This is the crucial section. I bet that 97.4% of all your problems will come from here, and it's boring. So put some good music on, give the kids the iPad, get a cup of coffee, and pay attention. Every field will be explained.
ucentral.websocket.host.0.backlog = 500
ucentral.websocket.host.0.rootca = $OWGW_ROOT/certs/root.pem
ucentral.websocket.host.0.issuer = $OWGW_ROOT/certs/issuer.pem
ucentral.websocket.host.0.cert = $OWGW_ROOT/certs/websocket-cert.pem
ucentral.websocket.host.0.key = $OWGW_ROOT/certs/websocket-key.pem
ucentral.websocket.host.0.clientcas = $OWGW_ROOT/certs/clientcas.pem
ucentral.websocket.host.0.cas = $OWGW_ROOT/certs/cas
ucentral.websocket.host.0.address = *
ucentral.websocket.host.0.port = 15002
ucentral.websocket.host.0.security = strict
ucentral.websocket.host.0.key.password = mypassword
ucentral.websocket.maxreactors = 20This is the number of concurrent devices you are expecting to call all at once. Not the current number of devices. This is how many will connect in the same exact second. Take the total number of devices you have and divide by 100. That's a good rule of thumb. Never go above 500.
This is the root file as supplied by Digicert. You can find it here
This is the issuer file as supplied by Digicert. You can find it here
This is a pem file that you will receive from Digicert for the gateway itself. This is the certificate for the gateway.
This is a pem file that you will receive from Digicert for the gateway itself. The is the private key for the gateway.
This is a pem file that contains both the issuer and the root CA certificates. You can find it You can find it here
This is a directory where you will copy your own cert.pem, the root.pem, and the issuer.pem files.
Leve this a * in the case you want to bind to all interfaces on your gateway host or select the address of a single interface.
Leave to 15002 for now.
Leave this as strict for now for devices.
If you key file uses a password, please enter it here.
A single reactor can handle between 1000-2000 devices. Never leave this smaller than 5 or larger than 50.
Certain commands may require the Access Point to upload a file into the Controller. For this reason, there is a special embedded HTTP server to receive these files.
openwifi.fileuploader.host.0.backlog = 100
openwifi.fileuploader.host.0.rootca = $OWGW_ROOT/certs/restapi-ca.pem
openwifi.fileuploader.host.0.security = relaxed
openwifi.fileuploader.host.0.address = *
openwifi.fileuploader.host.0.name = ucentral.dpaas.arilia.com
openwifi.fileuploader.host.0.port = 16003
openwifi.fileuploader.host.0.cert = $OWGW_ROOT/certs/restapi-cert.pem
openwifi.fileuploader.host.0.key = $OWGW_ROOT/certs/restapi-key.pem
openwifi.fileuploader.host.0.key.password = mypassword
openwifi.fileuploader.path = $OWGW_ROOT/uploads
openwifi.fileuploader.maxsize = 10000
openwifi.fileuploader.uri = https://ucentral.dpaas.arilia.com:16003This is the number of concurrent REST API calls that maybe be kept in the backlog for processing. That's a good rule of thumb. Never go above 500.
This is the root file of your own certificate CA in pem format.
This is your own server certificate in pem format..
This is the private key associated with your own certificate in pem format.
Leve this a * in the case you want to bind to all interfaces on your gateway host or select the address of a single interface.
The port on which the REST API server is listening. By default, this is 16003.
Leave this as relaxed for now for devices.
If you key file uses a password, please enter it here.
This is the location where the files will be stored temporarily before processing. This path must exist.
This is the maximum uploaded file size. The default maximum size if 10MB. This size is in KB.
This is the URI that will be passed to the AP. You must make sure that the AP can resolve this URI.
The controller has a built-in OUI resolver for MAC addresses. The GW will periodically load this file to obtain the latest. This is ths URI for this file.
oui.download.uri = https://standards-oui.ieee.org/oui/oui.txtThe gateway can make use of the latest uCentral data-model or use the built-in model. These 2 parameters allow you to choose which method you want. If you select the internal method, the URI is ignored. If for some reason you choose the on-line data-model from the URI and the URI is not reachable, the system will fall back on the internal model.
ucentral.datamodel.internal = true
ucentral.datamodel.uri = https://raw.githubusercontent.com/Telecominfraproject/wlan-ucentral-schema/main/ucentral.schema.jsonThe command manager is responsible for managing command sent and responses received with the APs. Several parameters allow you to fine tune its behaviour. Unless you have some particular reasons to change tem the defaults are usually just fine.
command.timeout = 14400
command.retry = 120
command.janitor = 120
command.queue = 30How long will the GW wait in seconds before considering a commands has timed out.
How long between command retries.
How long between outstanding RPC clean-ups.
How long should te gateway wait between running its queue.
The controller has the ability to find the location of the IP of each Access Points. This uses an external IP location service. Currently, the controller supports 3 services. Please note that these services will require to obtain an API key or token, and these may cause you to incur additional fees. Here is the list of the services supported:
- ip2location: ip2location.com
- ipdata: ipdata.co
- ipinfo: ipinfo.io
iptocountry.default = US
iptocountry.provider = ipinfo
#iptocountry.provider = ipdata
#iptocountry.provider = ip2location
iptocountry.ipinfo.token =
iptocountry.ipdata.apikey =
iptocountry.ip2location.apikey =This is the country code to be used if no information can be found at one of the providers or you have not configured any of the providers.
You must select onf of the possible services and the fill the appropriate token or api key parameter.
This parameter tells the controller how to behave when it receives a request from a device for the first time. In this case, we tell the controller to look at the provisioning service first, then apply any local configurations.
autoprovisioning.process = prov,defaultIf are using restricted devices, then you can include different keys for each vendor who provided you with their information. This allows the controller to automatically sign requests to the device. You can have as many vendors as it is necessary.
signature.manager.0.key.public = $OWGW_ROOT/certs/signatures/test1-public-key.pem
signature.manager.0.key.private = $OWGW_ROOT/certs/signatures/test1-private-key.pem
signature.manager.0.vendor = test1
signature.manager.1.key.public = $OWGW_ROOT/certs/signatures/test2-public-key.pem
signature.manager.1.key.private = $OWGW_ROOT/certs/signatures/test2-private-key.pem
signature.manager.1.vendor = test2If you plan on using OWLS (OpenWifi Load Simulator), then you will need to put your Simulator ID right here. This ID must be obtained from TIP.
simulatorid = 53494dFFEEDDThe controller comes with the ability to run an RTTY service. The service can either be internal (the prefered choice)
or external. If you decide to use the internal RTTY, the you only need to specify rtty.internal = true. If you choose
to use an external RTTY, you must specify the remainder of the parameters.
rtty.internal = true
rtty.enabled = true
rtty.server = rtty-tip.arilia.com
rtty.port = 5912
rtty.token = 96181c567b4d0d98c50f127230068fa8
rtty.timeout = 60
rtty.viewport = 5913
rtty.assets = $OWGW_ROOT/rtty_uiIf you are going to use the buil-in RADIUS proxy service, you need to enable this parameter and provide the ports for you PROXY.
radius.proxy.enable = false
radius.proxy.accounting.port = 1813
radius.proxy.authentication.port = 1812
radius.proxy.coa.port = 3799
radsec.keepalive = 120The auto archiver is responsible for removing all stale data. The default is to remove old data after 7 days.
archiver.enabled = true
archiver.schedule = 03:00
archiver.db.0.name = healthchecks
archiver.db.0.keep = 7
archiver.db.1.name = statistics
archiver.db.1.keep = 7
archiver.db.2.name = devicelogs
archiver.db.2.keep = 7
archiver.db.3.name = commandlist
archiver.db.3.keep = 7These are the parameters required for the configuration of the external facing REST API server
openwifi.restapi.host.0.backlog = 100
openwifi.restapi.host.0.security = relaxed
openwifi.restapi.host.0.rootca = $OWGW_ROOT/certs/restapi-ca.pem
openwifi.restapi.host.0.address = *
openwifi.restapi.host.0.port = 16004
openwifi.restapi.host.0.cert = $OWGW_ROOT/certs/restapi-cert.pem
openwifi.restapi.host.0.key = $OWGW_ROOT/certs/restapi-key.pem
openwifi.restapi.host.0.key.password = mypasswordThis is the number of concurrent REST API calls that maybe be kept in the backlog for processing. That's a good rule of thumb. Never go above 500.
This is the root file of your own certificate CA in pem format.
This is your own server certificate in pem format..
This is the private key associated with your own certificate in pem format.
Leve this a * in the case you want to bind to all interfaces on your gateway host or select the address of a single interface.
The port on which the REST API server is listening. By default, this is 16002.
Leave this as relaxed for now for devices.
If you key file uses a password, please enter it here.
The following parameters describe the configuration for the inter-microservice HTTP server. You may use the same certificate/key you are using for your extenral server or another certificate.
openwifi.internal.restapi.host.0.backlog = 100
openwifi.internal.restapi.host.0.security = relaxed
openwifi.internal.restapi.host.0.rootca = $OWGW_ROOT/certs/restapi-ca.pem
openwifi.internal.restapi.host.0.address = *
openwifi.internal.restapi.host.0.port = 17004
openwifi.internal.restapi.host.0.cert = $OWGW_ROOT/certs/restapi-cert.pem
openwifi.internal.restapi.host.0.key = $OWGW_ROOT/certs/restapi-key.pem
openwifi.internal.restapi.host.0.key.password = mypasswordThis is the number of concurrent REST API calls that maybe be kept in the backlog for processing. That's a good rule of thumb. Never go above 500.
This is the root file of your own certificate CA in pem format.
This is your own server certificate in pem format..
This is the private key associated with your own certificate in pem format.
Leve this a * in the case you want to bind to all interfaces on your gateway host or select the address of a single interface.
The port on which the REST API server is listening. By default, this is 17002.
Leave this as relaxed for now for devices.
If you key file uses a password, please enter it here.
These are different Microservie parameters. Following is a brief explanation.
openwifi.service.key = $OWGW_ROOT/certs/restapi-key.pem
openwifi.service.key.password = mypassword
openwifi.system.data = $OWGW_ROOT/data
openwifi.system.uri.private = https://localhost:17004
openwifi.system.uri.public = https://ucentral.dpaas.arilia.com:16002
openwifi.system.uri.ui = https://ucentral-ui.arilia.com
openwifi.security.restapi.disable = false
openwifi.system.commandchannel = /tmp/app.ucentralfms
openwifi.autoprovisioning = trueFrom time to time, the microservice must encrypt information. This is the key it should use. You may use the same keey as you RESTAPI or your server.
The password for the openwifi.service.key
The location of system data. This path must exist.
The URI to reach the controller on the internal port.
The URI to reach the controller from the outside world.
The URI of the UI to manage this service
This allows to disable security for internal and external API calls. This should only be used if the controller
sits behind an application load balancer that will actually do TLS. Setting this to true disables security.
The UNIX socket command channel used by this service.
Allow unknown devices to be provisioned by the system.
In order to support an application load balancer health check verification, your need to provide the following parameters.
alb.enable = true
alb.port = 16102The controller use Kafka, like all the other microservices. You must configure the kafka section in order for the system to work.
openwifi.kafka.group.id = gateway
openwifi.kafka.client.id = gateway1
openwifi.kafka.enable = true
openwifi.kafka.brokerlist = my_Kafka.example.com:9092
openwifi.kafka.auto.commit = false
openwifi.kafka.queue.buffering.max.ms = 50The group ID is a single word that should identify the type of service tuning. In the case gateway
The client ID is a single service within that group ID. Each participant must have a unique client ID.
Kafka should always be enabled.
The list of servers where your Kafka server is running. Comma separated.
Auto commit flag in Kafka. Leave as false.
Kafka buffering. Leave as 50.
If you intend to use SSL, you should look into Kafka Connect and specify the certificates below.
penwifi.kafka.ssl.ca.location =
openwifi.kafka.ssl.certificate.location =
openwifi.kafka.ssl.key.location =
openwifi.kafka.ssl.key.password =The controller supports 3 types of Database. SQLite should only be used for sites with less than 100 APs or for testing in the lab.
In order to select which database to use, you must set the storage.type value to sqlite, postgresql, or mysql.
storage.type = sqlite
#storage.type = postgresql
#storage.type = mysqlAdditional parameters to set for SQLite. The only important one is storage.type.sqlite.db which is the database name on disk.
storage.type.sqlite.db = gateway.db
storage.type.sqlite.idletime = 120
storage.type.sqlite.maxsessions = 128Additional parameters to set if you select Postgres for your database. You must specify host, username, password,
database, and port.
storage.type.postgresql.maxsessions = 64
storage.type.postgresql.idletime = 60
storage.type.postgresql.host = localhost
storage.type.postgresql.username = gateway
storage.type.postgresql.password = gateway
storage.type.postgresql.database = gateway
storage.type.postgresql.port = 5432
storage.type.postgresql.connectiontimeout = 60Additional parameters to set if you select mysql for your database. You must specify host, username, password,
database, and port.
storage.type.mysql.maxsessions = 64
storage.type.mysql.idletime = 60
storage.type.mysql.host = localhost
storage.type.postgresql.username = gateway
storage.type.postgresql.password = gateway
storage.type.postgresql.database = gateway
storage.type.mysql.port = 3306
storage.type.mysql.connectiontimeout = 60The microservice provides extensive logging. If you would like to keep logging on disk, set the logging.type = file. If you only want
console logging, set logging.type = console. When selecting file, logging.path must exist. logging.level sets the
basic logging level for the entire controller. logging.websocket disables WebSocket logging.
logging.type = file
logging.path = $OWGW_ROOT/logs
logging.level = information
logging.asynch = true
logging.websocket = false