.. role:: raw-html-m2r(raw) :format: html Contents ======== * `Contents <#contents>`__ * `Config Manager Agent <#config-manager-agent>`__ * `ETCD UI <#etcd-ui>`__ Config Manager Agent -------------------- Config Manager Agent is an EII service, that is responsible for the following: * Puts the EII services configs to the EII config manager data store * Additionally in PROD mode, generates the following: * Required config manager data store keys/certificates to interact with EII config manager data store like etcd and puts in the volume mounts to be shared with other EII services * Required messagebus keys for EII services communication * Creates required provisioning folders with the right permissions needed for other EII services via volume mounts The following diagram shows a high level flow of ``ConfigMgrAgent`` service . .. code-block:: mermaid %% name: EII Provisioning sequenceDiagram participant User participant EdgeNode participant EIIService Participant ConfigMgrAgent participant ETCD User->>EdgeNode: Start container (docker-compose up) EIIService->>EIIService: Wait for ETCD certificates ConfigMgrAgent->>ConfigMgrAgent: Generate x509 certificates for ETCD ConfigMgrAgent->>ETCD: Start ETCD ConfigMgrAgent->>ETCD: Register services to be able to connect ConfigMgrAgent->>ETCD: Load default configuration ConfigMgrAgent->>ETCD: Generate and load ZeroMQ Keys ConfigMgrAgent->>EIIService: Copy ETCD certificates to the shared volume Note right of ConfigMgrAgent: Each service has its own certs volume EIIService->>ETCD: Connect to ETCD with certificate to get configuration .. note:: Any EII service ``waits/restarts`` if the config manager data store client key and certificates are yet to be made available for the container. EII Certificates will be re-generated everytime the ConfigMgrAgent service brought up/restarted **Optional:** For capturing the data back from Etcd to a JSON file, run the etcd_capture.sh script. This can be achieved using the following command: .. code-block:: sh docker exec -it ia_configmgr_agent ./scripts/etcd_capture.sh ETCD UI ^^^^^^^ Etcd web UI is exposed via the ConfigMgrAgent service. It can be accessed with the following steps. Configuration changes are made for respective EII container services. * Open the browser and enter the address: https://$(HOST_IP):7071/etcdkeeper/ (when EII is running in secure mode). In this case, CA cert has to be imported in the browser. For insecure mode i.e. DEV mode, it can be accessed at https://$(HOST_IP):7071/etcdkeeper/. * Click on the version of the title to select the version of ETcd. By default the version is V3. Reopening will remember user's choice. * Right-click on the tree node to add or delete. * For secure mode, authentication is required. User name and password needs to be entered in the dialogue box. * Username is the 'root' and default password is located at ETCDROOT_PASSWORD key under environment section in docker-compose.yml(\ ``[WORK_DIR]/IEdgeInsights/ConfigMgrAgent/docker-compose.yml``\ ) * This service is accessed from a remote system at address: https://$(HOST_IP):7071 (when EII is running in secure mode). In this case, CA cert has to be imported in the browser. For insecure mode i.e. DEV mode, it is accessed at http://$(HOST_IP):7071 .. image:: /4.1/IEdgeInsights/ConfigMgrAgent/img/fig_6_3.png :target: /4.1/IEdgeInsights/ConfigMgrAgent/img/fig_6_3.png :alt: ETCD UI Interface .. note:: #. If ETCDROOT_PASSWORD is changed, there must be consolidated docker-compose.yml generated using builder script and EII must to be provisioned again. Run the following commands: .. code-block:: sh cd [WORKDIR]/IEdgeInsights/build python3 builder.py -f usecases/ docker-compose up -d ia_configmgr_agent #. The ETCD watch capability is enabled for video and timeseries services. It will auto-restart microservices when microservices config/interface changes are done via the EtcdUI interface. Any changes done to these keys are reflected at runtime in EII. #. For changes done to any other keys, the EII stack needs to be restarted to be effective. Run the following commands in the working directory, to build or restart EII: .. code-block:: sh cd [WORKDIR]/IEdgeInsights/build docker-compose down docker-compose up -d #. Refer `prerequisites for video accelerators `_ and `prerequisities for cameras `_ before changing the configuration dynamically through ETcdUI. Steps to Add Self Signed Certificate as Trusted in local Browser ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #. Go to Build Directory of the repo ```sh cd :raw-html-m2r:``\ /IEdgeInsights/build/Certificates/ConfigMgrAgent/ ``` #. Download Root CA Cert from the EtcdUI :raw-html-m2r:`
` .. image:: img/fig_7_1.png :target: img/fig_7_1.png :alt: #. Import the RootCA certificates as Trusted Root Certificate in browser :raw-html-m2r:`
` For Chrome Browser, Follow the below steps :raw-html-m2r:`
` .. code-block:: i. Open Chrome settings, scroll to the bottom, and click **Privacy and security**
ii. Click **Manage devices certificates...**
![](img/fig_7_2.png)
iii. Click the **Trusted Root Certification Authorities** tab, then click the **Import...** button. This opens the Certificate Import Wizard. Click **Next** to get to the **File to Import** screen.
iv. Click **Browse...** and under File Type select All Files and select the certificate file you saved earlier, then click **Next**.
![](img/fig_7_3.png)
v. Select **Place all certificates in the following store**. The selected store should be **Trusted Root Certification Authorities**. If it isn't, click **Browse...** and select it. Click **Next** and **Finish**
vi. Click **Yes** on the security warning.
vii. Restart Chrome.