diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/prepare_invoker.sh b/services/TS29222_CAPIF_API_Invoker_Management_API/prepare_invoker.sh index 971ce33796ff7b7ab830118c4e4534a436119a5a..0e2accbb5cae55f617d052f22b0de73a752f66a4 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/prepare_invoker.sh +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/prepare_invoker.sh @@ -1,18 +1,39 @@ #!/bin/bash - VAULT_ADDR="http://$VAULT_HOSTNAME:$VAULT_PORT" VAULT_TOKEN=$VAULT_ACCESS_TOKEN -curl -vv -k -retry 30 \ - --retry-all-errors \ - --connect-timeout 5 \ - --max-time 10 \ - --retry-delay 10 \ - --retry-max-time 300 \ - --header "X-Vault-Token: $VAULT_TOKEN" \ - --request GET "$VAULT_ADDR/v1/secret/data/server_cert/pub" 2>/dev/null | jq -r '.data.data.pub_key' -j > /usr/src/app/api_invoker_management/pubkey.pem +# Maximum number of retry attempts +MAX_RETRIES=30 +# Delay between retries (in seconds) +RETRY_DELAY=10 +# Attempt counter +ATTEMPT=0 + +while [ $ATTEMPT -lt $MAX_RETRIES ]; do + # Increment ATTEMPT using eval + eval "ATTEMPT=\$((ATTEMPT + 1))" + echo "Attempt $ATTEMPT of $MAX_RETRIES" + # Make the request to Vault and store the response in a variable + RESPONSE=$(curl -s -k --connect-timeout 5 --max-time 10 \ + --header "X-Vault-Token: $VAULT_TOKEN" \ + --request GET "$VAULT_ADDR/v1/secret/data/server_cert/pub" | jq -r '.data.data.pub_key') -gunicorn -k uvicorn.workers.UvicornH11Worker --bind 0.0.0.0:8080 \ + echo "$RESPONSE" + + # Check if the response is "null" or empty + if [ -n "$RESPONSE" ] && [ "$RESPONSE" != "null" ]; then + echo "$RESPONSE" > /usr/src/app/api_invoker_management/pubkey.pem + echo "Public key successfully saved." + gunicorn -k uvicorn.workers.UvicornH11Worker --bind 0.0.0.0:8080 \ --chdir /usr/src/app/api_invoker_management wsgi:app + exit 0 # Exit successfully + else + echo "Invalid response ('null' or empty), retrying in $RETRY_DELAY seconds..." + sleep $RETRY_DELAY + fi +done + +echo "Error: Failed to retrieve a valid response after $MAX_RETRIES attempts." +exit 1 # Exit with failure diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/prepare_provider.sh b/services/TS29222_CAPIF_API_Provider_Management_API/prepare_provider.sh index 27cd6183ab9b3cc7c28f67350c0662a8586971b9..edefb5829ae4eeeea723113ef63f4c49c78c3c20 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/prepare_provider.sh +++ b/services/TS29222_CAPIF_API_Provider_Management_API/prepare_provider.sh @@ -3,15 +3,37 @@ VAULT_ADDR="http://$VAULT_HOSTNAME:$VAULT_PORT" VAULT_TOKEN=$VAULT_ACCESS_TOKEN -curl -vv -k -retry 30 \ - --retry-all-errors \ - --connect-timeout 5 \ - --max-time 10 \ - --retry-delay 10 \ - --retry-max-time 300 \ - --header "X-Vault-Token: $VAULT_TOKEN" \ - --request GET "$VAULT_ADDR/v1/secret/data/server_cert/pub" 2>/dev/null | jq -r '.data.data.pub_key' -j > /usr/src/app/api_provider_management/pubkey.pem +# Maximum number of retry attempts +MAX_RETRIES=30 +# Delay between retries (in seconds) +RETRY_DELAY=10 +# Attempt counter +ATTEMPT=0 -gunicorn -k uvicorn.workers.UvicornH11Worker --bind 0.0.0.0:8080 \ +while [ $ATTEMPT -lt $MAX_RETRIES ]; do + # Increment ATTEMPT using eval + eval "ATTEMPT=\$((ATTEMPT + 1))" + echo "Attempt $ATTEMPT of $MAX_RETRIES" + + # Make the request to Vault and store the response in a variable + RESPONSE=$(curl -s -k --connect-timeout 5 --max-time 10 \ + --header "X-Vault-Token: $VAULT_TOKEN" \ + --request GET "$VAULT_ADDR/v1/secret/data/server_cert/pub" | jq -r '.data.data.pub_key') + + echo "$RESPONSE" + + # Check if the response is "null" or empty + if [ -n "$RESPONSE" ] && [ "$RESPONSE" != "null" ]; then + echo "$RESPONSE" > /usr/src/app/api_provider_management/pubkey.pem + echo "Public key successfully saved." + gunicorn -k uvicorn.workers.UvicornH11Worker --bind 0.0.0.0:8080 \ --chdir /usr/src/app/api_provider_management wsgi:app + exit 0 # Exit successfully + else + echo "Invalid response ('null' or empty), retrying in $RETRY_DELAY seconds..." + sleep $RETRY_DELAY + fi +done +echo "Error: Failed to retrieve a valid response after $MAX_RETRIES attempts." +exit 1 # Exit with failure diff --git a/services/TS29222_CAPIF_Security_API/prepare_security.sh b/services/TS29222_CAPIF_Security_API/prepare_security.sh index 86f10f24716dafa0d0f873cc40953f037fcdf9d7..3bfb15589788d0de5ab5fbd2bd3aef472322b95a 100644 --- a/services/TS29222_CAPIF_Security_API/prepare_security.sh +++ b/services/TS29222_CAPIF_Security_API/prepare_security.sh @@ -3,17 +3,37 @@ VAULT_ADDR="http://$VAULT_HOSTNAME:$VAULT_PORT" VAULT_TOKEN=$VAULT_ACCESS_TOKEN +# Maximum number of retry attempts +MAX_RETRIES=30 +# Delay between retries (in seconds) +RETRY_DELAY=10 +# Attempt counter +ATTEMPT=0 +while [ $ATTEMPT -lt $MAX_RETRIES ]; do + # Increment ATTEMPT using eval + eval "ATTEMPT=\$((ATTEMPT + 1))" + echo "Attempt $ATTEMPT of $MAX_RETRIES" -curl -k -retry 30 \ - --retry-all-errors \ - --connect-timeout 5 \ - --max-time 10 \ - --retry-delay 10 \ - --retry-max-time 300 \ - --header "X-Vault-Token: $VAULT_TOKEN" \ - --request GET "$VAULT_ADDR/v1/secret/data/server_cert/private" 2>/dev/null | jq -r '.data.data.key' -j > /usr/src/app/capif_security/server.key + # Make the request to Vault and store the response in a variable + RESPONSE=$(curl -s -k --connect-timeout 5 --max-time 10 \ + --header "X-Vault-Token: $VAULT_TOKEN" \ + --request GET "$VAULT_ADDR/v1/secret/data/server_cert/private" | jq -r '.data.data.key') + echo "$RESPONSE" -gunicorn -k uvicorn.workers.UvicornH11Worker --bind 0.0.0.0:8080 \ - --chdir /usr/src/app/capif_security wsgi:app \ No newline at end of file + # Check if the response is "null" or empty + if [ -n "$RESPONSE" ] && [ "$RESPONSE" != "null" ]; then + echo "$RESPONSE" > /usr/src/app/capif_security/server.key + echo "Public key successfully saved." + gunicorn -k uvicorn.workers.UvicornH11Worker --bind 0.0.0.0:8080 \ + --chdir /usr/src/app/capif_security wsgi:app + exit 0 # Exit successfully + else + echo "Invalid response ('null' or empty), retrying in $RETRY_DELAY seconds..." + sleep $RETRY_DELAY + fi +done + +echo "Error: Failed to retrieve a valid response after $MAX_RETRIES attempts." +exit 1 # Exit with failure diff --git a/services/check_services_are_running.sh b/services/check_services_are_running.sh index b7e7a7a18a21ea2803bd84687a6026801fd73ba7..a278793bea92a896381c62de626d5edc8d3140f0 100755 --- a/services/check_services_are_running.sh +++ b/services/check_services_are_running.sh @@ -1,11 +1,11 @@ #!/bin/bash +source $(dirname "$(readlink -f "$0")")/variables.sh + export CAPIF_PRIV_KEY= export CAPIF_PRIV_KEY_BASE_64= -export MONITORING= -export LOG_LEVEL=DEBUG -running="$(LOG_LEVEL=$LOG_LEVEL docker compose -f docker-compose-vault.yml ps --services --all --filter "status=running")" -services="$(LOG_LEVEL=$LOG_LEVEL docker compose -f docker-compose-vault.yml ps --services --all)" +running="$(REGISTRY_BASE_URL=$REGISTRY_BASE_URL OCF_VERSION=$OCF_VERSION CAPIF_HOSTNAME=$CAPIF_HOSTNAME docker compose -f docker-compose-vault.yml ps --services --all --filter "status=running")" +services="$(REGISTRY_BASE_URL=$REGISTRY_BASE_URL OCF_VERSION=$OCF_VERSION CAPIF_HOSTNAME=$CAPIF_HOSTNAME docker compose -f docker-compose-vault.yml ps --services --all)" if [ "$running" != "$services" ]; then echo "Following Vault services are not running:" # Bash specific @@ -15,8 +15,8 @@ else echo "All Vault services are running" fi -running="$(LOG_LEVEL=$LOG_LEVEL docker compose -f docker-compose-capif.yml ps --services --all --filter "status=running")" -services="$(LOG_LEVEL=$LOG_LEVEL docker compose -f docker-compose-capif.yml ps --services --all)" +running="$(REGISTRY_BASE_URL=$REGISTRY_BASE_URL SERVICES_DIR=$SERVICES_DIR OCF_VERSION=$OCF_VERSION CAPIF_HOSTNAME=$CAPIF_HOSTNAME MONITORING=$MONITORING_STATE LOG_LEVEL=$LOG_LEVEL docker compose -f docker-compose-capif.yml ps --services --all --filter "status=running")" +services="$(REGISTRY_BASE_URL=$REGISTRY_BASE_URL SERVICES_DIR=$SERVICES_DIR OCF_VERSION=$OCF_VERSION CAPIF_HOSTNAME=$CAPIF_HOSTNAME MONITORING=$MONITORING_STATE LOG_LEVEL=$LOG_LEVEL docker compose -f docker-compose-capif.yml ps --services --all)" if [ "$running" != "$services" ]; then echo "Following CCF services are not running:" # Bash specific @@ -26,8 +26,8 @@ else echo "All CCF services are running" fi -running="$(LOG_LEVEL=$LOG_LEVEL docker compose -f docker-compose-register.yml ps --services --all --filter "status=running")" -services="$(LOG_LEVEL=$LOG_LEVEL docker compose -f docker-compose-register.yml ps --services --all)" +running="$(REGISTRY_BASE_URL=$REGISTRY_BASE_URL SERVICES_DIR=$SERVICES_DIR OCF_VERSION=$OCF_VERSION CAPIF_PRIV_KEY=$CAPIF_PRIV_KEY_BASE_64 LOG_LEVEL=$LOG_LEVEL docker compose -f docker-compose-register.yml ps --services --all --filter "status=running")" +services="$(REGISTRY_BASE_URL=$REGISTRY_BASE_URL SERVICES_DIR=$SERVICES_DIR OCF_VERSION=$OCF_VERSION CAPIF_PRIV_KEY=$CAPIF_PRIV_KEY_BASE_64 LOG_LEVEL=$LOG_LEVEL docker compose -f docker-compose-register.yml ps --services --all)" if [ "$running" != "$services" ]; then echo "Following Register services are not running:" # Bash specific diff --git a/services/clean_capif_docker_services.sh b/services/clean_capif_docker_services.sh index b547fdb7361d4f043e16c7e0d6b7de9379f82b88..171bc55f2c31575c003e431a2319b438709cdb94 100755 --- a/services/clean_capif_docker_services.sh +++ b/services/clean_capif_docker_services.sh @@ -1,10 +1,5 @@ #!/bin/bash - -# Directories variables setup (no modification needed) -export SERVICES_DIR=$(dirname "$(readlink -f "$0")") -export CAPIF_BASE_DIR=$(dirname "$SERVICES_DIR") -# Path to the register config.yaml file -REGISTER_CONFIG_FILE="$SERVICES_DIR/register/config.yaml" +source $(dirname "$(readlink -f "$0")")/variables.sh help() { echo "Usage: $1 " @@ -14,6 +9,7 @@ help() { echo " -m : Clean monitoring service" echo " -s : Clean Robot Mock service" echo " -a : Clean all services" + echo " -z : Clean images generated by docker-compose. Boolean. Default false" echo " -h : show this help" exit 1 } @@ -28,7 +24,7 @@ FILES=() echo "${FILES[@]}" # Read params -while getopts "cvrahms" opt; do +while getopts "cvrahmsz:" opt; do case $opt in c) echo "Remove Capif services" @@ -54,6 +50,10 @@ while getopts "cvrahms" opt; do echo "Remove all services" FILES=("$SERVICES_DIR/docker-compose-capif.yml" "$SERVICES_DIR/docker-compose-vault.yml" "$SERVICES_DIR/docker-compose-register.yml" "$SERVICES_DIR/docker-compose-mock-server.yml" "$SERVICES_DIR//monitoring/docker-compose.yml") ;; + z) + echo "Remove images generated by docker-compose" + REMOVE_IMAGES=$OPTARG + ;; h) help ;; @@ -72,9 +72,19 @@ done echo "after check" echo "${FILES[@]}" +echo "Remove images set to $REMOVE_IMAGES" +if [ $REMOVE_IMAGES == "true" ] ; then + echo "Removing images generated by docker-compose" + REMOVE_IMAGES="--rmi all" +else + echo "Not removing images generated by docker-compose" + REMOVE_IMAGES="" +fi + + for FILE in "${FILES[@]}"; do echo "Executing 'docker compose down' for file $FILE" - CAPIF_PRIV_KEY=$CAPIF_PRIV_KEY_BASE_64 DUID=$DUID DGID=$DGID MONITORING=$MONITORING_STATE LOG_LEVEL=$LOG_LEVEL docker compose -f "$FILE" down --rmi all + REGISTRY_BASE_URL=$REGISTRY_BASE_URL SERVICES_DIR=$SERVICES_DIR OCF_VERSION=$OCF_VERSION CAPIF_PRIV_KEY=$CAPIF_PRIV_KEY_BASE_64 DUID=$DUID DGID=$DGID MONITORING=$MONITORING_STATE LOG_LEVEL=$LOG_LEVEL docker compose -f "$FILE" down $REMOVE_IMAGES status=$? if [ $status -eq 0 ]; then echo "*** Removed Service from $FILE ***" @@ -83,6 +93,8 @@ for FILE in "${FILES[@]}"; do fi done +# Path to the register config.yaml file +REGISTER_CONFIG_FILE="$SERVICES_DIR/register/config.yaml" # Check if the backup config.yaml file exists before restoring if [ -f "$REGISTER_CONFIG_FILE.bak" ]; then git update-index --no-assume-unchanged "$REGISTER_CONFIG_FILE.bak" diff --git a/services/clean_mock_server.sh b/services/clean_mock_server.sh index 157e39afdcc45888244966b137ab6b8eace842d7..31b654125ea6f24187d84a165a37b1515c6708ca 100755 --- a/services/clean_mock_server.sh +++ b/services/clean_mock_server.sh @@ -1,8 +1,7 @@ #!/bin/bash +source $(dirname "$(readlink -f "$0")")/variables.sh # Directories variables setup (no modification needed) -export SERVICES_DIR=$(dirname "$(readlink -f "$0")") - FILE="$SERVICES_DIR/docker-compose-mock-server.yml" echo "Executing 'docker compose down' for file $FILE" diff --git a/services/create_users.sh b/services/create_users.sh index d285bd1e1c3b5f7013ea9f835e0c433b4f6cc048..c740deb8c9e53c54353d515f9e81b3c847392a94 100755 --- a/services/create_users.sh +++ b/services/create_users.sh @@ -1,4 +1,5 @@ #!/bin/bash +source $(dirname "$(readlink -f "$0")")/variables.sh # User to create TOTAL_USERS=1 @@ -58,30 +59,6 @@ then exit -1 fi -# Other Stuff -DOCKER_ROBOT_IMAGE=labs.etsi.org:5050/ocf/capif/robot-tests-image -DOCKER_ROBOT_IMAGE_VERSION=1.0 -cd .. -REPOSITORY_BASE_FOLDER=${PWD} -TEST_FOLDER=$REPOSITORY_BASE_FOLDER/tests -RESULT_FOLDER=$REPOSITORY_BASE_FOLDER/results -ROBOT_DOCKER_FILE_FOLDER=$REPOSITORY_BASE_FOLDER/tools/robot - -# nginx Hostname and http port (80 by default) to reach for tests -CAPIF_REGISTER=capifcore -CAPIF_REGISTER_PORT=8084 -CAPIF_HOSTNAME=capifcore -CAPIF_HTTP_PORT=8080 -CAPIF_HTTPS_PORT=443 - -# VAULT access configuration -CAPIF_VAULT=vault -CAPIF_VAULT_PORT=8200 -CAPIF_VAULT_TOKEN=read-ca-token - -# Mock Server -MOCK_SERVER_URL=http://mock-server:9100 -NOTIFICATION_DESTINATION_URL=$MOCK_SERVER_URL PLATFORM=$(uname -m) if [ "x86_64" == "$PLATFORM" ]; then @@ -131,11 +108,13 @@ fi mkdir -p $RESULT_FOLDER -docker run -ti --rm --network="host" \ +docker run $DOCKER_ROBOT_TTY_OPTIONS --rm --network="host" \ --add-host host.docker.internal:host-gateway \ --add-host vault:host-gateway \ --add-host register:host-gateway \ --add-host mock-server:host-gateway \ + --add-host $CAPIF_HOSTNAME:host-gateway \ + --add-host $CAPIF_REGISTER:host-gateway \ -v $TEST_FOLDER:/opt/robot-tests/tests \ -v $RESULT_FOLDER:/opt/robot-tests/results ${DOCKER_ROBOT_IMAGE}:${DOCKER_ROBOT_IMAGE_VERSION} \ --variable CAPIF_HOSTNAME:$CAPIF_HOSTNAME \ diff --git a/services/docker-compose-capif.yml b/services/docker-compose-capif.yml index 037d5f3524b28a9f14a66211096ed63a03027efa..8ed11c38c5446df5773f389da98ad80bca5d41f9 100644 --- a/services/docker-compose-capif.yml +++ b/services/docker-compose-capif.yml @@ -5,21 +5,21 @@ services: ports: - "6379:6379" volumes: - - $PWD/redis-data:/var/lib/redis - - $PWD/redis.conf:/usr/local/etc/redis/redis.conf + - ${SERVICES_DIR}/redis-data:/var/lib/redis + - ${SERVICES_DIR}/redis.conf:/usr/local/etc/redis/redis.conf environment: - REDIS_REPLICATION_MODE=master helper: build: - context: ./helper + context: ${SERVICES_DIR}/helper expose: - "8080" container_name: helper restart: unless-stopped volumes: - - ./helper:/usr/src/app + - ${SERVICES_DIR}/helper/config.yaml:/usr/src/app/config.yaml extra_hosts: - host.docker.internal:host-gateway - fluent-bit:host-gateway @@ -32,17 +32,17 @@ services: - VAULT_ACCESS_TOKEN=dev-only-token - VAULT_PORT=8200 - LOG_LEVEL=${LOG_LEVEL} - image: labs.etsi.org:5050/ocf/capif/helper:v2.x.x-release + image: ${REGISTRY_BASE_URL}/helper:${OCF_VERSION} depends_on: - nginx access-control-policy: build: - context: ./TS29222_CAPIF_Access_Control_Policy_API + context: ${SERVICES_DIR}/TS29222_CAPIF_Access_Control_Policy_API expose: - "8080" - volumes: - - ./TS29222_CAPIF_Access_Control_Policy_API:/usr/src/app + # volumes: + # - ${SERVICES_DIR}/TS29222_CAPIF_Access_Control_Policy_API:/usr/src/app extra_hosts: - host.docker.internal:host-gateway - fluent-bit:host-gateway @@ -53,18 +53,19 @@ services: - MONITORING=${MONITORING} - LOG_LEVEL=${LOG_LEVEL} restart: unless-stopped - image: labs.etsi.org:5050/ocf/capif/access-control-policy:v2.x.x-release + image: ${REGISTRY_BASE_URL}/ocf-access-control-policy-api:${OCF_VERSION} depends_on: - redis - nginx api-invoker-management: build: - context: ./TS29222_CAPIF_API_Invoker_Management_API + context: ${SERVICES_DIR}/TS29222_CAPIF_API_Invoker_Management_API expose: - "8080" volumes: - - ./TS29222_CAPIF_API_Invoker_Management_API:/usr/src/app + - ${SERVICES_DIR}/TS29222_CAPIF_API_Invoker_Management_API/config.yaml:/usr/src/app/config.yaml + - ${SERVICES_DIR}/TS29222_CAPIF_API_Invoker_Management_API/prepare_invoker.sh:/usr/src/app/prepare_invoker.sh extra_hosts: - host.docker.internal:host-gateway - fluent-bit:host-gateway @@ -79,24 +80,25 @@ services: - VAULT_PORT=8200 - LOG_LEVEL=${LOG_LEVEL} restart: unless-stopped - image: labs.etsi.org:5050/ocf/capif/api-invoker-management-api:v2.x.x-release + image: ${REGISTRY_BASE_URL}/ocf-api-invoker-management-api:${OCF_VERSION} depends_on: - redis - nginx api-provider-management: build: - context: ./TS29222_CAPIF_API_Provider_Management_API + context: ${SERVICES_DIR}/TS29222_CAPIF_API_Provider_Management_API expose: - "8080" volumes: - - ./TS29222_CAPIF_API_Provider_Management_API:/usr/src/app + - ${SERVICES_DIR}/TS29222_CAPIF_API_Provider_Management_API/config.yaml:/usr/src/app/config.yaml + - ${SERVICES_DIR}/TS29222_CAPIF_API_Provider_Management_API/prepare_provider.sh:/usr/src/app/prepare_provider.sh extra_hosts: - host.docker.internal:host-gateway - fluent-bit:host-gateway - otel-collector:host-gateway - vault:host-gateway - image: labs.etsi.org:5050/ocf/capif/api-provider-management-api:v2.x.x-release + image: ${REGISTRY_BASE_URL}/ocf-api-provider-management-api:${OCF_VERSION} environment: - CAPIF_HOSTNAME=${CAPIF_HOSTNAME} - CONTAINER_NAME=api-provider-management @@ -111,17 +113,17 @@ services: logs: build: - context: ./TS29222_CAPIF_Auditing_API + context: ${SERVICES_DIR}/TS29222_CAPIF_Auditing_API expose: - "8080" volumes: - - ./TS29222_CAPIF_Auditing_API:/usr/src/app + - ${SERVICES_DIR}/TS29222_CAPIF_Auditing_API/config.yaml:/usr/src/app/config.yaml extra_hosts: - host.docker.internal:host-gateway - fluent-bit:host-gateway - otel-collector:host-gateway restart: unless-stopped - image: labs.etsi.org:5050/ocf/capif/auditing-api:v2.x.x-release + image: ${REGISTRY_BASE_URL}/ocf-auditing-api:${OCF_VERSION} environment: - CAPIF_HOSTNAME=${CAPIF_HOSTNAME} - CONTAINER_NAME=api-auditing @@ -132,17 +134,17 @@ services: service-apis: build: - context: ./TS29222_CAPIF_Discover_Service_API + context: ${SERVICES_DIR}/TS29222_CAPIF_Discover_Service_API expose: - "8080" volumes: - - ./TS29222_CAPIF_Discover_Service_API:/usr/src/app + - ${SERVICES_DIR}/TS29222_CAPIF_Discover_Service_API/config.yaml:/usr/src/app/config.yaml restart: unless-stopped extra_hosts: - host.docker.internal:host-gateway - fluent-bit:host-gateway - otel-collector:host-gateway - image: labs.etsi.org:5050/ocf/capif/discover-service-api:v2.x.x-release + image: ${REGISTRY_BASE_URL}/ocf-discover-service-api:${OCF_VERSION} environment: - CAPIF_HOSTNAME=${CAPIF_HOSTNAME} - CONTAINER_NAME=services-apis @@ -153,12 +155,12 @@ services: capif-events: build: - context: ./TS29222_CAPIF_Events_API + context: ${SERVICES_DIR}/TS29222_CAPIF_Events_API expose: - "8080" volumes: - - ./TS29222_CAPIF_Events_API:/usr/src/app - image: labs.etsi.org:5050/ocf/capif/events-api:v2.x.x-release + - ${SERVICES_DIR}/TS29222_CAPIF_Events_API/config.yaml:/usr/src/app/config.yaml + image: ${REGISTRY_BASE_URL}/ocf-events-api:${OCF_VERSION} environment: - CAPIF_HOSTNAME=${CAPIF_HOSTNAME} - CONTAINER_NAME=api-events @@ -175,13 +177,13 @@ services: api-invocation-logs: build: - context: ./TS29222_CAPIF_Logging_API_Invocation_API + context: ${SERVICES_DIR}/TS29222_CAPIF_Logging_API_Invocation_API expose: - "8080" volumes: - - ./TS29222_CAPIF_Logging_API_Invocation_API:/usr/src/app + - ${SERVICES_DIR}/TS29222_CAPIF_Logging_API_Invocation_API/config.yaml:/usr/src/app/config.yaml restart: unless-stopped - image: labs.etsi.org:5050/ocf/capif/api-invocation-logs-api:v2.x.x-release + image: ${REGISTRY_BASE_URL}/ocf-logging-api-invocation-api:${OCF_VERSION} extra_hosts: - host.docker.internal:host-gateway - fluent-bit:host-gateway @@ -196,13 +198,13 @@ services: published-apis: build: - context: ./TS29222_CAPIF_Publish_Service_API + context: ${SERVICES_DIR}/TS29222_CAPIF_Publish_Service_API expose: - "8080" volumes: - - ./TS29222_CAPIF_Publish_Service_API:/usr/src/app + - ${SERVICES_DIR}/TS29222_CAPIF_Publish_Service_API/config.yaml:/usr/src/app/config.yaml restart: unless-stopped - image: labs.etsi.org:5050/ocf/capif/publish-service-api:v2.x.x-release + image: ${REGISTRY_BASE_URL}/ocf-publish-service-api:${OCF_VERSION} extra_hosts: - host.docker.internal:host-gateway - fluent-bit:host-gateway @@ -218,20 +220,21 @@ services: capif-routing-info: build: - context: ./TS29222_CAPIF_Routing_Info_API + context: ${SERVICES_DIR}/TS29222_CAPIF_Routing_Info_API expose: - "8080" - image: labs.etsi.org:5050/ocf/capif/routing-info-api:v2.x.x-release + image: ${REGISTRY_BASE_URL}/ocf-routing-info-api:${OCF_VERSION} capif-security: build: - context: ./TS29222_CAPIF_Security_API + context: ${SERVICES_DIR}/TS29222_CAPIF_Security_API expose: - "8080" volumes: - - ./TS29222_CAPIF_Security_API:/usr/src/app + - ${SERVICES_DIR}/TS29222_CAPIF_Security_API/config.yaml:/usr/src/app/config.yaml + - ${SERVICES_DIR}/TS29222_CAPIF_Security_API/prepare_security.sh:/usr/src/app/prepare_security.sh restart: unless-stopped - image: labs.etsi.org:5050/ocf/capif/security-api:v2.x.x-release + image: ${REGISTRY_BASE_URL}/ocf-security-api:${OCF_VERSION} environment: - CAPIF_HOSTNAME=${CAPIF_HOSTNAME} - CONTAINER_NAME=api-security @@ -278,11 +281,11 @@ services: nginx: build: - context: ./nginx + context: ${SERVICES_DIR}/nginx ports: - "8080:8080" - "443:443" - image: labs.etsi.org:5050/ocf/capif/nginx:v2.x.x-release + image: ${REGISTRY_BASE_URL}/nginx:${OCF_VERSION} environment: - CAPIF_HOSTNAME=${CAPIF_HOSTNAME} - VAULT_HOSTNAME=vault @@ -291,7 +294,8 @@ services: - LOG_LEVEL=${LOG_LEVEL} hostname: ${CAPIF_HOSTNAME} volumes: - - ./nginx/certs:/etc/nginx/certs + - ${SERVICES_DIR}/nginx/certs:/etc/nginx/certs + - ${SERVICES_DIR}/nginx/nginx_prepare.sh:/nginx_prepare.sh extra_hosts: - host.docker.internal:host-gateway - vault:host-gateway diff --git a/services/docker-compose-mock-server.yml b/services/docker-compose-mock-server.yml index d769505c6b202843691aa29d2fe432a7dc9300b7..851f9f28a7b35c2200a5eb480409c9d9dda2a4e7 100644 --- a/services/docker-compose-mock-server.yml +++ b/services/docker-compose-mock-server.yml @@ -1,17 +1,17 @@ services: mock-server: build: - context: ./mock_server + context: ${SERVICES_DIR}/mock_server ports: - 9100:9100 volumes: - - ./mock_server:/usr/src/app + - ${SERVICES_DIR}/mock_server:/usr/src/app extra_hosts: - host.docker.internal:host-gateway environment: - DEBUG_MODE=True restart: unless-stopped - image: labs.etsi.org:5050/ocf/capif/mock_server:latest + image: ${REGISTRY_BASE_URL}/mock-server:${OCF_VERSION} networks: default: diff --git a/services/docker-compose-register.yml b/services/docker-compose-register.yml index 9d5bc707dae9b53d8bf4c895d134b0be9b678b75..02599a3278cb1f9d20e67cfee536062273d27ae7 100644 --- a/services/docker-compose-register.yml +++ b/services/docker-compose-register.yml @@ -1,11 +1,11 @@ services: register: build: - context: ./register + context: ${SERVICES_DIR}/register ports: - 8084:8080 volumes: - - ./register:/usr/src/app + - ${SERVICES_DIR}/register/config.yaml:/usr/src/app/config.yaml environment: - CAPIF_PRIV_KEY=${CAPIF_PRIV_KEY} - VAULT_HOSTNAME=vault @@ -18,7 +18,7 @@ services: - host.docker.internal:host-gateway - vault:host-gateway restart: unless-stopped - image: labs.etsi.org:5050/ocf/capif/register:v2.x.x-release + image: ${REGISTRY_BASE_URL}/register:${OCF_VERSION} depends_on: - mongo_register diff --git a/services/docker-compose-vault.yml b/services/docker-compose-vault.yml index d2d8f6db632e589ccbc7e6d16d64e2ebd7a1af23..f14391228d47ac8745c492228fac71cb1e6f17af 100644 --- a/services/docker-compose-vault.yml +++ b/services/docker-compose-vault.yml @@ -1,7 +1,8 @@ services: vault: + image: ${REGISTRY_BASE_URL}/vault:${OCF_VERSION} build: - context: ./vault + context: ${SERVICES_DIR}/vault restart: unless-stopped ports: - 8200:8200 @@ -12,5 +13,6 @@ services: - VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200 - CAPIF_HOSTNAME=${CAPIF_HOSTNAME} volumes: - - ./vault/data:/vault/data - - ./vault/config:/vault/config + - ${SERVICES_DIR}/vault/data:/vault/data + - ${SERVICES_DIR}/vault/config:/vault/config + - ${SERVICES_DIR}/vault/vault_prepare_certs.sh:/vault_prepare_certs.sh diff --git a/services/nginx/nginx_prepare.sh b/services/nginx/nginx_prepare.sh index 75fc9fd5e9a86d4dca66ef0b7124f08557b510ac..91884863cc069fc05e1ad71e018627143ed5aa88 100644 --- a/services/nginx/nginx_prepare.sh +++ b/services/nginx/nginx_prepare.sh @@ -5,34 +5,112 @@ cd $CERTS_FOLDER VAULT_ADDR="http://$VAULT_HOSTNAME:$VAULT_PORT" VAULT_TOKEN=$VAULT_ACCESS_TOKEN -curl -k -retry 30 \ - --retry-all-errors \ - --connect-timeout 5 \ - --max-time 10 \ - --retry-delay 10 \ - --retry-max-time 300 \ - --header "X-Vault-Token: $VAULT_TOKEN" \ - --request GET "$VAULT_ADDR/v1/secret/data/ca" 2>/dev/null | jq -r '.data.data.ca' -j > $CERTS_FOLDER/ca.crt - -openssl verify -CAfile $CERTS_FOLDER/ca.crt $CERTS_FOLDER/ca.crt - -curl -k -retry 30 \ - --retry-all-errors \ - --connect-timeout 5 \ - --max-time 10 \ - --retry-delay 10 \ - --retry-max-time 300 \ - --header "X-Vault-Token: $VAULT_TOKEN" \ - --request GET "$VAULT_ADDR/v1/secret/data/server_cert" 2>/dev/null | jq -r '.data.data.cert' -j > $CERTS_FOLDER/server.crt - -curl -k -retry 30 \ - --retry-all-errors \ - --connect-timeout 5 \ - --max-time 10 \ - --retry-delay 10 \ - --retry-max-time 300 \ - --header "X-Vault-Token: $VAULT_TOKEN" \ - --request GET "$VAULT_ADDR/v1/secret/data/server_cert/private" 2>/dev/null | jq -r '.data.data.key' -j > $CERTS_FOLDER/server.key +# Maximum number of retry attempts +MAX_RETRIES=30 +# Delay between retries (in seconds) +RETRY_DELAY=10 +# Attempt counter +ATTEMPT=0 +# Success check +SUCCES_OPERATION=false + +while [ $ATTEMPT -lt $MAX_RETRIES ]; do + # Increment ATTEMPT using eval + eval "ATTEMPT=\$((ATTEMPT + 1))" + echo "Attempt $ATTEMPT of $MAX_RETRIES" + + # Make the request to Vault and store the response in a variable + RESPONSE=$(curl -s -k --connect-timeout 5 --max-time 10 \ + --header "X-Vault-Token: $VAULT_TOKEN" \ + --request GET "$VAULT_ADDR/v1/secret/data/ca" | jq -r '.data.data.ca') + + echo "$RESPONSE" + + # Check if the response is "null" or empty + if [ -n "$RESPONSE" ] && [ "$RESPONSE" != "null" ]; then + echo "$RESPONSE" > $CERTS_FOLDER/ca.crt + openssl verify -CAfile $CERTS_FOLDER/ca.crt $CERTS_FOLDER/ca.crt + echo "CA Root successfully saved." + SUCCES_OPERATION=true + break + else + echo "Invalid response ('null' or empty), retrying in $RETRY_DELAY seconds..." + sleep $RETRY_DELAY + fi +done + +if [ "$SUCCES_OPERATION" = false ]; then + echo "Error: Failed to retrieve a valid response after $MAX_RETRIES attempts." + exit 1 # Exit with failure +fi + +# Setup inital value to ATTEMPT and SUCCESS_OPERATION +ATTEMPT=0 +SUCCES_OPERATION=false + +while [ $ATTEMPT -lt $MAX_RETRIES ]; do + # Increment ATTEMPT using eval + eval "ATTEMPT=\$((ATTEMPT + 1))" + echo "Attempt $ATTEMPT of $MAX_RETRIES" + + # Make the request to Vault and store the response in a variable + RESPONSE=$(curl -s -k --connect-timeout 5 --max-time 10 \ + --header "X-Vault-Token: $VAULT_TOKEN" \ + --request GET "$VAULT_ADDR/v1/secret/data/server_cert" | jq -r '.data.data.cert') + + echo "$RESPONSE" + + # Check if the response is "null" or empty + if [ -n "$RESPONSE" ] && [ "$RESPONSE" != "null" ]; then + echo "$RESPONSE" > $CERTS_FOLDER/server.crt + echo "Server Certificate successfully saved." + ATTEMPT=0 + SUCCES_OPERATION=true + break + else + echo "Invalid response ('null' or empty), retrying in $RETRY_DELAY seconds..." + sleep $RETRY_DELAY + fi +done + +if [ "$SUCCES_OPERATION" = false ]; then + echo "Error: Failed to retrieve a valid response after $MAX_RETRIES attempts." + exit 1 # Exit with failure +fi + +# Setup inital value to ATTEMPT and SUCCESS_OPERATION +ATTEMPT=0 +SUCCES_OPERATION=false + +while [ $ATTEMPT -lt $MAX_RETRIES ]; do + # Increment ATTEMPT using eval + eval "ATTEMPT=\$((ATTEMPT + 1))" + echo "Attempt $ATTEMPT of $MAX_RETRIES" + + # Make the request to Vault and store the response in a variable + RESPONSE=$(curl -s -k --connect-timeout 5 --max-time 10 \ + --header "X-Vault-Token: $VAULT_TOKEN" \ + --request GET "$VAULT_ADDR/v1/secret/data/server_cert/private" | jq -r '.data.data.key') + + echo "$RESPONSE" + + # Check if the response is "null" or empty + if [ -n "$RESPONSE" ] && [ "$RESPONSE" != "null" ]; then + echo "$RESPONSE" > $CERTS_FOLDER/server.key + echo "Server Key successfully saved." + ATTEMPT=0 + SUCCES_OPERATION=true + break + else + echo "Invalid response ('null' or empty), retrying in $RETRY_DELAY seconds..." + sleep $RETRY_DELAY + fi +done + +if [ "$SUCCES_OPERATION" = false ]; then + echo "Error: Failed to retrieve a valid response after $MAX_RETRIES attempts." + exit 1 # Exit with failure +fi LOG_LEVEL=$(echo "${LOG_LEVEL}" | tr '[:upper:]' '[:lower:]') @@ -50,4 +128,4 @@ esac envsubst '$LOG_LEVEL' < /etc/nginx/nginx.conf > /etc/nginx/nginx.conf.tmp mv /etc/nginx/nginx.conf.tmp /etc/nginx/nginx.conf -nginx \ No newline at end of file +nginx diff --git a/services/remove_users.sh b/services/remove_users.sh index 7221981410fb101f4f5ec779142731d0b2d3db2a..01cceb4f15fd6f9d42fa963261f941a6948115a1 100755 --- a/services/remove_users.sh +++ b/services/remove_users.sh @@ -1,4 +1,5 @@ #!/bin/bash +source $(dirname "$(readlink -f "$0")")/variables.sh # User to remove USERNAME_PREFIX= @@ -37,31 +38,6 @@ then exit -1 fi -# Other Stuff -DOCKER_ROBOT_IMAGE=labs.etsi.org:5050/ocf/capif/robot-tests-image -DOCKER_ROBOT_IMAGE_VERSION=1.0 -cd .. -REPOSITORY_BASE_FOLDER=${PWD} -TEST_FOLDER=$REPOSITORY_BASE_FOLDER/tests -RESULT_FOLDER=$REPOSITORY_BASE_FOLDER/results -ROBOT_DOCKER_FILE_FOLDER=$REPOSITORY_BASE_FOLDER/tools/robot - -# nginx Hostname and http port (80 by default) to reach for tests -CAPIF_REGISTER=capifcore -CAPIF_REGISTER_PORT=8084 -CAPIF_HOSTNAME=capifcore -CAPIF_HTTP_PORT=8080 -CAPIF_HTTPS_PORT=443 - -# VAULT access configuration -CAPIF_VAULT=vault -CAPIF_VAULT_PORT=8200 -CAPIF_VAULT_TOKEN=read-ca-token - -# Mock Server -MOCK_SERVER_URL=http://mock-server:9100 -NOTIFICATION_DESTINATION_URL=$MOCK_SERVER_URL - PLATFORM=$(uname -m) if [ "x86_64" == "$PLATFORM" ]; then DOCKER_ROBOT_IMAGE_VERSION=$DOCKER_ROBOT_IMAGE_VERSION-amd64 @@ -109,11 +85,13 @@ fi mkdir -p $RESULT_FOLDER -docker run -ti --rm --network="host" \ +docker run $DOCKER_ROBOT_TTY_OPTIONS --rm --network="host" \ --add-host host.docker.internal:host-gateway \ --add-host vault:host-gateway \ --add-host register:host-gateway \ --add-host mock-server:host-gateway \ + --add-host $CAPIF_HOSTNAME:host-gateway \ + --add-host $CAPIF_REGISTER:host-gateway \ -v $TEST_FOLDER:/opt/robot-tests/tests \ -v $RESULT_FOLDER:/opt/robot-tests/results ${DOCKER_ROBOT_IMAGE}:${DOCKER_ROBOT_IMAGE_VERSION} \ --variable CAPIF_HOSTNAME:$CAPIF_HOSTNAME \ diff --git a/services/run.sh b/services/run.sh index 6b7480373f53909693aad441fab3a2db4214c07d..fbd0750d7666931c18515912ca2b81af7f7a5f35 100755 --- a/services/run.sh +++ b/services/run.sh @@ -1,10 +1,5 @@ #!/bin/bash - -# Directories variables setup (no modification needed) -export SERVICES_DIR=$(dirname "$(readlink -f "$0")") -export CAPIF_BASE_DIR=$(dirname "$SERVICES_DIR") -# Path to the register config.yaml file -REGISTER_CONFIG_FILE="$SERVICES_DIR/register/config.yaml" +source $(dirname "$(readlink -f "$0")")/variables.sh help() { echo "Usage: $1 " @@ -13,24 +8,14 @@ help() { echo " -m : Run monitoring service" echo " -l : Set Log Level (default DEBUG). Select one of: [CRITICAL, FATAL, ERROR, WARNING, WARN, INFO, DEBUG, NOTSET]" echo " -r : Remove cached information on build" + echo " -v : Set OCF version of images" + echo " -f : Services directory. (Default $SERVICES_DIR)" + echo " -g : Gitlab base URL. (Default $REGISTRY_BASE_URL)" + echo " -b : Build docker images. Default TRUE" echo " -h : show this help" exit 1 } -HOSTNAME=capifcore -MONITORING_STATE=false -DEPLOY=all -LOG_LEVEL=DEBUG -CACHED_INFO="" - -# Needed to avoid write permissions on bind volumes with prometheus and grafana -DUID=$(id -u) -DGID=$(id -g) - -# Mock Server configuration -IP=0.0.0.0 -PORT=9100 - # Get docker compose version docker_version=$(docker compose version --short | cut -d',' -f1) IFS='.' read -ra version_components <<< "$docker_version" @@ -50,10 +35,10 @@ then fi # Read params -while getopts ":c:l:mshr" opt; do +while getopts ":c:l:mshrv:f:g:b:" opt; do case $opt in c) - HOSTNAME="$OPTARG" + CAPIF_HOSTNAME="$OPTARG" ;; m) MONITORING_STATE=true @@ -61,6 +46,18 @@ while getopts ":c:l:mshr" opt; do s) ROBOT_MOCK_SERVER=true ;; + v) + OCF_VERSION="$OPTARG" + ;; + f) + SERVICES_DIR="$OPTARG" + ;; + g) + REGISTRY_BASE_URL="$OPTARG" + ;; + b) + BUILD_DOCKER_IMAGES="$OPTARG" + ;; h) help ;; @@ -81,13 +78,21 @@ while getopts ":c:l:mshr" opt; do esac done -echo Nginx hostname will be $HOSTNAME, deploy $DEPLOY, monitoring $MONITORING_STATE +echo Nginx hostname will be $CAPIF_HOSTNAME, deploy $DEPLOY, monitoring $MONITORING_STATE + +if [ "$BUILD_DOCKER_IMAGES" == "true" ] ; then + echo '***Building Docker images set as true***' + BUILD="--build" +else + echo '***Building Docker images set as false***' + BUILD="--no-build" +fi # Deploy Monitoring stack if [ "$MONITORING_STATE" == "true" ] ; then echo '***Monitoring set as true***' echo '***Creating Monitoring stack***' - DUID=$DUID DGID=$DGID docker compose -f "$SERVICES_DIR/monitoring/docker-compose.yml" up --detach --build $CACHED_INFO + DUID=$DUID DGID=$DGID docker compose -f "$SERVICES_DIR/monitoring/docker-compose.yml" up --detach $BUILD $CACHED_INFO status=$? if [ $status -eq 0 ]; then @@ -101,7 +106,7 @@ fi docker network create capif-network # Deploy Vault service -CAPIF_HOSTNAME=$HOSTNAME docker compose -f "$SERVICES_DIR/docker-compose-vault.yml" up --detach --build $CACHED_INFO +REGISTRY_BASE_URL=$REGISTRY_BASE_URL OCF_VERSION=$OCF_VERSION CAPIF_HOSTNAME=$CAPIF_HOSTNAME docker compose -f "$SERVICES_DIR/docker-compose-vault.yml" up --detach $BUILD $CACHED_INFO status=$? if [ $status -eq 0 ]; then @@ -112,7 +117,7 @@ else fi # Deploy Capif services -CAPIF_HOSTNAME=$HOSTNAME MONITORING=$MONITORING_STATE LOG_LEVEL=$LOG_LEVEL docker compose -f "$SERVICES_DIR/docker-compose-capif.yml" up --detach --build $CACHED_INFO +REGISTRY_BASE_URL=$REGISTRY_BASE_URL SERVICES_DIR=$SERVICES_DIR OCF_VERSION=$OCF_VERSION CAPIF_HOSTNAME=$CAPIF_HOSTNAME MONITORING=$MONITORING_STATE LOG_LEVEL=$LOG_LEVEL docker compose -f "$SERVICES_DIR/docker-compose-capif.yml" up --detach $BUILD $CACHED_INFO status=$? if [ $status -eq 0 ]; then @@ -122,17 +127,19 @@ else exit $status fi +# Path to the register config.yaml file +REGISTER_CONFIG_FILE="$SERVICES_DIR/register/config.yaml" # Backup Original config.yaml file cp $REGISTER_CONFIG_FILE $REGISTER_CONFIG_FILE.bak # Mark the file as assume-unchanged git update-index --assume-unchanged "$REGISTER_CONFIG_FILE" # Edit Register Service URL within ccf in the config.yaml file -yq eval ".ccf.url = \"$HOSTNAME\"" -i "$REGISTER_CONFIG_FILE" +yq eval ".ccf.url = \"$CAPIF_HOSTNAME\"" -i "$REGISTER_CONFIG_FILE" # Deploy Register service -CAPIF_PRIV_KEY_BASE_64=$(echo "$(cat nginx/certs/server.key)") -CAPIF_PRIV_KEY=$CAPIF_PRIV_KEY_BASE_64 LOG_LEVEL=$LOG_LEVEL docker compose -f "$SERVICES_DIR/docker-compose-register.yml" up --detach --build $CACHED_INFO +CAPIF_PRIV_KEY_BASE_64=$(echo "$(cat ${SERVICES_DIR}/nginx/certs/server.key)") +REGISTRY_BASE_URL=$REGISTRY_BASE_URL SERVICES_DIR=$SERVICES_DIR OCF_VERSION=$OCF_VERSION CAPIF_PRIV_KEY=$CAPIF_PRIV_KEY_BASE_64 LOG_LEVEL=$LOG_LEVEL docker compose -f "$SERVICES_DIR/docker-compose-register.yml" up --detach $BUILD $CACHED_INFO status=$? if [ $status -eq 0 ]; then @@ -147,12 +154,12 @@ if [ "$ROBOT_MOCK_SERVER" == "true" ] ; then echo '***Robot Mock Server set as true***' echo '***Creating Robot Mock Server stack***' - IP=$IP PORT=$PORT docker compose -f "$SERVICES_DIR/docker-compose-mock-server.yml" up --detach --build $CACHED_INFO + REGISTRY_BASE_URL=$REGISTRY_BASE_URL SERVICES_DIR=$SERVICES_DIR OCF_VERSION=$OCF_VERSION IP=$MOCK_SERVER_IP PORT=$MOCK_SERVER_PORT docker compose -f "$SERVICES_DIR/docker-compose-mock-server.yml" up --detach $BUILD $CACHED_INFO status=$? if [ $status -eq 0 ]; then - echo "*** Monitoring Stack Runing ***" + echo "*** Mock Server Runing ***" else - echo "*** Monitoring Stack failed to start ***" + echo "*** Mock Server failed to start ***" exit $status fi fi diff --git a/services/run_capif_tests.sh b/services/run_capif_tests.sh index 65749bf3f9514fae2ead580962777a1292a0cf76..65c9a45f92783a7be913edc452ac8534b2d6280f 100755 --- a/services/run_capif_tests.sh +++ b/services/run_capif_tests.sh @@ -1,27 +1,5 @@ #!/bin/bash - -DOCKER_ROBOT_IMAGE=labs.etsi.org:5050/ocf/capif/robot-tests-image -DOCKER_ROBOT_IMAGE_VERSION=1.0 -cd .. -REPOSITORY_BASE_FOLDER=${PWD} -TEST_FOLDER=$REPOSITORY_BASE_FOLDER/tests -RESULT_FOLDER=$REPOSITORY_BASE_FOLDER/results -ROBOT_DOCKER_FILE_FOLDER=$REPOSITORY_BASE_FOLDER/tools/robot - -# nginx Hostname and http port (80 by default) to reach for tests -CAPIF_REGISTER=capifcore -CAPIF_REGISTER_PORT=8084 -CAPIF_HOSTNAME=capifcore -CAPIF_HTTP_PORT=8080 -CAPIF_HTTPS_PORT=443 - -# VAULT access configuration -CAPIF_VAULT=vault -CAPIF_VAULT_PORT=8200 -CAPIF_VAULT_TOKEN=dev-only-token - -MOCK_SERVER_URL=http://mock-server:9100 -NOTIFICATION_DESTINATION_URL=http://mock-server:9100 +source $(dirname "$(readlink -f "$0")")/variables.sh PLATFORM=$(uname -m) if [ "x86_64" == "$PLATFORM" ]; then @@ -72,7 +50,7 @@ fi mkdir -p $RESULT_FOLDER -docker run -ti --rm --network="host" \ +docker run $DOCKER_ROBOT_TTY_OPTIONS --rm --network="host" \ --add-host host.docker.internal:host-gateway \ --add-host vault:host-gateway \ --add-host register:host-gateway \ diff --git a/services/run_mock_server.sh b/services/run_mock_server.sh index c7393861a7b7e3e96cc10d2e80a5b7a196c5b767..5f62cf5c48d67ef5be2903db22f3f53d8d995dea 100755 --- a/services/run_mock_server.sh +++ b/services/run_mock_server.sh @@ -1,8 +1,5 @@ #!/bin/bash - -# Directories variables setup (no modification needed) -export SERVICES_DIR=$(dirname "$(readlink -f "$0")") -export CAPIF_BASE_DIR=$(dirname "$SERVICES_DIR") +source $(dirname "$(readlink -f "$0")")/variables.sh help() { echo "Usage: $1 " @@ -12,17 +9,17 @@ help() { exit 1 } -IP=0.0.0.0 -PORT=9100 +MOCK_SERVER_IP=0.0.0.0 +MOCK_SERVER_PORT=9100 # Read params while getopts ":i:p:h" opt; do case $opt in i) - IP="$OPTARG" + MOCK_SERVER_IP="$OPTARG" ;; p) - PORT=$OPTARG + MOCK_SERVER_PORT=$OPTARG ;; h) help @@ -38,11 +35,11 @@ while getopts ":i:p:h" opt; do esac done -echo Robot Framework Mock Server will listen on $IP:$PORT +echo Robot Framework Mock Server will listen on $MOCK_SERVER_IP:$MOCK_SERVER_PORT docker network create capif-network || echo "capif-network previously created on docker networks" -IP=$IP PORT=$PORT docker compose -f "$SERVICES_DIR/docker-compose-mock-server.yml" up --detach --build +MOCK_SERVER_IP=$IP MOCK_SERVER_PORT=$PORT docker compose -f "$SERVICES_DIR/docker-compose-mock-server.yml" up --detach --build status=$? if [ $status -eq 0 ]; then diff --git a/services/variables.sh b/services/variables.sh new file mode 100755 index 0000000000000000000000000000000000000000..748c8c0ae7ac46721802f0c11a170541c45c2244 --- /dev/null +++ b/services/variables.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +# Directories variables setup (no modification needed) +export SERVICES_DIR=$(dirname "$(readlink -f "$0")") +export CAPIF_BASE_DIR=$(dirname "$SERVICES_DIR") +export TEST_FOLDER=$CAPIF_BASE_DIR/tests +export RESULT_FOLDER=$CAPIF_BASE_DIR/results +export ROBOT_DOCKER_FILE_FOLDER=$CAPIF_BASE_DIR/tools/robot + +# Image URL and version +export REGISTRY_BASE_URL="labs.etsi.org:5050/ocf/capif/prod" +export OCF_VERSION="v2.0.0-release" + +# Capif hostname +export CAPIF_HOSTNAME=capifcore +export CAPIF_HTTP_PORT=8080 +export CAPIF_HTTPS_PORT=443 + +# Register hostname and port +export CAPIF_REGISTER=register +export CAPIF_REGISTER_PORT=8084 + +# VAULT access configuration +export CAPIF_VAULT=vault +export CAPIF_VAULT_PORT=8200 +export CAPIF_VAULT_TOKEN=dev-only-token + +# Build and Deployment variables +export MONITORING_STATE=false +export DEPLOY=all +export LOG_LEVEL=DEBUG +export CACHED_INFO="" +export BUILD_DOCKER_IMAGES=true +export REMOVE_IMAGES=false + +# Needed to avoid write permissions on bind volumes with prometheus and grafana +export DUID=$(id -u) +export DGID=$(id -g) + +# Mock Server configuration +export MOCK_SERVER_IP=0.0.0.0 +export MOCK_SERVER_PORT=9100 + +# Robot tests variables +export DOCKER_ROBOT_IMAGE=labs.etsi.org:5050/ocf/capif/robot-tests-image +export DOCKER_ROBOT_IMAGE_VERSION=1.0 +export DOCKER_ROBOT_TTY_OPTIONS="-ti" + +# Mock server variables +export MOCK_SERVER_URL=http://mock-server:${MOCK_SERVER_PORT} +export NOTIFICATION_DESTINATION_URL=http://mock-server:${MOCK_SERVER_PORT} + diff --git a/services/vault/vault_prepare_certs.sh b/services/vault/vault_prepare_certs.sh old mode 100644 new mode 100755 index b209ecfeee92fd5e43d9c3bcf00bdc5e0aa5c130..160e74979514cf2682e55234e4c3db1c8b3cb1e5 --- a/services/vault/vault_prepare_certs.sh +++ b/services/vault/vault_prepare_certs.sh @@ -3,9 +3,9 @@ # Setup environment variables for Vault export VAULT_ADDR="http://$VAULT_DEV_LISTEN_ADDRESS" export VAULT_TOKEN=$VAULT_DEV_ROOT_TOKEN_ID -HOSTNAME="$CAPIF_HOSTNAME" +CAPIF_HOSTNAME="${CAPIF_HOSTNAME:-capifcore}" -echo "CAPIF_HOSTNAME: $HOSTNAME" +echo "CAPIF_HOSTNAME: $CAPIF_HOSTNAME" echo "VAULT_ADDR: $VAULT_ADDR" echo "VAULT_TOKEN: $VAULT_TOKEN" @@ -44,7 +44,7 @@ vault write -format=json pki/root/sign-intermediate \ vault write pki_int/intermediate/set-signed certificate=@capif_intermediate.cert.pem # Configure the role for the intermediate CA -vault write pki_int/roles/my-ca use_csr_common_name=false require_cn=true use_csr_sans=false allowed_domains=$HOSTNAME allow_any_name=true allow_bare_domains=true allow_glob_domains=true allow_subdomains=true max_ttl=4300h ttl=4300h +vault write pki_int/roles/my-ca use_csr_common_name=false require_cn=true use_csr_sans=false allowed_domains=$CAPIF_HOSTNAME allow_any_name=true allow_bare_domains=true allow_glob_domains=true allow_subdomains=true max_ttl=4300h ttl=4300h # Generate a certificate openssl genrsa -out ./server.key 2048 @@ -55,7 +55,7 @@ STATE="Madrid" # state or province name LOCALITY="Madrid" # Locality Name (e.g. city) ORGNAME="Telefonica I+D" # Organization Name (eg, company) ORGUNIT="Innovation" # Organizational Unit Name (eg. section) -COMMONNAME="$HOSTNAME" +COMMONNAME="$CAPIF_HOSTNAME" EMAIL="inno@tid.es" # certificate's email address # optional extra details CHALLENGE="" # challenge password @@ -77,7 +77,7 @@ $COMPANY __EOF__ -vault write -format=json pki_int/sign/my-ca format=pem_bundle ttl="43000h" csr=@server.csr common_name="$HOSTNAME" | jq -r '.data.issuing_ca as $issuing_ca | .data.certificate as $certificate | [$issuing_ca, $certificate]' > cert_data.json +vault write -format=json pki_int/sign/my-ca format=pem_bundle ttl="43000h" csr=@server.csr common_name="$CAPIF_HOSTNAME" | jq -r '.data.issuing_ca as $issuing_ca | .data.certificate as $certificate | [$issuing_ca, $certificate]' > cert_data.json jq -r '.[0]' cert_data.json > root_ca.crt.pem jq -r '.[1]' cert_data.json > server_certificate.crt.pem