scottk/wlan-testing
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-testing.git synced 2025-11-02 20:07:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

[WIFI-6851] Chg: owls workflow parameters (#381)

Browse Source 
Signed-off-by: Dmitry Dunaev <dmitry@opsfleet.com>
This commit is contained in:
Dmitry Dunaev
2022-03-04 21:39:06 +03:00
committed by GitHub
parent 5763156a6b
commit 31afb002df
5 changed files with 717 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

545
.github/workflows/uc_loadsim.yml vendored
View File

@@ -1,4 +1,5 @@
name: OpenWifi 2.0 load simulation
env:
# AWS credentials
AWS_EKS_NAME: tip-wlan-main
@@ -8,20 +9,28 @@ env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_CLIENT_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_CLIENT_KEY }}
on:
on:
workflow_dispatch:
inputs:
sdk_version:
default: 'main'
description: 'Version of Cloud SDK to test'
required: true
devices_count:
default: '25000'
description: 'Amount of devices to simulate'
required: true
simulation_lenght:
default: '360'
description: 'Simulation lenght in seconds'
required: true
defaults:
run:
shell: bash
jobs:
loadsim:
kubernetes:
runs-on: ubuntu-latest
steps:
- name: Checkout Testing repo
@@ -36,8 +45,8 @@ jobs:
id: namespace
run: |
NAMESPACE="ls-${{ github.run_number }}"
kubectl create ns $NAMESPACE
kubectl config set-context --current --namespace=$NAMESPACE
kubectl create ns openwifi-$NAMESPACE
kubectl config set-context --current --namespace=openwifi-$NAMESPACE
echo "::set-output name=namespace::${NAMESPACE}"
- name: Set gateway URL output
@@ -83,6 +92,7 @@ jobs:
export DEVICE_CERT_LOCATION=device-cert.pem
export DEVICE_KEY_LOCATION=device-key.pem
export OWSEC_NEW_PASSWORD=${{ secrets.OWSEC_NEW_PASSWORD }}
export USE_SEPARATE_OWGW_LB=true
./deploy.sh
- name: Checkout OWLS for CLI tool
@@ -100,20 +110,39 @@ jobs:
echo "OWGW - $OWGW"
echo "OWSEC - $OWSEC"
echo "OWLS - $OWLS"
echo "Trying to cache OWLS FQDN in /etc/hosts"
export HOST_ENTRY=""
until [ ! -z "$HOST_ENTRY" ]; do export HOST_ENTRY=$(getent hosts ${{ steps.ls.outputs.url }}); sleep 1; done;
cat /etc/hosts > /tmp/hosts
echo "$HOST_ENTRY" >> /tmp/hosts
sudo cp /tmp/hosts /etc/hosts
echo "DNS record for $OWLS resolved successfully!"
cat /etc/hosts
curl -s -X POST -H 'Content-Type: application/json' https://$OWSEC/api/v1/oauth2 -d '{"userId": "tip@ucentral.com", "password": "'${{ secrets.OWSEC_NEW_PASSWORD }}'"}' | jq '.access_token' -r > access_token
echo
echo "[Info] Creating simulation"
touch output_sim_info.json
cat > input_sim_info.json <<EOF
{
"name":"${{ steps.namespace.outputs.namespace }}",
"deviceType":"edgecore_ecw5410",
"devices":5,
"devices":${{ github.event.inputs.devices_count }},
"gateway":"https://$OWGW",
"macPrefix":"030000",
"simulationLength":600
"simulationLength":${{ github.event.inputs.simulation_lenght }}
}
EOF
curl -s -X POST https://$OWLS/api/v1/simulation -H "Content-Type: application/json" -H "Authorization: Bearer $(cat access_token)" -d @input_sim_info.json | tee output_sim_info.json
export SIMULATION_ID="null"
while [[ "$SIMULATION_ID" == "null" ]]; do
curl -k -s -X POST https://$OWLS/api/v1/simulation -H "Content-Type: application/json" -H "Authorization: Bearer $(cat access_token)" -d @input_sim_info.json > output_sim_info.json
cat output_sim_info.json | jq .
export SIMULATION_ID=$(cat output_sim_info.json | jq '.id' -r)
echo $SIMULATION_ID
done
echo
cat output_sim_info.json | jq .
echo
echo "[Info] Starting simulation"
export SIMULATION_ID=$(cat output_sim_info.json | jq '.id' -r)
@@ -155,3 +184,505 @@ jobs:
run: |
helm delete -n openwifi-${{ steps.namespace.outputs.namespace }} tip-openwifi || true
kubectl delete ns openwifi-"${{ steps.namespace.outputs.namespace }}" --wait=true
docker-compose:
needs: kubernetes
if: always()
runs-on: ubuntu-latest
steps:
- name: Checkout Testing repo
uses: actions/checkout@v2
with:
path: wlan-testing
- name: Get EKS access credentials
run: aws eks update-kubeconfig --name ${{ env.AWS_EKS_NAME }}
- name: Prepare namespace
id: namespace
run: |
NAMESPACE="dc-ls-${{ github.run_number }}"
kubectl create ns openwifi-$NAMESPACE
kubectl config set-context --current --namespace=openwifi-$NAMESPACE
echo "::set-output name=namespace::${NAMESPACE}"
- name: Set OWLS service URL output
id: owls
run: echo "::set-output name=url::owls-${{ steps.namespace.outputs.namespace }}.cicd.lab.wlan.tip.build"
- name: Set CloudSDK service URL output
id: cloudsdk
run: echo "::set-output name=url::cloudsdk-${{ steps.namespace.outputs.namespace }}.cicd.lab.wlan.tip.build"
- name: Prepare certificates from secrets
working-directory: wlan-testing/docker-compose/openwifi
run: |
echo "${{ secrets.DIGICERT_CERT }}" | base64 -d > websocket-cert.pem
echo "${{ secrets.DIGICERT_KEY }}" | base64 -d > websocket-key.pem
echo "${{ secrets.LOADSIM_DIGICERT_CERT }}" | base64 -d > device-cert.pem
echo "${{ secrets.LOADSIM_DIGICERT_KEY }}" | base64 -d > device-key.pem
- name: Create Kubernetes secret with certificates
working-directory: wlan-testing/docker-compose/openwifi
run: |
kubectl create secret generic tip-cicd-wildcard-certs --from-file=websocket-cert.pem=websocket-cert.pem --from-file=websocket-key.pem=websocket-key.pem -n openwifi-${{ steps.namespace.outputs.namespace }}
kubectl create secret generic tip-cicd-device-certs --from-file=device-cert.pem=device-cert.pem --from-file=device-key.pem=device-key.pem -n openwifi-${{ steps.namespace.outputs.namespace }}
- name: Deploy OWLS using Docker-compose
working-directory: wlan-testing/docker-compose/openwifi
env:
OWSEC_AUTHENTICATION_DEFAULT_USERNAME: ${{ secrets.UCENTRALGW_AUTH_USERNAME }}
OWSEC_AUTHENTICATION_DEFAULT_PASSWORD: ${{ secrets.UCENTRALGW_AUTH_PASSWORD }}
run: |
cat <<EOF | kubectl create -f - -n openwifi-${{ steps.namespace.outputs.namespace }}
apiVersion: v1
kind: Service
metadata:
name: owls
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
external-dns.alpha.kubernetes.io/hostname: ${{ steps.owls.outputs.url }}
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16001,16007,443"
labels:
app: owls
spec:
selector:
app: owls
type: LoadBalancer
ports:
- name: owsec-restapi
port: 16001
targetPort: 16001
protocol: TCP
- name: owsec-alivecheck
port: 16101
targetPort: 16101
- name: owls-restapi
port: 16007
targetPort: 16007
protocol: TCP
- name: owls-alivecheck
port: 16107
targetPort: 16107
- name: owls-ui-http
port: 80
targetPort: 80
protocol: TCP
- name: owls-ui-https
port: 443
targetPort: 443
---
apiVersion: v1
kind: Pod
metadata:
name: owls
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
labels:
app: owls
spec:
nodeSelector:
env: tests
tolerations:
- key: "tests"
operator: "Exists"
effect: "NoSchedule"
volumes:
- name: client-certs
emptyDir: {}
- name: deploy-repo
emptyDir: {}
- name: tip-cicd-device-certs
secret:
secretName: tip-cicd-device-certs
containers:
- name: docker-daemon
image: docker:dind
env:
- name: DOCKER_TLS_CERTDIR
value: "/certs"
securityContext:
privileged: true
resources:
requests:
cpu: 3000m
memory: 8000Mi
limits:
cpu: 3000m
memory: 8000Mi
volumeMounts:
- name: client-certs
mountPath: /certs/client
- name: deploy-repo
mountPath: /wlan-cloud-ucentral-deploy
- name: docker-compose-deployment
image: docker/compose:latest
command: ["/bin/sh", "-c"]
args: ["apk add git; wget https://raw.githubusercontent.com/Telecominfraproject/wlan-testing/feature/wifi-6851--owls-parameters/docker-compose/openwifi/deploy_owls.sh; chmod +x deploy_owls.sh; sh deploy_owls.sh"]
env:
- name: DOCKER_TLS_VERIFY
value: "true"
- name: DOCKER_HOST
value: "127.0.0.1:2376"
- name: DOCKER_CERT_PATH
value: "/certs/client"
- name: INTERNAL_OWSEC_HOSTNAME
value: "owsec.wlan.local"
- name: DEPLOY_VERSION
value: "${{ github.event.inputs.sdk_version }}"
- name: SYSTEM_URI_UI
value: "https://${{ steps.owls.outputs.url }}"
- name: DEFAULT_UCENTRALSEC_URL
value: "https://${{ steps.owls.outputs.url }}:16001"
- name: OWSEC_AUTHENTICATION_DEFAULT_USERNAME
value: "$OWSEC_AUTHENTICATION_DEFAULT_USERNAME"
- name: OWSEC_AUTHENTICATION_DEFAULT_PASSWORD
value: "$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD"
- name: OWSEC_SYSTEM_URI_PRIVATE
value: "https://owsec.wlan.local:17001"
- name: OWSEC_SYSTEM_URI_PUBLIC
value: "https://${{ steps.owls.outputs.url }}:16001"
- name: OWLS_SYSTEM_URI_PRIVATE
value: "https://owsec.wlan.local:17007"
- name: OWLS_SYSTEM_URI_PUBLIC
value: "https://${{ steps.owls.outputs.url }}:16007"
- name: DEVICE_CERT
value: "/tip-cicd-device-certs/device-cert.pem"
- name: DEVICE_KEY
value: "/tip-cicd-device-certs/device-key.pem"
volumeMounts:
- name: client-certs
mountPath: /certs/client
- name: deploy-repo
mountPath: /wlan-cloud-ucentral-deploy
- name: tip-cicd-device-certs
readOnly: true
mountPath: "/tip-cicd-device-certs"
EOF
- name: Deploy CloudSDK using Docker-compose
working-directory: wlan-testing/docker-compose/openwifi
env:
RTTY_TOKEN: ${{ secrets.RTTY_TOKEN }}
OWSEC_AUTHENTICATION_DEFAULT_USERNAME: ${{ secrets.UCENTRALGW_AUTH_USERNAME }}
OWSEC_AUTHENTICATION_DEFAULT_PASSWORD: ${{ secrets.UCENTRALGW_AUTH_PASSWORD }}
OWFMS_S3_SECRET: ${{ secrets.UCENTRALFMS_S3_SECRET }}
OWFMS_S3_KEY: ${{ secrets.UCENTRALFMS_S3_KEY }}
run: |
cat <<EOF | kubectl create -f - -n openwifi-${{ steps.namespace.outputs.namespace }}
apiVersion: v1
kind: Service
metadata:
name: cloudsdk
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
external-dns.alpha.kubernetes.io/hostname: ${{ steps.cloudsdk.outputs.url }}
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,443,16001,16004,16005,8443,5912,5913"
labels:
app: cloudsdk
spec:
selector:
app: cloudsdk
type: LoadBalancer
ports:
- name: owgw-websocket
port: 15002
targetPort: 15002
protocol: TCP
- name: owgw-restapi
port: 16002
targetPort: 16002
protocol: TCP
- name: owgw-alivecheck
port: 16102
targetPort: 16102
protocol: TCP
- name: owgw-fileupload
port: 16003
targetPort: 16003
protocol: TCP
- name: owgw-ui-http
port: 80
targetPort: 80
protocol: TCP
- name: owgw-ui-https
port: 443
targetPort: 443
- name: owsec-restapi
port: 16001
targetPort: 16001
protocol: TCP
- name: owsec-alivecheck
port: 16101
targetPort: 16101
- name: owfms-restapi
port: 16004
targetPort: 16004
protocol: TCP
- name: owfms-alivecheck
port: 16104
targetPort: 16104
- name: owprov-restapi
port: 16005
targetPort: 16005
protocol: TCP
- name: owprov-alivecheck
port: 16105
targetPort: 16105
- name: owprov-ui-http
port: 8080
targetPort: 8080
protocol: TCP
- name: owprov-ui-https
port: 8443
targetPort: 8443
- name: rttys-dev
port: 5912
targetPort: 5912
protocol: TCP
- name: rttys-user
port: 5913
targetPort: 5913
---
apiVersion: v1
kind: Pod
metadata:
name: cloudsdk
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
labels:
app: cloudsdk
spec:
nodeSelector:
env: tests
tolerations:
- key: "tests"
operator: "Exists"
effect: "NoSchedule"
volumes:
- name: client-certs
emptyDir: {}
- name: deploy-repo
emptyDir: {}
- name: tip-cicd-wildcard-certs
secret:
secretName: tip-cicd-wildcard-certs
containers:
- name: docker-daemon
image: docker:dind
env:
- name: DOCKER_TLS_CERTDIR
value: "/certs"
securityContext:
privileged: true
resources:
requests:
cpu: 2000m
memory: 3000Mi
limits:
cpu: 2000m
memory: 3000Mi
volumeMounts:
- name: client-certs
mountPath: /certs/client
- name: deploy-repo
mountPath: /wlan-cloud-ucentral-deploy
- name: docker-compose-deployment
image: docker/compose:latest
command: ["/bin/sh", "-c"]
args: ["apk add git; wget https://raw.githubusercontent.com/Telecominfraproject/wlan-testing/feature/wifi-6851--owls-parameters/docker-compose/openwifi/deploy.sh; chmod +x deploy.sh; sh deploy.sh"]
env:
- name: DOCKER_TLS_VERIFY
value: "true"
- name: DOCKER_HOST
value: "127.0.0.1:2376"
- name: DOCKER_CERT_PATH
value: "/certs/client"
- name: INTERNAL_OWGW_HOSTNAME
value: "owgw.wlan.local"
- name: INTERNAL_OWSEC_HOSTNAME
value: "owsec.wlan.local"
- name: INTERNAL_OWFMS_HOSTNAME
value: "owfms.wlan.local"
- name: INTERNAL_OWPROV_HOSTNAME
value: "owprov.wlan.local"
- name: DEPLOY_VERSION
value: "${{ github.event.inputs.sdk_version }}"
- name: SYSTEM_URI_UI
value: "https://${{ steps.cloudsdk.outputs.url }}"
- name: DEFAULT_UCENTRALSEC_URL
value: "https://${{ steps.cloudsdk.outputs.url }}:16001"
- name: RTTY_TOKEN
value: "$RTTY_TOKEN"
- name: OWGW_FILEUPLOADER_HOST_NAME
value: "${{ steps.cloudsdk.outputs.url }}"
- name: OWGW_FILEUPLOADER_URI
value: "https://${{ steps.cloudsdk.outputs.url }}:16003"
- name: OWGW_SYSTEM_URI_PRIVATE
value: "https://owgw.wlan.local:17002"
- name: OWGW_SYSTEM_URI_PUBLIC
value: "https://${{ steps.cloudsdk.outputs.url }}:16002"
- name: OWGW_RTTY_SERVER
value: "${{ steps.cloudsdk.outputs.url }}"
- name: OWSEC_AUTHENTICATION_DEFAULT_USERNAME
value: "$OWSEC_AUTHENTICATION_DEFAULT_USERNAME"
- name: OWSEC_AUTHENTICATION_DEFAULT_PASSWORD
value: "$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD"
- name: OWSEC_SYSTEM_URI_PRIVATE
value: "https://owsec.wlan.local:17001"
- name: OWSEC_SYSTEM_URI_PUBLIC
value: "https://${{ steps.cloudsdk.outputs.url }}:16001"
- name: OWFMS_SYSTEM_URI_PRIVATE
value: "https://owfms.wlan.local:17004"
- name: OWFMS_SYSTEM_URI_PUBLIC
value: "https://${{ steps.cloudsdk.outputs.url }}:16004"
- name: OWFMS_S3_SECRET
value: "$OWFMS_S3_SECRET"
- name: OWFMS_S3_KEY
value: "$OWFMS_S3_KEY"
- name: OWPROV_SYSTEM_URI_PRIVATE
value: "https://owprov.wlan.local:17005"
- name: OWPROV_SYSTEM_URI_PUBLIC
value: "https://${{ steps.cloudsdk.outputs.url }}:16005"
- name: WEBSOCKET_CERT
value: "/tip-cicd-wildcard-certs/websocket-cert.pem"
- name: WEBSOCKET_KEY
value: "/tip-cicd-wildcard-certs/websocket-key.pem"
- name: SIMULATORID
value: "53494D020202"
volumeMounts:
- name: client-certs
mountPath: /certs/client
- name: deploy-repo
mountPath: /wlan-cloud-ucentral-deploy
- name: tip-cicd-wildcard-certs
readOnly: true
mountPath: "/tip-cicd-wildcard-certs"
EOF
- name: Change password using clustersysteminfo image for OWLS deployment
env:
OWSEC: ${{ steps.owls.outputs.url }}:16001
OWSEC_DEFAULT_USERNAME: ${{ secrets.OWSEC_DEFAULT_USERNAME }}
OWSEC_DEFAULT_PASSWORD: ${{ secrets.OWSEC_DEFAULT_PASSWORD }}
OWSEC_NEW_PASSWORD: ${{ secrets.OWSEC_NEW_PASSWORD }}
run: |
docker run --rm \
-e OWSEC \
-e OWSEC_DEFAULT_USERNAME \
-e OWSEC_DEFAULT_PASSWORD \
-e OWSEC_NEW_PASSWORD \
-e ONLY_CHANGE_CREDENTIALS=true \
tip-tip-wlan-cloud-ucentral.jfrog.io/clustersysteminfo:main
- name: Change password and check if deployment is ready using clustersysteminfo image for CloudSDK deployment
env:
OWSEC: ${{ steps.cloudsdk.outputs.url }}:16001
OWSEC_DEFAULT_USERNAME: ${{ secrets.OWSEC_DEFAULT_USERNAME }}
OWSEC_DEFAULT_PASSWORD: ${{ secrets.OWSEC_DEFAULT_PASSWORD }}
OWSEC_NEW_PASSWORD: ${{ secrets.OWSEC_NEW_PASSWORD }}
run: |
docker run --rm \
-e OWSEC \
-e OWSEC_DEFAULT_USERNAME \
-e OWSEC_DEFAULT_PASSWORD \
-e OWSEC_NEW_PASSWORD \
tip-tip-wlan-cloud-ucentral.jfrog.io/clustersysteminfo:main
- name: Checkout OWLS for CLI tool
uses: actions/checkout@v2
with:
repository: Telecominfraproject/wlan-cloud-owls
path: wlan-cloud-owls
- name: Run simulation
working-directory: wlan-cloud-owls/test_scripts/curl
run: |
export OWGW="${{ steps.cloudsdk.outputs.url }}:15002"
export OWSEC="${{ steps.owls.outputs.url }}:16001"
export OWLS="${{ steps.owls.outputs.url }}:16007"
echo "OWGW - $OWGW"
echo "OWSEC - $OWSEC"
echo "OWLS - $OWLS"
echo "Trying to cache OWLS FQDN in /etc/hosts"
export HOST_ENTRY=""
until [ ! -z "$HOST_ENTRY" ]; do export HOST_ENTRY=$(getent hosts ${{ steps.ls.outputs.url }}); sleep 1; done;
cat /etc/hosts > /tmp/hosts
echo "$HOST_ENTRY" >> /tmp/hosts
sudo cp /tmp/hosts /etc/hosts
echo "DNS record for $OWLS resolved successfully!"
cat /etc/hosts
curl -s -X POST -H 'Content-Type: application/json' https://$OWSEC/api/v1/oauth2 -d '{"userId": "tip@ucentral.com", "password": "'${{ secrets.OWSEC_NEW_PASSWORD }}'"}' | jq '.access_token' -r > access_token
echo
echo "[Info] Creating simulation"
touch output_sim_info.json
cat > input_sim_info.json <<EOF
{
"name":"${{ steps.namespace.outputs.namespace }}",
"deviceType":"edgecore_ecw5410",
"devices":${{ github.event.inputs.devices_count }},
"gateway":"https://$OWGW",
"macPrefix":"030000",
"simulationLength":${{ github.event.inputs.simulation_lenght }}
}
EOF
export SIMULATION_ID="null"
while [[ "$SIMULATION_ID" == "null" ]]; do
curl -k -s -X POST https://$OWLS/api/v1/simulation -H "Content-Type: application/json" -H "Authorization: Bearer $(cat access_token)" -d @input_sim_info.json > output_sim_info.json
cat output_sim_info.json | jq .
export SIMULATION_ID=$(cat output_sim_info.json | jq '.id' -r)
echo $SIMULATION_ID
done
echo
cat output_sim_info.json | jq .
echo
echo "[Info] Starting simulation"
export SIMULATION_ID=$(cat output_sim_info.json | jq '.id' -r)
curl -s -X POST "https://$OWLS/api/v1/operation?simulationId=$SIMULATION_ID&operation=start" -H "Content-Type: application/json" -H "Authorization: Bearer $(cat access_token)" | tee output_sim_start.json | jq .
echo
echo "[Info] Waiting for simulation to end"
curl -s -X GET "https://$OWLS/api/v1/status" -H "Content-Type: application/json" -H "Authorization: Bearer $(cat access_token)" | tee output_sim_status.json | jq .
export SIM_STATE=$(cat output_sim_status.json | jq '.state' -r)
until [[ "$SIM_STATE" == "completed" ]]; do
sleep 10
curl -s -X GET "https://$OWLS/api/v1/status" -H "Content-Type: application/json" -H "Authorization: Bearer $(cat access_token)" > output_sim_status.json
export SIM_STATE=$(cat output_sim_status.json | jq '.state' -r)
done
echo
echo "[Info] Final results:"
cat output_sim_status.json | jq .
- name: Show resource state on deployment failure
if: failure()
run: |
kubectl get pods --namespace openwifi-${{ steps.namespace.outputs.namespace }}
kubectl get services --namespace openwifi-${{ steps.namespace.outputs.namespace }}
kubectl get persistentvolumeclaims --namespace openwifi-${{ steps.namespace.outputs.namespace }}
- name: Describe pods on deployment failure
if: failure()
run: |
kubectl describe pods --namespace openwifi-${{ steps.namespace.outputs.namespace }}
- name: Describe services on deployment failure
if: failure()
run: |
kubectl describe services --namespace openwifi-${{ steps.namespace.outputs.namespace }}
- name: Describe persistentvolumeclaims on deployment failure
if: failure()
run: |
kubectl describe persistentvolumeclaims --namespace openwifi-${{ steps.namespace.outputs.namespace }}
- name: Cleanup
if: always()
run: |
kubectl delete ns openwifi-"${{ steps.namespace.outputs.namespace }}" --wait=true

4
docker-compose/openwifi/deploy.sh
View File

@@ -98,6 +98,10 @@ sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owgw.env
sed -i "s~\(^RTTY_SERVER=\).*~\1$OWGW_RTTY_SERVER~" owgw.env
sed -i "s~.*RTTY_TOKEN=.*~RTTY_TOKEN=$RTTY_TOKEN~" owgw.env
if [[ ! -z "$SIMULATORID" ]]; then
sed -i "s~.*SIMULATORID=.*~SIMULATORID=$SIMULATORID~" owgw.env
fi
sed -i "s~\(^DEFAULT_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owgw-ui.env
sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env

74
docker-compose/openwifi/deploy_owls.sh Executable file
View File

@@ -0,0 +1,74 @@
#!/bin/bash
set -e
# Usage function
usage () {
echo;
echo "This script is intended for OpenWifi OWLS deployment using Docker Compose (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/docker-compose) in a Kubernetes pod";
echo;
echo "Required environment variables:"
echo;
echo "- DEPLOY_VERSION - version of the wlan-cloud-ucentral-deploy repo to be used";
echo;
echo "- DEFAULT_UCENTRALSEC_URL - public URL of the OWSec service"
echo "- SYSTEM_URI_UI - public URL of the OWGW-UI service"
echo;
echo "- INTERNAL_OWSEC_HOSTNAME - OWSec microservice hostname for Docker internal communication"
echo;
echo "- OWSEC_SYSTEM_URI_PRIVATE - private URL to be used for OWSec";
echo "- OWSEC_SYSTEM_URI_PUBLIC - public URL to be used for OWSec";
echo "- OWSEC_AUTHENTICATION_DEFAULT_USERNAME - username to be used for requests to OWSec";
echo "- OWSEC_AUTHENTICATION_DEFAULT_PASSWORD - hashed password for OWSec (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)";
echo;
echo "- OWLS_SYSTEM_URI_PRIVATE - private URL to be used for OWLS";
echo "- OWLS_SYSTEM_URI_PUBLIC - public URL to be used for OWLS";
echo;
echo "- DEVICE_CERT - path to the device certificate";
echo "- DEVICE_KEY - path to the device key";
}
# Check if required environment variables were passed
## Deployment specifics
[ -z ${DEPLOY_VERSION+x} ] && echo "DEPLOY_VERSION is unset" && usage && exit 1
## Configuration variables applying to multiple microservices
[ -z ${DEFAULT_UCENTRALSEC_URL+x} ] && echo "DEFAULT_UCENTRALSEC_URL is unset" && usage && exit 1
[ -z ${SYSTEM_URI_UI+x} ] && echo "SYSTEM_URI_UI is unset" && usage && exit 1
## Internal microservice hostnames
[ -z ${INTERNAL_OWSEC_HOSTNAME+x} ] && echo "INTERNAL_OWSEC_HOSTNAME is unset" && usage && exit 1
## OWSec configuration variables
[ -z ${OWSEC_AUTHENTICATION_DEFAULT_USERNAME+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_USERNAME is unset" && usage && exit 1
[ -z ${OWSEC_AUTHENTICATION_DEFAULT_PASSWORD+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_PASSWORD is unset" && usage && exit 1
[ -z ${OWSEC_SYSTEM_URI_PRIVATE+x} ] && echo "OWSEC_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
[ -z ${OWSEC_SYSTEM_URI_PUBLIC+x} ] && echo "OWSEC_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
# OWLS configuration variables
[ -z ${OWLS_SYSTEM_URI_PRIVATE+x} ] && echo "OWLS_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
[ -z ${OWLS_SYSTEM_URI_PUBLIC+x} ] && echo "OWLS_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
## cert related variables
[ -z ${DEVICE_CERT+x} ] && echo "DEVICE_CERT is unset" && usage && exit 1
[ -z ${DEVICE_KEY+x} ] && echo "DEVICE_KEY is unset" && usage && exit 1
# Clone repo and copy certificates
mkdir wlan-cloud-ucentral-deploy-tmp
git clone --branch $DEPLOY_VERSION https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git /wlan-cloud-ucentral-deploy-tmp
mv -f /wlan-cloud-ucentral-deploy-tmp/* /wlan-cloud-ucentral-deploy/ && rm -r wlan-cloud-ucentral-deploy-tmp
cd wlan-cloud-ucentral-deploy/docker-compose/owls
# Search and replace variable values in env files
sed -i "s~\(^INTERNAL_OWSEC_HOSTNAME=\).*~\1$INTERNAL_OWSEC_HOSTNAME~" .env
sed -i "s~\(^INTERNAL_OWLS_HOSTNAME=\).*~\1$INTERNAL_OWLS_HOSTNAME~" .env
sed -i "s~\(^DEFAULT_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owls-ui.env
sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env
sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWSEC_SYSTEM_URI_PRIVATE~" owsec.env
sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWSEC_SYSTEM_URI_PUBLIC~" owsec.env
sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owsec.env
sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWLS_SYSTEM_URI_PRIVATE~" owls.env
sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWLS_SYSTEM_URI_PUBLIC~" owls.env
# Run the deployment and attach to logs
cat $DEVICE_CERT > ../certs/device-cert.pem
cat $DEVICE_KEY > ../certs/device-key.pem
exec docker-compose up --attach-dependencies

14
helm/ucentral/deploy.sh
View File

@@ -36,6 +36,7 @@ usage () {
echo "- EXTRA_VALUES - extra values that should be passed to Helm deployment separated by comma (,)"
echo "- DEVICE_CERT_LOCATION - path to certificate in PEM format that will be used for load simulator";
echo "- DEVICE_KEY_LOCATION - path to private key in PEM format that will be used for load simulator";
echo "- USE_SEPARATE_OWGW_LB - flag that should change split external DNS for OWGW and other services"
}
# Global variables
@@ -137,6 +138,14 @@ for EXTRA_VALUE in ${EXTRA_VALUES_SPLITTED[*]}; do
EXTRA_VALUES_FLAGS+=("--set" $EXTRA_VALUE)
done
if [[ "$USE_SEPARATE_OWGW_LB" == "true" ]]; then
export HAPROXY_SERVICE_DNS_RECORDS="sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,rtty-${NAMESPACE}.cicd.lab.wlan.tip.build"
export OWGW_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build"
else
export HAPROXY_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build\,sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,rtty-${NAMESPACE}.cicd.lab.wlan.tip.build"
export OWGW_SERVICE_DNS_RECORDS=""
fi
# Run the deployment
helm upgrade --install --create-namespace --wait --timeout 60m \
--namespace openwifi-${NAMESPACE} \
@@ -179,12 +188,13 @@ helm upgrade --install --create-namespace --wait --timeout 60m \
--set clustersysteminfo.secret_env_variables.OWSEC_NEW_PASSWORD=${OWSEC_NEW_PASSWORD} \
--set owls.services.owls.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=ls-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owls.configProperties."openwifi\.system\.uri\.public"=https://ls-${NAMESPACE}.cicd.lab.wlan.tip.build:16007 \
--set owls.configProperties."openwifi\.system\.uri\.private"=https://ls-${NAMESPACE}.cicd.lab.wlan.tip.build:17007 \
--set owls.configProperties."openwifi\.system\.uri\.private"=https://owls-owls:17007 \
--set owls.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owlsui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=lsui-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owlsui.ingresses.default.hosts={lsui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
--set owlsui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
--set haproxy.service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"="gw-${NAMESPACE}.cicd.lab.wlan.tip.build\,sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,rtty-${NAMESPACE}.cicd.lab.wlan.tip.build" \
--set haproxy.service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$HAPROXY_SERVICE_DNS_RECORDS \
--set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$OWGW_SERVICE_DNS_RECORDS \
${EXTRA_VALUES_FLAGS[*]} \
--set-file owgw.certs."restapi-cert\.pem"=$CERT_LOCATION \
--set-file owgw.certs."restapi-key\.pem"=$KEY_LOCATION \

89
helm/ucentral/values.ucentral-qa.owls-enabled.yaml
View File

@@ -1,7 +1,26 @@
owgw:
services:
owgw:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002"
configProperties:
simulatorid: 53494D020202
resources:
requests:
cpu: 2000m
memory: 3000Mi
limits:
cpu: 2000m
memory: 3000Mi
owls:
enabled: true
services:
@@ -19,6 +38,27 @@ owls:
podAnnotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
resources:
requests:
cpu: 3000m
memory: 8000Mi
limits:
cpu: 3000m
memory: 8000Mi
checks:
owls:
liveness:
httpGet:
path: /
port: 16107
failureThreshold: 900
readiness:
httpGet:
path: /
port: 16107
failureThreshold: 900
certs:
restapi-ca.pem: |
-----BEGIN CERTIFICATE-----
@@ -44,6 +84,55 @@ owls:
5IOM7ItsRmen6u3qu+JXros54e4juQ==
-----END CERTIFICATE-----
public_env_variables:
SELFSIGNED_CERTS: "true"
configProperties:
openwifi.internal.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt
openwifi.internal.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt
openwifi.internal.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key
openwifi.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt
openwifi.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt
openwifi.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key
volumes:
owls:
- name: config
mountPath: /owls-data/owls.properties
subPath: owls.properties
# Template below will be rendered in template
volumeDefinition: |
secret:
secretName: {{ include "owls.fullname" . }}-config
- name: certs
mountPath: /owls-data/certs
volumeDefinition: |
secret:
secretName: {{ include "owls.fullname" . }}-certs
- name: certs-cas
mountPath: /owls-data/certs/cas
volumeDefinition: |
secret:
secretName: {{ include "owls.fullname" . }}-certs-cas
# Change this if you want to use another volume type
- name: persist
mountPath: /owls-data/persist
volumeDefinition: |
persistentVolumeClaim:
claimName: {{ template "owls.fullname" . }}-pvc
- name: restapi-certs
mountPath: /owls-data/certs/restapi-certs
volumeDefinition: |
secret:
secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
- name: restapi-ca
mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
subPath: ca.crt
volumeDefinition: |
secret:
secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
owlsui:
enabled: true