Skip to content

Commit

Permalink
feat: docu and optimizations
Browse files Browse the repository at this point in the history
  • Loading branch information
@JanZachmann
JanZachmann committed Jun 20, 2024
1 parent ad4eb2f commit 2cf13ab
Show file tree
Hide file tree
Showing 8 changed files with 79 additions and 57 deletions.
2 changes: 1 addition & 1 deletion Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ license = "MIT OR Apache-2.0"
name = "omnect-ui"
readme = "README.md"
repository = "[email protected]:omnect/omnect-ui.git"
version = "0.1.0"
version = "0.1.1"

[dependencies]
actix-files = "0.6"
Expand Down
29 changes: 2 additions & 27 deletions LICENSE-APACHE
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,4 @@
Copyright 2024 conplement AG

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Apache License
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/

Expand Down Expand Up @@ -189,18 +175,7 @@

END OF TERMS AND CONDITIONS

APPENDIX: How to apply the Apache License to your work.

To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.

Copyright {yyyy} {name of copyright owner}
Copyright 2024 conplement AG

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand Down
52 changes: 50 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,60 @@ This module implements a web frontend and backend to provide omnect specific fea

## Install omnect-ui

OMNECT_WAIT_ONLINE_TIMEOUT_IN_SECS
Since omnect-os is designed as generic OS all specific or optional applications must be provided as docker images. There are two options to install omnect-ui on a target:
1. azure iotedge deployment:
- deployement of omnect-ui docker image via omnect-portal to a device in field. The
- device must be online (at least once) in order to receive the deployment
- after a factory reset the omnect-ui must be deployed again what requires a connection to azure again
2. in-factory installation (check [meta-omnect](https://github.com/omnect/meta-omnect) for partition layout):
- inject omnect-ui docker image into factory partition
- omnect-os takes care of installation while first boot and after factory reset

### iotedge deployement

In case it is agreed the omnect takes care to provide omnect-ui as application in omnect-portal. Get into contact with [email protected] if interested.

### Inject into omnect-os image

If omnect-ui must be part of the omnect-os image, several configuration files must injected to an omnect-os firmware image:
1. in all files in config/ folder replace all occurrences of %% *** %% with reasonable values:
1. %%CENTRIFUGO_API_KEY%%: the [API key](https://centrifugal.dev/docs/server/server_api#http-api) should come from a vault
2. %%CENTRIFUGO_TOKEN_HMAC_SECRET_KEY%%: the [HMAC key](https://centrifugal.dev/docs/server/authentication) should come from a vault
3. %%USER%%: user name to be matched on omnect-ui login
4. %PASSWORD%%: password to be matched on omnect-ui login
2. it might be reasonable to adapt other default config values to your needs
3. inject config files via [omnect-cli](https://github.com/omnect/omnect-cli) to omnect-os image
```
# download and copy omnect-ui docker image
omnect-cli docker inject -d omnectsharedstagingacr.azurecr.io/omnect-portal-omnect-ui:latest -e /oci_images/omnect-ui.tar.gz -i my-omnect-os-image.wic
# copy config files
omnect-cli file copy-to-image \
-f omnect-device-service.env,factory:/etc/omnect/omnect-device-service.env \
-f omnect-ui.env,factory:/etc/omnect/omnect-ui.env \
-f publish_endpoints.json,factory:/etc/omnect/publish_endpoints.json \
-f omnect-ui.service,factory:/etc/systemd/system/omnect-ui.service \
-f create-fs-links.txt,factory:/etc/omnect/create-fs-links.txt \
-i my-omnect-os-image.wic
# copy certificates
# only in case not already done (e.g. device provisioned by tpm)
# devices provisioned by x509 usually already have certs injected
omnect-cli identity set-device-certificate \
-d "my-device-id" \
-c omnect-int-ca-iotedge-staging_fullchain.pem \
-k omnect-int-ca-iotedge-staging.key -D 365 \
-i my-omnect-os-image.wic
```

## Access omnect-ui

browser type: https://hostname:1977
omnect-ui can be reached at https://DeviceHostnameOrIp:1977<br>

Login with the configured creadentials<br>
![login](docu/login.png)<br>
Watch device status<br>
![login](docu/main.png)

# License

Expand Down
1 change: 0 additions & 1 deletion config/systemd/omnect-ui.env.template
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,4 @@ CENTRIFUGO_TOKEN_HMAC_SECRET_KEY="%%CENTRIFUGO_TOKEN_HMAC_SECRET_KEY%%"
LOGIN_USER="%%USER%%"
LOGIN_PASSWORD="%%PASSWORD%%"
RUST_LOG="info"
TAG="%%TAG%%"
UI_PORT="1977"
50 changes: 25 additions & 25 deletions config/systemd/omnect-ui.service
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,31 +10,31 @@ Type=oneshot

EnvironmentFile=-/etc/omnect/omnect-ui.env

ExecStart=/bin/bash -c "docker load < /mnt/factory/oci_images/omnect-ui.tar.gz; \
docker run -d --restart always --name omnect-ui \
--user $(id -u omnect_device_socket):$(id -g omnect_device_socket) \
--mount type=bind,source=/run/omnect-device-service/api.sock,target=/socket/api.sock \
-v /mnt/cert/priv:/cert \
-p ${UI_PORT}:${UI_PORT} \
-p ${CENTRIFUGO_PORT}:${CENTRIFUGO_PORT} \
-e UI_PORT=${UI_PORT} \
-e CENTRIFUGO_ALLOW_HISTORY_FOR_CLIENT=true \
-e CENTRIFUGO_ALLOW_SUBSCRIBE_FOR_CLIENT=true \
-e CENTRIFUGO_ALLOWED_ORIGINS=https://$(hostname | tr [:upper:] [:lower:]):${UI_PORT} \
-e CENTRIFUGO_API_KEY=${CENTRIFUGO_API_KEY} \
-e CENTRIFUGO_HISTORY_SIZE=1 \
-e CENTRIFUGO_HISTORY_TTL=720h \
-e CENTRIFUGO_PORT=${CENTRIFUGO_PORT} \
-e CENTRIFUGO_TLS=true \
-e CENTRIFUGO_TLS_CERT=/cert/device_id_cert.pem \
-e CENTRIFUGO_TLS_KEY=/cert/device_id_cert_key.pem \
-e CENTRIFUGO_TOKEN_HMAC_SECRET_KEY=${CENTRIFUGO_TOKEN_HMAC_SECRET_KEY} \
-e LOGIN_USER=${LOGIN_USER} \
-e LOGIN_PASSWORD=${LOGIN_PASSWORD} \
-e SOCKET_PATH=/socket/api.sock \
-e SSL_CERT_PATH=/cert/device_id_cert.pem \
-e SSL_KEY_PATH=/cert/device_id_cert_key.pem \
omnectshareddevacr.azurecr.io/omnect-ui:${TAG}"
ExecStart=/bin/bash -c 'FULL_TAG=$(docker load < /mnt/factory/oci_images/omnect-ui.tar.gz | grep "Loaded image: " | cut -d ':' -f2) ; \
docker run -d --restart always --name omnect-ui \
--user $(id -u omnect_device_socket):$(id -g omnect_device_socket) \
--mount type=bind,source=/run/omnect-device-service/api.sock,target=/socket/api.sock \
-v /mnt/cert/priv:/cert \
-p ${UI_PORT}:${UI_PORT} \
-p ${CENTRIFUGO_PORT}:${CENTRIFUGO_PORT} \
-e UI_PORT=${UI_PORT} \
-e CENTRIFUGO_ALLOW_HISTORY_FOR_CLIENT=true \
-e CENTRIFUGO_ALLOW_SUBSCRIBE_FOR_CLIENT=true \
-e CENTRIFUGO_ALLOWED_ORIGINS=* \
-e CENTRIFUGO_API_KEY=${CENTRIFUGO_API_KEY} \
-e CENTRIFUGO_HISTORY_SIZE=1 \
-e CENTRIFUGO_HISTORY_TTL=720h \
-e CENTRIFUGO_PORT=${CENTRIFUGO_PORT} \
-e CENTRIFUGO_TLS=true \
-e CENTRIFUGO_TLS_CERT=/cert/device_id_cert.pem \
-e CENTRIFUGO_TLS_KEY=/cert/device_id_cert_key.pem \
-e CENTRIFUGO_TOKEN_HMAC_SECRET_KEY=${CENTRIFUGO_TOKEN_HMAC_SECRET_KEY} \
-e LOGIN_USER=${LOGIN_USER} \
-e LOGIN_PASSWORD=${LOGIN_PASSWORD} \
-e SOCKET_PATH=/socket/api.sock \
-e SSL_CERT_PATH=/cert/device_id_cert.pem \
-e SSL_KEY_PATH=/cert/device_id_cert_key.pem \
$${FULL_TAG}'

RemainAfterExit=true

Expand Down
Binary file added docu/login.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docu/main.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit 2cf13ab

Please sign in to comment.