Merge pull request #82 from EOEPCA/openeo-deployment-guide

Update openEO documentation and scripts for improved client configura…
EOEPCA · Feb 25, 2025 · dc2efd4 · dc2efd4
2 parents 533d996 + 9ad94c2
commit dc2efd4
Show file tree

Hide file tree

Showing 5 changed files with 74 additions and 15 deletions.
diff --git a/docs/building-blocks/openeo-engine.md b/docs/building-blocks/openeo-engine.md
@@ -182,15 +182,15 @@ When prompted:
 - **Keycloak Admin Username and Password**: Enter the credentials of your Keycloak admin user (these are also in `~/.eoepca/state` if you have them set).
 - **Keycloak base domain**: e.g. `auth.example.com`
 - **Realm**: Typically `eoepca`.
-
-- **Client ID**: Use `demo-openeo-eoepca`.
+- **Client ID**: Use `openeo-client` or what you named the client in the configuration script (check `~/.eoepca/state`).
 - **Client name** and **description**: Provide any helpful text (e.g., "OpenEO Client").
 - **Client secret**: Leave blank and let Keycloak generate one.
 - **Subdomain**: Use `openeo`.
 - **Additional Subdomains**: Leave blank.
 
-After it completes, you should see a JSON snippet confirming the newly created client.
+After it completes, you should see a JSON snippet confirming the newly created client. 
 
+Look through the JSON and make a note of the **`secret`** value. This is the **Client Secret** and you will need this to obtain an access token. You can always retrieve this value from the Keycloak UI later if needed.
 
 #### Create a Keycloak User
 
@@ -206,31 +206,40 @@ bash ../../utils/create-user.sh
 ```bash
 source ~/.eoepca/state
 
+export OPENEO_USERNAME='' # The username of the user you created
+export OPENEO_PASSWORD='' # The password of the user you created
+export OPENEO_CLIENT_SECRET='' # You can retrieve this from the Keycloak UI, or from the JSON output of the create-client.sh script
+
 ACCESS_TOKEN=$(
     curl --silent --show-error \
          -X POST \
-         -d "username=<YOUR-USERNAME>" \
-         --data-urlencode "password=<YOUR-PASSWORD>" \
+         -d "username=${OPENEO_USERNAME}" \
+         --data-urlencode "password=${OPENEO_PASSWORD}" \
          -d "grant_type=password" \
-         -d "client_id=demo-openeo-eoepca" \
-         -d "client_secret=<CLIENT-SECRET>" \
+         -d "client_id=${OPENEO_CLIENT_ID}" \
+         -d "client_secret=${OPENEO_CLIENT_SECRET}" \
          -d "scope=openid profile email" \
          "https://${KEYCLOAK_HOST}/realms/${REALM}/protocol/openid-connect/token" |
          jq -r '.access_token'
 )
 
+echo "Access token: ${ACCESS_TOKEN}"
+
 AUTH_TOKEN="oidc/eoepca/${ACCESS_TOKEN}"
 ```
 
 Make sure that you replace the following values:
+
 - <YOUR-USERNAME> with your username
 - <YOUR-PASSWORD> with your password
 - <CLIENT-SECRET> with your client secret
 
+If the Access Token is empty, please make sure that the Keycloak client and user are correctly set up.
+
 We need to format the token as `oidc/eoepca/${ACCESS_TOKEN}` to comply with the `oidc_providers` variable seen in the Helm values.
 
 
-#### Submit a Job Using the "add" Process
+#### Submit a Job Using the "sum" Process
 
 Submit a job that adds 5 and 6.5 by sending a process graph to the `/jobs` endpoint:
 
@@ -241,7 +250,7 @@ curl -X POST "https://openeo.${INGRESS_HOST}/openeo/1.2/result" \
   -d '{
         "process": {
           "process_graph": {
-            "arccos_node": {
+            "sum": {
               "process_id": "sum",
               "arguments": {
                 "data": [5,6.5]
@@ -261,7 +270,19 @@ A simple numeric result:
 11.5
 ```
 
-This confirms that the "add" process is operational and returning the correct computed sum.
+This confirms that the "sum" process is operational and returning the correct computed sum.
+
+#### Experiment with Other Processes
+
+To see more available processes you can run, navigate to
+
+```url
+https://openeo.${INGRESS_HOST}/openeo/1.2/processes
+```
+
+You should see a JSON object with an array of processes. Each with example usage and descriptions. Follow the same process as above to submit a job using any of these processes.
+
+Your Access Token will eventually expire. If you receive a 401 error, you will need to obtain a new token by running the `Get an Access Token` section again.
 
 ---
 

diff --git a/scripts/processing/openeo/check-prerequisites.sh b/scripts/processing/openeo/check-prerequisites.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
-source ../common/utils.sh
-source ../common/prerequisite-utils.sh
+source ../../common/utils.sh
+source ../../common/prerequisite-utils.sh
 echo "🔍 Checking prerequisites for OpenEO Deployment..."
 
 declare -a checks=(

diff --git a/scripts/processing/openeo/configure-openeo.sh b/scripts/processing/openeo/configure-openeo.sh
@@ -1,12 +1,22 @@
 
 #!/bin/bash
-source ../common/utils.sh
+source ../../common/utils.sh
 echo "Configuring openEO..."
 
+echo "⚠️   An OIDC Provider is required to submit jobs. Please ensure that an OIDC Provider is accessible. If you have one, ignore this message, otherwise consult the guide."
+echo ""
+
 ask "INGRESS_HOST" "Enter the base domain name" "example.com" is_valid_domain
-ask "STORAGE_CLASS" "Enter the storage class name" "standard" is_not_empty
+ask "STORAGE_CLASS" "Enter the storage class name" "standard" is_non_empty
 configure_cert
 
+if [ -z "$OIDC_ISSUER_URL" ]; then
+    source ../../common/prerequisite-utils.sh
+    check_oidc_provider_accessible
+fi
+
+ask "OPENEO_CLIENT_ID" "As we need to set the Client ID in the Helm values, please provider what you'd like the Client ID to be. We advise you to use the default provided." "openeo-client"
+
 envsubst <"openeo-geotrellis/values-template.yaml" >"openeo-geotrellis/generated-values.yaml"
 envsubst <"sparkoperator/values-template.yaml" >"sparkoperator/generated-values.yaml"
 envsubst <"zookeeper/values-template.yaml" >"zookeeper/generated-values.yaml"

diff --git a/scripts/processing/openeo/openeo-geotrellis/values-template.yaml b/scripts/processing/openeo/openeo-geotrellis/values-template.yaml
@@ -33,7 +33,7 @@ configMaps:
             issuer="${OIDC_ISSUER_URL}",
             default_clients=[
                 {
-                    "id": "demo-openeo-eoepca",
+                    "id": "${OPENEO_CLIENT_ID}",
                     "grant_types": [
                         "password",
                         "authorization_code+pkce",

diff --git a/scripts/processing/openeo/validation.sh b/scripts/processing/openeo/validation.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+source ../../common/utils.sh
+source ../../common/validation-utils.sh
+
+
+check_pods_running "openeo-geotrellis" "app.kubernetes.io/instance=openeo-geotrellis-sparkoperator" 2
+check_pods_running "openeo-geotrellis" "app.kubernetes.io/instance=openeo-geotrellis-zookeeper" 1
+check_pods_running "openeo-geotrellis" "release=openeo-geotrellis-openeo" 2
+
+
+check_deployment_ready "openeo-geotrellis" "openeo-geotrellis-sparkoperator-spark-operator-controller"
+check_deployment_ready "openeo-geotrellis" "openeo-geotrellis-sparkoperator-spark-operator-webhook"
+
+check_service_exists "openeo-geotrellis" "openeo-geotrellis-sparkoperator-spark-operator-webhook-svc"
+check_service_exists "openeo-geotrellis" "openeo-geotrellis-zookeeper"
+check_service_exists "openeo-geotrellis" "openeo-geotrellis-zookeeper-headless"
+check_service_exists "openeo-geotrellis" "openeo-geotrellis-openeo-sparkapplication"
+check_service_exists "openeo-geotrellis" "openeo-geotrellis-openeo-ui-svc"
+
+check_url_status_code "$HTTP_SCHEME://openeo.$INGRESS_HOST" 200
+check_url_status_code "$HTTP_SCHEME://openeo.$INGRESS_HOST/openeo/1.2/processes" 200
+
+echo
+echo "All Resources:"
+echo
+kubectl get all -n openeo-geotrellis
+echo
+echo "✅ openEO validation succeeded."