X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=docs%2Finstallation-guide.rst;h=c64535ef0a5b91b4f3ef533dd7f34e5cd4b21b48;hb=491b61a82db9a7c286b4f25bd38e45669dbb6041;hp=3c92bd3a2020f947d7848cac67ac50dcd45acd45;hpb=330e15935177e9d9e8442eb67354f9122f2871b1;p=pti%2Fo2.git diff --git a/docs/installation-guide.rst b/docs/installation-guide.rst index 3c92bd3..c64535e 100644 --- a/docs/installation-guide.rst +++ b/docs/installation-guide.rst @@ -95,7 +95,7 @@ The following instruction should be done outside of INF platform controller host echo "source <(helm completion bash)" >> ~/.bashrc OAM_IP= - NAMESPACE=orano2 + NAMESPACE=oran-o2 TOKEN_DATA= USER="admin-user" @@ -125,7 +125,7 @@ The following instruction should be done outside of INF platform controller host .. code:: shell - export NAMESPACE=orano2 + export NAMESPACE=oran-o2 kubectl create ns ${NAMESPACE} # default kube config location is ~/.kube/config @@ -136,36 +136,154 @@ The following instruction should be done outside of INF platform controller host export OS_PASSWORD= # If the external OAM IP same as OS_AUTH_URL's IP address, you can use the below command to set the environment - # export API_HOST_EXTERNAL_FLOATING=$(echo ${OS_AUTH_URL/$(echo ${OS_AUTH_URL} | grep :// | sed -e's,^\(.*//\).*,\1,g')} | cut -d/ -f1 | sed -e 's,:.*,,g') + # export API_HOST_EXTERNAL_FLOATING=$(echo ${OS_AUTH_URL} | sed -e s,`echo ${OS_AUTH_URL} | grep :// | sed -e's,^\(.*//\).*,\1,g'`,,g | cut -d/ -f1 | sed -e 's,:.*,,g') export API_HOST_EXTERNAL_FLOATING= + # please specify the smo service account yaml file + export SMO_SERVICEACCOUNT= + # service account and binding for smo yaml file + + cat <smo-serviceaccount.yaml + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + namespace: default + name: pod-reader + rules: + - apiGroups: [""] # "" indicates the core API group + resources: ["pods"] + verbs: ["get", "watch", "list"] + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + name: ${SMO_SERVICEACCOUNT} + namespace: default + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: read-pods + namespace: default + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pod-reader + subjects: + - kind: ServiceAccount + name: ${SMO_SERVICEACCOUNT} + namespace: default + + EOF + + kubectl apply -f smo-serviceaccount.yaml + + #export the smo account token data + export SMO_SECRET=$(kubectl -n default get serviceaccounts $SMO_SERVICEACCOUNT -o jsonpath='{.secrets[0].name}') + export SMO_TOKEN_DATA=$(kubectl -n default get secrets $SMO_SECRET -o jsonpath='{.data.token}') + + #prepare the application config file + cat <app.conf + [DEFAULT] + + ocloud_global_id = 4e24b97c-8c49-4c4f-b53e-3de5235a4e37 + + smo_register_url = http://127.0.0.1:8090/register + smo_token_data = ${SMO_TOKEN_DATA} + + [OCLOUD] + OS_AUTH_URL: ${OS_AUTH_URL} + OS_USERNAME: ${OS_USERNAME} + OS_PASSWORD: ${OS_PASSWORD} + API_HOST_EXTERNAL_FLOATING: ${API_HOST_EXTERNAL_FLOATING} + + [API] + + [WATCHER] + + [PUBSUB] + + EOF + + #prepare the ssl cert files or generate with below command. + + PARENT="imsserver" + openssl req \ + -x509 \ + -newkey rsa:4096 \ + -sha256 \ + -days 365 \ + -nodes \ + -keyout $PARENT.key \ + -out $PARENT.crt \ + -subj "/CN=${PARENT}" \ + -extensions v3_ca \ + -extensions v3_req \ + -config <( \ + echo '[req]'; \ + echo 'default_bits= 4096'; \ + echo 'distinguished_name=req'; \ + echo 'x509_extension = v3_ca'; \ + echo 'req_extensions = v3_req'; \ + echo '[v3_req]'; \ + echo 'basicConstraints = CA:FALSE'; \ + echo 'keyUsage = nonRepudiation, digitalSignature, keyEncipherment'; \ + echo 'subjectAltName = @alt_names'; \ + echo '[ alt_names ]'; \ + echo "DNS.1 = www.${PARENT}"; \ + echo "DNS.2 = ${PARENT}"; \ + echo '[ v3_ca ]'; \ + echo 'subjectKeyIdentifier=hash'; \ + echo 'authorityKeyIdentifier=keyid:always,issuer'; \ + echo 'basicConstraints = critical, CA:TRUE, pathlen:0'; \ + echo 'keyUsage = critical, cRLSign, keyCertSign'; \ + echo 'extendedKeyUsage = serverAuth, clientAuth') + + + applicationconfig=`base64 app.conf -w 0` + servercrt=`base64 imsserver.crt -w 0` + serverkey=`base64 imsserver.key -w 0` + smocacrt=`base64 smoca.crt -w 0` + + echo $applicationconfig + echo $servercrt + echo $serverkey + echo $smocacrt + + cat <o2service-override.yaml + imagePullSecrets: + - default-registry-key + o2ims: - imagePullSecrets: admin-orano2-registry-secret - image: - repository: nexus3.o-ran-sc.org:10004/o-ran-sc/pti-o2imsdms - tag: 1.0.0 + serviceaccountname: admin-oran-o2 + images: + tags: + o2service: nexus3.o-ran-sc.org:10004/o-ran-sc/pti-o2imsdms:2.0.0 + postgres: docker.io/library/postgres:9.6 + redis: docker.io/library/redis:alpine pullPolicy: IfNotPresent logginglevel: "DEBUG" - ocloud: - OS_AUTH_URL: "${OS_AUTH_URL}" - OS_USERNAME: "${OS_USERNAME}" - OS_PASSWORD: "${OS_PASSWORD}" - K8S_KUBECONFIG: "/opt/k8s_kube.conf" - API_HOST_EXTERNAL_FLOATING: "${API_HOST_EXTERNAL_FLOATING}" + applicationconfig: ${applicationconfig} + servercrt: ${servercrt} + serverkey: ${serverkey} + smocacrt: ${smocacrt} + EOF + cat o2service-override.yaml + 2.3 Deploy by helm cli ~~~~~~~~~~~~~~~~~~~~~~ .. code:: shell - helm install o2service o2/charts/ -f o2service-override.yaml + helm install o2service o2/charts -f o2service-override.yaml helm list |grep o2service - kubectl -n ${NAMESPACE} get pods |grep o2service - kubectl -n ${NAMESPACE} get services |grep o2service + kubectl -n ${NAMESPACE} get pods |grep o2api + kubectl -n ${NAMESPACE} get services |grep o2api 2.4 Verify INF O2 service @@ -176,11 +294,11 @@ The following instruction should be done outside of INF platform controller host curl -k http(s)://:30205/o2ims_infrastructureInventory/v1/ -2.5 INF O2 Service API Swagger +2.5 INF O2 Service API Swagger ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Swagger UI can be found with URL: http(s)://:30205 - + 3. Register INF O2 Service to SMO ---------------------------------