From 08e93406376e318c8e935716403d2366c8402bb8 Mon Sep 17 00:00:00 2001 From: Instrumental Date: Wed, 3 Oct 2018 08:38:52 -0500 Subject: Create Helm Instantiation Issue-ID: AAF-517 Change-Id: I67c8408baa62a779fe5f7fa945dab2f8f9919f39 Signed-off-by: Instrumental --- auth/.gitignore | 3 +- auth/auth-cass/cass_init/cmd.sh | 49 +++++- auth/auth-cass/docker/Dockerfile.cass | 2 +- auth/auth-cass/docker/dbuild.sh | 1 + auth/auth-cass/docker/dinstall.sh | 4 +- auth/auth-cass/docker/drun.sh | 2 +- auth/docker/Dockerfile.ms | 2 + auth/docker/dbuild.sh | 8 + auth/helm/aaf/.helmignore | 21 +++ auth/helm/aaf/Chart.yaml | 5 + auth/helm/aaf/templates/NOTES.txt | 1 + auth/helm/aaf/templates/aaf-pod.yaml | 296 ++++++++++++++++++++++++++++++++ auth/helm/aaf/templates/cass_pv.yaml | 24 +++ auth/helm/aaf/templates/cass_pvc.yaml | 29 ++++ auth/helm/aaf/templates/config_pv.yaml | 24 +++ auth/helm/aaf/templates/config_pvc.yaml | 29 ++++ auth/helm/aaf/templates/logs_pv.yaml | 25 +++ auth/helm/aaf/templates/logs_pvc.yaml | 29 ++++ auth/helm/aaf/values.yaml | 68 ++++++++ auth/sample/bin/pod_wait.sh | 50 ++++++ conf/CA/bootstrap.sh | 6 +- conf/onap.sample.signer.p12 | Bin 2850 -> 0 bytes 22 files changed, 661 insertions(+), 17 deletions(-) create mode 100644 auth/helm/aaf/.helmignore create mode 100644 auth/helm/aaf/Chart.yaml create mode 100644 auth/helm/aaf/templates/NOTES.txt create mode 100644 auth/helm/aaf/templates/aaf-pod.yaml create mode 100644 auth/helm/aaf/templates/cass_pv.yaml create mode 100644 auth/helm/aaf/templates/cass_pvc.yaml create mode 100644 auth/helm/aaf/templates/config_pv.yaml create mode 100644 auth/helm/aaf/templates/config_pvc.yaml create mode 100644 auth/helm/aaf/templates/logs_pv.yaml create mode 100644 auth/helm/aaf/templates/logs_pvc.yaml create mode 100644 auth/helm/aaf/values.yaml create mode 100644 auth/sample/bin/pod_wait.sh delete mode 100644 conf/onap.sample.signer.p12 diff --git a/auth/.gitignore b/auth/.gitignore index 943f63bf..6adb71d5 100644 --- a/auth/.gitignore +++ b/auth/.gitignore @@ -2,6 +2,5 @@ /.project /target/ /aaf_* -/deploy.gz +/*.gz /createLocalDeploy.sh -/helm diff --git a/auth/auth-cass/cass_init/cmd.sh b/auth/auth-cass/cass_init/cmd.sh index 056faed7..09379730 100644 --- a/auth/auth-cass/cass_init/cmd.sh +++ b/auth/auth-cass/cass_init/cmd.sh @@ -2,12 +2,24 @@ # # Engage normal Cass Init, then check for data installation # +DIR="/opt/app/aaf/status" + if [ ! -e /aaf_cmd ]; then ln -s /opt/app/aaf/cass_init/cmd.sh /aaf_cmd chmod u+x /aaf_cmd fi +function status { + if [ -d "$DIR" ]; then + echo "$@" + echo "$@" > $DIR/aaf_cass + fi +} + function install_cql { + status install + sleep 10 + status wait for cassandra to start # Now, make sure data exists if [ "$(/usr/bin/cqlsh -e 'describe keyspaces' | grep authz)" = "" ]; then for CNT in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15; do @@ -27,25 +39,23 @@ function install_cql { cd /opt/app/aaf/cass_init echo " cqlsh -f keyspace.cql" /usr/bin/cqlsh -f keyspace.cql + status keyspace installed echo " cqlsh -f init.cql" /usr/bin/cqlsh -f init.cql + status data initialized echo "" echo "The following will give you a temporary identity with which to start working, or emergency" echo " cqlsh -f temp_identity.cql" fi fi + status $1 } -case "$1" in - start) - # Startup like normal - echo "Cassandra Startup" - /usr/local/bin/docker-entrypoint.sh - ;; - onap) - install_cql +function install_onap { + install_cql initialized # Change date expiring dat files to more recent + status Creating ONAP Identities ID_FILE=/opt/app/aaf/cass_init/sample.identities.dat if [ -e $ID_FILE ]; then DATE=$(date "+%Y-%m-%d %H:%M:%S.000+0000" -d "+6 months") @@ -77,13 +87,34 @@ case "$1" in done # Change UserRole + status Setting up User Roles mv dats/user_role.dat tmp sed "s/\(^.*|\)\(.*|\)\(.*|\)\(.*\)/\1${DATE}|\3\4/" tmp > dats/user_role.dat # Remove ID File, which is marker for initializing Creds rm $ID_FILE fi - bash push.sh + status Pushing data to cassandra + bash push.sh + status ready +} + +case "$1" in + start) + # start install_cql in background, waiting for process to start + install_cql ready & + + # Startup like normal + echo "Cassandra Startup" + /usr/local/bin/docker-entrypoint.sh + ;; + onap) + # start install_onap (which calls install_cql first) in background, waiting for process to start + install_onap & + + # Startup like normal + echo "Cassandra Startup" + /usr/local/bin/docker-entrypoint.sh ;; esac diff --git a/auth/auth-cass/docker/Dockerfile.cass b/auth/auth-cass/docker/Dockerfile.cass index 1f2b2b13..d4487f9d 100644 --- a/auth/auth-cass/docker/Dockerfile.cass +++ b/auth/auth-cass/docker/Dockerfile.cass @@ -13,5 +13,5 @@ COPY sample.identities.dat /opt/app/aaf/cass_init/ ENTRYPOINT ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh"] CMD ["start"] -# Default is to start up like normal +# Default is to start up with CQL setup only diff --git a/auth/auth-cass/docker/dbuild.sh b/auth/auth-cass/docker/dbuild.sh index f26d73a5..aeef3293 100644 --- a/auth/auth-cass/docker/dbuild.sh +++ b/auth/auth-cass/docker/dbuild.sh @@ -20,6 +20,7 @@ cp sample/data/sample.identities.dat auth-cass docker build -t ${ORG}/${PROJECT}/aaf_cass:${VERSION} auth-cass docker tag ${ORG}/${PROJECT}/aaf_cass:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_cass:${VERSION} +docker tag ${ORG}/${PROJECT}/aaf_cass:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_cass:latest cd - rm Dockerfile diff --git a/auth/auth-cass/docker/dinstall.sh b/auth/auth-cass/docker/dinstall.sh index 045d5f2f..c21b7fcc 100644 --- a/auth/auth-cass/docker/dinstall.sh +++ b/auth/auth-cass/docker/dinstall.sh @@ -2,6 +2,6 @@ . drun.sh -echo $DOCKER -docker exec -it aaf_cass bash aaf_cmd onap +# echo $DOCKER +# docker exec -it aaf_cass bash aaf_cmd onap diff --git a/auth/auth-cass/docker/drun.sh b/auth/auth-cass/docker/drun.sh index 4e56ce18..081411b3 100644 --- a/auth/auth-cass/docker/drun.sh +++ b/auth/auth-cass/docker/drun.sh @@ -31,7 +31,7 @@ if [ "`$DOCKER ps -a | grep aaf_cass`" == "" ]; then -e CASSANDRA_DC=dc1 \ -e CASSANDRA_CLUSTER_NAME=osaaf \ --mount 'type=volume,src=aaf_cass_data,dst=/var/lib/cassandra,volume-driver=local' \ - -d ${PREFIX}${ORG}/${PROJECT}/aaf_cass:${VERSION} + -d ${PREFIX}${ORG}/${PROJECT}/aaf_cass:${VERSION} "onap" else $DOCKER start aaf_cass fi diff --git a/auth/docker/Dockerfile.ms b/auth/docker/Dockerfile.ms index 121bd06c..c1d9d0d5 100644 --- a/auth/docker/Dockerfile.ms +++ b/auth/docker/Dockerfile.ms @@ -5,6 +5,8 @@ ENV VERSION=${AAF_VERSION} LABEL description="aaf_${AAF_COMPONENT}" LABEL version=${AAF_VERSION} +COPY pod/* /opt/app/aaf/pod/ + CMD ["/bin/bash","-c","/opt/app/aaf/bin/${AAF_COMPONENT}"] # For Debugging installation diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh index 94fc7f46..e0a866a0 100755 --- a/auth/docker/dbuild.sh +++ b/auth/docker/dbuild.sh @@ -25,11 +25,13 @@ cp -Rf ../conf/CA sample sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' docker/Dockerfile.config > sample/Dockerfile docker build -t ${ORG}/${PROJECT}/aaf_config:${VERSION} sample docker tag ${ORG}/${PROJECT}/aaf_config:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_config:${VERSION} +docker tag ${ORG}/${PROJECT}/aaf_config:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/latest # AAF Agent Image (for Clients) sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' docker/Dockerfile.client > sample/Dockerfile docker build -t ${ORG}/${PROJECT}/aaf_agent:${VERSION} sample docker tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:${VERSION} +docker tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:latest # Clean up rm sample/Dockerfile sample/bin/aaf-cadi-aaf-${VERSION}-full.jar @@ -44,6 +46,7 @@ sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT cd .. docker build -t ${ORG}/${PROJECT}/aaf_core:${VERSION} aaf_${VERSION} docker tag ${ORG}/${PROJECT}/aaf_core:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_core:${VERSION} +docker tag ${ORG}/${PROJECT}/aaf_core:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_core:latest rm aaf_${VERSION}/Dockerfile cd - @@ -53,12 +56,17 @@ else AAF_COMPONENTS=$1 fi +mkdir -p ../aaf_${VERSION}/pod +cp ../sample/bin/pod_wait.sh ../aaf_${VERSION}/pod for AAF_COMPONENT in ${AAF_COMPONENTS}; do echo Building aaf_$AAF_COMPONENT... sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' Dockerfile.ms >../aaf_${VERSION}/Dockerfile cd .. docker build -t ${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} aaf_${VERSION} docker tag ${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} + docker tag ${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:latest rm aaf_${VERSION}/Dockerfile cd - done +rm ../aaf_${VERSION}/pod/* +rmdir ../aaf_${VERSION}/pod diff --git a/auth/helm/aaf/.helmignore b/auth/helm/aaf/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/auth/helm/aaf/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/auth/helm/aaf/Chart.yaml b/auth/helm/aaf/Chart.yaml new file mode 100644 index 00000000..62942d91 --- /dev/null +++ b/auth/helm/aaf/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: AAF Helm Chart +name: aaf +version: 2.1.2-SNAPSHOT diff --git a/auth/helm/aaf/templates/NOTES.txt b/auth/helm/aaf/templates/NOTES.txt new file mode 100644 index 00000000..a6805571 --- /dev/null +++ b/auth/helm/aaf/templates/NOTES.txt @@ -0,0 +1 @@ +AAF Persistence basics loaded diff --git a/auth/helm/aaf/templates/aaf-pod.yaml b/auth/helm/aaf/templates/aaf-pod.yaml new file mode 100644 index 00000000..031a45b3 --- /dev/null +++ b/auth/helm/aaf/templates/aaf-pod.yaml @@ -0,0 +1,296 @@ +kind: Pod +apiVersion: v1 +metadata: + name: {{ .Values.cadi.hostname }} + namespace: {{ .Values.global.common.namespace }} +spec: + volumes: + - name: {{ .Chart.Name }}-config-vol + persistentVolumeClaim: + claimName: {{ .Chart.Name }}-config-pvc + - name: {{ .Chart.Name }}-logs-vol + persistentVolumeClaim: + claimName: {{ .Chart.Name }}-logs-pvc + - name: {{ .Chart.Name }}-cass-vol + persistentVolumeClaim: + claimName: {{ .Chart.Name }}-cass-pvc + # Use this Pod Sharing dir to declare various States of starting + - name: {{ .Chart.Name }}-pod-status + emptyDir: {} + hostAliases: + - ip: "127.0.0.1" + hostnames: + - "cass.{{ .Values.cadi.hostname }}" + - "service.{{ .Values.cadi.hostname }}" + - "locate.{{ .Values.cadi.hostname }}" + - "oauth.{{ .Values.cadi.hostname }}" + - "gui.{{ .Values.cadi.hostname }}" + - "cm.{{ .Values.cadi.hostname }}" + - "hello.{{ .Values.cadi.hostname }}" + - "fs.{{ .Values.cadi.hostname }}" +### +### DEFINE THE CONTAINERS +### + +### +### INIT Containers +### + containers: + initContainers: + - name: {{ .Chart.Name }}-config-container + image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }} + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: {{ .Chart.Name }}-config-vol + env: + - name: HOSTNAME + value: "{{ .Values.cadi.hostname }}" + - name: AAF_ENV + value: "{{ .Values.cadi.aaf_env }}" + - name: AAF_REGISTER_AS + value: "{{ .Values.cadi.aaf_register_as }}" + - name: LATITUDE + value: "{{ .Values.cadi.cadi_latitude }}" + - name: LONGITUDE + value: "{{ .Values.cadi.cadi_longitude }}" +### +### Regular Containers +### + containers: +### +### AAF-CASS +### + - name: {{ .Chart.Name }}-cass + image: {{ .Values.image.repository }}onap/aaf/aaf_cass:{{ .Values.image.version }} + imagePullPolicy: IfNotPresent + # installing with cmd "onap" will not only initialize the DB, but add ONAP bootstrap data as well + command: ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh","onap"] + volumeMounts: + - mountPath: "/data" + name: {{ .Chart.Name }}-cass-vol + - mountPath: "/opt/app/aaf/status" + name: {{ .Chart.Name }}-pod-status + ports: + - name: storage + containerPort: 7000 + - name: ssl-storage + containerPort: 7001 + - name: native-trans + containerPort: 9042 + - name: rpc + containerPort: 9160 + env: + - name: CASSANDRA_CLUSTER_NAME + value: "osaaf" + - name: CASSANDRA_DC + value: "dc1" + - name: HEAP_NEWSIZE + value: "512M" + - name: MAX_HEAP_SIZE + value: "1024M" +### +### AAF-Service +### + - name: {{ .Chart.Name }}-service + image: {{ .Values.image.repository }}onap/aaf/aaf_service:{{ .Values.image.version }} + imagePullPolicy: IfNotPresent + command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_service","aaf_cass","/opt/app/aaf/bin/service"] + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: {{ .Chart.Name }}-config-vol + - mountPath: "/opt/app/aaf/status" + name: {{ .Chart.Name }}-pod-status + ports: + - name: service + protocol: TCP + containerPort: 8100 + hostPort: 8100 + env: + - name: HOSTNAME + value: "{{ .Values.cadi.hostname }}" + - name: AAF_ENV + value: "{{ .Values.cadi.aaf_env }}" + - name: AAF_REGISTER_AS + value: "{{ .Values.cadi.aaf_register_as }}" + - name: LATITUDE + value: "{{ .Values.cadi.cadi_latitude }}" + - name: LONGITUDE + value: "{{ .Values.cadi.cadi_longitude }}" + - name: CASS_HOST + value: "cass.{{ .Values.cadi.hostname }}:127.0.0.1" +### +### AAF-Locate +### + - name: {{ .Chart.Name }}-locate + image: {{ .Values.image.repository }}onap/aaf/aaf_locate:{{ .Values.image.version }} + imagePullPolicy: IfNotPresent + command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_locate","aaf_service","/opt/app/aaf/bin/locate"] + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: {{ .Chart.Name }}-config-vol + - mountPath: "/opt/app/aaf/status" + name: {{ .Chart.Name }}-pod-status + ports: + - name: locate + protocol: TCP + containerPort: 8095 + hostPort: 443 + env: + - name: HOSTNAME + value: "{{ .Values.cadi.hostname }}" + - name: AAF_ENV + value: "{{ .Values.cadi.aaf_env }}" + - name: AAF_REGISTER_AS + value: "{{ .Values.cadi.aaf_register_as }}" + - name: LATITUDE + value: "{{ .Values.cadi.cadi_latitude }}" + - name: LONGITUDE + value: "{{ .Values.cadi.cadi_longitude }}" + - name: CASS_HOST + value: "cass.{{ .Values.cadi.hostname }}:127.0.0.1" +### +### AAF-OAuth +### + - name: {{ .Chart.Name }}-oauth + image: {{ .Values.image.repository }}onap/aaf/aaf_oauth:{{ .Values.image.version }} + imagePullPolicy: IfNotPresent + command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_oauth","aaf_service","/opt/app/aaf/bin/oauth"] + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: {{ .Chart.Name }}-config-vol + - mountPath: "/opt/app/aaf/status" + name: {{ .Chart.Name }}-pod-status + ports: + - name: oauth + protocol: TCP + containerPort: 8140 + hostPort: 8140 + env: + - name: HOSTNAME + value: "{{ .Values.cadi.hostname }}" + - name: AAF_ENV + value: "{{ .Values.cadi.aaf_env }}" + - name: AAF_REGISTER_AS + value: "{{ .Values.cadi.aaf_register_as }}" + - name: LATITUDE + value: "{{ .Values.cadi.cadi_latitude }}" + - name: LONGITUDE + value: "{{ .Values.cadi.cadi_longitude }}" + - name: CASS_HOST + value: "cass.{{ .Values.cadi.hostname }}:127.0.0.1" +### +### AAF-Gui +### + - name: {{ .Chart.Name }}-gui + image: {{ .Values.image.repository }}onap/aaf/aaf_gui:{{ .Values.image.version }} + imagePullPolicy: IfNotPresent + command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_gui","aaf_locate","/opt/app/aaf/bin/gui"] + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: {{ .Chart.Name }}-config-vol + - mountPath: "/opt/app/aaf/status" + name: {{ .Chart.Name }}-pod-status + ports: + - name: gui + protocol: TCP + containerPort: 8200 + hostPort: 8200 + env: + - name: HOSTNAME + value: "{{ .Values.cadi.hostname }}" + - name: AAF_ENV + value: "{{ .Values.cadi.aaf_env }}" + - name: AAF_REGISTER_AS + value: "{{ .Values.cadi.aaf_register_as }}" + - name: LATITUDE + value: "{{ .Values.cadi.cadi_latitude }}" + - name: LONGITUDE + value: "{{ .Values.cadi.cadi_longitude }}" + - name: CASS_HOST + value: "cass.{{ .Values.cadi.hostname }}:127.0.0.1" +### +### AAF-Certman +### + - name: {{ .Chart.Name }}-cm + image: {{ .Values.image.repository }}onap/aaf/aaf_cm:{{ .Values.image.version }} + imagePullPolicy: IfNotPresent + command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_cm","aaf_locate","/opt/app/aaf/bin/cm"] + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: {{ .Chart.Name }}-config-vol + - mountPath: "/opt/app/aaf/status" + name: {{ .Chart.Name }}-pod-status + ports: + - name: cm + protocol: TCP + containerPort: 8150 + hostPort: 8150 + env: + - name: HOSTNAME + value: "{{ .Values.cadi.hostname }}" + - name: AAF_ENV + value: "{{ .Values.cadi.aaf_env }}" + - name: AAF_REGISTER_AS + value: "{{ .Values.cadi.aaf_register_as }}" + - name: LATITUDE + value: "{{ .Values.cadi.cadi_latitude }}" + - name: LONGITUDE + value: "{{ .Values.cadi.cadi_longitude }}" + - name: CASS_HOST + value: "cass.{{ .Values.cadi.hostname }}:127.0.0.1" +### +### AAF-FS +### + - name: {{ .Chart.Name }}-fs + image: {{ .Values.image.repository }}onap/aaf/aaf_fs:{{ .Values.image.version }} + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: {{ .Chart.Name }}-config-vol + ports: + - name: fs + protocol: TCP + containerPort: 8096 + hostPort: 80 + env: + - name: HOSTNAME + value: "{{ .Values.cadi.hostname }}" + - name: AAF_ENV + value: "{{ .Values.cadi.aaf_env }}" + - name: AAF_REGISTER_AS + value: "{{ .Values.cadi.aaf_register_as }}" + - name: LATITUDE + value: "{{ .Values.cadi.cadi_latitude }}" + - name: LONGITUDE + value: "{{ .Values.cadi.cadi_longitude }}" +### +### AAF-Hello +### + - name: {{ .Chart.Name }}-hello + image: {{ .Values.image.repository }}onap/aaf/aaf_hello:{{ .Values.image.version }} + imagePullPolicy: IfNotPresent + command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_hello","aaf_locate","/opt/app/aaf/bin/hello"] + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: {{ .Chart.Name }}-config-vol + - mountPath: "/opt/app/aaf/status" + name: {{ .Chart.Name }}-pod-status + ports: + - name: hello + protocol: TCP + containerPort: 8130 + hostPort: 8130 + env: + - name: HOSTNAME + value: "{{ .Values.cadi.hostname }}" + - name: AAF_ENV + value: "{{ .Values.cadi.aaf_env }}" + - name: AAF_REGISTER_AS + value: "{{ .Values.cadi.aaf_register_as }}" + - name: LATITUDE + value: "{{ .Values.cadi.cadi_latitude }}" + - name: LONGITUDE + value: "{{ .Values.cadi.cadi_longitude }}" + - name: CASS_HOST + value: "cass.{{ .Values.cadi.hostname }}:127.0.0.1" diff --git a/auth/helm/aaf/templates/cass_pv.yaml b/auth/helm/aaf/templates/cass_pv.yaml new file mode 100644 index 00000000..c4b075b5 --- /dev/null +++ b/auth/helm/aaf/templates/cass_pv.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ .Chart.Name }}-cass-pv + namespace: {{ .Values.global.common.namespace }} + labels: + app: {{ .Chart.Name }}-cass +spec: + capacity: + storage: {{ .Values.persistence.cass.size}} + accessModes: + - {{ .Values.persistence.cass.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.cass.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.persistence.mountPath }}/{{ .Values.persistence.cass.mountSubPath }} +{{- if .Values.persistence.cass.storageClass }} +{{- if (eq "-" .Values.persistence.cass.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.cass.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/auth/helm/aaf/templates/cass_pvc.yaml b/auth/helm/aaf/templates/cass_pvc.yaml new file mode 100644 index 00000000..53a04cf8 --- /dev/null +++ b/auth/helm/aaf/templates/cass_pvc.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ .Chart.Name }}-cass-pvc + namespace: {{ .Values.global.common.namespace }} + labels: + app: {{ .Chart.Name }}-cass +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app: {{ .Chart.Name }}-cass + accessModes: + - {{ .Values.persistence.cass.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.cass.size }} +{{- if .Values.persistence.cass.storageClass }} +{{- if (eq "-" .Values.persistence.cass.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.cass.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/auth/helm/aaf/templates/config_pv.yaml b/auth/helm/aaf/templates/config_pv.yaml new file mode 100644 index 00000000..b43655a6 --- /dev/null +++ b/auth/helm/aaf/templates/config_pv.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ .Chart.Name }}-config-pv + namespace: {{ .Values.global.common.namespace }} + labels: + app: {{ .Chart.Name }}-config +spec: + capacity: + storage: {{ .Values.persistence.config.size}} + accessModes: + - {{ .Values.persistence.config.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.config.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.persistence.mountPath }}/{{ .Values.persistence.config.mountSubPath }} +{{- if .Values.persistence.config.storageClass }} +{{- if (eq "-" .Values.persistence.config.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.config.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/auth/helm/aaf/templates/config_pvc.yaml b/auth/helm/aaf/templates/config_pvc.yaml new file mode 100644 index 00000000..ecc0b0f5 --- /dev/null +++ b/auth/helm/aaf/templates/config_pvc.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ .Chart.Name }}-config-pvc + namespace: {{ .Values.global.common.namespace }} + labels: + app: {{ .Chart.Name }}-config +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app: {{ .Chart.Name }}-config + accessModes: + - {{ .Values.persistence.config.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.config.size }} +{{- if .Values.persistence.config.storageClass }} +{{- if (eq "-" .Values.persistence.config.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.config.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/auth/helm/aaf/templates/logs_pv.yaml b/auth/helm/aaf/templates/logs_pv.yaml new file mode 100644 index 00000000..608d0f99 --- /dev/null +++ b/auth/helm/aaf/templates/logs_pv.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ .Chart.Name }}-logs-pv + namespace: {{ .Values.global.common.namespace }} + labels: + app: {{ .Chart.Name }}-logs + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" +spec: + capacity: + storage: {{ .Values.persistence.logs.size}} + accessModes: + - {{ .Values.persistence.logs.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.logs.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.persistence.mountPath }}/{{ .Values.persistence.logs.mountSubPath }} +{{- if .Values.persistence.logs.storageClass }} +{{- if (eq "-" .Values.persistence.logs.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.logs.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/auth/helm/aaf/templates/logs_pvc.yaml b/auth/helm/aaf/templates/logs_pvc.yaml new file mode 100644 index 00000000..bd704cdc --- /dev/null +++ b/auth/helm/aaf/templates/logs_pvc.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ .Chart.Name }}-logs-pvc + namespace: {{ .Values.global.common.namespace }} + labels: + app: {{ .Chart.Name }}-logs +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app: {{ .Chart.Name }}-logs + accessModes: + - {{ .Values.persistence.logs.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.logs.size }} +{{- if .Values.persistence.logs.storageClass }} +{{- if (eq "-" .Values.persistence.logs.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.logs.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/auth/helm/aaf/values.yaml b/auth/helm/aaf/values.yaml new file mode 100644 index 00000000..f3f1b1b6 --- /dev/null +++ b/auth/helm/aaf/values.yaml @@ -0,0 +1,68 @@ +# Default values for aaf. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +global: + persistence: + enabled: true + common: + namespace: onap + +ingress: + enabled: false + +cadi: + hostname: "aaf.osaaf.org" + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + aaf_env: "DEV" + aaf_register_as: "aaf.osaaf.org" + +persistence: + mountPath: "/mnt/data/aaf" + config: + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 2Gi + mountSubPath: "config" + storageClass: "manual" + logs: + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 2Gi + mountSubPath: "logs" + storageClass: "manual" + cass: + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 10Gi + mountSubPath: "cass" + storageClass: "manual" + +image: + # When using locally built Docker Container, set Repository to "" + repository: "" + # When using Docker Repo, add, and include trailing "/" + # repository: nexus3.onap.org:10003/ + # repository: localhost:5000/ + version: 2.1.2-SNAPSHOT + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/auth/sample/bin/pod_wait.sh b/auth/sample/bin/pod_wait.sh new file mode 100644 index 00000000..71773be7 --- /dev/null +++ b/auth/sample/bin/pod_wait.sh @@ -0,0 +1,50 @@ +#!/bin/bash +# +# A Script for use in Pods... Check for status files, and validate before moving on. +# +DIR="/opt/app/aaf/status" +APP=$1 +shift +OTHER=$1 +shift + +function status { + if [ -d "$DIR" ]; then + echo "$@" > $DIR/$APP + fi +} + +echo $APP $OTHER + +function check { + if [ -d "$DIR" ]; then + if [ -e "$DIR/$OTHER" ]; then + echo "$(cat $DIR/$OTHER)" + else + echo "$DIR/$OTHER does not exist" + fi + else + echo "$DIR does not exist" + fi +} + +echo "App $APP is waiting to start until $OTHER is ready" +status "waiting for $OTHER" + +n=0 +while [ $n -lt 40 ]; do + rv="$(check)" + echo "$OTHER is $rv" + if [ "$rv" = "ready" ]; then + # This is critical. Until status is literally "ready" in the status directory, no processes will start + status ready + echo "Starting $@" + n=10000 + else + (( ++n )) + echo "Sleep 10 (iteration $n)" + sleep 10 + fi +done + +eval "$@" diff --git a/conf/CA/bootstrap.sh b/conf/CA/bootstrap.sh index fba4d6a8..6d4e1aa5 100644 --- a/conf/CA/bootstrap.sh +++ b/conf/CA/bootstrap.sh @@ -81,7 +81,7 @@ echo Sign it openssl ca -batch -config openssl.conf -extensions server_cert \ -cert $SIGNER_CRT -keyfile $SIGNER_KEY \ -policy policy_loose \ - -days 90 \ + -days 365 \ -passin stdin \ -out $BOOTSTRAP_CRT \ -extfile $BOOTSTRAP_SAN \ @@ -94,8 +94,10 @@ EOF cat $BOOTSTRAP_CRT cp $BOOTSTRAP_CRT $BOOTSTRAP_CHAIN cat $SIGNER_CRT >> $BOOTSTRAP_CHAIN +cat $BOOTSTRAP_CHAIN # Note: Openssl will pickup and load all Certs in the Chain file +#openssl pkcs12 -name $FQI -export -in $BOOTSTRAP_CRT -inkey $BOOTSTRAP_KEY -CAfile $SIGNER_CRT -out $BOOTSTRAP_P12 -passin stdin -passout stdin << EOF openssl pkcs12 -name $FQI -export -in $BOOTSTRAP_CHAIN -inkey $BOOTSTRAP_KEY -out $BOOTSTRAP_P12 -passin stdin -passout stdin << EOF $PASSPHRASE $PASSPHRASE @@ -113,4 +115,4 @@ done echo $CADI_X509_ISSUER > $BOOTSTRAP_ISSUER # Cleanup -rm -f $BOOTSTRAP_SAN $BOOTSTRAP_KEY $BOOTSTRAP_CSR $BOOTSTRAP_CRT $BOOTSTRAP_CHAIN $SIGNER_KEY $SIGNER_CRT +rm -f $BOOTSTRAP_SAN $BOOTSTRAP_KEY $BOOTSTRAP_CSR $BOOTSTRAP_CRT $SIGNER_KEY $SIGNER_CRT $BOOTSTRAP_CHAIN diff --git a/conf/onap.sample.signer.p12 b/conf/onap.sample.signer.p12 deleted file mode 100644 index 8de21238..00000000 Binary files a/conf/onap.sample.signer.p12 and /dev/null differ -- cgit 1.2.3-korg