diff --git a/application/src/main/resources/thingsboard.yml b/application/src/main/resources/thingsboard.yml index 69b1cd78a2..24cea0e4af 100644 --- a/application/src/main/resources/thingsboard.yml +++ b/application/src/main/resources/thingsboard.yml @@ -19,12 +19,18 @@ server: address: "${HTTP_BIND_ADDRESS:0.0.0.0}" # Server bind port port: "${HTTP_BIND_PORT:8080}" -# Uncomment the following section to enable ssl -# ssl: -# key-store: classpath:keystore/keystore.p12 -# key-store-password: thingsboard -# keyStoreType: PKCS12 -# keyAlias: tomcat + # Server SSL configuration + ssl: + # Enable/disable SSL support + enabled: "${SSL_ENABLED:false}" + # Path to the key store that holds the SSL certificate + key-store: "${SSL_KEY_STORE:classpath:keystore/keystore.p12}" + # Password used to access the key store + key-store-password: "${SSL_KEY_STORE_PASSWORD:thingsboard}" + # Type of the key store + key-store-type: "${SSL_KEY_STORE_TYPE:PKCS12}" + # Alias that identifies the key in the key store + key-alias: "${SSL_KEY_ALIAS:tomcat}" # Zookeeper connection parameters. Used for service discovery. zk: @@ -60,10 +66,10 @@ plugins: # JWT Token parameters security.jwt: - tokenExpirationTime: "${JWT_TOKEN_EXPIRATION_TIME:9000000}" # Number of seconds (15 mins) - refreshTokenExpTime: "${JWT_REFRESH_TOKEN_EXPIRATION_TIME:36000000}" # Seconds (1 hour) - tokenIssuer: "${JWT_TOKEN_ISSUER:thingsboard.io}" - tokenSigningKey: "${JWT_TOKEN_SIGNING_KEY:thingsboardDefaultSigningKey}" + token-expiration-time: "${JWT_TOKEN_EXPIRATION_TIME:9000000}" # Number of seconds (15 mins) + refresh-token-exp-time: "${JWT_REFRESH_TOKEN_EXPIRATION_TIME:36000000}" # Seconds (1 hour) + token-issuer: "${JWT_TOKEN_ISSUER:thingsboard.io}" + token-signing-key: "${JWT_TOKEN_SIGNING_KEY:thingsboardDefaultSigningKey}" # Device communication protocol parameters http: @@ -79,12 +85,18 @@ mqtt: leak_detector_level: "${NETTY_LEASK_DETECTOR_LVL:DISABLED}" boss_group_thread_count: "${NETTY_BOSS_GROUP_THREADS:1}" worker_group_thread_count: "${NETTY_WORKER_GROUP_THREADS:12}" -# Uncomment the following lines to enable ssl for MQTT -# ssl: -# key_store: mqttserver.jks -# key_store_password: server_ks_password -# key_password: server_key_password -# key_store_type: JKS + # MQTT SSL configuration + ssl: + # Enable/disable SSL support + enabled: "${MQTT_SSL_ENABLED:false}" + # Path to the key store that holds the SSL certificate + key_store: "${MQTT_SSL_KEY_STORE:mqttserver.jks}" + # Password used to access the key store + key_store_password: "${MQTT_SSL_KEY_STORE_PASSWORD:server_ks_password}" + # Password used to access the key + key_password: "${MQTT_SSL_KEY_PASSWORD:server_key_password}" + # Type of the key store + key_store_type: "${MQTT_SSL_KEY_STORE_TYPE:JKS}" # CoAP server parameters coap: diff --git a/dao/src/main/java/org/thingsboard/server/dao/cache/ServiceCacheConfiguration.java b/dao/src/main/java/org/thingsboard/server/dao/cache/ServiceCacheConfiguration.java index b4fbc65507..7c435bf779 100644 --- a/dao/src/main/java/org/thingsboard/server/dao/cache/ServiceCacheConfiguration.java +++ b/dao/src/main/java/org/thingsboard/server/dao/cache/ServiceCacheConfiguration.java @@ -45,7 +45,6 @@ public class ServiceCacheConfiguration { @Value("${cache.device_credentials.time_to_live}") private Integer cacheDeviceCredentialsTTL; - @Value("${zk.enabled}") private boolean zkEnabled; @Value("${zk.url}") diff --git a/docker/deploy.sh b/docker/cassandra/Dockerfile old mode 100755 new mode 100644 similarity index 69% rename from docker/deploy.sh rename to docker/cassandra/Dockerfile index ed69f7b0c7..ec8117358f --- a/docker/deploy.sh +++ b/docker/cassandra/Dockerfile @@ -1,4 +1,3 @@ -#!/bin/bash # # Copyright © 2016-2017 The Thingsboard Authors # @@ -15,17 +14,8 @@ # limitations under the License. # +FROM cassandra:3.9 -command='docker-compose -f docker-compose.yml -f docker-compose.random.yml' +COPY ready-probe.sh / -echo "stopping images.." -$command stop - -echo "removing stopped images.." -$command rm -f - -echo "building images.." -$command build - -echo "starting images..." -$command up -d +CMD ["cassandra", "-f"] \ No newline at end of file diff --git a/docker/cassandra/Makefile b/docker/cassandra/Makefile new file mode 100644 index 0000000000..cb577cb502 --- /dev/null +++ b/docker/cassandra/Makefile @@ -0,0 +1,9 @@ +VERSION=k8stest +PROJECT=thingsboard +APP=cassandra + +build: + docker build --pull -t ${PROJECT}/${APP}:${VERSION} . + +push: build + docker push ${PROJECT}/${APP}:${VERSION} \ No newline at end of file diff --git a/docker/cassandra/cassandra.yaml b/docker/cassandra/cassandra.yaml new file mode 100644 index 0000000000..24312ae562 --- /dev/null +++ b/docker/cassandra/cassandra.yaml @@ -0,0 +1,132 @@ +# +# Copyright © 2016-2017 The Thingsboard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: v1 +kind: Service +metadata: + name: cassandra-headless + labels: + app: cassandra-headless +spec: + ports: + - port: 9042 + name: cql + clusterIP: None + selector: + app: cassandra +--- +apiVersion: "apps/v1beta1" +kind: StatefulSet +metadata: + name: cassandra +spec: + serviceName: cassandra-headless + replicas: 2 + template: + metadata: + labels: + app: cassandra + spec: + nodeSelector: + machinetype: other + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - cassandra-headless + topologyKey: "kubernetes.io/hostname" + containers: + - name: cassandra + image: thingsboard/cassandra:k8stest + imagePullPolicy: Always + ports: + - containerPort: 7000 + name: intra-node + - containerPort: 7001 + name: tls-intra-node + - containerPort: 7199 + name: jmx + - containerPort: 9042 + name: cql + - containerPort: 9160 + name: thrift + securityContext: + capabilities: + add: + - IPC_LOCK + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "PID=$(pidof java) && kill $PID && while ps -p $PID > /dev/null; do sleep 1; done"] + env: + - name: MAX_HEAP_SIZE + value: 2048M + - name: HEAP_NEWSIZE + value: 100M + - name: CASSANDRA_SEEDS + value: "cassandra-0.cassandra-headless.default.svc.cluster.local" + - name: CASSANDRA_CLUSTER_NAME + value: "K8Demo" + - name: CASSANDRA_DC + value: "DC1-K8Demo" + - name: CASSANDRA_RACK + value: "Rack1-K8Demo" + - name: CASSANDRA_AUTO_BOOTSTRAP + value: "false" + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + readinessProbe: + exec: + command: + - /bin/bash + - -c + - /ready-probe.sh + initialDelaySeconds: 15 + timeoutSeconds: 5 + volumeMounts: + - name: cassandra-data + mountPath: /var/lib/cassandra/data + - name: cassandra-commitlog + mountPath: /var/lib/cassandra/commitlog + volumeClaimTemplates: + - metadata: + name: cassandra-data + annotations: + volume.beta.kubernetes.io/storage-class: fast + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 3Gi + - metadata: + name: cassandra-commitlog + annotations: + volume.beta.kubernetes.io/storage-class: fast + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 2Gi \ No newline at end of file diff --git a/docker/thingsboard/build_and_deploy.sh b/docker/cassandra/ready-probe.sh similarity index 71% rename from docker/thingsboard/build_and_deploy.sh rename to docker/cassandra/ready-probe.sh index 71dda84847..68faf927fe 100755 --- a/docker/thingsboard/build_and_deploy.sh +++ b/docker/cassandra/ready-probe.sh @@ -15,12 +15,14 @@ # limitations under the License. # - -cp ../../application/target/thingsboard.deb thingsboard.deb - -docker build -t thingsboard/application:1.2.3 -t thingsboard/application:latest . - -docker login - -docker push thingsboard/application:1.2.3 -docker push thingsboard/application:latest \ No newline at end of file +if [[ $(nodetool status | grep $POD_IP) == *"UN"* ]]; then + if [[ $DEBUG ]]; then + echo "UN"; + fi + exit 0; +else + if [[ $DEBUG ]]; then + echo "Not Up"; + fi + exit 1; +fi \ No newline at end of file diff --git a/docker/deploy_cassandra_zookeeper.sh b/docker/common/common.yaml old mode 100755 new mode 100644 similarity index 64% rename from docker/deploy_cassandra_zookeeper.sh rename to docker/common/common.yaml index a116e2130e..f650118efd --- a/docker/deploy_cassandra_zookeeper.sh +++ b/docker/common/common.yaml @@ -1,4 +1,3 @@ -#!/bin/bash # # Copyright © 2016-2017 The Thingsboard Authors # @@ -15,17 +14,20 @@ # limitations under the License. # - -command='docker-compose -f docker-compose.yml -f docker-compose.static.yml' - -echo "stopping images.." -$command stop - -echo "removing stopped images.." -$command rm -f - -echo "building images.." -$command build - -echo "starting cassandra, zookeeper, thingsboard-db-schema images..." -$command up -d db zk thingsboard-db-schema +--- +apiVersion: storage.k8s.io/v1beta1 +kind: StorageClass +metadata: + name: slow +provisioner: kubernetes.io/gce-pd +parameters: + type: pd-standard +--- +apiVersion: storage.k8s.io/v1beta1 +kind: StorageClass +metadata: + name: fast +provisioner: kubernetes.io/gce-pd +parameters: + type: pd-ssd +--- \ No newline at end of file diff --git a/docker/thingsboard-db-schema/Makefile b/docker/thingsboard-db-schema/Makefile new file mode 100644 index 0000000000..604520e90d --- /dev/null +++ b/docker/thingsboard-db-schema/Makefile @@ -0,0 +1,13 @@ +VERSION=k8stest +PROJECT=thingsboard +APP=thingsboard-db-schema + +build: + cp ../../dao/src/main/resources/schema.cql . + cp ../../dao/src/main/resources/demo-data.cql . + cp ../../dao/src/main/resources/system-data.cql . + docker build --pull -t ${PROJECT}/${APP}:${VERSION} . + rm schema.cql demo-data.cql system-data.cql + +push: build + docker push ${PROJECT}/${APP}:${VERSION} \ No newline at end of file diff --git a/docker/thingsboard-db-schema/install_schema.sh b/docker/thingsboard-db-schema/install_schema.sh index f113b90a69..279711933c 100644 --- a/docker/thingsboard-db-schema/install_schema.sh +++ b/docker/thingsboard-db-schema/install_schema.sh @@ -16,7 +16,7 @@ # -until nmap db -p 9042 | grep "9042/tcp open" +until nmap $CASSANDRA_URL -p 9042 | grep "9042/tcp open" do echo "Wait for Cassandra..." sleep 10 @@ -24,7 +24,7 @@ done if [ "$SKIP_SCHEMA_CREATION" == "false" ]; then echo "Creating 'Thingsboard' keyspace..." - cqlsh db -f /root/schema.cql + cqlsh $CASSANDRA_URL -f /root/schema.cql if [ "$?" -eq 0 ]; then echo "'Thingsboard' keyspace was successfully created!" else @@ -34,7 +34,7 @@ fi if [ "$SKIP_SYSTEM_DATA" == "false" ]; then echo "Adding system data..." - cqlsh db -f /root/system-data.cql + cqlsh $CASSANDRA_URL -f /root/system-data.cql if [ "$?" -eq 0 ]; then echo "System data was successfully added!" else @@ -44,7 +44,7 @@ fi if [ "$SKIP_DEMO_DATA" == "false" ]; then echo "Adding demo data..." - cqlsh db -f /root/demo-data.cql + cqlsh $CASSANDRA_URL -f /root/demo-data.cql if [ "$?" -eq 0 ]; then echo "Demo data was successfully added!" else diff --git a/docker/thingsboard-db-schema/thingsboard-db-schema.yaml b/docker/thingsboard-db-schema/thingsboard-db-schema.yaml new file mode 100644 index 0000000000..6d6040f2eb --- /dev/null +++ b/docker/thingsboard-db-schema/thingsboard-db-schema.yaml @@ -0,0 +1,39 @@ +# +# Copyright © 2016-2017 The Thingsboard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: v1 +kind: Pod +metadata: + name: tb-db-schema +spec: + containers: + - name: tb-db-schema + imagePullPolicy: Always + image: thingsboard/thingsboard-db-schema:k8stest + env: + - name: SKIP_SCHEMA_CREATION + value: "false" + - name: SKIP_SYSTEM_DATA + value: "false" + - name : SKIP_DEMO_DATA + value: "false" + - name : CASSANDRA_URL + value: "cassandra-headless" + command: + - sh + - -c + - ./install_schema.sh + restartPolicy: Never \ No newline at end of file diff --git a/docker/thingsboard/Makefile b/docker/thingsboard/Makefile new file mode 100644 index 0000000000..000968e447 --- /dev/null +++ b/docker/thingsboard/Makefile @@ -0,0 +1,11 @@ +VERSION=k8stest +PROJECT=thingsboard +APP=application + +build: + cp ../../application/target/thingsboard.deb . + docker build --pull -t ${PROJECT}/${APP}:${VERSION} . + rm thingsboard.deb + +push: build + docker push ${PROJECT}/${APP}:${VERSION} \ No newline at end of file diff --git a/docker/thingsboard/thingsboard.yaml b/docker/thingsboard/thingsboard.yaml new file mode 100644 index 0000000000..f03f49bcf1 --- /dev/null +++ b/docker/thingsboard/thingsboard.yaml @@ -0,0 +1,121 @@ +# +# Copyright © 2016-2017 The Thingsboard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- +apiVersion: v1 +kind: Service +metadata: + name: tb-service + labels: + app: tb-service +spec: + ports: + - port: 8080 + name: ui + - port: 1883 + name: mqtt + - port: 5683 + name: coap + selector: + app: tb + type: LoadBalancer +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: tb-budget +spec: + selector: + matchLabels: + app: tb + minAvailable: 3 +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: tb-config +data: + zookeeper.enabled: "true" + zookeeper.url: "zk-headless" + cassandra.url: "cassandra-headless:9042" +--- +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: tb +spec: + serviceName: "tb-service" + replicas: 3 + template: + metadata: + labels: + app: tb + spec: + nodeSelector: + machinetype: tb + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - tb-service + topologyKey: "kubernetes.io/hostname" + containers: + - name: tb + imagePullPolicy: Always + image: thingsboard/application:k8stest + ports: + - containerPort: 8080 + name: ui + - containerPort: 1883 + name: mqtt + - containerPort: 5683 + name: coap + - containerPort: 9001 + name: rpc + env: + - name: ZOOKEEPER_ENABLED + valueFrom: + configMapKeyRef: + name: tb-config + key: zookeeper.enabled + - name: ZOOKEEPER_URL + valueFrom: + configMapKeyRef: + name: tb-config + key: zookeeper.url + - name : CASSANDRA_URL + valueFrom: + configMapKeyRef: + name: tb-config + key: cassandra.url + - name : RPC_HOST + valueFrom: + fieldRef: + fieldPath: status.podIP + command: + - sh + - -c + - ./run_thingsboard.sh + livenessProbe: + httpGet: + path: /login + port: ui-port + initialDelaySeconds: 120 + timeoutSeconds: 10 \ No newline at end of file diff --git a/docker/zookeeper/Dockerfile b/docker/zookeeper/Dockerfile new file mode 100644 index 0000000000..7d3480e825 --- /dev/null +++ b/docker/zookeeper/Dockerfile @@ -0,0 +1,71 @@ +# +# Copyright © 2016-2017 The Thingsboard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +FROM ubuntu:16.04 +ENV ZK_USER=zookeeper \ +ZK_DATA_DIR=/var/lib/zookeeper/data \ +ZK_DATA_LOG_DIR=/var/lib/zookeeper/log \ +ZK_LOG_DIR=/var/log/zookeeper \ +JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64 + +ARG GPG_KEY=C823E3E5B12AF29C67F81976F5CECB3CB5E9BD2D +ARG ZK_DIST=zookeeper-3.4.9 +RUN set -x \ + && apt-get update \ + && apt-get install -y openjdk-8-jre-headless wget netcat-openbsd \ + && wget -q "http://www.apache.org/dist/zookeeper/$ZK_DIST/$ZK_DIST.tar.gz" \ + && wget -q "http://www.apache.org/dist/zookeeper/$ZK_DIST/$ZK_DIST.tar.gz.asc" \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-key "$GPG_KEY" \ + && gpg --batch --verify "$ZK_DIST.tar.gz.asc" "$ZK_DIST.tar.gz" \ + && tar -xzf "$ZK_DIST.tar.gz" -C /opt \ + && rm -r "$GNUPGHOME" "$ZK_DIST.tar.gz" "$ZK_DIST.tar.gz.asc" \ + && ln -s /opt/$ZK_DIST /opt/zookeeper \ + && rm -rf /opt/zookeeper/CHANGES.txt \ + /opt/zookeeper/README.txt \ + /opt/zookeeper/NOTICE.txt \ + /opt/zookeeper/CHANGES.txt \ + /opt/zookeeper/README_packaging.txt \ + /opt/zookeeper/build.xml \ + /opt/zookeeper/config \ + /opt/zookeeper/contrib \ + /opt/zookeeper/dist-maven \ + /opt/zookeeper/docs \ + /opt/zookeeper/ivy.xml \ + /opt/zookeeper/ivysettings.xml \ + /opt/zookeeper/recipes \ + /opt/zookeeper/src \ + /opt/zookeeper/$ZK_DIST.jar.asc \ + /opt/zookeeper/$ZK_DIST.jar.md5 \ + /opt/zookeeper/$ZK_DIST.jar.sha1 \ + && apt-get autoremove -y wget \ + && rm -rf /var/lib/apt/lists/* + +#Copy configuration generator script to bin +COPY zkGenConfig.sh zkOk.sh /opt/zookeeper/bin/ + +# Create a user for the zookeeper process and configure file system ownership +# for nessecary directories and symlink the distribution as a user executable +RUN set -x \ + && useradd $ZK_USER \ + && [ `id -u $ZK_USER` -eq 1000 ] \ + && [ `id -g $ZK_USER` -eq 1000 ] \ + && mkdir -p $ZK_DATA_DIR $ZK_DATA_LOG_DIR $ZK_LOG_DIR /usr/share/zookeeper /tmp/zookeeper /usr/etc/ \ + && chown -R "$ZK_USER:$ZK_USER" /opt/$ZK_DIST $ZK_DATA_DIR $ZK_LOG_DIR $ZK_DATA_LOG_DIR /tmp/zookeeper \ + && ln -s /opt/zookeeper/conf/ /usr/etc/zookeeper \ + && ln -s /opt/zookeeper/bin/* /usr/bin \ + && ln -s /opt/zookeeper/$ZK_DIST.jar /usr/share/zookeeper/ \ + && ln -s /opt/zookeeper/lib/* /usr/share/zookeeper diff --git a/docker/zookeeper/Makefile b/docker/zookeeper/Makefile new file mode 100644 index 0000000000..b179f07291 --- /dev/null +++ b/docker/zookeeper/Makefile @@ -0,0 +1,9 @@ +VERSION=k8stest +PROJECT=thingsboard +APP=zk + +build: + docker build --pull -t ${PROJECT}/${APP}:${VERSION} . + +push: build + docker push ${PROJECT}/${APP}:${VERSION} diff --git a/docker/zookeeper/zkGenConfig.sh b/docker/zookeeper/zkGenConfig.sh new file mode 100755 index 0000000000..02fde70fa1 --- /dev/null +++ b/docker/zookeeper/zkGenConfig.sh @@ -0,0 +1,153 @@ +#!/usr/bin/env bash +# +# Copyright © 2016-2017 The Thingsboard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +ZK_USER=${ZK_USER:-"zookeeper"} +ZK_LOG_LEVEL=${ZK_LOG_LEVEL:-"INFO"} +ZK_DATA_DIR=${ZK_DATA_DIR:-"/var/lib/zookeeper/data"} +ZK_DATA_LOG_DIR=${ZK_DATA_LOG_DIR:-"/var/lib/zookeeper/log"} +ZK_LOG_DIR=${ZK_LOG_DIR:-"var/log/zookeeper"} +ZK_CONF_DIR=${ZK_CONF_DIR:-"/opt/zookeeper/conf"} +ZK_CLIENT_PORT=${ZK_CLIENT_PORT:-2181} +ZK_SERVER_PORT=${ZK_SERVER_PORT:-2888} +ZK_ELECTION_PORT=${ZK_ELECTION_PORT:-3888} +ZK_TICK_TIME=${ZK_TICK_TIME:-2000} +ZK_INIT_LIMIT=${ZK_INIT_LIMIT:-10} +ZK_SYNC_LIMIT=${ZK_SYNC_LIMIT:-5} +ZK_HEAP_SIZE=${ZK_HEAP_SIZE:-2G} +ZK_MAX_CLIENT_CNXNS=${ZK_MAX_CLIENT_CNXNS:-60} +ZK_MIN_SESSION_TIMEOUT=${ZK_MIN_SESSION_TIMEOUT:- $((ZK_TICK_TIME*2))} +ZK_MAX_SESSION_TIMEOUT=${ZK_MAX_SESSION_TIMEOUT:- $((ZK_TICK_TIME*20))} +ZK_SNAP_RETAIN_COUNT=${ZK_SNAP_RETAIN_COUNT:-3} +ZK_PURGE_INTERVAL=${ZK_PURGE_INTERVAL:-0} +ID_FILE="$ZK_DATA_DIR/myid" +ZK_CONFIG_FILE="$ZK_CONF_DIR/zoo.cfg" +LOGGER_PROPS_FILE="$ZK_CONF_DIR/log4j.properties" +JAVA_ENV_FILE="$ZK_CONF_DIR/java.env" +HOST=`hostname -s` +DOMAIN=`hostname -d` + +function print_servers() { + for (( i=1; i<=$ZK_REPLICAS; i++ )) + do + echo "server.$i=$NAME-$((i-1)).$DOMAIN:$ZK_SERVER_PORT:$ZK_ELECTION_PORT" + done +} + +function validate_env() { + echo "Validating environment" + if [ -z $ZK_REPLICAS ]; then + echo "ZK_REPLICAS is a mandatory environment variable" + exit 1 + fi + + if [[ $HOST =~ (.*)-([0-9]+)$ ]]; then + NAME=${BASH_REMATCH[1]} + ORD=${BASH_REMATCH[2]} + else + echo "Failed to extract ordinal from hostname $HOST" + exit 1 + fi + MY_ID=$((ORD+1)) + echo "ZK_REPLICAS=$ZK_REPLICAS" + echo "MY_ID=$MY_ID" + echo "ZK_LOG_LEVEL=$ZK_LOG_LEVEL" + echo "ZK_DATA_DIR=$ZK_DATA_DIR" + echo "ZK_DATA_LOG_DIR=$ZK_DATA_LOG_DIR" + echo "ZK_LOG_DIR=$ZK_LOG_DIR" + echo "ZK_CLIENT_PORT=$ZK_CLIENT_PORT" + echo "ZK_SERVER_PORT=$ZK_SERVER_PORT" + echo "ZK_ELECTION_PORT=$ZK_ELECTION_PORT" + echo "ZK_TICK_TIME=$ZK_TICK_TIME" + echo "ZK_INIT_LIMIT=$ZK_INIT_LIMIT" + echo "ZK_SYNC_LIMIT=$ZK_SYNC_LIMIT" + echo "ZK_MAX_CLIENT_CNXNS=$ZK_MAX_CLIENT_CNXNS" + echo "ZK_MIN_SESSION_TIMEOUT=$ZK_MIN_SESSION_TIMEOUT" + echo "ZK_MAX_SESSION_TIMEOUT=$ZK_MAX_SESSION_TIMEOUT" + echo "ZK_HEAP_SIZE=$ZK_HEAP_SIZE" + echo "ZK_SNAP_RETAIN_COUNT=$ZK_SNAP_RETAIN_COUNT" + echo "ZK_PURGE_INTERVAL=$ZK_PURGE_INTERVAL" + echo "ENSEMBLE" + print_servers + echo "Environment validation successful" +} + +function create_config() { + rm -f $ZK_CONFIG_FILE + echo "Creating ZooKeeper configuration" + echo "#This file was autogenerated by zk DO NOT EDIT" >> $ZK_CONFIG_FILE + echo "clientPort=$ZK_CLIENT_PORT" >> $ZK_CONFIG_FILE + echo "dataDir=$ZK_DATA_DIR" >> $ZK_CONFIG_FILE + echo "dataLogDir=$ZK_DATA_LOG_DIR" >> $ZK_CONFIG_FILE + echo "tickTime=$ZK_TICK_TIME" >> $ZK_CONFIG_FILE + echo "initLimit=$ZK_INIT_LIMIT" >> $ZK_CONFIG_FILE + echo "syncLimit=$ZK_SYNC_LIMIT" >> $ZK_CONFIG_FILE + echo "maxClientCnxns=$ZK_MAX_CLIENT_CNXNS" >> $ZK_CONFIG_FILE + echo "minSessionTimeout=$ZK_MIN_SESSION_TIMEOUT" >> $ZK_CONFIG_FILE + echo "maxSessionTimeout=$ZK_MAX_SESSION_TIMEOUT" >> $ZK_CONFIG_FILE + echo "autopurge.snapRetainCount=$ZK_SNAP_RETAIN_COUNT" >> $ZK_CONFIG_FILE + echo "autopurge.purgeInteval=$ZK_PURGE_INTERVAL" >> $ZK_CONFIG_FILE + + if [ $ZK_REPLICAS -gt 1 ]; then + print_servers >> $ZK_CONFIG_FILE + fi + echo "Wrote ZooKeeper configuration file to $ZK_CONFIG_FILE" +} + +function create_data_dirs() { + echo "Creating ZooKeeper data directories and setting permissions" + if [ ! -d $ZK_DATA_DIR ]; then + mkdir -p $ZK_DATA_DIR + chown -R $ZK_USER:$ZK_USER $ZK_DATA_DIR + fi + + if [ ! -d $ZK_DATA_LOG_DIR ]; then + mkdir -p $ZK_DATA_LOG_DIR + chown -R $ZK_USER:$ZK_USER $ZK_DATA_LOG_DIR + fi + + if [ ! -d $ZK_LOG_DIR ]; then + mkdir -p $ZK_LOG_DIR + chown -R $ZK_USER:$ZK_USER $ZK_LOG_DIR + fi + if [ ! -f $ID_FILE ]; then + echo $MY_ID >> $ID_FILE + fi + echo "Created ZooKeeper data directories and set permissions in $ZK_DATA_DIR" +} + +function create_log_props () { + rm -f $LOGGER_PROPS_FILE + echo "Creating ZooKeeper log4j configuration" + echo "zookeeper.root.logger=CONSOLE" >> $LOGGER_PROPS_FILE + echo "zookeeper.console.threshold="$ZK_LOG_LEVEL >> $LOGGER_PROPS_FILE + echo "log4j.rootLogger=\${zookeeper.root.logger}" >> $LOGGER_PROPS_FILE + echo "log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender" >> $LOGGER_PROPS_FILE + echo "log4j.appender.CONSOLE.Threshold=\${zookeeper.console.threshold}" >> $LOGGER_PROPS_FILE + echo "log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout" >> $LOGGER_PROPS_FILE + echo "log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} [myid:%X{myid}] - %-5p [%t:%C{1}@%L] - %m%n" >> $LOGGER_PROPS_FILE + echo "Wrote log4j configuration to $LOGGER_PROPS_FILE" +} + +function create_java_env() { + rm -f $JAVA_ENV_FILE + echo "Creating JVM configuration file" + echo "ZOO_LOG_DIR=$ZK_LOG_DIR" >> $JAVA_ENV_FILE + echo "JVMFLAGS=\"-Xmx$ZK_HEAP_SIZE -Xms$ZK_HEAP_SIZE\"" >> $JAVA_ENV_FILE + echo "Wrote JVM configuration to $JAVA_ENV_FILE" +} + +validate_env && create_config && create_log_props && create_data_dirs && create_java_env diff --git a/docker/thingsboard-db-schema/build_and_deploy.sh b/docker/zookeeper/zkOk.sh similarity index 59% rename from docker/thingsboard-db-schema/build_and_deploy.sh rename to docker/zookeeper/zkOk.sh index f5d586f51c..449a0fdfa0 100755 --- a/docker/thingsboard-db-schema/build_and_deploy.sh +++ b/docker/zookeeper/zkOk.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Copyright © 2016-2017 The Thingsboard Authors # @@ -15,14 +15,14 @@ # limitations under the License. # +# zkOk.sh uses the ruok ZooKeeper four letter work to determine if the instance +# is health. The $? variable will be set to 0 if server responds that it is +# healthy, or 1 if the server fails to respond. -cp ../../dao/src/main/resources/schema.cql schema.cql -cp ../../dao/src/main/resources/demo-data.cql demo-data.cql -cp ../../dao/src/main/resources/system-data.cql system-data.cql - -docker build -t thingsboard/thingsboard-db-schema:1.2.3 -t thingsboard/thingsboard-db-schema:latest . - -docker login - -docker push thingsboard/thingsboard-db-schema:1.2.3 -docker push thingsboard/thingsboard-db-schema:latest \ No newline at end of file +ZK_CLIENT_PORT=${ZK_CLIENT_PORT:-2181} +OK=$(echo ruok | nc 127.0.0.1 $ZK_CLIENT_PORT) +if [ "$OK" == "imok" ]; then + exit 0 +else + exit 1 +fi diff --git a/docker/zookeeper/zookeeper.yaml b/docker/zookeeper/zookeeper.yaml new file mode 100644 index 0000000000..062d8cc4ee --- /dev/null +++ b/docker/zookeeper/zookeeper.yaml @@ -0,0 +1,190 @@ +# +# Copyright © 2016-2017 The Thingsboard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: v1 +kind: Service +metadata: + name: zk-headless + labels: + app: zk-headless +spec: + ports: + - port: 2888 + name: server + - port: 3888 + name: leader-election + clusterIP: None + selector: + app: zk +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: zk-config +data: + ensemble: "zk-0;zk-1" + replicas: "3" + jvm.heap: "500m" + tick: "2000" + init: "10" + sync: "5" + client.cnxns: "60" + snap.retain: "3" + purge.interval: "1" + client.port: "2181" + server.port: "2888" + election.port: "3888" +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: zk-budget +spec: + selector: + matchLabels: + app: zk + minAvailable: 2 +--- +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: zk +spec: + serviceName: zk-headless + replicas: 2 + template: + metadata: + labels: + app: zk + annotations: + pod.alpha.kubernetes.io/initialized: "true" + spec: + nodeSelector: + machinetype: other + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - zk-headless + topologyKey: "kubernetes.io/hostname" + containers: + - name: zk + imagePullPolicy: Always + image: thingsboard/zk:k8stest + ports: + - containerPort: 2181 + name: client + - containerPort: 2888 + name: server + - containerPort: 3888 + name: leader-election + env: + - name : ZK_ENSEMBLE + valueFrom: + configMapKeyRef: + name: zk-config + key: ensemble + - name : ZK_REPLICAS + valueFrom: + configMapKeyRef: + name: zk-config + key: replicas + - name : ZK_HEAP_SIZE + valueFrom: + configMapKeyRef: + name: zk-config + key: jvm.heap + - name : ZK_TICK_TIME + valueFrom: + configMapKeyRef: + name: zk-config + key: tick + - name : ZK_INIT_LIMIT + valueFrom: + configMapKeyRef: + name: zk-config + key: init + - name : ZK_SYNC_LIMIT + valueFrom: + configMapKeyRef: + name: zk-config + key: tick + - name : ZK_MAX_CLIENT_CNXNS + valueFrom: + configMapKeyRef: + name: zk-config + key: client.cnxns + - name: ZK_SNAP_RETAIN_COUNT + valueFrom: + configMapKeyRef: + name: zk-config + key: snap.retain + - name: ZK_PURGE_INTERVAL + valueFrom: + configMapKeyRef: + name: zk-config + key: purge.interval + - name: ZK_CLIENT_PORT + valueFrom: + configMapKeyRef: + name: zk-config + key: client.port + - name: ZK_SERVER_PORT + valueFrom: + configMapKeyRef: + name: zk-config + key: server.port + - name: ZK_ELECTION_PORT + valueFrom: + configMapKeyRef: + name: zk-config + key: election.port + command: + - sh + - -c + - zkGenConfig.sh && zkServer.sh start-foreground + readinessProbe: + exec: + command: + - "zkOk.sh" + initialDelaySeconds: 15 + timeoutSeconds: 5 + livenessProbe: + exec: + command: + - "zkOk.sh" + initialDelaySeconds: 15 + timeoutSeconds: 5 + volumeMounts: + - name: zkdatadir + mountPath: /var/lib/zookeeper + securityContext: + runAsUser: 1000 + fsGroup: 1000 + volumeClaimTemplates: + - metadata: + name: zkdatadir + annotations: + volume.beta.kubernetes.io/storage-class: slow + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 1Gi \ No newline at end of file diff --git a/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java b/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java index 80e4e011fa..aed9a0c4d4 100644 --- a/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java +++ b/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java @@ -41,7 +41,7 @@ import java.security.cert.X509Certificate; */ @Slf4j @Component("MqttSslHandlerProvider") -@ConditionalOnProperty(prefix = "mqtt.ssl", value = "key-store", havingValue = "", matchIfMissing = false) +@ConditionalOnProperty(prefix = "mqtt.ssl", value = "enabled", havingValue = "true", matchIfMissing = false) public class MqttSslHandlerProvider { public static final String TLS = "TLS";