Skip to content

Custos Deployment on Cluster

Jump to bottom
Nirav Raje edited this page May 6, 2022 · 1 revision

Deploy Custos following below steps:-

  1. Login into master instance:-
//on home
mkdir custos
mkdir custos/artifacts
chmod 777 -R custos

Label all the nodes:-

kubectl get nodes

// for each node_name
kubectl label nodes node_name custosServiceWorker="enabled"
  1. On master Instance:-
kubectl delete all --all -n ingress-nginx

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/baremetal/deploy.yaml

Check port number of Vault and keycloak(SSL port):-

kubectl get svc -n ingress-nginx
  1. On local machine/VM, clone https://github.com/apache/airavata-custos.git 
git clone https://github.com/apache/airavata-custos.git
cd airavata-custos
  1. Perform below changes on it
  • in the root pom.xml:-
<vault.token>CHANGE_TO_VAULT_TOKEN</vault.token>
<vault.scheme>http</vault.scheme>
<vault.host>vault.vault.svc.cluster.local</vault.host>
<vault.port>8200</vault.port>
<vault.uri>http://vault.vault.svc.cluster.local:8200</vault.uri>

<iam.dev.username>admin</iam.dev.username>
<iam.dev.password>CHANGE_TO_KEYCLOAK_PASSWORD</iam.dev.password>

<custos.email.password>rajchauh@iu.edu</custos.email.password>

<spring.datasource.username>root</spring.datasource.username>
<spring.datasource.password>CHANGE_TO_MYSQL_PASSWORD</spring.datasource.password>

<docker.image.prefix>CHANGE_TO_DOCKER_USERNAME</docker.image.prefix>
<docker.image.repo>CHANGE_TO_DOCKER_USERNAME</docker.image.repo>

<host>js-169-114.jetstream-cloud.org</host>
<ssh.privatekey>/home/rajchauh/.ssh/id_rsa</ssh.privatekey>
<ssh.username>rajchauh</ssh.username>
  • In custos-core-services/utility-services/custos-configuration-service/pom.xml 
<skip>false</skip>
  • In custos-core-services/utility-services/custos-configuration-service/src/main/resources/*-dev-properties 
Change iam.server.url=https://{host}:{port_grabbed_above}/auth/

Same in custos-core-services/utility-services/custos-configuration-service/src/main/resources/*-staging-properties

  • Comment from line 225 to 249 in custos-integration-services/tenant-management-service-parent/tenant-management-service/src/main/java/org/apache/custos/tenant/management/tasks/TenantActivationTask.java
  1. Again from local machine, from root of airavata-custos repo:-
docker login

mvn clean install -P container

mvn dockerfile:push -P container

mvn antrun:run -P scp-to-remote
  1. On Master instance:-
helm install cluster-management-core-service /home/ssh_user/custos/artifacts/cluster-management-core-service-1.1-SNAPSHOT.tgz -n keycloak

  1. Now deploy helm install iam-admin-core and identity-core-service again setting profile as staging

  2. Login to vault and create new engines - secret and resourcesecret:- image

  3. Perform a post request to register a tenant:-

curl --location --request POST 'https://js-168-246.jetstream-cloud.org:31373/tenant-management/v1.0.0/oauth2/tenant' \
--header 'Content-Type: application/json' \
--data-raw '{
    "client_name":"neoairavataproject",
    "requester_email":"rajchauh@iu.edu",
    "admin_username":"rajdeep",
    "admin_first_name":"Rajdeep",
    "admin_last_name":"Chauhan",
    "admin_email":"rajchauh@iu.edu",
    "contacts":["rajdeepc2792@gmail.com","email2@gmail.com"],
    "redirect_uris":["http://localhost:8080/callback*",
    "https://js-168-246.jetstream-cloud.org/callback*"],
    "scope":"openid profile email org.cilogon.userinfo",
    "domain":"https://js-168-246.jetstream-cloud.org",
    "admin_password":"rajdeep",
    "client_uri":"https://js-168-246.jetstream-cloud.org",
    "logo_uri":"https://js-68-246.jetstream-cloud.org",
    "application_type":"web",
    "comment":"Custos super tenant for production"
}'

It will output:-

{
    "client_id": "------------------",
    "client_secret": "-----------------",
    "is_activated": false,
    "client_id_issued_at": 1651722042000,
    "client_secret_expires_at": 0,
    "registration_client_uri": "https://custos.scigap.org/apiserver/tenant-management/v1.0.0/oauth2/tenant?client_id=----------",
    "token_endpoint_auth_method": "client_secret_basic",
    "msg": "Use Base64 encoded clientId:clientSecret as auth token for authorization, Credentials are activated after admin approval"
}

  1. Login to vault, https://js-168-246.jetstream-cloud.org:31373 service, edit the provided secret and change supertenant to true

  2. Perform post request to activate tenant:-

curl --location --request POST 'https://js-168-246.jetstream-cloud.org:31373/tenant-management/v1.0.0/status' \
--header 'Content-Type: application/json' \
--data-raw '{
"client_id":"custos-sk8fzgnd9ovlgrfp8wtt-10000000",
"status":"ACTIVE",
"super_tenant":true,
"updatedBy":"rajdeep"
}'

It will output:-

{
    "tenant_id": "10000000",
    "status": "ACTIVE"
}

  1. Here all the pods in ready status:- image

  2. A sample request performed on the setup custos:-

image

Overview

Home

Project Milestone 1

Project Milestone 2

Project Milestone 3

Project Milestone 4

Documentation

Project Planning

Meeting Notes

Clone this wiki locally