X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=docs%2Finstallation-guide.rst;h=1ef39fa19f7c2e360faca8cf5412cbd68d8ca27c;hb=fc187854ad8ae6b38f8f01d9db4a902489801435;hp=68f7ed0889e8408583b08ad58670b9022a958e3f;hpb=659a526fb149407f1bc7c598e1943195915dcbd6;p=pti%2Fo2.git diff --git a/docs/installation-guide.rst b/docs/installation-guide.rst index 68f7ed0..1ef39fa 100644 --- a/docs/installation-guide.rst +++ b/docs/installation-guide.rst @@ -139,6 +139,99 @@ The following instruction should be done outside of INF platform controller host # export API_HOST_EXTERNAL_FLOATING=$(echo ${OS_AUTH_URL} | sed -e s,`echo ${OS_AUTH_URL} | grep :// | sed -e's,^\(.*//\).*,\1,g'`,,g | cut -d/ -f1 | sed -e 's,:.*,,g') export API_HOST_EXTERNAL_FLOATING= + # please specify the smo service account yaml file + export SMO_SERVICEACCOUNT= + # service account and binding for smo yaml file + + cat <smo-serviceaccount.yaml + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + namespace: default + name: pod-reader + rules: + - apiGroups: [""] # "" indicates the core API group + resources: ["pods"] + verbs: ["get", "watch", "list"] + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + name: ${SMO_SERVICEACCOUNT} + namespace: default + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: read-pods + namespace: default + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pod-reader + subjects: + - kind: ServiceAccount + name: ${SMO_SERVICEACCOUNT} + namespace: default + + EOF + + kubectl apply -f smo-serviceaccount.yaml + + #export the smo account token data + export SMO_TOKEN_DATA=$(kubectl -n default describe secret $(kubectl -n default get secret | grep ${SMO_SERVICEACCOUNT} | awk '{print $1}') | grep "token:" | awk '{print $2}') + + #prepare the application config file + cat <app.conf + [DEFAULT] + + ocloud_global_id = 4e24b97c-8c49-4c4f-b53e-3de5235a4e37 + smo_register_url = http://127.0.0.1:8090/register + smo_token_data = ${SMO_TOKEN_DATA} + + [API] + test = "hello" + + [WATCHER] + + [PUBSUB] + + EOF + + #prepare the ssl cert files or generate with below command. + + PARENT="imsserver" + openssl req \ + -x509 \ + -newkey rsa:4096 \ + -sha256 \ + -days 365 \ + -nodes \ + -keyout $PARENT.key \ + -out $PARENT.crt \ + -subj "/CN=${PARENT}" \ + -extensions v3_ca \ + -extensions v3_req \ + -config <( \ + echo '[req]'; \ + echo 'default_bits= 4096'; \ + echo 'distinguished_name=req'; \ + echo 'x509_extension = v3_ca'; \ + echo 'req_extensions = v3_req'; \ + echo '[v3_req]'; \ + echo 'basicConstraints = CA:FALSE'; \ + echo 'keyUsage = nonRepudiation, digitalSignature, keyEncipherment'; \ + echo 'subjectAltName = @alt_names'; \ + echo '[ alt_names ]'; \ + echo "DNS.1 = www.${PARENT}"; \ + echo "DNS.2 = ${PARENT}"; \ + echo '[ v3_ca ]'; \ + echo 'subjectKeyIdentifier=hash'; \ + echo 'authorityKeyIdentifier=keyid:always,issuer'; \ + echo 'basicConstraints = critical, CA:TRUE, pathlen:0'; \ + echo 'keyUsage = critical, cRLSign, keyCertSign'; \ + echo 'extendedKeyUsage = serverAuth, clientAuth') + cat <o2service-override.yaml o2ims: imagePullSecrets: admin-orano2-registry-secret @@ -154,6 +247,7 @@ The following instruction should be done outside of INF platform controller host OS_PASSWORD: "${OS_PASSWORD}" K8S_KUBECONFIG: "/opt/k8s_kube.conf" API_HOST_EXTERNAL_FLOATING: "${API_HOST_EXTERNAL_FLOATING}" + EOF @@ -162,10 +256,13 @@ The following instruction should be done outside of INF platform controller host .. code:: shell - helm install o2service o2/charts/ -f o2service-override.yaml + config_data=`cat ./path/to/app.conf` + certification_data=`cat ./path/to/imsserver.crt` + key_data=`cat ./path/to/imsserver.key` + helm install o2service o2/charts --set caconfig="$certification_data" --set applicationconfig="$config_data" --set serverkeyconfig="$key_data" -f o2service-override.yaml helm list |grep o2service - kubectl -n ${NAMESPACE} get pods |grep o2service - kubectl -n ${NAMESPACE} get services |grep o2service + kubectl -n ${NAMESPACE} get pods |grep o2api + kubectl -n ${NAMESPACE} get services |grep o2api 2.4 Verify INF O2 service @@ -176,11 +273,11 @@ The following instruction should be done outside of INF platform controller host curl -k http(s)://:30205/o2ims_infrastructureInventory/v1/ -2.5 INF O2 Service API Swagger +2.5 INF O2 Service API Swagger ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Swagger UI can be found with URL: http(s)://:30205 - + 3. Register INF O2 Service to SMO ---------------------------------