For more information, including FAQs and resources, please visit the link below:
RDKM-SSO
Any questions or comments please feel free to contact RDK Support team at support@rdkcentral.com . Thank you. ***
This page presents an brief overview about webPA 2.0 (xmidt) components required for a reference webPA cluster setup and explains how to setup the cluster & establish an end-to-end connection with CPE devices.
WebPA is a secure web protocol messaging system for bi-directional communication between cloud server and RDK devices. It was built from the ground up specifically with security and performance as priorities. WebPA 2.0 commonly known as Xmidt (pronounced "transmit") is a combination of a server cluster and client that provide a highly available data path to devices deployed all over the world.
Operating system | Centos 7.6 |
---|---|
Architecture | x86_64 |
Memory | > 2048 MB |
Disk space | > 10 GB free space |
It is good to disable the firewall (iptables ) during initial setup for avoiding connection related confusions.
Commands described in this page are executed with super user (root) permission
Only Applicable for Older CentOS 6.x releases
Supervisor is a client/server system that allows its users to monitor and control a number of processes on UNIX-like operating systems.
Unlike other system initialization services, it is not meant to be run as a substitute for init. Instead it is meant to be used to control processes related to a project or a customer, and is meant to start like any other program at boot time.
a) Enable Extra Packages for Enterprise Linux (EPEL) $ wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm $ rpm -Uvh epel-release-6-8.noarch.rpm b) Install Python meld3 $ yum install python-meld3 c) Install supervisor $ yum install supervisor
Only Applicable for Older CentOS 6.x releases
ZooKeeper is a high-performance coordination service for distributed applications. It exposes common services - such as naming, configuration management, synchronization, and group services - in a simple interface so you don't have to write them from scratch. You can use it off-the-shelf to implement consensus, group management, leader election, and presence protocols. And you can build on it for your own, specific needs.
$ yum install zookeeper
# cat /etc/init.d/zookeeper #!bin/bash # # zookeeper Startup Script # # chkconfig: 345 90 14 # description: Zookeeper Application Startup Script # Source function library . /etc/rc.d/init.d/functions #------------------------------------------------------------------------------- start() { echo -n $"Starting Zookeeper: " /usr/lib/zookeeper/bin/zkServer.sh start RETVAL=$? echo [ $RETVAL -eq 0 ] && echo "[ OK ]" } stop() { echo -n $"Stopping Zookeeper: " /usr/lib/zookeeper/bin/zkServer.sh stop RETVAL=$? echo [ $RETVAL -eq 0 ] && echo "[ OK ]" } restart() { stop start } case "$1" in start) start ;; stop) stop ;; restart|force-reload|reload) restart ;; status) /usr/lib/zookeeper/bin/zkServer.sh status RETVAL=$? ;; *) echo $"Usage: $0 {start|stop|status|restart|reload|force-reload}" exit 1 esac exit $RETVAL
Launch system-config-services from a console and enable the zookeeper service from the services list.
Below is the list of components needed for a Xmidt (webPA 2.0) cluster setup. For a single node reference setup, few of the services are not mandatory hence not used.
Component | Type | Description | Used in current setup |
---|---|---|---|
Talaria | Server | Talaria maintains the secure websocket connections from the device and passes the messages from or to the device. | Yes |
Scytale | Server | Scytale accepts the inbound requests and delivers the messages to the Talaria machines that could be hosting the device connection. | Yes |
tr1d1um | Server | The Webpa micro-service that encode TR-181 requests. | Yes |
petasos | Server | Petasos helps reduce the load on the Talaria machines by calculating which specific Talaria a device should connect to & redirecting the incoming request. | No |
caduceus | Server | Caduceus provides the pub-sub message delivery (notification) mechanism for xmidt. | No |
parodus | Client | Parodus is the light weight client that reaches out to the xmidt cloud to establish the connection from CPE devices. | Yes |
a) Import the GPG Key (Required once, common for all the packages) $ rpm --import https://github.com/xmidt-org/talaria/releases/download/v0.1.3/RPM-GPG-KEY-xmidt b) Install the packages $ yum install https://github.com/xmidt-org/talaria/releases/download/v0.1.3/talaria-0.1.3-1.el7.x86_64.rpm $ yum install https://github.com/xmidt-org/scytale/releases/download/v0.1.4/scytale-0.1.4-1.el7.x86_64.rpm $ yum install https://github.com/xmidt-org/tr1d1um/releases/download/v0.1.2/tr1d1um-0.1.2-1.el7.x86_64.rpm Note: Change version number for downloading the required package.
If pre-built RPM packages are already installed as explained in previous section & we want to use the same, Skip to configuration section
Required for compiling server components written in go language. (Required version >=1.11
Preferred Method: $ sudo yum install golang [OR] For Manual Installation: $ wget https://dl.google.com/go/go1.11.linux-amd64.tar.gz $ tar xzf go1.11.linux-amd64.tar.gz $ sudo mv go /usr/local ** Add Below Lines to the profile file (.bash_profile etc.) export GOROOT=/usr/local/go export GOPATH=$HOME/go export PATH=$GOPATH/bin:$GOROOT/bin:$PATH Verify the version with below: $ go version go version go1.11 linux/amd64
Glide is a package manager for Go that is conceptually similar to package managers for other languages. Glide provides the following functionality:
glide.yaml
file. This includes a name, version or version range, version control information for private repo or when the type cannot be detected, and more.glide.lock
file. This enables recursively fetching the dependency tree.vendor/
directories, known as the Vendor Experiment, so that different projects can have differing versions of the same dependencies.$ wget -c https://github.com/Masterminds/glide/releases/download/v0.13.1/glide-v0.13.1-linux-amd64.tar.gz $ tar -xzf glide-v0.13.1-linux-amd64.tar.gz -C /opt $ echo "export PATH=$PATH:/opt/linux-amd64/" >> $HOME/.bash_profile
1. create a directory in $HOME say webpa_modules $ mkdir $HOME/webpa_modules && cd $HOME/webpa_modules 2. Checkout the components from GitHub repository. $ git clone https://github.com/Comcast/talaria.git $ git clone https://github.com/Comcast/scytale.git $ git clone https://github.com/Comcast/tr1d1um.git
1. cd $HOME/webpa_modules/<component-name> e.g. cd webpa_modules/talaria 3. Build the component from source $ make build 4. Create the package $ mkdir $HOME/rpmbuild $ ./build_rpm.sh --no-sign 5. Install the locally built webPA component package e.g. $ cd /root/rpmbuild/RPMS/x86_64/ $ rpm -Uvh petasos-0.1.1-87.el6.x86_64.rpm
If running build_rpm.sh complains about following:
error: Macro %_releaseno has empty body
error: Macro %_releaseno has empty body
Then, modify the following in script to change build number to appropriate value
If build_rpm.sh prompts for password, modify the rpmbuild command to disable the signing option
yes "" | rpmbuild -ba \
--define "_signature gpg" \
--define "_ver $release" \
--define "_releaseno ${BUILD_NUMBER}" \
--define "_fullver $new_release" \
${NAME}.spec
If the script terminates with "error: Bad owner/group: /root/webpa_modules/petasos/petasos.spec"
change the ownership to match current user name
$ chown root.root petasos.spec
WebPA server components as well as requesting application has to use a authorization token for bearer authentication. We can either use a basic authorization token or make use of a key server for obtaining a bearer token.
For example, a UI application needs to invoke some Preference setting or to obtain some diagnostics information on behalf of a MSO partner, deviceId, serviceAccountId or combination of the three. It will first obtain or use a predefined AUTH token, set it as a HTTP header and then invoke the GET/SET operation.
In a production environment, webPA server components & requesting applications use SAT as a bearer token for AUTHZ and AUTHN. SAT stands for Service Access Token. As the name implies, it is used by the calling applications to request access to CPE API's. From a implementation point of view, A SAT is a Json Web Token which if shortened to "jwt". It is a base64 encoded strings of pre-defined bytes with 3 distinct parts separated by a period.
However in the standalone setup, we have used basic base64 encoded authorization token because SAT requires access to operator specific key servers. This auth token will be used when configuring different webPA components as well while performing GET/SET requests to the CPE from a 3rd party application.
We can use either of the below 2 methods to generate a basic authorization string.
Note: For newer releases the basic auth token should be in username:password format. 1. Using openssl command to generate the base64 encoded token. [root@webpa-node1 ~]# openssl enc -base64 <<< "user123:webpa@1234567890" [OUTPUT] : dXNlcjEyMzp3ZWJwYUAxMjM0NTY3ODkwCg== 2. Using Linux coreutils tools to generate the base64 encoded token [root@webpa-node1 ~]# echo "user123:webpa@1234567890"|base64 [OUTPUT] : dXNlcjEyMzp3ZWJwYUAxMjM0NTY3ODkwCg==
Edit the configuration file & modify port values if you need to run talaria service in a different port (default value is 8080).
--- ######################################## # Labeling/Tracing via HTTP Headers Configuration ######################################## # The unique fully-qualified-domain-name of the server. It is provided to # the X-Talaria-Server header for showing what server fulfilled the request # sent. # (Optional) fqdn: <Fully Qualified Domain Name / IP> server: "xxx.xxx.xxx.xxx" env: test scheme: http # Provides this build number to the X-Tr1d1um-Build header for # showing machine version information. The build number SHOULD # match the scheme `version-build` but there is not a strict requirement. # (Optional) build: "0.1.3-1" # Provides the region information to the X-Tr1d1um-Region header # for showing what region this machine is located in. The region # is arbitrary and optional. # (Optional) region: "east" # Provides the flavor information to the X-Tr1d1um-Flavor header # for showing what flavor this machine is associated with. The flavor # is arbitrary and optional. # (Optional) flavor: "mint" primary: address: ":8080" health: address: ":8180" pprof: address: ":8280" control: address: ":8203" metric: address: ":8380" metricsOptions: namespace: "xmidt" subsystem: "talaria" ######################################## # Service Discovery Configuration ######################################## # service defines the parameters needed to interact with the consul cluster # for service discovery. Presently only consul is supported. This is # presently only used by Prometheus to discover machines to monitor, but # in the not-too-distant future talaria will use this interaction to load # balance across all caduceus machines instead of using DNS. # (Optional) service: # consul configures the consul library in caduceus to use the local # service discovery agent consul: # client defines how to connect to the local consul agent (on the same # VM/container) client: # address is the address of the local consul agent address: "127.0.0.1:8500" # scheme is how the consul library should interact with the local # consul agent scheme: "http" # waitTime is TBD waitTime: "30s" # disableGenerateID is TBD disableGenerateID: true # registrations defines what services caduceus should register with # consul # # id - the VM/container instance name registered with consul # name - the name of service being registered # tags - a list of tags to associate with this registration # address - the mechanism to reach the service (generally unique fqdn) # port - the port to reach the service at # checks - the list of checks to perform to determine if the service # is available/healthy # checkID - TBD # ttl - how long the check is valid for # deregisterCriticalServiceAfter - the duration to wait before the # service is removed due to check # failures registrations: - id: "example_talaria.xmidt.net" name: "talaria" tags: - "prod" - "mint" - "stage=prod" - "flavor=mint" address: <WEBPA_SERVER_IP> port: 6001 checks: - checkID: "example_talaria.xmidt.net:ttl" ttl: "30s" deregisterCriticalServiceAfter: "70s" log: file: "/var/log/talaria/talaria.log" level: "DEBUG" json: false device: manager: upgrader: handshakeTimeout: "10s" initialCapacity: 100000 maxDevices: 100 deviceMessageQueueSize: 100 pingPeriod: "45s" idlePeriod: "135s" requestTimeout: "15s" outbound: method: "POST" eventEndpoints: default: http://127.0.0.1:6300/api/v3/notify requestTimeout: "125s" defaultScheme: "http" allowedSchemes: - "http" - "https" outboundQueueSize: 1000 workerPoolSize: 100 transport: maxIdleConns: 0 maxIdleConnsPerHost: 100 idleConnTimeout: "120s" clientTimeout: "160s" authKey: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> inbound: authKey: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> eventMap: default: http://127.0.0.1:6300/api/v3/notify service: defaultScheme: http fixed: - http://127.0.0.1:8080
Edit the configuration file under /etc/scytale and modify following values
"fqdn" : Fully qualified domain name of the server
"server" : Listening IP address (using "localhost" will allow connections only from the current machine.)
"endpoints" : Under "fanout" section, change the IP / Port value to match to the one where Talaria service is listening.
"authHeader" : Auth token Use the auth token which was generated in previous section
"file" : Under "log" section, change the value from "stdout" to a file name if we need to redirect debug messages to a separate log file.
Add the "aws" section with following values for suppressing few error messages
"aws": {
"accessKey": "fake",
"secretKey": "fake",
"env": "fake",
"sns": {
"region": "us-east-1",
"topicArn": "arn:aws:sns:us-east-1:999999999999:fake",
"urlPath" : "/api/v2/aws/sns"
}
},
This will set AWS & SNS parameters with fake ones since we don't use actual keys and SNS (amazon simple notification service) in the current setup.
--- ######################################## # Labeling/Tracing via HTTP Headers Configuration ######################################## # The unique fully-qualified-domain-name of the server. It is provided to # the X-Scytale-Server header for showing what server fulfilled the request # sent. # (Optional) server: "xxx.xxx.xxx.xxx" # Provides this build number to the X-Tr1d1um-Build header for # showing machine version information. The build number SHOULD # match the scheme `version-build` but there is not a strict requirement. # (Optional) build: "0.1.4-1" # Provides the region information to the X-Tr1d1um-Region header # for showing what region this machine is located in. The region # is arbitrary and optional. # (Optional) region: "east" # Provides the flavor information to the X-Tr1d1um-Flavor header # for showing what flavor this machine is associated with. The flavor # is arbitrary and optional. # (Optional) flavor: "mint" ############################################################################## # WebPA Service configuration ############################################################################## # For a complete view of the service config structure, # checkout https://godoc.org/github.com/Comcast/webpa-common/server#WebPA ######################################## # Primary Endpoint Configuration ######################################## # primary provides the configuration for the main server for this application primary: address: ":7000" ######################################## # Health Endpoint Configuration ######################################## # health defines the details needed for the health check endpoint. The # health check endpoint is generally used by services (like AWS Route53 # or consul) to determine if this particular machine is healthy or not. health: address: ":7001" ######################################## # Debugging/Pprof Configuration ######################################## # pprof defines the details needed for the pprof debug endpoint. # (Optional) pprof: address: ":7002" ######################################## # Metrics Configuration ######################################## # metric defines the details needed for the prometheus metrics endpoint # (Optional) metric: address: ":7082" metricsOptions: # namespace is the namespace of the metrics provided # (Optional) namespace: "webpa" # subsystem is the subsystem of the metrics provided # (Optional) subsystem: "scytale" fanout: fanoutTimeout: "125s" clientTimeout: "45s" endpoints: - "http://localhost:8080/api/v2/device" authorization: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> ######################################## # Logging Related Configuration ######################################## # log configures the logging subsystem details log: # file is the name of the most recent log file. If set to "stdout" this # will log to os.Stdout. # (Optional) defaults to os.TempDir() file: "/var/log/scytale/scytale.log" # level is the logging level to use - INFO, DEBUG, WARN, ERROR # (Optional) defaults to ERROR level: "DEBUG" # maxsize is the maximum log file size in MB # (Optional) defaults to max 100MB maxsize: 50 # maxage is the maximum number of days to retain old log files # (Optional) defaults to ignore age limit (0) maxage: 30 # maxbackups is the maximum number of old log files to retain # (Optional) defaults to retain all (0) maxbackups: 10 # json is a flag indicating whether JSON logging output should be used. # (Optional) defaults to false json: true aws: accessKey: "fake-accessKey" secretKey: "fake-secretKey" env: "fake-env" sns: awsEndpoint: http://goaws:4100 region: "ap-east-1" topicArn: "arn:aws:sns:ap-east-1:999999999991:fake-env" urlPath: "/api/v2/aws/sns" waitForDns: 0 authHeader: ["xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"] start: duration: 1 apiPath: http://127.0.0.1:6300/hooks authHeader: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Edit the configuration file from /etc/tr1d1um to set following parameters
"fqdn" : Fully qualified domain name of server
"server" : IP Address to which the service has to listen
"version" : Current version of the service
"region" : Region of deployment
"flavor" : Development, Production etc.
"address" : Under "primary" section, change the value to point to the port where tr1d1um service will listen for incoming requests.
"targetURL" : Change to IP-Address:Port value where SCYTALE service is running.
"authHeader" : Auth token Use the auth token which was generated in previous section.
"aws" : Add fake values as described previously.
--- ######################################## # Labeling/Tracing via HTTP Headers Configuration ######################################## # The unique fully-qualified-domain-name of the server. It is provided to # the X-Tr1d1um-Server header for showing what server fulfilled the request # sent. # (Optional) server: "xxx.xxx.xxx.xxx" # Provides this build number to the X-Tr1d1um-Build header for # showing machine version information. The build number SHOULD # match the scheme `version-build` but there is not a strict requirement. # (Optional) build: "0.1.2-1" # Provides the region information to the X-Tr1d1um-Region header # for showing what region this machine is located in. The region # is arbitrary and optional. # (Optional) region: "east" # Provides the flavor information to the X-Tr1d1um-Flavor header # for showing what flavor this machine is associated with. The flavor # is arbitrary and optional. # (Optional) flavor: "mint" ############################################################################## # WebPA Service configuration ############################################################################## # For a complete view of the service config structure, # checkout https://godoc.org/github.com/Comcast/webpa-common/server#WebPA ######################################## # Primary Endpoint Configuration ######################################## # primary provides the configuration for the main server for this application primary: address: ":9003" ######################################## # Health Endpoint Configuration ######################################## # health defines the details needed for the health check endpoint. The # health check endpoint is generally used by services (like AWS Route53 # or consul) to determine if this particular machine is healthy or not. health: address: ":9004" ######################################## # Debugging/Pprof Configuration ######################################## # pprof defines the details needed for the pprof debug endpoint. # (Optional) pprof: address: ":9005" ######################################## # Metrics Configuration ######################################## # metric defines the details needed for the prometheus metrics endpoint # (Optional) metric: address: ":9082" metricsOptions: # namespace is the namespace of the metrics provided # (Optional) namespace: "webpa" # subsystem is the subsystem of the metrics provided # (Optional) subsystem: "tr1d1um" ######################################## # Logging Related Configuration ######################################## # log configures the logging subsystem details log: # file is the name of the most recent log file. If set to "stdout" this # will log to os.Stdout. # (Optional) defaults to os.TempDir() file: "/var/log/tr1d1um/tr1d1um.log" # level is the logging level to use - INFO, DEBUG, WARN, ERROR # (Optional) defaults to ERROR level: "DEBUG" # maxsize is the maximum log file size in MB # (Optional) defaults to max 100MB maxsize: 50 # maxage is the maximum number of days to retain old log files # (Optional) defaults to ignore age limit (0) maxage: 30 # maxbackups is the maximum number of old log files to retain # (Optional) defaults to retain all (0) maxbackups: 10 # json is a flag indicating whether JSON logging output should be used. # (Optional) defaults to false json: true ############################################################################## # Webhooks Related configuration ############################################################################## # webhooksEnabled indicates whether or not the webhooks server should be started # It is disabled for local testing webhooksEnabled: false # The unique fully-qualified-domain-name of the server. The webhooks library uses it # to know which host to use to confirm this service is ready to receive events # (Optional if not running webhooks) fqdn: "tr1d1um-local-instance-123.example.com" # start contains configuration for the logic by which Tr1d1um can # fetch the current WebPA webhooks without having to wait for SNS # It does so by pinging the rest of the cluter at the specified apiPath # More detaisl at https://godoc.org/github.com/Comcast/webpa-common/webhook#StartConfig start: # duration is the max amount of time allowed to wait for webhooks data to be retrieved duration: "20s" # path used to query the existing webhooks apiPath: http://localhost:6100/hooks ######################################## # Webhooks DNS readiness Configuration ######################################## # WaitForDns is the duration the webhooks library will wait for this server's DNS record to be # propagated. This waiting logic is important so AWS SNS webhook confirmations are not missed waitForDns: "30s" #soa stands for Start of Authority and it's a type of record in a DNS soa: # provider is the SOA provider used to verify DNS record readiness of this service provider: "example-123.awsdns-00.com:17" ######################################## # Webhooks AWS SNS Configuration ######################################## # aws provides the AWS SNS configurations the webhooks library needs aws: #AWS access key accessKey: "fake-accessKey" #AWS secret key secretKey: "fake-secretKey" env: local-dev sns: # awsEndpoint is the AWS endpoint # this must be left out in produ awsEndpoint: http://goaws:4100 #region is the AWS SNS region region: "us-east-1" # topicArn describes the SNS topic this server needs to subscribe to topicArn: arn:aws:sns:us-east-1:000000000000:xmidt-local-caduceus #urlPath is the URL path SNS will use to confirm a subscription with this server urlPath: "/api/v2/aws/sns" ############################################################################## # Testing Authorization Credentials ############################################################################## # authHeader is a list of Basic Auth credentials intended to be used for local testing purposes # WARNING! Be sure to remove this from your production config authHeader: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" ############################################################################## # WRP and XMiDT Cloud configurations ############################################################################## # targetURL is the base URL of the XMiDT cluster targetURL: http://localhost:7000 # WRPSource is used as 'source' field for all outgoing WRP Messages WRPSource: "dns:tr1d1um.xmidt.comcast.net" # supportedServices is a list of endpoints we support for the WRP producing endpoints # we will soon drop this configuration supportedServices: - "config" ############################################################################## # HTTP Transaction Configurations ############################################################################## # clientTimeout is the timeout for the HTTP clients used to contact the XMiDT cloud clientTimeout: "135s" # respWaitTimeout is the max time Tr1d1um will wait for responses from the XMiDT cloud respWaitTimeout: "129s" # netDialerTimeout is the timeout used for the net dialer used within HTTP clients netDialerTimeout: "5s" # requestRetryInterval is the time between HTTP request retries against XMiDT requestRetryInterval: "2s" # requestMaxRetries is the max number of times an HTTP request is retried against XMiDT in # case of ephemeral errors requestMaxRetries: 2
CentOS 7 uses a systemd based boot-up mechanism. Hence below commands will enable the required services.
$ sudo systemctl enable talaria $ sudo systemctl enable scytale $ sudo systemctl enable tr1d1um
Parodus is the client-end service running on the RDK-V CPE devices which establishes a connection with webPA service on device boot-up and delivers request-response between the webPA server & CPE device services. Parodus provides following functionalities in a CPE device.
Websocket client: Nopoll library used as Websocket Client. It allows building pure WebSocket solutions or to provide WebSocket support to existing TCP oriented applications. Nopoll handles all the messages coming from or to the server asynchronously.
Nanomsg Server: Parodus acts as Nanomsg server to distribute messages upstream and downstream.
Edit parodus startup script for enabling the CPE device to use local webPA server
--webpa-url : Set with IP Address and Port of talaria service
--force-ipv4 : Force use of IPv4 for communication.
vi /lib/rdk/startParodus.sh /bin/systemctl set-environment PARODUS_CMD=" --hw-mac=$HwMac --webpa-ping-time=$PingWaitTime --webpa-interface-used=$NwInterface --webpa-url=http://<WEBPA_SERVER_IP> --partner-id=comcast --webpa-backoff-max=9 --force-ipv4 --ssl-cert-path=$SSL_CERT_FILE"
Restart the service after changes are done.
# systemctl restart parodus
Remove the jwt related parameters from PARODUS_CMD e.g. (-acquire-jwt, --dns-txt-url, --jwt-public-key-file, --jwt-algo etc.)
Edit parodus startup script for enabling the CPE device to use local webPA server
ServerURL : Set to IP Address and Port of talaria service.
--force-ipv4 : Force use of IPv4 for communication.
vi /lib/rdk/parodus_start.sh ServerURL=http://<webpa-ip>:8080 command="/usr/bin/parodus --hw-model=$ModelName --hw-serial-number=$SerialNumber --hw-manufacturer=$Manufacturer --hw-last-reboot-reason=$LastRebootReason --fw-name=$FirmwareName --boot-time=$BootTime --hw-mac=$HW_MAC --webpa-ping-time=180 --webpa-interface-used=erouter0 --webpa-url=$ServerURL --webpa-backoff-max=$BackOffMax --parodus-local-url=$PARODUS_URL --partner-id= --ssl-cert-path=$SSL_CERT_PATH --force-ipv4 "
start the service after changes are done.
# rm –rf /tmp/parodusCmd.cmd # systemctl restart parodus
Parodus service log file is located as /opt/logs/parodus.log, provides debug information such as connection details, service initialization, which protocols are enabled/disabled etc.
When we see an error similar to the below, it is related to zookeeper service failed to load or not running currently. restarting zookeeper & subsequent restart of other services solves the issue.
$ cat talariaLog.log ts=2018-01-16T13:14:55.143587713Z caller=talaria.go:133 level=error msg="Unable to obtain service discovery instancer" error="zk: could not connect to a server"
[External Application --> CPE Device] (e.g. Query from a dashboard application to request for how long has a specific router been up):
[CPE Device --> external service] (e.g. WebPA client notifications to external services, for instance, at boot time):
Postman is a powerful HTTP client for testing web services.Get Postman from here
AUTH_TOKEN : Basic base64 encoded auth token or SAT (if enabled).
WEBPA-URL : URL of Tr1d1um service in IP:PORT format.
DEVICE_MAC : MAC address of the CPE device.
PARAMETER : GET/SET Parameter that need to be requested.
$ curl -H ''Authorization:Basic <AUTH_TOKEN>' -i http://<WEBPA-URL>/api/v2/device/mac:<DEVICE_MAC>/config?names=<PARAMETER> e.g. $ curl -H 'Authorization:Basic d2VicGFAMTIzNDU2Nzg5MA==' -i http://<WEBPA_SERVER_IP:PORT>/api/v2/device/mac:84e058575831/config?names=Device.DeviceInfo.ModelName
$ curl -X PATCH http://<IP>:9003/api/v2/device/mac:<MAC>/config -d '{"parameters": [ {"dataType": 0, "name": "<TR181_PARAM>", "value": "<Value-to-Set>"}]}' -H 'Authorization:Basic <TOKEN>' e.g. $ curl -X PATCH http://35.155.171.121:9003/api/v2/device/mac:b827eb5681cd/config -d '{"parameters": [ {"dataType": 0, "name": "Device.WiFi.SSID.10001.SSID", "value": "Testing"}]}' -H 'Authorization:Basic d2VicGFAMTIzNDU2Nzg5MAo='
$ curl -H "<AUTH_TOKEN>" http://<IP>:8080/api/v2/devices e.g. curl -H "Authorization: Basic d2VicGFAMTIzNDU2Nzg5MA==" http://<webpa_serverURL>:8080/api/v2/devices
57 Comments
Simer Brar
Unknown User (gprasad)
Would you be able to provide an example on how to set a parameter on the RDK device. For example, if we need to change the SSID.
Thanks,
Simer
Unknown User (karan.negi)
1.a Setting the SSID Password :
curl -X PATCH http://35.155.171.121:9003/api/v2/device/mac:b827eb5681cd/config -d '{"parameters": [ {"dataType": 0, "name": "Device.WiFi.SSID.10001.SSID", "value": "Testing"}]}' -H 'Authorization:Basic d2VicGFAMTIzNDU2Nzg5MAo='
1.b Getting the SSID for the board.
curl -X GET 'http://35.155.171.121:9003/api/v2/device/mac:b827eb5681cd/config?names=Device.WiFi.SSID.10001.SSID' -H 'Authorization:Basic d2VicGFAMTIzNDU2Nzg5MAo='
Haseenamol
@Ganesh Sahu
Could you please provide an example to set/get attributes for tr069 webpa client.
Thanks and Regards,
Haseena
Unknown User (mahesh.singh)
Hi Unknown User (gprasad)
what is the connection between webpa and xconf server, Any documentation is there to check.
Ganesh Sahu
As such they don't have any connection between them.
While xconf is for pushing device specific configurations to CPE, webPA is for remote device management.
You can refer the xconf server section in wiki for mote details on xconf
Unknown User (mahesh.singh)
Thanks for the update.
How do I add a new device config parameter using curl command ?
I am able to use GET and PATCH.
I have checked the source code there are other commands like PUT.
Is there any example available ?
Unknown User (mahesh.singh)
I have raspberry pi 3 B+ I am able to install RDK-B image on it.
I am not able to find parodus logs in it.
Can anyone please let me know where I can find the logs.
I am trying to setup a connection between rasp pi and my Web server.
Ganesh Sahu
You can use journalctl -xu parodus or can look for parodus.log in the log folder i.e. /rdklogs/logs/. If you have face issues please log a ticket in jira.rdkcentral.com
Unknown User (mahesh.singh)
Hi Unknown User (gprasad)
Is there any feature in xconf server to update webpa cluster url in device ?
Ganesh Sahu
As of now we don't have a provision to update the webPA url from xconf.
Unknown User (mahesh.singh)
Hi Unknown User (gprasad)
Can you share the steps to setup themis as key server for authorization to scytale.
Ganesh Sahu
HiUnknown User (mahesh.singh) , themis was not part of the community XMidt server, we will discuss with developer and update the wiki.
Unknown User (mahesh.singh)
Is there a way to configure url having "https://" instead of "http://" in fanout configuration in scytale.
Ganesh Sahu
We need to follow required procedure to generate the certificate/keys. and after that add to the component configuration
Unknown User (rajeshjose)
We are looking at webpa to support management of RDK based devices...Very very new to webpa and trying to understand how this fits in. Few questions:
Ganesh Sahu
Hi Rajesh,
Please find the response inline.
Unknown User (rajeshjose)
Thank you Unknown User (gprasad)
For the 3rd question on on boarding devices, how does the application get to know which CPE devices are connected to cluster and what are their ids? I see following possible options.
Is this how its is done in WebPA world or is there any other way?
GuruVinayak P
Unknown User (gprasad) Regarding your point on notification to be received for TR181 parameter change, I see when I change the parameter via WebUI or via the WebPA PATCH curl command (example above), I see the first notification is received but then on any change in value is not notified. Internally in Parodus2CCSP, I see a check to compare old and new CMC values which seems to not change from the second initiation onwards.
Thanks for your help in advance.
GuruVinayak P
Unknown User (gprasad) Any update on the above queries?
Ganesh Sahu
Unknown User (gp) Can you please share the command you have used?
GuruVinayak P
Unknown User (gprasad) Thanks for the reply. I tried to change the lease time manually using both dmcli and through the web UI (Device.DHCPv4.Server.Pool.1.LeaseTime). The observation was that it is getting filtered in the parodus2ccsp component where it checks for old and new CMC id and after my first update, the CMC value does not change and a sync notification event is not getting generated anymore.
Ganesh Sahu
Parameter value change notification will be triggered whenever there is a change triggered from any protocol agent (PAs -UI, dmcli, webpa, snmp etc)
CMC indicates the change source -indicating which PA changed the value. CID is the configuration ID which tracks the change.
This 2 values are used by cloud to detect if there is any value change.
First time when a value is changed, it will change CMC and CID values and trigger notification. And next time if the change is from the same PA, WebPA will not send notification again, as cloud is already informed that value is changed
Based on this notifications, cloud will try to sync with CPE by sending TEST_AND_SET requests to WebPA and set CMC to 512 finally.
GuruVinayak P
Unknown User (gprasad) Thanks for the quick response again. A couple of questions
Ganesh Sahu
The format for sync notification just contains cmc and cid values
WEBPA: Notification payload: {"device_id":"mac:<devicemac>","cmc":648,"cid":"61f4db9"}
old and new values are not send in notification, this notify is just to inform that something has changed in device, and webpa indicating to sync with this device.
Once XPC gets sync notification from WebPA, cloud will send set of GET requests which queries all parameters in which cloud is interested in & get the new values for those params from device and will update cloud DB
also will send a TEST_AND_SET and set the cmc to 512 once it is updated in cloud DB
1. No, it does not contain old and new values. Notification contains CMC and CID value to indicate something in device has changed.
2. No plans as of today
3. Same as Point #1. sync works based on the GET requests for cloud parameters. Cloud will do set of GET requests and get it synced with device by updating new values in cloud DB and also set CMC to 512 as part of test_and_set request.
Unknown User (suhesh.sudhakaran)
Hi Unknown User (gprasad),
I was trying to use the below webpa api which was there in swagger : https://swagger.webpa.comcast.net/#!/webpa/addRow
POST /device/{device_id}/config/{table}
My post request url is : http://35.158.129.120:6100/api/v2/device/mac:112233445566/config/10003?names=Device.WiFi.SSID.10001.SSID
Body :
[{"name":"Device.WiFi.SSID.10001.SSID","row": "rowAb2","value":"Test_RS_PI_123_WIFI2"}]
I get the below response:
{
"message": "row property is invalid"
}
Could you please help on this as to what needs to be changed.
Unknown User (ijacinto)
Does anyone know the port number of tr1d1um and SCYTALE???
Ganesh Sahu
The port number are configurable but for a single node scenario we run scytale in 7000 and tr1d1um in 9003
Huang Jared
Hello,
My client seems able to regist to server. But, when I try to retrive Device.DeviceInfo.Manufacturer, I always got is 400 bad request.
log from tr1d1um.log shows connection refused when sending request to webhooks.
Misconfiguration in tr1d1um?
--
{"bindAddress":":9003","level":"debug","listenAddress":"[::]:9003","listenNetwork":"tcp","msg":"accepted connection","remoteAddress":"10.10.103.1:52940","serverName":"tr1d1um","ts":"2021-04-27T09:24:14.971965795Z"}
{"caller":"constructor.go:138","key":"Basic","level":"debug","method":"GET","msg":"authentication added to context","requestHeaders":{"Accept":["*/*"],"Authorization":["Basic dXNlcjEyMzp3ZWJwYUAxMjM0NTY3ODkwCg=="],"User-Agent":["curl/7.29.0"]},"requestURL":"/api/v2/device/mac:ccd42e154be4/config","span-id":"c3d6629fdcca8af4","token":{},"trace-id":"82fd498865cbd0fbf81c88b871da1c11","ts":"2021-04-27T09:24:14.972286202Z"}
{"caller":"enforcer.go:91","level":"debug","method":"GET","msg":"authentication accepted by enforcer","requestHeaders":{"Accept":["*/*"],"Authorization":["Basic dXNlcjEyMzp3ZWJwYUAxMjM0NTY3ODkwCg=="],"User-Agent":["curl/7.29.0"]},"requestURL":"/api/v2/device/mac:ccd42e154be4/config","span-id":"c3d6629fdcca8af4","trace-id":"82fd498865cbd0fbf81c88b871da1c11","ts":"2021-04-27T09:24:14.972363022Z"}
{"caller":"utils.go:81","duration":"1.808891ms","level":"info","msg":"record","request":{"address":"10.10.103.1:52940","path":"/api/v2/device/mac:ccd42e154be4/config","query":"names=Device.DeviceInfo.ModelName","method":"GET"},"response":{"code":400,"headers":{"X-Midt-Span-Id":["c3d6629fdcca8af4"],"X-Midt-Trace-Id":["82fd498865cbd0fbf81c88b871da1c11"],"X-Scytale-Build":["0.1.4"],"X-Scytale-Flavor":["mint"],"X-Scytale-Region":["east"],"X-Scytale-Server":["10.10.103.1"],"X-Scytale-Start-Time":["27 Apr 21 09:23 UTC"],"X-Tr1d1um-Build":["0.1.3-434"],"X-Tr1d1um-Flavor":["mint"],"X-Tr1d1um-Region":["east"],"X-Tr1d1um-Server":["10.10.103.1"],"X-Tr1d1um-Start-Time":["27 Apr 21 09:23 UTC"],"X-Webpa-Transaction-Id":["zQF6htK7dm-V7o9C1lsQrA"]}},"satClientID":"user123","span-id":"c3d6629fdcca8af4","tid":"zQF6htK7dm-V7o9C1lsQrA","trace-id":"82fd498865cbd0fbf81c88b871da1c11","ts":"2021-04-27T09:24:14.974310118Z"}
{"error":"http client failed while sending request: Get \"http://127.0.0.1:6600/api/v1/store/webhooks\": dial tcp 127.0.0.1:6600: connect: connection refused","level":"error","msg":"Failed to get items for listeners","ts":"2021-04-27T09:24:18.042488333Z"}
--
curl -H 'Authorization:Basic dXNlcjEyMzp3ZWJwYUAxMjM0NTY3ODkwCg==' -i 'http://10.10.103.1:9003/api/v2/device/mac:ccd42e154be4/config?names=Device.DeviceInfo.Manufacturer'
HTTP/1.1 400 Bad Request
X-Midt-Span-Id: 3aa9c76583fcf436
X-Midt-Trace-Id: e7a6d8bbad3cf5d2792d1682f6ae5502
X-Scytale-Build: 0.1.4
X-Scytale-Flavor: mint
X-Scytale-Region: east
X-Scytale-Server: localhost
X-Scytale-Start-Time: 27 Apr 21 08:45 UTC
X-Tr1d1um-Build: 0.1.3-434
X-Tr1d1um-Flavor: mint
X-Tr1d1um-Region: east
X-Tr1d1um-Server: localhost
X-Tr1d1um-Start-Time: 27 Apr 21 08:45 UTC
X-Webpa-Transaction-Id: CrCRX8Wa1nFizYhe5jFqmA
Date: Tue, 27 Apr 2021 09:09:38 GMT
Content-Length: 0
curl -H 'Authorization:Basic dXNlcjEyMzp3ZWJwYUAxMjM0NTY3ODkwCg==' -i 'http://10.10.103.1:8080/api/v2/devices'
HTTP/1.1 200 OK
Content-Type: application/jsonebe4", "pending": 0, "statistics": {"bytesSent": 0, "messagesSent": 0, "bytesReceived": 558, "messagesReceived": 1, "duplications": 0, "connectedAt": "2021-04-27T08:49:34.361204263Z", "upTime": "16m5.356395748s"}}]}
Ganesh Sahu
It looks like a configuration issue as the communication between Scytale and Talaria not happening. Talaria is up because we are able to retrieve the devices list.
You may need to see logs of those components also to trace this issue.
Huang Jared
Hi Unknown User (gprasad)
Thanks for you comments. Now, I downgrades these three services - talaria, tr1d1um and scytale to 0.1.3, 0.1.2 and 0.1.4 respectively. I am able to get device list and the RESTful commands are also working.
Huang Jared
Hello,
I'm trying to run parodus with mtls feature. the certifacates were ready. Also configured certificateFile and keyFile in talaria.yaml.
But, I got one error message from talaria.log
{"caller":"webpa.go:244","error":"open : no such file or directory","level":"error","msg":"Error in reading ClientCACertFile ","ts":"2021-06-08T07:25:43.53186511Z"}
Seems the log is output from webpa-common.
anyone know how to config the path of ClientCACertFile?
Unknown User (karthika.a)
Hi Unknown User (jared_huang) ,
We have not yet verified mTLS with community webpa server yet.
The certificatefile and keyfile are added in talaria.yaml as below:
certificateFile: "/etc/talaria/public.pem"
keyFile: "/etc/talaria/private.pem"
In client side the certificate files are usually present in the path /usr/ccsp/parodus/ .
Regards
Karthika
Unknown User (mohanaacharib)
Hi Unknown User (gprasad)
Is there any package which supports front end webui for this webpa server?
Regards,
Mohana
Unknown User (karthika.a)
Hi @Mohana ,
The Webpa setup provided here is a minimal webpa cluster with talaria,scytale,tr1d1um.
If you are looking for an interface that provide service monitoring, service discovery information ,query metrics info from configured targets at given intervals and display results ,then you might want to consider including prometheus in your webpa cluster which can provide a UI interface for tracking the webpa services to an extent. More information on prometheus and the build steps are specified at https://github.com/xmidt-org/prometheus-rpms-centos6.
After integration with your cluster ,you can reach Prometheus at http://<ip>:9090/ in your browser.
Regards
Karthika
Z-JC Chan
Some of the information in this document is very out of date. For example, Xmidt migrated from Zookeeper to Consul, and the build system migrated to Go modules instead of using Glide for dependency management. There are also resources to support Docker Compose in the public repository.
For the latest, see https://xmidt.io/docs/operating/getting_started/.
Ganesh Sahu
Hi Unknown User (jc) , We are upgrading the RDK community webPA server to recent releases & with that the wiki page will also be modified. We will reach out to you for further information.
Regards
Ganesh
Unknown User (mudekrishna.naick)
Hi Team,
Please suggest me where can I find webPA component REST API document..?
Thanks & Regards,
Krishna.
Tarun Goswami
Hello Team,
I am getting following error:
ts=2021-09-09T04:44:33.887602706Z level=error msg="All HTTP transaction retries failed" url=http://192.168.1.17:6300/api/v3/notify error="dial tcp 192.168.1.17:6300: connect: connection refused" retries=1
ts=2021-09-09T04:44:33.887673518Z caller=workerPool.go:81 level=error msg="HTTP transaction error" error="Post http://192.168.1.17:6300/api/v3/notify: dial tcp 192.168.1.17:6300: connect: connection refused"
My all three services (talaria, scytale, tr1d1um) are running on same ip 192.168.1.17
Unknown User (karthika.a)
Hi Unknown User (tarungoswami) ,
From the logs shared in the above comment , I assume that it is coming from talaria service.
The above error messages are coming from the following lines from the talaria.yaml(The actual caduceus port is 6000):
# eventEndpoints is a map defining where to send the events to,
eventEndpoints:
default: http://localhost::6000/api/v3/notify
eventMap:
default: http://localhost:6000/api/v3/notify
The api/v3/notify is the caduceus endpoint to receive events and as shared by you the caduceus service is not part of your webpa cluster .So to eliminate the error ,I will suggest to bring in caduceus service.
The github repo for caduceus is available at :https://github.com/xmidt-org/caduceus
Despite the above error, if talaria, scytale and tr1d1um are properly configured the Webpa get and set should be a success and the basic functionality shouldn't be affected.
Please let me know if you need more assistance.
Regards
Karthika
Tarun Goswami
Thanks Unknown User (karthika.a)
You are right, its from talaria and basic functionality is working, but just wanted to make sure, I have no errors. I did set up caduceus , but agina on caduceus I get following errors and the errors on talaria continue
Do we need Amazon Notification service for the same?
{"error":"http client failed while sending request: Get \"http://localhost:6600/api/v1/store/webhooks\": dial tcp [::1]:6600: connect: connection refused","level":"error","msg":"Failed to get items for listeners","ts":"2021-09-09T07:09:58.617693231Z"}
{"error":"http client failed while sending request: Get \"http://localhost:6600/api/v1/store/webhooks\": dial tcp [::1]:6600: connect: connection refused","level":"error","msg":"Failed to get items for listeners","ts":"2021-09-09T07:10:03.618943643Z"}
{"error":"http client failed while sending request: Get \"http://localhost:6600/api/v1/store/webhooks\": dial tcp [::1]:6600: connect: connection refused","level":"error","msg":"Failed to get items for listeners","ts":"2021-09-09T07:10:08.61721455Z"}
{"error":"http client failed while sending request: Get \"http://localhost:6600/api/v1/store/webhooks\": dial tcp [::1]:6600: connect: connection refused","level":"error","msg":"Failed to get items for listeners","ts":"2021-09-09T07:10:13.618191113Z"}
{"error":"http client failed while sending request: Get \"http://localhost:6600/api/v1/store/webhooks\": dial tcp [::1]:6600: connect: connection refused","level":"error","msg":"Failed to get items for listeners","ts":"2021-09-09T07:10:18.617169392Z"}
{"error":"http client failed while sending request: Get \"http://localhost:6600/api/v1/store/webhooks\": dial tcp [::1]:6600: connect: connection refused","level":"error","msg":"Failed to get items for listeners","ts":"2021-09-09T07:10:23.617439193Z"}
Unknown User (karthika.a)
Hi Unknown User (tarungoswami) ,
The caduceus service inturn depends on argus which is the XMiDT server for storing webhooks to be used by caduceus. This service is used to replace SNS.
The argus endpoint is : http://argus:6600/
Argus github repo: https://github.com/xmidt-org/argus
The argus service depends on amazon dynamodb.
From the new logs ,you are getting errors from the argus endpoint.You can configure argus to eliminate the errors.
Regards
Karthika
Z-JC Chan
DynamoDB is one of 3 available options as a backing DB for Argus. It is not a hard dependency. Test configurations should be using the in-memory option instead.
Unknown User (vivek.j)
Hi team how to test the WebPA client and server?
And how to add parameter in xml file? And how to test? Give some examples.
Ganesh Sahu
you can test from the parodus or by using the command line options such as curl. We can change the yml file associated with component to modify the params.
Please refer this page for few of the command line examples with curl.
Radhakrishna Anne
can some on please explain about below parameters, these parameters are used in "TEST_AND_SET" operaiton.
But i do not know how to use them exactly adn what these fileds signify
string
XPC Cid value before change to test
string
XPC New Cid value after change
string
XPC Cmc value before change to test
Regards
Krishna
Ganesh Sahu
Hi Unknown User (anne.radhakrishna) Please refer the link Re: WebPA (Xmidt) Reference Setup which explains the usage.
Unknown User (vgosine_ctrlit)
Question about the RDK-B parodus parameter webpa-ping-time. Is this a different parameter to the webpa-ping-timeout parameter, if so what is the difference between the two.
Ganesh Sahu
Both of them are same (The maximum time to wait between pings before assuming the connection is broken) usually the timeout is set to 180 secs
Please refer: https://github.com/xmidt-org/parodus/blob/master/README.md
jianchun zhu
Unknown User (gprasad)
Do you have any documents to introduce the REST API of WebPA, especially for tr1d1um?
Is there any REST API to support to reboot or upgrade the software of CPE?
Thank you!
Ganesh Sahu
Hi Unknown User (jianchun.zhu) you can get the end-point details from https://github.com/xmidt-org/tr1d1um#details. Also the below data model can be used with /config end-point for reset
https://github.com/rdkcentral/tr69-datamodel/blob/main/generic/data-model.xml#L138
Unknown User (vgosine_ctrlit)
I am attempting to set a keep alive ping time of 29 minutes. I have set
Ganesh Sahu
Hi Unknown User (vgosine_ctrlit) Please check whether the device connection request is processed by talaria and create a JIRA with error logs if the issue is not resolved.
venty xiong
Hi Unknown User (gprasad) ,
I'm try to install the WebPA by following your step. Thank you for the detail description.
Where is the shell script 'build_rpm.sh' from? I can't find this file.
Sachin Narang
Hello Unknown User (vxiong)
you can use xmidt-org/xmidt for reference.
venty xiong
Thank you, Unknown User (sachin.narang)
venty xiong
Hi Unknown User (gprasad) ,
At last when we run "$ sudo systemctl enable talaria", we find the service 'talaria‘ fails to start up as below:
Created symlink from /etc/systemd/system/multi-user.target.wants/talaria.service to /usr/lib/systemd/system/talaria.service.
[root@localhost talaria]#
[root@localhost talaria]#
[root@localhost talaria]# systemctl status talaria
â— talaria.service - The Xmidt API interface server.
Loaded: loaded (/usr/lib/systemd/system/talaria.service; enabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Fri 2022-10-28 05:10:14 EDT; 8min ago
Main PID: 2416 (code=exited, status=1/FAILURE)
Oct 28 05:10:14 localhost.localdomain systemd[1]: Unit talaria.service entered failed state.
Oct 28 05:10:14 localhost.localdomain systemd[1]: talaria.service failed.
Oct 28 05:10:14 localhost.localdomain systemd[1]: talaria.service holdoff time over, scheduling restart.
Oct 28 05:10:14 localhost.localdomain systemd[1]: Stopped The Xmidt API interface server..
Oct 28 05:10:14 localhost.localdomain systemd[1]: start request repeated too quickly for talaria.service
Oct 28 05:10:14 localhost.localdomain systemd[1]: Failed to start The Xmidt API interface server..
Oct 28 05:10:14 localhost.localdomain systemd[1]: Unit talaria.service entered failed state.
Oct 28 05:10:14 localhost.localdomain systemd[1]: talaria.service failed.
[root@localhost talaria]#
Why does the service 'talaria' fail to boot up?
Hope get your suggestion, thank you!
Regards
Venty
Unknown User (brady)
Unknown User (gprasad) when I GET any node bu "curl", it always returns HTTP 403 error as below. can you help to check why it happens?
root@home:~# curl -H 'Authorization: Basic dXNlcjEyMzp3ZWJwYUAxMjM0NTY3ODkwCg==' -i http://10.120.14.169:9003/api/v2/device/mac:5cfa2535cdc0/config?names=Device.DeviceInfo.ModelName
HTTP/1.1 403 Forbidden
X-Scytale-Build: 0.1.4-1
X-Scytale-Flavor: mint
X-Scytale-Region: east
X-Scytale-Server: 10.120.14.169
X-Scytale-Start-Time: 31 Oct 22 01:42 UTC
X-Talaria-Build: 0.1.3-1
X-Talaria-Flavor: mint
X-Talaria-Region: east
X-Talaria-Server: 10.120.14.169
X-Talaria-Start-Time: 31 Oct 22 01:42 UTC
X-Tr1d1um-Build: 0.1.2-1
X-Tr1d1um-Flavor: mint
X-Tr1d1um-Region: east
X-Tr1d1um-Server: 10.120.14.169
X-Tr1d1um-Start-Time: 31 Oct 22 01:42 UTC
X-Webpa-Transaction-Id: oXE-JR3Of1S188UeAR5rIg
X-Xmidt-Span: "http://localhost:8080/api/v2/device/send","2022-11-11T08:01:52Z","683.002µs"
Date: Fri, 11 Nov 2022 08:01:52 GMT
Content-Length: 42
Content-Type: text/plain; charset=utf-8
{"code": 403, "message": "request denied"}root@home:~#
root@home:~#
root@home:~#
root@home:~#
root@home:/var/log#
root@home:/var/log# curl -H 'Authorization:Basic dXNlcjEyMzp3ZWJwYUAxMjM0NTY3ODkwCg==' -i 'http://10.120.14.169:8080/api/v2/devices'
HTTP/1.1 403 Forbidden
Content-Type: application/json
X-Talaria-Build: 0.1.3-1
X-Talaria-Flavor: mint
X-Talaria-Region: east
X-Talaria-Server: 10.120.14.169
X-Talaria-Start-Time: 31 Oct 22 01:42 UTC
Date: Fri, 11 Nov 2022 08:25:13 GMT
Content-Length: 42
{"code": 403, "message": "request denied"}root@home:/var/log#
root@home:/var/log#
root@home:/var/log#
########cat talaria.log:
2022-11-11T08:09:36.820399381Z level=error msg="All HTTP transaction retries failed" url=http://127.0.0.1:6300/api/v3/notify error="dial tcp 127.0.0.1:6300: connect: connection refused" retries=1
ts=2022-11-11T08:09:36.820445436Z caller=workerPool.go:81 level=error msg="HTTP transaction error" error="Post http://127.0.0.1:6300/api/v3/notify: dial tcp 127.0.0.1:6300: connect: connection refused"
ts=2022-11-11T08:09:36.969463178Z serverName=talaria bindAddress=:8080 listenNetwork=tcp listenAddress=[::]:8080 level=debug msg="accepted connection" remoteAddress=10.161.2.30:60032
ts=2022-11-11T08:09:36.969888357Z caller=manager.go:140 level=debug msg="device connect" url=/api/v2/device
ts=2022-11-11T08:09:36.970101582Z caller=manager.go:178 level=info id=mac:5cfa2535cdc0 convey="unsupported value type"
ts=2022-11-11T08:09:36.970144254Z caller=manager.go:184 level=error id=mac:5cfa2535cdc0 msg="missing security information"
ts=2022-11-11T08:09:36.970500962Z caller=manager.go:193 level=debug id=mac:5cfa2535cdc0 msg="websocket upgrade complete" localAddress=10.120.14.169:8080
ts=2022-11-11T08:09:36.970743643Z caller=handlers.go:222 level=debug msg="Connected device" id=mac:5cfa2535cdc0
ts=2022-11-11T08:09:36.970817347Z caller=manager.go:353 level=debug id=mac:5cfa2535cdc0 msg="writePump starting"
ts=2022-11-11T08:09:36.971164255Z caller=manager.go:275 level=debug id=mac:5cfa2535cdc0 msg="readPump starting"
ts=2022-11-11T08:09:36.971264664Z level=error msg="All HTTP transaction retries failed" url=http://127.0.0.1:6300/api/v3/notify error="dial tcp 127.0.0.1:6300: connect: connection refused" retries=1
ts=2022-11-11T08:09:36.971308819Z caller=workerPool.go:81 level=error msg="HTTP transaction error" error="Post http://127.0.0.1:6300/api/v3/notify: dial tcp 127.0.0.1:6300: connect: connection refused"
ts=2022-11-11T08:23:54.215333498Z serverName=talaria bindAddress=:8080 listenNetwork=tcp listenAddress=[::]:8080 level=debug msg="accepted connection" remoteAddress=10.161.2.30:60034
ts=2022-11-11T08:23:54.215748476Z caller=authorizationHandler.go:127 level=error msg="request denied" validator-response=false validator-error=null sat-client-id= token="Basic dXNlcjEyMzp3ZWJwYUAxMjM0NTY3ODkwCg==" method=GET url=/api/v2/devices user-agent=curl/7.69.1 content-length=0 remoteAddress=10.161.2.30:60034
#############cat tr1d1um.log:
{"caller":"utils.go:58","latency":"10.712224ms","level":"info","msg":"Bookkeeping response","requestAddress":"10.161.2.30:33208","requestMethod":"GET","requestURLPath":"/api/v2/device/mac:5cfa2535cdc0/config","requestURLQuery":"names=Device.DeviceInfo.ModelName","responseCode":403,"responseHeaders":{"X-Scytale-Build":["0.1.4-1"],"X-Scytale-Flavor":["mint"],"X-Scytale-Region":["east"],"X-Scytale-Server":["10.120.14.169"],"X-Scytale-Start-Time":["31 Oct 22 01:42 UTC"],"X-Talaria-Build":["0.1.3-1"],"X-Talaria-Flavor":["mint"],"X-Talaria-Region":["east"],"X-Talaria-Server":["10.120.14.169"],"X-Talaria-Start-Time":["31 Oct 22 01:42 UTC"],"X-Tr1d1um-Build":["0.1.2-1"],"X-Tr1d1um-Flavor":["mint"],"X-Tr1d1um-Region":["east"],"X-Tr1d1um-Server":["10.120.14.169"],"X-Tr1d1um-Start-Time":["31 Oct 22 01:42 UTC"],"X-Webpa-Transaction-Id":["oXE-JR3Of1S188UeAR5rIg"],"X-Xmidt-Span":["\"http://localhost:8080/api/v2/device/send\",\"2022-11-11T08:01:52Z\",\"683.002µs\""]},"satClientID":"user123","tid":"oXE-JR3Of1S188UeAR5rIg","ts":"2022-11-11T08:01:52.590123469Z"}
{"bindAddress":":9003","level":"debug","listenAddress":"[::]:9003","listenNetwork":"tcp","msg":"accepted connection","remoteAddress":"10.161.2.30:33224","serverName":"tr1d1um","ts":"2022-11-11T08:29:56.294386243Z"}
{"caller":"constructor.go:79","key":"Basic","level":"debug","method":"GET","msg":"authentication added to context","requestHeaders":{"Accept":["*/*"],"Authorization":["Basic dXNlcjEyMzp3ZWJwYUAxMjM0NTY3ODkwCg=="],"User-Agent":["curl/7.69.1"]},"requestURL":"/api/v2/device/mac:5cfa2535cdc0/config","token":{},"ts":"2022-11-11T08:29:56.294683788Z"}
{"caller":"enforcer.go:73","level":"debug","method":"GET","msg":"authentication accepted by enforcer","requestHeaders":{"Accept":["*/*"],"Authorization":["Basic dXNlcjEyMzp3ZWJwYUAxMjM0NTY3ODkwCg=="],"User-Agent":["curl/7.69.1"]},"requestURL":"/api/v2/device/mac:5cfa2535cdc0/config","ts":"2022-11-11T08:29:56.294741183Z"}
{"caller":"utils.go:58","latency":"8.858663ms","level":"info","msg":"Bookkeeping response","requestAddress":"10.161.2.30:33224","requestMethod":"GET","requestURLPath":"/api/v2/device/mac:5cfa2535cdc0/config","requestURLQuery":"names=Device.DeviceInfo.ModelName","responseCode":403,"responseHeaders":{"X-Scytale-Build":["0.1.4-1"],"X-Scytale-Flavor":["mint"],"X-Scytale-Region":["east"],"X-Scytale-Server":["10.120.14.169"],"X-Scytale-Start-Time":["31 Oct 22 01:42 UTC"],"X-Talaria-Build":["0.1.3-1"],"X-Talaria-Flavor":["mint"],"X-Talaria-Region":["east"],"X-Talaria-Server":["10.120.14.169"],"X-Talaria-Start-Time":["31 Oct 22 01:42 UTC"],"X-Tr1d1um-Build":["0.1.2-1"],"X-Tr1d1um-Flavor":["mint"],"X-Tr1d1um-Region":["east"],"X-Tr1d1um-Server":["10.120.14.169"],"X-Tr1d1um-Start-Time":["31 Oct 22 01:42 UTC"],"X-Webpa-Transaction-Id":["EYTsASFc9QoobNtI85-mww"],"X-Xmidt-Span":["\"http://localhost:8080/api/v2/device/send\",\"2022-11-11T08:29:56Z\",\"4.403597ms\""]},"satClientID":"user123","tid":"EYTsASFc9QoobNtI85-mww","ts":"2022-11-11T08:29:56.303645531Z"}
[root@localhost tr1d1um]#