docker ps -a
docker compose ps
docker rm -f $(docker ps -aq)
+
+### Certificates
+
+By default solution comes up with self signed certificates. These certificates are created automatically
+
+```
+./setup.sh
+```
+In case of external certifictes both key-file and certificate should be provided in PEM-format.
+`setup.sh`copies the files in the right directory and starts the solution
+```
+ls *.pem
+#cert.pem key.pem
+./setup.sh --cert ./cert.pem --key ./key.pem
+```
+
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+<<<<<<< PATCH SET (ec15d2 solution: provide configuration with external certificates)
+# Function to display usage information
+usage() {
+ echo "Usage: "
+ echo "Start solution with out certificates: $0 "
+ echo "With certificates: $0 --cert <certificate_file> --key <key_file>"
+ echo " --cert Path to the certificate file."
+ echo " --key Path to the private key file."
+ exit 1
+}
+=======
cat /etc/os-release | grep PRETTY_NAME
docker --version
docker compose version
# docker compose -f network/docker-compose.yaml up -d
# docker compose -f network/docker-compose.yaml restart pynts-o-du-o1
+>>>>>>> BASE (0d0368 Generate GeoJSON for topology)
+deploy(){
+ if [ -z "$1" ]; then
+ docker compose -f $SCRIPT_DIR/smo/common/docker-compose.yaml up -d --wait
+ else
+ docker compose -f $SCRIPT_DIR/smo/common/docker-compose.yaml -f $SCRIPT_DIR/smo/common/docker-compose-gateway-cert.override.yaml up -d --wait
+ fi
+ python3 create_users.py $SCRIPT_DIR/users.csv -o $SCRIPT_DIR/smo/common/identity/authentication.json
+ python3 $SCRIPT_DIR/smo/common/identity/config.py
+ docker compose -f $SCRIPT_DIR/smo/oam/docker-compose.yaml up -d
+}
+# Parse parameters
+while [[ "$#" -gt 0 ]]; do
+ case $1 in
+ --cert) CERT_FILE="$2"; shift ;;
+ --key) KEY_FILE="$2"; shift ;;
+ --help) usage; exit 0;;
+ *) echo "Start solution without external certificates...";;
+ esac
+ shift
+done
+# Validate that both --cert and --key were provided
+if [ -z "$CERT_FILE" ] && [ -z "$KEY_FILE" ]; then
+ deploy
+else
+ # Check if the certificate file exists
+ if [ -f "$CERT_FILE" ]; then
+ echo "Certificate file found: $CERT_FILE"
+ cp -f $CERT_FILE $SCRIPT_DIR/smo/common/gateway/certs/mydomain_cert.pem
+ else
+ echo "Error: Certificate file not found at $CERT_FILE"
+ exit 1
+ fi
+
+ # Check if the key file exists
+ if [ -f "$KEY_FILE" ]; then
+ echo "Key file found: $KEY_FILE"
+ cp -f $KEY_FILE $SCRIPT_DIR/smo/common/gateway/certs/mydomain_key.pem
+ else
+ echo "Error: Key file not found at $KEY_FILE"
+ exit 1
+ fi
+ deploy "cert"
+fi
TRAEFIK_IMAGE=traefik:v2.9.6
TRAEFIK_LOG_LEVEL=DEBUG
TRAEFIK_NETWORK_NAME=dmz
+TRAEFIK_DOMAIN_CERT_DIR=./gateway/certs
+TRAEFIK_DOMAIN_CERT_FILE=mydomain_cert.pem # in PEM format
+TRAEFIK_DOMAIN_CERT_KEY_FILE=mydomain_key.pem # in PEM format
# Identity server
IDENTITY_IMAGE=bitnami/keycloak:18.0.2
--- /dev/null
+################################################################################
+# Copyright 2024 highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# no more versions needed! Compose spec supports all features w/o a version
+version: "3.8"
+services:
+ gateway:
+ command:
+ - --serverstransport.insecureskipverify=true
+ - --log.level=${TRAEFIK_LOG_LEVEL}
+ - --global.sendanonymoususage=false
+ - --global.checkNewVersion=false
+ - --api.insecure=true
+ - --api.dashboard=true
+ - --api.debug=true
+ - --ping
+ - --accesslog=false
+ - --entrypoints.web.address=:80
+ - --entrypoints.web.http.redirections.entrypoint.to=websecure
+ - --entrypoints.web.http.redirections.entrypoint.scheme=https
+ - --entrypoints.websecure.address=:443
+ - --entrypoints.websecure.http.tls.domains[0].main=gateway.${HTTP_DOMAIN}
+ - --entrypoints.websecure.http.tls.domains[0].sans=*.${HTTP_DOMAIN}
+ - --entrypoints.ssh-netconf-callhome.address=:4334
+ - --entrypoints.tls-netconf-callhome.address=:4335
+ - --providers.docker.endpoint=unix:///var/run/docker.sock
+ - --providers.docker.network=${TRAEFIK_NETWORK_NAME}
+ - --providers.docker.exposedByDefault=false
+ - --providers.docker.watch=true
+ - --providers.file.filename=/middleware.yaml
+ - --providers.file.filename=/dynamic.yml
+
+ volumes:
+ - ./gateway/dynamic.yml:/dynamic.yml:ro
+ - ${TRAEFIK_DOMAIN_CERT_DIR}/${TRAEFIK_DOMAIN_CERT_FILE}:/certs/domain-cert.pem:ro
+ - ${TRAEFIK_DOMAIN_CERT_DIR}/${TRAEFIK_DOMAIN_CERT_KEY_FILE}:/certs/domain-cert-key.pem:ro
+
+
\ No newline at end of file
- --providers.docker.exposedByDefault=false
- --providers.docker.watch=true
- --providers.file.filename=/middleware.yaml
+
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./gateway/conf/middleware.yaml:/middleware.yaml:ro
- ./gateway/conf/.htpasswd:/.htpasswd:ro
+
labels:
traefik.enable: true
traefik.http.middlewares.traefik-auth.basicauth.usersfile: .htpasswd
--- /dev/null
+tls:
+ certificates:
+ - certFile: "/certs/domain-cert.pem"
+ keyFile: "/certs/domain-cert-key.pem"
Code Review / oam.git / commitdiff