From ab3d8f58069f056ec82d27a32edf0954178e74d4 Mon Sep 17 00:00:00 2001 From: Nitin Yadav Date: Sun, 18 Feb 2024 13:12:45 +1100 Subject: [PATCH] Added new lab 'service-interconnect' & SSO integration --- .../assignment.md | 17 ++++++ .../check-rhd-login | 41 +++++++++++++ .../assignment.md | 58 +++++++++---------- .../setup-crc | 0 .../service-interconnect/config.yml | 3 + .../service-interconnect/track.yml | 5 +- 6 files changed, 93 insertions(+), 31 deletions(-) create mode 100644 instruqt-tracks/service-interconnect/01-join-red-hat-developer-portal/assignment.md create mode 100644 instruqt-tracks/service-interconnect/01-join-red-hat-developer-portal/check-rhd-login rename instruqt-tracks/service-interconnect/{01-service-interconnect => 02-service-interconnect}/assignment.md (92%) mode change 100755 => 100644 rename instruqt-tracks/service-interconnect/{01-service-interconnect => 02-service-interconnect}/setup-crc (100%) diff --git a/instruqt-tracks/service-interconnect/01-join-red-hat-developer-portal/assignment.md b/instruqt-tracks/service-interconnect/01-join-red-hat-developer-portal/assignment.md new file mode 100644 index 00000000..d411e46f --- /dev/null +++ b/instruqt-tracks/service-interconnect/01-join-red-hat-developer-portal/assignment.md @@ -0,0 +1,17 @@ +--- +slug: join-red-hat-developer-portal +id: zm7j51xxebyk +type: challenge +title: Join Red Hat Developer at no cost +teaser: Join Red Hat Developer at no cost +tabs: +- title: Red Hat Login + type: browser + hostname: rhd-login +difficulty: "" +--- +Before you proceed with the next challenge, please take a moment to register for Red Hat Developer. If you already have a Red Hat account, you can use the same login credentials. + +This will help us assess user satisfaction and enable us to provide more curated content. + +Click on the `Check` button at the bottom once you have registered or logged in. diff --git a/instruqt-tracks/service-interconnect/01-join-red-hat-developer-portal/check-rhd-login b/instruqt-tracks/service-interconnect/01-join-red-hat-developer-portal/check-rhd-login new file mode 100644 index 00000000..53051468 --- /dev/null +++ b/instruqt-tracks/service-interconnect/01-join-red-hat-developer-portal/check-rhd-login @@ -0,0 +1,41 @@ +#!/bin/bash +set -euxo pipefail +echo 'logincheck' +if [ "${LOGGEDIN-0}" = "1" ]; then + echo 'loggedin' + exit 0 +fi + +rm -f /home/user/checkResult.json +rm -f /home/user/checkAssets.json +rm -f /home/user/checkError.txt + + +echo 'dropdown check' +echo '{"location":{"conditions":[{"url":"redhat.com","condition":"contains"}]},"innerText":[{"selector":"html \u003e body","value":"Please click on Check button in the bottom right of your screen to continue with the Lab."}]}' > /home/user/checkAssets.json +until [ -f /home/user/checkResult.json ]; do + sleep 1 +done +if grep "SUCCESS" /home/user/checkResult.json; then + echo 'account dropdown' + exit 0 +fi + + +rm -f /home/user/checkResult.json +rm -f /home/user/checkAssets.json +rm -f /home/user/checkError.txt + + +echo 'email check' +echo '{"location":{"conditions":[]},"innerText":[{"selector":"html \u003e body","value":"Email address verification"}]}' > /home/user/checkAssets.json +until [ -f /home/user/checkResult.json ]; do + sleep 1 +done +cat /home/user/checkResult.json +if grep "SUCCESS" /home/user/checkResult.json; then + echo 'email validation' + exit 0 +fi +fail-message "Please login and click 'Check' button." +exit 1 \ No newline at end of file diff --git a/instruqt-tracks/service-interconnect/01-service-interconnect/assignment.md b/instruqt-tracks/service-interconnect/02-service-interconnect/assignment.md old mode 100755 new mode 100644 similarity index 92% rename from instruqt-tracks/service-interconnect/01-service-interconnect/assignment.md rename to instruqt-tracks/service-interconnect/02-service-interconnect/assignment.md index c30467f6..c8eeeb8b --- a/instruqt-tracks/service-interconnect/01-service-interconnect/assignment.md +++ b/instruqt-tracks/service-interconnect/02-service-interconnect/assignment.md @@ -25,7 +25,7 @@ notes: This can be accomplished with a VPN between the public cloud and the private data center. However, a **VPN can be hard to set up**, and **requires deep networking expertise**. Developers also need to request the network admins and go through a time taking approval process for the VPNs to be setup. **Red Hat Service Interconnect on the other hand creates a dedicated layer 7 service network and is a lot easier to set up**. It allows application Developers to establish secure interconnection with other services and applications in different environments without relying on network specialists. With Service Interconnect developers can now create secure virtual application networks without the cumbersome overhead, complexity and delays of traditional connectivity solutions. ## Lab architecture - ![Architecute-router.png](../assets/Architecute-router.png) + ![Architecute-router.png](..\assets\Architecute-router.png) > **Note:** > Red Hat Service Interconnect is not limited to service networks between instances of OpenShift, but can equally well be leveraged to connect deployments running on premise (deployed on OpenShift or Kubernetes, on virtual machines or on bare metal) with services running in the cloud. @@ -56,15 +56,15 @@ and safely configure and manage their interconnections. Using a simple command l are easily created avoiding extensive networking planning without compromising your organization's infrastructure and data. - **AnOpenShift Cluster** - This will run the front end of the patient portal application - **A RHEL machine** - This will run our database and payment processor used to process the bill payments of the patients -- **Terminal-OpenShift** - This tab is a terminal that is already remotely logged in to OpenShift cluster![OpenShift-Terminal.png](../assets/Screenshot%202023-08-22%20at%205.47.14%20PM.png) -- **Terminal-RHEL** - This tab is a terminal that is already logged into to a RHEL VM ![RHEL-terminal.png](../assets/Screenshot%202023-08-22%20at%205.54.47%20PM.png) -- **Patient Portal** - Tab to accesss the patient portal frontend website ![pp-tab.png](../assets/pp-tab.png) +- **Terminal-OpenShift** - This tab is a terminal that is already remotely logged in to OpenShift cluster![OpenShift-Terminal.png](..\assets\Screenshot%202023-08-22%20at%205.47.14%20PM.png) +- **Terminal-RHEL** - This tab is a terminal that is already logged into to a RHEL VM ![RHEL-terminal.png](..\assets\Screenshot%202023-08-22%20at%205.54.47%20PM.png) +- **Patient Portal** - Tab to accesss the patient portal frontend website ![pp-tab.png](..\assets\pp-tab.png) - # Install the Frontend in the Public OpenShift Cluster We are already remotely logged into the Public OpenShift cluster from the **Terminal-OpenShift** tab. -- Make sure your are on the**Terminal-OpenShift** tab: ![OpenShift-Terminal.png](../assets/Screenshot%202023-08-22%20at%205.47.14%20PM.png) +- Make sure your are on the**Terminal-OpenShift** tab: ![OpenShift-Terminal.png](..\assets\Screenshot%202023-08-22%20at%205.47.14%20PM.png) - Login to the **public** project by copy pasting the command below in to the **Terminal-OpenShift** CLI. ``` oc project public @@ -87,14 +87,14 @@ We are already remotely logged into the Public OpenShift cluster from the **Term ``` - Now that the front end is up and running. Navigate to the patient portal frontend by clicking on the patient portal tab -![pp-tab.png](../assets/pp-tab.png) +![pp-tab.png](..\assets\pp-tab.png) - **Note:** You might see a **Your connection is not private** message on the browser as we are using a self-signed certificate. You can ignore such errors during this excercise. Click on **Advanced** and then click on the **"proceed to"** link as shown in the image below if you see this warning -![front-end-security1.png](../assets/front-end-security1.png) -![front-end-security2.png](../assets/front-end-security2.png) +![front-end-security1.png](..\assets\front-end-security1.png) +![front-end-security2.png](..\assets\front-end-security2.png) - You should be able to see the front end of the patient portal without any patient names or doctor names as we have not established the connection with the database -![frontend-empty.png](../assets/frontend-empty.png) +![frontend-empty.png](..\assets\frontend-empty.png) # Install the Database and Payment Process on the RHEL VM The Database contains a list of patients and doctors, that will show on the patient portal front end page once we make the connections. @@ -103,7 +103,7 @@ The payment processor is a service that process the bill payments made by patien We are already remotely logged into the RHEL machine from the **Terminal-RHEL** machine. -- Switch to the **Terminal-RHEL** tab before you do this section ![RHEL-terminal.png](../assets/Screenshot%202023-08-22%20at%205.54.47%20PM.png) +- Switch to the **Terminal-RHEL** tab before you do this section ![RHEL-terminal.png](..\assets\Screenshot%202023-08-22%20at%205.54.47%20PM.png) - Switch from **root** to **user1** that we already created ``` @@ -135,7 +135,7 @@ In the next section we will use **[Red Hat Service Interconnect](https://develop # The Challenge As indicated in the image below you are now done installing the patient portal frontend in the OpenShift Cluster and the database and payment processor in the RHEL machine. Both these environments(OpenShift and RHEL) are not connected. -![Arch-no-skup.png](../assets/Screenshot%202023-08-22%20at%2010.52.56%20PM.png) +![Arch-no-skup.png](..\assets\Screenshot%202023-08-22%20at%2010.52.56%20PM.png) The challenge for us is now to enable the patient portal application to connect to the database and payment processor. For obvious reasons, we do not want to expose the database and payment processor over the public internet, so a private, secure link needs to be setup between the OpenShift instance and the RHEL Machine in the datacentre. This can be accomplished with a VPN between the public cloud and the data center. However a **VPN can be hard to set up**, and **requires deep networking expertise**. Developers also need to request the network admins and go through a time taking approval process for the VPNs to be setup. **Red Hat Service Interconnect on the other hand creates a dedicated layer 7 service network and is a lot easier to set up**. It allows application Developers to establish secure interconnection with other services and applications in different environments without relying on network specialists. With Service Interconnect developers can now create secure virtual application networks without the cumbersome overhead, complexity and delays of traditional connectivity solutions. @@ -148,7 +148,7 @@ The challenge for us is now to enable the patient portal application to connect This process will install Service Interconnect in the **public** namespace in the OpenShift cluster. We are already remotely logged into the OpenShift cluster from the **Terminal-OpenShift** machine. -- Make sure you are on the **Terminal-OpenShift** tab ![OpenShift-Terminal.png](../assets/Screenshot%202023-08-22%20at%205.47.14%20PM.png) +- Make sure you are on the **Terminal-OpenShift** tab ![OpenShift-Terminal.png](..\assets\Screenshot%202023-08-22%20at%205.47.14%20PM.png) - To initialize Service Interconnect in the OpenShift namespace namespace you will need to issue the following command in the **Terminal-OpenShift** window: ``` @@ -162,7 +162,7 @@ We are already remotely logged into the OpenShift cluster from the **Terminal-Op ``` -- Now switch to the **Terminal-RHEL** tab ![RHEL-terminal.png](../assets/Screenshot%202023-08-22%20at%205.54.47%20PM.png) +- Now switch to the **Terminal-RHEL** tab ![RHEL-terminal.png](..\assets\Screenshot%202023-08-22%20at%205.54.47%20PM.png) - In order to create the connection Service Interconnect must also be intialized in the RHEL machine where deployed the database and payment processor. Issue the following commands in the **Terminal-RHEL** tab: ``` @@ -181,7 +181,7 @@ We are already remotely logged into the OpenShift cluster from the **Terminal-Op Creating a link between Service Interconnect enabled namespace and the services on the RHEL machine requires a secret token that allows permission to create the link. The token carries the link details required for connection. We will generate the token in the OpenShift cluster and use it in the RHEL machine to create a link. All inter-site traffic is protected by mutual TLS**(mTLS)** using a private, dedicated certificate authority (CA). A claim token is not a certificate, but is securely exchanged for a certificate during the linking process. By implementing appropriate restrictions (for example, creating a single-use claim token), you can avoid the accidental exposure of certificates. -- Switch to **Terminal-OpenShift** tab ![OpenShift-Terminal.png](../assets/Screenshot%202023-08-22%20at%205.47.14%20PM.png) +- Switch to **Terminal-OpenShift** tab ![OpenShift-Terminal.png](..\assets\Screenshot%202023-08-22%20at%205.47.14%20PM.png) - Generate the token in the **Terminal-OpenShift** tab ``` @@ -212,9 +212,9 @@ Creating a link between Service Interconnect enabled namespace and the services > Do not copy the token from here. Copy the token from the terminal as indicated in the subsequent steps - Select the full token from the **Terminal-OpenShift** and carefully copy the token without missing any characters out. You can paste the token in any text editor or revisit this tab to copy this token for later steps. This is a very important step and any missing characters in the token will lead to failed connections -![copy-token.png](../assets/copy-token.png) +![copy-token.png](..\assets\copy-token.png) -- Now switch to **Terminal-RHEL** ![RHEL-terminal.png](../assets/Screenshot%202023-08-22%20at%205.54.47%20PM.png) +- Now switch to **Terminal-RHEL** ![RHEL-terminal.png](..\assets\Screenshot%202023-08-22%20at%205.54.47%20PM.png) - Create on a new file for the secret on the **Terminal-RHEL** by issuing the below command ``` @@ -222,7 +222,7 @@ Creating a link between Service Interconnect enabled namespace and the services ``` - Paste the token that you copied in this file and press the **esc** followed by **:** followed by **wq** to save the file. Double check to make sure you pasted the complete token. The token should like the one in the image below -![Screenshot -token.png](../assets/Screenshot%202023-08-22%20at%205.32.32%20PM.png) +![Screenshot -token.png](..\assets\Screenshot%202023-08-22%20at%205.32.32%20PM.png) - Now that we have successfully saved the token in the private machine. Let's create the connection. Link the private cluster to the public cluster by executing the below command from the **Terminal-RHEL**. This will utilize the token that we just transferred to create the link between the two disparate environments. @@ -249,14 +249,14 @@ Creating a link between Service Interconnect enabled namespace and the services Though we have linked the namespace on the OpenShift cluster and the RHEL machine, we have not exposed any services yet. We have to explicitly mention which services we want to expose over the Service network. By default **none** of the services in the namespaces are exposed by Red Hat Service Interconnect. - You can verify this by going to the browser tab where you have opened the frontend and refreshing it. You will still see that the patient and doctors names are still not retrieved from the database and displayed on the portal -![frontend-empty.png](../assets/frontend-empty.png) +![frontend-empty.png](..\assets\frontend-empty.png) ## **Exposing the services over the network using Red Hat Service Interconnect** Now let's expose the database service and payment processor over the service network. This will allow the Frontend on the OpenShift cluster to connect to the database as if it was a local service, while in reality the service is a proxy for the real service running on the RHEL machine. - Switch back to the **Terminal-RHEL** to create the connection - ![RHEL-terminal.png](../assets/Screenshot%202023-08-22%20at%205.54.47%20PM.png) + ![RHEL-terminal.png](..\assets\Screenshot%202023-08-22%20at%205.54.47%20PM.png) - Expose the database and the payment processor over the network by running the below commands on the **Terminal-RHEL** ``` @@ -265,7 +265,7 @@ Now let's expose the database service and payment processor over the service net ``` - Switch back to the **Terminal-OpenShift** -![OpenShift-Terminal.png](../assets/Screenshot%202023-08-22%20at%205.47.14%20PM.png) +![OpenShift-Terminal.png](..\assets\Screenshot%202023-08-22%20at%205.47.14%20PM.png) - Create proxy services on the **OpenShift cluster** that will redirect to the services running on the RHEL machine in the datacentre by running the below commands on **Terminal-OpenShift** ``` @@ -273,14 +273,14 @@ Now let's expose the database service and payment processor over the service net skupper service create payment-processor 8080 --protocol http ``` -- You have now established a secure link between the two environments, and exposed the database and payment processor as services on OpensShift cluster. This will allow the Frontend on the Public cluster to connect to the database and payment processor services as if they were a local service, while in reality these services are proxies for the real service running on the RHEL Machine running in the datacentre. ![Arch-router.png](../assets/Screenshot%202023-08-22%20at%2011.02.35%20PM.png) +- You have now established a secure link between the two environments, and exposed the database and payment processor as services on OpensShift cluster. This will allow the Frontend on the Public cluster to connect to the database and payment processor services as if they were a local service, while in reality these services are proxies for the real service running on the RHEL Machine running in the datacentre. ![Arch-router.png](..\assets\Screenshot%202023-08-22%20at%2011.02.35%20PM.png) > **Note:** > We are not exposing the database and payment processor service to the internet. Only the services which are part of the service network enabled by Red Hat Service Interconnect can access them - You can verify this checking the list of svcs in the OpenShift cluster -- Switch to the **Terminal-OpenShift** tab ![OpenShift-Terminal.png](../assets/Screenshot%202023-08-22%20at%205.47.14%20PM.png) +- Switch to the **Terminal-OpenShift** tab ![OpenShift-Terminal.png](..\assets\Screenshot%202023-08-22%20at%205.47.14%20PM.png) - Get a list of services deployed in the public namespace ``` @@ -300,25 +300,25 @@ Now let's expose the database service and payment processor over the service net The database service and payment-processor are the proxy services created by exposing the database deployment in the RHEL Datacenter over the service network. -- After a few seconds go back to the browser tab where you have opened the patient portal front end and refresh it. or Click the **Patient-Portal** tab![pp-tab.png](../assets/pp-tab.png) +- After a few seconds go back to the browser tab where you have opened the patient portal front end and refresh it. or Click the **Patient-Portal** tab![pp-tab.png](..\assets\pp-tab.png) - You should now be able to see the the list of patients and doctors that have been retrieved from the database. This shows that we have successfully connected our front end to the database using Red Hat Service Interconnect. -![database-connected.png](../assets/database-connected.png) +![database-connected.png](..\assets\database-connected.png) - Click on the Patient **Angela Martin**. -![angela.png](../assets/angela.png) +![angela.png](..\assets\angela.png) - Click the Bills tab to find the unpaid bills and hit the pay button. -![bills-tab.png](../assets/bills-tab.png) +![bills-tab.png](..\assets\bills-tab.png) - Submit the payment -![submit-payment.png](../assets/submit-payment.png) +![submit-payment.png](..\assets\submit-payment.png) - You should be able to see there is now a **Date Paid** and **Processor** value indicating that the payment is successful and was processed at the datacenter. This shows that we have successfully connected our payment-processor to the application using Red Hat Service Interconnect. -![payment-success.png](../assets/Screenshot%202023-08-22%20at%2011.24.59%20PM.png) +![payment-success.png](..\assets\Screenshot%202023-08-22%20at%2011.24.59%20PM.png) Congratulations! You successfully used Red Hat Service Interconnect to build a secure service network between services running in two different environments (OpenShift and RHEL) and allowed application to connect and communicate over the secure network. -![Layer-7.png](../assets/Screenshot%202023-08-22%20at%2011.05.14%20PM.png) +![Layer-7.png](..\assets\Screenshot%202023-08-22%20at%2011.05.14%20PM.png) Learn more at about [Red Hat Service Interconnect by clicking here](https://developers.redhat.com/products/service-interconnect/overview). diff --git a/instruqt-tracks/service-interconnect/01-service-interconnect/setup-crc b/instruqt-tracks/service-interconnect/02-service-interconnect/setup-crc similarity index 100% rename from instruqt-tracks/service-interconnect/01-service-interconnect/setup-crc rename to instruqt-tracks/service-interconnect/02-service-interconnect/setup-crc diff --git a/instruqt-tracks/service-interconnect/config.yml b/instruqt-tracks/service-interconnect/config.yml index aead3efe..62287a4b 100644 --- a/instruqt-tracks/service-interconnect/config.yml +++ b/instruqt-tracks/service-interconnect/config.yml @@ -1,4 +1,7 @@ version: "3" +virtualbrowsers: +- name: rhd-login + url: https://developers.redhat.com/node/284339?auHash=5k9QV-yD0z-jAU7XkJyq1TUxhVyyZVLiuZz7tsfTz_s&offerid=3882354 virtualmachines: - name: crc image: rhd-devx-instruqt/openshift-4-14-7-97g8f diff --git a/instruqt-tracks/service-interconnect/track.yml b/instruqt-tracks/service-interconnect/track.yml index 7d5e2ed6..2392ea69 100755 --- a/instruqt-tracks/service-interconnect/track.yml +++ b/instruqt-tracks/service-interconnect/track.yml @@ -21,7 +21,7 @@ description: |2 This can be accomplished with a VPN between the public cloud and the private data center. However, a **VPN can be hard to set up**, and **requires deep networking expertise**. Developers also need to request the network admins and go through a time taking approval process for the VPNs to be setup. **Red Hat Service Interconnect on the other hand creates a dedicated layer 7 service network and is a lot easier to set up**. It allows application Developers to establish secure interconnection with other services and applications in different environments without relying on network specialists. With Service Interconnect developers can now create secure virtual application networks without the cumbersome overhead, complexity and delays of traditional connectivity solutions. ## Lab architecture - ![lab-arch.png](./assets/Screenshot%202023-08-22%20at%2011.07.25%20PM.png) + ![lab-arch.png](.\assets\Screenshot%202023-08-22%20at%2011.07.25%20PM.png) > **Note:** > Red Hat Service Interconnect is not limited to service networks between instances of OpenShift and RHEL, but can equally well be leveraged to connect deployments across OpenShift or other Kubernetes, virtual machines or on bare metal environments @@ -37,6 +37,7 @@ tags: - openshift owner: openshift developers: +- nityadav@redhat.com - narathod@redhat.com - codingsaduvu@gmail.com - cclyburn@redhat.com @@ -47,4 +48,4 @@ lab_config: position: right feedback_recap_enabled: true loadingMessages: true -checksum: "9556025054795558048" +checksum: "150358785019515107"