From be943694a2584491b382a29d8a2e1f1c53729a82 Mon Sep 17 00:00:00 2001 From: nyagamunene Date: Mon, 13 Jan 2025 16:30:28 +0300 Subject: [PATCH 1/5] move to supermq Signed-off-by: nyagamunene --- docker/.env | 614 ++++++-- docker/compose.yaml | 1352 +++++++++++++---- docker/nats/nats.conf | 6 +- docker/nginx/entrypoint.sh | 29 +- docker/nginx/nginx-key.conf | 113 +- docker/nginx/nginx-x509.conf | 115 +- .../nginx/snippets/mqtt-upstream-cluster.conf | 8 +- .../nginx/snippets/mqtt-upstream-single.conf | 4 +- .../snippets/mqtt-ws-upstream-cluster.conf | 8 +- .../snippets/mqtt-ws-upstream-single.conf | 4 +- docker/nginx/snippets/ssl.conf | 4 +- docker/spicedb/schema.zed | 550 ++++++- docker/ssl/Makefile | 28 +- docker/ssl/certs/supermq-server.crt | 26 + docker/ssl/certs/supermq-server.key | 52 + 15 files changed, 2196 insertions(+), 717 deletions(-) create mode 100644 docker/ssl/certs/supermq-server.crt create mode 100644 docker/ssl/certs/supermq-server.key diff --git a/docker/.env b/docker/.env index f5764be..67668e2 100644 --- a/docker/.env +++ b/docker/.env @@ -1,18 +1,27 @@ ## NginX -MG_NGINX_HTTP_PORT=80 -MG_NGINX_SSL_PORT=443 -MG_NGINX_MQTT_PORT=1883 -MG_NGINX_MQTTS_PORT=8883 +SMQ_NGINX_HTTP_PORT=80 +SMQ_NGINX_SSL_PORT=443 +SMQ_NGINX_MQTT_PORT=1883 +SMQ_NGINX_MQTTS_PORT=8883 ## Nats -MG_NATS_PORT=4222 -MG_NATS_HTTP_PORT=8222 -MG_NATS_JETSTREAM_KEY=u7wFoAPgXpDueXOFldBnXDh4xjnSOyEJ2Cb8Z5SZvGLzIZ3U4exWhhoIBZHzuNvh -MG_NATS_URL=nats://nats:${MG_NATS_PORT} +SMQ_NATS_PORT=4222 +SMQ_NATS_HTTP_PORT=8222 +SMQ_NATS_JETSTREAM_KEY=u7wFoAPgXpDueXOFldBnXDh4xjnSOyEJ2Cb8Z5SZvGLzIZ3U4exWhhoIBZHzuNvh +SMQ_NATS_URL=nats://nats:${SMQ_NATS_PORT} # Configs for nats as MQTT broker -MG_NATS_HEALTH_CHECK=http://nats:${MG_NATS_HTTP_PORT}/healthz -MG_NATS_WS_TARGET_PATH= -MG_NATS_MQTT_QOS=1 +SMQ_NATS_HEALTH_CHECK=http://nats:${SMQ_NATS_HTTP_PORT}/healthz +SMQ_NATS_WS_TARGET_PATH= +SMQ_NATS_MQTT_QOS=1 + +## RabbitMQ +SMQ_RABBITMQ_PORT=5672 +SMQ_RABBITMQ_HTTP_PORT=15672 +SMQ_RABBITMQ_USER=supermq +SMQ_RABBITMQ_PASS=supermq +SMQ_RABBITMQ_COOKIE=supermq +SMQ_RABBITMQ_VHOST=/ +SMQ_RABBITMQ_URL=amqp://${SMQ_RABBITMQ_USER}:${SMQ_RABBITMQ_PASS}@rabbitmq:${SMQ_RABBITMQ_PORT}${SMQ_RABBITMQ_VHOST} ## RabbitMQ MG_RABBITMQ_PORT=5672 @@ -24,177 +33,324 @@ MG_RABBITMQ_VHOST=/ MG_RABBITMQ_URL=amqp://${MG_RABBITMQ_USER}:${MG_RABBITMQ_PASS}@rabbitmq:${MG_RABBITMQ_PORT}${MG_RABBITMQ_VHOST} ## Message Broker -MG_MESSAGE_BROKER_TYPE=nats -MG_MESSAGE_BROKER_URL=${MG_NATS_URL} +SMQ_MESSAGE_BROKER_TYPE=nats +SMQ_MESSAGE_BROKER_URL=${SMQ_NATS_URL} ## VERNEMQ -MG_DOCKER_VERNEMQ_ALLOW_ANONYMOUS=on -MG_DOCKER_VERNEMQ_LOG__CONSOLE__LEVEL=error -MG_VERNEMQ_HEALTH_CHECK=http://vernemq:8888/health -MG_VERNEMQ_WS_TARGET_PATH=/mqtt -MG_VERNEMQ_MQTT_QOS=2 +SMQ_DOCKER_VERNEMQ_ALLOW_ANONYMOUS=on +SMQ_DOCKER_VERNEMQ_LOG__CONSOLE__LEVEL=error +SMQ_VERNEMQ_HEALTH_CHECK=http://vernemq:8888/health +SMQ_VERNEMQ_WS_TARGET_PATH=/mqtt +SMQ_VERNEMQ_MQTT_QOS=2 ## MQTT Broker -MG_MQTT_BROKER_TYPE=vernemq -MG_MQTT_BROKER_HEALTH_CHECK=${MG_VERNEMQ_HEALTH_CHECK} -MG_MQTT_ADAPTER_MQTT_QOS=${MG_VERNEMQ_MQTT_QOS} -MG_MQTT_ADAPTER_MQTT_TARGET_HOST=${MG_MQTT_BROKER_TYPE} -MG_MQTT_ADAPTER_MQTT_TARGET_PORT=1883 -MG_MQTT_ADAPTER_MQTT_TARGET_HEALTH_CHECK=${MG_MQTT_BROKER_HEALTH_CHECK} -MG_MQTT_ADAPTER_WS_TARGET_HOST=${MG_MQTT_BROKER_TYPE} -MG_MQTT_ADAPTER_WS_TARGET_PORT=8080 -MG_MQTT_ADAPTER_WS_TARGET_PATH=${MG_VERNEMQ_WS_TARGET_PATH} +SMQ_MQTT_BROKER_TYPE=vernemq +SMQ_MQTT_BROKER_HEALTH_CHECK=${SMQ_VERNEMQ_HEALTH_CHECK} +SMQ_MQTT_ADAPTER_MQTT_QOS=${SMQ_VERNEMQ_MQTT_QOS} +SMQ_MQTT_ADAPTER_MQTT_TARGET_HOST=${SMQ_MQTT_BROKER_TYPE} +SMQ_MQTT_ADAPTER_MQTT_TARGET_PORT=1883 +SMQ_MQTT_ADAPTER_MQTT_TARGET_HEALTH_CHECK=${SMQ_MQTT_BROKER_HEALTH_CHECK} +SMQ_MQTT_ADAPTER_WS_TARGET_HOST=${SMQ_MQTT_BROKER_TYPE} +SMQ_MQTT_ADAPTER_WS_TARGET_PORT=8080 +SMQ_MQTT_ADAPTER_WS_TARGET_PATH=${SMQ_VERNEMQ_WS_TARGET_PATH} ## Redis -MG_REDIS_TCP_PORT=6379 -MG_REDIS_URL=redis://es-redis:${MG_REDIS_TCP_PORT}/0 +SMQ_REDIS_TCP_PORT=6379 +SMQ_REDIS_URL=redis://es-redis:${SMQ_REDIS_TCP_PORT}/0 ## Event Store -MG_ES_TYPE=${MG_MESSAGE_BROKER_TYPE} -MG_ES_URL=${MG_MESSAGE_BROKER_URL} +SMQ_ES_TYPE=${SMQ_MESSAGE_BROKER_TYPE} +SMQ_ES_URL=${SMQ_MESSAGE_BROKER_URL} ## Jaeger -MG_JAEGER_COLLECTOR_OTLP_ENABLED=true -MG_JAEGER_FRONTEND=16686 -MG_JAEGER_OLTP_HTTP=4318 -MG_JAEGER_URL=http://jaeger:4318/v1/traces -MG_JAEGER_TRACE_RATIO=1.0 -MG_JAEGER_MEMORY_MAX_TRACES=5000 +SMQ_JAEGER_COLLECTOR_OTLP_ENABLED=true +SMQ_JAEGER_FRONTEND=16686 +SMQ_JAEGER_OLTP_HTTP=4318 +SMQ_JAEGER_URL=http://jaeger:4318/v1/traces +SMQ_JAEGER_TRACE_RATIO=1.0 +SMQ_JAEGER_MEMORY_MAX_TRACES=5000 ## Call home -MG_SEND_TELEMETRY=true +SMQ_SEND_TELEMETRY=true ## Postgres -MG_POSTGRES_MAX_CONNECTIONS=100 +SMQ_POSTGRES_MAX_CONNECTIONS=100 ## Core Services ### Auth -MG_AUTH_LOG_LEVEL=debug -MG_AUTH_HTTP_HOST=auth -MG_AUTH_HTTP_PORT=8189 -MG_AUTH_HTTP_SERVER_CERT= -MG_AUTH_HTTP_SERVER_KEY= -MG_AUTH_GRPC_HOST=auth -MG_AUTH_GRPC_PORT=8181 -MG_AUTH_GRPC_SERVER_CERT=${GRPC_MTLS:+./ssl/certs/auth-grpc-server.crt}${GRPC_TLS:+./ssl/certs/auth-grpc-server.crt} -MG_AUTH_GRPC_SERVER_KEY=${GRPC_MTLS:+./ssl/certs/auth-grpc-server.key}${GRPC_TLS:+./ssl/certs/auth-grpc-server.key} -MG_AUTH_GRPC_SERVER_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt}${GRPC_TLS:+./ssl/certs/ca.crt} -MG_AUTH_DB_HOST=auth-db -MG_AUTH_DB_PORT=5432 -MG_AUTH_DB_USER=magistrala -MG_AUTH_DB_PASS=magistrala -MG_AUTH_DB_NAME=auth -MG_AUTH_DB_SSL_MODE=disable -MG_AUTH_DB_SSL_CERT= -MG_AUTH_DB_SSL_KEY= -MG_AUTH_DB_SSL_ROOT_CERT= -MG_AUTH_SECRET_KEY=HyE2D4RUt9nnKG6v8zKEqAp6g6ka8hhZsqUpzgKvnwpXrNVQSH -MG_AUTH_ACCESS_TOKEN_DURATION="1h" -MG_AUTH_REFRESH_TOKEN_DURATION="24h" -MG_AUTH_INVITATION_DURATION="168h" -MG_AUTH_ADAPTER_INSTANCE_ID= - -#### Auth GRPC Client Config -MG_AUTH_GRPC_URL=auth:8181 -MG_AUTH_GRPC_TIMEOUT=300s -MG_AUTH_GRPC_CLIENT_CERT=${GRPC_MTLS:+./ssl/certs/auth-grpc-client.crt} -MG_AUTH_GRPC_CLIENT_KEY=${GRPC_MTLS:+./ssl/certs/auth-grpc-client.key} -MG_AUTH_GRPC_CLIENT_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt} +SMQ_AUTH_LOG_LEVEL=debug +SMQ_AUTH_HTTP_HOST=auth +SMQ_AUTH_HTTP_PORT=9001 +SMQ_AUTH_HTTP_SERVER_CERT= +SMQ_AUTH_HTTP_SERVER_KEY= +SMQ_AUTH_GRPC_HOST=auth +SMQ_AUTH_GRPC_PORT=7001 +SMQ_AUTH_GRPC_SERVER_CERT=${GRPC_MTLS:+./ssl/certs/auth-grpc-server.crt}${GRPC_TLS:+./ssl/certs/auth-grpc-server.crt} +SMQ_AUTH_GRPC_SERVER_KEY=${GRPC_MTLS:+./ssl/certs/auth-grpc-server.key}${GRPC_TLS:+./ssl/certs/auth-grpc-server.key} +SMQ_AUTH_GRPC_SERVER_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt}${GRPC_TLS:+./ssl/certs/ca.crt} +SMQ_AUTH_DB_HOST=auth-db +SMQ_AUTH_DB_PORT=5432 +SMQ_AUTH_DB_USER=supermq +SMQ_AUTH_DB_PASS=supermq +SMQ_AUTH_DB_NAME=auth +SMQ_AUTH_DB_SSL_MODE=disable +SMQ_AUTH_DB_SSL_CERT= +SMQ_AUTH_DB_SSL_KEY= +SMQ_AUTH_DB_SSL_ROOT_CERT= +SMQ_AUTH_SECRET_KEY=HyE2D4RUt9nnKG6v8zKEqAp6g6ka8hhZsqUpzgKvnwpXrNVQSH +SMQ_AUTH_ACCESS_TOKEN_DURATION="1h" +SMQ_AUTH_REFRESH_TOKEN_DURATION="24h" +SMQ_AUTH_INVITATION_DURATION="168h" +SMQ_AUTH_ADAPTER_INSTANCE_ID= + +#### Auth Client Config +SMQ_AUTH_URL=auth:9001 +SMQ_AUTH_GRPC_URL=auth:7001 +SMQ_AUTH_GRPC_TIMEOUT=300s +SMQ_AUTH_GRPC_CLIENT_CERT=${GRPC_MTLS:+./ssl/certs/auth-grpc-client.crt} +SMQ_AUTH_GRPC_CLIENT_KEY=${GRPC_MTLS:+./ssl/certs/auth-grpc-client.key} +SMQ_AUTH_GRPC_CLIENT_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt} + +### Domains +SMQ_DOMAINS_LOG_LEVEL=debug +SMQ_DOMAINS_HTTP_HOST=domains +SMQ_DOMAINS_HTTP_PORT=9003 +SMQ_DOMAINS_HTTP_SERVER_KEY= +SMQ_DOMAINS_HTTP_SERVER_CERT= +SMQ_DOMAINS_GRPC_HOST=domains +SMQ_DOMAINS_GRPC_PORT=7003 +SMQ_DOMAINS_DB_HOST=domains-db +SMQ_DOMAINS_DB_PORT=5432 +SMQ_DOMAINS_DB_NAME=domains +SMQ_DOMAINS_DB_USER=supermq +SMQ_DOMAINS_DB_PASS=supermq +SMQ_DOMAINS_DB_SSL_MODE= +SMQ_DOMAINS_DB_SSL_KEY= +SMQ_DOMAINS_DB_SSL_CERT= +SMQ_DOMAINS_DB_SSL_ROOT_CERT= +SMQ_DOMAINS_INSTANCE_ID= +SMQ_DOMAINS_CACHE_URL=redis://domains-redis:${SMQ_REDIS_TCP_PORT}/0 +SMQ_DOMAINS_CACHE_KEY_DURATION=10m #### Domains Client Config -MG_DOMAINS_URL=http://auth:8189 +SMQ_DOMAINS_URL=http://domains:9003 +SMQ_DOMAINS_GRPC_URL=domains:7003 +SMQ_DOMAINS_GRPC_TIMEOUT=300s +SMQ_DOMAINS_GRPC_CLIENT_CERT=${GRPC_MTLS:+./ssl/certs/domains-grpc-client.crt} +SMQ_DOMAINS_GRPC_CLIENT_KEY=${GRPC_MTLS:+./ssl/certs/domains-grpc-client.key} +SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt} ### SpiceDB Datastore config -MG_SPICEDB_DB_USER=magistrala -MG_SPICEDB_DB_PASS=magistrala -MG_SPICEDB_DB_NAME=spicedb -MG_SPICEDB_DB_PORT=5432 +SMQ_SPICEDB_DB_USER=supermq +SMQ_SPICEDB_DB_PASS=supermq +SMQ_SPICEDB_DB_NAME=spicedb +SMQ_SPICEDB_DB_PORT=5432 ### SpiceDB config -MG_SPICEDB_PRE_SHARED_KEY="12345678" -MG_SPICEDB_SCHEMA_FILE="/schema.zed" -MG_SPICEDB_HOST=magistrala-spicedb -MG_SPICEDB_PORT=50051 -MG_SPICEDB_DATASTORE_ENGINE=postgres +SMQ_SPICEDB_PRE_SHARED_KEY="12345678" +SMQ_SPICEDB_SCHEMA_FILE="/schema.zed" +SMQ_SPICEDB_HOST=supermq-spicedb +SMQ_SPICEDB_PORT=50051 +SMQ_SPICEDB_DATASTORE_ENGINE=postgres + +### Invitations +SMQ_INVITATIONS_LOG_LEVEL=info +SMQ_INVITATIONS_HTTP_HOST=invitations +SMQ_INVITATIONS_HTTP_PORT=9020 +SMQ_INVITATIONS_HTTP_SERVER_CERT= +SMQ_INVITATIONS_HTTP_SERVER_KEY= +SMQ_INVITATIONS_DB_HOST=invitations-db +SMQ_INVITATIONS_DB_PORT=5432 +SMQ_INVITATIONS_DB_USER=supermq +SMQ_INVITATIONS_DB_PASS=supermq +SMQ_INVITATIONS_DB_NAME=invitations +SMQ_INVITATIONS_DB_SSL_MODE=disable +SMQ_INVITATIONS_DB_SSL_CERT= +SMQ_INVITATIONS_DB_SSL_KEY= +SMQ_INVITATIONS_DB_SSL_ROOT_CERT= +SMQ_INVITATIONS_INSTANCE_ID= + +### UI +SMQ_UI_LOG_LEVEL=debug +SMQ_UI_PORT=9095 +SMQ_HTTP_ADAPTER_URL=http://http-adapter:8008 +SMQ_CLIENTS_URL=http://clients:9006 +SMQ_USERS_URL=http://users:9002 +SMQ_INVITATIONS_URL=http://invitations:9020 +SMQ_DOMAINS_URL=http://domains:9003 +SMQ_UI_HOST_URL=http://localhost:9095 +SMQ_UI_VERIFICATION_TLS=false +SMQ_UI_CONTENT_TYPE=application/senml+json +SMQ_UI_INSTANCE_ID= +SMQ_UI_DB_HOST=ui-db +SMQ_UI_DB_PORT=5432 +SMQ_UI_DB_USER=supermq +SMQ_UI_DB_PASS=supermq +SMQ_UI_DB_NAME=ui +SMQ_UI_DB_SSL_MODE=disable +SMQ_UI_DB_SSL_CERT= +SMQ_UI_DB_SSL_KEY= +SMQ_UI_DB_SSL_ROOT_CERT= +SMQ_UI_HASH_KEY=5jx4x2Qg9OUmzpP5dbveWQ +SMQ_UI_BLOCK_KEY=UtgZjr92jwRY6SPUndHXiyl9QY8qTUyZ +SMQ_UI_PATH_PREFIX=/ui ### Users -MG_USERS_LOG_LEVEL=debug -MG_USERS_SECRET_KEY=HyE2D4RUt9nnKG6v8zKEqAp6g6ka8hhZsqUpzgKvnwpXrNVQSH -MG_USERS_ADMIN_EMAIL=admin@example.com -MG_USERS_ADMIN_PASSWORD=12345678 -MG_USERS_ADMIN_USERNAME=admin -MG_USERS_ADMIN_FIRST_NAME=super -MG_USERS_ADMIN_LAST_NAME=admin -MG_USERS_PASS_REGEX=^.{8,}$ -MG_USERS_ACCESS_TOKEN_DURATION=15m -MG_USERS_REFRESH_TOKEN_DURATION=24h -MG_TOKEN_RESET_ENDPOINT=/reset-request -MG_USERS_HTTP_HOST=users -MG_USERS_HTTP_PORT=9002 -MG_USERS_HTTP_SERVER_CERT= -MG_USERS_HTTP_SERVER_KEY= -MG_USERS_DB_HOST=users-db -MG_USERS_DB_PORT=5432 -MG_USERS_DB_USER=magistrala -MG_USERS_DB_PASS=magistrala -MG_USERS_DB_NAME=users -MG_USERS_DB_SSL_MODE=disable -MG_USERS_DB_SSL_CERT= -MG_USERS_DB_SSL_KEY= -MG_USERS_DB_SSL_ROOT_CERT= -MG_USERS_RESET_PWD_TEMPLATE=users.tmpl -MG_USERS_INSTANCE_ID= -MG_USERS_ALLOW_SELF_REGISTER=true -MG_USERS_DELETE_INTERVAL=24h -MG_USERS_DELETE_AFTER=720h +SMQ_USERS_LOG_LEVEL=debug +SMQ_USERS_SECRET_KEY=HyE2D4RUt9nnKG6v8zKEqAp6g6ka8hhZsqUpzgKvnwpXrNVQSH +SMQ_USERS_ADMIN_EMAIL=admin@example.com +SMQ_USERS_ADMIN_PASSWORD=12345678 +SMQ_USERS_ADMIN_USERNAME=admin +SMQ_USERS_ADMIN_FIRST_NAME=super +SMQ_USERS_ADMIN_LAST_NAME=admin +SMQ_USERS_PASS_REGEX=^.{8,}$ +SMQ_USERS_ACCESS_TOKEN_DURATION=15m +SMQ_USERS_REFRESH_TOKEN_DURATION=24h +SMQ_TOKEN_RESET_ENDPOINT=/reset-request +SMQ_USERS_HTTP_HOST=users +SMQ_USERS_HTTP_PORT=9002 +SMQ_USERS_HTTP_SERVER_CERT= +SMQ_USERS_HTTP_SERVER_KEY= +SMQ_USERS_DB_HOST=users-db +SMQ_USERS_DB_PORT=5432 +SMQ_USERS_DB_USER=supermq +SMQ_USERS_DB_PASS=supermq +SMQ_USERS_DB_NAME=users +SMQ_USERS_DB_SSL_MODE=disable +SMQ_USERS_DB_SSL_CERT= +SMQ_USERS_DB_SSL_KEY= +SMQ_USERS_DB_SSL_ROOT_CERT= +SMQ_USERS_RESET_PWD_TEMPLATE=users.tmpl +SMQ_USERS_INSTANCE_ID= +SMQ_USERS_SECRET_KEY=HyE2D4RUt9nnKG6v8zKEqAp6g6ka8hhZsqUpzgKvnwpXrNVQSH +SMQ_USERS_ADMIN_EMAIL=admin@example.com +SMQ_USERS_ADMIN_PASSWORD=12345678 +SMQ_USERS_PASS_REGEX=^.{8,}$ +SMQ_USERS_ACCESS_TOKEN_DURATION=15m +SMQ_USERS_REFRESH_TOKEN_DURATION=24h +SMQ_TOKEN_RESET_ENDPOINT=/reset-request +SMQ_USERS_ALLOW_SELF_REGISTER=true +SMQ_OAUTH_UI_REDIRECT_URL=http://localhost:9095${SMQ_UI_PATH_PREFIX}/tokens/secure +SMQ_OAUTH_UI_ERROR_URL=http://localhost:9095${SMQ_UI_PATH_PREFIX}/error +SMQ_USERS_DELETE_INTERVAL=24h +SMQ_USERS_DELETE_AFTER=720h + +#### Users Client Config +SMQ_USERS_URL=users:9002 ### Email utility -MG_EMAIL_HOST=smtp.mailtrap.io -MG_EMAIL_PORT=2525 -MG_EMAIL_USERNAME=18bf7f70705139 -MG_EMAIL_PASSWORD=2b0d302e775b1e -MG_EMAIL_FROM_ADDRESS=from@example.com -MG_EMAIL_FROM_NAME=Example -MG_EMAIL_TEMPLATE=email.tmpl +SMQ_EMAIL_HOST=smtp.mailtrap.io +SMQ_EMAIL_PORT=2525 +SMQ_EMAIL_USERNAME=18bf7f70705139 +SMQ_EMAIL_PASSWORD=2b0d302e775b1e +SMQ_EMAIL_FROM_ADDRESS=from@example.com +SMQ_EMAIL_FROM_NAME=Example +SMQ_EMAIL_TEMPLATE=email.tmpl ### Google OAuth2 -MG_GOOGLE_CLIENT_ID= -MG_GOOGLE_CLIENT_SECRET= -MG_GOOGLE_REDIRECT_URL= -MG_GOOGLE_STATE= - -### Things -MG_THINGS_LOG_LEVEL=debug -MG_THINGS_STANDALONE_ID= -MG_THINGS_STANDALONE_TOKEN= -MG_THINGS_CACHE_KEY_DURATION=10m -MG_THINGS_HTTP_HOST=things -MG_THINGS_HTTP_PORT=9000 -MG_THINGS_AUTH_GRPC_HOST=things -MG_THINGS_AUTH_GRPC_PORT=7000 -MG_THINGS_AUTH_GRPC_SERVER_CERT=${GRPC_MTLS:+./ssl/certs/things-grpc-server.crt}${GRPC_TLS:+./ssl/certs/things-grpc-server.crt} -MG_THINGS_AUTH_GRPC_SERVER_KEY=${GRPC_MTLS:+./ssl/certs/things-grpc-server.key}${GRPC_TLS:+./ssl/certs/things-grpc-server.key} -MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt}${GRPC_TLS:+./ssl/certs/ca.crt} -MG_THINGS_CACHE_URL=redis://things-redis:${MG_REDIS_TCP_PORT}/0 -MG_THINGS_DB_HOST=things-db -MG_THINGS_DB_PORT=5432 -MG_THINGS_DB_USER=magistrala -MG_THINGS_DB_PASS=magistrala -MG_THINGS_DB_NAME=things -MG_THINGS_DB_SSL_MODE=disable -MG_THINGS_DB_SSL_CERT= -MG_THINGS_DB_SSL_KEY= -MG_THINGS_DB_SSL_ROOT_CERT= -MG_THINGS_INSTANCE_ID= - -#### Things Client Config -MG_THINGS_URL=http://things:9000 -MG_THINGS_AUTH_GRPC_URL=things:7000 -MG_THINGS_AUTH_GRPC_TIMEOUT=1s -MG_THINGS_AUTH_GRPC_CLIENT_CERT=${GRPC_MTLS:+./ssl/certs/things-grpc-client.crt} -MG_THINGS_AUTH_GRPC_CLIENT_KEY=${GRPC_MTLS:+./ssl/certs/things-grpc-client.key} -MG_THINGS_AUTH_GRPC_CLIENT_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt} +SMQ_GOOGLE_CLIENT_ID= +SMQ_GOOGLE_CLIENT_SECRET= +SMQ_GOOGLE_REDIRECT_URL= +SMQ_GOOGLE_STATE= + +### Groups +SMQ_GROUPS_LOG_LEVEL=debug +SMQ_GROUPS_HTTP_HOST=groups +SMQ_GROUPS_HTTP_PORT=9004 +SMQ_GROUPS_HTTP_SERVER_CERT= +SMQ_GROUPS_HTTP_SERVER_KEY= +SMQ_GROUPS_GRPC_HOST=groups +SMQ_GROUPS_GRPC_PORT=7004 +SMQ_GROUPS_GRPC_SERVER_CERT=${GRPC_MTLS:+./ssl/certs/groups-grpc-server.crt}${GRPC_TLS:+./ssl/certs/groups-grpc-server.crt} +SMQ_GROUPS_GRPC_SERVER_KEY=${GRPC_MTLS:+./ssl/certs/groups-grpc-server.key}${GRPC_TLS:+./ssl/certs/groups-grpc-server.key} +SMQ_GROUPS_GRPC_SERVER_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt}${GRPC_TLS:+./ssl/certs/ca.crt} +SMQ_GROUPS_DB_HOST=groups-db +SMQ_GROUPS_DB_PORT=5432 +SMQ_GROUPS_DB_USER=supermq +SMQ_GROUPS_DB_PASS=supermq +SMQ_GROUPS_DB_NAME=groups +SMQ_GROUPS_DB_SSL_MODE=disable +SMQ_GROUPS_DB_SSL_CERT= +SMQ_GROUPS_DB_SSL_KEY= +SMQ_GROUPS_DB_SSL_ROOT_CERT= +SMQ_GROUPS_INSTANCE_ID= + +#### Groups Client Config +SMQ_GROUPS_URL=groups:9004 +SMQ_GROUPS_GRPC_URL=groups:7004 +SMQ_GROUPS_GRPC_TIMEOUT=300s +SMQ_GROUPS_GRPC_CLIENT_CERT=${GRPC_MTLS:+./ssl/certs/groups-grpc-client.crt} +SMQ_GROUPS_GRPC_CLIENT_KEY=${GRPC_MTLS:+./ssl/certs/groups-grpc-client.key} +SMQ_GROUPS_GRPC_CLIENT_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt} + +### Clients +SMQ_CLIENTS_LOG_LEVEL=debug +SMQ_CLIENTS_STANDALONE_ID= +SMQ_CLIENTS_STANDALONE_TOKEN= +SMQ_CLIENTS_CACHE_KEY_DURATION=10m +SMQ_CLIENTS_HTTP_HOST=clients +SMQ_CLIENTS_HTTP_PORT=9006 +SMQ_CLIENTS_AUTH_GRPC_HOST=clients +SMQ_CLIENTS_AUTH_GRPC_PORT=7006 +SMQ_CLIENTS_AUTH_GRPC_SERVER_CERT=${GRPC_MTLS:+./ssl/certs/clients-grpc-server.crt}${GRPC_TLS:+./ssl/certs/clients-grpc-server.crt} +SMQ_CLIENTS_AUTH_GRPC_SERVER_KEY=${GRPC_MTLS:+./ssl/certs/clients-grpc-server.key}${GRPC_TLS:+./ssl/certs/clients-grpc-server.key} +SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt}${GRPC_TLS:+./ssl/certs/ca.crt} +SMQ_CLIENTS_CACHE_URL=redis://clients-redis:${SMQ_REDIS_TCP_PORT}/0 +SMQ_CLIENTS_DB_HOST=clients-db +SMQ_CLIENTS_DB_PORT=5432 +SMQ_CLIENTS_DB_USER=supermq +SMQ_CLIENTS_DB_PASS=supermq +SMQ_CLIENTS_DB_NAME=clients +SMQ_CLIENTS_DB_SSL_MODE=disable +SMQ_CLIENTS_DB_SSL_CERT= +SMQ_CLIENTS_DB_SSL_KEY= +SMQ_CLIENTS_DB_SSL_ROOT_CERT= +SMQ_CLIENTS_INSTANCE_ID= + +#### Clients Client Config +SMQ_CLIENTS_URL=http://clients:9006 +SMQ_CLIENTS_AUTH_GRPC_URL=clients:7006 +SMQ_CLIENTS_AUTH_GRPC_TIMEOUT=1s +SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT=${GRPC_MTLS:+./ssl/certs/clients-grpc-client.crt} +SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY=${GRPC_MTLS:+./ssl/certs/clients-grpc-client.key} +SMQ_CLIENTS_AUTH_GRPC_CLIENT_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt} + +### Channels +SMQ_CHANNELS_LOG_LEVEL=debug +SMQ_CHANNELS_HTTP_HOST=channels +SMQ_CHANNELS_HTTP_PORT=9005 +SMQ_CHANNELS_GRPC_HOST=channels +SMQ_CHANNELS_GRPC_PORT=7005 +SMQ_CHANNELS_GRPC_SERVER_CERT=${GRPC_MTLS:+./ssl/certs/channels-grpc-server.crt}${GRPC_TLS:+./ssl/certs/channels-grpc-server.crt} +SMQ_CHANNELS_GRPC_SERVER_KEY=${GRPC_MTLS:+./ssl/certs/channels-grpc-server.key}${GRPC_TLS:+./ssl/certs/channels-grpc-server.key} +SMQ_CHANNELS_GRPC_SERVER_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt}${GRPC_TLS:+./ssl/certs/ca.crt} +SMQ_CHANNELS_DB_HOST=channels-db +SMQ_CHANNELS_DB_PORT=5432 +SMQ_CHANNELS_DB_USER=supermq +SMQ_CHANNELS_DB_PASS=supermq +SMQ_CHANNELS_DB_NAME=channels +SMQ_CHANNELS_DB_SSL_MODE=disable +SMQ_CHANNELS_DB_SSL_CERT= +SMQ_CHANNELS_DB_SSL_KEY= +SMQ_CHANNELS_DB_SSL_ROOT_CERT= +SMQ_CHANNELS_INSTANCE_ID= + +#### Channels Client Config +SMQ_CHANNELS_URL=http://channels:9005 +SMQ_CHANNELS_GRPC_URL=channels:7005 +SMQ_CHANNELS_GRPC_TIMEOUT=1s +SMQ_CHANNELS_GRPC_CLIENT_CERT=${GRPC_MTLS:+./ssl/certs/channels-grpc-client.crt} +SMQ_CHANNELS_GRPC_CLIENT_KEY=${GRPC_MTLS:+./ssl/certs/channels-grpc-client.key} +SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt} + +### HTTP +SMQ_HTTP_ADAPTER_LOG_LEVEL=debug +SMQ_HTTP_ADAPTER_HOST=http-adapter +SMQ_HTTP_ADAPTER_PORT=8008 +SMQ_HTTP_ADAPTER_SERVER_CERT= +SMQ_HTTP_ADAPTER_SERVER_KEY= +SMQ_HTTP_ADAPTER_INSTANCE_ID= ### HTTP MG_HTTP_ADAPTER_LOG_LEVEL=debug @@ -205,13 +361,151 @@ MG_HTTP_ADAPTER_SERVER_KEY= MG_HTTP_ADAPTER_INSTANCE_ID= ### MQTT -MG_MQTT_ADAPTER_LOG_LEVEL=debug -MG_MQTT_ADAPTER_MQTT_PORT=1883 -MG_MQTT_ADAPTER_FORWARDER_TIMEOUT=30s -MG_MQTT_ADAPTER_WS_PORT=8080 -MG_MQTT_ADAPTER_INSTANCE= -MG_MQTT_ADAPTER_INSTANCE_ID= -MG_MQTT_ADAPTER_ES_DB=0 +SMQ_MQTT_ADAPTER_LOG_LEVEL=debug +SMQ_MQTT_ADAPTER_MQTT_PORT=1883 +SMQ_MQTT_ADAPTER_FORWARDER_TIMEOUT=30s +SMQ_MQTT_ADAPTER_WS_PORT=8080 +SMQ_MQTT_ADAPTER_INSTANCE= +SMQ_MQTT_ADAPTER_INSTANCE_ID= +SMQ_MQTT_ADAPTER_ES_DB=0 + +### CoAP +SMQ_COAP_ADAPTER_LOG_LEVEL=debug +SMQ_COAP_ADAPTER_HOST=coap-adapter +SMQ_COAP_ADAPTER_PORT=5683 +SMQ_COAP_ADAPTER_SERVER_CERT= +SMQ_COAP_ADAPTER_SERVER_KEY= +SMQ_COAP_ADAPTER_HTTP_HOST=coap-adapter +SMQ_COAP_ADAPTER_HTTP_PORT=5683 +SMQ_COAP_ADAPTER_HTTP_SERVER_CERT= +SMQ_COAP_ADAPTER_HTTP_SERVER_KEY= +SMQ_COAP_ADAPTER_INSTANCE_ID= + +### WS +SMQ_WS_ADAPTER_LOG_LEVEL=debug +SMQ_WS_ADAPTER_HTTP_HOST=ws-adapter +SMQ_WS_ADAPTER_HTTP_PORT=8186 +SMQ_WS_ADAPTER_HTTP_SERVER_CERT= +SMQ_WS_ADAPTER_HTTP_SERVER_KEY= +SMQ_WS_ADAPTER_INSTANCE_ID= + +## Addons Services +### Vault +SMQ_VAULT_HOST=vault +SMQ_VAULT_PORT=8200 +SMQ_VAULT_ADDR=http://vault:8200 +SMQ_VAULT_NAMESPACE=supermq +SMQ_VAULT_UNSEAL_KEY_1= +SMQ_VAULT_UNSEAL_KEY_2= +SMQ_VAULT_UNSEAL_KEY_3= +SMQ_VAULT_TOKEN= + +SMQ_VAULT_PKI_PATH=pki +SMQ_VAULT_PKI_ROLE_NAME=supermq_int_ca +SMQ_VAULT_PKI_FILE_NAME=mg_root +SMQ_VAULT_PKI_CA_CN='SuperMQ Root Certificate Authority' +SMQ_VAULT_PKI_CA_OU='SuperMQ' +SMQ_VAULT_PKI_CA_O='SuperMQ' +SMQ_VAULT_PKI_CA_C='FRANCE' +SMQ_VAULT_PKI_CA_L='PARIS' +SMQ_VAULT_PKI_CA_ST='PARIS' +SMQ_VAULT_PKI_CA_ADDR='5 Av. Anatole' +SMQ_VAULT_PKI_CA_PO='75007' +SMQ_VAULT_PKI_CLUSTER_PATH=http://localhost +SMQ_VAULT_PKI_CLUSTER_AIA_PATH=http://localhost + +SMQ_VAULT_PKI_INT_PATH=pki_int +SMQ_VAULT_PKI_INT_SERVER_CERTS_ROLE_NAME=supermq_server_certs +SMQ_VAULT_PKI_INT_CLIENTS_CERTS_ROLE_NAME=supermq_clients_certs +SMQ_VAULT_PKI_INT_FILE_NAME=mg_int +SMQ_VAULT_PKI_INT_CA_CN='SuperMQ Intermediate Certificate Authority' +SMQ_VAULT_PKI_INT_CA_OU='SuperMQ' +SMQ_VAULT_PKI_INT_CA_O='SuperMQ' +SMQ_VAULT_PKI_INT_CA_C='FRANCE' +SMQ_VAULT_PKI_INT_CA_L='PARIS' +SMQ_VAULT_PKI_INT_CA_ST='PARIS' +SMQ_VAULT_PKI_INT_CA_ADDR='5 Av. Anatole' +SMQ_VAULT_PKI_INT_CA_PO='75007' +SMQ_VAULT_PKI_INT_CLUSTER_PATH=http://localhost +SMQ_VAULT_PKI_INT_CLUSTER_AIA_PATH=http://localhost + +SMQ_VAULT_CLIENTS_CERTS_ISSUER_ROLEID=supermq +SMQ_VAULT_CLIENTS_CERTS_ISSUER_SECRET=supermq + +# Certs +SMQ_CERTS_LOG_LEVEL=debug +SMQ_CERTS_SIGN_CA_PATH=/etc/ssl/certs/ca.crt +SMQ_CERTS_SIGN_CA_KEY_PATH=/etc/ssl/certs/ca.key +SMQ_CERTS_VAULT_HOST=${SMQ_VAULT_ADDR} +SMQ_CERTS_VAULT_NAMESPACE=${SMQ_VAULT_NAMESPACE} +SMQ_CERTS_VAULT_APPROLE_ROLEID=${SMQ_VAULT_CLIENTS_CERTS_ISSUER_ROLEID} +SMQ_CERTS_VAULT_APPROLE_SECRET=${SMQ_VAULT_CLIENTS_CERTS_ISSUER_SECRET} +SMQ_CERTS_VAULT_CLIENTS_CERTS_PKI_PATH=${SMQ_VAULT_PKI_INT_PATH} +SMQ_CERTS_VAULT_CLIENTS_CERTS_PKI_ROLE_NAME=${SMQ_VAULT_PKI_INT_CLIENTS_CERTS_ROLE_NAME} +SMQ_CERTS_HTTP_HOST=certs +SMQ_CERTS_HTTP_PORT=9019 +SMQ_CERTS_HTTP_SERVER_CERT= +SMQ_CERTS_HTTP_SERVER_KEY= +SMQ_CERTS_GRPC_HOST= +SMQ_CERTS_GRPC_PORT= +SMQ_CERTS_DB_HOST=am-certs-db +SMQ_CERTS_DB_PORT=5432 +SMQ_CERTS_DB_USER=supermq +SMQ_CERTS_DB_PASS=supermq +SMQ_CERTS_DB_NAME=certs +SMQ_CERTS_DB_SSL_MODE= +SMQ_CERTS_DB_SSL_CERT= +SMQ_CERTS_DB_SSL_KEY= +SMQ_CERTS_DB_SSL_ROOT_CERT= +SMQ_CERTS_INSTANCE_ID= +SMQ_CERTS_SDK_HOST=http://supermq-am-certs +SMQ_CERTS_SDK_CERTS_URL=${SMQ_CERTS_SDK_HOST}:9010 +SMQ_CERTS_SDK_TLS_VERIFICATION=false + +### Postgres +SMQ_POSTGRES_HOST=supermq-postgres +SMQ_POSTGRES_PORT=5432 +SMQ_POSTGRES_USER=supermq +SMQ_POSTGRES_PASS=supermq +SMQ_POSTGRES_NAME=messages +SMQ_POSTGRES_SSL_MODE=disable +SMQ_POSTGRES_SSL_CERT= +SMQ_POSTGRES_SSL_KEY= +SMQ_POSTGRES_SSL_ROOT_CERT= + +### Timescale +SMQ_TIMESCALE_HOST=supermq-timescale +SMQ_TIMESCALE_PORT=5432 +SMQ_TIMESCALE_USER=supermq +SMQ_TIMESCALE_PASS=supermq +SMQ_TIMESCALE_NAME=supermq +SMQ_TIMESCALE_SSL_MODE=disable +SMQ_TIMESCALE_SSL_CERT= +SMQ_TIMESCALE_SSL_KEY= +SMQ_TIMESCALE_SSL_ROOT_CERT= + +### Journal +SMQ_JOURNAL_LOG_LEVEL=info +SMQ_JOURNAL_HTTP_HOST=journal +SMQ_JOURNAL_HTTP_PORT=9021 +SMQ_JOURNAL_HTTP_SERVER_CERT= +SMQ_JOURNAL_HTTP_SERVER_KEY= +SMQ_JOURNAL_DB_HOST=journal-db +SMQ_JOURNAL_DB_PORT=5432 +SMQ_JOURNAL_DB_USER=supermq +SMQ_JOURNAL_DB_PASS=supermq +SMQ_JOURNAL_DB_NAME=journal +SMQ_JOURNAL_DB_SSL_MODE=disable +SMQ_JOURNAL_DB_SSL_CERT= +SMQ_JOURNAL_DB_SSL_KEY= +SMQ_JOURNAL_DB_SSL_ROOT_CERT= +SMQ_JOURNAL_INSTANCE_ID= + +### GRAFANA and PROMETHEUS +SMQ_PROMETHEUS_PORT=9090 +SMQ_GRAFANA_PORT=3000 +SMQ_GRAFANA_ADMIN_USER=supermq +SMQ_GRAFANA_ADMIN_PASSWORD=supermq # Docker image tag -MG_RELEASE_TAG="v0.15.1" +SMQ_RELEASE_TAG="v0.15.1" diff --git a/docker/compose.yaml b/docker/compose.yaml index d1b3005..e38b05d 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -1,157 +1,361 @@ -name: "magistrala" +name: "supermq" networks: - magistrala-base-net: + supermq-base-net: driver: bridge volumes: - magistrala-users-db-volume: - magistrala-things-db-volume: - magistrala-things-redis-volume: - magistrala-broker-volume: - magistrala-mqtt-broker-volume: - magistrala-spicedb-db-volume: - magistrala-auth-db-volume: + supermq-users-db-volume: + supermq-groups-db-volume: + supermq-clients-db-volume: + supermq-channels-db-volume: + supermq-clients-redis-volume: + supermq-broker-volume: + supermq-mqtt-broker-volume: + supermq-spicedb-db-volume: + supermq-auth-db-volume: + supermq-pat-db-volume: + supermq-domains-db-volume: + supermq-domains-redis-volume: + supermq-invitations-db-volume: + supermq-ui-db-volume: services: spicedb: - image: "authzed/spicedb:v1.30.0" - container_name: magistrala-spicedb + image: "authzed/spicedb:v1.37.0" + container_name: supermq-spicedb command: "serve" restart: "always" networks: - - magistrala-base-net + - supermq-base-net ports: - "8080:8080" - "9091:9090" - "50051:50051" environment: - SPICEDB_GRPC_PRESHARED_KEY: ${MG_SPICEDB_PRE_SHARED_KEY} - SPICEDB_DATASTORE_ENGINE: ${MG_SPICEDB_DATASTORE_ENGINE} - SPICEDB_DATASTORE_CONN_URI: "${MG_SPICEDB_DATASTORE_ENGINE}://${MG_SPICEDB_DB_USER}:${MG_SPICEDB_DB_PASS}@spicedb-db:${MG_SPICEDB_DB_PORT}/${MG_SPICEDB_DB_NAME}?sslmode=disable" + SPICEDB_GRPC_PRESHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY} + SPICEDB_DATASTORE_ENGINE: ${SMQ_SPICEDB_DATASTORE_ENGINE} + SPICEDB_DATASTORE_CONN_URI: "${SMQ_SPICEDB_DATASTORE_ENGINE}://${SMQ_SPICEDB_DB_USER}:${SMQ_SPICEDB_DB_PASS}@spicedb-db:${SMQ_SPICEDB_DB_PORT}/${SMQ_SPICEDB_DB_NAME}?sslmode=disable" depends_on: - spicedb-migrate spicedb-migrate: - image: "authzed/spicedb:v1.30.0" - container_name: magistrala-spicedb-migrate + image: "authzed/spicedb:v1.37.0" + container_name: supermq-spicedb-migrate command: "migrate head" restart: "on-failure" networks: - - magistrala-base-net + - supermq-base-net environment: - SPICEDB_DATASTORE_ENGINE: ${MG_SPICEDB_DATASTORE_ENGINE} - SPICEDB_DATASTORE_CONN_URI: "${MG_SPICEDB_DATASTORE_ENGINE}://${MG_SPICEDB_DB_USER}:${MG_SPICEDB_DB_PASS}@spicedb-db:${MG_SPICEDB_DB_PORT}/${MG_SPICEDB_DB_NAME}?sslmode=disable" + SPICEDB_DATASTORE_ENGINE: ${SMQ_SPICEDB_DATASTORE_ENGINE} + SPICEDB_DATASTORE_CONN_URI: "${SMQ_SPICEDB_DATASTORE_ENGINE}://${SMQ_SPICEDB_DB_USER}:${SMQ_SPICEDB_DB_PASS}@spicedb-db:${SMQ_SPICEDB_DB_PORT}/${SMQ_SPICEDB_DB_NAME}?sslmode=disable" depends_on: - spicedb-db spicedb-db: image: "postgres:16.2-alpine" - container_name: magistrala-spicedb-db + container_name: supermq-spicedb-db networks: - - magistrala-base-net + - supermq-base-net ports: - "6010:5432" environment: - POSTGRES_USER: ${MG_SPICEDB_DB_USER} - POSTGRES_PASSWORD: ${MG_SPICEDB_DB_PASS} - POSTGRES_DB: ${MG_SPICEDB_DB_NAME} + POSTGRES_USER: ${SMQ_SPICEDB_DB_USER} + POSTGRES_PASSWORD: ${SMQ_SPICEDB_DB_PASS} + POSTGRES_DB: ${SMQ_SPICEDB_DB_NAME} volumes: - - magistrala-spicedb-db-volume:/var/lib/postgresql/data + - supermq-spicedb-db-volume:/var/lib/postgresql/data + command: ["postgres", "-c", "track_commit_timestamp=on"] auth-db: image: postgres:16.2-alpine - container_name: magistrala-auth-db + container_name: supermq-auth-db restart: on-failure ports: - - 6004:5432 + - 6001:5432 environment: - POSTGRES_USER: ${MG_AUTH_DB_USER} - POSTGRES_PASSWORD: ${MG_AUTH_DB_PASS} - POSTGRES_DB: ${MG_AUTH_DB_NAME} + POSTGRES_USER: ${SMQ_AUTH_DB_USER} + POSTGRES_PASSWORD: ${SMQ_AUTH_DB_PASS} + POSTGRES_DB: ${SMQ_AUTH_DB_NAME} networks: - - magistrala-base-net + - supermq-base-net volumes: - - magistrala-auth-db-volume:/var/lib/postgresql/data + - supermq-auth-db-volume:/var/lib/postgresql/data auth: - image: magistrala/auth:${MG_RELEASE_TAG} - container_name: magistrala-auth + image: supermq/auth:${SMQ_RELEASE_TAG} + container_name: supermq-auth depends_on: - auth-db - spicedb expose: - - ${MG_AUTH_GRPC_PORT} + - ${SMQ_AUTH_GRPC_PORT} restart: on-failure environment: - MG_AUTH_LOG_LEVEL: ${MG_AUTH_LOG_LEVEL} - MG_SPICEDB_SCHEMA_FILE: ${MG_SPICEDB_SCHEMA_FILE} - MG_SPICEDB_PRE_SHARED_KEY: ${MG_SPICEDB_PRE_SHARED_KEY} - MG_SPICEDB_HOST: ${MG_SPICEDB_HOST} - MG_SPICEDB_PORT: ${MG_SPICEDB_PORT} - MG_AUTH_ACCESS_TOKEN_DURATION: ${MG_AUTH_ACCESS_TOKEN_DURATION} - MG_AUTH_REFRESH_TOKEN_DURATION: ${MG_AUTH_REFRESH_TOKEN_DURATION} - MG_AUTH_INVITATION_DURATION: ${MG_AUTH_INVITATION_DURATION} - MG_AUTH_SECRET_KEY: ${MG_AUTH_SECRET_KEY} - MG_AUTH_HTTP_HOST: ${MG_AUTH_HTTP_HOST} - MG_AUTH_HTTP_PORT: ${MG_AUTH_HTTP_PORT} - MG_AUTH_HTTP_SERVER_CERT: ${MG_AUTH_HTTP_SERVER_CERT} - MG_AUTH_HTTP_SERVER_KEY: ${MG_AUTH_HTTP_SERVER_KEY} - MG_AUTH_GRPC_HOST: ${MG_AUTH_GRPC_HOST} - MG_AUTH_GRPC_PORT: ${MG_AUTH_GRPC_PORT} + SMQ_AUTH_LOG_LEVEL: ${SMQ_AUTH_LOG_LEVEL} + SMQ_SPICEDB_SCHEMA_FILE: ${SMQ_SPICEDB_SCHEMA_FILE} + SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY} + SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST} + SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT} + SMQ_AUTH_ACCESS_TOKEN_DURATION: ${SMQ_AUTH_ACCESS_TOKEN_DURATION} + SMQ_AUTH_REFRESH_TOKEN_DURATION: ${SMQ_AUTH_REFRESH_TOKEN_DURATION} + SMQ_AUTH_INVITATION_DURATION: ${SMQ_AUTH_INVITATION_DURATION} + SMQ_AUTH_SECRET_KEY: ${SMQ_AUTH_SECRET_KEY} + SMQ_AUTH_HTTP_HOST: ${SMQ_AUTH_HTTP_HOST} + SMQ_AUTH_HTTP_PORT: ${SMQ_AUTH_HTTP_PORT} + SMQ_AUTH_HTTP_SERVER_CERT: ${SMQ_AUTH_HTTP_SERVER_CERT} + SMQ_AUTH_HTTP_SERVER_KEY: ${SMQ_AUTH_HTTP_SERVER_KEY} + SMQ_AUTH_GRPC_HOST: ${SMQ_AUTH_GRPC_HOST} + SMQ_AUTH_GRPC_PORT: ${SMQ_AUTH_GRPC_PORT} ## Compose supports parameter expansion in environment, ## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty ## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default - MG_AUTH_GRPC_SERVER_CERT: ${MG_AUTH_GRPC_SERVER_CERT:+/auth-grpc-server.crt} - MG_AUTH_GRPC_SERVER_KEY: ${MG_AUTH_GRPC_SERVER_KEY:+/auth-grpc-server.key} - MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} - MG_AUTH_GRPC_CLIENT_CA_CERTS: ${MG_AUTH_GRPC_CLIENT_CA_CERTS:+/auth-grpc-client-ca.crt} - MG_AUTH_DB_HOST: ${MG_AUTH_DB_HOST} - MG_AUTH_DB_PORT: ${MG_AUTH_DB_PORT} - MG_AUTH_DB_USER: ${MG_AUTH_DB_USER} - MG_AUTH_DB_PASS: ${MG_AUTH_DB_PASS} - MG_AUTH_DB_NAME: ${MG_AUTH_DB_NAME} - MG_AUTH_DB_SSL_MODE: ${MG_AUTH_DB_SSL_MODE} - MG_AUTH_DB_SSL_CERT: ${MG_AUTH_DB_SSL_CERT} - MG_AUTH_DB_SSL_KEY: ${MG_AUTH_DB_SSL_KEY} - MG_AUTH_DB_SSL_ROOT_CERT: ${MG_AUTH_DB_SSL_ROOT_CERT} - MG_JAEGER_URL: ${MG_JAEGER_URL} - MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO} - MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY} - MG_AUTH_ADAPTER_INSTANCE_ID: ${MG_AUTH_ADAPTER_INSTANCE_ID} - MG_ES_URL: ${MG_ES_URL} + SMQ_AUTH_GRPC_SERVER_CERT: ${SMQ_AUTH_GRPC_SERVER_CERT:+/auth-grpc-server.crt} + SMQ_AUTH_GRPC_SERVER_KEY: ${SMQ_AUTH_GRPC_SERVER_KEY:+/auth-grpc-server.key} + SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} + SMQ_AUTH_GRPC_CLIENT_CA_CERTS: ${SMQ_AUTH_GRPC_CLIENT_CA_CERTS:+/auth-grpc-client-ca.crt} + SMQ_AUTH_DB_HOST: ${SMQ_AUTH_DB_HOST} + SMQ_AUTH_DB_PORT: ${SMQ_AUTH_DB_PORT} + SMQ_AUTH_DB_USER: ${SMQ_AUTH_DB_USER} + SMQ_AUTH_DB_PASS: ${SMQ_AUTH_DB_PASS} + SMQ_AUTH_DB_NAME: ${SMQ_AUTH_DB_NAME} + SMQ_AUTH_DB_SSL_MODE: ${SMQ_AUTH_DB_SSL_MODE} + SMQ_AUTH_DB_SSL_CERT: ${SMQ_AUTH_DB_SSL_CERT} + SMQ_AUTH_DB_SSL_KEY: ${SMQ_AUTH_DB_SSL_KEY} + SMQ_AUTH_DB_SSL_ROOT_CERT: ${SMQ_AUTH_DB_SSL_ROOT_CERT} + SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} + SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} + SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} + SMQ_AUTH_ADAPTER_INSTANCE_ID: ${SMQ_AUTH_ADAPTER_INSTANCE_ID} + SMQ_ES_URL: ${SMQ_ES_URL} ports: - - ${MG_AUTH_HTTP_PORT}:${MG_AUTH_HTTP_PORT} - - ${MG_AUTH_GRPC_PORT}:${MG_AUTH_GRPC_PORT} + - ${SMQ_AUTH_HTTP_PORT}:${SMQ_AUTH_HTTP_PORT} + - ${SMQ_AUTH_GRPC_PORT}:${SMQ_AUTH_GRPC_PORT} networks: - - magistrala-base-net + - supermq-base-net volumes: - - ./spicedb/schema.zed:${MG_SPICEDB_SCHEMA_FILE} + - ./spicedb/schema.zed:${SMQ_SPICEDB_SCHEMA_FILE} + - supermq-pat-db-volume:/supermq-data # Auth gRPC mTLS server certificates - type: bind - source: ${MG_AUTH_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert} - target: /auth-grpc-server${MG_AUTH_GRPC_SERVER_CERT:+.crt} + source: ${SMQ_AUTH_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert} + target: /auth-grpc-server${SMQ_AUTH_GRPC_SERVER_CERT:+.crt} bind: create_host_path: true - type: bind - source: ${MG_AUTH_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key} - target: /auth-grpc-server${MG_AUTH_GRPC_SERVER_KEY:+.key} + source: ${SMQ_AUTH_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key} + target: /auth-grpc-server${SMQ_AUTH_GRPC_SERVER_KEY:+.key} bind: create_host_path: true - type: bind - source: ${MG_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs} - target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt} + source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs} + target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true - type: bind - source: ${MG_AUTH_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs} - target: /auth-grpc-client-ca${MG_AUTH_GRPC_CLIENT_CA_CERTS:+.crt} + source: ${SMQ_AUTH_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs} + target: /auth-grpc-client-ca${SMQ_AUTH_GRPC_CLIENT_CA_CERTS:+.crt} + bind: + create_host_path: true + + domains-db: + image: postgres:16.2-alpine + container_name: supermq-domains-db + restart: on-failure + ports: + - 6003:5432 + environment: + POSTGRES_USER: ${SMQ_DOMAINS_DB_USER} + POSTGRES_PASSWORD: ${SMQ_DOMAINS_DB_PASS} + POSTGRES_DB: ${SMQ_DOMAINS_DB_NAME} + networks: + - supermq-base-net + volumes: + - supermq-domains-db-volume:/var/lib/postgresql/data + + domains-redis: + image: redis:7.2.4-alpine + container_name: supermq-domains-redis + restart: on-failure + networks: + - supermq-base-net + volumes: + - supermq-domains-redis-volume:/data + + domains: + image: supermq/domains:${SMQ_RELEASE_TAG} + container_name: supermq-domains + depends_on: + - domains-db + - spicedb + expose: + - ${SMQ_DOMAINS_GRPC_PORT} + restart: on-failure + environment: + SMQ_DOMAINS_LOG_LEVEL: ${SMQ_DOMAINS_LOG_LEVEL} + SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY} + SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST} + SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT} + SMQ_SPICEDB_SCHEMA_FILE: ${SMQ_SPICEDB_SCHEMA_FILE} + SMQ_DOMAINS_HTTP_HOST: ${SMQ_DOMAINS_HTTP_HOST} + SMQ_DOMAINS_HTTP_PORT: ${SMQ_DOMAINS_HTTP_PORT} + SMQ_DOMAINS_HTTP_SERVER_CERT: ${SMQ_DOMAINS_HTTP_SERVER_CERT} + SMQ_DOMAINS_HTTP_SERVER_KEY: ${SMQ_DOMAINS_HTTP_SERVER_KEY} + SMQ_DOMAINS_GRPC_HOST: ${SMQ_DOMAINS_GRPC_HOST} + SMQ_DOMAINS_GRPC_PORT: ${SMQ_DOMAINS_GRPC_PORT} + ## Compose supports parameter expansion in environment, + ## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty + ## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default + SMQ_DOMAINS_GRPC_SERVER_CERT: ${SMQ_DOMAINS_GRPC_SERVER_CERT:+/auth-grpc-server.crt} + SMQ_DOMAINS_GRPC_SERVER_KEY: ${SMQ_DOMAINS_GRPC_SERVER_KEY:+/auth-grpc-server.key} + SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} + SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS: ${SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS:+/auth-grpc-client-ca.crt} + SMQ_DOMAINS_DB_HOST: ${SMQ_DOMAINS_DB_HOST} + SMQ_DOMAINS_DB_PORT: ${SMQ_DOMAINS_DB_PORT} + SMQ_DOMAINS_DB_USER: ${SMQ_DOMAINS_DB_USER} + SMQ_DOMAINS_DB_PASS: ${SMQ_DOMAINS_DB_PASS} + SMQ_DOMAINS_DB_NAME: ${SMQ_DOMAINS_DB_NAME} + SMQ_DOMAINS_DB_SSL_MODE: ${SMQ_DOMAINS_DB_SSL_MODE} + SMQ_DOMAINS_DB_SSL_CERT: ${SMQ_DOMAINS_DB_SSL_CERT} + SMQ_DOMAINS_DB_SSL_KEY: ${SMQ_DOMAINS_DB_SSL_KEY} + SMQ_DOMAINS_DB_SSL_ROOT_CERT: ${SMQ_DOMAINS_DB_SSL_ROOT_CERT} + SMQ_DOMAINS_INSTANCE_ID: ${SMQ_DOMAINS_INSTANCE_ID} + SMQ_ES_URL: ${SMQ_ES_URL} + SMQ_DOMAINS_CACHE_URL: ${SMQ_DOMAINS_CACHE_URL} + SMQ_DOMAINS_CACHE_KEY_DURATION: ${SMQ_DOMAINS_CACHE_KEY_DURATION} + SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL} + SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT} + SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt} + SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key} + SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} + SMQ_GROUPS_GRPC_URL: ${SMQ_GROUPS_GRPC_URL} + SMQ_GROUPS_GRPC_TIMEOUT: ${SMQ_GROUPS_GRPC_TIMEOUT} + SMQ_GROUPS_GRPC_CLIENT_CERT: ${SMQ_GROUPS_GRPC_CLIENT_CERT:+/groups-grpc-client.crt} + SMQ_GROUPS_GRPC_CLIENT_KEY: ${SMQ_GROUPS_GRPC_CLIENT_KEY:+/groups-grpc-client.key} + SMQ_GROUPS_GRPC_SERVER_CA_CERTS: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt} + SMQ_CHANNELS_URL: ${SMQ_CHANNELS_URL} + SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL} + SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT} + SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt} + SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key} + SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt} + SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL} + SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT} + SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt} + SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key} + SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt} + SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} + SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} + SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} + ports: + - ${SMQ_DOMAINS_HTTP_PORT}:${SMQ_DOMAINS_HTTP_PORT} + - ${SMQ_DOMAINS_GRPC_PORT}:${SMQ_DOMAINS_GRPC_PORT} + networks: + - supermq-base-net + volumes: + - ./spicedb/schema.zed:${SMQ_SPICEDB_SCHEMA_FILE} + # Auth gRPC mTLS server certificates + - type: bind + source: ${SMQ_DOMAINS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert} + target: /auth-grpc-server${SMQ_DOMAINS_GRPC_SERVER_CERT:+.crt} + bind: + create_host_path: true + - type: bind + source: ${SMQ_DOMAINS_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key} + target: /auth-grpc-server${SMQ_DOMAINS_GRPC_SERVER_KEY:+.key} + bind: + create_host_path: true + - type: bind + source: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs} + target: /auth-grpc-server-ca${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+.crt} + bind: + create_host_path: true + - type: bind + source: ${SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs} + target: /auth-grpc-client-ca${SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS:+.crt} + bind: + create_host_path: true + + invitations-db: + image: postgres:16.2-alpine + container_name: supermq-invitations-db + restart: on-failure + command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}" + environment: + POSTGRES_USER: ${SMQ_INVITATIONS_DB_USER} + POSTGRES_PASSWORD: ${SMQ_INVITATIONS_DB_PASS} + POSTGRES_DB: ${SMQ_INVITATIONS_DB_NAME} + SMQ_POSTGRES_MAX_CONNECTIONS: ${SMQ_POSTGRES_MAX_CONNECTIONS} + ports: + - 6021:5432 + networks: + - supermq-base-net + volumes: + - supermq-invitations-db-volume:/var/lib/postgresql/data + + invitations: + image: supermq/invitations:${SMQ_RELEASE_TAG} + container_name: supermq-invitations + restart: on-failure + depends_on: + - auth + - invitations-db + environment: + SMQ_INVITATIONS_LOG_LEVEL: ${SMQ_INVITATIONS_LOG_LEVEL} + SMQ_USERS_URL: ${SMQ_USERS_URL} + SMQ_DOMAINS_URL: ${SMQ_DOMAINS_URL} + SMQ_INVITATIONS_HTTP_HOST: ${SMQ_INVITATIONS_HTTP_HOST} + SMQ_INVITATIONS_HTTP_PORT: ${SMQ_INVITATIONS_HTTP_PORT} + SMQ_INVITATIONS_HTTP_SERVER_CERT: ${SMQ_INVITATIONS_HTTP_SERVER_CERT} + SMQ_INVITATIONS_HTTP_SERVER_KEY: ${SMQ_INVITATIONS_HTTP_SERVER_KEY} + SMQ_INVITATIONS_DB_HOST: ${SMQ_INVITATIONS_DB_HOST} + SMQ_INVITATIONS_DB_USER: ${SMQ_INVITATIONS_DB_USER} + SMQ_INVITATIONS_DB_PASS: ${SMQ_INVITATIONS_DB_PASS} + SMQ_INVITATIONS_DB_PORT: ${SMQ_INVITATIONS_DB_PORT} + SMQ_INVITATIONS_DB_NAME: ${SMQ_INVITATIONS_DB_NAME} + SMQ_INVITATIONS_DB_SSL_MODE: ${SMQ_INVITATIONS_DB_SSL_MODE} + SMQ_INVITATIONS_DB_SSL_CERT: ${SMQ_INVITATIONS_DB_SSL_CERT} + SMQ_INVITATIONS_DB_SSL_KEY: ${SMQ_INVITATIONS_DB_SSL_KEY} + SMQ_INVITATIONS_DB_SSL_ROOT_CERT: ${SMQ_INVITATIONS_DB_SSL_ROOT_CERT} + SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL} + SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT} + SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt} + SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key} + SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} + SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL} + SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT} + SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt} + SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key} + SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt} + SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} + SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} + SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} + SMQ_INVITATIONS_INSTANCE_ID: ${SMQ_INVITATIONS_INSTANCE_ID} + ports: + - ${SMQ_INVITATIONS_HTTP_PORT}:${SMQ_INVITATIONS_HTTP_PORT} + networks: + - supermq-base-net + volumes: + # Auth gRPC client certificates + - type: bind + source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} + target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt} + bind: + create_host_path: true + - type: bind + source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} + target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key} + bind: + create_host_path: true + - type: bind + source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} + target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true nginx: image: nginx:1.25.4-alpine - container_name: magistrala-nginx + container_name: supermq-nginx restart: on-failure volumes: - ./nginx/nginx-${AUTH-key}.conf:/etc/nginx/nginx.conf.template @@ -159,384 +363,904 @@ services: - ./nginx/snippets:/etc/nginx/snippets - ./ssl/authorization.js:/etc/nginx/authorization.js - type: bind - source: ${MG_NGINX_SERVER_CERT:-./ssl/certs/magistrala-server.crt} - target: /etc/ssl/certs/magistrala-server.crt + source: ${SMQ_NGINX_SERVER_CERT:-./ssl/certs/supermq-server.crt} + target: /etc/ssl/certs/supermq-server.crt - type: bind - source: ${MG_NGINX_SERVER_KEY:-./ssl/certs/magistrala-server.key} - target: /etc/ssl/private/magistrala-server.key + source: ${SMQ_NGINX_SERVER_KEY:-./ssl/certs/supermq-server.key} + target: /etc/ssl/private/supermq-server.key - type: bind - source: ${MG_NGINX_SERVER_CLIENT_CA:-./ssl/certs/ca.crt} + source: ${SMQ_NGINX_SERVER_CLIENT_CA:-./ssl/certs/ca.crt} target: /etc/ssl/certs/ca.crt - type: bind - source: ${MG_NGINX_SERVER_DHPARAM:-./ssl/dhparam.pem} + source: ${SMQ_NGINX_SERVER_DHPARAM:-./ssl/dhparam.pem} target: /etc/ssl/certs/dhparam.pem ports: - - ${MG_NGINX_HTTP_PORT}:${MG_NGINX_HTTP_PORT} - - ${MG_NGINX_SSL_PORT}:${MG_NGINX_SSL_PORT} - - ${MG_NGINX_MQTT_PORT}:${MG_NGINX_MQTT_PORT} - - ${MG_NGINX_MQTTS_PORT}:${MG_NGINX_MQTTS_PORT} + - ${SMQ_NGINX_HTTP_PORT}:${SMQ_NGINX_HTTP_PORT} + - ${SMQ_NGINX_SSL_PORT}:${SMQ_NGINX_SSL_PORT} + - ${SMQ_NGINX_MQTT_PORT}:${SMQ_NGINX_MQTT_PORT} + - ${SMQ_NGINX_MQTTS_PORT}:${SMQ_NGINX_MQTTS_PORT} networks: - - magistrala-base-net + - supermq-base-net env_file: - .env depends_on: - auth - - things + - clients - users - mqtt-adapter - http-adapter + - ws-adapter + - coap-adapter - things-db: + clients-db: image: postgres:16.2-alpine - container_name: magistrala-things-db + container_name: supermq-clients-db restart: on-failure - command: postgres -c "max_connections=${MG_POSTGRES_MAX_CONNECTIONS}" + command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}" environment: - POSTGRES_USER: ${MG_THINGS_DB_USER} - POSTGRES_PASSWORD: ${MG_THINGS_DB_PASS} - POSTGRES_DB: ${MG_THINGS_DB_NAME} - MG_POSTGRES_MAX_CONNECTIONS: ${MG_POSTGRES_MAX_CONNECTIONS} + POSTGRES_USER: ${SMQ_CLIENTS_DB_USER} + POSTGRES_PASSWORD: ${SMQ_CLIENTS_DB_PASS} + POSTGRES_DB: ${SMQ_CLIENTS_DB_NAME} + SMQ_POSTGRES_MAX_CONNECTIONS: ${SMQ_POSTGRES_MAX_CONNECTIONS} networks: - - magistrala-base-net + - supermq-base-net ports: - 6006:5432 volumes: - - magistrala-things-db-volume:/var/lib/postgresql/data + - supermq-clients-db-volume:/var/lib/postgresql/data - things-redis: + clients-redis: image: redis:7.2.4-alpine - container_name: magistrala-things-redis + container_name: supermq-clients-redis restart: on-failure networks: - - magistrala-base-net + - supermq-base-net volumes: - - magistrala-things-redis-volume:/data + - supermq-clients-redis-volume:/data - things: - image: magistrala/things:${MG_RELEASE_TAG} - container_name: magistrala-things + clients: + image: supermq/clients:${SMQ_RELEASE_TAG} + container_name: supermq-clients depends_on: - - things-db + - clients-db - users - auth - nats restart: on-failure environment: - MG_THINGS_LOG_LEVEL: ${MG_THINGS_LOG_LEVEL} - MG_THINGS_STANDALONE_ID: ${MG_THINGS_STANDALONE_ID} - MG_THINGS_STANDALONE_TOKEN: ${MG_THINGS_STANDALONE_TOKEN} - MG_THINGS_CACHE_KEY_DURATION: ${MG_THINGS_CACHE_KEY_DURATION} - MG_THINGS_HTTP_HOST: ${MG_THINGS_HTTP_HOST} - MG_THINGS_HTTP_PORT: ${MG_THINGS_HTTP_PORT} - MG_THINGS_AUTH_GRPC_HOST: ${MG_THINGS_AUTH_GRPC_HOST} - MG_THINGS_AUTH_GRPC_PORT: ${MG_THINGS_AUTH_GRPC_PORT} + SMQ_CLIENTS_LOG_LEVEL: ${SMQ_CLIENTS_LOG_LEVEL} + SMQ_CLIENTS_STANDALONE_ID: ${SMQ_CLIENTS_STANDALONE_ID} + SMQ_CLIENTS_STANDALONE_TOKEN: ${SMQ_CLIENTS_STANDALONE_TOKEN} + SMQ_CLIENTS_CACHE_KEY_DURATION: ${SMQ_CLIENTS_CACHE_KEY_DURATION} + SMQ_CLIENTS_HTTP_HOST: ${SMQ_CLIENTS_HTTP_HOST} + SMQ_CLIENTS_HTTP_PORT: ${SMQ_CLIENTS_HTTP_PORT} + SMQ_CLIENTS_AUTH_GRPC_HOST: ${SMQ_CLIENTS_AUTH_GRPC_HOST} + SMQ_CLIENTS_AUTH_GRPC_PORT: ${SMQ_CLIENTS_AUTH_GRPC_PORT} ## Compose supports parameter expansion in environment, ## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty ## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default - MG_THINGS_AUTH_GRPC_SERVER_CERT: ${MG_THINGS_AUTH_GRPC_SERVER_CERT:+/things-grpc-server.crt} - MG_THINGS_AUTH_GRPC_SERVER_KEY: ${MG_THINGS_AUTH_GRPC_SERVER_KEY:+/things-grpc-server.key} - MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS: ${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+/things-grpc-server-ca.crt} - MG_THINGS_AUTH_GRPC_CLIENT_CA_CERTS: ${MG_THINGS_AUTH_GRPC_CLIENT_CA_CERTS:+/things-grpc-client-ca.crt} - MG_ES_URL: ${MG_ES_URL} - MG_THINGS_CACHE_URL: ${MG_THINGS_CACHE_URL} - MG_THINGS_DB_HOST: ${MG_THINGS_DB_HOST} - MG_THINGS_DB_PORT: ${MG_THINGS_DB_PORT} - MG_THINGS_DB_USER: ${MG_THINGS_DB_USER} - MG_THINGS_DB_PASS: ${MG_THINGS_DB_PASS} - MG_THINGS_DB_NAME: ${MG_THINGS_DB_NAME} - MG_THINGS_DB_SSL_MODE: ${MG_THINGS_DB_SSL_MODE} - MG_THINGS_DB_SSL_CERT: ${MG_THINGS_DB_SSL_CERT} - MG_THINGS_DB_SSL_KEY: ${MG_THINGS_DB_SSL_KEY} - MG_THINGS_DB_SSL_ROOT_CERT: ${MG_THINGS_DB_SSL_ROOT_CERT} - MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL} - MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT} - MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt} - MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key} - MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} - MG_JAEGER_URL: ${MG_JAEGER_URL} - MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO} - MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY} - MG_SPICEDB_PRE_SHARED_KEY: ${MG_SPICEDB_PRE_SHARED_KEY} - MG_SPICEDB_HOST: ${MG_SPICEDB_HOST} - MG_SPICEDB_PORT: ${MG_SPICEDB_PORT} + SMQ_CLIENTS_AUTH_GRPC_SERVER_CERT: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CERT:+/clients-grpc-server.crt} + SMQ_CLIENTS_AUTH_GRPC_SERVER_KEY: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_KEY:+/clients-grpc-server.key} + SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt} + SMQ_CLIENTS_AUTH_GRPC_CLIENT_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CA_CERTS:+/clients-grpc-client-ca.crt} + SMQ_ES_URL: ${SMQ_ES_URL} + SMQ_CLIENTS_CACHE_URL: ${SMQ_CLIENTS_CACHE_URL} + SMQ_CLIENTS_DB_HOST: ${SMQ_CLIENTS_DB_HOST} + SMQ_CLIENTS_DB_PORT: ${SMQ_CLIENTS_DB_PORT} + SMQ_CLIENTS_DB_USER: ${SMQ_CLIENTS_DB_USER} + SMQ_CLIENTS_DB_PASS: ${SMQ_CLIENTS_DB_PASS} + SMQ_CLIENTS_DB_NAME: ${SMQ_CLIENTS_DB_NAME} + SMQ_CLIENTS_DB_SSL_MODE: ${SMQ_CLIENTS_DB_SSL_MODE} + SMQ_CLIENTS_DB_SSL_CERT: ${SMQ_CLIENTS_DB_SSL_CERT} + SMQ_CLIENTS_DB_SSL_KEY: ${SMQ_CLIENTS_DB_SSL_KEY} + SMQ_CLIENTS_DB_SSL_ROOT_CERT: ${SMQ_CLIENTS_DB_SSL_ROOT_CERT} + SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL} + SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT} + SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt} + SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key} + SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} + SMQ_CHANNELS_URL: ${SMQ_CHANNELS_URL} + SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL} + SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT} + SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt} + SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key} + SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt} + SMQ_GROUPS_URL: ${SMQ_GROUPS_URL} + SMQ_GROUPS_GRPC_URL: ${SMQ_GROUPS_GRPC_URL} + SMQ_GROUPS_GRPC_TIMEOUT: ${SMQ_GROUPS_GRPC_TIMEOUT} + SMQ_GROUPS_GRPC_CLIENT_CERT: ${SMQ_GROUPS_GRPC_CLIENT_CERT:+/groups-grpc-client.crt} + SMQ_GROUPS_GRPC_CLIENT_KEY: ${SMQ_GROUPS_GRPC_CLIENT_KEY:+/groups-grpc-client.key} + SMQ_GROUPS_GRPC_SERVER_CA_CERTS: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt} + SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL} + SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT} + SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt} + SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key} + SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt} + SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} + SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} + SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} + SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY} + SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST} + SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT} ports: - - ${MG_THINGS_HTTP_PORT}:${MG_THINGS_HTTP_PORT} - - ${MG_THINGS_AUTH_GRPC_PORT}:${MG_THINGS_AUTH_GRPC_PORT} + - ${SMQ_CLIENTS_HTTP_PORT}:${SMQ_CLIENTS_HTTP_PORT} + - ${SMQ_CLIENTS_AUTH_GRPC_PORT}:${SMQ_CLIENTS_AUTH_GRPC_PORT} networks: - - magistrala-base-net + - supermq-base-net volumes: - # Things gRPC server certificates + # Clients gRPC server certificates + - type: bind + source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert} + target: /clients-grpc-server${SMQ_CLIENTS_AUTH_GRPC_SERVER_CERT:+.crt} + bind: + create_host_path: true - type: bind - source: ${MG_THINGS_AUTH_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert} - target: /things-grpc-server${MG_THINGS_AUTH_GRPC_SERVER_CERT:+.crt} + source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key} + target: /clients-grpc-server${SMQ_CLIENTS_AUTH_GRPC_SERVER_KEY:+.key} bind: create_host_path: true - type: bind - source: ${MG_THINGS_AUTH_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key} - target: /things-grpc-server${MG_THINGS_AUTH_GRPC_SERVER_KEY:+.key} + source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs} + target: /clients-grpc-server-ca${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true - type: bind - source: ${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs} - target: /things-grpc-server-ca${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+.crt} + source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs} + target: /clients-grpc-client-ca${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CA_CERTS:+.crt} bind: create_host_path: true + # Auth gRPC client certificates - type: bind - source: ${MG_THINGS_AUTH_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs} - target: /things-grpc-client-ca${MG_THINGS_AUTH_GRPC_CLIENT_CA_CERTS:+.crt} + source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} + target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true + - type: bind + source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} + target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key} + bind: + create_host_path: true + - type: bind + source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} + target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt} + bind: + create_host_path: true + # Channel gRPC client certificates + - type: bind + source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} + target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_CERT:+.crt} + bind: + create_host_path: true + - type: bind + source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} + target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_KEY:+.key} + bind: + create_host_path: true + - type: bind + source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} + target: /channels-grpc-server-ca${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+.crt} + bind: + create_host_path: true + + channels-db: + image: postgres:16.2-alpine + container_name: supermq-channels-db + restart: on-failure + command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}" + environment: + POSTGRES_USER: ${SMQ_CHANNELS_DB_USER} + POSTGRES_PASSWORD: ${SMQ_CHANNELS_DB_PASS} + POSTGRES_DB: ${SMQ_CHANNELS_DB_NAME} + SMQ_POSTGRES_MAX_CONNECTIONS: ${SMQ_POSTGRES_MAX_CONNECTIONS} + networks: + - supermq-base-net + ports: + - 6005:5432 + volumes: + - supermq-channels-db-volume:/var/lib/postgresql/data + + channels: + image: supermq/channels:${SMQ_RELEASE_TAG} + container_name: supermq-channels + depends_on: + - channels-db + - users + - auth + - nats + restart: on-failure + environment: + SMQ_CHANNELS_LOG_LEVEL: ${SMQ_CHANNELS_LOG_LEVEL} + SMQ_CHANNELS_INSTANCE_ID: ${SMQ_CHANNELS_INSTANCE_ID} + SMQ_CHANNELS_HTTP_HOST: ${SMQ_CHANNELS_HTTP_HOST} + SMQ_CHANNELS_HTTP_PORT: ${SMQ_CHANNELS_HTTP_PORT} + SMQ_CHANNELS_GRPC_HOST: ${SMQ_CHANNELS_GRPC_HOST} + SMQ_CHANNELS_GRPC_PORT: ${SMQ_CHANNELS_GRPC_PORT} + ## Compose supports parameter expansion in environment, + ## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty + ## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default + SMQ_CHANNELS_GRPC_SERVER_CERT: ${SMQ_CHANNELS_GRPC_SERVER_CERT:+/channels-grpc-server.crt} + SMQ_CHANNELS_GRPC_SERVER_KEY: ${SMQ_CHANNELS_GRPC_SERVER_KEY:+/channels-grpc-server.key} + SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt} + SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS: ${SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS:+/channels-grpc-client-ca.crt} + SMQ_CHANNELS_DB_HOST: ${SMQ_CHANNELS_DB_HOST} + SMQ_CHANNELS_DB_PORT: ${SMQ_CHANNELS_DB_PORT} + SMQ_CHANNELS_DB_USER: ${SMQ_CHANNELS_DB_USER} + SMQ_CHANNELS_DB_PASS: ${SMQ_CHANNELS_DB_PASS} + SMQ_CHANNELS_DB_NAME: ${SMQ_CHANNELS_DB_NAME} + SMQ_CHANNELS_DB_SSL_MODE: ${SMQ_CHANNELS_DB_SSL_MODE} + SMQ_CHANNELS_DB_SSL_CERT: ${SMQ_CHANNELS_DB_SSL_CERT} + SMQ_CHANNELS_DB_SSL_KEY: ${SMQ_CHANNELS_DB_SSL_KEY} + SMQ_CHANNELS_DB_SSL_ROOT_CERT: ${SMQ_CHANNELS_DB_SSL_ROOT_CERT} + SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL} + SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT} + SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt} + SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key} + SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} + SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL} + SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT} + SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt} + SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key} + SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt} + SMQ_GROUPS_GRPC_URL: ${SMQ_GROUPS_GRPC_URL} + SMQ_GROUPS_GRPC_TIMEOUT: ${SMQ_GROUPS_GRPC_TIMEOUT} + SMQ_GROUPS_GRPC_CLIENT_CERT: ${SMQ_GROUPS_GRPC_CLIENT_CERT:+/groups-grpc-client.crt} + SMQ_GROUPS_GRPC_CLIENT_KEY: ${SMQ_GROUPS_GRPC_CLIENT_KEY:+/groups-grpc-client.key} + SMQ_GROUPS_GRPC_SERVER_CA_CERTS: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt} + SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL} + SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT} + SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt} + SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key} + SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt} + SMQ_ES_URL: ${SMQ_ES_URL} + SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} + SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} + SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} + SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY} + SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST} + SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT} + ports: + - ${SMQ_CHANNELS_HTTP_PORT}:${SMQ_CHANNELS_HTTP_PORT} + - ${SMQ_CHANNELS_GRPC_PORT}:${SMQ_CHANNELS_GRPC_PORT} + networks: + - supermq-base-net + volumes: # Auth gRPC client certificates - type: bind - source: ${MG_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} - target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_CERT:+.crt} + source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} + target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind - source: ${MG_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} - target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_KEY:+.key} + source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} + target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind - source: ${MG_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} - target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt} + source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} + target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true users-db: image: postgres:16.2-alpine - container_name: magistrala-users-db + container_name: supermq-users-db restart: on-failure - command: postgres -c "max_connections=${MG_POSTGRES_MAX_CONNECTIONS}" + command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}" environment: - POSTGRES_USER: ${MG_USERS_DB_USER} - POSTGRES_PASSWORD: ${MG_USERS_DB_PASS} - POSTGRES_DB: ${MG_USERS_DB_NAME} - MG_POSTGRES_MAX_CONNECTIONS: ${MG_POSTGRES_MAX_CONNECTIONS} + POSTGRES_USER: ${SMQ_USERS_DB_USER} + POSTGRES_PASSWORD: ${SMQ_USERS_DB_PASS} + POSTGRES_DB: ${SMQ_USERS_DB_NAME} + SMQ_POSTGRES_MAX_CONNECTIONS: ${SMQ_POSTGRES_MAX_CONNECTIONS} ports: - - 6000:5432 + - 6002:5432 networks: - - magistrala-base-net + - supermq-base-net volumes: - - magistrala-users-db-volume:/var/lib/postgresql/data + - supermq-users-db-volume:/var/lib/postgresql/data users: - image: magistrala/users:${MG_RELEASE_TAG} - container_name: magistrala-users + image: supermq/users:${SMQ_RELEASE_TAG} + container_name: supermq-users depends_on: - users-db - auth - nats restart: on-failure environment: - MG_USERS_LOG_LEVEL: ${MG_USERS_LOG_LEVEL} - MG_USERS_SECRET_KEY: ${MG_USERS_SECRET_KEY} - MG_USERS_ADMIN_EMAIL: ${MG_USERS_ADMIN_EMAIL} - MG_USERS_ADMIN_PASSWORD: ${MG_USERS_ADMIN_PASSWORD} - MG_USERS_ADMIN_USERNAME: ${MG_USERS_ADMIN_USERNAME} - MG_USERS_ADMIN_FIRST_NAME: ${MG_USERS_ADMIN_FIRST_NAME} - MG_USERS_ADMIN_LAST_NAME: ${MG_USERS_ADMIN_LAST_NAME} - MG_USERS_PASS_REGEX: ${MG_USERS_PASS_REGEX} - MG_USERS_ACCESS_TOKEN_DURATION: ${MG_USERS_ACCESS_TOKEN_DURATION} - MG_USERS_REFRESH_TOKEN_DURATION: ${MG_USERS_REFRESH_TOKEN_DURATION} - MG_TOKEN_RESET_ENDPOINT: ${MG_TOKEN_RESET_ENDPOINT} - MG_USERS_HTTP_HOST: ${MG_USERS_HTTP_HOST} - MG_USERS_HTTP_PORT: ${MG_USERS_HTTP_PORT} - MG_USERS_HTTP_SERVER_CERT: ${MG_USERS_HTTP_SERVER_CERT} - MG_USERS_HTTP_SERVER_KEY: ${MG_USERS_HTTP_SERVER_KEY} - MG_USERS_DB_HOST: ${MG_USERS_DB_HOST} - MG_USERS_DB_PORT: ${MG_USERS_DB_PORT} - MG_USERS_DB_USER: ${MG_USERS_DB_USER} - MG_USERS_DB_PASS: ${MG_USERS_DB_PASS} - MG_USERS_DB_NAME: ${MG_USERS_DB_NAME} - MG_USERS_DB_SSL_MODE: ${MG_USERS_DB_SSL_MODE} - MG_USERS_DB_SSL_CERT: ${MG_USERS_DB_SSL_CERT} - MG_USERS_DB_SSL_KEY: ${MG_USERS_DB_SSL_KEY} - MG_USERS_DB_SSL_ROOT_CERT: ${MG_USERS_DB_SSL_ROOT_CERT} - MG_USERS_ALLOW_SELF_REGISTER: ${MG_USERS_ALLOW_SELF_REGISTER} - MG_EMAIL_HOST: ${MG_EMAIL_HOST} - MG_EMAIL_PORT: ${MG_EMAIL_PORT} - MG_EMAIL_USERNAME: ${MG_EMAIL_USERNAME} - MG_EMAIL_PASSWORD: ${MG_EMAIL_PASSWORD} - MG_EMAIL_FROM_ADDRESS: ${MG_EMAIL_FROM_ADDRESS} - MG_EMAIL_FROM_NAME: ${MG_EMAIL_FROM_NAME} - MG_EMAIL_TEMPLATE: ${MG_EMAIL_TEMPLATE} - MG_ES_URL: ${MG_ES_URL} - MG_JAEGER_URL: ${MG_JAEGER_URL} - MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO} - MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY} - MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL} - MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT} - MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt} - MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key} - MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} - MG_GOOGLE_CLIENT_ID: ${MG_GOOGLE_CLIENT_ID} - MG_GOOGLE_CLIENT_SECRET: ${MG_GOOGLE_CLIENT_SECRET} - MG_GOOGLE_REDIRECT_URL: ${MG_GOOGLE_REDIRECT_URL} - MG_GOOGLE_STATE: ${MG_GOOGLE_STATE} - MG_USERS_DELETE_INTERVAL: ${MG_USERS_DELETE_INTERVAL} - MG_USERS_DELETE_AFTER: ${MG_USERS_DELETE_AFTER} - MG_SPICEDB_PRE_SHARED_KEY: ${MG_SPICEDB_PRE_SHARED_KEY} - MG_SPICEDB_HOST: ${MG_SPICEDB_HOST} - MG_SPICEDB_PORT: ${MG_SPICEDB_PORT} + SMQ_USERS_LOG_LEVEL: ${SMQ_USERS_LOG_LEVEL} + SMQ_USERS_SECRET_KEY: ${SMQ_USERS_SECRET_KEY} + SMQ_USERS_ADMIN_EMAIL: ${SMQ_USERS_ADMIN_EMAIL} + SMQ_USERS_ADMIN_PASSWORD: ${SMQ_USERS_ADMIN_PASSWORD} + SMQ_USERS_ADMIN_USERNAME: ${SMQ_USERS_ADMIN_USERNAME} + SMQ_USERS_ADMIN_FIRST_NAME: ${SMQ_USERS_ADMIN_FIRST_NAME} + SMQ_USERS_ADMIN_LAST_NAME: ${SMQ_USERS_ADMIN_LAST_NAME} + SMQ_USERS_PASS_REGEX: ${SMQ_USERS_PASS_REGEX} + SMQ_USERS_ACCESS_TOKEN_DURATION: ${SMQ_USERS_ACCESS_TOKEN_DURATION} + SMQ_USERS_REFRESH_TOKEN_DURATION: ${SMQ_USERS_REFRESH_TOKEN_DURATION} + SMQ_TOKEN_RESET_ENDPOINT: ${SMQ_TOKEN_RESET_ENDPOINT} + SMQ_USERS_HTTP_HOST: ${SMQ_USERS_HTTP_HOST} + SMQ_USERS_HTTP_PORT: ${SMQ_USERS_HTTP_PORT} + SMQ_USERS_HTTP_SERVER_CERT: ${SMQ_USERS_HTTP_SERVER_CERT} + SMQ_USERS_HTTP_SERVER_KEY: ${SMQ_USERS_HTTP_SERVER_KEY} + SMQ_USERS_DB_HOST: ${SMQ_USERS_DB_HOST} + SMQ_USERS_DB_PORT: ${SMQ_USERS_DB_PORT} + SMQ_USERS_DB_USER: ${SMQ_USERS_DB_USER} + SMQ_USERS_DB_PASS: ${SMQ_USERS_DB_PASS} + SMQ_USERS_DB_NAME: ${SMQ_USERS_DB_NAME} + SMQ_USERS_DB_SSL_MODE: ${SMQ_USERS_DB_SSL_MODE} + SMQ_USERS_DB_SSL_CERT: ${SMQ_USERS_DB_SSL_CERT} + SMQ_USERS_DB_SSL_KEY: ${SMQ_USERS_DB_SSL_KEY} + SMQ_USERS_DB_SSL_ROOT_CERT: ${SMQ_USERS_DB_SSL_ROOT_CERT} + SMQ_USERS_ALLOW_SELF_REGISTER: ${SMQ_USERS_ALLOW_SELF_REGISTER} + SMQ_EMAIL_HOST: ${SMQ_EMAIL_HOST} + SMQ_EMAIL_PORT: ${SMQ_EMAIL_PORT} + SMQ_EMAIL_USERNAME: ${SMQ_EMAIL_USERNAME} + SMQ_EMAIL_PASSWORD: ${SMQ_EMAIL_PASSWORD} + SMQ_EMAIL_FROM_ADDRESS: ${SMQ_EMAIL_FROM_ADDRESS} + SMQ_EMAIL_FROM_NAME: ${SMQ_EMAIL_FROM_NAME} + SMQ_EMAIL_TEMPLATE: ${SMQ_EMAIL_TEMPLATE} + SMQ_ES_URL: ${SMQ_ES_URL} + SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} + SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} + SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} + SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL} + SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT} + SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt} + SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key} + SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} + SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL} + SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT} + SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt} + SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key} + SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt} + SMQ_GOOGLE_CLIENT_ID: ${SMQ_GOOGLE_CLIENT_ID} + SMQ_GOOGLE_CLIENT_SECRET: ${SMQ_GOOGLE_CLIENT_SECRET} + SMQ_GOOGLE_REDIRECT_URL: ${SMQ_GOOGLE_REDIRECT_URL} + SMQ_GOOGLE_STATE: ${SMQ_GOOGLE_STATE} + SMQ_OAUTH_UI_REDIRECT_URL: ${SMQ_OAUTH_UI_REDIRECT_URL} + SMQ_OAUTH_UI_ERROR_URL: ${SMQ_OAUTH_UI_ERROR_URL} + SMQ_USERS_DELETE_INTERVAL: ${SMQ_USERS_DELETE_INTERVAL} + SMQ_USERS_DELETE_AFTER: ${SMQ_USERS_DELETE_AFTER} + SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY} + SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST} + SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT} ports: - - ${MG_USERS_HTTP_PORT}:${MG_USERS_HTTP_PORT} + - ${SMQ_USERS_HTTP_PORT}:${SMQ_USERS_HTTP_PORT} networks: - - magistrala-base-net + - supermq-base-net volumes: - - ./templates/${MG_USERS_RESET_PWD_TEMPLATE}:/email.tmpl + - ./templates/${SMQ_USERS_RESET_PWD_TEMPLATE}:/email.tmpl # Auth gRPC client certificates - type: bind - source: ${MG_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} - target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_CERT:+.crt} + source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} + target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind - source: ${MG_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} - target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_KEY:+.key} + source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} + target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind - source: ${MG_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} - target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt} + source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} + target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true + + groups-db: + image: postgres:16.2-alpine + container_name: supermq-groups-db + restart: on-failure + command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}" + environment: + POSTGRES_USER: ${SMQ_GROUPS_DB_USER} + POSTGRES_PASSWORD: ${SMQ_GROUPS_DB_PASS} + POSTGRES_DB: ${SMQ_GROUPS_DB_NAME} + SMQ_POSTGRES_MAX_CONNECTIONS: ${SMQ_POSTGRES_MAX_CONNECTIONS} + ports: + - 6004:5432 + networks: + - supermq-base-net + volumes: + - supermq-groups-db-volume:/var/lib/postgresql/data + + groups: + image: supermq/groups:${SMQ_RELEASE_TAG} + container_name: supermq-groups + depends_on: + - groups-db + - auth + - nats + restart: on-failure + environment: + SMQ_GROUPS_LOG_LEVEL: ${SMQ_GROUPS_LOG_LEVEL} + SMQ_GROUPS_HTTP_HOST: ${SMQ_GROUPS_HTTP_HOST} + SMQ_GROUPS_HTTP_PORT: ${SMQ_GROUPS_HTTP_PORT} + SMQ_GROUPS_HTTP_SERVER_CERT: ${SMQ_GROUPS_HTTP_SERVER_CERT} + SMQ_GROUPS_HTTP_SERVER_KEY: ${SMQ_GROUPS_HTTP_SERVER_KEY} + SMQ_GROUPS_GRPC_HOST: ${SMQ_GROUPS_GRPC_HOST} + SMQ_GROUPS_GRPC_PORT: ${SMQ_GROUPS_GRPC_PORT} + ## Compose supports parameter expansion in environment, + ## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty + ## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default + SMQ_GROUPS_GRPC_SERVER_CERT: ${SMQ_GROUPS_GRPC_SERVER_CERT:+/groups-grpc-server.crt} + SMQ_GROUPS_GRPC_SERVER_KEY: ${SMQ_GROUPS_GRPC_SERVER_KEY:+/groups-grpc-server.key} + SMQ_GROUPS_GRPC_SERVER_CA_CERTS: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt} + SMQ_GROUPS_GRPC_CLIENT_CA_CERTS: ${SMQ_GROUPS_GRPC_CLIENT_CA_CERTS:+/groups-grpc-client-ca.crt} + SMQ_GROUPS_DB_HOST: ${SMQ_GROUPS_DB_HOST} + SMQ_GROUPS_DB_PORT: ${SMQ_GROUPS_DB_PORT} + SMQ_GROUPS_DB_USER: ${SMQ_GROUPS_DB_USER} + SMQ_GROUPS_DB_PASS: ${SMQ_GROUPS_DB_PASS} + SMQ_GROUPS_DB_NAME: ${SMQ_GROUPS_DB_NAME} + SMQ_GROUPS_DB_SSL_MODE: ${SMQ_GROUPS_DB_SSL_MODE} + SMQ_GROUPS_DB_SSL_CERT: ${SMQ_GROUPS_DB_SSL_CERT} + SMQ_GROUPS_DB_SSL_KEY: ${SMQ_GROUPS_DB_SSL_KEY} + SMQ_GROUPS_DB_SSL_ROOT_CERT: ${SMQ_GROUPS_DB_SSL_ROOT_CERT} + SMQ_CHANNELS_URL: ${SMQ_CHANNELS_URL} + SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL} + SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT} + SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt} + SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key} + SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt} + SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL} + SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT} + SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt} + SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key} + SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt} + SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL} + SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT} + SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt} + SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key} + SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt} + SMQ_ES_URL: ${SMQ_ES_URL} + SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} + SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} + SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} + SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL} + SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT} + SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt} + SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key} + SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} + SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY} + SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST} + SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT} + SMQ_SPICEDB_SCHEMA_FILE: ${SMQ_SPICEDB_SCHEMA_FILE} + ports: + - ${SMQ_GROUPS_HTTP_PORT}:${SMQ_GROUPS_HTTP_PORT} + - ${SMQ_GROUPS_GRPC_PORT}:${SMQ_GROUPS_GRPC_PORT} + networks: + - supermq-base-net + volumes: + - ./spicedb/schema.zed:${SMQ_SPICEDB_SCHEMA_FILE} + # Auth gRPC client certificates + - type: bind + source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} + target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt} + bind: + create_host_path: true + - type: bind + source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} + target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key} + bind: + create_host_path: true + - type: bind + source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} + target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt} + bind: + create_host_path: true + + jaeger: image: jaegertracing/all-in-one:1.60 - container_name: magistrala-jaeger + container_name: supermq-jaeger environment: - COLLECTOR_OTLP_ENABLED: ${MG_JAEGER_COLLECTOR_OTLP_ENABLED} - command: --memory.max-traces ${MG_JAEGER_MEMORY_MAX_TRACES} + COLLECTOR_OTLP_ENABLED: ${SMQ_JAEGER_COLLECTOR_OTLP_ENABLED} + command: --memory.max-traces ${SMQ_JAEGER_MEMORY_MAX_TRACES} ports: - - ${MG_JAEGER_FRONTEND}:${MG_JAEGER_FRONTEND} - - ${MG_JAEGER_OLTP_HTTP}:${MG_JAEGER_OLTP_HTTP} + - ${SMQ_JAEGER_FRONTEND}:${SMQ_JAEGER_FRONTEND} + - ${SMQ_JAEGER_OLTP_HTTP}:${SMQ_JAEGER_OLTP_HTTP} networks: - - magistrala-base-net + - supermq-base-net mqtt-adapter: - image: magistrala/mqtt:${MG_RELEASE_TAG} - container_name: magistrala-mqtt + image: supermq/mqtt:${SMQ_RELEASE_TAG} + container_name: supermq-mqtt depends_on: - - things + - clients - vernemq - nats restart: on-failure environment: - MG_MQTT_ADAPTER_LOG_LEVEL: ${MG_MQTT_ADAPTER_LOG_LEVEL} - MG_MQTT_ADAPTER_MQTT_PORT: ${MG_MQTT_ADAPTER_MQTT_PORT} - MG_MQTT_ADAPTER_MQTT_TARGET_HOST: ${MG_MQTT_ADAPTER_MQTT_TARGET_HOST} - MG_MQTT_ADAPTER_MQTT_TARGET_PORT: ${MG_MQTT_ADAPTER_MQTT_TARGET_PORT} - MG_MQTT_ADAPTER_FORWARDER_TIMEOUT: ${MG_MQTT_ADAPTER_FORWARDER_TIMEOUT} - MG_MQTT_ADAPTER_MQTT_TARGET_HEALTH_CHECK: ${MG_MQTT_ADAPTER_MQTT_TARGET_HEALTH_CHECK} - MG_MQTT_ADAPTER_MQTT_QOS: ${MG_MQTT_ADAPTER_MQTT_QOS} - MG_MQTT_ADAPTER_WS_PORT: ${MG_MQTT_ADAPTER_WS_PORT} - MG_MQTT_ADAPTER_INSTANCE_ID: ${MG_MQTT_ADAPTER_INSTANCE_ID} - MG_MQTT_ADAPTER_WS_TARGET_HOST: ${MG_MQTT_ADAPTER_WS_TARGET_HOST} - MG_MQTT_ADAPTER_WS_TARGET_PORT: ${MG_MQTT_ADAPTER_WS_TARGET_PORT} - MG_MQTT_ADAPTER_WS_TARGET_PATH: ${MG_MQTT_ADAPTER_WS_TARGET_PATH} - MG_MQTT_ADAPTER_INSTANCE: ${MG_MQTT_ADAPTER_INSTANCE} - MG_ES_URL: ${MG_ES_URL} - MG_THINGS_AUTH_GRPC_URL: ${MG_THINGS_AUTH_GRPC_URL} - MG_THINGS_AUTH_GRPC_TIMEOUT: ${MG_THINGS_AUTH_GRPC_TIMEOUT} - MG_THINGS_AUTH_GRPC_CLIENT_CERT: ${MG_THINGS_AUTH_GRPC_CLIENT_CERT:+/things-grpc-client.crt} - MG_THINGS_AUTH_GRPC_CLIENT_KEY: ${MG_THINGS_AUTH_GRPC_CLIENT_KEY:+/things-grpc-client.key} - MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS: ${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+/things-grpc-server-ca.crt} - MG_JAEGER_URL: ${MG_JAEGER_URL} - MG_MESSAGE_BROKER_URL: ${MG_MESSAGE_BROKER_URL} - MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO} - MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY} + SMQ_MQTT_ADAPTER_LOG_LEVEL: ${SMQ_MQTT_ADAPTER_LOG_LEVEL} + SMQ_MQTT_ADAPTER_MQTT_PORT: ${SMQ_MQTT_ADAPTER_MQTT_PORT} + SMQ_MQTT_ADAPTER_MQTT_TARGET_HOST: ${SMQ_MQTT_ADAPTER_MQTT_TARGET_HOST} + SMQ_MQTT_ADAPTER_MQTT_TARGET_PORT: ${SMQ_MQTT_ADAPTER_MQTT_TARGET_PORT} + SMQ_MQTT_ADAPTER_FORWARDER_TIMEOUT: ${SMQ_MQTT_ADAPTER_FORWARDER_TIMEOUT} + SMQ_MQTT_ADAPTER_MQTT_TARGET_HEALTH_CHECK: ${SMQ_MQTT_ADAPTER_MQTT_TARGET_HEALTH_CHECK} + SMQ_MQTT_ADAPTER_MQTT_QOS: ${SMQ_MQTT_ADAPTER_MQTT_QOS} + SMQ_MQTT_ADAPTER_WS_PORT: ${SMQ_MQTT_ADAPTER_WS_PORT} + SMQ_MQTT_ADAPTER_INSTANCE_ID: ${SMQ_MQTT_ADAPTER_INSTANCE_ID} + SMQ_MQTT_ADAPTER_WS_TARGET_HOST: ${SMQ_MQTT_ADAPTER_WS_TARGET_HOST} + SMQ_MQTT_ADAPTER_WS_TARGET_PORT: ${SMQ_MQTT_ADAPTER_WS_TARGET_PORT} + SMQ_MQTT_ADAPTER_WS_TARGET_PATH: ${SMQ_MQTT_ADAPTER_WS_TARGET_PATH} + SMQ_MQTT_ADAPTER_INSTANCE: ${SMQ_MQTT_ADAPTER_INSTANCE} + SMQ_ES_URL: ${SMQ_ES_URL} + SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL} + SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT} + SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt} + SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key} + SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt} + SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL} + SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT} + SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt} + SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key} + SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt} + SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} + SMQ_MESSAGE_BROKER_URL: ${SMQ_MESSAGE_BROKER_URL} + SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} + SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} networks: - - magistrala-base-net + - supermq-base-net volumes: - # Things gRPC mTLS client certificates + # Clients gRPC mTLS client certificates + - type: bind + source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} + target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+.crt} + bind: + create_host_path: true + - type: bind + source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} + target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+.key} + bind: + create_host_path: true - type: bind - source: ${MG_THINGS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} - target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_CERT:+.crt} + source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} + target: /clients-grpc-server-ca${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true + # Channels gRPC mTLS client certificates - type: bind - source: ${MG_THINGS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} - target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_KEY:+.key} + source: ${SMQ_CHANNELS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} + target: /channels-grpc-client${SMQ_CHANNELS_AUTH_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind - source: ${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} - target: /things-grpc-server-ca${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+.crt} + source: ${SMQ_CHANNELS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} + target: /channels-grpc-client${SMQ_CHANNELS_AUTH_GRPC_CLIENT_KEY:+.key} + bind: + create_host_path: true + - type: bind + source: ${SMQ_CHANNELS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} + target: /channels-grpc-server-ca${SMQ_CHANNELS_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true http-adapter: - image: magistrala/http:${MG_RELEASE_TAG} - container_name: magistrala-http + image: supermq/http:${SMQ_RELEASE_TAG} + container_name: supermq-http + depends_on: + - clients + - nats + restart: on-failure + environment: + SMQ_HTTP_ADAPTER_LOG_LEVEL: ${SMQ_HTTP_ADAPTER_LOG_LEVEL} + SMQ_HTTP_ADAPTER_HOST: ${SMQ_HTTP_ADAPTER_HOST} + SMQ_HTTP_ADAPTER_PORT: ${SMQ_HTTP_ADAPTER_PORT} + SMQ_HTTP_ADAPTER_SERVER_CERT: ${SMQ_HTTP_ADAPTER_SERVER_CERT} + SMQ_HTTP_ADAPTER_SERVER_KEY: ${SMQ_HTTP_ADAPTER_SERVER_KEY} + SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL} + SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT} + SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt} + SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key} + SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt} + SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL} + SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT} + SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt} + SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key} + SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt} + SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL} + SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT} + SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt} + SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key} + SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} + SMQ_MESSAGE_BROKER_URL: ${SMQ_MESSAGE_BROKER_URL} + SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} + SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} + SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} + SMQ_HTTP_ADAPTER_INSTANCE_ID: ${SMQ_HTTP_ADAPTER_INSTANCE_ID} + ports: + - ${SMQ_HTTP_ADAPTER_PORT}:${SMQ_HTTP_ADAPTER_PORT} + networks: + - supermq-base-net + volumes: + # Clients gRPC mTLS client certificates + - type: bind + source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} + target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+.crt} + bind: + create_host_path: true + - type: bind + source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} + target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+.key} + bind: + create_host_path: true + - type: bind + source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} + target: /clients-grpc-server-ca${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+.crt} + bind: + create_host_path: true + # Channels gRPC mTLS client certificates + - type: bind + source: ${SMQ_CHANNELS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} + target: /channels-grpc-client${SMQ_CHANNELS_AUTH_GRPC_CLIENT_CERT:+.crt} + bind: + create_host_path: true + - type: bind + source: ${SMQ_CHANNELS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} + target: /channels-grpc-client${SMQ_CHANNELS_AUTH_GRPC_CLIENT_KEY:+.key} + bind: + create_host_path: true + - type: bind + source: ${SMQ_CHANNELS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} + target: /channels-grpc-server-ca${SMQ_CHANNELS_AUTH_GRPC_SERVER_CA_CERTS:+.crt} + bind: + create_host_path: true + # Auth gRPC mTLS client certificates + - type: bind + source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} + target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt} + bind: + create_host_path: true + - type: bind + source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} + target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key} + bind: + create_host_path: true + - type: bind + source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} + target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt} + bind: + create_host_path: true + + coap-adapter: + image: supermq/coap:${SMQ_RELEASE_TAG} + container_name: supermq-coap depends_on: - - things + - clients - nats restart: on-failure environment: - MG_HTTP_ADAPTER_LOG_LEVEL: ${MG_HTTP_ADAPTER_LOG_LEVEL} - MG_HTTP_ADAPTER_HOST: ${MG_HTTP_ADAPTER_HOST} - MG_HTTP_ADAPTER_PORT: ${MG_HTTP_ADAPTER_PORT} - MG_HTTP_ADAPTER_SERVER_CERT: ${MG_HTTP_ADAPTER_SERVER_CERT} - MG_HTTP_ADAPTER_SERVER_KEY: ${MG_HTTP_ADAPTER_SERVER_KEY} - MG_THINGS_AUTH_GRPC_URL: ${MG_THINGS_AUTH_GRPC_URL} - MG_THINGS_AUTH_GRPC_TIMEOUT: ${MG_THINGS_AUTH_GRPC_TIMEOUT} - MG_THINGS_AUTH_GRPC_CLIENT_CERT: ${MG_THINGS_AUTH_GRPC_CLIENT_CERT:+/things-grpc-client.crt} - MG_THINGS_AUTH_GRPC_CLIENT_KEY: ${MG_THINGS_AUTH_GRPC_CLIENT_KEY:+/things-grpc-client.key} - MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS: ${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+/things-grpc-server-ca.crt} - MG_MESSAGE_BROKER_URL: ${MG_MESSAGE_BROKER_URL} - MG_JAEGER_URL: ${MG_JAEGER_URL} - MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO} - MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY} - MG_HTTP_ADAPTER_INSTANCE_ID: ${MG_HTTP_ADAPTER_INSTANCE_ID} + SMQ_COAP_ADAPTER_LOG_LEVEL: ${SMQ_COAP_ADAPTER_LOG_LEVEL} + SMQ_COAP_ADAPTER_HOST: ${SMQ_COAP_ADAPTER_HOST} + SMQ_COAP_ADAPTER_PORT: ${SMQ_COAP_ADAPTER_PORT} + SMQ_COAP_ADAPTER_SERVER_CERT: ${SMQ_COAP_ADAPTER_SERVER_CERT} + SMQ_COAP_ADAPTER_SERVER_KEY: ${SMQ_COAP_ADAPTER_SERVER_KEY} + SMQ_COAP_ADAPTER_HTTP_HOST: ${SMQ_COAP_ADAPTER_HTTP_HOST} + SMQ_COAP_ADAPTER_HTTP_PORT: ${SMQ_COAP_ADAPTER_HTTP_PORT} + SMQ_COAP_ADAPTER_HTTP_SERVER_CERT: ${SMQ_COAP_ADAPTER_HTTP_SERVER_CERT} + SMQ_COAP_ADAPTER_HTTP_SERVER_KEY: ${SMQ_COAP_ADAPTER_HTTP_SERVER_KEY} + SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL} + SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT} + SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt} + SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key} + SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt} + SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL} + SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT} + SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt} + SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key} + SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt} + SMQ_MESSAGE_BROKER_URL: ${SMQ_MESSAGE_BROKER_URL} + SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} + SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} + SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} + SMQ_COAP_ADAPTER_INSTANCE_ID: ${SMQ_COAP_ADAPTER_INSTANCE_ID} ports: - - ${MG_HTTP_ADAPTER_PORT}:${MG_HTTP_ADAPTER_PORT} + - ${SMQ_COAP_ADAPTER_PORT}:${SMQ_COAP_ADAPTER_PORT}/udp + - ${SMQ_COAP_ADAPTER_HTTP_PORT}:${SMQ_COAP_ADAPTER_HTTP_PORT}/tcp networks: - - magistrala-base-net + - supermq-base-net volumes: - # Things gRPC mTLS client certificates + # Clients gRPC mTLS client certificates + - type: bind + source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} + target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+.crt} + bind: + create_host_path: true + - type: bind + source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} + target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+.key} + bind: + create_host_path: true + - type: bind + source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} + target: /clients-grpc-server-ca${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+.crt} + bind: + create_host_path: true + # Channels gRPC mTLS client certificates + - type: bind + source: ${SMQ_CHANNELS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} + target: /channels-grpc-client${SMQ_CHANNELS_AUTH_GRPC_CLIENT_CERT:+.crt} + bind: + create_host_path: true + - type: bind + source: ${SMQ_CHANNELS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} + target: /channels-grpc-client${SMQ_CHANNELS_AUTH_GRPC_CLIENT_KEY:+.key} + bind: + create_host_path: true + - type: bind + source: ${SMQ_CHANNELS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} + target: /channels-grpc-server-ca${SMQ_CHANNELS_AUTH_GRPC_SERVER_CA_CERTS:+.crt} + bind: + create_host_path: true + + ws-adapter: + image: supermq/ws:${SMQ_RELEASE_TAG} + container_name: supermq-ws + depends_on: + - clients + - nats + restart: on-failure + environment: + SMQ_WS_ADAPTER_LOG_LEVEL: ${SMQ_WS_ADAPTER_LOG_LEVEL} + SMQ_WS_ADAPTER_HTTP_HOST: ${SMQ_WS_ADAPTER_HTTP_HOST} + SMQ_WS_ADAPTER_HTTP_PORT: ${SMQ_WS_ADAPTER_HTTP_PORT} + SMQ_WS_ADAPTER_HTTP_SERVER_CERT: ${SMQ_WS_ADAPTER_HTTP_SERVER_CERT} + SMQ_WS_ADAPTER_HTTP_SERVER_KEY: ${SMQ_WS_ADAPTER_HTTP_SERVER_KEY} + SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL} + SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT} + SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt} + SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key} + SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt} + SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL} + SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT} + SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt} + SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key} + SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt} + SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL} + SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT} + SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt} + SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key} + SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} + SMQ_MESSAGE_BROKER_URL: ${SMQ_MESSAGE_BROKER_URL} + SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} + SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} + SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} + SMQ_WS_ADAPTER_INSTANCE_ID: ${SMQ_WS_ADAPTER_INSTANCE_ID} + ports: + - ${SMQ_WS_ADAPTER_HTTP_PORT}:${SMQ_WS_ADAPTER_HTTP_PORT} + networks: + - supermq-base-net + volumes: + # Clients gRPC mTLS client certificates + - type: bind + source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} + target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+.crt} + bind: + create_host_path: true + - type: bind + source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} + target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+.key} + bind: + create_host_path: true + - type: bind + source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} + target: /clients-grpc-server-ca${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+.crt} + bind: + create_host_path: true + # Channels gRPC mTLS client certificates - type: bind - source: ${MG_THINGS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} - target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_CERT:+.crt} + source: ${SMQ_CHANNELS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} + target: /channels-grpc-client${SMQ_CHANNELS_AUTH_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind - source: ${MG_THINGS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} - target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_KEY:+.key} + source: ${SMQ_CHANNELS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} + target: /channels-grpc-client${SMQ_CHANNELS_AUTH_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind - source: ${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} - target: /things-grpc-server-ca${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+.crt} + source: ${SMQ_CHANNELS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} + target: /channels-grpc-server-ca${SMQ_CHANNELS_AUTH_GRPC_SERVER_CA_CERTS:+.crt} + bind: + create_host_path: true + # Auth gRPC mTLS client certificates + - type: bind + source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} + target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt} + bind: + create_host_path: true + - type: bind + source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} + target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key} + bind: + create_host_path: true + - type: bind + source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} + target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true vernemq: - image: magistrala/vernemq:${MG_RELEASE_TAG} - container_name: magistrala-vernemq + image: supermq/vernemq:${SMQ_RELEASE_TAG} + container_name: supermq-vernemq restart: on-failure environment: - DOCKER_VERNEMQ_ALLOW_ANONYMOUS: ${MG_DOCKER_VERNEMQ_ALLOW_ANONYMOUS} - DOCKER_VERNEMQ_LOG__CONSOLE__LEVEL: ${MG_DOCKER_VERNEMQ_LOG__CONSOLE__LEVEL} + DOCKER_VERNEMQ_ALLOW_ANONYMOUS: ${SMQ_DOCKER_VERNEMQ_ALLOW_ANONYMOUS} + DOCKER_VERNEMQ_LOG__CONSOLE__LEVEL: ${SMQ_DOCKER_VERNEMQ_LOG__CONSOLE__LEVEL} networks: - - magistrala-base-net + - supermq-base-net volumes: - - magistrala-mqtt-broker-volume:/var/lib/vernemq + - supermq-mqtt-broker-volume:/var/lib/vernemq nats: image: nats:2.10.9-alpine - container_name: magistrala-nats + container_name: supermq-nats restart: on-failure command: "--config=/etc/nats/nats.conf" environment: - - MG_NATS_PORT=${MG_NATS_PORT} - - MG_NATS_HTTP_PORT=${MG_NATS_HTTP_PORT} - - MG_NATS_JETSTREAM_KEY=${MG_NATS_JETSTREAM_KEY} + - SMQ_NATS_PORT=${SMQ_NATS_PORT} + - SMQ_NATS_HTTP_PORT=${SMQ_NATS_HTTP_PORT} + - SMQ_NATS_JETSTREAM_KEY=${SMQ_NATS_JETSTREAM_KEY} ports: - - ${MG_NATS_PORT}:${MG_NATS_PORT} - - ${MG_NATS_HTTP_PORT}:${MG_NATS_HTTP_PORT} + - ${SMQ_NATS_PORT}:${SMQ_NATS_PORT} + - ${SMQ_NATS_HTTP_PORT}:${SMQ_NATS_HTTP_PORT} volumes: - - magistrala-broker-volume:/data + - supermq-broker-volume:/data - ./nats:/etc/nats networks: - - magistrala-base-net + - supermq-base-net + + ui: + image: magistrala/ui:${SMQ_RELEASE_TAG} + container_name: supermq-ui + restart: on-failure + environment: + SMQ_UI_LOG_LEVEL: ${SMQ_UI_LOG_LEVEL} + SMQ_UI_PORT: ${SMQ_UI_PORT} + SMQ_HTTP_ADAPTER_URL: ${SMQ_HTTP_ADAPTER_URL} + SMQ_CLIENTS_URL: ${SMQ_CLIENTS_URL} + SMQ_USERS_URL: ${SMQ_USERS_URL} + SMQ_INVITATIONS_URL: ${SMQ_INVITATIONS_URL} + SMQ_DOMAINS_URL: ${SMQ_DOMAINS_URL} + SMQ_UI_HOST_URL: ${SMQ_UI_HOST_URL} + SMQ_UI_VERIFICATION_TLS: ${SMQ_UI_VERIFICATION_TLS} + SMQ_UI_CONTENT_TYPE: ${SMQ_UI_CONTENT_TYPE} + SMQ_UI_INSTANCE_ID: ${SMQ_UI_INSTANCE_ID} + SMQ_UI_DB_HOST: ${SMQ_UI_DB_HOST} + SMQ_UI_DB_PORT: ${SMQ_UI_DB_PORT} + SMQ_UI_DB_USER: ${SMQ_UI_DB_USER} + SMQ_UI_DB_PASS: ${SMQ_UI_DB_PASS} + SMQ_UI_DB_NAME: ${SMQ_UI_DB_NAME} + SMQ_UI_DB_SSL_MODE: ${SMQ_UI_DB_SSL_MODE} + SMQ_UI_DB_SSL_CERT: ${SMQ_UI_DB_SSL_CERT} + SMQ_UI_DB_SSL_KEY: ${SMQ_UI_DB_SSL_KEY} + SMQ_UI_DB_SSL_ROOT_CERT: ${SMQ_UI_DB_SSL_ROOT_CERT} + SMQ_GOOGLE_CLIENT_ID: ${SMQ_GOOGLE_CLIENT_ID} + SMQ_GOOGLE_CLIENT_SECRET: ${SMQ_GOOGLE_CLIENT_SECRET} + SMQ_GOOGLE_REDIRECT_URL: ${SMQ_GOOGLE_REDIRECT_URL} + SMQ_GOOGLE_STATE: ${SMQ_GOOGLE_STATE} + SMQ_UI_HASH_KEY: ${SMQ_UI_HASH_KEY} + SMQ_UI_BLOCK_KEY: ${SMQ_UI_BLOCK_KEY} + SMQ_UI_PATH_PREFIX: ${SMQ_UI_PATH_PREFIX} + ports: + - ${SMQ_UI_PORT}:${SMQ_UI_PORT} + networks: + - supermq-base-net + + ui-db: + image: postgres:16.2-alpine + container_name: supermq-ui-db + restart: on-failure + command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}" + environment: + POSTGRES_USER: ${SMQ_UI_DB_USER} + POSTGRES_PASSWORD: ${SMQ_UI_DB_PASS} + POSTGRES_DB: ${SMQ_UI_DB_NAME} + SMQ_POSTGRES_MAX_CONNECTIONS: ${SMQ_POSTGRES_MAX_CONNECTIONS} + ports: + - 6007:5432 + networks: + - supermq-base-net + volumes: + - supermq-ui-db-volume:/var/lib/postgresql/data diff --git a/docker/nats/nats.conf b/docker/nats/nats.conf index 9ff090a..f40fb8f 100644 --- a/docker/nats/nats.conf +++ b/docker/nats/nats.conf @@ -2,14 +2,14 @@ server_name: "nats_internal_broker" max_payload: 64MB max_pending: 64MB max_connections: 1M -port: $MG_NATS_PORT -http_port: $MG_NATS_HTTP_PORT +port: $SMQ_NATS_PORT +http_port: $SMQ_NATS_HTTP_PORT trace: true jetstream { store_dir: "/data" cipher: "aes" - key: $MG_NATS_JETSTREAM_KEY + key: $SMQ_NATS_JETSTREAM_KEY max_mem: 1G } diff --git a/docker/nginx/entrypoint.sh b/docker/nginx/entrypoint.sh index ed647cd..4f9fae6 100755 --- a/docker/nginx/entrypoint.sh +++ b/docker/nginx/entrypoint.sh @@ -1,21 +1,26 @@ #!/bin/ash -if [ -z "$MG_MQTT_CLUSTER" ] +if [ -z "$SMQ_MQTT_CLUSTER" ] then - envsubst '${MG_MQTT_ADAPTER_MQTT_PORT}' < /etc/nginx/snippets/mqtt-upstream-single.conf > /etc/nginx/snippets/mqtt-upstream.conf - envsubst '${MG_MQTT_ADAPTER_WS_PORT}' < /etc/nginx/snippets/mqtt-ws-upstream-single.conf > /etc/nginx/snippets/mqtt-ws-upstream.conf + envsubst '${SMQ_MQTT_ADAPTER_MQTT_PORT}' < /etc/nginx/snippets/mqtt-upstream-single.conf > /etc/nginx/snippets/mqtt-upstream.conf + envsubst '${SMQ_MQTT_ADAPTER_WS_PORT}' < /etc/nginx/snippets/mqtt-ws-upstream-single.conf > /etc/nginx/snippets/mqtt-ws-upstream.conf else - envsubst '${MG_MQTT_ADAPTER_MQTT_PORT}' < /etc/nginx/snippets/mqtt-upstream-cluster.conf > /etc/nginx/snippets/mqtt-upstream.conf - envsubst '${MG_MQTT_ADAPTER_WS_PORT}' < /etc/nginx/snippets/mqtt-ws-upstream-cluster.conf > /etc/nginx/snippets/mqtt-ws-upstream.conf + envsubst '${SMQ_MQTT_ADAPTER_MQTT_PORT}' < /etc/nginx/snippets/mqtt-upstream-cluster.conf > /etc/nginx/snippets/mqtt-upstream.conf + envsubst '${SMQ_MQTT_ADAPTER_WS_PORT}' < /etc/nginx/snippets/mqtt-ws-upstream-cluster.conf > /etc/nginx/snippets/mqtt-ws-upstream.conf fi envsubst ' - ${MG_NGINX_SERVER_NAME} - ${MG_AUTH_HTTP_PORT} - ${MG_USERS_HTTP_PORT} - ${MG_THINGS_HTTP_PORT} - ${MG_THINGS_AUTH_HTTP_PORT} - ${MG_NGINX_MQTT_PORT} - ${MG_NGINX_MQTTS_PORT}' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf + ${SMQ_NGINX_SERVER_NAME} + ${SMQ_DOMAINS_HTTP_PORT} + ${SMQ_GROUPS_HTTP_PORT} + ${SMQ_USERS_HTTP_PORT} + ${SMQ_CLIENTS_HTTP_PORT} + ${SMQ_CLIENTS_AUTH_HTTP_PORT} + ${SMQ_CHANNELS_HTTP_PORT} + ${SMQ_HTTP_ADAPTER_PORT} + ${SMQ_NGINX_MQTT_PORT} + ${SMQ_NGINX_MQTTS_PORT} + ${SMQ_INVITATIONS_HTTP_PORT} + ${SMQ_WS_ADAPTER_HTTP_PORT}' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf exec nginx -g "daemon off;" diff --git a/docker/nginx/nginx-key.conf b/docker/nginx/nginx-key.conf index 81cce5a..9ff201b 100644 --- a/docker/nginx/nginx-key.conf +++ b/docker/nginx/nginx-key.conf @@ -1,4 +1,4 @@ -# This is the default Magistrala NGINX configuration. +# This is the default SuperMQ NGINX configuration. user nginx; worker_processes auto; @@ -37,7 +37,7 @@ http { listen [::]:443 ssl default_server; http2 on; - set $dynamic_server_name "$MG_NGINX_SERVER_NAME"; + set $dynamic_server_name "$SMQ_NGINX_SERVER_NAME"; if ($dynamic_server_name = '') { set $dynamic_server_name "localhost"; @@ -54,111 +54,80 @@ http { add_header Access-Control-Allow-Methods '*'; add_header Access-Control-Allow-Headers '*'; - location ~ ^/(channels)/(.+)/(things)/(.+) { - include snippets/proxy-headers.conf; - add_header Access-Control-Expose-Headers Location; - proxy_pass http://things:${MG_THINGS_HTTP_PORT}; - } - # Proxy pass to users & groups id to things service for listing of channels - # /users/{userID}/channels - Listing of channels belongs to userID - # /groups/{userGroupID}/channels - Listing of channels belongs to userGroupID - location ~ ^/(users|groups)/(.+)/(channels|things) { + # Proxy pass to domains service + location ~ ^/(domains) { include snippets/proxy-headers.conf; add_header Access-Control-Expose-Headers Location; - if ($request_method = GET) { - proxy_pass http://things:${MG_THINGS_HTTP_PORT}; - break; - } - proxy_pass http://users:${MG_USERS_HTTP_PORT}; + proxy_pass http://domains:${SMQ_DOMAINS_HTTP_PORT}; } - # Proxy pass to channel id to users service for listing of channels - # /channels/{channelID}/users - Listing of Users belongs to channelID - # /channels/{channelID}/groups - Listing of User Groups belongs to channelID - location ~ ^/(channels|things)/(.+)/(users|groups) { + # Proxy pass to users service + location ~ ^/(users|password|authorize|oauth/callback/[^/]+) { include snippets/proxy-headers.conf; add_header Access-Control-Expose-Headers Location; - if ($request_method = GET) { - proxy_pass http://users:${MG_USERS_HTTP_PORT}; - break; - } - proxy_pass http://things:${MG_THINGS_HTTP_PORT}; + proxy_pass http://users:${SMQ_USERS_HTTP_PORT}; } - # Proxy pass to user id to auth service for listing of domains - # /users/{userID}/domains - Listing of Domains belongs to userID - location ~ ^/(users)/(.+)/(domains) { + # Proxy pass to groups service + location ~ "^/([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12})/(groups)" { include snippets/proxy-headers.conf; add_header Access-Control-Expose-Headers Location; - if ($request_method = GET) { - proxy_pass http://auth:${MG_AUTH_HTTP_PORT}; - break; - } - proxy_pass http://users:${MG_USERS_HTTP_PORT}; + proxy_pass http://groups:${SMQ_GROUPS_HTTP_PORT}; } - # Proxy pass to domain id to users service for listing of users - # /domains/{domainID}/users - Listing of Users belongs to domainID - location ~ ^/(domains)/(.+)/(users) { + # Proxy pass to clients service + location ~ "^/([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})/(clients)" { include snippets/proxy-headers.conf; add_header Access-Control-Expose-Headers Location; - if ($request_method = GET) { - proxy_pass http://users:${MG_USERS_HTTP_PORT}; - break; - } - proxy_pass http://auth:${MG_AUTH_HTTP_PORT}; + proxy_pass http://clients:${SMQ_CLIENTS_HTTP_PORT}; } - - # Proxy pass to auth service - location ~ ^/(domains) { + # Proxy pass to domains service + location ~ "^/([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})/(channels)" { include snippets/proxy-headers.conf; add_header Access-Control-Expose-Headers Location; - proxy_pass http://auth:${MG_AUTH_HTTP_PORT}; + proxy_pass http://channels:${SMQ_CHANNELS_HTTP_PORT}; } - # Proxy pass to users service - location ~ ^/(users|groups|password|authorize|oauth/callback/[^/]+) { + # Proxy pass to invitations service + location ~ ^/(invitations) { include snippets/proxy-headers.conf; add_header Access-Control-Expose-Headers Location; - proxy_pass http://users:${MG_USERS_HTTP_PORT}; + proxy_pass http://invitations:${SMQ_INVITATIONS_HTTP_PORT}; } - location ^~ /users/policies { + location /health { include snippets/proxy-headers.conf; - add_header Access-Control-Expose-Headers Location; - proxy_pass http://users:${MG_USERS_HTTP_PORT}/policies; + proxy_pass http://clients:${SMQ_CLIENTS_HTTP_PORT}; } - # Proxy pass to things service - location ~ ^/(things|channels|connect|disconnect|identify) { + location /metrics { include snippets/proxy-headers.conf; - add_header Access-Control-Expose-Headers Location; - proxy_pass http://things:${MG_THINGS_HTTP_PORT}; + proxy_pass http://clients:${SMQ_CLIENTS_HTTP_PORT}; } - location ^~ /things/policies { + # Proxy pass to supermq-http-adapter + location /http/ { include snippets/proxy-headers.conf; - add_header Access-Control-Expose-Headers Location; - proxy_pass http://things:${MG_THINGS_HTTP_PORT}/policies; - } - - location /health { - include snippets/proxy-headers.conf; - proxy_pass http://things:${MG_THINGS_HTTP_PORT}; + # Trailing `/` is mandatory. Refer to the http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass + # If the proxy_pass directive is specified with a URI, then when a request is passed to the server, + # the part of a normalized request URI matching the location is replaced by a URI specified in the directive + proxy_pass http://http-adapter:${SMQ_HTTP_ADAPTER_PORT}/; } - location /metrics { + # Proxy pass to supermq-mqtt-adapter over WS + location /mqtt { include snippets/proxy-headers.conf; - proxy_pass http://things:${MG_THINGS_HTTP_PORT}; + include snippets/ws-upgrade.conf; + proxy_pass http://mqtt_ws_cluster; } - # Proxy pass to magistrala-mqtt-adapter over WS - location /mqtt { + # Proxy pass to supermq-ws-adapter + location /ws/ { include snippets/proxy-headers.conf; include snippets/ws-upgrade.conf; - proxy_pass http://mqtt_ws_cluster; + proxy_pass http://ws-adapter:${SMQ_WS_ADAPTER_HTTP_PORT}/; } } } @@ -171,10 +140,10 @@ stream { include snippets/mqtt-upstream.conf; server { - listen ${MG_NGINX_MQTT_PORT}; - listen [::]:${MG_NGINX_MQTT_PORT}; - listen ${MG_NGINX_MQTTS_PORT} ssl; - listen [::]:${MG_NGINX_MQTTS_PORT} ssl; + listen ${SMQ_NGINX_MQTT_PORT}; + listen [::]:${SMQ_NGINX_MQTT_PORT}; + listen ${SMQ_NGINX_MQTTS_PORT} ssl; + listen [::]:${SMQ_NGINX_MQTTS_PORT} ssl; include snippets/ssl.conf; diff --git a/docker/nginx/nginx-x509.conf b/docker/nginx/nginx-x509.conf index 10984b3..5d9a2c4 100644 --- a/docker/nginx/nginx-x509.conf +++ b/docker/nginx/nginx-x509.conf @@ -1,4 +1,4 @@ -# This is the Magistrala NGINX configuration for mututal authentication based on X.509 certifiactes. +# This is the SuperMQ NGINX configuration for mututal authentication based on X.509 certifiactes. user nginx; worker_processes auto; @@ -44,7 +44,7 @@ http { listen [::]:443 ssl default_server; http2 on; - set $dynamic_server_name "$MG_NGINX_SERVER_NAME"; + set $dynamic_server_name "$SMQ_NGINX_SERVER_NAME"; if ($dynamic_server_name = '') { set $dynamic_server_name "localhost"; @@ -63,111 +63,84 @@ http { add_header Access-Control-Allow-Methods '*'; add_header Access-Control-Allow-Headers '*'; - location ~ ^/(channels)/(.+)/(things)/(.+) { - include snippets/proxy-headers.conf; - add_header Access-Control-Expose-Headers Location; - proxy_pass http://things:${MG_THINGS_HTTP_PORT}; - } - # Proxy pass to users & groups id to things service for listing of channels - # /users/{userID}/channels - Listing of channels belongs to userID - # /groups/{userGroupID}/channels - Listing of channels belongs to userGroupID - location ~ ^/(users|groups)/(.+)/(channels|things) { + # Proxy pass to domains service + location ~ ^/(domains) { include snippets/proxy-headers.conf; add_header Access-Control-Expose-Headers Location; - if ($request_method = GET) { - proxy_pass http://things:${MG_THINGS_HTTP_PORT}; - break; - } - proxy_pass http://users:${MG_USERS_HTTP_PORT}; + proxy_pass http://domains:${SMQ_DOMAINS_HTTP_PORT}; } - # Proxy pass to channel id to users service for listing of channels - # /channels/{channelID}/users - Listing of Users belongs to channelID - # /channels/{channelID}/groups - Listing of User Groups belongs to channelID - location ~ ^/(channels|things)/(.+)/(users|groups) { + # Proxy pass to users service + location ~ ^/(users|groups|password|authorize|oauth/callback/[^/]+) { include snippets/proxy-headers.conf; add_header Access-Control-Expose-Headers Location; - if ($request_method = GET) { - proxy_pass http://users:${MG_USERS_HTTP_PORT}; - break; - } - proxy_pass http://things:${MG_THINGS_HTTP_PORT}; + proxy_pass http://users:${SMQ_USERS_HTTP_PORT}; } - # Proxy pass to user id to auth service for listing of domains - # /users/{userID}/domains - Listing of Domains belongs to userID - location ~ ^/(users)/(.+)/(domains) { + # Proxy pass to groups service + location ~ "^/([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12})/(groups)" { include snippets/proxy-headers.conf; add_header Access-Control-Expose-Headers Location; - if ($request_method = GET) { - proxy_pass http://auth:${MG_AUTH_HTTP_PORT}; - break; - } - proxy_pass http://users:${MG_USERS_HTTP_PORT}; + proxy_pass http://groups:${SMQ_GROUPS_HTTP_PORT}; } - # Proxy pass to domain id to users service for listing of users - # /domains/{domainID}/users - Listing of Users belongs to domainID - location ~ ^/(domains)/(.+)/(users) { + # Proxy pass to clients service + location ~ "^/([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})/(clients)" { include snippets/proxy-headers.conf; add_header Access-Control-Expose-Headers Location; - if ($request_method = GET) { - proxy_pass http://users:${MG_USERS_HTTP_PORT}; - break; - } - proxy_pass http://auth:${MG_AUTH_HTTP_PORT}; + proxy_pass http://clients:${SMQ_CLIENTS_HTTP_PORT}; } - - # Proxy pass to auth service - location ~ ^/(domains) { + # Proxy pass to domains service + location ~ "^/([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})/(channels)" { include snippets/proxy-headers.conf; add_header Access-Control-Expose-Headers Location; - proxy_pass http://auth:${MG_AUTH_HTTP_PORT}; + proxy_pass http://channels:${SMQ_CHANNELS_HTTP_PORT}; } - # Proxy pass to users service - location ~ ^/(users|groups|password|authorize|oauth/callback/[^/]+) { + # Proxy pass to invitations service + location ~ ^/(invitations) { include snippets/proxy-headers.conf; add_header Access-Control-Expose-Headers Location; - proxy_pass http://users:${MG_USERS_HTTP_PORT}; + proxy_pass http://invitations:${SMQ_INVITATIONS_HTTP_PORT}; } - location ^~ /users/policies { + location /health { include snippets/proxy-headers.conf; - add_header Access-Control-Expose-Headers Location; - proxy_pass http://users:${MG_USERS_HTTP_PORT}/policies; + proxy_pass http://clients:${SMQ_CLIENTS_HTTP_PORT}; } - # Proxy pass to things service - location ~ ^/(things|channels|connect|disconnect|identify) { + location /metrics { include snippets/proxy-headers.conf; - add_header Access-Control-Expose-Headers Location; - proxy_pass http://things:${MG_THINGS_HTTP_PORT}; + proxy_pass http://clients:${SMQ_CLIENTS_HTTP_PORT}; } - location ^~ /things/policies { + # Proxy pass to supermq-http-adapter + location /http/ { + include snippets/verify-ssl-client.conf; include snippets/proxy-headers.conf; - add_header Access-Control-Expose-Headers Location; - proxy_pass http://things:${MG_THINGS_HTTP_PORT}/policies; - } + proxy_set_header Authorization $auth_key; - location /health { - include snippets/proxy-headers.conf; - proxy_pass http://things:${MG_THINGS_HTTP_PORT}; + # Trailing `/` is mandatory. Refer to the http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass + # If the proxy_pass directive is specified with a URI, then when a request is passed to the server, + # the part of a normalized request URI matching the location is replaced by a URI specified in the directive + proxy_pass http://http-adapter:${SMQ_HTTP_ADAPTER_PORT}/; } - location /metrics { + # Proxy pass to supermq-mqtt-adapter over WS + location /mqtt { + include snippets/verify-ssl-client.conf; include snippets/proxy-headers.conf; - proxy_pass http://things:${MG_THINGS_HTTP_PORT}; + include snippets/ws-upgrade.conf; + proxy_pass http://mqtt_ws_cluster; } - # Proxy pass to magistrala-mqtt-adapter over WS - location /mqtt { + # Proxy pass to supermq-ws-adapter + location /ws/ { include snippets/verify-ssl-client.conf; include snippets/proxy-headers.conf; include snippets/ws-upgrade.conf; - proxy_pass http://mqtt_ws_cluster; + proxy_pass http://ws-adapter:${SMQ_WS_ADAPTER_HTTP_PORT}/; } } } @@ -187,10 +160,10 @@ stream { include snippets/ssl-client.conf; server { - listen ${MG_NGINX_MQTT_PORT}; - listen [::]:${MG_NGINX_MQTT_PORT}; - listen ${MG_NGINX_MQTTS_PORT} ssl; - listen [::]:${MG_NGINX_MQTTS_PORT} ssl; + listen ${SMQ_NGINX_MQTT_PORT}; + listen [::]:${SMQ_NGINX_MQTT_PORT}; + listen ${SMQ_NGINX_MQTTS_PORT} ssl; + listen [::]:${SMQ_NGINX_MQTTS_PORT} ssl; include snippets/ssl.conf; js_preread authorization.authenticate; diff --git a/docker/nginx/snippets/mqtt-upstream-cluster.conf b/docker/nginx/snippets/mqtt-upstream-cluster.conf index e0f7248..4e1895a 100644 --- a/docker/nginx/snippets/mqtt-upstream-cluster.conf +++ b/docker/nginx/snippets/mqtt-upstream-cluster.conf @@ -1,6 +1,6 @@ upstream mqtt_cluster { least_conn; - server mqtt-adapter-1:${MG_MQTT_ADAPTER_MQTT_PORT}; - server mqtt-adapter-2:${MG_MQTT_ADAPTER_MQTT_PORT}; - server mqtt-adapter-3:${MG_MQTT_ADAPTER_MQTT_PORT}; -} \ No newline at end of file + server mqtt-adapter-1:${SMQ_MQTT_ADAPTER_MQTT_PORT}; + server mqtt-adapter-2:${SMQ_MQTT_ADAPTER_MQTT_PORT}; + server mqtt-adapter-3:${SMQ_MQTT_ADAPTER_MQTT_PORT}; +} diff --git a/docker/nginx/snippets/mqtt-upstream-single.conf b/docker/nginx/snippets/mqtt-upstream-single.conf index 35a8a27..0072601 100644 --- a/docker/nginx/snippets/mqtt-upstream-single.conf +++ b/docker/nginx/snippets/mqtt-upstream-single.conf @@ -1,3 +1,3 @@ upstream mqtt_cluster { - server mqtt-adapter:${MG_MQTT_ADAPTER_MQTT_PORT}; -} \ No newline at end of file + server mqtt-adapter:${SMQ_MQTT_ADAPTER_MQTT_PORT}; +} diff --git a/docker/nginx/snippets/mqtt-ws-upstream-cluster.conf b/docker/nginx/snippets/mqtt-ws-upstream-cluster.conf index c8ff07c..7a17440 100644 --- a/docker/nginx/snippets/mqtt-ws-upstream-cluster.conf +++ b/docker/nginx/snippets/mqtt-ws-upstream-cluster.conf @@ -1,6 +1,6 @@ upstream mqtt_ws_cluster { least_conn; - server mqtt-adapter-1:${MG_MQTT_ADAPTER_WS_PORT}; - server mqtt-adapter-2:${MG_MQTT_ADAPTER_WS_PORT}; - server mqtt-adapter-3:${MG_MQTT_ADAPTER_WS_PORT}; -} \ No newline at end of file + server mqtt-adapter-1:${SMQ_MQTT_ADAPTER_WS_PORT}; + server mqtt-adapter-2:${SMQ_MQTT_ADAPTER_WS_PORT}; + server mqtt-adapter-3:${SMQ_MQTT_ADAPTER_WS_PORT}; +} diff --git a/docker/nginx/snippets/mqtt-ws-upstream-single.conf b/docker/nginx/snippets/mqtt-ws-upstream-single.conf index 49e55bd..a92df4e 100644 --- a/docker/nginx/snippets/mqtt-ws-upstream-single.conf +++ b/docker/nginx/snippets/mqtt-ws-upstream-single.conf @@ -1,3 +1,3 @@ upstream mqtt_ws_cluster { - server mqtt-adapter:${MG_MQTT_ADAPTER_WS_PORT}; -} \ No newline at end of file + server mqtt-adapter:${SMQ_MQTT_ADAPTER_WS_PORT}; +} diff --git a/docker/nginx/snippets/ssl.conf b/docker/nginx/snippets/ssl.conf index 2406491..68e433b 100644 --- a/docker/nginx/snippets/ssl.conf +++ b/docker/nginx/snippets/ssl.conf @@ -1,7 +1,7 @@ # These paths are set to its default values as # a volume in the docker/docker-compose.yml file. -ssl_certificate /etc/ssl/certs/magistrala-server.crt; -ssl_certificate_key /etc/ssl/private/magistrala-server.key; +ssl_certificate /etc/ssl/certs/supermq-server.crt; +ssl_certificate_key /etc/ssl/private/supermq-server.key; ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_protocols TLSv1.2 TLSv1.3; diff --git a/docker/spicedb/schema.zed b/docker/spicedb/schema.zed index 215797a..c52099d 100644 --- a/docker/spicedb/schema.zed +++ b/docker/spicedb/schema.zed @@ -1,74 +1,510 @@ definition user {} -definition thing { - relation administrator: user - relation group: group - relation domain: domain - - permission admin = administrator + group->admin + domain->admin - permission delete = admin - permission edit = admin + group->edit + domain->edit - permission view = edit + group->view + domain->view - permission share = edit - permission publish = group - permission subscribe = group - - // These permission are made for only list purpose. It helps to list users have only particular permission excluding other higher and lower permission. - permission admin_only = admin - permission edit_only = edit - admin - permission view_only = view - - // These permission are made for only list purpose. It helps to list users from external, users who are not in group but have permission on the group through parent group - permission ext_admin = admin - administrator // For list of external admin , not having direct relation with group, but have indirect relation from parent group -} -definition group { - relation administrator: user - relation editor: user - relation contributor: user +definition role { + relation entity: domain | group | channel | client relation member: user - relation guest: user + relation built_in_role: domain | group | channel | client + + permission delete = entity->manage_role_permission - built_in_role->manage_role_permission + permission update = entity->manage_role_permission - built_in_role->manage_role_permission + permission read = entity->manage_role_permission - built_in_role->manage_role_permission + + permission add_user = entity->add_role_users_permission + permission remove_user = entity->remove_role_users_permission + permission view_user = entity->view_role_users_permission +} + +definition client { + relation domain: domain // This can't be clubbed with parent_group, but if parent_group is unassigned then we could not track belongs to which domain, so it safe to add domain + relation parent_group: group + + relation update: role#member + relation read: role#member + relation delete: role#member + relation set_parent_group: role#member + relation connect_to_channel: role#member + + relation manage_role: role#member + relation add_role_users: role#member + relation remove_role_users: role#member + relation view_role_users: role#member + + permission update_permission = update + parent_group->client_update_permission + domain->client_update_permission + permission read_permission = read + parent_group->client_read_permission + domain->client_read_permission + permission delete_permission = delete + parent_group->client_delete_permission + domain->client_delete_permission + permission set_parent_group_permission = set_parent_group + parent_group->client_set_parent_group_permission + domain->client_set_parent_group_permission + permission connect_to_channel_permission = connect_to_channel + parent_group->client_connect_to_channel + domain->client_connect_to_channel_permission + + permission manage_role_permission = manage_role + parent_group->client_manage_role_permission + domain->client_manage_role_permission + permission add_role_users_permission = add_role_users + parent_group->client_add_role_users_permission + domain->client_add_role_users_permission + permission remove_role_users_permission = remove_role_users + parent_group->client_remove_role_users_permission + domain->client_remove_role_users_permission + permission view_role_users_permission = view_role_users + parent_group->client_view_role_users_permission + domain->client_view_role_users_permission +} +definition channel { + relation domain: domain // This can't be clubbed with parent_group, but if parent_group is unassigned then we could not track belongs to which domain, so it safe to add domain relation parent_group: group - relation domain: domain - - permission admin = administrator + parent_group->admin + domain->admin - permission delete = admin - permission edit = admin + editor + parent_group->edit + domain->edit - permission share = edit - permission view = contributor + edit + parent_group->view + domain->view + guest - permission membership = view + member - permission create = membership - guest - - // These permissions are made for listing purposes. They enable listing users who have only particular permission excluding higher-level permissions users. - permission admin_only = admin - permission edit_only = edit - admin - permission view_only = view - permission membership_only = membership - view - - // These permission are made for only list purpose. They enable listing users who have only particular permission from parent group excluding higher-level permissions. - permission ext_admin = admin - administrator // For list of external admin , not having direct relation with group, but have indirect relation from parent group - permission ext_edit = edit - editor // For list of external edit , not having direct relation with group, but have indirect relation from parent group - permission ext_view = view - contributor // For list of external view , not having direct relation with group, but have indirect relation from parent group + + relation update: role#member + relation read: role#member + relation delete: role#member + relation set_parent_group: role#member + relation connect_to_client: role#member + relation publish: role#member | client + relation subscribe: role#member | client + + relation manage_role: role#member + relation add_role_users: role#member + relation remove_role_users: role#member + relation view_role_users: role#member + + permission update_permission = update + parent_group->channel_update_permission + domain->channel_update_permission + permission read_permission = read + parent_group->channel_read_permission + domain->channel_read_permission + permission delete_permission = delete + parent_group->channel_delete_permission + domain->channel_delete_permission + permission set_parent_group_permission = set_parent_group + parent_group->channel_set_parent_group_permission + domain->channel_set_parent_group_permission + permission connect_to_client_permission = connect_to_client + parent_group->channel_connect_to_client_permission + domain->channel_connect_to_client + permission publish_permission = publish + parent_group->channel_publish_permission + domain->channel_publish_permission + permission subscribe_permission = subscribe + parent_group->channel_subscribe_permission + domain->channel_subscribe_permission + + permission manage_role_permission = manage_role + parent_group->channel_manage_role_permission + domain->channel_manage_role_permission + permission add_role_users_permission = add_role_users + parent_group->channel_add_role_users_permission + domain->channel_add_role_users_permission + permission remove_role_users_permission = remove_role_users + parent_group->channel_remove_role_users_permission + domain->channel_remove_role_users_permission + permission view_role_users_permission = view_role_users + parent_group->channel_view_role_users_permission + domain->channel_view_role_users_permission +} + +definition group { + relation domain: domain // This can't be clubbed with parent_group, but if parent_group is unassigned then we could not track belongs to which domain, so it is safe to add domain + relation parent_group: group + + relation update: role#member + relation read: role#member + relation membership: role#member + relation delete: role#member + relation set_child: role#member + relation set_parent: role#member + + relation manage_role: role#member + relation add_role_users: role#member + relation remove_role_users: role#member + relation view_role_users: role#member + + relation client_create: role#member + relation channel_create: role#member + // this allows to add parent for group during the new group creation + relation subgroup_create: role#member + relation subgroup_client_create: role#member + relation subgroup_channel_create: role#member + + relation client_update: role#member + relation client_read: role#member + relation client_delete: role#member + relation client_set_parent_group: role#member + relation client_connect_to_channel: role#member + + relation client_manage_role: role#member + relation client_add_role_users: role#member + relation client_remove_role_users: role#member + relation client_view_role_users: role#member + + relation channel_update: role#member + relation channel_read: role#member + relation channel_delete: role#member + relation channel_set_parent_group: role#member + relation channel_connect_to_client: role#member + relation channel_publish: role#member + relation channel_subscribe: role#member + + relation channel_manage_role: role#member + relation channel_add_role_users: role#member + relation channel_remove_role_users: role#member + relation channel_view_role_users: role#member + + relation subgroup_update: role#member + relation subgroup_read: role#member + relation subgroup_membership: role#member + relation subgroup_delete: role#member + relation subgroup_set_child: role#member + relation subgroup_set_parent: role#member + + relation subgroup_manage_role: role#member + relation subgroup_add_role_users: role#member + relation subgroup_remove_role_users: role#member + relation subgroup_view_role_users: role#member + + relation subgroup_client_update: role#member + relation subgroup_client_read: role#member + relation subgroup_client_delete: role#member + relation subgroup_client_set_parent_group: role#member + relation subgroup_client_connect_to_channel: role#member + + relation subgroup_client_manage_role: role#member + relation subgroup_client_add_role_users: role#member + relation subgroup_client_remove_role_users: role#member + relation subgroup_client_view_role_users: role#member + + relation subgroup_channel_update: role#member + relation subgroup_channel_read: role#member + relation subgroup_channel_delete: role#member + relation subgroup_channel_set_parent_group: role#member + relation subgroup_channel_connect_to_client: role#member + relation subgroup_channel_publish: role#member + relation subgroup_channel_subscribe: role#member + + relation subgroup_channel_manage_role: role#member + relation subgroup_channel_add_role_users: role#member + relation subgroup_channel_remove_role_users: role#member + relation subgroup_channel_view_role_users: role#member + + // Subgroup permission + permission subgroup_create_permission = subgroup_create + parent_group->subgroup_create_permission + permission subgroup_client_create_permission = subgroup_client_create + parent_group->subgroup_client_create_permission + permission subgroup_channel_create_permission = subgroup_channel_create + parent_group->subgroup_channel_create_permission + + permission subgroup_update_permission = subgroup_update + parent_group->subgroup_update_permission + permission subgroup_membership_permission = subgroup_membership + parent_group->subgroup_membership_permission + permission subgroup_read_permission = subgroup_read + parent_group->subgroup_read_permission + permission subgroup_delete_permission = subgroup_delete + parent_group->subgroup_delete_permission + permission subgroup_set_child_permission = subgroup_set_child + parent_group->subgroup_set_child_permission + permission subgroup_set_parent_permission = subgroup_set_parent + parent_group->subgroup_set_parent_permission + + permission subgroup_manage_role_permission = subgroup_manage_role + parent_group->subgroup_manage_role_permission + permission subgroup_add_role_users_permission = subgroup_add_role_users + parent_group->subgroup_add_role_users_permission + permission subgroup_remove_role_users_permission = subgroup_remove_role_users + parent_group->subgroup_remove_role_users_permission + permission subgroup_view_role_users_permission = subgroup_view_role_users + parent_group->subgroup_view_role_users_permission + + // Group permission + permission update_permission = update + parent_group->subgroup_create_permission + domain->group_update_permission + permission membership_permission = membership + parent_group->subgroup_membership_permission + domain->group_membership_permission + permission read_permission = read + parent_group->subgroup_read_permission + domain->group_read_permission + permission delete_permission = delete + parent_group->subgroup_delete_permission + domain->group_delete_permission + permission set_child_permission = set_child + parent_group->subgroup_set_child_permission + domain->group_set_child + permission set_parent_permission = set_parent + parent_group->subgroup_set_parent_permission + domain->group_set_parent + + permission manage_role_permission = manage_role + parent_group->subgroup_manage_role_permission + domain->group_manage_role_permission + permission add_role_users_permission = add_role_users + parent_group->subgroup_add_role_users_permission + domain->group_add_role_users_permission + permission remove_role_users_permission = remove_role_users + parent_group->subgroup_remove_role_users_permission + domain->group_remove_role_users_permission + permission view_role_users_permission = view_role_users + parent_group->subgroup_view_role_users_permission + domain->group_view_role_users_permission + + // Subgroup clients permisssion + permission subgroup_client_update_permission = subgroup_client_update + parent_group->subgroup_client_update_permission + permission subgroup_client_read_permission = subgroup_client_read + parent_group->subgroup_client_read_permission + permission subgroup_client_delete_permission = subgroup_client_delete + parent_group->subgroup_client_delete_permission + permission subgroup_client_set_parent_group_permission = subgroup_client_set_parent_group + parent_group->subgroup_client_set_parent_group_permission + permission subgroup_client_connect_to_channel_permission = subgroup_client_connect_to_channel + parent_group->subgroup_client_connect_to_channel_permission + + permission subgroup_client_manage_role_permission = subgroup_client_manage_role + parent_group->subgroup_client_manage_role_permission + permission subgroup_client_add_role_users_permission = subgroup_client_add_role_users + parent_group->subgroup_client_add_role_users_permission + permission subgroup_client_remove_role_users_permission = subgroup_client_remove_role_users + parent_group->subgroup_client_remove_role_users_permission + permission subgroup_client_view_role_users_permission = subgroup_client_view_role_users + parent_group->subgroup_client_view_role_users_permission + + // Group clients permisssion + permission client_create_permission = client_create + parent_group->subgroup_client_create + domain->client_create_permission + permission client_update_permission = client_update + parent_group->subgroup_client_update + domain->client_update_permission + permission client_read_permission = client_read + parent_group->subgroup_client_read + domain->client_read_permission + permission client_delete_permission = client_delete + parent_group->subgroup_client_delete + domain->client_delete_permission + permission client_set_parent_group_permission = client_set_parent_group + parent_group->subgroup_client_set_parent_group + domain->client_set_parent_group_permission + permission client_connect_to_channel_permission = client_connect_to_channel + parent_group->subgroup_client_connect_to_channel + domain->client_connect_to_channel_permission + + permission client_manage_role_permission = client_manage_role + parent_group->subgroup_client_manage_role + domain->client_manage_role_permission + permission client_add_role_users_permission = client_add_role_users + parent_group->subgroup_client_add_role_users + domain->client_add_role_users_permission + permission client_remove_role_users_permission = client_remove_role_users + parent_group->subgroup_client_remove_role_users + domain->client_remove_role_users_permission + permission client_view_role_users_permission = client_view_role_users + parent_group->subgroup_client_view_role_users + domain->client_view_role_users_permission + + // Subgroup channels permisssion + permission subgroup_channel_update_permission = subgroup_channel_update + parent_group->subgroup_channel_update_permission + permission subgroup_channel_read_permission = subgroup_channel_read + parent_group->subgroup_channel_read_permission + permission subgroup_channel_delete_permission = subgroup_channel_delete + parent_group->subgroup_channel_delete_permission + permission subgroup_channel_set_parent_group_permission = subgroup_channel_set_parent_group + parent_group->subgroup_channel_set_parent_group_permission + permission subgroup_channel_connect_to_client_permission = subgroup_channel_connect_to_client + parent_group->subgroup_channel_connect_to_client_permission + permission subgroup_channel_publish_permission = subgroup_channel_publish + parent_group->subgroup_channel_publish_permission + permission subgroup_channel_subscribe_permission = subgroup_channel_subscribe + parent_group->subgroup_channel_subscribe_permission + + permission subgroup_channel_manage_role_permission = subgroup_channel_manage_role + parent_group->subgroup_channel_manage_role_permission + permission subgroup_channel_add_role_users_permission = subgroup_channel_add_role_users + parent_group->subgroup_channel_add_role_users_permission + permission subgroup_channel_remove_role_users_permission = subgroup_channel_remove_role_users + parent_group->subgroup_channel_remove_role_users_permission + permission subgroup_channel_view_role_users_permission = subgroup_channel_view_role_users + parent_group->subgroup_channel_view_role_users_permission + + // Group channels permisssion + permission channel_create_permission = channel_create + parent_group->subgroup_channel_create_permission + domain->channel_create_permission + permission channel_update_permission = channel_update + parent_group->subgroup_channel_update + domain->channel_update_permission + permission channel_read_permission = channel_read + parent_group->subgroup_channel_read + domain->channel_read_permission + permission channel_delete_permission = channel_delete + parent_group->subgroup_channel_delete_permission + domain->channel_delete_permission + permission channel_set_parent_group_permission = channel_set_parent_group + parent_group->subgroup_channel_set_parent_group + domain->channel_set_parent_group_permission + permission channel_connect_to_client_permission = channel_connect_to_client + parent_group->subgroup_channel_connect_to_client + domain->channel_connect_to_client_permission + permission channel_publish_permission = channel_publish + parent_group->subgroup_channel_publish + domain->channel_publish_permission + permission channel_subscribe_permission = channel_subscribe + parent_group->subgroup_channel_subscribe + domain->channel_subscribe_permission + + permission channel_manage_role_permission = channel_manage_role + parent_group->subgroup_channel_manage_role + domain->channel_manage_role_permission + permission channel_add_role_users_permission = channel_add_role_users + parent_group->subgroup_channel_add_role_users + domain->channel_add_role_users_permission + permission channel_remove_role_users_permission = channel_remove_role_users + parent_group->subgroup_channel_remove_role_users + domain->channel_remove_role_users_permission + permission channel_view_role_users_permission = channel_view_role_users + parent_group->subgroup_channel_view_role_users + domain->channel_view_role_users_permission + + } definition domain { - relation administrator: user // combination domain + user id - relation editor: user - relation contributor: user - relation member: user - relation guest: user + //Replace platoform with organization in future + relation organization: platform + relation team: team + + relation update: role#member | team#member + relation enable: role#member | team#member + relation disable: role#member | team#member + relation read: role#member | team#member + relation delete: role#member | team#member + + relation manage_role: role#member | team#member + relation add_role_users: role#member | team#member + relation remove_role_users: role#member | team#member + relation view_role_users: role#member | team#member + + relation client_create: role#member | team#member + relation channel_create: role#member | team#member + relation group_create: role#member | team#member + + relation client_update: role#member | team#member + relation client_read: role#member | team#member + relation client_delete: role#member | team#member + relation client_set_parent_group: role#member | team#member + relation client_connect_to_channel: role#member | team#member + relation client_manage_role: role#member | team#member + relation client_add_role_users: role#member | team#member + relation client_remove_role_users: role#member | team#member + relation client_view_role_users: role#member | team#member + + relation channel_update: role#member | team#member + relation channel_read: role#member | team#member + relation channel_delete: role#member | team#member + relation channel_set_parent_group: role#member | team#member + relation channel_connect_to_client: role#member | team#member + relation channel_publish: role#member | team#member + relation channel_subscribe: role#member | team#member + + relation channel_manage_role: role#member | team#member + relation channel_add_role_users: role#member | team#member + relation channel_remove_role_users: role#member | team#member + relation channel_view_role_users: role#member | team#member + + relation group_update: role#member | team#member + relation group_membership: role#member | team#member + relation group_read: role#member | team#member + relation group_delete: role#member | team#member + relation group_set_child: role#member | team#member + relation group_set_parent: role#member | team#member + + relation group_manage_role: role#member | team#member + relation group_add_role_users: role#member | team#member + relation group_remove_role_users: role#member | team#member + relation group_view_role_users: role#member | team#member + + permission update_permission = update + team->domain_update + organization->admin + permission read_permission = read + team->domain_read + organization->admin + permission enable_permission = enable + team->domain_update + organization->admin + permission disable_permission = disable + team->domain_update + organization->admin + permission delete_permission = delete + team->domain_delete + organization->admin + + permission manage_role_permission = manage_role + team->domain_manage_role + organization->admin + permission add_role_users_permission = add_role_users + team->domain_add_role_users + organization->admin + permission remove_role_users_permission = remove_role_users + team->domain_remove_role_users + organization->admin + permission view_role_users_permission = view_role_users + team->domain_view_role_users + organization->admin + + permission membership = read + update + enable + disable + delete + manage_role + add_role_users + remove_role_users + view_role_users + permission admin = read & update & enable & disable & delete & manage_role & add_role_users & remove_role_users & view_role_users + + permission client_create_permission = client_create + team->client_create + organization->admin + permission channel_create_permission = channel_create + team->channel_create + organization->admin + permission group_create_permission = group_create + team->group_create + organization->admin + + permission client_update_permission = client_update + team->client_update + organization->admin + permission client_read_permission = client_read + team->client_read + organization->admin + permission client_delete_permission = client_delete + team->client_delete + organization->admin + permission client_set_parent_group_permission = client_set_parent_group + team->client_set_parent_group + organization->admin + permission client_connect_to_channel_permission = client_connect_to_channel + team->client_connect_to_channel + organization->admin + + permission client_manage_role_permission = client_manage_role + team->client_manage_role + organization->admin + permission client_add_role_users_permission = client_add_role_users + team->client_add_role_users + organization->admin + permission client_remove_role_users_permission = client_remove_role_users + team->client_remove_role_users + organization->admin + permission client_view_role_users_permission = client_view_role_users + team->client_view_role_users + organization->admin + + permission channel_update_permission = channel_update + team->channel_update + organization->admin + permission channel_read_permission = channel_read + team->channel_read + organization->admin + permission channel_delete_permission = channel_delete + team->channel_delete + organization->admin + permission channel_set_parent_group_permission = channel_set_parent_group + team->channel_set_parent_group + organization->admin + permission channel_connect_to_client_permission = channel_connect_to_client + team->channel_connect_to_client + organization->admin + permission channel_publish_permission = channel_publish + team->channel_publish + organization->admin + permission channel_subscribe_permission = channel_subscribe + team->channel_subscribe + organization->admin + + permission channel_manage_role_permission = channel_manage_role + team->channel_manage_role + organization->admin + permission channel_add_role_users_permission = channel_add_role_users + team->channel_add_role_users + organization->admin + permission channel_remove_role_users_permission = channel_remove_role_users + team->channel_remove_role_users + organization->admin + permission channel_view_role_users_permission = channel_view_role_users + team->channel_view_role_users + organization->admin + + permission group_update_permission = group_update + team->group_update + organization->admin + permission group_membership_permission = group_membership + team->group_membership + organization->admin + permission group_read_permission = group_read + team->group_read + organization->admin + permission group_delete_permission = group_delete + team->group_delete + organization->admin + permission group_set_child_permission = group_set_child + team->group_set_child + organization->admin + permission group_set_parent_permission = group_set_parent + team->group_set_parent + organization->admin + + permission group_manage_role_permission = group_manage_role + team->group_manage_role + organization->admin + permission group_add_role_users_permission = group_add_role_users + team->group_add_role_users + organization->admin + permission group_remove_role_users_permission = group_remove_role_users + team->group_remove_role_users + organization->admin + permission group_view_role_users_permission = group_view_role_users + team->group_view_role_users + organization->admin + +} + +// Add this realtion and permission in future while adding orgnaization +definition team { + relation organization: organization + relation parent_team: team + + relation delete: role#member + relation enable: role#member | team#member + relation disable: role#member | team#member + relation update: role#member + relation read: role#member + + relation set_parent: role#member + relation set_child: role#member + + relation member: role#member + + relation manage_role: role#member + relation add_role_users: role#member + relation remove_role_users: role#member + relation view_role_users: role#member + + relation subteam_delete: role#member + relation subteam_update: role#member + relation subteam_read: role#member + + relation subteam_member: role#member + + relation subteam_set_child: role#member + relation subteam_set_parent: role#member + + relation subteam_manage_role: role#member + relation subteam_add_role_users: role#member + relation subteam_remove_role_users: role#member + relation subteam_view_role_users: role#member + + // Domain related permission + + relation domain_update: role#member | team#member + relation domain_read: role#member | team#member + relation domain_membership: role#member | team#member + relation domain_delete: role#member | team#member + + relation domain_manage_role: role#member | team#member + relation domain_add_role_users: role#member | team#member + relation domain_remove_role_users: role#member | team#member + relation domain_view_role_users: role#member | team#member + + relation client_create: role#member | team#member + relation channel_create: role#member | team#member + relation group_create: role#member | team#member + + relation client_update: role#member | team#member + relation client_read: role#member | team#member + relation client_delete: role#member | team#member + relation client_set_parent_group: role#member | team#member + relation client_connect_to_channel: role#member | team#member + + relation client_manage_role: role#member | team#member + relation client_add_role_users: role#member | team#member + relation client_remove_role_users: role#member | team#member + relation client_view_role_users: role#member | team#member + + relation channel_update: role#member | team#member + relation channel_read: role#member | team#member + relation channel_delete: role#member | team#member + relation channel_set_parent_group: role#member | team#member + relation channel_connect_to_client: role#member | team#member + relation channel_publish: role#member | team#member + relation channel_subscribe: role#member | team#member + + relation channel_manage_role: role#member | team#member + relation channel_add_role_users: role#member | team#member + relation channel_remove_role_users: role#member | team#member + relation channel_view_role_users: role#member | team#member + + relation group_update: role#member | team#member + relation group_membership: role#member | team#member + relation group_read: role#member | team#member + relation group_delete: role#member | team#member + relation group_set_child: role#member | team#member + relation group_set_parent: role#member | team#member + + relation group_manage_role: role#member | team#member + relation group_add_role_users: role#member | team#member + relation group_remove_role_users: role#member | team#member + relation group_view_role_users: role#member | team#member + + permission delete_permission = delete + organization->team_delete + parent_team->subteam_delete + organization->admin + permission update_permission = update + organization->team_update + parent_team->subteam_update + organization->admin + permission read_permission = read + organization->team_read + parent_team->subteam_read + organization->admin + + permission set_parent_permission = set_parent + organization->team_set_parent + parent_team->subteam_set_parent + organization->admin + permission set_child_permisssion = set_child + organization->team_set_child + parent_team->subteam_set_child + organization->admin + + permission membership = member + organization->team_member + parent_team->subteam_member + organization->admin + + permission manage_role_permission = manage_role + organization->team_manage_role + parent_team->subteam_manage_role + organization->admin + permission add_role_users_permission = add_role_users + organization->team_add_role_users + parent_team->subteam_add_role_users + organization->admin + permission remove_role_users_permission = remove_role_users + organization->team_remove_role_users + parent_team->subteam_remove_role_users + organization->admin + permission view_role_users_permission = view_role_users + organization->team_view_role_users + parent_team->subteam_view_role_users + organization->admin +} + + +definition organization { relation platform: platform + relation administrator: user + + relation delete: role#member + relation update: role#member + relation read: role#member + + relation member: role#member + + relation manage_role: role#member + relation add_role_users: role#member + relation remove_role_users: role#member + relation view_role_users: role#member + + relation team_create: role#member + + relation team_delete: role#member + relation team_update: role#member + relation team_read: role#member + + relation team_member: role#member // Will be member of all the teams in the organization - permission admin = administrator + platform->admin - permission edit = admin + editor - permission share = edit - permission view = edit + contributor + guest - permission membership = view + member - permission create = membership - guest + relation team_set_child: role#member + relation team_set_parent: role#member + + relation team_manage_role: role#member + relation team_add_role_users: role#member + relation team_remove_role_users: role#member + relation team_view_role_users: role#member + + permission admin = administrator + platform->administrator + permission delete_permission = admin + delete->member + permission update_permission = admin + update->member + permission read_permission = admin + read->member + + permission membership = admin + member->member + + permission team_create_permission = admin + team_create->member + + permission manage_role_permission = admin + manage_role + permission add_role_users_permisson = admin + add_role_users + permission remove_role_users_permission = admin + remove_role_users + permission view_role_users_permission = admin + view_role_users } + definition platform { relation administrator: user relation member: user diff --git a/docker/ssl/Makefile b/docker/ssl/Makefile index 9d02520..2632d28 100644 --- a/docker/ssl/Makefile +++ b/docker/ssl/Makefile @@ -1,9 +1,9 @@ CRT_LOCATION = certs -O = Magistrala -OU_CA = magistrala_ca -OU_CRT = magistrala_crt -EA = info@magistrala.com -CN_CA = Magistrala_Self_Signed_CA +O = Supermq +OU_CA = supermq_ca +OU_CRT = supermq_crt +EA = info@supermq.com +CN_CA = Supermq_Self_Signed_CA CN_SRV = localhost THING_SECRET = # e.g. 8f65ed04-0770-4ce4-a291-6d1bf2000f4d CRT_FILE_NAME = thing @@ -31,8 +31,8 @@ CN = mg.svc C = RS ST = RS L = BELGRADE -O = MAGISTRALA -OU = MAGISTRALA +O = SUPERMQ +OU = SUPERMQ [v3_req] subjectAltName = @alt_names @@ -55,20 +55,20 @@ ca: openssl req -newkey rsa:2048 -x509 -nodes -sha512 -days 1095 \ -keyout $(CRT_LOCATION)/ca.key -out $(CRT_LOCATION)/ca.crt -subj "/CN=$(CN_CA)/O=$(O)/OU=$(OU_CA)/emailAddress=$(EA)" -# Server cert and key name is "magistrala-server". +# Server cert and key name is "supermq-server". server_cert: - # Create magistrala server key and CSR. - openssl req -new -sha256 -newkey rsa:4096 -nodes -keyout $(CRT_LOCATION)/magistrala-server.key \ - -out $(CRT_LOCATION)/magistrala-server.csr -subj "/CN=$(CN_SRV)/O=$(O)/OU=$(OU_CRT)/emailAddress=$(EA)" + # Create supermq server key and CSR. + openssl req -new -sha256 -newkey rsa:4096 -nodes -keyout $(CRT_LOCATION)/supermq-server.key \ + -out $(CRT_LOCATION)/supermq-server.csr -subj "/CN=$(CN_SRV)/O=$(O)/OU=$(OU_CRT)/emailAddress=$(EA)" # Sign server CSR. - openssl x509 -req -days 1000 -in $(CRT_LOCATION)/magistrala-server.csr -CA $(CRT_LOCATION)/ca.crt -CAkey $(CRT_LOCATION)/ca.key -CAcreateserial -out $(CRT_LOCATION)/magistrala-server.crt + openssl x509 -req -days 1000 -in $(CRT_LOCATION)/supermq-server.csr -CA $(CRT_LOCATION)/ca.crt -CAkey $(CRT_LOCATION)/ca.key -CAcreateserial -out $(CRT_LOCATION)/supermq-server.crt # Remove CSR. - rm $(CRT_LOCATION)/magistrala-server.csr + rm $(CRT_LOCATION)/supermq-server.csr thing_cert: - # Create magistrala server key and CSR. + # Create supermq server key and CSR. openssl req -new -sha256 -newkey rsa:4096 -nodes -keyout $(CRT_LOCATION)/$(CRT_FILE_NAME).key \ -out $(CRT_LOCATION)/$(CRT_FILE_NAME).csr -subj "/CN=$(THING_SECRET)/O=$(O)/OU=$(OU_CRT)/emailAddress=$(EA)" diff --git a/docker/ssl/certs/supermq-server.crt b/docker/ssl/certs/supermq-server.crt new file mode 100644 index 0000000..4e893c1 --- /dev/null +++ b/docker/ssl/certs/supermq-server.crt @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEYjCCA0oCFGXr7rfGAynaa4KMTG1+23EEF0lYMA0GCSqGSIb3DQEBCwUAMHUx +IjAgBgNVBAMMGU1hZ2lzdHJhbGFfU2VsZl9TaWduZWRfQ0ExEzARBgNVBAoMCk1h +Z2lzdHJhbGExFjAUBgNVBAsMDW1hZ2lzdHJhbGFfY2ExIjAgBgkqhkiG9w0BCQEW +E2luZm9AbWFnaXN0cmFsYS5jb20wHhcNMjMxMDMwMDgxOTA4WhcNMjYwNzI2MDgx +OTA4WjBmMRIwEAYDVQQDDAlsb2NhbGhvc3QxEzARBgNVBAoMCk1hZ2lzdHJhbGEx +FzAVBgNVBAsMDm1hZ2lzdHJhbGFfY3J0MSIwIAYJKoZIhvcNAQkBFhNpbmZvQG1h +Z2lzdHJhbGEuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAojas +t6M294uS5q8oFmYM6DULVQ1lY3K659VusJshjGvn8bi50vhKo8PpxL6ygVpjWcHG ++/gclQnTaYZumC1TUohibpBnrFx1PZUvGiryAPudFY2nC5af5BQnYGi845FcVWx5 +FNLq+IsedgSZf7FuGcZruXiukBCWVyWJRJh+8FDakc65BPeG9FpCxbeLZ1nrDpnQ +bhHbwEQrwwHk0FHZ/3cuVFJAjwqJSivJ9598eU0YWAsqsLM3uYyvOMd8alMs5vCZ +9tMCpO2v6xTdJ6kr68SwQQAiefRy6gsD5J5A4ySyCz7KX9fHCrqx1kdcDJ/CXZmh +mXxrCFKSjqjuSn2qtm+gxvAc26Zbt5z5eihpdISDUKrjW11+yapNZLATGBX8ktek +gW467V9DQYOsbA3fNkWgd5UcV5HIViUpqFMFvi1NpWc2INi/PTDWuAIBLUiVNk0W +qMtG7/HqFRPn6MrNGpvFpglgxXGNfjsggkK/3INtFnAou2rN9+ieeuzO7Zjrtwsq +sP64GVw/vLv3tgT6TIZmDnCDCqtEGEVutt7ldu3M0/fLm4qOUsZqFGrIOO1cfI4x +7FRnHwaTsTB1Og+I7lEujb4efHV+uRjKyrGh6L6hDt94IkGm6ZEj5z/iEmq16jRX +dUbYsu4f1KlfTYdHWGHp+6kAmDn0jGCwz2BBrnsCAwEAATANBgkqhkiG9w0BAQsF +AAOCAQEAKyg5kvDk+TQ6ZDCK7qxKY+uN9setYvvsLfde+Uy51a3zj8RIHRgkOT2C +LuuTtTYKu3XmfCKId0oTXynGuP+yDAIuVwuZz3S0VmA8ijoZ87LJXzsLjjTjQSzZ +ar6RmlRDH+8Bm4AOrT4TDupqifag4J0msHkNPo0jVK6fnuniqJoSlhIbbHrJTHhv +jKNXrThjr/irgg1MZ7slojieOS0QoZHRE9eunIR5enDJwB5pWUJSmZWlisI7+Ibi +06+j8wZegU0nqeWp4wFSZxKnrzz5B5Qu9SrALwlHWirzBpyr0gAcF2v7nzbWviZ/ +0VMyY4FGEbkp6trMxwJs5hGYhAiyXg== +-----END CERTIFICATE----- diff --git a/docker/ssl/certs/supermq-server.key b/docker/ssl/certs/supermq-server.key new file mode 100644 index 0000000..f2b56f4 --- /dev/null +++ b/docker/ssl/certs/supermq-server.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCiNqy3ozb3i5Lm +rygWZgzoNQtVDWVjcrrn1W6wmyGMa+fxuLnS+Eqjw+nEvrKBWmNZwcb7+ByVCdNp +hm6YLVNSiGJukGesXHU9lS8aKvIA+50VjacLlp/kFCdgaLzjkVxVbHkU0ur4ix52 +BJl/sW4Zxmu5eK6QEJZXJYlEmH7wUNqRzrkE94b0WkLFt4tnWesOmdBuEdvARCvD +AeTQUdn/dy5UUkCPColKK8n3n3x5TRhYCyqwsze5jK84x3xqUyzm8Jn20wKk7a/r +FN0nqSvrxLBBACJ59HLqCwPknkDjJLILPspf18cKurHWR1wMn8JdmaGZfGsIUpKO +qO5Kfaq2b6DG8Bzbplu3nPl6KGl0hINQquNbXX7Jqk1ksBMYFfyS16SBbjrtX0NB +g6xsDd82RaB3lRxXkchWJSmoUwW+LU2lZzYg2L89MNa4AgEtSJU2TRaoy0bv8eoV +E+foys0am8WmCWDFcY1+OyCCQr/cg20WcCi7as336J567M7tmOu3Cyqw/rgZXD+8 +u/e2BPpMhmYOcIMKq0QYRW623uV27czT98ubio5SxmoUasg47Vx8jjHsVGcfBpOx +MHU6D4juUS6Nvh58dX65GMrKsaHovqEO33giQabpkSPnP+ISarXqNFd1Rtiy7h/U +qV9Nh0dYYen7qQCYOfSMYLDPYEGuewIDAQABAoICACvgzTyJTkOMwipbQ+U3KpOf +UZbqnjvV23/9iEkGVX9V6vJETSOnnQ0KYBAjo0aBLDGpzIj41sZr13+KaR0J2amQ +EcwljJ2fjukfExQpfLfOV/HuFLr6Pfrkhrg57KpD9i13P5Nl8EBV5WH4IYtcc9NO +DHKpldKLYhdlpGllNKUNwenB+ONCj4NGbRxtZyyIMqCK88nqU76A0jOYLgw5r9W+ +J86QRz1KFNP231V3kyR+ubCLKLuOZuruhrE9qMZcBF/dwk/1SRhS4QyeYqopRSOr +2x9iCXFisbjkTOPI+PVYRj7rd7OQOxuIX7V+LQSPLHTEK2XItW0VZOZpBLgqoQP1 +Eu19LOOs77DI5FBia1qhSpjjVGOE6koQmCki8KSFZM+CzuflTPkWNVvTNzjKrhUj +Rbezx40VVFt+q38bsTjWJbimMSo1jChianwjtotGnGpC6pD0KnHsBmfceWaL7+eC +n9KtSeAbnXlFN/rHdK7ZeP/PTSjHa+6i1awGZxhwdVsERJy/2xwZzh3uMLS2ZhXM +Tuh1D5GzlUlkMP8K23rfaXnaOXkwYxHFGi23NmxHGSqzA3TVVreWLqRSZJd/Ar67 +9Pl4S9p9f+Xkvq8tQANfoaTbjc//dpK8rjCKnwdWA3cL7eekq9sm4+lTmik9Bn2v +Bo+3/89Fr1FvlkuQvktJAoIBAQDNuc2r/9sthHZg1hOCFd5XmnMX/mXNPs+SDPRW +/VZBHjxGApz+CoZS7qk0q7f/vzYFTB6N3778f7RsgwrZYSD4I4jumvSFNFsxsHCY +K3O4kkd2YaFaZPwUYbbAcBr6nVnW/9b1aagEfWIMQ18FHLaQ6u2OfUOcNDGZEqwj +YqJmZr8plhWLeKP2c673j6g/ztnL0w77y3LnIuLjFGex17l1lQzbUgOPSKyoQj03 +d5eRoJv2aQTaOXaBzGrDtBDDd3BpXrriJEMqSZbZFRLM28jD+VuHjfHOZRUMy1hw +vZCifRrBYA6Frko7ZweRxIkcOwQsQjV/tkzVkg9FHrVhMKQTAoIBAQDJ2r+lR73d +va1JjWoXKe5qAWtprRyI8DpJM/G2/V/V3+RVOGgBeRlu6WDiMpMd9hFB6bAmX+1y +S17svw1f4DQskkTKi9EWBsWRnh2Pnd4q91TjKFsBuci8/EtAXb7C0KV5nEtasEUJ +klMmO1evAXMhn7VzmE3Ic/ttcQHxQZ+TC4G5dGsYcideJ5zOeEIATtFypDNG/0Bw +rvmBbIIylY2KwUAx3UexRgH1hRSecTzkokT39WJbefUg952h7yZXrrhb71AfWLTC +A5MJeArqPK6z/RMxDyvnk7xW326dtBBgqYyTOIHCANRB1kAG0xEyia/WI94uyNfH +YfIHglDFGIj5AoIBAEVVNEqeXPi3Jso1+7cgtaFijR1uAFMusvfu474ZfSNPFFMn ++E7pryFuC5qTsNxBTex1HesEmDIyu9TCSTq/sEPQfgqkMHpgDcfuRdQS+NogenMc +Livv0sDvuY6beYwy0Z9S89gbtqNkulGVtwVbCvBGLK+T6eBP+tMy5s66JC9Mu2pB +iZtKmj+p9zK5uKNgjChURj138I6TRFHxg4z9PiSxifa0ajy06nN+d3ElHfDXZxih +hiAhs53FDcpM+kVWEI2CfotOW1B6IpugrYhbHgtmE4HYxcCgcnqwYWsFiCQq84Ru +YhaNibkBXRy0Vt0rypk76xnSj4x+wCS0V76cjP8CggEAHXdoaJlLdzY8OLODHDSL +0D+6zWdu9fKTn6IMlBjyx4byjxo33JcwBkfdU8fsQABuzn9trnxsbjXgepD9Q9S3 +6RXFIwg8EooUh0hcql1yVDVc1/hJKLxVOHlgBtpogYnxzgnp2ihHO7l3l+orx6lf +hDYLR/+gwzVjK7vGe9CHmfChFFCRXbU0WANSWbWmdOMMoj6kGaYjYw+37pPHgdjh +G7NQSrcxwwgkOxIdS2/eYsXpaYURwabRCOn8wenmYABqe0k5GgpaAMSCz2wNs9n9 +6tpz1cKQNzMS2F+vhygFCAdYNRmXn5l9YssC97wSE52T5J/BzHSXQ0ziBwSYA92s +CQKCAQAFPujh1HhOBtn3FOT3I2jNSTv9OJsmAeiFrhVfIw+Ij8XzzUf0aV04Et/R +/EetirP6WjNQuJ5/YYVUFWj07vSl20YP7NtDGFUlvWugJUvQByidHt5DkmehBWax +cfp5LWwZ4W/wm4F/DtPkgEXgEwY/TMXHvhvN6+JaQPO7iemWL7qsRAPea0oDLkMm +0phT3hKgcnbyewH6GU53KQgr2hUzhgGOKibAo+4ud9lY6M/X1axCepetKMl78Cz9 +rK2MgJOhDr6Nu/K2bKL8Q3zSB1n1WRNaTVnH6wY4j/FpeQvVv+qTAbZhJm7cRT5m ++C7JCqJGg66liqIMq6YyYXK//Ddl +-----END PRIVATE KEY----- From 2581701295acc919ebc4c662837e122ceb0f43c6 Mon Sep 17 00:00:00 2001 From: nyagamunene Date: Mon, 13 Jan 2025 16:32:14 +0300 Subject: [PATCH 2/5] remove magistrala cert and key Signed-off-by: nyagamunene --- docker/ssl/certs/magistrala-server.crt | 26 ------------- docker/ssl/certs/magistrala-server.key | 52 -------------------------- 2 files changed, 78 deletions(-) delete mode 100644 docker/ssl/certs/magistrala-server.crt delete mode 100644 docker/ssl/certs/magistrala-server.key diff --git a/docker/ssl/certs/magistrala-server.crt b/docker/ssl/certs/magistrala-server.crt deleted file mode 100644 index 4e893c1..0000000 --- a/docker/ssl/certs/magistrala-server.crt +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEYjCCA0oCFGXr7rfGAynaa4KMTG1+23EEF0lYMA0GCSqGSIb3DQEBCwUAMHUx -IjAgBgNVBAMMGU1hZ2lzdHJhbGFfU2VsZl9TaWduZWRfQ0ExEzARBgNVBAoMCk1h -Z2lzdHJhbGExFjAUBgNVBAsMDW1hZ2lzdHJhbGFfY2ExIjAgBgkqhkiG9w0BCQEW -E2luZm9AbWFnaXN0cmFsYS5jb20wHhcNMjMxMDMwMDgxOTA4WhcNMjYwNzI2MDgx -OTA4WjBmMRIwEAYDVQQDDAlsb2NhbGhvc3QxEzARBgNVBAoMCk1hZ2lzdHJhbGEx -FzAVBgNVBAsMDm1hZ2lzdHJhbGFfY3J0MSIwIAYJKoZIhvcNAQkBFhNpbmZvQG1h -Z2lzdHJhbGEuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAojas -t6M294uS5q8oFmYM6DULVQ1lY3K659VusJshjGvn8bi50vhKo8PpxL6ygVpjWcHG -+/gclQnTaYZumC1TUohibpBnrFx1PZUvGiryAPudFY2nC5af5BQnYGi845FcVWx5 -FNLq+IsedgSZf7FuGcZruXiukBCWVyWJRJh+8FDakc65BPeG9FpCxbeLZ1nrDpnQ -bhHbwEQrwwHk0FHZ/3cuVFJAjwqJSivJ9598eU0YWAsqsLM3uYyvOMd8alMs5vCZ -9tMCpO2v6xTdJ6kr68SwQQAiefRy6gsD5J5A4ySyCz7KX9fHCrqx1kdcDJ/CXZmh -mXxrCFKSjqjuSn2qtm+gxvAc26Zbt5z5eihpdISDUKrjW11+yapNZLATGBX8ktek -gW467V9DQYOsbA3fNkWgd5UcV5HIViUpqFMFvi1NpWc2INi/PTDWuAIBLUiVNk0W -qMtG7/HqFRPn6MrNGpvFpglgxXGNfjsggkK/3INtFnAou2rN9+ieeuzO7Zjrtwsq -sP64GVw/vLv3tgT6TIZmDnCDCqtEGEVutt7ldu3M0/fLm4qOUsZqFGrIOO1cfI4x -7FRnHwaTsTB1Og+I7lEujb4efHV+uRjKyrGh6L6hDt94IkGm6ZEj5z/iEmq16jRX -dUbYsu4f1KlfTYdHWGHp+6kAmDn0jGCwz2BBrnsCAwEAATANBgkqhkiG9w0BAQsF -AAOCAQEAKyg5kvDk+TQ6ZDCK7qxKY+uN9setYvvsLfde+Uy51a3zj8RIHRgkOT2C -LuuTtTYKu3XmfCKId0oTXynGuP+yDAIuVwuZz3S0VmA8ijoZ87LJXzsLjjTjQSzZ -ar6RmlRDH+8Bm4AOrT4TDupqifag4J0msHkNPo0jVK6fnuniqJoSlhIbbHrJTHhv -jKNXrThjr/irgg1MZ7slojieOS0QoZHRE9eunIR5enDJwB5pWUJSmZWlisI7+Ibi -06+j8wZegU0nqeWp4wFSZxKnrzz5B5Qu9SrALwlHWirzBpyr0gAcF2v7nzbWviZ/ -0VMyY4FGEbkp6trMxwJs5hGYhAiyXg== ------END CERTIFICATE----- diff --git a/docker/ssl/certs/magistrala-server.key b/docker/ssl/certs/magistrala-server.key deleted file mode 100644 index f2b56f4..0000000 --- a/docker/ssl/certs/magistrala-server.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCiNqy3ozb3i5Lm -rygWZgzoNQtVDWVjcrrn1W6wmyGMa+fxuLnS+Eqjw+nEvrKBWmNZwcb7+ByVCdNp -hm6YLVNSiGJukGesXHU9lS8aKvIA+50VjacLlp/kFCdgaLzjkVxVbHkU0ur4ix52 -BJl/sW4Zxmu5eK6QEJZXJYlEmH7wUNqRzrkE94b0WkLFt4tnWesOmdBuEdvARCvD -AeTQUdn/dy5UUkCPColKK8n3n3x5TRhYCyqwsze5jK84x3xqUyzm8Jn20wKk7a/r -FN0nqSvrxLBBACJ59HLqCwPknkDjJLILPspf18cKurHWR1wMn8JdmaGZfGsIUpKO -qO5Kfaq2b6DG8Bzbplu3nPl6KGl0hINQquNbXX7Jqk1ksBMYFfyS16SBbjrtX0NB -g6xsDd82RaB3lRxXkchWJSmoUwW+LU2lZzYg2L89MNa4AgEtSJU2TRaoy0bv8eoV -E+foys0am8WmCWDFcY1+OyCCQr/cg20WcCi7as336J567M7tmOu3Cyqw/rgZXD+8 -u/e2BPpMhmYOcIMKq0QYRW623uV27czT98ubio5SxmoUasg47Vx8jjHsVGcfBpOx -MHU6D4juUS6Nvh58dX65GMrKsaHovqEO33giQabpkSPnP+ISarXqNFd1Rtiy7h/U -qV9Nh0dYYen7qQCYOfSMYLDPYEGuewIDAQABAoICACvgzTyJTkOMwipbQ+U3KpOf -UZbqnjvV23/9iEkGVX9V6vJETSOnnQ0KYBAjo0aBLDGpzIj41sZr13+KaR0J2amQ -EcwljJ2fjukfExQpfLfOV/HuFLr6Pfrkhrg57KpD9i13P5Nl8EBV5WH4IYtcc9NO -DHKpldKLYhdlpGllNKUNwenB+ONCj4NGbRxtZyyIMqCK88nqU76A0jOYLgw5r9W+ -J86QRz1KFNP231V3kyR+ubCLKLuOZuruhrE9qMZcBF/dwk/1SRhS4QyeYqopRSOr -2x9iCXFisbjkTOPI+PVYRj7rd7OQOxuIX7V+LQSPLHTEK2XItW0VZOZpBLgqoQP1 -Eu19LOOs77DI5FBia1qhSpjjVGOE6koQmCki8KSFZM+CzuflTPkWNVvTNzjKrhUj -Rbezx40VVFt+q38bsTjWJbimMSo1jChianwjtotGnGpC6pD0KnHsBmfceWaL7+eC -n9KtSeAbnXlFN/rHdK7ZeP/PTSjHa+6i1awGZxhwdVsERJy/2xwZzh3uMLS2ZhXM -Tuh1D5GzlUlkMP8K23rfaXnaOXkwYxHFGi23NmxHGSqzA3TVVreWLqRSZJd/Ar67 -9Pl4S9p9f+Xkvq8tQANfoaTbjc//dpK8rjCKnwdWA3cL7eekq9sm4+lTmik9Bn2v -Bo+3/89Fr1FvlkuQvktJAoIBAQDNuc2r/9sthHZg1hOCFd5XmnMX/mXNPs+SDPRW -/VZBHjxGApz+CoZS7qk0q7f/vzYFTB6N3778f7RsgwrZYSD4I4jumvSFNFsxsHCY -K3O4kkd2YaFaZPwUYbbAcBr6nVnW/9b1aagEfWIMQ18FHLaQ6u2OfUOcNDGZEqwj -YqJmZr8plhWLeKP2c673j6g/ztnL0w77y3LnIuLjFGex17l1lQzbUgOPSKyoQj03 -d5eRoJv2aQTaOXaBzGrDtBDDd3BpXrriJEMqSZbZFRLM28jD+VuHjfHOZRUMy1hw -vZCifRrBYA6Frko7ZweRxIkcOwQsQjV/tkzVkg9FHrVhMKQTAoIBAQDJ2r+lR73d -va1JjWoXKe5qAWtprRyI8DpJM/G2/V/V3+RVOGgBeRlu6WDiMpMd9hFB6bAmX+1y -S17svw1f4DQskkTKi9EWBsWRnh2Pnd4q91TjKFsBuci8/EtAXb7C0KV5nEtasEUJ -klMmO1evAXMhn7VzmE3Ic/ttcQHxQZ+TC4G5dGsYcideJ5zOeEIATtFypDNG/0Bw -rvmBbIIylY2KwUAx3UexRgH1hRSecTzkokT39WJbefUg952h7yZXrrhb71AfWLTC -A5MJeArqPK6z/RMxDyvnk7xW326dtBBgqYyTOIHCANRB1kAG0xEyia/WI94uyNfH -YfIHglDFGIj5AoIBAEVVNEqeXPi3Jso1+7cgtaFijR1uAFMusvfu474ZfSNPFFMn -+E7pryFuC5qTsNxBTex1HesEmDIyu9TCSTq/sEPQfgqkMHpgDcfuRdQS+NogenMc -Livv0sDvuY6beYwy0Z9S89gbtqNkulGVtwVbCvBGLK+T6eBP+tMy5s66JC9Mu2pB -iZtKmj+p9zK5uKNgjChURj138I6TRFHxg4z9PiSxifa0ajy06nN+d3ElHfDXZxih -hiAhs53FDcpM+kVWEI2CfotOW1B6IpugrYhbHgtmE4HYxcCgcnqwYWsFiCQq84Ru -YhaNibkBXRy0Vt0rypk76xnSj4x+wCS0V76cjP8CggEAHXdoaJlLdzY8OLODHDSL -0D+6zWdu9fKTn6IMlBjyx4byjxo33JcwBkfdU8fsQABuzn9trnxsbjXgepD9Q9S3 -6RXFIwg8EooUh0hcql1yVDVc1/hJKLxVOHlgBtpogYnxzgnp2ihHO7l3l+orx6lf -hDYLR/+gwzVjK7vGe9CHmfChFFCRXbU0WANSWbWmdOMMoj6kGaYjYw+37pPHgdjh -G7NQSrcxwwgkOxIdS2/eYsXpaYURwabRCOn8wenmYABqe0k5GgpaAMSCz2wNs9n9 -6tpz1cKQNzMS2F+vhygFCAdYNRmXn5l9YssC97wSE52T5J/BzHSXQ0ziBwSYA92s -CQKCAQAFPujh1HhOBtn3FOT3I2jNSTv9OJsmAeiFrhVfIw+Ij8XzzUf0aV04Et/R -/EetirP6WjNQuJ5/YYVUFWj07vSl20YP7NtDGFUlvWugJUvQByidHt5DkmehBWax -cfp5LWwZ4W/wm4F/DtPkgEXgEwY/TMXHvhvN6+JaQPO7iemWL7qsRAPea0oDLkMm -0phT3hKgcnbyewH6GU53KQgr2hUzhgGOKibAo+4ud9lY6M/X1axCepetKMl78Cz9 -rK2MgJOhDr6Nu/K2bKL8Q3zSB1n1WRNaTVnH6wY4j/FpeQvVv+qTAbZhJm7cRT5m -+C7JCqJGg66liqIMq6YyYXK//Ddl ------END PRIVATE KEY----- From a65a71f7915a3fa949f8e7f1372cc1074ac4cab7 Mon Sep 17 00:00:00 2001 From: nyagamunene Date: Mon, 13 Jan 2025 16:45:48 +0300 Subject: [PATCH 3/5] update makefile Signed-off-by: nyagamunene --- Makefile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index d34bb3c..6cee9cb 100644 --- a/Makefile +++ b/Makefile @@ -11,9 +11,9 @@ SERVICES = manager proplet cli proxy define compile_service CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) GOARCH=$(GOARCH) \ go build -ldflags "-s -w \ - -X 'github.com/absmach/magistrala.BuildTime=$(TIME)' \ - -X 'github.com/absmach/magistrala.Version=$(VERSION)' \ - -X 'github.com/absmach/magistrala.Commit=$(COMMIT)'" \ + -X 'github.com/absmach/supermq.BuildTime=$(TIME)' \ + -X 'github.com/absmach/supermq.Version=$(VERSION)' \ + -X 'github.com/absmach/supermq.Commit=$(COMMIT)'" \ -o ${BUILD_DIR}/$(1) cmd/$(1)/main.go endef @@ -34,10 +34,10 @@ clean: lint: golangci-lint run --config .golangci.yaml -start-magistrala: +start-supermq: docker compose -f docker/compose.yaml up -d -stop-magistrala: +stop-supermq: docker compose -f docker/compose.yaml down $(EXAMPLES): @@ -52,6 +52,6 @@ help: @echo " install: install the binary i.e copies to GOBIN" @echo " clean: clean the build directory" @echo " lint: run golangci-lint" - @echo " start-magistrala: start the magistrala docker compose" - @echo " stop-magistrala: stop the magistrala docker compose" + @echo " start-supermq: start the supermq docker compose" + @echo " stop-supermq: stop the supermq docker compose" @echo " help: display this help message" From f5d57cbbbf71b9ba5feb4ef530136d4f6381aa5e Mon Sep 17 00:00:00 2001 From: Rodney Osodo Date: Thu, 23 Jan 2025 23:44:43 +0300 Subject: [PATCH 4/5] feat: test and move to SuperMQ from magistrala Signed-off-by: Rodney Osodo --- cli/provision.go | 91 +++++++++++++++++-------------------- cmd/cli/main.go | 36 +++++++++------ cmd/manager/main.go | 20 ++++---- cmd/proplet/main.go | 16 +++---- cmd/proxy/main.go | 14 +++--- config.go | 12 ++--- docker/.env | 2 +- docker/compose.yaml | 4 +- docker/ssl/Makefile | 62 ++++++++++++------------- docker/ssl/authorization.js | 2 +- go.mod | 1 - go.sum | 10 ---- manager/api/endpoint.go | 2 +- manager/api/requests.go | 2 +- manager/api/responses.go | 12 ++--- manager/api/transport.go | 6 +-- pkg/api/api.go | 4 +- pkg/mqtt/pubsub.go | 2 +- proplet/service.go | 14 +++--- 19 files changed, 151 insertions(+), 161 deletions(-) diff --git a/cli/provision.go b/cli/provision.go index 5dcf45a..8c9ea2e 100644 --- a/cli/provision.go +++ b/cli/provision.go @@ -6,8 +6,8 @@ import ( "strings" "github.com/0x6flab/namegenerator" - smqSDK "github.com/absmach/magistrala/pkg/sdk/go" "github.com/absmach/supermq/pkg/errors" + smqSDK "github.com/absmach/supermq/pkg/sdk" "github.com/charmbracelet/huh" "github.com/spf13/cobra" ) @@ -36,44 +36,44 @@ var provisionCmd = &cobra.Command{ Long: `Provision necessary resources for Propeller operation.`, Run: func(cmd *cobra.Command, args []string) { var ( - identity string - secret string + username string + password string err error token smqSDK.Token domainName string domainAlias string domainPermission string domain smqSDK.Domain - managerThingName string - managerThing smqSDK.Thing - propletThingName string - propletThing smqSDK.Thing + managerClientName string + managerClient smqSDK.Client + propletClientName string + propletClient smqSDK.Client managerChannelName string managerChannel smqSDK.Channel ) form := huh.NewForm( huh.NewGroup( huh.NewInput(). - Title("Enter your identity (e-mail)?"). - Value(&identity). + Title("Enter your username?"). + Value(&username). Validate(func(str string) error { if str == "" { - return errors.New("identity is required") + return errors.New("username is required") } return nil }), huh.NewInput(). - Title("Enter your secret"). + Title("Enter your password"). EchoMode(huh.EchoModePassword). - Value(&secret). + Value(&password). Validate(func(str string) error { if str == "" { - return errors.New("secret is required") + return errors.New("password is required") } u := smqSDK.Login{ - Identity: identity, - Secret: secret, + Username: username, + Password: password, } token, err = smqsdk.CreateToken(u) @@ -121,18 +121,18 @@ var provisionCmd = &cobra.Command{ ), huh.NewGroup( huh.NewInput(). - Title("Enter your manager thing name(leave empty to auto generate)"). - Value(&managerThingName). + Title("Enter your manager client name(leave empty to auto generate)"). + Value(&managerClientName). Validate(func(str string) error { if str == "" { - managerThingName = namegen.Generate() + managerClientName = namegen.Generate() } - managerThing = smqSDK.Thing{ - Name: managerThingName, + managerClient = smqSDK.Client{ + Name: managerClientName, Tags: []string{"manager", "propeller"}, Status: "enabled", } - managerThing, err = smqsdk.CreateThing(managerThing, domain.ID, token.AccessToken) + managerClient, err = smqsdk.CreateClient(managerClient, domain.ID, token.AccessToken) if err != nil { return errors.Wrap(errFailedClientCreation, err) } @@ -142,18 +142,18 @@ var provisionCmd = &cobra.Command{ ), huh.NewGroup( huh.NewInput(). - Title("Enter your proplet thing name(leave empty to auto generate)"). - Value(&propletThingName). + Title("Enter your proplet client name(leave empty to auto generate)"). + Value(&propletClientName). Validate(func(str string) error { if str == "" { - propletThingName = namegen.Generate() + propletClientName = namegen.Generate() } - propletThing = smqSDK.Thing{ - Name: propletThingName, + propletClient = smqSDK.Client{ + Name: propletClientName, Tags: []string{"proplet", "propeller"}, Status: "enabled", } - propletThing, err = smqsdk.CreateThing(propletThing, domain.ID, token.AccessToken) + propletClient, err = smqsdk.CreateClient(propletClient, domain.ID, token.AccessToken) if err != nil { return errors.Wrap(errFailedClientCreation, err) } @@ -178,21 +178,14 @@ var provisionCmd = &cobra.Command{ } managerConns := smqSDK.Connection{ - ThingID: managerThing.ID, - ChannelID: managerChannel.ID, + ClientIDs: []string{managerClient.ID, propletClient.ID}, + ChannelIDs: []string{managerChannel.ID}, + Types: []string{"publish", "subscribe"}, } if err = smqsdk.Connect(managerConns, domain.ID, token.AccessToken); err != nil { return errors.Wrap(errFailedConnectionCreation, err) } - propletConns := smqSDK.Connection{ - ThingID: propletThing.ID, - ChannelID: managerChannel.ID, - } - if err = smqsdk.Connect(propletConns, domain.ID, token.AccessToken); err != nil { - return errors.Wrap(errFailedConnectionCreation, err) - } - return nil }), ), @@ -207,27 +200,27 @@ var provisionCmd = &cobra.Command{ configContent := fmt.Sprintf(`# SuperMQ Configuration [manager] -thing_id = "%s" -thing_key = "%s" +client_id = "%s" +client_key = "%s" channel_id = "%s" [proplet] -thing_id = "%s" -thing_key = "%s" +client_id = "%s" +client_key = "%s" channel_id = "%s" [proxy] -thing_id = "%s" -thing_key = "%s" +client_id = "%s" +client_key = "%s" channel_id = "%s"`, - managerThing.ID, - managerThing.Credentials.Secret, + managerClient.ID, + managerClient.Credentials.Secret, managerChannel.ID, - propletThing.ID, - propletThing.Credentials.Secret, + propletClient.ID, + propletClient.Credentials.Secret, managerChannel.ID, - propletThing.ID, - propletThing.Credentials.Secret, + propletClient.ID, + propletClient.Credentials.Secret, managerChannel.ID, ) diff --git a/cmd/cli/main.go b/cmd/cli/main.go index 952302c..f3b45ab 100644 --- a/cmd/cli/main.go +++ b/cmd/cli/main.go @@ -3,9 +3,9 @@ package main import ( "log" - smqsdk "github.com/absmach/magistrala/pkg/sdk/go" "github.com/absmach/propeller/cli" "github.com/absmach/propeller/pkg/sdk" + smqsdk "github.com/absmach/supermq/pkg/sdk" "github.com/spf13/cobra" ) @@ -13,8 +13,9 @@ var ( tlsVerification = false managerURL = "http://localhost:7070" usersURL = "http://localhost:9002" - thingsURL = "http://localhost:9000" - domainsURL = "http://localhost:8189" + domainsURL = "http://localhost:9003" + clientsURL = "http://localhost:9006" + channelsURL = "http://localhost:9005" msgContentType = string(smqsdk.CTJSONSenML) ) @@ -33,8 +34,9 @@ func main() { smqSDKConf := smqsdk.Config{ UsersURL: usersURL, - ThingsURL: thingsURL, DomainsURL: domainsURL, + ClientsURL: clientsURL, + ChannelsURL: channelsURL, MsgContentType: smqsdk.ContentType(msgContentType), } @@ -75,14 +77,6 @@ func main() { "Users service URL", ) - rootCmd.PersistentFlags().StringVarP( - &thingsURL, - "things-url", - "t", - thingsURL, - "Things service URL", - ) - rootCmd.PersistentFlags().StringVarP( &domainsURL, "domains-url", @@ -91,10 +85,26 @@ func main() { "Domains service URL", ) + rootCmd.PersistentFlags().StringVarP( + &clientsURL, + "clients-url", + "c", + clientsURL, + "Clients service URL", + ) + + rootCmd.PersistentFlags().StringVarP( + &channelsURL, + "channels-url", + "z", + channelsURL, + "Channels service URL", + ) + rootCmd.PersistentFlags().StringVarP( &msgContentType, "content-type", - "c", + "t", msgContentType, "Message content type", ) diff --git a/cmd/manager/main.go b/cmd/manager/main.go index c12e2c9..79ef568 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -9,10 +9,6 @@ import ( "os" "time" - "github.com/absmach/magistrala/pkg/jaeger" - "github.com/absmach/magistrala/pkg/prometheus" - "github.com/absmach/magistrala/pkg/server" - httpserver "github.com/absmach/magistrala/pkg/server/http" "github.com/absmach/propeller" "github.com/absmach/propeller/manager" "github.com/absmach/propeller/manager/api" @@ -20,6 +16,10 @@ import ( "github.com/absmach/propeller/pkg/mqtt" "github.com/absmach/propeller/pkg/scheduler" "github.com/absmach/propeller/pkg/storage" + "github.com/absmach/supermq/pkg/jaeger" + "github.com/absmach/supermq/pkg/prometheus" + "github.com/absmach/supermq/pkg/server" + httpserver "github.com/absmach/supermq/pkg/server/http" "github.com/caarlos0/env/v11" "github.com/google/uuid" "go.opentelemetry.io/otel/trace" @@ -41,8 +41,8 @@ type config struct { MQTTQoS uint8 `env:"MANAGER_MQTT_QOS" envDefault:"2"` MQTTTimeout time.Duration `env:"MANAGER_MQTT_TIMEOUT" envDefault:"30s"` ChannelID string `env:"MANAGER_CHANNEL_ID"` - ThingID string `env:"MANAGER_THING_ID"` - ThingKey string `env:"MANAGER_THING_KEY"` + ClientID string `env:"MANAGER_CLIENT_ID"` + ClientKey string `env:"MANAGER_CLIENT_KEY"` Server server.Config OTELURL url.URL `env:"MANAGER_OTEL_URL"` TraceRatio float64 `env:"MANAGER_TRACE_RATIO" envDefault:"0"` @@ -61,7 +61,7 @@ func main() { cfg.InstanceID = uuid.NewString() } - if cfg.ThingID == "" || cfg.ThingKey == "" || cfg.ChannelID == "" { + if cfg.ClientID == "" || cfg.ClientKey == "" || cfg.ChannelID == "" { _, err := os.Stat(configPath) switch err { case nil: @@ -69,8 +69,8 @@ func main() { if err != nil { log.Fatalf("failed to load TOML configuration: %s", err.Error()) } - cfg.ThingID = conf.Manager.ThingID - cfg.ThingKey = conf.Manager.ThingKey + cfg.ClientID = conf.Manager.ClientID + cfg.ClientKey = conf.Manager.ClientKey cfg.ChannelID = conf.Manager.ChannelID default: log.Fatalf("failed to load TOML configuration: %s", err.Error()) @@ -107,7 +107,7 @@ func main() { } tracer := tp.Tracer(svcName) - mqttPubSub, err := mqtt.NewPubSub(cfg.MQTTAddress, cfg.MQTTQoS, svcName, cfg.ThingID, cfg.ThingKey, cfg.ChannelID, cfg.MQTTTimeout, logger) + mqttPubSub, err := mqtt.NewPubSub(cfg.MQTTAddress, cfg.MQTTQoS, svcName, cfg.ClientID, cfg.ClientKey, cfg.ChannelID, cfg.MQTTTimeout, logger) if err != nil { logger.Error("failed to initialize mqtt pubsub", slog.String("error", err.Error())) diff --git a/cmd/proplet/main.go b/cmd/proplet/main.go index e871e59..24bf51f 100644 --- a/cmd/proplet/main.go +++ b/cmd/proplet/main.go @@ -8,11 +8,11 @@ import ( "os" "time" - "github.com/absmach/magistrala/pkg/server" "github.com/absmach/propeller" "github.com/absmach/propeller/pkg/mqtt" "github.com/absmach/propeller/proplet" "github.com/absmach/propeller/proplet/runtimes" + "github.com/absmach/supermq/pkg/server" "github.com/caarlos0/env/v11" "github.com/google/uuid" "golang.org/x/sync/errgroup" @@ -31,8 +31,8 @@ type config struct { MQTTQoS byte `env:"PROPLET_MQTT_QOS" envDefault:"2"` LivelinessInterval time.Duration `env:"PROPLET_LIVELINESS_INTERVAL" envDefault:"10s"` ChannelID string `env:"PROPLET_CHANNEL_ID"` - ThingID string `env:"PROPLET_THING_ID"` - ThingKey string `env:"PROPLET_THING_KEY"` + ClientID string `env:"PROPLET_CLIIENT_ID"` + ClientKey string `env:"PROPLET_CLIIENT_KEY"` ExternalWasmRuntime string `env:"PROPLET_EXTERNAL_WASM_RUNTIME" envDefault:""` } @@ -49,7 +49,7 @@ func main() { cfg.InstanceID = uuid.NewString() } - if cfg.ThingID == "" || cfg.ThingKey == "" || cfg.ChannelID == "" { + if cfg.ClientID == "" || cfg.ClientKey == "" || cfg.ChannelID == "" { _, err := os.Stat(configPath) switch err { case nil: @@ -57,8 +57,8 @@ func main() { if err != nil { log.Fatalf("failed to load TOML configuration: %s", err.Error()) } - cfg.ThingID = conf.Proplet.ThingID - cfg.ThingKey = conf.Proplet.ThingKey + cfg.ClientID = conf.Proplet.ClientID + cfg.ClientKey = conf.Proplet.ClientKey cfg.ChannelID = conf.Proplet.ChannelID default: log.Fatalf("failed to load TOML configuration: %s", err.Error()) @@ -75,7 +75,7 @@ func main() { logger := slog.New(logHandler) slog.SetDefault(logger) - mqttPubSub, err := mqtt.NewPubSub(cfg.MQTTAddress, cfg.MQTTQoS, cfg.InstanceID, cfg.ThingID, cfg.ThingKey, cfg.ChannelID, cfg.MQTTTimeout, logger) + mqttPubSub, err := mqtt.NewPubSub(cfg.MQTTAddress, cfg.MQTTQoS, cfg.InstanceID, cfg.ClientID, cfg.ClientKey, cfg.ChannelID, cfg.MQTTTimeout, logger) if err != nil { logger.Error("failed to initialize mqtt client", slog.Any("error", err)) @@ -90,7 +90,7 @@ func main() { runtime = runtimes.NewWazeroRuntime(logger, mqttPubSub, cfg.ChannelID) } - service, err := proplet.NewService(ctx, cfg.ChannelID, cfg.ThingID, cfg.ThingKey, cfg.LivelinessInterval, mqttPubSub, logger, runtime) + service, err := proplet.NewService(ctx, cfg.ChannelID, cfg.ClientID, cfg.ClientKey, cfg.LivelinessInterval, mqttPubSub, logger, runtime) if err != nil { logger.Error("failed to initialize service", slog.Any("error", err)) diff --git a/cmd/proxy/main.go b/cmd/proxy/main.go index 4bec1e4..85b1512 100644 --- a/cmd/proxy/main.go +++ b/cmd/proxy/main.go @@ -24,8 +24,8 @@ type config struct { MQTTAddress string `env:"PROXY_MQTT_ADDRESS" envDefault:"tcp://localhost:1883"` MQTTTimeout time.Duration `env:"PROXY_MQTT_TIMEOUT" envDefault:"30s"` ChannelID string `env:"PROPLET_CHANNEL_ID"` - ThingID string `env:"PROPLET_THING_ID"` - ThingKey string `env:"PROPLET_THING_KEY"` + ClientID string `env:"PROPLET_CLIENT_ID"` + ClientKey string `env:"PROPLET_CLIENT_KEY"` // HTTP Registry configuration ChunkSize int `env:"PROXY_CHUNK_SIZE" envDefault:"512000"` @@ -44,7 +44,7 @@ func main() { log.Fatalf("failed to load configuration : %s", err.Error()) } - if cfg.ThingID == "" || cfg.ThingKey == "" || cfg.ChannelID == "" { + if cfg.ClientID == "" || cfg.ClientKey == "" || cfg.ChannelID == "" { _, err := os.Stat(configPath) switch err { case nil: @@ -52,8 +52,8 @@ func main() { if err != nil { log.Fatalf("failed to load TOML configuration: %s", err.Error()) } - cfg.ThingID = conf.Proxy.ThingID - cfg.ThingKey = conf.Proxy.ThingKey + cfg.ClientID = conf.Proxy.ClientID + cfg.ClientKey = conf.Proxy.ClientKey cfg.ChannelID = conf.Proxy.ChannelID default: log.Fatalf("failed to load TOML configuration: %s", err.Error()) @@ -72,8 +72,8 @@ func main() { mqttCfg := proxy.MQTTProxyConfig{ BrokerURL: cfg.MQTTAddress, - Password: cfg.ThingKey, - PropletID: cfg.ThingID, + Password: cfg.ClientKey, + PropletID: cfg.ClientID, ChannelID: cfg.ChannelID, } diff --git a/config.go b/config.go index b3de99d..7530140 100644 --- a/config.go +++ b/config.go @@ -14,20 +14,20 @@ type Config struct { } type ManagerConfig struct { - ThingID string `toml:"thing_id"` - ThingKey string `toml:"thing_key"` + ClientID string `toml:"client_id"` + ClientKey string `toml:"client_key"` ChannelID string `toml:"channel_id"` } type PropletConfig struct { - ThingID string `toml:"thing_id"` - ThingKey string `toml:"thing_key"` + ClientID string `toml:"client_id"` + ClientKey string `toml:"client_key"` ChannelID string `toml:"channel_id"` } type ProxyConfig struct { - ThingID string `toml:"thing_id"` - ThingKey string `toml:"thing_key"` + ClientID string `toml:"client_id"` + ClientKey string `toml:"client_key"` ChannelID string `toml:"channel_id"` } diff --git a/docker/.env b/docker/.env index 67668e2..fbed93c 100644 --- a/docker/.env +++ b/docker/.env @@ -508,4 +508,4 @@ SMQ_GRAFANA_ADMIN_USER=supermq SMQ_GRAFANA_ADMIN_PASSWORD=supermq # Docker image tag -SMQ_RELEASE_TAG="v0.15.1" +SMQ_RELEASE_TAG="latest" diff --git a/docker/compose.yaml b/docker/compose.yaml index e38b05d..dce8423 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -172,7 +172,7 @@ services: - supermq-base-net volumes: - supermq-domains-db-volume:/var/lib/postgresql/data - + domains-redis: image: redis:7.2.4-alpine container_name: supermq-domains-redis @@ -747,7 +747,6 @@ services: bind: create_host_path: true - groups-db: image: postgres:16.2-alpine container_name: supermq-groups-db @@ -850,7 +849,6 @@ services: bind: create_host_path: true - jaeger: image: jaegertracing/all-in-one:1.60 container_name: supermq-jaeger diff --git a/docker/ssl/Makefile b/docker/ssl/Makefile index 2632d28..02f63d4 100644 --- a/docker/ssl/Makefile +++ b/docker/ssl/Makefile @@ -5,14 +5,14 @@ OU_CRT = supermq_crt EA = info@supermq.com CN_CA = Supermq_Self_Signed_CA CN_SRV = localhost -THING_SECRET = # e.g. 8f65ed04-0770-4ce4-a291-6d1bf2000f4d -CRT_FILE_NAME = thing -THINGS_GRPC_SERVER_CONF_FILE_NAME=thing-grpc-server.conf -THINGS_GRPC_CLIENT_CONF_FILE_NAME=thing-grpc-client.conf -THINGS_GRPC_SERVER_CN=things -THINGS_GRPC_CLIENT_CN=things-client -THINGS_GRPC_SERVER_CRT_FILE_NAME=things-grpc-server -THINGS_GRPC_CLIENT_CRT_FILE_NAME=things-grpc-client +CLIENT_SECRET = # e.g. 8f65ed04-0770-4ce4-a291-6d1bf2000f4d +CRT_FILE_NAME = client +CLIENTS_GRPC_SERVER_CONF_FILE_NAME=client-grpc-server.conf +CLIENTS_GRPC_CLIENT_CONF_FILE_NAME=client-grpc-client.conf +CLIENTS_GRPC_SERVER_CN=clients +CLIENTS_GRPC_CLIENT_CN=clients-client +CLIENTS_GRPC_SERVER_CRT_FILE_NAME=clients-grpc-server +CLIENTS_GRPC_CLIENT_CRT_FILE_NAME=clients-grpc-client AUTH_GRPC_SERVER_CONF_FILE_NAME=auth-grpc-server.conf AUTH_GRPC_CLIENT_CONF_FILE_NAME=auth-grpc-client.conf AUTH_GRPC_SERVER_CN=auth @@ -48,7 +48,7 @@ It can be downloaded from $(DOWNLOAD_URL). etc, etc. endef -all: clean_certs ca server_cert things_grpc_certs auth_grpc_certs +all: clean_certs ca server_cert clients_grpc_certs auth_grpc_certs # CA name and key is "ca". ca: @@ -67,10 +67,10 @@ server_cert: # Remove CSR. rm $(CRT_LOCATION)/supermq-server.csr -thing_cert: +client_cert: # Create supermq server key and CSR. openssl req -new -sha256 -newkey rsa:4096 -nodes -keyout $(CRT_LOCATION)/$(CRT_FILE_NAME).key \ - -out $(CRT_LOCATION)/$(CRT_FILE_NAME).csr -subj "/CN=$(THING_SECRET)/O=$(O)/OU=$(OU_CRT)/emailAddress=$(EA)" + -out $(CRT_LOCATION)/$(CRT_FILE_NAME).csr -subj "/CN=$(CLIENT_SECRET)/O=$(O)/OU=$(OU_CRT)/emailAddress=$(EA)" # Sign client CSR. openssl x509 -req -days 730 -in $(CRT_LOCATION)/$(CRT_FILE_NAME).csr -CA $(CRT_LOCATION)/ca.crt -CAkey $(CRT_LOCATION)/ca.key -CAcreateserial -out $(CRT_LOCATION)/$(CRT_FILE_NAME).crt @@ -78,47 +78,47 @@ thing_cert: # Remove CSR. rm $(CRT_LOCATION)/$(CRT_FILE_NAME).csr -things_grpc_certs: - # Things server grpc certificates - $(file > $(CRT_LOCATION)/$(THINGS_GRPC_SERVER_CRT_FILE_NAME).conf,$(subst <>,$(THINGS_GRPC_SERVER_CN),$(GRPC_CERT_CONFIG)) ) +clients_grpc_certs: + # Clients server grpc certificates + $(file > $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).conf,$(subst <>,$(CLIENTS_GRPC_SERVER_CN),$(GRPC_CERT_CONFIG)) ) openssl req -new -sha256 -newkey rsa:4096 -nodes \ - -keyout $(CRT_LOCATION)/$(THINGS_GRPC_SERVER_CRT_FILE_NAME).key \ - -out $(CRT_LOCATION)/$(THINGS_GRPC_SERVER_CRT_FILE_NAME).csr \ - -config $(CRT_LOCATION)/$(THINGS_GRPC_SERVER_CRT_FILE_NAME).conf \ + -keyout $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).key \ + -out $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).csr \ + -config $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).conf \ -extensions v3_req openssl x509 -req -sha256 \ - -in $(CRT_LOCATION)/$(THINGS_GRPC_SERVER_CRT_FILE_NAME).csr \ + -in $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).csr \ -CA $(CRT_LOCATION)/ca.crt \ -CAkey $(CRT_LOCATION)/ca.key \ -CAcreateserial \ - -out $(CRT_LOCATION)/$(THINGS_GRPC_SERVER_CRT_FILE_NAME).crt \ + -out $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).crt \ -days 365 \ - -extfile $(CRT_LOCATION)/$(THINGS_GRPC_SERVER_CRT_FILE_NAME).conf \ + -extfile $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).conf \ -extensions v3_req - rm -rf $(CRT_LOCATION)/$(THINGS_GRPC_SERVER_CRT_FILE_NAME).csr $(CRT_LOCATION)/$(THINGS_GRPC_SERVER_CRT_FILE_NAME).conf - # Things client grpc certificates - $(file > $(CRT_LOCATION)/$(THINGS_GRPC_CLIENT_CRT_FILE_NAME).conf,$(subst <>,$(THINGS_GRPC_CLIENT_CN),$(GRPC_CERT_CONFIG)) ) + rm -rf $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).csr $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).conf + # Clients client grpc certificates + $(file > $(CRT_LOCATION)/$(CLIENTS_GRPC_CLIENT_CRT_FILE_NAME).conf,$(subst <>,$(CLIENTS_GRPC_CLIENT_CN),$(GRPC_CERT_CONFIG)) ) openssl req -new -sha256 -newkey rsa:4096 -nodes \ - -keyout $(CRT_LOCATION)/$(THINGS_GRPC_CLIENT_CRT_FILE_NAME).key \ - -out $(CRT_LOCATION)/$(THINGS_GRPC_CLIENT_CRT_FILE_NAME).csr \ - -config $(CRT_LOCATION)/$(THINGS_GRPC_CLIENT_CRT_FILE_NAME).conf \ + -keyout $(CRT_LOCATION)/$(CLIENTS_GRPC_CLIENT_CRT_FILE_NAME).key \ + -out $(CRT_LOCATION)/$(CLIENTS_GRPC_CLIENT_CRT_FILE_NAME).csr \ + -config $(CRT_LOCATION)/$(CLIENTS_GRPC_CLIENT_CRT_FILE_NAME).conf \ -extensions v3_req openssl x509 -req -sha256 \ - -in $(CRT_LOCATION)/$(THINGS_GRPC_CLIENT_CRT_FILE_NAME).csr \ + -in $(CRT_LOCATION)/$(CLIENTS_GRPC_CLIENT_CRT_FILE_NAME).csr \ -CA $(CRT_LOCATION)/ca.crt \ -CAkey $(CRT_LOCATION)/ca.key \ -CAcreateserial \ - -out $(CRT_LOCATION)/$(THINGS_GRPC_CLIENT_CRT_FILE_NAME).crt \ + -out $(CRT_LOCATION)/$(CLIENTS_GRPC_CLIENT_CRT_FILE_NAME).crt \ -days 365 \ - -extfile $(CRT_LOCATION)/$(THINGS_GRPC_CLIENT_CRT_FILE_NAME).conf \ + -extfile $(CRT_LOCATION)/$(CLIENTS_GRPC_CLIENT_CRT_FILE_NAME).conf \ -extensions v3_req - rm -rf $(CRT_LOCATION)/$(THINGS_GRPC_CLIENT_CRT_FILE_NAME).csr $(CRT_LOCATION)/$(THINGS_GRPC_CLIENT_CRT_FILE_NAME).conf + rm -rf $(CRT_LOCATION)/$(CLIENTS_GRPC_CLIENT_CRT_FILE_NAME).csr $(CRT_LOCATION)/$(CLIENTS_GRPC_CLIENT_CRT_FILE_NAME).conf auth_grpc_certs: # Auth gRPC server certificate @@ -161,7 +161,7 @@ auth_grpc_certs: -extensions v3_req rm -rf $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).csr $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).conf - + clean_certs: rm -r $(CRT_LOCATION)/*.crt rm -r $(CRT_LOCATION)/*.key diff --git a/docker/ssl/authorization.js b/docker/ssl/authorization.js index 11c7a62..f58379f 100644 --- a/docker/ssl/authorization.js +++ b/docker/ssl/authorization.js @@ -167,7 +167,7 @@ function parseCert(cert, key) { for (var i = 0; i < pairs.length; i++) { var pair = pairs[i].split('='); if (pair[0].toUpperCase() == key) { - return "Thing " + pair[1].replace("\\", "").trim(); + return "Client " + pair[1].replace("\\", "").trim(); } } } diff --git a/go.mod b/go.mod index 77f15d9..618a449 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,6 @@ go 1.23.4 require ( github.com/0x6flab/namegenerator v1.4.0 - github.com/absmach/magistrala v0.15.1 github.com/absmach/supermq v0.16.1-0.20250113091433-3a11b54394b2 github.com/caarlos0/env/v11 v11.3.1 github.com/charmbracelet/huh v0.6.0 diff --git a/go.sum b/go.sum index a710107..9a99c0d 100644 --- a/go.sum +++ b/go.sum @@ -6,8 +6,6 @@ github.com/VividCortex/gohistogram v1.0.0 h1:6+hBz+qvs0JOrrNhhmR7lFxo5sINxBCGXrd github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/absmach/certs v0.0.0-20241014135535-3f118b801054 h1:NsIwp+ueKxDx8XftruA4hz8WUgyWq7eBE344nJt0LJg= github.com/absmach/certs v0.0.0-20241014135535-3f118b801054/go.mod h1:bEAb/HjPztlrMmz8dLeJTke4Tzu9yW3+hY5eldEUtSY= -github.com/absmach/magistrala v0.15.1 h1:3Bk2hlyWcV591LxPYwlvRcyCXTfuZ1g/EkNmU+o3NNQ= -github.com/absmach/magistrala v0.15.1/go.mod h1:9pto6xuBt/IuCtZRdEha0iDQKNQ5tyNOjLXJgUiikYk= github.com/absmach/mgate v0.4.5 h1:l6RmrEsR9jxkdb9WHUSecmT0HA41TkZZQVffFfUAIfI= github.com/absmach/mgate v0.4.5/go.mod h1:IvRIHZexZPEIAPmmaJF0L5DY2ERjj+GxRGitOW4s6qo= github.com/absmach/senml v1.0.6 h1:WPeIl6vQ00k7ghWSZYT/QP0KUxq2+4zQoaC7240pLFk= @@ -126,12 +124,6 @@ github.com/muesli/termenv v0.15.3-0.20240618155329-98d742f6907a h1:2MaM6YC3mGu54 github.com/muesli/termenv v0.15.3-0.20240618155329-98d742f6907a/go.mod h1:hxSnBBYLK21Vtq/PHd0S2FYCxBXzBua8ov5s1RobyRQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/nats-io/nats.go v1.38.0 h1:A7P+g7Wjp4/NWqDOOP/K6hfhr54DvdDQUznt5JFg9XA= -github.com/nats-io/nats.go v1.38.0/go.mod h1:IGUM++TwokGnXPs82/wCuiHS02/aKrdYUQkU8If6yjw= -github.com/nats-io/nkeys v0.4.9 h1:qe9Faq2Gxwi6RZnZMXfmGMZkg3afLLOtrU+gDZJ35b0= -github.com/nats-io/nkeys v0.4.9/go.mod h1:jcMqs+FLG+W5YO36OX6wFIFcmpdAns+w1Wm6D3I/evE= -github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw= -github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= @@ -148,8 +140,6 @@ github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= -github.com/rabbitmq/amqp091-go v1.10.0 h1:STpn5XsHlHGcecLmMFCtg7mqq0RnD+zFr4uzukfVhBw= -github.com/rabbitmq/amqp091-go v1.10.0/go.mod h1:Hy4jKW5kQART1u+JkDTF9YYOQUHXqMuhrgxOEeS7G4o= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= diff --git a/manager/api/endpoint.go b/manager/api/endpoint.go index d524b54..8bc00ba 100644 --- a/manager/api/endpoint.go +++ b/manager/api/endpoint.go @@ -4,7 +4,7 @@ import ( "context" "errors" - "github.com/absmach/magistrala/pkg/apiutil" + apiutil "github.com/absmach/supermq/api/http/util" "github.com/absmach/propeller/manager" pkgerrors "github.com/absmach/propeller/pkg/errors" "github.com/go-kit/kit/endpoint" diff --git a/manager/api/requests.go b/manager/api/requests.go index 6d27c7d..9933bf1 100644 --- a/manager/api/requests.go +++ b/manager/api/requests.go @@ -1,7 +1,7 @@ package api import ( - "github.com/absmach/magistrala/pkg/apiutil" + apiutil "github.com/absmach/supermq/api/http/util" "github.com/absmach/propeller/task" ) diff --git a/manager/api/responses.go b/manager/api/responses.go index a6578de..c3d0835 100644 --- a/manager/api/responses.go +++ b/manager/api/responses.go @@ -3,17 +3,17 @@ package api import ( "net/http" - "github.com/absmach/magistrala" + "github.com/absmach/supermq" "github.com/absmach/propeller/proplet" "github.com/absmach/propeller/task" ) var ( - _ magistrala.Response = (*propletResponse)(nil) - _ magistrala.Response = (*listpropletResponse)(nil) - _ magistrala.Response = (*taskResponse)(nil) - _ magistrala.Response = (*listTaskResponse)(nil) - _ magistrala.Response = (*messageResponse)(nil) + _ supermq.Response = (*propletResponse)(nil) + _ supermq.Response = (*listpropletResponse)(nil) + _ supermq.Response = (*taskResponse)(nil) + _ supermq.Response = (*listTaskResponse)(nil) + _ supermq.Response = (*messageResponse)(nil) ) type propletResponse struct { diff --git a/manager/api/transport.go b/manager/api/transport.go index 554ab9b..505848c 100644 --- a/manager/api/transport.go +++ b/manager/api/transport.go @@ -9,8 +9,8 @@ import ( "net/http" "strings" - "github.com/absmach/magistrala" - "github.com/absmach/magistrala/pkg/apiutil" + "github.com/absmach/supermq" + apiutil "github.com/absmach/supermq/api/http/util" "github.com/absmach/propeller/manager" "github.com/absmach/propeller/pkg/api" "github.com/go-chi/chi/v5" @@ -101,7 +101,7 @@ func MakeHandler(svc manager.Service, logger *slog.Logger, instanceID string) ht }) }) - mux.Get("/health", magistrala.Health("manager", instanceID)) + mux.Get("/health", supermq.Health("manager", instanceID)) mux.Handle("/metrics", promhttp.Handler()) return mux diff --git a/pkg/api/api.go b/pkg/api/api.go index fb28f81..cb44a12 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -6,7 +6,7 @@ import ( "errors" "net/http" - "github.com/absmach/magistrala" + "github.com/absmach/supermq" pkgerrors "github.com/absmach/propeller/pkg/errors" ) @@ -22,7 +22,7 @@ const ( ) func EncodeResponse(_ context.Context, w http.ResponseWriter, response interface{}) error { - if ar, ok := response.(magistrala.Response); ok { + if ar, ok := response.(supermq.Response); ok { for k, v := range ar.Headers() { w.Header().Set(k, v) } diff --git a/pkg/mqtt/pubsub.go b/pkg/mqtt/pubsub.go index ca4b415..b5aadc4 100644 --- a/pkg/mqtt/pubsub.go +++ b/pkg/mqtt/pubsub.go @@ -172,7 +172,7 @@ func (ps *pubsub) mqttHandler(h Handler) mqtt.MessageHandler { } if err := h(m.Topic(), msg); err != nil { - ps.logger.Warn(fmt.Sprintf("Failed to handle Magistrala message: %s", err)) + ps.logger.Warn(fmt.Sprintf("Failed to handle MQTT message: %s", err)) } m.Ack() diff --git a/proplet/service.go b/proplet/service.go index efddabd..3c328dc 100644 --- a/proplet/service.go +++ b/proplet/service.go @@ -31,8 +31,8 @@ var ( type PropletService struct { channelID string - thingID string - thingKey string + clientID string + clientKey string livelinessInterval time.Duration pubsub pkgmqtt.PubSub chunks map[string][][]byte @@ -49,10 +49,10 @@ type ChunkPayload struct { Data []byte `json:"data"` } -func NewService(ctx context.Context, channelID, thingID, thingKey string, livelinessInterval time.Duration, pubsub pkgmqtt.PubSub, logger *slog.Logger, runtime Runtime) (*PropletService, error) { +func NewService(ctx context.Context, channelID, clientID, clientKey string, livelinessInterval time.Duration, pubsub pkgmqtt.PubSub, logger *slog.Logger, runtime Runtime) (*PropletService, error) { topic := fmt.Sprintf(discoveryTopicTemplate, channelID) payload := map[string]interface{}{ - "proplet_id": thingID, + "proplet_id": clientID, "mg_channel_id": channelID, } if err := pubsub.Publish(ctx, topic, payload); err != nil { @@ -61,8 +61,8 @@ func NewService(ctx context.Context, channelID, thingID, thingKey string, liveli p := &PropletService{ channelID: channelID, - thingID: thingID, - thingKey: thingKey, + clientID: clientID, + clientKey: clientKey, livelinessInterval: livelinessInterval, pubsub: pubsub, chunks: make(map[string][][]byte), @@ -90,7 +90,7 @@ func (p *PropletService) startLivelinessUpdates(ctx context.Context) { topic := fmt.Sprintf(aliveTopicTemplate, p.channelID) payload := map[string]interface{}{ "status": "alive", - "proplet_id": p.thingID, + "proplet_id": p.clientID, "mg_channel_id": p.channelID, } From 091cb7853701054d7d72815a1f0f1363bbe43966 Mon Sep 17 00:00:00 2001 From: Rodney Osodo Date: Fri, 24 Jan 2025 11:56:10 +0300 Subject: [PATCH 5/5] fix linter Signed-off-by: Rodney Osodo --- config.go | 2 +- manager/api/endpoint.go | 2 +- manager/api/requests.go | 2 +- manager/api/responses.go | 2 +- manager/api/transport.go | 4 ++-- pkg/api/api.go | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/config.go b/config.go index 7530140..337e86b 100644 --- a/config.go +++ b/config.go @@ -20,7 +20,7 @@ type ManagerConfig struct { } type PropletConfig struct { - ClientID string `toml:"client_id"` + ClientID string `toml:"client_id"` ClientKey string `toml:"client_key"` ChannelID string `toml:"channel_id"` } diff --git a/manager/api/endpoint.go b/manager/api/endpoint.go index 8bc00ba..65a596f 100644 --- a/manager/api/endpoint.go +++ b/manager/api/endpoint.go @@ -4,9 +4,9 @@ import ( "context" "errors" - apiutil "github.com/absmach/supermq/api/http/util" "github.com/absmach/propeller/manager" pkgerrors "github.com/absmach/propeller/pkg/errors" + apiutil "github.com/absmach/supermq/api/http/util" "github.com/go-kit/kit/endpoint" ) diff --git a/manager/api/requests.go b/manager/api/requests.go index 9933bf1..9670b9e 100644 --- a/manager/api/requests.go +++ b/manager/api/requests.go @@ -1,8 +1,8 @@ package api import ( - apiutil "github.com/absmach/supermq/api/http/util" "github.com/absmach/propeller/task" + apiutil "github.com/absmach/supermq/api/http/util" ) type taskReq struct { diff --git a/manager/api/responses.go b/manager/api/responses.go index c3d0835..0e8741c 100644 --- a/manager/api/responses.go +++ b/manager/api/responses.go @@ -3,9 +3,9 @@ package api import ( "net/http" - "github.com/absmach/supermq" "github.com/absmach/propeller/proplet" "github.com/absmach/propeller/task" + "github.com/absmach/supermq" ) var ( diff --git a/manager/api/transport.go b/manager/api/transport.go index 505848c..c03d59a 100644 --- a/manager/api/transport.go +++ b/manager/api/transport.go @@ -9,10 +9,10 @@ import ( "net/http" "strings" - "github.com/absmach/supermq" - apiutil "github.com/absmach/supermq/api/http/util" "github.com/absmach/propeller/manager" "github.com/absmach/propeller/pkg/api" + "github.com/absmach/supermq" + apiutil "github.com/absmach/supermq/api/http/util" "github.com/go-chi/chi/v5" kithttp "github.com/go-kit/kit/transport/http" "github.com/prometheus/client_golang/prometheus/promhttp" diff --git a/pkg/api/api.go b/pkg/api/api.go index cb44a12..9d371fc 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -6,8 +6,8 @@ import ( "errors" "net/http" - "github.com/absmach/supermq" pkgerrors "github.com/absmach/propeller/pkg/errors" + "github.com/absmach/supermq" ) const (