From c6c05c4ee5779acc33e34f1c7212427576423ae1 Mon Sep 17 00:00:00 2001 From: Richard Conway Date: Mon, 18 Sep 2023 13:44:06 +0000 Subject: [PATCH] [docs] use dashes in nip.io names --- docs/cluster/cluster-prerequisites.md | 8 +++--- docs/eoepca/ades.md | 32 +++++++++++----------- docs/eoepca/container-registry.md | 8 +++--- docs/eoepca/data-access.md | 18 ++++++------ docs/eoepca/login-service.md | 12 ++++---- docs/eoepca/pde.md | 16 +++++------ docs/eoepca/pdp.md | 4 +-- docs/eoepca/resource-catalogue.md | 16 +++++------ docs/eoepca/resource-protection.md | 14 +++++----- docs/eoepca/user-profile.md | 4 +-- docs/eoepca/workspace.md | 22 +++++++-------- docs/quickstart/data-access-deployment.md | 4 +-- docs/quickstart/exploitation-deployment.md | 6 ++-- docs/quickstart/processing-deployment.md | 18 ++++++------ docs/quickstart/scripted-deployment.md | 12 ++++++-- docs/quickstart/userman-deployment.md | 2 +- 16 files changed, 102 insertions(+), 94 deletions(-) diff --git a/docs/cluster/cluster-prerequisites.md b/docs/cluster/cluster-prerequisites.md index 6d0f8e0e..b048f18c 100644 --- a/docs/cluster/cluster-prerequisites.md +++ b/docs/cluster/cluster-prerequisites.md @@ -170,14 +170,14 @@ auth: ingress: enabled: true ingressClassName: nginx - hostname: minio-console.192.168.49.2.nip.io + hostname: minio-console.192-168-49-2.nip.io annotations: nginx.ingress.kubernetes.io/proxy-body-size: 0m apiIngress: enabled: true ingressClassName: nginx - hostname: minio.192.168.49.2.nip.io + hostname: minio.192-168-49-2.nip.io annotations: nginx.ingress.kubernetes.io/proxy-body-size: 0m @@ -201,8 +201,8 @@ In response to the prompts, the following configuration selections are applicabl Access Key: eoepca Secret Key: changeme Default Region: us-east-1 -S3 Endpoint: minio.192.168.49.2.nip.io -DNS-style bucket+hostname:port template for accessing a bucket: minio.192.168.49.2.nip.io +S3 Endpoint: minio.192-168-49-2.nip.io +DNS-style bucket+hostname:port template for accessing a bucket: minio.192-168-49-2.nip.io Encryption password: Path to GPG program: /usr/bin/gpg Use HTTPS protocol: False diff --git a/docs/eoepca/ades.md b/docs/eoepca/ades.md index f0b43e10..147804dd 100644 --- a/docs/eoepca/ades.md +++ b/docs/eoepca/ades.md @@ -34,7 +34,7 @@ workflowExecutor: STAGEIN_AWS_REGION: RegionOne # Stage-out to minio S3 # (use this if the ADES is not configured to stage-out to the Workspace) - STAGEOUT_AWS_SERVICEURL: http://minio.192.168.49.2.nip.io + STAGEOUT_AWS_SERVICEURL: http://minio.192-168-49-2.nip.io STAGEOUT_AWS_ACCESS_KEY_ID: eoepca STAGEOUT_AWS_SECRET_ACCESS_KEY: changeme STAGEOUT_AWS_REGION: us-east-1 @@ -55,13 +55,13 @@ ingress: kubernetes.io/ingress.class: nginx ingress.kubernetes.io/ssl-redirect: "false" hosts: - - host: ades.192.168.49.2.nip.io + - host: ades.192-168-49-2.nip.io paths: - path: / pathType: ImplementationSpecific tls: - hosts: - - ades.192.168.49.2.nip.io + - ades.192-168-49-2.nip.io secretName: ades-tls ``` @@ -100,8 +100,8 @@ workflowExecutor: ... useResourceManager: "true" resourceManagerWorkspacePrefix: "guide-user" - resourceManagerEndpoint: "https://workspace-api.192.168.49.2.nip.io" - platformDomain: "https://auth.192.168.49.2.nip.io" + resourceManagerEndpoint: "https://workspace-api.192-168-49-2.nip.io" + platformDomain: "https://auth.192-168-49-2.nip.io" ... ``` @@ -125,7 +125,7 @@ The `resource-guard` must be configured with the values applicable to the ADES f #--------------------------------------------------------------------------- global: context: ades - domain: 192.168.49.2.nip.io + domain: 192-168-49-2.nip.io nginxIp: 192.168.49.2 certManager: clusterIssuer: letsencrypt-production @@ -171,7 +171,7 @@ uma-user-agent: credentialsSecretName: "proc-client" logging: level: "info" - unauthorizedResponse: 'Bearer realm="https://portal.192.168.49.2.nip.io/oidc/authenticate/"' + unauthorizedResponse: 'Bearer realm="https://portal.192-168-49-2.nip.io/oidc/authenticate/"' openAccess: false insecureTlsSkipVerify: true ``` @@ -213,9 +213,9 @@ data: client.yaml: Y2xpZW50LWlkOiBhOThiYTY2ZS1lODc2LTQ2ZTEtODYxOS01ZTEzMGEzOGQxYTQKY2xpZW50LXNlY3JldDogNzM5MTRjZmMtYzdkZC00YjU0LTg4MDctY2UxN2MzNjQ1NTU4 ``` -The client credentials are obtained by registration of a client at the login service web interface - e.g. https://auth.192.168.49.2.nip.io. In addition there is a helper script that can be used to create a basic client and obtain the credentials, as described in [section Resource Protection](../resource-protection/#client-registration)... +The client credentials are obtained by registration of a client at the login service web interface - e.g. https://auth.192-168-49-2.nip.io. In addition there is a helper script that can be used to create a basic client and obtain the credentials, as described in [section Resource Protection](../resource-protection/#client-registration)... ```bash -./deploy/bin/register-client auth.192.168.49.2.nip.io "Resource Guard" | tee client.yaml +./deploy/bin/register-client auth.192-168-49-2.nip.io "Resource Guard" | tee client.yaml ``` ## ADES Usage Samples @@ -234,7 +234,7 @@ This section includes some sample requests to test the deployed ADES. List available processes. ``` -curl --location --request GET 'https://ades.192.168.49.2.nip.io/eric/wps3/processes' \ +curl --location --request GET 'https://ades.192-168-49-2.nip.io/eric/wps3/processes' \ --header 'X-User-Id: ' \ --header 'Accept: application/json' ``` @@ -244,7 +244,7 @@ curl --location --request GET 'https://ades.192.168.49.2.nip.io/eric/wps3/proces Deploy the sample application `snuggs`. ``` -curl --location --request POST 'https://ades.192.168.49.2.nip.io/eric/wps3/processes' \ +curl --location --request POST 'https://ades.192-168-49-2.nip.io/eric/wps3/processes' \ --header 'X-User-Id: ' \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ @@ -283,7 +283,7 @@ curl --location --request POST 'https://ades.192.168.49.2.nip.io/eric/wps3/proce Get details for a deployed process. ``` -curl --location --request GET 'https://ades.192.168.49.2.nip.io/eric/wps3/processes/snuggs-0_3_0' \ +curl --location --request GET 'https://ades.192-168-49-2.nip.io/eric/wps3/processes/snuggs-0_3_0' \ --header 'X-User-Id: ' \ --header 'Accept: application/json' ``` @@ -293,7 +293,7 @@ curl --location --request GET 'https://ades.192.168.49.2.nip.io/eric/wps3/proces Execute a process with supplied parameterisation. ``` -curl --location --request POST 'https://ades.192.168.49.2.nip.io/eric/wps3/processes/snuggs-0_3_0/jobs' \ +curl --location --request POST 'https://ades.192-168-49-2.nip.io/eric/wps3/processes/snuggs-0_3_0/jobs' \ --header 'X-User-Id: ' \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ @@ -339,7 +339,7 @@ curl --location --request POST 'https://ades.192.168.49.2.nip.io/eric/wps3/proce Once a processes execution has been initiated then its progress can monitored via a job-specific URL that is returned in the HTTP response headers of the execute request. ``` -curl --location --request GET 'https://ades.192.168.49.2.nip.io/eric/watchjob/processes/snuggs-0_3_0/jobs/2e0fabf4-4ed6-11ec-b857-626a98159388' \ +curl --location --request GET 'https://ades.192-168-49-2.nip.io/eric/watchjob/processes/snuggs-0_3_0/jobs/2e0fabf4-4ed6-11ec-b857-626a98159388' \ --header 'X-User-Id: ' \ --header 'Accept: application/json' ``` @@ -349,7 +349,7 @@ curl --location --request GET 'https://ades.192.168.49.2.nip.io/eric/watchjob/pr Once the job execution has completed, then the results can be obtained. ``` -curl --location --request GET 'https://ades.192.168.49.2.nip.io/eric/watchjob/processes/snuggs-0_3_0/jobs/2e0fabf4-4ed6-11ec-b857-626a98159388/result' \ +curl --location --request GET 'https://ades.192-168-49-2.nip.io/eric/watchjob/processes/snuggs-0_3_0/jobs/2e0fabf4-4ed6-11ec-b857-626a98159388/result' \ --header 'X-User-Id: ' \ --header 'Accept: application/json' ``` @@ -359,7 +359,7 @@ curl --location --request GET 'https://ades.192.168.49.2.nip.io/eric/watchjob/pr A process can be deleted (undeployed). ``` -curl --location --request DELETE 'https://ades.192.168.49.2.nip.io/eric/wps3/processes/snuggs-0_3_0' \ +curl --location --request DELETE 'https://ades.192-168-49-2.nip.io/eric/wps3/processes/snuggs-0_3_0' \ --header 'X-User-Id: ' \ --header 'Accept: application/json' ``` diff --git a/docs/eoepca/container-registry.md b/docs/eoepca/container-registry.md index 09c8f488..014ce885 100644 --- a/docs/eoepca/container-registry.md +++ b/docs/eoepca/container-registry.md @@ -31,8 +31,8 @@ expose: nginx.ingress.kubernetes.io/proxy-body-size: "0" hosts: - core: harbor.192.168.49.2.nip.io - notary: harbor-notary.192.168.49.2.nip.io + core: harbor.192-168-49-2.nip.io + notary: harbor-notary.192-168-49-2.nip.io persistence: persistentVolumeClaim: @@ -49,7 +49,7 @@ persistence: trivy: storageClass: standard -externalURL: https://harbor.192.168.49.2.nip.io +externalURL: https://harbor.192-168-49-2.nip.io # initial password for logging in with user "admin" harborAdminPassword: "changeme" @@ -68,7 +68,7 @@ notary: ## Container Registry Usage -After deployemnt Harbor is accessible via its [web interface](https://harbor.192.168.49.2.nip.io/) at `https://harbor./`
e.g. [https://harbor.192.168.49.2.nip.io/](https://harbor.192.168.49.2.nip.io/). +After deployemnt Harbor is accessible via its [web interface](https://harbor.192-168-49-2.nip.io/) at `https://harbor./`
e.g. [https://harbor.192-168-49-2.nip.io/](https://harbor.192-168-49-2.nip.io/). Login as the admin user with the password specified in the helm values. diff --git a/docs/eoepca/data-access.md b/docs/eoepca/data-access.md index 71f869b5..ae6e6595 100644 --- a/docs/eoepca/data-access.md +++ b/docs/eoepca/data-access.md @@ -49,10 +49,10 @@ global: nginx.ingress.kubernetes.io/enable-cors: "true" cert-manager.io/cluster-issuer: letsencrypt-production hosts: - - host: data-access.192.168.49.2.nip.io + - host: data-access.192-168-49-2.nip.io tls: - hosts: - - data-access.192.168.49.2.nip.io + - data-access.192-168-49-2.nip.io secretName: data-access-tls storage: data: @@ -65,8 +65,8 @@ global: validate_bucket_name: false cache: type: S3 - endpoint_url: "http://minio.192.168.49.2.nip.io" - host: "minio.192.168.49.2.nip.io" + endpoint_url: "http://minio.192-168-49-2.nip.io" + host: "minio.192-168-49-2.nip.io" access_key_id: xxx secret_access_key: xxx region: us-east-1 @@ -75,7 +75,7 @@ global: title: EOEPCA Data Access Service developed by EOX abstract: EOEPCA Data Access Service developed by EOX header: "EOEPCA Data Access View Server (VS) Client powered by \"EOX\"" - url: https://data-access.192.168.49.2.nip.io/ows + url: https://data-access.192-168-49-2.nip.io/ows layers: # see section 'Data-layer Configuration' collections: @@ -318,7 +318,7 @@ The `resource-guard` must be configured with the values applicable to the Data A #--------------------------------------------------------------------------- global: context: data-access - domain: 192.168.49.2.nip.io + domain: 192-168-49-2.nip.io nginxIp: 192.168.49.2 certManager: clusterIssuer: letsencrypt-production @@ -373,7 +373,7 @@ uma-user-agent: credentialsSecretName: "resman-client" logging: level: "info" - unauthorizedResponse: 'Bearer realm="https://portal.192.168.49.2.nip.io/oidc/authenticate/"' + unauthorizedResponse: 'Bearer realm="https://portal.192-168-49-2.nip.io/oidc/authenticate/"' openAccess: false insecureTlsSkipVerify: true ``` @@ -415,9 +415,9 @@ data: client.yaml: Y2xpZW50LWlkOiBhOThiYTY2ZS1lODc2LTQ2ZTEtODYxOS01ZTEzMGEzOGQxYTQKY2xpZW50LXNlY3JldDogNzM5MTRjZmMtYzdkZC00YjU0LTg4MDctY2UxN2MzNjQ1NTU4 ``` -The client credentials are obtained by registration of a client at the login service web interface - e.g. https://auth.192.168.49.2.nip.io. In addition there is a helper script that can be used to create a basic client and obtain the credentials, as described in [section Resource Protection](../resource-protection/#client-registration)... +The client credentials are obtained by registration of a client at the login service web interface - e.g. https://auth.192-168-49-2.nip.io. In addition there is a helper script that can be used to create a basic client and obtain the credentials, as described in [section Resource Protection](../resource-protection/#client-registration)... ```bash -./deploy/bin/register-client auth.192.168.49.2.nip.io "Resource Guard" | tee client.yaml +./deploy/bin/register-client auth.192-168-49-2.nip.io "Resource Guard" | tee client.yaml ``` ## Data Access Usage diff --git a/docs/eoepca/login-service.md b/docs/eoepca/login-service.md index 6292b0ef..4242e3c4 100644 --- a/docs/eoepca/login-service.md +++ b/docs/eoepca/login-service.md @@ -16,7 +16,7 @@ helm install --version 1.2.1 --values login-service-values.yaml login-service eo At minimum, values for the following attributes should be specified: -* Public hostname of the Authorization Server, e.g. `auth.192.168.49.2.nip.io` +* Public hostname of the Authorization Server, e.g. `auth.192-168-49-2.nip.io` * IP Address of the public facing reverse proxy (Nginx Ingress Controller), e.g. `192.168.49.2` * Kubernetes `namespace` for the login-service components * Initial password for the admin user
@@ -28,14 +28,14 @@ At minimum, values for the following attributes should be specified: Example `login-service-values.yaml`... ```yaml global: - domain: auth.192.168.49.2.nip.io + domain: auth.192-168-49-2.nip.io nginxIp: 192.168.49.2 namespace: um volumeClaim: name: eoepca-userman-pvc create: false config: - domain: auth.192.168.49.2.nip.io + domain: auth.192-168-49-2.nip.io adminPass: Chang3me! ldapPass: Chang3me! volumeClaim: @@ -54,16 +54,16 @@ nginx: annotations: cert-manager.io/cluster-issuer: letsencrypt-production hosts: - - auth.192.168.49.2.nip.io + - auth.192-168-49-2.nip.io tls: - hosts: - - auth.192.168.49.2.nip.io + - auth.192-168-49-2.nip.io secretName: login-service-tls ``` ## Login Service Usage -Once the deployment has been completed successfully, the Login Service is accessed at the endpoint `https://auth./`, configured by your domain - e.g. [https://auth.192.168.49.2.nip.io/](https://auth.192.168.49.2.nip.io/). +Once the deployment has been completed successfully, the Login Service is accessed at the endpoint `https://auth./`, configured by your domain - e.g. [https://auth.192-168-49-2.nip.io/](https://auth.192-168-49-2.nip.io/). Login as the `admin` user with the credentials configured in the helm values - ref. `adminPass` / `ldapPass`. diff --git a/docs/eoepca/pde.md b/docs/eoepca/pde.md index c79326ec..fd6c4ad8 100644 --- a/docs/eoepca/pde.md +++ b/docs/eoepca/pde.md @@ -29,23 +29,23 @@ hub: pvc: storageClassName: standard extraEnv: - OAUTH_CALLBACK_URL: "https://pde.192.168.49.2.nip.io/hub/oauth_callback" - OAUTH2_USERDATA_URL: "https://auth.192.168.49.2.nip.io/oxauth/restv1/userinfo" - OAUTH2_TOKEN_URL: "https://auth.192.168.49.2.nip.io/oxauth/restv1/token" - OAUTH2_AUTHORIZE_URL: "https://auth.192.168.49.2.nip.io/oxauth/restv1/authorize" - OAUTH_LOGOUT_REDIRECT_URL: "https://auth.192.168.49.2.nip.io/oxauth/restv1/end_session?post_logout_redirect_uri=https://pde.192.168.49.2.nip.io" + OAUTH_CALLBACK_URL: "https://pde.192-168-49-2.nip.io/hub/oauth_callback" + OAUTH2_USERDATA_URL: "https://auth.192-168-49-2.nip.io/oxauth/restv1/userinfo" + OAUTH2_TOKEN_URL: "https://auth.192-168-49-2.nip.io/oxauth/restv1/token" + OAUTH2_AUTHORIZE_URL: "https://auth.192-168-49-2.nip.io/oxauth/restv1/authorize" + OAUTH_LOGOUT_REDIRECT_URL: "https://auth.192-168-49-2.nip.io/oxauth/restv1/end_session?post_logout_redirect_uri=https://pde.192-168-49-2.nip.io" STORAGE_CLASS: "standard" ingress: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-production hosts: - - host: pde.192.168.49.2.nip.io + - host: pde.192-168-49-2.nip.io paths: - path: / tls: - hosts: - - pde.192.168.49.2.nip.io + - pde.192-168-49-2.nip.io secretName: pde-tls ``` @@ -63,7 +63,7 @@ kubectl -n pde create secret generic jupyterhub-secrets \ ## PDE Usage -The PDE is accessed at the endpoint `https://pde./`, configured by your domain - e.g. [https://pde.192.168.49.2.nip.io/](https://pde.192.168.49.2.nip.io/). +The PDE is accessed at the endpoint `https://pde./`, configured by your domain - e.g. [https://pde.192-168-49-2.nip.io/](https://pde.192-168-49-2.nip.io/). ## Additional Information diff --git a/docs/eoepca/pdp.md b/docs/eoepca/pdp.md index f724a120..dbfabfb9 100644 --- a/docs/eoepca/pdp.md +++ b/docs/eoepca/pdp.md @@ -16,7 +16,7 @@ helm install --version 1.1.6 --values pdp-values.yaml pdp eoepca/pdp-engine At minimum, values for the following attributes should be specified: -* Public hostname of the Authorization Server, e.g. `auth.192.168.49.2.nip.io` +* Public hostname of the Authorization Server, e.g. `auth.192-168-49-2.nip.io` * IP Address of the public facing reverse proxy (Nginx Ingress Controller), e.g. `192.168.49.2` * Name of Persistent Volume Claim for `pdp-engine` persistence, e.g. `eoepca-userman-pvc`
_The boolen value `volumeClaim.create` can be used for the PVC to be created by the helm release. This creates a volume of type `host-path` and, hence, is only useful for single-node development usage._ @@ -25,7 +25,7 @@ Example `pdp-values.yaml`... ```yaml global: nginxIp: 192.168.49.2 - domain: auth.192.168.49.2.nip.io + domain: auth.192-168-49-2.nip.io volumeClaim: name: eoepca-userman-pvc create: false diff --git a/docs/eoepca/resource-catalogue.md b/docs/eoepca/resource-catalogue.md index 06378cde..719dc653 100644 --- a/docs/eoepca/resource-catalogue.md +++ b/docs/eoepca/resource-catalogue.md @@ -36,8 +36,8 @@ ingress: # Enabled for unprotected 'open' access to the resource-catalogue. enabled: true name: resource-catalogue - host: resource-catalogue.192.168.49.2.nip.io - tls_host: resource-catalogue.192.168.49.2.nip.io + host: resource-catalogue.192-168-49-2.nip.io + tls_host: resource-catalogue.192-168-49-2.nip.io tls_secret_name: resource-catalogue-tls annotations: cert-manager.io/cluster-issuer: letsencrypt-production @@ -57,7 +57,7 @@ db: pycsw: config: server: - url: https://resource-catalogue.192.168.49.2.nip.io/ + url: https://resource-catalogue.192-168-49-2.nip.io/ ``` ## Protection @@ -78,7 +78,7 @@ The `resource-guard` must be configured with the values applicable to the Resour #--------------------------------------------------------------------------- global: context: resource-catalogue - domain: 192.168.49.2.nip.io + domain: 192-168-49-2.nip.io nginxIp: 192.168.49.2 certManager: clusterIssuer: letsencrypt-production @@ -113,7 +113,7 @@ uma-user-agent: credentialsSecretName: "resman-client" logging: level: "info" - unauthorizedResponse: 'Bearer realm="https://portal.192.168.49.2.nip.io/oidc/authenticate/"' + unauthorizedResponse: 'Bearer realm="https://portal.192-168-49-2.nip.io/oidc/authenticate/"' openAccess: false insecureTlsSkipVerify: true ``` @@ -155,9 +155,9 @@ data: client.yaml: Y2xpZW50LWlkOiBhOThiYTY2ZS1lODc2LTQ2ZTEtODYxOS01ZTEzMGEzOGQxYTQKY2xpZW50LXNlY3JldDogNzM5MTRjZmMtYzdkZC00YjU0LTg4MDctY2UxN2MzNjQ1NTU4 ``` -The client credentials are obtained by registration of a client at the login service web interface - e.g. [https://auth.192.168.49.2.nip.io](https://auth.192.168.49.2.nip.io). In addition there is a helper script that can be used to create a basic client and obtain the credentials, as described in [section Resource Protection](../resource-protection/#client-registration)... +The client credentials are obtained by registration of a client at the login service web interface - e.g. [https://auth.192-168-49-2.nip.io](https://auth.192-168-49-2.nip.io). In addition there is a helper script that can be used to create a basic client and obtain the credentials, as described in [section Resource Protection](../resource-protection/#client-registration)... ```bash -./deploy/bin/register-client auth.192.168.49.2.nip.io "Resource Guard" | tee client.yaml +./deploy/bin/register-client auth.192-168-49-2.nip.io "Resource Guard" | tee client.yaml ``` ## Resource Catalogue Usage @@ -165,7 +165,7 @@ The client credentials are obtained by registration of a client at the login ser The Resource Catalogue is initially populated during the initialisation of the Data Access service.
See section [Data-layer Configuration](../data-access/#data-layer-configuration). -The Resource Catalogue is accessed at the endpoint `https://resource-catalogue./`, configured by your domain - e.g. [https://resource-catalogue.192.168.49.2.nip.io/](https://resource-catalogue.192.168.49.2.nip.io/). +The Resource Catalogue is accessed at the endpoint `https://resource-catalogue./`, configured by your domain - e.g. [https://resource-catalogue.192-168-49-2.nip.io/](https://resource-catalogue.192-168-49-2.nip.io/). ### Loading Records diff --git a/docs/eoepca/resource-protection.md b/docs/eoepca/resource-protection.md index a68c5910..92361f57 100644 --- a/docs/eoepca/resource-protection.md +++ b/docs/eoepca/resource-protection.md @@ -33,7 +33,7 @@ helm install --version 1.0.7 --values myservice-guard-values.yaml myservice-guar The helm chart is deployed with values that are passed through to the subcharts for the `pep-engine` and `uma-user-agent`. Typical values to be specified include: -* Host/domain details for the Login Service and PDP, e.g. `auth.192.168.49.2.nip.io` +* Host/domain details for the Login Service and PDP, e.g. `auth.192-168-49-2.nip.io` * IP Address of the public facing reverse proxy (Nginx Ingress Controller), e.g. `192.168.49.2` * Name of Persistent Volume Claim for `pep-engine` persistence, e.g. `myservice-pep-pvc`
* TLS Certificate Provider, e.g. `letsencrypt-production` @@ -49,7 +49,7 @@ Example `myservice-guard-values.yaml`... #--------------------------------------------------------------------------- global: context: myservice - domain: 192.168.49.2.nip.io + domain: 192-168-49-2.nip.io nginxIp: 192.168.49.2 certManager: clusterIssuer: letsencrypt-production @@ -97,7 +97,7 @@ uma-user-agent: credentialsSecretName: "myservice-agent" logging: level: "debug" - unauthorizedResponse: 'Bearer realm="https://auth.192.168.49.2.nip.io/oxauth/auth/passport/passportlogin.htm"' + unauthorizedResponse: 'Bearer realm="https://auth.192-168-49-2.nip.io/oxauth/auth/passport/passportlogin.htm"' #--------------------------------------------------------------------------- # END values #--------------------------------------------------------------------------- @@ -133,7 +133,7 @@ Usage: For example... ```bash -./deploy/bin/register-client auth.192.168.49.2.nip.io myclient +./deploy/bin/register-client auth.192-168-49-2.nip.io myclient INFO: Preparing docker image... [done] Client successfully registered. @@ -144,12 +144,12 @@ client-secret: 73914cfc-c7dd-4b54-8807-ce17c3645558 Or to register OIDC redirect URLs... ```bash -./deploy/bin/register-client auth.192.168.49.2.nip.io myclient https://portal.192.168.49.2.nip.io/oidc/callback/ https://portal.192.168.49.2.nip.io/logout +./deploy/bin/register-client auth.192-168-49-2.nip.io myclient https://portal.192-168-49-2.nip.io/oidc/callback/ https://portal.192-168-49-2.nip.io/logout ``` The script writes the 'client credentials' to stdout - in the expected YAML configuration file format - which can be redirected to file... ```bash -./deploy/bin/register-client auth.192.168.49.2.nip.io myclient | tee client.yaml +./deploy/bin/register-client auth.192-168-49-2.nip.io myclient | tee client.yaml ``` ...writes the client credentials to the file `client.yaml`. @@ -187,7 +187,7 @@ As described in the [README for the Resource Guard](https://github.com/EOEPCA/he In the simple case of a user with username/password held within the Login Service, the User ID Token can be obtained as follows: ``` -curl --location --request POST 'https://auth.192.168.49.2.nip.io/oxauth/restv1/token' \ +curl --location --request POST 'https://auth.192-168-49-2.nip.io/oxauth/restv1/token' \ --header 'Cache-Control: no-cache' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'scope=openid user_name is_operator' \ diff --git a/docs/eoepca/user-profile.md b/docs/eoepca/user-profile.md index 624684f6..4dd2834d 100644 --- a/docs/eoepca/user-profile.md +++ b/docs/eoepca/user-profile.md @@ -16,7 +16,7 @@ helm install --version 1.1.6 --values user-profile-values.yaml user-profile eoep At minimum, values for the following attributes should be specified: -* Public hostname of the Authorization Server, e.g. `auth.192.168.49.2.nip.io` +* Public hostname of the Authorization Server, e.g. `auth.192-168-49-2.nip.io` * IP Address of the public facing reverse proxy (Nginx Ingress Controller), e.g. `192.168.49.2` * Name of Persistent Volume Claim for `user-profile` persistence, e.g. `eoepca-userman-pvc`
_The boolen value `volumeClaim.create` can be used for the PVC to be created by the helm release. This creates a volume of type `host-path` and, hence, is only useful for single-node development usage._ @@ -24,7 +24,7 @@ At minimum, values for the following attributes should be specified: Example `user-profile-values.yaml`... ```yaml global: - domain: auth.192.168.49.2.nip.io + domain: auth.192-168-49-2.nip.io nginxIp: 192.168.49.2 volumeClaim: name: eoepca-userman-pvc diff --git a/docs/eoepca/workspace.md b/docs/eoepca/workspace.md index 4b53c065..2edfe3e5 100644 --- a/docs/eoepca/workspace.md +++ b/docs/eoepca/workspace.md @@ -35,11 +35,11 @@ fullnameOverride: workspace-api ingress: enabled: true hosts: - - host: workspace-api-open.192.168.49.2.nip.io + - host: workspace-api-open.192-168-49-2.nip.io paths: ["/"] tls: - hosts: - - workspace-api-open.192.168.49.2.nip.io + - workspace-api-open.192-168-49-2.nip.io secretName: workspace-api-open-tls fluxHelmOperator: enabled: true @@ -48,7 +48,7 @@ workspaceSecretName: "bucket" namespaceForBucketResource: "rm" s3Endpoint: "https://cf2.cloudferro.com:8080" s3Region: "RegionOne" -harborUrl: "https://harbor.192.168.49.2.nip.io" +harborUrl: "https://harbor.192-168-49-2.nip.io" harborUsername: "admin" harborPassword: "changeme" umaClientSecretName: "resman-client" @@ -189,7 +189,7 @@ The `resource-guard` must be configured with the values applicable to the Worksp #--------------------------------------------------------------------------- global: context: workspace-api - domain: 192.168.49.2.nip.io + domain: 192-168-49-2.nip.io nginxIp: 192.168.49.2 certManager: clusterIssuer: letsencrypt-production @@ -235,7 +235,7 @@ uma-user-agent: credentialsSecretName: "resman-client" logging: level: "info" - unauthorizedResponse: 'Bearer realm="https://portal.192.168.49.2.nip.io/oidc/authenticate/"' + unauthorizedResponse: 'Bearer realm="https://portal.192-168-49-2.nip.io/oidc/authenticate/"' openAccess: false insecureTlsSkipVerify: true ``` @@ -277,15 +277,15 @@ data: client.yaml: Y2xpZW50LWlkOiBhOThiYTY2ZS1lODc2LTQ2ZTEtODYxOS01ZTEzMGEzOGQxYTQKY2xpZW50LXNlY3JldDogNzM5MTRjZmMtYzdkZC00YjU0LTg4MDctY2UxN2MzNjQ1NTU4 ``` -The client credentials are obtained by registration of a client at the login service web interface - e.g. [https://auth.192.168.49.2.nip.io](https://auth.192.168.49.2.nip.io). In addition there is a helper script that can be used to create a basic client and obtain the credentials, as described in [section Resource Protection](../resource-protection/#client-registration)... +The client credentials are obtained by registration of a client at the login service web interface - e.g. [https://auth.192-168-49-2.nip.io](https://auth.192-168-49-2.nip.io). In addition there is a helper script that can be used to create a basic client and obtain the credentials, as described in [section Resource Protection](../resource-protection/#client-registration)... ```bash -./deploy/bin/register-client auth.192.168.49.2.nip.io "Resource Guard" | tee client.yaml +./deploy/bin/register-client auth.192-168-49-2.nip.io "Resource Guard" | tee client.yaml ``` ### Workspace API Usage -The Workspace API provides a REST interface that is accessed at the endpoint https://workspace-api.192.168.49.2.nip.io/.
-See the [Swagger Docs](https://workspace-api.192.168.49.2.nip.io/docs). +The Workspace API provides a REST interface that is accessed at the endpoint https://workspace-api.192-168-49-2.nip.io/.
+See the [Swagger Docs](https://workspace-api.192-168-49-2.nip.io/docs). ### Additional Information @@ -322,11 +322,11 @@ At minimum, values for the following attributes should be specified: Example `bucket-operator-values.yaml`... ```yaml -domain: 192.168.49.2.nip.io +domain: 192-168-49-2.nip.io data: OS_MEMBERROLEID: "9ee2ff9ee4384b1894a90878d3e92bab" OS_SERVICEPROJECTID: "d21467d0a0414252a79e29d38f03ff98" - USER_EMAIL_PATTERN: "eoepca+@192.168.49.2.nip.io" + USER_EMAIL_PATTERN: "eoepca+@192-168-49-2.nip.io" ingress: annotations: cert-manager.io/cluster-issuer: letsencrypt-production diff --git a/docs/quickstart/data-access-deployment.md b/docs/quickstart/data-access-deployment.md index 2f251572..e60830ee 100644 --- a/docs/quickstart/data-access-deployment.md +++ b/docs/quickstart/data-access-deployment.md @@ -24,9 +24,9 @@ Deployment is initiated by invoking the script... ./deploy/data-access/data-access ``` -The Resource Catalogue is accessed at the endpoint `resource-catalogue-open.` - e.g. `resource-catalogue-open.192.168.49.2.nip.io`. +The Resource Catalogue is accessed at the endpoint `resource-catalogue-open.` - e.g. `resource-catalogue-open.192-168-49-2.nip.io`. -The Data Access View Server is accessed at the endpoint `data-access-open.` - e.g. `data-access-open.192.168.49.2.nip.io`. +The Data Access View Server is accessed at the endpoint `data-access-open.` - e.g. `data-access-open.192-168-49-2.nip.io`. ## Data Harvesting diff --git a/docs/quickstart/exploitation-deployment.md b/docs/quickstart/exploitation-deployment.md index 0c241755..f7b28c61 100644 --- a/docs/quickstart/exploitation-deployment.md +++ b/docs/quickstart/exploitation-deployment.md @@ -27,11 +27,11 @@ Deployment is initiated by invoking the script... ./deploy/exploitation/exploitation ``` -The ADES service is accessed at the endpoint `ades-open.` - e.g. `ades-open.192.168.49.2.nip.io`. +The ADES service is accessed at the endpoint `ades-open.` - e.g. `ades-open.192-168-49-2.nip.io`. -The Resource Catalogue is accessed at the endpoint `resource-catalogue-open.` - e.g. `resource-catalogue-open.192.168.49.2.nip.io`. +The Resource Catalogue is accessed at the endpoint `resource-catalogue-open.` - e.g. `resource-catalogue-open.192-168-49-2.nip.io`. -The Data Access View Server is accessed at the endpoint `data-access-open.` - e.g. `data-access-open.192.168.49.2.nip.io`. +The Data Access View Server is accessed at the endpoint `data-access-open.` - e.g. `data-access-open.192-168-49-2.nip.io`. ## Example Requests - `s-expression` on CREODIAS diff --git a/docs/quickstart/processing-deployment.md b/docs/quickstart/processing-deployment.md index 98ec7c87..41db3569 100644 --- a/docs/quickstart/processing-deployment.md +++ b/docs/quickstart/processing-deployment.md @@ -24,7 +24,7 @@ Deployment is initiated by invoking the script... ./deploy/processing/processing ``` -The ADES service is accessed at the endpoint `ades-open.` - e.g. `ades-open.192.168.49.2.nip.io`. +The ADES service is accessed at the endpoint `ades-open.` - e.g. `ades-open.192-168-49-2.nip.io`. ## Example Requests - `snuggs` application @@ -53,7 +53,7 @@ The variables `@hostname` and `@domain` can be configured at the top of the file ```bash curl -k \ --request GET \ - --url https://ades-open.192.168.49.2.nip.io/eric/wps3/processes \ + --url https://ades-open.192-168-49-2.nip.io/eric/wps3/processes \ --header 'accept: application/json' ``` @@ -62,7 +62,7 @@ The variables `@hostname` and `@domain` can be configured at the top of the file ```bash curl -k \ --request POST \ - --url https://ades-open.192.168.49.2.nip.io/eric/wps3/processes \ + --url https://ades-open.192-168-49-2.nip.io/eric/wps3/processes \ --header 'accept: application/json' \ --header 'content-type: application/json' \ --data '{"executionUnit": {"href": "https://raw.githubusercontent.com/EOEPCA/app-snuggs/main/app-package.cwl","type": "application/cwl"}}' @@ -73,7 +73,7 @@ The variables `@hostname` and `@domain` can be configured at the top of the file ```bash curl -k \ --request GET \ - --url https://ades-open.192.168.49.2.nip.io/eric/wps3/processes/snuggs-0_3_0 \ + --url https://ades-open.192-168-49-2.nip.io/eric/wps3/processes/snuggs-0_3_0 \ --header 'accept: application/json' ``` @@ -82,7 +82,7 @@ The variables `@hostname` and `@domain` can be configured at the top of the file ```bash curl -k -v \ --request POST \ - --url https://ades-open.192.168.49.2.nip.io/eric/wps3/processes/snuggs-0_3_0/execution \ + --url https://ades-open.192-168-49-2.nip.io/eric/wps3/processes/snuggs-0_3_0/execution \ --header 'accept: application/json' \ --header 'content-type: application/json' \ --header 'prefer: respond-async' \ @@ -96,7 +96,7 @@ The variables `@hostname` and `@domain` can be configured at the top of the file ```bash curl -k \ --request GET \ - --url https://ades-open.192.168.49.2.nip.io{location-header} \ + --url https://ades-open.192-168-49-2.nip.io{location-header} \ --header 'accept: application/json' ``` @@ -107,7 +107,7 @@ The variables `@hostname` and `@domain` can be configured at the top of the file ```bash curl -k \ --request GET \ - --url https://ades-open.192.168.49.2.nip.io{location-header}/result \ + --url https://ades-open.192-168-49-2.nip.io{location-header}/result \ --header 'accept: application/json' ``` @@ -118,7 +118,7 @@ The variables `@hostname` and `@domain` can be configured at the top of the file ```bash curl -k \ --request GET \ - --url https://ades-open.192.168.49.2.nip.io/eric/wps3/jobs \ + --url https://ades-open.192-168-49-2.nip.io/eric/wps3/jobs \ --header 'accept: application/json' ``` @@ -126,7 +126,7 @@ The variables `@hostname` and `@domain` can be configured at the top of the file The outputs are published as a static STAC catalogue to a path that includes the unique job ID. -In the default configuration, the processing results are pushed to the Minio S3 object storage. This can be checked via browser access at the endpoint `console.minio.` e.g. https://console.minio.192.168.49.2.nip.io/, or using an S3 client such as... +In the default configuration, the processing results are pushed to the Minio S3 object storage. This can be checked via browser access at the endpoint `console.minio.` e.g. https://console.minio.192-168-49-2.nip.io/, or using an S3 client such as... ```bash s3cmd -c ./deploy/cluster/s3cfg ls s3://eoepca diff --git a/docs/quickstart/scripted-deployment.md b/docs/quickstart/scripted-deployment.md index ad15b08a..b29dff24 100644 --- a/docs/quickstart/scripted-deployment.md +++ b/docs/quickstart/scripted-deployment.md @@ -180,6 +180,14 @@ _Ensure that the script is executed with the environment variables and command-l ./deploy/eoepca/eoepca-protection.sh apply "" "" "" "" ``` +## Post-deploy Manual Steps + +The scripted deployment has been designed, as far as possible, to automate the configuration of the deployed components. However, there remain some steps that must be performed manually after the scripted deployment has completed... + +* Fix the setting `UMA Resource Lifetime` - change `2592000` -> `2147483647` secs +* Fix the setting `Authentication method for the Token Endpoint` for the `ApplicationHub` - `client_secret_post` -> `client_secret_basic` +* Add groups `group-1`, `group-2`, `group-3` to ApplicationHub, and add users `eric`, `bob` to these groups + ## Create User Workspaces The protection steps created the test users `eric` and `bob`. For completeness we use the Workspace API to create their user workspaces, which hold their personal resources (data, processing results, etc.) within the platform - see [Workspace](../eoepca/workspace.md). @@ -205,7 +213,7 @@ The same can be achieved with a straight http request, for example using `curl`. ```bash curl -X 'POST' \ - 'https://workspace-api.192.168.49.2.nip.io/workspaces' \ + 'https://workspace-api.192-168-49-2.nip.io/workspaces' \ -H 'accept: application/json' \ -H 'Content-Type: application/json' \ -H 'X-User-Id: ' \ @@ -256,7 +264,7 @@ Usage: For example... ```bash -./deploy/bin/create-workspace 192.168.49.2.nip.io eric d95b0c2b-ea74-4b3f-9c6a-85198dec974d +./deploy/bin/create-workspace 192-168-49-2.nip.io eric d95b0c2b-ea74-4b3f-9c6a-85198dec974d ``` The script prompts for the password of the `admin` user. diff --git a/docs/quickstart/userman-deployment.md b/docs/quickstart/userman-deployment.md index c9a62bd6..031870d5 100644 --- a/docs/quickstart/userman-deployment.md +++ b/docs/quickstart/userman-deployment.md @@ -23,4 +23,4 @@ Deployment is initiated by invoking the script... ./deploy/userman/userman ``` -The _Login Service_ is accessed at the endpoint `auth.` - e.g. `auth.192.168.49.2.nip.io`. +The _Login Service_ is accessed at the endpoint `auth.` - e.g. `auth.192-168-49-2.nip.io`.