diff --git a/.github/workflows/deploy-docker-images.yml b/.github/workflows/deploy-docker-images.yml new file mode 100644 index 0000000..650a442 --- /dev/null +++ b/.github/workflows/deploy-docker-images.yml @@ -0,0 +1,100 @@ +name: Build and push docker images + +on: + pull_request: {} + push: + branches: + - '**' + tags: + - 'v*' + +env: + REGISTRY: ghcr.io + DOCKER_DIRECTORY: docker/images + PLATFORMS: | + linux/amd64 + PATH_TO_DEPLOY_DOCKER_IMAGES_WORKFLOW: .github/workflows/deploy-docker-images.yml + +jobs: + env-setup: + # Since env variables can't be passed to reusable workflows, we need to pass them as outputs + name: Setup environment + runs-on: ubuntu-22.04 + outputs: + docker_registry: ${{ env.REGISTRY }} + docker_directory: ${{ env.DOCKER_DIRECTORY }} + platforms: ${{ env.PLATFORMS }} + path_to_deploy_docker_images_workflow: ${{ env.PATH_TO_DEPLOY_DOCKER_IMAGES_WORKFLOW }} + steps: + - id: check + run: | + echo "Setting up environment" + mosquitto: + needs: + - env-setup + name: Build and push mosquitto docker image + uses: everest/everest-ci/.github/workflows/deploy-single-docker-image.yml@v1.3.2 + secrets: + SA_GITHUB_PAT: ${{ secrets.SA_GITHUB_PAT }} + SA_GITHUB_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }} + with: + image_name: ${{ github.event.repository.name }}/mosquitto + directory: ${{ needs.env-setup.outputs.docker_directory }}/mosquitto + docker_registry: ${{ needs.env-setup.outputs.docker_registry }} + github_ref_before: ${{ github.event.before }} + github_ref_after: ${{ github.event.after }} + platforms: ${{ needs.env-setup.outputs.platforms }} + depends_on_paths: | + ${{ needs.env-setup.outputs.path_to_deploy_docker_images_workflow }} + steve: + needs: + - env-setup + name: Build and push steve docker image + uses: everest/everest-ci/.github/workflows/deploy-single-docker-image.yml@v1.3.2 + secrets: + SA_GITHUB_PAT: ${{ secrets.SA_GITHUB_PAT }} + SA_GITHUB_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }} + with: + image_name: ${{ github.event.repository.name }}/steve + directory: ${{ needs.env-setup.outputs.docker_directory }}/steve + docker_registry: ${{ needs.env-setup.outputs.docker_registry }} + github_ref_before: ${{ github.event.before }} + github_ref_after: ${{ github.event.after }} + platforms: ${{ needs.env-setup.outputs.platforms }} + depends_on_paths: | + ${{ needs.env-setup.outputs.path_to_deploy_docker_images_workflow }} + mqtt-explorer: + needs: + - env-setup + name: Build and push mqtt-explorer docker image + uses: everest/everest-ci/.github/workflows/deploy-single-docker-image.yml@v1.3.2 + secrets: + SA_GITHUB_PAT: ${{ secrets.SA_GITHUB_PAT }} + SA_GITHUB_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }} + with: + image_name: ${{ github.event.repository.name }}/mqtt-explorer + directory: ${{ needs.env-setup.outputs.docker_directory }}/mqtt-explorer + docker_registry: ${{ needs.env-setup.outputs.docker_registry }} + github_ref_before: ${{ github.event.before }} + github_ref_after: ${{ github.event.after }} + platforms: ${{ needs.env-setup.outputs.platforms }} + depends_on_paths: | + ${{ needs.env-setup.outputs.path_to_deploy_docker_images_workflow }} + nodered: + needs: + - env-setup + name: Build and push nodered docker image + uses: everest/everest-ci/.github/workflows/deploy-single-docker-image.yml@v1.3.2 + secrets: + SA_GITHUB_PAT: ${{ secrets.SA_GITHUB_PAT }} + SA_GITHUB_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }} + with: + image_name: ${{ github.event.repository.name }}/nodered + directory: ${{ needs.env-setup.outputs.docker_directory }}/nodered + docker_registry: ${{ needs.env-setup.outputs.docker_registry }} + github_ref_before: ${{ github.event.before }} + github_ref_after: ${{ github.event.after }} + platforms: ${{ needs.env-setup.outputs.platforms }} + depends_on_paths: | + ${{ needs.env-setup.outputs.path_to_deploy_docker_images_workflow }} + \ No newline at end of file diff --git a/README.md b/README.md index 1fa363a..79bd1be 100644 --- a/README.md +++ b/README.md @@ -5,3 +5,46 @@ This subproject contains all utility files for setting up your development envir You can install [edm](dependency_manager/README.md) very easy using pip. All documentation and the issue tracking can be found in our main repository here: https://github.com/EVerest/everest + +## Easy Dev Environment Setup + +To setup a devcontainer in your workspace you can use the following command to run the `setup_devcontainer.sh` script locally. + +### 1. Prerequisites + +Create a new directory and navigate into it. This directory will be your new workspace or use an existing one. + +```bash +mkdir my-workspace +cd my-workspace +``` + +### 2. Run the setup script + +Run the following command to setup the devcontainer. + +```bash +export BRANCH="main" && bash -c "$(curl -s --variable %BRANCH=main --expand-url https://raw.githubusercontent.com/EVerest/everest-dev-environment/{{BRANCH}}/devcontainer/setup-devcontainer.sh)" +``` + +The script will ask you for the following information: +1. Workspace directory: Default is the current directory. You can keep the default by pressing enter. +2. everest-dev-environment version: Default is 'main'. You can keep the default by pressing enter. + +### 3. Open in VS Code + +After the script has finished, open the workspace in Visual Studio Code. + +```bash +code . +``` + +VS Code will ask you to reopen the workspace in a container. Click on the button `Reopen in Container`. + +### 4. Getting started + +As your set up dev environment suggests when you open a terminal, you can setup your EVerest workspace by running the following command: + +```bash +everest clone everest-core +``` diff --git a/devcontainer/setup-devcontainer.sh b/devcontainer/setup-devcontainer.sh new file mode 100755 index 0000000..e20ede6 --- /dev/null +++ b/devcontainer/setup-devcontainer.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +set -e + +read -p "Enter the workspace directory (default is the current directory): " WORKSPACE_DIR +if [ -z "$WORKSPACE_DIR" ]; then + WORKSPACE_DIR="./" +fi +WORKSPACE_DIR=$(realpath -m "$WORKSPACE_DIR") + +read -p "Enter the version of the everest-dev-environment (default is 'main'): " VERSION +if [ -z "$VERSION" ]; then + VERSION="main" +fi + +echo "Create the workspace directory '$WORKSPACE_DIR' if it does not exist" +mkdir -p $WORKSPACE_DIR + +if [ "$(ls -A $WORKSPACE_DIR)" ]; then + # The workspace directory is not empty, warning do you want to continue? + read -p "The workspace directory is not empty, do you want to continue? (y/N): " -r + if [[ $REPLY =~ ^[Nn]$ || $REPLY = "" ]]; then + echo "Exiting.." + exit 1 + elif [[ ! $REPLY =~ ^[Yy]$ ]]; then + echo "Invalid input. Exiting.." + exit 1 + fi +fi + +TMP_DIR="$WORKSPACE_DIR/tmp-everest-dev-environment" +echo "Clone the everest-dev-environment repository to the workspace directory with the version $VERSION, temporarily.." +git clone --quiet --depth 1 --single-branch --branch "$VERSION" https://github.com/EVerest/everest-dev-environment.git "$TMP_DIR" + +echo "Copy the template devcontainer configuration files to the workspace directory" +cp -n -r $TMP_DIR/devcontainer/template/. $WORKSPACE_DIR/ + +echo "Remove the everest-dev-environment repository" +rm -rf "$TMP_DIR" diff --git a/devcontainer/template/.devcontainer/docker-compose.yml b/devcontainer/template/.devcontainer/docker-compose.yml new file mode 100644 index 0000000..39d253f --- /dev/null +++ b/devcontainer/template/.devcontainer/docker-compose.yml @@ -0,0 +1,40 @@ +volumes: + ocpp-db-data: + external: false + node-red-data: + external: false + +services: + mqtt-server: + image: ghcr.io/everest/everest-dev-environment/mosquitto:v0.7.0 + ports: + # allow multiple ports for host to avoid conflicts with other dev environments + - 1883-1983:1883 + - 9001-9101:9001 + + ocpp-db: + image: mariadb:10.4.30 # pinned to patch-version because https://github.com/steve-community/steve/pull/1213 + volumes: + - ocpp-db-data:/var/lib/mysql + ports: + # allow multiple ports for host to avoid conflicts with other dev environments + - 13306-13406:3306 + environment: + MYSQL_RANDOM_ROOT_PASSWORD: "yes" + MYSQL_DATABASE: ocpp-db + MYSQL_USER: ocpp + MYSQL_PASSWORD: ocpp + steve: + image: ghcr.io/everest/everest-dev-environment/steve:v0.7.0 + ports: + # allow multiple ports for host to avoid conflicts with other dev environments + - 8180-8280:8180 + - 8443-8543:8443 + depends_on: + - ocpp-db + mqtt-explorer: + image: ghcr.io/everest/everest-dev-environment/mqtt-explorer:v0.7.0 + depends_on: + - mqtt-server + ports: + - 4000-4100:4000 diff --git a/devcontainer/template/.devcontainer/general-devcontainer/Dockerfile b/devcontainer/template/.devcontainer/general-devcontainer/Dockerfile new file mode 100644 index 0000000..aa4e1e2 --- /dev/null +++ b/devcontainer/template/.devcontainer/general-devcontainer/Dockerfile @@ -0,0 +1,17 @@ +# syntax=docker/dockerfile:1 +FROM ghcr.io/everest/everest-ci/dev-env-base:v1.3.2 + +# Update the package list +RUN sudo apt update + +# EVerest Development Tool - Dependencies +RUN pip install --break-system-packages \ + docker==7.1.0 +# EVerest Development Tool +ARG DEV_ENV_TOOL_VERSION=v0.7.0 +RUN python3 -m pip install --break-system-packages \ + git+https://github.com/EVerest/everest-dev-environment@${DEV_ENV_TOOL_VERSION}#subdirectory=everest_dev_tool + +RUN echo "echo \"🏔️ 🚘 Welcome to the EVerest development environment!\"" >> ${HOME}/.bashrc +RUN echo "echo \"To initialize the EVerest core repository everest-core in your workspace please run the following command:\"" >> ${HOME}/.bashrc +RUN echo "echo \"everest clone everest-core\"" >> ${HOME}/.bashrc diff --git a/devcontainer/template/.devcontainer/general-devcontainer/devcontainer.json b/devcontainer/template/.devcontainer/general-devcontainer/devcontainer.json new file mode 100644 index 0000000..c5f786b --- /dev/null +++ b/devcontainer/template/.devcontainer/general-devcontainer/devcontainer.json @@ -0,0 +1,63 @@ +{ + "name": "EVerest - ${localWorkspaceFolderBasename}", + "dockerComposeFile": ["../docker-compose.yml", "./docker-compose.devcontainer.yml"], + "service": "devcontainer", + "runServices": ["devcontainer"], + "remoteUser": "docker", + "workspaceFolder": "/workspace", + "forwardPorts": [ + "mqtt-explorer:4000", + "steve:8180" + ], + "portsAttributes": { + "mqtt-explorer:4000": { + "label": "MQTT Explorer - WebView" + }, + "steve:8180": { + "label": "Steve - WebTool" + } + }, + "otherPortsAttributes": { + "onAutoForward": "notify", + "protocol": "http", + "requireLocalPort": false + }, + "customizations": { + "vscode": { + "settings": { + "terminal.integrated.profiles.linux": { + "bash": { + "path": "/bin/bash", + "icon": "terminal-bash", + "args": ["-l"] + } + }, + "terminal.integrated.defaultProfile.linux": "bash", + "python.pythonPath": "/usr/bin/python3", + "python.defaultInterpreterPath": "/usr/bin/python3", + "editor.rulers": [79, 120], + // RST/Sphinx language server + "esbonio.sphinx.buildDir": "${workspaceFolder}/everest/docs/_build", + "esbonio.sphinx.confDir": "${workspaceFolder}/everest/docs", + // RST + "restructuredtext.preview.scrollEditorWithPreview": false, + "restructuredtext.pythonRecommendation.disabled": true, + "liveServer.settings.root": "/everest/docs/_build/html" + }, + "extensions": [ + // language support CPP + "ms-vscode.cpptools", + // language support cmake + "twxs.cmake", + "ms-vscode.cmake-tools", + // language support python + "ms-python.python", + // language support restructured text + "lextudio.restructuredtext", + "trond-snekvik.simple-rst", + // doc live server + "ritwickdey.liveserver" + ] + } + } +} diff --git a/devcontainer/template/.devcontainer/general-devcontainer/docker-compose.devcontainer.yml b/devcontainer/template/.devcontainer/general-devcontainer/docker-compose.devcontainer.yml new file mode 100644 index 0000000..3b205a1 --- /dev/null +++ b/devcontainer/template/.devcontainer/general-devcontainer/docker-compose.devcontainer.yml @@ -0,0 +1,48 @@ +networks: + docker-proxy-network: + internal: true + +volumes: + cpm-source-cache: + name: everest-cpm-source-cache + +services: + docker-proxy: + image: tecnativa/docker-socket-proxy:latest + volumes: + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + environment: + - CONTAINERS=1 + - IMAGES=1 + - POST=1 + - NETWORKS=1 + - VOLUMES=1 + networks: + - docker-proxy-network + + devcontainer: + depends_on: + - docker-proxy + build: + context: ./general-devcontainer + dockerfile: Dockerfile + volumes: + - type: bind + source: .. + target: /workspace + - type: volume + source: cpm-source-cache + target: /home/docker/.cache/cpm + command: sleep infinity + environment: + MQTT_SERVER_ADDRESS: mqtt-server + MQTT_SERVER_PORT: 1883 + DOCKER_HOST: tcp://docker-proxy:2375 + CPM_SOURCE_CACHE: /home/docker/.cache/cpm + networks: + - docker-proxy-network + - default + sysctls: + - net.ipv6.conf.all.disable_ipv6=0 diff --git a/docker/images/mosquitto/Dockerfile b/docker/images/mosquitto/Dockerfile new file mode 100644 index 0000000..0037855 --- /dev/null +++ b/docker/images/mosquitto/Dockerfile @@ -0,0 +1,3 @@ +FROM eclipse-mosquitto:2.0.10 + +COPY mosquitto.conf /mosquitto/config/mosquitto.conf diff --git a/docker/images/mosquitto/mosquitto.conf b/docker/images/mosquitto/mosquitto.conf new file mode 100644 index 0000000..88ff4e3 --- /dev/null +++ b/docker/images/mosquitto/mosquitto.conf @@ -0,0 +1,876 @@ +# Config file for mosquitto +# +# See mosquitto.conf(5) for more information. +# +# Default values are shown, uncomment to change. +# +# Use the # character to indicate a comment, but only if it is the +# very first character on the line. + +# ================================================================= +# General configuration +# ================================================================= + +# Use per listener security settings. +# +# It is recommended this option be set before any other options. +# +# If this option is set to true, then all authentication and access control +# options are controlled on a per listener basis. The following options are +# affected: +# +# password_file acl_file psk_file auth_plugin auth_opt_* allow_anonymous +# auto_id_prefix allow_zero_length_clientid +# +# Note that if set to true, then a durable client (i.e. with clean session set +# to false) that has disconnected will use the ACL settings defined for the +# listener that it was most recently connected to. +# +# The default behaviour is for this to be set to false, which maintains the +# setting behaviour from previous versions of mosquitto. +#per_listener_settings false + + +# This option controls whether a client is allowed to connect with a zero +# length client id or not. This option only affects clients using MQTT v3.1.1 +# and later. If set to false, clients connecting with a zero length client id +# are disconnected. If set to true, clients will be allocated a client id by +# the broker. This means it is only useful for clients with clean session set +# to true. +#allow_zero_length_clientid true + +# If allow_zero_length_clientid is true, this option allows you to set a prefix +# to automatically generated client ids to aid visibility in logs. +# Defaults to 'auto-' +#auto_id_prefix auto- + +# This option affects the scenario when a client subscribes to a topic that has +# retained messages. It is possible that the client that published the retained +# message to the topic had access at the time they published, but that access +# has been subsequently removed. If check_retain_source is set to true, the +# default, the source of a retained message will be checked for access rights +# before it is republished. When set to false, no check will be made and the +# retained message will always be published. This affects all listeners. +#check_retain_source true + +# QoS 1 and 2 messages will be allowed inflight per client until this limit +# is exceeded. Defaults to 0. (No maximum) +# See also max_inflight_messages +#max_inflight_bytes 0 + +# The maximum number of QoS 1 and 2 messages currently inflight per +# client. +# This includes messages that are partway through handshakes and +# those that are being retried. Defaults to 20. Set to 0 for no +# maximum. Setting to 1 will guarantee in-order delivery of QoS 1 +# and 2 messages. +#max_inflight_messages 20 + +# For MQTT v5 clients, it is possible to have the server send a "server +# keepalive" value that will override the keepalive value set by the client. +# This is intended to be used as a mechanism to say that the server will +# disconnect the client earlier than it anticipated, and that the client should +# use the new keepalive value. The max_keepalive option allows you to specify +# that clients may only connect with keepalive less than or equal to this +# value, otherwise they will be sent a server keepalive telling them to use +# max_keepalive. This only applies to MQTT v5 clients. The maximum value +# allowable is 65535. Do not set below 10. +#max_keepalive 65535 + +# For MQTT v5 clients, it is possible to have the server send a "maximum packet +# size" value that will instruct the client it will not accept MQTT packets +# with size greater than max_packet_size bytes. This applies to the full MQTT +# packet, not just the payload. Setting this option to a positive value will +# set the maximum packet size to that number of bytes. If a client sends a +# packet which is larger than this value, it will be disconnected. This applies +# to all clients regardless of the protocol version they are using, but v3.1.1 +# and earlier clients will of course not have received the maximum packet size +# information. Defaults to no limit. Setting below 20 bytes is forbidden +# because it is likely to interfere with ordinary client operation, even with +# very small payloads. +#max_packet_size 0 + +# QoS 1 and 2 messages above those currently in-flight will be queued per +# client until this limit is exceeded. Defaults to 0. (No maximum) +# See also max_queued_messages. +# If both max_queued_messages and max_queued_bytes are specified, packets will +# be queued until the first limit is reached. +#max_queued_bytes 0 + +# Set the maximum QoS supported. Clients publishing at a QoS higher than +# specified here will be disconnected. +#max_qos 2 + +# The maximum number of QoS 1 and 2 messages to hold in a queue per client +# above those that are currently in-flight. Defaults to 1000. Set +# to 0 for no maximum (not recommended). +# See also queue_qos0_messages. +# See also max_queued_bytes. +#max_queued_messages 1000 +# +# This option sets the maximum number of heap memory bytes that the broker will +# allocate, and hence sets a hard limit on memory use by the broker. Memory +# requests that exceed this value will be denied. The effect will vary +# depending on what has been denied. If an incoming message is being processed, +# then the message will be dropped and the publishing client will be +# disconnected. If an outgoing message is being sent, then the individual +# message will be dropped and the receiving client will be disconnected. +# Defaults to no limit. +#memory_limit 0 + +# This option sets the maximum publish payload size that the broker will allow. +# Received messages that exceed this size will not be accepted by the broker. +# The default value is 0, which means that all valid MQTT messages are +# accepted. MQTT imposes a maximum payload size of 268435455 bytes. +#message_size_limit 0 + +# This option allows persistent clients (those with clean session set to false) +# to be removed if they do not reconnect within a certain time frame. +# +# This is a non-standard option in MQTT V3.1 but allowed in MQTT v3.1.1. +# +# Badly designed clients may set clean session to false whilst using a randomly +# generated client id. This leads to persistent clients that will never +# reconnect. This option allows these clients to be removed. +# +# The expiration period should be an integer followed by one of h d w m y for +# hour, day, week, month and year respectively. For example +# +# persistent_client_expiration 2m +# persistent_client_expiration 14d +# persistent_client_expiration 1y +# +# The default if not set is to never expire persistent clients. +#persistent_client_expiration + +# Write process id to a file. Default is a blank string which means +# a pid file shouldn't be written. +# This should be set to /var/run/mosquitto/mosquitto.pid if mosquitto is +# being run automatically on boot with an init script and +# start-stop-daemon or similar. +#pid_file + +# Set to true to queue messages with QoS 0 when a persistent client is +# disconnected. These messages are included in the limit imposed by +# max_queued_messages and max_queued_bytes +# Defaults to false. +# This is a non-standard option for the MQTT v3.1 spec but is allowed in +# v3.1.1. +#queue_qos0_messages false + +# Set to false to disable retained message support. If a client publishes a +# message with the retain bit set, it will be disconnected if this is set to +# false. +#retain_available true + +# Disable Nagle's algorithm on client sockets. This has the effect of reducing +# latency of individual messages at the potential cost of increasing the number +# of packets being sent. +#set_tcp_nodelay false + +# Time in seconds between updates of the $SYS tree. +# Set to 0 to disable the publishing of the $SYS tree. +#sys_interval 10 + +# The MQTT specification requires that the QoS of a message delivered to a +# subscriber is never upgraded to match the QoS of the subscription. Enabling +# this option changes this behaviour. If upgrade_outgoing_qos is set true, +# messages sent to a subscriber will always match the QoS of its subscription. +# This is a non-standard option explicitly disallowed by the spec. +#upgrade_outgoing_qos false + +# When run as root, drop privileges to this user and its primary +# group. +# Set to root to stay as root, but this is not recommended. +# If set to "mosquitto", or left unset, and the "mosquitto" user does not exist +# then it will drop privileges to the "nobody" user instead. +# If run as a non-root user, this setting has no effect. +# Note that on Windows this has no effect and so mosquitto should be started by +# the user you wish it to run as. +#user mosquitto + +# ================================================================= +# Listeners +# ================================================================= + +# Listen on a port/ip address combination. By using this variable +# multiple times, mosquitto can listen on more than one port. If +# this variable is used and neither bind_address nor port given, +# then the default listener will not be started. +# The port number to listen on must be given. Optionally, an ip +# address or host name may be supplied as a second argument. In +# this case, mosquitto will attempt to bind the listener to that +# address and so restrict access to the associated network and +# interface. By default, mosquitto will listen on all interfaces. +# Note that for a websockets listener it is not possible to bind to a host +# name. +# +# On systems that support Unix Domain Sockets, it is also possible +# to create a # Unix socket rather than opening a TCP socket. In +# this case, the port number should be set to 0 and a unix socket +# path must be provided, e.g. +# listener 0 /tmp/mosquitto.sock +# +# listener port-number [ip address/host name/unix socket path] +listener 1883 + +# By default, a listener will attempt to listen on all supported IP protocol +# versions. If you do not have an IPv4 or IPv6 interface you may wish to +# disable support for either of those protocol versions. In particular, note +# that due to the limitations of the websockets library, it will only ever +# attempt to open IPv6 sockets if IPv6 support is compiled in, and so will fail +# if IPv6 is not available. +# +# Set to `ipv4` to force the listener to only use IPv4, or set to `ipv6` to +# force the listener to only use IPv6. If you want support for both IPv4 and +# IPv6, then do not use the socket_domain option. +# +#socket_domain + +# Bind the listener to a specific interface. This is similar to +# the [ip address/host name] part of the listener definition, but is useful +# when an interface has multiple addresses or the address may change. If used +# with the [ip address/host name] part of the listener definition, then the +# bind_interface option will take priority. +# Not available on Windows. +# +# Example: bind_interface eth0 +#bind_interface + +# When a listener is using the websockets protocol, it is possible to serve +# http data as well. Set http_dir to a directory which contains the files you +# wish to serve. If this option is not specified, then no normal http +# connections will be possible. +#http_dir + +# The maximum number of client connections to allow. This is +# a per listener setting. +# Default is -1, which means unlimited connections. +# Note that other process limits mean that unlimited connections +# are not really possible. Typically the default maximum number of +# connections possible is around 1024. +#max_connections -1 + +# The listener can be restricted to operating within a topic hierarchy using +# the mount_point option. This is achieved be prefixing the mount_point string +# to all topics for any clients connected to this listener. This prefixing only +# happens internally to the broker; the client will not see the prefix. +#mount_point + +# Choose the protocol to use when listening. +# This can be either mqtt or websockets. +# Certificate based TLS may be used with websockets, except that only the +# cafile, certfile, keyfile, ciphers, and ciphers_tls13 options are supported. +#protocol mqtt + +# Set use_username_as_clientid to true to replace the clientid that a client +# connected with with its username. This allows authentication to be tied to +# the clientid, which means that it is possible to prevent one client +# disconnecting another by using the same clientid. +# If a client connects with no username it will be disconnected as not +# authorised when this option is set to true. +# Do not use in conjunction with clientid_prefixes. +# See also use_identity_as_username. +#use_username_as_clientid + +# Change the websockets headers size. This is a global option, it is not +# possible to set per listener. This option sets the size of the buffer used in +# the libwebsockets library when reading HTTP headers. If you are passing large +# header data such as cookies then you may need to increase this value. If left +# unset, or set to 0, then the default of 1024 bytes will be used. +#websockets_headers_size + +# ----------------------------------------------------------------- +# Certificate based SSL/TLS support +# ----------------------------------------------------------------- +# The following options can be used to enable certificate based SSL/TLS support +# for this listener. Note that the recommended port for MQTT over TLS is 8883, +# but this must be set manually. +# +# See also the mosquitto-tls man page and the "Pre-shared-key based SSL/TLS +# support" section. Only one of certificate or PSK encryption support can be +# enabled for any listener. + +# Both of certfile and keyfile must be defined to enable certificate based +# TLS encryption. + +# Path to the PEM encoded server certificate. +#certfile + +# Path to the PEM encoded keyfile. +#keyfile + +# If you wish to control which encryption ciphers are used, use the ciphers +# option. The list of available ciphers can be optained using the "openssl +# ciphers" command and should be provided in the same format as the output of +# that command. This applies to TLS 1.2 and earlier versions only. Use +# ciphers_tls1.3 for TLS v1.3. +#ciphers + +# Choose which TLS v1.3 ciphersuites are used for this listener. +# Defaults to "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" +#ciphers_tls1.3 + +# If you have require_certificate set to true, you can create a certificate +# revocation list file to revoke access to particular client certificates. If +# you have done this, use crlfile to point to the PEM encoded revocation file. +#crlfile + +# To allow the use of ephemeral DH key exchange, which provides forward +# security, the listener must load DH parameters. This can be specified with +# the dhparamfile option. The dhparamfile can be generated with the command +# e.g. "openssl dhparam -out dhparam.pem 2048" +#dhparamfile + +# By default an TLS enabled listener will operate in a similar fashion to a +# https enabled web server, in that the server has a certificate signed by a CA +# and the client will verify that it is a trusted certificate. The overall aim +# is encryption of the network traffic. By setting require_certificate to true, +# the client must provide a valid certificate in order for the network +# connection to proceed. This allows access to the broker to be controlled +# outside of the mechanisms provided by MQTT. +#require_certificate false + +# cafile and capath define methods of accessing the PEM encoded +# Certificate Authority certificates that will be considered trusted when +# checking incoming client certificates. +# cafile defines the path to a file containing the CA certificates. +# capath defines a directory that will be searched for files +# containing the CA certificates. For capath to work correctly, the +# certificate files must have ".crt" as the file ending and you must run +# "openssl rehash " each time you add/remove a certificate. +#cafile +#capath + + +# If require_certificate is true, you may set use_identity_as_username to true +# to use the CN value from the client certificate as a username. If this is +# true, the password_file option will not be used for this listener. +#use_identity_as_username false + +# ----------------------------------------------------------------- +# Pre-shared-key based SSL/TLS support +# ----------------------------------------------------------------- +# The following options can be used to enable PSK based SSL/TLS support for +# this listener. Note that the recommended port for MQTT over TLS is 8883, but +# this must be set manually. +# +# See also the mosquitto-tls man page and the "Certificate based SSL/TLS +# support" section. Only one of certificate or PSK encryption support can be +# enabled for any listener. + +# The psk_hint option enables pre-shared-key support for this listener and also +# acts as an identifier for this listener. The hint is sent to clients and may +# be used locally to aid authentication. The hint is a free form string that +# doesn't have much meaning in itself, so feel free to be creative. +# If this option is provided, see psk_file to define the pre-shared keys to be +# used or create a security plugin to handle them. +#psk_hint + +# When using PSK, the encryption ciphers used will be chosen from the list of +# available PSK ciphers. If you want to control which ciphers are available, +# use the "ciphers" option. The list of available ciphers can be optained +# using the "openssl ciphers" command and should be provided in the same format +# as the output of that command. +#ciphers + +# Set use_identity_as_username to have the psk identity sent by the client used +# as its username. Authentication will be carried out using the PSK rather than +# the MQTT username/password and so password_file will not be used for this +# listener. +#use_identity_as_username false + +listener 9001 +protocol websockets + +# ================================================================= +# Persistence +# ================================================================= + +# If persistence is enabled, save the in-memory database to disk +# every autosave_interval seconds. If set to 0, the persistence +# database will only be written when mosquitto exits. See also +# autosave_on_changes. +# Note that writing of the persistence database can be forced by +# sending mosquitto a SIGUSR1 signal. +#autosave_interval 1800 + +# If true, mosquitto will count the number of subscription changes, retained +# messages received and queued messages and if the total exceeds +# autosave_interval then the in-memory database will be saved to disk. +# If false, mosquitto will save the in-memory database to disk by treating +# autosave_interval as a time in seconds. +#autosave_on_changes false + +# Save persistent message data to disk (true/false). +# This saves information about all messages, including +# subscriptions, currently in-flight messages and retained +# messages. +# retained_persistence is a synonym for this option. +#persistence false + +# The filename to use for the persistent database, not including +# the path. +#persistence_file mosquitto.db + +# Location for persistent database. +# Default is an empty string (current directory). +# Set to e.g. /var/lib/mosquitto if running as a proper service on Linux or +# similar. +#persistence_location + + +# ================================================================= +# Logging +# ================================================================= + +# Places to log to. Use multiple log_dest lines for multiple +# logging destinations. +# Possible destinations are: stdout stderr syslog topic file dlt +# +# stdout and stderr log to the console on the named output. +# +# syslog uses the userspace syslog facility which usually ends up +# in /var/log/messages or similar. +# +# topic logs to the broker topic '$SYS/broker/log/', +# where severity is one of D, E, W, N, I, M which are debug, error, +# warning, notice, information and message. Message type severity is used by +# the subscribe/unsubscribe log_types and publishes log messages to +# $SYS/broker/log/M/susbcribe or $SYS/broker/log/M/unsubscribe. +# +# The file destination requires an additional parameter which is the file to be +# logged to, e.g. "log_dest file /var/log/mosquitto.log". The file will be +# closed and reopened when the broker receives a HUP signal. Only a single file +# destination may be configured. +# +# The dlt destination is for the automotive `Diagnostic Log and Trace` tool. +# This requires that Mosquitto has been compiled with DLT support. +# +# Note that if the broker is running as a Windows service it will default to +# "log_dest none" and neither stdout nor stderr logging is available. +# Use "log_dest none" if you wish to disable logging. +#log_dest stderr + +# Types of messages to log. Use multiple log_type lines for logging +# multiple types of messages. +# Possible types are: debug, error, warning, notice, information, +# none, subscribe, unsubscribe, websockets, all. +# Note that debug type messages are for decoding the incoming/outgoing +# network packets. They are not logged in "topics". +#log_type error +#log_type warning +#log_type notice +#log_type information + + +# If set to true, client connection and disconnection messages will be included +# in the log. +#connection_messages true + +# If using syslog logging (not on Windows), messages will be logged to the +# "daemon" facility by default. Use the log_facility option to choose which of +# local0 to local7 to log to instead. The option value should be an integer +# value, e.g. "log_facility 5" to use local5. +#log_facility + +# If set to true, add a timestamp value to each log message. +#log_timestamp true + +# Set the format of the log timestamp. If left unset, this is the number of +# seconds since the Unix epoch. +# This is a free text string which will be passed to the strftime function. To +# get an ISO 8601 datetime, for example: +# log_timestamp_format %Y-%m-%dT%H:%M:%S +#log_timestamp_format + +# Change the websockets logging level. This is a global option, it is not +# possible to set per listener. This is an integer that is interpreted by +# libwebsockets as a bit mask for its lws_log_levels enum. See the +# libwebsockets documentation for more details. "log_type websockets" must also +# be enabled. +#websockets_log_level 0 + + +# ================================================================= +# Security +# ================================================================= + +# If set, only clients that have a matching prefix on their +# clientid will be allowed to connect to the broker. By default, +# all clients may connect. +# For example, setting "secure-" here would mean a client "secure- +# client" could connect but another with clientid "mqtt" couldn't. +#clientid_prefixes + +# Boolean value that determines whether clients that connect +# without providing a username are allowed to connect. If set to +# false then a password file should be created (see the +# password_file option) to control authenticated client access. +# +# Defaults to false, unless there are no listeners defined in the configuration +# file, in which case it is set to true, but connections are only allowed from +# the local machine. +allow_anonymous true + +# ----------------------------------------------------------------- +# Default authentication and topic access control +# ----------------------------------------------------------------- + +# Control access to the broker using a password file. This file can be +# generated using the mosquitto_passwd utility. If TLS support is not compiled +# into mosquitto (it is recommended that TLS support should be included) then +# plain text passwords are used, in which case the file should be a text file +# with lines in the format: +# username:password +# The password (and colon) may be omitted if desired, although this +# offers very little in the way of security. +# +# See the TLS client require_certificate and use_identity_as_username options +# for alternative authentication options. If an auth_plugin is used as well as +# password_file, the auth_plugin check will be made first. +#password_file + +# Access may also be controlled using a pre-shared-key file. This requires +# TLS-PSK support and a listener configured to use it. The file should be text +# lines in the format: +# identity:key +# The key should be in hexadecimal format without a leading "0x". +# If an auth_plugin is used as well, the auth_plugin check will be made first. +#psk_file + +# Control access to topics on the broker using an access control list +# file. If this parameter is defined then only the topics listed will +# have access. +# If the first character of a line of the ACL file is a # it is treated as a +# comment. +# Topic access is added with lines of the format: +# +# topic [read|write|readwrite|deny] +# +# The access type is controlled using "read", "write", "readwrite" or "deny". +# This parameter is optional (unless contains a space character) - if +# not given then the access is read/write. can contain the + or # +# wildcards as in subscriptions. +# +# The "deny" option can used to explicity deny access to a topic that would +# otherwise be granted by a broader read/write/readwrite statement. Any "deny" +# topics are handled before topics that grant read/write access. +# +# The first set of topics are applied to anonymous clients, assuming +# allow_anonymous is true. User specific topic ACLs are added after a +# user line as follows: +# +# user +# +# The username referred to here is the same as in password_file. It is +# not the clientid. +# +# +# If is also possible to define ACLs based on pattern substitution within the +# topic. The patterns available for substition are: +# +# %c to match the client id of the client +# %u to match the username of the client +# +# The substitution pattern must be the only text for that level of hierarchy. +# +# The form is the same as for the topic keyword, but using pattern as the +# keyword. +# Pattern ACLs apply to all users even if the "user" keyword has previously +# been given. +# +# If using bridges with usernames and ACLs, connection messages can be allowed +# with the following pattern: +# pattern write $SYS/broker/connection/%c/state +# +# pattern [read|write|readwrite] +# +# Example: +# +# pattern write sensor/%u/data +# +# If an auth_plugin is used as well as acl_file, the auth_plugin check will be +# made first. +#acl_file + +# ----------------------------------------------------------------- +# External authentication and topic access plugin options +# ----------------------------------------------------------------- + +# External authentication and access control can be supported with the +# auth_plugin option. This is a path to a loadable plugin. See also the +# auth_opt_* options described below. +# +# The auth_plugin option can be specified multiple times to load multiple +# plugins. The plugins will be processed in the order that they are specified +# here. If the auth_plugin option is specified alongside either of +# password_file or acl_file then the plugin checks will be made first. +# +#auth_plugin + +# If the auth_plugin option above is used, define options to pass to the +# plugin here as described by the plugin instructions. All options named +# using the format auth_opt_* will be passed to the plugin, for example: +# +# auth_opt_db_host +# auth_opt_db_port +# auth_opt_db_username +# auth_opt_db_password + + +# ================================================================= +# Bridges +# ================================================================= + +# A bridge is a way of connecting multiple MQTT brokers together. +# Create a new bridge using the "connection" option as described below. Set +# options for the bridges using the remaining parameters. You must specify the +# address and at least one topic to subscribe to. +# +# Each connection must have a unique name. +# +# The address line may have multiple host address and ports specified. See +# below in the round_robin description for more details on bridge behaviour if +# multiple addresses are used. Note that if you use an IPv6 address, then you +# are required to specify a port. +# +# The direction that the topic will be shared can be chosen by +# specifying out, in or both, where the default value is out. +# The QoS level of the bridged communication can be specified with the next +# topic option. The default QoS level is 0, to change the QoS the topic +# direction must also be given. +# +# The local and remote prefix options allow a topic to be remapped when it is +# bridged to/from the remote broker. This provides the ability to place a topic +# tree in an appropriate location. +# +# For more details see the mosquitto.conf man page. +# +# Multiple topics can be specified per connection, but be careful +# not to create any loops. +# +# If you are using bridges with cleansession set to false (the default), then +# you may get unexpected behaviour from incoming topics if you change what +# topics you are subscribing to. This is because the remote broker keeps the +# subscription for the old topic. If you have this problem, connect your bridge +# with cleansession set to true, then reconnect with cleansession set to false +# as normal. +#connection +#address [:] [[:]] +#topic [[[out | in | both] qos-level] local-prefix remote-prefix] + +# If you need to have the bridge connect over a particular network interface, +# use bridge_bind_address to tell the bridge which local IP address the socket +# should bind to, e.g. `bridge_bind_address 192.168.1.10` +#bridge_bind_address + +# If a bridge has topics that have "out" direction, the default behaviour is to +# send an unsubscribe request to the remote broker on that topic. This means +# that changing a topic direction from "in" to "out" will not keep receiving +# incoming messages. Sending these unsubscribe requests is not always +# desirable, setting bridge_attempt_unsubscribe to false will disable sending +# the unsubscribe request. +#bridge_attempt_unsubscribe true + +# Set the version of the MQTT protocol to use with for this bridge. Can be one +# of mqttv50, mqttv311 or mqttv31. Defaults to mqttv311. +#bridge_protocol_version mqttv311 + +# Set the clean session variable for this bridge. +# When set to true, when the bridge disconnects for any reason, all +# messages and subscriptions will be cleaned up on the remote +# broker. Note that with cleansession set to true, there may be a +# significant amount of retained messages sent when the bridge +# reconnects after losing its connection. +# When set to false, the subscriptions and messages are kept on the +# remote broker, and delivered when the bridge reconnects. +#cleansession false + +# Set the amount of time a bridge using the lazy start type must be idle before +# it will be stopped. Defaults to 60 seconds. +#idle_timeout 60 + +# Set the keepalive interval for this bridge connection, in +# seconds. +#keepalive_interval 60 + +# Set the clientid to use on the local broker. If not defined, this defaults to +# 'local.'. If you are bridging a broker to itself, it is important +# that local_clientid and clientid do not match. +#local_clientid + +# If set to true, publish notification messages to the local and remote brokers +# giving information about the state of the bridge connection. Retained +# messages are published to the topic $SYS/broker/connection//state +# unless the notification_topic option is used. +# If the message is 1 then the connection is active, or 0 if the connection has +# failed. +# This uses the last will and testament feature. +#notifications true + +# Choose the topic on which notification messages for this bridge are +# published. If not set, messages are published on the topic +# $SYS/broker/connection//state +#notification_topic + +# Set the client id to use on the remote end of this bridge connection. If not +# defined, this defaults to 'name.hostname' where name is the connection name +# and hostname is the hostname of this computer. +# This replaces the old "clientid" option to avoid confusion. "clientid" +# remains valid for the time being. +#remote_clientid + +# Set the password to use when connecting to a broker that requires +# authentication. This option is only used if remote_username is also set. +# This replaces the old "password" option to avoid confusion. "password" +# remains valid for the time being. +#remote_password + +# Set the username to use when connecting to a broker that requires +# authentication. +# This replaces the old "username" option to avoid confusion. "username" +# remains valid for the time being. +#remote_username + +# Set the amount of time a bridge using the automatic start type will wait +# until attempting to reconnect. +# This option can be configured to use a constant delay time in seconds, or to +# use a backoff mechanism based on "Decorrelated Jitter", which adds a degree +# of randomness to when the restart occurs. +# +# Set a constant timeout of 20 seconds: +# restart_timeout 20 +# +# Set backoff with a base (start value) of 10 seconds and a cap (upper limit) of +# 60 seconds: +# restart_timeout 10 30 +# +# Defaults to jitter with a base of 5 and cap of 30 +#restart_timeout 5 30 + +# If the bridge has more than one address given in the address/addresses +# configuration, the round_robin option defines the behaviour of the bridge on +# a failure of the bridge connection. If round_robin is false, the default +# value, then the first address is treated as the main bridge connection. If +# the connection fails, the other secondary addresses will be attempted in +# turn. Whilst connected to a secondary bridge, the bridge will periodically +# attempt to reconnect to the main bridge until successful. +# If round_robin is true, then all addresses are treated as equals. If a +# connection fails, the next address will be tried and if successful will +# remain connected until it fails +#round_robin false + +# Set the start type of the bridge. This controls how the bridge starts and +# can be one of three types: automatic, lazy and once. Note that RSMB provides +# a fourth start type "manual" which isn't currently supported by mosquitto. +# +# "automatic" is the default start type and means that the bridge connection +# will be started automatically when the broker starts and also restarted +# after a short delay (30 seconds) if the connection fails. +# +# Bridges using the "lazy" start type will be started automatically when the +# number of queued messages exceeds the number set with the "threshold" +# parameter. It will be stopped automatically after the time set by the +# "idle_timeout" parameter. Use this start type if you wish the connection to +# only be active when it is needed. +# +# A bridge using the "once" start type will be started automatically when the +# broker starts but will not be restarted if the connection fails. +#start_type automatic + +# Set the number of messages that need to be queued for a bridge with lazy +# start type to be restarted. Defaults to 10 messages. +# Must be less than max_queued_messages. +#threshold 10 + +# If try_private is set to true, the bridge will attempt to indicate to the +# remote broker that it is a bridge not an ordinary client. If successful, this +# means that loop detection will be more effective and that retained messages +# will be propagated correctly. Not all brokers support this feature so it may +# be necessary to set try_private to false if your bridge does not connect +# properly. +#try_private true + +# Some MQTT brokers do not allow retained messages. MQTT v5 gives a mechanism +# for brokers to tell clients that they do not support retained messages, but +# this is not possible for MQTT v3.1.1 or v3.1. If you need to bridge to a +# v3.1.1 or v3.1 broker that does not support retained messages, set the +# bridge_outgoing_retain option to false. This will remove the retain bit on +# all outgoing messages to that bridge, regardless of any other setting. +#bridge_outgoing_retain true + +# If you wish to restrict the size of messages sent to a remote bridge, use the +# bridge_max_packet_size option. This sets the maximum number of bytes for +# the total message, including headers and payload. +# Note that MQTT v5 brokers may provide their own maximum-packet-size property. +# In this case, the smaller of the two limits will be used. +# Set to 0 for "unlimited". +#bridge_max_packet_size 0 + + +# ----------------------------------------------------------------- +# Certificate based SSL/TLS support +# ----------------------------------------------------------------- +# Either bridge_cafile or bridge_capath must be defined to enable TLS support +# for this bridge. +# bridge_cafile defines the path to a file containing the +# Certificate Authority certificates that have signed the remote broker +# certificate. +# bridge_capath defines a directory that will be searched for files containing +# the CA certificates. For bridge_capath to work correctly, the certificate +# files must have ".crt" as the file ending and you must run "openssl rehash +# " each time you add/remove a certificate. +#bridge_cafile +#bridge_capath + + +# If the remote broker has more than one protocol available on its port, e.g. +# MQTT and WebSockets, then use bridge_alpn to configure which protocol is +# requested. Note that WebSockets support for bridges is not yet available. +#bridge_alpn + +# When using certificate based encryption, bridge_insecure disables +# verification of the server hostname in the server certificate. This can be +# useful when testing initial server configurations, but makes it possible for +# a malicious third party to impersonate your server through DNS spoofing, for +# example. Use this option in testing only. If you need to resort to using this +# option in a production environment, your setup is at fault and there is no +# point using encryption. +#bridge_insecure false + +# Path to the PEM encoded client certificate, if required by the remote broker. +#bridge_certfile + +# Path to the PEM encoded client private key, if required by the remote broker. +#bridge_keyfile + +# ----------------------------------------------------------------- +# PSK based SSL/TLS support +# ----------------------------------------------------------------- +# Pre-shared-key encryption provides an alternative to certificate based +# encryption. A bridge can be configured to use PSK with the bridge_identity +# and bridge_psk options. These are the client PSK identity, and pre-shared-key +# in hexadecimal format with no "0x". Only one of certificate and PSK based +# encryption can be used on one +# bridge at once. +#bridge_identity +#bridge_psk + + +# ================================================================= +# External config files +# ================================================================= + +# External configuration files may be included by using the +# include_dir option. This defines a directory that will be searched +# for config files. All files that end in '.conf' will be loaded as +# a configuration file. It is best to have this as the last option +# in the main file. This option will only be processed from the main +# configuration file. The directory specified must not contain the +# main configuration file. +# Files within include_dir will be loaded sorted in case-sensitive +# alphabetical order, with capital letters ordered first. If this option is +# given multiple times, all of the files from the first instance will be +# processed before the next instance. See the man page for examples. +#include_dir diff --git a/docker/images/mqtt-explorer/Dockerfile b/docker/images/mqtt-explorer/Dockerfile new file mode 100644 index 0000000..415a655 --- /dev/null +++ b/docker/images/mqtt-explorer/Dockerfile @@ -0,0 +1,3 @@ +FROM smeagolworms4/mqtt-explorer:browser-1.0.3 + +COPY ./settings.json /mqtt-explorer/config/settings.json diff --git a/docker/images/mqtt-explorer/settings.json b/docker/images/mqtt-explorer/settings.json new file mode 100644 index 0000000..72e874e --- /dev/null +++ b/docker/images/mqtt-explorer/settings.json @@ -0,0 +1,26 @@ +{ + "ConnectionManager_connections": { + "mqtt-server": { + "configVersion": 1, + "certValidation": true, + "clientId": "mqtt-explorer-e1085971", + "id": "mqtt-server", + "name": "MQTT Server", + "encryption": false, + "subscriptions": [ + { + "topic": "#", + "qos": 0 + }, + { + "topic": "$SYS/#", + "qos": 0 + } + ], + "type": "mqtt", + "host": "mqtt-server", + "port": 1883, + "protocol": "mqtt" + } + } +} \ No newline at end of file diff --git a/docker/images/nodered/Dockerfile b/docker/images/nodered/Dockerfile new file mode 100644 index 0000000..e44d7b0 --- /dev/null +++ b/docker/images/nodered/Dockerfile @@ -0,0 +1,5 @@ +FROM nodered/node-red:2.2.3 +RUN npm install node-red-dashboard +RUN npm install node-red-contrib-ui-actions +RUN npm install node-red-node-ui-table +RUN npm install node-red-contrib-ui-level diff --git a/docker/images/steve/Dockerfile b/docker/images/steve/Dockerfile new file mode 100644 index 0000000..040092e --- /dev/null +++ b/docker/images/steve/Dockerfile @@ -0,0 +1,17 @@ +FROM maven:3.6.1-jdk-11 + +ENV LANG=C.UTF-8 LC_ALL=C.UTF-8 + +WORKDIR /steve + +ENV DOCKERIZE_VERSION v0.6.1 +RUN wget --no-verbose https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \ + && tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \ + && rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz + +RUN wget -qO- https://github.com/steve-community/steve/archive/steve-3.6.0.tar.gz | tar xz --strip-components=1 +COPY main.properties src/main/resources/config/docker +COPY init.sh . +COPY keystore.jks . + +CMD /steve/init.sh diff --git a/docker/images/steve/init.sh b/docker/images/steve/init.sh new file mode 100755 index 0000000..cd00a3c --- /dev/null +++ b/docker/images/steve/init.sh @@ -0,0 +1,10 @@ +#!/bin/bash +set -e # exit on any error +dockerize -wait tcp://ocpp-db:3306 -timeout 60s + +if [ ! -f ".buildsuccess" ]; then + mvn clean package -Pdocker -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2" + touch .buildsuccess +fi + +java -jar target/steve.jar \ No newline at end of file diff --git a/docker/images/steve/keystore.jks b/docker/images/steve/keystore.jks new file mode 100644 index 0000000..39cd761 Binary files /dev/null and b/docker/images/steve/keystore.jks differ diff --git a/docker/images/steve/main.properties b/docker/images/steve/main.properties new file mode 100644 index 0000000..ba94007 --- /dev/null +++ b/docker/images/steve/main.properties @@ -0,0 +1,57 @@ +# Just to be backwards compatible with previous versions, this is set to "steve", +# since there might be already configured chargepoints expecting the older path. +# Otherwise, might as well be changed to something else or be left empty. +# +context.path = steve + +# Database configuration +# +db.ip = ocpp-db +db.port = 3306 +db.schema = ocpp-db +db.user = ocpp +db.password = ocpp + +# Credentials for Web interface access +# +auth.user = admin +auth.password = 1234 + +# Jetty configuration +# +server.host = 0.0.0.0 +server.gzip.enabled = false + +# Jetty HTTP configuration +# +http.enabled = true +http.port = 8180 + +# Jetty HTTPS configuration +# +https.enabled = true +https.port = 8443 +keystore.path = /steve/keystore.jks +keystore.password = 123456 + +# When the WebSocket/Json charge point opens more than one WebSocket connection, +# we need a mechanism/strategy to select one of them for outgoing requests. +# For allowed values see de.rwth.idsg.steve.ocpp.ws.custom.WsSessionSelectStrategyEnum. +# +ws.session.select.strategy = ALWAYS_LAST + +# if BootNotification messages arrive (SOAP) or WebSocket connection attempts are made (JSON) from unknown charging +# stations, we reject these charging stations, because stations with these chargeBoxIds were NOT inserted into database +# beforehand. by setting this property to true, this behaviour can be modified to automatically insert unknown +# stations into database and accept their requests. +# +# CAUTION: setting this property to true is very dangerous, because we will accept EVERY BootNotification or WebSocket +# connection attempt from ANY sender as long as the sender knows the URL and sends a valid message. +# +auto.register.unknown.stations = false + +### DO NOT MODIFY ### +steve.version = ${project.version} +git.describe = ${git.commit.id.describe} +db.sql.logging = false +profile = prod diff --git a/everest_dev_tool/.gitignore b/everest_dev_tool/.gitignore new file mode 100644 index 0000000..8584735 --- /dev/null +++ b/everest_dev_tool/.gitignore @@ -0,0 +1,3 @@ +build +__pycache__ +*.egg-info diff --git a/everest_dev_tool/LICENSE b/everest_dev_tool/LICENSE new file mode 100644 index 0000000..261eeb9 --- /dev/null +++ b/everest_dev_tool/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/everest_dev_tool/pyproject.toml b/everest_dev_tool/pyproject.toml new file mode 100644 index 0000000..4a80589 --- /dev/null +++ b/everest_dev_tool/pyproject.toml @@ -0,0 +1,9 @@ +[project] +name = "everest_dev_tool" +version = "0.0.1" +description = "This tool provides helpfull commands to setup/control your dev environment" +license = { text="MIT" } +dependencies = [] + +[project.scripts] +everest = "everest_dev_tool:main" diff --git a/everest_dev_tool/src/everest_dev_tool/__init__.py b/everest_dev_tool/src/everest_dev_tool/__init__.py new file mode 100644 index 0000000..3397b74 --- /dev/null +++ b/everest_dev_tool/src/everest_dev_tool/__init__.py @@ -0,0 +1,9 @@ +__version__ = "0.0.1" + +from . import parser + +def get_parser(): + return parser.get_parser(__version__) + +def main(): + parser.main(get_parser()) diff --git a/everest_dev_tool/src/everest_dev_tool/git_handlers.py b/everest_dev_tool/src/everest_dev_tool/git_handlers.py new file mode 100644 index 0000000..dda87d9 --- /dev/null +++ b/everest_dev_tool/src/everest_dev_tool/git_handlers.py @@ -0,0 +1,16 @@ +import argparse +import logging +import subprocess + +default_logger = logging.getLogger("EVerest's Development Tool - Git Helpers") + +def clone_handler(args: argparse.Namespace, log: logging.Logger = default_logger): + log.debug("Running clone handler") + + if args.https: + repository_url = f"https://github.com/" + else: + repository_url = f"git@github.com:" + repository_url = repository_url + f"{ args.organization }/{ args.repository_name }.git" + + subprocess.run(["git", "clone", "-b", args.branch, repository_url], check=True) diff --git a/everest_dev_tool/src/everest_dev_tool/parser.py b/everest_dev_tool/src/everest_dev_tool/parser.py new file mode 100644 index 0000000..8b75239 --- /dev/null +++ b/everest_dev_tool/src/everest_dev_tool/parser.py @@ -0,0 +1,65 @@ +import argparse +import logging + +from . import services, git_handlers, debug_handlers + +log = logging.getLogger("EVerest's Development Tool") + +def get_parser(version: str) -> argparse.ArgumentParser: + parser = argparse.ArgumentParser(formatter_class=argparse.RawTextHelpFormatter, + description="EVerest's Development Tool",) + parser.add_argument('--version', action='version', version=f'%(prog)s { version }') + parser.add_argument('-v', '--verbose', action='store_true', help="Verbose output") + parser.set_defaults(action_handler=lambda _: parser.print_help()) + + subparsers = parser.add_subparsers(help="available commands") + + # Service related commands + services_parser = subparsers.add_parser("services", help="Service related commands", add_help=True) + services_parser.add_argument('-v', '--verbose', action='store_true', help="Verbose output") + services_subparsers = services_parser.add_subparsers(help="Service related commands") + + start_service_parser = services_subparsers.add_parser("start", help="Start a service", add_help=True) + start_service_parser.add_argument('-v', '--verbose', action='store_true', help="Verbose output") + start_service_parser.add_argument("service_name", help="Name of Service to start") + start_service_parser.set_defaults(action_handler=services.start_service_handler) + + stop_service_parser = services_subparsers.add_parser("stop", help="Stop a service", add_help=True) + stop_service_parser.add_argument('-v', '--verbose', action='store_true', help="Verbose output") + stop_service_parser.add_argument("service_name", help="Name of Service to stop") + stop_service_parser.set_defaults(action_handler=services.stop_service_handler) + + services_info_parser = services_subparsers.add_parser("info", help="Show information about the current environment", add_help=True) + services_info_parser.add_argument('-v', '--verbose', action='store_true', help="Verbose output") + services_info_parser.set_defaults(action_handler=services.info_handler) + + list_services_parser = services_subparsers.add_parser("list", help="List all available services", add_help=True) + list_services_parser.add_argument('-v', '--verbose', action='store_true', help="Verbose output") + list_services_parser.set_defaults(action_handler=services.list_services_handler) + + # Git related commands + clone_parser = subparsers.add_parser("clone", help="Clone a repository", add_help=True) + clone_parser.add_argument('-v', '--verbose', action='store_true', help="Verbose output") + clone_parser.add_argument('--organization', '--org', default="EVerest", help="Github Organization name, default is 'EVerest'") + clone_parser.add_argument('--branch', '-b', default="main", help="Branch to checkout, default is 'main'") + clone_parser.add_argument('--https', action='store_true', help="Use HTTPS to clone the repository, default is 'SSH'") + clone_parser.add_argument("repository_name", help="Name of the repository to clone") + clone_parser.set_defaults(action_handler=git_handlers.clone_handler) + + return parser + +def setup_logging(verbose: bool): + if verbose: + log.setLevel(logging.DEBUG) + else: + log.setLevel(logging.INFO) + console_handler = logging.StreamHandler() + log.addHandler(console_handler) + +def main(parser: argparse.ArgumentParser): + args = parser.parse_args() + args.logger = log + + setup_logging(args.verbose) + + args.action_handler(args) diff --git a/everest_dev_tool/src/everest_dev_tool/services.py b/everest_dev_tool/src/everest_dev_tool/services.py new file mode 100644 index 0000000..25df57b --- /dev/null +++ b/everest_dev_tool/src/everest_dev_tool/services.py @@ -0,0 +1,207 @@ +import argparse +import logging +import os,sys +import subprocess +from dataclasses import dataclass +from typing import List +import docker +import enum + +@dataclass +class DockerEnvironmentInfo: + container_id: str | None = None + container_name: str | None = None + + container_image: str | None = None + container_image_id: str | None = None + container_image_digest: str | None = None + + compose_files: List[str] | None = None + compose_project_name: str | None = None + + in_docker_container: bool = False + +@dataclass +class DockerComposeCommand: + class Command(enum.Enum): + UP = "up" + DOWN = "down" + PS = "ps" + compose_files: List[str] + project_name: str + command: Command + services: List[str] | None = None + def execute_command(self, log: logging.Logger): + command_list = ["docker", "compose"] + for compose_file in self.compose_files: + command_list.extend(["-f", compose_file]) + command_list.extend(["-p", self.project_name]) + if self.command == DockerComposeCommand.Command.UP: + command_list.extend(["up", "-d"]) + command_list.extend(self.services) + elif self.command == DockerComposeCommand.Command.DOWN: + command_list.extend(["down"]) + command_list.extend(self.services) + elif self.command == DockerComposeCommand.Command.PS: + command_list.extend(["ps"]) + else: + log.error(f"Unknown command {self.command}") + return + log.debug(f"Executing command: {' '.join(command_list)}") + subprocess.run(command_list, check=True) + +@dataclass +class Service: + """Class to represent a service""" + name: str + description: str + start_command: List[str] | DockerComposeCommand + stop_command: List[str] | DockerComposeCommand + +#################### +# Helper functions # +#################### + +def get_docker_environment_info(log: logging.Logger) -> DockerEnvironmentInfo: + dei = DockerEnvironmentInfo() + + # Check if we are running in a docker container + if not os.path.exists("/.dockerenv"): + log.debug("Not running in Docker Container") + dei.in_docker_container = False + return dei + + log.debug("Running in Docker Container") + + dei.in_docker_container = True + + # Get the container information + dei.container_id = subprocess.run(["hostname"], stdout=subprocess.PIPE).stdout.decode().strip() + client = docker.from_env() + dei.container_name = client.containers.get(dei.container_id).name + + # Get the image information + dei.container_image = client.containers.get(dei.container_id).image.tags[0]# + dei.container_image_id = client.containers.get(dei.container_id).image.id + dei.container_image_digest = client.images.get(dei.container_image_id).id + + # Get the compose information + if not os.path.exists("/workspace/.devcontainer/docker-compose.yml"): + log.error("docker-compose.yml not found in /workspace/.devcontainer") + sys.exit(1) + dei.compose_files = ["/workspace/.devcontainer/docker-compose.yml"] + + # Check if the container is part of a docker-compose project + if "com.docker.compose.project" not in client.containers.get(dei.container_id).attrs["Config"]["Labels"]: + log.error("Container is not part of a docker-compose project") + sys.exit(1) + + dei.compose_project_name = client.containers.get(dei.container_id).attrs["Config"]["Labels"]["com.docker.compose.project"] + + return dei + +def get_services(docker_env_info: DockerEnvironmentInfo, log: logging.Logger) -> List[Service]: + return [ + Service( + name="mqtt-server", + description="MQTT Server", + start_command=DockerComposeCommand( + compose_files=docker_env_info.compose_files, + project_name=docker_env_info.compose_project_name, + services=["mqtt-server"], + command=DockerComposeCommand.Command.UP + ), + stop_command=DockerComposeCommand( + compose_files=docker_env_info.compose_files, + project_name=docker_env_info.compose_project_name, + services=["mqtt-server"], + command=DockerComposeCommand.Command.DOWN + ) + ), + Service( + name="steve", + description="OCPP server for development of OCPP 1.6", + start_command=DockerComposeCommand( + compose_files=docker_env_info.compose_files, + project_name=docker_env_info.compose_project_name, + services=["steve"], + command=DockerComposeCommand.Command.UP + ), + stop_command=DockerComposeCommand( + compose_files=docker_env_info.compose_files, + project_name=docker_env_info.compose_project_name, + services=["steve", "ocpp-db"], + command=DockerComposeCommand.Command.DOWN + ) + ), + Service( + name="mqtt-explorer", + description="Web based MQTT Client to inspect mqtt traffic", + start_command=DockerComposeCommand( + compose_files=docker_env_info.compose_files, + project_name=docker_env_info.compose_project_name, + services=["mqtt-explorer"], + command=DockerComposeCommand.Command.UP + ), + stop_command=DockerComposeCommand( + compose_files=docker_env_info.compose_files, + project_name=docker_env_info.compose_project_name, + services=["mqtt-explorer"], + command=DockerComposeCommand.Command.DOWN + ) + ) + ] + +def get_service_by_name(service_name: str, docker_env_info: DockerEnvironmentInfo, log: logging.Logger) -> Service: + return next((service for service in get_services(docker_env_info, log) if service.name == service_name), None) + +############ +# Handlers # +############ + +def start_service_handler(args: argparse.Namespace): + log = args.logger + docker_env_info = get_docker_environment_info(log) + service = get_service_by_name(args.service_name, docker_env_info, log) + if service is None: + log.error(f"Service {args.service_name} not found, try 'everest services list' to get a list of available services") + return + + log.info(f"Starting service {service.name}") + if isinstance(service.start_command, DockerComposeCommand): + service.start_command.execute_command(log) + else: + subprocess.run(service.start_command, check=True) + +def stop_service_handler(args: argparse.Namespace): + log = args.logger + docker_env_info = get_docker_environment_info(log) + service = get_service_by_name(args.service_name, docker_env_info, log) + if service is None: + log.error(f"Service {args.service_name} not found, try 'everest services list' to get a list of available services") + return + + log.info(f"Stopping service {service.name}") + if isinstance(service.stop_command, DockerComposeCommand): + service.stop_command.execute_command(log) + else: + subprocess.run(service.stop_command, check=True) + +def list_services_handler(args: argparse.Namespace): + log = args.logger + docker_env_info = get_docker_environment_info(log) + log.info("Available services:") + for service in get_services(docker_env_info, log): + log.info(f"{service.name}: {service.description}") + log.debug(f"Start Command: {service.start_command}") + log.debug(f"Stop Command: {service.stop_command}") + +def info_handler(args: argparse.Namespace): + log = args.logger + docker_env_info = get_docker_environment_info(log) + command = DockerComposeCommand( + compose_files=docker_env_info.compose_files, + project_name=docker_env_info.compose_project_name, + command=DockerComposeCommand.Command.PS + ) + command.execute_command(log)