Genieacs
Genieacs
Genieacs
Release 1.2.9
I Installation 1
1 Installation Guide 3
1.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2 Install GenieACS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3 Configure systemd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2 Environment Variables 7
II Administration 11
3 Provisions 13
3.1 Built-in functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.2 Path format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.3 Creating/deleting object instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.4 Special GenieACS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4 Virtual Parameters 19
4.1 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
5 Administration FAQ 23
5.1 Duplicate log entries when using log() function . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
5.2 Configurations not pushed to device after factory reset . . . . . . . . . . . . . . . . . . . . . . . . . 23
5.3 Most device parameters are missing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
III Integration 25
6 Extensions 27
7 API Reference 29
7.1 Endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
7.2 Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
7.3 Presets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
7.4 Provisions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
i
IV Security 39
8 HTTPS 41
9 CPE Authentication 43
9.1 CPE to ACS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
9.2 ACS to CPE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
ii
Part I
Installation
1
CHAPTER 1
Installation Guide
This guide is for installing GenieACS on a single server on any Linux distro that uses systemd as its init system.
The various GenieACS services are independent of each other and may be installed on different servers. You may also
run multiple instances of each in a load-balancing/failover setup.
Attention: For production deployments make sure to configure TLS and change UI_JWT_SECRET to a unique
and secure string. Refer to HTTPS section for how to enable TLS to encrypt traffic.
1.1 Prerequisites
Node.js
GenieACS requires Node.js 12.13 and up. Refer to https://nodejs.org/ for instructions.
MongoDB
GenieACS requires MongoDB 3.6 and up. Refer to https://www.mongodb.com/ for instructions.
3
GenieACS Documentation, Release 1.2.9
If you prefer installing from source, such as when running a GenieACS copy with custom patches, refer to
README.md file in the source package. Adjust the next steps below accordingly.
Create the file /opt/genieacs/genieacs.env to hold our configuration options which we pass to GenieACS
as environment variables. See Environment Variables section for a list of all available configuration options.
GENIEACS_CWMP_ACCESS_LOG_FILE=/var/log/genieacs/genieacs-cwmp-access.log
GENIEACS_NBI_ACCESS_LOG_FILE=/var/log/genieacs/genieacs-nbi-access.log
GENIEACS_FS_ACCESS_LOG_FILE=/var/log/genieacs/genieacs-fs-access.log
GENIEACS_UI_ACCESS_LOG_FILE=/var/log/genieacs/genieacs-ui-access.log
GENIEACS_DEBUG_FILE=/var/log/genieacs/genieacs-debug.yaml
NODE_OPTIONS=--enable-source-maps
GENIEACS_EXT_DIR=/opt/genieacs/ext
GENIEACS_UI_JWT_SECRET=secret
mkdir /var/log/genieacs
chown genieacs:genieacs /var/log/genieacs
Create a systemd unit file for each of the four GenieACS services. Note that we’re using EnvironmentFile directive
to read the environment variables from the file we created earlier.
Each service has two streams of logs: access log and process log. Access logs are configured here to be dumped
in a log file under /var/log/genieacs/ while process logs go to journald. Use journalctl command to
view process logs.
Attention: If the command systemctl edit --force --full fails, you can create the unit file man-
ually.
[Service]
User=genieacs
EnvironmentFile=/opt/genieacs/genieacs.env
ExecStart=/usr/bin/genieacs-cwmp
[Install]
WantedBy=default.target
[Service]
User=genieacs
EnvironmentFile=/opt/genieacs/genieacs.env
ExecStart=/usr/bin/genieacs-nbi
[Install]
WantedBy=default.target
[Service]
User=genieacs
EnvironmentFile=/opt/genieacs/genieacs.env
ExecStart=/usr/bin/genieacs-fs
[Install]
WantedBy=default.target
[Service]
User=genieacs
EnvironmentFile=/opt/genieacs/genieacs.env
ExecStart=/usr/bin/genieacs-ui
[Install]
WantedBy=default.target
Review the status message for each to verify that the services are running successfully.
Environment Variables
Configuring GenieACS services can be done through the following environment variables:
7
GenieACS Documentation, Release 1.2.9
FS_SSL_KEY Path to certificate key file. If omitted, non-secure HTTP will be used.
Default: unset
FS_LOG_FILE File to log process related events for genieacs-fs. If omitted, logs will go to stderr.
Default: unset
FS_ACCESS_LOG_FILE File to log incoming requests for genieacs-fs. If omitted, logs will go to stdout.
Default: unset
FS_URL_PREFIX The URL prefix (e.g. ‘https://example.com:7657/’) to use when generating the file URL for TR-
069 Download requests. Set this if genieacs-fs and genieacs-cwmp are behind a proxy or running on different
servers.
Default: auto generated based on the hostname from the ACS URL, FS_PORT config, and whether or not SSL
is enabled for genieacs-fs.
UI_WORKER_PROCESSES The number of worker processes to spawn for genieacs-ui. A value of 0 means as
many as there are CPU cores available.
Default: 0
UI_PORT The TCP port that genieacs-ui listens on.
Default: 3000
UI_INTERFACE The network interface that genieacs-ui binds to.
Default: ::
UI_SSL_CERT Path to certificate file. If omitted, non-secure HTTP will be used.
Default: unset
UI_SSL_KEY Path to certificate key file. If omitted, non-secure HTTP will be used.
Default: unset
UI_LOG_FILE File to log process related events for genieacs-ui. If omitted, logs will go to stderr.
Default: unset
UI_ACCESS_LOG_FILE File to log incoming requests for genieacs-ui. If omitted, logs will go to stdout.
Default: unset
UI_JWT_SECRET The key used for signing JWT tokens that are stored in browser cookies. The string can be up to
64 characters in length.
Default: unset
9
GenieACS Documentation, Release 1.2.9
Administration
11
CHAPTER 3
Provisions
A Provision is a piece of JavaScript code that is executed on the server on a per-device basis. It enables implementing
complex provisioning scenarios and other operations such as automated firmware upgrade rollout. Apart from a few
special functions, the script is essentially a standard ES6 code executed in strict mode.
Provisions are mapped to devices using presets. Note that the added performance overhead when using Provisions as
opposed to simple preset configuration entries is relatively small. Anything that can be done via preset configurations
can be done using a Provision script. In fact, the now deprecated configuration format is still supported primarily for
backward compatibility and it is recommended to use Provision scripts for all configuration.
When assigning a Provision script to a preset, you may pass arguments to the script. The arguments can be accessed
from the script through the global args variable.
Note: Provision scripts may get executed multiple times in a given session. Although all data model-mutating
operations are idempotent, a script as a whole may not be. It is, therefore, necessary to repeatedly run the script until
there are no more side effects and a stable state is reached.
This function is for declaring parameter values to be set, as well as specify constraints on how recent you’d like the
parameter value (or other attributes) to have been refreshed from the device. If the given timestamp is lower than the
timestamp of the last refresh from the device, then this function will return the last known value. Otherwise, the value
will be fetched from the device before being returned to the caller.
The timestamp argument is an object where the key is the attribute name (e.g. value, object, writable, path)
and the value is an integer representing a Unix timestamp.
The values argument is an object similar to the timestamp argument but its property values being the parameter values
to be set.
13
GenieACS Documentation, Release 1.2.9
// Example: Setting the SSID as the last 6 characters of the serial number
let serial = declare("Device.DeviceInfo.SerialNumber", {value: 1});
declare("Device.LANDevice.1.WLANConfiguration.1.SSID", null, {value: serial.value[0]}
˓→);
This function invalidates the database copy of parameters (and their child parameters) that match the given path and
have a last refresh timestamp that is less than the given timestamp. The most obvious use for this function is to
invalidate the database copy of the entire data model after the device has been factory reset:
3.1.3 commit()
This function commits the pending declarations and performs any necessary sync with the device. It’s usually not
required to call this function as it called implicitly at the end of the script and when accessing any property of the
promise-like object returned by the declare() function. Calling this explicitly is only necessary if you want to
control the order in which parameters are configured.
14 Chapter 3. Provisions
GenieACS Documentation, Release 1.2.9
Execute an extension script and return the result. The first argument is the script filename while second argument is
the function name within that script. Any remaining arguments will be passed to that function. See Extensions for
more details.
3.1.5 log(message)
Prints out a string in genieacs-cwmp’s access log. It’s meant to be used for debugging. Note that you may see multiple
log entries as the script can be executed multiple times in a session. See this FAQ.
A parameter path may contain a wildcard (*) or an alias filter ([name:value]). A wildcard segment in a parameter
path will apply the declared configuration to zero or more parameters that match the given path where the wildcard
segment can be anything.
An alias filter is like a wildcard, but additionally performs filtering on the child parameters based on the key-value
pairs provided. For example, the following path:
Device.WANDevice.1.WANConnectionDevice.1.WANIPConnection.
[AddressingType:DHCP].ExternalIPAddress
will return a list of ExternalIPAddress parameters (0 or more) where the sibling parameter AddressingType is assigned
the value “DHCP”.
This can be useful when the exact instance numbers may be different from one device to another. It is possible to use
more than one key-value pair in the alias filter. It’s also possible to use multiple filters or use a combination of filters
and wildcards.
Given the declarative nature of provisions, we cannot explicitly tell the device to create or delete an instance under
a given object. Instead, we specify the number of instances we want there to be, and based on that GenieACS will
determine whether or not it needs to create or delete instances. For example, the following declaration will ensure we
have one and only one WANIPConnection object:
declare("InternetGatewayDevice.X_BROADCOM_COM_IPAddrAccCtrl.X_BROADCOM_COM_
˓→IPAddrAccCtrlListCfg.[SourceIPAddress:172.16.12.0,SourceNetMask:255.255.0.0]",
In addition to the parameters exposed in the device’s data model through TR-069, GenieACS has its own set of special
parameters:
3.4.1 DeviceID
3.4.2 Tags
The Tags root parameter is used to expose device tags in the data model. Tags appear as child parameters that are
writable and have boolean value. Setting a tag to false will delete that tag, and setting the value of a non-existing
tag parameter to true will create it.
3.4.3 Reboot
The Reboot root parameter hold the timestamp of the last reboot command. The parameter value is writable and
declaring a timestamp value that is larger than the current value will trigger a reboot.
// Example: Reboot the device only if it hasn't been rebooted in the past 300 seconds
declare("Reboot", null, {value: Date.now() - (300 * 1000)});
3.4.4 FactoryReset
16 Chapter 3. Provisions
GenieACS Documentation, Release 1.2.9
3.4.5 Downloads
The Downloads sub-tree holds information about the last download command(s). A download command
is represented as an instance (e.g. Downloads.1) containing parameters such as Download (times-
tamp), LastFileType, LastFileName. The parameters FileType, FileName, TargetFileName and
Download are writable and can be used to trigger a new download.
Warning: Pushing a file to the device is often a service-interrupting operation. It’s recommended to only trigger
it on certain events such as 1 BOOT or during a predetermined maintenance window).
After the CPE had finished downloading and applying the config file, it will send a 7 TRANSFER COMPLETE event.
You may use that to trigger a reboot after the firmware image or configuration file had been applied.
18 Chapter 3. Provisions
CHAPTER 4
Virtual Parameters
Virtual parameters are user-defined parameters whose values are generated using a custom Javascript code. Virtual
parameters behave just like regular parameters and appear in the data model under VirtualParameters. path.
Virtual parameter names cannot contain a period (.).
The execution environment for virtual parameters is almost identical to that of provisions. See Provisions for more
details and examples. The only differences between the scripts of provisions and virtual parameters are:
• You can’t pass custom arguments to virtual parameter scripts. Instead, the variable args will hold the current
vparam timestamps and values as well as the declared timestamps and values. Like this:
// [<declared attr timestamps, declared attr values>, <current attr timestamps>,
˓→<current attr values>]
• Virtual parameter scripts must return an object containing the attributes of this parameter.
Note: Just like a regular parameter, creating a virtual parameter does not automatically add it to the parameter list for
a device. It needs to fetched (manually or via a preset) before you can see it in the data model.
4.1 Examples
19
GenieACS Documentation, Release 1.2.9
if (d.size) {
for (let p of d) {
if (p.value[0]) {
m = p.value[0];
break;
}
}
}
else if (igd.size) {
for (let p of igd) {
if (p.value[0]) {
m = p.value[0];
break;
}
}
}
}
else {
let d = declare("Device.WiFi.AccessPoint.1.Security.KeyPassphrase", {value: Date.
˓→now()});
if (d.size) {
m = d.value[0];
}
(continues on next page)
4.1. Examples 21
GenieACS Documentation, Release 1.2.9
Administration FAQ
Because GenieACS uses a full fledged scripting language for device configuration, the only way to guarantee that it
has satisfied the ‘desired state’ is by repeatedly executing the script until there’s no more discrepancies with the current
device state. Though it may seem like this will cause duplicate requests going to the device, this isn’t actually the case
because device configuration are stated declaratively and that the scripts themselves are pure functions in the context
of a session (e.g. Date.now() always returns the same value within the session).
To illustrate with an example, consider the following script:
log("Executing script");
declare("Device.param", null, {value: 1});
commit();
declare("Device.param", null, {value: 2});
This will set the value of the ‘Device.param’ to 1, then to 2. Then as the script is run again the value is set back to 1
and so on. A stable state will never be reached so GenieACS will execute the script a few times until it gives up and
throws a fault. This is an edge case that should be avoided. A more typical case is where the script is run once or
twice. Essentially if an execution doesn’t result in any request to the CPE or a change in the data model then a stable
state is deemed to have been reached.
After a device is reset to its factory default state, the cached data model in GenieACS’s database needs to be invalidated
to force rediscovery. Ensure the following lines are called on 0 BOOTSTRAP event:
23
GenieACS Documentation, Release 1.2.9
For performance reasons (server, client, and network), GenieACS by default only fetches parts of the data model that
are necessary to satisfy the declarations in your provision scripts. Create declarations for any parameters you need
fetched by default.
If you’re unsure and want to explore the available parameters exposed by the device, refresh the root parameter (e.g.
InternetGatewayDevice) from GenieACS’s UI. You typically only need to do that one time for a given CPE
model.
Integration
25
CHAPTER 6
Extensions
Given that Provisions and Virtual Parameters are executed in a sandbox environment, it is not possible to interact with
external sources or execute any action that requires OS, file system, or network access. Extensions exist to bridge that
gap.
Extensions are fully-privileged Node.js modules and as such have access to standard Node libraries and 3rd party pack-
ages. Functions exposed by the extension can be called from Provision scripts using the ext() function. A typical
use case for extensions is fetching credentials from a database to have that pushed to the device during provisioning.
By default, the extension JS code must be placed under config/ext directory. You may need to create that directory
if it doesn’t already exist.
The example extension below fetches data from an external REST API and returns that to the caller:
"use strict";
http
.get("http://api.open-notify.org/iss-now.json", (res) => {
if (res.statusCode !== 200)
return callback(
new Error(`Request failed (status code: ${res.statusCode})`)
);
27
GenieACS Documentation, Release 1.2.9
res.on("end", () => {
let pos = JSON.parse(rawData)["iss_position"];
cache = [+pos["latitude"], +pos["longitude"]];
cacheExpire = Date.now() + 10000;
callback(null, cache);
});
})
.on("error", (err) => {
callback(err);
});
}
exports.latlong = latlong;
// The arguments "arg1" and "arg2" are passed to the latlong. Though they are
// unused in this particular example.
const res = ext("ext-sample", "latlong", "arg1", "arg2");
log(JSON.stringify(res));
28 Chapter 6. Extensions
CHAPTER 7
API Reference
GenieACS exposes a rich RESTful API through its NBI component. This document serves as a reference for the
available APIs.
This API makes use of MongoDB’s query language in some of its endpoints. Refer to MongoDB’s documentation for
details.
Note: The examples below use curl command for simplicity and ease of testing. Query parameters are URL-
encoded, but the original pre-encoding values are shown for reference. These examples assume genieacs-nbi is running
locally and listening on the default NBI port (7557).
Warning: A common pitfall is not properly percent-encoding special characters in the device ID or query in the
URL.
7.1 Endpoints
Search for records in the database (e.g. devices, tasks, presets, files). Returns a JSON representation of all items in the
given collection that match the search criteria.
collection: The data collection to search. Could be one of: tasks, devices, presets, objects.
query: Search query. Refer to MongoDB queries for reference.
Examples
29
GenieACS Documentation, Release 1.2.9
curl -i 'http://localhost:7557/devices/?query=%7B%22_id%22%3A%22202BC1-BM632w-000000
˓→%22%7D'
curl -i 'http://localhost:7557/devices/?query=%7B%22InternetGatewayDevice.WANDevice.1.
˓→WANConnectionDevice.1.WANIPConnection.1.MACAddress%22%3A%2220:2B:C1:E0:06:65%22%7D'
• Search for devices that have not initiated an inform in the last 7 days.
query = {
"_lastInform": {
"$lt" : "2017-12-11 13:16:23 +0000"
}
}
curl -i 'http://localhost:7557/devices/?query=%7B%22_lastInform%22%3A%7B%22%24lt%22%3A
˓→%222017-12-11%2013%3A16%3A23%20%2B0000%22%7D%7D'
curl -i 'http://localhost:7557/tasks/?query=%7B%22device%22%3A%22202BC1-BM632w-000000
˓→%22%7D'
curl -i 'http://localhost:7557/devices?query=%7B%22_id%22%3A%22202BC1-BM632w-000000%22
˓→%7D&projection=InternetGatewayDevice.DeviceInfo.ModelName,InternetGatewayDevice.
˓→DeviceInfo.Manufacturer'
Enqueue task(s) and optionally trigger a connection request to the device. Refer to Tasks section for information about
the task object format. Returns status code 200 if the tasks have been successfully executed, and 202 if the tasks have
been queued to be executed at the next inform.
device_id: The ID of the device.
connection_request: Indicates that a connection request will be triggered to execute the tasks immediately. Otherwise,
the tasks will be queued and be processed at the next inform.
The response body is the task object as it is inserted in the database. The object will include _id property which you
can use to look up the task later.
Examples
curl -i 'http://localhost:7557/devices/202BC1-BM632w-000000/tasks?connection_request'
˓→\
-X POST \
--data '{"name": "refreshObject", "objectName": ""}'
{
"name": "setParameterValues",
"parameterValues": [
["InternetGatewayDevice.LANDevice.1.WLANConfiguration.1.SSID", "GenieACS",
˓→"xsd:string"],
["InternetGatewayDevice.LANDevice.1.WLANConfiguration.1.PreSharedKey.1.
˓→PreSharedKey", "hello world", "xsd:string"]
]
}
curl -i 'http://localhost:7557/devices/202BC1-BM632w-000000/tasks?connection_request'
˓→\
-X POST \
--data '{"name":"setParameterValues", "parameterValues": [["InternetGatewayDevice.
˓→LANDevice.1.WLANConfiguration.1.SSID", "GenieACS", "xsd:string"],[
˓→"InternetGatewayDevice.LANDevice.1.WLANConfiguration.1.PreSharedKey.1.PreSharedKey",
Example
Example
7.1. Endpoints 31
GenieACS Documentation, Release 1.2.9
Example
Example
Note: Note that the device will be registered again when/if it contacts the ACS again (e.g. on the next periodic
inform).
Example
Example
Create or update a preset. Returns status code 200 if the preset has been added/updated successfully. The body of the
request is a JSON representation of the preset. Refer to Presets section below for details about its format.
preset_name: The name of the preset.
Example
Create a preset to set 5 minutes inform interval for all devices tagged with “test”:
query = {
"weight": 0,
"precondition": "{\"_tags\": \"test\"}"
"configurations": [
{
"type": "value",
"name": "InternetGatewayDevice.ManagementServer.PeriodicInformEnable",
"value": "true"
},
{
"type": "value",
"name": "InternetGatewayDevice.ManagementServer.PeriodicInformInterval",
"value": "300"
}
]
}
curl -i 'http://localhost:7557/presets/inform' \
-X PUT \
--data '{"weight": 0, "precondition": "{\"_tags\": \"test\"}", "configurations": [{
˓→"type": "value", "name": "InternetGatewayDevice.ManagementServer.
Upload a new file or overwrite an existing one. Returns status code 200 if the file has been added/updated successfully.
The file content should be sent as the request body.
file_name: The name of the uploaded file.
The following file metadata may be sent as request headers:
• fileType: For firmware images it should be “1 Firmware Upgrade Image”. Other common types are “2 Web
Content” and “3 Vendor Configuration File”.
7.1. Endpoints 33
GenieACS Documentation, Release 1.2.9
• oui: The OUI of the device model that this file belongs to.
• productClass: The product class of the device.
• version: In case of firmware images, this refer to the firmware version.
Example
curl -i 'http://localhost:7557/files/new_firmware_v1.0.bin' \
-X PUT \
--data-binary @"./new_firmware_v1.0.bin" \
--header "fileType: 1 Firmware Upgrade Image" \
--header "oui: 123456" \
--header "productClass: ABC" \
--header "version: 1.0"
7.2 Tasks
7.2.1 getParameterValues
query = {
"name": "getParameterValues",
"parameterNames": [
"InternetGatewayDevice.WANDevice.1.WANConnectionDevice.1.
˓→WANIPConnectionNumberOfEntries",
"InternetGatewayDevice.Time.NTPServer1", "InternetGatewayDevice.Time.Status"
]
}
curl -i 'http://localhost:7557/devices/00236a-96318REF-SR360NA0A4%252D0003196/tasks?
˓→timeout=3000&connection_request' \
-X POST \
--data '{"name": "getParameterValues", "parameterNames": ["InternetGatewayDevice.
˓→WANDevice.1.WANConnectionDevice.1.WANIPConnectionNumberOfEntries",
curl -i 'http://localhost:7557/devices/?query=%7B%22_id%22%3A%2200236a-96318REF-
˓→SR360NA0A4%252D0003196%22%7D'
7.2.2 refreshObject
curl -i 'http://localhost:7557/devices/00236a-SR552n-SR552NA084%252D0003269/tasks?
˓→timeout=3000&connection_request' \
-X POST \
--data '{"name": "refreshObject", "objectName": "InternetGatewayDevice.WANDevice.1.
˓→WANConnectionDevice"}'
7.2.3 setParameterValues
curl -i 'http://localhost:7557/devices/00236a-SR552n-SR552NA084%252D0003269/tasks?
˓→timeout=3000&connection_request' \
-X POST \
--data '{"name": "setParameterValues", "parameterValues": [["InternetGatewayDevice.
˓→ManagementServer.UpgradesManaged",false]]}'
Multiple values can be set at once by adding multiple arrays to the parameterValues key. For example:
{
name: "setParameterValues",
parameterValues: [["InternetGatewayDevice.ManagementServer.UpgradesManaged", false],
˓→ ["InternetGatewayDevice.Time.Enable", true], ["InternetGatewayDevice.Time.
˓→NTPServer1", "pool.ntp.org"]]
7.2.4 addObject
curl -i 'http://localhost:7557/devices/00236a-SR552n-SR552NA084%252D0003269/tasks?
˓→timeout=3000&connection_request' \
-X POST \
--data '{"name":"addObject","objectName":"InternetGatewayDevice.WANDevice.1.
˓→WANConnectionDevice.1.WANPPPConnection"}'
7.2. Tasks 35
GenieACS Documentation, Release 1.2.9
7.2.5 deleteObject
curl -i 'http://localhost:7557/devices/00236a-SR552n-SR552NA084%252D0003269/tasks?
˓→timeout=3000&connection_request' \
-X POST \
--data '{"name":"deleteObject","objectName":"InternetGatewayDevice.WANDevice.1.
˓→WANConnectionDevice.1.WANPPPConnection.1"}'
7.2.6 reboot
curl -i 'http://localhost:7557/devices/00236a-SR552n-SR552NA084%252D0003269/tasks?
˓→timeout=3000&connection_request' \
-X POST \
--data '{"name": "reboot"}'
7.2.7 factoryReset
curl -i 'http://localhost:7557/devices/00236a-SR552n-SR552NA084%252D0003269/tasks?
˓→timeout=3000&connection_request' \
-X POST \
--data '{"name": "factoryReset"}'
7.2.8 download
curl -i 'http://localhost:7557/devices/00236a-SR552n-SR552NA084%252D0003269/tasks?
˓→timeout=3000&connection_request' \
-X POST \
--data '{"name": "download", "file": "mipsbe-6-42-lite.xml"}'
7.3 Presets
Presets assign a set of configuration or a Provision script to devices based on a precondition (search filter), schedule
(cron expression), and events.
7.3.1 Precondition
The precondition property is a JSON string representation of the search filter to test if the preset applies to a
given device. Examples preconditions are:
• {"param": "value"}
• {"param": value", "param2": {"$ne": "value2"}}
Other operators that can be used are $gt, $lt, $gte and $lte.
7.3.2 Configuration
The configuration property is an array containing the different configurations to be applied to a device, as shown
below:
[
{
"type": "value",
"name": "InternetGatewayDevice.ManagementServer.PeriodicInformEnable",
"value": "true"
},
{
"type": "value",
"name": "InternetGatewayDevice.ManagementServer.PeriodicInformInterval",
"value": "300"
},
{
"type": "delete_object",
"name": "object_parent",
"object": "object_name"
},
{
"type": "add_object",
"name": "object_parent",
"object": "object_name"
},
{
"type": "provision",
"name": "YourProvisionName"
},
]
The configuration type provision triggers a Provision script. In the example above, the provision named “Your-
ProvisionName” will be executed.
7.4 Provisions
The Provision’s JavaScript code is the body of the HTTP PUT request.
7.4. Provisions 37
GenieACS Documentation, Release 1.2.9
Security
39
CHAPTER 8
HTTPS
TODO
41
GenieACS Documentation, Release 1.2.9
42 Chapter 8. HTTPS
CHAPTER 9
CPE Authentication
Note: By default GenieACS will accept any incoming connection via HTTP/HTTPS and respond to it.
The following parameters are used to set and get (password is redacted but can be set) the username/password used to
authenticate against the ACS:
Username: Device.ManagementServer.Username or InternetGatewayDevice.
ManagementServer.Username
Password: Device.ManagementServer.Password or InternetGatewayDevice.
ManagementServer.Password
CPE to ACS authentication can be configured in the web interface by using the Config option in the Admin tab.
Go to the Admin -> Config page and click on New config button at the bottom of the page. This will open pop-up
which requires you to fill in a key and value. The key should be cwmp.auth. The value accepts a boolean. Setting
the value to true makes it so that GenieACS accepts any incoming connection, setting it to false makes GenieACS
deny all incoming connections. This can be further configured using the AUTH() and EXT() functions.
The AUTH() function accepts two parameters, username and password. It checks the given username and password
with the incoming request to determine whether to return true or false.
Basic usage of the AUTH() function could be as follows:
43
GenieACS Documentation, Release 1.2.9
AUTH("fixed-username", "fixed-password")
This will only accept incoming request who authenticate with “fixed-username” and “fixed-password”.
The various device parameters can be referenced from within the cwmp.auth expression. For example:
AUTH(Device.ManagementServer.Username, Device.ManagementServer.Password)
The EXT() function makes it possible to call an extension script from the auth expression. This can be used to fetch
the credentials from an external source:
TODO
TODO
45