# mep_agent_lib
Agent lib for mep service regsitration API
+
+
+## Introduction
+
+MEP agent library and sample application is provide for quickly develop applications on MEP platform.
+Code is devided in 2 part.
+- SampleApp
+- Service registration pkg.
+- config file for setting application configuration
+- docker file , build and k8s yaml files
+
+* SampleApp
+ - sample application for service regsitration to MEP
+ - contains main function and call service registration function from provided pkg
+ - It has config file for setting application configuration
+
+* pkg for service registration
+ - pkg can be used to register developer applications to MEP.
+ - support http and https connection to MEP
+ - configuration can be enabled/disbaled in config files when start mep agent
+
+## Configuration
+mainly below configuration supported
+ - MEP GW details
+ - IP: IP of MEP Gateway
+ - HTTPS port: GW HTTPS proxy port
+ - HTTP port: GW HTTP proxy port
+ - App instance ID
+ - service registration sample data as per ETSI mp1 interface.
+
+## Usages
+Developer who develp applications for MEP, can leverage sample application and pkg freamework to support mp1 interface for service registration.
+In future this library can be extened to support all mp1 interface like discovery, service avaiibilty.
+MEP support mp1 interfaces as per ETSI compliant.
+
+* Steps
+ - configure MEP GW IP and port in path meagent/SampleApp/conf/app_instance_info.yaml
+ - based on deplyment mode(development/production) provide HTTP/HTTPS port
+ - kong API GW run as K8s service, check corresponding port and config accordingly
+ - Kong has admin and proxy port.
+ - use proxy port and configure
+ - Build go applicaion with below cmd:
+ - cd mepagent/SampleApp
+ - CGO_ENABLED=0 go build -a -ldflags '-extldflags "-static"' src/main/main.go
+ - Build docker and push to docker
+ - sudo ./docker-build.sh
+ - Deploy Application
+ - In mep-k8s.yaml
+ - enable/disable ssl which is env. variable in k8s yaml file
+ - APP_SSL_MODE "1" to enable ssl.
+ - By default app run in normal mode.
+ - generate k8s secret with ca.crt file which is root CA used by MEP.
+ - MEP provide cert-manager and vault to automate it. Plz refer corresponding document.
+
+
--- /dev/null
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#ssl_cipher configuration
+sslCiphers: >
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
---
appInstanceId: id12345
-mepServerIP: 192.168.0.101
-mepServerPORT: 30088
+mepGWIP: 159.138.22.15
+httpGWPORT: 30010
+httpsGWPORT: 30011
+mepGWROUTES: /mp1
serviceInfoPosts:
- serName: ExampleService
serInstanceId:
--- /dev/null
+#!/bin/sh
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+MEP_VERSION=latest
+docker build --no-cache -t ealtedge/mepagent:${MEP_VERSION} -f docker/Dockerfile .
go 1.14
require (
- github.com/agiledragon/gomonkey v2.0.1+incompatible
- github.com/khemendra0/mep_agent_lib v0.0.0-20200514200710-1e480711e278 // indirect
- github.com/khemendra0/mep_agent_lib_2 v0.0.0-20200515044354-e1f42901419d // indirect
- github.com/khemendra0/mep_agent_lib_3 v0.0.0-20200515181745-facda354cc2a // indirect
- github.com/khemendra0/mep_agent_lib_5 v0.0.0-20200515190552-685e7af625aa // indirect
- github.com/smartystreets/goconvey v1.6.4
- gopkg.in/yaml.v2 v2.2.8
+ gopkg.in/yaml.v2 v2.2.8 // indirect
)
+++ /dev/null
-github.com/agiledragon/gomonkey v2.0.1+incompatible h1:DIQT3ZshgGz9pTwBddRSZWDutIRPx2d7UzmjzgWo9q0=
-github.com/agiledragon/gomonkey v2.0.1+incompatible/go.mod h1:2NGfXu1a80LLr2cmWXGBDaHEjb1idR6+FVlX5T3D9hw=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
-github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/khemendra0/mep_agent_lib v0.0.0-20200514200710-1e480711e278 h1:OlJt5hf1vSwZDsL5Er+dq7gaZFWGsO9xEHPhDeUhj58=
-github.com/khemendra0/mep_agent_lib v0.0.0-20200514200710-1e480711e278/go.mod h1:R3E+++9kes5yTa/FOTigCbgESB89fxkV3fSNgaIZ+aw=
-github.com/khemendra0/mep_agent_lib v0.0.0-20200514203355-fdf3ccdf5332 h1:u5H6Sng3lcaFDHGkS9oCpKYj4vg0KkQem3DwLIRa+Uk=
-github.com/khemendra0/mep_agent_lib_2 v0.0.0-20200515044354-e1f42901419d h1:h4OImiHv7jng9JN7NENbHzMBZiqdKCyfOHrn8HB9lUo=
-github.com/khemendra0/mep_agent_lib_2 v0.0.0-20200515044354-e1f42901419d/go.mod h1:cLt2kf1jVHS7gmHMHSFzGtWlD5ac16rMfsObbkY2RlU=
-github.com/khemendra0/mep_agent_lib_3 v0.0.0-20200515181745-facda354cc2a h1:wvynPYD+6o9LMSkqFv4lDOseaOL91G50XTj4vdD4Ws8=
-github.com/khemendra0/mep_agent_lib_3 v0.0.0-20200515181745-facda354cc2a/go.mod h1:BFDUBKoOuzZLmkOLHUv3GODCPbgd6jhJNruFLganZJI=
-github.com/khemendra0/mep_agent_lib_4 v0.0.0-20200515185547-0c783f20e651 h1:wi75k+JXOA1K5H4s+GKIox6c0RPSfQ9VP7j2vJ2044M=
-github.com/khemendra0/mep_agent_lib_5 v0.0.0-20200515190552-685e7af625aa h1:aKmYnfBgLdJ+fKS3MHE0ig8UiJuTdMqohCaas8hN/r4=
-github.com/khemendra0/mep_agent_lib_5 v0.0.0-20200515190552-685e7af625aa/go.mod h1:Z90GKwOZ8xQuY9eLUKrgt5TvVBVQZbNRSzsbvbYCCmQ=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
-github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
# See the License for the specific language governing permissions and
# limitations under the License.
+
+# mep pod
---
-apiVersion: apps/v1
-kind: Deployment
+apiVersion: v1
+kind: Pod
metadata:
name: mepagent
namespace: mep
+ labels:
+ app: mepagent
spec:
- replicas: 1
- selector:
- matchLabels:
- app: mepagent
- template:
- metadata:
- labels:
- app: mepagent
- spec:
- containers:
- -
- image: "mepagent:latest"
- imagePullPolicy: IfNotPresent
- name: mepagent
- ports:
- -
- containerPort: 80
+ containers:
+ - image: ealtedge/mepagent:latest
+ imagePullPolicy: Always
+ name: mepagent-pod
+ env:
+ - name: CA_CERT_DOMAIN_NAME
+ value: "www.ealtedge.org"
+ - name: SSL_ROOT
+ value: "/etc/mepagent_ssl/trust.cer"
+ - name: APP_SSL_MODE
+ value: "0"
+ ports:
+ - containerPort: 80
+ #volumeMounts:
+ #- name: mepagentssl
+ #mountPath: "/etc/mepagent_ssl"
+ #readOnly: true
+ #volumes:
+ #- name: mepagentssl
+ #secret:
+ #secretName: mepagentssl-secret
import (
"github.com/akraino-edge-stack/ealt-edge/mep/mepagent/pkg/service"
+ "time"
)
func main() {
_, _ = service.SvcReg("./conf/app_instance_info.yaml")
+ Heart()
}
+
+func Heart() {
+ time.Sleep(time.Hour)
+}
+
--- /dev/null
+/*
+ * Copyright 2020 Huawei Technologies Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package model
+
+type AppConf struct {
+ SslCipherSuite string `yaml:"sslCiphers" json:"sslCiphers"`
+}
type AppInstanceInfo struct {
AppInstanceId string `yaml:"appInstanceId" json:"appInstanceId"`
- MepServerIP string `yaml:"mepServerIP" json:"mepServerIP"`
- MepServerPORT string `yaml:"mepServerPORT" json:"mepServerPORT"`
+ MepGWIP string `yaml:"mepGWIP" json:"mepGWIP"`
+ HttpGWPORT string `yaml:"httpGWPORT" json:"httpGWPORT"`
+ HttpsGWPORT string `yaml:"httpsGWPORT" json:"httpsGWPORT"`
+ MepGWROUTES string `yaml:"mepGWROUTES" json:"mepGWROUTES"`
ServiceInfoPosts []ServiceInfoPost `yaml:"serviceInfoPosts" json:"serviceInfoPosts"`
SerAvailabilityNotificationSubscriptions []SerAvailabilityNotificationSubscription `yaml:"serAvailabilityNotificationSubscriptions" json:"serAvailabilityNotificationSubscriptions"`
}
import (
"encoding/json"
"log"
+ "os"
"strconv"
"time"
)
func SvcReg(confPath string) (string, error) {
+ var urlProto string
+ var gwPORT string
+
conf, err := GetConf(confPath)
if err != nil {
log.Println(err.Error())
appInstanceId := conf.AppInstanceId
serviceInfos := conf.ServiceInfoPosts
- mepServerIP := conf.MepServerIP
- mepServerPORT := conf.MepServerPORT
- url := "http://" + mepServerIP + ":" + mepServerPORT + "/mep/mec_service_mgmt/v1/applications/" + appInstanceId + "/services"
+ gwRoutes := conf.MepGWROUTES
+ gwIP := conf.MepGWIP
+
+ sslMode := os.Getenv("APP_SSL_MODE")
+ //if ssl mode is enabled, then config tls
+ if sslMode == "0" {
+ gwPORT = conf.HttpGWPORT
+ urlProto = "http://"
+ } else {
+ gwPORT = conf.HttpsGWPORT
+ urlProto = "https://"
+ }
+
+ url := urlProto + gwIP + ":" + gwPORT + gwRoutes + "/mep/mec_service_mgmt/v1/applications/" + appInstanceId + "/services"
+ log.Println("Register url is" + url)
for _, serviceInfo := range serviceInfos {
data, e := json.Marshal(serviceInfo)
--- /dev/null
+/*
+ * Copyright 2020 Huawei Technologies Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package service
+
+import (
+ "crypto/tls"
+ "crypto/x509"
+ "errors"
+ "io/ioutil"
+ "log"
+ "net/http"
+ "os"
+ "strconv"
+ "strings"
+)
+
+// const
+var cipherSuiteMap = map[string]uint16{
+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+}
+
+// register to mep
+func RegisterToMep(param string, url string) (string, error) {
+ response, errPost := DoPost(param, url)
+ if errPost != nil {
+ log.Println("Failed to send request")
+ return "", errPost
+ }
+ defer response.Body.Close()
+
+ if response.StatusCode != http.StatusCreated {
+ return "", errors.New("request failed, status is " + strconv.Itoa(response.StatusCode))
+ }
+ body, err := ioutil.ReadAll(response.Body)
+ if err != nil {
+ log.Println("Failed to read response")
+ return "", err
+ }
+
+ return string(body), nil
+}
+
+func DoPost(param string, url string) (*http.Response, error) {
+ sslMode := os.Getenv("APP_SSL_MODE")
+
+ //if ssl mode is enabled, then config tls
+ if sslMode == "0" {
+ response, errPost := http.Post(url, "application/json", strings.NewReader(param))
+ if errPost != nil {
+ log.Println("Failed to create http request")
+ return nil, errPost
+ }
+ return response, nil
+ } else {
+ req, errReq := http.NewRequest("POST", url, strings.NewReader(param))
+ if errReq != nil {
+ log.Println("Failed to create https request")
+ return nil, errReq
+ }
+ response, errDo := DoRegister(req)
+ if errDo != nil {
+ log.Println("Failed to post https request %s", errDo)
+ return nil, errDo
+ }
+ return response, nil
+ }
+}
+
+func DoRegister(req *http.Request) (*http.Response, error) {
+ config, err := TlsConfig()
+ if err != nil {
+ log.Println("Failed to config HTTPS")
+ return nil, err
+ }
+
+ trans := &http.Transport{
+ TLSClientConfig: config,
+ }
+
+ client := &http.Client{Transport: trans}
+
+ return client.Do(req)
+}
+
+func TlsConfig() (*tls.Config, error) {
+ caCert, err := ioutil.ReadFile(os.Getenv("SSL_ROOT"))
+ if err != nil {
+ log.Println("Failed to read cert from file")
+ return nil, err
+ }
+
+ CACERT := x509.NewCertPool()
+ CACERT.AppendCertsFromPEM(caCert)
+
+ appconf, err1 := GetAppConf("./conf/app_info.yaml")
+ if err1 != nil {
+ log.Println("Failed to read cipher from file")
+ return nil, err1
+ }
+
+ cipherslist := appconf.SslCipherSuite
+ if cipherslist == "" {
+ log.Println("no cipher provided in conf")
+ return nil, err
+ }
+
+ ciphermap := getcipher(cipherslist)
+ if ciphermap == nil {
+ return nil, err
+ }
+
+ return &tls.Config{
+ RootCAs: CACERT,
+ ServerName: os.Getenv("CA_CERT_DOMAIN_NAME"),
+ CipherSuites: ciphermap,
+ MinVersion: tls.VersionTLS12,
+ }, nil
+}
+
+func getcipher(ciphers string) []uint16 {
+ ciphersmap := make([]uint16, 0)
+ cipherlist := strings.Split(ciphers, ",")
+ for _, ciphername := range cipherlist {
+ ciphernametrim := strings.TrimSpace(ciphername)
+ if len(ciphernametrim) == 0 {
+ continue
+ }
+
+ ciphervalue, ok := cipherSuiteMap[ciphernametrim]
+ if !ok {
+ log.Println("not recommended cipher")
+ return nil
+ }
+ ciphersmap = append(ciphersmap, ciphervalue)
+ }
+
+ if len(ciphersmap) <= 0 {
+ log.Println("no cipher in list")
+ return nil
+ }
+
+ return ciphersmap
+}
package service
import (
- "errors"
"gopkg.in/yaml.v2"
"io/ioutil"
- "net/http"
- "strings"
"github.com/akraino-edge-stack/ealt-edge/mep/mepagent/pkg/model"
)
return info, nil
}
-// register to mep
-func RegisterToMep(param string, url string) (string, error) {
- response, err := http.Post(url, "application/json", strings.NewReader(param))
+func GetAppConf(FilePath string) (model.AppConf, error) {
+ var AppInfo model.AppConf
+ yamlFile, err := ioutil.ReadFile(FilePath)
if err != nil {
- return "", err
+ return AppInfo, err
}
- if response.StatusCode != http.StatusCreated {
- return "", errors.New("created failed")
- }
- defer response.Body.Close()
- body, err2 := ioutil.ReadAll(response.Body)
- if err2 != nil {
- return "", err2
+ err1 := yaml.UnmarshalStrict(yamlFile, &AppInfo)
+ if err1 != nil {
+ return AppInfo, err
}
- return string(body), nil
+ return AppInfo, nil
+
}
kubectl create namespace mep
kubectl create secret --namespace mep generic mepssl-secret --from-file=server.cer --from-file=server_key.pem --from-file=trust.cer
kubectl create secret --namespace mep generic kongssl-secret --from-file=server.cer --from-file=server_key.pem --from-file=trust.cer
+kubectl create secret --namespace mep generic mepagentssl_secret --from-file=server.cer --from-file=server_key.pem --from-file=trust.cer
value: /dev/stdout
- name: KONG_PROXY_ERROR_LOG
value: /dev/stderr
+ #- name: KONG_SSL_CERT
+ #value: /run/kongssl/server.cer
+ #- name: KONG_SSL_CERT_KEY
+ #value: /run/kongssl/server_key.pem
ports:
- containerPort: 8000
name: proxy
- containerPort: 8444
name: admin-api-ssl
protocol: TCP
- volumeMounts:
- - name: kongssl
- mountPath: "/run/kongssl"
- readOnly: true
- volumes:
- - name: kongssl
- secret:
- secretName: kongssl-secret
+ #volumeMounts:
+ #- name: kongssl
+ #mountPath: "/run/kongssl"
+ #readOnly: true
+ #volumes:
+ #- name: kongssl
+ #secret:
+ #secretName: kongssl-secret
# kong service
ports:
- port: 8000
name: proxy
+ nodePort: 30010
- port: 8443
name: proxy-ssl
+ nodePort: 30011
- port: 8001
name: admin-api
+ nodePort: 30012
- port: 8444
name: admin-api-ssl
+ nodePort: 30013
value: "/etc/mepssl"
- name: MEP_SSL_MODE
value: "0"
- volumeMounts:
- - name: mepssl
- mountPath: "/etc/mepssl"
- readOnly: true
- volumes:
- - name: mepssl
- secret:
- secretName: mepssl-secret
+ #volumeMounts:
+ #- name: mepssl
+ #mountPath: "/etc/mepssl"
+ #readOnly: true
+ #volumes:
+ #- name: mepssl
+ #secret:
+ #secretName: mepssl-secret
# mep service
--- /dev/null
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# mep pod
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ name: mepagent
+ namespace: mep
+ labels:
+ app: mepagent
+spec:
+ containers:
+ - image: ealtedge/mepagent:latest
+ imagePullPolicy: Always
+ name: mepagent-pod
+ env:
+ - name: CA_CERT_DOMAIN_NAME
+ value: "www.ealtedge.org"
+ - name: SSL_ROOT
+ value: "/etc/mepagent_ssl/trust.cer"
+ - name: APP_SSL_MODE
+ value: "0"
+ ports:
+ - containerPort: 80
+ #volumeMounts:
+ #- name: mepagentssl
+ #mountPath: "/etc/mepagent_ssl"
+ #readOnly: true
+ #volumes:
+ #- name: mepagentssl
+ #secret:
+ #secretName: mepagentssl-secret
--- /dev/null
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+- name: copy deploy folder to mep node to install mepagent
+ copy:
+ src: deploy
+ dest: /tmp/mepagent/
+
+- name: Create mepagent-secret
+ shell:
+# yamllint disable rule:line-length
+ cmd: kubectl create secret --namespace mep generic mepagentssl-secret --from-file=/tmp/mepserver/deploy/server.cer --from-file=/tmp/mepserver/deploy/server_key.pem --from-file=/tmp/mepserver/deploy/trust.cer
+
+- name: Apply mepagent service
+ shell:
+ cmd: kubectl apply -f /tmp/mepagent/deploy/mepagent.yaml
--- /dev/null
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+- include: "install.yml"
+ when: operation == 'install'
--- /dev/null
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+- name: Uninstalling mepagent
+ shell:
+ cmd: echo "Reseting the mepagent"
+
+- name: Remove the Deployment of mepagent
+ shell:
+ cmd: kubectl delete namespace mep
+ ignore_errors: 'True'
+
+
+- name: Remove the Deployment of mepserver
+ shell:
+ cmd: kubectl delete -f /tmp/mepagent/deploy
+ ignore_errors: 'True'
value: /dev/stdout
- name: KONG_PROXY_ERROR_LOG
value: /dev/stderr
+ #- name: KONG_SSL_CERT
+ #value: /run/kongssl/server.cer
+ #- name: KONG_SSL_CERT_KEY
+ #value: /run/kongssl/server_key.pem
ports:
- containerPort: 8000
name: proxy
- containerPort: 8444
name: admin-api-ssl
protocol: TCP
- volumeMounts:
- - name: kongssl
- mountPath: "/run/kongssl"
- readOnly: true
- volumes:
- - name: kongssl
- secret:
- secretName: kongssl-secret
+ #volumeMounts:
+ #- name: kongssl
+ #mountPath: "/run/kongssl"
+ #readOnly: true
+ #volumes:
+ #- name: kongssl
+ #secret:
+ #secretName: kongssl-secret
# kong service
ports:
- port: 8000
name: proxy
+ nodePort: 30010
- port: 8443
name: proxy-ssl
+ nodePort: 30011
- port: 8001
name: admin-api
+ nodePort: 30012
- port: 8444
name: admin-api-ssl
+ nodePort: 30013
--- /dev/null
+#!/bin/bash
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Command to update Kong
+
+
+curl --location --request DELETE 'http://159.138.22.15:30012/routes/mp1'
+curl --location --request DELETE 'http://159.138.22.15:30012/services/http-mp1'
+curl --location --request POST 'http://159.138.22.15:30012/services' --header 'Content-Type: application/json' --data '{"url": "https://mep-service:8088","name": "http-mp1"}'
+curl --location --request POST 'http://159.138.22.15:30012/services/http-mp1/routes' --header 'Content-Type: application/json' --data '{"paths": ["/mp1"], "name": "mp1"}'
value: "/etc/mepssl"
- name: MEP_SSL_MODE
value: "0"
- volumeMounts:
- - name: mepssl
- mountPath: "/etc/mepssl"
- readOnly: true
- volumes:
- - name: mepssl
- secret:
- secretName: mepssl-secret
+ #volumeMounts:
+ #- name: mepssl
+ #mountPath: "/etc/mepssl"
+ #readOnly: true
+ #volumes:
+ #- name: mepssl
+ #secret:
+ #secretName: mepssl-secret
# mep service
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDBjCCAe4CCQCfViZd0MNOEDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
-VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
-cyBQdHkgTHRkMB4XDTIwMDUwOTE1MDczNFoXDTMwMDUwNzE1MDczNFowRTELMAkG
-A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
-IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-APAyHQYv9OUkzXF/jcSl24MxmzY8FGrTAv1HsY1I0IH/vzeig60CGAyvi/Za/rWq
-6vh2lR4mSHRJ7aB6gNrvhj/IHrJFtt6HDhIoG6WiJ0xZRjnkvYdgye2/Jc6ydJjQ
-F4nz17BbvyzkxdZtnd5aHhM5Fbkd/R5DPNyaNnCetUUehMH7I0vAew//kIu2PfQJ
-stvOzgdAtBuPz/D6Cq7EljkX+6ROZggDi2NRFKzMp2moajKdvPQFs1WTKg1at/+k
-zFAcAi68DxyxhdPEFpKU3uepccbh332cJ1/x1bVHlUSVwH9SNi8to9nLG/NrL2UY
-wrX/ZzrYL7IUHqu7zlVpUN8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA42ECvTd3
-ZsL5a1x5HKQiIuvjKYI6pfsU67vB3e+IiXC8KqYVTWLIWILUXDXYrmO68vQ4+ewz
-GKTPmL50x7y6EurX5qYJ/Znj4frBOkFIRlT17rwz+HDx/ZdaLmh4D3q0jkfsjSqi
-eEh2kHfiJMLEWwPLcTfTdqtnjITvPIVydj+T+ocCvgfXsriJq4TwXl8panJiQAS2
-15gs3aRtb6PEr8jvt+a1WfnBtpFscelr7BTGpQZvGPbIFx0Xw1O106dMbi1nxG5B
-xsWL8JAb5qlbxW+jQdSuz+O2vF/CGeGZLUqvJjHx+Ud6OBoBMBmf9tEprQxJeCRD
-OhHC7N5cztTIdQ==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,C02B29671A16FE3F
-
-oj2/2Q763tk6b6+A0H16+G7CEjnx6uWlKbf6N2GzcvQnJBd7n39Q2aImVM8syNCO
-2wyNL5LH/FZt8qBOAFMIX8wba+VRbDAZrVK3mVNLjHf5K2Pb4kQdvzwunGC9vjR3
-C4w8sVvs2Lo+zU3f/TpWNrN8B4AVx0jn+yPmyzMgJ+TgpvBOsinSWC96UBNOeabf
-ShwFtO7wrFDWjmgtBWlWYUn4DogFiahIfw/CVMzvsSAtpB03Ajb5boEWLtkfly+s
-EfajYn42/YeG5/ibzb7aQ5Ld/U5RFX36s4O3J3FGnHhsGIWNn0NUM4NfPBiKD9r8
-Wy9muK9n1MsaUPbn2Dn8tWjSZGVeNjeVCLQaEoIYRin8zhDlpco3fE2F+cKWOTce
-VV8ejCikB+bQeFnQCAeT0RNNhXgeRwSTotLKjmGYB2PiWsBdiBy1XM3Icw5nc6MF
-jx6zCN5VeQ0k2ZOkoNUn95C/3d6JfyGTOAbzRvfJAoLS1ZguwZFL3Ki27Q/pdkdl
-HAjJbS/l4CRXftn2IHSTS7OBtbnKeD0Ui19Iq50SLQEFfobKxdquio0vxIQCovkp
-ouiUH/93yETLyIkc1enYnwqpEnoEgYV+aQRbdVUMajNWDcsemI9sdHQR9xueAokU
-ksNK4+YejmcW3+DZva+haTaeG73RKRVVuVSczeQs5mEaCl4sKJANR/flfcZFtBBD
-LSj82oa8lc72c7a3w5P8qZIui91jEIjpnZPstUGv8Pc1MqnSMu4oyehYF1tkOVfR
-LdxZhzRGyYjkU1ki6GvRQ5+hd6cPV8AP46dxYyk5/tmdnY+cAMs+VpP4eK9CR6LD
-FkjwkHRxpSIvY2useQWCszCaEgIl6KwysWTPH4mAztH028/2jw1GgAe5xlBBYHlE
-uHbBP6h8VNLGWV1TADXpERYnudGAf3RA7/PU7JzeEebCVWuV21DhaU0KU8gNx+tO
-J/LHn95BtVEsuweeUyJh2G35sas50RxBi5UXy8MfG50QteUa7RPyGCkoxyo3wyts
-O2FKsPLpUsqKD73XL1BB1hiBeylB41r9zrQAK845V2M8lhWSe0yI96LDkphaDHWs
-G8C9q9zR5+aNdJK4tgDYA1MkIArmMDKoknQkJFGn1QbVnYTIXQZNIyfalhriW/0Z
-GPqPIeX8ejUU1Ev0s+0sTp/yVMMZzCInUQCcPMcFS7QDL3K3IsMw/2ucpp5thPSE
-IehioQf8gnDqaDD8qaOjAoZ+F5hthysAv7lDQEX/d/wr28g1PBZr5p78x4x5T3uE
-uLaGFmxIC1UdcKeOkCxUGXahqjaHuFeJI1eL8KHKi/b57Co1dHlfqx3pQJi74TlF
-AwkqC5s2VBa2fCXy7gfcE5wkrD2KpGcaOa37AiSocSMcYnF4RmWiZ2CHnebMuG5s
-hVDqXofamV4E0CpJHq9TRCAdR6qq6rTfQcT73Vmu7FvMXb3cT/F8aXfli2x157zw
-K2Xi2PsbBLDl6zODzZ2/EjShNnwPOTtx0m73kppa/RoW+56AlFG6q/7fH1tDkOqW
-fvVrZlJVFeDNp7sBEuoN+OhCiuKG9VajaQWpeUeCkua0kRzsKRs/oA==
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDBjCCAe4CCQCfViZd0MNOEDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
-VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
-cyBQdHkgTHRkMB4XDTIwMDUwOTE1MDczNFoXDTMwMDUwNzE1MDczNFowRTELMAkG
-A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
-IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-APAyHQYv9OUkzXF/jcSl24MxmzY8FGrTAv1HsY1I0IH/vzeig60CGAyvi/Za/rWq
-6vh2lR4mSHRJ7aB6gNrvhj/IHrJFtt6HDhIoG6WiJ0xZRjnkvYdgye2/Jc6ydJjQ
-F4nz17BbvyzkxdZtnd5aHhM5Fbkd/R5DPNyaNnCetUUehMH7I0vAew//kIu2PfQJ
-stvOzgdAtBuPz/D6Cq7EljkX+6ROZggDi2NRFKzMp2moajKdvPQFs1WTKg1at/+k
-zFAcAi68DxyxhdPEFpKU3uepccbh332cJ1/x1bVHlUSVwH9SNi8to9nLG/NrL2UY
-wrX/ZzrYL7IUHqu7zlVpUN8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA42ECvTd3
-ZsL5a1x5HKQiIuvjKYI6pfsU67vB3e+IiXC8KqYVTWLIWILUXDXYrmO68vQ4+ewz
-GKTPmL50x7y6EurX5qYJ/Znj4frBOkFIRlT17rwz+HDx/ZdaLmh4D3q0jkfsjSqi
-eEh2kHfiJMLEWwPLcTfTdqtnjITvPIVydj+T+ocCvgfXsriJq4TwXl8panJiQAS2
-15gs3aRtb6PEr8jvt+a1WfnBtpFscelr7BTGpQZvGPbIFx0Xw1O106dMbi1nxG5B
-xsWL8JAb5qlbxW+jQdSuz+O2vF/CGeGZLUqvJjHx+Ud6OBoBMBmf9tEprQxJeCRD
-OhHC7N5cztTIdQ==
------END CERTIFICATE-----
src: deploy
dest: /tmp/mepserver/
+- name: Generate Certificates
+ shell:
+# yamllint disable rule:line-length
+ cmd: openssl genrsa -out ca.key 2048
+ chdir: /tmp/mepserver/deploy/
+
+- name: Generate Certificate - Step 2
+ shell:
+ cmd: openssl req -new -key ca.key -subj /C=CN/ST=Peking/L=Beijing/O=ealtedge/CN=www.ealtedge.org -out ca.csr
+ chdir: /tmp/mepserver/deploy/
+
+- name: Generate Root Certificate
+ shell:
+ cmd: openssl x509 -req -days 365 -in ca.csr -extensions v3_req -signkey ca.key -out trust.cer
+ chdir: /tmp/mepserver/deploy/
+
+- name: Generate TLS certificate and TLS Key
+ shell:
+ cmd: openssl genrsa -out server_key.pem 2048
+ chdir: /tmp/mepserver/deploy/
+
+- name: Generate TLS Certificate and TLS Key
+ shell:
+ cmd: openssl req -new -key server_key.pem -subj /C=CN/ST=Beijing/L=Beijing/O=ealtedge/CN=www.ealtedge.org -out tls.csr
+ chdir: /tmp/mepserver/deploy/
+
+- name: Generate TLS Certificate and TLS Key
+ shell:
+ cmd: openssl x509 -req -in tls.csr -extensions v3_req -CA trust.cer -CAkey ca.key -CAcreateserial -out server.cer
+ chdir: /tmp/mepserver/deploy/
+
- name: Create mepssl-secret
shell:
# yamllint disable rule:line-length
- name: Apply postgres-k8s.yaml
shell:
cmd: kubectl apply -f /tmp/mepserver/deploy/postgres-k8s.yaml
+
+- name: -----Configuring Kong API Gateway-----
+ shell:
+ cmd: sleep 30
+
+- name: Configuring Kong API Gateway
+ shell:
+ cmd: chmod +x kongconfig.sh && ./kongconfig.sh
+ chdir: /tmp/mepserver/deploy/