add echo to docker stack

Dockerfile.hbnet_echo

@@ -0,0 +1,49 @@
+# HBNet Data Gateway Dockerfile 
+FROM debian:11
+MAINTAINER Eric Craw "kf7eel@qsl.net"
+WORKDIR /opt/hbnet_echo
+
+RUN useradd -ms /bin/bash hbnet
+
+RUN mkdir -p /opt/hbnet_echo/config/
+RUN mkdir -p /opt/hbnet_echo/log/
+RUN chown -R hbnet:hbnet /opt/hbnet_echo/log/
+
+
+#COPY . .
+
+COPY config.py .
+COPY bridge.py .
+COPY const.py .
+COPY hblink.py .
+COPY log.py .
+COPY reporting_const.py .
+COPY requirements.txt .
+COPY LICENSE.txt .
+COPY playback.py .
+COPY playback_default.cfg ./config/
+# COPY docker/hbnet/rules.py ./config/
+# COPY hotspot_proxy_v2.py .
+#Install Python3.9 and dependencies
+RUN apt-get -y update; apt-get -y upgrade; apt-get -y install --no-install-recommends python3.9-dev python3-pip python3.9 build-essential net-tools iputils-ping wget; apt-get clean; rm -rf /var/lib/apt/lists/*
+
+#RUN wget https://radioid.net/static/users.json -O /opt/hbnet/subscriber_ids.json
+
+#RUN wget https://www.radioid.net/static/rptrs.json -O /opt/hbnet/peer_ids.json
+
+
+RUN chown -R hbnet:hbnet /opt/hbnet_echo/
+
+# Switch user and install dependencies
+USER hbnet
+
+
+#Upgrade PIP
+RUN python3.9 -m pip install --upgrade pip
+
+#Install from requirements.txt
+RUN python3.9 -m pip install --no-cache-dir -r requirements.txt
+
+#ENTRYPOINT ["/home/hbnet_web/.local/bin/supervisord"]
+
+CMD sleep 5s; python3.9 /opt/hbnet_echo/playback.py -c config/playback_default.cfg

docker-compose.yml

@@ -15,7 +15,7 @@ services:
        # Path to config.py
        - ./hbnet/web_service/config.py:/opt/hbnet_web/config.py
        # Persist SQLIte data
-       - ./hbnet/web_service/hbnet_prod.sqlite:/opt/hbnet_web/hbnet.sqlite:rw
+       - ./hbnet/web_service/hbnet.sqlite:/opt/hbnet_web/hbnet.sqlite:rw
        # NGINX logs
        - ./hbnet/log/web_service:/var/log/nginx:rw
        # Non SSL config
@@ -77,6 +77,34 @@ services:
       - hbnet_internal
     restart: always
 
+  hbnet_echo:
+    container_name: hbnet_echo
+    image: kf7eel/hbnet_echo:latest
+    hostname: hbnet_echo
+    build:
+        dockerfile: ./Dockerfile.hbnet_echo
+        context: .
+    #ports:
+      # Port outside container:Port inside container
+      # Port for clients
+     # - 52000:52000/udp
+      # Reporting port for hbmon
+      #- 4321:4321
+    #volumes:
+      # HBNet Configuration file location
+     # - ./hbnet/hbnet/hbnet.cfg:/opt/hbnet/config/hbnet.cfg
+      # HBNet rules location
+     # - ./hbnet/hbnet/rules.py:/opt/hbnet/config/rules.py
+       # Persistent data
+#       - ./hb_data/data/hbnet:/opt/hbnet/data:rw
+ ##      # Log file
+ ##      - ./hbnet/log/hbnet:/opt/hbnet/log:rw
+    depends_on:
+      - "hbnet_web_service"
+    networks:
+      - hbnet_internal
+    restart: always
+
 
 
 

playback_default.cfg

@@ -0,0 +1,281 @@
+# PROGRAM-WIDE PARAMETERS GO HERE
+# PATH - working path for files, leave it alone unless you NEED to change it
+# PING_TIME - the interval that peers will ping the master, and re-try registraion
+#           - how often the Master maintenance loop runs
+# MAX_MISSED - how many pings are missed before we give up and re-register
+#           - number of times the master maintenance loop runs before de-registering a peer
+#
+# ACLs:
+#
+# Access Control Lists are a very powerful tool for administering your system.
+# But they consume packet processing time. Disable them if you are not using them.
+# But be aware that, as of now, the configuration stanzas still need the ACL
+# sections configured even if you're not using them.
+#
+# REGISTRATION ACLS ARE ALWAYS USED, ONLY SUBSCRIBER AND TGID MAY BE DISABLED!!!
+#
+# The 'action' May be PERMIT|DENY
+# Each entry may be a single radio id, or a hypenated range (e.g. 1-2999)
+# Format:
+# 	ACL = 'action:id|start-end|,id|start-end,....'
+#		--for example--
+#	SUB_ACL: DENY:1,1000-2000,4500-60000,17
+#
+# ACL Types:
+# 	REG_ACL: peer radio IDs for registration (only used on HBP master systems)
+# 	SUB_ACL: subscriber IDs for end-users
+# 	TGID_TS1_ACL: destination talkgroup IDs on Timeslot 1
+# 	TGID_TS2_ACL: destination talkgroup IDs on Timeslot 2
+#
+# ACLs may be repeated for individual systems if needed for granularity
+# Global ACLs will be processed BEFORE the system level ACLs
+# Packets will be matched against all ACLs, GLOBAL first. If a packet 'passes'
+# All elements, processing continues. Packets are discarded at the first
+# negative match, or 'reject' from an ACL element.
+#
+# If you do not wish to use ACLs, set them to 'PERMIT:ALL'
+# TGID_TS1_ACL in the global stanza is used for OPENBRIDGE systems, since all
+# traffic is passed as TS 1 between OpenBridges
+[GLOBAL]
+PATH: ./
+PING_TIME: 5
+MAX_MISSED: 3
+USE_ACL: True
+REG_ACL: PERMIT:ALL
+SUB_ACL: DENY:1
+TGID_TS1_ACL: PERMIT:ALL
+TGID_TS2_ACL: PERMIT:ALL
+
+# This is where to configure the details for use with the web service. The web service is the GUI frontend.
+[WEB_SERVICE]
+THIS_SERVER_NAME: Echo
+# Secret used to authenticate with user managment server, before checking if user login is approved
+SHARED_SECRET: test
+# Retrieve configuration from web service.
+REMOTE_CONFIG_ENABLED: False
+# When web service unreachable, die.
+DISABLE_FALLBACK: True
+# URL of the web service
+URL: http://localhost:8080/svr
+# The options below are used for generating random passphrases
+# Set to a value between 1 - 99. This value is used in the normal calculation.
+APPEND_INT: 1
+# Set to a value between 1 - 99 This value is used in the normal calculation.
+EXTRA_INT_1: 5
+# Set to a value between 1 - 99 This value is used in the normal calculation.
+EXTRA_INT_2: 8
+# Additional phrases
+EXTRA_1: TeSt
+EXTRA_2: DmR4
+# Shorten passphrases
+SHORTEN_PASSPHRASE: True
+SHORTEN_SAMPLE: 4
+SHORTEN_LENGTH: 4
+BURN_FILE: ./burn_ids.txt
+# Set to a value between 1 - 99. This value is used for compromised passphrases.
+BURN_INT: 5
+
+
+# NOT YET WORKING: NETWORK REPORTING CONFIGURATION
+#   Enabling "REPORT" will configure a socket-based reporting
+#   system that will send the configuration and other items
+#   to a another process (local or remote) that may process
+#   the information for some useful purpose, like a web dashboard.
+#
+#   REPORT - True to enable, False to disable
+#   REPORT_INTERVAL - Seconds between reports
+#   REPORT_PORT - TCP port to listen on if "REPORT_NETWORKS" = NETWORK
+#   REPORT_CLIENTS - comma separated list of IPs you will allow clients
+#       to connect on. Entering a * will allow all.
+#
+# ****FOR NOW MUST BE TRUE - USE THE LOOPBACK IF YOU DON'T USE THIS!!!****
+[REPORTS]
+REPORT: True
+REPORT_INTERVAL: 60
+REPORT_PORT: 4321
+REPORT_CLIENTS: 127.0.0.1
+
+
+# SYSTEM LOGGER CONFIGURAITON
+#   This allows the logger to be configured without chaning the individual
+#   python logger stuff. LOG_FILE should be a complete path/filename for *your*
+#   system -- use /dev/null for non-file handlers.
+#   LOG_HANDLERS may be any of the following, please, no spaces in the
+#   list if you use several:
+#       null
+#       console
+#       console-timed
+#       file
+#       file-timed
+#       syslog
+#   LOG_LEVEL may be any of the standard syslog logging levels, though
+#   as of now, DEBUG, INFO, WARNING and CRITICAL are the only ones
+#   used.
+#
+[LOGGER]
+LOG_FILE: /tmp/hblink.log
+LOG_HANDLERS: console-timed
+LOG_LEVEL: DEBUG
+# If running multiple HBNet servers on same host, LOG_NAME must be unique.
+LOG_NAME: HBlink
+
+# DOWNLOAD AND IMPORT SUBSCRIBER, PEER and TGID ALIASES
+# Ok, not the TGID, there's no master list I know of to download
+# This is intended as a facility for other applcations built on top of
+# HBlink to use, and will NOT be used in HBlink directly.
+# STALE_DAYS is the number of days since the last download before we
+# download again. Don't be an ass and change this to less than a few days.
+[ALIASES]
+TRY_DOWNLOAD: False
+PATH: ./
+PEER_FILE: peer_ids.json
+SUBSCRIBER_FILE: subscriber_ids.json
+TGID_FILE: talkgroup_ids.json
+PEER_URL: https://www.radioid.net/static/rptrs.json
+SUBSCRIBER_URL: https://www.radioid.net/static/users.json
+STALE_DAYS: 7
+
+# OPENBRIDGE INSTANCES - DUPLICATE SECTION FOR MULTIPLE CONNECTIONS
+# OpenBridge is a protocol originall created by DMR+ for connection between an
+# IPSC2 server and Brandmeister. It has been implemented here at the suggestion
+# of the Brandmeister team as a way to legitimately connect HBlink to the
+# Brandemiester network.
+# It is recommended to name the system the ID of the Brandmeister server that
+# it connects to, but is not necessary. TARGET_IP and TARGET_PORT are of the
+# Brandmeister or IPSC2 server you are connecting to. PASSPHRASE is the password
+# that must be agreed upon between you and the operator of the server you are
+# connecting to. NETWORK_ID is a number in the format of a DMR Radio ID that
+# will be sent to the other server to identify this connection.
+# other parameters follow the other system types.
+#
+# ACLs:
+# OpenBridge does not 'register', so registration ACL is meaningless.
+# Proper OpenBridge passes all traffic on TS1.
+# HBlink can extend OPB to use both slots for unit calls only.
+# Setting "BOTH_SLOTS" True ONLY affects unit traffic!
+# Otherwise ACLs work as described in the global stanza
+[OBP-1]
+MODE: OPENBRIDGE
+ENABLED: False
+IP:
+PORT: 62035
+NETWORK_ID: 3129100
+PASSPHRASE: password
+TARGET_IP: 1.2.3.4
+TARGET_PORT: 62035
+BOTH_SLOTS: True
+USE_ACL: True
+SUB_ACL: DENY:1
+TGID_ACL: PERMIT:ALL
+# Experimental encryption
+ENCRYPTION_KEY:
+ENCRYPT_ALL_TRAFFIC: False
+
+# MASTER INSTANCES - DUPLICATE SECTION FOR MULTIPLE MASTERS
+# HomeBrew Protocol Master instances go here.
+# IP may be left blank if there's one interface on your system.
+# Port should be the port you want this master to listen on. It must be unique
+# and unused by anything else.
+# Repeat - if True, the master repeats traffic to peers, False, it does nothing.
+#
+# MAX_PEERS -- maximun number of peers that may be connect to this master
+# at any given time. This is very handy if you're allowing hotspots to
+# connect, or using a limited computer like a Raspberry Pi.
+#
+# ACLs:
+# See comments in the GLOBAL stanza
+[MASTER-1]
+MODE: MASTER
+ENABLED: True
+
+# Use the user manager? If False, MASTER instance will operate as normal.
+USE_USER_MAN: False
+
+REPEAT: True
+MAX_PEERS: 10
+EXPORT_AMBE: False
+IP:
+PORT: 5200
+PASSPHRASE: passw0rd
+GROUP_HANGTIME: 5
+USE_ACL: True
+REG_ACL: DENY:1
+SUB_ACL: DENY:1
+TGID_TS1_ACL: PERMIT:ALL
+TGID_TS2_ACL: PERMIT:ALL
+OTHER_OPTIONS:
+# PEER INSTANCES - DUPLICATE SECTION FOR MULTIPLE PEERS
+# There are a LOT of errors in the HB Protocol specifications on this one!
+# MOST of these items are just strings and will be properly dealt with by the program
+# The TX & RX Frequencies are 9-digit numbers, and are the frequency in Hz.
+# Latitude is an 8-digit unsigned floating point number.
+# Longitude is a 9-digit signed floating point number.
+# Height is in meters
+# Setting Loose to True relaxes the validation on packets received from the master.
+# This will allow HBlink to connect to a non-compliant system such as XLXD, DMR+ etc.
+#
+# ACLs:
+# See comments in the GLOBAL stanza
+[REPEATER-1]
+MODE: PEER
+ENABLED: False
+LOOSE: False
+EXPORT_AMBE: False
+IP: 
+PORT: 54001
+MASTER_IP: 172.16.1.1
+MASTER_PORT: 54000
+PASSPHRASE: homebrew
+CALLSIGN: W1ABC
+RADIO_ID: 312000
+RX_FREQ: 449000000
+TX_FREQ: 444000000
+TX_POWER: 25
+COLORCODE: 1
+SLOTS: 1
+LATITUDE: 38.0000
+LONGITUDE: -095.0000
+HEIGHT: 75
+LOCATION: Anywhere, USA
+DESCRIPTION: This is a cool repeater
+URL: www.w1abc.org
+SOFTWARE_ID: 20170620
+PACKAGE_ID: MMDVM_HBlink
+GROUP_HANGTIME: 5
+OPTIONS:
+USE_ACL: True
+SUB_ACL: DENY:1
+TGID_TS1_ACL: PERMIT:ALL
+TGID_TS2_ACL: PERMIT:ALL
+
+[XLX-1]
+MODE: XLXPEER
+ENABLED: False
+LOOSE: True
+EXPORT_AMBE: False
+IP: 
+PORT: 54002
+MASTER_IP: 172.16.1.1
+MASTER_PORT: 62030
+PASSPHRASE: passw0rd
+CALLSIGN: W1ABC
+RADIO_ID: 312000
+RX_FREQ: 449000000
+TX_FREQ: 444000000
+TX_POWER: 25
+COLORCODE: 1
+SLOTS: 1
+LATITUDE: 38.0000
+LONGITUDE: -095.0000
+HEIGHT: 75
+LOCATION: Anywhere, USA
+DESCRIPTION: This is a cool repeater
+URL: www.w1abc.org
+SOFTWARE_ID: 20170620
+PACKAGE_ID: MMDVM_HBlink
+GROUP_HANGTIME: 5
+XLXMODULE: 4004
+USE_ACL: True
+SUB_ACL: DENY:1
+TGID_TS1_ACL: PERMIT:ALL
+TGID_TS2_ACL: PERMIT:ALL