Skip to content

Commit f84d868

Browse files
author
anders-wartoft
committed
Documentation updates
1 parent 0210c47 commit f84d868

7 files changed

Lines changed: 503 additions & 323 deletions

README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -240,6 +240,7 @@ export AIRGAP_UPSTREAM_TARGET_IP=255.255.255.255
240240
| sendingThreads | AIRGAP_UPSTREAM_SENDING_THREADS | {"now": 0} | How many times, and when, whould we send each event? |
241241
| certFile | AIRGAP_UPSTREAM_CERT_FILE | | For TLS to Kafka, add a certificate pem encoded file here |
242242
| keyFile | AIRGAP_UPSTREAM_KEY_FILE | | The private key for the certFile certificate |
243+
| keyPasswordFile | AIRGAP_UPSTREAM_KEY_PASSWORD_FILE | | Path to a file containing the password to decrypt an encrypted keyFile |
243244
| caFile | AIRGAP_UPSTREAM_CA_FILE | | The CA that issued the Kafka server's certificate |
244245
| deliverFilter | AIRGAP_UPSTREAM_DELIVER_FILTER | | Filter so not all events from Kafka is sent. Can be used to enable load balancing (see Load Balancing chapter below) |
245246
| topicTranslations | AIRGAP_UPSTREAM_TOPIC_TRANSLATIONS | | If you need to rename a topic before sending the messages you can use this: `{"inputTopic1":"outputTopic1","inputTopic2":"outputTopic2"}`. Here, if the name of a topic upstreams is `inputTopic1` it will be sent as `outputTopic1` from upstream |
@@ -282,6 +283,7 @@ The property privateKeyFiles should point to one or more private key files that
282283
| logFileName | AIRGAP_DOWNSTREAM_LOG_FILE_NAME | | If configured, all logs will be written to this file instead of the console. This will take effekt after the configuration is read and no errors occurs |
283284
| certFile | AIRGAP_DOWNSTREAM_CERT_FILE | | For TLS to Kafka, add a certificate pem encoded file here |
284285
| keyFile | AIRGAP_DOWNSTREAM_KEY_FILE | | The private key for the certFile certificate |
286+
| keyPasswordFile | AIRGAP_UPSTREAM_KEY_PASSWORD_FILE | | Path to a file containing the password to decrypt an encrypted keyFile |
285287
| caFile | AIRGAP_DOWNSTREAM_CA_FILE | | The CA that issued the Kafka server's certificate |
286288
| internalTopic | AIRGAP_DOWNSTREAM_INTERNAL_TOPIC | airgap-internal | Topic name in Kafka to write to (internal logging). Topic name for events from the upstream topics will have the same name as the upstream topic, if not translated by the setting AIRGAP_DOWNSTREAM_TOPIC_TRANSLATIONS |
287289
| topicTranslations | AIRGAP_DOWNSTREAM_TOPIC_TRANSLATIONS | | Rename topics with a specified name to another name. Used in multi downstreams setup (see Redundancy and Load Balancing.md) |

doc/Deduplication.md

Lines changed: 153 additions & 114 deletions
Large diffs are not rendered by default.

doc/Installation and Configuration.md

Lines changed: 114 additions & 80 deletions
Original file line numberDiff line numberDiff line change
@@ -3,35 +3,43 @@
33
## Installation
44

55
1. **Clone the repository:**
6-
```bash
7-
git clone https://github.com/anders-wartoft/air-gap.git
8-
cd air-gap
9-
```
10-
11-
2. **Build the binaries:**
12-
```bash
13-
make all
14-
```
15-
This builds upstream, downstream, and the deduplication Java application.
16-
17-
3. **Install dependencies:**
18-
- Go 1.18+ (for upstream/downstream)
19-
- Java 17+ (for deduplication)
20-
- Kafka 3.9+ (for event streaming)
21-
- Optional: Metricbeat, Jolokia for monitoring
22-
23-
4. **Prepare configuration files:**
24-
- Copy and edit example configs in `config/` and `config/testcases/`.
25-
- See below for details.
26-
27-
5. **Generate keys for encryption (optional):**
28-
- See README.md section "Keys" for key generation commands.
6+
7+
```bash
8+
git clone https://github.com/anders-wartoft/air-gap.git
9+
cd air-gap
10+
```
11+
12+
2\. **Build the binaries:**
13+
14+
```bash
15+
make all
16+
```
17+
18+
This builds upstream, downstream, and the deduplication Java application.
19+
20+
3\. **Install dependencies:**
21+
22+
- Go 1.18+ (for upstream/downstream)
23+
- Java 17+ (for deduplication)
24+
- Kafka 3.9+ (for event streaming)
25+
- Optional: Metricbeat, Jolokia for monitoring
26+
27+
4\. **Prepare configuration files:**
28+
29+
- Copy and edit example configs in `config/` and `config/testcases/`.
30+
- See below for details.
31+
32+
5\. **Generate keys for encryption (optional):**
33+
34+
- See README.md section "Keys" for key generation commands.
2935

3036
## Configuration
3137

3238
### Upstream
39+
3340
Edit your upstream config file (e.g., `config/upstream.properties`):
34-
```properties
41+
42+
```bash
3543
id=Upstream_1
3644
nic=en0
3745
targetIP=127.0.0.1
@@ -44,11 +52,14 @@ publicKeyFile=certs/server2.pem
4452
generateNewSymmetricKeyEvery=500
4553
mtu=auto
4654
```
55+
4756
Override any setting with environment variables (see README for details).
4857

4958
### Downstream
59+
5060
Edit your downstream config file (e.g., `config/downstream.properties`):
51-
```properties
61+
62+
```bash
5263
id=Downstream_1
5364
nic=en0
5465
targetIP=0.0.0.0
@@ -62,8 +73,10 @@ clientId=downstream
6273
```
6374

6475
### Deduplicator (Java)
76+
6577
Edit your deduplication config (e.g., `config/create.properties`):
66-
```properties
78+
79+
```bash
6780
RAW_TOPICS=transfer
6881
CLEAN_TOPIC=dedup
6982
GAP_TOPIC=gaps
@@ -79,42 +92,55 @@ APPLICATION_ID=dedup-gap-app
7992
For details on how to run the applications as services, see README.md
8093

8194
#### Performance Tuning
95+
8296
For high event rates (e.g., 10,000 eps):
97+
8398
- `PERSIST_INTERVAL_MS`: 100–1000 ms (persist state every 0.1–1 second)
8499
- `COMMIT_INTERVAL_MS`: 100–1000 ms (commit progress every 0.1–1 second)
100+
85101
Start with:
86-
```
102+
103+
```bash
87104
PERSIST_INTERVAL_MS=500
88105
COMMIT_INTERVAL_MS=500
89106
```
107+
90108
This means state and progress are checkpointed every 0.5 seconds, so at most 5,000 events would need to be re-processed after a crash.
91109

92110
**Tuning tips:**
111+
93112
- Lower values = less data loss on crash, but more I/O.
94113
- Higher values = less I/O, but more data to reprocess after a failure.
95114
- Monitor RocksDB and Kafka broker load; adjust if you see bottlenecks.
96115

97116
## Running the Applications
98117

99118
**Upstream:**
119+
100120
```bash
101121
go run src/cmd/upstream/main.go config/upstream.properties
102122
```
123+
103124
or (after build):
125+
104126
```bash
105127
./src/cmd/upstream/upstream config/upstream.properties
106128
```
107129

108130
**Downstream:**
131+
109132
```bash
110133
go run src/cmd/downstream/main.go config/downstream.properties
111134
```
135+
112136
or (after build):
137+
113138
```bash
114139
./src/cmd/downstream/downstream config/downstream.properties
115140
```
116141

117142
**Deduplicator:**
143+
118144
```bash
119145
java -jar java-streams/target/air-gap-deduplication-fat-<version>.jar
120146
```
@@ -135,58 +161,66 @@ See `doc/Monitoring.md` for instructions on using Metricbeat, Jolokia, and JMX f
135161
To completely uninstall air-gap and its components:
136162

137163
1. **Stop running services:**
138-
```bash
139-
sudo systemctl stop upstream.service
140-
sudo systemctl stop downstream.service
141-
sudo systemctl stop dedup.service
142-
```
143-
144-
2. **Disable services:**
145-
```bash
146-
sudo systemctl disable upstream.service
147-
sudo systemctl disable downstream.service
148-
sudo systemctl disable dedup.service
149-
```
150-
151-
3. **Remove binaries:**
152-
```bash
153-
rm -f /opt/airgap/upstream/bin/*
154-
rm -f /opt/airgap/downstream/bin/*
155-
rm -f /opt/airgap/dedup/bin/*
156-
rm -f /usr/local/bin/upstream
157-
rm -f /usr/local/bin/downstream
158-
rm -f /usr/local/bin/dedup
159-
```
160-
161-
4. **Remove configuration files:**
162-
```bash
163-
rm -rf /opt/airgap/upstream/*.properties
164-
rm -rf /opt/airgap/downstream/*.properties
165-
rm -rf /opt/airgap/dedup/*.properties
166-
rm -rf /etc/airgap/
167-
```
168-
169-
5. **Remove keys and certificates (if used):**
170-
```bash
171-
rm -rf /opt/airgap/certs/
172-
```
173-
174-
6. **Remove systemd service files:**
175-
```bash
176-
sudo rm -f /etc/systemd/system/upstream.service
177-
sudo rm -f /etc/systemd/system/downstream.service
178-
sudo rm -f /etc/systemd/system/dedup.service
179-
sudo systemctl daemon-reload
180-
```
181-
182-
7. **Remove log files:**
183-
```bash
184-
rm -rf /var/log/airgap/
185-
```
186-
187-
8. **(Optional) Remove cloned source directory:**
188-
```bash
189-
rm -rf ~/air-gap
190-
```
164+
165+
```bash
166+
sudo systemctl stop upstream.service
167+
sudo systemctl stop downstream.service
168+
sudo systemctl stop dedup.service
169+
```
170+
171+
2\. **Disable services:**
172+
173+
```bash
174+
sudo systemctl disable upstream.service
175+
sudo systemctl disable downstream.service
176+
sudo systemctl disable dedup.service
177+
```
178+
179+
3\. **Remove binaries:**
180+
181+
```bash
182+
rm -f /opt/airgap/upstream/bin/*
183+
rm -f /opt/airgap/downstream/bin/*
184+
rm -f /opt/airgap/dedup/bin/*
185+
rm -f /usr/local/bin/upstream
186+
rm -f /usr/local/bin/downstream
187+
rm -f /usr/local/bin/dedup
188+
```
189+
190+
4\. **Remove configuration files:**
191+
192+
```bash
193+
rm -rf /opt/airgap/upstream/*.properties
194+
rm -rf /opt/airgap/downstream/*.properties
195+
rm -rf /opt/airgap/dedup/*.properties
196+
rm -rf /etc/airgap/
197+
```
198+
199+
5\. **Remove keys and certificates (if used):**
200+
201+
```bash
202+
rm -rf /opt/airgap/certs/
203+
```
204+
205+
6\. **Remove systemd service files:**
206+
207+
```bash
208+
sudo rm -f /etc/systemd/system/upstream.service
209+
sudo rm -f /etc/systemd/system/downstream.service
210+
sudo rm -f /etc/systemd/system/dedup.service
211+
sudo systemctl daemon-reload
212+
```
213+
214+
7\. **Remove log files:**
215+
216+
```bash
217+
rm -rf /var/log/airgap/
218+
```
219+
220+
8\. **(Optional) Remove cloned source directory:**
221+
222+
```bash
223+
rm -rf ~/air-gap
224+
```
191225

192226
**Note:** Adjust paths as needed for your installation. If you installed to custom locations, remove those as well.

0 commit comments

Comments
 (0)