From 5e86598b98686e26818749c868cdb929dfff7d87 Mon Sep 17 00:00:00 2001 From: Bin Yang Date: Tue, 22 Nov 2022 12:20:04 +0800 Subject: [PATCH] Replace webserver with gunicorn Issue-ID: INF-368 Signed-off-by: Bin Yang Change-Id: Idb31627376af9da06dab69457fd800ea212022c8 --- .gitignore | 4 ++ README-docker-compose.md | 80 +++++++++++++++++++++++ charts/resources/scripts/init/o2_helmcli_start.sh | 16 +++++ charts/resources/scripts/init/o2api_start.sh | 21 +----- charts/resources/scripts/init/o2pubsub_start.sh | 7 +- charts/resources/scripts/init/o2watcher_start.sh | 8 +-- charts/templates/deployment.yaml | 20 +++--- docker-compose.yml | 2 +- requirements.txt | 2 + tests/o2app-api-entry2.sh | 29 ++++++++ 10 files changed, 146 insertions(+), 43 deletions(-) create mode 100644 README-docker-compose.md create mode 100644 tests/o2app-api-entry2.sh diff --git a/.gitignore b/.gitignore index 6ae62d8..5f213db 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,7 @@ __pycache__ temp docs/_build/ configs/kubeconfig_*.config +*.pem +*.crt +*.csr +*.key diff --git a/README-docker-compose.md b/README-docker-compose.md new file mode 100644 index 0000000..b1e1647 --- /dev/null +++ b/README-docker-compose.md @@ -0,0 +1,80 @@ + +# local test with docker-compose + +## build images + +```sh +mkdir -p /home/sysadmin/share +sudo docker run -dt --privileged -v /home/sysadmin/share/:/home/sysadmin/share/ -v /var/run:/var/run --name o2imsbuilder centos:7 +``` + +## Build O2 service images inside the builder container + + +```sh +sudo docker exec -it o2imsbuilder bash +``` + + +```sh +curl -L https://get.daocloud.io/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose +chmod +x /usr/local/bin/docker-compose +docker-compose -v + +yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo +yum makecache fast +yum install -y docker-ce +docker ps + +yum install -y git + +cd /home/sysadmin/share/ +git clone "https://gerrit.o-ran-sc.org/r/pti/o2" +cd o2 + +mkdir -p temp +cd temp +git clone --depth 1 --branch r/stx.7.0 https://opendev.org/starlingx/config.git +git clone --depth 1 --branch r/stx.7.0 https://opendev.org/starlingx/distcloud-client.git + +git clone --depth 1 --branch r/stx.7.0 https://opendev.org/starlingx/fault.git +cd - + +docker-compose build + +exit + +``` + +## utilize a server certificates signed by a self-signed CA + +~~~sh +cd o2/tests +openssl genrsa -out my-root-ca-key.pem 2048 +openssl req -x509 -new -nodes -key my-root-ca-key.pem -days 1024 -out my-root-ca-cert.pem -outform PEM +openssl genrsa -out my-server-key.pem 2048 +openssl req -new -key my-server-key.pem -out my-server.csr + +echo subjectAltName = IP:127.0.0.1 > extfile.cnf +openssl x509 -req -in my-server.csr -CA my-root-ca-cert.pem -CAkey my-root-ca-key.pem -CAcreateserial -out my-server-cert.pem -days 365 -extfile extfile.cnf +cat my-server-cert.pem my-server-key.pem > my-server.pem + +~~~ + +Assuming, we can get following files after performing procedure above: + +Local CA certificate - my-root-ca-cert.pem +Server certificate - my-server-cert.pem +Server key - my-server-key.pem + + +## Bring up docker containers + +~~~sh +docker-compose build +docker-compose up -d + +docker ps |grep o2 +docker logs -f o2_api_1 +docker logs -f o2_watcher_1 +~~~ diff --git a/charts/resources/scripts/init/o2_helmcli_start.sh b/charts/resources/scripts/init/o2_helmcli_start.sh index 006b121..135882d 100644 --- a/charts/resources/scripts/init/o2_helmcli_start.sh +++ b/charts/resources/scripts/init/o2_helmcli_start.sh @@ -1,3 +1,19 @@ +# Copyright (C) 2022 Wind River Systems, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#!/bin/bash + apt-get update && apt-get install ssh -y if [ -z "${HELM_USER_PASSWD}" ]; diff --git a/charts/resources/scripts/init/o2api_start.sh b/charts/resources/scripts/init/o2api_start.sh index 6c7ebbf..243d86c 100644 --- a/charts/resources/scripts/init/o2api_start.sh +++ b/charts/resources/scripts/init/o2api_start.sh @@ -1,4 +1,4 @@ -# Copyright (C) 2021 Wind River Systems, Inc. +# Copyright (C) 2021-2022 Wind River Systems, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,23 +14,6 @@ #!/bin/bash -# pull latest code to debug -# cd /root/ -# git clone "https://gerrit.o-ran-sc.org/r/pti/o2" -# cd o2 -# git pull https://gerrit.o-ran-sc.org/r/pti/o2 refs/changes/85/7085/5 -# pip install retry - -# pip install -e /root/o2 -# pip install -e /src - -cat <>/etc/hosts -127.0.0.1 api -127.0.0.1 postgres -127.0.0.1 redis -EOF - - -flask run --host=0.0.0.0 --port=80 --cert /configs/server.crt --key /configs/server.key +gunicorn -b 0.0.0.0:80 o2app.entrypoints.flask_application:app --certfile /configs/server.crt --keyfile /configs/server.key sleep infinity diff --git a/charts/resources/scripts/init/o2pubsub_start.sh b/charts/resources/scripts/init/o2pubsub_start.sh index 6b54b12..4e3a849 100644 --- a/charts/resources/scripts/init/o2pubsub_start.sh +++ b/charts/resources/scripts/init/o2pubsub_start.sh @@ -1,4 +1,4 @@ -# Copyright (C) 2021 Wind River Systems, Inc. +# Copyright (C) 2021-2022 Wind River Systems, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,11 +14,6 @@ #!/bin/bash -# pull latest code to debug -# cd /root/ -# git clone "https://gerrit.o-ran-sc.org/r/pti/o2" -# pip install -e /root/o2 - # python /root/o2/o2app/entrypoints/redis_eventconsumer.py python /src/o2app/entrypoints/redis_eventconsumer.py diff --git a/charts/resources/scripts/init/o2watcher_start.sh b/charts/resources/scripts/init/o2watcher_start.sh index d4add91..fa3e31b 100644 --- a/charts/resources/scripts/init/o2watcher_start.sh +++ b/charts/resources/scripts/init/o2watcher_start.sh @@ -1,4 +1,4 @@ -# Copyright (C) 2021 Wind River Systems, Inc. +# Copyright (C) 2021-2022 Wind River Systems, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,12 +14,6 @@ #!/bin/bash -# pull latest code to debug -# cd /root/ -# git clone "https://gerrit.o-ran-sc.org/r/pti/o2" -# pip install -e /root/o2 - -# python /root/o2/o2app/entrypoints/resource_watcher.py python /src/o2app/entrypoints/resource_watcher.py sleep infinity diff --git a/charts/templates/deployment.yaml b/charts/templates/deployment.yaml index 98dc174..d912a06 100644 --- a/charts/templates/deployment.yaml +++ b/charts/templates/deployment.yaml @@ -68,7 +68,7 @@ spec: command: ["/bin/bash", "/opt/o2pubsub_start.sh"] env: - name: DB_HOST - value: postgres + value: localhost - name: DB_PASSWORD value: o2ims123 - name: LOGGING_CONFIG_LEVEL @@ -82,7 +82,7 @@ spec: - name: PYTHONDONTWRITEBYTECODE value: "1" - name: REDIS_HOST - value: redis + value: localhost - name: K8S_KUBECONFIG value: {{ .Values.ocloud.K8S_KUBECONFIG }} volumeMounts: @@ -102,7 +102,7 @@ spec: - name: API_HOST_EXTERNAL_FLOATING value: {{ .Values.ocloud.API_HOST_EXTERNAL_FLOATING }} - name: DB_HOST - value: postgres + value: localhost - name: DB_PASSWORD value: o2ims123 - name: LOGGING_CONFIG_LEVEL @@ -116,7 +116,7 @@ spec: - name: PYTHONDONTWRITEBYTECODE value: "1" - name: REDIS_HOST - value: redis + value: localhost volumeMounts: - name: scripts mountPath: /opt @@ -132,13 +132,13 @@ spec: - name: API_HOST_EXTERNAL_FLOATING value: {{ .Values.ocloud.API_HOST_EXTERNAL_FLOATING }} - name: DB_HOST - value: postgres + value: localhost - name: DB_PASSWORD value: o2ims123 - - name: FLASK_APP - value: /src/o2app/entrypoints/flask_application.py - - name: FLASK_DEBUG - value: {{ .Values.o2ims.logginglevel }} + # - name: FLASK_APP + # value: /src/o2app/entrypoints/flask_application.py + # - name: FLASK_DEBUG + # value: {{ .Values.o2ims.logginglevel }} - name: LOGGING_CONFIG_LEVEL value: {{ .Values.o2ims.logginglevel }} - name: OS_AUTH_URL @@ -149,7 +149,7 @@ spec: - name: PYTHONUNBUFFERED value: "1" - name: REDIS_HOST - value: redis + value: localhost - name: HELM_USER_PASSWD value: {{ .Values.ocloud.HELM_USER_PASSWD }} command: ["/bin/bash", "/opt/o2api_start.sh"] diff --git a/docker-compose.yml b/docker-compose.yml index ca73018..eae9a94 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -77,7 +77,7 @@ services: - ./tests:/tests entrypoint: - /bin/sh - - /tests/o2app-api-entry.sh + - /tests/o2app-api-entry2.sh ports: - "5005:80" diff --git a/requirements.txt b/requirements.txt index 33350d5..d86790b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -20,3 +20,5 @@ ruamel.yaml==0.17.17 werkzeug<=2.1.2 pyOpenSSL + +gunicorn diff --git a/tests/o2app-api-entry2.sh b/tests/o2app-api-entry2.sh new file mode 100644 index 0000000..19b9a04 --- /dev/null +++ b/tests/o2app-api-entry2.sh @@ -0,0 +1,29 @@ +#!/bin/sh + +# pip install -e /src +# python /o2ims/entrypoints/resource_watcher.py + +mkdir -p /etc/o2 +cp -r /configs/* /etc/o2/ +mkdir -p /src/o2common +cp -r /o2common/* /src/o2common +mkdir -p /src/o2ims +cp -r /o2ims/* /src/o2ims +mkdir -p /src/o2dms +cp -r /o2dms/* /src/o2dms +mkdir -p /src/o2app +cp -r /o2app/* /src/o2app +mkdir -p /src/helm_sdk +cp -r /helm_sdk/* /src/helm_sdk + +pip install -e /src + +if [ -e '/tests/my-server-cert.pem' ] +then +cp /tests/my-root-ca-cert.pem /configs/my-root-ca-cert.pem +cp /tests/my-server-cert.pem /configs/server.crt +cp /tests/my-server-key.pem /configs/server.key +gunicorn -b 0.0.0.0:80 o2app.entrypoints.flask_application:app --certfile /configs/server.crt --keyfile /configs/server.key +else +gunicorn -b 0.0.0.0:80 o2app.entrypoints.flask_application:app +fi -- 2.16.6