| Table of Contents |
|---|
Introduction
...
Once the execution is completed in console will see prompt "EALTEdge Environment Installed in unsecured mode , Components Install MECM and MEC Hosts Successfully"
...
Once the execution is completed in console will see prompt "EALTEdge Environment Installed in secured mode , Components Install MECM and MEC Hosts Successfully"
Other Options:
To Install only MECM Node
** Install in unsecured mode - Dev mode
root@akraino-mec-0002:~# ansible-playbook ealt-all.yml -i ealt-inventory.ini --tags "mecm" --extra-vars "operation=install mode=dev"
** Install in secured mode
root@akraino-mec-0002:~# ansible-playbook ealt-all.yml -i ealt-inventory.ini --tags "mecm" --extra-vars "operation=install mode=prod"
To Install only MEC Host
** Install in unsecured mode
root@akraino-mec-0002:~# ansible-playbook ealt-all.yml -i ealt-inventory.ini --tags "mep" --extra-vars "operation=install mode=dev"
** Install in secured mode
root@akraino-mec-0002:~# ansible-playbook ealt-all.yml -i ealt-inventory.ini --tags "mep" --extra-vars "operation=install mode=prod"
...
1. git clone the ealt-edge repo, to download the software to install the EALTEdge Environment.
root@akraino-mec-0002:~# git clone "https://gerrit.akraino.org/r/ealt-edge"
2. go to CLI directory
root@akraino-mec-0002:~#cd ealt/infra/cli/
root@akraino-mec-0002:~#chmod +x build _cli.sh
root@akraino-mec-0002:~#source build_cli.sh
root@akraino-mec-0002:~#cd ~/ealt-edge/ocd/infra/playbooks
Note: The CLI Commands to setup the environment should be executed only from above path.
3. Edit the Configuration File : ealt-inventory.ini with the details of MECM and MEC Hosts.
root@akraino-mec-0002:~#vi ealt-inventory.ini
4. Execute the below command to install EALTEdge Environment
In non secure mode
root@akraino-mec-0002:~#ealt init all
or
root@akraino-mec-0002:~#ealt init all --mode dev
In Secure Mode (TLS Enabled)
root@akraino-mec-0002:~#ealt init all --mode prod
Above command will install the various component. Refer the below table for detail information.
Other CLI Commands:
Command to Install only MECM Node.
root@akraino-mec-0002:~#ealt init manager
To Install MECM node in Secure Mode
root@akraino-mec-0002:~#ealt init manager -m prod
Command to Install only MEC Host (MEP Node)
root@akraino-mec-0002:~#ealt init edge
or
root@akraino-mec-0002:~#ealt init edge -m dev
MEC Host in Secure (TLS/HTTPS) Mode
root@akraino-mec-0002:~#ealt init edge -m prod
Following packages will be installed in the cluster in the respective nodes:-
...
export MECMClusterIP='edgegallery.org' #Map the DNS Name to the MECM IP in /etc/hosts file.
Command Supported:-
Application Package Management CLI Commands:
...
root@akraino-mec-0002:~#ealt clean all
root@akraino-mec-0002:~#ealt clean mecm
root@akraino-mec-0002:~#ealt clean mep
Vault documentation
...
**This document explains how to generate certificate by using vault and cert manager**
##Cluster Architecture
##Make a cluster
##The Image try to put with reference to our environment, with reference to EALT Edge. Can make a picture where Vault will be running in MEC Host (as Root CA) , ##Cert Manager and Applications (App1, App2)
##1. Add helm repo
```
helm repo add hashicorp https://helm.releases.hashicorp.com
helm install vault hashicorp/vault
```
##2. Generate root token and Unseal Key
```
kubectl exec vault-0 -- vault operator init -key-shares=1 -key-threshold=1 -format=""
```
##Note: Root token we will use when we will login vault pod, Unseal Key and Root token will looks like below ex-
##Unseal Key 1: QcTX47IacKidIjFWSrkGLiQG1fwaqoInEz0SqAZ7rMs=
##Initial Root Token: s.A0SXgscZxbCeJRd1AjsVzvUU
##Generated Unseal key need to put in below command then vault will start running as a pod
```
kubectl exec -ti vault-0 -- vault operator unseal <Unseal Key>
```
##Vault is initialised as a pod
##By using below command can login in vault pod
```
kubectl exec -it vault-0 -- /bin/sh
```
##Vault Initialisation and Configuration Steps
####Once we initialize the vault pod we get unseal key and root token, need to put the root token
```
vault login <root token>
```
##Enable the PKI secrets engine
##By default, the secrets engine will mount at the name of the engine. To enable the secrets engine at a ##different path, use the -path argument.
```
vault secrets enable pki
```
##Keep the value in sync with the comment. 30 days, Increase the TTL by tuning the secrets engine. The default value of 30 days may be too short
```
vault secrets tune -default-lease-ttl=2160h -max-lease-ttl=87600h pki
```
##Configure a CA certificate and private key. It can generate ##its own self-signed root
## ealtedge.com is a your common_name or base url
```
vault write pki/root/generate/internal common_name=ealtedge.com ttl=8760h
```
##Update the CRL location and issuing certificates. These values can be updated in the future.
```
vault write pki/config/urls issuing_certificates="http://127.0.0.1:8200/v1/pki/ca" crl_distribution_points="http://127.0.0.1:8200/v1/pki/crl"
```
##It will allow your domain and subdomain
```
vault write pki/roles/my-role allowed_domains=ealtedge.com allow_subdomains=true max_ttl=8760h
```
##Generate a new credential by writing to the /issue endpoint with the name of the role
##The output will include a dynamically generated private key and certificate which corresponds to the ##given role
##The issuing CA and trust chain is also returned for automation simplicity
```
vault write pki/issue/my-role common_name=www.ealtedge.com
```
...
##Now get ca certificate use below command
```
curl http://10.43.130.35:8200/v1/pki/ca/pem
```
##10.43.130.35 is your vault ip, need to replace with latest vault ip
Kong documentation
...
**This document explains how to configure mep and kong**
##set up the EALT Environment. Refer the Installation Guide[Specify the installation guide wiki url]
##Mep will install as a pod
##First create setup by using below command server running in https
```
ansible-playbook ealt-all.yml -i ealt-inventory.ini --extra-vars "operation=install mode=prod"
```
##For http use below command
```
ansible-playbook ealt-all.yml -i ealt-inventory.ini --extra-vars "operation=install mode=dev"
```
##Mep will install as a pod
##MEP services will be running in the MEC Host (MEP)
##Check the mep running or not use below command
```
kubectl get po -n mep
```
##Output -
```
kubectl get svc -n mep
```
##Output -
##Configure Kong
##HTTPS Env - Rest API request Adding Services and Adding Route in Kong API Gateway
```
https://www.ealtedge.org:30012/services
https://www.ealtedge.org:30012/routes
```
##DNS mapping should be done correctly
...
| S. No | Software | Type | Version | License | Remarks |
| 1. | Kubespray | K8S Tool | 2.13 | Apache 2.0 license |
MECM
| S. No | Software | Type | Version | License | Remarks |
| 1. | Docker | CRI | 18.06 | Apache 2.0 license | |
| 2. | Kubernetes | Orchestration | 1.16 | Apache 2.0 license | |
| 3. | Helm | Application Package Manager | 3.0.2 | Apache 2.0 license | |
| 4. | Grafana | Monitoring | 8-7.66.0 | Apache 2.0 license | |
| 5. | Calico | CNI Plugin | 3.14.0 | Apache 2.0 license | |
| 6. | PostgresSQL | DB | 9.6 | PostgreSQL License | |
| 7. | AppLCM | MECM-Service | 1.0 | Apache 2.0 license | Code is part of Akraino Code Repo. Includes Broker, Helm Plugin and Catalog |
...
| S. No | Software | Type | Version | License Information | Remarks |
| 1. | Docker | CRI | 19.03 | Apache 2.0 license | |
| 2. | K3S | Orchestration | 1.18.2 | Apache 2.0 license | |
| 3. | Helm | Application Package Manager | 3.0.2 | Apache 2.0 license | |
| 4. | cAdvisor | Container Metrics | v0.36.0 | Apache 2.0 license | |
| 5 | RabbitMQ | Message Broker | 3.7 | Mozilla Public License | No code modifications done. RabbitMQ image is deployed as is. |
| 6 | Prometheus | Metrics Collector | 9.3.1 | Apache 2.0 license | Internally its installing following metrics exporter NodeExporter, alertManager, kubeStateMetrics, pushgateway |
| 7 | Kong | API Gateway | 1.5.1 | Apache 2.0 license | |
| 8 | Vault | Secret Management | 0.5.0 | Mozilla Public License 2.0 | No code modifications done. Vault image is deployed as is. |
| 9 | Cert-Manager | Certificate Management | 0.15.0 | Apache 2.0 license | |
| 10. | Postgres SQL | Database | 9.6 | PostgreSQL License | |
| 10 | MEP Server | EALTEdge MEP Platform Service | 1.0 | Apache 2.0 license | Code is part of Akraino Code Repository. |
| 11 | MEP Agent | EALTEdge MEP Agent Library | 1.0 | Apache 2.0 license | Code is part of Akraino Code Repository. |
...