+ # If the external OAM IP same as OS_AUTH_URL's IP address, you can use the below command to set the environment
+ # export API_HOST_EXTERNAL_FLOATING=$(echo ${OS_AUTH_URL} | sed -e s,`echo ${OS_AUTH_URL} | grep :// | sed -e's,^\(.*//\).*,\1,g'`,,g | cut -d/ -f1 | sed -e 's,:.*,,g')
+ export API_HOST_EXTERNAL_FLOATING=<INF external_oam_floating_address e.g.: 128.10.10.10>
+
+ # please specify the smo service account yaml file
+ export SMO_SERVICEACCOUNT=<your input here eg.: smo>
+ # service account and binding for smo yaml file
+
+ cat <<EOF >smo-serviceaccount.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+ namespace: default
+ name: pod-reader
+ rules:
+ - apiGroups: [""] # "" indicates the core API group
+ resources: ["pods"]
+ verbs: ["get", "watch", "list"]
+ ---
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ name: ${SMO_SERVICEACCOUNT}
+ namespace: default
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+ name: read-pods
+ namespace: default
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: pod-reader
+ subjects:
+ - kind: ServiceAccount
+ name: ${SMO_SERVICEACCOUNT}
+ namespace: default
+
+ EOF
+
+ kubectl apply -f smo-serviceaccount.yaml
+
+ #export the smo account token data
+ export SMO_SECRET=$(kubectl -n default get serviceaccounts $SMO_SERVICEACCOUNT -o jsonpath='{.secrets[0].name}')
+ export SMO_TOKEN_DATA=$(kubectl -n default get secrets $SMO_SECRET -o jsonpath='{.data.token}')
+
+ #prepare the application config file
+ cat <<EOF >app.conf
+ [DEFAULT]
+
+ ocloud_global_id = 4e24b97c-8c49-4c4f-b53e-3de5235a4e37
+
+ smo_register_url = http://127.0.0.1:8090/register
+ smo_token_data = ${SMO_TOKEN_DATA}
+
+ [OCLOUD]
+ OS_AUTH_URL: ${OS_AUTH_URL}
+ OS_USERNAME: ${OS_USERNAME}
+ OS_PASSWORD: ${OS_PASSWORD}
+ API_HOST_EXTERNAL_FLOATING: ${API_HOST_EXTERNAL_FLOATING}
+
+ [API]
+
+ [WATCHER]
+
+ [PUBSUB]
+
+ EOF
+
+ #prepare the ssl cert files or generate with below command.
+
+ PARENT="imsserver"
+ openssl req \
+ -x509 \
+ -newkey rsa:4096 \
+ -sha256 \
+ -days 365 \
+ -nodes \
+ -keyout $PARENT.key \
+ -out $PARENT.crt \
+ -subj "/CN=${PARENT}" \
+ -extensions v3_ca \
+ -extensions v3_req \
+ -config <( \
+ echo '[req]'; \
+ echo 'default_bits= 4096'; \
+ echo 'distinguished_name=req'; \
+ echo 'x509_extension = v3_ca'; \
+ echo 'req_extensions = v3_req'; \
+ echo '[v3_req]'; \
+ echo 'basicConstraints = CA:FALSE'; \
+ echo 'keyUsage = nonRepudiation, digitalSignature, keyEncipherment'; \
+ echo 'subjectAltName = @alt_names'; \
+ echo '[ alt_names ]'; \
+ echo "DNS.1 = www.${PARENT}"; \
+ echo "DNS.2 = ${PARENT}"; \
+ echo '[ v3_ca ]'; \
+ echo 'subjectKeyIdentifier=hash'; \
+ echo 'authorityKeyIdentifier=keyid:always,issuer'; \
+ echo 'basicConstraints = critical, CA:TRUE, pathlen:0'; \
+ echo 'keyUsage = critical, cRLSign, keyCertSign'; \
+ echo 'extendedKeyUsage = serverAuth, clientAuth')
+
+
+ applicationconfig=`base64 app.conf -w 0`
+ servercrt=`base64 imsserver.crt -w 0`
+ serverkey=`base64 imsserver.key -w 0`
+ smocacrt=`base64 smoca.crt -w 0`
+
+ echo $applicationconfig
+ echo $servercrt
+ echo $serverkey
+ echo $smocacrt
+
+
Code Review / pti / o2.git / blobdiff