This project is part of the NUBOMEDIA research initiative.
The NUBOMEDIA PaaS manager is the manager for PaaS Platform that exposes REST API to allow NUBOMEDIA users to build and deploy applications on the NUBOMEDIA Platform. This is a short guide to deploy and install the NUBOMEDIA PaaS Manager.
The PaaS Manager is implemented in java using the spring.io framework. This manager requires that all infrastructure is running:
- Openbaton is up and running
- The MS-VNFM is up, running and registered to Openbaton
- The PaaS is configured and running (this API are tested with version 1.1 of Openshift binaries)
- A keystore with the PaaS SSL certificates exists and is available on the PaaS API machine (you can use this guide or this software to do that)
You can install the NUBOMEDIA PaaS manager either automatically by downloading and executing the bootstrap or manually. Both options are described below.
The bootstrap repository contains the script to install and start the NUBOMEDIA PaaS Manager automatically. In order to do it you can run the following command:
bash <(curl -fsSkl https://raw.githubusercontent.com/fhg-fokus-nubomedia/nubomedia-paas/master/bootstrap)
At the end of the installation process the NUBOMEDIA PaaS Manager dashboard is reachable at localhost:8081
Afterwards the source code of the NUBOMEDIA PaaS Manager is located in /opt/nubomedia/nubomedia-paas
.
Check if the NFVO and/or the MS-VNFM is not installed and started, otherwise the NUBOMEDIA PaaS Manager start will fail and you need to start it manually when the NFVO and the MS-VNFM are up and running.
In case the NUBOMEDIA PaaS Manager are already installed you can start them manually using the provided script as described here
- Download the source code from git:
git clone https://github.com/fhg-fokus-nubomedia/nubomedia-paas.git
- Change the properties file to reflect your infrastructure configuration:
vim NUBOMEDIA-paas/src/main/resources/paas.properties
- Run the provided script to create the base folder for properties file (and copy the file in it)
cd nubomedia-paas/
./nubomedia-paas.sh init
NOTE if you are not root it will ask for sudo password
- Compile the code using the provided script
cd nubomedia-paas/
./nubomedia-paas.sh compile
The NUBOMEDIA PaaS Manager can to started by executing the following command (in the directory nubomedia-paas)
./nubomedia-paas.sh start
Once the NUBOMEDIA PaaS Manager is started you can access the screen session that is in another window with the ms-vnfm running:
screen -r nubomedia
and move to the windows named nubomedia-paas
The configuration can to fount in /etc/nubomedia/paas.properties
.
Here you can configure:
- PaaS address
- OpenShift
- NFVO
- VNF Manager (MS-VNFM aka EMM)
- Vim (according to ETSI Specification) properties
- KMS image
- RabbitMQ
- Database
- Log Levels
After changing any configuration, you need to restart.
The following table provides you with descriptions of the main properties to be modified in order to configure the PaaS Manager:
parameter | default value | description |
---|---|---|
paas.security.admin.password | nub0m3d14 | defines the admin password for the PaaS Manager |
paas.security.project.name | default | defines the default project for the PaaS Manager |
paas.port | 8081 | defines the URL of the PaaS Manager itself (used internally) |
openshift.baseURL | https://localhost:8443 | defines where your OpenShift instance is running |
openshift.domainName | your.domain.com | defines your domain used to create the route |
openshift.project | nubomedia | defines the project to be used in OpenShift (must exist) |
openshift.token | - | configure your token used to access the OpenShift instance (produced by OpenShift in this way) |
kms.image | nubomedia/kurento-media-server | Specifies the image to be used for running KMS |
nfvo.ip | localhost | defines the ip where the NFVO is running |
nfvo.port | port | defines the port on which Marketplace is reachable |
nfvo.username | admin | defines the username to be used for the NFVO |
nfvo.password | openbaton | defines the password to be used for the NFVO |
vnfm.ip | localhost | defines the ip where the VNFM is running |
vnfm.port | 9000 | defines the port on which VNFM is reachable |
marketplace.ip | defines the ip where the Marketplace is running | |
marketplace.port | defines the port on which Marketplace is reachable | |
vim.authURL | http://localhost:5000/v2.0 | defines the authentication URL of the cloud infrastructure to be used |
vim.name | nubomedia-vim | defines the name of the VIM instance (used as an identifier) |
vim.tenant | nubomedia | defines the tenant to be used for allocating resources in the cloud infrastructure |
vim.username | nubomedia | defines the username to be used for authorizing against the cloud infrastructure |
vim.password | nubomedia | defines the password to be used for authorizing against the cloud infrastructure |
vim.keypair | nubomedia | defines the keypair to be used to access the VMs (must exist in cloud infrastructure) |
vim.type | openstack | defines the type of cloud infrastructure |
rabbitmq.host | localhost | defines the host where the RabbitMQ server is running |
rabbitmq.username | admin | defines the username to authorize against the RabbitMQ server |
rabbitmq.password | openbaton | defines the password to authorize against the RabbitMQ server |
logging.level.* | - | defines the log levels of the specified packages |
The token created in this part is used internally to authorize against OpenShift. It must be placed in the configuration file under 'openshift.token' in order to let the PaaS Manager communicate with the OpenShift server.
First you need to create a new service account by running this command from the OpenShift command line:
$ echo '{"kind":"ServiceAccount","apiVersion":"v1","metadata":{"name":"paas-user"}}' | oc create -n nubomedia -f -
serviceaccount "paas-develop" created
Afterwards you need to execute the following command in order to add the new service account the the project nubomedia
$ oc policy add-role-to-user edit --serviceaccount=paas-user -n nubomedia
To get the token created you can list first the names of the tokens that were added automatically during the step before.
$ oc get secrets
paas-develop-dockercfg-lejqo kubernetes.io/dockercfg 1 23s
paas-develop-token-lljjd kubernetes.io/service-account-token 2 23s
paas-develop-token-yt0zr kubernetes.io/service-account-token 2 23s
Just execute one of the following commands to retrieve the token created. Either this:
$ oc describe secrets paas-develop-token-lljjd
Name: paas-develop-token-lljjd
Namespace: nubomedia
Labels: <none>
Annotations: kubernetes.io/service-account.name=paas-develop,kubernetes.io/service-account.uid=bd9ec0fe-48fb-11e6-b950-001a648f9cf6
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJudWJvbWVkaW
EiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoicGFhcy1kZXZlbG9wLXRva2VuLWxsampkIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQub
mFtZSI6InBhYXMtZGV2ZWxvcCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImJkOWVjMGZlLTQ4ZmItMTFlNi1iOTUwLTAwMWE2NDhmOWNmNiIsInN1YiI6InN5
c3RlbTpzZXJ2aWNlYWNjb3VudDpudWJvbWVkaWE6cGFhcy1kZXZlbG9wIn0.LzBw_k6S1NnqDIy127nTRGHRVQBatiOHN0mrayo6Bg_aDk_qtxW9o8hF5_HYkE1xFQNarewHTu5F4f3ngHZG4aJ4GkHJVaPkEHI
gQGtp7pZbEJqwNuV8pPpvZmAV8zvFJvGgCBxRcyEL4tsArshcCX3D3z1vVIS5ZvDZr12qdgp-gKs1KOeLJM-B4CxE_hV43EicY3_tbyNFdlVVsPe_FYisG-KPYwqgKdkfTPuxx3WlKQ0JUgDDaPj0MqCoETVTQ0
THcJKr25lqyvzZUJm5qzPAKvaPn8xbI7lli4TjQd1ORVc3SsE4lpfUk0FADqVsLf9Fy4xeaQ3YwuKFeZhQ7B
ca.crt: 1066 bytes
or this:
$ oc describe secrets paas-develop-token-yt0zr
Name: paas-develop-token-yt0zr
Namespace: nubomedia
Labels: <none>
Annotations: kubernetes.io/service-account.name=paas-develop,kubernetes.io/service-account.uid=bd9ec0fe-48fb-11e6-b950-001a648f9cf6
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJudWJvbWVkaW
EiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoicGFhcy1kZXZlbG9wLXRva2VuLXl0MHpyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQub
mFtZSI6InBhYXMtZGV2ZWxvcCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImJkOWVjMGZlLTQ4ZmItMTFlNi1iOTUwLTAwMWE2NDhmOWNmNiIsInN1YiI6InN5
c3RlbTpzZXJ2aWNlYWNjb3VudDpudWJvbWVkaWE6cGFhcy1kZXZlbG9wIn0.dOe6d0fUkRK1gF2bjqZ6vsoic8hM0YjBoXzfg0Rn3ma_R1Vc0U0P6ytzJ8C_sPDLSE7HiLanIowKVy7AZifSDOWi53r3slxKP15
fbxw8_HunToMIR4WWIiKRjywsO184gqC1LZrmBfz0Y86-Xo91fFRMITx3rqXsHx-FkSwpNBKNFGC7cIF8Ch52LM6JXnZwazi_uP3lde3i9TdZ1tqDQKA9Eldu7Wgl3YRMiVN2xOrz4N4-vbZXYEvIQDKhCDF2QZ
Q9CJfruHrhczLeiY5yvpKfhMZ4JJxUjiDnbULtdA48GFxZszvNMpIyoX_fhqOiI3GoUFHyChcZ4B6_zZtegW
Copy & paste on of those tokens to your configuration file.
The Identity Management includes the following entities:
- user: A user have his own credentials to login into the PaaS Manager. The user might be assigned to one or more projects with specific roles. Only the role:NUBOMEDIA_ADMIN can manage (create, delete) users and projects. The role:ADMIN can manage applications in the assigned project and role:GUEST can browse only through the applications.
- project: A project has an isolated view on the applications that are running in this project. A project might be used by one or multiple projects.
- role: Roles are defining the set of actions that are permitted to execute. role:NUBOMEDIA_ADMIN can create and delete users and projects; and has access to all projects. role:ADMIN can manage the applications in the assigned projects. role:GUEST can only browse through the applications of the assigned projects.
NOTE The password for the NUBOMEDIA_ADMIN is defined in the configuration file. Changing this password will be applied after a restart of the PaaS Manager.
The marketplace for NUBOMEDIA applications serves a store where the full configuration of applications can be stored. It is integrated directly in the NUBOMEDIA GUI. From the marketplace you can launch applications via your PaaS GUI without doing anything. The marketplace itself is an centralized component that might be used by several PaaS Managers. In order to use it you need to define the IP and port in the configuration file.
Need some support, wish to contribute? Then get in contact with us via our mailinglist!
Issues and bug reports should to posted to the GitHub NUBOMEDIA-PaaS Issue List
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.