diff --git a/docs/building-blocks/openeo-engine.md b/docs/building-blocks/openeo-engine.md index 2be4147..66fa5b6 100644 --- a/docs/building-blocks/openeo-engine.md +++ b/docs/building-blocks/openeo-engine.md @@ -182,15 +182,15 @@ When prompted: - **Keycloak Admin Username and Password**: Enter the credentials of your Keycloak admin user (these are also in `~/.eoepca/state` if you have them set). - **Keycloak base domain**: e.g. `auth.example.com` - **Realm**: Typically `eoepca`. - -- **Client ID**: Use `demo-openeo-eoepca`. +- **Client ID**: Use `openeo-client` or what you named the client in the configuration script (check `~/.eoepca/state`). - **Client name** and **description**: Provide any helpful text (e.g., "OpenEO Client"). - **Client secret**: Leave blank and let Keycloak generate one. - **Subdomain**: Use `openeo`. - **Additional Subdomains**: Leave blank. -After it completes, you should see a JSON snippet confirming the newly created client. +After it completes, you should see a JSON snippet confirming the newly created client. +Look through the JSON and make a note of the **`secret`** value. This is the **Client Secret** and you will need this to obtain an access token. You can always retrieve this value from the Keycloak UI later if needed. #### Create a Keycloak User @@ -206,31 +206,40 @@ bash ../../utils/create-user.sh ```bash source ~/.eoepca/state +export OPENEO_USERNAME='' # The username of the user you created +export OPENEO_PASSWORD='' # The password of the user you created +export OPENEO_CLIENT_SECRET='' # You can retrieve this from the Keycloak UI, or from the JSON output of the create-client.sh script + ACCESS_TOKEN=$( curl --silent --show-error \ -X POST \ - -d "username=" \ - --data-urlencode "password=" \ + -d "username=${OPENEO_USERNAME}" \ + --data-urlencode "password=${OPENEO_PASSWORD}" \ -d "grant_type=password" \ - -d "client_id=demo-openeo-eoepca" \ - -d "client_secret=" \ + -d "client_id=${OPENEO_CLIENT_ID}" \ + -d "client_secret=${OPENEO_CLIENT_SECRET}" \ -d "scope=openid profile email" \ "https://${KEYCLOAK_HOST}/realms/${REALM}/protocol/openid-connect/token" | jq -r '.access_token' ) +echo "Access token: ${ACCESS_TOKEN}" + AUTH_TOKEN="oidc/eoepca/${ACCESS_TOKEN}" ``` Make sure that you replace the following values: + - with your username - with your password - with your client secret +If the Access Token is empty, please make sure that the Keycloak client and user are correctly set up. + We need to format the token as `oidc/eoepca/${ACCESS_TOKEN}` to comply with the `oidc_providers` variable seen in the Helm values. -#### Submit a Job Using the "add" Process +#### Submit a Job Using the "sum" Process Submit a job that adds 5 and 6.5 by sending a process graph to the `/jobs` endpoint: @@ -241,7 +250,7 @@ curl -X POST "https://openeo.${INGRESS_HOST}/openeo/1.2/result" \ -d '{ "process": { "process_graph": { - "arccos_node": { + "sum": { "process_id": "sum", "arguments": { "data": [5,6.5] @@ -261,7 +270,19 @@ A simple numeric result: 11.5 ``` -This confirms that the "add" process is operational and returning the correct computed sum. +This confirms that the "sum" process is operational and returning the correct computed sum. + +#### Experiment with Other Processes + +To see more available processes you can run, navigate to + +```url +https://openeo.${INGRESS_HOST}/openeo/1.2/processes +``` + +You should see a JSON object with an array of processes. Each with example usage and descriptions. Follow the same process as above to submit a job using any of these processes. + +Your Access Token will eventually expire. If you receive a 401 error, you will need to obtain a new token by running the `Get an Access Token` section again. --- diff --git a/scripts/processing/openeo/check-prerequisites.sh b/scripts/processing/openeo/check-prerequisites.sh index 03018b7..c6e139e 100644 --- a/scripts/processing/openeo/check-prerequisites.sh +++ b/scripts/processing/openeo/check-prerequisites.sh @@ -1,7 +1,7 @@ #!/bin/bash -source ../common/utils.sh -source ../common/prerequisite-utils.sh +source ../../common/utils.sh +source ../../common/prerequisite-utils.sh echo "🔍 Checking prerequisites for OpenEO Deployment..." declare -a checks=( diff --git a/scripts/processing/openeo/configure-openeo.sh b/scripts/processing/openeo/configure-openeo.sh index 14e0beb..7d07b85 100644 --- a/scripts/processing/openeo/configure-openeo.sh +++ b/scripts/processing/openeo/configure-openeo.sh @@ -1,12 +1,22 @@ #!/bin/bash -source ../common/utils.sh +source ../../common/utils.sh echo "Configuring openEO..." +echo "⚠️ An OIDC Provider is required to submit jobs. Please ensure that an OIDC Provider is accessible. If you have one, ignore this message, otherwise consult the guide." +echo "" + ask "INGRESS_HOST" "Enter the base domain name" "example.com" is_valid_domain -ask "STORAGE_CLASS" "Enter the storage class name" "standard" is_not_empty +ask "STORAGE_CLASS" "Enter the storage class name" "standard" is_non_empty configure_cert +if [ -z "$OIDC_ISSUER_URL" ]; then + source ../../common/prerequisite-utils.sh + check_oidc_provider_accessible +fi + +ask "OPENEO_CLIENT_ID" "As we need to set the Client ID in the Helm values, please provider what you'd like the Client ID to be. We advise you to use the default provided." "openeo-client" + envsubst <"openeo-geotrellis/values-template.yaml" >"openeo-geotrellis/generated-values.yaml" envsubst <"sparkoperator/values-template.yaml" >"sparkoperator/generated-values.yaml" envsubst <"zookeeper/values-template.yaml" >"zookeeper/generated-values.yaml" diff --git a/scripts/processing/openeo/openeo-geotrellis/values-template.yaml b/scripts/processing/openeo/openeo-geotrellis/values-template.yaml index 155fc59..a692322 100644 --- a/scripts/processing/openeo/openeo-geotrellis/values-template.yaml +++ b/scripts/processing/openeo/openeo-geotrellis/values-template.yaml @@ -33,7 +33,7 @@ configMaps: issuer="${OIDC_ISSUER_URL}", default_clients=[ { - "id": "demo-openeo-eoepca", + "id": "${OPENEO_CLIENT_ID}", "grant_types": [ "password", "authorization_code+pkce", diff --git a/scripts/processing/openeo/validation.sh b/scripts/processing/openeo/validation.sh new file mode 100644 index 0000000..b155ba4 --- /dev/null +++ b/scripts/processing/openeo/validation.sh @@ -0,0 +1,28 @@ +#!/bin/bash +source ../../common/utils.sh +source ../../common/validation-utils.sh + + +check_pods_running "openeo-geotrellis" "app.kubernetes.io/instance=openeo-geotrellis-sparkoperator" 2 +check_pods_running "openeo-geotrellis" "app.kubernetes.io/instance=openeo-geotrellis-zookeeper" 1 +check_pods_running "openeo-geotrellis" "release=openeo-geotrellis-openeo" 2 + + +check_deployment_ready "openeo-geotrellis" "openeo-geotrellis-sparkoperator-spark-operator-controller" +check_deployment_ready "openeo-geotrellis" "openeo-geotrellis-sparkoperator-spark-operator-webhook" + +check_service_exists "openeo-geotrellis" "openeo-geotrellis-sparkoperator-spark-operator-webhook-svc" +check_service_exists "openeo-geotrellis" "openeo-geotrellis-zookeeper" +check_service_exists "openeo-geotrellis" "openeo-geotrellis-zookeeper-headless" +check_service_exists "openeo-geotrellis" "openeo-geotrellis-openeo-sparkapplication" +check_service_exists "openeo-geotrellis" "openeo-geotrellis-openeo-ui-svc" + +check_url_status_code "$HTTP_SCHEME://openeo.$INGRESS_HOST" 200 +check_url_status_code "$HTTP_SCHEME://openeo.$INGRESS_HOST/openeo/1.2/processes" 200 + +echo +echo "All Resources:" +echo +kubectl get all -n openeo-geotrellis +echo +echo "✅ openEO validation succeeded."