e6e9d22133
* initial commit Signed-off-by: aryan <aryangodara03@gmail.com> * remove unused variables. Signed-off-by: aryan <aryangodara03@gmail.com> * removed temporarily created file. Signed-off-by: aryan <aryangodara03@gmail.com> * Fix failing CI Signed-off-by: aryan <aryangodara03@gmail.com> * Fix thing_test failing cases. Signed-off-by: aryan <aryangodara03@gmail.com> * Remove dead code, debug statements, and add comments. Signed-off-by: aryan <aryangodara03@gmail.com> * Extract errors to separate file. Signed-off-by: aryan <aryangodara03@gmail.com> * Updated things/api/http tests Signed-off-by: aryan <aryangodara03@gmail.com> * Created custom SDK error. Signed-off-by: aryan <aryangodara03@gmail.com> * Changed to using CheckError. All tests passing. Signed-off-by: aryan <aryangodara03@gmail.com> * Replace error interface with errors.SDKError interface. Signed-off-by: aryan <aryangodara03@gmail.com> * Fix failing CI. Signed-off-by: aryan <aryangodara03@gmail.com> * Remove unused sdk errors. Signed-off-by: aryan <aryangodara03@gmail.com> * Change SDKError to error in internal function of sdk package. Signed-off-by: aryan <aryangodara03@gmail.com> * Remove unused error. Signed-off-by: aryan <aryangodara03@gmail.com> * Remove encodeError. All tests working. Signed-off-by: aryan <aryangodara03@gmail.com> * Rename sdkerr vars, convert common strings to constants. Signed-off-by: aryan <aryangodara03@gmail.com> * Change checkerror to take error instead of string. Signed-off-by: aryan <aryangodara03@gmail.com> * Remove unused errors, and removed errfailedwhitelist wrap. Signed-off-by: aryan <aryangodara03@gmail.com> * Removed unused errors, and remove errors.go since it only had a repeated error from errors package Signed-off-by: aryan <aryangodara03@gmail.com> * Remove unused errors. Signed-off-by: aryan <aryangodara03@gmail.com> * Update sdk_error. Signed-off-by: aryan <aryangodara03@gmail.com> * Used function to reduce code for sending and receiving requests. Signed-off-by: aryan <aryangodara03@gmail.com> * Added function sendrequestandgetheadersorerror. Signed-off-by: aryan <aryangodara03@gmail.com> * sdk_error updated. Signed-off-by: aryan <aryangodara03@gmail.com> * Updated function names to processRequest. Signed-off-by: aryan <aryangodara03@gmail.com> * Made errors internal, fixed typo in http. Signed-off-by: aryan <aryangodara03@gmail.com> * Remove empty line. Signed-off-by: aryan <aryangodara03@gmail.com> * merged proceessBody and processHeaders functions in sdk. Signed-off-by: aryan <aryangodara03@gmail.com> * remove sendThingRequest function. Signed-off-by: aryan <aryangodara03@gmail.com> * changed processRequest signature Signed-off-by: aryan <aryangodara03@gmail.com> * changed processRequest signature, changed error names. Signed-off-by: aryan <aryangodara03@gmail.com> Signed-off-by: aryan <aryangodara03@gmail.com> Co-authored-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> |
||
|---|---|---|
| .. | ||
| api | ||
| mocks | ||
| postgres | ||
| redis | ||
| README.md | ||
| configs.go | ||
| doc.go | ||
| reader.go | ||
| reader_test.go | ||
| service.go | ||
| service_test.go | ||
| state.go | ||
README.md
BOOTSTRAP SERVICE
New devices need to be configured properly and connected to the Mainflux. Bootstrap service is used in order to accomplish that. This service provides the following features:
- Creating new Mainflux Things
- Providing basic configuration for the newly created Things
- Enabling/disabling Things
Pre-provisioning a new Thing is as simple as sending Configuration data to the Bootstrap service. Once the Thing is online, it sends a request for initial config to Bootstrap service. Bootstrap service provides an API for enabling and disabling Things. Only enabled Things can exchange messages over Mainflux. Bootstrapping does not implicitly enable Things, it has to be done manually.
In order to bootstrap successfully, the Thing needs to send bootstrapping request to the specific URL, as well as a secret key. This key and URL are pre-provisioned during the manufacturing process. If the Thing is provisioned on the Bootstrap service side, the corresponding configuration will be sent as a response. Otherwise, the Thing will be saved so that it can be provisioned later.
Thing Configuration Entity
Thing Configuration consists of two logical parts: the custom configuration that can be interpreted by the Thing itself and Mainflux-related configuration. Mainflux config contains:
- corresponding Mainflux Thing ID
- corresponding Mainflux Thing key
- list of the Mainflux channels the Thing is connected to
Note: list of channels contains IDs of the Mainflux channels. These channels are pre-provisioned on the Mainflux side and, unlike corresponding Mainflux Thing, Bootstrap service is not able to create Mainflux Channels.
Enabling and disabling Thing (adding Thing to/from whitelist) is as simple as connecting corresponding Mainflux Thing to the given list of Channels. Configuration keeps state of the Thing:
| State | What it means |
|---|---|
| Inactive | Thing is created, but isn't enabled |
| Active | Thing is able to communicate using Mainflux |
Switching between states Active and Inactive enables and disables Thing, respectively.
Thing configuration also contains the so-called external ID and external key. An external ID is a unique identifier of corresponding Thing. For example, a device MAC address is a good choice for external ID. External key is a secret key that is used for authentication during the bootstrapping procedure.
Configuration
The service is configured using the environment variables presented in the following table. Note that any unset variables will be replaced with their default values.
| Variable | Description | Default |
|---|---|---|
| MF_BOOTSTRAP_LOG_LEVEL | Log level for Bootstrap (debug, info, warn, error) | error |
| MF_BOOTSTRAP_DB_HOST | Database host address | localhost |
| MF_BOOTSTRAP_DB_PORT | Database host port | 5432 |
| MF_BOOTSTRAP_DB_USER | Database user | mainflux |
| MF_BOOTSTRAP_DB_PASS | Database password | mainflux |
| MF_BOOTSTRAP_DB | Name of the database used by the service | bootstrap |
| MF_BOOTSTRAP_DB_SSL_MODE | Database connection SSL mode (disable, require, verify-ca, verify-full) | disable |
| MF_BOOTSTRAP_DB_SSL_CERT | Path to the PEM encoded certificate file | |
| MF_BOOTSTRAP_DB_SSL_KEY | Path to the PEM encoded key file | |
| MF_BOOTSTRAP_DB_SSL_ROOT_CERT | Path to the PEM encoded root certificate file | |
| MF_BOOTSTRAP_ENCRYPT_KEY | Secret key for secure bootstrapping encryption | 12345678910111213141516171819202 |
| MF_BOOTSTRAP_CLIENT_TLS | Flag that indicates if TLS should be turned on | false |
| MF_BOOTSTRAP_CA_CERTS | Path to trusted CAs in PEM format | |
| MF_BOOTSTRAP_PORT | Bootstrap service HTTP port | 8180 |
| MF_BOOTSTRAP_SERVER_CERT | Path to server certificate in pem format | |
| MF_BOOTSTRAP_SERVER_KEY | Path to server key in pem format | |
| MF_SDK_BASE_URL | Base url for Mainflux SDK | http://localhost |
| MF_SDK_THINGS_PREFIX | SDK prefix for Things service | |
| MF_THINGS_ES_URL | Things service event source URL | localhost:6379 |
| MF_THINGS_ES_PASS | Things service event source password | |
| MF_THINGS_ES_DB | Things service event source database | 0 |
| MF_BOOTSTRAP_ES_URL | Bootstrap service event source URL | localhost:6379 |
| MF_BOOTSTRAP_ES_PASS | Bootstrap service event source password | |
| MF_BOOTSTRAP_ES_DB | Bootstrap service event source database | 0 |
| MF_BOOTSTRAP_EVENT_CONSUMER | Bootstrap service event source consumer name | bootstrap |
| MF_JAEGER_URL | Jaeger server URL | localhost:6831 |
| MF_AUTH_GRPC_URL | Auth service gRPC URL | localhost:8181 |
| MF_AUTH_GRPC_TIMEOUT | Auth service gRPC request timeout in seconds | 1s |
Deployment
The service itself is distributed as Docker container. Check the boostrap service section in
docker-compose to see how service is deployed.
To start the service outside of the container, execute the following shell script:
# download the latest version of the service
git clone https://github.com/mainflux/mainflux
cd mainflux
# compile the service
make bootstrap
# copy binary to bin
make install
# set the environment variables and run the service
MF_BOOTSTRAP_LOG_LEVEL=[Bootstrap log level] \
MF_BOOTSTRAP_DB_HOST=[Database host address] \
MF_BOOTSTRAP_DB_PORT=[Database host port] \
MF_BOOTSTRAP_DB_USER=[Database user] \
MF_BOOTSTRAP_DB_PASS=[Database password] \
MF_BOOTSTRAP_DB=[Name of the database used by the service] \
MF_BOOTSTRAP_DB_SSL_MODE=[SSL mode to connect to the database with] \
MF_BOOTSTRAP_DB_SSL_CERT=[Path to the PEM encoded certificate file] \
MF_BOOTSTRAP_DB_SSL_KEY=[Path to the PEM encoded key file] \
MF_BOOTSTRAP_DB_SSL_ROOT_CERT=[Path to the PEM encoded root certificate file] \
MF_BOOTSTRAP_ENCRYPT_KEY=[Hex-encoded encryption key used for secure bootstrap] \
MF_BOOTSTRAP_CLIENT_TLS=[Boolean value to enable/disable client TLS] \
MF_BOOTSTRAP_CA_CERTS=[Path to trusted CAs in PEM format] \
MF_BOOTSTRAP_PORT=[Service HTTP port] \
MF_BOOTSTRAP_SERVER_CERT=[Path to server certificate] \
MF_BOOTSTRAP_SERVER_KEY=[Path to server key] \
MF_SDK_BASE_URL=[Base SDK URL for the Mainflux services] \
MF_SDK_THINGS_PREFIX=[SDK prefix for Things service] \
MF_JAEGER_URL=[Jaeger server URL] \
MF_AUTH_GRPC_URL=[Auth service gRPC URL] \
MF_AUTH_GRPC_TIMEOUT=[Auth service gRPC request timeout in seconds] \
$GOBIN/mainflux-bootstrap
Setting MF_BOOTSTRAP_CA_CERTS expects a file in PEM format of trusted CAs. This will enable TLS against the Users gRPC endpoint trusting only those CAs that are provided.
Usage
For more information about service capabilities and its usage, please check out the API documentation.