Table of Contents
Introduction
...
Note: For Development environment two nodes is sufficient, where one node plays a dual role of One-Click Deployment Node and MECM Node with other as MEC Host.
...
FigureFigure: EALTEdge Deployment Architecture
Note: EALTEdge Blueprint Deployment has been tested on Cloud VM and is not tested on Bare-Metal Environment. Though, theoretically deployment should work in bare metal, provided hardware and software prerequisites are met. Kindly refer R4 - Test Documentation of Enterprise Applications on Lightweight 5G Telco Edge (EALTEdge) to get details on the tested deployment.
...
2. Copy the ssh key to all the nodes in the MECM Cluster, using ssh-copy-id. (example : #ssh-copy-id root@159.178.17.16)
3. Kubespray configuration
cd kubespray && cp -rfp inventory/sample inventory/mycluster
Update ansible inventory file provided in kubesrpay repo with MECM Cluster node IP's
Example:
declare -a IPS=(158.176.15.55 158.176.15.56 158.176.15.57)
CONFIG_FILE=inventory/mycluster/hosts.yaml python3 contrib/inventory_builder/inventory.py ${IPS[@]}configuration
cd kubespray && cp -rfp inventory/sample inventory/mycluster
Update ansible inventory file provided in kubesrpay repo with MECM Cluster node IP's
4. Review and Change Parameters under inventory/mycluster/group_vars
...
Once the execution is completed in console will see prompt "EALTEdge Environment Installed , Components Install CENTER and EDGE Nodes Successfully"
...
1. git clone the ealt-edge repo, to download the software to install the EALTEdge Environment.
root@akraino-mec-0002:~# git clone "https://gerrit.akraino.org/r/ealt-edge"
2. go to CLI directory
root@akraino-mec-0002:~#cd ealt/infra/cli/
root@akraino-mec-0002:~#chmod +x build _cli.sh
root@akraino-mec-0002:~#source build_cli.sh
root@akraino-mec-0002:~#cd ~/ealt-edge/ocd/infra/playbooks
Note: The CLI Commands to setup the environment should be executed only from above path.
3. Edit the Configuration File : ealt-inventory.ini with the details of MECM and MEC Hosts.
root@akraino-mec-0002:~#vi ealt-inventory.ini
4. Execute the below command to install EALTEdge Environment
root@akraino-mec-0002:~#ealt init all
Above command will install the various component. Refer the below table for detail information.
Other CLI Commands:
Command to Install only Edge Node
root@akraino-mec-0002:~#ealt init edge
Snapshot Deployment Overview
...
##Read Auth role
##Here it will give you role id which you need to use in vault-approle-issuer.ymlyml
```
vault read auth/approle/role/my-role/role-id
```
##Generate secret id
```
vault read write -f auth/approle/role/my-role/rolesecret-id
```
##Generate ##By using above 2 command role id and secret id you need to pass in below command
```
vault write -f auth/approle/role/my-role/secret-id
```
##By using above 2 command role id and secret id you need to pass in below command
```
vault write auth/approle/login role_id=<role-id> secret_id=<secret-id>
```
###########################
##If the command successful then vault configuration and authentication via approle is completed
#############################YAML files to be modified
##First execute below yaml fileauth/approle/login role_id=<role-id> secret_id=<secret-id>
```
###########################
##If the command successful then vault configuration and authentication via approle is completed
###########################
##YAML files to be modified
##First execute below yaml file
```
kubectl apply -f cert-manager.yaml
```
##Need to replace with the latest secret id in base64 format by using below command
##Secret id already generate when we are executing vault command, need to use same secret id here
```
echo secret-id | base64
```
##The output of above command has to be replaced in the vault-apply-secret.yml file data.secretId
```
kubectl apply -f certvault-apply-managersecret.yamlyml
```
##Need to replace with the latest secret id in base64 format ##No you will get one ip where your vault is running so that ip you can get by using below command
##Secret id already generate when we are executing vault command, need to use same secret id here
```
echo secret-id | base64
```
##The output of above command has to be replaced in the vault-apply-secret.yml file data.secretId##Copy vault ip from below command
```
kubectl get svc
```
##Now vault ip and role id need to replace in vault-approle-issuer.yml file
##Role id already generated when we are executing vault commands
```
kubectl apply -f vault-applyapprole-secretissuer.yml
```
##No you will get one ip where your vault is running so that ip you can get by using below command
##Copy vault ip from below command
```
kubectl get svc
```
##Now vault ip and role id need to replace in vault-approle-issuer.yml file
##Role id already generated when we are executing vault commands
##NOTE: spec.vault.server: IP here you need to change vault ip which you will get when u ren 'kubectl get svc'
##spec.vault.auth.roleId this is you need to replace and need to put latest role id which you get in 'vault read auth/approle/role/my-role/role-id'
##Then final we need to execute below yaml file
```
kubectl apply -f vault-approlecert-issuercertificate.yml
```
##NOTE: spec.vault.server: IP here you need to change vault ip which you will get when u ren 'kubectl get svc'
##spec.vault.auth.roleId this is you need to replace and need to put latest role id which you get in 'vault read auth/approle/role/my-role/role-id'
##Then final we need to execute below yaml file
```
kubectl apply -f vault-cert-certificate.yml
```
#######################################
Certificate generate process completed
#######################################
##Now get ca certificate use below command
```
curl http://10.43.130.35:8200/v1/pki/ca/pem
```
##10.43.130.35 is your vault ip, need to replace with latest vault ip
Troubleshooting
Error Message Guide
N/A
Maintenance
Blueprint Package Maintenance
Software maintenance
N/A
Hardware maintenance
N/A
Blueprint Deployment Maintenance
N/A
Frequently Asked Questions
N/A
#######################################
Certificate generate process completed
#######################################
##Now get ca certificate use below command
```
curl http://10.43.130.35:8200/v1/pki/ca/pem
```
##10.43.130.35 is your vault ip, need to replace with latest vault ip
Troubleshooting
Error Message Guide
Error: Most of mecm-pods down state including service center pod,
In service center pod logs , "decryption password incorrect" issue
Solution: Please use common_pwd in config.yaml as te9Fmv%qaq
Maintenance
Blueprint Package Maintenance
Software maintenance
N/A
Hardware maintenance
N/A
Blueprint Deployment Maintenance
N/A
Frequently Asked Questions
1) k3s not installed on mec host (edge node) Port 6443
This issue might be due to Port on EDGE node 6443 occupied by some other process. In such case, it will not install k3s and ansible command will fail.
Solution:
We need to release port 6443 and completely uninstall the platform and re-install platform
2) eg_trans_certs failure:
The above issue during installation process due to certificate generation again and again continuously without uninstallation process.
Every time our mec edge node installation requires new sets of certs to download and install the Edge gallery related things i.e pods services and so on.
Solution:
So, if once the installation process failed. We ought to completely uninstall and re-install the ealt-edge platform using ansible commands.
Please refer the installation and uninstallation steps provdied above using ansible commands
3) K8s remove / uninstallation issue through ansible
If k8s not getting removed or not installed properly or if version changed than our recommended version 1.17.2,
Solution:
In such cases, there might be problem in configuration of kubespray folder and its relevant configurations.
We recommend to configure pre-requisite kubepspray prior to installation process
4) eg_registry Download 0.9 tar : issue
If downloading edge gallery 0.9 version tar failed for no reason,
Solution: We can add –no-check-certificate in the wget of Download 0.9 tar in install.yml of eg_registry role. This issue occurs in extremely rare secure environments.
We will be fixing this issue ASAP.
License
Any software developed by the "Akraino Enterprise Applications on Lightweight 5G Telco Edge Project is licensed under the
Apache License, Version 2.0 (the "License");
you may not use the content of this software bundle except in compliance with the License.
You may obtain a copy of the License at <https://www.apache.org/licenses/LICENSE-2.0>
...
| S. No | Software | Type | Version | License | Remarks |
| 1. | Kubespray | K8S Tool | 2.14.2 | Apache 2.0 license | No code modifications done |
| 2. | Helm | Application Package Manager | 3.0.2 | Apache 2.0 license | No code modifications done |
...
| S. No | Software | Type | Version | License | Remarks |
| 1. | Docker | CRI | 19.03+ | Apache 2.0 license | No code modifications done |
| 2. | Kubernetes | Orchestration | 2 v1. 1417.2 | Apache 2.0 license | No code modifications done |
| 3. | Helm | Application Package Manager | 3.0.2 | Apache 2.0 license | No code modifications done |
| 4. | Grafana | Monitoring MEC-Graphana | 7.1.1 | Apache 2.0 license | Code part of Edge Gallery |
| 5. | Calico | CNI Plugin | 3.16.5 | Apache 2.0 license | No code modifications done |
| 6. | PostgresSQL | MECM-Service | 12.3 | PostgreSQL License | Code part of Edge Gallery |
| 7. | AppLCM | MECM-Service | 0.9 | Apache 2.0 license | Code part of Edge Gallery |
| 8. | Appo | MECM-Service (MECM-Appo) | 0.9 | Apache 2.0 license | Code part of Edge Gallery |
| 9 | Inventory | MECM-Service | 0.9 | Apache 2.0 license | Code part of Edge Gallery |
| 10 | Apm | MECM-Service | 0.9 | Apache 2.0 license | Code part of Edge Gallery |
| 11 | User Management | Part of Center Node | 0.9 | Apache 2.0 license | Code part of Edge Gallery |
| 12 | MECM - FrontEnd | MECM-Service | 0.9 | Apache 2.0 license | Code part of Edge Gallery |
| 13. | Appstore | Service (Part of Center Node) | 0.9 | Apache 2.0 license | Code part of Edge Gallery |
| 14. | Developer Portal | Service (Part of Center Node) | 0.9 | Apache 2.0 license | Code part of Edge Gallery |
| 15 | Service Center | Service (Part of Center Node) | 0.9 | Apache 2.0 license | Code part of Edge Gallery |
...
| S. No | Software | Type | Version | License Information | Remarks |
| 1. | Docker | CRI | 19.03+ | Apache 2.0 license | No code modifications done |
| 2. | K3S | Orchestration | 1.19.4+ | Apache 2.0 license | No code modifications done |
| 3. | Helm | Application Package Manager | 3.0.2 | Apache 2.0 license | No code modifications done |
| 4. | cAdvisor | Container Metrics | 0v0.36.0 | Apache 2.0 license | No code modifications done |
| 5 | RabbitMQ | Message Broker | 3.7 | Mozilla Public License | No code modifications done. RabbitMQ image is deployed as is. |
| 6 | Prometheus | Metrics Collector | 9.3.1 | Apache 2.0 license | Code part of Edge Gallery |
| 7 | mepm-postgres | Service Database | 12.3 | PostgreSQL License | Code part of Edge Gallery |
| 8 | MEP | Pod | 0.9 | Apache 2.0 license | Code part of Edge Gallery |
| 9 | MECM-MEPM | MEPM-Service | 0.9 | Apache 2.0 license | Code part of Edge Gallery |
...