X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=docs%2Finstallation-guide.rst;h=c64535ef0a5b91b4f3ef533dd7f34e5cd4b21b48;hb=157a0e594ef55da669ed6ca8ff2d62aae409fb9f;hp=289a7cd499b92b2ad396f4dc456229d08f26b602;hpb=86de0795e008ee9f3ea2aa84965dc40a87a7c3d4;p=pti%2Fo2.git diff --git a/docs/installation-guide.rst b/docs/installation-guide.rst index 289a7cd..c64535e 100644 --- a/docs/installation-guide.rst +++ b/docs/installation-guide.rst @@ -13,7 +13,7 @@ Installation Guide Abstract -------- -This document describes how to install O-RAN O2 service over O-RAN INF platform. +This document describes how to install INF O2 service over O-RAN INF platform. The audience of this document is assumed to have basic knowledge in kubernetes cli, helm chart cli. @@ -24,8 +24,8 @@ Preface Before starting the installation and deployment of O-RAN O2 service, you should have already deployed O-RAN INF platform, and you need to download the helm charts or build from source as described in developer-guide. -ORAN O2 Service in E Release -============================ +INF O2 Service in E Release +=========================== 1. Provision remote cli for kubernetes over INF platform -------------------------------------------------------- @@ -95,7 +95,7 @@ The following instruction should be done outside of INF platform controller host echo "source <(helm completion bash)" >> ~/.bashrc OAM_IP= - NAMESPACE=orano2 + NAMESPACE=oran-o2 TOKEN_DATA= USER="admin-user" @@ -111,8 +111,8 @@ The following instruction should be done outside of INF platform controller host 2. Deploy INF O2 service ------------------------ -2.1 Retrieve Helm chart for deploying of O2 service -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +2.1 Retrieve Helm chart for deploying of INF O2 service +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. code:: shell @@ -125,7 +125,7 @@ The following instruction should be done outside of INF platform controller host .. code:: shell - export NAMESPACE=orano2 + export NAMESPACE=oran-o2 kubectl create ns ${NAMESPACE} # default kube config location is ~/.kube/config @@ -135,32 +135,155 @@ The following instruction should be done outside of INF platform controller host export OS_USERNAME= export OS_PASSWORD= + # If the external OAM IP same as OS_AUTH_URL's IP address, you can use the below command to set the environment + # export API_HOST_EXTERNAL_FLOATING=$(echo ${OS_AUTH_URL} | sed -e s,`echo ${OS_AUTH_URL} | grep :// | sed -e's,^\(.*//\).*,\1,g'`,,g | cut -d/ -f1 | sed -e 's,:.*,,g') + export API_HOST_EXTERNAL_FLOATING= + + # please specify the smo service account yaml file + export SMO_SERVICEACCOUNT= + # service account and binding for smo yaml file + + cat <smo-serviceaccount.yaml + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + namespace: default + name: pod-reader + rules: + - apiGroups: [""] # "" indicates the core API group + resources: ["pods"] + verbs: ["get", "watch", "list"] + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + name: ${SMO_SERVICEACCOUNT} + namespace: default + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: read-pods + namespace: default + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pod-reader + subjects: + - kind: ServiceAccount + name: ${SMO_SERVICEACCOUNT} + namespace: default + + EOF + + kubectl apply -f smo-serviceaccount.yaml + + #export the smo account token data + export SMO_SECRET=$(kubectl -n default get serviceaccounts $SMO_SERVICEACCOUNT -o jsonpath='{.secrets[0].name}') + export SMO_TOKEN_DATA=$(kubectl -n default get secrets $SMO_SECRET -o jsonpath='{.data.token}') + + #prepare the application config file + cat <app.conf + [DEFAULT] + + ocloud_global_id = 4e24b97c-8c49-4c4f-b53e-3de5235a4e37 + + smo_register_url = http://127.0.0.1:8090/register + smo_token_data = ${SMO_TOKEN_DATA} + + [OCLOUD] + OS_AUTH_URL: ${OS_AUTH_URL} + OS_USERNAME: ${OS_USERNAME} + OS_PASSWORD: ${OS_PASSWORD} + API_HOST_EXTERNAL_FLOATING: ${API_HOST_EXTERNAL_FLOATING} + + [API] + + [WATCHER] + + [PUBSUB] + + EOF + + #prepare the ssl cert files or generate with below command. + + PARENT="imsserver" + openssl req \ + -x509 \ + -newkey rsa:4096 \ + -sha256 \ + -days 365 \ + -nodes \ + -keyout $PARENT.key \ + -out $PARENT.crt \ + -subj "/CN=${PARENT}" \ + -extensions v3_ca \ + -extensions v3_req \ + -config <( \ + echo '[req]'; \ + echo 'default_bits= 4096'; \ + echo 'distinguished_name=req'; \ + echo 'x509_extension = v3_ca'; \ + echo 'req_extensions = v3_req'; \ + echo '[v3_req]'; \ + echo 'basicConstraints = CA:FALSE'; \ + echo 'keyUsage = nonRepudiation, digitalSignature, keyEncipherment'; \ + echo 'subjectAltName = @alt_names'; \ + echo '[ alt_names ]'; \ + echo "DNS.1 = www.${PARENT}"; \ + echo "DNS.2 = ${PARENT}"; \ + echo '[ v3_ca ]'; \ + echo 'subjectKeyIdentifier=hash'; \ + echo 'authorityKeyIdentifier=keyid:always,issuer'; \ + echo 'basicConstraints = critical, CA:TRUE, pathlen:0'; \ + echo 'keyUsage = critical, cRLSign, keyCertSign'; \ + echo 'extendedKeyUsage = serverAuth, clientAuth') + + + applicationconfig=`base64 app.conf -w 0` + servercrt=`base64 imsserver.crt -w 0` + serverkey=`base64 imsserver.key -w 0` + smocacrt=`base64 smoca.crt -w 0` + + echo $applicationconfig + echo $servercrt + echo $serverkey + echo $smocacrt + + cat <o2service-override.yaml + imagePullSecrets: + - default-registry-key + o2ims: - imagePullSecrets: admin-orano2-registry-secret - image: - repository: nexus3.o-ran-sc.org:10004/o-ran-sc/pti-o2imsdms - tag: 1.0.0 + serviceaccountname: admin-oran-o2 + images: + tags: + o2service: nexus3.o-ran-sc.org:10004/o-ran-sc/pti-o2imsdms:2.0.0 + postgres: docker.io/library/postgres:9.6 + redis: docker.io/library/redis:alpine pullPolicy: IfNotPresent logginglevel: "DEBUG" - ocloud: - OS_AUTH_URL: "${OS_AUTH_URL}" - OS_USERNAME: "${OS_USERNAME}" - OS_PASSWORD: "${OS_PASSWORD}" - K8S_KUBECONFIG: "/opt/k8s_kube.conf" + applicationconfig: ${applicationconfig} + servercrt: ${servercrt} + serverkey: ${serverkey} + smocacrt: ${smocacrt} + EOF + cat o2service-override.yaml + 2.3 Deploy by helm cli ~~~~~~~~~~~~~~~~~~~~~~ .. code:: shell - helm install o2service o2/charts/ -f o2service-override.yaml + helm install o2service o2/charts -f o2service-override.yaml helm list |grep o2service - kubectl -n ${NAMESPACE} get pods |grep o2service - kubectl -n ${NAMESPACE} get services |grep o2service + kubectl -n ${NAMESPACE} get pods |grep o2api + kubectl -n ${NAMESPACE} get services |grep o2api 2.4 Verify INF O2 service @@ -171,17 +294,18 @@ The following instruction should be done outside of INF platform controller host curl -k http(s)://:30205/o2ims_infrastructureInventory/v1/ -2.5 INF O2 Service API Swagger +2.5 INF O2 Service API Swagger ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Swagger UI can be found with URL: http(s)://:30205 - + 3. Register INF O2 Service to SMO --------------------------------- - assumed you have setup SMO O2 endpoint for registration -- INF O2 service will post the O-Cloud registration data to that SMO O2 endpoint +- INF O2 service will post the INF platform registration data to that SMO O2 endpoint + .. code:: shell