diff --git a/sulu/sulu-base/Makefile b/sulu/sulu-base/Makefile index c375ae2ee..3f2a3a0ab 100644 --- a/sulu/sulu-base/Makefile +++ b/sulu/sulu-base/Makefile @@ -5,11 +5,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sulu-base -PKG_VERSION:=3.1.29 +PKG_VERSION:=3.1.30 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu.git -PKG_SOURCE_VERSION:=e8188382267970f60a5992c55ab9858c9069044c +PKG_SOURCE_VERSION:=a6653de12a1b45758f75a1d833ada3489f9125f9 PKG_MIRROR_HASH:=skip SULU_MOD:=core diff --git a/sulu/sulu-builder/Makefile b/sulu/sulu-builder/Makefile index 335b880ce..49537a8c0 100644 --- a/sulu/sulu-builder/Makefile +++ b/sulu/sulu-builder/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sulu-builder -PKG_VERSION:=3.1.29 +PKG_VERSION:=3.1.30 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-builder.git -PKG_SOURCE_VERSION:=ad61b28419343d3987bc6eeb259198201e8b0a67 +PKG_SOURCE_VERSION:=fa8e0cd297b38f8b1f964694fb990cf017d75223 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION) PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz PKG_BUILD_DIR:=$(BUILD_DIR)/sulu-$(PKG_VERSION)/sulu-builder-$(PKG_SOURCE_VERSION) diff --git a/sulu/sulu-builder/files/etc/config/sulu b/sulu/sulu-builder/files/etc/config/sulu index d718604af..91c9ee5e4 100644 --- a/sulu/sulu-builder/files/etc/config/sulu +++ b/sulu/sulu-builder/files/etc/config/sulu @@ -1,5 +1,4 @@ config global 'global' - option role_based_access '1' option SessionMode 'Allow' list user 'admin' list user 'user' diff --git a/sulu/sulu-builder/files/etc/init.d/sulu b/sulu/sulu-builder/files/etc/init.d/sulu index f0fbf309a..3cdea6cda 100755 --- a/sulu/sulu-builder/files/etc/init.d/sulu +++ b/sulu/sulu-builder/files/etc/init.d/sulu @@ -16,12 +16,11 @@ validate_sulu_global_section() { uci_validate_section sulu global global \ 'enabled:bool:1' \ - 'enable_system_credentials:bool:1' \ - 'role_based_access:bool:0' + 'enable_system_credentials:bool:1' } start_service() { - local enabled enable_system_credentials role_based_access + local enabled enable_system_credentials config_load sulu procd_open_instance sulu @@ -34,8 +33,8 @@ start_service() { fi update_nginx_template - configure_sulu "${enable_system_credentials}" "${role_based_access}" 1 - generate_sulu_conn_config "${role_based_access}" + configure_sulu "${enable_system_credentials}" 1 + generate_sulu_conn_config procd_close_instance } diff --git a/sulu/sulu-builder/files/etc/sulu/sulu.sh b/sulu/sulu-builder/files/etc/sulu/sulu.sh index e52aa6cb4..89d0ff722 100644 --- a/sulu/sulu-builder/files/etc/sulu/sulu.sh +++ b/sulu/sulu-builder/files/etc/sulu/sulu.sh @@ -82,16 +82,6 @@ function _get_sulu_acl_file() echo "${file}" } -function _get_sulu_tls_port() -{ - local port listen - - listen="$(uci -q get nginx._sulu_s.listen)" - port="$(echo $listen|grep -Eo '[0-9]+'|head -n 1)" - - echo "${port:-8443}" -} - function _get_sulu_http_port() { local port listen @@ -117,149 +107,40 @@ function update_nginx_template() function generate_sulu_conn_config() { - local rbac users SCONFIG session + local users SCONFIG session - rbac="${1}" users="$(_get_sulu_users)" session="$(_get_sulu_session_mode)" SCONFIG="$(_get_sulu_connection_config)" json_init; - if [ "${rbac}" -eq "1" ]; then - json_add_string 'Current-connection' 'rbac'; - else - json_add_string 'Current-connection' 'main'; - fi + json_add_string 'Current-connection' 'main'; json_add_object 'Connections'; - json_add_object 'rbac'; + json_add_object 'main'; json_add_string 'toId' "$(_get_endpoint_id)"; - json_add_int 'port' "$(_get_sulu_tls_port)"; + json_add_string 'port' "auto"; json_add_string 'path' "/wss"; if [ "${session}" = "Require" ]; then json_add_boolean 'useSession' 1; fi - json_add_string 'protocol' 'wss'; - json_add_array 'auth'; - json_close_array; - - json_add_array 'urlOverrides'; - json_add_object ""; - json_add_object 'match'; - json_add_string 'protocol' 'http:' - json_close_object - json_add_object 'override'; - json_add_string 'protocol' 'ws' - json_add_int 'port' "$(_get_sulu_http_port)"; - json_close_object - json_close_object - json_close_array - - json_add_object 'overrides'; - for f in ${users}; do - json_add_object "${f}"; - json_add_string 'fromId' "self::sulu-${f}"; - json_add_string 'publishEndpoint' "/usp/$(_get_agent_id)/${f}/endpoint"; - json_add_string 'subscribeEndpoint' "/usp/$(_get_agent_id)/${f}/controller"; - json_close_object; - done + json_add_string 'protocol' 'autoWs'; + json_add_object 'overrides'; + for f in ${users}; do + json_add_object "${f}"; + json_add_string 'fromId' "self::sulu-${f}"; + json_add_string 'publishEndpoint' "/usp/$(_get_agent_id)/${f}/endpoint"; + json_add_string 'subscribeEndpoint' "/usp/$(_get_agent_id)/${f}/controller"; json_close_object; + done json_close_object; - - # add the default connection - json_add_object 'main'; - json_add_string 'fromId' 'proto::interop-usp-controller'; - json_add_string 'toId' "$(_get_endpoint_id)"; - json_add_int 'port' "$(_get_sulu_tls_port)"; - json_add_string 'path' "/wss"; - json_add_string 'protocol' 'wss'; - json_add_string 'publishEndpoint' "/usp/endpoint"; - json_add_string 'subscribeEndpoint' "/usp/controller"; - json_add_array 'auth'; - json_close_array; - - json_add_array 'urlOverrides'; - json_add_object ""; - json_add_object 'match'; - json_add_string 'protocol' 'http:' - json_close_object - json_add_object 'override'; - json_add_string 'protocol' 'ws' - json_add_int 'port' "$(_get_sulu_http_port)"; - json_close_object - json_close_object - json_close_array json_close_object; json_close_object; json_dump > ${SCONFIG} } -function set_sulu_connection_mode() -{ - local rbac profile config SCONFIG - - SCONFIG="$(_get_sulu_connection_config)" - rbac="${1}" - - profile="$(jq '."Current-connection"' ${SCONFIG})" - if [ "$rbac" -eq "1" -a "${profile}" == "\"main\"" ]; then - config="$(jq '."Current-connection" = "rbac"' ${SCONFIG})" - echo "${config}" > ${SCONFIG} - elif [ "$rbac" -eq "0" -a "${profile}" == "\"rbac\"" ]; then - config="$(jq '."Current-connection" = "main"' ${SCONFIG})" - echo "${config}" > ${SCONFIG} - fi -} - -function update_sulu_connection_port() -{ - local port ws_port SCONF - - SCONF="$(_get_sulu_connection_config)" - ws_port="$(_get_sulu_tls_port)" - - port="$(jq '.Connections.rbac.port' ${SCONF})" - if [ "${port}" -ne "${ws_port}" ]; then - jq ".Connections.main.port = ${ws_port} | .Connections.rbac.port = ${ws_port}" ${SCONF} > /tmp/sulu/ss_port.json - mv /tmp/sulu/ss_port.json ${SCONF} - fi -} - -function _update_obuspa_config() -{ - local restart - - restart=0 - if ! uci_get obuspa localmqtt >/dev/null 2>&1; then - uci_add obuspa mqtt localmqtt - uci_set obuspa localmqtt BrokerAddress "127.0.0.1" - uci_set obuspa localmqtt BrokerPort "1883" - uci_set obuspa localmqtt TransportProtocol "TCP/IP" - restart=1 - fi - - if ! uci_get obuspa agent_mtp >/dev/null 2>&1; then - uci_add obuspa mtp agent_mtp - uci_set obuspa agent_mtp Protocol "MQTT" - uci_set obuspa agent_mtp ResponseTopicConfigured "/usp/endpoint" - uci_set obuspa agent_mtp mqtt "localmqtt" - restart=1 - fi - - if ! uci_get obuspa localcontroller >/dev/null 2>&1; then - uci_add obuspa controller localcontroller - uci_set obuspa localcontroller EndpointID "proto::interop-usp-controller" - uci_set obuspa localcontroller Protocol "MQTT" - uci_set obuspa localcontroller Topic "/usp/controller" - uci_set obuspa localcontroller mqtt "localmqtt" - uci_set obuspa localcontroller assigned_role_name "full_access" - restart=1 - fi - return "${restart}" -} - function _remove_obuspa_config() { local restart session @@ -343,31 +224,14 @@ function _remove_sulu_sec() return 0 } -function _remove_obuspa_config_rbac() -{ - local restart - - restart=0 - config_foreach _remove_sulu_sec mqtt - restart="$(( restart + $? ))" - config_foreach _remove_sulu_sec mtp - restart="$(( restart + $? ))" - config_foreach _remove_sulu_sec controller - restart="$(( restart + $? ))" - uci_set obuspa global role_file "" - - return "${restart}" -} - function _create_acl() { - local agentid rbac users restart + local agentid users restart local ACL_FILE - rbac="${1:-0}" restart="0" ACL_FILE="$(_get_sulu_acl_file)" - if [ -z "${ACL_FILE}" -o "${rbac}" -eq "0" ]; then + if [ -z "${ACL_FILE}" ]; then return 0 fi @@ -376,20 +240,18 @@ function _create_acl() { fi touch "${ACL_FILE}" - if [ "${rbac}" -eq "1" ]; then - users="$(_get_sulu_users)" - agentid="$(_get_agent_id)" - for f in ${users}; do - if ! grep -q "user $f" ${ACL_FILE}; then - echo "user ${f}" >> ${ACL_FILE} - echo "topic read /usp/${agentid}/${f}/controller/reply-to/#" >> ${ACL_FILE} - echo "topic write /usp/${agentid}/${f}/endpoint/#" >> ${ACL_FILE} - echo "topic read /usp/${agentid}/${f}/controller/#" >> ${ACL_FILE} - echo "" >> ${ACL_FILE} - restart="1" - fi - done - fi + users="$(_get_sulu_users)" + agentid="$(_get_agent_id)" + for f in ${users}; do + if ! grep -q "user $f" ${ACL_FILE}; then + echo "user ${f}" >> ${ACL_FILE} + echo "topic read /usp/${agentid}/${f}/controller/reply-to/#" >> ${ACL_FILE} + echo "topic write /usp/${agentid}/${f}/endpoint/#" >> ${ACL_FILE} + echo "topic read /usp/${agentid}/${f}/controller/#" >> ${ACL_FILE} + echo "" >> ${ACL_FILE} + restart="1" + fi + done if [ "${restart}" -gt "0" ]; then slog "Restarting mosquitto..." @@ -399,23 +261,15 @@ function _create_acl() { function update_obuspa_config() { - local rbac restart + local restart - rbac="${1}" restart=0 uci_load obuspa - if [ "${rbac}" -eq "1" ]; then - _remove_obuspa_config - restart="$(( restart + $? ))" - _update_obuspa_config_rbac - restart="$(( restart + $? ))" - else - _remove_obuspa_config_rbac - restart="$(( restart + $? ))" - _update_obuspa_config - restart="$(( restart + $? ))" - fi + _remove_obuspa_config + restart="$(( restart + $? ))" + _update_obuspa_config_rbac + restart="$(( restart + $? ))" uci_commit obuspa if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -gt "0" ]; then @@ -426,20 +280,18 @@ function update_obuspa_config() function configure_sulu() { - local sys_cred rbac restart + local sys_cred restart sys_cred="${1}" - rbac="${2}" - restart="${3:-0}" + restart="${2:-0}" - if [ -z "${sys_cred}" -o -z "${rbac}" ]; then + if [ -z "${sys_cred}" ]; then slog "Invalid inputs" return 0 fi _RESTART_SERVICES="${restart}" - set_sulu_connection_mode "${rbac}" - update_obuspa_config "${rbac}" - _create_acl "${rbac}" + update_obuspa_config + _create_acl } diff --git a/sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-nginx-config b/sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-nginx-config index e89565a10..e01dda81f 100755 --- a/sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-nginx-config +++ b/sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-nginx-config @@ -21,25 +21,28 @@ add_sulu_nginx_uci() uci_set nginx _sulu_s error_log '/dev/null' fi -# To host on http, disable _suluredirect and enable _sulu_http -# if ! uci_get nginx _suluredirect >/dev/null 2>&1; then -# uci_add nginx server _suluredirect -# uci_add_list nginx _suluredirect listen "8080" -# uci_add_list nginx _suluredirect listen "[::]:8080" -# uci_set nginx _suluredirect server_name '_suluredirect' -# uci_set nginx _suluredirect return '302 https://$host:8443$request_uri' -# fi - - if ! uci_get nginx _sulu_http >/dev/null 2>&1; then - uci_add nginx server _sulu_http - uci_set nginx _sulu_http root '/sulu' - uci_add_list nginx _sulu_http listen "8080" - uci_add_list nginx _sulu_http listen "[::]:8080" - uci_set nginx _sulu_http server_name '_sulu_http' - uci_add_list nginx _sulu_http include '/etc/sulu/nginx.locations' - uci_set nginx _sulu_http ssl_session_cache 'none' - uci_set nginx _sulu_http access_log 'off; # logd openwrt' + # To host on http, disable _suluredirect and enable _sulu_http + if ! uci_get nginx _suluredirect >/dev/null 2>&1; then + uci_add nginx server _suluredirect + uci_add_list nginx _suluredirect listen "8080" + uci_add_list nginx _suluredirect listen "[::]:8080" + uci_set nginx _suluredirect server_name '_suluredirect' + uci_set nginx _suluredirect return '302 https://$host:8443$request_uri' fi + + if uci_get nginx _sulu_http >/dev/null 2>&1; then + uci_remove nginx _sulu_http + fi +# if ! uci_get nginx _sulu_http >/dev/null 2>&1; then +# uci_add nginx server _sulu_http +# uci_set nginx _sulu_http root '/sulu' +# uci_add_list nginx _sulu_http listen "8080" +# uci_add_list nginx _sulu_http listen "[::]:8080" +# uci_set nginx _sulu_http server_name '_sulu_http' +# uci_add_list nginx _sulu_http include '/etc/sulu/nginx.locations' +# uci_set nginx _sulu_http ssl_session_cache 'none' +# uci_set nginx _sulu_http access_log 'off; # logd openwrt' +# fi } diff --git a/sulu/sulu-builder/files/etc/uci-defaults/99-fix-sulu-config b/sulu/sulu-builder/files/etc/uci-defaults/99-fix-sulu-config index 092dcb32b..2855dbf78 100644 --- a/sulu/sulu-builder/files/etc/uci-defaults/99-fix-sulu-config +++ b/sulu/sulu-builder/files/etc/uci-defaults/99-fix-sulu-config @@ -4,7 +4,6 @@ config_load sulu config_get enable_system_credentials global enable_system_credentials 1 -config_get role_based_access global role_based_access 0 -configure_sulu "${enable_system_credentials}" "${role_based_access}" 0 -generate_sulu_conn_config "${role_based_access}" +configure_sulu "${enable_system_credentials}" 0 +generate_sulu_conn_config