Documentation

Mistake on this page? Email us
DocsManaging devicesMaestro configuration for Izuma Edge

Maestro configuration for Izuma Edge

Maestro is the systems management daemon for Izuma Edge. It replaces typical Linux OS system utilities and management programs for cloud-connected systems management.

Maestro is designed specifically for cloud-connected, Linux OS-embedded computers with limited RAM and disk space, often using a flash file system. Maestro allows for less writing to the file system over time.

Maestro provides:

  • A syslog daemon (replaces syslog-ng, syslogd, and others).
  • Additional logging through the grease-log-client library.
  • Direct-to-cloud logging.
  • Periodic system stats to cloud.
  • Configuration management for applications (file templating and API).
  • Network setup (DHCP and static IP settings).
  • Critical systems control (reboot and remote command execution).
  • Watchdog support.
  • Time sync.
  • Initial provisioning of system.

Maestro configuration

The rest of this page describes the configuration options you can define in the YAML file provided to Maestro on startup. Use the -config command line option to provide the path to the config file.

The minimum configuration for Maestro is:

config_end: true

You can configure Maestro two ways:

  • Locally with other processes over its local API.
  • Using Maestro Shell.

Maestro communicates with Device Management over HTTPS. It stores its configuration locally in a private database, but can also use deviceDB to store application settings, network settings, configs, and other data when used in conjunction with standard Device Management services.

Maestro Shell

Maestro Shell is an interactive shell for controlling Maestro locally.

This table shows the Maestro Shell commands:

Command What it does Usage
net events Opens a connection to maestro and continually waits for network events, printing them out as they occur net events
net get-interfaces Dumps information on all managed interfaces net get-interfaces
net config-interface Configures a single existing managed interface net config-interface <opt1>=<arg1> <opt2>=<arg2> ...
net add-dns Add a DNS server to your gateway net add-dns <dns-ip>
net delete-dns Delete a DNS server from your gateway net delete-dns <dns-ip>
net get-dns Get the DNS servers used by your gateway for name resolution net get-dns

To compile Mestro Shell, use go build.

Constructing a configuration file

You can include additional subsections in the config file above the config_end: true line. See an example config file.

Main parameters

The main parameters available for Maestro configuration are:

syslogSocket

The string syslogSocket provides a path to a socket from which Maestro reads syslog-formatted messages.

For operating systems with Systemd/Journald, set this field to /run/systemd/journal/syslog.

For operating systems without Systemd/Journald, set this field to /dev/log. If syslogSocket is not provided, Maestro uses DefaultSyslogSocket.

Example:

sysLogSocket: /dev/log

linuxKernelLog

The boolean linuxKernelLog determines if Maestro reads kernel log messages from /dev/kmsg, a newer mechanism for exporting kernel logs to the user space, available in Linux kernel version 3.5 and later.

If you set this field to true, you must set linuxKernelLogLegacy to false. Additionally, you must set this field to false if you specify syslogSocket for a system with Systemd/Journald. In this case, kernel log messages are read from syslogSocket.

linuxKernelLogLegacy

The boolean linuxKernelLogLegacy determines if Maestro reads kernel log messages from /proc/kmsg, an older mechanism for exporting kernel log messages to the user space. Systems using Linux Kernel version 3.5 and higher should instead use linuxKernelLog (/dev/kmsg) or syslogSocket if Systemd/Journald is available.

httpUnixSocket

The string httpUnixSocket gives a path to a socket where Maestro exports a REST API. Maestro uses this API to configure and retrieve runtime state statuses. Maestro-shell uses this socket.

If httpUnixSocket is not provided, Maestro uses DefaultHttpUnixSocket.

Example:

httpUnixSocket: /tmp/maestroapi.sock

configDBPath

The string configDBPath gives a path to Maestro's local database. Maestro uses this database to store certain config options, for example, network interface configs.

If configDBPath is not provided, Maestro uses defaultconfigDBPath. ("{{thisdir}}/maestroConfig.db" where {{thisdir}} is the directory of the Maestro executable file)

Example:

configDBPath: /userdata/etc/maestroConfig.db

clientId

The string clientId stores the gateway's serial number. This is used by the Symphony client.

Example:

clientId: "DEV00032OG"

VarDefs

Maestro stores key-value pairs of variables as VarDefs. Maestro resolves variables in the form {{variable_name}} in templates or the Maestro config YAML.

Parameters:

  • key: Required. String.
  • value: Required. String.

Example:

var_defs:
   - key: "LOCAL_DEVICEDB_PORT"
     value: 9000

Gateway capabilities

You can bundle Izuma Edge features depending on your subscription model and hardware specifications. Therefore, the features or capabilities the Izuma Edge enabled gateway supports can vary. Because Izuma Device Management uses LwM2M to represent the state of the devices in the cloud, Izuma Edge extends that model to advertise the supported capabilities of the gateway. Izuma reserves an LwM2M object in OMA registry 33457 to provide an interface for discovering the gateway's feature capabilities and to manage the configuration of enabled features.

Name Object ID Instances Mandatory Object URN
FeatureMgmt 33457 Multiple Optional urn:oma:lwm2m:x:33457

A gateway device creates instances of the Feature Management object, one for each feature the device is capable of supporting. Each instance advertises the capability to support a feature. You may configure the feature by setting the configuration resource. A feature may also be enabled or disabled.

LwM2M resource definitions:

ID Name Operations Instances Mandatory Type Description
0 FeatureID R Single Mandatory String The unique identifier for the feature. By advertising an object instance with a particular featureID, a device is advertising its capability to support the feature, for example urn:fid:pelion.com:terminal. Although not essential, use of a URN-based naming scheme has good properties for extending and including versioning.
1 Enabled R Single Mandatory Boolean Indicates whether a feature has been enabled. The enabled state is independent of the configured state of the feature. For example, an enabled feature that has not been configured may not operate until it has been configured.
2 Config R/W Single Optional String Configuration data for the feature. The format and content is feature specific.

To register a Feature Management object, Maestro uses the local Gateway Resource Management (GRM) JSON-RPC APIs, which Edge Core exposes over unix domain socket. For example, if a gateway supports Fluentbit for logging, terminal for remote shell and Kubernetes-as-a-Service (KaaS) for container management, then you can define those capabilities in the Maestro configuration file:

gateway_capabilities:
  edge_core_socketpath: "/tmp/edge.sock"
  lwm2m_objectid: 33457
  gateway_resources:
  - name: "urn:fid:pelion.com:log:1.0.0"
    enable: true
    config_filepath: "/etc/td-agent-bit/td-agent-bit.conf"
  - name: "urn:fid:pelion.com:terminal:1.0.0"
    enable: true
    config_filepath: "/wigwag/wigwag-core-modules/relay-term/config/config.json"
  - name: "urn:fid:pelion.com:kaas:1.0.0"
    enable: true
    config_filepath: "/wigwag/system/var/lib/kubelet/kubeconfig"

These are added to the list of LwM2M resources, which Edge Core registers as gateway resources:

LwM2M Object and Resource Name Value
/33457/0/0 FeatureID urn:fid:pelion.com:log:1.0.0
/33457/0/1 Enabled 1
/33457/0/2 Config File content of /etc/td-agent-bit/td-agent-bit.conf
/33457/1/0 FeatureID urn:fid:pelion.com:terminal:1.0.0
/33457/1/1 Enabled 1
/33457/1/2 Config File content of /wigwag/wigwag-core-modules/relay-term/config/config.json
/33457/2/0 FeatureID urn:fid:pelion.com:kaas:1.0.0
/33457/2/1 Enabled 1
/33457/2/2 Config File content of /wigwag/system/var/lib/kubelet/kubeconfig

This allows you to remotely view the current configuration of the feature and also push a config update using the cloud service APIs. Maestro, on receiving an update, writes the content to the file path specified in the respective parameter config_filepath. By default, Izuma Edge processes are configured with the systemd path unit file to monitor their configuration file and restart on an file update for change to take effect.

This interface allows different class of gateways to advertise the feature capabilities and also allow you to remotely configure the features of the deployed gateways using standard Izuma Device Management LwM2M services.

StaticFileGenerators

This subsystem generates config files for other services that run on the gateway. Maestro reads a template file for a particular service, populates the appropriate variables in the template file using Vardefs or variables from the platform reader, then creates a config file for the service.

Parameters:

  • name: Required. String. Name of the service for which the config file is generated.
  • template_file: Required. String. Path to the template file used to generate the output file.
  • output_file: Required. String. Path to where the config file should be generated.

Example:

static_file_generators:
   - name: "devicedb"
     template_file: "/wigwag/wwrelay-utils/conf/maestro-conf/template.devicedb.conf"
     output_file: "/wigwag/etc/devicejs/devicedb.yaml"

PlatformReaders

A platform reader is used to store and retrieve architecture-specific metadata about a physical platform where Maestro runs. You can only use one platform reader.

Currently, fsonly platform is in use. The template platform reader fsonly is for a gateway with no secure storage, hardware encryption chip, or TrustZone. This platform reader gets information by reading an identity.json file from the file system.

The identity file contains gateway-related information set during the factory process (such as DeviceID, SerialNumber, and CloudAddress). This information is read by the fsonly platform reader.

Parameters:

  • platform: Required. Platform can be fsonly.
  • params: Required.
    • identityPath: Required. String. Location of the identity.json file.

Example:

platform_readers:
  - platform: "fsonly"
    params:
      identityPath: "/userdata/edge_gw_config/identity.json"

Networking

The networking subsystem is responsible for:

  • Setting up the host's network interface.
  • Monitoring the state of the network interfaces.
  • Running an mDNS server that can be used to discover other gateways in the local network.

Network interfaces

To specify a network interface, add:

network:
    disable: false
    interfaces:
        - <interface 1> # Outlined below
        - <interface 2> # Outlined below
        - <interface ...> # Outlined below

Parameters:

  • disable: Optional. Boolean. If you set the flag to disable: false, Maestro is responsible for setting up network interfaces and maintaining them. The networking subsystem is enabled. If you set the flag to disable: true, Maestro won't set up network interfaces, so the networking subsystem is disabled. Default is true.
  • interfaces: Required. An array of network interfaces to configure.
    • type: Optional. String. Type of connection. For a Wi-Fi interface, set to 'wifi'. For an LTE interface, set to 'lte'. Leave empty for an Ethernet interface.
    • if_name: Required. String. Name of the interface Maestro modifies. The name must match the interface name on the system.
    • existing: Optional. String. Tells Maestro to replace or override the existing saved interface. For incoming API calls, the default behavior is override, because the API calls always modify the interface's database entry.
      • existing: "override" replaces any data already set in the database.
      • existing: "" is the default. The database takes precedence if it has an entry for the interface.
      • existing: "replace" removes the existing database entry entirely, then replaces it with what is in the config file.
    • clear_addresses: Required. Boolean. Clears any existing addresses assigned to the interface before setting up the specified addresses. If an interface is set with multiple IP addresses, adding a new IP address while setting up a static interface does not take effect unless the previously set IP addresses are removed. Set this flag to true if the existing addresses assigned to the interface need to be cleared. Setting the field to true is equivalent to running 'ip addr flush' before assigning an IP address to an interface.
    • dhcpv4: Optional. Boolean. false for static interfaces. Default is false.
    • ipv4_addr: Optional. String. IP address to assign to the interface.
    • ipv4_mask: Optional. Integer. IP mask to use for the subnet.
    • hw_addr: Optional. String. MAC address to use for the interface.
    • wifi_ssid: Optional. String. SSID of the Wi-Fi network.
    • wifi_password: Optional. String. Wi-Fi password.
    • default_gateway: String. IP address of the default gateway. The priority field should help determine which route has the best metric, which allows the kernel to use the fastest route.
      • If DHCP is disabled (dhcpv4 is false): Required. If default_gateway is not set and DHCP is disabled, the gateway can't access the internet through this interface.
      • If DHCP is enabled (dhcpv4 is true): Optional. If both default_gateway and dhcpv4 are set, default_gateway overrides dhcpv4.
    • ipv4_bcast: Optional. String. IPv4 Broadcast Addr. Sets automatically if left empty.
    • route_priority: Optional. Integer. RoutePriority. Priority 0 means the first, primary interface, 1 means the secondary, and so on. Priority determines which physical interface is the default route, if the interface has a default gateway. Valid values are 0-9 (MaxRoutePriority).
    • dhcp_disable_clear_addresses: Optional. Boolean. By default, DHCP services clear all addresses on the given interface before setting the interface address provided by the DHCP server. This disables that behavior, meaning existing addresses remain on the interface if they were there before Maestro started.
    • dhcp_step_timeout: Optional. Integer. DhcpStepTimeout is the maximum number of seconds to wait in each step of getting a DHCP address. Default is 15 seconds (defaultDhcpStepTimeout).
  • dont_set_default_route: Optional. Boolean. If DontSetDefaultRoute is true, Maestro does not add, replace or delete the default route in the system routing table, with a setting from the interface whether through DHCP or static (DefaultGateway field). In case where a default route is not set for the system and this flag is true, you must set the default route manually or by Network Manager.
  • nameservers: Optional. String. Nameservers. You may specify multiple nameservers.
  • dns_ignore_dhcp: Optional. Boolean. This tells the network subsystem to ignore DNS configuration from DHCP offers. Whatever the DHCP server says in regard to DNS is ignored.
  • alt_resolv_conf: Optional. String. AltResolvConf, if populated with a string, causes the network subsystem not to write /etc/resolv.conf, and instead writes what would go to /etc/resolv.conf to an alternate file.

Static interface example

network:
    interfaces:
      - if_name: eth1
        clear_addresses: true
        dhcpv4: false
        ipv4_addr: 10.0.103.103
        ipv4_mask: 24
        hw_addr: "{{ARCH_ETHERNET_MAC}}"
        default_gateway: 10.0.103.1

DHCP interface example

network:
    interfaces:
      - if_name: eth1
        clear_addresses: true
        dhcpv4: true
        hw_addr: "{{ARCH_ETHERNET_MAC}}"

Example:

network:
    interfaces:
      - if_name: wlan0
        type: wifi
        existing: override
        clear_addresses: true
        dhcpv4: true
        wifi_ssid: "ssid"
        wifi_password: "password"

Multicast DNS (mDNS)

Maestro has a built-in multicast DNS (mDNS)-based service discovery that allows clients on the local network to discover a named list of service instances, and resolve those services to hostnames using standard DNS queries. For example, if a gateway is hosting a local web server, then clients like mobile or web applications on the local network can discover this service and find out its address and other information required to establish a connection.

mdns:
  disable: false
  static_records:
        - <record 1> # Outlined below
        - <record 2> # Outlined below
        - <record ...> # Outlined below

Parameters:

  • disable: Optional. Boolean. It is false by default.
  • static_records: Required. An array of network interfaces to configure.
    • name: Required. String. Name of the static record.
    • service: Required. String.
    • domain: Optional. String. It is local by default.
    • port: Required. Integer.
    • ttl: Optional. uint32. Time-To-Live for DNS replies.
    • hostname: Required. String. Hostname is a string representing the host to look up. This is its DNS name. If left blank, this subsystem uses os.Hostname().
    • ips: Required. String. ips is a comma-separated string of one or more IP addresses. If blank, the hostname is looked up for the interface being published on.
    • interfaces: Required. String. Interfaces should be a comma-separated string stating all interfaces to publish the record on. If left empty, it publishes on all interfaces.
    • not_interfaces: Required. String. not_interfaces blacklists certain interfaces from being published on, even if interfaces names them or is set to empty.
    • not_persistent: Required. Boolean. If not_persistent is true, the record isn't stored in the Maestro config database.
    • text: Required. String. You can add multiple strings.
    • servers: Optional. zeroconf server config.

Example:

mdns:
  # disable: true
  static_records:
   - name: "WigWagRelay"
     service: "_wwservices._tcp"  # normally something like https or ftp
     # domain: "local"     # local is default
     interfaces: "eth0"
     not_interfaces: "Witap0"
     port: 3131
     text:
      - "wwid={{ARCH_SERIAL_NUMBER}}"
     hostname: "wigwaggateway"
   - name: "WigWagRelay_{{ARCH_SERIAL_NUMBER}}"
     service: "_wwservices._tcp"  # normally something like https or ftp
     # domain: "local"     # local is default
     interfaces: "eth0"
     not_interfaces: "Witap0"
     port: 3131
     text:
      - "wwid={{ARCH_SERIAL_NUMBER}}"
     hostname: "{{ARCH_SERIAL_NUMBER}}"

DeviceDB

Maestro interacts with deviceDB, which is a distributed database to store configs.

To connect to a deviceDB server, add to your config file:

devicedb_conn_config:
  devicedb_uri: "http://{{ARCH_DEVICE_ID}}:9000" #default uri
  devicedb_prefix: "maestro.configs" #default prefix
  devicedb_bucket: "lww" #default bucket
  relay_id: "{{ARCH_DEVICE_ID}}" #default relay id
  ca_chain: "{{SSL_CERTS_PATH}}/ca-chain.cert.pem" #default chain cert file name

Parameters:

  • devicedb_uri: Required. String. URL of the deviceDB edge instance. Not the deviceDB cloud URL.
  • devicedb_prefix: Required. String. Table within deviceDB to put data into. The prefix where keys related to configuration are stored.
  • devicedb_bucket: Required. String. Bucket within the table specified above.
  • relay_id: Required. String. Unique identifier for the gateway (Device Management Device ID)
  • ca_chain: Optional. String. Location of the root CA certificate with which the deviceDB cloud instance is set up.

Logging with SysLog

Syslog is a protocol to send logs from different processes running on a gateway to a central server that stores all the logs in a file. On an OS managed by Systemd, the systemd-journal service gathers logs from the system and makes those logs available to other services at the socket /run/systemd/journal/syslog. On an OS that is not managed by systemd, this would be /dev/log. In either place, the messages read from the socket are formatted with the syslog protocol and Maestro understands how to read such data. The sysLogSocket variable specifies where Maestro listens for log messages that have been formatted with the syslog protocol. To enable syslog, add:

sysLogSocket: /run/systemd/journal/syslog

Where /run/systemd/journal/syslog is the path to your syslog socket.

To inject a log into a log target, you can use syslog:

echo "test err message" | systemd-cat -p err

Available syslog levels are:

  • err.
  • warning.
  • info.
  • debug.

Where the content of the echo is the message and err is the log level. The log level you specify must be one of the values in your log target filters list; otherwise, the log doesn't show up.

Targets

A target is a destination to which Maestro outputs its logs. The target can be a file, the cloud and so on. Maestro can have multiple targets.

To define the target into which Maestro dumps its logs, add:

targets:
    - <target 1> # Outlined below
    - <target 2> # Outlined below
    - <target ...> # Outlined below

File target

    - file: "/var/log/maestro/maestro.log"
    rotate:
        max_files: 4
        max_file_size: 10000000  # 10MB max file size
        max_total_size: 42000000
        rotate_on_start: true
    delim: "\n"
    format_time: "[%ld:%d] "
    format_level: "<%s> "
    format_tag: "{%s} "
    format_origin: "(%s) "
    filters:
        - levels: warn
          format_pre: "\u001B[33m"    # yellow
          format_post: "\u001B[39m"
        - levels: error
          format_pre: "\u001B[31m"    # red
          format_post: "\u001B[39m"

Parameters:

  • file: Optional. String. The location of the output file.
  • rotate: Optional. Defines the log file rotation.
    • max_files: uint32. Maximum number of log files to rotate between.
    • max_file_size: uint32. Maximum size of each log file, in bytes.
    • max_total_size: uint64. Maximum total size of all log files, in bytes.
    • rotate_on_start: Boolean. Move to the next file when Maestro reboots.
  • delim: Optional. String. Specifies the delimiter between logs.
  • format_time: Required. String. Specifies the time format in the output logs.
  • format_level: Optional. String.
  • format_tag: Optional. String.
  • format_origin: Optional. String.
  • filters: Required. Specifies what level of logs make it to the output log.
    • levels: Required. String. can be warn, info, success, debug or all.
    • format_pre: Optional. String.
    • format_post: Optional. String.

To view a file log, run:

sudo tail -f /var/log/maestro/maestro.log

Where /var/log/maestro/maestro.log is the file specified in the file field.

Cloud target

- name: "toCloud"  # this sends log dumps to the cloud as a JSON.
    format_time: "\"timestamp\":%ld%03d, "
    format_level: "\"level\":\"%s\", "
    format_tag: "\"tag\":\"%s\", "
    format_origin: "\"origin\":\"%s\", "
    format_pre_msg: "\"text\":\""
    format_post: "\"},"
    flag_json_escape_strings: true
    filters:
        - levels: all
          format_pre: "{"     # wrap this output with { "log": [ OUTPUT ] }

Note: If you have a cloud target, you MUST have a section in your maestro.config for Symphony.

Parameters:

  • name: String. Unique identifier of the log target. toCloud is a special name for sending data to the cloud and is the required name for cloud targets.
  • format_time: Required. String. Specifies the time format in the output logs.
  • format_level: Optional. String.
  • format_tag: Optional. String.
  • format_origin: Optional. String.
  • format_pre_msg: Optional. String.
  • flag_json_escape_strings: Boolean. Sends log dumps in JSON format. Always true for cloud targets.
  • filters: Required. Specifies what level of logs make it to the output log.
    • levels: Required. String. can be "warn", "info", "success", "debug" or "all".
    • format_pre: Optional. String.

Symphony

If you have a "toCloud" target as mentioned in the Targets section, you must configure Symphony by providing the following:

symphony:
    disable_sys_stats: true
    sys_stats_count_threshold: 15     
    sys_stats_time_threshold: 120000
    #client_cert: "{{ARCH_CLIENT_CERT_PEM}}"
    #client_key: "{{ARCH_CLIENT_KEY_PEM}}"
    no_tls: true
    host: "gateways.local"
    url_logs: "http://gateways.local:8080/relay-logs/logs"
    url_stats: "http://gateways.local:8080/relay-stats/stats_obj"
    send_time_threshold: 120000       # set the send time threshold to 2 minutes
    #port: "{{ARCH_RELAY_SERVICES_PORT}}"

Parameters:

  • root_ca: Optional. String. The RootCA option should be a PEM-encoded root CA chain. Use this if the server's TLS certificate isn't signed by a certificate authority in the default list. If a certificate authority in the default list signs the server, root_ca can be omitted.
  • server_name: Optional. String. The ServerName is also only required if the root CA chain isn't in the default list. This option should be omitted if RootCA is not specified. It should match the common name of the server's certificate.
  • no_validate: Optional. Boolean. You can use this option in place of the RootCA and ServerName for servers that aren't signed by a well-known certificate authority. It skips the authentication for the server. It isn't recommended outside of a test environment.
  • no_tls: Optional. Boolean. This option turns off encryption entirely. Use this if HTTP is used instead of HTTPS.
  • client_cert: Optional. String. Certificate to authenticate with the cloud. The actual certificate in PEM format, not the file location. This is required for all HTTPS-based client connections. It provides the relay identity to the server (required if HTTPS).
  • client_key: Optional. String. Private key to authenticate with the cloud. The actual key in PEM format, not the file location. This is required for all HTTPS-based client connections (required if HTTPS).
  • host: Required. String. URL of the Symphony server in the cloud.
  • port: Optional. Integer. This is the port of the Symphony server. Default is 443.
  • url_logs: Required. String. If this field is set, the string provided is used as the URL of logging endpoint where Maestro sends log data to. If the field is left empty, the URL of logging endpoint is generated by Maestro of the form "https://[host:port]/relay-logs/logs" if no_tls is false or "http://[host:port]/relay-logs/logs" if no_tls is true.
  • url_stats: Required. String. If this field is set, the string provided is used as the URL of stats endpoint where Maestro sends stats to. If the field is left empty, the URL of stats endpoint is generated by Maestro of the form "https://[host:port]/relay-stats/stats_obj" if no_tls is false or "http://[host:port]/relay-stats/stats_obj" if no_tls is true.
  • disable_sys_stats: Optional. Boolean. If true, the system stats (Please refer System Stats section below) are not sent to the cloud.

System Stats

To log system statistics, add:

sys_stats:
  vm_stats:
    every: "15s"
    name: vm
  disk_stats:
    every: "30s"
    name: disk

Parameters:

  • vm_stats: Optional. Memory statistics.
  • disk_stats: Optional. Disk statistics.

Subparameters:

For vm_stats and disk_stats:

  • name: Required. String. name is used to identify the statistic.
  • every: Required. String. every is a string representation of the interval at which this statistic should be gathered. The string must be formatted to be compatible with the time.ParseDuration format ("1m" for every minute, "30s", "1m45s", "250ms").
  • disable: Optional. Boolean. This disables the statistic entirely.

To disable system statistics:

  • Remove the sys_stats section from the config file.
  • Add disable_sys_stats: true to the symphony section in the config file.

Note: Enabling system statistics without a cloud side service is known to cause issues such as Maestro taking 100% CPU use. Please disable system statistics if you don't need them.

config_end

To end your config file, put config_end: true at the end of maestro.config.

Maestro config file example

unixLogSocket: /tmp/grease.socket
sysLogSocket: /dev/log
linuxKernelLog: true
httpUnixSocket: /tmp/maestroapi.sock
configDBPath: /userdata/etc/maestroConfig.db
clientId: "{{ARCH_SERIAL_NUMBER}}"
network:
    interfaces:
        - if_name: eth0
          clear_addresses: true
          dhcpv4: true
          # set the mac addresses for this interface also:
          hw_addr: "{{ARCH_ETHERNET_MAC}}"
        - if_name: wlan0
          clear_addresses: true
          dhcpv4: true
          hw_addr: "{{ARCH_ETHERNET_MAC}}"
platform_readers:
  - platform: "fsonly"
    params:
      identityPath: "/userdata/edge_gw_config/identity.json"
gateway_capabilities:
  edge_core_socketpath: "/tmp/edge.sock"
  lwm2m_objectid: 33457
  gateway_resources:
  - name: "urn:fid:pelion.com:log:1.0.0"
    enable: true
    config_filepath: "/etc/td-agent-bit/td-agent-bit.conf"
  - name: "urn:fid:pelion.com:terminal:1.0.0"
    enable: true
    config_filepath: "/wigwag/wigwag-core-modules/relay-term/config/config.json"
  - name: "urn:fid:pelion.com:kaas:1.0.0"
    enable: true
    config_filepath: "/wigwag/system/var/lib/kubelet/kubeconfig"
var_defs:
   - key: "TMP_DIR"
     value: "/tmp"
   - key: "WIGWAG_NODE_PATH"
     value: "/wigwag/devicejs-core-modules/node_modules"
   - key: "WIGWAG_DIR"
     value: "/wigwag"
   - key: "NODE_EXEC"
     value: "/usr/bin/node"
   - key: "DEVICEJS_ROOT"
     value: "/wigwag/devicejs-ng"
   - key: "DEVJS_CORE_MODULES"
     value: "/wigwag/devicejs-core-modules"
   - key: "MAESTRO_RUNNER_DIR"
     value: "/wigwag/devicejs-core-modules/maestroRunner"
   - key: "SSL_CERTS_PATH"
     value: "/userdata/edge_gw_config/.ssl"
   - key: "LOCAL_DEVICEDB_PORT"
     value: 9000
   - key: "LOCAL_DATABASE_STORAGE_DIRECTORY"
     value: "/userdata/etc/devicejs/db"
   - key: "RELAY_VERSIONS_FILE"
     value: "/wigwag/etc/versions.json"
   - key: "FACTORY_VERSIONS_FILE"
     value: "/mnt/.overlay/factory/wigwag/etc/versions.json"
   - key: "USER_VERSIONS_FILE"
     value: "/mnt/.overlay/user/slash/wigwag/etc/versions.json"
   - key: "UPGRADE_VERSIONS_FILE"
     value: "/mnt/.overlay/upgrade/wigwag/etc/versions.json"
devicedb_conn_config:
    devicedb_uri: "https://{{ARCH_DEVICE_ID}}:9000" #default uri
    devicedb_prefix: "maestro.configs" #default prefix
    devicedb_bucket: "lww" #default bucket
    relay_id: "{{ARCH_DEVICE_ID}}" #default relay id
    ca_chain: "{{SSL_CERTS_PATH}}/ca-chain.cert.pem" #default chain cert file name     
mdns:
  # disable: true
  static_records:
   - name: "WigWagRelay"
     service: "_wwservices._tcp"  # normally something like https or ftp
     # domain: "local"     # local is default
     interfaces: "eth0"
     not_interfaces: "Witap0"
     port: 3131
     text:
      - "wwid={{ARCH_SERIAL_NUMBER}}"
     hostname: "wigwaggateway"
   - name: "WigWagRelay_{{ARCH_SERIAL_NUMBER}}"
     service: "_wwservices._tcp"  # normally something like https or ftp
     # domain: "local"     # local is default
     interfaces: "eth0"
     not_interfaces: "Witap0"
     port: 3131
     text:
      - "wwid={{ARCH_SERIAL_NUMBER}}"
     hostname: "{{ARCH_SERIAL_NUMBER}}"
symphony:
  # symphony system management APIs
    # defaults to 10:
    disable_sys_stats: true
    sys_stats_count_threshold: 15     # send if you have 15 or more stats queued
    sys_stats_time_threshold: 120000  # every 120 seconds send stuff, no matter what
    client_cert: "{{ARCH_CLIENT_CERT_PEM}}"
    client_key: "{{ARCH_CLIENT_KEY_PEM}}"
    host: "{{ARCH_GW_SERVICES_RESRC}}"
    url_logs: "{{ARCH_GW_SERVICES_URL}}/relay-logs/logs"
    url_stats: "{{ARCH_GW_SERVICES_URL}}/relay-stats/stats_obj"
    # port: "{{ARCH_RELAY_SERVICES_PORT}}"
targets:
   - file: "/wigwag/log/devicejs.log"
     rotate:
         max_files: 4
         max_file_size: 10000000  # 10MB max file size
         max_total_size: 42000000
         rotate_on_start: true
     delim: "\n"
     format_time: "[%ld:%d] "
     format_level: "<%s> "
     format_tag: "{%s} "
     format_origin: "(%s) "
     filters:
       - levels: warn
         format_pre: "\u001B[33m"    # yellow
         format_post: "\u001B[39m"
       - levels: error
         format_pre: "\u001B[31m"    # red
         format_post: "\u001B[39m"
   - name: "toCloud"  # this is a special target for sending to the cloud. It must send as a JSON
     format_time: "\"timestamp\":%ld%03d, "
     format_level: "\"level\":\"%s\", "
     format_tag: "\"tag\":\"%s\", "
     format_origin: "\"origin\":\"%s\", "
     format_pre_msg: "\"text\":\""
     format_post: "\"},"
     flag_json_escape_strings: true
     filters:
       - levels: warn
         format_pre: "{"     # wrap this output with { "log": [ OUTPUT ] }
       - levels: error
         format_pre: "{"     # wrap this output with { "log": [ OUTPUT ] }
static_file_generators:
   - name: "devicejs"
     template_file: "/wigwag/wwrelay-utils/conf/maestro-conf/template.devicejs.conf"
     output_file: "/wigwag/etc/devicejs/devicejs.conf"
   - name: "devicedb"
     template_file: "/wigwag/wwrelay-utils/conf/maestro-conf/template.devicedb.conf"
     output_file: "/wigwag/etc/devicejs/devicedb.yaml"
   - name: "relayTerm"
     template_file: "/wigwag/wwrelay-utils/conf/maestro-conf/relayTerm.template.json"
     output_file: "/wigwag/wigwag-core-modules/relay-term/config/config.json"
   - name: "radioProfile"
     template_file: "/wigwag/devicejs-core-modules/rsmi/radioProfile.template.json"
     output_file: "/wigwag/devicejs-core-modules/rsmi/radioProfile.config.json"
   - name: "ca_pem"
     template: "{{ARCH_CA_CERT_PEM}}"
     output_file: "{{SSL_CERTS_PATH}}/ca.cert.pem"
   - name: "intermediate_pem"
     template: "{{ARCH_INTERMEDIATE_CERT_PEM}}"
     output_file: "{{SSL_CERTS_PATH}}/intermediate.cert.pem"
   - name: "client_key"
     template: "{{ARCH_CLIENT_KEY_PEM}}"
     output_file: "{{SSL_CERTS_PATH}}/client.key.pem"
   - name: "client_cert"
     template: "{{ARCH_CLIENT_CERT_PEM}}"
     output_file: "{{SSL_CERTS_PATH}}/client.cert.pem"
   - name: "server_key"
     template: "{{ARCH_SERVER_KEY_PEM}}"
     output_file: "{{SSL_CERTS_PATH}}/server.key.pem"
   - name: "server_cert"
     template: "{{ARCH_SERVER_CERT_PEM}}"
     output_file: "{{SSL_CERTS_PATH}}/server.cert.pem"
   - name: "ca_chain"
     template: "{{ARCH_CA_CHAIN_CERT_PEM}}"
     output_file: "{{SSL_CERTS_PATH}}/ca-chain.cert.pem"
config_end: true
Previous