Skip to content

Commit

Permalink
Merge pull request #70 from Telecominfraproject/dev-json-validation-s…
Browse files Browse the repository at this point in the history 
…chemas

Validate configure messages using JSON Validation schema
  • Loading branch information
@Cahb
Cahb authored Aug 14, 2024
2 parents fc51447 + 7bd2e0a commit add81bb
Show file tree
Hide file tree
Showing 11 changed files with 1,022 additions and 344 deletions.
746 changes: 515 additions & 231 deletions Cargo.lock
View file

Large diffs are not rendered by default.

3 changes: 3 additions & 0 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,9 @@ rustls-pki-types = { version = "1.7.0" }
x509-parser = { version = "0.16.0" }
chrono = { version = "0.4.38" }
derive_more = { version = "0.99.17" }
reqwest = { version = "0.12.5", features = ["json"] }
jsonschema = { version = "0.18.0" }
url = { version = "2.5.2" }

[build-dependencies]
tonic-build = "0.11.0"
Expand Down
90 changes: 48 additions & 42 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,70 +55,76 @@ Running application with default arguments might not be desired behavior.
And thus the run script utilizes the following list of *enviroment* variables that you can define before running it to alternate behavior of the app.
The following list is a list of enviroment variables you can define to configure cgw-app behavior in certain way:
```
CGW_ID - Shard ID
CGW_GRPC_LISTENING_IP - IP to bind gRPC server to (listens for gRPC requests from remote CGWs)
CGW_GRPC_LISTENING_PORT - Port to bind gRPC server to (listens for gRPC requests from remote CGWs)
CGW_GRPC_PUBLIC_HOST - IP or hostname for Redis record (remote CGWs will connect to this particular shard through provided host record;
it's up to deployment config whether remote CGW#1 will be able to access this CGW#0, for example, through provided hostname/IP)
CGW_GRPC_PUBLIC_PORT - PORT for Redis record
CGW_WSS_IP - IP to bind websocket server to (listens for incoming WSS connections from underlying devices - infrastructures)
CGW_WSS_PORT - PORT to bind WSS server to
CGW_WSS_CAS - Web socket CAS certificate file name
CGW_WSS_CERT - Web socket server certificate file name
CGW_WSS_KEY - Web socket server private key file name
CGW_KAFKA_HOST - IP or hostname of remote KAFKA server to connect to (NB API)
CGW_KAFKA_PORT - PORT of remote KAFKA server to connect to
CGW_DB_HOST - IP or hostname of remote database server to connect to
CGW_DB_PORT - PORT of remote database server to connect to
CGW_DB_USER - PSQL DB username (credentials) to use upon connect to DB
CGW_DB_PASS - PSQL DB password (credentials) to use upon connect to DB
CGW_DB_TLS - Utilize TLS connection with DB server
CGW_REDIS_HOST - IP or hostname of remote redis-db server to connect to
CGW_REDIS_PORT - PORT of remote redis-db server to connect to
CGW_REDIS_USERNAME - REDIS username (credentials) to use upon connect to
CGW_REDIS_PASSWORD - REDIS password (credentials) to use upon connect to
CGW_REDIS_TLS - Utilize TLS connection with REDIS server
CGW_LOG_LEVEL - Log level to start CGW application with (debug, info)
CGW_METRICS_PORT - PORT of metrics to connect to
CGW_CERTS_PATH - Path to certificates located on host machine
CGW_ALLOW_CERT_MISMATCH - Allow client certificate CN and device MAC address mismatch (used for OWLS)
CGW_NB_INFRA_CERTS_DIR - Path to NB infrastructure (Redis, PostgreSQL) certificates located on host machine
CGW_NB_INFRA_TLS - Utilize TLS connection with NB infrastructure (Redis, PostgreSQL)
If set enabled - the CGW_DB_TLS and CGW_REDIS_TLS values will be ignored and
the TLS connection will be used for Redis and PostgreSQL connection
CGW_ID - Shard ID
CGW_GRPC_LISTENING_IP - IP to bind gRPC server to (listens for gRPC requests from remote CGWs)
CGW_GRPC_LISTENING_PORT - Port to bind gRPC server to (listens for gRPC requests from remote CGWs)
CGW_GRPC_PUBLIC_HOST - IP or hostname for Redis record (remote CGWs will connect to this particular shard through provided host record;
it's up to deployment config whether remote CGW#1 will be able to access this CGW#0, for example, through provided hostname/IP)
CGW_GRPC_PUBLIC_PORT - PORT for Redis record
CGW_WSS_IP - IP to bind websocket server to (listens for incoming WSS connections from underlying devices - infrastructures)
CGW_WSS_PORT - PORT to bind WSS server to
CGW_WSS_CAS - Web socket CAS certificate file name
CGW_WSS_CERT - Web socket server certificate file name
CGW_WSS_KEY - Web socket server private key file name
CGW_KAFKA_HOST - IP or hostname of remote KAFKA server to connect to (NB API)
CGW_KAFKA_PORT - PORT of remote KAFKA server to connect to
CGW_DB_HOST - IP or hostname of remote database server to connect to
CGW_DB_PORT - PORT of remote database server to connect to
CGW_DB_USER - PSQL DB username (credentials) to use upon connect to DB
CGW_DB_PASS - PSQL DB password (credentials) to use upon connect to DB
CGW_DB_TLS - Utilize TLS connection with DB server
CGW_REDIS_HOST - IP or hostname of remote redis-db server to connect to
CGW_REDIS_PORT - PORT of remote redis-db server to connect to
CGW_REDIS_USERNAME - REDIS username (credentials) to use upon connect to
CGW_REDIS_PASSWORD - REDIS password (credentials) to use upon connect to
CGW_REDIS_TLS - Utilize TLS connection with REDIS server
CGW_LOG_LEVEL - Log level to start CGW application with (debug, info)
CGW_METRICS_PORT - PORT of metrics to connect to
CGW_CERTS_PATH - Path to certificates located on host machine
CGW_ALLOW_CERT_MISMATCH - Allow client certificate CN and device MAC address mismatch (used for OWLS)
CGW_NB_INFRA_CERTS_DIR - Path to NB infrastructure (Redis, PostgreSQL) certificates located on host machine
CGW_NB_INFRA_TLS - Utilize TLS connection with NB infrastructure (Redis, PostgreSQL)
If set enabled - the CGW_DB_TLS and CGW_REDIS_TLS values will be ignored and
the TLS connection will be used for Redis and PostgreSQL connection
CGW_UCENTRAL_AP_DATAMODEL_URI - Path to AP Config message JSON Validation schema:
1. URI in format: "http[s]://<path>", e.g https://somewhere.com/schema.json
2. Path to local file: "<path>", e.g /etc/host/schema.json
CGW_UCENTRAL_SWITCH_DATAMODEL_URI - Path to Switch Config message JSON Validation schema
```

Example of properly configured list of env variables to start CGW:
```console
$ export | grep CGW
declare -x CGW_DB_HOST="localhost" # PSQL server is located at the local host
declare -x CGW_DB_HOST="localhost"
declare -x CGW_DB_PORT="5432"
declare -x CGW_DB_USERNAME="cgw" # PSQL login credentials (username) default 'cgw' will be used
declare -x CGW_DB_PASS="123" # PSQL login credentials (password) default '123' will be used
declare -x CGW_DB_USERNAME="cgw"
declare -x CGW_DB_PASS="123"
declare -x CGW_DB_TLS="no"
declare -x CGW_GRPC_LISTENING_IP="127.0.0.1" # Local default subnet is 127.0.0.1/24
declare -x CGW_GRPC_LISTENING_IP="127.0.0.1"
declare -x CGW_GRPC_LISTENING_PORT="50051"
declare -x CGW_GRPC_PUBLIC_HOST="localhost"
declare -x CGW_GRPC_PUBLIC_PORT="50051"
declare -x CGW_ID="0"
declare -x CGW_KAFKA_HOST="localhost" # Kafka is located at the local host
declare -x CGW_KAFKA_HOST="localhost"
declare -x CGW_KAFKA_PORT="9092"
declare -x CGW_LOG_LEVEL="debug"
declare -x CGW_REDIS_HOST="localhost" # Redis server can be found at the local host
declare -x CGW_REDIS_HOST="localhost"
declare -x CGW_REDIS_PORT="6379"
declare -x CGW_REDIS_USERNAME="cgw" # REDIS login credentials (username) - optional
declare -x CGW_REDIS_PASSWORD="123" # REDIS login credentials (password) - optional
declare -x CGW_REDIS_USERNAME="cgw"
declare -x CGW_REDIS_PASSWORD="123"
declare -x CGW_REDIS_TLS="no"
declare -x CGW_METRICS_PORT="8080"
declare -x CGW_WSS_IP="0.0.0.0" # Accept WSS connections at all interfaces / subnets
declare -x CGW_WSS_IP="0.0.0.0"
declare -x CGW_WSS_PORT="15002"
declare -x CGW_WSS_CAS="cas.pem"
declare -x CGW_WSS_CERT="cert.pem"
declare -x CGW_WSS_KEY="key.pem"
declare -x CGW_CERTS_PATH="/etc/ssl/certs" # Path to certificates located on host machine
declare -x CGW_ALLOW_CERT_MISMATCH="no" # Allow client certificate CN and device MAC address mismatch
declare -x CGW_CERTS_PATH="/etc/ssl/certs"
declare -x CGW_ALLOW_CERT_MISMATCH="no"
declare -x CGW_NB_INFRA_CERTS_PATH="/etc/nb_infra_certs"
declare -x CGW_NB_INFRA_TLS="no"
declare -x CGW_UCENTRAL_AP_DATAMODEL_URI="https://raw.githubusercontent.com/Telecominfraproject/wlan-ucentral-schema/main/ucentral.schema.json"
declare -x CGW_UCENTRAL_SWITCH_DATAMODEL_URI="https://raw.githubusercontent.com/Telecominfraproject/ols-ucentral-schema/main/ucentral.schema.json"
```
# Certificates
The CGW uses two different sets of certificate configuration:
Expand Down
113 changes: 61 additions & 52 deletions run_cgw.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,9 @@ DEFAULT_NB_INFRA_TLS="no"

DEFAULT_ALLOW_CERT_MISMATCH="no"

DEFAULT_UCENTRAL_AP_DATAMODEL_URI="https://raw.githubusercontent.com/Telecominfraproject/wlan-ucentral-schema/main/ucentral.schema.json"
DEFAULT_UCENTRAL_SWITCH_DATAMODEL_URI="https://raw.githubusercontent.com/Telecominfraproject/ols-ucentral-schema/main/ucentral.schema.json"

export CGW_LOG_LEVEL="${CGW_LOG_LEVEL:-$DEFAULT_LOG_LEVEL}"
export CGW_ID="${CGW_ID:-$DEFAULT_ID}"
export CGW_WSS_IP="${CGW_WSS_IP:-$DEFAULT_WSS_IP}"
Expand Down Expand Up @@ -73,6 +76,8 @@ export CGW_CERTS_PATH="${CGW_CERTS_PATH:-$DEFAULT_CERTS_PATH}"
export CGW_ALLOW_CERT_MISMATCH="${CGW_ALLOW_CERT_MISMATCH:-$DEFAULT_ALLOW_CERT_MISMATCH}"
export CGW_NB_INFRA_CERTS_PATH="${CGW_NB_INFRA_CERTS_PATH:-$DEFAULT_CERTS_PATH}"
export CGW_NB_INFRA_TLS="${CGW_NB_INFRA_TLS:-$DEFAULT_NB_INFRA_TLS}"
export CGW_UCENTRAL_AP_DATAMODEL_URI="${CGW_UCENTRAL_AP_DATAMODEL_URI:-$DEFAULT_UCENTRAL_AP_DATAMODEL_URI}"
export CGW_UCENTRAL_SWITCH_DATAMODEL_URI="${CGW_UCENTRAL_SWITCH_DATAMODEL_URI:-$DEFAULT_UCENTRAL_SWITCH_DATAMODEL_URI}"

if [ -z "${!CGW_REDIS_USERNAME}" ]; then
export CGW_REDIS_USERNAME="${CGW_REDIS_USERNAME}"
Expand All @@ -83,61 +88,65 @@ if [ -z "${!CGW_REDIS_PASSWORD}" ]; then
fi

echo "Starting CGW..."
echo "CGW LOG LEVEL : $CGW_LOG_LEVEL"
echo "CGW ID : $CGW_ID"
echo "CGW WSS THREAD NUM : $DEFAULT_WSS_THREAD_NUM"
echo "CGW WSS IP/PORT : $CGW_WSS_IP:$CGW_WSS_PORT"
echo "CGW WSS CAS : $CGW_WSS_CAS"
echo "CGW WSS CERT : $CGW_WSS_CERT"
echo "CGW WSS KEY : $CGW_WSS_KEY"
echo "CGW GRPC PUBLIC HOST/PORT : $CGW_GRPC_PUBLIC_HOST:$CGW_GRPC_PUBLIC_PORT"
echo "CGW GRPC LISTENING IP/PORT : $CGW_GRPC_LISTENING_IP:$CGW_GRPC_LISTENING_PORT"
echo "CGW KAFKA HOST/PORT : $CGW_KAFKA_HOST:$CGW_KAFKA_PORT"
echo "CGW KAFKA TOPIC : $CGW_KAFKA_CONSUME_TOPIC:$CGW_KAFKA_PRODUCE_TOPIC"
echo "CGW DB NAME : $CGW_DB_NAME"
echo "CGW DB HOST/PORT : $CGW_DB_HOST:$CGW_DB_PORT"
echo "CGW DB TLS : $CGW_DB_TLS"
echo "CGW REDIS HOST/PORT : $CGW_REDIS_HOST:$CGW_REDIS_PORT"
echo "CGW REDIS TLS : $CGW_REDIS_TLS"
echo "CGW METRICS PORT : $CGW_METRICS_PORT"
echo "CGW CERTS PATH : $CGW_CERTS_PATH"
echo "CGW ALLOW CERT MISMATCH : $CGW_ALLOW_CERT_MISMATCH"
echo "CGW NB INFRA CERTS PATH : $CGW_NB_INFRA_CERTS_PATH"
echo "CGW NB INFRA TLS : $CGW_NB_INFRA_TLS"
echo "CGW LOG LEVEL : $CGW_LOG_LEVEL"
echo "CGW ID : $CGW_ID"
echo "CGW WSS THREAD NUM : $DEFAULT_WSS_THREAD_NUM"
echo "CGW WSS IP/PORT : $CGW_WSS_IP:$CGW_WSS_PORT"
echo "CGW WSS CAS : $CGW_WSS_CAS"
echo "CGW WSS CERT : $CGW_WSS_CERT"
echo "CGW WSS KEY : $CGW_WSS_KEY"
echo "CGW GRPC PUBLIC HOST/PORT : $CGW_GRPC_PUBLIC_HOST:$CGW_GRPC_PUBLIC_PORT"
echo "CGW GRPC LISTENING IP/PORT : $CGW_GRPC_LISTENING_IP:$CGW_GRPC_LISTENING_PORT"
echo "CGW KAFKA HOST/PORT : $CGW_KAFKA_HOST:$CGW_KAFKA_PORT"
echo "CGW KAFKA TOPIC : $CGW_KAFKA_CONSUME_TOPIC:$CGW_KAFKA_PRODUCE_TOPIC"
echo "CGW DB NAME : $CGW_DB_NAME"
echo "CGW DB HOST/PORT : $CGW_DB_HOST:$CGW_DB_PORT"
echo "CGW DB TLS : $CGW_DB_TLS"
echo "CGW REDIS HOST/PORT : $CGW_REDIS_HOST:$CGW_REDIS_PORT"
echo "CGW REDIS TLS : $CGW_REDIS_TLS"
echo "CGW METRICS PORT : $CGW_METRICS_PORT"
echo "CGW CERTS PATH : $CGW_CERTS_PATH"
echo "CGW ALLOW CERT MISMATCH : $CGW_ALLOW_CERT_MISMATCH"
echo "CGW NB INFRA CERTS PATH : $CGW_NB_INFRA_CERTS_PATH"
echo "CGW NB INFRA TLS : $CGW_NB_INFRA_TLS"
echo "CGW UCENTRAL AP DATAMODEL URI : $CGW_UCENTRAL_AP_DATAMODEL_URI"
echo "CGW UCENTRAL SWITCH DATAMODEL URI : $CGW_UCENTRAL_SWITCH_DATAMODEL_URI"

docker run \
--cap-add=SYS_PTRACE --security-opt seccomp=unconfined \
-v $CGW_CERTS_PATH:$CONTAINTER_CERTS_VOLUME \
-v $CGW_NB_INFRA_CERTS_PATH:$CONTAINTER_NB_INFRA_CERTS_VOLUME \
-e CGW_LOG_LEVEL \
-e CGW_ID \
-e CGW_WSS_IP \
-e CGW_WSS_PORT \
-e DEFAULT_WSS_THREAD_NUM \
-e CGW_WSS_CAS \
-e CGW_WSS_CERT \
-e CGW_WSS_KEY \
-e CGW_GRPC_LISTENING_IP \
-e CGW_GRPC_LISTENING_PORT \
-e CGW_GRPC_PUBLIC_HOST \
-e CGW_GRPC_PUBLIC_PORT \
-e CGW_KAFKA_HOST \
-e CGW_KAFKA_PORT \
-e CGW_KAFKA_CONSUME_TOPIC \
-e CGW_KAFKA_PRODUCE_TOPIC \
-e CGW_DB_NAME \
-e CGW_DB_HOST \
-e CGW_DB_PORT \
-e CGW_DB_USERNAME \
-e CGW_DB_PASSWORD \
-e CGW_DB_TLS \
-e CGW_REDIS_HOST \
-e CGW_REDIS_PORT \
-e CGW_REDIS_USERNAME \
-e CGW_REDIS_PASSWORD \
-e CGW_REDIS_TLS \
-e CGW_FEATURE_TOPOMAP_ENABLE \
-e CGW_METRICS_PORT \
-e CGW_ALLOW_CERT_MISMATCH \
-e CGW_NB_INFRA_TLS \
-e CGW_LOG_LEVEL \
-e CGW_ID \
-e CGW_WSS_IP \
-e CGW_WSS_PORT \
-e DEFAULT_WSS_THREAD_NUM \
-e CGW_WSS_CAS \
-e CGW_WSS_CERT \
-e CGW_WSS_KEY \
-e CGW_GRPC_LISTENING_IP \
-e CGW_GRPC_LISTENING_PORT \
-e CGW_GRPC_PUBLIC_HOST \
-e CGW_GRPC_PUBLIC_PORT \
-e CGW_KAFKA_HOST \
-e CGW_KAFKA_PORT \
-e CGW_KAFKA_CONSUME_TOPIC \
-e CGW_KAFKA_PRODUCE_TOPIC \
-e CGW_DB_NAME \
-e CGW_DB_HOST \
-e CGW_DB_PORT \
-e CGW_DB_USERNAME \
-e CGW_DB_PASSWORD \
-e CGW_DB_TLS \
-e CGW_REDIS_HOST \
-e CGW_REDIS_PORT \
-e CGW_REDIS_USERNAME \
-e CGW_REDIS_PASSWORD \
-e CGW_REDIS_TLS \
-e CGW_FEATURE_TOPOMAP_ENABLE \
-e CGW_METRICS_PORT \
-e CGW_ALLOW_CERT_MISMATCH \
-e CGW_NB_INFRA_TLS \
-e CGW_UCENTRAL_AP_DATAMODEL_URI \
-e CGW_UCENTRAL_SWITCH_DATAMODEL_URI \
-d -t --network=host --name $2 $1 ucentral-cgw
Loading

0 comments on commit add81bb

Please sign in to comment.