Addition of a powerful system for device booking & partitioning

[denis99999]

Hi,

The proposed "Group feature" is mainly made of:

• the Group concept on which relies a powerful system for device booking & partitioning
• an administrator level required by the Group concept, with increased rights on users, devices and groups

Here is a full documentation about this new feature including also some implementation details: GroupFeature-1.0-STF-OrangeSA.pdf

The repository is available here for testing: https://github.com/denis99999/stf/tree/group-feature

Note also we have added our copyleft (i.e. using Apache 2.0 license) in a line on created files as well as on modified files and LICENSE file, please let me know if it suits you.

[denis99999]

Hi @wzrf,

It seems you tried to run STF over an existing database, so you have first to erase it (e.g. # rm -rf /opt/stf/rethinkdb) or save it (e.g. # mv /opt/stf/rethinkdb /opt/stf/rethinkdb.sav) in order STF can initialize a compatible database structure with the new features.

[wzrf]

Hi @wzrf,

It seems you tried to run STF over an existing database, so you have first to erase it (e.g. # rm -rf /opt/stf/rethinkdb) or save it (e.g. # mv /opt/stf/rethinkdb /opt/stf/rethinkdb.sav) in order STF can initialize a compatible database structure with the new features.

Hi, problem solved, thanks!
I have one more question, that everytime I plug in a new device, the device is automatically set to the administrator's group, and the system wont let me to delete device from the administrator group，neither does it allow me to change the reservation time, thus I cannot add devices to other groups. Did I miss something?

[denis99999]

Hi,
It is normal, you can't removed a device from the root group 'Common' by this way.
In your case, as explained in the provided PDF documentation, you have to create a new 'bookable' group after what you will be able to add devices to it as well as users.
So once your bookable group is ready, any user of this group is able to make a reservation by creating a 'transient' group adding devices to it from the previous bookable group, users and a schedule.
I recommend you to take a look to the PDF documentation in which a complete example is described fiting your needs.

[wzrf]

Hi,
It is normal, you can't removed a device from the root group 'Common' by this way.
In your case, as explained in the provided PDF documentation, you have to create a new 'bookable' group after what you will be able to add devices to it as well as users.
So once your bookable group is ready, any user of this group is able to make a reservation by creating a 'transient' group adding devices to it from the previous bookable group, users and a schedule.
I recommend you to take a look to the PDF documentation in which a complete example is described fiting your needs.

I read the PDF file and tried, it all worked!
I also want to ask that the whole system check the identification of user by examine their e-mail, is that right? In that case, if someone else knows my e-mail he can get access to the system as well. I think add an e-mail verification code when logging in will be more safe for users.

[denis99999]

Hi,
The problem you raise is related to user authentication, not to group feature or other STF features like device controlling. In your case I suppose you are using the default mock authentication method of STF which is not secure, so in place you have to use a stronger authentication method available in STF like LDAP for instance.
Thanks again to test!

[kanyapandey]

So u mean that I have to remove existing rethinkdb and again install it ?

[denis99999]

Hi @kanyapandey ,

Yes, you have to erase he existing rethinkdb database and rebuilt it by launching STF again. Also, I recommend you to read the PDF documentation provided int the PR!

[kanyapandey]

Hi @denis99999 I can now run it without errors, again tons of thanks to you for your valuable booking features !!!

[denis99999]

Hi,
As shown in this PR and the relating issue #1057 opened three months ago, several users have tested this feature with success, so is it possible to get a status on its integration or not in the main line please ?
Thanks a lot !

[RafalPolak]

Hello @denis99999

I've tested your group feature and looks very promising!!!
I check this locally using stf local and works like a charm but now I try to run this on the machine and I've problems.

I try to reproduce this step by step.

First of all, I've to build project locally on ubuntu and run stf local -> works
Next, I've to build dockerfile and create a private local repository to run this -> works
After that, I've used @thinkhy script (https://github.com/thinkhy/deploy-stf-docker/blob/master/deploy_stf.sh) and modified for group feature.
I've created one additional container for groups-engine and extend api for connect-sub-dev and connect-push-dev like below:

...
auth
echo "start docker container: stf-auth-3200"
docker rm -f stf-auth-3200
docker run -d --name stf-auth-3200 -e "SECRET=YOUR_SESSION_SECRET_HERE" -p 3200:3000 --dns ${DNS_ADDRESS} localhost:5000/stf stf auth-mock --port 3000 --app-url http://${IP_ADDRESS}/
check_return_code

api
echo "start docker container: stf-api"
docker rm -f stf-api
docker run -d --name stf-api --net host -e "SECRET=YOUR_SESSION_SECRET_HERE" localhost:5000/stf stf api --port 3700 --connect-sub tcp://${IP_ADDRESS}:7150 --connect-push tcp://${IP_ADDRESS}:7170 --connect-sub-dev tcp://${IP_ADDRESS}:7270 --connect-push-dev tcp://${IP_ADDRESS}:7250
check_return_code

groups-engine
echo "start docker container: stf-groups-engine"
docker rm -f stf-groups-engine
docker run -d --name stf-groups-engine --net host -e "SECRET=YOUR_SESSION_SECRET_HERE" localhost:5000/stf stf groups-engine --connect-sub tcp://${IP_ADDRESS}:7150 --connect-push tcp://${IP_ADDRESS}:7170 --connect-sub-dev tcp://${IP_ADDRESS}:7270 --connect-push-dev tcp://${IP_ADDRESS}:7250

stf APP
echo "start docker container: stf-app-3100"
docker rm -f stf-app-3100
docker run -d --name stf-app-3100 --net host -e "SECRET=YOUR_SESSION_SECRET_HERE" -p 3100:3000 localhost:5000/stf stf app --port 3100 --auth-url http://${IP_ADDRESS}/auth/mock/ --websocket-url http://${IP_ADDRESS}/
check_return_code
...

After that, every container is up except stf-auth-3200 which says from the log that he not been able to connect into the database.

Logs:
sudo docker logs stf-auth-3200
2019-10-20T18:38:37.708Z INF/auth-mock 1 [] Listening on port 3000
2019-10-20T18:38:37.713Z INF/db 1 [] Connecting to 127.0.0.1:28015
2019-10-20T18:38:37.727Z INF/db 1 [] Unable to connect to 127.0.0.1:28015
2019-10-20T18:38:37.729Z FTL/db 1 [] No hosts left to try
2019-10-20T18:38:37.729Z FTL/util:lifecycle 1 [*] Shutting down due to fatal error

I've no idea what is wrong with that.
Have you got a chance to run this not locally ???
I've also remove rethinkdb data and run on a fresh instance but without luck.
Best regards

[denis99999]

Hi @RafalPolak,

Thanks for your congratulations !

First, access to database is not related to group feature, instead you have to check the connectivity between the auth container and the rethinkdb one, this is what the logs say !

My idea is your ${IP_ADDRESS} is set to localhost, and this is why it can't work (i.e. no route for loopback address from the container), instead one solution is to set to the IP address of your interface connected to your external network (e.g. eth0 interface).

Regarding the group feature configuration, it seems you made a mistake on additional socket ports by inverting the values of connect-sub-dev and connet-push-dev in api and group_engine container configuration, so in place you have to set --connect-sub-dev tcp://${IP_ADDRESS}:7250 --connect-push-dev tcp://${IP_ADDRESS}:7270

Best regards.

[RafalPolak]

Hello @denis99999
Thank you very much for the quick response it's working now!

Best regards and have a great day

[amrsa1]

@denis99999
hye denis congrats on the great work i was just testing you features now so far it okay except somthing that im facing not sure if it an issue or i missed something in setting

if i have only one device connected the group : common is always connected and i dont have control over it even with admin account
so when i create another group and activate it i dont see any active devices ?

[amrsa1]

can this feature be integrated with ldap or oauth2 since admin is role is hard coded ?

[denis99999]

Hi @amrkamel1 ,

Sorry for the late answer I was on vacation. I recommend you to read the provided documentation (sections 4&5 of the PDF) in which all is explained. In synthesis, the first time they are discovered the devices are assigned by default to the Common group for backward compatibility with legacy STF behavior, in particular the Common Group is not a "bookable" group and this is why you don't see any available devices in your personal group. So, the first action you have to do is to log using administrator account and to create a "bookable" group and then assign your device to it, after what you will see this device as available to make a reservation in your personal group.
Best regards.

[amrsa1]

@denis99999

Thanks man for calrification i actaully did that yesterday and it was working as expected, really amazing feature that add more power to STF

Thanks again for replying

[denis99999]

can this feature be integrated with ldap or oauth2 since admin is role is hard coded ?

Yes, admin level is not related to authentication methods, but for now you have to choose your admin user at database creation step.

[amrsa1]

can this feature be integrated with ldap or oauth2 since admin is role is hard coded ?

Yes, admin level is not related to authentication methods, but for now you have to choose your admin user at database creation step.

The if the current fields now are name and email

And admin role parameters are
Name and email

So incase of using ldap which using username and password so how i will add admin role to it

[amrsa1]

i figured it out thanks