The download links for random-generator-device.yaml and configuration.toml are broken.

They appear as:

random-generator-device.yaml <random-generator-device.yaml>{.interpreted-text role="download"}

Feel free to assign this to me.

Once the issue edgexfoundry/device-modbus-go#79 resolved, modify the doc to meet he new change.

edgexfoundry/developer-scripts#128 restructured the edgexfoundry/developer-scripts /compose-files directory into a /releases directory with release-specific subdirectories.

Related website documentation needs to be updated.

The current docs site has a rather unreadable formatting in Chrome for the schema, as it's not formatted at all and as such is a really long single line:

It would be nice if at the bare minimum the JSON output was pretty printed so it scales down the page instead of across the page.

to enbale beginners quickly pass the guide documents, maybe some changes can be made.

• the deviceprofile "GS1-10P5.profile.yaml" dont work well directly for ModbusPal and docker-compose-delhi-0.7.1.
  in order to make it work, I changed some of the content to following

  name: RPM
      description: "RPM speed of the motor."
      attributes: 
          { primaryTable: "HOLDING_REGISTERS", startingAddress: "8455" }
      properties: 
          value:
              { type: "INT16", readWrite: "RW", minimum: "0", maximum: "1500", defaultValue: "1"}
          units:
              { type: "String", readWrite: "R", defaultValue: "rpm"}
  name: OutputVoltage
      description: "Output Voltage driving the motor."
      attributes: 
          { primaryTable: "HOLDING_REGISTERS", startingAddress: "8454" }
      properties: 
          value:
              { type: "INT16", readWrite: "RW", defaultValue: "1"}
          units:
              { type: "String", readWrite: "R", defaultValue: "Volts"}
  name: MotorControl
      get:
        - { index: "1", operation: "get", object: "RPM", parameter: "RPM", property: "value" }
        - { index: "2", operation: "get", object: "OutputVoltage", parameter: "OutputVoltage", property: "value" }
      set:
        - { operation: "set", resource: "RPM", parameter: "RPM" }
  

• The addressable given in the guide

  { “name”: “Motor”, “method”: “GET”, “protocol”: “HTTP”, “address”: “10.0.1.29”, “port”: 502 }
  

  needs to be modified to following(Pay attention to the format of symbols)

  { "name": "Motor", "method": "GET", "protocol": "HTTP", "address": "172.17.0.1", "path": "1", "port": 502 }
  

• It will be much easier if you run ModbusPal.jar at the same localhost of docker. And the "Learn" mode is really useful.

Following API walkthrough.

Execute step 5.7.1 (https://docs.edgexfoundry.org/Ch-WalkthroughProvision.html) and get a no supporting protocol specified for device result because example doesn't include "protocols" content that github.com/edgexfoundry/[email protected]/models/device.go:139 is expecting.

Provided body should contain a "protocols" key/value.

https://docs.edgexfoundry.org/Ch-ApplicationServices.html
3.6.1.4. Examples

Example links in the app service docs are broken Point to old examples folder.

Simple Filter XML -> Demonstrates Filter of data by device ID and transforming data to XML
Simple Filter XML Post -> Same example as #1, but result published to HTTP Endpoint
Simple Filter XML MQTT -> Same example as #1, but result published to MQTT Broker

Some best practices:

1. Launch container as non-root user where possible
2. Close un-used ports:
   a) source - in docker-compose only list ports that we use, cleaning up any cruft
   b) some ports will still be open for on-host inter-service requests. The micro services are on the same network, so they shall be able to access these without issue.
   c) In EdgeX secure-mode, add iptables rules to allow access only to the security proxy for all non-local accesses

Discussed on the 22-Jul-2019 Device Service WG call.

There isn't anywhere that the port numbers used by our services are documented. A tabular format would be handy in the case where new services are coming online and need to be assigned a port. This will allow us to see what the appropriate range of ports is (Core = 48000, Device Services = 49000, etc) for the reference implementation of EdgeX, and we can see at a glance whether a port number is already taken.

The Scheduler API example reference document is out of date.
Needs to be updated to reflect the changes from Scheduler's schedule and schedule event to the new interval and interval action. Additionally the addressable type is no longer used and has been combined into the interval action.

Support was recently added to Core Command and the Device SDKs to handle query parameters for command REST requests. These parameters are copied "as is" from a Core Command REST request to the request made to the device service, which then adds them to the attributes map passed to the device service ProtocolDriver.

This issue covers adding documentation for Core Command and the Device Service SDKs to explain how these query parameters are handled.

This documentation should also mention that query parameters with the prefix "ds-".

For reference see the following PRs:

• edgexfoundry/edgex-go#1571
• edgexfoundry/device-sdk-go#336

• During some recent work (to fix a CBOR Content Header-related issue), the need arose for creating payloads to accompany PUT commands.
• This issue will address making updates to the markdown version of "Sending and Consuming Binary Data From EdgeX Device Services" with steps for creating payloads for PUT commands, to include the steps (including the golang code used to create the said payload).

It has been requested to up-level configuration documentation so that there's a top-level page that includes definitions for configuration settings that are common to all services. Documentation applicable to common overrides coming from environment variables and cmd line parameters could also be included. Service-specific keys and values can be defined in documentation applicable to the given service.

A proposed way to layout this content can be found here.

Changes were made to Ch-ExamplesAddingMQTTDevice.rst for Fuji branch per #49 but not changed on the master branch

References to older versions of Docker Compose file (may not be complete):

• security/Ch-APIGateway.rst
• examples/Ch-ExamplesAddingModbusDevice.rst
• examples/Ch-ExamplesAddingSNMPDevice.rst
• quick-start/Ch-QuickStart.rst
• security/Ch-SecretStore.rst

Locations in the current docs that reference either "Edinburgh" or "1.0" that may need to be updated to reflect the Fuji release:

• ./application/Ch-ApplicationServices.rst:7:The intention of Application Services are to address scalability concerns of the existing EdgeX Export Client and Distribution Services (Export Services) as well as provide a flexible solution for exporting data outside of EdgeX without encumbering the EdgeX development community itself with trying to support all major cloud providers and export solutions. For the Edinburgh release cycle, the existing Client and Export Service remain supported and are still considered the primary way to export data out of EdgeX. However, it is encouraged for new development efforts adopting EdgeX that the App Functions SDK and resulting Application Services be leveraged moving forward with the intention that by the Fuji release, the SDK will be moved into release status and become the primary method of exporting data from EdgeX.
• ./configuration/Ch-Configuration.rst:68: - 1.0
• ./configuration/Ch-Configuration.rst:74: - 1.0
• ./configuration/Ch-Configuration.rst:80:The versions shown correspond to major versions of the given services. These are not necessarily equated with long term support (LTS) releases. For all minor/patch versions associated with a major version, the respective service keys live under the major version in configuration (such as 1.0). Changes to the configuration structure that may be required during the associated minor version development cycles can only be additive. That is, key names will not be removed or changed once set in a major version, nor will sections of the configuration tree be moved from one place to another. In this way backward compatibility for the lifetime of the major version is maintained.
• ./configuration/Ch-Configuration.rst:89:- /edgex/core/1.0/edgex-core-data/Clients
• ./configuration/Ch-Configuration.rst:90:- /edgex/core/1.0/edgex-core-data/Databases
• ./configuration/Ch-Configuration.rst:91:- /edgex/core /1.0/edgex-core-data/Logging
• ./configuration/Ch-Configuration.rst:92:- /edgex/core/1.0/edgex-core-data/MessageQueue
• ./configuration/Ch-Configuration.rst:93:- /edgex/core/1.0/edgex-core-data/Registry
• ./configuration/Ch-Configuration.rst:94:- /edgex/core/1.0/edgex-core-data/Service
• ./configuration/Ch-Configuration.rst:95:- /edgex/core/1.0/edgex-core-data/Writable
• ./examples/Ch-ExamplesAddingMQTTDevice.rst:325:Download the docker-compose file from https://github.com/edgexfoundry/developer-scripts/blob/master/releases/**edinburgh**/compose-files/docker-compose-edinburgh-1.0.0.yml.
• ./examples/Ch-ExamplesAddingMQTTDevice.rst:332: image: edgexfoundry/docker-device-mqtt-go:1.0.0
• ./examples/Ch-ExamplesAddingMQTTDevice.rst:5:EdgeX - Edinburgh Release
• ./examples/Ch-ExamplesVirtualDeviceService.rst:105: image: edgexfoundry/docker-device-virtual-go:1.0.0
• ./general/conf.py:62:#version = u'1.0'
• ./general/conf.py:64:#release = u'1.0'
• ./getting-started/Ch-GettingStartedSDK-C.rst:25:The next step is to download and build the EdgeX Device SDK for C. You always want to use the release of the SDK that matches the release of EdgeX you are targeting. As of this writing the edinburgh release is the current stable release of EdgeX, so we will be using the edinburgh branch of the C SDK.
• ./getting-started/Ch-GettingStartedSDK-C.rst:27:#. First, clone the edinburgh branch of device-sdk-c from Github::
• ./getting-started/Ch-GettingStartedSDK-C.rst:29: git clone -b edinburgh https://github.com/edgexfoundry/device-sdk-c.git
• ./getting-started/Ch-GettingStartedSDK-C.rst:59: export CSDK_DIR=../device-sdk-c/build/release/_CPack_Packages/Linux/TGZ/csdk-1.0.0
• ./security/Ch-SecretStore.rst:156: edgex-core-consul | Version: 'v1.1.0'
• ./security/Ch-SecretStore.rst:552: edgex-core-consul 127.0.0.1:8301 alive server 1.1.0 2 dc1

We should add documentation and/or examples that show how to create a snap with a device-service and hook it up with the edgexfoundry snap.

We need a guide to setting up application/export services to send data via MQTT to an external service

We should update the Getting Started docs to mention that Linux users can install the snap to quickly get started without using docker.

Related: https://github.com/edgexfoundry/edgex-go/issues/761

To resolve edgexfoundry/device-mqtt-go#87, we made the change in the example folder.
Please modify the file structure and states there are two configuration file for different purpose.
The related PRs are:
edgexfoundry/device-mqtt-go#94
edgexfoundry/device-mqtt-go#95

Need to update documentation for Fuji release

Please create the Edinburgh Branch

There is no API document (HTML version) on the API reference page right now. The following links need to be added.

https://app.swaggerhub.com/apis-docs/EdgeXFoundry1/core-metadata/1.1.0
https://app.swaggerhub.com/apis-docs/EdgeXFoundry1/core-command/1.1.0
https://app.swaggerhub.com/apis-docs/EdgeXFoundry1/core-data/1.1.0
https://app.swaggerhub.com/apis-docs/EdgeXFoundry1/support-logging/1.1.0
https://app.swaggerhub.com/apis-docs/EdgeXFoundry1/support-scheduler/1.1.0
https://app.swaggerhub.com/apis-docs/EdgeXFoundry1/support-notifications/1.1.0
https://app.swaggerhub.com/apis-docs/EdgeXFoundry1/system-agent/1.1.0

Update documentation to reflect removal of export-distro and export-client for Geneva release.

Delete https://github.com/edgexfoundry/edgex-docs/tree/master/export. Review other content for internal links to the above.

Related to: edgexfoundry/edgex-go#2218

This issue is a compliment to the following PR
edgexfoundry/edgex-go#2309

This issue is to track the need for addition of the ADR capturing the design principles and goals of the new V2 API discussed since the Geneva face-to-face in Phoenix, November 2019.

The name of those pre-defined devices as listed in section 6.2.3 needs to be updated, as they don't match to what are defined in https://github.com/edgexfoundry/device-virtual-go/blob/master/cmd/res/configuration.toml

"Random-Boolean-Generator01" should be "Random-Boolean-Device"
"Random-Float-Generator01" should be "Random-Float-Device"
"Random-Integer-Generator01" should be "Random-Integer-Device"
"Random-UnsignedInteger-Generator01" should be "Random-UnsignedInteger-Device"

Add a user guide for device-bluetooth that is similar to the device-mqtt and device-modbus guides

With the merge of edgexfoundry/edgex-go#1756 we should document how to override the global security portion of the configuration to control the enablement of security integration. Be sure to provide usage example as done in the PR.

The App Functions SDK documentation should include how to package a newly created project as a Docker image for easy inclusion in an EdgeX deployment

The man page says that the json configuration files used by security-secrets-setup are called edgex-kong.json and edgex-vault.json. This is wrong, they are hard-coded as pkisetup-vault.json and pkisetup-kong.json in edgex-go.

CC @bnevis-i @jim-wang-intel

🚀 Feature Request

Description

The EdgeX framework currently relies on network segmentation for security. An API gateway separates external traffic from internal traffic, authenticates callers, and forwards properly authenticated requests to internal services. Services behind the gateway share a common network, and communication between microservices is unrestricted.

The EdgeX framework should do a better job of protecting itself against local attacks such as unauthorized software processes running on the host or malicious containers. The secret management subsystem of EdgeX is the current sole exception to the unrestricted communication posture:

• The secret store must enforce role-based access control policies.
• The secret store must protect the confidentiality of secrets in transit.
• The secret store must be available for proper system functioning.

Besides secret management, there are other sensitive services in EdgeX, such as the systems management agent, that execute with a high level of privilege and expose control-plane level functionality. These other microservices also require confidentiality and integrity protections on data, as well as role-based access controls that require the caller to authenticate itself. Moreover, not all microservice communications are many-to-many; for example, the only microservice that needs to access the PostgresSQL database is the API gateway.

Describe the solution you'd like

This feature request is a placeholder to begin discussion of:

• Implementation of TLS security between microservices to provide confidentiality and integrity protection of messages.
• Implementation of microservice-to-microservice authentication.
• Implementation of a common authorization framework for microservice implementers.
• Implementation of policy-based networking.

The solution needs to comprehend:

• Security-enabled vs non-security enabled EdgeX stack
• Authentication/authorization of requests proxied through the API gateway
• Authentication/authorization of internal service-to-service requests

Describe the solution space (hand-coded option)

Confidentiality and Integrity

Server-side TLS is the most convenient option here. The security-secrets-setup tool initializes PKI for Vault and could be extended to other services. Alternatively, security-secrets-setup can be modified to create an intermediate CA that is loaded into the secret store's PKI engine, and services can directly go there to get TLS certificates.

Microservice authentication

Mutual-auth TLS is one option here. This option combines confidentiality, integrity, and authentication together, but it imposes a tax: encryption is mandatory, which could add an unacceptable level of overhead for high-bandwidth or latency-sensitive applications.

Another option is token-based authentication. There are various options for selection of a token.

• Use the pre-existing secret store authentication token. The server could use this token to verify the client's identity with the secret store, but it could also steal all the client's secrets. Not a good solution
• Use the secret store token accessor. The server could use this token to query metadata about the caller out of the secret store. The benefit--and drawback--of this solution is that it allows for unlimited delegation: a far-removed microservice can perform actions on behalf of the original caller.
• Use a JWT token. The benefit of this approach is that use of an audience field can be used to prevent delegation of the token. The JWT could be signed by a JWT provider that everyone trusts, or a service could sign its own JWT. Self-signed JWT's require that the public key database be held in some kind of trusted registry (so that an attacker couldn't replace the key in the registry and then claim to be that microservice). Signed objects need to deal with TTL issues.

Microservice authorization

For the hand-coded option, this means that code must be added to each microservice to authorize each operation. This creates a high barrier for developers.

Network policy

Policy-based networking can be done to some extent with Docker networks. It is an effective even if authentication and authorization fail.

Describe the solution space (service-mesh option)

Many microservice architectures introduce a service mesh to deal with microservice encryption and authentication. Some popular service meshes include, but are not limited to:

• Consul Connect
• Linkderd
• Istio
• Envoy
• Conduit

Service meshes often solve the problems of confidentiality and integrity, authentication, authorization, and network policy at the same time. A network intermediary could combine authorization and network policy by blocking unauthorized requests. However, fine-grained authorization might require special support from the service mesh, such as by adding context to a request before it is delivered to a microservice.

Services known to be incapable of microservice communication security

• Redis. Redis supports only a single password and does not support TLS at all.

https://github.com/edgexfoundry/security-api-gateway has been archived I think all references should now go to somewhere in edgex-go

Per Michael Hall the docs.edgexfoundry.org site is published from the edinburgh branch.

To promote a successful user and developer experience with EdgeX until Fuji release we should update/release this hosted documentation.

Note that the latest documentation in master branch has already been recently updated (with PR#12).

Indication
The current documentation hosted at https://docs.edgexfoundry.org/Ch-GettingStartedUsers.html (for example in section 4.1.3.2) points to a broken link for the docker-compose files, which are now contained in a 'releases' subfolder:

The collection of the EdgeX Foundry Docker compose files are found here: https://github.com/edgexfoundry/developer-scripts/tree/master/compose-files

Correct link for above ^:
https://github.com/edgexfoundry/developer-scripts/tree/master/releases/

Document what API implementations and integrations a service should have to work properly with an EdgeX deployment. This should include:

• Using the Registry service for configurations
• Connecting to and using the Logging service
• Implementing API endpoints for System Management Agent

Move this issue from edgexfoundry/device-sdk-go#408

In documentation here step 4 :

https://docs.edgexfoundry.org/Ch-GettingStartedSDK-Go.html

The command is:
GO111MODULE=on go mode init
it should be:

GO111MODULE=on go mod init

Typo on Syntax. Please edit it

More documentation is needed around the device profile (per Core WG meeting 3/29). Specifically, what is the structure, what are the allowed elements, what is optional. There is a block diagram of the design of the profile (and profile document) on the Wiki today (https://docs.edgexfoundry.org/Ch-DeviceProfile.html) but much more is needed.

Currently the go developer getting started guide states that we use go 1.9 and that newer versions of go have not been tested. This is causing issues for new developers that come to the project that explicitly install go 1.9 not knowing that EdgeX now uses modules which isn't official until go 1.12. Following the current guide leads to an instant dead end on getting the project built. It should also be recommended that the repos be cloned outside of your gopath contrary to what the document states again because of modules.

https://github.com/edgexfoundry/edgex-docs/blob/master/getting-started/Ch-GettingStartedGoDevelopers.rst

Tracking discussion/review items from Core WG 27-Feb-2020 on the referenced ADR.

Please refer to the Working Group meeting notes for more information.

• It was agreed that environment variables should override all source configuration. That is, whether a configProvider has been specified or not (local file) if an environment variable override is present, it will always take precedence.
• We discussed the use of the --override switch and how it could cause some issues if a service is restarted with this flag. In particular, if the service's config is present in Consul and was manually edited for some reason, that manual edit will get clobbered. Call attendees thought it would be good to add Use with caution verbiage.
• --profile will continue to be supported and someone could continue to support the current Docker profile in this way. However the project team has agreed that we would like to eliminate the res/docker configuration.toml files and instead provide the subset of overridden values to support docker in the Geneva release docker-compose file.

@jpwhitemn I'll assign this issue to you for any follow-on edits to the ADR and for you to associate with the resulting PR

@tonyespy @lenny-intel @michaelestrin @AnthonyMBonafide for visibility

In "Quick Start", it would be helpful to have an abbreviated list of supported architectures, OSes, and minimum systems requirements. If it is already covered in detail elsewhere in the documentation, a link to that section would also be helpful.

Below that in "Setup", could you please add a link to the alternate Raspberry Pi installation/setup instructions page on the Wiki? https://wiki.edgexfoundry.org/display/FA/Running+on+a+RaspberryPi

Add or update documentation that demonstrates how to transport binary data through EdgeX using CBOR

Moving to .md from .rst has broken the original job. It needs to be updated to support markdown.

Need to update the Scheduler documentation for Edinburgh release.

Update Ch-GettingStartedSDK-C.rst based on changes made to Fuji branch for #49. These changes were not moved to the master branch for Geneva.

From PR #1029 per @tobiasmo1

Four images (referenced within docs/core/metadata/Ch-Metadata.rst) depict the deprecated "objects" element of device profile - so these should be updated to reflect the current state (resulting from this PR):

https://github.com/edgexfoundry/edgex-go/blob/master/docs/core/metadata/EdgeX_MetadataCommandModel.png
https://github.com/edgexfoundry/edgex-go/blob/master/docs/core/metadata/EdgeX_MetadataDeviceModel.png
https://github.com/edgexfoundry/edgex-go/blob/master/docs/core/metadata/EdgeX_MetadataDeviceProfileModel.png
https://github.com/edgexfoundry/edgex-go/blob/master/docs/core/metadata/EdgeX_MetadataWatcherModel.png

Source Visio files for the above PNG images can be found here

Move the issue from edgexfoundry/device-sdk-go#407

When we follow the steps to setup sdk here
https://docs.edgexfoundry.org/Ch-GettingStartedSDK-Go.html

and in command : cp ./device-sdk-go/Version ./device-simple/
The Version file can not be found. Instead, VERSION is available. Please update the documentation or repository to be aligned.

The link to the PKI setup tool in this sentence

The CA name (EdgeXFoundryCA) was defined by the pkisetup tool during the Vault image build process. This tool is also responsible for all the TLS server configuration and creation tasks.

is incorrect.

This update to be made to the docs (to reflect the change in sending notifications of any severity level) is per edgex-go Issue-2328.

Registry Refactoring ADR needs to be updated to reflect the change made during implementation which are to keep the -r/--registry flag and no add the enabled field to the RegistryInfo.

Need to update documentation for Fuji release

Need to update new site to be v1.2 no v2.0 .
Should also add v1.1 in drop down so as to create a link to fuji documentation.