Change-Id: I859b72e1c4d9ef0f52d4662b43fa39284d453272
Signed-off-by: DenisGNoonan <denis.noonan@est.tech>
- kubernetes cluster
- local docker for building images
- kubernetes cluster
- local docker for building images
-It is recommended to run the ranpm on a kubernetes cluster instead of local docker-desktop etc as the setup requires a fair amount of computer resouces.
+It is recommended to run the ranpm on a kubernetes cluster instead of local docker-desktop etc as the setup requires a fair amount of computer resources.
# Requirement on kubernetes
# Requirement on kubernetes
## Before installation
The following images need to be built manually. If remote or multi node cluster is used, then an image repo needs to be available to push the built images to.
## Before installation
The following images need to be built manually. If remote or multi node cluster is used, then an image repo needs to be available to push the built images to.
-If external repo is used, use the same repo for all built images and configure the reponame in `helm/global-values.yaml` (the parameter value of extimagerepo shall have a trailing `/`)
+If external repo is used, use the same repo for all built images and configure the reponame in `helm/global-values.yaml`
Build the following images (build instruction in each dir)
- ranpm/https-server
Build the following images (build instruction in each dir)
- ranpm/https-server
spec:
containers:
- name: pm-rapp
spec:
containers:
- name: pm-rapp
- image: {{ .Values.global.extimagerepo }}pm-rapp:latest
+ image: {{ .Values.global.extimagerepo }}/pm-rapp:latest
{{- if .Values.global.extimagerepo }}
imagePullPolicy: Always
{{- else }}
{{- if .Values.global.extimagerepo }}
imagePullPolicy: Always
{{- else }}
runAsUser: 0
containers:
- name: pm-https-server
runAsUser: 0
containers:
- name: pm-https-server
- image: {{ .Values.global.extimagerepo }}pm-https-server:latest
+ image: {{ .Values.global.extimagerepo }}/pm-https-server:latest
{{- if .Values.global.extimagerepo }}
imagePullPolicy: Always
{{- else }}
{{- if .Values.global.extimagerepo }}
imagePullPolicy: Always
{{- else }}
- file-extension : The pm file extension - should match the actual pm file to be downloaded from the web-servers (simulated RAN nodes)
- sftp|ftps|https - Protocol for downloading pm files - only https is currently supported
- num-servers - The number of web servers for pm file download. Should match the number of web servers actually started by the install script. This script generates pm file url to one of the web servers to spread the load. Note that this number can be different from the node-count parameter.
- file-extension : The pm file extension - should match the actual pm file to be downloaded from the web-servers (simulated RAN nodes)
- sftp|ftps|https - Protocol for downloading pm files - only https is currently supported
- num-servers - The number of web servers for pm file download. Should match the number of web servers actually started by the install script. This script generates pm file url to one of the web servers to spread the load. Note that this number can be different from the node-count parameter.
-- hist : By default, each event only contains the reference to a single pm file. If the parameter is given then each event will contain the latest pm file and 95 of the previous file to represent a full 24h set of pm files.
+- hist : By default, each event only contains the reference to a single pm file. If the parameter is given then each event will contain the latest pm file and 95 of the previous files to represent a full 24h set of pm files.
## Script - push-genfiles-to-ves-collector.sh
## Script - push-genfiles-to-ves-collector.sh
echo "Cluster ip: $KUBERNETESHOST"
echo "Cluster ip: $KUBERNETESHOST"
-KC_URL=http://keycloak.nonrtric:8080
-echo "Keycloak url: "$KC_URL
-
KC_PROXY_PORT=$(kubectl get svc -n nonrtric keycloak-proxy --output jsonpath='{.spec.ports[?(@.name=="http")].nodePort}')
echo "Nodeport to keycloak proxy: "$KC_PROXY_PORT
KC_PROXY_PORT=$(kubectl get svc -n nonrtric keycloak-proxy --output jsonpath='{.spec.ports[?(@.name=="http")].nodePort}')
echo "Nodeport to keycloak proxy: "$KC_PROXY_PORT
echo "Get admin token"
ADMIN_TOKEN=""
while [ "${#ADMIN_TOKEN}" -lt 20 ]; do
echo "Get admin token"
ADMIN_TOKEN=""
while [ "${#ADMIN_TOKEN}" -lt 20 ]; do
- ADMIN_TOKEN=$(curl --proxy $KUBERNETESHOST:$KC_PROXY_PORT -s -X POST --max-time 2 "$KC_URL/realms/master/protocol/openid-connect/token" -H "Content-Type: application/x-www-form-urlencoded" -d "username=admin" -d "password=admin" -d 'grant_type=password' -d "client_id=admin-cli" | jq -r '.access_token')
+ ADMIN_TOKEN=$(curl -s -X POST "$KUBERNETESHOST:$KC_PROXY_PORT/realms/master/protocol/openid-connect/token" \
+ --max-time 2 \
+ -H "Content-Type: application/x-www-form-urlencoded" \
+ -d "username=admin" \
+ -d "password=admin" \
+ -d 'grant_type=password' \
+ -d "client_id=admin-cli" \
+ | jq -r '.access_token')
+
if [ "${#ADMIN_TOKEN}" -lt 20 ]; then
echo "Could not get admin token, retrying..."
echo "Retrieved token: $ADMIN_TOKEN"
if [ "${#ADMIN_TOKEN}" -lt 20 ]; then
echo "Could not get admin token, retrying..."
echo "Retrieved token: $ADMIN_TOKEN"
list_realms() {
echo "Listing all realms"
__check_admin_token
list_realms() {
echo "Listing all realms"
__check_admin_token
- curl --proxy $KUBERNETESHOST:$KC_PROXY_PORT -s \
- -X GET \
+
+ curl -s -X GET "$KUBERNETESHOST:$KC_PROXY_PORT/admin/realms" \
-H "Authorization: Bearer ${ADMIN_TOKEN}" \
-H "Authorization: Bearer ${ADMIN_TOKEN}" \
- "$KC_URL/admin/realms" | jq -r '.[].id' | indent2
+ | jq -r '.[].id' | indent2
}
delete_realms() {
echo "$@"
for realm in "$@"; do
echo "Attempt to delete realm: $realm"
__check_admin_token
}
delete_realms() {
echo "$@"
for realm in "$@"; do
echo "Attempt to delete realm: $realm"
__check_admin_token
- curl --proxy $KUBERNETESHOST:$KC_PROXY_PORT -s \
- -X DELETE \
- -H "Authorization: Bearer ${ADMIN_TOKEN}" \
- "$KC_URL/admin/realms/$realm" | indent1
+
+ curl -s -X DELETE "$KUBERNETESHOST:$KC_PROXY_PORT/admin/realms/$realm" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" \
+ | indent1
+
+ echo "Command failed, delete_realms"
+ echo " OK, delete_realms"
EOF
export __realm_name=$1
envsubst < .jsonfile1 > .jsonfile2
EOF
export __realm_name=$1
envsubst < .jsonfile1 > .jsonfile2
- curl --proxy $KUBERNETESHOST:$KC_PROXY_PORT -s \
- -X POST \
- -H "Authorization: Bearer ${ADMIN_TOKEN}" \
- -H "Content-Type: application/json" \
- -d @".jsonfile2" \
- "$KC_URL/admin/realms" | indent2
+ curl -s -X POST "$KUBERNETESHOST:$KC_PROXY_PORT/admin/realms" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" \
+ -H "Content-Type: application/json" \
+ -d @".jsonfile2" \
+ | indent2
+
+ echo "Command failed, create_realms"
+ echo " OK, create_realms"
__check_admin_token
export __client_name=$1
envsubst < .jsonfile1 > .jsonfile2
__check_admin_token
export __client_name=$1
envsubst < .jsonfile1 > .jsonfile2
- curl --proxy $KUBERNETESHOST:$KC_PROXY_PORT -s \
- -X POST \
- -H "Authorization: Bearer ${ADMIN_TOKEN}" \
- -H "Content-Type: application/json" \
- -d @".jsonfile2" \
- "$KC_URL/admin/realms/$__realm/clients" | indent1
+
+ curl -s -X POST "$KUBERNETESHOST:$KC_PROXY_PORT/admin/realms/$__realm/clients" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" \
+ -H "Content-Type: application/json" \
+ -d @".jsonfile2" \
+ | indent1
+
+ echo "Command failed, create_clients"
+ echo " OK, create_clients"
shift
done
}
__get_client_id() {
shift
done
}
__get_client_id() {
- __client_data=$(curl --proxy $KUBERNETESHOST:$KC_PROXY_PORT -s \
- -X GET \
- -H "Authorization: Bearer ${ADMIN_TOKEN}" \
- "$KC_URL/admin/realms/$1/clients?clientId=$2")
+ __client_data=$(curl -s -X GET "$KUBERNETESHOST:$KC_PROXY_PORT/admin/realms/$1/clients?clientId=$2" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" )
+
if [ $? -ne 0 ]; then
return 1
fi
if [ $? -ne 0 ]; then
return 1
fi
__check_admin_token
__client_id=$(__get_client_id $__realm $1)
if [ $? -ne 0 ]; then
__check_admin_token
__client_id=$(__get_client_id $__realm $1)
if [ $? -ne 0 ]; then
+ echo "Command failed, generate_client_secrets, __get_client_id"
exit 1
fi
echo " Client id for client $1 in realm $__realm: "$__client_id | indent1
echo " Creating secret"
exit 1
fi
echo " Client id for client $1 in realm $__realm: "$__client_id | indent1
echo " Creating secret"
- __client_secret=$(curl --proxy $KUBERNETESHOST:$KC_PROXY_PORT -s \
- -X POST \
- -H "Authorization: Bearer ${ADMIN_TOKEN}" \
- "$KC_URL/admin/realms/$__realm/clients/$__client_id/client-secret")
+
+ __client_secret=$(curl -s -X POST "$KUBERNETESHOST:$KC_PROXY_PORT/admin/realms/$__realm/clients/$__client_id/client-secret" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" )
+
+ echo "Command failed, generate_client_secrets, client_secret POST"
- __client_secret=$(curl --proxy $KUBERNETESHOST:$KC_PROXY_PORT -s \
- -X GET \
- -H "Authorization: Bearer ${ADMIN_TOKEN}" \
- "$KC_URL/admin/realms/$__realm/clients/$__client_id/client-secret")
+
+ __client_secret=$(curl -s -X GET "$KUBERNETESHOST:$KC_PROXY_PORT/admin/realms/$__realm/clients/$__client_id/client-secret" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" )
+
+ echo "Command failed, generate_client_secrets, client_secret GET"
__client_secret=$(echo $__client_secret | jq -r .value)
echo " Client secret for client $1 in realm $__realm: "$__client_secret | indent1
echo $__client_secret > ".sec_$__realm""_$1"
__client_secret=$(echo $__client_secret | jq -r .value)
echo " Client secret for client $1 in realm $__realm: "$__client_secret | indent1
echo $__client_secret > ".sec_$__realm""_$1"
+ echo " OK, generate_client_secrets"
__check_admin_token
__client_id=$(__get_client_id $1 $2)
if [ $? -ne 0 ]; then
__check_admin_token
__client_id=$(__get_client_id $1 $2)
if [ $? -ne 0 ]; then
+ echo "Command failed, create_client_roles, __get_client_id"
EOF
export __role=$1
envsubst < .jsonfile1 > .jsonfile2
EOF
export __role=$1
envsubst < .jsonfile1 > .jsonfile2
- curl --proxy $KUBERNETESHOST:$KC_PROXY_PORT -s \
- -X POST \
- -H "Authorization: Bearer ${ADMIN_TOKEN}" \
- -H "Content-Type: application/json" \
- -d @".jsonfile2" \
- "$KC_URL/admin/realms/$__realm/clients/$__client_id/roles" | indent1
+
+ curl -s -X POST "$KUBERNETESHOST:$KC_PROXY_PORT/admin/realms/$__realm/clients/$__client_id/roles" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" \
+ -H "Content-Type: application/json" \
+ -d @".jsonfile2" \
+ | indent1
+
+ echo "Command failed, create_client_roles"
__get_service_account_id() {
# <realm-name> <client-id>
__get_service_account_id() {
# <realm-name> <client-id>
- __service_account_data=$(curl --proxy $KUBERNETESHOST:$KC_PROXY_PORT -s \
- -X GET \
- -H "Authorization: Bearer ${ADMIN_TOKEN}" \
- "$KC_URL/admin/realms/$1/clients/$2/service-account-user")
+
+ __service_account_data=$(curl -s -X GET "$KUBERNETESHOST:$KC_PROXY_PORT/admin/realms/$1/clients/$2/service-account-user" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" )
+
if [ $? -ne 0 ]; then
return 1
fi
if [ $? -ne 0 ]; then
return 1
fi
__service_account_id=$(echo $__service_account_data | jq -r '.id')
echo $__service_account_id
return 0
}
__service_account_id=$(echo $__service_account_data | jq -r '.id')
echo $__service_account_id
return 0
}
-# curl --proxy $KUBERNETESHOST:$KC_PROXY_PORT -s \
-# -X GET \
-# -H "Authorization: Bearer ${ADMIN_TOKEN}" \
-# "$KC_URL/admin/realms/$__realm/users/$__service_account_id/role-mappings/clients/$__client_id/available"
__get_client_available_role_id() {
# <realm-name> <service-account-id> <client-id> <client-role-name>
__get_client_available_role_id() {
# <realm-name> <service-account-id> <client-id> <client-role-name>
- __client_role_data=$(curl --proxy $KUBERNETESHOST:$KC_PROXY_PORT -s \
- -X GET \
- -H "Authorization: Bearer ${ADMIN_TOKEN}" \
- "$KC_URL/admin/realms/$1/users/$2/role-mappings/clients/$3/available")
+
+ __client_role_data=$(curl -s -X GET "$KUBERNETESHOST:$KC_PROXY_PORT/admin/realms/$1/users/$2/role-mappings/clients/$3/available" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" )
+
if [ $? -ne 0 ]; then
return 1
fi
if [ $? -ne 0 ]; then
return 1
fi
- #__client_role_id=$(echo $__client_role_data | jq -r '.id')
__client_role_id=$(echo $__client_role_data | jq -r '.[] | select(.name=="'$4'") | .id ')
echo $__client_role_id
return 0
__client_role_id=$(echo $__client_role_data | jq -r '.[] | select(.name=="'$4'") | .id ')
echo $__client_role_id
return 0
__get_client_mapped_role_id() {
# <realm-name> <service-account-id> <client-id> <client-role-name>
__get_client_mapped_role_id() {
# <realm-name> <service-account-id> <client-id> <client-role-name>
- __client_role_data=$(curl --proxy $KUBERNETESHOST:$KC_PROXY_PORT -s \
- -X GET \
- -H "Authorization: Bearer ${ADMIN_TOKEN}" \
- "$KC_URL/admin/realms/$1/users/$2/role-mappings/clients/$3")
+
+ __client_role_data=$(curl -s -X GET "$KUBERNETESHOST:$KC_PROXY_PORT/admin/realms/$1/users/$2/role-mappings/clients/$3" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" )
+
if [ $? -ne 0 ]; then
return 1
fi
if [ $? -ne 0 ]; then
return 1
fi
- #__client_role_id=$(echo $__client_role_data | jq -r '.id')
__client_role_id=$(echo $__client_role_data | jq -r '.[] | select(.name=="'$4'") | .id ')
echo $__client_role_id
return 0
__client_role_id=$(echo $__client_role_data | jq -r '.[] | select(.name=="'$4'") | .id ')
echo $__client_role_id
return 0
__client=$2
__client_id=$(__get_client_id $__realm $__client)
if [ $? -ne 0 ]; then
__client=$2
__client_id=$(__get_client_id $__realm $__client)
if [ $? -ne 0 ]; then
+ echo "Command failed, add_client_roles_mapping, __get_client_id"
exit 1
fi
echo " Client id for client $__client in realm $__realm: "$__client_id | indent1
__service_account_id=$(__get_service_account_id $__realm $__client_id)
if [ $? -ne 0 ]; then
exit 1
fi
echo " Client id for client $__client in realm $__realm: "$__client_id | indent1
__service_account_id=$(__get_service_account_id $__realm $__client_id)
if [ $? -ne 0 ]; then
+ echo "Command failed, add_client_roles_mapping, __get_service_account_id"
exit 1
fi
echo " Service account id for client $__client in realm $__realm: "$__service_account_id | indent1
shift; shift
exit 1
fi
echo " Service account id for client $__client in realm $__realm: "$__service_account_id | indent1
shift; shift
while [ $# -gt 0 ]; do
if [ $__cntr -eq 0 ]; then
echo "[" > .jsonfile2
fi
__client_role_id=$(__get_client_available_role_id $__realm $__service_account_id $__client_id $1)
if [ $? -ne 0 ]; then
while [ $# -gt 0 ]; do
if [ $__cntr -eq 0 ]; then
echo "[" > .jsonfile2
fi
__client_role_id=$(__get_client_available_role_id $__realm $__service_account_id $__client_id $1)
if [ $? -ne 0 ]; then
+ echo "Command failed, add_client_roles_mapping, __get_client_available_role_id"
exit 1
fi
#echo "CLIENT ROLE ID $1 "$__client_role_id
exit 1
fi
#echo "CLIENT ROLE ID $1 "$__client_role_id
let __cntr=__cntr+1
shift
done
let __cntr=__cntr+1
shift
done
echo "]" >> .jsonfile2
echo " Adding roles $__all_roles to client $__client in realm $__realm"
echo "]" >> .jsonfile2
echo " Adding roles $__all_roles to client $__client in realm $__realm"
- curl --proxy $KUBERNETESHOST:$KC_PROXY_PORT -s \
- -X POST \
- -H "Authorization: Bearer ${ADMIN_TOKEN}" \
- -H "Content-Type: application/json" \
- -d @".jsonfile2" \
- "$KC_URL/admin/realms/$__realm/users/$__service_account_id/role-mappings/clients/$__client_id" | indent2
+ curl -s -X POST "$KUBERNETESHOST:$KC_PROXY_PORT/admin/realms/$__realm/users/$__service_account_id/role-mappings/clients/$__client_id" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" \
+ -H "Content-Type: application/json" \
+ -d @".jsonfile2" \
+ | indent2
+
+ echo "Command failed, add_client_roles_mapping, adding roles"
+ echo " OK, add_client_roles_mapping"
__client=$2
__client_id=$(__get_client_id $__realm $__client)
if [ $? -ne 0 ]; then
__client=$2
__client_id=$(__get_client_id $__realm $__client)
if [ $? -ne 0 ]; then
+ echo "Command failed, remove_client_roles_mapping, __get_client_id"
exit 1
fi
echo " Client id for client $__client in realm $__realm: "$__client_id | indent1
__service_account_id=$(__get_service_account_id $__realm $__client_id)
if [ $? -ne 0 ]; then
exit 1
fi
echo " Client id for client $__client in realm $__realm: "$__client_id | indent1
__service_account_id=$(__get_service_account_id $__realm $__client_id)
if [ $? -ne 0 ]; then
+ echo "Command failed, remove_client_roles_mapping, __get_service_account_id"
exit 1
fi
echo " Service account id for client $__client in realm $__realm: "$__service_account_id | indent1
exit 1
fi
echo " Service account id for client $__client in realm $__realm: "$__service_account_id | indent1
fi
__client_role_id=$(__get_client_mapped_role_id $__realm $__service_account_id $__client_id $1)
if [ $? -ne 0 ]; then
fi
__client_role_id=$(__get_client_mapped_role_id $__realm $__service_account_id $__client_id $1)
if [ $? -ne 0 ]; then
+ echo "Command failed, remove_client_roles_mapping, __get_client_mapped_role_id"
exit 1
fi
#echo "CLIENT ROLE ID $1 "$__client_role_id
exit 1
fi
#echo "CLIENT ROLE ID $1 "$__client_role_id
echo "]" >> .jsonfile2
echo " Removing roles $__all_roles from client $__client in realm $__realm"
echo "]" >> .jsonfile2
echo " Removing roles $__all_roles from client $__client in realm $__realm"
- curl --proxy $KUBERNETESHOST:$KC_PROXY_PORT -s \
- -X DELETE \
- -H "Authorization: Bearer ${ADMIN_TOKEN}" \
- -H "Content-Type: application/json" \
- -d @".jsonfile2" \
- "$KC_URL/admin/realms/$__realm/users/$__service_account_id/role-mappings/clients/$__client_id" | indent2
+ curl -s -X DELETE "$KUBERNETESHOST:$KC_PROXY_PORT/admin/realms/$__realm/users/$__service_account_id/role-mappings/clients/$__client_id" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" \
+ -H "Content-Type: application/json" \
+ -d @".jsonfile2" \
+ | indent2
+
+ echo "Command failed, remove_client_roles_mapping, delete"
+ echo " OK, remove client roles mapping"
}
add_client_hardcoded-claim-mapper() {
}
add_client_hardcoded-claim-mapper() {
}
EOF
envsubst < .jsonfile1 > .jsonfile2
}
EOF
envsubst < .jsonfile1 > .jsonfile2
- curl --proxy $KUBERNETESHOST:$KC_PROXY_PORT -s \
- -X POST \
- -H "Authorization: Bearer ${ADMIN_TOKEN}" \
- -H "Content-Type: application/json" \
- -d @".jsonfile2" \
- "$KC_URL/admin/realms/nonrtric-realm/clients/"$__client_id"/protocol-mappers/models" | indent2
+
+ curl -s -X POST "$KUBERNETESHOST:$KC_PROXY_PORT/admin/realms/nonrtric-realm/clients/"$__client_id"/protocol-mappers/models" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" \
+ -H "Content-Type: application/json" \
+ -d @".jsonfile2" \
+ | indent2
+
+ echo "Command failed, add_client_hardcoded-claim-mapper"
exit 1
fi
set +x
cat .jsonfile2
exit 1
fi
set +x
cat .jsonfile2
+ echo " OK, add_client_hardcoded-claim-mapper"
fi
#echo " Client id for client $__client in realm $__realm: "$__client_id | indent1
fi
#echo " Client id for client $__client in realm $__realm: "$__client_id | indent1
- __client_secret=$(curl --proxy $KUBERNETESHOST:$KC_PROXY_PORT -s -f \
- -X GET \
- -H "Authorization: Bearer ${ADMIN_TOKEN}" \
- "$KC_URL/admin/realms/$__realm/clients/$__client_id/client-secret")
+ __client_secret=$(curl -s -f -X GET "$KUBERNETESHOST:$KC_PROXY_PORT/admin/realms/$__realm/clients/$__client_id/client-secret" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" )
+
if [ $? -ne 0 ]; then
echo " Fatal error when getting client secret, response: "$?
exit 1
if [ $? -ne 0 ]; then
echo " Fatal error when getting client secret, response: "$?
exit 1
__client_secret=$(echo $__client_secret | jq -r .value)
__client_secret=$(echo $__client_secret | jq -r .value)
- __TMP_TOKEN=$(curl --proxy $KUBERNETESHOST:$KC_PROXY_PORT -f -s -X POST $KC_URL/realms/$__realm/protocol/openid-connect/token \
- -H Content-Type:application/x-www-form-urlencoded \
- -d client_id="$__client" -d client_secret="$__client_secret" -d grant_type=client_credentials)
+ __TMP_TOKEN=$(curl -s -f -X POST "$KUBERNETESHOST:$KC_PROXY_PORT/realms/$__realm/protocol/openid-connect/token" \
+ -H Content-Type:application/x-www-form-urlencoded \
+ -d client_id="$__client" -d client_secret="$__client_secret" -d grant_type=client_credentials)
+
if [ $? -ne 0 ]; then
echo " Fatal error when getting client token, response: "$?
exit 1
if [ $? -ne 0 ]; then
echo " Fatal error when getting client token, response: "$?
exit 1