Fiware IDAS & Orion Production Deployment - fiware

I would like to know what is the common deployment pattern for IDAS and Orion in a production environment. Are they usually deployed as docker images or as a native service? If they are as a docker images then do they usually go together in one container or separate containers?
Thank you.

I can provide an answer from the point of view of Orion Context Broker (I hope that some of my colleagues from IDAS team can answer also that part).
Deployment options (look for slides "How to get Orion" in this presentation) are the following ones:
Image in FIWARE Lab cloud
Docker contaniner
VirtualBox image
RPM installation (from FIWARE repositories)
Compiling from sources

For IDAS it depends on the specific IoT-Agent you are using.
If you are using Ultralight2.0/HTTP or MQTT to connect devices, all the information for installation is available here:
https://github.com/telefonicaid/fiware-IoTAgent-Cplusplus/blob/release/1.3.0/README.md
On the other hand, if you will use OMA LWM2M/CoAP to connect devcies, this info is here:
https://github.com/telefonicaid/lightweightm2m-iotagent/blob/master/docs/administrationGuide.md
Also, docker files are available here:
http://catalogue.fiware.org/enablers/backend-device-management-idas/creating-instances
Hope this helps.
Cheers,

Related

How can check the common vulnerabilities in FIWARE components?

I would like to check the common vulnerabilities in some of FIWARE components that we are using in our platform, components list is given below.
Cepheus
Cygnus
Orion
STH-Comet
QuantumLeap
IoT Agent for JSON
IoT Agent Node Lib
If any source is available over some FIWARE website or some other source, where we can verify the vulnerabilities in FIWARE component. Please provide the information if such information is available.
For a given Docker baseline we are using Anchore and Clair checks. For a given usual running Docker Container based on a Docker Compose file a Docker Benchmark Security recommendation is executed. Additionally, we are running SAST code analysis over the corresponding repositories. Plus npm audit for the node.js ones plus.
We are defining corresponding GitHub Actions to use inside the repositories.
There is a working project to provide security analysis of the components, the first version is not released yet. You can take a look on it in this repository FIWARE Security Scan

how to deploy an html website on kubernetes using gke?

how to deploy a basic html website on gke, what do i need other than the dockerfile and the .html application itself? i have tried deploying applications which already have all the yaml files included but i don't know how to start from scratch. i don't have a lot of experience and i haven't found anything online about this. can anyone provide a step by step tutorial? what do i do after creating the cluster? taken the website is called hey.html, is this dockerfile enough?
FROM nginx:alpine
RUN apt-get update
RUN apt-get install -y ngin
COPY hey.html/usr/share/nginx/html
EXPOSE 80
To deploy any application in GKE you will need some Kubernetes and GCP knowledge. You can start with official documentation, Coursera path about GKE and Kubernetes in Cloud, official documentation or this article which will introduce you to the basic concepts.
I can start from recommending a good tutorial from Kubernetes official documentation on how to deploy example PHP Guestbook application with Redis it should give you a practical example on how to deploy from scratch.
It also uses a service of a type LoadBalancer which will use a controller to tell GCP to create a LoadBalancer that will expose your application to Internet so you do not have to deal with anything to expose the app.
About your Docker file, the workflow will look something like this:
Push your Dockerfile to a registry (some useful materials here), you will put that docker image into a deployment for easier future management and then create a service because pods are mortal and replaceable and service will take care of traffic send to right pods even when they will be recreated, you might also need some persistent volume but this will be specific to your application. And here you will find another good how-to by Google.
Try this and if you will have issues just ask another question with details of the problems that occurred.
See below to make changes in dockerfile
FROM nginx:alpine
RUN apt-get update
COPY hey.html /usr/share/nginx/html
EXPOSE 80

Fiware IDM+AuthZForce+PEP-Proxy-Wilma

I'm trying to put to work the IDM+AuthZForce+PEP-Proxy-Wilma to secure the Orion context broker, but I'm having a bit of trouble, nothing works, all is up and running, but there's no autentication and no security.
I changed all the configuration files and nothing changed. I tried to populate the database (mongoDB or PostgreSQL) and nothing changed, too.
All services are running in a docker-compose instance.
Anyonce already has deployed this successfully?
I think you can get some help reading the following question/answers:
Fiware - How to integrate Keyrock IdM, Wilma PEP Proxy and Orion Context Broker?
I already configured Orion+Keyrock+Wilma. Here is the link for a simple tutorial on how to integrate them.
The AuthZForce is still mysterious for me. Recently I asked the following question about it:
FIWARE AuthZForce 5.4.1 is not installing
If you continue with some doubt related to Orion+Keyrock+Wilma, say it and perhaps I can help you.
I hope the suggested link can be useful for you.

Connect Context Broker with mysql

How to store data in mysql using OrionContext broker and Cygnus?
I installed the image: orion-PSB-image-R5.2.
But I do not know where to configure Orion.
Should I install base_centos_6 and then install ContextBroker and Cygnus?
Fiware documentation is very confusing.
You don't need to install Orion if your VM has been created using the orion-psb-image-R5.2 image. You can start Orion (if it doesn't started yet) using the following command:
sudo /etc/init.d/contextBroker start
Orion documentation can be found here. In addition, you can find useful the following introduction. We think that Orion documentation is rather complete and detailed, but if you find confusing is some point, please explain exactly in which one so we can improve it.

How to connect to my MQTT Broker in Openshift

Following these two tutorials (https://www.anavi.org/article/182/ and http://wei-meilin.blogspot.tw/2014/05/red-hat-openshift-xpaas-simple-mqtt.html) I have installed a MQTT Broker using JBoss Fuse.
Although my mqtt-container disappears after a while (I don't know why) I can make a port-forwarding and test the broker.
But I would like to know how to connect directly to the broker. Do you know how to do it?
I have tried this tutorial (http://training.runcloudrun.com/advanced/16-Network-and-Protocols.md.html - AMQ Example) but I don't have access to "/var/lib/openshift/.httpd.d/sniproxy.cfg"
I am the author of the first tutorial that you pointed out. If you want to use MQTT without local port forwarding please have a look at the remark at the article on my blog and the AMQ cartridge that demonstrates the SNI features:
The port forwarding is not convenient for real life cases, especially if the MQTT clients are working on embedded devices such as microcontrollers and it is recommended to use a SNI Proxy as explained here: http://training.runcloudrun.com/advanced/16-Network-and-Protocols.md.html
I was using Online Openshift and that feature is only available for Enterprise edition.
Why doesn't Openshift have this feature (complete) in the Online mode?
One way to work around is to use the mqtt over websocket feature with a DIY cartridge. See the SO question "How can I access socket through Openshift" for some pointers to further details about how to run websocket on openshift.
The mosquitto seems to have implemented the websocket feature though I have not verified by testing it out.