From 054c550d5fb27859622551f2819b34ed578984d3 Mon Sep 17 00:00:00 2001 From: KF7EEL Date: Sun, 25 Sep 2022 19:20:59 -0700 Subject: [PATCH] add echo to docker stack --- Dockerfile.hbnet_echo | 49 ++++++++ docker-compose.yml | 30 ++++- playback_default.cfg | 281 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 359 insertions(+), 1 deletion(-) create mode 100644 Dockerfile.hbnet_echo create mode 100644 playback_default.cfg diff --git a/Dockerfile.hbnet_echo b/Dockerfile.hbnet_echo new file mode 100644 index 0000000..1da88e5 --- /dev/null +++ b/Dockerfile.hbnet_echo @@ -0,0 +1,49 @@ +# HBNet Data Gateway Dockerfile +FROM debian:11 +MAINTAINER Eric Craw "kf7eel@qsl.net" +WORKDIR /opt/hbnet_echo + +RUN useradd -ms /bin/bash hbnet + +RUN mkdir -p /opt/hbnet_echo/config/ +RUN mkdir -p /opt/hbnet_echo/log/ +RUN chown -R hbnet:hbnet /opt/hbnet_echo/log/ + + +#COPY . . + +COPY config.py . +COPY bridge.py . +COPY const.py . +COPY hblink.py . +COPY log.py . +COPY reporting_const.py . +COPY requirements.txt . +COPY LICENSE.txt . +COPY playback.py . +COPY playback_default.cfg ./config/ +# COPY docker/hbnet/rules.py ./config/ +# COPY hotspot_proxy_v2.py . +#Install Python3.9 and dependencies +RUN apt-get -y update; apt-get -y upgrade; apt-get -y install --no-install-recommends python3.9-dev python3-pip python3.9 build-essential net-tools iputils-ping wget; apt-get clean; rm -rf /var/lib/apt/lists/* + +#RUN wget https://radioid.net/static/users.json -O /opt/hbnet/subscriber_ids.json + +#RUN wget https://www.radioid.net/static/rptrs.json -O /opt/hbnet/peer_ids.json + + +RUN chown -R hbnet:hbnet /opt/hbnet_echo/ + +# Switch user and install dependencies +USER hbnet + + +#Upgrade PIP +RUN python3.9 -m pip install --upgrade pip + +#Install from requirements.txt +RUN python3.9 -m pip install --no-cache-dir -r requirements.txt + +#ENTRYPOINT ["/home/hbnet_web/.local/bin/supervisord"] + +CMD sleep 5s; python3.9 /opt/hbnet_echo/playback.py -c config/playback_default.cfg diff --git a/docker-compose.yml b/docker-compose.yml index 4a1fb14..22a8b98 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -15,7 +15,7 @@ services: # Path to config.py - ./hbnet/web_service/config.py:/opt/hbnet_web/config.py # Persist SQLIte data - - ./hbnet/web_service/hbnet_prod.sqlite:/opt/hbnet_web/hbnet.sqlite:rw + - ./hbnet/web_service/hbnet.sqlite:/opt/hbnet_web/hbnet.sqlite:rw # NGINX logs - ./hbnet/log/web_service:/var/log/nginx:rw # Non SSL config @@ -77,6 +77,34 @@ services: - hbnet_internal restart: always + hbnet_echo: + container_name: hbnet_echo + image: kf7eel/hbnet_echo:latest + hostname: hbnet_echo + build: + dockerfile: ./Dockerfile.hbnet_echo + context: . + #ports: + # Port outside container:Port inside container + # Port for clients + # - 52000:52000/udp + # Reporting port for hbmon + #- 4321:4321 + #volumes: + # HBNet Configuration file location + # - ./hbnet/hbnet/hbnet.cfg:/opt/hbnet/config/hbnet.cfg + # HBNet rules location + # - ./hbnet/hbnet/rules.py:/opt/hbnet/config/rules.py + # Persistent data +# - ./hb_data/data/hbnet:/opt/hbnet/data:rw + ## # Log file + ## - ./hbnet/log/hbnet:/opt/hbnet/log:rw + depends_on: + - "hbnet_web_service" + networks: + - hbnet_internal + restart: always + diff --git a/playback_default.cfg b/playback_default.cfg new file mode 100644 index 0000000..662201f --- /dev/null +++ b/playback_default.cfg @@ -0,0 +1,281 @@ +# PROGRAM-WIDE PARAMETERS GO HERE +# PATH - working path for files, leave it alone unless you NEED to change it +# PING_TIME - the interval that peers will ping the master, and re-try registraion +# - how often the Master maintenance loop runs +# MAX_MISSED - how many pings are missed before we give up and re-register +# - number of times the master maintenance loop runs before de-registering a peer +# +# ACLs: +# +# Access Control Lists are a very powerful tool for administering your system. +# But they consume packet processing time. Disable them if you are not using them. +# But be aware that, as of now, the configuration stanzas still need the ACL +# sections configured even if you're not using them. +# +# REGISTRATION ACLS ARE ALWAYS USED, ONLY SUBSCRIBER AND TGID MAY BE DISABLED!!! +# +# The 'action' May be PERMIT|DENY +# Each entry may be a single radio id, or a hypenated range (e.g. 1-2999) +# Format: +# ACL = 'action:id|start-end|,id|start-end,....' +# --for example-- +# SUB_ACL: DENY:1,1000-2000,4500-60000,17 +# +# ACL Types: +# REG_ACL: peer radio IDs for registration (only used on HBP master systems) +# SUB_ACL: subscriber IDs for end-users +# TGID_TS1_ACL: destination talkgroup IDs on Timeslot 1 +# TGID_TS2_ACL: destination talkgroup IDs on Timeslot 2 +# +# ACLs may be repeated for individual systems if needed for granularity +# Global ACLs will be processed BEFORE the system level ACLs +# Packets will be matched against all ACLs, GLOBAL first. If a packet 'passes' +# All elements, processing continues. Packets are discarded at the first +# negative match, or 'reject' from an ACL element. +# +# If you do not wish to use ACLs, set them to 'PERMIT:ALL' +# TGID_TS1_ACL in the global stanza is used for OPENBRIDGE systems, since all +# traffic is passed as TS 1 between OpenBridges +[GLOBAL] +PATH: ./ +PING_TIME: 5 +MAX_MISSED: 3 +USE_ACL: True +REG_ACL: PERMIT:ALL +SUB_ACL: DENY:1 +TGID_TS1_ACL: PERMIT:ALL +TGID_TS2_ACL: PERMIT:ALL + +# This is where to configure the details for use with the web service. The web service is the GUI frontend. +[WEB_SERVICE] +THIS_SERVER_NAME: Echo +# Secret used to authenticate with user managment server, before checking if user login is approved +SHARED_SECRET: test +# Retrieve configuration from web service. +REMOTE_CONFIG_ENABLED: False +# When web service unreachable, die. +DISABLE_FALLBACK: True +# URL of the web service +URL: http://localhost:8080/svr +# The options below are used for generating random passphrases +# Set to a value between 1 - 99. This value is used in the normal calculation. +APPEND_INT: 1 +# Set to a value between 1 - 99 This value is used in the normal calculation. +EXTRA_INT_1: 5 +# Set to a value between 1 - 99 This value is used in the normal calculation. +EXTRA_INT_2: 8 +# Additional phrases +EXTRA_1: TeSt +EXTRA_2: DmR4 +# Shorten passphrases +SHORTEN_PASSPHRASE: True +SHORTEN_SAMPLE: 4 +SHORTEN_LENGTH: 4 +BURN_FILE: ./burn_ids.txt +# Set to a value between 1 - 99. This value is used for compromised passphrases. +BURN_INT: 5 + + +# NOT YET WORKING: NETWORK REPORTING CONFIGURATION +# Enabling "REPORT" will configure a socket-based reporting +# system that will send the configuration and other items +# to a another process (local or remote) that may process +# the information for some useful purpose, like a web dashboard. +# +# REPORT - True to enable, False to disable +# REPORT_INTERVAL - Seconds between reports +# REPORT_PORT - TCP port to listen on if "REPORT_NETWORKS" = NETWORK +# REPORT_CLIENTS - comma separated list of IPs you will allow clients +# to connect on. Entering a * will allow all. +# +# ****FOR NOW MUST BE TRUE - USE THE LOOPBACK IF YOU DON'T USE THIS!!!**** +[REPORTS] +REPORT: True +REPORT_INTERVAL: 60 +REPORT_PORT: 4321 +REPORT_CLIENTS: 127.0.0.1 + + +# SYSTEM LOGGER CONFIGURAITON +# This allows the logger to be configured without chaning the individual +# python logger stuff. LOG_FILE should be a complete path/filename for *your* +# system -- use /dev/null for non-file handlers. +# LOG_HANDLERS may be any of the following, please, no spaces in the +# list if you use several: +# null +# console +# console-timed +# file +# file-timed +# syslog +# LOG_LEVEL may be any of the standard syslog logging levels, though +# as of now, DEBUG, INFO, WARNING and CRITICAL are the only ones +# used. +# +[LOGGER] +LOG_FILE: /tmp/hblink.log +LOG_HANDLERS: console-timed +LOG_LEVEL: DEBUG +# If running multiple HBNet servers on same host, LOG_NAME must be unique. +LOG_NAME: HBlink + +# DOWNLOAD AND IMPORT SUBSCRIBER, PEER and TGID ALIASES +# Ok, not the TGID, there's no master list I know of to download +# This is intended as a facility for other applcations built on top of +# HBlink to use, and will NOT be used in HBlink directly. +# STALE_DAYS is the number of days since the last download before we +# download again. Don't be an ass and change this to less than a few days. +[ALIASES] +TRY_DOWNLOAD: False +PATH: ./ +PEER_FILE: peer_ids.json +SUBSCRIBER_FILE: subscriber_ids.json +TGID_FILE: talkgroup_ids.json +PEER_URL: https://www.radioid.net/static/rptrs.json +SUBSCRIBER_URL: https://www.radioid.net/static/users.json +STALE_DAYS: 7 + +# OPENBRIDGE INSTANCES - DUPLICATE SECTION FOR MULTIPLE CONNECTIONS +# OpenBridge is a protocol originall created by DMR+ for connection between an +# IPSC2 server and Brandmeister. It has been implemented here at the suggestion +# of the Brandmeister team as a way to legitimately connect HBlink to the +# Brandemiester network. +# It is recommended to name the system the ID of the Brandmeister server that +# it connects to, but is not necessary. TARGET_IP and TARGET_PORT are of the +# Brandmeister or IPSC2 server you are connecting to. PASSPHRASE is the password +# that must be agreed upon between you and the operator of the server you are +# connecting to. NETWORK_ID is a number in the format of a DMR Radio ID that +# will be sent to the other server to identify this connection. +# other parameters follow the other system types. +# +# ACLs: +# OpenBridge does not 'register', so registration ACL is meaningless. +# Proper OpenBridge passes all traffic on TS1. +# HBlink can extend OPB to use both slots for unit calls only. +# Setting "BOTH_SLOTS" True ONLY affects unit traffic! +# Otherwise ACLs work as described in the global stanza +[OBP-1] +MODE: OPENBRIDGE +ENABLED: False +IP: +PORT: 62035 +NETWORK_ID: 3129100 +PASSPHRASE: password +TARGET_IP: 1.2.3.4 +TARGET_PORT: 62035 +BOTH_SLOTS: True +USE_ACL: True +SUB_ACL: DENY:1 +TGID_ACL: PERMIT:ALL +# Experimental encryption +ENCRYPTION_KEY: +ENCRYPT_ALL_TRAFFIC: False + +# MASTER INSTANCES - DUPLICATE SECTION FOR MULTIPLE MASTERS +# HomeBrew Protocol Master instances go here. +# IP may be left blank if there's one interface on your system. +# Port should be the port you want this master to listen on. It must be unique +# and unused by anything else. +# Repeat - if True, the master repeats traffic to peers, False, it does nothing. +# +# MAX_PEERS -- maximun number of peers that may be connect to this master +# at any given time. This is very handy if you're allowing hotspots to +# connect, or using a limited computer like a Raspberry Pi. +# +# ACLs: +# See comments in the GLOBAL stanza +[MASTER-1] +MODE: MASTER +ENABLED: True + +# Use the user manager? If False, MASTER instance will operate as normal. +USE_USER_MAN: False + +REPEAT: True +MAX_PEERS: 10 +EXPORT_AMBE: False +IP: +PORT: 5200 +PASSPHRASE: passw0rd +GROUP_HANGTIME: 5 +USE_ACL: True +REG_ACL: DENY:1 +SUB_ACL: DENY:1 +TGID_TS1_ACL: PERMIT:ALL +TGID_TS2_ACL: PERMIT:ALL +OTHER_OPTIONS: +# PEER INSTANCES - DUPLICATE SECTION FOR MULTIPLE PEERS +# There are a LOT of errors in the HB Protocol specifications on this one! +# MOST of these items are just strings and will be properly dealt with by the program +# The TX & RX Frequencies are 9-digit numbers, and are the frequency in Hz. +# Latitude is an 8-digit unsigned floating point number. +# Longitude is a 9-digit signed floating point number. +# Height is in meters +# Setting Loose to True relaxes the validation on packets received from the master. +# This will allow HBlink to connect to a non-compliant system such as XLXD, DMR+ etc. +# +# ACLs: +# See comments in the GLOBAL stanza +[REPEATER-1] +MODE: PEER +ENABLED: False +LOOSE: False +EXPORT_AMBE: False +IP: +PORT: 54001 +MASTER_IP: 172.16.1.1 +MASTER_PORT: 54000 +PASSPHRASE: homebrew +CALLSIGN: W1ABC +RADIO_ID: 312000 +RX_FREQ: 449000000 +TX_FREQ: 444000000 +TX_POWER: 25 +COLORCODE: 1 +SLOTS: 1 +LATITUDE: 38.0000 +LONGITUDE: -095.0000 +HEIGHT: 75 +LOCATION: Anywhere, USA +DESCRIPTION: This is a cool repeater +URL: www.w1abc.org +SOFTWARE_ID: 20170620 +PACKAGE_ID: MMDVM_HBlink +GROUP_HANGTIME: 5 +OPTIONS: +USE_ACL: True +SUB_ACL: DENY:1 +TGID_TS1_ACL: PERMIT:ALL +TGID_TS2_ACL: PERMIT:ALL + +[XLX-1] +MODE: XLXPEER +ENABLED: False +LOOSE: True +EXPORT_AMBE: False +IP: +PORT: 54002 +MASTER_IP: 172.16.1.1 +MASTER_PORT: 62030 +PASSPHRASE: passw0rd +CALLSIGN: W1ABC +RADIO_ID: 312000 +RX_FREQ: 449000000 +TX_FREQ: 444000000 +TX_POWER: 25 +COLORCODE: 1 +SLOTS: 1 +LATITUDE: 38.0000 +LONGITUDE: -095.0000 +HEIGHT: 75 +LOCATION: Anywhere, USA +DESCRIPTION: This is a cool repeater +URL: www.w1abc.org +SOFTWARE_ID: 20170620 +PACKAGE_ID: MMDVM_HBlink +GROUP_HANGTIME: 5 +XLXMODULE: 4004 +USE_ACL: True +SUB_ACL: DENY:1 +TGID_TS1_ACL: PERMIT:ALL +TGID_TS2_ACL: PERMIT:ALL