Ohje tietojen poistosta käytön jälkeen.

Pelkkä ohjelman poisto ei riitä, vaan tiedot pitää poistaa winTAK:n sisällä, koska muuten edellisten käyttöjen tiedot (mm. palvelin) jäävät WinTAK:iin.

• Word
• Online

see #4

Configuration file will be sended automatically from TAK server to client device which connects in to a server.

What technically is needed? How this is done manually? Can this be automated to be a part of automated process.

complains something about not being able to load some resources, investigate.

Creation of Device Profiles via API and sharing configs to users by groups via takserver.

Example files to create and share to devices.

https://github.com/pvarki/python-tak-rmapi/tree/main/src/takrmapi/templates/tak_datapackage/default

Need to install DataSync TAK Plugin into a TAK server.

DataSync

The Data Synchronization plug-in is used to synchronize multiple ATAK devices involved in the same exercise or event. This plug-in requires TAK Server 1.3.3+. TAK Server stores all data for a "mission" in a server side database. Clients may subscribe to a mission to receive dynamic updates when a mission changes, or to synchronize data missed while a given device was disconnected.

Plugin can be fould from the Github repository TAK-Product-Center/Server

Have to find out which pluggins are needed to fill needed fuctionality. Possible plugin could be.

• PluginDataFeed
• PluginMissionApi

The official distribution docker is a mess to put it lightly, the shell scripts are fragile, everything runs as root etcetc.

There are multiple Java processes so the "right" way probably would be to make a docker composition where each process is in their own container but they talk to each other, all the certificate and client mission package stuff should probably be wrapped into Python (or some other less quick-and-dirty than bash -language) to make them less fragile, same for the initialisation stuff (which in a composition should be it's own container the others depend on). Make things run with least privilege etc.

Then split all of these things into tasks (remember that task:l is 4h) with clear descriptions.

Admin user creation via REST API needs to be able to talk to the TAKServer and tell it to add and authorize the user, IDK if the best way is to run some sort of RPC on the container with the server process and have the REST API call that via the internal network.

Motorola e20 released last year is "incompatible". But a chinese phone from 2018 works.

Investigate licensing is application mirroring allowed?

Using API to Create Feed and invite group Everyone to the feed.

Needs Rasse to create group Everyone and add all of the users to it.

Tilaajalla tai käyttäjällä tarve päästä luomaan uusia User Grouppeja, jotka mahdollistavat datafiidien näkyvyyden rajoittamisen.

Päätettävä toteutetaanko näin vain toiinallisuutena TAK Admin loppukäyttäjän työkaluun.

Kuinka saadaan
[ ] admin-tunnukset tilaajalle
[ ] admin-sivun url-tilaajalle

@jhulkko pls add your notes...

• bearer-token auth for endpoints (except /openapi.json), given to container like all the other things right now, via ENV
• API container needs letsencrypt/cerbot to a trusted https cert
• GET /api/v1/client/{clientname} returns the client-zip if it exists
• POST /api/v1/client/{clientname} returns bad request if client-zip exists, otherwise creates and returns it
  • needs to be atomic, the "does client already exists" -check must be made also before moving the zip to the directory where the ready ones are held, needs changes to make_client_zip.sh
• GET /api/v1/client returns list of existing client zips

This API is intended for internal use only, end-users will not fetch their client-configs via it, there is a separate frontend for that (see Markus Sandelins flowchart).

FastAPI is probably a decent way to do the API part, we also need certbot (see the mumbleserver docker for example) to get TLS certs for the API since it won't be using MTLS

Remember https://github.com/PVARKI-projekti/markdown-pvarki-best_practises/blob/main/python.md

Since this is actually more than a large task split into smaller units: #9, #10 and #8

Adding ATAK plugin .apk's and apk information via product.infz file to tak/webcontent/update folder in the takserver files.

Configuring the ATAK devices via Device Profiles using the config belov.

https://github.com/pvarki/python-tak-rmapi/tree/main/src/takrmapi/templates/tak_datapackage/default/Update-Server

Havaintojen ilmoittaminen (käyttäjä).
[ x] ATAK
[x ] iTAK
[ x] WinTAK

Havaintojen käsittely (KOPA).
[ x] WinTAK

• Word ohje
• Online Ohje

[ ] Pluginien toimivuus (Android, iOS, Windows)

• Luo ja Testaa erillaiset käyttötapaukset eri versioiden välillä
• Testitapaukset
• Tavoitteena saada ymmärrys miten erillaiset toimenpiteet näkyvät eri versioissa/ logi merkinnöissä--> Mahdollistaa toimintatavoista päättämisen ja ohjeistuksen luomisen

[ ] TAK Missiot toiminnallisuus ja tarvittavat vakio Missiot (Suunnittele)

• Thtävä päätös onko yksi vai kaksi Misionia aluksi. Testaaminen ja suunnittelu aloitetaan yhdellä missionilla

Linkatut issuet

• #30

Extension to #4 see other requirements from there

• GET /api/v1/user/{username} returns the users pkcs12 certificate if it exists, note the private keys are encrypted and server does not store the password.

[ ] Serveripuolen admin-käyttöliittymänopiskelu: tuotoksena admin-puolen ohje

Following changes are needed to default configuration file TAK_defaults.pref

• All measurement configuration
  • have to be defined
• location send interval
  • have to be defined
• Toolbar configuration
  • Add and remove tools, have to be defined
• Tools Arrange, remove and add needed icons
  • have to be defined

Correct values have to be tested for first two cases.

• "alt_unit_pref" class="class java.lang.String">1< --> value should be 2 (meters (m))
• "speed_unit_pref" class="class java.lang.String">1< --> value should be (KM per Hour (kmph))
• "rng_meters_display_pref" class="class java.lang.String">2000< --> value should be 1000

[ ] jaettavan Zip-paketin luonti ilmanylimääräistä sälää

[ ]"WinTAK-nappi". WinTAK-asennuspalvelin & DataSync plugin ladattavaksi asennusta varten.

[ ] Samaa toiminnallisuutta voitaisiin käyttää tulevaisuudessa ladattavien .APK-pakettien kanssa.

[ ] @benjamsf selvitä onko lupa jakaa asennustiedosto Info Discord

Luo ohje Datasyncin käyttöönotosta iTAK.

• "word" ohje (kuva ja tekstiä)
• Online ohje

[ ] ATAK
[ ] iTAK
[ ] WinTAK

Creation of Icons for Fire Missions and sharing them to ATAK/WinTAK to use as the first implementation of Fire Missions.

Sharing the Icons to devices via Device Profiles.

Have to make decision concerning default reporting rates. When decision is made changes to default configuration file have to be done.

Things to consider
We don't want to drain user devices batterys.
What is needed reporting times in basic use cases.

• dynamicReportingRateStationary

• dynamicReportingRateMin

• dynamicReportingRateMax

• constantReportingRate

What would be way of working when defaults values have to be changed? This have to be opened in to a user manual. Also defaults values have to be told to users. Also other battery usage matters have to be opened to users.

**Following vallues have to be updated to the TAK_defaults.pref **
"dynamicReportingRateMaxUnreliable" class="class java.lang.String">15<
"dynamicReportingRateMinUnreliable" class="class java.lang.String">45<
"dynamicReportingRateStationaryUnreliable" class="class java.lang.String">240<

"dynamicReportingRateMaxReliable" class="class java.lang.String">10<
"dynamicReportingRateMinReliable" class="class java.lang.String">20<
"dynamicReportingRateStationaryReliable" class="class java.lang.String">300<

"constantReportingRateUnreliable" class="class java.lang.String">45<
"constantReportingRateReliable" class="class java.lang.String">45<

Let Traefik handle the letsencrypt part.

See https://www.valentinog.com/blog/traefik/

See #4

Luo ohje Datasyncin käyttöönotosta ATAK.

• "word" ohje (kuva ja tekstiä
• Online ohje

[ ] Miten saadaan luotua automaattisesti?
[ ] Mukaan saaminen deploymentiin

When attempting to check takserver for available datapackages, the ATAK client on Android returns this error. This effectively disables a command post of sharing data packages tailored for a certain mission (e.g., points, grids, perimeter boundaries and so on).

Reference talk in TAK community discord: https://discord.com/channels/698067185515495436/699262529767211108/773969279401328650

What

Docs specify that takserver should eat 8GB of memory. Can we make it go with less?

Why

8GB memory is cumbersome - and in cloud vm deployments, quite pricey too.

How

• TAK-discord people pointed me this case: https://github.com/Cloud-RF/tak-server/releases/tag/PG15, in which it appears the author reduced some services to make it roll with 2GB.
• Would container apps -deployment help with this issue? @chipmonkster

[ ] ATAK
[ ] iTAK
[ ] WinTAK

Lisätään 1.0 Zippiin lisäkartat.

Extension to #4 see other requirements from there

• POST /api/v1/user/{username} returns bad request if client cert exists, otherwise creates and returns it.
  • password is a required POST parameter
  • needs to be atomic

Split into separate issue from #5 because during implementation I found out that this cannot be done without some redesigns on the takserver container side.

Kumpi malli toimintamalli toimii?

1.) KOPA luo havainnoista täysin uuden vahvistetun merkin ja poistaa havainnot
2.) KOPA muokkaa havainnon vahvistetuksi merkiksi ja poistaa mahdolliset dublikaatit

Then archive that.

In the future we will need RASENMAEHER integration api next to the docker container but that too needs to be in separate repo.

Luo ohje Datasyncin käyttöönotosta Wintakilla.

• "word" ohje (kuva ja tekstiä
• Online ohje

HUP restarts whole process, which is sloooooow. USR1 is unknown and kills the process USR2 causes segfault...

Another option is to automatically create a config XML that does not have CRL enabled and use that for the takapi process. since CoT handles CRL changes cleanly the user in question will at least drop out of updates and lose admin privileges so their remaining WebTAK access is going to be rather impotent.

#61 is relevant.

Investigation task for someone who has used (A)TAK more extensively than this humble developer/devops -person.

Create separate issue for each plugin with explanation on why adding it would be a good idea.

Käyttäjien, missioiden ja groupien hallinnointiin toimenpiteet, jotta DataSync saadaan toimimaan halutusti

See posts from tahkis at https://discord.com/channels/1047112511603867668/1065931173441851423/1157689426147819572

default of 5s (or 1s) is not useful and eats battery like there is no tomorrow.

https://cdn.discordapp.com/attachments/1065931173441851423/1068815413305167932/IMG_3981.png

<connector port="8443" _name="https" enableAdminUI="false" enableWebtak="true" />
<connector port="8444" _name="https" enableAdminUI="true" enableWebtak="false" />

See #4

Poistetaan valikoista turhat toiminnot:

Nostetaan quick toolbariin:

• quick pic

/opt/tak/data/certs/files/clientpkgs is not a directory we can access
/opt/tak/data/certs/makeCert.sh is not a directory we can access
/opt/scripts/enable_admin.sh is not a directory we can access

This is a transient error.

We want users to hear notifications by default.