### Build and Run Core Data Microservice (Docker) Source: https://github.com/edgexfoundry/edgex-go/blob/main/internal/core/data/README.md Creates a Docker image for the Core Data microservice, creates a container, and starts it. Requires Docker and Go environment setup. ```bash cd $GOPATH/src go get github.com/edgex-foundry/edgex-go cd $GOPATH/src/github.com/edgexfoundry/edgex-go # To create the Docker image sudo make docker_core_data # To create a containter from the image sudo docker create --name "[DOCKER_CONTAINER_NAME]" --network "[DOCKER_NETWORK]" [DOCKER_IMAGE_NAME] # To run the container sudo docker start [DOCKER_CONTAINER_NAME] ``` -------------------------------- ### Build and Run Core Data Microservice (Native) Source: https://github.com/edgexfoundry/edgex-go/blob/main/internal/core/data/README.md Fetches the code, prepares dependencies, builds the microservice, and runs it. Requires Go environment setup. ```bash cd $GOPATH/src go get github.com/edgex-foundry/edgex-go cd $GOPATH/src/github.com/edgexfoundry/edgex-go # pull the 3rd party / vendor packages make prepare # build the microservice make core-data # get to the core data microservice executable cd cmd/core-data # run the microservice (may require other dependent services to run correctly) ./core-data ``` -------------------------------- ### Build and Run Core Keeper (Native) Source: https://github.com/edgexfoundry/edgex-go/blob/main/internal/core/keeper/README.md Instructions to fetch, build, and run the Core Keeper microservice natively. Requires Go environment setup and dependent services. ```bash cd $GOPATH/src go get github.com/edgex-foundry/edgex-go cd $GOPATH/src/github.com/edgexfoundry/edgex-go # pull the 3rd party / vendor packages make prepare # build the microservice make keeper # get to the command microservice executable cd cmd/core-keeper # run the microservice (may require other dependent services to run correctly) ./core-keeper ``` -------------------------------- ### Start EdgeX Foundry with Docker Compose Source: https://github.com/edgexfoundry/edgex-go/blob/main/README.md Fetch the latest docker-compose.yml and start EdgeX containers. Specify the release tag for the desired version, or use 'main' for the development branch. ```sh release="main" # or "jakarta" for latest wget https://raw.githubusercontent.com/edgexfoundry/edgex-compose/${release}/docker-compose.yml docker-compose up -d ``` -------------------------------- ### Build and Run Core Keeper (Docker) Source: https://github.com/edgexfoundry/edgex-go/blob/main/internal/core/keeper/README.md Steps to build a Docker image for Core Keeper and create/run a container. Assumes Docker is installed and 'make prepare' has been run. ```bash cd $GOPATH/src go get github.com/edgex-foundry/edgex-go cd $GOPATH/src/github.com/edgexfoundry/edgex-go # To create the Docker image sudo make docker_core_keeper # To create a containter from the image sudo docker create --name "[DOCKER_CONTAINER_NAME]" --network "[DOCKER_NETWORK]" [DOCKER_IMAGE_NAME] # To run the container sudo docker start [DOCKER_CONTAINER_NAME] ``` -------------------------------- ### Build and Run Docker Core Common Config Bootstrapper Source: https://github.com/edgexfoundry/edgex-go/blob/main/internal/core/common_config/README.md Steps to create a Docker image for the core-common-config-bootstrapper service and then create and run a container from that image. Assumes Docker is installed and prerequisites like 'make prepare' have been run. ```bash cd $GOPATH/src go get github.com/edgexfoundry/edgex-go cd $GOPATH/src/github.com/edgexfoundry/edgex-go # To create the Docker image sudo make docker_core_common_config # To create a containter from the image sudo docker create --name "[DOCKER_CONTAINER_NAME]" --network "[DOCKER_NETWORK]" [DOCKER_IMAGE_NAME] # To run the container sudo docker start [DOCKER_CONTAINER_NAME] ``` -------------------------------- ### Custom Redis ACL Configuration Example Source: https://github.com/edgexfoundry/edgex-go/blob/main/internal/security/bootstrapper/redis/Developer-notes.md Example of a custom Redis ACL configuration line that includes dangerous commands like INFO, MONITOR, BGSAVE, and FLUSHDB using the '+' directive. This is typically placed in a custom ACL file. ```text user default on allkeys +@all -@dangerous #_{{.HashedRedisPwd}}_ +INFO +MONITOR +BGSAVE + FLUSHDB ``` -------------------------------- ### Override Redis Entrypoint Script Source: https://github.com/edgexfoundry/edgex-go/blob/main/internal/security/bootstrapper/redis/Developer-notes.md Example of how to modify a Docker entrypoint script to use a custom Redis configuration file. This allows the Redis server to start with developer-defined ACL rules. ```sh exec /usr/local/bin/docker-entrypoint.sh redis-server developer_redis.conf ``` -------------------------------- ### Configure Delayed Start for Support Services Source: https://github.com/edgexfoundry/edgex-go/blob/main/README.md Modify the Makefile to exclude the delayed start feature for EdgeX support services. Change the boolean flag INCLUDE_DELAYED_START_BUILD_SUPPORT from 'true' to 'false'. ```makefile INCLUDE_DELAYED_START_BUILD_SUPPORT:="true" ``` -------------------------------- ### Configure Delayed Start for Core Services Source: https://github.com/edgexfoundry/edgex-go/blob/main/README.md Modify the Makefile to include the delayed start feature for EdgeX core services. Change the boolean flag INCLUDE_DELAYED_START_BUILD_CORE from 'false' to 'true'. ```makefile INCLUDE_DELAYED_START_BUILD_CORE:="false" ``` -------------------------------- ### Build EdgeX Go Project with GOPATH Source: https://github.com/edgexfoundry/edgex-go/blob/main/README.md Build the EdgeX Go project using the go get command and setting the GO111MODULE environment variable. This method roots the project under your GOPATH. ```bash GO111MODULE=on && export GO111MODULE go get github.com/edgexfoundry/edgex-go cd $GOPATH/src/github.com/edgexfoundry/edgex-go make build ``` -------------------------------- ### Example Compose File for Mosquitto Broker Source: https://github.com/edgexfoundry/edgex-go/blob/main/internal/security/bootstrapper/README.md A sample Docker Compose configuration for deploying a Mosquitto message broker. This file defines the service, environment variables, ports, volumes, and network settings required for the broker. ```yaml version: '3.7' volumes: mqtt: services: mqtt-broker: image: eclipse-mosquitto:${MOSQUITTO_VERSION} entrypoint: ["/edgex-init/messagebus_wait_install.sh"] env_file: - common-security.env - common-sec-stage-gate.env environment: BROKER_TYPE: mosquitto CONF_DIR: /edgex-init/bootstrap-mqtt/res ENTRYPOINT_ARG: /usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf ports: - "127.0.0.1:1883:1883" volumes: - mqtt:/mosquitto:z - edgex-init:/edgex-init:ro,z - /tmp/edgex/secrets/security-bootstrapper-messagebus:/tmp/edgex/secrets/security-bootstrapper-messagebus:ro,z depends_on: - security-bootstrapper - secretstore-setup container_name: edgex-mqtt-broker hostname: edgex-mqtt-broker read_only: true restart: always networks: - edgex-network security_opt: - no-new-privileges:true # root privilege required for bootstrapper's process user: root:root ``` -------------------------------- ### Get Specific Secret from Vault Source: https://github.com/edgexfoundry/edgex-go/blob/main/cmd/security-secretstore-setup/README.md Retrieves a specific secret, in this case, the Redis configuration, from Vault. The command is executed within the 'edgex-secret-store' container, requiring the Vault token and skipping SSL verification. ```sh docker exec -ti edgex-secret-store sh -l export VAULT_SKIP_VERIFY=true export VAULT_TOKEN=s.xxxxxxxxxxxxxxxx bao kv get /secret/edgex/redis/redis5 ``` -------------------------------- ### Build and Run Core Metadata Microservice Source: https://github.com/edgexfoundry/edgex-go/blob/main/internal/core/metadata/README.md Steps to fetch, build, and run the core-metadata microservice using Go. Ensure dependencies are prepared with 'make prepare'. ```bash cd $GOPATH/src go get github.com/edgex-foundry/edgex-go cd $GOPATH/src/github.com/edgexfoundry/edgex-go # pull the 3rd party / vendor packages make prepare # build the microservice make core-metadata # get to the core metadata microservice executable cd cmd/core-metadata # run the microservice (may require other dependent services to run correctly) ./core-metadata ``` -------------------------------- ### Build and Run Core Command Service (Native) Source: https://github.com/edgexfoundry/edgex-go/blob/main/internal/core/command/README.md Steps to fetch, build, and run the Core Command microservice natively. Ensure dependencies are prepared using 'make prepare'. ```bash cd $GOPATH/src go get github.com/edgexfoundry/edgex-go cd $GOPATH/src/github.com/edgexfoundry/edgex-go # pull the 3rd party / vendor packages make prepare # build the microservice make core-command # get to the command microservice executable cd cmd/core-command # run the microservice (may require other dependent services to run correctly) ./core-command ``` -------------------------------- ### Build security-secretstore-setup Executable Source: https://github.com/edgexfoundry/edgex-go/blob/main/cmd/security-secretstore-setup/README.md Use this command to build the security-secretstore-setup executable from the repository's root directory. The executable will be located in the cmd/security-secretstore-setup/ directory upon successful compilation. ```sh make cmd/security-secretstore-setup/security-secretstore-setup ``` -------------------------------- ### Build and Run Core Command Service (Docker) Source: https://github.com/edgexfoundry/edgex-go/blob/main/internal/core/command/README.md Instructions for building a Docker image and creating/running a container for the Core Command service. Assumes 'make prepare' has been run. ```bash cd $GOPATH/src go get github.com/edgexfoundry/edgex-go cd $GOPATH/src/github.com/edgexfoundry/edgex-go # To create the Docker image sudo make docker_core_command # To create a containter from the image sudo docker create --name "[DOCKER_CONTAINER_NAME]" --network "[DOCKER_NETWORK]" [DOCKER_IMAGE_NAME] # To run the container sudo docker start [DOCKER_CONTAINER_NAME] ``` -------------------------------- ### Build and Run Native Core Common Config Bootstrapper Source: https://github.com/edgexfoundry/edgex-go/blob/main/internal/core/common_config/README.md Instructions for fetching, building, and running the core-common-config-bootstrapper microservice natively. Requires Go development environment and dependent services to run correctly. ```bash cd $GOPATH/src go get github.com/edgexfoundry/edgex-go cd $GOPATH/src/github.com/edgexfoundry/edgex-go # pull the 3rd party / vendor packages make prepare # build the microservice make common_config # get to the command microservice executable cd cmd/core-common-config-bootstrapper # run the microservice (may require other dependent services to run correctly) and provide the configuration provider using -cp ./core-common-config-bootstrapper -cp ``` -------------------------------- ### Build and Run Core Metadata Docker Container Source: https://github.com/edgexfoundry/edgex-go/blob/main/internal/core/metadata/README.md Instructions for creating and running the core-metadata microservice as a Docker container. Requires Docker and 'make prepare' to be run first. ```bash cd $GOPATH/src go get github.com/edgex-foundry/edgex-go cd $GOPATH/src/github.com/edgexfoundry/edgex-go # To create the Docker image sudo make docker_core_metadata # To create a containter from the image sudo docker create --name "[DOCKER_CONTAINER_NAME]" --network "[DOCKER_NETWORK]" [DOCKER_IMAGE_NAME] # To run the container sudo docker start [DOCKER_CONTAINER_NAME] ``` -------------------------------- ### Build Security Proxy Docker Image Source: https://github.com/edgexfoundry/edgex-go/blob/main/cmd/security-proxy-setup/README.md Use this command from the repository root to build the Docker image for the security-proxy-setup service. The image will be tagged with `edgexfoundry/docker_security_proxy_setup:-dev` upon successful completion. ```sh make docker_security_proxy_setup ``` -------------------------------- ### Build security-secretstore-setup Docker Image Source: https://github.com/edgexfoundry/edgex-go/blob/main/cmd/security-secretstore-setup/README.md Builds the Docker container image for the security-secretstore-setup service. Navigate to the root directory of the repository before executing this command. ```sh make docker_security_secretstore_setup ``` -------------------------------- ### Build security-file-token-provider Docker Image Source: https://github.com/edgexfoundry/edgex-go/blob/main/cmd/security-file-token-provider/README.md Use this command to build the Docker image for the security-file-token-provider utility. It creates an executable in the current directory. ```sh make -C ../.. cmd/security-file-token-provider/security-file-token-provider ``` -------------------------------- ### Build EdgeX Go Project Source: https://github.com/edgexfoundry/edgex-go/blob/main/README.md Clone the EdgeX Go repository and build the project using make. This is a standard build process for the Go project. ```bash git clone git@github.com:edgexfoundry/edgex-go.git cd edgex-go make build ``` -------------------------------- ### Build EdgeX Go Services without OpenZiti Zerotrust Source: https://github.com/edgexfoundry/edgex-go/blob/main/README.md Use these make commands to build local binaries or Docker images excluding the OpenZiti zerotrust capability for Core and Support services. Published Docker images include OpenZiti. ```makefile make build-noziti make docker-noziti ``` -------------------------------- ### Clone Fork and Configure Remotes Source: https://github.com/edgexfoundry/edgex-go/blob/main/CONTRIBUTING.md Clone your fork of the repository and set up the upstream remote to track the original project. ```bash git clone https://github.com//edgex-go.git cd edgex-go git remote add upstream https://github.com/edgexfoundry/edgex-go.git ``` -------------------------------- ### Build EdgeX Go Services with NATS Messaging Source: https://github.com/edgexfoundry/edgex-go/blob/main/README.md Use these make commands to build local binaries or Docker images with NATS messaging capability for Core and Support services. Published Docker images do not include NATS. ```makefile make build-nats make docker-nats ``` -------------------------------- ### Run EdgeX with Locally Built Images Source: https://github.com/edgexfoundry/edgex-go/blob/main/README.md Run all EdgeX Go services using locally built Docker images. This command is useful for development and testing in a hybrid environment, often used with the 'dev' option for Compose Builder. ```bash make run no-secty dev ``` -------------------------------- ### Set Environment Variables for Docker Exec Source: https://github.com/edgexfoundry/edgex-go/blob/main/cmd/security-secretstore-setup/README.md Demonstrates how to set environment variables directly on the 'docker exec' command line, which can be an alternative to setting them within the container's shell. This is useful for simplifying commands and avoiding multiple shell interactions. ```sh docker exec -e VAULT_SKIP_VERIFY=true ... ``` -------------------------------- ### Build Docker Containers for EdgeX Source: https://github.com/edgexfoundry/edgex-go/blob/main/README.md Build Docker images for EdgeX services after obtaining and building the Go project code. This command generates the necessary Docker images for deployment. ```bash make docker ``` -------------------------------- ### Create New Topic Branch Source: https://github.com/edgexfoundry/edgex-go/blob/main/CONTRIBUTING.md Create a new branch for your contribution, following the naming convention EF-[issue-number]. ```bash git checkout -b EF-[issue-number] ``` -------------------------------- ### Add New Broker Case to Message Bus Factory Source: https://github.com/edgexfoundry/edgex-go/blob/main/internal/security/bootstrapper/README.md Implement a new case in the message bus factory to handle the configuration and return of a new broker type. This is typically done in a Go file. ```go case Mosquitto: mosquitto.Configure(ctx, cancel, f) return nil ``` -------------------------------- ### Push Topic Branch to Fork Source: https://github.com/edgexfoundry/edgex-go/blob/main/CONTRIBUTING.md Push your local topic branch to your forked repository on GitHub. ```bash git push origin EF-[issue-number] ``` -------------------------------- ### Fetch X509 SVID with spire-agent Source: https://github.com/edgexfoundry/edgex-go/blob/main/cmd/security-spiffe-token-provider/README.md Use the spire-agent to fetch an X509 SVID. This is a prerequisite for obtaining a JWT token. ```bash spire-agent api fetch x509 -socketPath /tmp/edgex/secrets/spiffe/public/api.sock -write /tmp ``` -------------------------------- ### Configure RevokeRootTokens in configuration.yaml Source: https://github.com/edgexfoundry/edgex-go/blob/main/cmd/security-secretstore-setup/README.md To facilitate debugging of the security-secretstore-setup service, set 'RevokeRootTokens' to 'false' in the configuration file. This prevents the root token used for Vault initialization from being deleted upon completion. ```yaml SecretStore ... RevokeRootTokens = false ``` -------------------------------- ### Verify Root Token in Vault Source: https://github.com/edgexfoundry/edgex-go/blob/main/cmd/security-secretstore-setup/README.md Executes a command inside the 'edgex-secret-store' container to verify the root token. Ensure 'VAULT_SKIP_VERIFY' is set to 'true' and 'VAULT_TOKEN' is replaced with the actual root token obtained from 'resp-init.json'. ```sh docker exec -ti edgex-secret-store sh -l export VAULT_SKIP_VERIFY=true export VAULT_TOKEN=s.xxxxxxxxxxxxxxxx bao token lookup ``` -------------------------------- ### Sign Commits Source: https://github.com/edgexfoundry/edgex-go/blob/main/CONTRIBUTING.md Sign your commits to indicate acceptance of the Developer Certificate of Origin. Configure git user details for automatic signing. ```bash git commit -s ``` -------------------------------- ### Obtain JWT Token with curl Source: https://github.com/edgexfoundry/edgex-go/blob/main/cmd/security-spiffe-token-provider/README.md Use curl to request a JWT token from the spiffe-token-provider. Ensure you have the necessary SVIDs and secrets configured. ```bash curl -kiv -d service_key=security-test-client -d known_secret_names=redisdb --cert svid.0.pem --key svid.0.key -X POST "https://edgex-security-spiffe-token-provider:59841/api/v3/gettoken?raw_token=true" ``` -------------------------------- ### Update Local Repository Source: https://github.com/edgexfoundry/edgex-go/blob/main/CONTRIBUTING.md Fetch the latest changes from the upstream repository and rebase your local master branch. ```bash git checkout master git pull --rebase upstream master ``` -------------------------------- ### List Secrets in Vault Source: https://github.com/edgexfoundry/edgex-go/blob/main/cmd/security-secretstore-setup/README.md Explores the Vault by listing all secrets stored under the 'secret/' path within the 'edgex-secret-store' container. This command requires the Vault to be accessed with a valid token and SSL verification skipped. ```sh docker exec -ti edgex-secret-store sh -l export VAULT_SKIP_VERIFY=true export VAULT_TOKEN=s.xxxxxxxxxxxxxxxx bao kv list secret/ ``` -------------------------------- ### Add API Gateway User Source: https://github.com/edgexfoundry/edgex-go/blob/main/cmd/secrets-config/README.md Creates an API gateway user by adding a user identity to the EdgeX secret store. This command returns a JSON object with a generated password. The provided shell script demonstrates how to use this password to obtain an authentication token. ```shell password=password-from-above curl -ks "http://localhost:8200/v1/auth/userpass/login/${username}" -d "{\"password\":\"${password}\"}" | jq -r '.auth.client_token' curl -ks -H "Authorization: Bearer ${vault_token}" "http://localhost:8200/v1/identity/oidc/token/${username}" | jq -r '.data.token' echo "${id_token}" ``` -------------------------------- ### Extract Root Token from Vault Container Source: https://github.com/edgexfoundry/edgex-go/blob/main/cmd/security-secretstore-setup/README.md This command extracts the root token from the running Vault container, which is stored in the 'compose-secret-store-config' volume. The token is saved to a local file named 'resp-init.json'. ```sh docker run --rm -v compose-secret-store-config:/openbao/config alpine:latest cat /openbao/config/assets/resp-init.json > resp-init.json ``` -------------------------------- ### secrets-config proxy adduser Source: https://github.com/edgexfoundry/edgex-go/blob/main/cmd/secrets-config/README.md Creates an API gateway user by adding a user identity to the EdgeX secret store. It generates a password that can be used to obtain a JWT. ```APIDOC ## secrets-config proxy adduser ### Description Create an API gateway user by creating a user identity the EdgeX secret store. ### Method secrets-config proxy adduser [OPTIONS] ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Options * **--user** _username_ (required) Username of the user to add. * **--jwtTTL** _duration_ (optional) JWT created by vault identity provider lasts this long (_s, _m, _h, or _d, seconds if no unit) (default "1h") Clients have up to `tokenTTL` time available to exchange the secret store token for a signed JWT. The validity period of that JWT is governed by `jwtTTL`. * **--tokenTTL** _duration_ (optional) Vault token created as a result of vault login lasts this long (_s, _m, _h, or _d, seconds if no unit) (default "1h") The `adduser` command creates a credential that enables a use to request a token for the secret store. The intended purpose of this token is to exchange it for a signed JWT. The duration specified here governs the time period within which a signed JWT can be requested. Note that although these tokens are renewable, there is nothing to be done with the token except for requesting a JWT. Thus, the token renew endpoint is not currently exposed externally. * **--useRootToken** (optional) Normally, `secrets-config` uses a service token in the secret store token file. As this token expires from inactivity an hour after it is created, it is possible to point `secrets-config` at a `resp-init.json` and a root token will be created afresh from the key shares in that file. The `--useRootToken` flag is used to tell `secrets-config` to use this authentication method to talk to the EdgeX secret store. ### Request Example ```bash secrets-config proxy adduser --user myuser --tokenTTL 30m --jwtTTL 1h ``` ### Response Success Response (200) - **password** (string) - A randomly generated password for the user. Upon completion, `adduser` returns a JSON object with a random `password` field set. This password is generated from the kernel random source and overwrites any previous password set on the account. ### Example Usage for JWT Generation ```shell password=password-from-above vault_token=$(curl -ks "http://localhost:8200/v1/auth/userpass/login/${username}" -d "{\"password\":\"${password}\"}" | jq -r '.auth.client_token') id_token=$(curl -ks -H "Authorization: Bearer ${vault_token}" "http://localhost:8200/v1/identity/oidc/token/${username}" | jq -r '.data.token') echo "${id_token}" ``` Error Handling: - Errors may occur if the user already exists, or if there are issues connecting to the secret store. ``` -------------------------------- ### secrets-config proxy tls Source: https://github.com/edgexfoundry/edgex-go/blob/main/cmd/secrets-config/README.md Configures the inbound TLS certificate for the EdgeX API gateway. This command replaces the default TLS certificate. ```APIDOC ## secrets-config proxy tls ### Description Configure inbound TLS certificate. This command will replace the default TLS certificate created with EdgeX is started for the first time. ### Method secrets-config proxy tls [OPTIONS] ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Options * **--inCert** _/path/to/certchain_ (required) Path to TLS leaf certificate (PEM-encoded x.509) (the file extension is arbitrary). If intermediate certificates are required to chain to a certificate authority, these should also be included. The root certificate authority should not be included. * **--inKey** _/path/to/private_key_ (required) Path to TLS private key (PEM-encoded). * **--keyFilename** _filename_ (optional) Filename of private key file (on target (default "nginx.key")) * **--targetFolder** _directory-path_ (optional) Path to TLS key file (default "/etc/ssl/nginx") ### Request Example ```bash secrets-config proxy tls --inCert /path/to/certchain.pem --inKey /path/to/private.key ``` ### Response Success Response (200) - No specific response fields are documented, but the command configures TLS settings. Error Handling: - Errors related to invalid certificate paths, key issues, or file permissions may occur. ``` -------------------------------- ### Merge Upstream Changes Source: https://github.com/edgexfoundry/edgex-go/blob/main/CONTRIBUTING.md Integrate changes from the upstream master branch into your topic branch using rebase. ```bash git pull --rebase upstream master ``` -------------------------------- ### secrets-config proxy deluser Source: https://github.com/edgexfoundry/edgex-go/blob/main/cmd/secrets-config/README.md Deletes an API gateway user from the EdgeX secret store. ```APIDOC ## secrets-config proxy deluser ### Description Delete a API gateway user. ### Method secrets-config proxy deluser [OPTIONS] ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Options * **--user** _username_ (required) Username of the user to delete. ### Request Example ```bash secrets-config proxy deluser --user myuser ``` ### Response Success Response (200) - No specific response fields are documented, but the user is deleted from the secret store. Error Handling: - Errors may occur if the user does not exist or if there are issues connecting to the secret store. ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.