Mainflux.mainflux/things/README.md

# Things

Things service provides an HTTP API for managing platform resources: things and channels.
Through this API clients are able to do the following actions:

- provision new things
- create new channels
- "connect" things into the channels

For an in-depth explanation of the aforementioned scenarios, as well as thorough
understanding of Mainflux, please check out the [official documentation][doc].

## Configuration

The service is configured using the environment variables presented in the
following table. Note that any unset variables will be replaced with their
default values.

| Variable                    | Description                                                            | Default        |
|-----------------------------|------------------------------------------------------------------------|----------------|
| MF_THINGS_LOG_LEVEL         | Log level for Things (debug, info, warn, error)                        | error          |
| MF_THINGS_DB_HOST           | Database host address                                                  | localhost      |
| MF_THINGS_DB_PORT           | Database host port                                                     | 5432           |
| MF_THINGS_DB_USER           | Database user                                                          | mainflux       |
| MF_THINGS_DB_PASS           | Database password                                                      | mainflux       |
| MF_THINGS_DB                | Name of the database used by the service                               | things         |
| MF_THINGS_DB_SSL_MODE       | Database connection SSL mode (disable, require, verify-ca, verify-full)| disable        |
| MF_THINGS_DB_SSL_CERT       | Path to the PEM encoded certificate file                               |                |
| MF_THINGS_DB_SSL_KEY        | Path to the PEM encoded key file                                       |                |
| MF_THINGS_DB_SSL_ROOT_CERT  | Path to the PEM encoded root certificate file                          |                |
| MF_THINGS_CLIENT_TLS        | Flag that indicates if TLS should be turned on                         | false          |
| MF_THINGS_CA_CERTS          | Path to trusted CAs in PEM format                                      |                |
| MF_THINGS_CACHE_URL         | Cache database URL                                                     | localhost:6379 |
| MF_THINGS_CACHE_PASS        | Cache database password                                                |                |
| MF_THINGS_CACHE_DB          | Cache instance that should be used                                     | 0              |
| MF_THINGS_ES_URL            | Event store URL                                                        | localhost:6379 |
| MF_THINGS_ES_PASS           | Event store password                                                   |                |
| MF_THINGS_ES_DB             | Event store instance that should be used                               | 0              |
| MF_THINGS_HTTP_PORT         | Things service HTTP port                                               | 8180           |
| MF_THINGS_AUTH_HTTP_PORT    | Things service auth HTTP port                                          | 8989           |
| MF_THINGS_AUTH_GRPC_PORT    | Things service auth gRPC port                                          | 8181           |
| MF_THINGS_SERVER_CERT       | Path to server certificate in pem format                               | 8181           |
| MF_THINGS_SERVER_KEY        | Path to server key in pem format                                       | 8181           |
| MF_USERS_URL                | Users service URL                                                      | localhost:8181 |
| MF_THINGS_SINGLE_USER_EMAIL | User email for single user mode (no gRPC communication with users)     |                |
| MF_THINGS_SINGLE_USER_TOKEN | User token for single user mode that should be passed in auth header   |                |

**Note** that if you want `things` service to have only one user locally, you should use `MF_THINGS_SINGLE_USER` env vars. By specifying these, you don't need `users` service in your deployment as it won't be used for authorization.

## Deployment

The service itself is distributed as Docker container. The following snippet
provides a compose file template that can be used to deploy the service container
locally:

```yaml
version: "2"
services:
  things:
    image: mainflux/things:[version]
    container_name: [instance name]
    ports:
      - [host machine port]:[configured HTTP port]
    environment:
      MF_THINGS_LOG_LEVEL: [Things log level]
      MF_THINGS_DB_HOST: [Database host address]
      MF_THINGS_DB_PORT: [Database host port]
      MF_THINGS_DB_USER: [Database user]
      MF_THINGS_DB_PASS: [Database password]
      MF_THINGS_DB: [Name of the database used by the service]
      MF_THINGS_DB_SSL_MODE: [SSL mode to connect to the database with]
      MF_THINGS_DB_SSL_CERT: [Path to the PEM encoded certificate file]
      MF_THINGS_DB_SSL_KEY: [Path to the PEM encoded key file]
      MF_THINGS_DB_SSL_ROOT_CERT: [Path to the PEM encoded root certificate file]
      MF_THINGS_CA_CERTS: [Path to trusted CAs in PEM format]
      MF_THINGS_CACHE_URL: [Cache database URL]
      MF_THINGS_CACHE_PASS: [Cache database password]
      MF_THINGS_CACHE_DB: [Cache instance that should be used]
      MF_THINGS_ES_URL: [Event store URL]
      MF_THINGS_ES_PASS: [Event store password]
      MF_THINGS_ES_DB: [Event store instance that should be used]
      MF_THINGS_HTTP_PORT: [Service HTTP port]
      MF_THINGS_AUTH_HTTP_PORT: [Service auth HTTP port]
      MF_THINGS_AUTH_GRPC_PORT: [Service auth gRPC port]
      MF_THINGS_SERVER_CERT: [String path to server cert in pem format]
      MF_THINGS_SERVER_KEY: [String path to server key in pem format]
      MF_USERS_URL: [Users service URL]
      MF_THINGS_SECRET: [String used for signing tokens]
      MF_THINGS_SINGLE_USER_EMAIL: [User email for single user mode (no gRPC communication with users)]
      MF_THINGS_SINGLE_USER_TOKEN: [User token for single user mode that should be passed in auth header]
```

To start the service outside of the container, execute the following shell script:

```bash
# download the latest version of the service
go get github.com/mainflux/mainflux

cd $GOPATH/src/github.com/mainflux/mainflux

# compile the things
make things

# copy binary to bin
make install

# set the environment variables and run the service
MF_THINGS_LOG_LEVEL=[Things log level] MF_THINGS_DB_HOST=[Database host address] MF_THINGS_DB_PORT=[Database host port] MF_THINGS_DB_USER=[Database user] MF_THINGS_DB_PASS=[Database password] MF_THINGS_DB=[Name of the database used by the service] MF_THINGS_DB_SSL_MODE=[SSL mode to connect to the database with] MF_THINGS_DB_SSL_CERT=[Path to the PEM encoded certificate file] MF_THINGS_DB_SSL_KEY=[Path to the PEM encoded key file] MF_THINGS_DB_SSL_ROOT_CERT=[Path to the PEM encoded root certificate file] MF_HTTP_ADAPTER_CA_CERTS=[Path to trusted CAs in PEM format] MF_THINGS_CACHE_URL=[Cache database URL] MF_THINGS_CACHE_PASS=[Cache database password] MF_THINGS_CACHE_DB=[Cache instance that should be used] MF_THINGS_ES_URL=[Event store URL] MF_THINGS_ES_PASS=[Event store password] MF_THINGS_ES_DB=[Event store instance that should be used] MF_THINGS_HTTP_PORT=[Service HTTP port] MF_THINGS_AUTH_HTTP_PORT=[Service auth HTTP port] MF_THINGS_AUTH_GRPC_PORT=[Service auth gRPC port] MF_USERS_URL=[Users service URL] MF_THINGS_SERVER_CERT=[Path to server certificate] MF_THINGS_SERVER_KEY=[Path to server key] MF_THINGS_SINGLE_USER_EMAIL=[User email for single user mode (no gRPC communication with users)] MF_THINGS_SINGLE_USER_TOKEN=[User token for single user mode that should be passed in auth header] $GOBIN/mainflux-things
```

Setting `MF_THINGS_CA_CERTS` expects a file in PEM format of trusted CAs. This will enable TLS against the Users gRPC endpoint trusting only those CAs that are provided.

## Usage

For more information about service capabilities and its usage, please check out
the [API documentation](swagger.yaml).

[doc]: http://mainflux.readthedocs.io