Config Manager Agent
~~~~~~~~~~~~~~~~~~~~

Config Manager Agent is an Intel® Edge Insights System service, that is responsible for the
following:

-  Puts the EII services configs to the Intel® Edge Insights System config manager data store
-  Additionally in PROD mode, generates the following:

   -  Required config manager data store keys/certificates to interact
      with EII config manager data store like etcd and puts in the
      volume mounts to be shared with other Intel® Edge Insights System services
   -  Required messagebus keys for Intel® Edge Insights System services communication

-  Creates required provisioning folders with the right permissions
   needed for other Intel® Edge Insights System services via volume mounts

   **Note:** Intel® Edge Insights System Certificates will be re-generated everytime
   the ConfigMgrAgent service brought up By default, the Intel® Edge Insights System
   Certificates, configs and secrets (etcd certs, zmq keys, pem/der
   certs) will not be regenerated upon container restarts and if one has
   to force this recreation, then you have to delete the docker volume
   by either running ``docker compose down -v`` or
   ``docker volume rm edgeinsightssoftware_vol_cma_status_file``

.. code:: sh

    docker exec -it ia_configmgr_agent ./scripts/etcd_capture.sh

ETCD UI
^^^^^^^

Etcd web UI is exposed via the ConfigMgrAgent service. It can be
accessed with the following steps. Configuration changes are made for
respective EII container services.

-  Open the browser and enter the address:
   https://$(HOST_IP):7071/etcdkeeper/ (when EII is running in secure
   mode). In this case, CA cert has to be imported in the browser. For
   insecure mode i.e. DEV mode, it can be accessed at
   https://$(HOST_IP):7071/etcdkeeper/.
-  Click on the version of the title to select the version of ETcd. By
   default the version is V3. Reopening will remember user’s choice.
-  Right-click on the tree node to add or delete.
-  For secure mode, authentication is required. User name and password
   needs to be entered in the dialogue box.
-  Username is the ‘root’ and default password is located at
   ETCDROOT_PASSWORD key under environment section in
   `docker-compose.yml <./docker-compose.yml>`__
-  This service is accessed from a remote system at address:
   https://$(HOST_IP):7071 (when EII is running in secure mode). In this
   case, CA cert has to be imported in the browser. For insecure mode
   i.e. DEV mode, it is accessed at http://$(HOST_IP):7071

.. figure:: img/fig_6_3.png
   :alt: ETCD UI Interface

   ETCD UI Interface

..

   **Note:**

1. If ETCDROOT_PASSWORD is changed, there must be consolidated
   docker-compose.yml generated using builder script and EII must to be
   provisioned again. Run the following commands:

   .. code:: sh

      cd [WORKDIR]/IEdgeInsights/build
      python3 builder.py -f usecases/<usecase.ml>
      docker compose up -d ia_configmgr_agent

2. The ETCD watch capability is enabled for video and timeseries
   services. It will auto-restart microservices when microservices
   config/interface changes are done via the EtcdUI interface. Any
   changes done to these keys are reflected at runtime in EII.

3. For changes done to any other keys, the EII stack needs to be
   restarted to be effective. Run the following commands in the working
   directory, to build or restart EII:

   .. code:: sh

      cd [WORKDIR]/IEdgeInsights/build
      docker compose down -v
      docker compose up -d

4. Refer `prerequisites for video
   accelerators <../README.md#use-video-accelerators-in-edge-video-analytics-microservice>`__
   and `prerequisities for
   cameras <../EdgeVideoAnalyticsMicroservice/eii/README.md#camera-configurations>`__
   before changing the configuration dynamically through ETcdUI.

Steps to Add Self Signed Certificate as Trusted in local Browser
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

1. Go to Build Directory of the repo

.. code:: sh


   cd <workdir>/IEdgeInsights/build/Certificates/ConfigMgrAgent/

2. Download Root CA Cert from the EtcdUI |image1|
3. Import the RootCA certificates as Trusted Root Certificate in browser
   For Chrome Browser, Follow the below steps i. Open Chrome settings,
   scroll to the bottom, and click **Privacy and security** ii. Click
   **Manage devices certificates…** |image2| iii. Click the **Trusted
   Root Certification Authorities** tab, then click the **Import…**
   button. This opens the Certificate Import Wizard. Click **Next** to
   get to the **File to Import** screen. iv. Click **Browse…** and under
   File Type select All Files and select the certificate file you saved
   earlier, then click **Next**. |image3| v. Select **Place all
   certificates in the following store**. The selected store should be
   **Trusted Root Certification Authorities**. If it isn’t, click
   **Browse…** and select it. Click **Next** and **Finish** vi. Click
   **Yes** on the security warning. vii. Restart Chrome.

.. |image1| image:: img/fig_7_1.png
.. |image2| image:: img/fig_7_2.png
.. |image3| image:: img/fig_7_3.png