summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKrzysztof Gajewski <krzysztof.gajewski@nokia.com>2020-08-11 12:21:37 +0200
committerKrzysztof Gajewski <krzysztof.gajewski@nokia.com>2020-11-02 13:24:17 +0100
commit229b63be1ceb19dc39206147f1d992b6f75d1273 (patch)
tree6343a444212355970125e90a31d7cfb754103357
parent255147b2161873c6893b5a1b31e6657d10d67ad5 (diff)
Enable SO-Monitoring - use HTTPS and certInitializer
RTD Signed-off-by: Krzysztof Gajewski <krzysztof.gajewski@nokia.com> Issue-ID: SO-2920 Change-Id: I570f3effc2f58e261aa6433c9b4532df663c323a
-rw-r--r--docs/developer_info/Working_with_so_monitoring.rst118
-rw-r--r--docs/images/configmap.pngbin440254 -> 104117 bytes
-rw-r--r--docs/images/nodemap.pngbin48567 -> 30454 bytes
-rw-r--r--docs/images/nodeport.pngbin122080 -> 88806 bytes
-rw-r--r--docs/images/so-monitoring-config.pngbin0 -> 64690 bytes
-rw-r--r--docs/images/so-monitoring-password.pngbin0 -> 19960 bytes
-rw-r--r--docs/images/so-monitoring-secret.pngbin0 -> 27658 bytes
-rw-r--r--docs/images/so-monitorring-base64-password.pngbin0 -> 17378 bytes
-rw-r--r--docs/images/ui.pngbin47873 -> 22603 bytes
-rw-r--r--so-monitoring/so-monitoring-service/src/main/resources/application.yaml2
10 files changed, 93 insertions, 27 deletions
diff --git a/docs/developer_info/Working_with_so_monitoring.rst b/docs/developer_info/Working_with_so_monitoring.rst
index 18b6d948c0..697f2c0141 100644
--- a/docs/developer_info/Working_with_so_monitoring.rst
+++ b/docs/developer_info/Working_with_so_monitoring.rst
@@ -1,28 +1,24 @@
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2017 Huawei Technologies Co., Ltd.
+.. Modifications Copyright (c) 2020 Nokia
Working with SO Monitoring
==========================
-After the SO code is fully deployed, certain changes needs to be made in order to access the so-monitoring ui.
+Starting from Guilin release SO Monitoring uses https and NodePort service during communication with operator.
+Certificates used for communication are generated automatically using AAF and certInitializer, when SO Monitoring
+is deployed using OOM. For that reason, no additional tasks are needed in order to access the SO Monitoring ui,
+when the SO is fully deployed.
-1. Change the service type to NodePort
----------------------------------------
-
-By default, the type of the so monitoring service is ClusterIP, which makes the Service only reachable from within the cluster.
-This is changed to NodePort, which is used to expose the service at a static port . Hence we will be able to contact the NodePort Service, from outside the cluster, by requesting <NodeIP>:<NodePort>.
-
-Command used to get the service configuration of so monitoring is:
-
-**sudo kubectl edit svc so-monitoring -n onap**
+SO Monitoring contains also pre-installed certs which can be used in local development environment. **They are
+for development purpose only!**
-.. image:: ../images/nodeport.png
-
-2. Add the credentials to login
---------------------------------
+1. Credentials to login and initial setup
+---------------------------------------------
-The override.yaml needs to be added with the login credentials, that is the username and the password in encrypted form.
+Defalut credentials and certs of SO Monitoring, if you want to develop SO Monitoring out of ONAP cluster,
+are stored in the app. Credentials are as follows:
.. code-block:: bash
@@ -32,39 +28,109 @@ The override.yaml needs to be added with the login credentials, that is the user
security:
usercredentials:
-
- username: gui
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ username: demo
+ password: '$2a$10$ndkDhATUid4a3g0JJVRv2esX4rtB.vzCn7iBhKyR1qZ/wDdvNzjTS'
role: GUI-Client
-This override.yaml can be directly edited in case of local setup using docker.
+Username - demo. Password (**demo123456!**) is bcrypted.
+
-When deploying in any environment using OOM, then after deployment the configmap needs to be edited. As configmap is the one reading the override.yaml.
+This setup is overridden by the override.yaml file which is stored in the OOM project.
+Override.yaml file can be edited directly in case of local ONAP setup. This file is loaded into
+container through configmap.
-**Note** : Before deployment , if we add these changes in override.yaml ,then it may give parsing error in configmap while deployment. And after deployment the permissions on override.yaml don't allow us to edit it. So the best option is to edit the configmap using the below command and restart the pod.
+**Note** : If you want to change config stored in override.yaml on working deployment, you have to edit k8s
+configmap. Due to insufficient permissions it is not possible directly in the container. After that pod have
+to be restarted.
**kubectl -n onap edit configmap dev-so-monitoring-app-configmap**
.. image:: ../images/configmap.png
-Special care needs to be given to the indentation. spring needs to be inline with the mso already present and others added accordingly.
+Special care needs to be given to the indentation. Spring needs to be inline with the mso already present and others
+added accordingly.
+
+**Attention! The default setup of the OOM makes SO Monitoring password is being automatically generated during ONAP
+deployment and injected through k8s secret**
+
+
+2. Setup, retrieve and edit default SO Monitoring password
+----------------------------------------------------------
+
+Automatic generation of password for SO Monitoring during ONAP deployment can be overriden. In result, password
+can be set up manually. Such case requires to edit ONAP config file, template of which is stored in
+**oom/kubernetes/onap/values.yaml** file.
+
+.. image:: ../images/so-monitoring-config.png
+
+Following lines presented in fig. has to be uncommented.
+
+If customized file is used, following code has to be paste under the SO config (be aware of indentation):
+
+.. code-block:: bash
+
+ so:
+ ...
+ so-monitoring:
+ server:
+ monitoring:
+ password: demo123456!
+ ...
+
+Alternative way (**not recommended**) is to add password entry in the **oom/kubernetes/so/components/so-monitoring/values.yaml**
+
+.. code-block:: bash
+
+ ...
+ server:
+ monitoring:
+ password: demo123456!
+ ...
+
+To retrieve actual password for SO Monitoring on existing ONAP install, run the following command:
+
+**kubectl get secret -n onap dev-so-monitoring-app-user-creds -o json | jq -r .data.password | base64 --decode**
+
+.. image:: ../images/so-monitoring-password.png
+
+To change actual password on existing ONAP install, **dev-so-monitoring-app-user-creds** secret has to be modified.
+
+**kubectl edit secret -n onap dev-so-monitoring-app-user-creds**
+
+.. image:: ../images/so-monitoring-secret.png
+
+Edit password entry, which has to be given in base64 form. Base64 form of password can be obtained by running:
+
+**echo 'YOUR_PASSWORD' | base64**
+
+.. image:: ../images/so-monitorring-base64-password.png
+
+Once, password was edited, pod has to be restarted.
+
3. Login to SO Monitoring
-------------------------
-We need to first identify the external port which its mapped to using the following command :
+Identify the external port which is mapped to SO Monitoring using the following command. The default port is 30224 :
**sudo kubectl -n onap get svc | grep so-monitoring**
.. image:: ../images/nodemap.png
-Then access the UI of so monitoring , for example by http://<IP>:30224/
+Then access the UI of SO Monitoring, for example by https://<IP>:30224/
-username : gui,
-password: password1$
+.. image:: ../images/ui.png
+4. Hiding the SO Monitoring service (ClusterIP)
+---------------------------------------
-.. image:: ../images/ui.png
+The SO Monitoring service is set to the NodePort type. It is used to expose the service at a static port.
+Hence there is possibility to contact the NodePort Service, from outside cluster, by requesting <NodeIP>:<NodePort>.
+In order to make the service only reachable from within the cluster, ClusterIP service has to be set.
+Command used to edit the service configuration of SO Monitoring is:
+**sudo kubectl edit svc so-monitoring -n onap**
+.. image:: ../images/nodeport.png
diff --git a/docs/images/configmap.png b/docs/images/configmap.png
index 3683de3d57..c662e1f18a 100644
--- a/docs/images/configmap.png
+++ b/docs/images/configmap.png
Binary files differ
diff --git a/docs/images/nodemap.png b/docs/images/nodemap.png
index 8dfda6ca12..afe1ebffdd 100644
--- a/docs/images/nodemap.png
+++ b/docs/images/nodemap.png
Binary files differ
diff --git a/docs/images/nodeport.png b/docs/images/nodeport.png
index 53bc02f7f9..d44ea76cdf 100644
--- a/docs/images/nodeport.png
+++ b/docs/images/nodeport.png
Binary files differ
diff --git a/docs/images/so-monitoring-config.png b/docs/images/so-monitoring-config.png
new file mode 100644
index 0000000000..74c2aebf2b
--- /dev/null
+++ b/docs/images/so-monitoring-config.png
Binary files differ
diff --git a/docs/images/so-monitoring-password.png b/docs/images/so-monitoring-password.png
new file mode 100644
index 0000000000..89647c7686
--- /dev/null
+++ b/docs/images/so-monitoring-password.png
Binary files differ
diff --git a/docs/images/so-monitoring-secret.png b/docs/images/so-monitoring-secret.png
new file mode 100644
index 0000000000..cacf707eed
--- /dev/null
+++ b/docs/images/so-monitoring-secret.png
Binary files differ
diff --git a/docs/images/so-monitorring-base64-password.png b/docs/images/so-monitorring-base64-password.png
new file mode 100644
index 0000000000..e57db59783
--- /dev/null
+++ b/docs/images/so-monitorring-base64-password.png
Binary files differ
diff --git a/docs/images/ui.png b/docs/images/ui.png
index 1c075bab22..66382b6300 100644
--- a/docs/images/ui.png
+++ b/docs/images/ui.png
Binary files differ
diff --git a/so-monitoring/so-monitoring-service/src/main/resources/application.yaml b/so-monitoring/so-monitoring-service/src/main/resources/application.yaml
index ef0b6aa786..c57d79c75b 100644
--- a/so-monitoring/so-monitoring-service/src/main/resources/application.yaml
+++ b/so-monitoring/so-monitoring-service/src/main/resources/application.yaml
@@ -26,6 +26,6 @@ spring:
security:
usercredentials:
-
- username: gui
+ username: demo
password: '$2a$10$ndkDhATUid4a3g0JJVRv2esX4rtB.vzCn7iBhKyR1qZ/wDdvNzjTS'
role: GUI-Client