...
Wiki: https://labs.etsi.org/rep/groups/ocf/-/wikis/home
| Table of Contents |
|---|
| minLevel | 1 |
|---|
| maxLevel | 6 |
|---|
| outline | false |
|---|
| type | flat |
|---|
| separator | pipe |
|---|
| printable | true |
|---|
|
Openshift Helm Capif Installation
Unpack this helm.tar, and it will have modified scripts to install OCF on OpenShift.
Navigate to scripts folder
...
| Code Block |
|---|
helm $KUBECONFIG upgrade --install -n $CAPIF_NAMESPACE $CAPIF_NAME_VERSION_CHART $HELM_DIR/capif/ \
--set ocf-access-control-policy.image.repository=$CAPIF_DOCKER_REGISTRY/ocf-access-control-policy-api \
--set ocf-access-control-policy.image.tag=$CAPIF_IMAGE_TAG \
--set ocf-access-control-policy.image.env.capifHostname=$CAPIF_HOSTNAME \
--set ocf-access-control-policy.monitoring="true" \
--set ocf-access-control-policy.env.logLevel="DEBUG" \
--set ocf-api-invocation-logs.image.repository=$CAPIF_DOCKER_REGISTRY/ocf-logging-api-invocation-api \
--set ocf-api-invocation-logs.image.tag=$CAPIF_IMAGE_TAG \
--set ocf-api-invocation-logs.env.monitoring="true" \
--set ocf-api-invocation-logs.env.capifHostname=$CAPIF_HOSTNAME \
--set ocf-api-invocation-logs.env.vaultHostname=$VAULT_INTERNAL_HOSTNAME \
--set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \
--set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \
--set ocf-api-invocation-logs.env.logLevel="DEBUG" \
--set ocf-api-invoker-management.image.repository=$CAPIF_DOCKER_REGISTRY/ocf-api-invoker-management-api \
--set ocf-api-invoker-management.image.tag=$CAPIF_IMAGE_TAG \
--set ocf-api-invoker-management.env.monitoring="true" \
--set ocf-api-invoker-management.env.vaultHostname=$VAULT_INTERNAL_HOSTNAME \
--set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \
--set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \
--set ocf-api-invoker-management.env.logLevel="DEBUG" \
--set ocf-api-provider-management.image.repository=$CAPIF_DOCKER_REGISTRY/ocf-api-provider-management-api \
--set ocf-api-provider-management.image.tag=$CAPIF_IMAGE_TAG \
--set ocf-api-provider-management.env.monitoring="true" \
--set ocf-api-provider-management.env.vaultHostname=$VAULT_INTERNAL_HOSTNAME \
--set ocf-api-provider-management.env.logLevel="DEBUG" \
--set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \
--set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \
--set ocf-events.image.repository=$CAPIF_DOCKER_REGISTRY/ocf-events-api \
--set ocf-events.image.tag=$CAPIF_IMAGE_TAG \
--set ocf-events.env.monitoring="true" \
--set ocf-events.env.logLevel="DEBUG" \
--set ocf-routing-info.image.repository=$CAPIF_DOCKER_REGISTRY/ocf-routing-info-api \
--set ocf-routing-info.image.tag=$CAPIF_IMAGE_TAG \
--set ocf-routing-info.env.monitoring="true" \
--set ocf-routing-info.env.logLevel="DEBUG" \
--set ocf-security.image.repository=$CAPIF_DOCKER_REGISTRY/ocf-security-api \
--set ocf-security.image.tag=$CAPIF_IMAGE_TAG \
--set ocf-security.env.monitoring="true" \
--set ocf-security.env.capifHostname=$CAPIF_HOSTNAME \
--set ocf-security.env.vaultHostname=$VAULT_INTERNAL_HOSTNAME \
--set ocf-security.env.vaultPort=$VAULT_PORT \
--set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \
--set ocf-security.env.logLevel="DEBUG" \
--set ocf-register.image.repository=$CAPIF_DOCKER_REGISTRY/register \
--set ocf-register.image.tag=$CAPIF_IMAGE_TAG \
--set ocf-register.env.vaultHostname=$VAULT_INTERNAL_HOSTNAME \
--set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \
--set ocf-register.env.vaultPort=$VAULT_PORT \
--set ocf-register.env.mongoHost=mongo-register \
--set ocf-register.env.mongoPort=27017 \
--set ocf-register.env.capifHostname=$CAPIF_HOSTNAME \
--set ocf-register.ingress.enabled=true \
--set ocf-register.ingress.hosts[0].host=$REGISTER_HOSTNAME \
--set ocf-register.ingress.hosts[0].paths[0].path="/" \
--set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \
--set ocf-register.env.logLevel="DEBUG" \
--set ocf-register.extraConfigPod.hostAliases[0].hostnames[0]=$CAPIF_HOSTNAME \
--set ocf-register.extraConfigPod.hostAliases[0].ip=$K8S_IP \
--set ocf-auditing-api-logs.image.repository=$CAPIF_DOCKER_REGISTRY/ocf-auditing-api \
--set ocf-auditing-api-logs.image.tag=$CAPIF_IMAGE_TAG \
--set ocf-auditing-api-logs.env.monitoring="true" \
--set ocf-auditing-api-logs.env.logLevel="DEBUG" \
--set ocf-publish-service-api.image.repository=$CAPIF_DOCKER_REGISTRY/ocf-publish-service-api \
--set ocf-publish-service-api.image.tag=$CAPIF_IMAGE_TAG \
--set ocf-publish-service-api.env.monitoring="true" \
--set ocf-publish-service-api.env.logLevel="DEBUG" \
--set ocf-discover-service-api.image.repository=$CAPIF_DOCKER_REGISTRY/ocf-discover-service-api \
--set ocf-discover-service-api.image.tag=$CAPIF_IMAGE_TAG \
--set ocf-discover-service-api.env.monitoring="true" \
--set ocf-discover-service-api.env.logLevel="DEBUG" \
--set nginx.image.repository=$CAPIF_DOCKER_REGISTRY/nginx \
--set nginx.image.tag=$CAPIF_IMAGE_TAG \
--set nginx.env.capifHostname=$CAPIF_HOSTNAME \
--set nginx.env.vaultHostname=$VAULT_INTERNAL_HOSTNAME \
--set nginx.env.vaultPort=$VAULT_PORT \
--set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \
--set nginx.ingress.enabled=true \
--set nginx.ingress.hosts[0].host=$CAPIF_HOSTNAME \
--set nginx.ingress.hosts[0].paths[0].path="/" \
--set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \
--set nginx.nginx.env.capifHostname=$CAPIF_HOSTNAME \
--set ingress_ip.oneke="$INGRESS_IP" \
--set nginx.env.logLevel="debug" \
--set ocf-helper.image.repository=$CAPIF_DOCKER_REGISTRY/helper \
--set ocf-helper.image.tag=$CAPIF_IMAGE_TAG \
--set ocf-helper.env.vaultHostname=$VAULT_INTERNAL_HOSTNAME \
--set ocf-helper.env.vaultPort=$VAULT_PORT \
--set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \
--set ocf-helper.env.capifHostname=$CAPIF_HOSTNAME \
--set ocf-helper.env.logLevel="DEBUG" \
--wait --timeout=10m --create-namespace |
Manually Retrieve a Bearer Token
| Code Block |
|---|
#!/bin/bash
# Retrieve the REGISTER_IP
export REGISTER_IP=$(kubectl get svc -n ocf-capif register -o jsonpath='{.items[?(@.metadata.name=="register")].status.loadBalancer.ingress[0].ip}')
echo "REGISTER_IP: $REGISTER_IP"
############################################################
###################ADMIN LOGIN##############################
############################################################
# Log in and extract the Bearer token
LOGIN_RESPONSE=$(curl -s -k -X POST https://$REGISTER_IP:8084/login \
--header 'Authorization: Basic YWRtaW46cGFzc3dvcmQxMjM=')
BEARER_TOKEN=$(echo $LOGIN_RESPONSE | jq -r .access_token)
echo "Bearer Token: $BEARER_TOKEN"
############################################################
###################CREATE A USER############################
############################################################
# Create a new user
curl -s -k --location https://$REGISTER_IP:8084/createUser \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer $BEARER_TOKEN" \
--data-raw '{
"username": "custom_user",
"password": "user_pass",
"enterprise": "EST",
"country": "Ireland",
"email": "est@est.tech",
"purpose": "Use OpenCAPIF",
"phone_number": "+123456789",
"company_web": "www.est.com",
"description": "UserDescription"
}'
############################################################
###################GET AUTH#################################
############################################################
# Retrieve auth credentials for the newly created user
GET_AUTH_RESPONSE=$(curl -s -k --location https://$REGISTER_IP:8084/getauth \
--header 'Authorization: Basic Y3VzdG9tX3VzZXI6dXNlcl9wYXNz')
# Parse and set environment variables from the response
CA_ROOT=$(echo $GET_AUTH_RESPONSE | jq -r .ca_root)
ACCESS_TOKEN=$(echo $GET_AUTH_RESPONSE | jq -r .access_token)
ONBOARDING_URL=$(echo $GET_AUTH_RESPONSE | jq -r .ccf_api_onboarding_url)
PUBLISH_URL=$(echo $GET_AUTH_RESPONSE | jq -r .ccf_publish_url)
DISCOVER_URL=$(echo $GET_AUTH_RESPONSE | jq -r .ccf_discover_url)
SECURITY_URL=$(echo $GET_AUTH_RESPONSE | jq -r .ccf_security_url)
ONBOARDING_URL_INVOKER=$(echo $GET_AUTH_RESPONSE | jq -r .ccf_onboarding_url)
# Print extracted values
echo "CA_ROOT: $CA_ROOT"
echo "ACCESS_TOKEN: $ACCESS_TOKEN"
echo "ONBOARDING_URL: $ONBOARDING_URL"
echo "PUBLISH_URL: $PUBLISH_URL"
echo "DISCOVER_URL: $DISCOVER_URL"
echo "SECURITY_URL: $SECURITY_URL"
echo "ONBOARDING_URL_INVOKER: $ONBOARDING_URL_INVOKER"
# Save CA_ROOT to a file (manual extraction)
CA_CERT_PATH="./ca_cert.pem"
echo "$CA_ROOT" > $CA_CERT_PATH
echo "CA Root Certificate saved to $CA_CERT_PATH"
# Extract OpenSSL command for the CAPIF_HOSTNAME
CAPIF_HOSTNAME="127.0.0.1"
if [[ "$CAPIF_HOSTNAME" == *:* ]]; then
OPENSSL_COMMAND="openssl s_client -connect $CAPIF_HOSTNAME | openssl x509 -text > $CA_CERT_PATH"
else
OPENSSL_COMMAND="openssl s_client -connect $CAPIF_HOSTNAME:443 | openssl x509 -text > $CA_CERT_PATH"
fi
# Execute the OpenSSL command
echo "Executing OpenSSL command to fetch CA root certificate:"
eval $OPENSSL_COMMAND
echo "OpenSSL command executed. Certificate updated."
############################################################
###################ONBOARD PROVIDER#########################
############################################################
# Initial payload
EMPTY_PAYLOAD='{
"apiProvFuncs": [
{
"regInfo": {
"apiProvPubKey": ""
},
"apiProvFuncRole": "AEF",
"apiProvFuncInfo": "dummy_aef"
},
{
"regInfo": {
"apiProvPubKey": ""
},
"apiProvFuncRole": "APF",
"apiProvFuncInfo": "dummy_apf"
},
{
"regInfo": {
"apiProvPubKey": ""
},
"apiProvFuncRole": "AMF",
"apiProvFuncInfo": "dummy_amf"
}
],
"apiProvDomInfo": "This is provider",
"suppFeat": "fff",
"failReason": "string",
"regSec": "$ACCESS_TOKEN"
}'
# Extract the list of API Provider functions as an array
API_PROV_FUNCS=$(echo "$EMPTY_PAYLOAD" | jq -c '.apiProvFuncs[]')
# Initialize an updated functions array
UPDATED_FUNCS_JSON="[]"
# Iterate over each API Provider function
for FUNC in $API_PROV_FUNCS; do
ROLE=$(echo "$FUNC" | jq -r '.apiProvFuncRole')
FUNC_INFO=$(echo "$FUNC" | jq -r '.apiProvFuncInfo')
# Generate a private key and save it to a file
PRIVATE_KEY_FILE="${ROLE}_key.pem"
openssl genpkey -algorithm RSA -out "$PRIVATE_KEY_FILE" -pkeyopt rsa_keygen_bits:2048
# Generate a CSR using the private key
CSR_FILE="${ROLE}_csr.pem"
openssl req -new -key "$PRIVATE_KEY_FILE" -out "$CSR_FILE" -subj "/CN=${FUNC_INFO}/O=Provider/OU=${ROLE}"
# Read the CSR content
CSR=$(cat "$CSR_FILE" | base64 | tr -d '\n')
# Update the function's Public Key with the CSR content
UPDATED_FUNC=$(echo "$FUNC" | jq --arg csr "$CSR" '.regInfo.apiProvPubKey = $csr')
# Add the updated function to the array
UPDATED_FUNCS_JSON=$(echo "$UPDATED_FUNCS_JSON" | jq --argjson func "$UPDATED_FUNC" '. + [$func]')
done
# Create the final payload
FINAL_PAYLOAD=$(echo "$EMPTY_PAYLOAD" | jq --argjson funcs "$UPDATED_FUNCS_JSON" '.apiProvFuncs = $funcs')
# Print the final payload
echo "Final Payload: $FINAL_PAYLOAD"
# Retrieve the NGINX_IP
export NGINX_IP=$(kubectl get svc -n ocf-capif nginx -o jsonpath='{.items[?(@.metadata.name=="nginx")].status.loadBalancer.ingress[0].ip}')
echo "NGINX_IP: $NGINX_IP"
# Post the updated payload back (simulating Postman’s body update)
curl -s -k --location https://$NGINX_IP/api-provider-management/v1/registrations \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer $BEARER_TOKEN" \
--data "$FINAL_PAYLOAD"
|