Skip to content

Commit

Permalink
docs(reference): faq and configs update (#332)
Browse files Browse the repository at this point in the history
  • Loading branch information
@bwendlandt-intel
bwendlandt-intel authored Sep 27, 2023
1 parent 4559ce3 commit 2e85715
Show file tree
Hide file tree
Showing 5 changed files with 144 additions and 84 deletions.
67 changes: 44 additions & 23 deletions docs/Reference/MPS/configuration.md
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,46 @@
--8<-- "References/abbreviations.md"
# MPS Configuration Options
## MPS Configuration

The `.env` variables set have priority and overwrite the corresponding `.mpsrc` variables.

| `.env` Variable Name | `.mpsrc` Variable Name | Default | Description |
| :-------------------------------| :----------------------------| :---------------------------------| :-------------------------------------------------------------------------------- |
| MPS_VAULT_ADDRESS | vault_address |`http://vault:8200` or `http://localhost:8200`| Address of where the vault is hosted |
| MPS_GENERATE_CERTS | generate_certificates |`true` | Enables/Disables generation of self signed certificates based on MPS_COMMON_NAME |
| MPS_COMMON_NAME | common_name |`localhost` | Common Name of MPS server. May be an IP or FQDN. Used when generating self-signed CIRA certificate. |
| MPSPORT | port |`4433` | CIRA connection port to listen on |
| MPSWEBPORT | web_port |`3000` | Web API port to listen on |
| MPS_DEBUG | |`true` | NOT USED |
| MPS_WEB_ADMIN_USER | web_admin_user |No Value | Username for Sample Web UI and API authentication |
| MPS_WEB_ADMIN_PASSWORD | web_admin_password |No Value | Password for Sample Web UI and API authentication |
| MPS_HTTPS | |`true` | Specifies whether or not to enable https |
| MPS_TLS_OFFLOAD | |`false` | NOT USED |
| MPS_LOG_LEVEL | |`info` | Controls the level of logging provided in the service. Options are (in order of increasing detail): `error`, `warn`, `info`, `verbose`, `debug`, and `silly`. |
| MPS_JWT_EXPIRATION | jwt_expiration |`1440` | The default expiration in minutes for the JWT Token. Default is 24 hours. |
| MPS_JWT_SECRET | jwt_secret |No Value | Secret used for generating a JWT Token. IMPORTANT: This must match the `secret` in your `Kong.yaml` file for the jwt plugin configuration. |
| MPS_JWT_ISSUER | jwt_issuer |`9EmRJTbIiIb4bIeSsmgcWIjrR6HyETqc` | The issuer that will be populated in the token. This is a not considered a secret. IMPORTANT: This must match the `key:` property in the `Kong.yaml` file for the jwt plugin configuration. |
| MPS_MQTT_ADDRESS | mqtt_address |No Value | Address of where the mqtt broker is hosted. Mqtt container is named `mosquitto` and is open to port `8883`. Thus unless setting are changed the value should be either empty (off) or `mqtt://mosquitto:8883` (on) |
| MPS_COUNTRY | country | `US` | Country for Self-Signed Certificate |
| MPS_COMPANY | company | `NoCorp` | Company for Self-Signed Certificate |
| MPS_WEB_AUTH_ENABLED | web_auth_enabled | `true` | MPS provides a simple auth using `web_admin_user` and `web_admin_password`. Set web_auth_enabled to `false` to disable this auth mechanism. |
| MPS_VAULT_TOKEN | vault_token | `myroot` | Token used to access the vault |
| MPS_SECRETS_PATH | secrets_path | `secret/data/` | Path for where secrets are stored in the vault |
| MPS_SECRETS_PROVIDER | secrets_provider | `vault` | Secret provider used (`vault`) |
| MPS_CERT_FORMAT | cert_format | `file` | Format to store certificates to Vault |
| MPS_DATA_PATH | data_path | `../private/data.json` | File path to store Vault data locally |
| MPS_CERT_PATH | cert_path | `../private` | File path to store certificates in Vault locally |
| MPS_CORS_ORIGIN | cors_origin | `*` | (NOT USED) Allowed origin for CORS policy |
| MPS_CORS_HEADER | cors_header | `*` | (NOT USED) Allowed headers |
| MPS_CORS_METHODS | cors_methods | `*` | (NOT USED) Allowed methods |
| MPS_DB_PROVIDER | db_provider | `postgres` | Database provider used (`postgres`, `nosql`) |
| MPS_CONNECTION_STRING | connection_string | `postgresql://<USERNAME>:<PASSWORD>@localhost:5432/mpsdb?sslmode=no-verify` | The database connection string |
| MPS_INSTANCE_NAME | instance_name | `localhost` | Value used to record and address specific mps instances. (i.e containerIp in k8s) |
| MPS_TLS_CONFIG | mps_tls_config | | Used only if `generate_certificates = false` Cert settings for CIRA connection |
| MPS_WEB_TLS_CONFIG | web_tls_config | | NOT USED |
| MPS_REDIRECTION_EXPIRATION_TIME | redirection_expiration_time | `5` | Default expiration for redirection token |
| MPS_CONSUL_ENABLED | consul_enabled | `false` | Enable/disable use of Consul for centralized configuration |
| MPS_CONSUL_HOST | consul_host | `localhost` | Address of where Consul is hosted |
| MPS_CONSUL_PORT | consul_port | `8500` | Consul Port to listen on |
| MPS_CONSUL_KEY_PREFIX | consul_key_prefix | `MPS` | Default prefix key for Consul data structure |


| Environment Variable | Default | Description |
| :------------------------- | :--------------------- | :-- |
| MPS_IMAGE | mps-microservice:v1 | Only used when using docker-compose.yml. Specifies image to use for MPS |
| MPS_USE_VAULT | true | Whether or not the vault should be used |
| MPS_VAULT_ADDRESS | http://vault:8200 | Address of where the vault is hosted |
| MPS_VAULT_TOKEN | myroot | Token used to access the vault |
| MPS_SECRETS_PATH | secret/data/ | Path to where secrets are stored in the vault |
| MPS_GENERATE_CERTS | true | Enables/Disables generation of self signed certificates based on MPS_COMMON_NAME |
| MPS_COMMON_NAME | localhost | Development system's IP address. <br> **Note:** For this guide, you **cannot** use localhost because the managed device would be unable to reach the MPS and RPS servers. | For this guide, the address will be used in a self-signed certificate. It may be an IP address or FQDN in real world deployment. |
| MPS_PORT | 4433 | |
| MPS_WEB_PORT | 3000 | |
| MPS_WEB_ADMIN_USER | n/a | Specifies the username for API authentication |
| MPS_WEB_ADMIN_PASSWORD | n/a | Specifies the password for API authentication |
| MPS_WEB_AUTH_ENABLED | n/a | Specifies whether or not to enable MPS authentication |
| MPS_HTTPS | true | Specifies whether or not to enable https |
| MPS_TLS_OFFLOAD | false | |
| MPS_LOG_LEVEL | info | Controls the level of logging provided in the service. Options are (in order of increasing detail): `error`, `warn`, `info`, `verbose`, `debug`, and `silly`. |
| MPS_JWT_SECRET | n/a | Secret used for generating a JWT Token. IMPORTANT: This must match the `secret` in your `Kong.yaml` file for the jwt plugin configuration.
| MPS_JWT_ISSUER | 9EmRJTbIiIb4bIeSsmgcWIjrR6HyETqc | The issuer that will be populated in the token. This is a not considered a secret. IMPORTANT: This must match the `key:` property in the `Kong.yaml` file for the jwt plugin configuration.
| MPS_JWT_EXPIRATION | 1440 | The default expiration in minutes for the JWT Token. Default is 24 hours. |
| MPS_MQTT_ADDRESS | No Value | Address of where the mqtt broker is hosted. Mqtt container is named `mosquitto` and is open to port `8883`. Thus unless setting are changed the value should be either empty (off) or `mqtt://mosquitto:8883` (on) |
| MPS_CONNECTION_STRING | `postgresql://postgresadmin@localhost:5432/mpsdb?sslmode=no-verify` | The database connection string |
40 changes: 26 additions & 14 deletions docs/Reference/RPS/configuration.md
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,29 @@
--8<-- "References/abbreviations.md"

# RPS Configuration
## RPS Configuration

| Environment Variable | Default | Description |
| :--------------------------- | :------------------------------------ | :---------- |
| RPS_IMAGE | `rps-microservice:v1` | Only used when using docker-compose.yml. Specifies image to use for RPS |
| RPS_CONNECTION_STRING | `postgresql://postgresadmin@localhost:5432/rpsdb?sslmode=no-verify` | The database connection string |
| RPS_WEB_PORT | `8081` | Specifies the Web API port to listen on |
| RPS_WEBSOCKETPORT | `8080` | Specifies the Websocket port to listen on |
| RPS_VAULT_ADDRESS | `http://vault:8200` | Address of where the vault is hosted |
| RPS_VAULT_TOKEN | `myroot` | Token used to access the vault |
| RPS_SECRETS_PATH | `secret/data/` | Specifies the path for where secrets are stored in the vault |
| RPS_LOG_LEVEL | `info` | Controls the level of logging provided in the service. Options are (in order of increasing detail): `error`, `warn`, `info`, `verbose`, `debug`, and `silly` |
| RPS_MPS_SERVER | `http://localhost:3000` | Specifies where the MPS is hosted -- required for metadata registration (i.e. hostname, and tags) |
| RPS_DELAY_TIMER | `12` | Sets the number of seconds to wait after activation but before proceeding with final steps. By default it is set to 12 seconds. During this waiting period, RPS sends heartbeats to RPC to keep the connection alive. |
| RPS_MQTT_ADDRESS | No Value | Address of where the mqtt broker is hosted. Mqtt container is named `mosquitto` and is open to port `8883`. Thus unless setting are changed the value should be either empty (off) or `mqtt://mosquitto:8883` (on) |
The `.env` variables set have priority and overwrite the corresponding `.rpsrc` variables.

| `.env` Variable Name | `.rpsrc` Variable Name | Default | Description |
| :----------------------------| :------------------------| :------------------------| :------------------------------------------------------------------------------------------------|
| RPS_WEBSOCKETTLS | |`true` | Enable/disable TLS on Websocket Connection |
| RPSWEBPORT | web_port |`8081` | Web API port to listen on |
| RPSWEBSOCKETPORT | websocketport |`8080` | Websocket port to listen on |
| RPS_LOG_LEVEL | |`info` | Controls the level of logging provided in the service. Options are (in order of increasing detail): `error`, `warn`, `info`, `verbose`, `debug`, and `silly` |
| RPS_DELAY_TIMER | delay_timer |`12` | Sets the number of seconds to wait after activation but before proceeding with final steps. By default it is set to 12 seconds. During this waiting period, RPS sends heartbeats to RPC to keep the connection alive. |
| RPS_MQTT_ADDRESS | mqtt_address |No Value | Address of where the mqtt broker is hosted. Mqtt container is named `mosquitto` and is open to port `8883`. Thus unless setting are changed the value should be either empty (off) or `mqtt://mosquitto:8883` (on) |
| RPS_SECRETS_PATH | secrets_path | `secret/data/` | Path for where secrets are stored in the vault |
| RPS_VAULT_ADDRESS | vault_address | `http://localhost:8200` | Address of where the vault is hosted |
| RPS_VAULT_TOKEN | vault_token | `myroot` | Token used to access the vault |
| RPS_DB_PROVIDER | db_provider | `postgres` | Database provider used (`postgres`) |
| RPS_SECRETS_PROVIDER | secrets_provider | `vault` | Secret provider used (`vault`) |
| RPS_CONNECTION_STRING | connection_string | `postgresql://<USERNAME>:<PASSWORD>@localhost:5432/rpsdb` | The database connection string |
| RPS_CORS_ORIGIN | cors_origin | `http://localhost:4200` | (NOT USED) Allowed origin for CORS policy |
| RPS_CORS_HEADER | cors_header | `Origin, X-Requested-With, Accept, Content-Type, csrf-token, authorization` | (NOT USED) Allowed headers |
| RPS_CORS_METHODS | cors_methods | `*` | (NOT USED) Allowed methods |
| RPS_MPS_SERVER | mps_server | `http://localhost:3000` | Specifies where the MPS is hosted -- required for metadata registration (i.e. hostname, and tags) |
| RPS_DISABLE_CIRA_DOMAIN_NAME | disable_cira_domain_name | No Value | When AMT is on a network that matches the specified domain name, CIRA is disabled. If not set, a random domain name is generated to ensure CIRA connection on any network. |
| RPS_CONSUL_ENABLED | consul_enabled | `false` | Enable/disable use of Consul for centralized configuration |
| RPS_CONSUL_HOST | consul_host | `localhost` | Address of where Consul is hosted |
| RPS_CONSUL_PORT | consul_port | `8500` | Consul Port to listen on |
| RPS_CONSUL_KEY_PREFIX | consul_key_prefix | `RPS` | Default prefix key for Consul data structure |
51 changes: 51 additions & 0 deletions docs/Reference/faq.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
## Frequently Asked Questions

### How do releases work with Open AMT?

Open AMT carries two releases, the Rapid ("Monthly") Release and the Long-Term Support (LTS) Release.

Rapid Releases occur every 4-6 weeks. Support for security and bug fixes is only for the duration of that rapid release. Customers will be encouraged to move to a latest rapid release for the most up to date security and bug fixes.

LTS Releases occur roughly every 1 to 1.5 years. Support for security and bug fixes exist until the next LTS version is available. At that point, we will provide migration documentation and support to help customers move over to the new LTS release.

<br>

### How does versioning work with Open AMT?

Open AMT follows [SemVer](https://semver.org/) practices for versioning. This means:

- Major Version Increment - Breaking Changes (ex: 2.0.0 -> 3.0.0)
- Minor Version Increment - New Features (ex: 2.0.0 -> 2.1.0)
- Patch Version Increment - Security and Bug Fixes (ex: 2.0.0 -> 2.0.1)

All microservices with the same minor version should be compatible.

The separate repos for microservices and libraries are versioned individually. These versions are separate from the `open-amt-cloud-toolkit` repo version. The `open-amt-cloud-toolkit` repo is where we have the monthly release. This repo might carry a higher version than some of the individual repos but is tagged as `{Month} {Year}`. All sub-repos referenced within `open-amt-cloud-toolkit` for a specific release are guaranteed to be compatible.

<br>

### What versions of Intel&reg; AMT are supported?

Open AMT aligns to the Intel Network and Edge (NEX) Group support roadmap for Intel vPro&reg; Platform and Intel&reg; AMT devices. This is currently calculated as `Latest AMT Version - 7`.

<br>

### How do I migrate versions to a new release?

Resources and information for migrating releases for either a Kubernetes deployment or local Docker deployment can be found in the [Upgrade Toolkit Version documentation](../Deployment/upgradeVersion.md).

<br>

### What is a Pre-Release Feature?

Sometimes, newer features may be available as **pre-release**. These are features that are still in-development and subject to change. The team opts to make these available for early feedback. These may have limited functionality or potentially even bugs. When the feature is mature and fully validated, it will move from a **pre-release** state to a full release.

<br>

### How do I find more information about the MPS and RPS configuration files and security details?

Details and descriptions of configuration options can be found in [MPS Configuration](../MPS/configuration/) and [RPS Configuration](../RPS/configuration/).

Security information can be found in [MPS Security Information](../MPS/securityMPS/) and [RPS Security Information](../RPS/securityRPS/).

<br>
Loading

0 comments on commit 2e85715

Please sign in to comment.