Merge branch 'main' into multi-tenant

2024-09-25 17:09:04 +08:00
parent 860b53b06a eea255ff95
commit 69a54c9243
41 changed files with 468 additions and 13131 deletions
--- a/build.sh
+++ b/build.sh
@@ -234,7 +234,7 @@ case "${pkgtype}" in
        #cp -rf ${BuildDir}/systemd/*.service  ${DebBuildDir}/lib/systemd/system/
        chmod +x ${DebBuildDir}/usr/local/omc/bin/*
        sed -i "s/YYYYMMDD/${RelDate}/g" ${DebBuildDir}/DEBIAN/control
-        perl -0777 -i -pe 's/ne:\n  user: root/ne:\n  user: agtuser/g' ${DebBuildDir}/usr/local/omc/etc/default/restconf.yaml
+        perl -0777 -i -pe 's/ne:\n  user: root/ne:\n  user: omcuser/g' ${DebBuildDir}/usr/local/omc/etc/default/restconf.yaml
        dpkg -b ${DebBuildDir} ${ReleasePkgDir}/${DebPkgFile}
        cd ${ReleasePkgDir}
--- a/build/etc/nginx/conf.d/omc.conf
+++ b/build/etc/nginx/conf.d/omc.conf
@@ -1,57 +1,40 @@
 server {
-    listen          4443 ssl;
+    listen       44080;
-    listen          [::]:4443 ssl;
+    listen       44443;
-    server_name     0.0.0.0;
+    listen  [::]:44080;
-    root /usr/local/omc/htdocs/front/;
+    listen  [::]:44443;
-    index index.html index.htm;
+    server_name  localhost;
    server_name localhost;
    # SSL
    ssl_certificate                 /usr/local/omc/etc/certs/omc-server.crt;
    ssl_certificate_key             /usr/local/omc/etc/certs/omc-server.key;
-    # CA, 自定义
+    client_max_body_size 100M;
-    ssl_client_certificate          /usr/local/omc/etc/certs/omc-ca.crt;
+    keepalive_timeout    180s;
    ssl_verify_client on;
    # ssl ciphers
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
-#    location /api/rest/securityManagement {
+    #access_log  /var/log/nginx/host.access.log  main;
-#        proxy_pass                         http://127.0.0.1:5050;
+
-#    }
+    # ssl_certificate /usr/local/omc/etc/certs/omc-server.crt;
-#    location /api/rest/resourceManagement {
+    # ssl_certificate_key /usr/local/omc/etc/certs/omc-server.key;
-#        proxy_pass                         http://127.0.0.1:5050;
+    # ssl_client_certificate /usr/local/omc/etc/certs/omc-ca.crt;
-#    }
+    # ssl_verify_client on;
-#    location /api/rest/performanceManagement {
+    # ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
-#        proxy_pass                         http://127.0.0.1:5050;
+    # ssl_session_timeout  5m;
-#    }
+    # ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
-#    location /api/rest/faultManagement {
+    # ssl_prefer_server_ciphers on;
-#        proxy_pass                         http://127.0.0.1:5050;
+
-#    }
+    # OMC
 #    location /api/rest/aaaa/ {
 #        proxy_pass                         http://127.0.0.1:4040;
 #    }
    location /api/rest/ {
        proxy_pass                         http://127.0.0.1:3030;
    }                      
    location / {
-            try_files $uri $uri/ =404;
+        root /usr/local/omc/htdocs/front;
        try_files $uri $uri/ /index.html;
        index  index.html index.htm;
    }
 }
 server {
    listen 8888 default_server;
    listen [::]:8888 default_server;
    root /usr/local/omc/htdocs/front/;
    index index.html index.htm;
    server_name localhost;
    location /omc-api/ {
-        proxy_pass http://127.0.0.1:3030/;
+        proxy_pass http://127.0.0.1:33030/;
-
+        
-        proxy_http_version 1.1;
+        proxy_connect_timeout  180s;
-        proxy_cache_bypass $http_upgrade;
+        proxy_send_timeout     180s;
        proxy_read_timeout     180s;
        proxy_cache_bypass                  $http_upgrade;
        proxy_set_header Upgrade            $http_upgrade;
        proxy_set_header Connection         "upgrade";
        proxy_set_header Host               $host;
@@ -62,11 +45,27 @@ server {
        proxy_set_header X-Forwarded-Port   $server_port;
    }
-    location / {
+    location /api/rest/ {
-        root /usr/local/omc/htdocs/front;
+        proxy_pass http://127.0.0.1:33030/api/rest/;
-        try_files $uri $uri/ /index.html;
+        proxy_cache_bypass  $http_upgrade;
-        index   index.html index.htm;
+        proxy_set_header Upgrade            $http_upgrade;
        proxy_set_header Connection         "upgrade";
        proxy_set_header Host               $host;
        proxy_set_header X-Real-IP          $remote_addr;
        proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto  $scheme;
        proxy_set_header X-Forwarded-Host   $host;
        proxy_set_header X-Forwarded-Port   $server_port;
    }
    #error_page  404              /404.html;
    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
 }
--- a/build/usr/local/omc/static/omc.d/db/customized.sql
+++ b/build/usr/local/omc/static/omc.d/db/customized.sql
--- a/build/usr/local/omc/static/omc.d/doc/en_doc.pdf
+++ b/build/usr/local/omc/static/omc.d/doc/en_doc.pdf
--- a/build/usr/local/omc/static/omc.d/doc/zh_doc.pdf
+++ b/build/usr/local/omc/static/omc.d/doc/zh_doc.pdf
--- a/build/usr/local/omc/static/omc.d/logo/en_brand.png
+++ b/build/usr/local/omc/static/omc.d/logo/en_brand.png
--- a/build/usr/local/omc/static/omc.d/logo/en_icon.png
+++ b/build/usr/local/omc/static/omc.d/logo/en_icon.png
--- a/build/usr/local/omc/static/omc.d/logo/zh_brand.png
+++ b/build/usr/local/omc/static/omc.d/logo/zh_brand.png
--- a/build/usr/local/omc/static/omc.d/logo/zh_icon.png
+++ b/build/usr/local/omc/static/omc.d/logo/zh_icon.png
--- a/debbuild/22.04/DEBIAN/postinst
+++ b/debbuild/22.04/DEBIAN/postinst
@@ -1,10 +1,6 @@
 # !/bin/bash
 RedisRootDir=/usr/local
 OMCRootDir=/usr/local/omc
 RedisOldRootDir=/usr/local/db
 RedisConfDir=${RedisRootDir}/etc/kvdb
 DependsRootDir=${OMCRootDir}/depends
 SystemdRootDir=/lib/systemd/system
 OMCEtcDir=${OMCRootDir}/etc
 FERootDir=${OMCRootDir}/htdocs/front
@@ -15,7 +11,6 @@ UsrLocalBinDir=/usr/local/bin
 OmcDaemon=omcd
 NginxEtcDir=/etc/nginx
 NginxConfDir=${NginxEtcDir}/conf.d
 NginxSiteAvailable=${NginxEtcDir}/sites-available
 CFileList="restconf.yaml crontask.yaml tasks.yaml sshsvc.yaml capconf.yaml omc.conf"
 LogoFileList="zh_brand.png zh_icon.png en_brand.png en_icon.png"
@@ -25,7 +20,6 @@ echo "    sudo systemctl start/stop/restart/status restagent.service"
 echo "    sudo systemctl start/stop/restart/status crontask.service"
 echo "    sudo systemctl start/stop/restart/status sshsvc.service"
 echo "    sudo systemctl start/stop/restart/status captrace.service"
 echo "    sudo systemctl start/stop/restart/status kvdb.service"
 echo "    or run: "
 echo "    sudo /usr/local/omc/bin/omcsvc.sh start/stop/restart/status"
 echo ""
@@ -115,27 +109,25 @@ done
 if [ ! -e "${FERootDir}/config.js" ]; then    
    cp ${FERootDir}/default/config.js ${FERootDir}; 
-fi        
+fi
 for LogoFile in ${LogoFileList}; do
    if [ ! -e "${OMCStaticDir}/logo/${LogoFile}" ]; then
-        cp ${OMCStaticDir}/agt.d/logo/${LogoFile} ${OMCStaticDir}/logo;
+        cp ${OMCStaticDir}/omc.d/logo/${LogoFile} ${OMCStaticDir}/logo;
    fi                 
-done        
+done
 if ! id -u omc >/dev/null 2>&1 ; then     
    useradd -d /opt/omc -m -s /bin/bash -pomc123 omc; 
    mkdir -p /opt/omc/ftp
 else 
    echo "user omc exist"; 
 fi
 if [ ! -e "${NginxConfDir}/omc.conf" ]; then
    mkdir -p ${NginxConfDir}    
    cp -f ${OMCEtcDir}/nginx/omc.conf ${NginxConfDir}; 
 fi
 #cp -f ${OMCEtcDir}/nginx/default ${NginxSiteAvailable}
 if [ -e "${NginxSiteAvailable}/default" ]; then
    sed -i 's/listen 80 default_server;/listen 1080 default_server;/g' ${NginxSiteAvailable}/default
    sed -i 's/listen \[::\]:80 default_server;/listen \[::\]:1080 default_server;/g' ${NginxSiteAvailable}/default
 fi 
 # disable auto upgrade
 systemctl disable --now unattended-upgrades
@@ -144,12 +136,11 @@ systemctl enable restagent.service
 systemctl enable crontask.service
 systemctl enable sshsvc.service
 systemctl enable captrace.service
-#systemctl enable kvdb.service
+
 systemctl daemon-reload
 #systemctl stop nginx.service 
 # read environment parameter and to do 
-if [ "$M_PARAM" == "install" -o "$M_PARAM" == "upgrade" ]; then
+if [ "$M_PARAM" = "install" -o "$M_PARAM" = "upgrade" ]; then
    echo "M parameter: $M_PARAM"
    if [ -n "$C_PARAM" ]; then
        echo "C parameter: $C_PARAM"
@@ -164,15 +155,9 @@ if [ "$M_PARAM" == "install" -o "$M_PARAM" == "upgrade" ]; then
    fi
 fi
-systemctl stop restagent.service
+echo -n "Starting OMC service ... "
 systemctl stop crontask.service
 systemctl stop sshsvc.service
 systemctl stop captrace.service
 #systemctl stop kvdb.service 
 #systemctl start nginx.service
 #systemctl start kvdb.service
 systemctl start crontask.service
 systemctl start sshsvc.service
 systemctl start captrace.service
 systemctl start restagent.service
-
+echo "done"
--- a/debbuild/22.04/DEBIAN/postrm
+++ b/debbuild/22.04/DEBIAN/postrm
@@ -1,27 +1,31 @@
 # !/bin/bash
 X86Lib64Dir=/lib/x86_64-linux-gnu
-cd ${X86Lib64Dir}
+rm -rf ${X86Lib64Dir}/libwireshark.so.15
-rm libwireshark.so.15
+rm -rf ${X86Lib64Dir}/libwireshark.so
-rm libwireshark.so
+rm -rf ${X86Lib64Dir}/libwiretap.so.12
-rm libwiretap.so.12
+rm -rf ${X86Lib64Dir}/libwiretap.so
-rm libwiretap.so
+rm -rf ${X86Lib64Dir}/libwsutil.so.13
-rm libwsutil.so.13
+rm -rf ${X86Lib64Dir}/libwsutil.so
 rm libwsutil.so
 systemctl stop nginx.service
 systemctl stop restagent.service
 systemctl stop crontask.service
 systemctl stop sshsvc.service
 systemctl stop captrace.service
 #systemctl stop kvdb.service
 #rm -rf /usr/local/omc
 rm -rf /etc/nginx/conf.d/omc.conf
 rm -f /usr/local/bin/omcd
 systemctl daemon-reload
 if systemctl list-units --type=service --all | grep -q 'restagent.service'; then
    echo -n "Stopping OMC service ... "
    systemctl stop restagent.service
    systemctl stop crontask.service
    systemctl stop sshsvc.service
    systemctl stop captrace.service
    echo "done"
 fi
 systemctl disable restagent.service
 systemctl disable crontask.service
 systemctl disable sshsvc.service
 systemctl disable captrace.service
-#systemctl disable kvdb.service
+
-systemctl daemon-reload
+systemctl daemon-reload
--- a/debbuild/22.04/DEBIAN/preinst
+++ b/debbuild/22.04/DEBIAN/preinst
@@ -1,6 +1,17 @@
 # !/bin/bash
 systemctl daemon-reload
 if systemctl list-units --type=service --all | grep -q 'restagent.service'; then
    echo -n "Stopping OMC service ... "
    systemctl stop restagent.service
    systemctl stop crontask.service
    systemctl stop sshsvc.service
    systemctl stop captrace.service
    echo "done"
 fi
 FERootDir=/usr/local/omc/htdocs/front
 # apt-get install zip
 # clear front-end old hash js files
 rm -rf ${FERootDir}/assets
--- a/debbuild/22.04/etc/nginx/conf.d/omc.conf
+++ b/debbuild/22.04/etc/nginx/conf.d/omc.conf
@@ -1,51 +1,40 @@
 server {
-    listen                             4443 ssl;
+    listen       44080;
-    listen                             [::]:4443 ssl;
+    listen       44443;
-    server_name                        0.0.0.0;
+    listen  [::]:44080;
-    root /usr/local/omc/htdocs/front/;
+    listen  [::]:44443;
-    index index.html index.htm;
+    server_name  localhost;
    server_name localhost;
    # SSL
    ssl_certificate                    /usr/local/omc/etc/certs/ca_cert.pem;
    ssl_certificate_key                /usr/local/omc/etc/certs/private_key.pem;
    #ssl_certificate                    /usr/local/omc/etc/certs/tsa-omc.pem;
    #ssl_certificate_key                /usr/local/omc/etc/certs/tsa-omc_pri.pem;
-#    location /api/rest/securityManagement {
+    client_max_body_size 100M;
-#        proxy_pass                         http://127.0.0.1:5050;
+    keepalive_timeout    180s;
-#    }
+
-#    location /api/rest/resourceManagement {
+    #access_log  /var/log/nginx/host.access.log  main;
-#        proxy_pass                         http://127.0.0.1:5050;
+
-#    }
+    # ssl_certificate /usr/local/omc/etc/certs/omc-server.crt;
-#    location /api/rest/performanceManagement {
+    # ssl_certificate_key /usr/local/omc/etc/certs/omc-server.key;
-#        proxy_pass                         http://127.0.0.1:5050;
+    # ssl_client_certificate /usr/local/omc/etc/certs/omc-ca.crt;
-#    }
+    # ssl_verify_client on;
-#    location /api/rest/faultManagement {
+    # ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
-#        proxy_pass                         http://127.0.0.1:5050;
+    # ssl_session_timeout  5m;
-#    }
+    # ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
-#    location /api/rest/aaaa/ {
+    # ssl_prefer_server_ciphers on;
-#        proxy_pass                         http://127.0.0.1:4040;
+
-#    }
+    # OMC
    location /api/rest/ {
        proxy_pass                         http://127.0.0.1:3030;
    }                      
    location / {
-            try_files $uri $uri/ =404;
+        root /usr/local/omc/htdocs/front;
        try_files $uri $uri/ /index.html;
        index  index.html index.htm;
    }
 }
 server {
    listen 8888 default_server;
    listen [::]:8888 default_server;
    root /usr/local/omc/htdocs/front/;
    index index.html index.htm;
    server_name localhost;
    location /omc-api/ {
-        proxy_pass http://127.0.0.1:3030/;
+        proxy_pass http://127.0.0.1:33030/;
-
+        
-        proxy_http_version 1.1;
+        proxy_connect_timeout  180s;
-        proxy_cache_bypass $http_upgrade;
+        proxy_send_timeout     180s;
        proxy_read_timeout     180s;
        proxy_cache_bypass                  $http_upgrade;
        proxy_set_header Upgrade            $http_upgrade;
        proxy_set_header Connection         "upgrade";
        proxy_set_header Host               $host;
@@ -56,11 +45,27 @@ server {
        proxy_set_header X-Forwarded-Port   $server_port;
    }
-    location / {
+    location /api/rest/ {
-        root /usr/local/omc/htdocs/front;
+        proxy_pass http://127.0.0.1:33030/api/rest/;
-        try_files $uri $uri/ /index.html;
+        proxy_cache_bypass  $http_upgrade;
-        index   index.html index.htm;
+        proxy_set_header Upgrade            $http_upgrade;
        proxy_set_header Connection         "upgrade";
        proxy_set_header Host               $host;
        proxy_set_header X-Real-IP          $remote_addr;
        proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto  $scheme;
        proxy_set_header X-Forwarded-Host   $host;
        proxy_set_header X-Forwarded-Port   $server_port;
    }
    #error_page  404              /404.html;
    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
 }
--- a/debbuild/22.04/usr/local/omc/depends/kvdb/usr/lib/systemd/system/kvdb.service
+++ b/debbuild/22.04/usr/local/omc/depends/kvdb/usr/lib/systemd/system/kvdb.service
@@ -1,11 +0,0 @@
 [Service]
 Type=forking
 ExecStart=/usr/local/bin/kvdb-server /usr/local/etc/kvdb/kvdb.conf
 ExecStopPost=
 PIDFile=
 Restart=always
 RestartSec=3
 [Install]
 WantedBy=multi-user.target
--- a/debbuild/22.04/usr/local/omc/depends/kvdb/usr/local/bin/kvdb-cli
+++ b/debbuild/22.04/usr/local/omc/depends/kvdb/usr/local/bin/kvdb-cli
--- a/debbuild/22.04/usr/local/omc/depends/kvdb/usr/local/bin/kvdb-server
+++ b/debbuild/22.04/usr/local/omc/depends/kvdb/usr/local/bin/kvdb-server
--- a/debbuild/22.04/usr/local/omc/depends/kvdb/usr/local/etc/kvdb/default/kvdb.conf
+++ b/debbuild/22.04/usr/local/omc/depends/kvdb/usr/local/etc/kvdb/default/kvdb.conf
--- a/debbuild/22.04/usr/local/omc/depends/kvdb/usr/local/etc/kvdb/default/kvdb.conf_dual
+++ b/debbuild/22.04/usr/local/omc/depends/kvdb/usr/local/etc/kvdb/default/kvdb.conf_dual
--- a/debbuild/22.04/usr/local/omc/depends/kvdb/usr/local/etc/kvdb/log/kvdb-server.log
+++ b/debbuild/22.04/usr/local/omc/depends/kvdb/usr/local/etc/kvdb/log/kvdb-server.log
--- a/debbuild/22.04/usr/local/omc/etc/default/restconf.yaml
+++ b/debbuild/22.04/usr/local/omc/etc/default/restconf.yaml
@@ -4,35 +4,39 @@
 # count: rotation count of log, default is 30 rotation
 logger:
  file: /usr/local/omc/log/restagent.log 
-  level: debug
+  level: warn
  duration: 24
  count: 90   
 # rest agent listen ipv4/v6 and port, support multiple routines
 # ip: 0.0.0.0 or ::0, support IPv4/v6
 # clientAuthType: 0:NoClientCert (default), 1:RequestClientCert, 2:RequireAnyClientCert, 
 #                 3:VerifyClientCertIfGiven, 4:RequireAndVerifyClientCerts
 rest:
  - ipv4: 0.0.0.0
    ipv6: 
-    port: 3030
+    port: 33030
  - ipv4: 0.0.0.0
    ipv6: 
-    port: 4443
+    port: 33443
    schema: https
-    caFile: /usr/local/omc/etc/certs/rootca.crt
+    clientAuthType: 0
-    certFile: /usr/local/omc/etc/certs/tsa-omc.crt
+    caFile: /usr/local/omc/etc/certs/omc-ca.crt
-    keyFile: /usr/local/omc/etc/certs/tsa-omc_pri.key
+    certFile: /usr/local/omc/etc/certs/omc-server.crt
    keyFile: /usr/local/omc/etc/certs/omc-server.key
 webServer:
  enabled: true
  rootDir: /usr/local/omc/htdocs/front
  listen: 
-    - addr: :8080
+    - addr: :80
      schema: http
-    - addr: :8443
+    - addr: :443
      schema: https
-      caFile: /usr/local/omc/etc/certs/rootca.crt
+      clientAuthType: 0
-      certFile: /usr/local/omc/etc/certs/tsa-omc.crt
+      caFile: /usr/local/omc/etc/certs/omc-ca.crt
-      keyFile: /usr/local/omc/etc/certs/tsa-omc_pri.key
+      certFile: /usr/local/omc/etc/certs/omc-server.crt
      keyFile: /usr/local/omc/etc/certs/omc-server.key
 database:
  type: mysql
@@ -41,89 +45,116 @@ database:
  host: 127.0.0.1
  port: 33066
  name: tenants_db
  connParam: charset=utf8mb4&collation=utf8mb4_general_ci&parseTime=True&interpolateParams=True
  backup: /usr/local/omc/database
-# Redis 缓存数据，数据源声明全小写
+# Redis data cache
 redis:
  dataSource:
-    # OMC系统使用库
+    # OMC system db
    default:
      port: 6379 # Redis port
      host: "127.0.0.1" # Redis host
-      password: ""
+      password: "helloearth"
      db: 10 # Redis db_num
-    # UDM网元用户库
+    # UDM sub/auth db
    udmuser:
      port: 6379 # Redis port
      host: "127.0.0.1"
-      password: ""
+      password: "helloearth"
      db: 0 # Redis db_num
-  # 多个数据源时可以用这个指定默认的数据源
+  # used to specify the default data source for multiple data resourece
  defaultDataSourceName: "default"
 # sleep: time delay for after write buffer (millisecond)
 # deadLine: timeout for io read and write (second)
 mml:
  port: 4100
  port2: 5002
  sleep: 200
  deadLine: 10
  sizeRow: 600
  sizeCol: 128
  bufferSize: 65535
  user: admin
  password: admin
  mmlHome: ./mmlhome
  upload: /home/agtuser
 # NE config
 ne:
-  user: agtuser
+  user: omcuser
  etcdir: /usr/local/etc
  bindir: /usr/local/bin
  omcdir: /usr/local/omc
  scpdir: /tmp
  licensedir: /usr/local/etc/{neType}/license
  # backup etc list of IMS, does not contain spaces
  etcListIMS: '{*.yaml,mmtel,vars.cfg}'
  etcListDefault: '{*.yaml,*.conf,*.cfg}'
  # true/false to overwrite config file when dpkg ne software 
  dpkgOverwrite: false
  # dpkg timeout (second)
  dpkgTimeout: 180
 # chk2ne: true/false, if put OmcNeConfig parameters to NE
 omc:
-  uriPrefix: /api/rest/oam
+  uriPrefix: "/omc/rest"
  neType: OMC
  neId: 001
  rmUID: 4400HX101
  neName: OMC
-  province: GD
+  province: ""
  vendor: ""
-  dn: 4600
+  dn: ""
  chk2ne: false
-  sn: 13750650
+  sn: "-"
  checksign: false
  rootDir: /usr/local/omc
  binDir: /usr/local/omc/bin
  backup: /usr/local/omc/backup
  upload: /usr/local/omc/upload
  frontUpload: /usr/local/omc/htdocs/front/upload
  frontTraceDir: /usr/local/omc/htdocs/front/trace
  software: /usr/local/omc/software
  license: /usr/local/omc/license
-  gtpUri: gtp:192.168.2.119:2152 
+  gtpUri: gtp:192.168.2.119:32152 
  checkContentType: false
  testMode: false
  rbacMode: true
  runDir: /usr/local/omc/run
  cmdTimeout: 120
 # Alarm module setting
 # Forward interface:
-# email/sms  
+# email/sms/smsc  
 alarm: 
  forwardAlarm: true
  email:
-    smtp: smtp@xxx.com
+    smtp: smtp.xxx.com
    port: 25
-    user: smtpuser
+    user: smtpuser@xxx.com
-    password: smtpuser@omc
+    password: xxxxxx
    # TLS skip verify: true/false
    tlsSkipVerify: true    
  smProxy: smsc
  sms:
    apiURL: http://smsc.xxx.com
    accessKeyID: xxx
    accessKeySecret: xxx
    signName: XXX SMSC
    templateCode: 1000
  smsc:
    addr: "192.168.13.114:2775"
    systemID: "alarmsmsfw"
    password: "omc123"
    systemType: ""
-#User authorized information
+# User authorized information
 # crypt: mysql/md5/bcrypt
 # token: true/false to check accessToken
 # expires for session, unit: second
 # Support single/multiple session of user
 #
 auth:
  crypt: bcrypt
  token: true
@@ -148,5 +179,5 @@ params:
  rmuidregexp: "[0-9]{4}[A-Z]{2}[A-Z]{2}[0-9A-Z]{1}[0-9A-Z]{3}[0-9A-Z]{1,16}"
 testConfig:
-  enabled: true
+  enabled: false
  file: /usr/local/omc/etc/testconfig.yaml
--- a/debbuild/DEBIAN/postinst
+++ b/debbuild/DEBIAN/postinst
@@ -1,10 +1,6 @@
 # !/bin/bash
 RedisRootDir=/usr/local
 OMCRootDir=/usr/local/omc
 RedisOldRootDir=/usr/local/db
 RedisConfDir=${RedisRootDir}/etc/kvdb
 DependsRootDir=${OMCRootDir}/depends
 SystemdRootDir=/lib/systemd/system
 OMCEtcDir=${OMCRootDir}/etc
 FERootDir=${OMCRootDir}/htdocs/front
@@ -15,7 +11,6 @@ UsrLocalBinDir=/usr/local/bin
 OmcDaemon=omcd
 NginxEtcDir=/etc/nginx
 NginxConfDir=${NginxEtcDir}/conf.d
 NginxSiteAvailable=${NginxEtcDir}/sites-available
 CFileList="restconf.yaml crontask.yaml tasks.yaml sshsvc.yaml capconf.yaml omc.conf"
 LogoFileList="zh_brand.png zh_icon.png en_brand.png en_icon.png"
@@ -25,7 +20,6 @@ echo "    sudo systemctl start/stop/restart/status restagent.service"
 echo "    sudo systemctl start/stop/restart/status crontask.service"
 echo "    sudo systemctl start/stop/restart/status sshsvc.service"
 echo "    sudo systemctl start/stop/restart/status captrace.service"
 echo "    sudo systemctl start/stop/restart/status kvdb.service"
 echo "    or run: "
 echo "    sudo /usr/local/omc/bin/omcsvc.sh start/stop/restart/status"
 echo ""
@@ -57,85 +51,27 @@ for CFile in ${CFileList}; do
    fi                  
 done
 # # Install redis db if not exist /usr/local/db
 # if [ ! -e "${RedisRootDir}/bin/kvdb-server" ]; then
 # #    if [ ! -e "${RedisRootDir}" ]; then
 # #        mkdir -p ${RedisRootDir}
 # #    fi
 #     # stop old adb service
 #     if [ -e "${RedisOldRootDir}/bin/redis-server" ] && [ -e "${SystemdRootDir}/adb.service" ]; then
 #         systemctl stop adb.service
 #         systemctl disable adb.service
 #     fi
 #     # stop adb service
 #     if [ -e "${UsrLocalBinDir}/adb-server" ] && [ -e "${SystemdRootDir}/adb.service" ]; then
 #         systemctl stop adb.service
 #         systemctl disable adb.service
 #     fi    
 #     cp -rf ${DependsRootDir}/kvdb/* /
 #     chmod +rx ${RedisRootDir}/bin/kvdb*
 #     if [ ! -e "${RedisConfDir}/kvdb.conf" ]; then    
 #         cp ${RedisConfDir}/default/kvdb.conf ${RedisConfDir};
 #     fi
 #     sed -i 's/replica-read-only yes/replica-read-only no/g' ${RedisConfDir}/kvdb.conf 
 #     LINE="masterauth helloearth"
 #     FILE="${RedisConfDir}/kvdb.conf"
 #     # 检查文件中是否存在该行
 #     if ! grep -qxF "$LINE" "$FILE"; then
 #         # 如果不存在，将其添加到文件末尾
 #         echo "$LINE" >> "$FILE"
 #     fi
 #     # copy the old adb dump.rdb
 #     if [ -e "${RedisOldRootDir}/bin/conf/dump.rdb" ] && [ ! -e "${RedisConfDir}/dump.rdb" ]; then
 #         cp -f ${RedisOldRootDir}/bin/conf/dump.rdb ${RedisConfDir};
 #         mv -f ${RedisRootDir}/db ${RedisRootDir}/adb.old
 #     fi
 #     # copy the adb dump.rdb
 #     if [ -e "${RedisRootDir}/etc/adb/dump.rdb" ] && [ ! -e "${RedisRootDir}/etc/kvdb/dump.rdb" ]; then
 #         cp -f ${RedisRootDir}/etc/adb/dump.rdb ${RedisRootDir}/etc/kvdb/;
 #         mv -f ${RedisRootDir}/etc/adb ${RedisRootDir}/etc/adb.old
 #     fi          
 # #    cp -f ${DependsRootDir}/systemd/kvdb.service ${SystemdRootDir}
 # else
 #     if [ ! -e "${RedisConfDir}/kvdb.conf" ]; then    
 #         cp ${RedisConfDir}/default/kvdb.conf ${RedisConfDir}
 #     fi
 #     sed -i 's/replica-read-only yes/replica-read-only no/g' ${RedisConfDir}/kvdb.conf
 #     LINE="masterauth helloearth"
 #     FILE="${RedisConfDir}/kvdb.conf"
 #     # 检查文件中是否存在该行
 #     if ! grep -qxF "$LINE" "$FILE"; then
 #         # 如果不存在，将其添加到文件末尾
 #         echo "$LINE" >> "$FILE"
 #     fi         
 # fi
 if [ ! -e "${FERootDir}/config.js" ]; then    
    cp ${FERootDir}/default/config.js ${FERootDir}; 
 fi
 for LogoFile in ${LogoFileList}; do
    if [ ! -e "${OMCStaticDir}/logo/${LogoFile}" ]; then
-        cp ${OMCStaticDir}/agt.d/logo/${LogoFile} ${OMCStaticDir}/logo;
+        cp ${OMCStaticDir}/omc.d/logo/${LogoFile} ${OMCStaticDir}/logo;
    fi                 
-done        
+done
 if ! id -u omc >/dev/null 2>&1 ; then     
    useradd -d /opt/omc -m -s /bin/bash -pomc123 omc; 
    mkdir -p /opt/omc/ftp
 else 
    echo "user omc exist"; 
 fi
 if [ ! -e "${NginxConfDir}/omc.conf" ]; then
    mkdir -p ${NginxConfDir}
    cp -f ${OMCEtcDir}/nginx/omc.conf ${NginxConfDir}; 
 fi
 #cp -f ${OMCEtcDir}/nginx/default ${NginxSiteAvailable}
 if [ -e "${NginxSiteAvailable}/default" ]; then
    sed -i 's/listen 80 default_server;/listen 1080 default_server;/g' ${NginxSiteAvailable}/default
    sed -i 's/listen \[::\]:80 default_server;/listen \[::\]:1080 default_server;/g' ${NginxSiteAvailable}/default
 fi 
 # disable auto upgrade
 systemctl disable --now unattended-upgrades
@@ -144,12 +80,11 @@ systemctl enable restagent.service
 systemctl enable crontask.service
 systemctl enable sshsvc.service
 systemctl enable captrace.service
-#systemctl enable kvdb.service
+
 systemctl daemon-reload
 #systemctl stop nginx.service 
 # read environment parameter and to do 
-if [ "$M_PARAM" == "install" -o "$M_PARAM" == "upgrade" ]; then
+if [ "$M_PARAM" = "install" -o "$M_PARAM" = "upgrade" ]; then
    echo "M parameter: $M_PARAM"
    if [ -n "$C_PARAM" ]; then
        echo "C parameter: $C_PARAM"
@@ -164,15 +99,9 @@ if [ "$M_PARAM" == "install" -o "$M_PARAM" == "upgrade" ]; then
    fi
 fi
-systemctl stop restagent.service
+echo -n "Starting OMC service ... "
 systemctl stop crontask.service
 systemctl stop sshsvc.service
 systemctl stop captrace.service
 #systemctl stop kvdb.service 
 #systemctl start nginx.service
 #systemctl start kvdb.service
 systemctl start crontask.service
 systemctl start sshsvc.service
 systemctl start captrace.service
 systemctl start restagent.service
-
+echo "done"
--- a/debbuild/DEBIAN/postrm
+++ b/debbuild/DEBIAN/postrm
@@ -1,27 +1,31 @@
 # !/bin/bash
 X86Lib64Dir=/lib/x86_64-linux-gnu
-cd ${X86Lib64Dir}
+rm -rf ${X86Lib64Dir}/libwireshark.so.15
-rm libwireshark.so.15
+rm -rf ${X86Lib64Dir}/libwireshark.so
-rm libwireshark.so
+rm -rf ${X86Lib64Dir}/libwiretap.so.12
-rm libwiretap.so.12
+rm -rf ${X86Lib64Dir}/libwiretap.so
-rm libwiretap.so
+rm -rf ${X86Lib64Dir}/libwsutil.so.13
-rm libwsutil.so.13
+rm -rf ${X86Lib64Dir}/libwsutil.so
 rm libwsutil.so
 systemctl stop nginx.service
 systemctl stop restagent.service
 systemctl stop crontask.service
 systemctl stop sshsvc.service
 systemctl stop captrace.service
 #systemctl stop kvdb.service
 #rm -rf /usr/local/omc
 rm -rf /etc/nginx/conf.d/omc.conf
 rm -f /usr/local/bin/omcd
 systemctl daemon-reload
 if systemctl list-units --type=service --all | grep -q 'restagent.service'; then
    echo -n "Stopping OMC service ... "
    systemctl stop restagent.service
    systemctl stop crontask.service
    systemctl stop sshsvc.service
    systemctl stop captrace.service
    echo "done"
 fi
 systemctl disable restagent.service
 systemctl disable crontask.service
 systemctl disable sshsvc.service
 systemctl disable captrace.service
-#systemctl disable kvdb.service
+
-systemctl daemon-reload
+systemctl daemon-reload
--- a/debbuild/DEBIAN/preinst
+++ b/debbuild/DEBIAN/preinst
@@ -1,6 +1,17 @@
 # !/bin/bash
 systemctl daemon-reload
 if systemctl list-units --type=service --all | grep -q 'restagent.service'; then
    echo -n "Stopping OMC service ... "
    systemctl stop restagent.service
    systemctl stop crontask.service
    systemctl stop sshsvc.service
    systemctl stop captrace.service
    echo "done"
 fi
 FERootDir=/usr/local/omc/htdocs/front
 # apt-get install zip
 # clear front-end old hash js files
 rm -rf ${FERootDir}/assets
--- a/debbuild/etc/nginx/conf.d/omc.conf
+++ b/debbuild/etc/nginx/conf.d/omc.conf
@@ -1,51 +1,40 @@
 server {
-    listen                             4443 ssl;
+    listen       44080;
-    listen                             [::]:4443 ssl;
+    listen       44443;
-    server_name                        0.0.0.0;
+    listen  [::]:44080;
-    root /usr/local/omc/htdocs/front/;
+    listen  [::]:44443;
-    index index.html index.htm;
+    server_name  localhost;
    server_name localhost;
    # SSL
    ssl_certificate                    /usr/local/omc/etc/certs/ca_cert.pem;
    ssl_certificate_key                /usr/local/omc/etc/certs/private_key.pem;
    #ssl_certificate                    /usr/local/omc/etc/certs/tsa-omc.pem;
    #ssl_certificate_key                /usr/local/omc/etc/certs/tsa-omc_pri.pem;
-#    location /api/rest/securityManagement {
+    client_max_body_size 100M;
-#        proxy_pass                         http://127.0.0.1:5050;
+    keepalive_timeout    180s;
-#    }
+
-#    location /api/rest/resourceManagement {
+    #access_log  /var/log/nginx/host.access.log  main;
-#        proxy_pass                         http://127.0.0.1:5050;
+
-#    }
+    # ssl_certificate /usr/local/omc/etc/certs/omc-server.crt;
-#    location /api/rest/performanceManagement {
+    # ssl_certificate_key /usr/local/omc/etc/certs/omc-server.key;
-#        proxy_pass                         http://127.0.0.1:5050;
+    # ssl_client_certificate /usr/local/omc/etc/certs/omc-ca.crt;
-#    }
+    # ssl_verify_client on;
-#    location /api/rest/faultManagement {
+    # ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
-#        proxy_pass                         http://127.0.0.1:5050;
+    # ssl_session_timeout  5m;
-#    }
+    # ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
-#    location /api/rest/aaaa/ {
+    # ssl_prefer_server_ciphers on;
-#        proxy_pass                         http://127.0.0.1:4040;
+
-#    }
+    # OMC
    location /api/rest/ {
        proxy_pass                         http://127.0.0.1:3030;
    }                      
    location / {
-            try_files $uri $uri/ =404;
+        root /usr/local/omc/htdocs/front;
        try_files $uri $uri/ /index.html;
        index  index.html index.htm;
    }
 }
 server {
    listen 8888 default_server;
    listen [::]:8888 default_server;
    root /usr/local/omc/htdocs/front/;
    index index.html index.htm;
    server_name localhost;
    location /omc-api/ {
-        proxy_pass http://127.0.0.1:3030/;
+        proxy_pass http://127.0.0.1:33030/;
-
+        
-        proxy_http_version 1.1;
+        proxy_connect_timeout  180s;
-        proxy_cache_bypass $http_upgrade;
+        proxy_send_timeout     180s;
        proxy_read_timeout     180s;
        proxy_cache_bypass                  $http_upgrade;
        proxy_set_header Upgrade            $http_upgrade;
        proxy_set_header Connection         "upgrade";
        proxy_set_header Host               $host;
@@ -56,11 +45,27 @@ server {
        proxy_set_header X-Forwarded-Port   $server_port;
    }
-    location / {
+    location /api/rest/ {
-        root /usr/local/omc/htdocs/front;
+        proxy_pass http://127.0.0.1:33030/api/rest/;
-        try_files $uri $uri/ /index.html;
+        proxy_cache_bypass  $http_upgrade;
-        index   index.html index.htm;
+        proxy_set_header Upgrade            $http_upgrade;
        proxy_set_header Connection         "upgrade";
        proxy_set_header Host               $host;
        proxy_set_header X-Real-IP          $remote_addr;
        proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto  $scheme;
        proxy_set_header X-Forwarded-Host   $host;
        proxy_set_header X-Forwarded-Port   $server_port;
    }
    #error_page  404              /404.html;
    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
 }
--- a/debbuild/usr/local/omc/depends/kvdb/lib/systemd/system/kvdb.service
+++ b/debbuild/usr/local/omc/depends/kvdb/lib/systemd/system/kvdb.service
@@ -1,11 +0,0 @@
 [Service]
 Type=forking
 ExecStart=/usr/local/bin/kvdb-server /usr/local/etc/kvdb/kvdb.conf
 ExecStopPost=
 PIDFile=
 Restart=always
 RestartSec=3
 [Install]
 WantedBy=multi-user.target
--- a/debbuild/usr/local/omc/depends/kvdb/usr/local/bin/kvdb-cli
+++ b/debbuild/usr/local/omc/depends/kvdb/usr/local/bin/kvdb-cli
--- a/debbuild/usr/local/omc/depends/kvdb/usr/local/bin/kvdb-server
+++ b/debbuild/usr/local/omc/depends/kvdb/usr/local/bin/kvdb-server
--- a/debbuild/usr/local/omc/depends/kvdb/usr/local/etc/kvdb/default/kvdb.conf
+++ b/debbuild/usr/local/omc/depends/kvdb/usr/local/etc/kvdb/default/kvdb.conf
--- a/debbuild/usr/local/omc/depends/kvdb/usr/local/etc/kvdb/default/kvdb.conf_dual
+++ b/debbuild/usr/local/omc/depends/kvdb/usr/local/etc/kvdb/default/kvdb.conf_dual
--- a/debbuild/usr/local/omc/depends/kvdb/usr/local/etc/kvdb/log/kvdb-server.log
+++ b/debbuild/usr/local/omc/depends/kvdb/usr/local/etc/kvdb/log/kvdb-server.log
--- a/debbuild/usr/local/omc/etc/default/restconf.yaml
+++ b/debbuild/usr/local/omc/etc/default/restconf.yaml
@@ -4,35 +4,39 @@
 # count: rotation count of log, default is 30 rotation
 logger:
  file: /usr/local/omc/log/restagent.log 
-  level: debug
+  level: warn
  duration: 24
  count: 90   
 # rest agent listen ipv4/v6 and port, support multiple routines
 # ip: 0.0.0.0 or ::0, support IPv4/v6
 # clientAuthType: 0:NoClientCert (default), 1:RequestClientCert, 2:RequireAnyClientCert, 
 #                 3:VerifyClientCertIfGiven, 4:RequireAndVerifyClientCerts
 rest:
  - ipv4: 0.0.0.0
    ipv6: 
-    port: 3030
+    port: 33030
  - ipv4: 0.0.0.0
    ipv6: 
-    port: 4443
+    port: 33443
    schema: https
-    caFile: /usr/local/omc/etc/certs/rootca.crt
+    clientAuthType: 0
-    certFile: /usr/local/omc/etc/certs/tsa-omc.crt
+    caFile: /usr/local/omc/etc/certs/omc-ca.crt
-    keyFile: /usr/local/omc/etc/certs/tsa-omc_pri.key
+    certFile: /usr/local/omc/etc/certs/omc-server.crt
    keyFile: /usr/local/omc/etc/certs/omc-server.key
 webServer:
  enabled: true
  rootDir: /usr/local/omc/htdocs/front
  listen: 
-    - addr: :8080
+    - addr: :80
      schema: http
-    - addr: :8443
+    - addr: :443
      schema: https
-      caFile: /usr/local/omc/etc/certs/rootca.crt
+      clientAuthType: 0
-      certFile: /usr/local/omc/etc/certs/tsa-omc.crt
+      caFile: /usr/local/omc/etc/certs/omc-ca.crt
-      keyFile: /usr/local/omc/etc/certs/tsa-omc_pri.key
+      certFile: /usr/local/omc/etc/certs/omc-server.crt
      keyFile: /usr/local/omc/etc/certs/omc-server.key
 database:
  type: mysql
@@ -43,87 +47,113 @@ database:
  name: tenants_db
  backup: /usr/local/omc/database
-# Redis 缓存数据，数据源声明全小写
+# Redis data cache
 redis:
  dataSource:
-    # OMC系统使用库
+    # OMC system db
    default:
      port: 6379 # Redis port
      host: "127.0.0.1" # Redis host
-      password: ""
+      password: "helloearth"
      db: 10 # Redis db_num
-    # UDM网元用户库
+    # UDM sub/auth db
    udmuser:
      port: 6379 # Redis port
      host: "127.0.0.1"
-      password: ""
+      password: "helloearth"
      db: 0 # Redis db_num
-  # 多个数据源时可以用这个指定默认的数据源
+  # used to specify the default data source for multiple data resourece
  defaultDataSourceName: "default"
 # sleep: time delay for after write buffer (millisecond)
 # deadLine: timeout for io read and write (second)
 mml:
  port: 4100
  port2: 5002
  sleep: 200
  deadLine: 10
  sizeRow: 600
  sizeCol: 128
  bufferSize: 65535
  user: admin
  password: admin
  mmlHome: ./mmlhome
  upload: /home/agtuser
 # NE config
 ne:
-  user: agtuser
+  user: omcuser
  etcdir: /usr/local/etc
  bindir: /usr/local/bin
  omcdir: /usr/local/omc
  scpdir: /tmp
  licensedir: /usr/local/etc/{neType}/license
  # backup etc list of IMS, does not contain spaces
  etcListIMS: '{*.yaml,mmtel,vars.cfg}'
  etcListDefault: '{*.yaml,*.conf,*.cfg}'
  # true/false to overwrite config file when dpkg ne software 
  dpkgOverwrite: false
  # dpkg timeout (second)
  dpkgTimeout: 180
 # chk2ne: true/false, if put OmcNeConfig parameters to NE
 omc:
-  uriPrefix: /api/rest/oam
+  uriPrefix: "/omc/rest"
  neType: OMC
  neId: 001
  rmUID: 4400HX101
  neName: OMC
-  province: GD
+  province: ""
  vendor: ""
-  dn: 4600
+  dn: ""
  chk2ne: false
-  sn: 13750650
+  sn: "-"
  checksign: false
  rootDir: /usr/local/omc
  binDir: /usr/local/omc/bin
  backup: /usr/local/omc/backup
  upload: /usr/local/omc/upload
  frontUpload: /usr/local/omc/htdocs/front/upload
  frontTraceDir: /usr/local/omc/htdocs/front/trace
  software: /usr/local/omc/software
  license: /usr/local/omc/license
-  gtpUri: gtp:192.168.2.119:2152 
+  gtpUri: gtp:192.168.2.119:32152 
  checkContentType: false
  testMode: false
  rbacMode: true
  runDir: /usr/local/omc/run
  cmdTimeout: 120
 # Alarm module setting
 # Forward interface:
-# email/sms  
+# email/sms/smsc  
 alarm: 
  forwardAlarm: true
  email:
-    smtp: smtp@xxx.com
+    smtp: smtp.xxx.com
    port: 25
-    user: smtpuser
+    user: smtpuser@xxx.com
-    password: smtpuser@omc
+    password: xxxxxx
    # TLS skip verify: true/false
    tlsSkipVerify: true    
  smProxy: smsc
  sms:
    apiURL: http://smsc.xxx.com
    accessKeyID: xxx
    accessKeySecret: xxx
    signName: XXX SMSC
    templateCode: 1000
  smsc:
    addr: "192.168.13.114:2775"
    systemID: "alarmsmsfw"
    password: "omc123"
    systemType: ""
-#User authorized information
+# User authorized information
 # crypt: mysql/md5/bcrypt
 # token: true/false to check accessToken
 # expires for session, unit: second
 # Support single/multiple session of user
 #
 auth:
  crypt: bcrypt
  token: true
@@ -148,5 +178,5 @@ params:
  rmuidregexp: "[0-9]{4}[A-Z]{2}[A-Z]{2}[0-9A-Z]{1}[0-9A-Z]{3}[0-9A-Z]{1,16}"
 testConfig:
-  enabled: true
+  enabled: false
  file: /usr/local/omc/etc/testconfig.yaml
--- a/rpmbuild/BUILD/etc/nginx/conf.d/omc.conf
+++ b/rpmbuild/BUILD/etc/nginx/conf.d/omc.conf
@@ -1,51 +1,40 @@
 server {
-    listen                             4443 ssl;
+    listen       44080;
-    listen                             [::]:4443 ssl;
+    listen       44443;
-    server_name                        0.0.0.0;
+    listen  [::]:44080;
-    root /usr/local/omc/htdocs/front/;
+    listen  [::]:44443;
-    index index.html index.htm;
+    server_name  localhost;
    server_name localhost;
    # SSL
    ssl_certificate                    /usr/local/omc/etc/certs/ca_cert.pem;
    ssl_certificate_key                /usr/local/omc/etc/certs/private_key.pem;
    #ssl_certificate                    /usr/local/omc/etc/certs/tsa-omc.pem;
    #ssl_certificate_key                /usr/local/omc/etc/certs/tsa-omc_pri.pem;
-#    location /api/rest/securityManagement {
+    client_max_body_size 100M;
-#        proxy_pass                         http://127.0.0.1:5050;
+    keepalive_timeout    180s;
-#    }
+
-#    location /api/rest/resourceManagement {
+    #access_log  /var/log/nginx/host.access.log  main;
-#        proxy_pass                         http://127.0.0.1:5050;
+
-#    }
+    # ssl_certificate /usr/local/omc/etc/certs/omc-server.crt;
-#    location /api/rest/performanceManagement {
+    # ssl_certificate_key /usr/local/omc/etc/certs/omc-server.key;
-#        proxy_pass                         http://127.0.0.1:5050;
+    # ssl_client_certificate /usr/local/omc/etc/certs/omc-ca.crt;
-#    }
+    # ssl_verify_client on;
-#    location /api/rest/faultManagement {
+    # ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
-#        proxy_pass                         http://127.0.0.1:5050;
+    # ssl_session_timeout  5m;
-#    }
+    # ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
-#    location /api/rest/aaaa/ {
+    # ssl_prefer_server_ciphers on;
-#        proxy_pass                         http://127.0.0.1:4040;
+
-#    }
+    # OMC
    location /api/rest/ {
        proxy_pass                         http://127.0.0.1:3030;
    }                      
    location / {
-            try_files $uri $uri/ =404;
+        root /usr/local/omc/htdocs/front;
        try_files $uri $uri/ /index.html;
        index  index.html index.htm;
    }
 }
 server {
    listen 8888 default_server;
    listen [::]:8888 default_server;
    root /usr/local/omc/htdocs/front/;
    index index.html index.htm;
    server_name localhost;
    location /omc-api/ {
-        proxy_pass http://127.0.0.1:3030/;
+        proxy_pass http://127.0.0.1:33030/;
-
+        
-        proxy_http_version 1.1;
+        proxy_connect_timeout  180s;
-        proxy_cache_bypass $http_upgrade;
+        proxy_send_timeout     180s;
        proxy_read_timeout     180s;
        proxy_cache_bypass                  $http_upgrade;
        proxy_set_header Upgrade            $http_upgrade;
        proxy_set_header Connection         "upgrade";
        proxy_set_header Host               $host;
@@ -56,11 +45,27 @@ server {
        proxy_set_header X-Forwarded-Port   $server_port;
    }
-    location / {
+    location /api/rest/ {
-        root /usr/local/omc/htdocs/front;
+        proxy_pass http://127.0.0.1:33030/api/rest/;
-        try_files $uri $uri/ /index.html;
+        proxy_cache_bypass  $http_upgrade;
-        index   index.html index.htm;
+        proxy_set_header Upgrade            $http_upgrade;
        proxy_set_header Connection         "upgrade";
        proxy_set_header Host               $host;
        proxy_set_header X-Real-IP          $remote_addr;
        proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto  $scheme;
        proxy_set_header X-Forwarded-Host   $host;
        proxy_set_header X-Forwarded-Port   $server_port;
    }
    #error_page  404              /404.html;
    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
 }
--- a/rpmbuild/BUILD/etc/nginx/nginx.conf
+++ b/rpmbuild/BUILD/etc/nginx/nginx.conf
@@ -1,84 +0,0 @@
 # For more information on configuration, see:
 #   * Official English Documentation: http://nginx.org/en/docs/
 #   * Official Russian Documentation: http://nginx.org/ru/docs/
 user nginx;
 worker_processes auto;
 error_log /var/log/nginx/error.log;
 pid /run/nginx.pid;
 # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
 include /usr/share/nginx/modules/*.conf;
 events {
    worker_connections 1024;
 }
 http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
    server {
        listen       1080;
        listen       [::]:1080;
        server_name  _;
        root         /usr/share/nginx/html;
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
        error_page 404 /404.html;
            location = /40x.html {
        }
        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
 # Settings for a TLS enabled server.
 #
 #    server {
 #        listen       443 ssl http2;
 #        listen       [::]:443 ssl http2;
 #        server_name  _;
 #        root         /usr/share/nginx/html;
 #
 #        ssl_certificate "/etc/pki/nginx/server.crt";
 #        ssl_certificate_key "/etc/pki/nginx/private/server.key";
 #        ssl_session_cache shared:SSL:1m;
 #        ssl_session_timeout  10m;
 #        ssl_ciphers PROFILE=SYSTEM;
 #        ssl_prefer_server_ciphers on;
 #
 #        # Load configuration files for the default server block.
 #        include /etc/nginx/default.d/*.conf;
 #
 #        error_page 404 /404.html;
 #            location = /40x.html {
 #        }
 #
 #        error_page 500 502 503 504 /50x.html;
 #            location = /50x.html {
 #        }
 #    }
 }
--- a/rpmbuild/BUILD/usr/local/omc/depends/kvdb/usr/lib/systemd/system/kvdb.service
+++ b/rpmbuild/BUILD/usr/local/omc/depends/kvdb/usr/lib/systemd/system/kvdb.service
@@ -1,11 +0,0 @@
 [Service]
 Type=forking
 ExecStart=/usr/local/bin/kvdb-server /usr/local/etc/kvdb/kvdb.conf
 ExecStopPost=
 PIDFile=
 Restart=always
 RestartSec=3
 [Install]
 WantedBy=multi-user.target
--- a/rpmbuild/BUILD/usr/local/omc/depends/kvdb/usr/local/bin/kvdb-cli
+++ b/rpmbuild/BUILD/usr/local/omc/depends/kvdb/usr/local/bin/kvdb-cli
--- a/rpmbuild/BUILD/usr/local/omc/depends/kvdb/usr/local/bin/kvdb-server
+++ b/rpmbuild/BUILD/usr/local/omc/depends/kvdb/usr/local/bin/kvdb-server
--- a/rpmbuild/BUILD/usr/local/omc/depends/kvdb/usr/local/etc/kvdb/default/kvdb.conf
+++ b/rpmbuild/BUILD/usr/local/omc/depends/kvdb/usr/local/etc/kvdb/default/kvdb.conf
--- a/rpmbuild/BUILD/usr/local/omc/depends/kvdb/usr/local/etc/kvdb/default/kvdb.conf_dual
+++ b/rpmbuild/BUILD/usr/local/omc/depends/kvdb/usr/local/etc/kvdb/default/kvdb.conf_dual
--- a/rpmbuild/BUILD/usr/local/omc/depends/kvdb/usr/local/etc/kvdb/default/libatomic.so.1
+++ b/rpmbuild/BUILD/usr/local/omc/depends/kvdb/usr/local/etc/kvdb/default/libatomic.so.1
--- a/rpmbuild/BUILD/usr/local/omc/depends/kvdb/usr/local/lib64/libatomic.so.1
+++ b/rpmbuild/BUILD/usr/local/omc/depends/kvdb/usr/local/lib64/libatomic.so.1
--- a/rpmbuild/SPECS/omc.spec
+++ b/rpmbuild/SPECS/omc.spec
@@ -10,73 +10,45 @@ Name: %{project_lname}
 Summary: AGrandTech 5GC OMC
 Version: 2.2408.1
 Release: %{release_date}
-Vendor: AGrandTech
+Vendor: omc
-URL: https://www.agrandtech.com/
+URL: https://www.omc.com/
 License: commercial
 Group: Applications/Communications
 #BuildRoot: $PWD/rpmoutput
 %description
-AGrandTech's 5GC OMC
+5GC OMC
 %prep
 rm -rf ${RPM_BUILD_ROOT}/*
 #rm -rf ${RPM_BUILD_ROOT}/lib
 #rm -rf ${RPM_BUILD_ROOT}/usr
 mkdir -p ${RPM_BUILD_ROOT}
 cd ${RPM_BUILD_ROOT}
 #mkdir -p usr/local/omc/
 #mkdir -p usr/local/db/
 #mkdir -p etc/nginx/conf.d
 #mkdir -p lib/systemd/system/
 #cd ${RPM_BUILD_DIR}
 cp -rf ${RPM_BUILD_DIR}/* ${RPM_BUILD_ROOT}/
 chmod +rx ${RPM_BUILD_ROOT}/usr/local/omc 
 chmod +rx ${RPM_BUILD_ROOT}/usr/local/omc/*
 # chmod +rx ${RPM_BUILD_ROOT}/usr/local/db/bin/*
 chmod +rx ${RPM_BUILD_ROOT}/usr/local/bin/*
-chmod -R 755 ${RPM_BUILD_ROOT}/usr/local/omc/htdocs/front
+chmod +x ${RPM_BUILD_ROOT}/usr/local/omc/htdocs/front
 chmod +rx ${RPM_BUILD_ROOT}/usr/lib64/*
 #cp -rf omc/.ssh ${RPM_BUILD_ROOT}/usr/local/omc/
 #cp -rf omc/mmllog ${RPM_BUILD_ROOT}/usr/local/omc/
 #cp -rf omc/mmlhome ${RPM_BUILD_ROOT}/usr/local/omc/
 #cp -rf omc/bin ${RPM_BUILD_ROOT}/usr/local/omc/
 #cp -rf omc/etc ${RPM_BUILD_ROOT}/usr/local/omc/
 #cp -rf omc/htdocs ${RPM_BUILD_ROOT}/usr/local/omc/
 #cp -rf omc/log ${RPM_BUILD_ROOT}/usr/local/omc/
 #cp -rf omc/backup ${RPM_BUILD_ROOT}/usr/local/omc/
 #cp -rf omc/upload ${RPM_BUILD_ROOT}/usr/local/omc/
 #cp -rf omc/software ${RPM_BUILD_ROOT}/usr/local/omc/
 #cp -rf omc/license ${RPM_BUILD_ROOT}/usr/local/omc/
 #cp -rf omc/database ${RPM_BUILD_ROOT}/usr/local/omc/
 #cp -rf db/* ${RPM_BUILD_ROOT}/usr/local/db/
 #cp -f nginx/omc.conf ${RPM_BUILD_ROOT}/etc/nginx/conf.d/
 #cp -f systemd/restagent.service ${RPM_BUILD_ROOT}/lib/systemd/system/restagent.service
 #cp -f systemd/crontask.service ${RPM_BUILD_ROOT}/lib/systemd/system/crontask.service
 #cp -f systemd/sshsvc.service ${RPM_BUILD_ROOT}/lib/systemd/system/sshsvc.service
 #cp -f systemd/captrace.service ${RPM_BUILD_ROOT}/lib/systemd/system/captrace.service
 #cp -f systemd/kvdb.service ${RPM_BUILD_ROOT}/lib/systemd/system/kvdb.service
 %build
 #cd %{buildroot}/..
 #make
 # 安装完成后执行
 %post
-OmcRootDir=/usr/local/omc
+OMCRootDir=/usr/local/omc
-DependsRootDir=${OmcRootDir}/depends
+OMCEtcDir=${OMCRootDir}/etc
-RedisBinDir=/usr/local/bin
+FERootDir=${OMCRootDir}/htdocs/front
 RedisConfDir=/usr/local/etc/kvdb
 OMCEtcDir=${OmcRootDir}/etc
 FERootDir=${OmcRootDir}/htdocs/front
 UsrLib64Dir=/usr/lib64
-OmcBinDir=${OmcRootDir}/bin
+OMCBinDir=${OMCRootDir}/bin
-OMCStaticDir=${OmcRootDir}/static
+OMCStaticDir=${OMCRootDir}/static
 UsrLocalBinDir=/usr/local/bin
-OmcDaemon=omcd
+OMCDaemon=omcd
 NginxEtcDir=/etc/nginx
 CFileList="restconf.yaml crontask.yaml tasks.yaml sshsvc.yaml capconf.yaml omc.conf"
 LogoFileList="zh_brand.png zh_icon.png en_brand.png en_icon.png"
 echo -n "Stopping OMC service ... "
 systemctl stop restagent.service
 systemctl stop crontask.service
 systemctl stop sshsvc.service
 systemctl stop captrace.service
 echo "done"
 for CFile in ${CFileList}; do
    if [ ! -e "${OMCEtcDir}/${CFile}" ]; then
        cp -f ${OMCEtcDir}/default/${CFile} ${OMCEtcDir}
@@ -85,40 +57,16 @@ for CFile in ${CFileList}; do
        cp -f ${OMCEtcDir}/default/${CFile} ${OMCEtcDir}
    fi                                
 done
-
+  
 # Check if install kvdb
 if [ ! -e "${RedisBinDir}/kvdb-server" ]; then
    cp -rf ${DependsRootDir}/kvdb/*  /
    chmod 755 ${RedisBinDir}/kvdb*
    systemctl enable kvdb.service
 fi
 if [ ! -e "${RedisConfDir}/kvdb.conf" ]; then    
    cp ${RedisConfDir}/default/kvdb.conf ${RedisConfDir}; 
 fi
 sed -i 's/replica-read-only yes/replica-read-only no/g' ${RedisConfDir}/kvdb.conf 
 LINE="masterauth helloearth"
 FILE="${RedisConfDir}/kvdb.conf"
 if ! grep -qxF "$LINE" "$FILE"; then
    # 如果不存在，将其添加到文件末尾
     echo "$LINE" >> "$FILE"
 fi
 if [ ! -e "${FERootDir}/config.js" ]; then    cp ${FERootDir}/default/config.js ${FERootDir}; fi    
 for LogoFile in ${LogoFileList}; do
    if [ ! -e "${OMCStaticDir}/logo/${LogoFile}" ]; then
-        cp ${OMCStaticDir}/agt.d/logo/${LogoFile} ${OMCStaticDir}/logo;
+        cp ${OMCStaticDir}/omc.d/logo/${LogoFile} ${OMCStaticDir}/logo;
-    fi                 
+    fi
 done   
 if ! id -u omc >/dev/null 2>&1 ; then     useradd -d /opt/omc -m -s /bin/bash -p1000ftp@kp omc; else echo "user omc exist"; fi
 mkdir -p /opt/omc/ftp
 mkdir -p /opt/omc/ftp/log
 #chmod +rx /usr/local/omc 
 #chmod +rx /usr/local/omc/*
 #chmod +rx /usr/local/db/bin/*
 #chmod +rx /usr/local/bin/*
 #chmod -R 755 /usr/local/omc/htdocs/front
 cd ${UsrLib64Dir}
 if [ ! -e libwireshark.so.15 ]; then  ln -s libwireshark.so.15.0.12 libwireshark.so.15; fi
 if [ ! -e libwireshark.so ]; then  ln -s libwireshark.so.15.0.12 libwireshark.so; fi
@@ -127,12 +75,10 @@ if [ ! -e libwiretap.so ]; then  ln -s libwiretap.so.12.0.12 libwiretap.so; fi
 if [ ! -e libwsutil.so.13 ]; then  ln -s libwsutil.so.13.1.0 libwsutil.so.13; fi
 if [ ! -e libwsutil.so ]; then  ln -s libwsutil.so.13.1.0 libwsutil.so; fi
 cd ${UsrLocalBinDir}
-if [ ! -e ${OmcDaemon} ]; then  ln -s ${OmcBinDir}/omcsvc.sh ${OmcDaemon}; fi
+if [ ! -e ${OMCDaemon} ]; then  ln -s ${OMCBinDir}/omcsvc.sh ${OMCDaemon}; fi
 # sed -i 's/listen       80;/listen       1080;/g' ${NginxEtcDir}/nginx.conf
 # sed -i 's/listen       \[::\]:80;/listen       \[::\]:1080;/g' ${NginxEtcDir}/nginx.conf 
 # setting firewall
-PortList="80 33030 443 33443 22222"
+PortList="80 443 44080 44443 33030 22222"
 for Port in ${PortList}; do 
    firewall-cmd --zone=public --add-port=${Port}/tcp --permanent
 done
@@ -143,19 +89,29 @@ systemctl enable restagent.service
 systemctl enable crontask.service
 systemctl enable sshsvc.service
 systemctl enable captrace.service
-#systemctl enable kvdb.service
+
-systemctl stop restagent.service
+# read environment parameter and to do 
-systemctl stop crontask.service
+if [ "$M_PARAM" = "install" -o "$M_PARAM" = "upgrade" ]; then
-systemctl stop sshsvc.service
+    echo "M parameter: $M_PARAM"
-systemctl stop captrace.service
+    if [ -n "$C_PARAM" ]; then
-# systemctl stop nginx.service
+        echo "C parameter: $C_PARAM"
-systemctl stop kvdb.service
+        ${OMCRootDir}/bin/setomc.sh -m $M_PARAM -c $C_PARAM
-systemctl start kvdb.service
+    else 
-# systemctl start nginx.service
+        ${OMCRootDir}/bin/setomc.sh -m $M_PARAM    
    fi
    # exit while failed to run setomc.sh
    if [ $? -ne 0 ]; then
        echo "setomc.sh execution failed. Exiting."
        exit 1
    fi
 fi
 echo -n "Starting OMC service ... "
 systemctl start captrace.service
 systemctl start sshsvc.service
 systemctl start crontask.service
 systemctl start restagent.service
 echo "done"
 # 卸载时执行
 %postun
@@ -171,41 +127,34 @@ rm libwsutil.so
 rm -f ${UsrLocalBinDir}/omcd
 # setting firewall
-PortList="80 33030 443 33443 22222"
+PortList="80 443 44080 44443 33030 22222"
 for Port in ${PortList}; do 
    firewall-cmd --zone=public --remove-port=${Port}/tcp --permanent
 done
 firewall-cmd --reload
 if [ "$1" = "0" ] ; then
-sudo systemctl stop restagent.service
+    sudo systemctl stop restagent.service
-sudo systemctl stop crontask.service
+    sudo systemctl stop crontask.service
-sudo systemctl stop sshsvc.service
+    sudo systemctl stop sshsvc.service
-sudo systemctl stop captrace.service
+    sudo systemctl stop captrace.service
-#sudo systemctl stop kvdb.service
+    #rm -rf /usr/local/omc
-#sudo systemctl stop nginx.service 
+    rm -rf /etc/nginx/conf.d/omc.conf
-#rm -rf /usr/local/omc
+    sudo systemctl disable restagent.service
-rm -rf /etc/nginx/conf.d/omc.conf
+    sudo systemctl disable crontask.service
-sudo systemctl disable restagent.service
+    sudo systemctl disable sshsvc.service
-sudo systemctl disable crontask.service
+    sudo systemctl disable captrace.service
-sudo systemctl disable sshsvc.service
+    sudo systemctl daemon-reload
 sudo systemctl disable captrace.service
 #sudo systemctl disable kvdb.service
 sudo systemctl daemon-reload
 else
-sudo systemctl daemon-reload
+    sudo systemctl daemon-reload
-#sudo systemctl stop nginx.service 
+    sudo systemctl stop restagent.service
-sudo systemctl stop restagent.service
+    sudo systemctl stop crontask.service
-sudo systemctl stop crontask.service
+    sudo systemctl stop sshsvc.service
-sudo systemctl stop sshsvc.service
+    sudo systemctl stop captrace.service
-sudo systemctl stop captrace.service
+    sudo systemctl start crontask.service
-#sudo systemctl stop kvdb.service 
+    sudo systemctl start sshsvc.service
-#sudo systemctl start nginx.service
+    sudo systemctl start captrace.service
-sudo systemctl start kvdb.service
+    sudo systemctl start restagent.service
 sudo systemctl start crontask.service
 sudo systemctl start sshsvc.service
 sudo systemctl start captrace.service
 sudo systemctl start restagent.service
 fi
 # 规定那些文件必须放入安装程序中，如果没有就报错
@@ -217,6 +166,7 @@ fi
 /usr/local/omc/bin
 /usr/local/omc/etc
 /usr/local/omc/htdocs
 # %exclude /usr/local/omc/htdocs/front/wiregasm/wiregasm.wasm.gz
 /usr/local/omc/log
 /usr/local/omc/backup
 /usr/local/omc/upload
@@ -224,13 +174,11 @@ fi
 /usr/local/omc/license
 /usr/local/omc/database
 /usr/local/omc/static
 /usr/local/omc/depends
 #/etc/nginx/conf.d/omc.conf
 /lib/systemd/system/restagent.service
 /lib/systemd/system/crontask.service
 /lib/systemd/system/sshsvc.service
 /lib/systemd/system/captrace.service
 #/lib/systemd/system/kvdb.service
 /usr/lib64/libwireshark.so.15.0.12
 /usr/lib64/libwiretap.so.12.0.12
 /usr/lib64/libwsutil.so.13.1.0