Configuration cleaning for Release:

- revert krakend encoding - bump service versions for all components and update congifs - update Changelog - Loki configuration to preserve logs for exited containers - teardown.sh clean all frinx volumes
FRINXio · Jul 15, 2022 · e0688ac · e0688ac
1 parent 94701bf
commit e0688ac
Show file tree

Hide file tree

Showing 11 changed files with 143 additions and 53 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,89 +1,157 @@
-# Frinx Machine 1.9 RELEASE NOTE:
+# Frinx Machine 1.10 RELEASE NOTE:
 -----------------
 ## Frinx Machine
-*    Credentials and certificates via docker secret
 
-*    KrakenD custom certs via docker secrets
+- Improved vulnerability scanning in module repositories
 
-*    Multinode deployment, multiple placement methods can be used
+- New optional service Unistore
 
-*    Uniconfig and Traefik settings via docker config
+- Improved RBAC scripts and documentation
 
-*    Authorization and Authentification with Azure AD (AAA)
+### Certs
 
-*    Added high-performance resource limits 
+- Uniconfig-controller run without TLS enabled
+
+- Traefik TLS certificates are autogenerated during installation
+
+    * The secured connection between swarm nodes
+
+    * frinx_uniconfig_tls_cert.pem, frinx_uniconfig_tls_key.pem
+
+    * Unique certs in each deployment
+
+- KrakenD TLS certificates can be selected by a user or autogenerated
+
+- Certs are monitored in Grafana dashboard SSL Monitoring (x509_cert)
+
+- Default CN is * and valid is 365 days, self-signed
+
+- Stored in docker secrets
+
+<br>
+
+### Docker secrets:
+
+- All sensitive configurations are stored in docker secrets
+
+- Default values can be found in config/secrets
+
+- RBAC configuration, worker config 
+
+- Azure AD configuration via azure_ad.sh
+
+- Grafana default user changed
+
+<br>
+
+### Uniconfig zone networking
+
+- Each Uniconfig zone has its own network (network name based on zone name)
+
+- Communication to uniconfig-controller only via dedicated Traefik load balancer
+
+- Network Isolation of uniconfig-controllers and Postgres databases
 
 <br>
 
 ## Updated Services
 
 ### Uniconfig
-*   Leaf-ref validation
 
-*   Introduction of transaction idle-timeout
+- Version 5.0.11
 
-*   Removed AAA
+### Unistore
 
-*   Bug fixing
+- Optional service 
 
+- L3VPN automation 
 
-<br>
+### Postgresql
 
-### Monitoring
+- Version 12.10
+
+### Frinx Frontend
+
+- NodeJS server instead of Nginx 
+
+- Configuration via environment variables
 
-*    InfluxDB instead of Prometheus
+- L3VPN automation
 
-*    Telegraf instead of node-exported and cadvisor
+- Workflow-builder improvements
 
 ### Conductor
 
-*   Sanitize log4j  vulnerability
+- upstream version 3.5.2
+
+- back compatibility (bulk/terminate)
+
+- external storage use same postgres datasource as conductor
+
+- separate metrics from console logs
 
 ### Workflow-proxy
 
-*    Fix RBAC issues
+- uniconfig swagger for multi-zone 
 
-*    OpenAPI with AAA
+- bulk/terminate operation via POST method
 
-*    Event sanitize
+- hierarchical view performance improvement
 
-### Inventory
+### Device inventory
 
-*    Transaction id to uniconfig API communication
+- transaction management, history view and revert
 
-*    Remove snapshots
+### Uniresource
 
-*    Uniconfig zone tenant defined via env variable
+- new resource cleaning strategies
 
-### Frinx-Frontend
+- pagination for resource queries
 
-*   Bug fixing
+### Schellar
 
+- increase workflow name size
 
 ### KrakenD
 
-*    KrakenD Azure plugin with role claims to the header
+- bump to version 2.0.4
+
+- Security improvements in plugin
 
-*    KrakenD Azure plugin with optional group claims to the header
+- Imroved security in configuration files
 
-*    Validate certs during starting a container
+### Traefik
 
-### Resource manager
+- bump version to v2.7
 
-*    Add desired value for vlan strategy 
+### Monitoring
+
+- Cert monitoring dashboard
 
-*    Rewrite and refactor ivp4 strategy
+- Improved device monitoring dashboard
 
-*    Update unique-id strategy
+- Conductor metrics stored in InfluxDB
+
+- Uniconfig metrics stored in InfluxDB
 
 ## REST API changes
 
 ### New workflow-proxy endpoints
 
-*   **GET** - /oauth2-redirect.html   :  Swagger UI redirect url
+*   **PUT** - /api/unistore/data/*...
+*   **GET** - /api/unistore/data/*...
+*   **PATCH** - /api/unistore/data/*...
+*   **DELETE** - /api/unistore/data/*...
+*   **POST** - /api/unistore/data/*...
 
-*   **POST** - /api/uniflow/docs/token : CORS fixing token change url
+*   **POST** - /api/unistore/operations/*...
+*   **GET** - /*...
 
 ### Removed workflow-proxy endpoints
 
-*   **GET** - /api/uniflow/workflow/{a}
+*   **POST** - /api/uniflow/schedule
+*   **GET** - /
+*   **GET** - /bundle.js
+*   **GET** - /-/config.js
+*   **GET** - /favicon.ico
+
diff --git a/composefiles/support/swarm-monitoring.yml b/composefiles/support/swarm-monitoring.yml
@@ -7,6 +7,7 @@ x-logging: &logging_loki
       max-file: "3"
       max-size: "10m"
       mode: non-blocking
+      keep-file: "true"
       loki-retries: "1"
       loki-batch-size: "1500"
       loki-relabel-config: |

diff --git a/composefiles/swarm-uniconfig.yml b/composefiles/swarm-uniconfig.yml
@@ -12,6 +12,7 @@ x-logging: &logging_loki
       max-file: "3"
       max-size: "10m"
       mode: non-blocking
+      keep-file: "true"
       loki-retries: "1"
       loki-batch-size: "1500"
       loki-relabel-config: |
@@ -83,7 +84,7 @@ services:
           memory: ${TF_RES_LIMIT_MEM}
 
   uniconfig-controller:
-    image: frinx/uniconfig:5.0.9
+    image: frinx/uniconfig:5.0.11
     logging: *logging_loki
     networks:
       - uniconfig-network

diff --git a/composefiles/swarm-uniflow.yml b/composefiles/swarm-uniflow.yml
@@ -8,6 +8,7 @@ x-logging: &logging_loki
       max-file: "3"
       max-size: "10m"
       mode: non-blocking
+      keep-file: "true"
       loki-retries: "1"
       loki-batch-size: "1500"
       loki-relabel-config: |
@@ -16,7 +17,7 @@ x-logging: &logging_loki
 
 services:
   krakend:
-    image: frinx/krakend:latest
+    image: frinx/krakend:1.0.4
     # user: root
     logging: *logging_loki
     labels:
@@ -89,7 +90,7 @@ services:
           memory: ${KD_RES_LIMIT_MEM}
 
   conductor-server:
-    image: frinx/uniflow-conductor-server:1.0.7
+    image: frinx/uniflow-conductor-server:1.0.8
     # user: guest
     logging: *logging_loki
     labels:
@@ -189,7 +190,7 @@ services:
           memory: ${ES_RES_LIMIT_MEM}
 
   frinx-frontend:
-    image: frinx/frinx-frontend:latest
+    image: frinx/frinx-frontend:1.0.10
     user: node
     logging: *logging_loki
     labels:
@@ -341,7 +342,7 @@ services:
           memory: ${SC_RES_LIMIT_MEM}
 
   workflow-proxy:
-    image: frinx/workflow-proxy:latest
+    image: frinx/workflow-proxy:1.0.9
     user: node
     logging: *logging_loki
     labels:
@@ -388,7 +389,7 @@ services:
           memory: ${WP_RES_LIMIT_MEM}
 
   uniresource:
-    image: frinx/resource-manager:1.0.4
+    image: frinx/resource-manager:1.0.5
     logging: *logging_loki
     labels:
       - traefik.enable=false
@@ -435,7 +436,7 @@ services:
           memory: ${UR_RES_LIMIT_MEM}
 
   inventory:
-    image: frinx/frinx-inventory-server:latest
+    image: frinx/frinx-inventory-server:1.3.0
     logging: *logging_loki
     labels:
       - traefik.enable=false
@@ -459,7 +460,6 @@ services:
       timeout: 5s
       retries: 5
       start_period: 40s
-    entrypoint: ["/run_inventory.sh"]
     ulimits:
       nofile:
         soft: ${IV_ULIMIT_NOFILE_SOFT}

diff --git a/composefiles/swarm-unistore.yml b/composefiles/swarm-unistore.yml
@@ -12,6 +12,7 @@ x-logging: &logging_loki
       max-file: "3"
       max-size: "10m"
       mode: non-blocking
+      keep-file: "true"
       loki-retries: "1"
       loki-batch-size: "1500"
       loki-relabel-config: |
@@ -28,7 +29,7 @@ x-tcp_keepalive: &tcp_keepalive
 
 services:
   unistore:
-    image: frinx/uniconfig:5.0.9
+    image: frinx/uniconfig:5.0.11
     logging: *logging_loki
     labels:
       - traefik.enable=false  

diff --git a/config/krakend/settings/workflow_proxy_settings.json b/config/krakend/settings/workflow_proxy_settings.json
@@ -104,11 +104,6 @@
             "method": "GET",
             "url_pattern": "/schedule"
         },
-        {
-            "endpoint": "/api/uniflow/schedule",
-            "method": "POST",
-            "url_pattern": "/schedule"
-        },
         {
             "endpoint": "/api/uniflow/schedule/{name}",
             "method": "GET",

diff --git a/config/krakend/templates/inventory.tmpl b/config/krakend/templates/inventory.tmpl
@@ -1,6 +1,7 @@
 {
     "endpoint": "/api/inventory",
     "method": "POST",
+    "output_encoding": "no-op",
     "input_headers": [ {{ include "allowed_headers.tmpl" }} ],
 
     "extra_config": {
@@ -16,6 +17,7 @@
         {
             "url_pattern": "/graphql",
             "sd": "static",
+            "encoding": "no-op",
             "disable_host_sanitize": false,
             "extra_config": {
                 {{ include "modifiers.tmpl" }}

diff --git a/config/krakend/templates/uniresource.tmpl b/config/krakend/templates/uniresource.tmpl
@@ -3,6 +3,7 @@
 {
     "endpoint": "{{ .endpoint }}",
     "method": "{{ .method }}",
+    "output_encoding": "no-op",
     "input_headers": [ {{ include "allowed_headers.tmpl" }} ],
 
     {{ if .input_query_strings }}
@@ -23,6 +24,7 @@
     "backend": [
     {
         "url_pattern": "{{ .url_pattern }}",
+        "encoding": "no-op",
         "extra_config": {
             {{ include "modifiers.tmpl" }}
         },

diff --git a/config/uniconfig/frinx/uniconfig/config/lighty-uniconfig-config.json b/config/uniconfig/frinx/uniconfig/config/lighty-uniconfig-config.json
@@ -58,6 +58,9 @@
         // delimiter used for escaping of list keys in URI (for example, '%22')
         // if it is set to 'null' (default), keys cannot be escaped and must be directly encoded according to RFC-8040
         "keyDelimiter": null,
+        // Flag that determines if the data node that is empty(means node contains only attribute tag) should be hidden
+        // during GET operation.
+        "hideEmptyDataNodes": false,
         // Settings related to filtering of data in CRUD operations.
         "schemaFilters": {
             // List of extension definitions that can be used to filter out data during PUT/POST/PATCH operation.
@@ -73,7 +76,14 @@
             "ignoreUnsupportedDefinitionsOnWrite": false,
             // Indicates if the definition with "DEPRECATED" status should be hidden during GET operation.
             "hideDeprecatedDefinitionsOnRead": false
-        }
+        },
+        // default value 0 makes the behavior as defined in RFC8040 (returns status code 404 [Not Found]),
+        // if changed to anything else, that status code will be returned
+        "statusCodeForEmptyGetResponse": 0,
+        // this flag removes namespaces from GET response (only if there are no duplicate localnames)
+        // (E.g. if there is: namespace1:test and namespace2:test  .. the namespace won't be removed because
+        // there would be two identical localnames)
+        "showNamespaceInJsonResponse": true
     },
     /*
     CLI shell settings via environment variables.