From 9ab67f5d44b9e5bfcafddd6ea5e0ae10f68ca110 Mon Sep 17 00:00:00 2001 From: ecaiyanlinux Date: Thu, 14 May 2020 15:11:45 +0200 Subject: [PATCH] Update a1-interface with nginx to support https a1-interface is implemented with python flask It does not support both http/https at the same time This commit installs nginx in python image nginx is serving http/https requests All real traffic will be forwarded to python process nginx is serving as a pure reverse-proxy Issue-ID: NONRTRIC-218 Signed-off-by: ecaiyanlinux Change-Id: I1edcd0d02023643feca042689283ef242d39e555 --- near-rt-ric-simulator/Dockerfile | 10 ++- near-rt-ric-simulator/certificate/pass | 1 + near-rt-ric-simulator/nginx.conf | 100 +++++++++++++++++++++ near-rt-ric-simulator/src/1.1.x-alpha.2/main.py | 13 +-- near-rt-ric-simulator/src/OSC_2.1.0/main.py | 30 ++++--- near-rt-ric-simulator/src/STD_1.1.3/main.py | 13 +-- near-rt-ric-simulator/src/common/maincommon.py | 1 + near-rt-ric-simulator/src/start.sh | 4 + .../test/1.1.x-alpha.2/build_and_start.sh | 19 +--- near-rt-ric-simulator/test/OSC_2.1.0/basic_test.sh | 4 +- .../test/OSC_2.1.0/build_and_start.sh | 19 +--- near-rt-ric-simulator/test/STD_1.1.3/basic_test.sh | 2 +- .../test/STD_1.1.3/build_and_start.sh | 21 +---- 13 files changed, 151 insertions(+), 86 deletions(-) create mode 100644 near-rt-ric-simulator/certificate/pass create mode 100644 near-rt-ric-simulator/nginx.conf diff --git a/near-rt-ric-simulator/Dockerfile b/near-rt-ric-simulator/Dockerfile index 4eaf9ed..05a75fd 100644 --- a/near-rt-ric-simulator/Dockerfile +++ b/near-rt-ric-simulator/Dockerfile @@ -21,8 +21,16 @@ WORKDIR /usr/src/app RUN pip install connexion[swagger-ui] -COPY src src +#install nginx +RUN apt-get update +RUN apt-get install -y nginx=1.14.* + +#install curl +RUN apt-get install -y curl +COPY src src COPY api api +COPY nginx.conf nginx.conf +RUN chmod +x src/start.sh CMD src/start.sh ${A1_VERSION} diff --git a/near-rt-ric-simulator/certificate/pass b/near-rt-ric-simulator/certificate/pass new file mode 100644 index 0000000..30d74d2 --- /dev/null +++ b/near-rt-ric-simulator/certificate/pass @@ -0,0 +1 @@ +test \ No newline at end of file diff --git a/near-rt-ric-simulator/nginx.conf b/near-rt-ric-simulator/nginx.conf new file mode 100644 index 0000000..5ba9dbe --- /dev/null +++ b/near-rt-ric-simulator/nginx.conf @@ -0,0 +1,100 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + server { # simple reverse-proxy + listen 8085; + listen [::]:8085; + listen 8185 ssl; + listen [::]:8185 ssl; + server_name localhost; + ssl_certificate /usr/src/app/cert/cert.crt; + ssl_certificate_key /usr/src/app/cert/key.crt; + ssl_password_file /usr/src/app/cert/pass; + + # serve dynamic requests + location / { + proxy_pass http://localhost:2222; + } + } + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} \ No newline at end of file diff --git a/near-rt-ric-simulator/src/1.1.x-alpha.2/main.py b/near-rt-ric-simulator/src/1.1.x-alpha.2/main.py index e979bd8..ddba11e 100644 --- a/near-rt-ric-simulator/src/1.1.x-alpha.2/main.py +++ b/near-rt-ric-simulator/src/1.1.x-alpha.2/main.py @@ -130,18 +130,11 @@ def getCounter(countername): return "Counter name: "+countername+" not found.",404 -port_number = 8085 +port_number = 2222 if len(sys.argv) >= 2: if isinstance(sys.argv[1], int): port_number = sys.argv[1] -port_number_secure=8185 - app.add_api('a1-openapi.yaml') -context=get_security_context() -if (context == None): - print("Start on non-secure port: "+str(port_number)) - app.run(port=port_number, host="::") -else: - print("Start on secure port: "+str(port_number_secure)) - app.run(port=port_number_secure, host="::", ssl_context=context) \ No newline at end of file + +app.run(port=port_number, host="127.0.0.1", threaded=False) \ No newline at end of file diff --git a/near-rt-ric-simulator/src/OSC_2.1.0/main.py b/near-rt-ric-simulator/src/OSC_2.1.0/main.py index 2614ada..dc25626 100644 --- a/near-rt-ric-simulator/src/OSC_2.1.0/main.py +++ b/near-rt-ric-simulator/src/OSC_2.1.0/main.py @@ -26,11 +26,28 @@ from flask import Flask, escape, request, Response from jsonschema import validate from var_declaration import policy_instances, policy_types, policy_status, policy_fingerprint, forced_settings, hosts_set from maincommon import * +from time import sleep check_apipath() app = connexion.FlaskApp(__name__, specification_dir=apipath) +t=[] ##varialbe for test purpose + +#long poll +@app.route('/long', methods=['GET']) +def longpoll(): + global t + sleep(10) + t.append(1) + return Response(str(t), 200, mimetype='text/plain') + +#short poll +@app.route('/short', methods=['GET']) +def shortpoll(): + global t + t.append(2) + return Response(str(t), 200, mimetype='text/plain') #Check alive function @app.route('/', methods=['GET']) @@ -199,18 +216,11 @@ def getCounter(countername): else: return Response("Counter name: "+countername+" not found.",404, mimetype='text/plain') -port_number = 8085 +port_number = 2222 if len(sys.argv) >= 2: if isinstance(sys.argv[1], int): port_number = sys.argv[1] -port_number_secure=8185 - app.add_api('openapi.yaml') -context=get_security_context() -if (context == None): - print("Start on non-secure port: "+str(port_number)) - app.run(port=port_number, host="::") -else: - print("Start on secure port: "+str(port_number_secure)) - app.run(port=port_number_secure, host="::", ssl_context=context) \ No newline at end of file + +app.run(port=port_number, host="127.0.0.1", threaded=False) \ No newline at end of file diff --git a/near-rt-ric-simulator/src/STD_1.1.3/main.py b/near-rt-ric-simulator/src/STD_1.1.3/main.py index c46d950..ce0854e 100644 --- a/near-rt-ric-simulator/src/STD_1.1.3/main.py +++ b/near-rt-ric-simulator/src/STD_1.1.3/main.py @@ -164,18 +164,11 @@ def getCounter(countername): else: return Response("Counter name: "+countername+" not found.",404, mimetype='text/plain') -port_number = 8085 +port_number = 2222 if len(sys.argv) >= 2: if isinstance(sys.argv[1], int): port_number = sys.argv[1] -port_number_secure=8185 - app.add_api('STD_A1.yaml') -context=get_security_context() -if (context == None): - print("Start on non-secure port: "+str(port_number)) - app.run(port=port_number, host="::") -else: - print("Start on secure port: "+str(port_number_secure)) - app.run(port=port_number_secure, host="::", ssl_context=context) + +app.run(port=port_number, host="127.0.0.1", threaded=False) \ No newline at end of file diff --git a/near-rt-ric-simulator/src/common/maincommon.py b/near-rt-ric-simulator/src/common/maincommon.py index 79cda3b..ee52d55 100644 --- a/near-rt-ric-simulator/src/common/maincommon.py +++ b/near-rt-ric-simulator/src/common/maincommon.py @@ -40,6 +40,7 @@ def get_supported_interfaces_response(): arr = os.listdir("../") del arr[arr.index('common')] # Remove the common lib del arr[arr.index('start.sh')] # Remove the start script + arr.sort() return Response("Current interface: " + str(pp[len(pp)-1]) + " All supported A1 interface yamls in this container: "+str(arr), 200, mimetype='text/plain') # Remote host lookup and store host name in a set diff --git a/near-rt-ric-simulator/src/start.sh b/near-rt-ric-simulator/src/start.sh index a424b5a..73491bd 100755 --- a/near-rt-ric-simulator/src/start.sh +++ b/near-rt-ric-simulator/src/start.sh @@ -37,5 +37,9 @@ echo "PYTHONPATH set to: "$PYTHONPATH cd $1 +#start nginx +nginx -c /usr/src/app/nginx.conf + +#start near-rt-ric-simulator echo "Path to main.py: "$PWD python -u main.py diff --git a/near-rt-ric-simulator/test/1.1.x-alpha.2/build_and_start.sh b/near-rt-ric-simulator/test/1.1.x-alpha.2/build_and_start.sh index 413ea89..4cabff3 100755 --- a/near-rt-ric-simulator/test/1.1.x-alpha.2/build_and_start.sh +++ b/near-rt-ric-simulator/test/1.1.x-alpha.2/build_and_start.sh @@ -18,16 +18,6 @@ # # Script to build and start the container -# Args: nonsecure|secure - -if [ $# -ne 1 ]; then - echo "Usage: ./build_and_start.sh nonsecure|secure" - exit 1 -fi -if [ "$1" != "nonsecure" ] && [ "$1" != "secure" ]; then - echo "Usage: ./build_and_start.sh nonsecure|secure" - exit 1 -fi echo "Building image" cd ../../ @@ -36,12 +26,7 @@ cd ../../ docker build -t a1test . echo "Starting $1 mode" -if [ $1 == "nonsecure" ]; then - #Run the container in interactive mode, unsecure port - docker run -it -p 8085:8085 -e A1_VERSION=1.1.x-alpha.2 -e REMOTE_HOSTS_LOGGING=1 a1test -else - #Run the container in interactive mode, secure port. - docker run -it -p 8185:8185 -e A1_VERSION=1.1.x-alpha.2 -e REMOTE_HOSTS_LOGGING=1 --read-only --volume "$PWD/certificate:/usr/src/app/cert" a1test -fi +#Run the container in interactive mode, unsecure port 8085, secure port 8185. +docker run -it -p 8085:8085 -p 8185:8185 -e A1_VERSION=1.1.x-alpha.2 -e REMOTE_HOSTS_LOGGING=1 --volume "$PWD/certificate:/usr/src/app/cert" a1test diff --git a/near-rt-ric-simulator/test/OSC_2.1.0/basic_test.sh b/near-rt-ric-simulator/test/OSC_2.1.0/basic_test.sh index 8d205f0..f77e347 100755 --- a/near-rt-ric-simulator/test/OSC_2.1.0/basic_test.sh +++ b/near-rt-ric-simulator/test/OSC_2.1.0/basic_test.sh @@ -47,7 +47,7 @@ RESULT="OK" do_curl GET / 200 echo "=== Check used and implemented interfaces ===" -RESULT="Current interface: OSC_2.1.0 All supported A1 interface yamls in this container: ['1.1.x-alpha.2', 'STD_1.1.3', 'OSC_2.1.0']" +RESULT="Current interface: OSC_2.1.0 All supported A1 interface yamls in this container: ['1.1.x-alpha.2', 'OSC_2.1.0', 'STD_1.1.3']" do_curl GET /container_interfaces 200 echo "=== Reset simulator instances ===" @@ -60,7 +60,7 @@ do_curl POST /deleteall 200 echo "=== API: Healthcheck ===" RESULT="" -do_curl get /a1-p/healthcheck 200 +do_curl GET /a1-p/healthcheck 200 echo "=== API: Get policy types, shall be empty array ==" RESULT="json:[]" diff --git a/near-rt-ric-simulator/test/OSC_2.1.0/build_and_start.sh b/near-rt-ric-simulator/test/OSC_2.1.0/build_and_start.sh index 89907d6..9537d30 100755 --- a/near-rt-ric-simulator/test/OSC_2.1.0/build_and_start.sh +++ b/near-rt-ric-simulator/test/OSC_2.1.0/build_and_start.sh @@ -18,16 +18,6 @@ # # Script to build and start the container -# Args: nonsecure|secure - -if [ $# -ne 1 ]; then - echo "Usage: ./build_and_start.sh nonsecure|secure" - exit 1 -fi -if [ "$1" != "nonsecure" ] && [ "$1" != "secure" ]; then - echo "Usage: ./build_and_start.sh nonsecure|secure" - exit 1 -fi echo "Building image" cd ../../ @@ -36,11 +26,6 @@ cd ../../ docker build -t a1test . echo "Starting $1 mode" -if [ $1 == "nonsecure" ]; then - #Run the container in interactive mode, unsecure port - docker run -it -p 8085:8085 -e A1_VERSION=OSC_2.1.0 -e REMOTE_HOSTS_LOGGING=1 a1test -else - #Run the container in interactive mode, secure port. - docker run -it -p 8185:8185 -e A1_VERSION=OSC_2.1.0 -e REMOTE_HOSTS_LOGGING=1 --read-only --volume "$PWD/certificate:/usr/src/app/cert" a1test -fi +#Run the container in interactive mode, unsecure port 8085, secure port 8185. +docker run -it -p 8085:8085 -p 8185:8185 -e A1_VERSION=OSC_2.1.0 -e REMOTE_HOSTS_LOGGING=1 --volume "$PWD/certificate:/usr/src/app/cert" a1test diff --git a/near-rt-ric-simulator/test/STD_1.1.3/basic_test.sh b/near-rt-ric-simulator/test/STD_1.1.3/basic_test.sh index 7dbe131..2b34cf3 100755 --- a/near-rt-ric-simulator/test/STD_1.1.3/basic_test.sh +++ b/near-rt-ric-simulator/test/STD_1.1.3/basic_test.sh @@ -48,7 +48,7 @@ RESULT="OK" do_curl GET / 200 echo "=== Check used and implemented interfaces ===" -RESULT="Current interface: STD_1.1.3 All supported A1 interface yamls in this container: ['1.1.x-alpha.2', 'STD_1.1.3', 'OSC_2.1.0']" +RESULT="Current interface: STD_1.1.3 All supported A1 interface yamls in this container: ['1.1.x-alpha.2', 'OSC_2.1.0', 'STD_1.1.3']" do_curl GET /container_interfaces 200 echo "=== Reset simulator instances ===" diff --git a/near-rt-ric-simulator/test/STD_1.1.3/build_and_start.sh b/near-rt-ric-simulator/test/STD_1.1.3/build_and_start.sh index 1dcacc4..0d48fbf 100755 --- a/near-rt-ric-simulator/test/STD_1.1.3/build_and_start.sh +++ b/near-rt-ric-simulator/test/STD_1.1.3/build_and_start.sh @@ -18,16 +18,6 @@ # # Script to build and start the container -# Args: nonsecure|secure - -if [ $# -ne 1 ]; then - echo "Usage: ./build_and_start.sh nonsecure|secure" - exit 1 -fi -if [ "$1" != "nonsecure" ] && [ "$1" != "secure" ]; then - echo "Usage: ./build_and_start.sh nonsecure|secure" - exit 1 -fi echo "Building image" cd ../../ @@ -35,11 +25,6 @@ cd ../../ #Build the image docker build -t a1test . -echo "Starting $1 mode" -if [ $1 == "nonsecure" ]; then - #Run the container in interactive mode, unsecure port - docker run -it -p 8085:8085 -e A1_VERSION=STD_1.1.3 -e REMOTE_HOSTS_LOGGING=1 a1test -else - #Run the container in interactive mode, secure port. - docker run -it -p 8185:8185 -e A1_VERSION=STD_1.1.3 -e REMOTE_HOSTS_LOGGING=1 --read-only --volume "$PWD/certificate:/usr/src/app/cert" a1test -fi \ No newline at end of file +echo "Starting ric-sim" +#Run the container in interactive mode, unsecure port 8085, secure port 8185 +docker run -it -p 8085:8085 -p 8185:8185 -e A1_VERSION=STD_1.1.3 -e REMOTE_HOSTS_LOGGING=1 --volume "$PWD/certificate:/usr/src/app/cert" a1test \ No newline at end of file -- 2.16.6