OmniPortal - a Flask-based portal that intends to simply the creation of Guests & Employees in Alcatel-Lucent Enterprise OmniVista. The idea is that OmniPortal can be hosted on Alcatel-Lucent Enterprise OmniSwitch with AOS Release 8 in the future.
You have multiple options to run OmniPortal
- I recommend to regularly take a backup of your ~/conf/ directory at a secure place
There are a couple of additional things that need to be done for the OmniSwitch, e.g. updating the paths to /flash/python/ This is work-in-progress, so expect rough edges! I strongly recommend to work with a .venv!
git clone https://github.com/BennyE/omniportal.git
python3 -m pip install -r requirements.txt
python3 -m flask --app omniportal --debug run --host 0.0.0.0 --port 5000
You'll want to update your app.secret_key before you do anything else(all automated in current build)- Navigate to 127.0.0.1:5000 (you don't want to run debug if outside of development phase)
- Attempt to login with admin/admin123, the attempt will fail and inform you that "admin/"
<Take note of your random password!>account was created in omniportal_users.json - Navigate to /admin and do your settings
- Change your password!
Please don't use something valuable, as the omniportal_users.json stores this unencrypted (as of now)!DONE >= v0.0.6
You'll find the files that store the configuration/settings in /home/$USER/omniportal_conf/
sudo docker build --tag omniportal:latest .
sudo docker run --rm --name omniportal -v ~/omniportal_conf/:/usr/src/app/conf/ -p 5000:5000 -d omniportal:latest
sudo docker run --rm --name omniportal -e EXTRA_OPTIONS="--debug" -v ~/omniportal_conf/:/usr/src/app/conf/ -p 5000:5000 -d omniportal:latest
sudo docker stop omniportal
You'll find the files that store the configuration/settings in /home/$USER/omniportal_conf/
sudo docker run --rm --name omniportal -v ~/omniportal_conf/:/usr/src/app/conf/ -p 5000:5000 -d quay.io/bennye_hh/omniportal:latest
sudo docker stop omniportal
This describes how you can run OmniPortal from Quay.io with Podman on Raspberry Pi (Raspberry Pi OS - Bullseye)
pi@raspberrypi:~ $ sudo apt install podman
pi@raspberrypi:~ $ mkdir ~/omniportal_conf
You likely want to use a released version like 0.0.7 and not 0.0.7-dev.5.
That means you'll run the command like this:
podman run -dt --rm --name omniportal -v ~/omniportal_conf/:/usr/src/app/conf/ -p 5000:5000/tcp quay.io/bennye_hh/omniportal:0.0.7
The OmniPortal is afterwards accessible via http://Your Raspberry Pi IP address:5000/
pi@raspberrypi:~ $ podman run -dt --rm --name omniportal -v ~/omniportal_conf/:/usr/src/app/conf/ -p 5000:5000/tcp quay.io/bennye_hh/omniportal:0.0.7-dev.5
Trying to pull quay.io/bennye_hh/omniportal:0.0.7-dev.5...
Getting image source signatures
Copying blob c6556b3b6858 done
Copying blob 6fcb34aff92a done
Copying blob cc847055b6ed done
Copying blob eb59b4321d1a done
Copying blob 8e3ee81ebede done
Copying blob 62a9257cdbac done
Copying blob 627e3277a97e done
Copying blob 3a27312b5662 done
Copying blob c626bb6f5f66 done
Copying blob 8fc6102b0b82 done
Copying config 82b5820d55 done
Writing manifest to image destination
Storing signatures
66ba1a2dd3bb00e1e56ae34ccf42e065d496cc0a38a8e8a23155a0118ddd6e39
pi@raspberrypi:~ $ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
quay.io/bennye_hh/omniportal 0.0.7-dev.5 82b5820d557c 17 hours ago 126 MB
pi@raspberrypi:~ $ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
66ba1a2dd3bb quay.io/bennye_hh/omniportal:0.0.7-dev.5 ./entrypoint.sh 4 minutes ago Up 4 minutes ago 0.0.0.0:5000->5000/tcp omniportal
pi@raspberrypi:~ $ podman stop -l
66ba1a2dd3bb00e1e56ae34ccf42e065d496cc0a38a8e8a23155a0118ddd6e39
You are able to run OmniPortal on your favorite flavour of kubernetes. The following outputs are taken from my Rancher Desktop on Apple MBP with Apple Silicon.
The container images are available for amd64, arm & arm64 from: quay.io/bennye_hh/omniportal
benny@Bennys-MacBook-Pro ~ % kubectl get nodes
NAME STATUS ROLES AGE VERSION
lima-rancher-desktop Ready control-plane,master 66m v1.24.6+k3s1
benny@Bennys-MacBook-Pro ~ % kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system svclb-traefik-748d5f86-hbw84 2/2 Running 0 66m
kube-system helm-install-traefik-crd-877ks 0/1 Completed 0 66m
kube-system helm-install-traefik-xg99r 0/1 Completed 0 66m
kube-system coredns-b96499967-msv6t 1/1 Running 0 66m
kube-system traefik-7cd4fcff68-lbsjg 1/1 Running 0 66m
kube-system metrics-server-668d979685-26zrm 1/1 Running 0 66m
kube-system local-path-provisioner-7b7dc8d6f5-dwjbb 1/1 Running 0 66m
benny@Bennys-MacBook-Pro ~ % kubectl get sc
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
local-path (default) rancher.io/local-path Delete WaitForFirstConsumer false 66m
Change directory to where you cloned/downloaded the OmniPortal deploy .yaml files.
benny@Bennys-MacBook-Pro ~ % cd python/omniportal/deploy
Adapt ingress-omniportal.yaml to your needs. If you run Rancher Desktop, you can access the OmniPortal at http(s)://omniportal.127.0.0.1.sslip.io.
Note that the HTTPS/TLS certificate is the default certificate coming with Traefik and will throw an error message in your browser.
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: traefik
name: ingress-omniportal
spec:
rules:
- host: omniportal.127.0.0.1.sslip.io
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: omniportal
port:
number: 5000
After you adapted the configuration to your needs, validate before deployment.
benny@Bennys-MacBook-Pro deploy % kubectl apply --dry-run=client -o yaml -k . --validate=true
apiVersion: v1
items:
- apiVersion: v1
kind: Namespace
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{},"name":"omniportal"},"spec":{}}
creationTimestamp: "2022-10-22T12:08:34Z"
labels:
kubernetes.io/metadata.name: omniportal
name: omniportal
# ... a lot more output
Assuming that everything went fine, we deploy OmniPortal now.
benny@Bennys-MacBook-Pro deploy % kubectl apply -k .
namespace/omniportal created
service/omniportal created
persistentvolumeclaim/omniportal created
deployment.apps/omniportal created
ingress.networking.k8s.io/ingress-omniportal created
Synopsis: OmniPortal not available
Reason: Readiness probe failed
Solution: Fixed in >= v0.0.2
benny@Bennys-MacBook-Pro deploy % kubectl -n omniportal get pods
NAME READY STATUS RESTARTS AGE
omniportal-69d887b7b7-rzb6g 0/1 Running 0 26s
benny@Bennys-MacBook-Pro deploy % kubectl -n omniportal get events
LAST SEEN TYPE REASON OBJECT MESSAGE
67s Normal WaitForFirstConsumer persistentvolumeclaim/omniportal waiting for first consumer to be created before binding
67s Normal ScalingReplicaSet deployment/omniportal Scaled up replica set omniportal-69d887b7b7 to 1
67s Normal SuccessfulCreate replicaset/omniportal-69d887b7b7 Created pod: omniportal-69d887b7b7-rzb6g
67s Normal ExternalProvisioning persistentvolumeclaim/omniportal waiting for a volume to be created, either by external provisioner "rancher.io/local-path" or manually created by system administrator
67s Normal Provisioning persistentvolumeclaim/omniportal External provisioner is provisioning volume for claim "omniportal/omniportal"
64s Normal ProvisioningSucceeded persistentvolumeclaim/omniportal Successfully provisioned volume pvc-dabe3ec3-61e8-4266-96c6-793c1ce04112
62s Normal Scheduled pod/omniportal-69d887b7b7-rzb6g Successfully assigned omniportal/omniportal-69d887b7b7-rzb6g to lima-rancher-desktop
62s Normal Pulling pod/omniportal-69d887b7b7-rzb6g Pulling image "quay.io/bennye_hh/omniportal:latest"
53s Normal Pulled pod/omniportal-69d887b7b7-rzb6g Successfully pulled image "quay.io/bennye_hh/omniportal:latest" in 9.649704921s
53s Normal Created pod/omniportal-69d887b7b7-rzb6g Created container omniportal
53s Normal Started pod/omniportal-69d887b7b7-rzb6g Started container omniportal
2s Warning Unhealthy pod/omniportal-69d887b7b7-rzb6g Readiness probe failed: HTTP probe failed with statuscode: 404
benny@Bennys-MacBook-Pro deploy % kubectl -n omniportal exec -it omniportal-69d887b7b7-rzb6g -- bash
root@omniportal-69d887b7b7-rzb6g:/usr/src/app#
(In the meantime I fixed the path for the readiness probe in deployment-omniportal.yaml)
benny@Bennys-MacBook-Pro deploy % kubectl apply -k .
namespace/omniportal unchanged
service/omniportal unchanged
persistentvolumeclaim/omniportal unchanged
deployment.apps/omniportal configured
ingress.networking.k8s.io/ingress-omniportal unchanged
benny@Bennys-MacBook-Pro deploy % kubectl -n omniportal get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
omniportal 1/1 1 1 9m37s
benny@Bennys-MacBook-Pro deploy % kubectl -n omniportal get pods
NAME READY STATUS RESTARTS AGE
omniportal-57f97c5f4f-lsg95 1/1 Running 0 20s
omniportal-69d887b7b7-rzb6g 0/1 Terminating 0 9m46s
benny@Bennys-MacBook-Pro deploy % kubectl -n omniportal describe node lima-rancher-desktop
Name: lima-rancher-desktop
Roles: control-plane,master
benny@Bennys-MacBook-Pro deploy % kubectl -n omniportal get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-omniportal <none> omniportal.127.0.0.1.sslip.io 192.168.11.197 80 4h40m
OmniPortal uses a local-path storage class. In Rancher Desktop this can be found inside the lima-rancher-desktop VM.
You may need to access this to remove/edit files after changes that are marked as BREAKING-CHANGE!
benny@Bennys-MacBook-Pro deploy % kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-dabe3ec3-61e8-4266-96c6-793c1ce04112 500Mi RWO Delete Bound omniportal/omniportal local-path 4h51m
benny@Bennys-MacBook-Pro % rdctl shell
lima-rancher-desktop$ sudo su -
lima-rancher-desktop:~# cd /var/lib/rancher/k3s/storage
lima-rancher-desktop:/var/lib/rancher/k3s/storage# ls
pvc-dabe3ec3-61e8-4266-96c6-793c1ce04112_omniportal_omniportal
lima-rancher-desktop:/var/lib/rancher/k3s/storage# cd pvc-dabe3ec3-61e8-4266-96c6-793c1ce04112_omniportal_omniportal/
lima-rancher-desktop:/var/lib/rancher/k3s/storage/pvc-dabe3ec3-61e8-4266-96c6-793c1ce04112_omniportal_omniportal# ls
omniportal_secret_key.json omniportal_users.json
benny@Bennys-MacBook-Pro deploy % kubectl -n omniportal get pods
NAME READY STATUS RESTARTS AGE
omniportal-6f8747c587-bsqkk 1/1 Running 0 159m
benny@Bennys-MacBook-Pro deploy % kubectl -n omniportal logs omniportal-6f8747c587-bsqkk
* Serving Flask app 'omniportal'
* Debug mode: off
Edit the messages.po in the translations/de/LC_MESSAGES or e.g. translations/es/LC_MESSAGES
.venv/bin/pybabel extract -F babel.cfg -k _l -o messages.pot .
.venv/bin/pybabel update -i messages.pot -d translations
.venv/bin/pybabel compile -d translations
- There is no logic yet that handles "running on OmniSwitch with AOS R8"
- No Adaptive Card is sent yet after creating the Employee account
- The code could need some structuring into multiple files
- Possibly it would make sense to move to sqlite instead of JSON files, to be evaluated later
- Integrate with Grafana/Prometheus
- Review which options are there for k8s/traefik (ingress) HTTPS certificates
- Avaya OneCloud CPaaS (for e.g. SMS) is not implemented yet
- Buttons in "guest-accounts"-overview should be functional
- Evaluate an escalation if password modifiction is attempted with wrong token
- Allow employees to self-register for an account (e.g. for given domains on allowlist)
- Update functions for undesireable words in username/password
- Offer an option to set $TZ in container runtime to address for UTC vs. local time (e.g. CET / Europe/Berlin)
- Implement email notifications DONE >= v0.0.7
- i18n for email-notifications (for EN/DE) DONE >= v0.0.7
- Added "podman" instructions and example on how to run OmniPortal on Raspberry Pi
- "Guest" and "Admin"-role are the two only roles taken into account so far
BREAKING-CHANGEDONE >= v0.0.6 - Rework employee module to allow creation of employee-users which are stored with a pseudo-account in cloud DONE >= v0.0.6
- Store OmniPortal passwords only as a hash DONE >= v0.0.6
BREAKING-CHANGE
- Switch to Python v3.9 Alpine Linux image to make the security scanner of Quay.io happy DONE >= v0.0.4
- Update Dockerfile to do
apt update,apt dist-upgrade&apt cleanto collect latest updates DONE >= v0.0.3 - Update deployment-omniportal.yaml to a given version e.g. :0.0.3 instead of :latest DONE >= v0.0.3
- Create app.secret_key, omniportal_users & omniportal_settings automatically if those don't exist and store in conf directory DONE >= v0.0.2
- Create Dockerfile & distribute via Quay.io DONE >= v0.0.2 (Thanks to
for the help!)
- Figure out how to setup & deploy OmniPortal to Rancher Desktop (k3s/k8s) DONE >= v0.0.2 (Thanks to
- Setup fully automated GitHub Actions Workflow for multi-architecture container images DONE >= v0.0.2 (Thanks to
