Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configuration documentation #8

Open
alfonsoegio opened this issue Dec 12, 2018 · 19 comments
Open

Configuration documentation #8

alfonsoegio opened this issue Dec 12, 2018 · 19 comments

Comments

@alfonsoegio
Copy link
Member

Please, document all the configuration management / files to configure ports / IPs (specially the slice-manager API url); integration documentation with dashboard also.

@alfonsoegio alfonsoegio added this to the Interim Release cleanup milestone Dec 12, 2018
@ubiteixeira
Copy link
Contributor

@alfonsoegio I've added new information on the README and also added a dedicated README for the Gravitee located on gravitee/README.md

@alfonsoegio
Copy link
Member Author

Sorry, can you point me to the part of the documentation explaining how the Slice Manager base URL is configured? performing:
$ rgrep slave1
gravitee/data/Slice Manager API/api.json "target":"http://5gcityslave1.i2cat.net:8989/api/v0.1/",

@ubiteixeira
Copy link
Contributor

Since the import files deal with many configurations and Gravitee provides an intuitive UI, what we did was to provide documentation to help manage the APIs through Gravitee's UI, avoiding dealing directly with the JSONs.

https://github.com/5GCity/5GCity-AAA/blob/master/gravitee/README.md

However if you feel it's more productive to edit the JSON directly I can manage to describe some of its fields.

If the administrator needs to change some of the API configurations it can easily export the API overwriting the old configuration.

@alfonsoegio
Copy link
Member Author

machine still raises a "Management API unreachable or error occurs, please check logs" on port 80, it seems to try to access localhost:8083 instead of the url I configured in /etc/config.ini:

[gravitee]
username='admin'
password='admin'
base_url='http://5gcity-slave1.i2cat.net:8083/management'

@alfonsoegio
Copy link
Member Author

Also when trying to execute: python main.py gravitee --import_api "Slice Manager API"

I'm getting an error; maybe this has to do with performing the setup procedure many times, can you document how to stop / regenerate the containers, in order to get config changes properly applied?

@ubiteixeira
Copy link
Contributor

Please get the new version of the code and try again please. I refactored the configurations and added a function to validate your mmap counts which I believe it was the problem.

https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html

You can also check on the README the port mapping of each service. Now the Gravitee UI management will be placed on 8092 by default.

@alfonsoegio
Copy link
Member Author

Should I perform a python main.py docker --stop && docker --shutdown before? If that's the case, please document it also

@ubiteixeira
Copy link
Contributor

Yes please use the stop and shutdown commands before starting and importing both the API and Keycloak realm

@alfonsoegio
Copy link
Member Author

alfonsoegio commented Dec 18, 2018

After stopping and shutting down, executing "python main.py docker --start": and waiting for message "Admin console listening on http://127.0.0.1:9990" when running "python main.py keycloak --import_realm 5gcity" I'm obtaining the message:

docker: Error response from daemon: Conflict. The container name "/keycloak_exporter" is already in use by container "d8bea3bc5c32c5c512750bfb2e2f45452ffac6c71cbcc9c56a28b39cdcfa59a8". You have to remove (or rename) that container to be able to reuse that name.
See 'docker run --help'.

@ubiteixeira
Copy link
Contributor

This is because the keycloak exporter launches a new container by the name of keycloak_exporter which is still running. Please remove the container and try again the export. We're still working on a way to make this process cleaner.

@alfonsoegio
Copy link
Member Author

OK, now I've reached the point: python main.py gravitee --import_api "Slice Manager API"

runs without error messages but, accessing 8092 port on host machine still fails: "Management API unreachable or error occurs, please check logs" trying to connect to http://localhost:8083 error.

Maybe the error has to do with the fact that MGMT_API_URL is pointing to localhost in the compose-aaa.yml configuration and if that's the case it would be necessary to clarify which URLs on this configuration file correspond to internal management of services and which should be considered external (for example the ones that are going to be used by user's browser).

@alfonsoegio
Copy link
Member Author

If I change in compose-aaa.yml localhost:8083 for 5gcity-slave1.i2cat.net:8083 (to prevent the fact that my browser thinks that the 8083 service runs on my own machine) when performing "python main.py gravitee --import_api "Slice Manager API"" I'm getting an error:

Traceback (most recent call last):
  File "main.py", line 40, in <module>
    get_args()
  File "main.py", line 36, in get_args
    COMMANDS[command].execute(args)
  File "/home/ubuntu/5GCity/5GCity-AAA/commands/gravitee.py", line 21, in execute
    getattr(mcs, arg)(value)
  File "/home/ubuntu/5GCity/5GCity-AAA/commands/gravitee.py", line 31, in import_api
    g.import_api(args[0])
  File "/home/ubuntu/5GCity/5GCity-AAA/gravitee/gravitee.py", line 144, in import_api
    api_id = __api__()
  File "/home/ubuntu/5GCity/5GCity-AAA/gravitee/gravitee.py", line 116, in __api__
    return r.json()['id']
KeyError: 'id'

Seems that gravitee UI deployment does not work apart from being used from the same computer?

@ubiteixeira
Copy link
Contributor

Sorry for this. I included just know an error feedback regarding the gravitee commands and also an URL option so you can point the Management API you want to use, e.g.,

python main.py gravitee --import_api "Slice Manager API" --url "http://5gcity-slave1.i2cat.net:8083/management/"

@alfonsoegio
Copy link
Member Author

Hello again:

$ python main.py gravitee --import_api "Slice Manager API" --url "http://5gcity-slave1.i2cat.net:8083/management/"
Command error with code 400 and message {
  "message" : "The api context path [/slicemanagerapi/] already exists.",
  "http_status" : 400
}

@ubiteixeira
Copy link
Contributor

This means the API you are trying to add already exists in the target URL. The current implementation doesn't override or replace API configurations.

@alfonsoegio
Copy link
Member Author

OK, so everything is in place? Should I try now to deploy dashboard configuring API_BASE_URL and AUTH_SERVER_URL?

@alfonsoegio
Copy link
Member Author

Please confirm: in order to run the whole setup without https enabled; steps should be:

$ python main.py docker --stop
$ python main.py docker --shutdown
$ python main.py docker --start

.... wait to docker deployment ends and in another console

$ python main.py keycloak --import_realm master
Ctrl+C
$ python main.py keycloak --import_realm 5gcity
Ctl+C
$ python main.py gravitee --import_api "Slice Manager API"

getting this error again:

Command error with code 400 and message {
"message" : "The api context path [/slicemanagerapi/] already exists.",
"http_status" : 400
}

@ubiteixeira
Copy link
Contributor

Please pull the new version of the code. I've uploaded a new version of the shutdown which will completely remove the docker volumes and solve the 400 error.

In order to run the full setup that's the process. First shutdown running containers and then use the start command.

Wait until the docker deployment is over and then, in another terminal, import 5gcity and master realms (this import will disable the need of SSL) then import the Slice Manager API.

Have in mind that this process will deploy the solution locally.

@alfonsoegio
Copy link
Member Author

Now AAA deployment seems to work as expected ... last command:
$ python main.py gravitee --import_api "Slice Manager API"
did not throw any message; anyway ... accessing dashboard on 5000 port still redirects to:

http://5gcity-slave1.i2cat.net:8080/auth/realms/5gcity/protocol/openid-connect/auth?client_id=my_client&redirect_uri=http%3A%2F%2F5gcity-slave1.i2cat.net%3A5000%2F&state=b7c54630-de78-4e57-8183-564de9d3cea3&response_mode=fragment&response_type=code&scope=openid&nonce=59ba9d90-19be-4d45-a8bf-8f0123f9e614

with the "We're sorry https required" error message; maybe we can add documentation to both dashboard / AAA in order to explain how the TLS keys and certificates can be configured in order to have TLS support from the beginning and move on through this blocker.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants