Code Monkey home page Code Monkey logo

edgex-ekuiper-snap's Introduction

EdgeX eKuiper Snap

edgex-ekuiper

eKuiper is a lightweight IoT edge analytics software.

This is a snap packaging of eKuiper tailored to the EdgeX Foundry snap, available at: https://snapcraft.io/edgexfoundry

The snap is designed to work with EdgeX and is not supported for standalone use.

The snap is NOT SUPPORTED by the eKuiper community. For any EdgeX-related issues when using this snap, please refer to: https://github.com/canonical/edgex-ekuiper-snap

eKuiper source code: https://github.com/lf-edge/ekuiper

eKuiper is a trademark of LF Projects: https://lfprojects.org

The snap is built automatically and published on the Snap Store as edgex-ekuiper.

Snap Installation

Please refer to the edgex-ekuiper snap store listing for installation and releases.

The eKuiper service does not start after installation; see configuration.

EdgeX Integration

This snap works together with several other EdgeX services.

Please refer to EdgeX Getting Started for setting up the platform using snaps.

Message Bus (Redis)

The eKuiper service connects to Redis and subscribes to events. By default, the connection needs authentication.

Secret Store (Vault)

When this snap is installed together with the edgexfoundry snap, it will use the edgex-secretstore-token content interface to receive a Vault token for an addon-service named edgex-ekuiper.

Note
The edgexfoundry 2.2.0-dev.32 or later is configured to issue the token automatically; see PR #3888. This version is currently available in latest/beta channel.

For versions prior to this, the edgex-ekuiper add-on service with redisdb known secret token can be added by configuration. Please refer to Configuring Add-on Services and edgexfoundry snap readme for details.

The token is expected at /var/snap/edgex-ekuiper/current/edgex-ekuiper/secrets-token.json and may be supplied via other means.

This snap uses the Vault token to query Redis credentials from Vault. It then injects the credentials into relevant eKuiper config files.

If the token is not available, the service will exit with error and restart automatically.

Option
To disable the Vault token requirement and skip credentials query and config injection, set the following option:

sudo snap set edgex-ekuiper config.edgex-security-secret-store=false

This option is experimental and subject to change without notice.

EdgeX events source

eKuiper subscribes to all EdgeX events by default. The default configuration expects that events are published to the EdgeX message bus under edgex/events/# topic.

To enable filtering using the app-service-configurable snap, please refer to Work with App Service Configurable filtering details below.

System overview

The default setup described above will prepare the system such that:

  • edgex-ekuiper is inactive and disabled
  • edgexfoundry.kuiper and edgexfoundry.app-service-configurable are inactive and disabled - these are deprecated and embedded versions of eKuiper and App Service Configurable which we do not use here.
  • edgexfoundry's vault and redis, along with other core services are active and enabled

Verify that by executing the following command:

$ sudo snap services edgex-ekuiper edgexfoundry
Service                                                  Startup   Current   Notes
edgex-ekuiper.kuiperd                                    disabled  inactive    -
edgexfoundry.app-service-configurable                    disabled  inactive  -
edgexfoundry.consul                                      enabled   active    -
edgexfoundry.core-command                                enabled   active    -
edgexfoundry.core-data                                   enabled   active    -
edgexfoundry.core-metadata                               enabled   active    -
edgexfoundry.device-virtual                              disabled  inactive  -
edgexfoundry.kong-daemon                                 enabled   active    -
edgexfoundry.kuiper                                      disabled  inactive  -
edgexfoundry.postgres                                    enabled   active    -
edgexfoundry.redis                                       enabled   active    -
edgexfoundry.security-bootstrapper-redis                 enabled   inactive  -
edgexfoundry.security-consul-bootstrapper                enabled   inactive  -
edgexfoundry.security-proxy-setup                        enabled   inactive  -
edgexfoundry.security-secretstore-setup                  enabled   inactive  -
edgexfoundry.support-notifications                       disabled  inactive  -
edgexfoundry.support-scheduler                           disabled  inactive  -
edgexfoundry.sys-mgmt-agent                              disabled  inactive  -
edgexfoundry.vault                                       enabled   active    -

To change the default configuration, refer below.

Snap Configuration

The eKuiper service is stopped and disabled by default after installation. This is to allow configuration (see below) before running the service for the first time.

The service can be started as follows. The --enable option ensures that as well as starting the service now, it will be automatically started on boot:

sudo snap start --enable edgex-ekuiper

Conversely, the service can be stopped and disabled as follows:

sudo snap stop --disable edgex-ekuiper

To restart a running instance and load new configurations:

sudo snap restart edgex-ekuiper

Configuration files

The basic server configuration file for eKuiper is at /var/snap/edgex-ekuiper/current/etc/kuiper.yaml. For details, please refer to this eKuiper document.

The /var/snap/edgex-ekuiper/current/etc directory contains the configuration files of eKuiper. These include the basic server configuration, as well as configurations such as for sources, sinks, and connections.

Configuration overrides

The Snap provides an interface to set environment variables for the eKuiper Daemon.

Example

# enable eKuiper's debug mode
snap set edgex-ekuiper config.kuiper.basic.debug=true

# change EdgeX's default port
snap set edgex-ekuiper config.edgex.default.port=1111

snap restart edgex-ekuiper

For more details on Snap options, please refer to EdgeX config overrides documentation. To learn more about the supported environment variables, please consult the eKuiper configuration documentation.

Work with App Service Configurable filtering:

Instead of subscribing to all EdgeX events, eKuiper can be configured to subscribe to events filtered by EdgeX App Service Configurable.

To do so, install edgex-app-service-configurable, and set its profile to rules-engine:

snap install edgex-app-service-configurable
snap set edgex-app-service-configurable profile=rules-engine
snap start edgex-app-service-configurable

Then, set eKuiper to subscribe to app-service-configurable by changing the edgex default topic to rules-event and messageType to event:

snap set edgex-ekuiper config.edgex.default.topic=rules-events config.edgex.default.messagetype=event
# restart is required to load new configuration options
snap restart edgex-ekuiper

Unsetting the above changes will revert ekuiper to default settings (subscribe to all EdgeX events):

snap unset edgex-ekuiper config.edgex.default.topic config.edgex.default.messagetype
# restart is required to load new configuration options
snap restart edgex-ekuiper

Config provider

edgex-ekuiper snap has a content interface that allows a provider snap to seed it with configuration files. Upon a connection between these two snaps, the packaged config files get mounted inside edgex-ekuiper snap, to be used by kuiper service.

Here is an example of the ekuiper-data slot from a provider:

slots:
  ekuiper-data:
    interface: content
    source:
      write: [$SNAP_DATA/data]

where:

  • write: [$SNAP_DATA/data] exposes a directory beneath the writable $SNAP_DATA to consumer edgex-ekuiper snap. The directory needs to be writable because edgex-ekuiper adds other files inside it during ruleset provisioning. In order to place configuration files beneath $SNAP_DATA, the provider needs to contain an install hook or a service which deploys the ruleset after installation.
  • data directory is a required for ruleset provision

To connect the provider to edgex-ekuiper:

snap connect edgex-ekuiper:ekuiper-data <config-provider>:ekuiper-data

Note that the connection needs to happen before starting eKuiper for the first time.

Please refer to edgex-config-provider for mode details.

Viewing logs

For example, to print 100 lines and follow the logs:

snap logs -n=100 -f edgex-ekuiper

Build from source

Execute the following command from the top-level directory of this repo:

snapcraft

This will create a snap package file with .snap extension. It can be installed locally by setting the --dangerous flag:

sudo snap install --dangerous <snap-file>

The snapcraft overview provides additional details.

Obtain a Secret Store token

The edgex-secretstore-token snap slot makes it possible to automatically receive a token from a locally installed platform snap.

If the snap is built and installed locally, the interface will not auto-connect. You can check the status of the connections by running the snap connections edgex-ekuiper command.

To manually connect and obtain a token:

sudo snap connect edgexfoundry:edgex-secretstore-token edgex-ekuiper:edgex-secretstore-token

Please refer here for further information.

Tagging

This repository is tagged after the eKuiper project with a semver build metadata snap suffix. For example, if eKuiper is tagged as 1.4.3, this repository will be tagged as 1.4.3+snap, 1.4.3+snap.2, 1.4.3+snap.N. The build version increments indicate updates to the snap packaging on top of the same eKuiper release.

The release Github workflow can be used to manually tag and release, enforcing the above schema.

edgex-ekuiper-snap's People

Contributors

farshidtz avatar monicaisher avatar renovate[bot] avatar

Stargazers

avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

farshidtz monicaisher samkenxstream

edgex-ekuiper-snap's Issues

Add build instructions to README

This project has no build instructions. It would be useful to add the snap build and relevant details, similar to https://github.com/edgexfoundry/device-mqtt-go/tree/main/snap#build-from-source.

This was removed in #34:

[snap/hooks/connect-slot-edgex-secretstore-token](https://github.com/canonical/edgex-ekuiper-snap/pull/34/files#diff-067fc1f1a0a69fe5d993ef9903dfd1b77d0563472e6b213e17ffaf9212c5617e)
Viewed
@@ -1,18 +0,0 @@
#!/bin/bash 

# This hook is triggered after the bind mount is added as a result of a
# connection for edgex-secretstore-token content interface.
#
# The connection can happen before or after edgex-ekuiper:
#
#   BEFORE when a provider snap (from the same publisher) is installed before
#   the edgex-ekuiper snap and the content interface is auto-connected.
#
#   AFTER, when:
#     1. A provider snap (from the same publisher) is installed after the
#        edgex-ekuiper snap and the content interface is auto-connected.
#     2. A connection to an external provider snap is made manually after the
#        installation of the edgex-ekuiper snap.

logger "edgex-ekuiper: connect-slot-edgex-secretstore-token: connected"

Make edgex-ekuiper aware security is on or off

Make edgex-ekuiper aware security is on or off by adding a config option (e.g. edgex-security=off). It should be possible to orchestrate secure runtime on boot.

When set to off explicitly, skip reading token and credentials query but instead start without auth.

(default) If not set to off and no token available, assume security was needed and exit with an error. The service would then automatically restart after the given period in snapcraft start policy.

Configurable edgex secret store

PR #20 adds the support for edgex-security option set to on/off. This is fine in most settings but is not extensible to allow other ways to provide the secret. Moreover, it isn't so intuitive because it sets the "edgex-security" to off even though the redis credentials may be passed via other means to allow secure connections. What it really does is to disable redis credentials setup. The redis credential setup involves (1) querying credentials from a vault (local, default port) using the vault token provided by the content interface and (2) injecting credentials into config files.

We can get inspiration from toml secret store section in configuration files of other services. E.g. device-mqtt:

[SecretStore]
Type = "vault"
Host = "localhost"
Port = 8200
Path = "device-mqtt/"
Protocol = "http"
RootCaCertPath = ""
ServerName = ""
# Uncomment to seed service secrets file
# SecretsFile = "/tmp/edgex/secrets/device-mqtt/secrets.json"
DisableScrubSecretsFile = false
TokenFile = "/tmp/edgex/secrets/device-mqtt/secrets-token.json"
    [SecretStore.Authentication]
    AuthType = "X-Vault-Token"

Automated build triggered before tagging

The snap is automatically built using snapcraft.io's build feature. This happens on releases.

The release workflow adds an annotated tag to the repo and performs a Github release. This should theoretically trigger the build on snapcraft.io after tagging is done.

However, it looks like the trigger happens on code that isn't yet tagged. A subsequent manual build will read the tag just fine.

Work-around: Trigger manually after release via the Github CI workflow.

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

github-actions
.github/workflows/issues-to-jira.yml
.github/workflows/release.yml
  • actions/checkout v3
  • rickstaa/action-create-tag v1
  • softprops/action-gh-release v1
.github/workflows/snap.yml
  • canonical/edgex-snap-testing v3
  • canonical/edgex-snap-testing v3
gomod
snap/local/helper-go/go.mod
  • go 1.18
  • github.com/canonical/edgex-snap-hooks/v3 v3.0.0
  • Check this box to trigger a request for Renovate to run again on this repository

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.