From 2be15a47d2884b14926d0b0e0bbf8ef04ee407ca Mon Sep 17 00:00:00 2001 From: demskeq8 Date: Mon, 7 Oct 2024 13:54:14 +0200 Subject: [PATCH] solution: provide configuration with external certificates Issue-ID: OAM-421 Change-Id: I4b4dd70cd004bafca17806db26322a57ba822e9d Signed-off-by: demskeq8 --- solution/README.md | 16 +++++++ solution/setup.sh | 55 ++++++++++++++++++++++ solution/smo/common/.env | 3 ++ .../docker-compose-gateway-cert.override.yaml | 50 ++++++++++++++++++++ solution/smo/common/docker-compose.yaml | 2 + .../smo/common/gateway/certs/mydomain_cert.pem | 0 solution/smo/common/gateway/certs/mydomain_key.pem | 0 solution/smo/common/gateway/dynamic.yml | 4 ++ 8 files changed, 130 insertions(+) create mode 100755 solution/smo/common/docker-compose-gateway-cert.override.yaml create mode 100644 solution/smo/common/gateway/certs/mydomain_cert.pem create mode 100644 solution/smo/common/gateway/certs/mydomain_key.pem create mode 100644 solution/smo/common/gateway/dynamic.yml diff --git a/solution/README.md b/solution/README.md index 5386d7d..cee1241 100644 --- a/solution/README.md +++ b/solution/README.md @@ -317,3 +317,19 @@ The commands ... docker ps -a docker compose ps docker rm -f $(docker ps -aq) + +### Certificates + +By default solution comes up with self signed certificates. These certificates are created automatically + +``` +./setup.sh +``` +In case of external certifictes both key-file and certificate should be provided in PEM-format. +`setup.sh`copies the files in the right directory and starts the solution +``` +ls *.pem +#cert.pem key.pem +./setup.sh --cert ./cert.pem --key ./key.pem +``` + diff --git a/solution/setup.sh b/solution/setup.sh index aeaf87e..13c0a28 100755 --- a/solution/setup.sh +++ b/solution/setup.sh @@ -18,6 +18,17 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +<<<<<<< PATCH SET (ec15d2 solution: provide configuration with external certificates) +# Function to display usage information +usage() { + echo "Usage: " + echo "Start solution with out certificates: $0 " + echo "With certificates: $0 --cert --key " + echo " --cert Path to the certificate file." + echo " --key Path to the private key file." + exit 1 +} +======= cat /etc/os-release | grep PRETTY_NAME docker --version docker compose version @@ -33,6 +44,50 @@ docker compose -f $SCRIPT_DIR/smo/oam/docker-compose.yaml up -d # docker compose -f network/docker-compose.yaml up -d # docker compose -f network/docker-compose.yaml restart pynts-o-du-o1 +>>>>>>> BASE (0d0368 Generate GeoJSON for topology) +deploy(){ + if [ -z "$1" ]; then + docker compose -f $SCRIPT_DIR/smo/common/docker-compose.yaml up -d --wait + else + docker compose -f $SCRIPT_DIR/smo/common/docker-compose.yaml -f $SCRIPT_DIR/smo/common/docker-compose-gateway-cert.override.yaml up -d --wait + fi + python3 create_users.py $SCRIPT_DIR/users.csv -o $SCRIPT_DIR/smo/common/identity/authentication.json + python3 $SCRIPT_DIR/smo/common/identity/config.py + docker compose -f $SCRIPT_DIR/smo/oam/docker-compose.yaml up -d +} +# Parse parameters +while [[ "$#" -gt 0 ]]; do + case $1 in + --cert) CERT_FILE="$2"; shift ;; + --key) KEY_FILE="$2"; shift ;; + --help) usage; exit 0;; + *) echo "Start solution without external certificates...";; + esac + shift +done +# Validate that both --cert and --key were provided +if [ -z "$CERT_FILE" ] && [ -z "$KEY_FILE" ]; then + deploy +else + # Check if the certificate file exists + if [ -f "$CERT_FILE" ]; then + echo "Certificate file found: $CERT_FILE" + cp -f $CERT_FILE $SCRIPT_DIR/smo/common/gateway/certs/mydomain_cert.pem + else + echo "Error: Certificate file not found at $CERT_FILE" + exit 1 + fi + + # Check if the key file exists + if [ -f "$KEY_FILE" ]; then + echo "Key file found: $KEY_FILE" + cp -f $KEY_FILE $SCRIPT_DIR/smo/common/gateway/certs/mydomain_key.pem + else + echo "Error: Key file not found at $KEY_FILE" + exit 1 + fi + deploy "cert" +fi diff --git a/solution/smo/common/.env b/solution/smo/common/.env index 26810e8..325bd18 100644 --- a/solution/smo/common/.env +++ b/solution/smo/common/.env @@ -28,6 +28,9 @@ HTTP_DOMAIN=smo.o-ran-sc.org TRAEFIK_IMAGE=traefik:v2.9.6 TRAEFIK_LOG_LEVEL=DEBUG TRAEFIK_NETWORK_NAME=dmz +TRAEFIK_DOMAIN_CERT_DIR=./gateway/certs +TRAEFIK_DOMAIN_CERT_FILE=mydomain_cert.pem # in PEM format +TRAEFIK_DOMAIN_CERT_KEY_FILE=mydomain_key.pem # in PEM format # Identity server IDENTITY_IMAGE=bitnami/keycloak:18.0.2 diff --git a/solution/smo/common/docker-compose-gateway-cert.override.yaml b/solution/smo/common/docker-compose-gateway-cert.override.yaml new file mode 100755 index 0000000..c937c96 --- /dev/null +++ b/solution/smo/common/docker-compose-gateway-cert.override.yaml @@ -0,0 +1,50 @@ +################################################################################ +# Copyright 2024 highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# no more versions needed! Compose spec supports all features w/o a version +version: "3.8" +services: + gateway: + command: + - --serverstransport.insecureskipverify=true + - --log.level=${TRAEFIK_LOG_LEVEL} + - --global.sendanonymoususage=false + - --global.checkNewVersion=false + - --api.insecure=true + - --api.dashboard=true + - --api.debug=true + - --ping + - --accesslog=false + - --entrypoints.web.address=:80 + - --entrypoints.web.http.redirections.entrypoint.to=websecure + - --entrypoints.web.http.redirections.entrypoint.scheme=https + - --entrypoints.websecure.address=:443 + - --entrypoints.websecure.http.tls.domains[0].main=gateway.${HTTP_DOMAIN} + - --entrypoints.websecure.http.tls.domains[0].sans=*.${HTTP_DOMAIN} + - --entrypoints.ssh-netconf-callhome.address=:4334 + - --entrypoints.tls-netconf-callhome.address=:4335 + - --providers.docker.endpoint=unix:///var/run/docker.sock + - --providers.docker.network=${TRAEFIK_NETWORK_NAME} + - --providers.docker.exposedByDefault=false + - --providers.docker.watch=true + - --providers.file.filename=/middleware.yaml + - --providers.file.filename=/dynamic.yml + + volumes: + - ./gateway/dynamic.yml:/dynamic.yml:ro + - ${TRAEFIK_DOMAIN_CERT_DIR}/${TRAEFIK_DOMAIN_CERT_FILE}:/certs/domain-cert.pem:ro + - ${TRAEFIK_DOMAIN_CERT_DIR}/${TRAEFIK_DOMAIN_CERT_KEY_FILE}:/certs/domain-cert-key.pem:ro + + \ No newline at end of file diff --git a/solution/smo/common/docker-compose.yaml b/solution/smo/common/docker-compose.yaml index dd91d26..a315a45 100755 --- a/solution/smo/common/docker-compose.yaml +++ b/solution/smo/common/docker-compose.yaml @@ -58,10 +58,12 @@ services: - --providers.docker.exposedByDefault=false - --providers.docker.watch=true - --providers.file.filename=/middleware.yaml + volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./gateway/conf/middleware.yaml:/middleware.yaml:ro - ./gateway/conf/.htpasswd:/.htpasswd:ro + labels: traefik.enable: true traefik.http.middlewares.traefik-auth.basicauth.usersfile: .htpasswd diff --git a/solution/smo/common/gateway/certs/mydomain_cert.pem b/solution/smo/common/gateway/certs/mydomain_cert.pem new file mode 100644 index 0000000..e69de29 diff --git a/solution/smo/common/gateway/certs/mydomain_key.pem b/solution/smo/common/gateway/certs/mydomain_key.pem new file mode 100644 index 0000000..e69de29 diff --git a/solution/smo/common/gateway/dynamic.yml b/solution/smo/common/gateway/dynamic.yml new file mode 100644 index 0000000..335a722 --- /dev/null +++ b/solution/smo/common/gateway/dynamic.yml @@ -0,0 +1,4 @@ +tls: + certificates: + - certFile: "/certs/domain-cert.pem" + keyFile: "/certs/domain-cert-key.pem" -- 2.16.6