sulu: use mosquitto uci for services

sulu-builder/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu-builder
-PKG_VERSION:=1.3.24
+PKG_VERSION:=1.3.25
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-builder.git
@@ -162,11 +162,6 @@ endif
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/etc/init.d/sulu $(1)/etc/init.d/sulu
 
-	$(INSTALL_DIR) $(1)/etc/mosquitto/conf.d/
-	$(INSTALL_DATA) ./files/etc/mosquitto/conf.d/obuspa.conf $(1)/etc/mosquitto/conf.d/
-	$(INSTALL_DATA) ./files/etc/mosquitto/conf.d/sulu.conf $(1)/etc/mosquitto/conf.d/
-	$(INSTALL_DATA) ./files/etc/mosquitto/sulu.password $(1)/etc/mosquitto/sulu.password
-
 	$(INSTALL_DIR) $(1)/etc/sulu
 	$(INSTALL_DATA) ./files/etc/sulu/roles.json $(1)/etc/sulu/
 	$(INSTALL_BIN) ./files/etc/sulu/sulu.sh $(1)/etc/sulu/
@@ -176,6 +171,7 @@ endif
 	$(INSTALL_BIN) ./files/etc/uci-defaults/99-fix-sulu-config $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/40-add-sulu-nginx-config $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/01-update-nginx-uci-template $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/10-add-mqtt-config $(1)/etc/uci-defaults/
 endef
 
 $(eval $(call BuildPackage,${PKG_NAME}))

sulu-builder/files/etc/config/sulu

@@ -1,5 +1,4 @@
 config global 'global'
-	option enable_system_credentials '1'
 	option role_based_access '1'
 	list user 'admin'
 	list user 'user'

sulu-builder/files/etc/init.d/sulu

@@ -33,8 +33,9 @@ start_service() {
 		return 0
 	fi
 
+	update_nginx_template
 	configure_sulu "${enable_system_credentials}" "${role_based_access}" 1
-	update_sulu_connection_port
+	generate_sulu_conn_config "${role_based_access}"
 	procd_close_instance
 }
 

sulu-builder/files/etc/mosquitto/conf.d/obuspa.conf

@@ -1,3 +0,0 @@
-listener 1883 127.0.0.1
-allow_anonymous true
-

sulu-builder/files/etc/mosquitto/conf.d/sulu.conf

@@ -1,4 +0,0 @@
-listener 9001
-protocol websockets
-require_certificate false
-allow_anonymous false

sulu-builder/files/etc/mosquitto/sulu.password

@@ -1 +0,0 @@
-admin:$6$OmM9kU/lYct3KJ9j$iP0WK4ezEtRm8+EAggNp7WbJFoWO0p7IUdI0v/hr1WcVHyfFAC30Pb8Csn7GqwwqI2dcmnDOAITnimo2VNe6ug==

sulu-builder/files/etc/sulu/sulu.sh

@@ -2,7 +2,6 @@
 
 . /lib/functions.sh
 
-ACL_FILE="/tmp/sulu/mqtt.acl"
 _RESTART_SERVICES="0"
 
 mkdir -p /tmp/sulu/
@@ -54,6 +53,22 @@ function _get_sulu_root()
 	echo "${root:-/sulu}"
 }
 
+function _get_usp_upstream_port()
+{
+	local port
+
+	port="$(uci -q get mosquitto.sulu.port)"
+	echo "${port:-9009}"
+}
+
+function _get_sulu_acl_file()
+{
+	local file
+
+	file="$(uci -q get mosquitto.sulu.acl_file)"
+	echo "${file}"
+}
+
 function _get_sulu_tls_port()
 {
 	local port listen
@@ -64,6 +79,19 @@ function _get_sulu_tls_port()
 	echo "${port:-8443}"
 }
 
+function update_nginx_template()
+{
+	local port
+
+	UCI_TEMPLATE="/etc/nginx/uci.conf.template"
+	port="$(_get_usp_upstream_port)"
+        if ! grep -q "upstream websocket { server 127.0.0.1:${port}; }" ${UCI_TEMPLATE}; then
+		sed -i "s/upstream websocket { server 127.0.0.1:[0-9]\+; }/upstream websocket { server 127.0.0.1:${var}; }/" ${UCI_TEMPLATE}
+		log "Restarting nginx"
+		ubus call uci commit '{"config":"nginx"}'
+	fi
+}
+
 function generate_sulu_conn_config()
 {
 	local rbac users SCONFIG
@@ -275,72 +303,40 @@ function _remove_obuspa_config_rbac()
 }
 
 function _create_acl() {
-        local agentid rbac users
+        local agentid rbac users restart
+	local ACL_FILE
 
 	rbac="${1:-0}"
+	restart="0"
 
-        [ -f "${ACL_FILE}" ] && rm -f "${ACL_FILE}"
-
-	if [ "${rbac}" -eq "0" ]; then
-		return 0;
+	ACL_FILE="$(_get_sulu_acl_file)"
+	if [ -z "${ACL_FILE}" -o "${rbac}" -eq "0" ]; then
+		return 0
 	fi
 
-        agentid="$(_get_agent_id)"
-	users="$(_get_sulu_users)"
-        for f in ${users}; do
-                echo "user ${f}" >> ${ACL_FILE}
-                echo "topic read  /usp/${agentid}/${f}/controller/reply-to/#" >> ${ACL_FILE}
-                echo "topic write /usp/${agentid}/${f}/endpoint/#" >> ${ACL_FILE}
-                echo "topic read  /usp/${agentid}/${f}/controller/#" >> ${ACL_FILE}
-                echo "" >> ${ACL_FILE}
-        done
-}
-
-function update_mosquitto_broker_config()
-{
-	local system_cred rbac restart
-
-	MB_SULU_CONF="/etc/mosquitto/conf.d/sulu.conf"
-	system_cred="${1}"
-	rbac="${2}"
-	restart=0
-
-	if [ "${system_cred}" -eq "1" ]; then
-		if grep -q "password_file " ${MB_SULU_CONF}; then
-			sed -i '/password_file /d' ${MB_SULU_CONF}
-			restart=1
-		fi
-		if ! grep -q "plugin .*mosquitto_auth_shadow.so" ${MB_SULU_CONF}; then
-			echo "plugin /usr/lib/mosquitto_auth_shadow.so" >> ${MB_SULU_CONF}
-			restart=1
-		fi
-	else
-		if grep -q 'plugin .*mosquitto_auth_shadow.so' ${MB_SULU_CONF}; then
-			sed -i '/plugin .*mosquitto_auth_shadow.so/d' ${MB_SULU_CONF}
-			restart=1
-		fi
-		if ! grep -q "password_file /etc/mosquitto/sulu.password" ${MB_SULU_CONF}; then
-			echo "password_file /etc/mosquitto/sulu.password" >> ${MB_SULU_CONF}
-			restart=1
-		fi
+	if [ -f "${ACL_FILE}" ]; then
+		rm -f "${ACL_FILE}"
 	fi
+	touch "${ACL_FILE}"
 
 	if [ "${rbac}" -eq "1" ]; then
-		_create_acl "${rbac}"
-		if ! grep -q "acl_file ${ACL_FILE}" ${MB_SULU_CONF}; then
-			echo "acl_file ${ACL_FILE}" >> ${MB_SULU_CONF}
-			restart=1
-		fi
-	else
-		if grep -q "acl_file ${ACL_FILE}" ${MB_SULU_CONF}; then
-			sed -i '/acl_file /d' ${MB_SULU_CONF}
-			restart=1
-		fi
+		users="$(_get_sulu_users)"
+		agentid="$(_get_agent_id)"
+		for f in ${users}; do
+			if ! grep -q "user $f" ${ACL_FILE}; then
+				echo "user ${f}" >> ${ACL_FILE}
+				echo "topic read  /usp/${agentid}/${f}/controller/reply-to/#" >> ${ACL_FILE}
+				echo "topic write /usp/${agentid}/${f}/endpoint/#" >> ${ACL_FILE}
+				echo "topic read  /usp/${agentid}/${f}/controller/#" >> ${ACL_FILE}
+				echo "" >> ${ACL_FILE}
+				restart="1"
+			fi
+		done
 	fi
 
-	if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -eq "1" ]; then
-		slog "Restarting mqtt broker..."
-		/etc/init.d/mosquitto restart &
+	if [ "${restart}" -gt "0" ]; then
+		slog "Restarting mosquitto..."
+		ubus call uci commit '{"config":"mosquitto"}'
 	fi
 }
 
@@ -386,7 +382,7 @@ function configure_sulu()
 
 	_RESTART_SERVICES="${restart}"
 
-	update_mosquitto_broker_config "${sys_cred}" "${rbac}"
 	set_sulu_connection_mode "${rbac}"
 	update_obuspa_config "${rbac}"
+	_create_acl "${rbac}"
 }

sulu-builder/files/etc/uci-defaults/01-update-nginx-uci-template

@@ -3,8 +3,10 @@
 UCI_TEMPLATE="/etc/nginx/uci.conf.template"
 update_nginx_uci_template()
 {
-	sed -i '/#UCI_HTTP_CONFIG$/i\	map $http_upgrade $connection_upgrade { default upgrade; "" close; }' ${UCI_TEMPLATE}
-	sed -i '/#UCI_HTTP_CONFIG$/i\	upstream websocket { server 127.0.0.1:9001; }' ${UCI_TEMPLATE}
+	if ! grep -q "upstream websocket" ${UCI_TEMPLATE}; then
+		sed -i '/#UCI_HTTP_CONFIG$/i\	map $http_upgrade $connection_upgrade { default upgrade; "" close; }' ${UCI_TEMPLATE}
+		sed -i '/#UCI_HTTP_CONFIG$/i\	upstream websocket { server 127.0.0.1:9009; }' ${UCI_TEMPLATE}
+	fi
 }
 
 update_nginx_uci_template

sulu-builder/files/etc/uci-defaults/10-add-mqtt-config

@@ -0,0 +1,37 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+if [ ! -f "/etc/config/mosquitto" ]; then
+	echo "Local mosquitto broker not available"
+	return 0
+fi
+
+add_obuspa_config()
+{
+	if ! uci_get mosquitto obuspa >/dev/null 2>&1; then
+		uci_add mosquitto listener obuspa
+		uci_set mosquitto obuspa enabled 1
+		uci_set mosquitto obuspa port '1883'
+		uci_set mosquitto obuspa no_remote_access '1'
+		uci_set mosquitto obuspa allow_anonymous '1'
+	fi
+}
+
+add_sulu_config()
+{
+	if ! uci_get mosquitto sulu >/dev/null 2>&1; then
+		uci_add mosquitto listener sulu
+		uci_set mosquitto sulu enabled 1
+		uci_set mosquitto sulu port '9009'
+		uci_set mosquitto sulu no_remote_access '1'
+		uci_set mosquitto sulu protocol 'websockets'
+		uci_set mosquitto sulu require_certificates '0'
+		uci_set mosquitto sulu auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
+		uci_set mosquitto sulu acl_file '/tmp/sulu/mqtt.acl'
+	fi
+}
+
+uci_load mosquitto
+add_obuspa_config
+add_sulu_config

sulu/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sulu
-PKG_VERSION:=1.3.24
+PKG_VERSION:=1.3.25
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu.git
@@ -49,11 +49,6 @@ endif
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/etc/init.d/sulu $(1)/etc/init.d/sulu
 
-	$(INSTALL_DIR) $(1)/etc/mosquitto/conf.d/
-	$(INSTALL_DATA) ./files/etc/mosquitto/conf.d/obuspa.conf $(1)/etc/mosquitto/conf.d/
-	$(INSTALL_DATA) ./files/etc/mosquitto/conf.d/sulu.conf $(1)/etc/mosquitto/conf.d/
-	$(INSTALL_DATA) ./files/etc/mosquitto/sulu.password $(1)/etc/mosquitto/sulu.password
-
 	$(INSTALL_DIR) $(1)/etc/sulu
 	$(INSTALL_DATA) ./files/etc/sulu/roles.json $(1)/etc/sulu/
 	$(INSTALL_BIN) ./files/etc/sulu/sulu.sh $(1)/etc/sulu/
@@ -63,6 +58,7 @@ endif
 	$(INSTALL_BIN) ./files/etc/uci-defaults/99-fix-sulu-config $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/40-add-sulu-nginx-config $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/01-update-nginx-uci-template $(1)/etc/uci-defaults/
+	$(INSTALL_BIN) ./files/etc/uci-defaults/10-add-mqtt-config $(1)/etc/uci-defaults/
 endef
 
 $(eval $(call BuildPackage,sulu))

sulu/files/etc/config/sulu

@@ -1,5 +1,4 @@
 config global 'global'
-	option enable_system_credentials '1'
 	option role_based_access '1'
 	list user 'admin'
 	list user 'user'

sulu/files/etc/init.d/sulu

@@ -33,8 +33,9 @@ start_service() {
 		return 0
 	fi
 
+	update_nginx_template
 	configure_sulu "${enable_system_credentials}" "${role_based_access}" 1
-	update_sulu_connection_port
+	generate_sulu_conn_config "${role_based_access}"
 	procd_close_instance
 }
 

sulu/files/etc/mosquitto/conf.d/obuspa.conf

@@ -1,3 +0,0 @@
-listener 1883 127.0.0.1
-allow_anonymous true
-

sulu/files/etc/mosquitto/conf.d/sulu.conf

@@ -1,4 +0,0 @@
-listener 9001
-protocol websockets
-require_certificate false
-allow_anonymous false

sulu/files/etc/mosquitto/sulu.password

@@ -1 +0,0 @@
-admin:$6$OmM9kU/lYct3KJ9j$iP0WK4ezEtRm8+EAggNp7WbJFoWO0p7IUdI0v/hr1WcVHyfFAC30Pb8Csn7GqwwqI2dcmnDOAITnimo2VNe6ug==

sulu/files/etc/sulu/sulu.sh

@@ -2,7 +2,6 @@
 
 . /lib/functions.sh
 
-ACL_FILE="/tmp/sulu/mqtt.acl"
 _RESTART_SERVICES="0"
 
 mkdir -p /tmp/sulu/
@@ -54,6 +53,22 @@ function _get_sulu_root()
 	echo "${root:-/sulu}"
 }
 
+function _get_usp_upstream_port()
+{
+	local port
+
+	port="$(uci -q get mosquitto.sulu.port)"
+	echo "${port:-9009}"
+}
+
+function _get_sulu_acl_file()
+{
+	local file
+
+	file="$(uci -q get mosquitto.sulu.acl_file)"
+	echo "${file}"
+}
+
 function _get_sulu_tls_port()
 {
 	local port listen
@@ -64,6 +79,19 @@ function _get_sulu_tls_port()
 	echo "${port:-8443}"
 }
 
+function update_nginx_template()
+{
+	local port
+
+	UCI_TEMPLATE="/etc/nginx/uci.conf.template"
+	port="$(_get_usp_upstream_port)"
+        if ! grep -q "upstream websocket { server 127.0.0.1:${port}; }" ${UCI_TEMPLATE}; then
+		sed -i "s/upstream websocket { server 127.0.0.1:[0-9]\+; }/upstream websocket { server 127.0.0.1:${var}; }/" ${UCI_TEMPLATE}
+		log "Restarting nginx"
+		ubus call uci commit '{"config":"nginx"}'
+	fi
+}
+
 function generate_sulu_conn_config()
 {
 	local rbac users SCONFIG
@@ -275,72 +303,40 @@ function _remove_obuspa_config_rbac()
 }
 
 function _create_acl() {
-        local agentid rbac users
+        local agentid rbac users restart
+	local ACL_FILE
 
 	rbac="${1:-0}"
+	restart="0"
 
-        [ -f "${ACL_FILE}" ] && rm -f "${ACL_FILE}"
-
-	if [ "${rbac}" -eq "0" ]; then
-		return 0;
+	ACL_FILE="$(_get_sulu_acl_file)"
+	if [ -z "${ACL_FILE}" -o "${rbac}" -eq "0" ]; then
+		return 0
 	fi
 
-        agentid="$(_get_agent_id)"
-	users="$(_get_sulu_users)"
-        for f in ${users}; do
-                echo "user ${f}" >> ${ACL_FILE}
-                echo "topic read  /usp/${agentid}/${f}/controller/reply-to/#" >> ${ACL_FILE}
-                echo "topic write /usp/${agentid}/${f}/endpoint/#" >> ${ACL_FILE}
-                echo "topic read  /usp/${agentid}/${f}/controller/#" >> ${ACL_FILE}
-                echo "" >> ${ACL_FILE}
-        done
-}
-
-function update_mosquitto_broker_config()
-{
-	local system_cred rbac restart
-
-	MB_SULU_CONF="/etc/mosquitto/conf.d/sulu.conf"
-	system_cred="${1}"
-	rbac="${2}"
-	restart=0
-
-	if [ "${system_cred}" -eq "1" ]; then
-		if grep -q "password_file " ${MB_SULU_CONF}; then
-			sed -i '/password_file /d' ${MB_SULU_CONF}
-			restart=1
-		fi
-		if ! grep -q "plugin .*mosquitto_auth_shadow.so" ${MB_SULU_CONF}; then
-			echo "plugin /usr/lib/mosquitto_auth_shadow.so" >> ${MB_SULU_CONF}
-			restart=1
-		fi
-	else
-		if grep -q 'plugin .*mosquitto_auth_shadow.so' ${MB_SULU_CONF}; then
-			sed -i '/plugin .*mosquitto_auth_shadow.so/d' ${MB_SULU_CONF}
-			restart=1
-		fi
-		if ! grep -q "password_file /etc/mosquitto/sulu.password" ${MB_SULU_CONF}; then
-			echo "password_file /etc/mosquitto/sulu.password" >> ${MB_SULU_CONF}
-			restart=1
-		fi
+	if [ -f "${ACL_FILE}" ]; then
+		rm -f "${ACL_FILE}"
 	fi
+	touch "${ACL_FILE}"
 
 	if [ "${rbac}" -eq "1" ]; then
-		_create_acl "${rbac}"
-		if ! grep -q "acl_file ${ACL_FILE}" ${MB_SULU_CONF}; then
-			echo "acl_file ${ACL_FILE}" >> ${MB_SULU_CONF}
-			restart=1
-		fi
-	else
-		if grep -q "acl_file ${ACL_FILE}" ${MB_SULU_CONF}; then
-			sed -i '/acl_file /d' ${MB_SULU_CONF}
-			restart=1
-		fi
+		users="$(_get_sulu_users)"
+		agentid="$(_get_agent_id)"
+		for f in ${users}; do
+			if ! grep -q "user $f" ${ACL_FILE}; then
+				echo "user ${f}" >> ${ACL_FILE}
+				echo "topic read  /usp/${agentid}/${f}/controller/reply-to/#" >> ${ACL_FILE}
+				echo "topic write /usp/${agentid}/${f}/endpoint/#" >> ${ACL_FILE}
+				echo "topic read  /usp/${agentid}/${f}/controller/#" >> ${ACL_FILE}
+				echo "" >> ${ACL_FILE}
+				restart="1"
+			fi
+		done
 	fi
 
-	if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -eq "1" ]; then
-		slog "Restarting mqtt broker..."
-		/etc/init.d/mosquitto restart &
+	if [ "${restart}" -gt "0" ]; then
+		slog "Restarting mosquitto..."
+		ubus call uci commit '{"config":"mosquitto"}'
 	fi
 }
 
@@ -386,7 +382,7 @@ function configure_sulu()
 
 	_RESTART_SERVICES="${restart}"
 
-	update_mosquitto_broker_config "${sys_cred}" "${rbac}"
 	set_sulu_connection_mode "${rbac}"
 	update_obuspa_config "${rbac}"
+	_create_acl "${rbac}"
 }

sulu/files/etc/uci-defaults/01-update-nginx-uci-template

@@ -3,8 +3,10 @@
 UCI_TEMPLATE="/etc/nginx/uci.conf.template"
 update_nginx_uci_template()
 {
-	sed -i '/#UCI_HTTP_CONFIG$/i\	map $http_upgrade $connection_upgrade { default upgrade; "" close; }' ${UCI_TEMPLATE}
-	sed -i '/#UCI_HTTP_CONFIG$/i\	upstream websocket { server 127.0.0.1:9001; }' ${UCI_TEMPLATE}
+	if ! grep -q "upstream websocket" ${UCI_TEMPLATE}; then
+		sed -i '/#UCI_HTTP_CONFIG$/i\	map $http_upgrade $connection_upgrade { default upgrade; "" close; }' ${UCI_TEMPLATE}
+		sed -i '/#UCI_HTTP_CONFIG$/i\	upstream websocket { server 127.0.0.1:9009; }' ${UCI_TEMPLATE}
+	fi
 }
 
 update_nginx_uci_template

sulu/files/etc/uci-defaults/10-add-mqtt-config

@@ -0,0 +1,37 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+if [ ! -f "/etc/config/mosquitto" ]; then
+	echo "Local mosquitto broker not available"
+	return 0
+fi
+
+add_obuspa_config()
+{
+	if ! uci_get mosquitto obuspa >/dev/null 2>&1; then
+		uci_add mosquitto listener obuspa
+		uci_set mosquitto obuspa enabled 1
+		uci_set mosquitto obuspa port '1883'
+		uci_set mosquitto obuspa no_remote_access '1'
+		uci_set mosquitto obuspa allow_anonymous '1'
+	fi
+}
+
+add_sulu_config()
+{
+	if ! uci_get mosquitto sulu >/dev/null 2>&1; then
+		uci_add mosquitto listener sulu
+		uci_set mosquitto sulu enabled 1
+		uci_set mosquitto sulu port '9009'
+		uci_set mosquitto sulu no_remote_access '1'
+		uci_set mosquitto sulu protocol 'websockets'
+		uci_set mosquitto sulu require_certificates '0'
+		uci_set mosquitto sulu auth_plugin '/usr/lib/mosquitto_auth_shadow.so'
+		uci_set mosquitto sulu acl_file '/tmp/sulu/mqtt.acl'
+	fi
+}
+
+uci_load mosquitto
+add_obuspa_config
+add_sulu_config