@ -49,7 +49,7 @@ generateToken() { head -c 1024 /dev/urandom | base64 | tr -cd "[:alpha:][:digit: export CSS_PORT_EXTERNAL=${CSS_PORT_EXTERNAL:-9443} export EXCHANGE_INTERNAL_URL=${EXCHANGE_INTERNAL_URL:-http://exchange-api:8080/v1} # Internal docker network, for this container. export EXCHANGE_PORT_EXTERNAL=${EXCHANGE_PORT_EXTERNAL:-3090} -export FIDO_DEVICE_ONBOARD_REL_VER=${FIDO_DEVICE_ONBOARD_REL_VER:-1.1.5} +export FIDO_DEVICE_ONBOARD_REL_VER=${FIDO_DEVICE_ONBOARD_REL_VER:-1.1.6} export FDO_OWN_COMP_SVC_PORT=${FDO_OWN_COMP_SVC_PORT:-9008} export FDO_OWN_SVC_PORT=${FDO_OWN_SVC_PORT:-8042} export FDO_OWN_DB=${FDO_OWN_DB:-fdo} @@ -71,7 +71,7 @@ export HZN_MGMT_HUB_CERT=${HZN_MGMT_HUB_CERT:-$(cat ./agent-install.crt | base64 export VERBOSE=${VERBOSE:-false} EXCHANGE_INTERNAL_CERT="${HZN_MGMT_HUB_CERT:-N/A}" -VERSION="${1:-1.2.0}" +VERSION="${1:-1.3.0}" DOCKER_REGISTRY=${DOCKER_REGISTRY:-openhorizon} FDO_DOCKER_IMAGE=${FDO_DOCKER_IMAGE:-fdo-owner-services} diff --git a/docker/start-fdo-owner-service.sh b/docker/start-fdo-owner-service.sh index 67aca2f..238c31c 100755 --- a/docker/start-fdo-owner-service.sh +++ b/docker/start-fdo-owner-service.sh @@ -10,7 +10,7 @@ ocsDbDir="${1:-"ocs-db/"}" ocsApiPort="${2:-${SDO_OCS_API_TLS_PORT:-${SDO_OCS_API_PORT:-$ocsApiPortDefault}}}" # precedence: arg, or tls port, or non-tls port, or default workingDir='/home/fdouser' -FIDO_DEVICE_ONBOARD_REL_VER=${FIDO_DEVICE_ONBOARD_REL_VER:-1.1.5} # https://github.com/fido-device-onboard/release-fidoiot/releases +FIDO_DEVICE_ONBOARD_REL_VER=${FIDO_DEVICE_ONBOARD_REL_VER:-1.1.6} # https://github.com/fido-device-onboard/release-fidoiot/releases deviceBinaryDir="pri-fidoiot-v$FIDO_DEVICE_ONBOARD_REL_VER" # These can be passed in via CLI args or env vars tmp_pass=`head -c 15 /dev/random | base64` diff --git a/docs/ocs-api-swagger.yml b/docs/ocs-api-swagger.yml index ba218d8..b309050 100644 --- a/docs/ocs-api-swagger.yml +++ b/docs/ocs-api-swagger.yml @@ -13,7 +13,7 @@ info: license: name: Apache 2.0 url: http://www.apache.org/licenses/LICENSE-2.0.html - version: 1.2.0 + version: 1.3.0 externalDocs: description: Find out more about Open Horizon Support for FDO url: https://github.com/open-horizon/FDO-support diff --git a/getFDO.sh b/getFDO.sh index 4b5301d..8fefdf5 100755 --- a/getFDO.sh +++ b/getFDO.sh @@ -14,31 +14,31 @@ chk() { exit $exitCode } -echo "Retrieving FDO Release 1.1.5 dependencies..." +echo "Retrieving FDO Release 1.1.6 dependencies..." mkdir -p ${SCRIPT_LOCATION}/fdo && cd ${SCRIPT_LOCATION}/fdo chk $? 'making fdo dir' echo "Getting client-sdk-fidoiot" -curl --progress-bar -LO https://github.com/fido-device-onboard/release-fidoiot/releases/download/v1.1.5/client-sdk-fidoiot-v1.1.5.tar.gz +curl --progress-bar -LO https://github.com/fido-device-onboard/release-fidoiot/releases/download/v1.1.6/client-sdk-fidoiot-v1.1.6.tar.gz chk $? 'downloading client-sdk-fidoiot' -tar -zxf client-sdk-fidoiot-v1.1.5.tar.gz +tar -zxf client-sdk-fidoiot-v1.1.6.tar.gz chk $? 'unpacking client-sdk-fidoiot' echo "Getting Protocol Reference Implementation" -curl --progress-bar -LO https://github.com/fido-device-onboard/release-fidoiot/releases/download/v1.1.5/pri-fidoiot-v1.1.5.tar.gz +curl --progress-bar -LO https://github.com/fido-device-onboard/release-fidoiot/releases/download/v1.1.6/pri-fidoiot-v1.1.6.tar.gz chk $? 'downloading pri' -tar -zxf pri-fidoiot-v1.1.5.tar.gz +tar -zxf pri-fidoiot-v1.1.6.tar.gz chk $? 'unpacking pri' echo "Getting NOTICES" -curl --progress-bar -LO https://github.com/fido-device-onboard/release-fidoiot/releases/download/v1.1.5/NOTICES-v1.1.5.tar.gz +curl --progress-bar -LO https://github.com/fido-device-onboard/release-fidoiot/releases/download/v1.1.6/NOTICES-v1.1.6.tar.gz chk $? 'downloading NOTICES' -tar -zxf NOTICES-v1.1.5.tar.gz +tar -zxf NOTICES-v1.1.6.tar.gz chk $? 'unpacking NOTICES' echo "Getting Third Party Components" -curl --progress-bar -LO https://github.com/fido-device-onboard/release-fidoiot/releases/download/v1.1.5/third-party-components.tar.gz +curl --progress-bar -LO https://github.com/fido-device-onboard/release-fidoiot/releases/download/v1.1.6/third-party-components.tar.gz chk $? 'downloading third-party-components' tar -zxf third-party-components.tar.gz chk $? 'unpacking third-party-components' diff --git a/ocs-api/go.mod b/ocs-api/go.mod index 644837c..b372be3 100644 --- a/ocs-api/go.mod +++ b/ocs-api/go.mod @@ -1,5 +1,5 @@ module github.com/open-horizon/FDO-support/ocs-api -go 1.19 +go 1.21 require github.com/Snawoot/go-http-digest-auth-client v1.1.3 diff --git a/sample-mfg/fdo_to.service b/sample-mfg/fdo_to.service index 62bbcf8..f112ff2 100644 --- a/sample-mfg/fdo_to.service +++ b/sample-mfg/fdo_to.service @@ -10,8 +10,8 @@ Before=user-sessions.service [Service] # For oneshot, systemd expects the command to NOT fork itself, and timeout is disabled by default Type=oneshot -WorkingDirectory=/home/device/fdo/pri-fidoiot-v1.1.5/device -ExecStart=/bin/java -jar /home/device/fdo/pri-fidoiot-v1.1.5/device/device.jar +WorkingDirectory=/home/device/fdo/pri-fidoiot-v1.1.6/device +ExecStart=/bin/java -jar /home/device/fdo/pri-fidoiot-v1.1.6/device/device.jar [Install] WantedBy=multi-user.target \ No newline at end of file diff --git a/sample-mfg/start-mfg.sh b/sample-mfg/start-mfg.sh index a130485..87e0ee1 100755 --- a/sample-mfg/start-mfg.sh +++ b/sample-mfg/start-mfg.sh @@ -61,7 +61,7 @@ export FDO_MFG_PORT=${FDO_MFG_PORT:-8039} export FDO_MFG_SVC_AUTH=${FDO_MFG_SVC_AUTH:-apiUser:$(generateToken 15)} export FDO_OWN_COMP_SVC_PORT=${FDO_OWN_COMP_SVC_PORT:-9008} export FDO_RV_URL=${FDO_RV_URL:-http://test.fdorv.com} # set to the development domain by default -export FIDO_DEVICE_ONBOARD_REL_VER=${FIDO_DEVICE_ONBOARD_REL_VER:-1.1.5} # https://github.com/fido-device-onboard/release-fidoiot/releases +export FIDO_DEVICE_ONBOARD_REL_VER=${FIDO_DEVICE_ONBOARD_REL_VER:-1.1.6} # https://github.com/fido-device-onboard/release-fidoiot/releases export HZN_DOCK_NET=${HZN_DOCK_NET:-hzn_horizonnet} #export HZN_EXCHANGE_USER_AUTH=${HZN_EXCHANGE_USER_AUTH:-admin:} # Default to organization admin provided by all-in-1 environment export HZN_LISTEN_IP=${HZN_LISTEN_IP:-127.0.0.1} diff --git a/tools/grabCreds.sh b/tools/grabCreds.sh index 1dc4824..a5c2343 100644 --- a/tools/grabCreds.sh +++ b/tools/grabCreds.sh @@ -7,7 +7,7 @@ grabCreds() { for i in ${components[@]}; do if [[ "${components[@]}" =~ "$i" ]]; then - keypwd="$(grep -E '^ *api_password=' fdo/pri-fidoiot-v1.1.5/$i/service.env)" + keypwd="$(grep -E '^ *api_password=' fdo/pri-fidoiot-v1.1.6/$i/service.env)" API_PWD=${keypwd#api_password=} echo export "$i"=$API_PWD From 68d0e33a42e22a7818987a563028f04ec0f7576d Mon Sep 17 00:00:00 2001 From: Nathan Phelps Date: Mon, 6 Nov 2023 14:18:02 -0500 Subject: [PATCH 2/2] Issue-48: Updated scripts and dockerfile to Java 17. Set DB connection SSL toggle to fakse by default. Signed-off-by: Nathan Phelps --- Makefile | 8 ++++++- docker/Dockerfile | 2 +- docker/run-fdo-owner-service.sh | 5 ++++- docker/start-fdo-owner-service.sh | 14 +++++++------ sample-mfg/start-mfg.sh | 35 +++++++++++++++++-------------- 5 files changed, 39 insertions(+), 25 deletions(-) diff --git a/Makefile b/Makefile index 3193f3f..75a120f 100644 --- a/Makefile +++ b/Makefile @@ -39,6 +39,12 @@ fdo/pri-fidoiot-v$(FIDO_DEVICE_ONBOARD_REL_VER).tar.gz: fdo fdo/pri-fidoiot-v$(FIDO_DEVICE_ONBOARD_REL_VER): fdo/pri-fidoiot-v$(FIDO_DEVICE_ONBOARD_REL_VER).tar.gz tar -zxf fdo/pri-fidoiot-v$(FIDO_DEVICE_ONBOARD_REL_VER).tar.gz -C fdo +fdo/third-party-components.tar.gz: fdo + wget -P fdo https://github.com/fido-device-onboard/release-fidoiot/releases/download/v$(FIDO_DEVICE_ONBOARD_REL_VER)/third-party-components.tar.gz + +fdo/third-party-components: fdo/third-party-components.tar.gz + tar -zxf fdo/third-party-components.tar.gz -C fdo + # Build the ocs rest api for linux for the FDO-owner-services container ocs-api/linux/ocs-api: ocs-api/*.go ocs-api/*/*.go Makefile mkdir -p ocs-api/linux @@ -53,7 +59,7 @@ run-ocs-api: ocs-api/ocs-api tools/start-ocs-api.sh # Build the FDO services docker image - see the build environment requirements listed in docker/Dockerfile -$(FDO_DOCKER_IMAGE): ocs-api/linux/ocs-api fdo/NOTICES-v$(FIDO_DEVICE_ONBOARD_REL_VER) fdo/pri-fidoiot-v$(FIDO_DEVICE_ONBOARD_REL_VER) +$(FDO_DOCKER_IMAGE): ocs-api/linux/ocs-api fdo/NOTICES-v$(FIDO_DEVICE_ONBOARD_REL_VER) fdo/pri-fidoiot-v$(FIDO_DEVICE_ONBOARD_REL_VER) fdo/third-party-components - docker rm -f $(FDO_DOCKER_IMAGE) 2> /dev/null || : docker build --build-arg="fido_device_onboard_rel_ver=$(FIDO_DEVICE_ONBOARD_REL_VER)" -t $(DOCKER_REGISTRY)/$@:$(VERSION) $(FDO_IMAGE_LABELS) $(DOCKER_OPTS) -f docker/Dockerfile . diff --git a/docker/Dockerfile b/docker/Dockerfile index 09b5844..01a9453 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -45,7 +45,7 @@ WORKDIR /root # Note: due to a bug in microdnf, using the --nodocs option causes an exit code of 141: https://github.com/rpm-software-management/microdnf/issues/50 RUN mkdir -p /run/user/$UID && \ microdnf update -y --nodocs 1>/dev/null 2>&1 && \ - microdnf install -y --nodocs ca-certificates findutils gettext java-11-openjdk openssl procps shadow-utils tar && \ + microdnf install -y --nodocs ca-certificates findutils gettext java-17-openjdk openssl procps shadow-utils tar && \ microdnf clean all #RUN curl -sS -o epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \ diff --git a/docker/run-fdo-owner-service.sh b/docker/run-fdo-owner-service.sh index 6b71ce4..975fb76 100755 --- a/docker/run-fdo-owner-service.sh +++ b/docker/run-fdo-owner-service.sh @@ -25,6 +25,7 @@ Optional environment variables (that do not usually need to be set): FDO_OWN_DB: Database name for the FDO Owner Service's database. FDO_OWN_DB_PASSWORD: Database user's password for the FDO Owner Service's database. Default is generated. FDO_OWN_DB_PORT: Docker external port number for the FDO Owner Service's database. + FDO_OWN_DB_SSL: Database connection SSL toggle. Default is false. FDO_OWN_DB_USER: Database username for the FDO Owner Service's database. FDO_OWN_SVC_AUTH: FDO Owner Service API credentials. Default is generated. Format: apiUser: FDO_OWN_SVC_CERT_PATH: Path that the directory holding the certificate and key files is mounted to within the container. Default is /home/sdouser/ocs-api-dir/keys . @@ -54,7 +55,8 @@ export FDO_OWN_COMP_SVC_PORT=${FDO_OWN_COMP_SVC_PORT:-9008} export FDO_OWN_SVC_PORT=${FDO_OWN_SVC_PORT:-8042} export FDO_OWN_DB=${FDO_OWN_DB:-fdo} export FDO_OWN_DB_PASSWORD=${FDO_OWN_DB_PASSWORD:-$(generateToken 15)} -export FDO_OWN_DB_PORT=${FDO_OWN_DB_PORT:5433} +export FDO_OWN_DB_PORT=${FDO_OWN_DB_PORT:-5433} +export FDO_OWN_DB_SSL=${FDO_OWN_DB_SSL:-false} export FDO_OWN_DB_USER=${FDO_OWN_DB_USER:-fdouser} export FDO_OWN_SVC_AUTH=${FDO_OWN_SVC_AUTH:-apiUser:$(generateToken 15)} export FDO_DB_URL=${FDO_DB_URL:-jdbc:postgresql://postgres-fdo-owner-service:5432/$FDO_OWN_DB} @@ -139,6 +141,7 @@ docker run -d \ docker run -d \ -e "FDO_DB_PASSWORD=$FDO_OWN_DB_PASSWORD" \ -e "FDO_OPS_SVC_HOST=$HZN_LISTEN_IP:$FDO_OWN_SVC_PORT" \ + -e "FDO_DB_SSL=$FDO_OWN_DB_SSL" \ -e "FDO_DB_USER=$FDO_OWN_DB_USER" \ -e "FDO_DB_URL=$FDO_DB_URL" \ -e "HZN_FDO_API_URL=$HZN_TRANSPORT://$HZN_LISTEN_IP:$FDO_OWN_SVC_PORT" \ diff --git a/docker/start-fdo-owner-service.sh b/docker/start-fdo-owner-service.sh index 238c31c..1e4ed67 100755 --- a/docker/start-fdo-owner-service.sh +++ b/docker/start-fdo-owner-service.sh @@ -21,6 +21,7 @@ ownerPort=${HZN_FDO_SVC_URL:-$ownerPortDefault} ownerExternalPort=${FDO_OWNER_EXTERNAL_PORT:-$ownerPort} FDO_DB_USER=${FDO_DB_USER:-} FDO_DB_PASSWORD=${FDO_DB_PASSWORD:-} +FDO_DB_SSL=${FDO_DB_SSL:-false} HZN_LISTEN_IP=${HZN_LISTEN_IP:-127.0.0.1} HZN_FDO_API_URL=${HZN_FDO_API_URL:-"http://$HZN_LISTEN_IP:$ownerApiPort"} FDO_DB_URL=${FDO_DB_URL:-"jdbc:postgresql://postgres-fdo-owner-service:5432/fdo"} @@ -125,6 +126,7 @@ done #override auto-generated DB username and password with variables sed -i -e "s/db_user=.*/db_user=$FDO_DB_USER/" $workingDir/$deviceBinaryDir/owner/service.env sed -i -e "s/db_password=.*/db_password=$FDO_DB_PASSWORD/" $workingDir/$deviceBinaryDir/owner/service.env +sed -i -e "s/useSSL=.*/useSSL=$FDO_DB_SSL/" $workingDir/$deviceBinaryDir/owner/service.env ##configure hibernate.cfg.xml to use PostgreSQL database sed -i -e 's/org.mariadb.jdbc.Driver/org.postgresql.Driver/' $workingDir/$deviceBinaryDir/owner/hibernate.cfg.xml @@ -153,13 +155,13 @@ sed -i -e '/- db_password/ s/./#&/' $workingDir/$deviceBinaryDir/owner/service.y chk $? 'sed owner/service.yml db_password' #need java installed in order to generate the SSL keystore for HTTPS -# If java 11 isn't installed, do that -if java -version 2>&1 | grep version | grep -q 11.; then - echo "Found java 11" +# If java 17 isn't installed, do that +if java -version 2>&1 | grep version | grep -q 17.; then + echo "Found java 17" else - echo "Java 11 not found, installing it..." - apt-get update && apt-get install -y openjdk-11-jre-headless - chk $? 'installing java 11' + echo "Java 17 not found, installing it..." + apt-get update && apt-get install -y openjdk-17-jre-headless + chk $? 'installing java 17' fi # echo "Using local testing configuration, because FDO_DEV=$FDO_DEV" diff --git a/sample-mfg/start-mfg.sh b/sample-mfg/start-mfg.sh index 87e0ee1..15224e9 100755 --- a/sample-mfg/start-mfg.sh +++ b/sample-mfg/start-mfg.sh @@ -23,18 +23,19 @@ Required Environment Variables: HZN_EXCHANGE_USER_AUTH: Exchange user's username and password. Optional Environment Variables: - FDO_MFG_DB: Database name for FDO's manufacturing services - FDO_MFG_DB_URL: Database path and protocol - FDO_MFG_DB_PASSWORD: Database user's password - FDO_MFG_DB_USER: Database user - FDO_RV_URL: Usually the development RV server running with the owner services. To use the production RV service, set to http://fdorv.com + FDO_MFG_DB: Database name for FDO's manufacturing services + FDO_MFG_DB_URL: Database path and protocol + FDO_MFG_DB_PASSWORD: Database user's password + FDO_MFG_DB_SSL: Database connection SSL toggle + FDO_MFG_DB_USER: Database user + FDO_RV_URL: Usually the development RV server running with the owner services. To use the production RV service, set to http://fdorv.com HZN_EXCHANGE_USER_AUTH: API password for service APIs - HZN_FDO_SVC_URL: Owner Service url. - HZN_LISTEN_IP: External address of Open Horizon's Management Hub. - HZN_ORG_ID: Exchange user's organization - HZN_TRANSPORT: http or https. Only http is currently supported. - rvHttpPort: Rendezvous server http port. If no http present, then set this as the https port - rvHttpsPort: Rendezvous server https port + HZN_FDO_SVC_URL: Owner Service url. + HZN_LISTEN_IP: External address of Open Horizon's Management Hub. + HZN_ORG_ID: Exchange user's organization + HZN_TRANSPORT: http or https. Only http is currently supported. + rvHttpPort: Rendezvous server http port. If no http present, then set this as the https port + rvHttpsPort: Rendezvous server https port ${0##*/} must be run in a directory where it has access to create a few files and directories. @@ -55,6 +56,7 @@ generateToken() { head -c 1024 /dev/urandom | base64 | tr -cd "[:alpha:][:digit: export FDO_MFG_DB=${FDO_MFG_DB:-fdo_mfg} export FDO_MFG_DB_PASSWORD=${FDO_MFG_DB_PASSWORD:-$(generateToken 15)} export FDO_MFG_DB_PORT=${FDO_MFG_DB_PORT:-5434} +export FDO_MFG_DB_SSL=${FDO_MFG_DB_SSL:-false} export FDO_MFG_DB_URL=${FDO_MFG_DB_URL:-jdbc:postgresql://postgres-fdo-mfg-service:5432/$FDO_MFG_DB} export FDO_MFG_DB_USER=${FDO_MFG_DB_USER:-fdouser} export FDO_MFG_PORT=${FDO_MFG_PORT:-8039} @@ -245,14 +247,14 @@ confirmcmds grep curl ping # these should be in the minimal ubuntu # If java 11 isn't installed, do that -if java -version 2>&1 | grep version | grep -q '1[1-7]\.'; then - echo "Found java 11" +if java -version 2>&1 | grep version | grep -q '1[7-7]\.'; then + echo "Found java 17" else - echo "Java 11 not found, installing it..." + echo "Java 17 not found, installing it..." if isUbuntu2x; then - apt-get update && apt-get install -y openjdk-11-jre-headless + apt-get update && apt-get install -y openjdk-17-jre-headless elif isFedora; then - dnf install -y java-11-openjdk + dnf install -y java-17-openjdk else echo "Unsupported distribution, exiting" && exit 1 fi @@ -348,6 +350,7 @@ cd ../../ || exit # override auto-generated DB username and password with variables sed -i -e "s/db_user=.*/db_user=$FDO_MFG_DB_USER/" $PWD/$deviceBinaryDir/owner/service.env sed -i -e "s/db_password=.*/db_password=$FDO_MFG_DB_PASSWORD/" $PWD/$deviceBinaryDir/owner/service.env +sed -i -e "s/useSSL=.*/useSSL=$FDO_MFG_DB_SSL/" $PWD/$deviceBinaryDir/owner/service.env # device/service.yml configuration to point to local manufacturing port sed -i -e 's/di-url:.*/di-url: '$HZN_TRANSPORT':\/\/'$HZN_LISTEN_IP':'$FDO_MFG_PORT'/' $PWD/$deviceBinaryDir/device/service.yml