mirror of
https://dev.iopsys.eu/feed/iopsys.git
synced 2026-01-08 13:37:07 +08:00
Compare commits
3 Commits
marsik_log
...
lcm-no-rba
| Author | SHA1 | Date | |
|---|---|---|---|
|
36aca05aef | ||
|
|
01eab5c778 | ||
|
|
1bab072a26 |
@@ -152,26 +152,7 @@ define Package/${PKG_NAME}/install
|
||||
ifeq ($(CONFIG_PACKAGE_skopeo)$(CONFIG_PACKAGE_umoci),yy)
|
||||
$(CP) $(PKG_BUILD_DIR)/build/src/config/widgets/lcm-store.json $(1)/sulu/config/widgets/
|
||||
endif
|
||||
$(INSTALL_DIR) $(1)/etc/config
|
||||
$(INSTALL_BIN) ./files/etc/config/sulu $(1)/etc/config/sulu
|
||||
|
||||
$(INSTALL_DIR) $(1)/etc/init.d
|
||||
$(INSTALL_BIN) ./files/etc/init.d/sulu $(1)/etc/init.d/sulu
|
||||
|
||||
$(INSTALL_DIR) $(1)/etc/mosquitto/conf.d/
|
||||
$(INSTALL_DATA) ./files/etc/mosquitto/conf.d/obuspa.conf $(1)/etc/mosquitto/conf.d/
|
||||
$(INSTALL_DATA) ./files/etc/mosquitto/conf.d/sulu.conf $(1)/etc/mosquitto/conf.d/
|
||||
$(INSTALL_DATA) ./files/etc/mosquitto/sulu.password $(1)/etc/mosquitto/sulu.password
|
||||
|
||||
$(INSTALL_DIR) $(1)/etc/nginx/conf.d
|
||||
$(INSTALL_DATA) ./files/etc/nginx/conf.d/sulu.conf $(1)/etc/nginx/conf.d/
|
||||
|
||||
$(INSTALL_DIR) $(1)/etc/sulu
|
||||
$(INSTALL_DATA) ./files/etc/sulu/roles.json $(1)/etc/sulu/
|
||||
$(INSTALL_BIN) ./files/etc/sulu/sulu.sh $(1)/etc/sulu/
|
||||
|
||||
$(INSTALL_DIR) $(1)/etc/uci-defaults
|
||||
$(INSTALL_BIN) ./files/etc/uci-defaults/99-fix-sulu-config $(1)/etc/uci-defaults/
|
||||
$(CP) ./files/* $(1)/
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,${PKG_NAME}))
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
config global 'global'
|
||||
option enabled '1'
|
||||
option enable_system_credentials '1'
|
||||
option role_based_access '1'
|
||||
list user 'admin'
|
||||
list user 'user'
|
||||
@@ -1,41 +1,19 @@
|
||||
#!/bin/sh /etc/rc.common
|
||||
|
||||
USE_PROCD=1
|
||||
|
||||
START=99
|
||||
STOP=01
|
||||
STOP=10
|
||||
|
||||
. /lib/functions.sh
|
||||
. /etc/sulu/sulu.sh
|
||||
USE_PROCD=1
|
||||
|
||||
log() {
|
||||
echo "${@}"|logger -t sulu.init -p debug
|
||||
}
|
||||
|
||||
validate_sulu_global_section()
|
||||
{
|
||||
uci_validate_section sulu global global \
|
||||
'enabled:bool:1' \
|
||||
'enable_system_credentials:bool:1' \
|
||||
'role_based_access:bool:0'
|
||||
}
|
||||
|
||||
start_service() {
|
||||
local enabled enable_system_credentials role_based_access
|
||||
|
||||
config_load sulu
|
||||
procd_open_instance sulu
|
||||
|
||||
validate_sulu_global_section || return 0;
|
||||
# append sulu connection injection
|
||||
if [ "${enabled}" -eq "0" ]; then
|
||||
procd_close_instance
|
||||
return 0
|
||||
fi
|
||||
|
||||
configure_sulu "${enable_system_credentials}" "${role_based_access}" 1
|
||||
update_nginx_config "${enabled}"
|
||||
procd_close_instance
|
||||
|
||||
}
|
||||
|
||||
reload_service() {
|
||||
@@ -45,5 +23,5 @@ reload_service() {
|
||||
|
||||
service_triggers()
|
||||
{
|
||||
procd_add_reload_trigger "sulu"
|
||||
procd_add_config_trigger "config.change" "obuspa" /etc/init.d/sulu reload
|
||||
}
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
listener 9001
|
||||
protocol websockets
|
||||
plugin /usr/lib/mosquitto_auth_shadow.so
|
||||
require_certificate false
|
||||
allow_anonymous false
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
admin:$6$OmM9kU/lYct3KJ9j$iP0WK4ezEtRm8+EAggNp7WbJFoWO0p7IUdI0v/hr1WcVHyfFAC30Pb8Csn7GqwwqI2dcmnDOAITnimo2VNe6ug==
|
||||
@@ -1,27 +0,0 @@
|
||||
server {
|
||||
listen 8080;
|
||||
listen [::]:8080;
|
||||
server_name _sulu;
|
||||
root /sulu;
|
||||
location /config/ {
|
||||
autoindex on;
|
||||
expires -1;
|
||||
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,Content-Type,Range';
|
||||
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
add_header 'Content-Type' 'text/plain; charset=utf-8';
|
||||
add_header 'Content-Length' 0;
|
||||
return 204;
|
||||
}
|
||||
if ($request_method = 'GET') {
|
||||
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,Content-Type,Range' always;
|
||||
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
|
||||
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
}
|
||||
}
|
||||
}
|
||||
18
sulu-builder/files/etc/nginx/conf.d/sulu.locations
Normal file
18
sulu-builder/files/etc/nginx/conf.d/sulu.locations
Normal file
@@ -0,0 +1,18 @@
|
||||
location /config/ {
|
||||
autoindex on;
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
|
||||
add_header 'Access-Control-Max-Age' 1728000;
|
||||
add_header 'Content-Type' 'text/plain; charset=utf-8';
|
||||
add_header 'Content-Length' 0;
|
||||
return 204;
|
||||
}
|
||||
if ($request_method = 'GET') {
|
||||
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
|
||||
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
|
||||
}
|
||||
}
|
||||
@@ -1,95 +0,0 @@
|
||||
{
|
||||
"roles": [
|
||||
{
|
||||
"name": "admin",
|
||||
"permission": [
|
||||
{
|
||||
"object": "Device.",
|
||||
"perm": [
|
||||
"PERMIT_ALL"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "user",
|
||||
"permission": [
|
||||
{
|
||||
"object": "Device.",
|
||||
"perm": [
|
||||
"PERMIT_GET",
|
||||
"PERMIT_GET_INST",
|
||||
"PERMIT_OBJ_INFO",
|
||||
"PERMIT_CMD_INFO"
|
||||
]
|
||||
},
|
||||
{
|
||||
"object": "Device.LocalAgent.Subscription.",
|
||||
"perm": [
|
||||
"PERMIT_GET",
|
||||
"PERMIT_GET_INST",
|
||||
"PERMIT_OBJ_INFO",
|
||||
"PERMIT_CMD_INFO",
|
||||
"PERMIT_ADD",
|
||||
"PERMIT_SET",
|
||||
"PERMIT_DEL"
|
||||
]
|
||||
},
|
||||
{
|
||||
"object": "Device.WiFi.",
|
||||
"perm": [
|
||||
"PERMIT_GET",
|
||||
"PERMIT_GET_INST",
|
||||
"PERMIT_OBJ_INFO",
|
||||
"PERMIT_CMD_INFO",
|
||||
"PERMIT_OPER",
|
||||
"PERMIT_SUBS_VAL_CHANGE",
|
||||
"PERMIT_SUBS_OBJ_ADD",
|
||||
"PERMIT_SUBS_OBJ_DEL",
|
||||
"PERMIT_SUBS_EVT_OPER_COMP"
|
||||
]
|
||||
},
|
||||
{
|
||||
"object": "Device.DNS.",
|
||||
"perm": [
|
||||
"PERMIT_GET",
|
||||
"PERMIT_GET_INST",
|
||||
"PERMIT_OBJ_INFO",
|
||||
"PERMIT_CMD_INFO",
|
||||
"PERMIT_OPER",
|
||||
"PERMIT_SUBS_VAL_CHANGE",
|
||||
"PERMIT_SUBS_OBJ_ADD",
|
||||
"PERMIT_SUBS_OBJ_DEL",
|
||||
"PERMIT_SUBS_EVT_OPER_COMP"
|
||||
]
|
||||
},
|
||||
{
|
||||
"object": "Device.IP.",
|
||||
"perm": [
|
||||
"PERMIT_GET",
|
||||
"PERMIT_GET_INST",
|
||||
"PERMIT_OBJ_INFO",
|
||||
"PERMIT_CMD_INFO",
|
||||
"PERMIT_OPER",
|
||||
"PERMIT_SUBS_VAL_CHANGE",
|
||||
"PERMIT_SUBS_OBJ_ADD",
|
||||
"PERMIT_SUBS_OBJ_DEL",
|
||||
"PERMIT_SUBS_EVT_OPER_COMP"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "undefined-1"
|
||||
},
|
||||
{
|
||||
"name": "undefined-2"
|
||||
},
|
||||
{
|
||||
"name": "undefined-3"
|
||||
},
|
||||
{
|
||||
"name": "undefined-4"
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -1,378 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
. /lib/functions.sh
|
||||
|
||||
SULU_CONFIG="/sulu/config/connectionConfig.json"
|
||||
ACL_FILE="/tmp/sulu/mqtt.acl"
|
||||
MB_SULU_CONF="/etc/mosquitto/conf.d/sulu.conf"
|
||||
_RESTART_SERVICES="0"
|
||||
|
||||
mkdir -p /tmp/sulu/
|
||||
|
||||
function slog()
|
||||
{
|
||||
echo "$*" |logger -t sulu.init -p debug
|
||||
}
|
||||
|
||||
function _get_agent_id()
|
||||
{
|
||||
local oui serial endpointid
|
||||
|
||||
endpointid="$(uci_get obuspa localagent EndpointID)"
|
||||
if [ -z "${endpointid}" ]; then
|
||||
oui="$(db -q get device.deviceinfo.ManufacturerOUI)"
|
||||
serial="$(db -q get device.deviceinfo.SerialNumber)"
|
||||
echo "${oui}-${serial}"
|
||||
else
|
||||
echo "$(echo "${endpointid/::/,}"|cut -d "," -f 2)"
|
||||
fi
|
||||
}
|
||||
|
||||
function _get_endpoint_id()
|
||||
{
|
||||
local oui serial endpointid
|
||||
|
||||
endpointid="$(uci_get obuspa localagent EndpointID)"
|
||||
if [ -z "${endpointid}" ]; then
|
||||
oui="$(db -q get device.deviceinfo.ManufacturerOUI)"
|
||||
serial="$(db -q get device.deviceinfo.SerialNumber)"
|
||||
echo "os::${oui}-${serial}"
|
||||
else
|
||||
echo "${endpointid}"
|
||||
fi
|
||||
}
|
||||
|
||||
function _get_sulu_users()
|
||||
{
|
||||
echo "$(uci -q get sulu.global.user)"
|
||||
}
|
||||
|
||||
function generate_sulu_conn_config()
|
||||
{
|
||||
local rbac users
|
||||
|
||||
rbac="${1}"
|
||||
users="$(_get_sulu_users)"
|
||||
|
||||
json_init;
|
||||
if [ "${rbac}" -eq "1" ]; then
|
||||
json_add_string 'currentConnection' 'rbac';
|
||||
else
|
||||
json_add_string 'currentConnection' 'main';
|
||||
fi
|
||||
json_add_object 'connections';
|
||||
json_add_object 'rbac';
|
||||
json_add_string 'toId' "$(_get_endpoint_id)";
|
||||
json_add_int 'port' 9001;
|
||||
json_add_string 'protocol' 'ws';
|
||||
json_add_array 'auth';
|
||||
json_close_array;
|
||||
|
||||
json_add_object 'overrides';
|
||||
for f in ${users}; do
|
||||
json_add_object "${f}";
|
||||
json_add_string 'fromId' "self::sulu-${f}";
|
||||
json_add_string 'publishEndpoint' "/usp/$(_get_agent_id)/${f}/endpoint";
|
||||
json_add_string 'subscribeEndpoint' "/usp/$(_get_agent_id)/${f}/controller";
|
||||
json_close_object;
|
||||
done
|
||||
json_close_object;
|
||||
json_close_object;
|
||||
|
||||
# add the default connection
|
||||
json_add_object 'main';
|
||||
json_add_string 'fromId' 'proto::interop-usp-controller';
|
||||
json_add_string 'toId' "$(_get_endpoint_id)";
|
||||
json_add_int 'port' 9001;
|
||||
json_add_string 'protocol' 'ws';
|
||||
json_add_string 'publishEndpoint' "/usp/endpoint";
|
||||
json_add_string 'subscribeEndpoint' "/usp/controller";
|
||||
json_add_array 'auth';
|
||||
json_close_array;
|
||||
json_close_object;
|
||||
json_close_object;
|
||||
|
||||
json_dump > ${SULU_CONFIG}
|
||||
}
|
||||
|
||||
function set_sulu_connection_mode()
|
||||
{
|
||||
local rbac profile config
|
||||
|
||||
rbac="${1}"
|
||||
|
||||
profile="$(jq '.currentConnection' ${SULU_CONFIG})"
|
||||
if [ "$rbac" -eq "1" -a "${profile}" == "\"main\"" ]; then
|
||||
config="$(jq '.currentConnection = "rbac"' ${SULU_CONFIG})"
|
||||
echo "${config}" > ${SULU_CONFIG}
|
||||
elif [ "$rbac" -eq "0" -a "${profile}" == "\"rbac\"" ]; then
|
||||
config="$(jq '.currentConnection = "main"' ${SULU_CONFIG})"
|
||||
echo "${config}" > ${SULU_CONFIG}
|
||||
fi
|
||||
}
|
||||
function _update_obuspa_config()
|
||||
{
|
||||
local restart
|
||||
|
||||
restart=0
|
||||
if ! uci_get obuspa localmqtt >/dev/null 2>&1; then
|
||||
uci_add obuspa mqtt localmqtt
|
||||
uci_set obuspa localmqtt BrokerAddress "127.0.0.1"
|
||||
uci_set obuspa localmqtt BrokerPort "1883"
|
||||
uci_set obuspa localmqtt TransportProtocol "TCP/IP"
|
||||
restart=1
|
||||
fi
|
||||
|
||||
if ! uci_get obuspa agent_mtp >/dev/null 2>&1; then
|
||||
uci_add obuspa mtp agent_mtp
|
||||
uci_set obuspa agent_mtp Protocol "MQTT"
|
||||
uci_set obuspa agent_mtp ResponseTopicConfigured "/usp/endpoint"
|
||||
uci_set obuspa agent_mtp mqtt "localmqtt"
|
||||
restart=1
|
||||
fi
|
||||
|
||||
if ! uci_get obuspa localcontroller >/dev/null 2>&1; then
|
||||
uci_add obuspa controller localcontroller
|
||||
uci_set obuspa localcontroller EndpointID "proto::interop-usp-controller"
|
||||
uci_set obuspa localcontroller Protocol "MQTT"
|
||||
uci_set obuspa localcontroller Topic "/usp/controller"
|
||||
uci_set obuspa localcontroller mqtt "localmqtt"
|
||||
uci_set obuspa localcontroller assigned_role_name "full_access"
|
||||
restart=1
|
||||
fi
|
||||
return "${restart}"
|
||||
}
|
||||
|
||||
function _remove_obuspa_config()
|
||||
{
|
||||
local restart
|
||||
|
||||
restart=0
|
||||
if [ "$(uci_get obuspa localmqtt)" == "mqtt" ]; then
|
||||
uci_remove obuspa localmqtt
|
||||
restart=1
|
||||
fi
|
||||
if [ "$(uci_get obuspa agent_mtp)" == "mtp" ]; then
|
||||
uci_remove obuspa agent_mtp
|
||||
restart=1
|
||||
fi
|
||||
if [ "$(uci_get obuspa localcontroller)" == "controller" ]; then
|
||||
uci_remove obuspa localcontroller
|
||||
restart=1
|
||||
fi
|
||||
return "${restart}"
|
||||
}
|
||||
|
||||
function _update_obuspa_config_rbac() {
|
||||
local agent users restart
|
||||
|
||||
agent="$(_get_agent_id)"
|
||||
users="$(_get_sulu_users)"
|
||||
restart=0
|
||||
|
||||
for f in ${users}; do
|
||||
local sec
|
||||
|
||||
# Add mqtt
|
||||
sec="mqtt_sulu_${f}"
|
||||
if ! uci_get obuspa mqtt ${sec} >/dev/null 2>&1; then
|
||||
uci_add obuspa mqtt ${sec}
|
||||
uci_set obuspa ${sec} BrokerAddress "127.0.0.1"
|
||||
uci_set obuspa ${sec} BrokerPort "1883"
|
||||
uci_set obuspa ${sec} TransportProtocol "TCP/IP"
|
||||
restart=1
|
||||
fi
|
||||
|
||||
# Add mtp
|
||||
sec="mtp_sulu_${f}"
|
||||
if ! uci_get obuspa mtp ${sec} >/dev/null 2>&1; then
|
||||
uci_add obuspa mtp ${sec}
|
||||
uci_set obuspa ${sec} Protocol "MQTT"
|
||||
uci_set obuspa ${sec} ResponseTopicConfigured "/usp/${agent}/${f}/endpoint"
|
||||
uci_set obuspa ${sec} mqtt "mqtt_sulu_$f"
|
||||
restart=1
|
||||
fi
|
||||
|
||||
# Add controller
|
||||
sec="controller_sulu_${f}"
|
||||
if ! uci_get obuspa controller ${sec} >/dev/null 2>&1; then
|
||||
uci_add obuspa controller ${sec}
|
||||
uci_set obuspa ${sec} EndpointID "self::sulu-${f}"
|
||||
uci_set obuspa ${sec} Protocol "MQTT"
|
||||
uci_set obuspa ${sec} Topic "/usp/${agent}/${f}/controller"
|
||||
uci_set obuspa ${sec} mqtt "mqtt_sulu_$f"
|
||||
uci_set obuspa ${sec} assigned_role_name "$f"
|
||||
restart=1
|
||||
fi
|
||||
done
|
||||
if [ -f "/etc/sulu/roles.json" ]; then
|
||||
uci_set obuspa global role_file "/etc/sulu/roles.json"
|
||||
fi
|
||||
return "${restart}"
|
||||
}
|
||||
|
||||
function _remove_sulu_sec()
|
||||
{
|
||||
local sec
|
||||
|
||||
if [[ "${1}" == *"_sulu_"* ]]; then
|
||||
uci_remove obuspa ${1}
|
||||
return 1
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
function _remove_obuspa_config_rbac()
|
||||
{
|
||||
local restart
|
||||
|
||||
restart=0
|
||||
config_foreach _remove_sulu_sec mqtt
|
||||
restart="$(( restart + $? ))"
|
||||
config_foreach _remove_sulu_sec mtp
|
||||
restart="$(( restart + $? ))"
|
||||
config_foreach _remove_sulu_sec controller
|
||||
restart="$(( restart + $? ))"
|
||||
uci_set obuspa global role_file ""
|
||||
|
||||
return "${restart}"
|
||||
}
|
||||
|
||||
function _create_acl() {
|
||||
local agentid rbac users
|
||||
|
||||
rbac="${1:-0}"
|
||||
|
||||
[ -f "${ACL_FILE}" ] && rm -f "${ACL_FILE}"
|
||||
|
||||
if [ "${rbac}" -eq "0" ]; then
|
||||
return 0;
|
||||
fi
|
||||
|
||||
agentid="$(_get_agent_id)"
|
||||
users="$(_get_sulu_users)"
|
||||
for f in ${users}; do
|
||||
echo "user ${f}" >> ${ACL_FILE}
|
||||
echo "topic read /usp/${agentid}/${f}/controller/reply-to/#" >> ${ACL_FILE}
|
||||
echo "topic write /usp/${agentid}/${f}/endpoint/#" >> ${ACL_FILE}
|
||||
echo "topic read /usp/${agentid}/${f}/controller/#" >> ${ACL_FILE}
|
||||
echo "" >> ${ACL_FILE}
|
||||
done
|
||||
}
|
||||
|
||||
function update_mosquitto_broker_config()
|
||||
{
|
||||
local system_cred rbac restart
|
||||
|
||||
system_cred="${1}"
|
||||
rbac="${2}"
|
||||
restart=0
|
||||
|
||||
if [ "${system_cred}" -eq "1" ]; then
|
||||
if grep -q "password_file " ${MB_SULU_CONF}; then
|
||||
sed -i '/password_file /d' ${MB_SULU_CONF}
|
||||
restart=1
|
||||
fi
|
||||
if ! grep -q "plugin .*mosquitto_auth_shadow.so" ${MB_SULU_CONF}; then
|
||||
echo "plugin /usr/lib/mosquitto_auth_shadow.so" >> ${MB_SULU_CONF}
|
||||
restart=1
|
||||
fi
|
||||
else
|
||||
if grep -q 'plugin .*mosquitto_auth_shadow.so' ${MB_SULU_CONF}; then
|
||||
sed -i '/plugin .*mosquitto_auth_shadow.so/d' ${MB_SULU_CONF}
|
||||
restart=1
|
||||
fi
|
||||
if ! grep -q "password_file /etc/mosquitto/sulu.password" ${MB_SULU_CONF}; then
|
||||
echo "password_file /etc/mosquitto/sulu.password" >> ${MB_SULU_CONF}
|
||||
restart=1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "${rbac}" -eq "1" ]; then
|
||||
_create_acl "${rbac}"
|
||||
if ! grep -q "acl_file ${ACL_FILE}" ${MB_SULU_CONF}; then
|
||||
echo "acl_file ${ACL_FILE}" >> ${MB_SULU_CONF}
|
||||
restart=1
|
||||
fi
|
||||
else
|
||||
if grep -q "acl_file ${ACL_FILE}" ${MB_SULU_CONF}; then
|
||||
sed -i '/acl_file /d' ${MB_SULU_CONF}
|
||||
restart=1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -eq "1" ]; then
|
||||
slog "Restarting mqtt broker..."
|
||||
/etc/init.d/mosquitto restart &
|
||||
fi
|
||||
}
|
||||
|
||||
function update_obuspa_config()
|
||||
{
|
||||
local rbac restart
|
||||
|
||||
rbac="${1}"
|
||||
restart=0
|
||||
|
||||
uci_load obuspa
|
||||
if [ "${rbac}" -eq "1" ]; then
|
||||
_remove_obuspa_config
|
||||
restart="$(( restart + $? ))"
|
||||
_update_obuspa_config_rbac
|
||||
restart="$(( restart + $? ))"
|
||||
else
|
||||
_remove_obuspa_config_rbac
|
||||
restart="$(( restart + $? ))"
|
||||
_update_obuspa_config
|
||||
restart="$(( restart + $? ))"
|
||||
fi
|
||||
uci_commit obuspa
|
||||
|
||||
if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -gt "0" ]; then
|
||||
slog "Restarting obuspa..."
|
||||
ubus call uci commit '{"config":"obuspa"}'
|
||||
fi
|
||||
}
|
||||
|
||||
function update_nginx_config()
|
||||
{
|
||||
local enabled restart
|
||||
|
||||
restart=0
|
||||
enabled="${1:-0}"
|
||||
if [ "${enabled}" -eq "1" ]; then
|
||||
if [ ! -f "/etc/nginx/conf.d/sulu.conf" ]; then
|
||||
cp /etc/sulu/nginx.conf /etc/nginx/conf.d/sulu.conf
|
||||
restart=1
|
||||
fi
|
||||
else
|
||||
if [ -f "/etc/nginx/conf.d/sulu.conf" ]; then
|
||||
rm -f /etc/nginx/conf.d/sulu.conf
|
||||
restart=1
|
||||
fi
|
||||
fi
|
||||
if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -eq "1" ]; then
|
||||
slog "Restarting nginx..."
|
||||
ubus call uci commit '{"config":"nginx"}'
|
||||
fi
|
||||
}
|
||||
|
||||
function configure_sulu()
|
||||
{
|
||||
local sys_cred rbac restart
|
||||
|
||||
sys_cred="${1}"
|
||||
rbac="${2}"
|
||||
restart="${3:-0}"
|
||||
|
||||
if [ -z "${sys_cred}" -o -z "${rbac}" ]; then
|
||||
slog "Invalid inputs"
|
||||
return 0
|
||||
fi
|
||||
|
||||
_RESTART_SERVICES="${restart}"
|
||||
|
||||
update_mosquitto_broker_config "${sys_cred}" "${rbac}"
|
||||
set_sulu_connection_mode "${rbac}"
|
||||
update_obuspa_config "${rbac}"
|
||||
}
|
||||
10
sulu-builder/files/etc/uci-defaults/90-sulu-set-nginx-conf
Normal file
10
sulu-builder/files/etc/uci-defaults/90-sulu-set-nginx-conf
Normal file
@@ -0,0 +1,10 @@
|
||||
mkdir -p /tmp/sulu
|
||||
|
||||
uci -q get nginx._sulu && exit 0
|
||||
|
||||
uci -q set nginx._sulu=server
|
||||
uci -q add_list nginx._sulu.listen='8080'
|
||||
uci -q add_list nginx._sulu.listen='[::]:8080'
|
||||
uci -q set nginx._sulu.root='/sulu'
|
||||
uci -q set nginx._sulu.server_name='_sulu'
|
||||
uci -q add_list nginx._sulu.include='conf.d/sulu.locations'
|
||||
@@ -1,12 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
. /etc/sulu/sulu.sh
|
||||
|
||||
config_load sulu
|
||||
config_get enable_system_credentials global enable_system_credentials 1
|
||||
config_get role_based_access global role_based_access 0
|
||||
config_get enabled global enabled 0
|
||||
|
||||
configure_sulu "${enable_system_credentials}" "${role_based_access}" 0
|
||||
update_nginx_config "${enabled}"
|
||||
generate_sulu_conn_config "${role_based_access}"
|
||||
@@ -35,7 +35,11 @@ define Package/sulu/description
|
||||
endef
|
||||
|
||||
define Package/sulu/install
|
||||
$(INSTALL_DIR) $(1)/sulu
|
||||
$(INSTALL_DIR) $(1)/sulu/config
|
||||
$(INSTALL_DIR) $(1)/sulu/config/widgets
|
||||
$(INSTALL_DIR) $(1)/etc/nginx/
|
||||
$(INSTALL_DIR) $(1)/etc/mosquitto/conf.d/
|
||||
$(CP) $(PKG_BUILD_DIR)/dist/* $(1)/sulu
|
||||
$(CP) $(PKG_BUILD_DIR)/config/*.json $(1)/sulu/config
|
||||
$(CP) $(PKG_BUILD_DIR)/config/widgets/diagnostics.json $(1)/sulu/config/widgets/
|
||||
@@ -43,26 +47,7 @@ define Package/sulu/install
|
||||
ifeq ($(CONFIG_PACKAGE_skopeo)$(CONFIG_PACKAGE_umoci),yy)
|
||||
$(CP) $(PKG_BUILD_DIR)/config/widgets/lcm-store.json $(1)/sulu/config/widgets/
|
||||
endif
|
||||
$(INSTALL_DIR) $(1)/etc/config
|
||||
$(INSTALL_BIN) ./files/etc/config/sulu $(1)/etc/config/sulu
|
||||
|
||||
$(INSTALL_DIR) $(1)/etc/init.d
|
||||
$(INSTALL_BIN) ./files/etc/init.d/sulu $(1)/etc/init.d/sulu
|
||||
|
||||
$(INSTALL_DIR) $(1)/etc/mosquitto/conf.d/
|
||||
$(INSTALL_DATA) ./files/etc/mosquitto/conf.d/obuspa.conf $(1)/etc/mosquitto/conf.d/
|
||||
$(INSTALL_DATA) ./files/etc/mosquitto/conf.d/sulu.conf $(1)/etc/mosquitto/conf.d/
|
||||
$(INSTALL_DATA) ./files/etc/mosquitto/sulu.password $(1)/etc/mosquitto/sulu.password
|
||||
|
||||
$(INSTALL_DIR) $(1)/etc/nginx/conf.d
|
||||
$(INSTALL_DATA) ./files/etc/nginx/conf.d/sulu.conf $(1)/etc/nginx/conf.d/
|
||||
|
||||
$(INSTALL_DIR) $(1)/etc/sulu
|
||||
$(INSTALL_DATA) ./files/etc/sulu/roles.json $(1)/etc/sulu/
|
||||
$(INSTALL_BIN) ./files/etc/sulu/sulu.sh $(1)/etc/sulu/
|
||||
|
||||
$(INSTALL_DIR) $(1)/etc/uci-defaults
|
||||
$(INSTALL_BIN) ./files/etc/uci-defaults/99-fix-sulu-config $(1)/etc/uci-defaults/
|
||||
$(CP) ./files/* $(1)/
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,sulu))
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
config global 'global'
|
||||
option enabled '1'
|
||||
option enable_system_credentials '1'
|
||||
option role_based_access '1'
|
||||
list user 'admin'
|
||||
list user 'user'
|
||||
@@ -1,41 +1,19 @@
|
||||
#!/bin/sh /etc/rc.common
|
||||
|
||||
USE_PROCD=1
|
||||
|
||||
START=99
|
||||
STOP=01
|
||||
STOP=10
|
||||
|
||||
. /lib/functions.sh
|
||||
. /etc/sulu/sulu.sh
|
||||
USE_PROCD=1
|
||||
|
||||
log() {
|
||||
echo "${@}"|logger -t sulu.init -p debug
|
||||
}
|
||||
|
||||
validate_sulu_global_section()
|
||||
{
|
||||
uci_validate_section sulu global global \
|
||||
'enabled:bool:1' \
|
||||
'enable_system_credentials:bool:1' \
|
||||
'role_based_access:bool:0'
|
||||
}
|
||||
|
||||
start_service() {
|
||||
local enabled enable_system_credentials role_based_access
|
||||
|
||||
config_load sulu
|
||||
procd_open_instance sulu
|
||||
|
||||
validate_sulu_global_section || return 0;
|
||||
# append sulu connection injection
|
||||
if [ "${enabled}" -eq "0" ]; then
|
||||
procd_close_instance
|
||||
return 0
|
||||
fi
|
||||
|
||||
configure_sulu "${enable_system_credentials}" "${role_based_access}" 1
|
||||
update_nginx_config "${enabled}"
|
||||
procd_close_instance
|
||||
|
||||
}
|
||||
|
||||
reload_service() {
|
||||
@@ -45,5 +23,5 @@ reload_service() {
|
||||
|
||||
service_triggers()
|
||||
{
|
||||
procd_add_reload_trigger "sulu"
|
||||
procd_add_config_trigger "config.change" "obuspa" /etc/init.d/sulu reload
|
||||
}
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
listener 9001
|
||||
protocol websockets
|
||||
plugin /usr/lib/mosquitto_auth_shadow.so
|
||||
require_certificate false
|
||||
allow_anonymous false
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
admin:$6$OmM9kU/lYct3KJ9j$iP0WK4ezEtRm8+EAggNp7WbJFoWO0p7IUdI0v/hr1WcVHyfFAC30Pb8Csn7GqwwqI2dcmnDOAITnimo2VNe6ug==
|
||||
@@ -1,27 +0,0 @@
|
||||
server {
|
||||
listen 8080;
|
||||
listen [::]:8080;
|
||||
server_name _sulu;
|
||||
root /sulu;
|
||||
location /config/ {
|
||||
autoindex on;
|
||||
expires -1;
|
||||
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,Content-Type,Range';
|
||||
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
add_header 'Content-Type' 'text/plain; charset=utf-8';
|
||||
add_header 'Content-Length' 0;
|
||||
return 204;
|
||||
}
|
||||
if ($request_method = 'GET') {
|
||||
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,Content-Type,Range' always;
|
||||
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
|
||||
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
}
|
||||
}
|
||||
}
|
||||
18
sulu/files/etc/nginx/conf.d/sulu.locations
Normal file
18
sulu/files/etc/nginx/conf.d/sulu.locations
Normal file
@@ -0,0 +1,18 @@
|
||||
location /config/ {
|
||||
autoindex on;
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
|
||||
add_header 'Access-Control-Max-Age' 1728000;
|
||||
add_header 'Content-Type' 'text/plain; charset=utf-8';
|
||||
add_header 'Content-Length' 0;
|
||||
return 204;
|
||||
}
|
||||
if ($request_method = 'GET') {
|
||||
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
|
||||
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
|
||||
}
|
||||
}
|
||||
@@ -1,95 +0,0 @@
|
||||
{
|
||||
"roles": [
|
||||
{
|
||||
"name": "admin",
|
||||
"permission": [
|
||||
{
|
||||
"object": "Device.",
|
||||
"perm": [
|
||||
"PERMIT_ALL"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "user",
|
||||
"permission": [
|
||||
{
|
||||
"object": "Device.",
|
||||
"perm": [
|
||||
"PERMIT_GET",
|
||||
"PERMIT_GET_INST",
|
||||
"PERMIT_OBJ_INFO",
|
||||
"PERMIT_CMD_INFO"
|
||||
]
|
||||
},
|
||||
{
|
||||
"object": "Device.LocalAgent.Subscription.",
|
||||
"perm": [
|
||||
"PERMIT_GET",
|
||||
"PERMIT_GET_INST",
|
||||
"PERMIT_OBJ_INFO",
|
||||
"PERMIT_CMD_INFO",
|
||||
"PERMIT_ADD",
|
||||
"PERMIT_SET",
|
||||
"PERMIT_DEL"
|
||||
]
|
||||
},
|
||||
{
|
||||
"object": "Device.WiFi.",
|
||||
"perm": [
|
||||
"PERMIT_GET",
|
||||
"PERMIT_GET_INST",
|
||||
"PERMIT_OBJ_INFO",
|
||||
"PERMIT_CMD_INFO",
|
||||
"PERMIT_OPER",
|
||||
"PERMIT_SUBS_VAL_CHANGE",
|
||||
"PERMIT_SUBS_OBJ_ADD",
|
||||
"PERMIT_SUBS_OBJ_DEL",
|
||||
"PERMIT_SUBS_EVT_OPER_COMP"
|
||||
]
|
||||
},
|
||||
{
|
||||
"object": "Device.DNS.",
|
||||
"perm": [
|
||||
"PERMIT_GET",
|
||||
"PERMIT_GET_INST",
|
||||
"PERMIT_OBJ_INFO",
|
||||
"PERMIT_CMD_INFO",
|
||||
"PERMIT_OPER",
|
||||
"PERMIT_SUBS_VAL_CHANGE",
|
||||
"PERMIT_SUBS_OBJ_ADD",
|
||||
"PERMIT_SUBS_OBJ_DEL",
|
||||
"PERMIT_SUBS_EVT_OPER_COMP"
|
||||
]
|
||||
},
|
||||
{
|
||||
"object": "Device.IP.",
|
||||
"perm": [
|
||||
"PERMIT_GET",
|
||||
"PERMIT_GET_INST",
|
||||
"PERMIT_OBJ_INFO",
|
||||
"PERMIT_CMD_INFO",
|
||||
"PERMIT_OPER",
|
||||
"PERMIT_SUBS_VAL_CHANGE",
|
||||
"PERMIT_SUBS_OBJ_ADD",
|
||||
"PERMIT_SUBS_OBJ_DEL",
|
||||
"PERMIT_SUBS_EVT_OPER_COMP"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "undefined-1"
|
||||
},
|
||||
{
|
||||
"name": "undefined-2"
|
||||
},
|
||||
{
|
||||
"name": "undefined-3"
|
||||
},
|
||||
{
|
||||
"name": "undefined-4"
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -1,378 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
. /lib/functions.sh
|
||||
|
||||
SULU_CONFIG="/sulu/config/connectionConfig.json"
|
||||
ACL_FILE="/tmp/sulu/mqtt.acl"
|
||||
MB_SULU_CONF="/etc/mosquitto/conf.d/sulu.conf"
|
||||
_RESTART_SERVICES="0"
|
||||
|
||||
mkdir -p /tmp/sulu/
|
||||
|
||||
function slog()
|
||||
{
|
||||
echo "$*" |logger -t sulu.init -p debug
|
||||
}
|
||||
|
||||
function _get_agent_id()
|
||||
{
|
||||
local oui serial endpointid
|
||||
|
||||
endpointid="$(uci_get obuspa localagent EndpointID)"
|
||||
if [ -z "${endpointid}" ]; then
|
||||
oui="$(db -q get device.deviceinfo.ManufacturerOUI)"
|
||||
serial="$(db -q get device.deviceinfo.SerialNumber)"
|
||||
echo "${oui}-${serial}"
|
||||
else
|
||||
echo "$(echo "${endpointid/::/,}"|cut -d "," -f 2)"
|
||||
fi
|
||||
}
|
||||
|
||||
function _get_endpoint_id()
|
||||
{
|
||||
local oui serial endpointid
|
||||
|
||||
endpointid="$(uci_get obuspa localagent EndpointID)"
|
||||
if [ -z "${endpointid}" ]; then
|
||||
oui="$(db -q get device.deviceinfo.ManufacturerOUI)"
|
||||
serial="$(db -q get device.deviceinfo.SerialNumber)"
|
||||
echo "os::${oui}-${serial}"
|
||||
else
|
||||
echo "${endpointid}"
|
||||
fi
|
||||
}
|
||||
|
||||
function _get_sulu_users()
|
||||
{
|
||||
echo "$(uci -q get sulu.global.user)"
|
||||
}
|
||||
|
||||
function generate_sulu_conn_config()
|
||||
{
|
||||
local rbac users
|
||||
|
||||
rbac="${1}"
|
||||
users="$(_get_sulu_users)"
|
||||
|
||||
json_init;
|
||||
if [ "${rbac}" -eq "1" ]; then
|
||||
json_add_string 'currentConnection' 'rbac';
|
||||
else
|
||||
json_add_string 'currentConnection' 'main';
|
||||
fi
|
||||
json_add_object 'connections';
|
||||
json_add_object 'rbac';
|
||||
json_add_string 'toId' "$(_get_endpoint_id)";
|
||||
json_add_int 'port' 9001;
|
||||
json_add_string 'protocol' 'ws';
|
||||
json_add_array 'auth';
|
||||
json_close_array;
|
||||
|
||||
json_add_object 'overrides';
|
||||
for f in ${users}; do
|
||||
json_add_object "${f}";
|
||||
json_add_string 'fromId' "self::sulu-${f}";
|
||||
json_add_string 'publishEndpoint' "/usp/$(_get_agent_id)/${f}/endpoint";
|
||||
json_add_string 'subscribeEndpoint' "/usp/$(_get_agent_id)/${f}/controller";
|
||||
json_close_object;
|
||||
done
|
||||
json_close_object;
|
||||
json_close_object;
|
||||
|
||||
# add the default connection
|
||||
json_add_object 'main';
|
||||
json_add_string 'fromId' 'proto::interop-usp-controller';
|
||||
json_add_string 'toId' "$(_get_endpoint_id)";
|
||||
json_add_int 'port' 9001;
|
||||
json_add_string 'protocol' 'ws';
|
||||
json_add_string 'publishEndpoint' "/usp/endpoint";
|
||||
json_add_string 'subscribeEndpoint' "/usp/controller";
|
||||
json_add_array 'auth';
|
||||
json_close_array;
|
||||
json_close_object;
|
||||
json_close_object;
|
||||
|
||||
json_dump > ${SULU_CONFIG}
|
||||
}
|
||||
|
||||
function set_sulu_connection_mode()
|
||||
{
|
||||
local rbac profile config
|
||||
|
||||
rbac="${1}"
|
||||
|
||||
profile="$(jq '.currentConnection' ${SULU_CONFIG})"
|
||||
if [ "$rbac" -eq "1" -a "${profile}" == "\"main\"" ]; then
|
||||
config="$(jq '.currentConnection = "rbac"' ${SULU_CONFIG})"
|
||||
echo "${config}" > ${SULU_CONFIG}
|
||||
elif [ "$rbac" -eq "0" -a "${profile}" == "\"rbac\"" ]; then
|
||||
config="$(jq '.currentConnection = "main"' ${SULU_CONFIG})"
|
||||
echo "${config}" > ${SULU_CONFIG}
|
||||
fi
|
||||
}
|
||||
function _update_obuspa_config()
|
||||
{
|
||||
local restart
|
||||
|
||||
restart=0
|
||||
if ! uci_get obuspa localmqtt >/dev/null 2>&1; then
|
||||
uci_add obuspa mqtt localmqtt
|
||||
uci_set obuspa localmqtt BrokerAddress "127.0.0.1"
|
||||
uci_set obuspa localmqtt BrokerPort "1883"
|
||||
uci_set obuspa localmqtt TransportProtocol "TCP/IP"
|
||||
restart=1
|
||||
fi
|
||||
|
||||
if ! uci_get obuspa agent_mtp >/dev/null 2>&1; then
|
||||
uci_add obuspa mtp agent_mtp
|
||||
uci_set obuspa agent_mtp Protocol "MQTT"
|
||||
uci_set obuspa agent_mtp ResponseTopicConfigured "/usp/endpoint"
|
||||
uci_set obuspa agent_mtp mqtt "localmqtt"
|
||||
restart=1
|
||||
fi
|
||||
|
||||
if ! uci_get obuspa localcontroller >/dev/null 2>&1; then
|
||||
uci_add obuspa controller localcontroller
|
||||
uci_set obuspa localcontroller EndpointID "proto::interop-usp-controller"
|
||||
uci_set obuspa localcontroller Protocol "MQTT"
|
||||
uci_set obuspa localcontroller Topic "/usp/controller"
|
||||
uci_set obuspa localcontroller mqtt "localmqtt"
|
||||
uci_set obuspa localcontroller assigned_role_name "full_access"
|
||||
restart=1
|
||||
fi
|
||||
return "${restart}"
|
||||
}
|
||||
|
||||
function _remove_obuspa_config()
|
||||
{
|
||||
local restart
|
||||
|
||||
restart=0
|
||||
if [ "$(uci_get obuspa localmqtt)" == "mqtt" ]; then
|
||||
uci_remove obuspa localmqtt
|
||||
restart=1
|
||||
fi
|
||||
if [ "$(uci_get obuspa agent_mtp)" == "mtp" ]; then
|
||||
uci_remove obuspa agent_mtp
|
||||
restart=1
|
||||
fi
|
||||
if [ "$(uci_get obuspa localcontroller)" == "controller" ]; then
|
||||
uci_remove obuspa localcontroller
|
||||
restart=1
|
||||
fi
|
||||
return "${restart}"
|
||||
}
|
||||
|
||||
function _update_obuspa_config_rbac() {
|
||||
local agent users restart
|
||||
|
||||
agent="$(_get_agent_id)"
|
||||
users="$(_get_sulu_users)"
|
||||
restart=0
|
||||
|
||||
for f in ${users}; do
|
||||
local sec
|
||||
|
||||
# Add mqtt
|
||||
sec="mqtt_sulu_${f}"
|
||||
if ! uci_get obuspa mqtt ${sec} >/dev/null 2>&1; then
|
||||
uci_add obuspa mqtt ${sec}
|
||||
uci_set obuspa ${sec} BrokerAddress "127.0.0.1"
|
||||
uci_set obuspa ${sec} BrokerPort "1883"
|
||||
uci_set obuspa ${sec} TransportProtocol "TCP/IP"
|
||||
restart=1
|
||||
fi
|
||||
|
||||
# Add mtp
|
||||
sec="mtp_sulu_${f}"
|
||||
if ! uci_get obuspa mtp ${sec} >/dev/null 2>&1; then
|
||||
uci_add obuspa mtp ${sec}
|
||||
uci_set obuspa ${sec} Protocol "MQTT"
|
||||
uci_set obuspa ${sec} ResponseTopicConfigured "/usp/${agent}/${f}/endpoint"
|
||||
uci_set obuspa ${sec} mqtt "mqtt_sulu_$f"
|
||||
restart=1
|
||||
fi
|
||||
|
||||
# Add controller
|
||||
sec="controller_sulu_${f}"
|
||||
if ! uci_get obuspa controller ${sec} >/dev/null 2>&1; then
|
||||
uci_add obuspa controller ${sec}
|
||||
uci_set obuspa ${sec} EndpointID "self::sulu-${f}"
|
||||
uci_set obuspa ${sec} Protocol "MQTT"
|
||||
uci_set obuspa ${sec} Topic "/usp/${agent}/${f}/controller"
|
||||
uci_set obuspa ${sec} mqtt "mqtt_sulu_$f"
|
||||
uci_set obuspa ${sec} assigned_role_name "$f"
|
||||
restart=1
|
||||
fi
|
||||
done
|
||||
if [ -f "/etc/sulu/roles.json" ]; then
|
||||
uci_set obuspa global role_file "/etc/sulu/roles.json"
|
||||
fi
|
||||
return "${restart}"
|
||||
}
|
||||
|
||||
function _remove_sulu_sec()
|
||||
{
|
||||
local sec
|
||||
|
||||
if [[ "${1}" == *"_sulu_"* ]]; then
|
||||
uci_remove obuspa ${1}
|
||||
return 1
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
function _remove_obuspa_config_rbac()
|
||||
{
|
||||
local restart
|
||||
|
||||
restart=0
|
||||
config_foreach _remove_sulu_sec mqtt
|
||||
restart="$(( restart + $? ))"
|
||||
config_foreach _remove_sulu_sec mtp
|
||||
restart="$(( restart + $? ))"
|
||||
config_foreach _remove_sulu_sec controller
|
||||
restart="$(( restart + $? ))"
|
||||
uci_set obuspa global role_file ""
|
||||
|
||||
return "${restart}"
|
||||
}
|
||||
|
||||
function _create_acl() {
|
||||
local agentid rbac users
|
||||
|
||||
rbac="${1:-0}"
|
||||
|
||||
[ -f "${ACL_FILE}" ] && rm -f "${ACL_FILE}"
|
||||
|
||||
if [ "${rbac}" -eq "0" ]; then
|
||||
return 0;
|
||||
fi
|
||||
|
||||
agentid="$(_get_agent_id)"
|
||||
users="$(_get_sulu_users)"
|
||||
for f in ${users}; do
|
||||
echo "user ${f}" >> ${ACL_FILE}
|
||||
echo "topic read /usp/${agentid}/${f}/controller/reply-to/#" >> ${ACL_FILE}
|
||||
echo "topic write /usp/${agentid}/${f}/endpoint/#" >> ${ACL_FILE}
|
||||
echo "topic read /usp/${agentid}/${f}/controller/#" >> ${ACL_FILE}
|
||||
echo "" >> ${ACL_FILE}
|
||||
done
|
||||
}
|
||||
|
||||
function update_mosquitto_broker_config()
|
||||
{
|
||||
local system_cred rbac restart
|
||||
|
||||
system_cred="${1}"
|
||||
rbac="${2}"
|
||||
restart=0
|
||||
|
||||
if [ "${system_cred}" -eq "1" ]; then
|
||||
if grep -q "password_file " ${MB_SULU_CONF}; then
|
||||
sed -i '/password_file /d' ${MB_SULU_CONF}
|
||||
restart=1
|
||||
fi
|
||||
if ! grep -q "plugin .*mosquitto_auth_shadow.so" ${MB_SULU_CONF}; then
|
||||
echo "plugin /usr/lib/mosquitto_auth_shadow.so" >> ${MB_SULU_CONF}
|
||||
restart=1
|
||||
fi
|
||||
else
|
||||
if grep -q 'plugin .*mosquitto_auth_shadow.so' ${MB_SULU_CONF}; then
|
||||
sed -i '/plugin .*mosquitto_auth_shadow.so/d' ${MB_SULU_CONF}
|
||||
restart=1
|
||||
fi
|
||||
if ! grep -q "password_file /etc/mosquitto/sulu.password" ${MB_SULU_CONF}; then
|
||||
echo "password_file /etc/mosquitto/sulu.password" >> ${MB_SULU_CONF}
|
||||
restart=1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "${rbac}" -eq "1" ]; then
|
||||
_create_acl "${rbac}"
|
||||
if ! grep -q "acl_file ${ACL_FILE}" ${MB_SULU_CONF}; then
|
||||
echo "acl_file ${ACL_FILE}" >> ${MB_SULU_CONF}
|
||||
restart=1
|
||||
fi
|
||||
else
|
||||
if grep -q "acl_file ${ACL_FILE}" ${MB_SULU_CONF}; then
|
||||
sed -i '/acl_file /d' ${MB_SULU_CONF}
|
||||
restart=1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -eq "1" ]; then
|
||||
slog "Restarting mqtt broker..."
|
||||
/etc/init.d/mosquitto restart &
|
||||
fi
|
||||
}
|
||||
|
||||
function update_obuspa_config()
|
||||
{
|
||||
local rbac restart
|
||||
|
||||
rbac="${1}"
|
||||
restart=0
|
||||
|
||||
uci_load obuspa
|
||||
if [ "${rbac}" -eq "1" ]; then
|
||||
_remove_obuspa_config
|
||||
restart="$(( restart + $? ))"
|
||||
_update_obuspa_config_rbac
|
||||
restart="$(( restart + $? ))"
|
||||
else
|
||||
_remove_obuspa_config_rbac
|
||||
restart="$(( restart + $? ))"
|
||||
_update_obuspa_config
|
||||
restart="$(( restart + $? ))"
|
||||
fi
|
||||
uci_commit obuspa
|
||||
|
||||
if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -gt "0" ]; then
|
||||
slog "Restarting obuspa..."
|
||||
ubus call uci commit '{"config":"obuspa"}'
|
||||
fi
|
||||
}
|
||||
|
||||
function update_nginx_config()
|
||||
{
|
||||
local enabled restart
|
||||
|
||||
restart=0
|
||||
enabled="${1:-0}"
|
||||
if [ "${enabled}" -eq "1" ]; then
|
||||
if [ ! -f "/etc/nginx/conf.d/sulu.conf" ]; then
|
||||
cp /etc/sulu/nginx.conf /etc/nginx/conf.d/sulu.conf
|
||||
restart=1
|
||||
fi
|
||||
else
|
||||
if [ -f "/etc/nginx/conf.d/sulu.conf" ]; then
|
||||
rm -f /etc/nginx/conf.d/sulu.conf
|
||||
restart=1
|
||||
fi
|
||||
fi
|
||||
if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -eq "1" ]; then
|
||||
slog "Restarting nginx..."
|
||||
ubus call uci commit '{"config":"nginx"}'
|
||||
fi
|
||||
}
|
||||
|
||||
function configure_sulu()
|
||||
{
|
||||
local sys_cred rbac restart
|
||||
|
||||
sys_cred="${1}"
|
||||
rbac="${2}"
|
||||
restart="${3:-0}"
|
||||
|
||||
if [ -z "${sys_cred}" -o -z "${rbac}" ]; then
|
||||
slog "Invalid inputs"
|
||||
return 0
|
||||
fi
|
||||
|
||||
_RESTART_SERVICES="${restart}"
|
||||
|
||||
update_mosquitto_broker_config "${sys_cred}" "${rbac}"
|
||||
set_sulu_connection_mode "${rbac}"
|
||||
update_obuspa_config "${rbac}"
|
||||
}
|
||||
10
sulu/files/etc/uci-defaults/90-sulu-set-nginx-conf
Normal file
10
sulu/files/etc/uci-defaults/90-sulu-set-nginx-conf
Normal file
@@ -0,0 +1,10 @@
|
||||
mkdir -p /tmp/sulu
|
||||
|
||||
uci -q get nginx._sulu && exit 0
|
||||
|
||||
uci -q set nginx._sulu=server
|
||||
uci -q add_list nginx._sulu.listen='8080'
|
||||
uci -q add_list nginx._sulu.listen='[::]:8080'
|
||||
uci -q set nginx._sulu.root='/sulu'
|
||||
uci -q set nginx._sulu.server_name='_sulu'
|
||||
uci -q add_list nginx._sulu.include='conf.d/sulu.locations'
|
||||
@@ -1,12 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
. /etc/sulu/sulu.sh
|
||||
|
||||
config_load sulu
|
||||
config_get enable_system_credentials global enable_system_credentials 1
|
||||
config_get role_based_access global role_based_access 0
|
||||
config_get enabled global enabled 0
|
||||
|
||||
configure_sulu "${enable_system_credentials}" "${role_based_access}" 0
|
||||
update_nginx_config "${enabled}"
|
||||
generate_sulu_conn_config "${role_based_access}"
|
||||
Reference in New Issue
Block a user