diff options
309 files changed, 18558 insertions, 0 deletions
diff --git a/.helmignore b/.helmignore new file mode 100644 index 0000000..daebc7d --- /dev/null +++ b/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..c4ad263 --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Active and Available Inventory +name: aai +version: 4.0.0 diff --git a/charts/aai-babel/.helmignore b/charts/aai-babel/.helmignore new file mode 100644 index 0000000..daebc7d --- /dev/null +++ b/charts/aai-babel/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/aai-babel/Chart.yaml b/charts/aai-babel/Chart.yaml new file mode 100644 index 0000000..fe1a4ce --- /dev/null +++ b/charts/aai-babel/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Babel microservice +name: aai-babel +version: 4.0.0 diff --git a/charts/aai-babel/requirements.yaml b/charts/aai-babel/requirements.yaml new file mode 100644 index 0000000..78e822e --- /dev/null +++ b/charts/aai-babel/requirements.yaml @@ -0,0 +1,22 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~4.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' diff --git a/charts/aai-babel/resources/config/artifact-generator.properties b/charts/aai-babel/resources/config/artifact-generator.properties new file mode 100644 index 0000000..e246b00 --- /dev/null +++ b/charts/aai-babel/resources/config/artifact-generator.properties @@ -0,0 +1,285 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +#action widget details +AAI.model-version-id.action=fd7fb09e-d930-41b9-b83f-cfde9df48640 +AAI.model-invariant-id.action=af593b4b-490e-4665-ad74-2f6351c0a7ce +#action-data widget details +AAI.model-invariant-id.action-data=9551346c-7d8b-4daf-9926-b93e96e2344a +AAI.model-version-id.action-data=2f80c596-27e5-4ca9-b5bb-e03a7fd4c0fd +#allotted-resource widget details +AAI.model-invariant-id.allotted-resource=f6d6a23d-a1a9-48ff-8419-b6530da2d381 +AAI.model-version-id.allotted-resource=7ad0915f-25c0-4a70-b9bc-185a75f87564 +#availability-zone widget details +AAI.model-version-id.availability-zone=6c092fb1-21b2-456b-9e01-67fb4de1896e +AAI.model-invariant-id.availability-zone=61b88c01-d819-41c0-8e21-7fd7ba47148e +#az-and-dvs-switches widget details +AAI.model-version-id.az-and-dvs-switches=b2dea88d-78a0-49bf-95c9-5819df08e966 +AAI.model-invariant-id.az-and-dvs-switches=53dc00d4-e6d9-48ec-b6cc-3d3797e9b896 +#class-of-service widget details +AAI.model-version-id.class-of-service=d2fb27cc-15eb-4c4e-828e-71d41aaecc5b +AAI.model-invariant-id.class-of-service=18094b19-d16d-4822-8acf-e92c6aefa178 +#cloud-region widget details +AAI.model-version-id.cloud-region=2a160989-b202-47dd-874b-4a0f275998f7 +AAI.model-invariant-id.cloud-region=425b2158-e51d-4509-9945-dad4556474a3 +#complex widget details +AAI.model-invariant-id.complex=af91c2f7-35fc-43cf-a13d-443f385b2353 +AAI.model-version-id.complex=3a8ab1ee-9220-4fe8-b89c-9251d160ddc2 +#configuration widget details +AAI.model-invariant-id.configuration=166c050d-f69d-4305-943e-0bc58c3a26cf +AAI.model-version-id.configuration=5a175add-57e4-4a5d-8b02-c36f1d69c52b +#connector widget details +AAI.model-version-id.connector=22104c9f-29fd-462f-be07-96cd6b46dd33 +AAI.model-invariant-id.connector=4c01c948-7607-4d66-8a6c-99c2c2717936 +#constrained-element-set widget details +AAI.model-invariant-id.constrained-element-set=c0292b4f-ee97-40cc-8c2e-f967c48f5701 +AAI.model-version-id.constrained-element-set=01102126-9c04-4a89-945b-b131e61e95d7 +#ctag-assignment widget details +AAI.model-version-id.ctag-assignment=44e5cb1f-0938-41aa-b766-d4595109fe89 +AAI.model-invariant-id.ctag-assignment=fcb8d46b-b656-4ad6-8fa4-22cef74b443f +#ctag-pool widget details +AAI.model-invariant-id.ctag-pool=46c51d4e-d67e-4a9c-b1f5-49b1e9c6fcaa +AAI.model-version-id.ctag-pool=2056c41f-23b9-4de7-9f50-819adad37d76 +#customer widget details +AAI.model-invariant-id.customer=c1d4305f-cdbd-4bbe-9069-a2f4978fd89e +AAI.model-version-id.customer=d4df5c27-98a1-4812-a8aa-c17f055b7a3f +#cvlan-tag-entry widget details +AAI.model-version-id.cvlan-tag-entry=c3878ffb-8d85-4114-bee6-e4074a9db10b +AAI.model-invariant-id.cvlan-tag-entry=245cf4b0-7cc5-4eea-bbd9-753e939adcab +#dvs-switch widget details +AAI.model-invariant-id.dvs-switch=98fbb471-1f86-428e-bd8a-c8a25de6fa23 +AAI.model-version-id.dvs-switch=4cb44ae8-e3ab-452a-9f95-bcc8a44c55ea +#edge-prop-names widget details +AAI.model-invariant-id.edge-prop-names=7a08cad4-8759-46a5-8245-095d1ba57ac6 +AAI.model-version-id.edge-prop-names=f0442326-8201-4d0e-857c-74b4ddcbfc9f +#element-choice-set widget details +AAI.model-invariant-id.element-choice-set=9a011958-7165-47a3-b872-00951d1f09ae +AAI.model-version-id.element-choice-set=af27fbfd-598d-44da-aeae-0f9d3a5fcd6a +#entitlement widget details +AAI.model-version-id.entitlement=7e27ba2e-b7db-4e13-9fae-d142152ef98a +AAI.model-invariant-id.entitlement=ae75b5a0-d5e1-4f3a-b8fb-37626a753da3 +#flavor widget details +AAI.model-invariant-id.flavor=bace8d1c-a261-4041-9e37-823117415d0f +AAI.model-version-id.flavor=36200fb5-f251-4f5d-a520-7c5ad5c2cd4b +#generic-vnf widget details +AAI.model-version-id.generic-vnf=93a6166f-b3d5-4f06-b4ba-aed48d009ad9 +AAI.model-invariant-id.generic-vnf=acc6edd8-a8d4-4b93-afaa-0994068be14c +#group-assignment widget details +AAI.model-invariant-id.group-assignment=7cc05f25-7ba2-42b7-a237-c5662a1689e1 +AAI.model-version-id.group-assignment=fe578080-ce19-4604-8760-fc264fbb2565 +#image widget details +AAI.model-version-id.image=f6a038c2-820c-42ba-8c2b-375e24e8f932 +AAI.model-invariant-id.image=3f4c7204-739b-4bbb-87a7-8a6856439c90 +#include-node-filter widget details +AAI.model-invariant-id.include-node-filter=2a2d8ad2-af0a-4e1f-9982-0c899e7dc827 +AAI.model-version-id.include-node-filter=f05f804d-7057-4ffe-bdc5-39f2f0c9c9fd +#instance-group widget details +AAI.model-version-id.instance-group=8e6ee9dc-9017-444a-83b3-219edb018128 +AAI.model-invariant-id.instance-group=3bf1e610-45f7-4ad6-b833-ca4c5ee6a3fd +#inventory-item widget details +AAI.model-invariant-id.inventory-item=cd57d844-9017-4078-aa19-926935a3d77c +AAI.model-version-id.inventory-item=69957f4a-2155-4b95-8d72-d6dd9b88b27b +#inventory-item-data widget details +AAI.model-version-id.inventory-item-data=0e54bb87-bd6e-4a2b-ad1c-6d935b87ae51 +AAI.model-invariant-id.inventory-item-data=87a383ae-cf03-432e-a9de-04e6a622d0fd +#ipsec-configuration widget details +AAI.model-invariant-id.ipsec-configuration=aca4c310-cb45-42bd-9f88-73e40ba7b962 +AAI.model-version-id.ipsec-configuration=d949fd10-36bf-408a-ac7a-cad5004d2e0d +#key-data widget details +AAI.model-version-id.key-data=c23ea04d-1a3b-453d-bc49-a6c783a5e92b +AAI.model-invariant-id.key-data=f5faa464-c2f2-4cc3-89d2-a90452dc3a07 +#l3-interface-ipv4-address-list widget details +AAI.model-version-id.l3-interface-ipv4-address-list=41e76b6f-1e06-4fd4-82cd-81c50fc4574b +AAI.model-invariant-id.l3-interface-ipv4-address-list=aad85df2-09be-40fa-b867-16415e4e10e2 +#l3-interface-ipv6-address-list widget details +AAI.model-invariant-id.l3-interface-ipv6-address-list=82966045-43ee-4982-8307-7e9610866140 +AAI.model-version-id.l3-interface-ipv6-address-list=d040621d-541a-477b-bb1b-a2b61b14e295 +#l3-network widget details +AAI.model-version-id.l3-network=9111f20f-e680-4001-b83f-19a2fc23bfc1 +AAI.model-invariant-id.l3-network=3d560d81-57d0-438b-a2a1-5334dba0651a +#lag-interface widget details +AAI.model-version-id.lag-interface=ce95f7c3-b61b-4758-ae9e-7e943b1c103d +AAI.model-invariant-id.lag-interface=e0ee9bde-c1fc-4651-a95d-8e0597bf7d70 +#lag-link widget details +AAI.model-version-id.lag-link=d29a087a-af59-4053-a3f8-0f95a92faa75 +AAI.model-invariant-id.lag-link=86ffe6e5-4d0e-4cec-80b5-5c38aa3eff98 +#license widget details +AAI.model-invariant-id.license=b9a9b337-1f86-42d3-b9f9-f987a089507c +AAI.model-version-id.license=6889274b-a1dc-40ab-9090-93677e13e2e6 +#license-key-resource widget details +AAI.model-invariant-id.license-key-resource=9022ebfe-b54f-4911-a6b2-8c3f5ec189b7 +AAI.model-version-id.license-key-resource=24b25f8c-b8bd-4c62-9421-87c12667aac9 +#l-interface widget details +AAI.model-version-id.l-interface=a32613fd-18b9-459e-aab8-fffb3912966a +AAI.model-invariant-id.l-interface=cea0a982-8d55-4093-921e-418fbccf7060 +#logical-link widget details +AAI.model-version-id.logical-link=a1481a38-f8ba-4ae4-bdf1-06c2c6af4c54 +AAI.model-invariant-id.logical-link=fe012535-2c31-4a39-a739-612374c638a0 +#metadatum widget details +AAI.model-invariant-id.metadatum=86dbb63a-265e-4614-993f-6771c30b56a5 +AAI.model-version-id.metadatum=6bae950e-8939-41d3-a6a7-251b03e4c1fc +#model widget details +AAI.model-invariant-id.model=06d1418a-5faa-452d-a94b-a2829df5f67b +AAI.model-version-id.model=1f51c05c-b164-4c27-9c03-5cbb239fd6be +#model-constraint widget details +AAI.model-invariant-id.model-constraint=c28966f3-e758-4483-b37b-a90b05d3dd33 +AAI.model-version-id.model-constraint=ad70dd19-f156-4fb5-a865-97b5563b0d37 +#model-element widget details +AAI.model-invariant-id.model-element=2076e726-3577-477a-a300-7fa65cd4df11 +AAI.model-version-id.model-element=753e813a-ba9e-4a1d-ab34-b2f6dc6eec0c +#multicast-configuration widget details +AAI.model-invariant-id.multicast-configuration=ea78c9e3-514d-4a0a-9162-13837fa54c35 +AAI.model-version-id.multicast-configuration=666a06ee-4b57-46df-bacf-908da8f10c3f +#named-query widget details +AAI.model-version-id.named-query=5c3b7c33-afa3-4be5-8da7-1a5ac6f99896 +AAI.model-invariant-id.named-query=80b712fd-0ad3-4180-a99c-8c995cf1cc32 +#named-query-element widget details +AAI.model-version-id.named-query-element=204c641a-3494-48c8-979a-86856f5fd32a +AAI.model-invariant-id.named-query-element=3c504d40-b847-424c-9d25-4fb7e0a3e994 +#network-policy widget details +AAI.model-invariant-id.network-policy=6aa05779-94d7-4d8b-9bee-59ef2ab0c246 +AAI.model-version-id.network-policy=a0ccd9dc-7062-4940-9bcc-e91dd28af510 +#network-profile widget details +AAI.model-version-id.network-profile=01f45471-4240-498c-a9e1-235dc0b8b4a6 +AAI.model-invariant-id.network-profile=2734b44a-b8a2-40f6-957d-6256589e5d00 +#newvce widget details +AAI.model-version-id.newvce=7c79e11f-a408-4593-aa86-ba948a1236af +AAI.model-invariant-id.newvce=4b05ec9c-c55d-4987-83ff-e08d6ddb694f +#oam-network widget details +AAI.model-invariant-id.oam-network=2851cf01-9c40-4064-87d4-6184a6fcff35 +AAI.model-version-id.oam-network=f4fb34f3-fd6e-4a8f-a3fb-4ab61a343b79 +#physical-link widget details +AAI.model-invariant-id.physical-link=c822d81f-822f-4304-9623-1025b53da568 +AAI.model-version-id.physical-link=9c523936-95b4-4d7f-9f53-6bdfe0cf2c05 +#p-interface widget details +AAI.model-invariant-id.p-interface=94043c37-4e73-439c-a790-0fdd697924cd +AAI.model-version-id.p-interface=d2cdb2d0-fc1f-4a57-a89e-591b1c4e3754 +#pnf widget details +AAI.model-version-id.pnf=e9f1fa7d-c839-418a-9601-03dc0d2ad687 +AAI.model-invariant-id.pnf=862b25a1-262a-4961-bdaa-cdc55d69785a +#port-group widget details +AAI.model-version-id.port-group=03e8bb6b-b48a-46ae-b5d4-e5af577e6844 +AAI.model-invariant-id.port-group=8ce940fb-55d7-4230-9e7f-a56cc2741f77 +#property-constraint widget details +AAI.model-version-id.property-constraint=81706bbd-981e-4362-ae20-995cbcb2d995 +AAI.model-invariant-id.property-constraint=f4a863c3-6886-470a-a6ae-05723837ea45 +#pserver widget details +AAI.model-invariant-id.pserver=6d932c8f-463b-4e76-83fb-87acfbaa2e2d +AAI.model-version-id.pserver=72f0d495-bc27-4653-9e1a-eef76bd34bc9 +#related-lookup widget details +AAI.model-invariant-id.related-lookup=468f6f5b-2996-41bb-b2a3-7cf9613ebb9b +AAI.model-version-id.related-lookup=0988bab5-bf4f-4938-a419-ab249867d12a +#reserved-prop-names widget details +AAI.model-invariant-id.reserved-prop-names=0c3e0ba3-618c-498d-9127-c8d42b00170f +AAI.model-version-id.reserved-prop-names=ac49d26d-9163-430e-934a-13b738a04f5c +#result-data widget details +AAI.model-version-id.result-data=4e9b50aa-5227-4f6f-b489-62e6bbc03c79 +AAI.model-invariant-id.result-data=ff656f23-6185-406f-9006-4b26834f3e1c +#route-table-reference widget details +AAI.model-version-id.route-table-reference=fed7e326-03a7-45ff-a3f2-471470d268c4 +AAI.model-invariant-id.route-table-reference=a8614b63-2636-4c4f-98df-fd448c4241db +#routing-instance widget details +AAI.model-invariant-id.routing-instance=1c2ded4f-8b01-4193-829c-966847dfec3e +AAI.model-version-id.routing-instance=3ccbcbc7-d19e-44d5-a52f-7e18aa8d69fa +#secondary-filter widget details +AAI.model-version-id.secondary-filter=1380619d-dd1a-4cec-b755-c6407833e065 +AAI.model-invariant-id.secondary-filter=738ff299-6290-4c00-8998-bd0e96a07b93 +#segmentation-assignment widget details +AAI.model-invariant-id.segmentation-assignment=6e814aee-46e1-4583-a9d4-0049bfd2b59b +AAI.model-version-id.segmentation-assignment=c5171ae0-44fb-4c04-b482-d56702241a44 +#service widget details +AAI.model-version-id.service=ecce2c42-3957-4ae0-9442-54bc6afe27b6 +AAI.model-invariant-id.service=07a3a60b-1b6c-4367-8173-8014386f89e3 +#service-capability widget details +AAI.model-invariant-id.service-capability=b1a7cc05-d19d-443b-a5d1-733e325c4232 +AAI.model-version-id.service-capability=f9cfec1b-18da-4bba-bd83-4b26cca115cd +#service-instance widget details +AAI.model-invariant-id.service-instance=82194af1-3c2c-485a-8f44-420e22a9eaa4 +AAI.model-version-id.service-instance=46b92144-923a-4d20-b85a-3cbd847668a9 +#service-subscription widget details +AAI.model-invariant-id.service-subscription=2e1a602a-acd8-4f78-94ff-618b802a303b +AAI.model-version-id.service-subscription=5e68299a-79f2-4bfb-8fbc-2bae877a2459 +#site-pair widget details +AAI.model-version-id.site-pair=7106bc02-6552-4fc3-8a56-4f3df9034531 +AAI.model-invariant-id.site-pair=db63f3e6-f8d1-484e-8d5e-191600b7914b +#site-pair-set widget details +AAI.model-invariant-id.site-pair-set=5d4dae3e-b402-4bfd-909e-ece12ff75d26 +AAI.model-version-id.site-pair-set=a5c6c1bc-dc38-468e-9459-bb08f87247df +#snapshot widget details +AAI.model-version-id.snapshot=962a7c8b-687f-4d32-a775-fe098e214bcd +AAI.model-invariant-id.snapshot=24de00ef-aead-4b52-995b-0adf8d4bd90d +#sriov-vf widget details +AAI.model-version-id.sriov-vf=1e8b331f-3d4a-4160-b7aa-f4d5a8916625 +AAI.model-invariant-id.sriov-vf=04b2935f-33c4-40a9-8af0-8b52690042dc +#start-node-filter widget details +AAI.model-version-id.start-node-filter=aad96fd3-e75f-42fc-9777-3450c36f1168 +AAI.model-invariant-id.start-node-filter=083093a3-e407-447a-ba5d-7583e4d23e1d +#subnet widget details +AAI.model-version-id.subnet=f902a6bc-6be4-4fe5-8458-a6ec0056b374 +AAI.model-invariant-id.subnet=1b2c9ba7-e449-4831-ba15-3073672f5ef2 +#tagged-inventory-item-list widget details +AAI.model-invariant-id.tagged-inventory-item-list=e78a7eaa-f65d-4919-9c2b-5b258c8c4d7e +AAI.model-version-id.tagged-inventory-item-list=c246f6e2-e3a1-4697-94c0-5672a7fbbf04 +#tenant widget details +AAI.model-invariant-id.tenant=97c26c99-6870-44c1-8a07-1d900d3f4ce6 +AAI.model-version-id.tenant=abcc54bc-bb74-49dc-9043-7f7171707545 +#tunnel-xconnect widget details +AAI.model-invariant-id.tunnel-xconnect=50b9e2fa-005c-4bbe-b651-3251dece4cd8 +AAI.model-version-id.tunnel-xconnect=e7cb4ca8-e1a5-4487-a716-4ae0bcd8aef5 +#update-node-key widget details +AAI.model-version-id.update-node-key=6004cfa6-eb6d-4062-971f-b1fde6b74aa0 +AAI.model-invariant-id.update-node-key=fe81c801-f65d-408a-b2b7-a729a18f8154 +#vce widget details +AAI.model-version-id.vce=b6cf54b5-ec45-43e1-be64-97b4e1513333 +AAI.model-invariant-id.vce=bab6dceb-e7e6-4301-a5e0-a7399b48d792 +#vf-module widget details +AAI.model-invariant-id.vf-module=ef86f9c5-2165-44f3-8fc3-96018b609ea5 +AAI.model-version-id.vf-module=c00563ae-812b-4e62-8330-7c4d0f47088a +#vig-server widget details +AAI.model-version-id.vig-server=8e8c22f1-fbdf-48ea-844c-8bdeb44e7b16 +AAI.model-invariant-id.vig-server=bed7c3b7-35d0-4cd9-abde-41b20e68b28e +#virtual-data-center widget details +AAI.model-invariant-id.virtual-data-center=5150abcf-0c5f-4593-9afe-a19c48fc4824 +AAI.model-version-id.virtual-data-center=6dd43ced-d789-47af-a759-d3abc14e3ac1 +#vlan widget details +AAI.model-version-id.vlan=257d88a5-a269-4c35-944f-aca04fbdb791 +AAI.model-invariant-id.vlan=d2b1eaf1-ae59-4116-9ee4-aa0179faa4f8 +#vnfc widget details +AAI.model-invariant-id.vnfc=96129eb9-f0de-4e05-8af2-73146473f766 +AAI.model-version-id.vnfc=5761e0a7-c6df-4d8a-9ebd-b8f445054dec +#vnf-image widget details +AAI.model-invariant-id.vnf-image=f9a628ff-7aa0-40e2-a93d-02d91c950982 +AAI.model-version-id.vnf-image=c4d3e747-ba4a-4b17-9896-94c6f18c19d3 +#volume widget details +AAI.model-version-id.volume=0fbe2e8f-4d91-4415-a772-88387049b38d +AAI.model-invariant-id.volume=ddd739b4-2b25-46c4-affc-41a32af5cc42 +#volume-group widget details +AAI.model-invariant-id.volume-group=fcec1b02-b2d0-4834-aef8-d71be04717dd +AAI.model-version-id.volume-group=99d44c90-1f61-4418-b9a6-56586bf38c79 +#vpe widget details +AAI.model-invariant-id.vpe=053ec3a7-5b72-492d-b54d-123805a9b967 +AAI.model-version-id.vpe=203817d3-829c-42d4-942d-2a935478e993 +#vpls-pe widget details +AAI.model-version-id.vpls-pe=b1566228-6785-4ce1-aea2-053736f80341 +AAI.model-invariant-id.vpls-pe=457ba89b-334c-4fbd-acc4-160ac0e0cdc0 +#vpn-binding widget details +AAI.model-invariant-id.vpn-binding=9e23b675-db2b-488b-b459-57aa9857baa0 +AAI.model-version-id.vpn-binding=21a146e5-9901-448c-9197-723076770119 +#vserver widget details +AAI.model-invariant-id.vserver=ff69d4e0-a8e8-4108-bdb0-dd63217e63c7 +AAI.model-version-id.vserver=8ecb2c5d-7176-4317-a255-26274edfdd53 +#collection resource widget details +AAI.model-invariant-id.cr=8bac3599-9a1c-4b7f-80e5-c1838f744c23 +AAI.model-version-id.cr=3f908abc-3a15-40d0-b674-2a639e52884d diff --git a/charts/aai-babel/resources/config/auth/auth_policy.json b/charts/aai-babel/resources/config/auth/auth_policy.json new file mode 100644 index 0000000..ff33c17 --- /dev/null +++ b/charts/aai-babel/resources/config/auth/auth_policy.json @@ -0,0 +1,47 @@ +{"roles": [
+ {
+ "name": "admin",
+ "functions": [
+ {
+ "name": "generateArtifacts",
+ "methods": [{"name": "POST"}]
+ }
+ ],
+ "users": [
+ {"username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"}
+ ]
+ },
+ {
+ "name": "ops",
+ "functions": [{
+ "name": "actions",
+ "methods": [{"name": "POST"}]
+ }],
+ "users": [
+ {"username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"}
+ ]
+ },
+ {
+ "name": "readonly",
+ "functions": [
+ {
+ "name": "actions",
+ "methods": [{"name": "GET"}]
+ }
+ ],
+ "users": [
+ {"username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"}
+ ]
+ },
+ {
+ "name": "basicauth",
+ "functions": [{
+ "name": "util",
+ "methods": [{"name": "GET"}]
+ }],
+ "users": [{
+ "user": "aai",
+ "pass": "OBF:deadbeef"
+ }]
+ }
+]}
diff --git a/charts/aai-babel/resources/config/auth/tomcat_keystore b/charts/aai-babel/resources/config/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000..9eec841 --- /dev/null +++ b/charts/aai-babel/resources/config/auth/tomcat_keystore diff --git a/charts/aai-babel/resources/config/babel-auth.properties b/charts/aai-babel/resources/config/babel-auth.properties new file mode 100644 index 0000000..ef85c23 --- /dev/null +++ b/charts/aai-babel/resources/config/babel-auth.properties @@ -0,0 +1,16 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +auth.policy.file=/auth/auth_policy.json +auth.authentication.disable=true diff --git a/charts/aai-babel/resources/config/logback.xml b/charts/aai-babel/resources/config/logback.xml new file mode 100644 index 0000000..878d8c0 --- /dev/null +++ b/charts/aai-babel/resources/config/logback.xml @@ -0,0 +1,194 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--> +<!DOCTYPE xml> +<configuration scan="true" scanPeriod="30 seconds" debug="true"> + <include resource="org/springframework/boot/logging/logback/base.xml" /> + + <property name="componentName" value="AAI-BAS" /> + <property name="logDirectory" value="/var/log/onap/${componentName}" /> + + <!-- default EELF log file names --> + <property name="generalLogName" value="error" /> + <property name="metricsLogName" value="metrics" /> + <property name="auditLogName" value="audit" /> + <property name="debugLogName" value="debug" /> + + <property name="errorLogPattern" + value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%.-5level|%logger|%mdc{ClassName}|%msg%n" /> + + <property name="auditLogPattern" + value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" /> + + <property name="metricsLogPattern" + value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" /> + + <!-- ============================================================================ --> + <!-- EELF Appenders --> + <!-- ============================================================================ --> + + <appender name="EELF" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${generalLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender"> + <!-- deny all events with a level below INFO, that is TRACE and DEBUG --> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>INFO</level> + </filter> + <queueSize>256</queueSize> + <appender-ref ref="EELF" /> + </appender> + + <!-- EELF Audit Appender. This appender is used to record audit engine related logging events. The audit logger and appender + are specializations of the EELF application root logger and appender. This can be used to segregate Policy engine events + from other components, or it can be eliminated to record these events as part of the application root log. --> + + <appender name="EELFAudit" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${auditLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${auditLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFAudit" /> + </appender> + + <appender name="EELFMetrics" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${metricsLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${metricsLogPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFMetrics" /> + </appender> + + <appender name="EELFDebug" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file> + ${logDirectory}/${debugLogName}.log + </file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> + <!-- allow only events with a level below INFO, that is TRACE and DEBUG --> + <filter class="ch.qos.logback.core.filter.EvaluatorFilter"> + <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator"> + <expression> + e.level.toInt() < INFO.toInt() + </expression> + </evaluator> + <OnMismatch>DENY</OnMismatch> + <OnMatch>NEUTRAL</OnMatch> + </filter> + <queueSize>256</queueSize> + <appender-ref ref="EELFDebug" /> + <includeCallerData>false</includeCallerData> + </appender> + + <!-- ============================================================================ --> + <!-- Default / root appenders --> + <!-- This determines the logging level for 3rd party code --> + <!-- ============================================================================ --> + + <root level="INFO"> + <appender-ref ref="asyncEELF" /> + <appender-ref ref="asyncEELFDebug" /> +</root> + + <!-- ============================================================================ --> + <!-- EELF loggers --> + <!-- ============================================================================ --> + + <logger name="com.att.eelf" level="INFO" additivity="false"> + <appender-ref ref="asyncEELF" /> +</logger> + + <!-- The level of this logger determines the contents of the debug log --> + <logger name="com.att.eelf.debug" level="INFO" additivity="false"> + <appender-ref ref="asyncEELFDebug" /> +</logger> + + <logger name="com.att.eelf.audit" level="INFO" additivity="false"> + <appender-ref ref="asyncEELFAudit" /> +</logger> + + <logger name="com.att.eelf.metrics" level="INFO" additivity="false"> + <appender-ref ref="asyncEELFMetrics" /> +</logger> + + <!-- ============================================================================ --> + <!-- Non-EELF loggers --> + <!-- ============================================================================ --> + + <!-- ATT packages including DMAAP message routing --> + <logger name="com.att" level="INFO" /> + + <!-- Spring related loggers --> + <logger name="org.springframework" level="WARN" /> + <logger name="org.springframework.beans" level="WARN" /> + <logger name="org.springframework.web" level="WARN" /> + + <!-- Other Loggers that may help troubleshoot --> + <logger name="org.apache" level="WARN" /> + <logger name="org.apache.commons" level="WARN" /> + + <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. May aid in troubleshooting) --> + <logger name="org.apache.camel" level="WARN" /> + <logger name="org.apache.cxf" level="WARN" /> + <logger name="org.apache.camel.processor.interceptor" level="WARN" /> + <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" /> + <logger name="org.apache.cxf.service" level="WARN" /> + <logger name="org.restlet" level="WARN" /> + <logger name="org.apache.camel.component.restlet" level="WARN" /> + + <!-- logback internals logging --> + <logger name="ch.qos.logback.classic" level="WARN" /> + <logger name="ch.qos.logback.core" level="WARN" /> + +</configuration> diff --git a/charts/aai-babel/resources/config/tosca-mappings.json b/charts/aai-babel/resources/config/tosca-mappings.json new file mode 100644 index 0000000..a6fe82f --- /dev/null +++ b/charts/aai-babel/resources/config/tosca-mappings.json @@ -0,0 +1,181 @@ +{ + "instanceGroupTypes": [ + "org.openecomp.groups.NetworkCollection", + "org.openecomp.groups.VfcInstanceGroup", + "org.openecomp.groups.ResourceInstanceGroup" + ], + "widgetTypes": [ + { + "type": "SERVICE", + "name": "service-instance", + "deleteFlag": true, + "modelVersionId": "46b92144-923a-4d20-b85a-3cbd847668a9", + "modelInvariantId": "82194af1-3c2c-485a-8f44-420e22a9eaa4" + }, + { + "type": "VF", + "name": "generic-vnf", + "deleteFlag": true, + "modelVersionId": "93a6166f-b3d5-4f06-b4ba-aed48d009ad9", + "modelInvariantId": "acc6edd8-a8d4-4b93-afaa-0994068be14c" + }, + { + "type": "VFC", + "name": "vnfc", + "deleteFlag": true, + "modelVersionId": "5761e0a7-c6df-4d8a-9ebd-b8f445054dec", + "modelInvariantId": "96129eb9-f0de-4e05-8af2-73146473f766" + }, + { + "type": "VSERVER", + "name": "vserver", + "deleteFlag": true, + "modelVersionId": "8ecb2c5d-7176-4317-a255-26274edfdd53", + "modelInvariantId": "ff69d4e0-a8e8-4108-bdb0-dd63217e63c7" + }, + { + "type": "VOLUME", + "name": "volume", + "deleteFlag": true, + "modelVersionId": "0fbe2e8f-4d91-4415-a772-88387049b38d", + "modelInvariantId": "ddd739b4-2b25-46c4-affc-41a32af5cc42" + }, + { + "type": "FLAVOR", + "name": "flavor", + "deleteFlag": false, + "modelVersionId": "36200fb5-f251-4f5d-a520-7c5ad5c2cd4b", + "modelInvariantId": "bace8d1c-a261-4041-9e37-823117415d0f" + }, + { + "type": "TENANT", + "name": "tenant", + "deleteFlag": false, + "modelVersionId": "abcc54bc-bb74-49dc-9043-7f7171707545", + "modelInvariantId": "97c26c99-6870-44c1-8a07-1d900d3f4ce6" + }, + { + "type": "VOLUME_GROUP", + "name": "volume-group", + "deleteFlag": true, + "modelVersionId": "99d44c90-1f61-4418-b9a6-56586bf38c79", + "modelInvariantId": "fcec1b02-b2d0-4834-aef8-d71be04717dd" + }, + { + "type": "LINT", + "name": "l-interface", + "deleteFlag": true, + "modelVersionId": "a32613fd-18b9-459e-aab8-fffb3912966a", + "modelInvariantId": "cea0a982-8d55-4093-921e-418fbccf7060" + }, + { + "type": "L3_NET", + "name": "l3-network", + "deleteFlag": true, + "modelVersionId": "9111f20f-e680-4001-b83f-19a2fc23bfc1", + "modelInvariantId": "3d560d81-57d0-438b-a2a1-5334dba0651a" + }, + { + "type": "VFMODULE", + "name": "vf-module", + "deleteFlag": true, + "modelVersionId": "c00563ae-812b-4e62-8330-7c4d0f47088a", + "modelInvariantId": "ef86f9c5-2165-44f3-8fc3-96018b609ea5" + }, + { + "type": "IMAGE", + "name": "image", + "deleteFlag": false, + "modelVersionId": "f6a038c2-820c-42ba-8c2b-375e24e8f932", + "modelInvariantId": "3f4c7204-739b-4bbb-87a7-8a6856439c90" + }, + { + "type": "OAM_NETWORK", + "name": "oam-network", + "deleteFlag": true, + "modelVersionId": "f4fb34f3-fd6e-4a8f-a3fb-4ab61a343b79", + "modelInvariantId": "2851cf01-9c40-4064-87d4-6184a6fcff35" + }, + { + "type": "ALLOTTED_RESOURCE", + "name": "allotted-resource", + "deleteFlag": true, + "modelVersionId": "7ad0915f-25c0-4a70-b9bc-185a75f87564", + "modelInvariantId": "f6d6a23d-a1a9-48ff-8419-b6530da2d381" + }, + { + "type": "TUNNEL_XCONNECT", + "name": "tunnel-xconnect", + "deleteFlag": true, + "modelVersionId": "e7cb4ca8-e1a5-4487-a716-4ae0bcd8aef5", + "modelInvariantId": "50b9e2fa-005c-4bbe-b651-3251dece4cd8" + }, + { + "type": "CONFIGURATION", + "name": "configuration", + "deleteFlag": true, + "modelVersionId": "5a175add-57e4-4a5d-8b02-c36f1d69c52b", + "modelInvariantId": "166c050d-f69d-4305-943e-0bc58c3a26cf" + }, + { + "type": "CR", + "name": "cr", + "deleteFlag": true, + "modelVersionId": "3f908abc-3a15-40d0-b674-2a639e52884d", + "modelInvariantId": "8bac3599-9a1c-4b7f-80e5-c1838f744c23" + }, + { + "type": "INSTANCE_GROUP", + "name": "instance-group", + "deleteFlag": true, + "modelVersionId": "8e6ee9dc-9017-444a-83b3-219edb018128", + "modelInvariantId": "3bf1e610-45f7-4ad6-b833-ca4c5ee6a3fd" + } + ], + "widgetMappings": [ + { + "prefix": "org.openecomp.resource.vfc", + "type": "widget", + "widget": "VSERVER", + "deleteFlag": true + }, + { + "prefix": "org.openecomp.resource.cp", + "type": "widget", + "widget": "LINT", + "deleteFlag": true + }, + { + "prefix": "org.openecomp.cp", + "type": "widget", + "widget": "LINT", + "deleteFlag": true + }, + { + "prefix": "org.openecomp.resource.vl", + "widget": "L3_NET", + "deleteFlag": false + }, + { + "prefix": "org.openecomp.resource.vf", + "widget": "VF", + "deleteFlag": true + }, + { + "prefix": "org.openecomp.groups.vfmodule", + "widget": "VFMODULE", + "deleteFlag": true + }, + { + "prefix": "org.openecomp.groups.VfModule", + "widget": "VFMODULE", + "deleteFlag": true + }, + { + "prefix": "org.openecomp.resource.vfc.nodes.heat.cinder", + "type": "widget", + "widget": "VOLUME", + "deleteFlag": true + } + ] +} diff --git a/charts/aai-babel/resources/fproxy/config/auth/client-cert.p12 b/charts/aai-babel/resources/fproxy/config/auth/client-cert.p12 Binary files differnew file mode 100644 index 0000000..dbf4fca --- /dev/null +++ b/charts/aai-babel/resources/fproxy/config/auth/client-cert.p12 diff --git a/charts/aai-babel/resources/fproxy/config/auth/tomcat_keystore b/charts/aai-babel/resources/fproxy/config/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000..9eec841 --- /dev/null +++ b/charts/aai-babel/resources/fproxy/config/auth/tomcat_keystore diff --git a/charts/aai-babel/resources/fproxy/config/fproxy.properties b/charts/aai-babel/resources/fproxy/config/fproxy.properties new file mode 100644 index 0000000..f512fb7 --- /dev/null +++ b/charts/aai-babel/resources/fproxy/config/fproxy.properties @@ -0,0 +1,2 @@ +credential.cache.timeout.ms=180000 +transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/charts/aai-babel/resources/fproxy/config/logback-spring.xml b/charts/aai-babel/resources/fproxy/config/logback-spring.xml new file mode 100644 index 0000000..0637cfb --- /dev/null +++ b/charts/aai-babel/resources/fproxy/config/logback-spring.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + + <property name="LOGS" value="./logs/AAF-FPS" /> + <property name="FILEPREFIX" value="application" /> + + <appender name="Console" + class="ch.qos.logback.core.ConsoleAppender"> + <layout class="ch.qos.logback.classic.PatternLayout"> + <Pattern> + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + </Pattern> + </layout> + </appender> + + <appender name="RollingFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOGS}/${FILEPREFIX}.log</file> + <encoder + class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> + </encoder> + + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <!-- rollover daily and when the file reaches 10 MegaBytes --> + <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + </fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>10MB</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + </rollingPolicy> + </appender> + + <!-- LOG everything at INFO level --> + <root level="info"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </root> + + <!-- LOG "com.baeldung*" at TRACE level --> + <logger name="org.onap.aaf.fproxy" level="info" /> + +</configuration>
\ No newline at end of file diff --git a/charts/aai-babel/resources/fproxy/config/readme.txt b/charts/aai-babel/resources/fproxy/config/readme.txt new file mode 100644 index 0000000..79cf29e --- /dev/null +++ b/charts/aai-babel/resources/fproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/charts/aai-babel/resources/rproxy/config/auth/client-cert.p12 b/charts/aai-babel/resources/rproxy/config/auth/client-cert.p12 Binary files differnew file mode 100644 index 0000000..dbf4fca --- /dev/null +++ b/charts/aai-babel/resources/rproxy/config/auth/client-cert.p12 diff --git a/charts/aai-babel/resources/rproxy/config/auth/tomcat_keystore b/charts/aai-babel/resources/rproxy/config/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000..99129c1 --- /dev/null +++ b/charts/aai-babel/resources/rproxy/config/auth/tomcat_keystore diff --git a/charts/aai-babel/resources/rproxy/config/auth/uri-authorization.json b/charts/aai-babel/resources/rproxy/config/auth/uri-authorization.json new file mode 100644 index 0000000..acc9409 --- /dev/null +++ b/charts/aai-babel/resources/rproxy/config/auth/uri-authorization.json @@ -0,0 +1,93 @@ +[ + { + "uri": "\/not\/allowed\/at\/all$", + "permissions": [ + "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt" + ] + }, + { + "uri": "\/one\/auth\/required$", + "permissions": [ + "test.auth.access.aSimpleSingleAuth" + ] + }, + { + "uri": "\/multi\/auth\/required$", + "permissions": [ + "test.auth.access.aMultipleAuth1", + "test.auth.access.aMultipleAuth2", + "test.auth.access.aMultipleAuth3" + ] + }, + { + "uri": "\/one\/[^\/]+\/required$", + "permissions": [ + "test.auth.access.aSimpleSingleAuth" + ] + }, + { + "uri": "\/services\/getAAFRequest$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/admin\/getAAFRequest$", + "permissions": [ + "test.auth.access|admin|GET,PUT,POST" + ] + }, + { + "uri": "\/service\/aai\/webapp\/index.html$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/services\/aai\/webapp\/index.html$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/$", + "permissions": [ + "\\|services\\|GET", + "test\\.auth\\.access\\|services\\|GET,PUT" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$", + "permissions": [ + "test\\.auth\\.access\\|rest\\|read" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*", + "permissions": [ + "test.auth.access|clouds|read", + "test.auth.access|tenants|read" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$", + "permissions": [ + "test.auth.access|clouds|read", + "test.auth.access|tenants|read", + "test.auth.access|vservers|read" + ] + }, + { + "uri": "\/backend$", + "permissions": [ + "test\\.auth\\.access\\|services\\|GET,PUT", + "\\|services\\|GET" + ] + }, + { + "uri": "\/services\/babel-service\/.*", + "permissions": [ + "org\\.access\\|\\*\\|\\*" + ] + } +] diff --git a/charts/aai-babel/resources/rproxy/config/cadi.properties b/charts/aai-babel/resources/rproxy/config/cadi.properties new file mode 100644 index 0000000..a82e38c --- /dev/null +++ b/charts/aai-babel/resources/rproxy/config/cadi.properties @@ -0,0 +1,25 @@ +# This is a normal Java Properties File +# Comments are with Pound Signs at beginning of lines, +# and multi-line expression of properties can be obtained by backslash at end of line + +#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below +#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name +#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com +#to your hosts file on your machine. +#hostname=test.aic.cip.att.com + +cadi_loglevel=DEBUG +cadi_keyfile=/opt/app/rproxy/config/security/keyfile + +cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore +cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +# Configure AAF +aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}} +aaf_env=DEV + +aaf_id=demo@people.osaaf.org +aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz + +# This is a colon separated list of client cert issuers +cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/charts/aai-babel/resources/rproxy/config/forward-proxy.properties b/charts/aai-babel/resources/rproxy/config/forward-proxy.properties new file mode 100644 index 0000000..1b58d42 --- /dev/null +++ b/charts/aai-babel/resources/rproxy/config/forward-proxy.properties @@ -0,0 +1,4 @@ +forward-proxy.protocol = https +forward-proxy.host = localhost +forward-proxy.port = 10680 +forward-proxy.cacheurl = /credential-cache
\ No newline at end of file diff --git a/charts/aai-babel/resources/rproxy/config/logback-spring.xml b/charts/aai-babel/resources/rproxy/config/logback-spring.xml new file mode 100644 index 0000000..2cd95d4 --- /dev/null +++ b/charts/aai-babel/resources/rproxy/config/logback-spring.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + + <property name="LOGS" value="./logs/reverse-proxy" /> + <property name="FILEPREFIX" value="application" /> + + <appender name="Console" + class="ch.qos.logback.core.ConsoleAppender"> + <layout class="ch.qos.logback.classic.PatternLayout"> + <Pattern> + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + </Pattern> + </layout> + </appender> + + <appender name="RollingFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOGS}/${FILEPREFIX}.log</file> + <encoder + class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> + </encoder> + + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <!-- rollover daily and when the file reaches 10 MegaBytes --> + <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + </fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>10MB</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + </rollingPolicy> + </appender> + + <!-- LOG everything at INFO level --> + <root level="info"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </root> + + <!-- LOG "com.baeldung*" at TRACE level --> + <logger name="org.onap.aaf.rproxy" level="info" /> + +</configuration> diff --git a/charts/aai-babel/resources/rproxy/config/primary-service.properties b/charts/aai-babel/resources/rproxy/config/primary-service.properties new file mode 100644 index 0000000..7055bf5 --- /dev/null +++ b/charts/aai-babel/resources/rproxy/config/primary-service.properties @@ -0,0 +1,3 @@ +primary-service.protocol = https +primary-service.host = localhost +primary-service.port = 9516 diff --git a/charts/aai-babel/resources/rproxy/config/readme.txt b/charts/aai-babel/resources/rproxy/config/readme.txt new file mode 100644 index 0000000..79cf29e --- /dev/null +++ b/charts/aai-babel/resources/rproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/charts/aai-babel/resources/rproxy/config/reverse-proxy.properties b/charts/aai-babel/resources/rproxy/config/reverse-proxy.properties new file mode 100644 index 0000000..8d46e1f --- /dev/null +++ b/charts/aai-babel/resources/rproxy/config/reverse-proxy.properties @@ -0,0 +1 @@ +transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/charts/aai-babel/resources/rproxy/config/security/keyfile b/charts/aai-babel/resources/rproxy/config/security/keyfile new file mode 100644 index 0000000..6cd12fc --- /dev/null +++ b/charts/aai-babel/resources/rproxy/config/security/keyfile @@ -0,0 +1,27 @@ +bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM +1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29 +xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK +BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm +6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99 +QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm +zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6 +x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf +8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz +FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz +UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r +banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv +6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG +yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB +xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB +lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq +ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE +fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v +1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5 +liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc +0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u +PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm +8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv +dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ +-85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn +c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J +uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao
\ No newline at end of file diff --git a/charts/aai-babel/templates/configmap.yaml b/charts/aai-babel/templates/configmap.yaml new file mode 100644 index 0000000..031fc06 --- /dev/null +++ b/charts/aai-babel/templates/configmap.yaml @@ -0,0 +1,70 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-log-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-log-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} +{{ end }}
\ No newline at end of file diff --git a/charts/aai-babel/templates/deployment.yaml b/charts/aai-babel/templates/deployment.yaml new file mode 100644 index 0000000..ea6e64a --- /dev/null +++ b/charts/aai-babel/templates/deployment.yaml @@ -0,0 +1,251 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + {{ if .Values.global.installSidecarSecurity }} + hostAliases: + - ip: {{ .Values.global.aaf.serverIp }} + hostnames: + - {{ .Values.global.aaf.serverHostname }} + + initContainers: + - name: {{ .Values.global.tproxyConfig.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + privileged: true + {{ end }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: CONFIG_HOME + value: /opt/app/babel/config + - name: KEY_STORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }}-pass + key: KEY_STORE_PASSWORD + - name: KEY_MANAGER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }}-pass + key: KEY_MANAGER_PASSWORD + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/babel/config/artifact-generator.properties + name: {{ include "common.fullname" . }}-config + subPath: artifact-generator.properties + - mountPath: /opt/app/babel/config/tosca-mappings.json + name: {{ include "common.fullname" . }}-config + subPath: tosca-mappings.json + - mountPath: /opt/app/babel/config/babel-auth.properties + name: {{ include "common.fullname" . }}-config + subPath: babel-auth.properties + - mountPath: /opt/app/babel/config/auth + name: {{ include "common.fullname" . }}-secrets + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/babel/config/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: aai-filebeat + + {{ if .Values.global.installSidecarSecurity }} + - name: {{ .Values.global.rproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/rproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.rproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/forward-proxy.properties + subPath: forward-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/primary-service.properties + subPath: primary-service.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/reverse-proxy.properties + subPath: reverse-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/cadi.properties + subPath: cadi.properties + - name: {{ include "common.fullname" . }}-rproxy-log-config + mountPath: /opt/app/rproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + mountPath: /opt/app/rproxy/config/auth/uri-authorization.json + subPath: uri-authorization.json + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks + subPath: aaf_truststore.jks + - name: {{ include "common.fullname" . }}-rproxy-security-config + mountPath: /opt/app/rproxy/config/security/keyfile + subPath: keyfile + + ports: + - containerPort: {{ .Values.global.rproxy.port }} + + - name: {{ .Values.global.fproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/fproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.fproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-fproxy-config + mountPath: /opt/app/fproxy/config/fproxy.properties + subPath: fproxy.properties + - name: {{ include "common.fullname" . }}-fproxy-log-config + mountPath: /opt/app/fproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-fproxy-auth-config + mountPath: /opt/app/fproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-fproxy-auth-config + mountPath: /opt/app/fproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + ports: + - containerPort: {{ .Values.global.fproxy.port }} + {{ end }} + + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + items: + - key: artifact-generator.properties + path: artifact-generator.properties + - key: tosca-mappings.json + path: tosca-mappings.json + - key: babel-auth.properties + path: babel-auth.properties + - key: logback.xml + path: logback.xml + - name: {{ include "common.fullname" . }}-secrets + secret: + secretName: {{ include "common.fullname" . }}-babel-secrets + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: aai-filebeat + emptyDir: {} + {{ if .Values.global.installSidecarSecurity }} + - name: {{ include "common.fullname" . }}-rproxy-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-config + - name: {{ include "common.fullname" . }}-rproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-log-config + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-security-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-security-config + - name: {{ include "common.fullname" . }}-fproxy-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-config + - name: {{ include "common.fullname" . }}-fproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-log-config + - name: {{ include "common.fullname" . }}-fproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-fproxy-auth-config + {{ end }} + + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/charts/aai-babel/templates/secrets.yaml b/charts/aai-babel/templates/secrets.yaml new file mode 100644 index 0000000..7c3b04a --- /dev/null +++ b/charts/aai-babel/templates/secrets.yaml @@ -0,0 +1,88 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-babel-secrets + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-pass + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }} + KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-fproxy-auth-config + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-rproxy-auth-config + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-rproxy-security-config + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }} +{{ end }}
\ No newline at end of file diff --git a/charts/aai-babel/templates/service.yaml b/charts/aai-babel/templates/service.yaml new file mode 100644 index 0000000..9a8b8a2 --- /dev/null +++ b/charts/aai-babel/templates/service.yaml @@ -0,0 +1,52 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{ if .Values.global.installSidecarSecurity }} + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.global.rproxy.port }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.global.rproxy.port }} + name: {{ .Values.service.portName }} + {{- end}} + {{ else }} + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + {{ end }} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} diff --git a/charts/aai-babel/values.yaml b/charts/aai-babel/values.yaml new file mode 100644 index 0000000..60b7dd4 --- /dev/null +++ b/charts/aai-babel/values.yaml @@ -0,0 +1,81 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + readinessImage: readiness-check:2.0.2 + loggingImage: beats/filebeat:5.5.0 + +################################################################# +# Application configuration defaults. +################################################################# + +# application image +image: onap/babel:1.4-STAGING-latest + +flavor: small + +# application configuration +config: + keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: false + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: NodePort + portName: babel + externalPort: 9516 + internalPort: 9516 + nodePort: 79 + +ingress: + enabled: false + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.5 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} diff --git a/charts/aai-champ/Chart.yaml b/charts/aai-champ/Chart.yaml new file mode 100644 index 0000000..a41a49e --- /dev/null +++ b/charts/aai-champ/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAI Champ microservice +name: aai-champ +version: 4.0.0 diff --git a/charts/aai-champ/requirements.yaml b/charts/aai-champ/requirements.yaml new file mode 100644 index 0000000..78e822e --- /dev/null +++ b/charts/aai-champ/requirements.yaml @@ -0,0 +1,22 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~4.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' diff --git a/charts/aai-champ/resources/config/appconfig/auth/champ_policy.json b/charts/aai-champ/resources/config/appconfig/auth/champ_policy.json new file mode 100644 index 0000000..a059e86 --- /dev/null +++ b/charts/aai-champ/resources/config/appconfig/auth/champ_policy.json @@ -0,0 +1,19 @@ +{
+ "roles": [
+ {
+ "name": "admin",
+ "functions": [
+ {
+ "name": "search", "methods": [ { "name": "GET" },{ "name": "DELETE" }, { "name": "PUT" }, { "name": "POST" } ]
+ }
+ ],
+
+ "users": [
+ {
+ "username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"
+ }
+ ]
+ }
+ ]
+}
+
diff --git a/charts/aai-champ/resources/config/appconfig/auth/tomcat_keystore b/charts/aai-champ/resources/config/appconfig/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000..c4c7271 --- /dev/null +++ b/charts/aai-champ/resources/config/appconfig/auth/tomcat_keystore diff --git a/charts/aai-champ/resources/config/appconfig/champ-api.properties b/charts/aai-champ/resources/config/appconfig/champ-api.properties new file mode 100644 index 0000000..0aba797 --- /dev/null +++ b/charts/aai-champ/resources/config/appconfig/champ-api.properties @@ -0,0 +1,20 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +keyName=aai-uuid +sourceOfTruthName=source-of-truth +createdTsName=aai-created-ts +lastModTsName=aai-last-mod-ts +collectionPropertiesKey=properties + diff --git a/charts/aai-champ/resources/config/dynamic/conf/champ-beans.xml b/charts/aai-champ/resources/config/dynamic/conf/champ-beans.xml new file mode 100644 index 0000000..3977a68 --- /dev/null +++ b/charts/aai-champ/resources/config/dynamic/conf/champ-beans.xml @@ -0,0 +1,84 @@ +<!-- +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--> + +<beans xmlns="http://www.springframework.org/schema/beans" +xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" +xmlns:util="http://www.springframework.org/schema/util" +xsi:schemaLocation=" + http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/util + http://www.springframework.org/schema/util/spring-util.xsd + "> + + <bean id="champEventPublisher" class="org.onap.aai.event.client.DMaaPEventPublisher" > + <constructor-arg name="host" value="message-router.{{.Release.Namespace}}:{{.Values.event.port.dmaap}}" /> + <constructor-arg name="topic" value="{{.Values.event.publisher.topic}}" /> + <constructor-arg name="username" value="" /> + <constructor-arg name="password" value="" /> + <constructor-arg name="maxBatchSize" value="100" /> + <constructor-arg name="maxAgeMs" value="250" /> + <constructor-arg name="delayBetweenBatchesMs" value="50" /> + <constructor-arg name="transportType" value="HTTPAUTH" /> + <constructor-arg name="protocol" value="{{.Values.event.protocol}}" /> + <constructor-arg name="contentType" value="application/json" /> + </bean> + + <!-- Graph Implementation Configuration--> + <util:map id="props" map-class="java.util.HashMap" key-type="java.lang.String" value-type="java.lang.Object"> + <entry key="champcore.event.stream.buffer.capacity" value="50" value-type="java.lang.Integer"/> + <entry key="champcore.event.stream.publisher-pool-size" value="10" value-type="java.lang.Integer"/> + <entry key="champcore.event.stream.publisher" value-ref="champEventPublisher"/> + + <entry key="graph.name" value="aaigraph"/> + <entry key="storage.backend" value="cassandra"/> + <entry key="storage.cassandra.read-consistency-level" value="LOCAL_QUORUM"/> + <entry key="storage.cassandra.write-consistency-level" value="LOCAL_QUORUM"/> + <entry key="storage.cassandra.replication-factor" value="{{ .Values.global.cassandra.replicas }}"/> + <entry key="storage.cassandra.replication-strategy-class" value="org.apache.cassandra.locator.SimpleStrategy"/> + <entry key="storage.hostname" value="{{ .Values.global.cassandra.serviceName }}"/> + </util:map> + + <!-- Janus Implementation --> + <bean id="graphBuilder" class="org.onap.aai.champjanus.graph.impl.JanusChampGraphImpl$Builder"> + <constructor-arg value="aaigraph"/> + <constructor-arg ref="props" /> + </bean> + + <bean id="graphImpl" class="org.onap.aai.champjanus.graph.impl.JanusChampGraphImpl"> + <constructor-arg ref="graphBuilder" /> + </bean> + + <bean id="champUUIDService" class="org.onap.champ.service.ChampUUIDService" > + <constructor-arg name="graphImpl" ref="graphImpl" /> + </bean> + + <bean id="cache" class="org.onap.champ.service.ChampTransactionCache" > + <constructor-arg name="txTimeOutInSec" value="600" /> + <constructor-arg name="graphImpl" ref="graphImpl" /> + </bean> + + <bean id="champDataService" class="org.onap.champ.service.ChampDataService" > + <constructor-arg name="champUUIDService" ref="champUUIDService" /> + <constructor-arg name="graphImpl" ref="graphImpl" /> + <constructor-arg name="cache" ref="cache" /> + </bean> + + <bean id="champRestService" class="org.onap.champ.ChampRESTAPI" > + <constructor-arg name="champDataService" ref="champDataService" /> + <constructor-arg name="champAsyncRequestProcessor"><null/></constructor-arg> + </bean> +</beans> diff --git a/charts/aai-champ/resources/config/log/logback.xml b/charts/aai-champ/resources/config/log/logback.xml new file mode 100644 index 0000000..67f6ac3 --- /dev/null +++ b/charts/aai-champ/resources/config/log/logback.xml @@ -0,0 +1,176 @@ +<!-- +Copyright © 2018 Amdocs, AT&T + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +--> + +<configuration scan="true" scanPeriod="3 seconds" debug="true"> + <!-- Service-specific properties --> + <property name="componentName" value="AAI-CHAMP" /> + + <!-- directory path for logs --> + <property name="logDir" value="/var/log/onap" /> + <property name="logDirectory" value="${logDir}/${componentName}" /> + + <!-- default eelf log file names --> + <property name="generalLogName" value="error" /> + <property name="metricsLogName" value="metrics" /> + <property name="auditLogName" value="audit" /> + <property name="debugLogName" value="debug" /> + + <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|Champ|%mdc{PartnerName}|%logger||%.-5level|%msg%n" /> + <property name="auditMetricPattern" value="%m%n" /> + + <!-- Example evaluator filter applied against console appender --> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + + <!-- ============================================================================ --> + <!-- EELF Appenders --> + <!-- ============================================================================ --> + + <appender name="EELF" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${generalLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender"> + <!-- deny all events with a level below INFO, that is TRACE and DEBUG --> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>INFO</level> + </filter> + <queueSize>256</queueSize> + <appender-ref ref="EELF" /> + </appender> + + <appender name="EELFAudit" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${auditLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${auditMetricPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFAudit" /> + </appender> + + <appender name="EELFMetrics" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${metricsLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${auditMetricPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFMetrics"/> + </appender> + + <appender name="EELFDebug" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${debugLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFDebug" /> + <includeCallerData>false</includeCallerData> + </appender> + + <!-- ============================================================================ --> + <!-- EELF loggers --> + <!-- ============================================================================ --> + <logger name="com.att.eelf" level="info" additivity="false"> + <appender-ref ref="asyncEELF" /> + <appender-ref ref="asyncEELFDebug" /> + </logger> + + <logger name="com.att.eelf.audit" level="info" additivity="false"> + <appender-ref ref="asyncEELFAudit" /> + </logger> + + <logger name="com.att.eelf.metrics" level="info" additivity="false"> + <appender-ref ref="asyncEELFMetrics" /> + </logger> + + <!-- Spring related loggers --> + <logger name="org.springframework" level="WARN" /> + <logger name="org.springframework.beans" level="WARN" /> + <logger name="org.springframework.web" level="WARN" /> + <logger name="com.blog.spring.jms" level="WARN" /> + + <!-- General loggers --> + <logger name="org.onap" level="WARN" /> + + <!-- Other Loggers that may help troubleshoot --> + <logger name="net.sf" level="WARN" /> + <logger name="org.apache" level="WARN" /> + <logger name="org.apache.commons.httpclient" level="WARN" /> + <logger name="org.apache.commons" level="WARN" /> + <logger name="org.apache.coyote" level="WARN" /> + <logger name="org.apache.jasper" level="WARN" /> + + <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. + May aid in troubleshooting) --> + <logger name="org.apache.camel" level="WARN" /> + <logger name="org.apache.cxf" level="WARN" /> + <logger name="org.apache.camel.processor.interceptor" level="WARN" /> + <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" /> + <logger name="org.apache.cxf.service" level="WARN" /> + <logger name="org.restlet" level="WARN" /> + <logger name="org.apache.camel.component.restlet" level="WARN" /> + + <!-- logback internals logging --> + <logger name="ch.qos.logback.classic" level="WARN" /> + <logger name="ch.qos.logback.core" level="WARN" /> + + <root> + <appender-ref ref="asyncEELF" /> + <!-- <appender-ref ref="asyncEELFDebug" /> --> + </root> + +</configuration>
\ No newline at end of file diff --git a/charts/aai-champ/resources/fproxy/config/fproxy.properties b/charts/aai-champ/resources/fproxy/config/fproxy.properties new file mode 100644 index 0000000..f512fb7 --- /dev/null +++ b/charts/aai-champ/resources/fproxy/config/fproxy.properties @@ -0,0 +1,2 @@ +credential.cache.timeout.ms=180000 +transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/charts/aai-champ/resources/fproxy/config/logback-spring.xml b/charts/aai-champ/resources/fproxy/config/logback-spring.xml new file mode 100644 index 0000000..0ece55c --- /dev/null +++ b/charts/aai-champ/resources/fproxy/config/logback-spring.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + + <property name="LOGS" value="./logs/AAF-FPS" /> + <property name="FILEPREFIX" value="application" /> + + <appender name="Console" + class="ch.qos.logback.core.ConsoleAppender"> + <layout class="ch.qos.logback.classic.PatternLayout"> + <Pattern> + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + </Pattern> + </layout> + </appender> + + <appender name="RollingFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOGS}/${FILEPREFIX}.log</file> + <encoder + class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> + </encoder> + + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <!-- rollover daily and when the file reaches 10 MegaBytes --> + <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + </fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>10MB</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + </rollingPolicy> + </appender> + + <!-- LOG everything at INFO level --> + <root level="info"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </root> + + <!-- LOG "com.baeldung*" at TRACE level --> + <logger name="org.onap.aaf.fproxy" level="info" /> + +</configuration>
\ No newline at end of file diff --git a/charts/aai-champ/resources/fproxy/config/readme.txt b/charts/aai-champ/resources/fproxy/config/readme.txt new file mode 100644 index 0000000..79cf29e --- /dev/null +++ b/charts/aai-champ/resources/fproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json b/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json new file mode 100644 index 0000000..ca34049 --- /dev/null +++ b/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json @@ -0,0 +1,99 @@ + [ + { + "uri": "\/not\/allowed\/at\/all$", + "permissions": [ + "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt" + ] + }, + { + "uri": "\/one\/auth\/required$", + "permissions": [ + "test.auth.access.aSimpleSingleAuth" + ] + }, + { + "uri": "\/multi\/auth\/required$", + "permissions": [ + "test.auth.access.aMultipleAuth1", + "test.auth.access.aMultipleAuth2", + "test.auth.access.aMultipleAuth3" + ] + }, + { + "uri": "\/one\/[^\/]+\/required$", + "permissions": [ + "test.auth.access.aSimpleSingleAuth" + ] + }, + { + "uri": "\/services\/getAAFRequest$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/admin\/getAAFRequest$", + "permissions": [ + "test.auth.access|admin|GET,PUT,POST" + ] + }, + { + "uri": "\/service\/aai\/webapp\/index.html$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/services\/aai\/webapp\/index.html$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/$", + "permissions": [ + "\\|services\\|GET", + "test\\.auth\\.access\\|services\\|GET,PUT" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$", + "permissions": [ + "test\\.auth\\.access\\|rest\\|read" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*", + "permissions": [ + "test.auth.access|clouds|read", + "test.auth.access|tenants|read" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$", + "permissions": [ + "test.auth.access|clouds|read", + "test.auth.access|tenants|read", + "test.auth.access|vservers|read" + ] + }, + { + "uri": "\/backend$", + "permissions": [ + "test\\.auth\\.access\\|services\\|GET,PUT", + "\\|services\\|GET" + ] + }, + { + "uri": "\/services\/inventory\/.*", + "permissions": [ + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] + }, + { + "uri": "\/services\/champ-service\/.*", + "permissions": [ + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] + } + ] diff --git a/charts/aai-champ/resources/rproxy/config/cadi.properties b/charts/aai-champ/resources/rproxy/config/cadi.properties new file mode 100644 index 0000000..1878a4d --- /dev/null +++ b/charts/aai-champ/resources/rproxy/config/cadi.properties @@ -0,0 +1,39 @@ +# This is a normal Java Properties File +# Comments are with Pound Signs at beginning of lines, +# and multi-line expression of properties can be obtained by backslash at end of line + +#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below +#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name +#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com +#to your hosts file on your machine. +#hostname=test.aic.cip.att.com + +cadi_loglevel=DEBUG + +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +# Locate URL (which AAF Env) +aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 + +# AAF URL +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 + +cadi_keyfile=/opt/app/rproxy/config/security/keyfile +cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12 +cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV +cadi_alias=aai@aai.onap.org +cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore +cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +aaf_env=DEV + +aaf_id=demo@people.osaaf.org +aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz + +# This is a colon separated list of client cert issuers +cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
\ No newline at end of file diff --git a/charts/aai-champ/resources/rproxy/config/forward-proxy.properties b/charts/aai-champ/resources/rproxy/config/forward-proxy.properties new file mode 100644 index 0000000..1b58d42 --- /dev/null +++ b/charts/aai-champ/resources/rproxy/config/forward-proxy.properties @@ -0,0 +1,4 @@ +forward-proxy.protocol = https +forward-proxy.host = localhost +forward-proxy.port = 10680 +forward-proxy.cacheurl = /credential-cache
\ No newline at end of file diff --git a/charts/aai-champ/resources/rproxy/config/logback-spring.xml b/charts/aai-champ/resources/rproxy/config/logback-spring.xml new file mode 100644 index 0000000..735edb6 --- /dev/null +++ b/charts/aai-champ/resources/rproxy/config/logback-spring.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + + <property name="LOGS" value="./logs/reverse-proxy" /> + <property name="FILEPREFIX" value="application" /> + + <appender name="Console" + class="ch.qos.logback.core.ConsoleAppender"> + <layout class="ch.qos.logback.classic.PatternLayout"> + <Pattern> + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + </Pattern> + </layout> + </appender> + + <appender name="RollingFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOGS}/${FILEPREFIX}.log</file> + <encoder + class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> + </encoder> + + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <!-- rollover daily and when the file reaches 10 MegaBytes --> + <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + </fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>10MB</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + </rollingPolicy> + </appender> + + <!-- LOG everything at INFO level --> + <root level="info"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </root> + + <!-- LOG "com.baeldung*" at TRACE level --> + <logger name="org.onap.aaf.rproxy" level="info" /> + +</configuration>
\ No newline at end of file diff --git a/charts/aai-champ/resources/rproxy/config/primary-service.properties b/charts/aai-champ/resources/rproxy/config/primary-service.properties new file mode 100644 index 0000000..8d64529 --- /dev/null +++ b/charts/aai-champ/resources/rproxy/config/primary-service.properties @@ -0,0 +1,3 @@ +primary-service.protocol = https +primary-service.host = localhost +primary-service.port = 9522
\ No newline at end of file diff --git a/charts/aai-champ/resources/rproxy/config/readme.txt b/charts/aai-champ/resources/rproxy/config/readme.txt new file mode 100644 index 0000000..79cf29e --- /dev/null +++ b/charts/aai-champ/resources/rproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/charts/aai-champ/resources/rproxy/config/reverse-proxy.properties b/charts/aai-champ/resources/rproxy/config/reverse-proxy.properties new file mode 100644 index 0000000..8d46e1f --- /dev/null +++ b/charts/aai-champ/resources/rproxy/config/reverse-proxy.properties @@ -0,0 +1 @@ +transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/charts/aai-champ/templates/configmap.yaml b/charts/aai-champ/templates/configmap.yaml new file mode 100644 index 0000000..c3966e7 --- /dev/null +++ b/charts/aai-champ/templates/configmap.yaml @@ -0,0 +1,95 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/appconfig/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-dynamic + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/dynamic/conf/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }} +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-log-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-log-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} +{{ end }}
\ No newline at end of file diff --git a/charts/aai-champ/templates/deployment.yaml b/charts/aai-champ/templates/deployment.yaml new file mode 100644 index 0000000..a311f68 --- /dev/null +++ b/charts/aai-champ/templates/deployment.yaml @@ -0,0 +1,277 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + initContainers: + - command: + - /root/ready.py + args: + - --container-name + {{- if .Values.global.cassandra.localCluster }} + - aai-cassandra + {{- else }} + - cassandra + {{- end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + {{ if .Values.global.installSidecarSecurity }} + - name: {{ .Values.global.tproxyConfig.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + privileged: true + {{ end }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: CONFIG_HOME + value: "/opt/app/champ-service/appconfig" + - name: GRAPHIMPL + value: "janus-deps" + - name: KEY_STORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }}-pass + key: KEY_STORE_PASSWORD + - name: KEY_MANAGER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }}-pass + key: KEY_MANAGER_PASSWORD + - name: SERVICE_BEANS + value: "/opt/app/champ-service/dynamic/conf" + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/champ-service/appconfig/champ-api.properties + name: {{ include "common.fullname" . }}-config + subPath: champ-api.properties + - mountPath: /opt/app/champ-service/appconfig/auth + name: {{ include "common.fullname" . }}-secrets + - mountPath: /opt/app/champ-service/dynamic/conf/champ-beans.xml + name: {{ include "common.fullname" . }}-dynamic-config + subPath: champ-beans.xml + - mountPath: /opt/app/champ-service/bundleconfig/etc/logback.xml + name: {{ include "common.fullname" . }}-logback-config + subPath: logback.xml + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: aai-filebeat + {{ if .Values.global.installSidecarSecurity }} + - name: {{ .Values.global.rproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/rproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.rproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/forward-proxy.properties + subPath: forward-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/primary-service.properties + subPath: primary-service.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/reverse-proxy.properties + subPath: reverse-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/cadi.properties + subPath: cadi.properties + - name: {{ include "common.fullname" . }}-rproxy-log-config + mountPath: /opt/app/rproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + mountPath: /opt/app/rproxy/config/auth/uri-authorization.json + subPath: uri-authorization.json + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 + subPath: org.onap.aai.p12 + - name: {{ include "common.fullname" . }}-rproxy-security-config + mountPath: /opt/app/rproxy/config/security/keyfile + subPath: keyfile + + ports: + - containerPort: {{ .Values.global.rproxy.port }} + + - name: {{ .Values.global.fproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/fproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: TRUST_STORE_PASSWORD + value: {{ .Values.config.trustStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.fproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-fproxy-config + mountPath: /opt/app/fproxy/config/fproxy.properties + subPath: fproxy.properties + - name: {{ include "common.fullname" . }}-fproxy-log-config + mountPath: /opt/app/fproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/fproxy_truststore + subPath: fproxy_truststore + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + ports: + - containerPort: {{ .Values.global.fproxy.port }} + {{ end }} + + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }} + items: + - key: champ-api.properties + path: champ-api.properties + - name: {{ include "common.fullname" . }}-secrets + secret: + secretName: {{ include "common.fullname" . }}-champ + - name: {{ include "common.fullname" . }}-dynamic-config + configMap: + name: {{ include "common.fullname" . }}-dynamic + items: + - key: champ-beans.xml + path: champ-beans.xml + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-logback-config + configMap: + name: {{ include "common.fullname" . }}-log-configmap + items: + - key: logback.xml + path: logback.xml + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: aai-filebeat + emptyDir: {} + {{ if .Values.global.installSidecarSecurity }} + - name: {{ include "common.fullname" . }}-rproxy-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-config + - name: {{ include "common.fullname" . }}-rproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-log-config + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + secret: + secretName: aai-rproxy-auth-certs + - name: {{ include "common.fullname" . }}-rproxy-security-config + secret: + secretName: aai-rproxy-security-config + - name: {{ include "common.fullname" . }}-fproxy-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-config + - name: {{ include "common.fullname" . }}-fproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-log-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + secret: + secretName: aai-fproxy-auth-certs + {{ end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/charts/aai-champ/templates/secrets.yaml b/charts/aai-champ/templates/secrets.yaml new file mode 100644 index 0000000..fa18956 --- /dev/null +++ b/charts/aai-champ/templates/secrets.yaml @@ -0,0 +1,60 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-champ + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/appconfig/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-pass + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }} + KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-rproxy-auth-config + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} +{{ end }}
\ No newline at end of file diff --git a/charts/aai-champ/templates/service.yaml b/charts/aai-champ/templates/service.yaml new file mode 100644 index 0000000..e67d42a --- /dev/null +++ b/charts/aai-champ/templates/service.yaml @@ -0,0 +1,53 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{ if .Values.global.installSidecarSecurity }} + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + targetPort: {{ .Values.global.rproxy.port }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.global.rproxy.port }} + name: {{ .Values.service.portName }} + {{- end}} + {{ else }} + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort}} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort}} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + {{ end }} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} diff --git a/charts/aai-champ/values.yaml b/charts/aai-champ/values.yaml new file mode 100644 index 0000000..331786c --- /dev/null +++ b/charts/aai-champ/values.yaml @@ -0,0 +1,90 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + readinessImage: readiness-check:2.0.2 + loggingImage: beats/filebeat:5.5.0 + +################################################################# +# Application configuration defaults. +################################################################# + +# application image +image: onap/champ:1.4-STAGING-latest + +flavor: small + +# application configuration +config: + keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: false + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: NodePort + portName: aai-champ + internalPort: 9522 + externalPort: 9522 + nodePort: 78 + +ingress: + enabled: false + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.5 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 1 + memory: 2Gi + unlimited: {} + +# XML beans configuration +event: + port: + dmaap: 3905 + protocol: https + publisher: + topic: champRawEvents diff --git a/charts/aai-data-router/.helmignore b/charts/aai-data-router/.helmignore new file mode 100644 index 0000000..daebc7d --- /dev/null +++ b/charts/aai-data-router/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/aai-data-router/Chart.yaml b/charts/aai-data-router/Chart.yaml new file mode 100644 index 0000000..47f9f31 --- /dev/null +++ b/charts/aai-data-router/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAI Data-Router +name: aai-data-router +version: 4.0.0 diff --git a/charts/aai-data-router/resources/config/auth/client-cert-onap.p12 b/charts/aai-data-router/resources/config/auth/client-cert-onap.p12 Binary files differnew file mode 100644 index 0000000..dbf4fca --- /dev/null +++ b/charts/aai-data-router/resources/config/auth/client-cert-onap.p12 diff --git a/charts/aai-data-router/resources/config/auth/data-router_policy.json b/charts/aai-data-router/resources/config/auth/data-router_policy.json new file mode 100644 index 0000000..c03870e --- /dev/null +++ b/charts/aai-data-router/resources/config/auth/data-router_policy.json @@ -0,0 +1,18 @@ +{
+ "roles": [
+ {
+ "name": "admin",
+ "functions": [
+ {
+ "name": "search", "methods": [ { "name": "GET" },{ "name": "DELETE" }, { "name": "PUT" }, { "name": "POST" } ]
+ }
+ ],
+
+ "users": [
+ {
+ "username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"
+ }
+ ]
+ }
+ ]
+}
diff --git a/charts/aai-data-router/resources/config/auth/tomcat_keystore b/charts/aai-data-router/resources/config/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000..de5325b --- /dev/null +++ b/charts/aai-data-router/resources/config/auth/tomcat_keystore diff --git a/charts/aai-data-router/resources/config/data-router.properties b/charts/aai-data-router/resources/config/data-router.properties new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/charts/aai-data-router/resources/config/data-router.properties diff --git a/charts/aai-data-router/resources/config/log/logback.xml b/charts/aai-data-router/resources/config/log/logback.xml new file mode 100644 index 0000000..d7ff014 --- /dev/null +++ b/charts/aai-data-router/resources/config/log/logback.xml @@ -0,0 +1,193 @@ +<!-- + ============LICENSE_START======================================================= + org.onap.aai + ================================================================================ + Copyright © 2018 AT&T Intellectual Property. All rights reserved. + Copyright © 2018 Amdocs + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= +--> +<configuration scan="true" scanPeriod="3 seconds" debug="false"> + <!--<jmxConfigurator /> --> + <!-- directory path for all other type logs --> + + <property name="logDir" value="/var/log/onap" /> + + <!-- specify the component name --> + <property name="componentName" value="AAI-DR" /> + + <!-- default eelf log file names --> + <property name="generalLogName" value="error" /> + <property name="metricsLogName" value="metrics" /> + <property name="auditLogName" value="audit" /> + <property name="debugLogName" value="debug" /> + + <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|data-router|%mdc{PartnerName}|%logger||%.-5level|%msg%n" /> + <property name="auditMetricPattern" value="%m%n" /> + + <property name="logDirectory" value="${logDir}/${componentName}" /> + + <!-- Example evaluator filter applied against console appender --> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + + <!-- ============================================================================ --> + <!-- EELF Appenders --> + <!-- ============================================================================ --> + + <!-- The EELFAppender is used to record events to the general application + log --> + + <appender name="EELF" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${generalLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender"> + <!-- deny all events with a level below INFO, that is TRACE and DEBUG --> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>INFO</level> + </filter> + <queueSize>256</queueSize> + <appender-ref ref="EELF" /> + </appender> + + <!-- EELF Audit Appender. This appender is used to record audit engine + related logging events. The audit logger and appender are specializations + of the EELF application root logger and appender. This can be used to segregate + Policy engine events from other components, or it can be eliminated to record + these events as part of the application root log. --> + + <appender name="EELFAudit" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${auditLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${auditMetricPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFAudit" /> + </appender> + + <appender name="EELFMetrics" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${metricsLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - + %msg%n"</pattern> --> + <pattern>${auditMetricPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFMetrics"/> + </appender> + + <appender name="EELFDebug" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${debugLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFDebug" /> + <includeCallerData>false</includeCallerData> + </appender> + + <!-- ============================================================================ --> + <!-- EELF loggers --> + <!-- ============================================================================ --> + <logger name="com.att.eelf" level="info" additivity="false"> + <appender-ref ref="asyncEELF" /> + <appender-ref ref="asyncEELFDebug" /> + </logger> + + <logger name="com.att.eelf.audit" level="info" additivity="false"> + <appender-ref ref="asyncEELFAudit" /> + </logger> + <logger name="com.att.eelf.metrics" level="info" additivity="false"> + <appender-ref ref="asyncEELFMetrics" /> + </logger> + + <!-- Spring related loggers --> + <logger name="org.springframework" level="WARN" /> + <logger name="org.springframework.beans" level="WARN" /> + <logger name="org.springframework.web" level="WARN" /> + <logger name="com.blog.spring.jms" level="WARN" /> + + <!-- Data Router service loggers --> + <logger name="org.onap.aai.data-router" level="INFO" /> + + <!-- Other Loggers that may help troubleshoot --> + <logger name="net.sf" level="WARN" /> + <logger name="org.apache" level="WARN" /> + <logger name="org.apache.commons.httpclient" level="WARN" /> + <logger name="org.apache.commons" level="WARN" /> + <logger name="org.apache.coyote" level="WARN" /> + <logger name="org.apache.jasper" level="WARN" /> + + <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. + May aid in troubleshooting) --> + <logger name="org.apache.camel" level="WARN" /> + <logger name="org.apache.cxf" level="WARN" /> + <logger name="org.apache.camel.processor.interceptor" level="WARN" /> + <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" /> + <logger name="org.apache.cxf.service" level="WARN" /> + <logger name="org.restlet" level="WARN" /> + <logger name="org.apache.camel.component.restlet" level="WARN" /> + + <!-- logback internals logging --> + <logger name="ch.qos.logback.classic" level="WARN" /> + <logger name="ch.qos.logback.core" level="WARN" /> + + <root> + <appender-ref ref="asyncEELF" /> + <!-- <appender-ref ref="asyncEELFDebug" /> --> + </root> + +</configuration> diff --git a/charts/aai-data-router/resources/config/schemaIngest.properties b/charts/aai-data-router/resources/config/schemaIngest.properties new file mode 100644 index 0000000..8c680b5 --- /dev/null +++ b/charts/aai-data-router/resources/config/schemaIngest.properties @@ -0,0 +1,46 @@ +#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
+# Copyright © 2017-2018 Amdocs
+# Modifications Copyright © 2018 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+
+
+# Properties for the SchemaLocationsBean
+# Files named aai_oxm_v*.xml are unpacked here:
+nodeDir=/opt/app/data-router/onap/oxm
+# Dummy folder/directory:
+edgeDir=
+
+# Properties required by the aai-common - aai-schema-ingest lib as of 1.3.0
+schema.configuration.location=N/A
+schema.nodes.location=/opt/app/data-router/onap/oxm/
+schema.edges.location=
+# These versions need to exist if they are included in the list
+schema.version.list=v9,v10,v11,v12,v13,v14
+# Decalares the oxm version to load
+schema.version.api.default=v14
+
+# Don't use these properties in our application, need to be set to prevent an exception on startup (see SchemaVersions bean)
+schema.version.depth.start=v14
+schema.version.related.link.start=v14
+schema.version.app.root.start=v14
+schema.version.namespace.change.start=v14
+schema.version.edge.label.start=v14
+~
+
diff --git a/charts/aai-data-router/resources/dynamic/conf/data-router-oxm.xml b/charts/aai-data-router/resources/dynamic/conf/data-router-oxm.xml new file mode 100644 index 0000000..c945c39 --- /dev/null +++ b/charts/aai-data-router/resources/dynamic/conf/data-router-oxm.xml @@ -0,0 +1,22 @@ +<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" + xmlns:task="http://www.springframework.org/schema/task" + xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd + http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd"> + + <context:property-placeholder + location="file:${CONFIG_HOME}/schemaIngest.properties" + ignore-unresolvable="true" /> + + <bean id="schemaLocationsBean" class="org.onap.aai.setup.SchemaLocationsBean"> + <!-- When running with AJSC these properties must be injected directly. + The reason for this is unknown. --> + <property name="nodeDirectory" value="${nodeDir}" /> + <property name="edgeDirectory" value="${edgeDir}" /> + </bean> + + <bean id="schemaVersions" class="org.onap.aai.setup.SchemaVersions"/> + +</beans> + diff --git a/charts/aai-data-router/resources/dynamic/conf/entity-event-policy.xml b/charts/aai-data-router/resources/dynamic/conf/entity-event-policy.xml new file mode 100644 index 0000000..b5e4129 --- /dev/null +++ b/charts/aai-data-router/resources/dynamic/conf/entity-event-policy.xml @@ -0,0 +1,56 @@ +<!-- +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--> + +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation=" + http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans.xsd"> + + <bean id="eepConfig" class="org.onap.aai.datarouter.policy.EntityEventPolicyConfig" > + <property name="sourceDomain" value="dev" /> + <property name="searchBaseUrl" value="https://{{.Values.global.searchData.serviceName}}.{{.Release.Namespace}}:9509" /> + <property name="searchEndpoint" value="services/search-data-service/v1/search/indexes/" /> + <property name="searchEndpointDocuments" value = "documents" /> + <property name="searchEntitySearchIndex" value="entity-search-index" /> + <property name="searchTopographySearchIndex" value="topography-search-index" /> + <property name="searchEntityAutoSuggestIndex" value="entityautosuggestindex" /> + <property name="searchAggregationVnfIndex" value="aggregate_generic-vnf_index" /> + <property name="searchCertName" value="client-cert-onap.p12" /> + <property name="searchKeystorePwd" value="OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10" /> + <property name="searchKeystore" value="tomcat_keystore" /> + <property name="schemaVersions" ref="schemaVersions" /> + <property name="schemaLocationsBean" ref="schemaLocationsBean" /> + </bean> + + <bean id="consumerBeanEntityEvent" class="org.onap.aai.event.client.DMaaPEventConsumer" > + <constructor-arg name="host" value="message-router.{{.Release.Namespace}}:{{.Values.event.port.dmaap}}" /> + <constructor-arg name="topic" value="{{.Values.event.consumer.topic}}" /> + <constructor-arg name="username" value="" /> + <constructor-arg name="password" value="" /> + <constructor-arg name="consumerGroup" value="datarouter" /> + <constructor-arg name="consumerId" value="datarouter" /> + <constructor-arg name="timeoutMs" value="1000" /> + <constructor-arg name="messageLimit" value="100" /> + <constructor-arg name="transportType" value="HTTPAUTH" /> + <constructor-arg name="protocol" value="{{.Values.event.protocol}}" /> + <constructor-arg name="filter"><null /></constructor-arg> + </bean> + + <bean id="entityEventPolicy" class="org.onap.aai.datarouter.policy.EntityEventPolicy" init-method="startup" > + <constructor-arg ref="eepConfig"/> + </bean> +</beans> diff --git a/charts/aai-data-router/resources/dynamic/routes/entity-event.route b/charts/aai-data-router/resources/dynamic/routes/entity-event.route new file mode 100644 index 0000000..14db6d6 --- /dev/null +++ b/charts/aai-data-router/resources/dynamic/routes/entity-event.route @@ -0,0 +1,4 @@ +<route xmlns="http://camel.apache.org/schema/spring" trace="true">
+ <from uri="event-bus:mybus/?eventTopic=AAI-EVENT&consumer=#consumerBeanEntityEvent" />
+ <to uri="bean:entityEventPolicy?method=process"/>
+</route>
\ No newline at end of file diff --git a/charts/aai-data-router/templates/configmap.yaml b/charts/aai-data-router/templates/configmap.yaml new file mode 100644 index 0000000..c8532b2 --- /dev/null +++ b/charts/aai-data-router/templates/configmap.yaml @@ -0,0 +1,68 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-prop + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-dynamic + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/dynamic/routes/entity-event.route").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/dynamic/conf/data-router-oxm.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/dynamic/conf/entity-event-policy.xml").AsConfig . | indent 2 }} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-filebeat-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} diff --git a/charts/aai-data-router/templates/deployment.yaml b/charts/aai-data-router/templates/deployment.yaml new file mode 100644 index 0000000..5c0d9b2 --- /dev/null +++ b/charts/aai-data-router/templates/deployment.yaml @@ -0,0 +1,188 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + spec: + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + initContainers: + - command: + - /bin/sh + - -c + - | + mkdir -p /logroot/data-router/logs + chmod -R 777 /logroot/data-router/logs + chown -R root:root /logroot + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + securityContext: + privileged: true + image: {{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: init-sysctl + volumeMounts: + - name: {{ include "common.fullname" . }}-logs + mountPath: /logroot/ + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: SERVICE_BEANS + value: /opt/app/data-router/dynamic/conf + - name: CONFIG_HOME + value: /opt/app/data-router/config/ + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: DYNAMIC_ROUTES + value: /opt/app/data-router/dynamic/routes + - name: KEY_MANAGER_PASSWORD + value: {{ .Values.config.keyManagerPassword }} + - name: PATH + value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + - name: JAVA_HOME + value: usr/lib/jvm/java-8-openjdk-amd64 + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/data-router/config/auth + name: {{ include "common.fullname" . }}-auth + - mountPath: /opt/app/data-router/config/data-router.properties + subPath: data-router.properties + name: {{ include "common.fullname" . }}-properties + - mountPath: /opt/app/data-router/config/schemaIngest.properties + subPath: schemaIngest.properties + name: {{ include "common.fullname" . }}-properties + - mountPath: /opt/app/data-router/dynamic/routes/entity-event.route + subPath: entity-event.route + name: {{ include "common.fullname" . }}-dynamic-route + - mountPath: /opt/app/data-router/dynamic/conf/entity-event-policy.xml + subPath: entity-event-policy.xml + name: {{ include "common.fullname" . }}-dynamic-policy + - mountPath: /opt/app/data-router/dynamic/conf/data-router-oxm.xml + subPath: data-router-oxm.xml + name: {{ include "common.fullname" . }}-dynamic-oxm + - mountPath: /opt/app/data-router/bundleconfig/etc/logback.xml + name: {{ include "common.fullname" . }}-logback-config + subPath: logback.xml + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /logs + name: {{ include "common.fullname" . }}-logs + + ports: + - containerPort: {{ .Values.service.internalPort }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ include "common.resources" . }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /logs + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: aai-filebeat + resources: +{{ include "common.resources" . }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: aai-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-auth + secret: + secretName: {{ include "common.fullname" . }} + - name: {{ include "common.fullname" . }}-properties + configMap: + name: {{ include "common.fullname" . }}-prop + items: + - key: data-router.properties + path: data-router.properties + - key: schemaIngest.properties + path: schemaIngest.properties + - name: {{ include "common.fullname" . }}-dynamic-route + configMap: + name: {{ include "common.fullname" . }}-dynamic + - name: {{ include "common.fullname" . }}-dynamic-policy + configMap: + name: {{ include "common.fullname" . }}-dynamic + - name: {{ include "common.fullname" . }}-dynamic-oxm + configMap: + name: {{ include "common.fullname" . }}-dynamic + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-logback-config + configMap: + name: {{ include "common.fullname" . }}-log-configmap + items: + - key: logback.xml + path: logback.xml + restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/charts/aai-data-router/templates/secret.yaml b/charts/aai-data-router/templates/secret.yaml new file mode 100644 index 0000000..6084ca3 --- /dev/null +++ b/charts/aai-data-router/templates/secret.yaml @@ -0,0 +1,27 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }} diff --git a/charts/aai-data-router/values.yaml b/charts/aai-data-router/values.yaml new file mode 100644 index 0000000..ddc7fd0 --- /dev/null +++ b/charts/aai-data-router/values.yaml @@ -0,0 +1,108 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for data-router. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + loggingImage: beats/filebeat:5.5.0 + +# application image +repository: nexus3.onap.org:10001 +image: onap/data-router:1.3.1 +pullPolicy: Always +restartPolicy: Always +flavor: small +dockerhubRepository: registry.hub.docker.com +ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + +# application configuration +config: + keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + name: aai-data-router + internalPort: 9502 + +ingress: + enabled: false + +persistence: + enabled: true + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + volumeReclaimPolicy: Retain + + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: <storageClass> + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + ## storageClass: "-" + accessMode: ReadWriteMany + size: 2Gi + mountPath: /dockerdata-nfs + mountSubPath: aai/data-router/logs + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.25 + memory: 750Mi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 0.5 + memory: 1536Mi + unlimited: {} + +# Entity Event route configuration +event: + port: + dmaap: 3905 + protocol: https + consumer: + topic: AAI-EVENT diff --git a/charts/aai-elasticsearch/.helmignore b/charts/aai-elasticsearch/.helmignore new file mode 100644 index 0000000..daebc7d --- /dev/null +++ b/charts/aai-elasticsearch/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/aai-elasticsearch/Chart.yaml b/charts/aai-elasticsearch/Chart.yaml new file mode 100644 index 0000000..fbc7abd --- /dev/null +++ b/charts/aai-elasticsearch/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAI elasticsearch +name: aai-elasticsearch +version: 4.0.0 diff --git a/charts/aai-elasticsearch/resources/bin/init_sg.sh b/charts/aai-elasticsearch/resources/bin/init_sg.sh new file mode 100644 index 0000000..e859365 --- /dev/null +++ b/charts/aai-elasticsearch/resources/bin/init_sg.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +/usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh \ + -cd /usr/share/elasticsearch/config/sg \ + -ks /usr/share/elasticsearch/config/sg/auth/{{ .Values.config.adminKeyStore }} \ + -ts /usr/share/elasticsearch/config/sg/auth/{{ .Values.config.trustStore }} \ + -kspass {{ .Values.config.adminKeyStorePassword }} \ + -tspass {{ .Values.config.trustStorePassword}} \ + -nhnv \ + -icl \ + -p {{ .Values.service.internalPort2 }}
\ No newline at end of file diff --git a/charts/aai-elasticsearch/resources/bin/run.sh b/charts/aai-elasticsearch/resources/bin/run.sh new file mode 100644 index 0000000..a612c74 --- /dev/null +++ b/charts/aai-elasticsearch/resources/bin/run.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +# Wait for ES to start then initialize SearchGuard +/usr/local/bin/docker-entrypoint.sh eswrapper & +/usr/share/elasticsearch/bin/wait_until_started.sh +/usr/share/elasticsearch/bin/init_sg.sh + +wait
\ No newline at end of file diff --git a/charts/aai-elasticsearch/resources/bin/wait_until_started.sh b/charts/aai-elasticsearch/resources/bin/wait_until_started.sh new file mode 100644 index 0000000..279253b --- /dev/null +++ b/charts/aai-elasticsearch/resources/bin/wait_until_started.sh @@ -0,0 +1,9 @@ +#!/bin/sh +RET=1 + +while [[ RET -ne 0 ]]; do + echo "Waiting for Elasticsearch to become ready before running sgadmin..." + curl -XGET -k "https://localhost:{{ .Values.service.internalPort }}/" >/dev/null 2>&1 + RET=$? + sleep 5 +done
\ No newline at end of file diff --git a/charts/aai-elasticsearch/resources/config/elasticsearch.yml b/charts/aai-elasticsearch/resources/config/elasticsearch.yml new file mode 100644 index 0000000..87536e3 --- /dev/null +++ b/charts/aai-elasticsearch/resources/config/elasticsearch.yml @@ -0,0 +1,397 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +##################### Elasticsearch Configuration Example ##################### + +# This file contains an overview of various configuration settings, +# targeted at operations staff. Application developers should +# consult the guide at <http://elasticsearch.org/guide>. +# +# The installation procedure is covered at +# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/setup.html>. +# +# Elasticsearch comes with reasonable defaults for most settings, +# so you can try it out without bothering with configuration. +# +# Most of the time, these defaults are just fine for running a production +# cluster. If you're fine-tuning your cluster, or wondering about the +# effect of certain configuration option, please _do ask_ on the +# mailing list or IRC channel [http://elasticsearch.org/community]. + +# Any element in the configuration can be replaced with environment variables +# by placing them in ${...} notation. For example: +# +# node.rack: ${RACK_ENV_VAR} + +# For information on supported formats and syntax for the config file, see +# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/setup-configuration.html> +################################### Cluster ################################### + +# Cluster name identifies your cluster for auto-discovery. If you're running +# multiple clusters on the same network, make sure you're using unique names. +# +# cluster.name: elasticsearch + +cluster.name: ES_AAI + +#################################### Node ##################################### + +node.name: ES_ONAP +node.master: true +node.data: true + + +# Use the Cluster Health API [http://localhost:9200/_cluster/health], the +# Node Info API [http://localhost:9200/_nodes] or GUI tools +# such as <http://www.elasticsearch.org/overview/marvel/>, +# <http://github.com/karmi/elasticsearch-paramedic>, +# <http://github.com/lukas-vlcek/bigdesk> and +# <http://mobz.github.com/elasticsearch-head> to inspect the cluster state. + +# By default, multiple nodes are allowed to start from the same installation location +# to disable it, set the following: + +node.max_local_storage_nodes: 1 + + +#################################### Index #################################### +# You can set a number of options (such as shard/replica options, mapping +# or analyzer definitions, translog settings, ...) for indices globally, +# in this file. +# +# Note, that it makes more sense to configure index settings specifically for +# a certain index, either when creating it or by using the index templates API. +# +# See <http://elasticsearch.org/guide/en/elasticsearch/reference/current/index-modules.html> and +# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/indices-create-index.html> +# for more information. + +# Set the number of shards (splits) of an index (5 by default): + +#index.number_of_shards: 5 + +# Set the number of replicas (additional copies) of an index (1 by default): + +#index.number_of_replicas: 1 + +# These settings directly affect the performance of index and search operations +# in your cluster. Assuming you have enough machines to hold shards and +# replicas, the rule of thumb is: +# +# 1. Having more *shards* enhances the _indexing_ performance and allows to +# _distribute_ a big index across machines. +# 2. Having more *replicas* enhances the _search_ performance and improves the +# cluster _availability_. +# +# The "number_of_shards" is a one-time setting for an index. +# +# The "number_of_replicas" can be increased or decreased anytime, +# by using the Index Update Settings API. +# +# Elasticsearch takes care about load balancing, relocating, gathering the +# results from nodes, etc. Experiment with different settings to fine-tune +# your setup. + +# Use the Index Status API (<http://localhost:9200/A/_status>) to inspect +# the index status. + + +#################################### Paths #################################### + +# Path to directory containing configuration (this file and logging.yml): +#path.conf: /opt/app/elasticsearch/config + +# Path to directory where to store index data allocated for this node. +# Use swm auto link to redirect the data directory if necessary. + +path.data: /usr/share/elasticsearch/data + +# path.data: /path/to/data1,/path/to/data2 + +# path.work: /path/to/work + +path.logs: /usr/share/elasticsearch/logs + +#path.plugins: /opt/app/elasticsearch/plugins + + +#################################### Plugin ################################### + +# If a plugin listed here is not installed for current node, the node will not start. +# +# plugin.mandatory: mapper-attachments,lang-groovy + + +################################### Memory #################################### + +# Elasticsearch performs poorly when JVM starts swapping: you should ensure that +# it _never_ swaps. +# +# Set this property to true to lock the memory: default is true + +#bootstrap.memory_lock: true + +# Make sure that the ES_MIN_MEM and ES_MAX_MEM environment variables are set +# to the same value, and that the machine has enough memory to allocate +# for Elasticsearch, leaving enough memory for the operating system itself. +# +# You should also make sure that the Elasticsearch process is allowed to lock +# the memory, eg. by using `ulimit -l unlimited`. + +### Kernel Settings + +# Elasticsearch installs system call filters of various flavors depending on the +# operating system (e.g., seccomp on Linux). These system call filters are +# installed to prevent the ability to execute system calls related to forking +# as a defense mechanism against arbitrary code execution attacks on +# Elasticsearch The system call filter check ensures that if system call +# filters are enabled, then they were successfully installed. To pass the system +# call filter check you must either fix any configuration errors on your system +# that prevented system call filters from installing (check your logs), or at +# your own risk disable system call filters by setting +# bootstrap.system_call_filter to false. +# See: https://www.elastic.co/guide/en/elasticsearch/reference/current/system-call-filter-check.html +# +# seccomp is found in Linux kernels: 2.6.37–2.6.39, 3.0–3.19, 4.0–4.9, +# 4.10-rc+HEAD +# +# The default setting is to disable the filters assuming an older kernel +# version where seccomp is not available. +# See: https://discuss.elastic.co/t/elasticsearch-warn-unable-to-install-syscall-filter/42819 + +bootstrap.system_call_filter: false + +############################## Network And HTTP ############################### +# Elasticsearch, by default, binds itself to the 0.0.0.0 address, and listens +# on port [9200-9300] for HTTP traffic and on port [9300-9400] for node-to-node +# communication. (the range means that if the port is busy, it will automatically +# try the next port). + +# Set the bind address specifically (IPv4 or IPv6): +network.bind_host: 0.0.0.0 + +# Set the address other nodes will use to communicate with this node. If not +# set, it is automatically derived. It must point to an actual IP address. + +# network.publish_host: 0.0.0.0 + +# Set both 'bind_host' and 'publish_host': +# network.host: 192.168.0.1 + + +# Set a custom port for the node to node communication (9300 by default): +transport.tcp.port: {{ .Values.service.internalPort2 }} + +# Enable compression for all communication between nodes (disabled by default): +transport.tcp.compress: false + +# Set a custom port to listen for HTTP traffic: +# http.port: 9200 +http.port: {{ .Values.service.internalPort }} + +# Set a custom allowed content length: +# http.max_content_length: 100mb +http.max_content_length: 100mb + +# Disable HTTP completely: +# http.enabled: false +http.enabled: true + +# This is specifically useful for permitting which front end Kibana Url's are permitted to access elastic search. +http.cors.enabled: false +http.cors.allow-origin: "/.*/" +http.cors.allow-headers: X-Requested-With, Content-Type, Content-Length +http.cors.allow-credentials: false +################################### Gateway ################################### + +# The gateway allows for persisting the cluster state between full cluster +# restarts. Every change to the state (such as adding an index) will be stored +# in the gateway, and when the cluster starts up for the first time, +# it will read its state from the gateway. +# There are several types of gateway implementations. For more information, see +# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-gateway.html>. + +# The default gateway type is the "local" gateway (recommended): +# +#gateway.type: local +#gateway.type: local + +# Settings below control how and when to start the initial recovery process on +# a full cluster restart (to reuse as much local data as possible when using shared +# gateway). + +# Allow recovery process after N nodes in a cluster are up: +# +# gateway.recover_after_nodes: 1 +gateway.recover_after_nodes: 1 + +# Set the timeout to initiate the recovery process, once the N nodes +# from previous setting are up (accepts time value): +# +#gateway.recover_after_time: 5m +gateway.recover_after_time: 5m + +# Set how many nodes are expected in this cluster. Once these N nodes +# are up (and recover_after_nodes is met), begin recovery process immediately +# (without waiting for recover_after_time to expire): +# +# gateway.expected_nodes: 2 +gateway.expected_nodes: 2 + +############################# Recovery Throttling ############################# + +# These settings allow to control the process of shards allocation between +# nodes during initial recovery, replica allocation, rebalancing, +# or when adding and removing nodes. + +# Set the number of concurrent recoveries happening on a node: +# +# 1. During the initial recovery +# +# cluster.routing.allocation.node_initial_primaries_recoveries: 4 +# +# 2. During adding/removing nodes, rebalancing, etc +# +# cluster.routing.allocation.node_concurrent_recoveries: 2 + +# Set to throttle throughput when recovering (eg. 100mb, by default 20mb): +# indices.recovery.max_bytes_per_sec: 20mb +indices.recovery.max_bytes_per_sec: 20mb + +# Set to limit the number of open concurrent streams when +# recovering a shard from a peer: +# +# indices.recovery.concurrent_streams: 5 +#indices.recovery.concurrent_streams: 5 + +################################## Discovery ################################## + +# Discovery infrastructure ensures nodes can be found within a cluster +# and master node is elected. Multicast discovery is the default. + +# Set to ensure a node sees N other master eligible nodes to be considered +# operational within the cluster. Its recommended to set it to a higher value +# than 1 when running more than 2 nodes in the cluster. +# +discovery.zen.minimum_master_nodes: 1 + +# Set the time to wait for ping responses from other nodes when discovering. +# Set this option to a higher value on a slow or congested network +# to minimize discovery failures: +# +# discovery.zen.ping_timeout: 3s +discovery.zen.ping_timeout: 3s + +# For more information, see +# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-discovery-zen.html> + +# Unicast discovery allows to explicitly control which nodes will be used +# to discover the cluster. It can be used when multicast is not present, +# or to restrict the cluster communication-wise. +# +# 1. Disable multicast discovery (enabled by default): +# discovery.zen.ping.multicast.enabled: false +#discovery.zen.ping.multicast.enabled: false + + +# 2. Configure an initial list of master nodes in the cluster +# to perform discovery when new nodes (master or data) are started: +# +# discovery.zen.ping.unicast.hosts: ["host1", "host2:port"] +discovery.zen.ping.unicast.hosts: ["0.0.0.0"] + +# EC2 discovery allows to use AWS EC2 API in order to perform discovery. +# +# You have to install the cloud-aws plugin for enabling the EC2 discovery. +# +# For more information, see +# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-discovery-ec2.html> +# +# +# See <http://elasticsearch.org/tutorials/elasticsearch-on-ec2/> +# for a step-by-step tutorial. + +# GCE discovery allows to use Google Compute Engine API in order to perform discovery. +# +# You have to install the cloud-gce plugin for enabling the GCE discovery. +# +# For more information, see <https://github.com/elasticsearch/elasticsearch-cloud-gce>. + +# Azure discovery allows to use Azure API in order to perform discovery. +# +# You have to install the cloud-azure plugin for enabling the Azure discovery. +# +# For more information, see <https://github.com/elasticsearch/elasticsearch-cloud-azure>. + +################################## Slow Log ################################## + +# Shard level query and fetch threshold logging. + +#index.search.slowlog.threshold.query.warn: 10s +#index.search.slowlog.threshold.query.info: 5s +#index.search.slowlog.threshold.query.debug: 2s +#index.search.slowlog.threshold.query.trace: 500ms + +#index.search.slowlog.threshold.fetch.warn: 1s +#index.search.slowlog.threshold.fetch.info: 800ms +#index.search.slowlog.threshold.fetch.debug: 500ms +#index.search.slowlog.threshold.fetch.trace: 200ms + +#index.indexing.slowlog.threshold.index.warn: 10s +#index.indexing.slowlog.threshold.index.info: 5s +#index.indexing.slowlog.threshold.index.debug: 2s +#index.indexing.slowlog.threshold.index.trace: 500ms + +################################## GC Logging ################################ + +#monitor.jvm.gc.young.warn: 1000ms +#monitor.jvm.gc.young.info: 700ms +#monitor.jvm.gc.young.debug: 400ms + +#monitor.jvm.gc.old.warn: 10s +#monitor.jvm.gc.old.info: 5s +#monitor.jvm.gc.old.debug: 2s + +############################################################################################# +### SEARCH GUARD SSL # +### Configuration # +############################################################################################### +######## Start Search Guard Demo Configuration ######## + +searchguard.enterprise_modules_enabled: false + +searchguard.ssl.transport.keystore_filepath: sg/auth/{{ .Values.config.nodeKeyStore }} +searchguard.ssl.transport.keystore_password: {{ .Values.config.nodeKeyStorePassword }} +searchguard.ssl.transport.truststore_filepath: sg/auth/{{ .Values.config.trustStore }} +searchguard.ssl.transport.truststore_password: {{ .Values.config.trustStorePassword }} +searchguard.ssl.transport.enforce_hostname_verification: false + +searchguard.ssl.http.enabled: true +searchguard.ssl.http.keystore_filepath: sg/auth/{{ .Values.config.nodeKeyStore }} +searchguard.ssl.http.keystore_password: {{ .Values.config.nodeKeyStorePassword }} +searchguard.ssl.http.truststore_filepath: sg/auth/{{ .Values.config.trustStore }} +searchguard.ssl.http.truststore_password: {{ .Values.config.trustStorePassword }} + +searchguard.nodes_dn: + - CN=esaai + +searchguard.authcz.admin_dn: + - CN=sgadmin + +# x-pack security conflicts with searchguard +xpack.security.enabled: false +xpack.ml.enabled: false +xpack.monitoring.enabled: false +xpack.watcher.enabled: false diff --git a/charts/aai-elasticsearch/resources/config/jvm.options b/charts/aai-elasticsearch/resources/config/jvm.options new file mode 100644 index 0000000..e69d798 --- /dev/null +++ b/charts/aai-elasticsearch/resources/config/jvm.options @@ -0,0 +1,117 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## JVM configuration + +################################################################ +## IMPORTANT: JVM heap size +################################################################ +## +## You should always set the min and max JVM heap +## size to the same value. For example, to set +## the heap to 4 GB, set: +## +## -Xms4g +## -Xmx4g +## +## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html +## for more information +## +################################################################ + +# Xms represents the initial size of total heap space +# Xmx represents the maximum size of total heap space + +-Xms1g +-Xmx1g + +################################################################ +## Expert settings +################################################################ +## +## All settings below this section are considered +## expert settings. Don't tamper with them unless +## you understand what you are doing +## +################################################################ + +## GC configuration +-XX:+UseConcMarkSweepGC +-XX:CMSInitiatingOccupancyFraction=75 +-XX:+UseCMSInitiatingOccupancyOnly + +## optimizations + +# pre-touch memory pages used by the JVM during initialization +-XX:+AlwaysPreTouch + +## basic + +# force the server VM +-server + +# explicitly set the stack size +-Xss1m + +# set to headless, just in case +-Djava.awt.headless=true + +# ensure UTF-8 encoding by default (e.g. filenames) +-Dfile.encoding=UTF-8 + +# use our provided JNA always versus the system one +-Djna.nosys=true + +# turn off a JDK optimization that throws away stack traces for common +# exceptions because stack traces are important for debugging +-XX:-OmitStackTraceInFastThrow + +# flags to configure Netty +-Dio.netty.noUnsafe=true +-Dio.netty.noKeySetOptimization=true +-Dio.netty.recycler.maxCapacityPerThread=0 + +# log4j 2 +-Dlog4j.shutdownHookEnabled=false +-Dlog4j2.disable.jmx=true + +## heap dumps + +# generate a heap dump when an allocation from the Java heap fails +# heap dumps are created in the working directory of the JVM +-XX:+HeapDumpOnOutOfMemoryError + +# specify an alternative path for heap dumps +# ensure the directory exists and has sufficient space +#-XX:HeapDumpPath=/heap/dump/path + +## GC logging + +#-XX:+PrintGCDetails +#-XX:+PrintGCTimeStamps +#-XX:+PrintGCDateStamps +#-XX:+PrintClassHistogram +#-XX:+PrintTenuringDistribution +#-XX:+PrintGCApplicationStoppedTime + +# log GC status to a file with time stamps +# ensure the directory exists +#-Xloggc:${loggc} + +# By default, the GC log file will not rotate. +# By uncommenting the lines below, the GC log file +# will be rotated every 128MB at most 32 times. +#-XX:+UseGCLogFileRotation +#-XX:NumberOfGCLogFiles=32 +#-XX:GCLogFileSize=128M diff --git a/charts/aai-elasticsearch/resources/config/log4j2.properties b/charts/aai-elasticsearch/resources/config/log4j2.properties new file mode 100644 index 0000000..e674865 --- /dev/null +++ b/charts/aai-elasticsearch/resources/config/log4j2.properties @@ -0,0 +1,88 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +status = error + +# log action execution errors for easier debugging +logger.action.name = org.elasticsearch.action +logger.action.level = INFO + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + +appender.rolling.type = RollingFile +appender.rolling.name = rolling +appender.rolling.fileName = ${sys:es.logs.base_path}.log +appender.rolling.layout.type = PatternLayout +appender.rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.10000m%n +appender.rolling.filePattern = ${sys:es.logs.base_path}-%d{yyyy-MM-dd}.log +appender.rolling.policies.type = Policies +appender.rolling.policies.time.type = TimeBasedTriggeringPolicy +appender.rolling.policies.time.interval = 1 +appender.rolling.policies.time.modulate = true + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console +rootLogger.appenderRef.rolling.ref = rolling + +# appender.deprecation_rolling.type = RollingFile +# appender.deprecation_rolling.name = deprecation_rolling +# appender.deprecation_rolling.fileName = ${sys:es.logs.base_path}_deprecation.log +# appender.deprecation_rolling.layout.type = PatternLayout +# appender.deprecation_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.10000m%n +# appender.deprecation_rolling.filePattern = ${sys:es.logs.base_path}_deprecation-%i.log.gz +# appender.deprecation_rolling.policies.type = Policies +# appender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicy +# appender.deprecation_rolling.policies.size.size = 1GB +# appender.deprecation_rolling.strategy.type = DefaultRolloverStrategy +# appender.deprecation_rolling.strategy.max = 4 + +# logger.deprecation.name = org.elasticsearch.deprecation +# logger.deprecation.level = warn +# logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling +# logger.deprecation.additivity = false + +appender.index_search_slowlog_rolling.type = RollingFile +appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling +appender.index_search_slowlog_rolling.fileName = ${sys:es.logs.base_path}_index_search_slowlog.log +appender.index_search_slowlog_rolling.layout.type = PatternLayout +appender.index_search_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.10000m%n +appender.index_search_slowlog_rolling.filePattern = ${sys:es.logs.base_path}_index_search_slowlog-%d{yyyy-MM-dd}.log +appender.index_search_slowlog_rolling.policies.type = Policies +appender.index_search_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy +appender.index_search_slowlog_rolling.policies.time.interval = 1 +appender.index_search_slowlog_rolling.policies.time.modulate = true + +logger.index_search_slowlog_rolling.name = index.search.slowlog +logger.index_search_slowlog_rolling.level = trace +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling +logger.index_search_slowlog_rolling.additivity = false + +appender.index_indexing_slowlog_rolling.type = RollingFile +appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling +appender.index_indexing_slowlog_rolling.fileName = ${sys:es.logs.base_path}_index_indexing_slowlog.log +appender.index_indexing_slowlog_rolling.layout.type = PatternLayout +appender.index_indexing_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.10000m%n +appender.index_indexing_slowlog_rolling.filePattern = ${sys:es.logs.base_path}_index_indexing_slowlog-%d{yyyy-MM-dd}.log +appender.index_indexing_slowlog_rolling.policies.type = Policies +appender.index_indexing_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy +appender.index_indexing_slowlog_rolling.policies.time.interval = 1 +appender.index_indexing_slowlog_rolling.policies.time.modulate = true + +logger.index_indexing_slowlog.name = index.indexing.slowlog.index +logger.index_indexing_slowlog.level = trace +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling +logger.index_indexing_slowlog.additivity = false diff --git a/charts/aai-elasticsearch/resources/config/sg/auth/esaai-keystore.jks b/charts/aai-elasticsearch/resources/config/sg/auth/esaai-keystore.jks Binary files differnew file mode 100644 index 0000000..21ec9bb --- /dev/null +++ b/charts/aai-elasticsearch/resources/config/sg/auth/esaai-keystore.jks diff --git a/charts/aai-elasticsearch/resources/config/sg/auth/sgadmin-keystore.p12 b/charts/aai-elasticsearch/resources/config/sg/auth/sgadmin-keystore.p12 Binary files differnew file mode 100644 index 0000000..db7cbf4 --- /dev/null +++ b/charts/aai-elasticsearch/resources/config/sg/auth/sgadmin-keystore.p12 diff --git a/charts/aai-elasticsearch/resources/config/sg/auth/truststore.jks b/charts/aai-elasticsearch/resources/config/sg/auth/truststore.jks Binary files differnew file mode 100644 index 0000000..b3bd666 --- /dev/null +++ b/charts/aai-elasticsearch/resources/config/sg/auth/truststore.jks diff --git a/charts/aai-elasticsearch/resources/config/sg/sg_action_groups.yml b/charts/aai-elasticsearch/resources/config/sg/sg_action_groups.yml new file mode 100644 index 0000000..be5901a --- /dev/null +++ b/charts/aai-elasticsearch/resources/config/sg/sg_action_groups.yml @@ -0,0 +1,137 @@ +UNLIMITED: + readonly: true + permissions: + - "*" + +###### INDEX LEVEL ###### + +INDICES_ALL: + readonly: true + permissions: + - "indices:*" + +# for backward compatibility +ALL: + readonly: true + permissions: + - INDICES_ALL + +MANAGE: + readonly: true + permissions: + - "indices:monitor/*" + - "indices:admin/*" + +CREATE_INDEX: + readonly: true + permissions: + - "indices:admin/create" + - "indices:admin/mapping/put" + +MANAGE_ALIASES: + readonly: true + permissions: + - "indices:admin/aliases*" + +# for backward compatibility +MONITOR: + readonly: true + permissions: + - INDICES_MONITOR + +INDICES_MONITOR: + readonly: true + permissions: + - "indices:monitor/*" + +DATA_ACCESS: + readonly: true + permissions: + - "indices:data/*" + - CRUD + +WRITE: + readonly: true + permissions: + - "indices:data/write*" + - "indices:admin/mapping/put" + +READ: + readonly: true + permissions: + - "indices:data/read*" + - "indices:admin/mappings/fields/get*" + +DELETE: + readonly: true + permissions: + - "indices:data/write/delete*" + +CRUD: + readonly: true + permissions: + - READ + - WRITE + +SEARCH: + readonly: true + permissions: + - "indices:data/read/search*" + - "indices:data/read/msearch*" + - SUGGEST + +SUGGEST: + readonly: true + permissions: + - "indices:data/read/suggest*" + +INDEX: + readonly: true + permissions: + - "indices:data/write/index*" + - "indices:data/write/update*" + - "indices:admin/mapping/put" + - "indices:data/write/bulk*" + +GET: + readonly: true + permissions: + - "indices:data/read/get*" + - "indices:data/read/mget*" + +###### CLUSTER LEVEL ###### + +CLUSTER_ALL: + readonly: true + permissions: + - "cluster:*" + +CLUSTER_MONITOR: + readonly: true + permissions: + - "cluster:monitor/*" + +CLUSTER_COMPOSITE_OPS_RO: + readonly: true + permissions: + - "indices:data/read/mget" + - "indices:data/read/msearch" + - "indices:data/read/mtv" + - "indices:data/read/coordinate-msearch*" + - "indices:admin/aliases/exists*" + - "indices:admin/aliases/get*" + - "indices:data/read/scroll" + +CLUSTER_COMPOSITE_OPS: + readonly: true + permissions: + - "indices:data/write/bulk" + - "indices:admin/aliases*" + - "indices:data/write/reindex" + - CLUSTER_COMPOSITE_OPS_RO + +MANAGE_SNAPSHOTS: + readonly: true + permissions: + - "cluster:admin/snapshot/*" + - "cluster:admin/repository/*"
\ No newline at end of file diff --git a/charts/aai-elasticsearch/resources/config/sg/sg_config.yml b/charts/aai-elasticsearch/resources/config/sg/sg_config.yml new file mode 100644 index 0000000..9172b71 --- /dev/null +++ b/charts/aai-elasticsearch/resources/config/sg/sg_config.yml @@ -0,0 +1,221 @@ +# This is the main Search Guard configuration file where authentication +# and authorization is defined. +# +# You need to configure at least one authentication domain in the authc of this file. +# An authentication domain is responsible for extracting the user credentials from +# the request and for validating them against an authentication backend like Active Directory for example. +# +# If more than one authentication domain is configured the first one which succeeds wins. +# If all authentication domains fail then the request is unauthenticated. +# In this case an exception is thrown and/or the HTTP status is set to 401. +# +# After authentication authorization (authz) will be applied. There can be zero or more authorizers which collect +# the roles from a given backend for the authenticated user. +# +# Both, authc and auth can be enabled/disabled separately for REST and TRANSPORT layer. Default is true for both. +# http_enabled: true +# transport_enabled: true +# +# 5.x Migration: "enabled: true/false" will also be respected currently but only to provide backward compatibility. +# +# For HTTP it is possible to allow anonymous authentication. If that is the case then the HTTP authenticators try to +# find user credentials in the HTTP request. If credentials are found then the user gets regularly authenticated. +# If none can be found the user will be authenticated as an "anonymous" user. This user has always the username "sg_anonymous" +# and one role named "sg_anonymous_backendrole". +# If you enable anonymous authentication all HTTP authenticators will not challenge. +# +# +# Note: If you define more than one HTTP authenticators make sure to put non-challenging authenticators like "proxy" or "clientcert" +# first and the challenging one last. +# Because it's not possible to challenge a client with two different authentication methods (for example +# Kerberos and Basic) only one can have the challenge flag set to true. You can cope with this situation +# by using pre-authentication, e.g. sending a HTTP Basic authentication header in the request. +# +# Default value of the challenge flag is true. +# +# +# HTTP +# basic (challenging) +# proxy (not challenging, needs xff) +# kerberos (challenging) +# clientcert (not challenging, needs https) +# jwt (not challenging) +# host (not challenging) #DEPRECATED, will be removed in a future version. +# host based authentication is configurable in sg_roles_mapping + +# Authc +# internal +# noop +# ldap + +# Authz +# ldap +# noop + +searchguard: + dynamic: + # Set filtered_alias_mode to 'disallow' to forbid more than 2 filtered aliases per index + # Set filtered_alias_mode to 'warn' to allow more than 2 filtered aliases per index but warns about it (default) + # Set filtered_alias_mode to 'nowarn' to allow more than 2 filtered aliases per index silently + #filtered_alias_mode: warn + #kibana: + # Kibana multitenancy + # see https://github.com/floragunncom/search-guard-docs/blob/master/multitenancy.md + # To make this work you need to install https://github.com/floragunncom/search-guard-module-kibana-multitenancy/wiki + #multitenancy_enabled: true + #server_username: kibanaserver + #index: '.kibana' + #do_not_fail_on_forbidden: false + http: + anonymous_auth_enabled: false + xff: + enabled: false + internalProxies: '192\.168\.0\.10|192\.168\.0\.11' # regex pattern + #internalProxies: '.*' # trust all internal proxies, regex pattern + remoteIpHeader: 'x-forwarded-for' + proxiesHeader: 'x-forwarded-by' + #trustedProxies: '.*' # trust all external proxies, regex pattern + ###### see https://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html for regex help + ###### more information about XFF https://en.wikipedia.org/wiki/X-Forwarded-For + ###### and here https://tools.ietf.org/html/rfc7239 + ###### and https://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Remote_IP_Valve + authc: + kerberos_auth_domain: + http_enabled: false + transport_enabled: false + order: 6 + http_authenticator: + type: kerberos + challenge: true + config: + # If true a lot of kerberos/security related debugging output will be logged to standard out + krb_debug: false + # If true then the realm will be stripped from the user name + strip_realm_from_principal: true + authentication_backend: + type: noop + basic_internal_auth_domain: + http_enabled: true + transport_enabled: true + order: 2 + http_authenticator: + type: basic + challenge: true + authentication_backend: + type: intern + proxy_auth_domain: + http_enabled: false + transport_enabled: false + order: 3 + http_authenticator: + type: proxy + challenge: false + config: + user_header: "x-proxy-user" + roles_header: "x-proxy-roles" + authentication_backend: + type: noop + jwt_auth_domain: + http_enabled: false + transport_enabled: false + order: 0 + http_authenticator: + type: jwt + challenge: false + config: + signing_key: "base64 encoded HMAC key or public RSA/ECDSA pem key" + jwt_header: "Authorization" + jwt_url_parameter: null + roles_key: null + subject_key: null + authentication_backend: + type: noop + clientcert_auth_domain: + http_enabled: true + transport_enabled: true + order: 1 + http_authenticator: + type: clientcert + config: + username_attribute: cn #optional, if omitted DN becomes username + challenge: false + authentication_backend: + type: noop + ldap: + http_enabled: false + transport_enabled: false + order: 5 + http_authenticator: + type: basic + challenge: false + authentication_backend: + # LDAP authentication backend (authenticate users against a LDAP or Active Directory) + type: ldap + config: + # enable ldaps + enable_ssl: false + # enable start tls, enable_ssl should be false + enable_start_tls: false + # send client certificate + enable_ssl_client_auth: false + # verify ldap hostname + verify_hostnames: true + hosts: + - localhost:8389 + bind_dn: null + password: null + userbase: 'ou=people,dc=example,dc=com' + # Filter to search for users (currently in the whole subtree beneath userbase) + # {0} is substituted with the username + usersearch: '(sAMAccountName={0})' + # Use this attribute from the user as username (if not set then DN is used) + username_attribute: null + authz: + roles_from_myldap: + http_enabled: false + transport_enabled: false + authorization_backend: + # LDAP authorization backend (gather roles from a LDAP or Active Directory, you have to configure the above LDAP authentication backend settings too) + type: ldap + config: + # enable ldaps + enable_ssl: false + # enable start tls, enable_ssl should be false + enable_start_tls: false + # send client certificate + enable_ssl_client_auth: false + # verify ldap hostname + verify_hostnames: true + hosts: + - localhost:8389 + bind_dn: null + password: null + rolebase: 'ou=groups,dc=example,dc=com' + # Filter to search for roles (currently in the whole subtree beneath rolebase) + # {0} is substituted with the DN of the user + # {1} is substituted with the username + # {2} is substituted with an attribute value from user's directory entry, of the authenticated user. Use userroleattribute to specify the name of the attribute + rolesearch: '(member={0})' + # Specify the name of the attribute which value should be substituted with {2} above + userroleattribute: null + # Roles as an attribute of the user entry + userrolename: disabled + #userrolename: memberOf + # The attribute in a role entry containing the name of that role, Default is "name". + # Can also be "dn" to use the full DN as rolename. + rolename: cn + # Resolve nested roles transitive (roles which are members of other roles and so on ...) + resolve_nested_roles: true + userbase: 'ou=people,dc=example,dc=com' + # Filter to search for users (currently in the whole subtree beneath userbase) + # {0} is substituted with the username + usersearch: '(uid={0})' + # Skip users matching a user name, a wildcard or a regex pattern + #skip_users: + # - 'cn=Michael Jackson,ou*people,o=TEST' + # - '/\S*/' + roles_from_another_ldap: + enabled: false + authorization_backend: + type: ldap + #config goes here ... diff --git a/charts/aai-elasticsearch/resources/config/sg/sg_internal_users.yml b/charts/aai-elasticsearch/resources/config/sg/sg_internal_users.yml new file mode 100644 index 0000000..942a716 --- /dev/null +++ b/charts/aai-elasticsearch/resources/config/sg/sg_internal_users.yml @@ -0,0 +1,45 @@ +# This is the internal user database +# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh + +#password is: admin +admin: + readonly: true + hash: $2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG + roles: + - admin + attributes: + #no dots allowed in attribute names + attribute1: value1 + attribute2: value2 + attribute3: value3 + +#password is: logstash +logstash: + hash: $2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2 + roles: + - logstash + +#password is: kibanaserver +kibanaserver: + readonly: true + hash: $2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H. + +#password is: kibanaro +kibanaro: + hash: $2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC + roles: + - kibanauser + - readall + +#password is: readall +readall: + hash: $2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2 + #password is: readall + roles: + - readall + +#password is: snapshotrestore +snapshotrestore: + hash: $2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W + roles: + - snapshotrestore
\ No newline at end of file diff --git a/charts/aai-elasticsearch/resources/config/sg/sg_roles.yml b/charts/aai-elasticsearch/resources/config/sg/sg_roles.yml new file mode 100644 index 0000000..c918e85 --- /dev/null +++ b/charts/aai-elasticsearch/resources/config/sg/sg_roles.yml @@ -0,0 +1,262 @@ +# Allows everything, but no changes to searchguard configuration index +sg_all_access: + readonly: true + cluster: + - UNLIMITED + indices: + '*': + '*': + - UNLIMITED + tenants: + admin_tenant: RW + +# Read all, but no write permissions +sg_readall: + readonly: true + cluster: + - CLUSTER_COMPOSITE_OPS_RO + indices: + '*': + '*': + - READ + +# Read all and monitor, but no write permissions +sg_readall_and_monitor: + cluster: + - CLUSTER_MONITOR + - CLUSTER_COMPOSITE_OPS_RO + indices: + '*': + '*': + - READ + +# For users which use kibana, access to indices must be granted separately +sg_kibana_user: + readonly: true + cluster: + - INDICES_MONITOR + - CLUSTER_COMPOSITE_OPS + indices: + '?kibana': + '*': + - MANAGE + - INDEX + - READ + - DELETE + '?kibana-6': + '*': + - MANAGE + - INDEX + - READ + - DELETE + '?kibana_*': + '*': + - MANAGE + - INDEX + - READ + - DELETE + '?tasks': + '*': + - INDICES_ALL + '?management-beats': + '*': + - INDICES_ALL + '*': + '*': + - indices:data/read/field_caps* + - indices:data/read/xpack/rollup* + - indices:admin/mappings/get* + - indices:admin/get + +# For the kibana server +sg_kibana_server: + readonly: true + cluster: + - CLUSTER_MONITOR + - CLUSTER_COMPOSITE_OPS + - cluster:admin/xpack/monitoring* + - indices:admin/template* + - indices:data/read/scroll* + indices: + '?kibana': + '*': + - INDICES_ALL + '?kibana-6': + '*': + - INDICES_ALL + '?kibana_*': + '*': + - INDICES_ALL + '?reporting*': + '*': + - INDICES_ALL + '?monitoring*': + '*': + - INDICES_ALL + '?tasks': + '*': + - INDICES_ALL + '?management-beats*': + '*': + - INDICES_ALL + '*': + '*': + - "indices:admin/aliases*" + +# For logstash and beats +sg_logstash: + cluster: + - CLUSTER_MONITOR + - CLUSTER_COMPOSITE_OPS + - indices:admin/template/get + - indices:admin/template/put + indices: + 'logstash-*': + '*': + - CRUD + - CREATE_INDEX + '*beat*': + '*': + - CRUD + - CREATE_INDEX + +# Allows adding and modifying repositories and creating and restoring snapshots +sg_manage_snapshots: + cluster: + - MANAGE_SNAPSHOTS + indices: + '*': + '*': + - "indices:data/write/index" + - "indices:admin/create" + +# Allows each user to access own named index +sg_own_index: + cluster: + - CLUSTER_COMPOSITE_OPS + indices: + '${user_name}': + '*': + - INDICES_ALL + +### X-Pack COMPATIBILITY +sg_xp_monitoring: + readonly: true + cluster: + - cluster:monitor/xpack/info + - cluster:monitor/main + - cluster:admin/xpack/monitoring/bulk + indices: + '?monitor*': + '*': + - INDICES_ALL + +sg_xp_alerting: + readonly: true + cluster: + - indices:data/read/scroll + - cluster:admin/xpack/watcher* + - cluster:monitor/xpack/watcher* + indices: + '?watches*': + '*': + - INDICES_ALL + '?watcher-history-*': + '*': + - INDICES_ALL + '?triggered_watches': + '*': + - INDICES_ALL + '*': + '*': + - READ + - indices:admin/aliases/get + +sg_xp_machine_learning: + readonly: true + cluster: + - cluster:admin/persistent* + - cluster:internal/xpack/ml* + - indices:data/read/scroll* + - cluster:admin/xpack/ml* + - cluster:monitor/xpack/ml* + indices: + '*': + '*': + - READ + - indices:admin/get* + '?ml-*': + '*': + - "*" + +### LEGACY ROLES, FOR COMPATIBILITY ONLY +### WILL BE REMOVED IN SG7, DO NOT USE ANYMORE + +sg_readonly_and_monitor: + cluster: + - CLUSTER_MONITOR + - CLUSTER_COMPOSITE_OPS_RO + indices: + '*': + '*': + - READ + +# Make xpack monitoring work +sg_monitor: + cluster: + - cluster:admin/xpack/monitoring/* + - cluster:admin/ingest/pipeline/put + - cluster:admin/ingest/pipeline/get + - indices:admin/template/get + - indices:admin/template/put + - CLUSTER_MONITOR + - CLUSTER_COMPOSITE_OPS + indices: + '?monitor*': + '*': + - INDICES_ALL + '?marvel*': + '*': + - INDICES_ALL + '?kibana*': + '*': + - READ + '*': + '*': + - indices:data/read/field_caps + +# Make xpack alerting work +sg_alerting: + cluster: + - indices:data/read/scroll + - cluster:admin/xpack/watcher/watch/put + - cluster:admin/xpack/watcher* + - CLUSTER_MONITOR + - CLUSTER_COMPOSITE_OPS + indices: + '?kibana*': + '*': + - READ + '?watches*': + '*': + - INDICES_ALL + '?watcher-history-*': + '*': + - INDICES_ALL + '?triggered_watches': + '*': + - INDICES_ALL + '*': + '*': + - READ + + +sg_role_test: + cluster: + - indices:admin/template/get + - indices:admin/template/put + - CLUSTER_COMPOSITE_OPS + indices: + '*': + '*': + - UNLIMITED diff --git a/charts/aai-elasticsearch/resources/config/sg/sg_roles_mapping.yml b/charts/aai-elasticsearch/resources/config/sg/sg_roles_mapping.yml new file mode 100644 index 0000000..970e027 --- /dev/null +++ b/charts/aai-elasticsearch/resources/config/sg/sg_roles_mapping.yml @@ -0,0 +1,38 @@ +# In this file users, backendroles and hosts can be mapped to Search Guard roles. +# Permissions for Search Guard roles are configured in sg_roles.yml + +sg_all_access: + readonly: true + backendroles: + - admin + +sg_logstash: + backendroles: + - logstash + +sg_kibana_server: + readonly: true + users: + - kibanaserver + +sg_kibana_user: + backendroles: + - kibanauser + +sg_readall: + readonly: true + backendroles: + - readall + +sg_manage_snapshots: + readonly: true + backendroles: + - snapshotrestore + +sg_own_index: + users: + - '*' + +sg_role_test: + users: + - test diff --git a/charts/aai-elasticsearch/templates/configmap.yaml b/charts/aai-elasticsearch/templates/configmap.yaml new file mode 100644 index 0000000..4be124f --- /dev/null +++ b/charts/aai-elasticsearch/templates/configmap.yaml @@ -0,0 +1,52 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-es-config + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-sg-scripts + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/bin/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-sg-config + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/sg/*").AsConfig . | indent 2 }} diff --git a/charts/aai-elasticsearch/templates/deployment.yaml b/charts/aai-elasticsearch/templates/deployment.yaml new file mode 100644 index 0000000..785693a --- /dev/null +++ b/charts/aai-elasticsearch/templates/deployment.yaml @@ -0,0 +1,144 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + spec: + hostname: {{ include "common.name" . }} + initContainers: + - command: + - /bin/sh + - -c + - | + sysctl -w vm.max_map_count=262144 + mkdir -p /logroot/elasticsearch/logs + mkdir -p /logroot/elasticsearch/data + chmod -R 777 /logroot/elasticsearch + chown -R 1000:1000 /logroot + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + securityContext: + privileged: true + image: {{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} + name: init-sysctl + volumeMounts: + - name: elasticsearch-data + mountPath: /logroot/ + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPort2 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - name: localtime + mountPath: /etc/localtime + readOnly: true + - name: elasticsearch-config + subPath: elasticsearch.yml + mountPath: /usr/share/elasticsearch/config/elasticsearch.yml + - name: elasticsearch-config + subPath: jvm.options + mountPath: /usr/share/elasticsearch/config/jvm.options + - name: elasticsearch-config + subPath: log4j2.properties + mountPath: /usr/share/elasticsearch/config/log4j2.properties + - name: searchguard-scripts + subPath: run.sh + mountPath: /usr/share/elasticsearch/bin/run.sh + - name: searchguard-scripts + subPath: wait_until_started.sh + mountPath: /usr/share/elasticsearch/bin/wait_until_started.sh + - name: searchguard-scripts + subPath: init_sg.sh + mountPath: /usr/share/elasticsearch/bin/init_sg.sh + - name: searchguard-config + mountPath: /usr/share/elasticsearch/config/sg + - name: searchguard-auth-config + mountPath: /usr/share/elasticsearch/config/sg/auth + - name: elasticsearch-data + mountPath: /usr/share/elasticsearch/data + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: elasticsearch-config + configMap: + name: {{ include "common.fullname" . }}-es-config + - name: searchguard-scripts + configMap: + name: {{ include "common.fullname" . }}-sg-scripts + defaultMode: 0754 + - name: searchguard-config + configMap: + name: {{ include "common.fullname" . }}-sg-config + - name: searchguard-auth-config + secret: + secretName: {{ include "common.fullname" . }}-sg-auth + - name: elasticsearch-data + hostPath: + path: {{ .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} + restartPolicy: {{ .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/charts/aai-elasticsearch/templates/secrets.yaml b/charts/aai-elasticsearch/templates/secrets.yaml new file mode 100644 index 0000000..34b272f --- /dev/null +++ b/charts/aai-elasticsearch/templates/secrets.yaml @@ -0,0 +1,22 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-sg-auth + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/sg/auth/*").AsSecrets . | indent 2 }}
\ No newline at end of file diff --git a/charts/aai-elasticsearch/templates/service.yaml b/charts/aai-elasticsearch/templates/service.yaml new file mode 100644 index 0000000..d119912 --- /dev/null +++ b/charts/aai-elasticsearch/templates/service.yaml @@ -0,0 +1,44 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + name: {{ .Values.service.portName2 }} + {{- else -}} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + clusterIP: None diff --git a/charts/aai-elasticsearch/values.yaml b/charts/aai-elasticsearch/values.yaml new file mode 100644 index 0000000..ea82c99 --- /dev/null +++ b/charts/aai-elasticsearch/values.yaml @@ -0,0 +1,105 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for elasticsearch. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + +# application image +image: onap/elasticsearch-sg:1.4-STAGING-latest +pullPolicy: Always +restartPolicy: Always + +flavor: small + +# application configuration +config: + tcpPort: 8443 + nodeKeyStore: esaai-keystore.jks + nodeKeyStorePassword: b87b46d3da7d3d4aadfe + adminKeyStore: sgadmin-keystore.p12 + adminKeyStorePassword: 341274302a70ad691e12 + trustStore: truststore.jks + trustStorePassword: b200926e9da205487f63 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: ClusterIP + name: aai-elasticsearch + portName: aai-elasticsearch + internalPort: 9200 + portName2: aai-elasticsearch-tcp + internalPort2: 8443 + +ingress: + enabled: false + +persistence: + enabled: true + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + volumeReclaimPolicy: Retain + + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: <storageClass> + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + ## storageClass: "-" + accessMode: ReadWriteMany + size: 2Gi + mountPath: /dockerdata-nfs + mountSubPath: aai/elasticsearch/data + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.5 + memory: 2Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 1 + memory: 4Gi + unlimited: {} diff --git a/charts/aai-gizmo/.helmignore b/charts/aai-gizmo/.helmignore new file mode 100644 index 0000000..daebc7d --- /dev/null +++ b/charts/aai-gizmo/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/aai-gizmo/Chart.yaml b/charts/aai-gizmo/Chart.yaml new file mode 100644 index 0000000..98dba95 --- /dev/null +++ b/charts/aai-gizmo/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Gizmo service +name: aai-gizmo +version: 4.0.0 diff --git a/charts/aai-gizmo/resources/config/README.txt b/charts/aai-gizmo/resources/config/README.txt new file mode 100644 index 0000000..3761781 --- /dev/null +++ b/charts/aai-gizmo/resources/config/README.txt @@ -0,0 +1,24 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +This directory contains all external configuration files that +need to be mounted into an application container. + +See the configmap.yaml in the templates directory for an example +of how to load (ie map) config files from this directory, into +Kubernetes, for distribution within the k8s cluster. + +See deployment.yaml in the templates directory for an example +of how the 'config mapped' files are then mounted into the +containers. diff --git a/charts/aai-gizmo/resources/config/auth/champ-cert.p12 b/charts/aai-gizmo/resources/config/auth/champ-cert.p12 Binary files differnew file mode 100644 index 0000000..dbf4fca --- /dev/null +++ b/charts/aai-gizmo/resources/config/auth/champ-cert.p12 diff --git a/charts/aai-gizmo/resources/config/auth/client-cert.p12 b/charts/aai-gizmo/resources/config/auth/client-cert.p12 Binary files differnew file mode 100644 index 0000000..dbf4fca --- /dev/null +++ b/charts/aai-gizmo/resources/config/auth/client-cert.p12 diff --git a/charts/aai-gizmo/resources/config/auth/crud_policy.json b/charts/aai-gizmo/resources/config/auth/crud_policy.json new file mode 100644 index 0000000..7a5007e --- /dev/null +++ b/charts/aai-gizmo/resources/config/auth/crud_policy.json @@ -0,0 +1,18 @@ +{
+ "roles": [
+ {
+ "name": "admin",
+ "functions": [
+ {
+ "name": "crud", "methods": [ { "name": "GET" },{ "name": "DELETE" }, { "name": "PUT" }, { "name": "POST" }, { "name": "PATCH"} ]
+ }
+ ],
+
+ "users": [
+ {
+ "username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file diff --git a/charts/aai-gizmo/resources/config/auth/datarouter-cert.p12 b/charts/aai-gizmo/resources/config/auth/datarouter-cert.p12 Binary files differnew file mode 100644 index 0000000..dbf4fca --- /dev/null +++ b/charts/aai-gizmo/resources/config/auth/datarouter-cert.p12 diff --git a/charts/aai-gizmo/resources/config/auth/tomcat_keystore b/charts/aai-gizmo/resources/config/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000..9eec841 --- /dev/null +++ b/charts/aai-gizmo/resources/config/auth/tomcat_keystore diff --git a/charts/aai-gizmo/resources/config/crud-api.properties b/charts/aai-gizmo/resources/config/crud-api.properties new file mode 100644 index 0000000..0b7f95f --- /dev/null +++ b/charts/aai-gizmo/resources/config/crud-api.properties @@ -0,0 +1,20 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# CRUD-API configuration + +crud.async.request.timeout=60000 +crud.async.response.process.poll.interval=1000 +crud.collection.properties.key=properties diff --git a/charts/aai-gizmo/resources/config/crud-beans.xml b/charts/aai-gizmo/resources/config/crud-beans.xml new file mode 100644 index 0000000..e0ab32b --- /dev/null +++ b/charts/aai-gizmo/resources/config/crud-beans.xml @@ -0,0 +1,47 @@ +<!-- +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--> + +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:util="http://www.springframework.org/schema/util" + xsi:schemaLocation=" + http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/util + http://www.springframework.org/schema/util/spring-util.xsd + "> + + <bean id="champDao" class="org.onap.crud.dao.champ.ChampDao"> + <constructor-arg name="champUrl" value="https://aai-champ.{{.Release.Namespace}}:9522/services/champ-service/v1/"/> + <constructor-arg name="certPassword" value="OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10"/> + </bean> + + <bean id="dataRouterDAO" class="org.onap.crud.dao.DataRouterDAO"> + <constructor-arg name="url" value="https://data-router.{{.Release.Namespace}}:9502/services/champ-service/v1/"/> + <constructor-arg name="certPassword" value="OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10"/> + </bean> + + <!-- Synchronous Mode --> + <bean id="graphDataService" class="org.onap.crud.service.CrudGraphDataService" > + <constructor-arg name="dao" ref="champDao" /> + <constructor-arg name="daoForGet" ref="champDao" /> <!-- Using champ for both types of API for now --> + </bean> + + <bean id="crudRestService" class="org.onap.crud.service.CrudRestService" init-method="startup" > + <constructor-arg name="graphDataService" ref="graphDataService" /> + </bean> + +</beans> diff --git a/charts/aai-gizmo/resources/config/edgeprops-ingest.properties b/charts/aai-gizmo/resources/config/edgeprops-ingest.properties new file mode 100644 index 0000000..fbefd30 --- /dev/null +++ b/charts/aai-gizmo/resources/config/edgeprops-ingest.properties @@ -0,0 +1,3 @@ +# DB Edge Property files are copied here: +edgePropsDir=/opt/app/crud-service/config/model + diff --git a/charts/aai-gizmo/resources/config/log/filebeat/filebeat.yml b/charts/aai-gizmo/resources/config/log/filebeat/filebeat.yml new file mode 100644 index 0000000..d7f0b0a --- /dev/null +++ b/charts/aai-gizmo/resources/config/log/filebeat/filebeat.yml @@ -0,0 +1,55 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["logstash.{{ .Release.Name }}-log:5044"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase diff --git a/charts/aai-gizmo/resources/config/log/logback.xml b/charts/aai-gizmo/resources/config/log/logback.xml new file mode 100644 index 0000000..c6bcf57 --- /dev/null +++ b/charts/aai-gizmo/resources/config/log/logback.xml @@ -0,0 +1,196 @@ +<!-- +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--> + + +<configuration scan="true" scanPeriod="3 seconds" debug="false"> + <!--<jmxConfigurator /> --> + <!-- directory path for all other type logs --> + + <property name="logDir" value="/var/log/onap" /> + + + <!-- specify the component name + <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" --> + <property name="componentName" value="AAI-CRUD" /> + + <!-- default eelf log file names --> + <property name="generalLogName" value="error" /> + <property name="metricsLogName" value="metrics" /> + <property name="auditLogName" value="audit" /> + <property name="debugLogName" value="debug" /> + + <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|GIZMO|%mdc{PartnerName}|%logger||%.-5level|%msg%n" /> + <property name="auditMetricPattern" value="%m%n" /> + + <property name="logDirectory" value="${logDir}/${componentName}" /> + + <!-- Example evaluator filter applied against console appender --> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + + <!-- ============================================================================ --> + <!-- EELF Appenders --> + <!-- ============================================================================ --> + + <!-- The EELFAppender is used to record events to the general application + log --> + + <appender name="EELF" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${generalLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender"> + <!-- deny all events with a level below INFO, that is TRACE and DEBUG --> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>INFO</level> + </filter> + <queueSize>256</queueSize> + <appender-ref ref="EELF" /> + </appender> + + + <!-- EELF Audit Appender. This appender is used to record audit engine + related logging events. The audit logger and appender are specializations + of the EELF application root logger and appender. This can be used to segregate + Policy engine events from other components, or it can be eliminated to record + these events as part of the application root log. --> + + <appender name="EELFAudit" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${auditLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${auditMetricPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFAudit" /> + </appender> + + <appender name="EELFMetrics" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${metricsLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - + %msg%n"</pattern> --> + <pattern>${auditMetricPattern}</pattern> + </encoder> + </appender> + + + <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFMetrics"/> + </appender> + + <appender name="EELFDebug" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${debugLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFDebug" /> + <includeCallerData>false</includeCallerData> + </appender> + + + <!-- ============================================================================ --> + <!-- EELF loggers --> + <!-- ============================================================================ --> + <logger name="com.att.eelf" level="info" additivity="false"> + <appender-ref ref="asyncEELF" /> + <appender-ref ref="asyncEELFDebug" /> + </logger> + + <logger name="com.att.eelf.audit" level="info" additivity="false"> + <appender-ref ref="asyncEELFAudit" /> + </logger> + <logger name="com.att.eelf.metrics" level="info" additivity="false"> + <appender-ref ref="asyncEELFMetrics" /> + </logger> + + <!-- Spring related loggers --> + <logger name="org.springframework" level="WARN" /> + <logger name="org.springframework.beans" level="WARN" /> + <logger name="org.springframework.web" level="WARN" /> + <logger name="com.blog.spring.jms" level="WARN" /> + + <!-- ARMAdapter Service loggers --> + <logger name="com.amdocs.aai.armadapter" level="INFO" /> + + <!-- Other Loggers that may help troubleshoot --> + <logger name="net.sf" level="WARN" /> + <logger name="org.apache" level="WARN" /> + <logger name="org.apache.commons.httpclient" level="WARN" /> + <logger name="org.apache.commons" level="WARN" /> + <logger name="org.apache.coyote" level="WARN" /> + <logger name="org.apache.jasper" level="WARN" /> + + <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. + May aid in troubleshooting) --> + <logger name="org.apache.camel" level="WARN" /> + <logger name="org.apache.cxf" level="WARN" /> + <logger name="org.apache.camel.processor.interceptor" level="WARN" /> + <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" /> + <logger name="org.apache.cxf.service" level="WARN" /> + <logger name="org.restlet" level="WARN" /> + <logger name="org.apache.camel.component.restlet" level="WARN" /> + + + <!-- logback internals logging --> + <logger name="ch.qos.logback.classic" level="WARN" /> + <logger name="ch.qos.logback.core" level="WARN" /> + + <root> + <appender-ref ref="asyncEELF" /> + <!-- <appender-ref ref="asyncEELFDebug" /> --> + </root> + +</configuration> diff --git a/charts/aai-gizmo/resources/config/model/edge_properties_v10.json b/charts/aai-gizmo/resources/config/model/edge_properties_v10.json new file mode 100644 index 0000000..7cbddae --- /dev/null +++ b/charts/aai-gizmo/resources/config/model/edge_properties_v10.json @@ -0,0 +1,10 @@ +{ + "isParent":"java.lang.Boolean", + "isParent-REV":"java.lang.Boolean", + "usesResource":"java.lang.Boolean", + "usesResource-REV":"java.lang.Boolean", + "SVC-INFRA":"java.lang.Boolean", + "SVC-INFRA-REV":"java.lang.Boolean", + "hasDelTarget":"java.lang.Boolean", + "hasDelTarget-REV":"java.lang.Boolean" +} diff --git a/charts/aai-gizmo/resources/config/model/edge_properties_v11.json b/charts/aai-gizmo/resources/config/model/edge_properties_v11.json new file mode 100644 index 0000000..09e19b0 --- /dev/null +++ b/charts/aai-gizmo/resources/config/model/edge_properties_v11.json @@ -0,0 +1,6 @@ +{
+ "contains-other-v": "java.lang.String",
+ "delete-other-v": "java.lang.String",
+ "SVC-INFRA": "java.lang.String",
+ "prevent-delete": "java.lang.String"
+}
\ No newline at end of file diff --git a/charts/aai-gizmo/resources/config/model/edge_properties_v12.json b/charts/aai-gizmo/resources/config/model/edge_properties_v12.json new file mode 100644 index 0000000..09e19b0 --- /dev/null +++ b/charts/aai-gizmo/resources/config/model/edge_properties_v12.json @@ -0,0 +1,6 @@ +{
+ "contains-other-v": "java.lang.String",
+ "delete-other-v": "java.lang.String",
+ "SVC-INFRA": "java.lang.String",
+ "prevent-delete": "java.lang.String"
+}
\ No newline at end of file diff --git a/charts/aai-gizmo/resources/config/model/edge_properties_v13.json b/charts/aai-gizmo/resources/config/model/edge_properties_v13.json new file mode 100644 index 0000000..09e19b0 --- /dev/null +++ b/charts/aai-gizmo/resources/config/model/edge_properties_v13.json @@ -0,0 +1,6 @@ +{
+ "contains-other-v": "java.lang.String",
+ "delete-other-v": "java.lang.String",
+ "SVC-INFRA": "java.lang.String",
+ "prevent-delete": "java.lang.String"
+}
\ No newline at end of file diff --git a/charts/aai-gizmo/resources/config/model/edge_properties_v14.json b/charts/aai-gizmo/resources/config/model/edge_properties_v14.json new file mode 100644 index 0000000..8d00636 --- /dev/null +++ b/charts/aai-gizmo/resources/config/model/edge_properties_v14.json @@ -0,0 +1,6 @@ +{ + "contains-other-v": "java.lang.String", + "delete-other-v": "java.lang.String", + "SVC-INFRA": "java.lang.String", + "prevent-delete": "java.lang.String" +}
\ No newline at end of file diff --git a/charts/aai-gizmo/resources/config/model/edge_properties_v15.json b/charts/aai-gizmo/resources/config/model/edge_properties_v15.json new file mode 100644 index 0000000..8d00636 --- /dev/null +++ b/charts/aai-gizmo/resources/config/model/edge_properties_v15.json @@ -0,0 +1,6 @@ +{ + "contains-other-v": "java.lang.String", + "delete-other-v": "java.lang.String", + "SVC-INFRA": "java.lang.String", + "prevent-delete": "java.lang.String" +}
\ No newline at end of file diff --git a/charts/aai-gizmo/resources/config/model/edge_properties_v7.json b/charts/aai-gizmo/resources/config/model/edge_properties_v7.json new file mode 100644 index 0000000..7cbddae --- /dev/null +++ b/charts/aai-gizmo/resources/config/model/edge_properties_v7.json @@ -0,0 +1,10 @@ +{ + "isParent":"java.lang.Boolean", + "isParent-REV":"java.lang.Boolean", + "usesResource":"java.lang.Boolean", + "usesResource-REV":"java.lang.Boolean", + "SVC-INFRA":"java.lang.Boolean", + "SVC-INFRA-REV":"java.lang.Boolean", + "hasDelTarget":"java.lang.Boolean", + "hasDelTarget-REV":"java.lang.Boolean" +} diff --git a/charts/aai-gizmo/resources/config/model/edge_properties_v8.json b/charts/aai-gizmo/resources/config/model/edge_properties_v8.json new file mode 100644 index 0000000..7cbddae --- /dev/null +++ b/charts/aai-gizmo/resources/config/model/edge_properties_v8.json @@ -0,0 +1,10 @@ +{ + "isParent":"java.lang.Boolean", + "isParent-REV":"java.lang.Boolean", + "usesResource":"java.lang.Boolean", + "usesResource-REV":"java.lang.Boolean", + "SVC-INFRA":"java.lang.Boolean", + "SVC-INFRA-REV":"java.lang.Boolean", + "hasDelTarget":"java.lang.Boolean", + "hasDelTarget-REV":"java.lang.Boolean" +} diff --git a/charts/aai-gizmo/resources/config/model/edge_properties_v9.json b/charts/aai-gizmo/resources/config/model/edge_properties_v9.json new file mode 100644 index 0000000..7cbddae --- /dev/null +++ b/charts/aai-gizmo/resources/config/model/edge_properties_v9.json @@ -0,0 +1,10 @@ +{ + "isParent":"java.lang.Boolean", + "isParent-REV":"java.lang.Boolean", + "usesResource":"java.lang.Boolean", + "usesResource-REV":"java.lang.Boolean", + "SVC-INFRA":"java.lang.Boolean", + "SVC-INFRA-REV":"java.lang.Boolean", + "hasDelTarget":"java.lang.Boolean", + "hasDelTarget-REV":"java.lang.Boolean" +} diff --git a/charts/aai-gizmo/resources/config/schema-ingest.properties b/charts/aai-gizmo/resources/config/schema-ingest.properties new file mode 100644 index 0000000..647d4d9 --- /dev/null +++ b/charts/aai-gizmo/resources/config/schema-ingest.properties @@ -0,0 +1,45 @@ +############################################################################### +# Schema Version Related Attributes +############################################################################### +schema.uri.base.path=/aai +# Lists all of the versions in the schema +schema.version.list=v10,v11,v12,v13,v14,v15 +# Specifies from which version should the depth parameter to default to zero +schema.version.depth.start=v10 +# Specifies from which version should the related link be displayed in response payload +schema.version.related.link.start=v10 +# Specifies from which version should the client see only the uri excluding host info +# Before this version server base will also be included +schema.version.app.root.start=v11 +# Specifies from which version should the namespace be changed +schema.version.namespace.change.start=v11 +# Specifies from which version should the client start seeing the edge label in payload +schema.version.edge.label.start=v12 +# Specifies the version that the application should default to +schema.version.api.default=v15 + +############################################################################### +# Schema Location Related Attributes +############################################################################### +# Schema Location Related Attributes +schema.configuration.location=NA +schema.nodes.location=/opt/app/crud-api/bundleconfig/etc/onap/oxm +schema.edges.location=/opt/app/crud-api/bundleconfig/etc/onap/dbedgerules + +############################################################################### +# Schema Service Related Attributes +############################################################################### +# Specifies whether to use the schema service or local schema files +schema.translator.list=config + +schema.service.base.url=https://<host>:8452/aai/schema-service/v1/ +schema.service.nodes.endpoint=nodes?version= +schema.service.edges.endpoint=edgerules?version= +schema.service.versions.endpoint=versions + +#Default rest client is the two-way-ssl +schema.service.client=two-way-ssl +#Replace the below with the A&AI client key store +schema.service.ssl.key-store=${CONFIG_HOME}/auth/client-cert.p12 +#Replace the below with the A&AI tomcat trust store +schema.service.ssl.trust-store=${CONFIG_HOME}/auth/tomcat_keystore
\ No newline at end of file diff --git a/charts/aai-gizmo/resources/fproxy/config/fproxy.properties b/charts/aai-gizmo/resources/fproxy/config/fproxy.properties new file mode 100644 index 0000000..f512fb7 --- /dev/null +++ b/charts/aai-gizmo/resources/fproxy/config/fproxy.properties @@ -0,0 +1,2 @@ +credential.cache.timeout.ms=180000 +transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/charts/aai-gizmo/resources/fproxy/config/logback-spring.xml b/charts/aai-gizmo/resources/fproxy/config/logback-spring.xml new file mode 100644 index 0000000..2e62379 --- /dev/null +++ b/charts/aai-gizmo/resources/fproxy/config/logback-spring.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + + <property name="LOGS" value="./logs/AAF-FPS" /> + <property name="FILEPREFIX" value="application" /> + + <appender name="Console" + class="ch.qos.logback.core.ConsoleAppender"> + <layout class="ch.qos.logback.classic.PatternLayout"> + <Pattern> + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + </Pattern> + </layout> + </appender> + + <appender name="RollingFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOGS}/${FILEPREFIX}.log</file> + <encoder + class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> + </encoder> + + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <!-- rollover daily and when the file reaches 10 MegaBytes --> + <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + </fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>10MB</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + </rollingPolicy> + </appender> + + <!-- LOG everything at INFO level --> + <root level="info"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </root> + + <!-- LOG "org.onap.aaf.fproxy*" at INFO level --> + <logger name="org.onap.aaf.fproxy" level="info" /> + +</configuration>
\ No newline at end of file diff --git a/charts/aai-gizmo/resources/fproxy/config/readme.txt b/charts/aai-gizmo/resources/fproxy/config/readme.txt new file mode 100644 index 0000000..79cf29e --- /dev/null +++ b/charts/aai-gizmo/resources/fproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json b/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json new file mode 100644 index 0000000..54d5de2 --- /dev/null +++ b/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json @@ -0,0 +1,99 @@ +[ + { + "uri": "\/not\/allowed\/at\/all$", + "permissions": [ + "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt" + ] + }, + { + "uri": "\/one\/auth\/required$", + "permissions": [ + "test.auth.access.aSimpleSingleAuth" + ] + }, + { + "uri": "\/multi\/auth\/required$", + "permissions": [ + "test.auth.access.aMultipleAuth1", + "test.auth.access.aMultipleAuth2", + "test.auth.access.aMultipleAuth3" + ] + }, + { + "uri": "\/one\/[^\/]+\/required$", + "permissions": [ + "test.auth.access.aSimpleSingleAuth" + ] + }, + { + "uri": "\/services\/getAAFRequest$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/admin\/getAAFRequest$", + "permissions": [ + "test.auth.access|admin|GET,PUT,POST" + ] + }, + { + "uri": "\/service\/aai\/webapp\/index.html$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/services\/aai\/webapp\/index.html$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/$", + "permissions": [ + "\\|services\\|GET", + "test\\.auth\\.access\\|services\\|GET,PUT" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$", + "permissions": [ + "test\\.auth\\.access\\|rest\\|read" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*", + "permissions": [ + "test.auth.access|clouds|read", + "test.auth.access|tenants|read" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$", + "permissions": [ + "test.auth.access|clouds|read", + "test.auth.access|tenants|read", + "test.auth.access|vservers|read" + ] + }, + { + "uri": "\/backend$", + "permissions": [ + "test\\.auth\\.access\\|services\\|GET,PUT", + "\\|services\\|GET" + ] + }, + { + "uri": "\/services\/inventory\/.*", + "permissions": [ + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] + }, + { + "uri": "\/services\/gizmo\/.*", + "permissions": [ + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] + } +] diff --git a/charts/aai-gizmo/resources/rproxy/config/cadi.properties b/charts/aai-gizmo/resources/rproxy/config/cadi.properties new file mode 100644 index 0000000..51ac56a --- /dev/null +++ b/charts/aai-gizmo/resources/rproxy/config/cadi.properties @@ -0,0 +1,39 @@ +# This is a normal Java Properties File +# Comments are with Pound Signs at beginning of lines, +# and multi-line expression of properties can be obtained by backslash at end of line + +#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below +#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name +#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com +#to your hosts file on your machine. +#hostname=test.aic.cip.att.com + +cadi_loglevel=DEBUG + +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +# Locate URL (which AAF Env) +aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 + +# AAF URL +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 + +cadi_keyfile=/opt/app/rproxy/config/security/keyfile +cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12 +cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV +cadi_alias=aai@aai.onap.org +cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore +cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +aaf_env=DEV + +aaf_id=demo@people.osaaf.org +aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz + +# This is a colon separated list of client cert issuers +cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
\ No newline at end of file diff --git a/charts/aai-gizmo/resources/rproxy/config/forward-proxy.properties b/charts/aai-gizmo/resources/rproxy/config/forward-proxy.properties new file mode 100644 index 0000000..1b58d42 --- /dev/null +++ b/charts/aai-gizmo/resources/rproxy/config/forward-proxy.properties @@ -0,0 +1,4 @@ +forward-proxy.protocol = https +forward-proxy.host = localhost +forward-proxy.port = 10680 +forward-proxy.cacheurl = /credential-cache
\ No newline at end of file diff --git a/charts/aai-gizmo/resources/rproxy/config/logback-spring.xml b/charts/aai-gizmo/resources/rproxy/config/logback-spring.xml new file mode 100644 index 0000000..7659e28 --- /dev/null +++ b/charts/aai-gizmo/resources/rproxy/config/logback-spring.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + + <property name="LOGS" value="./logs/reverse-proxy" /> + <property name="FILEPREFIX" value="application" /> + + <appender name="Console" + class="ch.qos.logback.core.ConsoleAppender"> + <layout class="ch.qos.logback.classic.PatternLayout"> + <Pattern> + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + </Pattern> + </layout> + </appender> + + <appender name="RollingFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOGS}/${FILEPREFIX}.log</file> + <encoder + class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> + </encoder> + + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <!-- rollover daily and when the file reaches 10 MegaBytes --> + <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + </fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>10MB</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + </rollingPolicy> + </appender> + + <!-- LOG everything at INFO level --> + <root level="info"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </root> + + <!-- LOG "org.onap.aaf.rproxy*" at INFO level --> + <logger name="org.onap.aaf.rproxy" level="info" /> + +</configuration> diff --git a/charts/aai-gizmo/resources/rproxy/config/primary-service.properties b/charts/aai-gizmo/resources/rproxy/config/primary-service.properties new file mode 100644 index 0000000..8ab780e --- /dev/null +++ b/charts/aai-gizmo/resources/rproxy/config/primary-service.properties @@ -0,0 +1,3 @@ +primary-service.protocol = https +primary-service.host = localhost +primary-service.port = 9520 diff --git a/charts/aai-gizmo/resources/rproxy/config/readme.txt b/charts/aai-gizmo/resources/rproxy/config/readme.txt new file mode 100644 index 0000000..79cf29e --- /dev/null +++ b/charts/aai-gizmo/resources/rproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/charts/aai-gizmo/resources/rproxy/config/reverse-proxy.properties b/charts/aai-gizmo/resources/rproxy/config/reverse-proxy.properties new file mode 100644 index 0000000..8d46e1f --- /dev/null +++ b/charts/aai-gizmo/resources/rproxy/config/reverse-proxy.properties @@ -0,0 +1 @@ +transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/charts/aai-gizmo/templates/NOTES.txt b/charts/aai-gizmo/templates/NOTES.txt new file mode 100644 index 0000000..0def4ed --- /dev/null +++ b/charts/aai-gizmo/templates/NOTES.txt @@ -0,0 +1,33 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/charts/aai-gizmo/templates/configmap.yaml b/charts/aai-gizmo/templates/configmap.yaml new file mode 100644 index 0000000..2a4a1b5 --- /dev/null +++ b/charts/aai-gizmo/templates/configmap.yaml @@ -0,0 +1,110 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-model-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/model/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-filebeat-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-log-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-log-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} +{{ end }} + diff --git a/charts/aai-gizmo/templates/deployment.yaml b/charts/aai-gizmo/templates/deployment.yaml new file mode 100644 index 0000000..0f491d8 --- /dev/null +++ b/charts/aai-gizmo/templates/deployment.yaml @@ -0,0 +1,271 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + {{ if .Values.global.installSidecarSecurity }} + initContainers: + - name: {{ .Values.global.tproxyConfig.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + privileged: true + {{ end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: CONFIG_HOME + value: /opt/app/crud-service/config/ + - name: KEY_STORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }}-pass + key: KEY_STORE_PASSWORD + - name: KEY_MANAGER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }}-pass + key: KEY_MANAGER_PASSWORD + - name: SERVICE_BEANS + value: /opt/app/crud-service/dynamic/conf + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/crud-service/config/crud-api.properties + subPath: crud-api.properties + name: {{ include "common.fullname" . }}-config + - mountPath: /opt/app/crud-service/config/schema-ingest.properties + subPath: schema-ingest.properties + name: {{ include "common.fullname" . }}-config + - mountPath: /opt/app/crud-service/config/edgeprops-ingest.properties + subPath: edgeprops-ingest.properties + name: {{ include "common.fullname" . }}-config + - mountPath: /opt/app/crud-service/config/model/ + name: {{ include "common.fullname" . }}-model-config + - mountPath: /opt/app/crud-service/config/auth + name: {{ include "common.fullname" . }}-auth-secret + - mountPath: /opt/app/crud-service/dynamic/conf/crud-beans.xml + name: {{ include "common.fullname" . }}-config + subPath: crud-beans.xml + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/crud-api/bundleconfig/etc/logback.xml + name: {{ include "common.fullname" . }}-logback-config + subPath: logback.xml + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + name: filebeat-conf + subPath: filebeat.yml + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: {{ include "common.fullname" . }}-data-filebeat + + {{ if .Values.global.installSidecarSecurity }} + - name: {{ .Values.global.rproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/rproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.rproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/forward-proxy.properties + subPath: forward-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/primary-service.properties + subPath: primary-service.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/reverse-proxy.properties + subPath: reverse-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/cadi.properties + subPath: cadi.properties + - name: {{ include "common.fullname" . }}-rproxy-log-config + mountPath: /opt/app/rproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + mountPath: /opt/app/rproxy/config/auth/uri-authorization.json + subPath: uri-authorization.json + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 + subPath: org.onap.aai.p12 + - name: {{ include "common.fullname" . }}-rproxy-security-config + mountPath: /opt/app/rproxy/config/security/keyfile + subPath: keyfile + + ports: + - containerPort: {{ .Values.global.rproxy.port }} + + - name: {{ .Values.global.fproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/fproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: TRUST_STORE_PASSWORD + value: {{ .Values.config.trustStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.fproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-fproxy-config + mountPath: /opt/app/fproxy/config/fproxy.properties + subPath: fproxy.properties + - name: {{ include "common.fullname" . }}-fproxy-log-config + mountPath: /opt/app/fproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/fproxy_truststore + subPath: fproxy_truststore + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + ports: + - containerPort: {{ .Values.global.fproxy.port }} + {{ end }} + + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: filebeat-conf + configMap: + name: {{ include "common.fullname" . }}-filebeat-configmap + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-auth-secret + secret: + secretName: {{ include "common.fullname" . }}-auth + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + items: + - key: crud-api.properties + path: crud-api.properties + - key: schema-ingest.properties + path: schema-ingest.properties + - key: edgeprops-ingest.properties + path: edgeprops-ingest.properties + - key: crud-beans.xml + path: crud-beans.xml + - name: {{ include "common.fullname" . }}-logback-config + configMap: + name: {{ include "common.fullname" . }}-log-configmap + items: + - key: logback.xml + path: logback.xml + - name: {{ include "common.fullname" . }}-model-config + configMap: + name: {{ include "common.fullname" . }}-model-configmap + {{ if .Values.global.installSidecarSecurity }} + - name: {{ include "common.fullname" . }}-rproxy-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-config + - name: {{ include "common.fullname" . }}-rproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-log-config + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + secret: + secretName: aai-rproxy-auth-certs + - name: {{ include "common.fullname" . }}-rproxy-security-config + secret: + secretName: aai-rproxy-security-config + - name: {{ include "common.fullname" . }}-fproxy-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-config + - name: {{ include "common.fullname" . }}-fproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-log-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + secret: + secretName: aai-fproxy-auth-certs + {{ end }} + + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/charts/aai-gizmo/templates/secrets.yaml b/charts/aai-gizmo/templates/secrets.yaml new file mode 100644 index 0000000..96c3424 --- /dev/null +++ b/charts/aai-gizmo/templates/secrets.yaml @@ -0,0 +1,54 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-auth + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ (.Files.Glob "resources/config/auth/*").AsSecrets | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-pass + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }} + KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-rproxy-auth-config + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} +{{ end }} diff --git a/charts/aai-gizmo/templates/service.yaml b/charts/aai-gizmo/templates/service.yaml new file mode 100644 index 0000000..a584800 --- /dev/null +++ b/charts/aai-gizmo/templates/service.yaml @@ -0,0 +1,54 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: +spec: + type: {{ .Values.service.type }} + ports: + {{ if .Values.global.installSidecarSecurity }} + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + targetPort: {{ .Values.global.rproxy.port }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.global.rproxy.port }} + name: {{ .Values.service.portName }} + {{- end}} + {{ else }} + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + {{ end }} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} diff --git a/charts/aai-gizmo/values.yaml b/charts/aai-gizmo/values.yaml new file mode 100644 index 0000000..9fbe852 --- /dev/null +++ b/charts/aai-gizmo/values.yaml @@ -0,0 +1,81 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +global: + nodePortPrefix: 302 + loggingImage: beats/filebeat:5.5.0 + +################################################################# +# Application configuration defaults. +################################################################# + +# application image +image: onap/gizmo:1.4-STAGING-latest +flavor: small +# application configuration +config: + keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + timeoutSeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 60 + timeoutSeconds: 10 + periodSeconds: 10 + +service: + type: NodePort + name: aai-crud-service + portName: aai-crud-service + internalPort: 9520 + externalPort: 9520 + nodePort: 68 + +ingress: + enabled: false + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.5 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 1 + memory: 1536Mi + unlimited: {} diff --git a/charts/aai-graphadmin/.helmignore b/charts/aai-graphadmin/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/charts/aai-graphadmin/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/aai-graphadmin/Chart.yaml b/charts/aai-graphadmin/Chart.yaml new file mode 100644 index 0000000..7772ab0 --- /dev/null +++ b/charts/aai-graphadmin/Chart.yaml @@ -0,0 +1,23 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP AAI GraphAdmin +name: aai-graphadmin +version: 4.0.0 diff --git a/charts/aai-graphadmin/resources/config/aaiconfig.properties b/charts/aai-graphadmin/resources/config/aaiconfig.properties new file mode 100644 index 0000000..0aeb2d1 --- /dev/null +++ b/charts/aai-graphadmin/resources/config/aaiconfig.properties @@ -0,0 +1,123 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +aai.config.checktime=1000 + +# this could come from siteconfig.pl? +aai.config.nodename=AutomaticallyOverwritten + +aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/ +aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/ +aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/ + +{{ if .Values.global.config.basic.auth.enabled }} +aai.tools.enableBasicAuth=true +aai.tools.username={{ .Values.global.config.basic.auth.username }} +aai.tools.password={{ .Values.global.config.basic.auth.passwd }} +{{ end }} + +aai.truststore.filename={{ .Values.global.config.truststore.filename }} +aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }} +aai.keystore.filename={{ .Values.global.config.keystore.filename }} +aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }} + +aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} +aai.notificationEvent.default.status=UNPROCESSED +aai.notificationEvent.default.eventType={{ .Values.global.config.notification.eventType }} +aai.notificationEvent.default.domain={{ .Values.global.config.notification.domain }} +aai.notificationEvent.default.sourceName=aai +aai.notificationEvent.default.sequenceNumber=0 +aai.notificationEvent.default.severity=NORMAL +aai.notificationEvent.default.version={{ .Values.global.config.schema.version.api.default }} +# This one lets us enable/disable resource-version checking on updates/deletes +aai.resourceversion.enableflag=true +aai.logging.maxStackTraceEntries=10 +aai.default.api.version={{ .Values.global.config.schema.version.api.default }} + +# Used by Data Grooming +aai.grooming.default.max.fix={{ .Values.config.maxFix.dataGrooming | int }} +aai.grooming.default.sleep.minutes={{ .Values.config.sleepMinutes.dataGrooming | int }} + +# Used by DupeTool +aai.dupeTool.default.max.fix={{ .Values.config.maxFix.dupeTool | int }} +aai.dupeTool.default.sleep.minutes={{ .Values.config.sleepMinutes.dupeTool | int }} + + +aai.model.proc.max.levels=50 +aai.edgeTag.proc.max.levels=50 + +# Used by the ForceDelete tool +aai.forceDel.protected.nt.list=cloud-region +aai.forceDel.protected.edge.count=10 +aai.forceDel.protected.descendant.count=10 + +#used by the dataGrooming and dataSnapshot cleanup tasks +aai.cron.enable.datagroomingcleanup={{ .Values.config.cron.dataCleanup.dataGrooming.enabled }} +aai.cron.enable.datasnapshotcleanup={{ .Values.config.cron.dataCleanup.dataSnapshot.enabled }} +aai.datagrooming.agezip={{ .Values.config.cron.dataCleanup.dataGrooming.ageZip | int }} +aai.datagrooming.agedelete={{ .Values.config.cron.dataCleanup.dataGrooming.ageDelete | int }} + +aai.datasnapshot.agezip={{ .Values.config.cron.dataCleanup.dataSnapshot.ageZip | int }} +aai.datasnapshot.agedelete={{ .Values.config.cron.dataCleanup.dataSnapshot.ageDelete | int }} + +#used by the dataSnapshot and dataGrooming tasks +aai.cron.enable.dataSnapshot={{ .Values.config.cron.dataSnapshot.enabled }} + +aai.cron.enable.dataGrooming={{ .Values.config.cron.dataGrooming.enabled }} + +#used by the dataGrooming tasks +aai.datagrooming.enableautofix=true +aai.datagrooming.enabledupefixon=true +aai.datagrooming.enabledontfixorphans=true +aai.datagrooming.enabletimewindowminutes=true +aai.datagrooming.enableskiphostcheck=false +aai.datagrooming.enablesleepminutes=false +aai.datagrooming.enableedgesonly=false +aai.datagrooming.enableskipedgechecks=false +aai.datagrooming.enablemaxfix=false +aai.datagrooming.enablesinglecommits=false +aai.datagrooming.enabledupecheckoff=false +aai.datagrooming.enableghost2checkoff=false +aai.datagrooming.enableghost2fixon=false +aai.datagrooming.enablef=false + +# used by the dataGrooming to set values +aai.datagrooming.timewindowminutesvalue=10500 +aai.datagrooming.sleepminutesvalue=100 +aai.datagrooming.maxfixvalue=10 +aai.datagrooming.fvalue=10 + +#timeout for traversal enabled flag +aai.graphadmin.timeoutenabled={{ .Values.config.timeout.enabled }} +#default timeout limit added for graphadmin if not overridden (in ms) +aai.graphadmin.timeoutlimit={{ .Values.config.timeout.limit }} + +#timeout app specific -1 to bypass for that app id, a whole number to override the timeout with that value (in ms) +aai.graphadmin.timeout.appspecific={{ .Values.global.config.realtime.clients }} + +# Disable the process check which are oriented towards linux OS +# These props should only be true for local on windows +aai.disable.check.snapshot.running=false +aai.disable.check.grooming.running=false + +# Specify the params listed right here that you would have send to the dataSnapshot shell script +# JUST_TAKE_SNAPSHOT +# THREADED_SNAPSHOT 2 DEBUG +# THREADED_SNAPSHOT 2 +aai.datasnapshot.params={{ .Values.config.cron.dataSnapshot.params }} diff --git a/charts/aai-graphadmin/resources/config/application.properties b/charts/aai-graphadmin/resources/config/application.properties new file mode 100644 index 0000000..c23c5fa --- /dev/null +++ b/charts/aai-graphadmin/resources/config/application.properties @@ -0,0 +1,99 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +# The following info parameters are being referenced by ajsc6 +info.build.artifact=aai-graphadmin +info.build.name=resources +info.build.description=Resources Microservice +info.build.version=1.2.0 + +spring.application.name=aai-graphadmin +spring.jersey.type=filter + +server.contextPath=/ +spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration + +spring.profiles.active={{ .Values.global.config.profiles.active }} +spring.jersey.application-path=${schema.uri.base.path} +#The max number of active threads in this pool +server.tomcat.max-threads=200 +#The minimum number of threads always kept alive +server.tomcat.min-Spare-Threads=25 +#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads +server.tomcat.max-idle-time=60000 + +# If you get an application startup failure that the port is already taken +# If thats not it, please check if the key-store file path makes sense +server.local.startpath=aai-graphadmin/src/main/resources/ +server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties + +server.port=8449 +server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 +server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} +server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) +server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} +server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +server.ssl.client-auth=want +server.ssl.key-store-type=JKS + +# JMS bind address host port +jms.bind.address=tcp://localhost:61649 +dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905 +dmaap.ribbon.transportType=https + +# Schema related attributes for the oxm and edges +# Any additional schema related attributes should start with prefix schema +schema.configuration.location=N/A +schema.source.name={{ .Values.global.config.schema.source.name }} +schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/ +schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/ + +schema.ingest.file=${server.local.startpath}/application.properties + +# Schema Version Related Attributes + +schema.uri.base.path={{ .Values.global.config.schema.uri.base.path }} +# Lists all of the versions in the schema +schema.version.list={{ .Values.global.config.schema.version.list }} +# Specifies from which version should the depth parameter to default to zero +schema.version.depth.start={{ .Values.global.config.schema.version.depth }} +# Specifies from which version should the related link be displayed in response payload +schema.version.related.link.start={{ .Values.global.config.schema.version.related.link }} + +# Specifies from which version should the client see only the uri excluding host info +# Before this version server base will also be included +schema.version.app.root.start={{ .Values.global.config.schema.version.app.root }} +# Specifies from which version should the namespace be changed +schema.version.namespace.change.start={{ .Values.global.config.schema.version.namespace.change }} +# Specifies from which version should the client start seeing the edge label in payload +schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.label }} +# Specifies the version that the application should default to +schema.version.api.default={{ .Values.global.config.schema.version.api.default }} + +schema.translator.list={{ .Values.global.config.schema.translator.list }} +schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ +schema.service.nodes.endpoint=nodes?version= +schema.service.edges.endpoint=edgerules?version= +schema.service.versions.endpoint=versions +schema.service.client={{ .Values.global.config.schema.service.client }} + +schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} +schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} +schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) +schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) diff --git a/charts/aai-graphadmin/resources/config/janusgraph-cached.properties b/charts/aai-graphadmin/resources/config/janusgraph-cached.properties new file mode 100644 index 0000000..82e7ea9 --- /dev/null +++ b/charts/aai-graphadmin/resources/config/janusgraph-cached.properties @@ -0,0 +1,96 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +query.fast-property=true +query.smart-limit=false + +{{ if .Values.global.config.cluster.cassandra.dynamic }} + +storage.backend=cassandra +storage.hostname={{.Values.global.cassandra.serviceName}} + +storage.cassandra.keyspace=aaigraph + +storage.cassandra.read-consistency-level=LOCAL_QUORUM +storage.cassandra.write-consistency-level=LOCAL_QUORUM +storage.cassandra.replication-factor={{.Values.global.cassandra.replicas}} +storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy + +{{ else }} + +{{ if .Values.global.config.storage }} + +storage.backend={{ .Values.global.config.storage.backend }} + +{{ if eq .Values.global.config.storage.backend "cassandra" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cassandra.keyspace={{ .Values.global.config.storage.name }} + +storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }} +storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }} +storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }} +storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }} +storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "cql" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cql.keyspace={{ .Values.global.config.storage.name }} + +storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }} + +storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }} +storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }} +storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "hbase" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.hbase.table={{ .Values.global.config.storage.name }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ end }} + +{{ end }} + +{{ end }} + +storage.lock.wait-time=300 +#caching on +cache.db-cache = true +cache.db-cache-clean-wait = 20 +cache.db-cache-time = 180000 +cache.db-cache-size = 0.3 + +#load graphson file on startup +load.snapshot.file=false diff --git a/charts/aai-graphadmin/resources/config/janusgraph-realtime.properties b/charts/aai-graphadmin/resources/config/janusgraph-realtime.properties new file mode 100644 index 0000000..e9e9a9e --- /dev/null +++ b/charts/aai-graphadmin/resources/config/janusgraph-realtime.properties @@ -0,0 +1,89 @@ +# +# ============LICENSE_START======================================================= +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +query.fast-property=true +query.smart-limit=false + +{{ if .Values.global.config.cluster.cassandra.dynamic }} + +storage.backend=cassandra +storage.hostname={{.Values.global.cassandra.serviceName}} +storage.cassandra.keyspace=aaigraph + +storage.cassandra.read-consistency-level=LOCAL_QUORUM +storage.cassandra.write-consistency-level=LOCAL_QUORUM +storage.cassandra.replication-factor={{.Values.global.cassandra.replicas}} +storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy + +{{ else }} + +{{ if .Values.global.config.storage }} + +storage.backend={{ .Values.global.config.storage.backend }} + +{{ if eq .Values.global.config.storage.backend "cassandra" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cassandra.keyspace={{ .Values.global.config.storage.name }} + +storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }} +storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }} +storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }} +storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }} +storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "cql" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cql.keyspace={{ .Values.global.config.storage.name }} + +storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }} + +storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }} +storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }} +storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "hbase" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.hbase.table={{ .Values.global.config.storage.name }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ end }} + +{{ end }} + +{{ end }} + +storage.lock.wait-time=300 +# Setting db-cache to false ensure the fastest propagation of changes across servers +cache.db-cache = false +#load graphson file on startup +load.snapshot.file=false diff --git a/charts/aai-graphadmin/resources/config/localhost-access-logback.xml b/charts/aai-graphadmin/resources/config/localhost-access-logback.xml new file mode 100644 index 0000000..95d4123 --- /dev/null +++ b/charts/aai-graphadmin/resources/config/localhost-access-logback.xml @@ -0,0 +1,60 @@ +<!-- + + ============LICENSE_START======================================================= + org.onap.aai + ================================================================================ + Copyright © 2018 AT&T Intellectual Property. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= + +--> +<configuration> + <property name="AJSC_HOME" value="${AJSC_HOME:-.}" /> + <appender name="ACCESS" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder"> + <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern> + </encoder> + </appender> + <appender-ref ref="ACCESS" /> +</configuration> + +<!-- +%a - Remote IP address +%A - Local IP address +%b - Bytes sent, excluding HTTP headers, or '-' if no bytes were sent +%B - Bytes sent, excluding HTTP headers +%h - Remote host name +%H - Request protocol +%l - Remote logical username from identd (always returns '-') +%m - Request method +%p - Local port +%q - Query string (prepended with a '?' if it exists, otherwise an empty string +%r - First line of the request +%s - HTTP status code of the response +%S - User session ID +%t - Date and time, in Common Log Format format +%u - Remote user that was authenticated +%U - Requested URL path +%v - Local server name +%I - current request thread name (can compare later with stacktraces) + +%z - Custom pattern that parses the cert for the subject +%y - Custom pattern determines rest or dme2 + -->
\ No newline at end of file diff --git a/charts/aai-graphadmin/resources/config/logback.xml b/charts/aai-graphadmin/resources/config/logback.xml new file mode 100644 index 0000000..e5e6ab5 --- /dev/null +++ b/charts/aai-graphadmin/resources/config/logback.xml @@ -0,0 +1,614 @@ +<!-- + + ============LICENSE_START======================================================= + org.onap.aai + ================================================================================ + Copyright 2019 AT&T Intellectual Property. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= + +--> +<configuration scan="true" scanPeriod="60 seconds" debug="false"> + <statusListener class="ch.qos.logback.core.status.NopStatusListener" /> + + <property resource="application.properties" /> + + <property name="namespace" value="graph-admin"/> + + <property name="AJSC_HOME" value="${AJSC_HOME:-.}" /> + + <property name="logDirectory" value="${AJSC_HOME}/logs" /> + <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> + <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> + <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> + <!-- <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> --> + <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> + <property name="eelfTransLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{partnerName}:%m%n"/> + + <conversionRule conversionWord="clr" converterClass="org.springframework.boot.logging.logback.ColorConverter" /> + <conversionRule conversionWord="wex" converterClass="org.springframework.boot.logging.logback.WhitespaceThrowableProxyConverter" /> + <conversionRule conversionWord="wEx" converterClass="org.springframework.boot.logging.logback.ExtendedWhitespaceThrowableProxyConverter" /> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern> + %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx} + </pattern> + </encoder> + </appender> + + <appender name="SANE" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/rest/sane.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/sane.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder> + <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n + </pattern> + </encoder> + </appender> + + <appender name="asyncSANE" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="SANE" /> + </appender> + + <appender name="METRIC" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>INFO</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <file>${logDirectory}/rest/metrics.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfMetricLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncMETRIC" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="METRIC" /> + </appender> + + <appender name="DEBUG" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>DEBUG</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <file>${logDirectory}/rest/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/debug.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncDEBUG" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="DEBUG" /> + </appender> + + <appender name="ERROR" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <file>${logDirectory}/rest/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/error.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${"eelfErrorLogPattern"}</pattern> + </encoder> + </appender> + + <appender name="asyncERROR" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="ERROR" /> + </appender> + + <appender name="AUDIT" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/rest/audit.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/audit.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfAuditLogPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncAUDIT" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="AUDIT" /> + </appender> + + <appender name="translog" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>DEBUG</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <file>${logDirectory}/rest/translog.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/translog.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfTransLogPattern}</pattern> + </encoder> + </appender> + + <appender name="asynctranslog" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="translog" /> + </appender> + + <appender name="dmaapAAIEventConsumer" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <File>${logDirectory}/dmaapAAIEventConsumer/error.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${"eelfErrorLogPattern"}</pattern> + </encoder> + </appender> + + <appender name="dmaapAAIEventConsumerDebug" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>DEBUG</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <File>${logDirectory}/dmaapAAIEventConsumer/debug.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + <appender name="dmaapAAIEventConsumerMetric" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>INFO</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <File>${logDirectory}/dmaapAAIEventConsumer/metrics.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfMetricLogPattern}</pattern> + </encoder> + </appender> + <appender name="external" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <file>${logDirectory}/external/external.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/external/external.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + + <!-- DataGrooming logs started --> + <appender name="dataGrooming" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <File>${logDirectory}/dataGrooming/error.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dataGrooming/error.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfErrorLogPattern}</pattern> + </encoder> + </appender> + + <appender name="dataGroomingdebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>DEBUG</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <File>${logDirectory}/dataGrooming/debug.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dataGrooming/debug.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + + <appender name="dataGroomingmetric" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>INFO</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <File>${logDirectory}/dataGrooming/metrics.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dataGrooming/metrics.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfMetricLogPattern}</pattern> + </encoder> + </appender> + + <!-- DataGrooming logs ended --> + + <!-- DataSnapshot logs started --> + <appender name="dataSnapshot" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <File>${logDirectory}/dataSnapshot/error.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dataSnapshot/error.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfErrorLogPattern}</pattern> + </encoder> + </appender> + + <appender name="dataSnapshotdebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>DEBUG</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <File>${logDirectory}/dataSnapshot/debug.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dataSnapshot/debug.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + + <appender name="dataSnapshotmetric" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>INFO</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <File>${logDirectory}/dataSnapshot/metrics.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dataSnapshot/metrics.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfMetricLogPattern}</pattern> + </encoder> + </appender> + + <!-- DataSnapshot logs ended --> + + <!-- CreateDBSchema logs started --> + <appender name="createDBSchema" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <File>${logDirectory}/createDBSchema/error.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/createDBSchema/error.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${"eelfErrorLogPattern"}</pattern> + </encoder> + </appender> + + <appender name="createDBSchemadebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>DEBUG</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <File>${logDirectory}/createDBSchema/debug.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/createDBSchema/debug.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + + <appender name="createDBSchemametric" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>INFO</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <File>${logDirectory}/createDBSchema/metrics.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/createDBSchema/metrics.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfMetricLogPattern}</pattern> + </encoder> + </appender> + <!-- CreateDBSchema logs ended --> + + <!-- DataCleanupTasks logs started --> + <appender name="dataCleanuperror" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <File>${logDirectory}/misc/error.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/misc/error.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${"eelfErrorLogPattern"}</pattern> + </encoder> + </appender> + + <appender name="dataCleanupdebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>DEBUG</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <File>${logDirectory}/misc/debug.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/misc/debug.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + + <appender name="dataCleanupmetric" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>INFO</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <File>${logDirectory}/misc/metrics.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/misc/metrics.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfMetricLogPattern}</pattern> + </encoder> + </appender> + <!-- DataCleanupTasks logs ended --> + + <!-- pullInvData logs started --> + <appender name="pullInvData" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <File>${logDirectory}/pullInvData/error.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/pullInvData/error.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${"eelfErrorLogPattern"}</pattern> + </encoder> + </appender> + + <appender name="pullInvDatadebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>DEBUG</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <File>${logDirectory}/pullInvData/debug.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/pullInvData/debug.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + + <appender name="pullInvDatametric" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>INFO</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <File>${logDirectory}/pullInvData/metrics.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/pullInvData/metrics.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfMetricLogPattern}</pattern> + </encoder> + </appender> + <!-- pullInvData logs ended --> + <!-- DataGrooming logs started --> + <appender name="dataExportError" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <File>${logDirectory}/dataExport/error.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dataExport/error.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfErrorLogPattern}</pattern> + </encoder> + </appender> + + <appender name="dataExportDebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>DEBUG</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <File>${logDirectory}/dataExport/debug.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dataExport/debug.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + + <appender name="dataExportMetric" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>INFO</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <File>${logDirectory}/dataExport/metrics.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dataExport/metrics.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfMetricLogPattern}</pattern> + </encoder> + </appender> + + <logger name="org.onap.aai" level="DEBUG" additivity="false"> + <appender-ref ref="asyncDEBUG" /> + <appender-ref ref="asyncERROR" /> + <appender-ref ref="asyncMETRIC" /> + <appender-ref ref="asyncSANE" /> + <appender-ref ref="STDOUT"/> + </logger> + + <!-- Spring related loggers --> + <logger name="org.springframework" level="WARN" /> + <logger name="org.springframework.beans" level="WARN" /> + <logger name="org.springframework.web" level="WARN" /> + <logger name="com.blog.spring.jms" level="WARN" /> + <logger name="com.jayway.jsonpath" level="WARN" /> + + + <!-- logback internals logging --> + <logger name="ch.qos.logback.classic" level="WARN" /> + <logger name="ch.qos.logback.core" level="WARN" /> + + <logger name="org.eclipse.jetty" level="WARN" /> + + <logger name="org.onap.aai.interceptors.post" level="DEBUG" + additivity="false"> + <appender-ref ref="asynctranslog" /> + </logger> + + <logger name="org.onap.aai.interceptors.pre.SetLoggingContext" level="DEBUG"> + <appender-ref ref="asyncAUDIT"/> + </logger> + + <logger name="org.onap.aai.interceptors.post.ResetLoggingContext" level="DEBUG"> + <appender-ref ref="asyncAUDIT"/> + </logger> + + <logger name="org.onap.aai.dmaap" level="DEBUG" additivity="false"> + <appender-ref ref="dmaapAAIEventConsumer" /> + <appender-ref ref="dmaapAAIEventConsumerDebug" /> + <appender-ref ref="dmaapAAIEventConsumerMetric" /> + </logger> + + <logger name="org.onap.aai.datasnapshot" level="DEBUG" additivity="false"> + <appender-ref ref="dataSnapshot"/> + <appender-ref ref="dataSnapshotdebug"/> + <appender-ref ref="dataSnapshotmetric"/> + <appender-ref ref="STDOUT"/> + </logger> + + <logger name="org.onap.aai.datagrooming" level="DEBUG" additivity="false"> + <appender-ref ref="dataGrooming"/> + <appender-ref ref="dataGroomingdebug"/> + <appender-ref ref="dataGroomingmetric"/> + <appender-ref ref="STDOUT"/> + </logger> + + <logger name="org.onap.aai.schema" level="DEBUG" additivity="false"> + <appender-ref ref="createDBSchema"/> + <appender-ref ref="createDBSchemadebug"/> + <appender-ref ref="createDBSchemametric"/> + <appender-ref ref="STDOUT" /> + </logger> + + <logger name="org.onap.aai.dbgen" level="DEBUG" additivity="false"> + <appender-ref ref="createDBSchema"/> + <appender-ref ref="createDBSchemadebug"/> + <appender-ref ref="createDBSchemametric"/> + <appender-ref ref="STDOUT" /> + </logger> + + <logger name="org.onap.aai.dbgen.PullInvData" level="DEBUG" additivity="false"> + <appender-ref ref="pullInvData"/> + <appender-ref ref="pullInvDatadebug"/> + <appender-ref ref="pullInvDatametric"/> + </logger> + + <logger name="org.onap.aai.datacleanup" level="INFO" additivity="false"> + <appender-ref ref="dataCleanuperror" /> + <appender-ref ref="dataCleanupdebug" /> + <appender-ref ref="dataCleanupmetric" /> + <appender-ref ref="STDOUT"/> + </logger> + <logger name="org.onap.aai.dataexport" level="DEBUG" additivity="false"> + <appender-ref ref="dataExportError"/> + <appender-ref ref="dataExportDebug"/> + <appender-ref ref="dataExportMetric"/> + <appender-ref ref="STDOUT"/> + </logger> + <logger name="org.apache" level="WARN" /> + <logger name="org.zookeeper" level="WARN" /> + <logger name="com.netflix" level="WARN" /> + <logger name="org.janusgraph" level="WARN" /> + <logger name="com.att.aft.dme2" level="WARN" /> + + <!-- ============================================================================ --> + <!-- General EELF logger --> + <!-- ============================================================================ --> + <logger name="com.att.eelf" level="WARN" additivity="false"> + <appender-ref ref="asyncDEBUG" /> + <appender-ref ref="asyncERROR" /> + <appender-ref ref="asyncMETRIC" /> + </logger> + + <root level="DEBUG"> + <appender-ref ref="external" /> + {{ if .Values.global.config.logback.console.enabled }} + <appender-ref ref="STDOUT" /> + {{ end }} + </root> +</configuration> diff --git a/charts/aai-graphadmin/resources/config/migration/janusgraph-migration-cached.properties b/charts/aai-graphadmin/resources/config/migration/janusgraph-migration-cached.properties new file mode 100644 index 0000000..28e3089 --- /dev/null +++ b/charts/aai-graphadmin/resources/config/migration/janusgraph-migration-cached.properties @@ -0,0 +1,70 @@ +# +# ============LICENSE_START======================================================= +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +query.fast-property=true +query.smart-limit=false + +{{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }} + +storage.backend=cassandra + +#In case of upgrades from Casablanca provide the override aai.global.cassandra.existingInstServiceName=aai-cassandra +storage.hostname={{ .Values.global.cassandra.existingInstServiceName | default .Values.global.cassandra.serviceName }} + +storage.cassandra.keyspace=aaigraph +storage.cassandra.read-consistency-level=LOCAL_QUORUM +storage.cassandra.write-consistency-level=LOCAL_QUORUM +storage.cassandra.replication-factor=3 +storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy +{{- else }} +{{- if .Values.global.jobs.migration.remoteCassandra.storage }} +storage.backend={{ .Values.global.jobs.migration.remoteCassandra.storage.backend }} +storage.hostname={{ .Values.global.jobs.migration.remoteCassandra.storage.hostname }} +{{- if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cassandra" }} +storage.cassandra.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }} +storage.cassandra.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.readConsistency }} +storage.cassandra.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.writeConsistency }} +storage.cassandra.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.replicationFactor | int }} +storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy + +{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cql" }} +storage.cql.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }} +storage.cql.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }} +storage.cql.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }} +storage.cql.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.replicationFactor | int }} +storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localConsistencyForSysOps }} +storage.cql.cluster-name={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.clusterName }} +storage.cql.local-datacenter={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localDataCenter }} + +{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "hbase" }} +storage.hbase.table={{ .Values.global.jobs.migration.remoteCassandra.storage.name }} +{{- end }} +storage.connection-timeout={{ .Values.global.jobs.migration.remoteCassandra.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.jobs.migration.remoteCassandra.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.jobs.migration.remoteCassandra.storage.keyConsistent }} +{{- end }} +{{- end }} +storage.lock.wait-time=300 + +#caching on +cache.db-cache = true +cache.db-cache-clean-wait = 20 +cache.db-cache-time = 180000 +cache.db-cache-size = 0.3 + +#load graphson file on startup +load.snapshot.file=false diff --git a/charts/aai-graphadmin/resources/config/migration/janusgraph-migration-real.properties b/charts/aai-graphadmin/resources/config/migration/janusgraph-migration-real.properties new file mode 100644 index 0000000..4c28b20 --- /dev/null +++ b/charts/aai-graphadmin/resources/config/migration/janusgraph-migration-real.properties @@ -0,0 +1,65 @@ +# +# ============LICENSE_START======================================================= +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +query.fast-property=true +query.smart-limit=false + +{{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }} + +storage.backend=cassandra + +#In case of upgrades from Casablanca provide the override aai.global.cassandra.existingInstServiceName=aai-cassandra +storage.hostname={{ .Values.global.cassandra.existingInstServiceName | default .Values.global.cassandra.serviceName }} + +storage.cassandra.keyspace=aaigraph +storage.cassandra.read-consistency-level=LOCAL_QUORUM +storage.cassandra.write-consistency-level=LOCAL_QUORUM +storage.cassandra.replication-factor=3 +storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy +{{- else }} +{{- if .Values.global.jobs.migration.remoteCassandra.storage }} +storage.backend={{ .Values.global.jobs.migration.remoteCassandra.storage.backend }} +storage.hostname={{ .Values.global.jobs.migration.remoteCassandra.storage.hostname }} +{{- if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cassandra" }} +storage.cassandra.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }} +storage.cassandra.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.readConsistency }} +storage.cassandra.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.writeConsistency }} +storage.cassandra.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.replicationFactor | int }} +storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy + +{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cql" }} +storage.cql.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }} +storage.cql.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }} +storage.cql.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }} +storage.cql.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.replicationFactor | int }} +storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localConsistencyForSysOps }} +storage.cql.cluster-name={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.clusterName }} +storage.cql.local-datacenter={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localDataCenter }} + +{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "hbase" }} +storage.hbase.table={{ .Values.global.jobs.migration.remoteCassandra.storage.name }} +{{- end }} +storage.connection-timeout={{ .Values.global.jobs.migration.remoteCassandra.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.jobs.migration.remoteCassandra.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.jobs.migration.remoteCassandra.storage.keyConsistent }} +{{- end }} +{{- end }} +storage.lock.wait-time=300 +# Setting db-cache to false ensure the fastest propagation of changes across servers +cache.db-cache = false +#load graphson file on startup +load.snapshot.file=false diff --git a/charts/aai-graphadmin/resources/config/realm.properties b/charts/aai-graphadmin/resources/config/realm.properties new file mode 100644 index 0000000..97627ea --- /dev/null +++ b/charts/aai-graphadmin/resources/config/realm.properties @@ -0,0 +1,42 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# format : username: password[,rolename ...] +# default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader... +AAI:OBF:1gfr1ev31gg7,admin +MSO:OBF:1jzx1lz31k01,admin +SDNC:OBF:1itr1i0l1i151isv,admin +DCAE:OBF:1g8u1f9d1f991g8w,admin +POLICY:OBF:1mk61i171ima1im41i0j1mko,admin +ASDC:OBF:1f991j0u1j001f9d,admin +VID:OBF:1jm91i0v1jl9,admin +APPC:OBF:1f991ksf1ksf1f9d,admin +ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin +AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin +OOF:OBF:1img1ke71ily,admin +aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin diff --git a/charts/aai-graphadmin/templates/configmap.yaml b/charts/aai-graphadmin/templates/configmap.yaml new file mode 100644 index 0000000..bd229d3 --- /dev/null +++ b/charts/aai-graphadmin/templates/configmap.yaml @@ -0,0 +1,63 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- if .Values.global.jobs.migration.enabled }} + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation + {{- end }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }} + +{{- if .Values.global.jobs.migration.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-migration-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +data: +{{ tpl (.Files.Glob "resources/config/migration/*").AsConfig . | indent 2 }} +{{- end }} diff --git a/charts/aai-graphadmin/templates/deployment.yaml b/charts/aai-graphadmin/templates/deployment.yaml new file mode 100644 index 0000000..f768603 --- /dev/null +++ b/charts/aai-graphadmin/templates/deployment.yaml @@ -0,0 +1,186 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + spec: + hostname: aai-graphadmin + {{ if .Values.global.initContainers.enabled }} + initContainers: + - command: + {{ if .Values.global.jobs.migration.enabled }} + - /root/job_complete.py + args: + - --job-name + - {{ .Release.Name }}-aai-graphadmin-migration + {{ else if .Values.global.jobs.createSchema.enabled }} + - /root/job_complete.py + args: + - --job-name + - {{ .Release.Name }}-aai-graphadmin-create-db-schema + {{ else }} + - /root/ready.py + args: + - --container-name + {{- if .Values.global.cassandra.localCluster }} + - aai-cassandra + {{- else }} + - cassandra + {{- end }} + - --container-name + - aai-schema-service + {{ end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + {{ end }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-realtime.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-cached.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties + name: {{ include "common.fullname" . }}-config + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-RES + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/aai-graphadmin/resources/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml + name: {{ include "common.fullname" . }}-config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/realm.properties + name: {{ include "common.fullname" . }}-config + subPath: realm.properties + - mountPath: /opt/app/aai-graphadmin/resources/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }} + name: {{ include "common.fullname" $global }}-auth-truststore-sec + subPath: {{ . }} + {{ end }} + ports: + - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPort2 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: {{ include "common.fullname" . }}-filebeat + + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-auth-truststore-sec + secret: + secretName: aai-common-truststore + items: + {{ range $job := .Values.global.config.auth.files }} + - key: {{ . }} + path: {{ . }} + {{ end }} + restartPolicy: {{ .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/charts/aai-graphadmin/templates/job.yaml b/charts/aai-graphadmin/templates/job.yaml new file mode 100644 index 0000000..e5b673b --- /dev/null +++ b/charts/aai-graphadmin/templates/job.yaml @@ -0,0 +1,428 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +# In ONAP, the following job will always be run on each installation +# The following job will go through the latest oxm and +# create properties based on the data type defined in the oxm +# and create the required indexes for the appropriate properties +# This can be run multiple times as the code if the index or property already exists +# then the index or property won't be created again +# NOTE - During the execution of the createSchema job, there should +# be no other janusgraph connection to the graph as its the reason +# that resources traversal and graphadmin wait until this job is done +# If you are using an existing cassandra cluster not coming from oom +# then it is your job to ensure that there are no connections to the database + +{{- if and ( not .Values.global.jobs.migration.enabled ) ( .Values.global.jobs.createSchema.enabled ) }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-create-db-schema + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-job + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }}-job + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + spec: + initContainers: + - command: + - /root/ready.py + args: + - --container-name + {{- if .Values.global.cassandra.localCluster }} + - aai-cassandra + {{- else }} + - cassandra + {{- end }} + - --container-name + - aai-schema-service + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }}-job + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/bash + - docker-entrypoint.sh + - createDBSchema.sh + env: + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-realtime.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-cached.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties + name: {{ include "common.fullname" . }}-config + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-GA + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/aai-graphadmin/resources/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml + name: {{ include "common.fullname" . }}-config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }} + name: {{ include "common.fullname" $global }}-auth-truststore-sec + subPath: {{ . }} + {{ end }} + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + hostPath: + path: {{ .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}-create-db-schema + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-auth-truststore-sec + secret: + secretName: aai-common-truststore + items: + {{ range $job := .Values.global.config.auth.files }} + - key: {{ . }} + path: {{ . }} + {{ end }} + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ end }} +{{- if .Values.global.jobs.migration.enabled }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-migration + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-job + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-upgrade,post-rollback,post-install + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }}-job + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + spec: + initContainers: + - command: + - /root/ready.py + args: + - --container-name + {{- if .Values.global.cassandra.localCluster }} + - aai-cassandra + {{- else }} + - cassandra + {{- end }} + - --container-name + - aai-schema-service + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + - command: + - /bin/bash + - -c + - bash docker-entrypoint.sh dataRestoreFromSnapshot.sh `ls -t /opt/app/aai-graphadmin/logs/data/dataSnapshots|head -1|awk -F".P" '{ print $1 }'` + env: + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-realtime.properties + - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots + name: {{ include "common.fullname" . }}-snapshots + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-cached.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties + name: {{ include "common.fullname" . }}-config + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-GA + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/aai-graphadmin/resources/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml + name: {{ include "common.fullname" . }}-config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }} + name: {{ include "common.fullname" $global }}-auth-truststore-sec + subPath: {{ . }} + {{ end }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-restore-backup + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-perform-migration + command: + - /bin/bash + - -c + - bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges + env: + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-realtime.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-cached.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties + name: {{ include "common.fullname" . }}-config + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-GA + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/aai-graphadmin/resources/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml + name: {{ include "common.fullname" . }}-config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }} + name: {{ include "common.fullname" $global }}-auth-truststore-sec + subPath: {{ . }} + {{ end }} + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-snapshots + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-migration + - name: {{ include "common.fullname" . }}-auth-truststore-sec + secret: + secretName: aai-common-truststore + items: + {{ range $job := .Values.global.config.auth.files }} + - key: {{ . }} + path: {{ . }} + {{ end }} + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-db-backup-job + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-db-backup-job + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "2" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }}-db-backup-job + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + spec: + {{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }} + initContainers: + - command: + - /bin/bash + - -c + - /root/ready.py --container-name aai-cassandra --timeout 1 || /root/ready.py --container-name cassandra + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-db-backup-readiness + {{- end }} + containers: + - name: {{ include "common.name" . }}-db-backup-job + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/bash + - docker-entrypoint.sh + - dataSnapshot.sh + env: + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots + name: {{ include "common.fullname" . }}-snapshots + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties + name: {{ include "common.fullname" . }}-migration + subPath: janusgraph-migration-real.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties + name: {{ include "common.fullname" . }}-migration + subPath: janusgraph-migration-cached.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties + name: {{ include "common.fullname" . }}-config + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-RES/ + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/aai-graphadmin/resources/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml + name: {{ include "common.fullname" . }}-config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + resources: +{{ include "common.resources" . | indent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-migration + configMap: + name: {{ include "common.fullname" . }}-migration-configmap + - name: {{ include "common.fullname" . }}-snapshots + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-migration + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ end }} + diff --git a/charts/aai-graphadmin/templates/pv.yaml b/charts/aai-graphadmin/templates/pv.yaml new file mode 100644 index 0000000..f678331 --- /dev/null +++ b/charts/aai-graphadmin/templates/pv.yaml @@ -0,0 +1,42 @@ +{{/* +# Copyright â–’ 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.jobs.migration.enabled -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath1 }} +{{- end -}} + diff --git a/charts/aai-graphadmin/templates/pvc.yaml b/charts/aai-graphadmin/templates/pvc.yaml new file mode 100644 index 0000000..582afe9 --- /dev/null +++ b/charts/aai-graphadmin/templates/pvc.yaml @@ -0,0 +1,51 @@ +{{/* +# Copyright â–’ 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.jobs.migration.enabled -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-migration + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "-1" + "helm.sh/hook-delete-policy": before-hook-creation +{{- if .Values.persistence.annotations }} +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + name: {{ include "common.fullname" . }} + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/aai-graphadmin/templates/service.yaml b/charts/aai-graphadmin/templates/service.yaml new file mode 100644 index 0000000..f4d9ba5 --- /dev/null +++ b/charts/aai-graphadmin/templates/service.yaml @@ -0,0 +1,49 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + name: {{ .Values.service.portName2 }} + {{- else -}} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + clusterIP: None diff --git a/charts/aai-graphadmin/values.yaml b/charts/aai-graphadmin/values.yaml new file mode 100644 index 0000000..498c3c1 --- /dev/null +++ b/charts/aai-graphadmin/values.yaml @@ -0,0 +1,147 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +# Default values for resources. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + + +# application image +repository: nexus3.onap.org:10001 +image: onap/aai-graphadmin:1.1-STAGING-latest +pullPolicy: Always +restartPolicy: Always +flavor: small +# default number of instances +replicaCount: 1 + +# Configuration for the graphadmin deployment +config: + + # Specifies the timeout limit for the REST API requests + timeout: + enabled: true + limit: 180000 + + # Default maximum records to fix for the data grooming and dupeTool + maxFix: + dataGrooming: 150 + dupeTool: 25 + + # Default number of sleep minutes for dataGrooming and dupeTool + sleepMinutes: + dataGrooming: 7 + dupeTool: 7 + + # Cron specific attributes to be triggered for the graphadmin spring cron tasks + cron: + # Specifies that the data grooming tool which runs duplicates should be enabled + dataGrooming: + enabled: true + # Specifies that the data snapshot which takes a graphson snapshot should be enabled + dataSnapshot: + enabled: true + params: JUST_TAKE_SNAPSHOT + + # Data cleanup which zips snapshots older than x days and deletes older than y days + dataCleanup: + + dataGrooming: + enabled: true + # Zips up the dataGrooming files older than 5 days + ageZip: 5 + # Deletes the dataGrooming files older than 30 days + ageDelete: 30 + + dataSnapshot: + enabled: true + # Zips up the dataSnapshot graphson files older than 5 days + ageZip: 5 + # Deletes the dataSnapshot graphson files older than 30 days + ageDelete: 30 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + periodSeconds: 60 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: false + +readiness: + initialDelaySeconds: 60 + periodSeconds: 10 + +service: + type: ClusterIP + # REST API port for the graphadmin microservice + portName: aai-graphadmin-8449 + internalPort: 8449 + portName2: aai-graphadmin-5005 + internalPort2: 5005 + +ingress: + enabled: false + +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + volumeReclaimPolicy: Retain + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: <storageClass> + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + accessMode: ReadWriteMany + size: 2Gi + + mountPath: /dockerdata-nfs + mountSubPath: aai/aai-graphadmin + mountSubPath1: aai/migration + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.5 + memory: 1536Mi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 1 + memory: 2Gi + unlimited: {} diff --git a/charts/aai-modelloader/.helmignore b/charts/aai-modelloader/.helmignore new file mode 100644 index 0000000..daebc7d --- /dev/null +++ b/charts/aai-modelloader/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/aai-modelloader/Chart.yaml b/charts/aai-modelloader/Chart.yaml new file mode 100644 index 0000000..908e11b --- /dev/null +++ b/charts/aai-modelloader/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAI modelloader +name: aai-modelloader +version: 4.0.0 diff --git a/charts/aai-modelloader/resources/config/auth/aai-os-cert.p12 b/charts/aai-modelloader/resources/config/auth/aai-os-cert.p12 Binary files differnew file mode 100644 index 0000000..ee57120 --- /dev/null +++ b/charts/aai-modelloader/resources/config/auth/aai-os-cert.p12 diff --git a/charts/aai-modelloader/resources/config/auth/babel-client-cert.p12 b/charts/aai-modelloader/resources/config/auth/babel-client-cert.p12 Binary files differnew file mode 100644 index 0000000..dbf4fca --- /dev/null +++ b/charts/aai-modelloader/resources/config/auth/babel-client-cert.p12 diff --git a/charts/aai-modelloader/resources/config/auth/tomcat_keystore b/charts/aai-modelloader/resources/config/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000..9eec841 --- /dev/null +++ b/charts/aai-modelloader/resources/config/auth/tomcat_keystore diff --git a/charts/aai-modelloader/resources/config/log/logback.xml b/charts/aai-modelloader/resources/config/log/logback.xml new file mode 100644 index 0000000..72b5dab --- /dev/null +++ b/charts/aai-modelloader/resources/config/log/logback.xml @@ -0,0 +1,168 @@ +<!-- +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--> + +<configuration scan="true" scanPeriod="3 seconds" debug="false"> + <include resource="org/springframework/boot/logging/logback/base.xml" /> + <property name="logDir" value="/var/log/onap" /> + <property name="componentName" value="AAI-ML"></property> + + <!-- default eelf log file names --> + <property name="generalLogName" value="error" /> + <property name="metricsLogName" value="metrics" /> + <property name="auditLogName" value="audit" /> + <property name="debugLogName" value="debug" /> + + <property name="errorLogPattern" + value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|ModelLoader|%mdc{PartnerName}|%logger||%.-5level|%msg%n" /> + <property name="auditMetricPattern" value="%m%n" /> + + <property name="logDirectory" value="${logDir}/${componentName}" /> + + <!-- Example evaluator filter applied against console appender --> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${defaultPattern}</pattern> + </encoder> + </appender> + + <!-- ============================================================================ --> + <!-- EELF Appenders --> + <!-- ============================================================================ --> + + <!-- The EELFAppender is used to record events to the general application + log --> + + <appender name="EELF" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${generalLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender"> + <!-- deny all events with a level below INFO, that is TRACE and DEBUG --> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>INFO</level> + </filter> + <queueSize>256</queueSize> + <appender-ref ref="EELF" /> + </appender> + + <appender name="EELFAudit" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${auditLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${auditMetricPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFAudit" /> + </appender> + + <appender name="EELFMetrics" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${metricsLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${auditMetricPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFMetrics" /> + </appender> + + <appender name="EELFDebug" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${debugLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFDebug" /> + <includeCallerData>true</includeCallerData> + </appender> + + <!-- ============================================================================ --> + <!-- EELF loggers --> + <!-- ============================================================================ --> + <logger name="com.att.eelf" level="info" additivity="false"> + <appender-ref ref="asyncEELF" /> + <appender-ref ref="asyncEELFDebug" /> + </logger> + <logger name="com.att.eelf.audit" level="info" additivity="false"> + <appender-ref ref="asyncEELFAudit" /> + </logger> + <logger name="com.att.eelf.metrics" level="info" additivity="false"> + <appender-ref ref="asyncEELFMetrics" /> + </logger> + + <!-- Spring related loggers --> + <logger name="org.springframework" level="WARN" /> + <logger name="org.springframework.beans" level="WARN" /> + <logger name="org.springframework.web" level="WARN" /> + <logger name="com.blog.spring.jms" level="WARN" /> + + <logger name="com.att" level="INFO" /> + + <!-- Model Loader loggers --> + <logger name="org.openecomp.modelloader" level="INFO" /> + + <!-- Other Loggers that may help troubleshoot --> + <logger name="net.sf" level="WARN" /> + <logger name="org.apache.commons.httpclient" level="WARN" /> + <logger name="org.apache.commons" level="WARN" /> + <logger name="org.apache.coyote" level="WARN" /> + <logger name="org.apache.jasper" level="WARN" /> + + <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. + May aid in troubleshooting) --> + <logger name="org.apache.camel" level="WARN" /> + <logger name="org.apache.cxf" level="WARN" /> + <logger name="org.apache.camel.processor.interceptor" level="WARN" /> + <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" /> + <logger name="org.apache.cxf.service" level="WARN" /> + <logger name="org.restlet" level="WARN" /> + <logger name="org.apache.camel.component.restlet" level="WARN" /> + + <!-- logback internals logging --> + <logger name="ch.qos.logback.classic" level="WARN" /> + <logger name="ch.qos.logback.core" level="WARN" /> + + <root> + <appender-ref ref="asyncEELF" /> + <!-- <appender-ref ref="asyncEELFDebug" /> --> +</root> + +</configuration> diff --git a/charts/aai-modelloader/resources/config/model-loader.properties b/charts/aai-modelloader/resources/config/model-loader.properties new file mode 100644 index 0000000..246e528 --- /dev/null +++ b/charts/aai-modelloader/resources/config/model-loader.properties @@ -0,0 +1,46 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Model Loader Distribution Client Configuration +ml.distribution.ACTIVE_SERVER_TLS_AUTH=false +ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8443 +ml.distribution.CONSUMER_GROUP=aai-ml-group +ml.distribution.CONSUMER_ID=aai-ml +ml.distribution.ENVIRONMENT_NAME=AUTO +ml.distribution.KEYSTORE_PASSWORD= +ml.distribution.KEYSTORE_FILE=asdc-client.jks +ml.distribution.PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp +ml.distribution.POLLING_INTERVAL=30 +ml.distribution.POLLING_TIMEOUT=20 +ml.distribution.USER=aai +ml.distribution.ARTIFACT_TYPES=MODEL_QUERY_SPEC,TOSCA_CSAR +ml.distribution.MSG_BUS_ADDRESSES=message-router.{{.Release.Namespace}} + +# Model Loader AAI REST Client Configuration +ml.aai.BASE_URL=https://aai.{{.Release.Namespace}}:8443 +ml.aai.MODEL_URL=/aai/v*/service-design-and-creation/models/model/ +ml.aai.NAMED_QUERY_URL=/aai/v*/service-design-and-creation/named-queries/named-query/ +ml.aai.VNF_IMAGE_URL=/aai/v*/service-design-and-creation/vnf-images +ml.aai.KEYSTORE_FILE=aai-os-cert.p12 +ml.aai.KEYSTORE_PASSWORD=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o +ml.aai.AUTH_USER=ModelLoader +ml.aai.AUTH_PASSWORD=OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw + +# Model Loader Babel REST Client Configuration\r +ml.babel.BASE_URL=https://aai-babel.{{.Release.Namespace}}:9516 +ml.babel.GENERATE_ARTIFACTS_URL=/services/babel-service/v1/app/generateArtifacts +ml.babel.KEYSTORE_FILE=babel-client-cert.p12 +ml.babel.KEYSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 +ml.babel.TRUSTSTORE_FILE=tomcat_keystore +ml.babel.TRUSTSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 diff --git a/charts/aai-modelloader/templates/configmap.yaml b/charts/aai-modelloader/templates/configmap.yaml new file mode 100644 index 0000000..cdb01fb --- /dev/null +++ b/charts/aai-modelloader/templates/configmap.yaml @@ -0,0 +1,39 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-prop + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/model-loader.properties").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }} diff --git a/charts/aai-modelloader/templates/deployment.yaml b/charts/aai-modelloader/templates/deployment.yaml new file mode 100644 index 0000000..f34693f --- /dev/null +++ b/charts/aai-modelloader/templates/deployment.yaml @@ -0,0 +1,109 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + spec: + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: /opt/app/model-loader/config/ + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/model-loader/config/model-loader.properties + subPath: model-loader.properties + name: {{ include "common.fullname" . }}-prop-config + - mountPath: /opt/app/model-loader/config/auth/ + name: {{ include "common.fullname" . }}-auth-config + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/model-loader/logback.xml + name: {{ include "common.fullname" . }}-log-conf + subPath: logback.xml + ports: + - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPort2 }} + resources: +{{ include "common.resources" . }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: aai-filebeat + resources: +{{ include "common.resources" . }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-prop-config + configMap: + name: {{ include "common.fullname" . }}-prop + - name: {{ include "common.fullname" . }}-auth-config + secret: + secretName: {{ include "common.fullname" . }} + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: aai-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/charts/aai-modelloader/templates/secret.yaml b/charts/aai-modelloader/templates/secret.yaml new file mode 100644 index 0000000..6084ca3 --- /dev/null +++ b/charts/aai-modelloader/templates/secret.yaml @@ -0,0 +1,27 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }} diff --git a/charts/aai-modelloader/templates/service.yaml b/charts/aai-modelloader/templates/service.yaml new file mode 100644 index 0000000..567d42d --- /dev/null +++ b/charts/aai-modelloader/templates/service.yaml @@ -0,0 +1,43 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + name: {{ .Values.service.portName2 }} + {{- else -}} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} diff --git a/charts/aai-modelloader/values.yaml b/charts/aai-modelloader/values.yaml new file mode 100644 index 0000000..563ea6b --- /dev/null +++ b/charts/aai-modelloader/values.yaml @@ -0,0 +1,80 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for modelloader. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + + +# application image +repository: nexus3.onap.org:10001 +image: onap/model-loader:1.3.1 +pullPolicy: Always +restartPolicy: Always +flavor: small +# application configuration +config: {} + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: NodePort + portName: aai-modelloader + externalPort: 8080 + internalPort: 8080 + nodePort: 10 + portName2: aai-modelloader-ssl + externalPort2: 8443 + internalPort2: 8443 + nodePort2: 29 + +ingress: + enabled: false + + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.5 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 1 + memory: 1536Mi + unlimited: {} diff --git a/charts/aai-resources/.helmignore b/charts/aai-resources/.helmignore new file mode 100644 index 0000000..daebc7d --- /dev/null +++ b/charts/aai-resources/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/aai-resources/Chart.yaml b/charts/aai-resources/Chart.yaml new file mode 100644 index 0000000..12464b5 --- /dev/null +++ b/charts/aai-resources/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +apiVersion: v1 +description: ONAP AAI resources +name: aai-resources +version: 4.0.0 diff --git a/charts/aai-resources/resources/config/aaf/bath_config.csv b/charts/aai-resources/resources/config/aaf/bath_config.csv new file mode 100644 index 0000000..60a8fb5 --- /dev/null +++ b/charts/aai-resources/resources/config/aaf/bath_config.csv @@ -0,0 +1,33 @@ +# AAI -> aai@aai.onap.org +Basic QUFJOkFBSQ==,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# ModelLoader -> aai@aai.onap.org +Basic TW9kZWxMb2FkZXI6TW9kZWxMb2FkZXI=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# AaiUI -> aai@aai.onap.org, +Basic QWFpVUk6QWFpVUk=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# MSO -> so@so.onap.org +Basic TVNPOk1TTw==,Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1NiE=,2050-03-03 + +# SDNC -> sdnc@sdnc.onap.org +Basic U0ROQzpTRE5D,Basic c2RuY0BzZG5jLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03 + +# DCAE -> dcae@dcae.onap.org +Basic RENBRTpEQ0FF,Basic ZGNhZUBkY2FlLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03 + +# POLICY -> policy@policy.onap.org +Basic UE9MSUNZOlBPTElDWQ==,Basic cG9saWN5QHBvbGljeS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# ASDC -> sdc@sdc.onap.org +Basic QVNEQzpBU0RD,Basic c2RjQHNkYy5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# VID -> vid@vid.onap.org +Basic VklEOlZJRA==,Basic dmlkQHZpZC5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# APPC -> appc@appc.onap.org +Basic QVBQQzpBUFBD,Basic YXBwY0BhcHBjLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03 + +# OOF -> oof@oof.onap.org +Basic T09GOk9PRg==,Basic b29mQG9vZi5vbmFwLm9yZzpkZW1vMTIzNDQ2IQ==,2050-03-03 + diff --git a/charts/aai-resources/resources/config/aaf/cadi.properties b/charts/aai-resources/resources/config/aaf/cadi.properties new file mode 100644 index 0000000..c8d0b04 --- /dev/null +++ b/charts/aai-resources/resources/config/aaf/cadi.properties @@ -0,0 +1,8 @@ + +cadi_loglevel=INFO +cadi_prop_files=/opt/app/aai-resources/resources/aaf/org.osaaf.location.props:/opt/app/aai-resources/resources/aaf/org.onap.aai.props + +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + diff --git a/charts/aai-resources/resources/config/aaf/org.onap.aai.keyfile b/charts/aai-resources/resources/config/aaf/org.onap.aai.keyfile new file mode 100644 index 0000000..8721938 --- /dev/null +++ b/charts/aai-resources/resources/config/aaf/org.onap.aai.keyfile @@ -0,0 +1,27 @@ +yf1wUdfxbhVQQq5UF8hzWB_01VVrRIkC8BaLT7NMTrmv30RsMj3lvlaX3_CnVC1emYgmiUfWnT7k +brk0m-URJAKM8Pm6PrnOyKlx3U7NS8HVcFdKpVm_bx0CFsA3eY2NGe-D0gd35V1MohCbABZ8G2a6 +AgE7QmToHCwclXW_goK5P7lmJX1HaMVAIydMreP1m9sSR4UboRlvkH6VsMM1H1Y9ZhhXF--RkWAM +EcIspNTQE4ef3ZvYtSzuWssGZP8Hjo4XJlXz1uCSkyczw0IR19n-lspF9S0cIMro6QqvJsyjyjRo +UdYgxdwmQ_st4P43TZ8YEBQyE8r7VUoh_EqUx9ldilxGA0kBOQcTdtd805Kf98grXiQXeT-8UD1L +02aLzbz8Md7f8foGS1oGLfoImdjYCzOOZs3qHmKSb6YoHY8VcBCxIEfCznYl8wLYLRsSZ0tV4SAM +qCM_KHOM0HOZrNfSSAW5ZVZb67U9NI9SLFRV8gkmqxMspfjSLJCyHhq0D6RMECSpeAeVgoh6SWDw +mBSXunY5ZWVzdUyEezjCcl3NqTahrlfMSV5xkfUmSNFe_WW9rIXF0vD6MHAEW62yA1OA8WoMUqp2 +VKkUzWGVGAdMvbU52D6hqmGXER44kxAHVgEwPdhQhqgk4BpjR2v9ozQ6E_xNGkSRnriNB-H6BSN0 +vZa0pNJfvmBCjwGeoyRbCJrN1grLoDHQ3_6g-IwsD3NugKp6SHxUgfiPAUMGz-J2ZdbAlU0SNQgM +8gn6_cOaXvhqHBwh9SfT4jXyuCJru0zw3pyOjuw6fLMezvJDPvFfIgWllzc2IQ7_bufMZgCr2yAe +O-nBzsXK8aqItzCti53sZLSM1YC6OuRaiIt2i0yTVa7koFYSFhyELqEco5cFKMs0c6SrgIxnRrBT +x0RPXIyLdiRr76uP2wxL8KDfJ1vbCKi1xkZRchvQfm3ssgpzXVz8lnZ-HxacEhhAfGdDV56ZgRhu +5UVQd2RdP9JVpnXRJPhVwlQeQlrIXWHp01efBPRMTZQd2lpaNqn5v5chzpi9bbM3P3-BLxnN2NID +dv1E9Ox7MH-m3IQT9yFUi-UrDxAId4dnpgeCvyxhfnc1HJ9B71x9wmryC9PJWiKs3K-T_eC9pR4o +eN5PUZZ7arwdMUmzqKPNAtyMqaJCWfD3GZ1KsC8OV5Ze0DRQZPeT3IHg2BUC1NGj2SdjcwaGP_zl +uytFZWN7kQjnI4brorkO_jzjf7SEPCO7Vy2Z2vikIv7O8bSWZWDGYCcxUoYigFYcjZFirRYr3Yvl +YZU-F_qh6ZvrVxStSpz6iYDAzPW9v4ZyLSHyWe5H2AN89uRdnvag1769KpjsmGVYbn5jabgCJFs8 +EL7rxymrXri5cKsGH8XC1E0a-kP6vvhdHJhx5eFsFmKJaWh3RCJ8_I5CSzSRsK8JvE1Z6nGFn_SI +dpeNjf66lbm4y68loUh5Q4BDce3YaCT1gHmluBzXnv1vFzuvJ2jcVyq-nUDjdTqvM9okW8Prmt7l +ttQ3MVZI4rd-tXJfV4lxaI6wF4LIwiMJmY2tiCHoJ5nbLfHvMG7G5K1NAbizPltQxURPiMPZeCDZ +15SXI9vdCR-FyQikzp1hUUMMqz231-6BDDTKMOXpicQRQ0CHpEfxY4Rq3mu0QmRi-EIs6JAzfuLi +ba7fbfHnkhl3GWkj0CVZD8uDbzJceSTHICqVt-3qECUSG3ZfsuebWAEWED_xQoXyAL7kK8fMOPwl +m6qEk4z7boiJSrcQ2ZIdyPs2bZNvlv4wYg0F3BhFf2HeCYwR3BKXQGlDXGOAD5GuRpHHBch9JfVa +iUbvCEF23mee633C_K4zCaaVR9UqXMefzqFxSsobMp3heo3eIcQzLhe2SL2xpI9TbsvN2N4c9UMk +_TnQBHiYBgPxtB_j8bnVu7C__lTTpPKYLpUPxgWEIzljZzbkF37QQ1XtAc2EzcOi2FT4qsjlNgPw +PbL6ZihWEYZrZUilTSLzzjcQDLzoaF6BL2LOOS-Uju-B7COhcSMc0JLYOob6RDBE9T6HUMuZ diff --git a/charts/aai-resources/resources/config/aaf/org.onap.aai.p12 b/charts/aai-resources/resources/config/aaf/org.onap.aai.p12 Binary files differnew file mode 100644 index 0000000..5737e48 --- /dev/null +++ b/charts/aai-resources/resources/config/aaf/org.onap.aai.p12 diff --git a/charts/aai-resources/resources/config/aaf/org.onap.aai.props b/charts/aai-resources/resources/config/aaf/org.onap.aai.props new file mode 100644 index 0000000..59593a5 --- /dev/null +++ b/charts/aai-resources/resources/config/aaf/org.onap.aai.props @@ -0,0 +1,14 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# @copyright 2016, AT&T +############################################################ +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US +cadi_keyfile=/opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile +cadi_keystore=/opt/app/aai-resources/resources/aaf/org.onap.aai.p12 +cadi_keystore_password=enc:nF3D1h00vVoLZkCnFtTCJAiH6maEiA3933rI3ctap9Ggjlm2SMg_dxk6ui9iiDwr +#cadi_key_password=enc:9xs_lJ9QQRDoMcHqLbGg40-gefGrw-sLMjWL40ejbyqdC7Jt_pQfY6ajBLGcbLuL +cadi_alias=aai@aai.onap.org +cadi_truststore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks +cadi_truststore_password=enc:8BxmWFFRI9wcf2jVixnfdK2GPI4veaXofZ65fcYThHv +cadi_loglevel=INFO +cadi_bath_convert=/opt/app/aai-resources/resources/aaf/bath_config.csv diff --git a/charts/aai-resources/resources/config/aaf/org.osaaf.location.props b/charts/aai-resources/resources/config/aaf/org.osaaf.location.props new file mode 100644 index 0000000..77c3d53 --- /dev/null +++ b/charts/aai-resources/resources/config/aaf/org.osaaf.location.props @@ -0,0 +1,24 @@ +## +## org.osaaf.location.props +## +## Localized Machine Information +## +# Almeda California ? +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +# Locate URL (which AAF Env) +aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 + + +# AAF URL +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 + +# AAF Environment Designation +aaf_env=DEV + +# OAuth2 Endpoints +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + + diff --git a/charts/aai-resources/resources/config/aaf/permissions.properties b/charts/aai-resources/resources/config/aaf/permissions.properties new file mode 100644 index 0000000..4234121 --- /dev/null +++ b/charts/aai-resources/resources/config/aaf/permissions.properties @@ -0,0 +1,2 @@ +permission.type=org.onap.aai.resources +permission.instance=*
\ No newline at end of file diff --git a/charts/aai-resources/resources/config/aaiconfig.properties b/charts/aai-resources/resources/config/aaiconfig.properties new file mode 100644 index 0000000..f2e7caa --- /dev/null +++ b/charts/aai-resources/resources/config/aaiconfig.properties @@ -0,0 +1,88 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# + +#################################################################### +# REMEMBER TO THINK ABOUT ENVIRONMENTAL DIFFERENCES AND CHANGE THE +# TEMPLATE AND *ALL* DATAFILES +#################################################################### + +#################################################################### +# REMEMBER TO THINK ABOUT ENVIRONMENTAL DIFFERENCES AND CHANGE THE +# TEMPLATE AND *ALL* DATAFILES +#################################################################### + +aai.config.checktime=1000 + +# this could come from siteconfig.pl? +aai.config.nodename=AutomaticallyOverwritten + +aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/ +aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/ +aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/ + +{{ if .Values.global.config.basic.auth.enabled }} +aai.tools.enableBasicAuth=true +aai.tools.username={{ .Values.global.config.basic.auth.username }} +aai.tools.password={{ .Values.global.config.basic.auth.passwd }} +{{ end }} + +aai.truststore.filename={{ .Values.global.config.truststore.filename }} +aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }} +aai.keystore.filename={{ .Values.global.config.keystore.filename }} +aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }} + +aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} +aai.notificationEvent.default.status=UNPROCESSED +aai.notificationEvent.default.eventType={{ .Values.global.config.notification.eventType }} +aai.notificationEvent.default.domain={{ .Values.global.config.notification.domain }} +aai.notificationEvent.default.sourceName=aai +aai.notificationEvent.default.sequenceNumber=0 +aai.notificationEvent.default.severity=NORMAL +aai.notificationEvent.default.version={{ .Values.global.config.schema.version.api.default }} +# This one lets us enable/disable resource-version checking on updates/deletes +aai.resourceversion.enableflag=true +aai.logging.maxStackTraceEntries=10 +aai.default.api.version={{ .Values.global.config.schema.version.api.default }} + +aai.logging.trace.enabled=true +aai.logging.trace.logrequest=false +aai.logging.trace.logresponse=false + +aai.transaction.logging=true +aai.transaction.logging.get=false +aai.transaction.logging.post=true + +aai.realtime.clients={{ .Values.global.config.realtime.clients }} + +# Timeout for crud enabled flag +aai.crud.timeoutenabled={{ .Values.config.crud.timeout.enabled }} + +# Timeout app specific -1 to bypass for that app id, a whole number to override the timeout with that value (in ms) +aai.crud.timeout.appspecific={{ .Values.config.crud.timeout.appspecific }} + +#default timeout limit added for crud if not overridden (in ms) +aai.crud.timeoutlimit={{ .Values.config.crud.timeout.limit }} +#limit set for bulk consumer APIS +aai.bulkconsumer.payloadlimit={{ .Values.config.bulk.limit }} + +#uncomment and use header X-OverrideLimit with the value to override the bulk api limit +aai.bulkconsumer.payloadoverride={{ .Values.config.bulk.override }} diff --git a/charts/aai-resources/resources/config/application.properties b/charts/aai-resources/resources/config/application.properties new file mode 100644 index 0000000..7237c56 --- /dev/null +++ b/charts/aai-resources/resources/config/application.properties @@ -0,0 +1,94 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# The following info parameters are being referenced by ajsc6 +info.build.artifact=aai-resources +info.build.name=resources +info.build.description=Resources Microservice +info.build.version=1.3.0 + +spring.application.name=aai-resources +spring.jersey.type=filter + +server.contextPath=/ +spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration + +spring.profiles.active={{ .Values.global.config.profiles.active }} +spring.jersey.application-path=${schema.uri.base.path} +#The max number of active threads in this pool +server.tomcat.max-threads=200 +#The minimum number of threads always kept alive +server.tomcat.min-Spare-Threads=25 +#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads +server.tomcat.max-idle-time=60000 + +# If you get an application startup failure that the port is already taken +# If thats not it, please check if the key-store file path makes sense +server.local.startpath=aai-resources/src/main/resources/ +server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties + +server.port=8447 +server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 +server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} +server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) +server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} +server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +server.ssl.client-auth=want +server.ssl.key-store-type=JKS + +# JMS bind address host port +jms.bind.address=tcp://localhost:61647 +dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905 +dmaap.ribbon.transportType=https + +# Schema related attributes for the oxm and edges +# Any additional schema related attributes should start with prefix schema +schema.configuration.location=N/A +schema.source.name={{ .Values.global.config.schema.source.name }} +schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/ +schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/ + +schema.ingest.file=${server.local.startpath}/application.properties + +# Schema Version Related Attributes + +schema.uri.base.path={{ .Values.global.config.schema.uri.base.path }} +# Lists all of the versions in the schema +schema.version.list={{ .Values.global.config.schema.version.list }} +# Specifies from which version should the depth parameter to default to zero +schema.version.depth.start={{ .Values.global.config.schema.version.depth }} +# Specifies from which version should the related link be displayed in response payload +schema.version.related.link.start={{ .Values.global.config.schema.version.related.link }} + +# Specifies from which version should the client see only the uri excluding host info +# Before this version server base will also be included +schema.version.app.root.start={{ .Values.global.config.schema.version.app.root }} +# Specifies from which version should the namespace be changed +schema.version.namespace.change.start={{ .Values.global.config.schema.version.namespace.change }} +# Specifies from which version should the client start seeing the edge label in payload +schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.label }} +# Specifies the version that the application should default to +schema.version.api.default={{ .Values.global.config.schema.version.api.default }} + +schema.translator.list={{ .Values.global.config.schema.translator.list }} +schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ +schema.service.nodes.endpoint=nodes?version= +schema.service.edges.endpoint=edgerules?version= +schema.service.versions.endpoint=versions +schema.service.client={{ .Values.global.config.schema.service.client }} + +schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} +schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} +schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) +schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) diff --git a/charts/aai-resources/resources/config/auth/aai_policy.json b/charts/aai-resources/resources/config/auth/aai_policy.json new file mode 100644 index 0000000..65f13ef --- /dev/null +++ b/charts/aai-resources/resources/config/auth/aai_policy.json @@ -0,0 +1,298 @@ +{ + "roles": [ + { + "name": "admin", + "functions": [ + { + "name": "actions", + "methods": [ + { + "name": "GET" + }, + { + "name": "DELETE" + }, + { + "name": "PUT" + } + ] + }, + { + "name": "servers", + "methods": [ + { + "name": "GET" + }, + { + "name": "DELETE" + }, + { + "name": "PUT" + } + ] + }, + { + "name": "cloudinfra", + "methods": [ + { + "name": "GET" + }, + { + "name": "DELETE" + }, + { + "name": "PUT" + } + ] + }, + { + "name": "cloud-infrastructure", + "methods": [ + { + "name": "GET" + }, + { + "name": "DELETE" + }, + { + "name": "PUT" + } + ] + }, + { + "name": "sdandc", + "methods": [ + { + "name": "GET" + }, + { + "name": "DELETE" + }, + { + "name": "PUT" + } + ] + }, + { + "name": "service-design-and-creation", + "methods": [ + { + "name": "GET" + }, + { + "name": "DELETE" + }, + { + "name": "PUT" + } + ] + }, + { + "name": "business", + "methods": [ + { + "name": "GET" + }, + { + "name": "DELETE" + }, + { + "name": "PUT" + } + ] + }, + { + "name": "network", + "methods": [ + { + "name": "GET" + }, + { + "name": "DELETE" + }, + { + "name": "PUT" + } + ] + }, + { + "name": "search", + "methods": [ + { + "name": "GET" + }, + { + "name": "POST" + } + ] + }, + { + "name": "util", + "methods": [ + { + "name": "GET" + } + ] + }, + { + "name": "license-management", + "methods": [ + { + "name": "GET" + }, + { + "name": "DELETE" + }, + { + "name": "PUT" + } + ] + }, + { + "name": "examples", + "methods": [ + { + "name": "GET" + } + ] + }, + { + "name": "resources", + "methods": [ + { + "name": "GET" + } + ] + }, + { + "name": "generateurl", + "methods": [ + { + "name": "GET" + } + ] + }, + { + "name": "bulkadd", + "methods": [ + { + "name": "PUT" + } + ] + }, + { + "name": "nodes", + "methods": [ + { + "name": "GET" + } + ] + }, + { + "name": "query", + "methods": [ + { + "name": "PUT" + } + ] + }, + { + "name": "dbquery", + "methods": [ + { + "name": "PUT" + } + ] + }, + { + "name": "bulk", + "methods": [ + { + "name": "POST" + } + ] + }, + { + "name": "bulkprocess", + "methods": [ + { + "name": "PUT" + } + ] + }, + { + "name": "recents", + "methods": [ + { + "name": "GET" + } + ] + }, + { + "name": "dsl", + "methods": [ + { + "name": "PUT" + } + ] + }, + { + "name": "common", + "methods": [ + { + "name": "GET" + }, + { + "name": "DELETE" + }, + { + "name": "PUT" + } + ] + } + ], + "users": [ + { + "username": "CN=aai, OU=OSAAF, OU=aai@aai.onap.org, O=ONAP, C=US" + } + ] + }, + { + "name": "basicauth", + "functions": [ + { + "name": "util", + "methods": [ + { + "name": "GET" + } + ] + } + ], + "users": [ + { + "user": "aai", + "pass": "OBF:1u2a1t2v1vgb1s3g1s3m1vgj1t3b1u30" + } + ] + }, + { + "name": "HAProxy", + "functions": [ + { + "name": "util", + "methods": [ + { + "name": "GET" + } + ] + } + ], + "users": [ + { + "username": "CN=haproxyuser, OU=OSAAF, OU=aai@aai.onap.org, O=ONAP, C=US" + } + ] + } + ] +} diff --git a/charts/aai-resources/resources/config/janusgraph-cached.properties b/charts/aai-resources/resources/config/janusgraph-cached.properties new file mode 100644 index 0000000..9dc6636 --- /dev/null +++ b/charts/aai-resources/resources/config/janusgraph-cached.properties @@ -0,0 +1,98 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# + +query.fast-property=true +query.smart-limit=false + +{{ if .Values.global.config.cluster.cassandra.dynamic }} + +storage.backend=cassandra +storage.hostname={{.Values.global.cassandra.serviceName}} +storage.cassandra.keyspace=aaigraph + +storage.cassandra.read-consistency-level=LOCAL_QUORUM +storage.cassandra.write-consistency-level=LOCAL_QUORUM +storage.cassandra.replication-factor={{.Values.global.cassandra.replicas}} +storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy + +{{ else }} + +{{ if .Values.global.config.storage }} + +storage.backend={{ .Values.global.config.storage.backend }} + +{{ if eq .Values.global.config.storage.backend "cassandra" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cassandra.keyspace={{ .Values.global.config.storage.name }} + +storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }} +storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }} +storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }} +storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }} +storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "cql" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cql.keyspace={{ .Values.global.config.storage.name }} + +storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }} + +storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }} +storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }} +storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "hbase" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.hbase.table={{ .Values.global.config.storage.name }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ end }} + +{{ end }} + +{{ end }} + +storage.lock.wait-time=300 +#caching on +cache.db-cache = true +cache.db-cache-clean-wait = 20 +cache.db-cache-time = 180000 +cache.db-cache-size = 0.3 + +#load graphson file on startup +load.snapshot.file=false diff --git a/charts/aai-resources/resources/config/janusgraph-realtime.properties b/charts/aai-resources/resources/config/janusgraph-realtime.properties new file mode 100644 index 0000000..8791a0b --- /dev/null +++ b/charts/aai-resources/resources/config/janusgraph-realtime.properties @@ -0,0 +1,92 @@ +# +# ============LICENSE_START======================================================= +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# + +query.fast-property=true +query.smart-limit=false + +{{ if .Values.global.config.cluster.cassandra.dynamic }} + +storage.backend=cassandra +storage.hostname={{.Values.global.cassandra.serviceName}} +storage.cassandra.keyspace=aaigraph + +storage.cassandra.read-consistency-level=LOCAL_QUORUM +storage.cassandra.write-consistency-level=LOCAL_QUORUM +storage.cassandra.replication-factor={{.Values.global.cassandra.replicas}} +storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy + +{{ else }} + +{{ if .Values.global.config.storage }} + +storage.backend={{ .Values.global.config.storage.backend }} + +{{ if eq .Values.global.config.storage.backend "cassandra" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cassandra.keyspace={{ .Values.global.config.storage.name }} + +storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }} +storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }} +storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }} +storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }} +storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "cql" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cql.keyspace={{ .Values.global.config.storage.name }} + +storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }} + +storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }} +storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }} +storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "hbase" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.hbase.table={{ .Values.global.config.storage.name }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ end }} + +{{ end }} + +{{ end }} + +storage.lock.wait-time=300 +# Setting db-cache to false ensure the fastest propagation of changes across servers +cache.db-cache = false +#load graphson file on startup +load.snapshot.file=false diff --git a/charts/aai-resources/resources/config/localhost-access-logback.xml b/charts/aai-resources/resources/config/localhost-access-logback.xml new file mode 100644 index 0000000..4cf6c74 --- /dev/null +++ b/charts/aai-resources/resources/config/localhost-access-logback.xml @@ -0,0 +1,63 @@ +<!--
+
+ ============LICENSE_START=======================================================
+ org.onap.aai
+ ================================================================================
+ Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ Modifications Copyright © 2018 Amdocs, Bell Canada
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+
+-->
+<configuration>
+ <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
+ <appender name="ACCESS"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
+ <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>
+ </encoder>
+ </appender>
+ <appender-ref ref="ACCESS" />
+</configuration>
+
+<!--
+%a - Remote IP address
+%A - Local IP address
+%b - Bytes sent, excluding HTTP headers, or '-' if no bytes were sent
+%B - Bytes sent, excluding HTTP headers
+%h - Remote host name
+%H - Request protocol
+%l - Remote logical username from identd (always returns '-')
+%m - Request method
+%p - Local port
+%q - Query string (prepended with a '?' if it exists, otherwise an empty string
+%r - First line of the request
+%s - HTTP status code of the response
+%S - User session ID
+%t - Date and time, in Common Log Format format
+%u - Remote user that was authenticated
+%U - Requested URL path
+%v - Local server name
+%I - current request thread name (can compare later with stacktraces)
+
+%z - Custom pattern that parses the cert for the subject
+%y - Custom pattern determines rest or dme2
+ -->
diff --git a/charts/aai-resources/resources/config/logback.xml b/charts/aai-resources/resources/config/logback.xml new file mode 100644 index 0000000..0afc6f9 --- /dev/null +++ b/charts/aai-resources/resources/config/logback.xml @@ -0,0 +1,267 @@ +<!-- + ============LICENSE_START======================================================= + org.onap.aai + ================================================================================ + Copyright © 2017 AT&T Intellectual Property. All rights reserved. + Modifications Copyright © 2018 Amdocs, Bell Canada + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= + ECOMP is a trademark and service mark of AT&T Intellectual Property. +--> +<configuration scan="true" scanPeriod="60 seconds" debug="false"> + <statusListener class="ch.qos.logback.core.status.NopStatusListener" /> + <property resource="application.properties" /> + <property name="namespace" value="aai-resources"/> + <property name="AJSC_HOME" value="${AJSC_HOME:-.}" /> + <jmxConfigurator /> + <property name="logDirectory" value="${AJSC_HOME}/logs" /> + <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{statusCode}|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> + <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{statusCode}|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> + <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%X{statusCode}|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> + <!-- <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> --> + <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> + <property name="eelfTransLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{statusCode}|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{partnerName}:%m%n"/> + <conversionRule conversionWord="clr" converterClass="org.springframework.boot.logging.logback.ColorConverter" /> + <conversionRule conversionWord="wex" converterClass="org.springframework.boot.logging.logback.WhitespaceThrowableProxyConverter" /> + <conversionRule conversionWord="wEx" converterClass="org.springframework.boot.logging.logback.ExtendedWhitespaceThrowableProxyConverter" /> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern> + %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx} + </pattern> + </encoder> + </appender> + <appender name="SANE" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/rest/sane.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/sane.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder> + <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n + </pattern> + </encoder> + </appender> + <appender name="asyncSANE" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="SANE" /> + </appender> + <appender name="METRIC" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>INFO</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <file>${logDirectory}/rest/metrics.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfMetricLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncMETRIC" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="METRIC" /> + </appender> + <appender name="DEBUG" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>DEBUG</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <file>${logDirectory}/rest/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/debug.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncDEBUG" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="DEBUG" /> + </appender> + <appender name="ERROR" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <file>${logDirectory}/rest/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/error.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfErrorLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncERROR" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="ERROR" /> + </appender> + <appender name="AUDIT" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/rest/audit.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/audit.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfAuditLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncAUDIT" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="AUDIT" /> + </appender> + <appender name="translog" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>DEBUG</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <file>${logDirectory}/rest/translog.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/translog.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfTransLogPattern}</pattern> + </encoder> + </appender> + <appender name="asynctranslog" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="translog" /> + </appender> + <appender name="dmaapAAIEventConsumer" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <File>${logDirectory}/dmaapAAIEventConsumer/error.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + <appender name="dmaapAAIEventConsumerDebug" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>DEBUG</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <File>${logDirectory}/dmaapAAIEventConsumer/debug.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + <appender name="dmaapAAIEventConsumerMetric" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>INFO</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <File>${logDirectory}/dmaapAAIEventConsumer/metrics.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfMetricLogPattern}</pattern> + </encoder> + </appender> + <appender name="external" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <file>${logDirectory}/external/external.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/external/external.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + <logger name="org.onap.aai" level="DEBUG" additivity="false"> + <appender-ref ref="asyncDEBUG" /> + <appender-ref ref="asyncERROR" /> + <appender-ref ref="asyncMETRIC" /> + <appender-ref ref="asyncSANE" /> + <appender-ref ref="STDOUT" /> + </logger> + <!-- Spring related loggers --> + <logger name="org.springframework" level="WARN" /> + <logger name="org.springframework.beans" level="WARN" /> + <logger name="org.springframework.web" level="WARN" /> + <logger name="com.blog.spring.jms" level="WARN" /> + <logger name="com.jayway.jsonpath" level="WARN" /> + + <logger name="ch.qos.logback.classic" level="WARN" /> + <logger name="ch.qos.logback.core" level="WARN" /> + <logger name="org.eclipse.jetty" level="WARN" /> + + <logger name="org.onap.aai.interceptors.post" level="DEBUG" + additivity="false"> + <appender-ref ref="asynctranslog" /> + </logger> + <logger name="org.onap.aai.interceptors.pre.SetLoggingContext" level="DEBUG"> + <appender-ref ref="asyncAUDIT"/> + </logger> + <logger name="org.onap.aai.interceptors.post.ResetLoggingContext" level="DEBUG"> + <appender-ref ref="asyncAUDIT"/> + </logger> + <logger name="org.onap.aai.dmaap" level="DEBUG" additivity="false"> + <appender-ref ref="dmaapAAIEventConsumer" /> + <appender-ref ref="dmaapAAIEventConsumerDebug" /> + <appender-ref ref="dmaapAAIEventConsumerMetric" /> + </logger> + <logger name="org.apache" level="OFF" /> + <logger name="org.zookeeper" level="OFF" /> + <logger name="com.thinkaurelius" level="WARN" /> + <logger name="com.att.aft.dme2" level="WARN" /> + <!-- ============================================================================ --> + <!-- General EELF logger --> + <!-- ============================================================================ --> + <logger name="com.att.eelf" level="WARN" additivity="false"> + <appender-ref ref="asyncDEBUG" /> + <appender-ref ref="asyncERROR" /> + <appender-ref ref="asyncMETRIC" /> + </logger> + <root level="DEBUG"> + <appender-ref ref="external" /> + {{ if .Values.global.config.logback.console.enabled }} + <appender-ref ref="STDOUT" /> + {{ end }} + </root> +</configuration> diff --git a/charts/aai-resources/resources/config/realm.properties b/charts/aai-resources/resources/config/realm.properties new file mode 100644 index 0000000..0499b34 --- /dev/null +++ b/charts/aai-resources/resources/config/realm.properties @@ -0,0 +1,37 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# format : username: password[,rolename ...] +# default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader... +AAI:OBF:1gfr1ev31gg7,admin +MSO:OBF:1jzx1lz31k01,admin +SDNC:OBF:1itr1i0l1i151isv,admin +DCAE:OBF:1g8u1f9d1f991g8w,admin +POLICY:OBF:1mk61i171ima1im41i0j1mko,admin +ASDC:OBF:1f991j0u1j001f9d,admin +VID:OBF:1jm91i0v1jl9,admin +APPC:OBF:1f991ksf1ksf1f9d,admin +ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin +AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin +OOF:OBF:1img1ke71ily,admin +aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin diff --git a/charts/aai-resources/resources/fproxy/config/auth/client-cert.p12 b/charts/aai-resources/resources/fproxy/config/auth/client-cert.p12 Binary files differnew file mode 100644 index 0000000..d9fe86e --- /dev/null +++ b/charts/aai-resources/resources/fproxy/config/auth/client-cert.p12 diff --git a/charts/aai-resources/resources/fproxy/config/auth/fproxy_truststore b/charts/aai-resources/resources/fproxy/config/auth/fproxy_truststore Binary files differnew file mode 100644 index 0000000..f6ebc75 --- /dev/null +++ b/charts/aai-resources/resources/fproxy/config/auth/fproxy_truststore diff --git a/charts/aai-resources/resources/fproxy/config/auth/tomcat_keystore b/charts/aai-resources/resources/fproxy/config/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000..9eec841 --- /dev/null +++ b/charts/aai-resources/resources/fproxy/config/auth/tomcat_keystore diff --git a/charts/aai-resources/resources/fproxy/config/fproxy.properties b/charts/aai-resources/resources/fproxy/config/fproxy.properties new file mode 100644 index 0000000..f512fb7 --- /dev/null +++ b/charts/aai-resources/resources/fproxy/config/fproxy.properties @@ -0,0 +1,2 @@ +credential.cache.timeout.ms=180000 +transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/charts/aai-resources/resources/fproxy/config/logback-spring.xml b/charts/aai-resources/resources/fproxy/config/logback-spring.xml new file mode 100644 index 0000000..9a08348 --- /dev/null +++ b/charts/aai-resources/resources/fproxy/config/logback-spring.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + + <property name="LOGS" value="./logs/AAF-FPS" /> + <property name="FILEPREFIX" value="application" /> + + <appender name="Console" + class="ch.qos.logback.core.ConsoleAppender"> + <layout class="ch.qos.logback.classic.PatternLayout"> + <Pattern> + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + </Pattern> + </layout> + </appender> + + <appender name="RollingFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOGS}/${FILEPREFIX}.log</file> + <encoder + class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> + </encoder> + + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <!-- rollover daily and when the file reaches 10 MegaBytes --> + <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + </fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>10MB</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + </rollingPolicy> + </appender> + + <!-- LOG everything at INFO level --> + <root level="info"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </root> + + <!-- LOG "com.baeldung*" at TRACE level --> + <logger name="org.onap.aaf.fproxy" level="info" /> + +</configuration>
\ No newline at end of file diff --git a/charts/aai-resources/resources/fproxy/config/readme.txt b/charts/aai-resources/resources/fproxy/config/readme.txt new file mode 100644 index 0000000..79cf29e --- /dev/null +++ b/charts/aai-resources/resources/fproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/charts/aai-resources/resources/rproxy/config/auth/client-cert.p12 b/charts/aai-resources/resources/rproxy/config/auth/client-cert.p12 Binary files differnew file mode 100644 index 0000000..071d407 --- /dev/null +++ b/charts/aai-resources/resources/rproxy/config/auth/client-cert.p12 diff --git a/charts/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 b/charts/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 Binary files differnew file mode 100644 index 0000000..023e2ea --- /dev/null +++ b/charts/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 diff --git a/charts/aai-resources/resources/rproxy/config/auth/tomcat_keystore b/charts/aai-resources/resources/rproxy/config/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000..6ad5f51 --- /dev/null +++ b/charts/aai-resources/resources/rproxy/config/auth/tomcat_keystore diff --git a/charts/aai-resources/resources/rproxy/config/auth/uri-authorization.json b/charts/aai-resources/resources/rproxy/config/auth/uri-authorization.json new file mode 100644 index 0000000..e23c03d --- /dev/null +++ b/charts/aai-resources/resources/rproxy/config/auth/uri-authorization.json @@ -0,0 +1,99 @@ +[ + { + "uri": "\/not\/allowed\/at\/all$", + "permissions": [ + "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt" + ] + }, + { + "uri": "\/one\/auth\/required$", + "permissions": [ + "test.auth.access.aSimpleSingleAuth" + ] + }, + { + "uri": "\/multi\/auth\/required$", + "permissions": [ + "test.auth.access.aMultipleAuth1", + "test.auth.access.aMultipleAuth2", + "test.auth.access.aMultipleAuth3" + ] + }, + { + "uri": "\/one\/[^\/]+\/required$", + "permissions": [ + "test.auth.access.aSimpleSingleAuth" + ] + }, + { + "uri": "\/services\/getAAFRequest$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/admin\/getAAFRequest$", + "permissions": [ + "test.auth.access|admin|GET,PUT,POST" + ] + }, + { + "uri": "\/service\/aai\/webapp\/index.html$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/services\/aai\/webapp\/index.html$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/$", + "permissions": [ + "\\|services\\|GET", + "test\\.auth\\.access\\|services\\|GET,PUT" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$", + "permissions": [ + "test\\.auth\\.access\\|rest\\|read" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*", + "permissions": [ + "test.auth.access|clouds|read", + "test.auth.access|tenants|read" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$", + "permissions": [ + "test.auth.access|clouds|read", + "test.auth.access|tenants|read", + "test.auth.access|vservers|read" + ] + }, + { + "uri": "\/backend$", + "permissions": [ + "test\\.auth\\.access\\|services\\|GET,PUT", + "\\|services\\|GET" + ] + }, + { + "uri": "\/aai\/.*", + "permissions": [ + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] + }, + { + "uri": "\/aai\/util\/echo", + "permissions": [ + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] + } +] diff --git a/charts/aai-resources/resources/rproxy/config/cadi.properties b/charts/aai-resources/resources/rproxy/config/cadi.properties new file mode 100644 index 0000000..c2b628d --- /dev/null +++ b/charts/aai-resources/resources/rproxy/config/cadi.properties @@ -0,0 +1,39 @@ +# This is a normal Java Properties File +# Comments are with Pound Signs at beginning of lines, +# and multi-line expression of properties can be obtained by backslash at end of line + +#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below +#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name +#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com +#to your hosts file on your machine. +#hostname=test.aic.cip.att.com + +cadi_loglevel=DEBUG + +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +# Locate URL (which AAF Env) +aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 + +# AAF URL +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 + +cadi_keyfile=/opt/app/rproxy/config/security/keyfile +cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12 +cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV +cadi_alias=aai@aai.onap.org +cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore +cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +aaf_env=DEV + +aaf_id=demo@people.osaaf.org +aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz + +# This is a colon separated list of client cert issuers +cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/charts/aai-resources/resources/rproxy/config/forward-proxy.properties b/charts/aai-resources/resources/rproxy/config/forward-proxy.properties new file mode 100644 index 0000000..1b58d42 --- /dev/null +++ b/charts/aai-resources/resources/rproxy/config/forward-proxy.properties @@ -0,0 +1,4 @@ +forward-proxy.protocol = https +forward-proxy.host = localhost +forward-proxy.port = 10680 +forward-proxy.cacheurl = /credential-cache
\ No newline at end of file diff --git a/charts/aai-resources/resources/rproxy/config/logback-spring.xml b/charts/aai-resources/resources/rproxy/config/logback-spring.xml new file mode 100644 index 0000000..799fd86 --- /dev/null +++ b/charts/aai-resources/resources/rproxy/config/logback-spring.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + + <property name="LOGS" value="./logs/reverse-proxy" /> + <property name="FILEPREFIX" value="application" /> + + <appender name="Console" + class="ch.qos.logback.core.ConsoleAppender"> + <layout class="ch.qos.logback.classic.PatternLayout"> + <Pattern> + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + </Pattern> + </layout> + </appender> + + <appender name="RollingFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOGS}/${FILEPREFIX}.log</file> + <encoder + class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> + </encoder> + + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <!-- rollover daily and when the file reaches 10 MegaBytes --> + <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + </fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>10MB</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + </rollingPolicy> + </appender> + + <!-- LOG everything at INFO level --> + <root level="info"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </root> + + <!-- LOG "com.baeldung*" at TRACE level --> + <logger name="org.onap.aaf.rproxy" level="info" /> + +</configuration> diff --git a/charts/aai-resources/resources/rproxy/config/primary-service.properties b/charts/aai-resources/resources/rproxy/config/primary-service.properties new file mode 100644 index 0000000..2c89d28 --- /dev/null +++ b/charts/aai-resources/resources/rproxy/config/primary-service.properties @@ -0,0 +1,3 @@ +primary-service.protocol = https +primary-service.host = localhost +primary-service.port = 8447 diff --git a/charts/aai-resources/resources/rproxy/config/readme.txt b/charts/aai-resources/resources/rproxy/config/readme.txt new file mode 100644 index 0000000..79cf29e --- /dev/null +++ b/charts/aai-resources/resources/rproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/charts/aai-resources/resources/rproxy/config/reverse-proxy.properties b/charts/aai-resources/resources/rproxy/config/reverse-proxy.properties new file mode 100644 index 0000000..8d46e1f --- /dev/null +++ b/charts/aai-resources/resources/rproxy/config/reverse-proxy.properties @@ -0,0 +1 @@ +transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/charts/aai-resources/resources/rproxy/config/security/keyfile b/charts/aai-resources/resources/rproxy/config/security/keyfile new file mode 100644 index 0000000..3416d4a --- /dev/null +++ b/charts/aai-resources/resources/rproxy/config/security/keyfile @@ -0,0 +1,27 @@ +2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf +jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm +4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe +moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf +GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT +74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh +iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb +p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt +3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW +hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7 +RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX +xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk +8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q +ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i +5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe +GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE +_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k +zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf +S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU +LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw +hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W +nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP +bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN +JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk +Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y +J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP +mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF
\ No newline at end of file diff --git a/charts/aai-resources/templates/configmap.yaml b/charts/aai-resources/templates/configmap.yaml new file mode 100644 index 0000000..a4c2e31 --- /dev/null +++ b/charts/aai-resources/templates/configmap.yaml @@ -0,0 +1,158 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-aaf-props + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/aaf/org.osaaf.location.props").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-aaf-keys + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-aai-policy-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/auth/aai_policy.json").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-log-config + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-fproxy-auth-config + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-log-config + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-rproxy-auth-config + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-rproxy-security-config + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }} +{{ end }} diff --git a/charts/aai-resources/templates/deployment.yaml b/charts/aai-resources/templates/deployment.yaml new file mode 100644 index 0000000..d530c3d --- /dev/null +++ b/charts/aai-resources/templates/deployment.yaml @@ -0,0 +1,1102 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + msb.onap.org/service-info: '[ + { + "serviceName": "_aai-cloudInfrastructure", + "version": "v11", + "url": "/aai/v11/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v11/cloud-infrastructure" + }, + { + "serviceName": "_aai-cloudInfrastructure", + "version": "v12", + "url": "/aai/v12/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v12/cloud-infrastructure" + }, + { + "serviceName": "_aai-cloudInfrastructure", + "version": "v13", + "url": "/aai/v13/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v13/cloud-infrastructure" + }, + { + "serviceName": "_aai-cloudInfrastructure", + "version": "v14", + "url": "/aai/v14/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/cloud-infrastructure" + }, + { + "serviceName": "_aai-cloudInfrastructure", + "version": "v15", + "url": "/aai/v15/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v15/cloud-infrastructure" + }, + { + "serviceName": "_aai-cloudInfrastructure", + "version": "v16", + "url": "/aai/v16/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v16/cloud-infrastructure" + }, + { + "serviceName": "_aai-business", + "version": "v11", + "url": "/aai/v11/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v11/business" + }, + { + "serviceName": "_aai-business", + "version": "v12", + "url": "/aai/v12/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v12/business" + }, + { + "serviceName": "_aai-business", + "version": "v13", + "url": "/aai/v13/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v13/business" + }, + { + "serviceName": "_aai-business", + "version": "v14", + "url": "/aai/v14/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/business" + }, + { + "serviceName": "_aai-business", + "version": "v15", + "url": "/aai/v15/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v15/business" + }, + { + "serviceName": "_aai-business", + "version": "v16", + "url": "/aai/v16/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v16/business" + }, + { + "serviceName": "_aai-actions", + "version": "v11", + "url": "/aai/v11/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v11/actions" + }, + { + "serviceName": "_aai-actions", + "version": "v12", + "url": "/aai/v12/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v12/actions" + }, + { + "serviceName": "_aai-actions", + "version": "v13", + "url": "/aai/v13/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v13/actions" + }, + { + "serviceName": "_aai-actions", + "version": "v14", + "url": "/aai/v14/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/actions" + }, + { + "serviceName": "_aai-actions", + "version": "v15", + "url": "/aai/v15/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v15/actions" + }, + { + "serviceName": "_aai-actions", + "version": "v16", + "url": "/aai/v16/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v16/actions" + }, + { + "serviceName": "_aai-service-design-and-creation", + "version": "v11", + "url": "/aai/v11/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v11/service-design-and-creation" + }, + { + "serviceName": "_aai-service-design-and-creation", + "version": "v12", + "url": "/aai/v12/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v12/service-design-and-creation" + }, + { + "serviceName": "_aai-service-design-and-creation", + "version": "v13", + "url": "/aai/v13/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v13/service-design-and-creation" + }, + { + "serviceName": "_aai-service-design-and-creation", + "version": "v14", + "url": "/aai/v14/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/service-design-and-creation" + }, + { + "serviceName": "_aai-service-design-and-creation", + "version": "v15", + "url": "/aai/v15/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v15/service-design-and-creation" + }, + { + "serviceName": "_aai-service-design-and-creation", + "version": "v16", + "url": "/aai/v16/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v16/service-design-and-creation" + }, + { + "serviceName": "_aai-network", + "version": "v11", + "url": "/aai/v11/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v11/network" + }, + { + "serviceName": "_aai-network", + "version": "v12", + "url": "/aai/v12/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v12/network" + }, + { + "serviceName": "_aai-network", + "version": "v13", + "url": "/aai/v13/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v13/network" + }, + { + "serviceName": "_aai-network", + "version": "v14", + "url": "/aai/v14/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/network" + }, + { + "serviceName": "_aai-network", + "version": "v15", + "url": "/aai/v15/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v15/network" + }, + { + "serviceName": "_aai-network", + "version": "v16", + "url": "/aai/v16/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v16/network" + }, + { + "serviceName": "_aai-externalSystem", + "version": "v11", + "url": "/aai/v11/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v11/external-system" + }, + { + "serviceName": "_aai-externalSystem", + "version": "v12", + "url": "/aai/v12/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v12/external-system" + }, + { + "serviceName": "_aai-externalSystem", + "version": "v13", + "url": "/aai/v13/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v13/external-system" + }, + { + "serviceName": "_aai-externalSystem", + "version": "v14", + "url": "/aai/v14/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/external-system" + }, + { + "serviceName": "_aai-externalSystem", + "version": "v15", + "url": "/aai/v15/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v15/external-system" + }, + { + "serviceName": "_aai-externalSystem", + "version": "v16", + "url": "/aai/v16/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v16/external-system" + }, + { + "serviceName": "aai-cloudInfrastructure", + "version": "v11", + "url": "/aai/v11/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-cloudInfrastructure", + "version": "v12", + "url": "/aai/v12/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-cloudInfrastructure", + "version": "v13", + "url": "/aai/v13/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-cloudInfrastructure", + "version": "v14", + "url": "/aai/v14/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-cloudInfrastructure", + "version": "v15", + "url": "/aai/v15/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-cloudInfrastructure", + "version": "v16", + "url": "/aai/v16/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-business", + "version": "v11", + "url": "/aai/v11/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-business", + "version": "v12", + "url": "/aai/v12/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-business", + "version": "v13", + "url": "/aai/v13/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-business", + "version": "v14", + "url": "/aai/v14/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-business", + "version": "v15", + "url": "/aai/v15/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-business", + "version": "v16", + "url": "/aai/v16/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-actions", + "version": "v11", + "url": "/aai/v11/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-actions", + "version": "v12", + "url": "/aai/v12/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-actions", + "version": "v13", + "url": "/aai/v13/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-actions", + "version": "v14", + "url": "/aai/v14/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-actions", + "version": "v15", + "url": "/aai/v15/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-actions", + "version": "v16", + "url": "/aai/v16/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-service-design-and-creation", + "version": "v11", + "url": "/aai/v11/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-service-design-and-creation", + "version": "v12", + "url": "/aai/v12/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-service-design-and-creation", + "version": "v13", + "url": "/aai/v13/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-service-design-and-creation", + "version": "v14", + "url": "/aai/v14/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-service-design-and-creation", + "version": "v15", + "url": "/aai/v15/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-service-design-and-creation", + "version": "v16", + "url": "/aai/v16/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-network", + "version": "v11", + "url": "/aai/v11/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-network", + "version": "v12", + "url": "/aai/v12/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-network", + "version": "v13", + "url": "/aai/v13/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-network", + "version": "v14", + "url": "/aai/v14/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-network", + "version": "v15", + "url": "/aai/v15/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-network", + "version": "v16", + "url": "/aai/v16/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-externalSystem", + "version": "v11", + "url": "/aai/v11/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-externalSystem", + "version": "v12", + "url": "/aai/v12/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-externalSystem", + "version": "v13", + "url": "/aai/v13/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-externalSystem", + "version": "v14", + "url": "/aai/v14/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-externalSystem", + "version": "v15", + "url": "/aai/v15/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-externalSystem", + "version": "v16", + "url": "/aai/v16/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + } + ]' + spec: + hostname: aai-resources + {{ if .Values.global.initContainers.enabled }} + {{ if .Values.global.installSidecarSecurity }} + hostAliases: + - ip: {{ .Values.global.aaf.serverIp }} + hostnames: + - {{ .Values.global.aaf.serverHostname }} + {{ end }} + initContainers: + - command: + {{ if .Values.global.jobs.migration.enabled }} + - /root/job_complete.py + args: + - --job-name + - {{ .Release.Name }}-aai-graphadmin-migration + {{ else if .Values.global.jobs.createSchema.enabled }} + - /root/job_complete.py + args: + - --job-name + - {{ .Release.Name }}-aai-graphadmin-create-db-schema + {{ else }} + - /root/ready.py + args: + - --container-name + {{- if .Values.global.cassandra.localCluster }} + - aai-cassandra + {{- else }} + - cassandra + {{- end }} + - --container-name + - aai-schema-service + {{ end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + {{ if .Values.global.installSidecarSecurity }} + - name: {{ .Values.global.tproxyConfig.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + privileged: true + {{ end }} + {{ end }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-realtime.properties + - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-cached.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-cached.properties + - mountPath: /opt/app/aai-resources/resources/etc/appprops/aaiconfig.properties + name: {{ include "common.fullname" . }}-config + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-RES + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/aai-resources/resources/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml + name: {{ include "common.fullname" . }}-config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties + name: {{ include "common.fullname" . }}-config + subPath: realm.properties + {{ if .Values.global.installSidecarSecurity }} + - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json + name: {{ include "common.fullname" . }}-aai-policy + subPath: aai_policy.json + {{ end }} + - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile + name: {{ include "common.fullname" . }}-aaf-certs + subPath: org.onap.aai.keyfile + - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv + name: {{ include "common.fullname" . }}-aaf-certs + subPath: bath_config.csv + - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props + name: {{ include "common.fullname" . }}-aaf-properties + subPath: org.onap.aai.props + - mountPath: /opt/app/aai-resources/resources/aaf/org.osaaf.location.props + name: {{ include "common.fullname" . }}-aaf-properties + subPath: org.osaaf.location.props + - mountPath: /opt/app/aai-resources/resources/aaf/permissions.properties + name: {{ include "common.fullname" . }}-aaf-properties + subPath: permissions.properties + - mountPath: /opt/app/aai-resources/resources/cadi.properties + name: {{ include "common.fullname" . }}-aaf-properties + subPath: cadi.properties + - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.p12 + name: {{ include "common.fullname" . }}-aaf-certs + subPath: org.onap.aai.p12 + - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks + name: aai-common-aai-auth-mount + subPath: truststoreONAPall.jks + - mountPath: /opt/app/aai-resources/resources/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }} + name: {{ include "common.fullname" $global }}-auth-truststore-sec + subPath: {{ . }} + {{ end }} + ports: + - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPort2 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: {{ include "common.fullname" . }}-filebeat + resources: +{{ include "common.resources" . }} + {{ if .Values.global.installSidecarSecurity }} + - name: {{ .Values.global.rproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/rproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.sidecar.keyStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.rproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/forward-proxy.properties + subPath: forward-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/primary-service.properties + subPath: primary-service.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/reverse-proxy.properties + subPath: reverse-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/cadi.properties + subPath: cadi.properties + - name: {{ include "common.fullname" . }}-rproxy-log-config + mountPath: /opt/app/rproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + mountPath: /opt/app/rproxy/config/auth/uri-authorization.json + subPath: uri-authorization.json + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks + subPath: aaf_truststore.jks + - name: {{ include "common.fullname" . }}-rproxy-security-config + mountPath: /opt/app/rproxy/config/security/keyfile + subPath: keyfile + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 + subPath: org.onap.aai.p12 + ports: + - containerPort: {{ .Values.global.rproxy.port }} + + - name: {{ .Values.global.fproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/fproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.sidecar.keyStorePassword }} + - name: TRUST_STORE_PASSWORD + value: {{ .Values.sidecar.trustStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.fproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-fproxy-config + mountPath: /opt/app/fproxy/config/fproxy.properties + subPath: fproxy.properties + - name: {{ include "common.fullname" . }}-fproxy-log-config + mountPath: /opt/app/fproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-fproxy-auth-config + mountPath: /opt/app/fproxy/config/auth/fproxy_truststore + subPath: fproxy_truststore + - name: {{ include "common.fullname" . }}-fproxy-auth-config + mountPath: /opt/app/fproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-fproxy-auth-config + mountPath: /opt/app/fproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + ports: + - containerPort: {{ .Values.global.fproxy.port }} + {{ end }} + + volumes: + - name: aai-common-aai-auth-mount + secret: + secretName: aai-common-aai-auth + - name: localtime + hostPath: + path: /etc/localtime + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-aaf-properties + configMap: + name: {{ include "common.fullname" . }}-aaf-props + - name: {{ include "common.fullname" . }}-aaf-certs + secret: + secretName: {{ include "common.fullname" . }}-aaf-keys + - name: {{ include "common.fullname" . }}-auth-truststore-sec + secret: + secretName: aai-common-truststore + items: + {{ range $job := .Values.global.config.auth.files }} + - key: {{ . }} + path: {{ . }} + {{ end }} + {{ if .Values.global.installSidecarSecurity }} + - name: {{ include "common.fullname" . }}-aai-policy + configMap: + name: {{ include "common.fullname" . }}-aai-policy-configmap + - name: {{ include "common.fullname" . }}-rproxy-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-config + - name: {{ include "common.fullname" . }}-rproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-log-config + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-security-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-security-config + - name: {{ include "common.fullname" . }}-fproxy-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-config + - name: {{ include "common.fullname" . }}-fproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-log-config + - name: {{ include "common.fullname" . }}-fproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-fproxy-auth-config + {{ end }} + restartPolicy: {{ .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/charts/aai-resources/templates/service.yaml b/charts/aai-resources/templates/service.yaml new file mode 100644 index 0000000..d119912 --- /dev/null +++ b/charts/aai-resources/templates/service.yaml @@ -0,0 +1,44 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + name: {{ .Values.service.portName2 }} + {{- else -}} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + clusterIP: None diff --git a/charts/aai-resources/values.yaml b/charts/aai-resources/values.yaml new file mode 100644 index 0000000..66a57d6 --- /dev/null +++ b/charts/aai-resources/values.yaml @@ -0,0 +1,119 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for resources. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + +# application image +repository: nexus3.onap.org:10001 +image: onap/aai-resources:1.4-STAGING-latest +pullPolicy: Always +restartPolicy: Always +flavor: small +# default number of instances +replicaCount: 1 + +# Configuration for the resources deployment +config: + + # Specifies crud related operation timeouts and overrides + crud: + timeout: + # Specifies if the timeout for REST GET calls should be enabled + enabled: true + # Specifies the timeout values for application specific + # Its a pipe seperated list where each element before comma represents + # the X-FromAppId and the comma after specifies the timeout limit in ms + # If the timeout limit is -1 then it means for these apps no timeout + appspecific: JUNITTESTAPP1,1|JUNITTESTAPP2,-1|DCAE-CCS,-1|DCAES,-1|AAIRctFeed,-1|NewvceCreator,-1|IANewvceCreator,-1|AAI-CSIOVALS,-1 + # Specifies what is the maximum timeout limit in milliseconds + limit: 100000 + + # Specifies configuration for bulk apis + bulk: + # Specifies for a bulk payload how many transactions in total allowed + limit: 30 + # Specifies if the bulk can be override and if it can the value + override: false + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + periodSeconds: 60 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: false + +readiness: + initialDelaySeconds: 60 + periodSeconds: 10 + +# application configuration +sidecar: + keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +service: + type: ClusterIP + portName: aai-resources-8447 + internalPort: 8447 + portName2: aai-resources-5005 + internalPort2: 5005 + +ingress: + enabled: false + + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +#resources: +# limits: +# cpu: 2 +# memory: 4Gi +# requests: +# cpu: 2 +# memory: 4Gi +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 3Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} diff --git a/charts/aai-schema-service/.helmignore b/charts/aai-schema-service/.helmignore new file mode 100644 index 0000000..daebc7d --- /dev/null +++ b/charts/aai-schema-service/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/aai-schema-service/Chart.yaml b/charts/aai-schema-service/Chart.yaml new file mode 100644 index 0000000..af462f0 --- /dev/null +++ b/charts/aai-schema-service/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2019 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +apiVersion: v1 +description: ONAP AAI Schema Service +name: aai-schema-service +version: 4.0.0 diff --git a/charts/aai-schema-service/config/aaiconfig.properties b/charts/aai-schema-service/config/aaiconfig.properties new file mode 100644 index 0000000..2172d71 --- /dev/null +++ b/charts/aai-schema-service/config/aaiconfig.properties @@ -0,0 +1,43 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/ +aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/ +aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/ + +{{ if .Values.global.config.basic.auth.enabled }} +aai.tools.enableBasicAuth=true +aai.tools.username={{ .Values.global.config.basic.auth.username }} +aai.tools.password={{ .Values.global.config.basic.auth.passwd }} +{{ end }} + +aai.truststore.filename={{ .Values.global.config.truststore.filename }} +aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }} +aai.keystore.filename={{ .Values.global.config.keystore.filename }} +aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }} + +aai.default.api.version={{ .Values.global.config.schema.version.api.default }} + +aai.logging.trace.enabled=true +aai.logging.trace.logrequest=false +aai.logging.trace.logresponse=false + +aai.transaction.logging=true +aai.transaction.logging.get=false +aai.transaction.logging.post=false diff --git a/charts/aai-schema-service/config/application.properties b/charts/aai-schema-service/config/application.properties new file mode 100644 index 0000000..7b9312f --- /dev/null +++ b/charts/aai-schema-service/config/application.properties @@ -0,0 +1,70 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# The following info parameters are being referenced by ajsc6 +info.build.artifact=aai-schema-service +info.build.name=schema-service +info.build.description=Schema Service Microservice +info.build.version=1.1.0 + +spring.application.name=aai-schema-service +spring.jersey.type=filter + +server.contextPath=/ +spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration + +spring.profiles.active={{ .Values.global.config.profiles.active }} +spring.jersey.application-path=${schema.uri.base.path} +server.tomcat.max-threads=200 +server.tomcat.min-Spare-Threads=25 +server.tomcat.max-idle-time=60000 + +server.local.startpath=aai-schema-service/src/main/resources/ +server.basic.auth.location=${server.local.startpath}/etc/auth/realm.properties + +server.port=8452 +server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 +server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} +server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) +server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} +server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +server.ssl.client-auth=want +server.ssl.key-store-type=JKS + +schema.configuration.location=N/A +schema.source.name={{ .Values.global.config.schema.source.name }} +schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/ +schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/ +schema.query.location=${server.local.startpath}/schema/${schema.source.name}/query/ + +schema.ingest.file=${server.local.startpath}/application.properties + +# Schema Version Related Attributes +schema.uri.base.path={{ .Values.global.config.schema.uri.base.path }}/schema-service +# Lists all of the versions in the schema +schema.version.list={{ .Values.global.config.schema.version.list }} +# Specifies from which version should the depth parameter to default to zero +schema.version.depth.start={{ .Values.global.config.schema.version.depth }} +# Specifies from which version should the related link be displayed in response payload +schema.version.related.link.start={{ .Values.global.config.schema.version.related.link }} + +# Specifies from which version should the client see only the uri excluding host info +# Before this version server base will also be included +schema.version.app.root.start={{ .Values.global.config.schema.version.app.root }} +# Specifies from which version should the namespace be changed +schema.version.namespace.change.start={{ .Values.global.config.schema.version.namespace.change }} +# Specifies from which version should the client start seeing the edge label in payload +schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.label }} +# Specifies the version that the application should default to +schema.version.api.default={{ .Values.global.config.schema.version.api.default }} diff --git a/charts/aai-schema-service/config/localhost-access-logback.xml b/charts/aai-schema-service/config/localhost-access-logback.xml new file mode 100644 index 0000000..447f239 --- /dev/null +++ b/charts/aai-schema-service/config/localhost-access-logback.xml @@ -0,0 +1,58 @@ +<!-- + ============LICENSE_START======================================================= + org.onap.aai + ================================================================================ + Copyright © 2019 AT&T Intellectual Property. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= +--> +<configuration> + <property name="AJSC_HOME" value="${AJSC_HOME:-.}" /> + <appender name="ACCESS" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder"> + <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern> + </encoder> + </appender> + <appender-ref ref="ACCESS" /> +</configuration> + +<!-- +%a - Remote IP address +%A - Local IP address +%b - Bytes sent, excluding HTTP headers, or '-' if no bytes were sent +%B - Bytes sent, excluding HTTP headers +%h - Remote host name +%H - Request protocol +%l - Remote logical username from identd (always returns '-') +%m - Request method +%p - Local port +%q - Query string (prepended with a '?' if it exists, otherwise an empty string +%r - First line of the request +%s - HTTP status code of the response +%S - User session ID +%t - Date and time, in Common Log Format format +%u - Remote user that was authenticated +%U - Requested URL path +%v - Local server name +%I - current request thread name (can compare later with stacktraces) + +%z - Custom pattern that parses the cert for the subject +%y - Custom pattern determines rest or dme2 + --> diff --git a/charts/aai-schema-service/config/logback.xml b/charts/aai-schema-service/config/logback.xml new file mode 100644 index 0000000..f10546a --- /dev/null +++ b/charts/aai-schema-service/config/logback.xml @@ -0,0 +1,237 @@ +<configuration scan="true" scanPeriod="60 seconds" debug="false"> + <statusListener class="ch.qos.logback.core.status.NopStatusListener" /> + <property resource="application.properties" /> + <property name="AJSC_HOME" value="${AJSC_HOME:-.}" /> + <jmxConfigurator /> + <property name="logDirectory" value="${AJSC_HOME}/logs" /> + <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{statusCode}|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> + <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{statusCode}|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> + <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%X{statusCode}|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> + <!-- <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> --> + <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> + <property name="eelfTransLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{statusCode}|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{partnerName}:%m%n"/> + <conversionRule conversionWord="clr" converterClass="org.springframework.boot.logging.logback.ColorConverter" /> + <conversionRule conversionWord="wex" converterClass="org.springframework.boot.logging.logback.WhitespaceThrowableProxyConverter" /> + <conversionRule conversionWord="wEx" converterClass="org.springframework.boot.logging.logback.ExtendedWhitespaceThrowableProxyConverter" /> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern> + %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx} + </pattern> + </encoder> + </appender> + <appender name="SANE" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/rest/sane.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/sane.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder> + <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n + </pattern> + </encoder> + </appender> + <appender name="asyncSANE" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="SANE" /> + </appender> + <appender name="METRIC" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>INFO</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <file>${logDirectory}/rest/metrics.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfMetricLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncMETRIC" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="METRIC" /> + </appender> + <appender name="DEBUG" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>DEBUG</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <file>${logDirectory}/rest/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/debug.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncDEBUG" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="DEBUG" /> + </appender> + <appender name="ERROR" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <file>${logDirectory}/rest/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/error.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfErrorLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncERROR" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="ERROR" /> + </appender> + <appender name="AUDIT" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/rest/audit.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/audit.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfAuditLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncAUDIT" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="AUDIT" /> + </appender> + <appender name="translog" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>DEBUG</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <file>${logDirectory}/rest/translog.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/translog.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfTransLogPattern}</pattern> + </encoder> + </appender> + <appender name="asynctranslog" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="translog" /> + </appender> + <appender name="dmaapAAIEventConsumer" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <File>${logDirectory}/dmaapAAIEventConsumer/error.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + <appender name="dmaapAAIEventConsumerDebug" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>DEBUG</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <File>${logDirectory}/dmaapAAIEventConsumer/debug.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + <appender name="dmaapAAIEventConsumerMetric" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>INFO</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <File>${logDirectory}/dmaapAAIEventConsumer/metrics.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfMetricLogPattern}</pattern> + </encoder> + </appender> + <appender name="external" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <file>${logDirectory}/external/external.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/external/external.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + <logger name="org.onap.aai.schemaservice" level="DEBUG" additivity="false"> + <appender-ref ref="asyncDEBUG" /> + <appender-ref ref="asyncERROR" /> + <appender-ref ref="asyncMETRIC" /> + <appender-ref ref="asyncSANE" /> + <appender-ref ref="STDOUT" /> + </logger> + <!-- Spring related loggers --> + <logger name="org.springframework" level="WARN" /> + <logger name="org.springframework.beans" level="WARN" /> + <logger name="org.springframework.web" level="WARN" /> + <logger name="com.blog.spring.jms" level="WARN" /> + <!-- logback internals logging --> + <logger name="ch.qos.logback.classic" level="WARN" /> + <logger name="ch.qos.logback.core" level="WARN" /> + <logger name="org.eclipse.jetty" level="WARN" /> + + <logger name="org.onap.aai.schemaservice.interceptors.post" level="DEBUG" + additivity="false"> + <appender-ref ref="asynctranslog" /> + </logger> + <logger name="org.onap.aai.schemaservice.interceptors.pre.SetLoggingContext" level="DEBUG"> + <appender-ref ref="asyncAUDIT"/> + </logger> + <logger name="org.onap.aai.schemaservice.interceptors.post.ResetLoggingContext" level="DEBUG"> + <appender-ref ref="asyncAUDIT"/> + </logger> + <!-- ============================================================================ --> + <!-- General EELF logger --> + <!-- ============================================================================ --> + <logger name="com.att.eelf" level="WARN" additivity="false"> + <appender-ref ref="asyncDEBUG" /> + <appender-ref ref="asyncERROR" /> + <appender-ref ref="asyncMETRIC" /> + </logger> + <root level="DEBUG"> + <appender-ref ref="external" /> + {{ if .Values.global.config.logback.console.enabled }} + <appender-ref ref="STDOUT" /> + {{ end }} + </root> +</configuration> diff --git a/charts/aai-schema-service/config/realm.properties b/charts/aai-schema-service/config/realm.properties new file mode 100644 index 0000000..988bb24 --- /dev/null +++ b/charts/aai-schema-service/config/realm.properties @@ -0,0 +1,22 @@ +AAI:OBF:1gfr1ev31gg7,admin +MSO:OBF:1jzx1lz31k01,admin +SDNC:OBF:1itr1i0l1i151isv,admin +DCAE:OBF:1g8u1f9d1f991g8w,admin +POLICY:OBF:1mk61i171ima1im41i0j1mko,admin +ASDC:OBF:1f991j0u1j001f9d,admin +VID:OBF:1jm91i0v1jl9,admin +APPC:OBF:1f991ksf1ksf1f9d,admin +ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin +AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin +OOF:OBF:1img1ke71ily,admin +aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin diff --git a/charts/aai-schema-service/templates/configmap.yaml b/charts/aai-schema-service/templates/configmap.yaml new file mode 100644 index 0000000..91a831a --- /dev/null +++ b/charts/aai-schema-service/templates/configmap.yaml @@ -0,0 +1,78 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "config/logback.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-localhost-access-log-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "config/localhost-access-logback.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-aaiconfig-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "config/aaiconfig.properties").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-springapp-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "config/application.properties").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-realm-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "config/realm.properties").AsConfig . | indent 2 }} diff --git a/charts/aai-schema-service/templates/deployment.yaml b/charts/aai-schema-service/templates/deployment.yaml new file mode 100644 index 0000000..38a19d3 --- /dev/null +++ b/charts/aai-schema-service/templates/deployment.yaml @@ -0,0 +1,155 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + spec: + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-schema-service/resources/etc/appprops/aaiconfig.properties + name: aaiconfig-conf + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-SS + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/aai-schema-service/resources/logback.xml + name: {{ include "common.fullname" . }}-log-conf + subPath: logback.xml + - mountPath: /opt/app/aai-schema-service/resources/localhost-access-logback.xml + name: localhost-access-log-conf + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-schema-service/resources/etc/auth/realm.properties + name: realm-conf + subPath: realm.properties + - mountPath: /opt/app/aai-schema-service/resources/application.properties + name: springapp-conf + subPath: application.properties + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-schema-service/resources/etc/auth/{{ . }} + name: auth-truststore-sec + subPath: {{ . }} + {{ end }} + ports: + - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPort2 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: {{ include "common.fullname" . }}-filebeat + volumes: + - name: aai-common-aai-auth-mount + secret: + secretName: aai-common-aai-auth + - name: localtime + hostPath: + path: /etc/localtime + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: localhost-access-log-conf + configMap: + name: {{ include "common.fullname" . }}-localhost-access-log-configmap + - name: springapp-conf + configMap: + name: {{ include "common.fullname" . }}-springapp-configmap + - name: aaiconfig-conf + configMap: + name: {{ include "common.fullname" . }}-aaiconfig-configmap + - name: realm-conf + configMap: + name: {{ include "common.fullname" . }}-realm-configmap + - name: auth-truststore-sec + secret: + secretName: aai-common-truststore + items: + {{ range $job := .Values.global.config.auth.files }} + - key: {{ . }} + path: {{ . }} + {{ end }} + restartPolicy: {{ .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/charts/aai-schema-service/templates/service.yaml b/charts/aai-schema-service/templates/service.yaml new file mode 100644 index 0000000..d119912 --- /dev/null +++ b/charts/aai-schema-service/templates/service.yaml @@ -0,0 +1,44 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + name: {{ .Values.service.portName2 }} + {{- else -}} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + clusterIP: None diff --git a/charts/aai-schema-service/values.yaml b/charts/aai-schema-service/values.yaml new file mode 100644 index 0000000..cb8ac55 --- /dev/null +++ b/charts/aai-schema-service/values.yaml @@ -0,0 +1,90 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for resources. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + +# application image +repository: nexus3.onap.org:10001 +image: onap/aai-schema-service:1.0-STAGING-latest +pullPolicy: Always +restartPolicy: Always +flavor: small +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + periodSeconds: 60 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: false + +readiness: + initialDelaySeconds: 60 + periodSeconds: 10 + +service: + type: ClusterIP + portName: aai-schema-service-8452 + internalPort: 8452 + portName2: aai-schema-service-5005 + internalPort2: 5005 + +ingress: + enabled: false + + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +#resources: +# limits: +# cpu: 2 +# memory: 4Gi +# requests: +# cpu: 2 +# memory: 4Gi +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 3Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} diff --git a/charts/aai-search-data/.helmignore b/charts/aai-search-data/.helmignore new file mode 100644 index 0000000..daebc7d --- /dev/null +++ b/charts/aai-search-data/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/aai-search-data/Chart.yaml b/charts/aai-search-data/Chart.yaml new file mode 100644 index 0000000..9cf3523 --- /dev/null +++ b/charts/aai-search-data/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAI search-data +name: aai-search-data +version: 4.0.0 diff --git a/charts/aai-search-data/resources/config/analysis-config.json b/charts/aai-search-data/resources/config/analysis-config.json new file mode 100644 index 0000000..5fc135d --- /dev/null +++ b/charts/aai-search-data/resources/config/analysis-config.json @@ -0,0 +1,32 @@ +[
+ {
+ "name": "whitespace_analyzer",
+ "description": "A standard whitespace analyzer.",
+ "behaviours": [
+ "Tokenize the text using white space characters as delimeters.",
+ "Convert all characters to lower case.",
+ "Convert all alphanumeric and symbolic Unicode characters above the first 127 ASCII characters into their ASCII equivalents."
+ ],
+ "tokenizer": "whitespace",
+ "filters": [
+ "lowercase",
+ "asciifolding"
+ ]
+ },
+ {
+ "name": "ngram_analyzer",
+ "description": "An analyzer which performs ngram filtering on the data stream.",
+ "behaviours": [
+ "Tokenize the text using white space characters as delimeters.",
+ "Convert all characters to lower case.",
+ "Convert all alphanumeric and symbolic Unicode characters above the first 127 ASCII characters into their ASCII equivalents.",
+ "Apply ngram filtering using the following values for minimum and maximum size in codepoints of a single n-gram: minimum = 1, maximum = 2."
+ ],
+ "tokenizer": "whitespace",
+ "filters": [
+ "lowercase",
+ "asciifolding",
+ "ngram_filter"
+ ]
+ }
+]
\ No newline at end of file diff --git a/charts/aai-search-data/resources/config/auth/search_policy.json b/charts/aai-search-data/resources/config/auth/search_policy.json new file mode 100644 index 0000000..bbbe52f --- /dev/null +++ b/charts/aai-search-data/resources/config/auth/search_policy.json @@ -0,0 +1,18 @@ +{
+ "roles": [
+ {
+ "name": "admin",
+ "functions": [
+ {
+ "name": "search", "methods": [ { "name": "GET" },{ "name": "DELETE" }, { "name": "PUT" }, { "name": "POST" } ]
+ }
+ ],
+
+ "users": [
+ {
+ "username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"
+ }
+ ]
+ }
+ ]
+}
diff --git a/charts/aai-search-data/resources/config/auth/tomcat_keystore b/charts/aai-search-data/resources/config/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000..842afeb --- /dev/null +++ b/charts/aai-search-data/resources/config/auth/tomcat_keystore diff --git a/charts/aai-search-data/resources/config/dynamic-custom-template.json b/charts/aai-search-data/resources/config/dynamic-custom-template.json new file mode 100644 index 0000000..2dac8f7 --- /dev/null +++ b/charts/aai-search-data/resources/config/dynamic-custom-template.json @@ -0,0 +1,12 @@ +"dynamic_templates":[ + { + "strings":{ + "match_mapping_type":"string", + "match": "*", + "mapping":{ + "type":"text", + "fielddata":true + } + } + } +], diff --git a/charts/aai-search-data/resources/config/elastic-search.properties b/charts/aai-search-data/resources/config/elastic-search.properties new file mode 100644 index 0000000..6232c14 --- /dev/null +++ b/charts/aai-search-data/resources/config/elastic-search.properties @@ -0,0 +1,25 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# ElasticSearch Configuration + +es.cluster-name=ES_AAI +es.ip-address=aai-elasticsearch.{{.Release.Namespace}} +es.http-port={{ .Values.config.elasticsearchHttpPort }} +es.uri-scheme=https +es.auth-user=admin +es.auth-password=OBF:1u2a1toa1w8v1tok1u30 +es.trust-store=auth/tomcat_keystore +es.trust-store-password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + diff --git a/charts/aai-search-data/resources/config/es-payload-translation.json b/charts/aai-search-data/resources/config/es-payload-translation.json new file mode 100644 index 0000000..8a29863 --- /dev/null +++ b/charts/aai-search-data/resources/config/es-payload-translation.json @@ -0,0 +1,17 @@ +{ + "attr-translations": [ + { + "query": "$..[?(@.type=='string' && @.index=='analyzed')]", + "update": {"type": "text", "index": true, "fielddata": true} + }, + { + "query": "$..[?(@.type=='string' && @.index=='not_analyzed')]", + "update": {"type": "keyword", "index": true} + }, + { + "query": "$..[?(@.type=='string' && !@.index)]", + "update": {"type": "text", "fielddata": true} + } + ] +} + diff --git a/charts/aai-search-data/resources/config/filter-config.json b/charts/aai-search-data/resources/config/filter-config.json new file mode 100644 index 0000000..a27f75b --- /dev/null +++ b/charts/aai-search-data/resources/config/filter-config.json @@ -0,0 +1,7 @@ +[
+ {
+ "name": "ngram_filter",
+ "description": "Custom NGram Filter.",
+ "configuration": " \"type\": \"nGram\", \"min_gram\": 1, \"max_gram\": 50, \"token_chars\": [ \"letter\", \"digit\", \"punctuation\", \"symbol\" ]"
+ }
+]
\ No newline at end of file diff --git a/charts/aai-search-data/resources/config/log/logback.xml b/charts/aai-search-data/resources/config/log/logback.xml new file mode 100644 index 0000000..adfed4a --- /dev/null +++ b/charts/aai-search-data/resources/config/log/logback.xml @@ -0,0 +1,193 @@ +<!-- +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--> + +<configuration scan="true" scanPeriod="3 seconds" debug="false"> + <!--<jmxConfigurator /> --> + <!-- directory path for all other type logs --> + + <property name="logDir" value="/var/log/onap" /> + + + <!-- specify the component name + <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" --> + <property name="componentName" value="AAI-SDB"></property> + + <!-- default eelf log file names --> + <property name="generalLogName" value="error" /> + <property name="metricsLogName" value="metrics" /> + <property name="auditLogName" value="audit" /> + <property name="debugLogName" value="debug" /> + + <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|SearchDataService|%mdc{PartnerName}|%logger||%.-5level|%msg%n" /> + <property name="auditMetricPattern" value="%m%n" /> + + <property name="logDirectory" value="${logDir}/${componentName}" /> + + <!-- Example evaluator filter applied against console appender --> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + + <!-- ============================================================================ --> + <!-- EELF Appenders --> + <!-- ============================================================================ --> + + <!-- The EELFAppender is used to record events to the general application + log --> + + <appender name="EELF" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${generalLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender"> + <!-- deny all events with a level below INFO, that is TRACE and DEBUG --> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>INFO</level> + </filter> + <queueSize>256</queueSize> + <appender-ref ref="EELF" /> + </appender> + + + <!-- EELF Audit Appender. This appender is used to record audit engine + related logging events. The audit logger and appender are specializations + of the EELF application root logger and appender. This can be used to segregate + Policy engine events from other components, or it can be eliminated to record + these events as part of the application root log. --> + + <appender name="EELFAudit" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${auditLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${auditMetricPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFAudit" /> + </appender> + + <appender name="EELFMetrics" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${metricsLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - + %msg%n"</pattern> --> + <pattern>${auditMetricPattern}</pattern> + </encoder> + </appender> + + + <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFMetrics"/> + </appender> + + <appender name="EELFDebug" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${debugLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFDebug" /> + <includeCallerData>false</includeCallerData> + </appender> + + + <!-- ============================================================================ --> + <!-- EELF loggers --> + <!-- ============================================================================ --> + <logger name="com.att.eelf" level="info" additivity="false"> + <appender-ref ref="asyncEELF" /> + <appender-ref ref="asyncEELFDebug" /> + </logger> + + <logger name="com.att.eelf.audit" level="info" additivity="false"> + <appender-ref ref="asyncEELFAudit" /> + </logger> + <logger name="com.att.eelf.metrics" level="info" additivity="false"> + <appender-ref ref="asyncEELFMetrics" /> + </logger> + + <!-- Spring related loggers --> + <logger name="org.springframework" level="WARN" /> + <logger name="org.springframework.beans" level="WARN" /> + <logger name="org.springframework.web" level="WARN" /> + <logger name="com.blog.spring.jms" level="WARN" /> + + <!-- SearchDB loggers --> + <logger name="org.openecomp.sa" level="INFO" /> + + <!-- Other Loggers that may help troubleshoot --> + <logger name="net.sf" level="WARN" /> + <logger name="org.apache.commons.httpclient" level="WARN" /> + <logger name="org.apache.commons" level="WARN" /> + <logger name="org.apache.coyote" level="WARN" /> + <logger name="org.apache.jasper" level="WARN" /> + + <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. + May aid in troubleshooting) --> + <logger name="org.apache.camel" level="WARN" /> + <logger name="org.apache.cxf" level="WARN" /> + <logger name="org.apache.camel.processor.interceptor" level="WARN" /> + <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" /> + <logger name="org.apache.cxf.service" level="WARN" /> + <logger name="org.restlet" level="WARN" /> + <logger name="org.apache.camel.component.restlet" level="WARN" /> + + <!-- logback internals logging --> + <logger name="ch.qos.logback.classic" level="WARN" /> + <logger name="ch.qos.logback.core" level="WARN" /> + + <root> + <appender-ref ref="asyncEELF" /> + <!-- <appender-ref ref="asyncEELFDebug" /> --> + </root> + +</configuration> diff --git a/charts/aai-search-data/templates/configmap.yaml b/charts/aai-search-data/templates/configmap.yaml new file mode 100644 index 0000000..b1547f4 --- /dev/null +++ b/charts/aai-search-data/templates/configmap.yaml @@ -0,0 +1,39 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-service-log + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }} diff --git a/charts/aai-search-data/templates/deployment.yaml b/charts/aai-search-data/templates/deployment.yaml new file mode 100644 index 0000000..1d39d4e --- /dev/null +++ b/charts/aai-search-data/templates/deployment.yaml @@ -0,0 +1,144 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + spec: + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: /opt/app/search-data-service/config/ + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: KEY_MANAGER_PASSWORD + value: {{ .Values.config.keyManagerPassword }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/search-data-service/config/filter-config.json + subPath: filter-config.json + name: {{ include "common.fullname" . }}-service-config + - mountPath: /opt/app/search-data-service/config/elastic-search.properties + subPath: elastic-search.properties + name: {{ include "common.fullname" . }}-service-config + - mountPath: /opt/app/search-data-service/config/analysis-config.json + subPath: analysis-config.json + name: {{ include "common.fullname" . }}-service-config + - mountPath: /opt/app/search-data-service/config/es-payload-translation.json + subPath: es-payload-translation.json + name: {{ include "common.fullname" . }}-service-config + - mountPath: /opt/app/search-data-service/config/dynamic-custom-template.json + subPath: dynamic-custom-template.json + name: {{ include "common.fullname" . }}-service-config + - mountPath: /opt/app/search-data-service/config/auth/tomcat_keystore + subPath: tomcat_keystore + name: {{ include "common.fullname" . }}-service-auth-config + - mountPath: /opt/app/search-data-service/config/auth/search_policy.json + subPath: search_policy.json + name: {{ include "common.fullname" . }}-search-policy-config + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-service-logs + - mountPath: /opt/app/search-data-service/bundleconfig/etc/logback.xml + name: {{ include "common.fullname" . }}-service-log-conf + subPath: logback.xml + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-service-logs + - mountPath: /usr/share/filebeat/data + name: {{ include "common.fullname" . }}-service-filebeat + + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-service-config + configMap: + name: {{ include "common.fullname" . }} + - name: {{ include "common.fullname" . }}-service-auth-config + secret: + secretName: {{ include "common.fullname" . }}-keystone + - name: {{ include "common.fullname" . }}-search-policy-config + secret: + secretName: {{ include "common.fullname" . }}-policy + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-service-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-service-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-service-log-conf + configMap: + name: {{ include "common.fullname" . }}-service-log + restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/charts/aai-search-data/templates/secret.yaml b/charts/aai-search-data/templates/secret.yaml new file mode 100644 index 0000000..ee32e19 --- /dev/null +++ b/charts/aai-search-data/templates/secret.yaml @@ -0,0 +1,40 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-keystone + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/auth/tomcat_keystore").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-policy + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/auth/search_policy.json").AsSecrets . | indent 2 }} diff --git a/charts/aai-search-data/templates/service.yaml b/charts/aai-search-data/templates/service.yaml new file mode 100644 index 0000000..a49553e --- /dev/null +++ b/charts/aai-search-data/templates/service.yaml @@ -0,0 +1,39 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + clusterIP: None diff --git a/charts/aai-search-data/values.yaml b/charts/aai-search-data/values.yaml new file mode 100644 index 0000000..2a999b8 --- /dev/null +++ b/charts/aai-search-data/values.yaml @@ -0,0 +1,79 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for search-data. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + + +# application image +repository: nexus3.onap.org:10001 +image: onap/search-data-service:1.3.1 +pullPolicy: Always +restartPolicy: Always +flavor: small +# application configuration +config: + elasticsearchHttpPort: 9200 + keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: ClusterIP + portName: aai-search-data + internalPort: 9509 + +ingress: + enabled: false + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.25 + memory: 750Mi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 0.5 + memory: 1Gi + unlimited: {} diff --git a/charts/aai-sparky-be/.helmignore b/charts/aai-sparky-be/.helmignore new file mode 100644 index 0000000..daebc7d --- /dev/null +++ b/charts/aai-sparky-be/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/aai-sparky-be/Chart.yaml b/charts/aai-sparky-be/Chart.yaml new file mode 100644 index 0000000..e10a0b9 --- /dev/null +++ b/charts/aai-sparky-be/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAI sparky-be +name: aai-sparky-be +version: 4.0.0 diff --git a/charts/aai-sparky-be/resources/config/application-oxm-default.properties b/charts/aai-sparky-be/resources/config/application-oxm-default.properties new file mode 100644 index 0000000..67a22f7 --- /dev/null +++ b/charts/aai-sparky-be/resources/config/application-oxm-default.properties @@ -0,0 +1,16 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +oxm.apiVersion=v14 +oxm.apiVersionList=v8,v9,v10,v11,v12,v13,v14
\ No newline at end of file diff --git a/charts/aai-sparky-be/resources/config/application-oxm-override.properties b/charts/aai-sparky-be/resources/config/application-oxm-override.properties new file mode 100644 index 0000000..5c733e8 --- /dev/null +++ b/charts/aai-sparky-be/resources/config/application-oxm-override.properties @@ -0,0 +1,16 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +oxm.apiVersionOverride=v14 +oxm.apiVersionList=v8,v9,v10,v11,v12,v13,v14
\ No newline at end of file diff --git a/charts/aai-sparky-be/resources/config/application-oxm-schema-prod.properties b/charts/aai-sparky-be/resources/config/application-oxm-schema-prod.properties new file mode 100644 index 0000000..c7f6bbc --- /dev/null +++ b/charts/aai-sparky-be/resources/config/application-oxm-schema-prod.properties @@ -0,0 +1,28 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +oxm.schemaNodeDir=/opt/app/sparky/onap/oxm +#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config +oxm.schemaServiceTranslatorList=config +# The end point for onap is https://<hostname>:<port>/onap/schema-service/v1/ +oxm.schemaServiceBaseUrl=https://<schema-service/config>/aai/schema-service/v1/ +oxm.schemaServiceKeystore=file:${CONFIG_HOME}/auth/aai-client-cert.p12 +oxm.schemaServiceTruststore=file:${CONFIG_HOME}/auth/tomcat_keystore +oxm.schemaServiceKeystorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o +oxm.schemaServiceTruststorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o + + + +# Schema Service need this variable for the time being +spring.applicationName=sparky diff --git a/charts/aai-sparky-be/resources/config/application-resources.properties b/charts/aai-sparky-be/resources/config/application-resources.properties new file mode 100644 index 0000000..cdd3d48 --- /dev/null +++ b/charts/aai-sparky-be/resources/config/application-resources.properties @@ -0,0 +1,20 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resources.hostname=aai +resources.port=8443 +resources.authType=SSL_BASIC +resources.basicAuthUserName=aai@aai.onap.org +resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek +resources.trust-store=tomcat_keystore diff --git a/charts/aai-sparky-be/resources/config/application-ssl.properties b/charts/aai-sparky-be/resources/config/application-ssl.properties new file mode 100644 index 0000000..2ea1bf1 --- /dev/null +++ b/charts/aai-sparky-be/resources/config/application-ssl.properties @@ -0,0 +1,20 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +server.port=8000 +server.ssl.key-store=file:${CONFIG_HOME}/auth/org.onap.aai.p12 +server.ssl.key-store-password=OBF:1x0v1g131lps1cix1rjb1n5p22691qab1hm51hfc1i2t1lmr1liz1hyx1hfq1hn51qcr22651n5t1rh31cgl1lu61g2f1x1r +server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 +server.ssl.trust-store=file:${CONFIG_HOME}/auth/truststoreONAPall.jks +server.ssl.trust-store-password=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 diff --git a/charts/aai-sparky-be/resources/config/application-sync.properties b/charts/aai-sparky-be/resources/config/application-sync.properties new file mode 100644 index 0000000..4fb10a2 --- /dev/null +++ b/charts/aai-sparky-be/resources/config/application-sync.properties @@ -0,0 +1,6 @@ +aggregationSyncEnabled=true +historicalEntitySyncEnabled=true +autoSuggestSyncEnabled=true +vnfAliasSyncEnabled=true +geoSyncEnabled=true +viewInspectSyncEnabled=true
\ No newline at end of file diff --git a/charts/aai-sparky-be/resources/config/application.properties b/charts/aai-sparky-be/resources/config/application.properties new file mode 100644 index 0000000..108f9ef --- /dev/null +++ b/charts/aai-sparky-be/resources/config/application.properties @@ -0,0 +1,35 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# disable the default thyme leaf icon on web-pages +# +spring.mvc.favicon.enabled=false + +# +# to switch to http, remove ssl and put http +# and in the values.yaml change the internalPort to 9517 +# + +spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,sync,portal + +portal.cadiFileLocation={{.Values.config.cadiFileLocation}} +portal.cadiFileLocation={{.Values.config.cadiFileLocation}} +searchservice.hostname={{.Values.global.searchData.serviceName}} +searchservice.port=9509 +searchservice.client-cert=client-cert-onap.p12 +searchservice.client-cert-password=1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 +searchservice.truststore=tomcat_keystore + +schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties diff --git a/charts/aai-sparky-be/resources/config/auth/client-cert-onap.p12 b/charts/aai-sparky-be/resources/config/auth/client-cert-onap.p12 Binary files differnew file mode 100644 index 0000000..dbf4fca --- /dev/null +++ b/charts/aai-sparky-be/resources/config/auth/client-cert-onap.p12 diff --git a/charts/aai-sparky-be/resources/config/auth/csp-cookie-filter.properties b/charts/aai-sparky-be/resources/config/auth/csp-cookie-filter.properties new file mode 100644 index 0000000..6edc3d9 --- /dev/null +++ b/charts/aai-sparky-be/resources/config/auth/csp-cookie-filter.properties @@ -0,0 +1,26 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global.login.url=aaiportal.onap.org + +# MOTS ID of the application +application.id=12345 + +# valid domains for open redirect +redirect-domain=domain.com + +# Required by esGateKeeper. Valid values are: +# DEVL - used during development +# PROD - used in production +gatekeeper.environment=TEST diff --git a/charts/aai-sparky-be/resources/config/auth/org.onap.aai.p12 b/charts/aai-sparky-be/resources/config/auth/org.onap.aai.p12 Binary files differnew file mode 100644 index 0000000..71cea3e --- /dev/null +++ b/charts/aai-sparky-be/resources/config/auth/org.onap.aai.p12 diff --git a/charts/aai-sparky-be/resources/config/portal/BOOT-INF/classes/key.properties b/charts/aai-sparky-be/resources/config/portal/BOOT-INF/classes/key.properties new file mode 100644 index 0000000..67268e3 --- /dev/null +++ b/charts/aai-sparky-be/resources/config/portal/BOOT-INF/classes/key.properties @@ -0,0 +1 @@ +cipher.enc.key=AGLDdG4D04BKm2IxIWEr8o==! diff --git a/charts/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties b/charts/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties new file mode 100644 index 0000000..546955f --- /dev/null +++ b/charts/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties @@ -0,0 +1,47 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +################################################################################ +############################## Portal properties ############################### +################################################################################ + +# Java class that implements the ECOMP role and user mgt API +portal.api.impl.class = org.onap.aai.sparky.security.portal.PortalRestAPICentralServiceImpl + +# Instance of ECOMP Portal where the app has been on-boarded +# use insecure http for dev purposes to avoid self-signed certificate +ecomp_rest_url = http://portal-app.{{.Release.Namespace}}:8989/ONAPPORTAL/auxapi + +# Standard global logon page +ecomp_redirect_url = http://portal-app.{{.Release.Namespace}}:8989/ONAPPORTAL/login.htm + +# Name of cookie to extract on login request +csp_cookie_name = EPService +# Alternate values: DEVL, V_DEVL, V_PROD +csp_gate_keeper_prod_key = PROD + +# Toggles use of UEB +ueb_listeners_enable = false +# IDs application withing UEB flow +ueb_app_key = ueb_key_7 +# Use this tag if the app is centralized +role_access_centralized=remote + +# Connection and Read timeout values +ext_req_connection_timeout=15000 +ext_req_read_timeout=20000 + +#Add AAF namespace if the app is centralized +auth_namespace={{.Values.config.aafNamespace}} diff --git a/charts/aai-sparky-be/resources/config/portal/cadi.properties b/charts/aai-sparky-be/resources/config/portal/cadi.properties new file mode 100644 index 0000000..41a49a0 --- /dev/null +++ b/charts/aai-sparky-be/resources/config/portal/cadi.properties @@ -0,0 +1,45 @@ +# Configure AAF +aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 +aaf_url=<%=https://AAF_LOCATE_URL/AAF_NS.service:2.0 + +#aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0/envContext=TEST/routeOffer=BAU_SE +# AAF Environment Designation + +#if you are running aaf service from a docker image you have to use aaf service IP and port number +aaf_id={{.Values.config.aafUsername}} +#Encrypt the password using AAF Jar +aaf_password={{.Values.config.aafPassword}} +# Sample CADI Properties, from CADI 1.4.2 +#hostname=org.onap.aai.orr +csp_domain=PROD +# Add Absolute path to Keyfile +cadi_keyfile={{.Values.config.cadiKeyFile}} + +# This is required to accept Certificate Authentication from Certman certificates. +# can be TEST, IST or PROD +aaf_env=DEV + +# DEBUG prints off all the properties. Use to get started. +cadi_loglevel=DEBUG + +# Add Absolute path to truststore2018.jks +cadi_truststore={{.Values.config.cadiTrustStore}} +# Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs +cadi_truststore_password={{.Values.config.cadiTrustStorePassword}} + +# how to turn on SSL Logging +#javax.net.debug=ssl + +# Use "maps.bing.com" to get Lat and Long for an Address +AFT_LATITUDE=32.780140 +AFT_LONGITUDE=-96.800451 +AFT_ENVIRONMENT=AFTUAT +AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=true +DME2.DEBUG=true +AFT_DME2_HTTP_EXCHANGE_TRACE_ON=true + +cadi_latitude=32.780140 +cadi_longitude=-96.800451 + +aaf_root_ns=com.att.aaf +aaf_api_version=2.0 diff --git a/charts/aai-sparky-be/resources/config/portal/keyFile b/charts/aai-sparky-be/resources/config/portal/keyFile new file mode 100644 index 0000000..921ce67 --- /dev/null +++ b/charts/aai-sparky-be/resources/config/portal/keyFile @@ -0,0 +1,27 @@ +77E_fh-8gTjeg8egAo-JgNkXYm1FGEBPMo44vKPgKyGCJj9Dn0xJqIBct2Ko35X4_HSU3wPq3I2q +YHIvJCjmzXTVu2zvu4rIGTlwycTtLGDkgPyhOYFytv4GgazbpSs9331MPUeVVrdpkDCQmjtHSB4m +DThhfEe2lkbZ35ljX3sVSf3JDy4ngRot0ktQwnnY4vxFdgVUl7LzVinXWgFLoqMyXmKh_bGw9aUH +VMgqFsF_YmqLZY5ZARAraeywktvrU5kXYh5SnfXoJy7XIk0TBjHKqO-1mW-TcIgS3_v6GIGkZnpq +e1FyE8cS21gTPFlc1KDoWUZE2yoEsQKJc4RFWfjid_mE6nckxym1TOsEn3G2_TlkZvliN_QMDB_c +RuFLDB9HCChm4YYHpSn-RBqtJFz29bMTHQX8VNVfZ_Zhh-4dWOlEfpSzJvAqm_boo-8y8YDGIusx +mvKyPXEKVCuBOljHaKhYg0d43nAXIFsssKpjmtQizA2L_TP1Mo_lDFIlCsPcRlHKTvzkTstEAhRj +JnepzA--olBMwBkPxjm1Y5XQBGZH72i_o4Hr7_NqHb9sP486I2Nd1-owjHkhacGrLO1oORnuBUxp +_SnaXYywe9tTz3BcfFupXSoDv4Sj7g9B53yPIWmjGggigidql3SNJsui6qOtwDHOejzEDFm23Lj7 +fXD6sb52U_ul9ahi4CoLTzpvMsPRYOqyRCk8K8FVBauZbG5D42oaFPn0S0rCSHOCU1TXbRdTF-Cs +I2R0pEHNgb33yx6vtInaTSYIQ5cxa3XDA_50AQearV5SuYSlp8dK0BkpVCKgvSQdTn-2WiaV_hvO +KzG7D2adT1kYY6TjYMXIaUiJ33y1XSNDG0s6r4NG5dNE6Jj7thdpnV-AAZoi0uZh1_bsHKLVmHRr +NCXAc6DZm1D4N9y5lOJwUprUlJisZXLFTQThGMRY5dtiY_eK9Xjj4FQygXXhuhFXHz2-e4YApORv +lXDcT29IZuuI1j26bxdNdhNr1wZsqqievBN6l6OQMiP21eIrxAUu1BEmiVOrfOzaEjxldDN2gFum +4-zf9gsQT9UT8KEuOje64wVeHr09JpWuddV9HOAMvqc6mKTWmvUv_QiLgtK_b39QccMrOfOA1usM +biRJ9wuTYIr584Q9CjHEcm5e2YufcbF-IDZ4IDui8gNXyYJuusTYdspeKzrtiLKfgI56ZWA3it9G +SOkN18YyUmhk7HFkx9qEifb4UEbUQPb0dyXBRotf-91c5CPkct-36uV4sZBA_AR1tX3-aRKKB_SQ +B0zaG-eaEdEqKv-ZYHqk23ZxiEsCX3ZdY7VSMWztE3_D5n8UgEl4et5LVfnjvU-arVVO93WUbXk0 +zi2QrOwytOZ0StAvFdF1nVwWllPg4EYcn8qLJIaaBRvLMlpHixtwRhltwJeMmJl3ExImOxNhVbhF +6LxVXW6JK8JfMIwb_TE4EShDBjemq76BojQOwrO4OAyPG7B5iUtefdY-Zu1EtjXPhrUgljI_A1tg +5_2WNjNTCT7Bvig3saFsIRi3cvgIcMAF2H7kJYw3UDvCFnx4LIom2u6vSeyatPxEOhRfpP0KvgEU +koM9DFJW7VWQ11mB_DcU2NoYHdFKFy_cM62kIvoRwZTADGryEtkLSWEDT8MLpVrGXP2RjSZ3HHqC +vVpVqQHC2VIqNKi2uHtYCiTEfj81Z0rCrnH3hYIRoOSe5W6m17xyb0RloG0G44uK0oNCfDYLwK0L +TJaBdWSIBYI__ISsKx8o8r-3XLtbwQPPhv4-LpGwJYd7sIcqnpTYAyNGSrbEM4ECzHCH9Hwf9Duy +cAQGWqXIbTV9i8ryw8OhcCZPTf3noPZyhzzdegiv6KNT-BBbxsgtDehtP-jvpd9eAhjlfUV_hoFJ +rBUVMFrIOEDnnItVqBDmnavRdhn6N9ObVjVMv_4inhkvtpBCEVxtVQT2kFuBmZvPu_uHHbXi7_g8 +SVs3AjJ2ya3pZraK6gH3IOYoGtTAH3rKl7XdTMjqWnUCbhepuJqeEOF-DhpsEW7Oo0Lqzbjg
\ No newline at end of file diff --git a/charts/aai-sparky-be/resources/config/portal/portal-authentication.properties b/charts/aai-sparky-be/resources/config/portal/portal-authentication.properties new file mode 100644 index 0000000..97b5399 --- /dev/null +++ b/charts/aai-sparky-be/resources/config/portal/portal-authentication.properties @@ -0,0 +1,31 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################################################################################
+############################## Portal Auth Properties ##############################
+#####################################################################################
+
+############################## Auth ##############################
+username={{.Values.config.portalUsername}}
+password={{.Values.config.portalPassword}}
+
+############################## ##############################
+#
+# ONAP Cookie Processing - During initial development, this flag, if true, will
+# prevent the portal interface's login processing from searching for a user
+# specific cookie, and will instead allow passage if a valid session cookie is discovered.
+onap_enabled={{.Values.config.portalOnapEnabled}}
+onap.user_id_cookie_name={{.Values.config.portalCookieName}}
+cookie_decryptor_classname={{.Values.config.cookieDecryptorClass}}
+app_roles={{.Values.config.portalAppRoles}}
diff --git a/charts/aai-sparky-be/resources/config/roles.config b/charts/aai-sparky-be/resources/config/roles.config new file mode 100644 index 0000000..ee131d8 --- /dev/null +++ b/charts/aai-sparky-be/resources/config/roles.config @@ -0,0 +1,20 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +[ + { + "id":1, + "name":"View" + } +] diff --git a/charts/aai-sparky-be/resources/config/users.config b/charts/aai-sparky-be/resources/config/users.config new file mode 100644 index 0000000..ce69e88 --- /dev/null +++ b/charts/aai-sparky-be/resources/config/users.config @@ -0,0 +1,20 @@ +[{
+ "orgId": null,
+ "managerId": null,
+ "firstName": "Demo",
+ "middleInitial": null,
+ "lastName": "User",
+ "phone": null,
+ "email": "demo@email.com",
+ "hrid": null,
+ "orgUserId": "demo",
+ "orgCode": null,
+ "orgManagerUserId": null,
+ "jobTitle": null,
+ "loginId": "demo",
+ "active": false,
+ "roles": [{
+ "id": 1,
+ "name": "View"
+ }]
+}]
\ No newline at end of file diff --git a/charts/aai-sparky-be/templates/configmap.yaml b/charts/aai-sparky-be/templates/configmap.yaml new file mode 100644 index 0000000..50238aa --- /dev/null +++ b/charts/aai-sparky-be/templates/configmap.yaml @@ -0,0 +1,72 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-prop + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-resources.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-ssl.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-oxm-default.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-oxm-override.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-oxm-schema-prod.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/roles.config").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/users.config").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-portal + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/portal/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-portal-props + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/portal/BOOT-INF/classes/*").AsConfig . | indent 2 }} diff --git a/charts/aai-sparky-be/templates/deployment.yaml b/charts/aai-sparky-be/templates/deployment.yaml new file mode 100644 index 0000000..ee18d9b --- /dev/null +++ b/charts/aai-sparky-be/templates/deployment.yaml @@ -0,0 +1,205 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + spec: + initContainers: + - command: + - /root/ready.py + args: + - --container-name + - aai-elasticsearch + - --container-name + - aai-search-data + - --container-name + - aai + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12 + name: {{ include "common.fullname" . }}-auth-config + subPath: client-cert-onap.p12 + + - mountPath: /opt/app/sparky/config/auth/csp-cookie-filter.properties + name: {{ include "common.fullname" . }}-auth-config + subPath: csp-cookie-filter.properties + + - mountPath: /opt/app/sparky/config/auth/org.onap.aai.p12 + name: {{ include "common.fullname" . }}-auth-config + subPath: org.onap.aai.p12 + + - mountPath: /opt/app/sparky/config/auth/truststoreONAPall.jks + name: aai-common-aai-auth-mount + subPath: truststoreONAPall.jks + + - mountPath: /opt/app/sparky/config/portal/ + name: {{ include "common.fullname" . }}-portal-config + + - mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/ + name: {{ include "common.fullname" . }}-portal-config-props + + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + + - mountPath: /opt/app/sparky/config/application.properties + name: {{ include "common.fullname" . }}-properties + subPath: application.properties + + - mountPath: /opt/app/sparky/config/application-resources.properties + name: {{ include "common.fullname" . }}-properties + subPath: application-resources.properties + + - mountPath: /opt/app/sparky/config/application-ssl.properties + name: {{ include "common.fullname" . }}-properties + subPath: application-ssl.properties + + - mountPath: /opt/app/sparky/config/application-oxm-default.properties + name: {{ include "common.fullname" . }}-properties + subPath: application-oxm-default.properties + + - mountPath: /opt/app/sparky/config/application-oxm-override.properties + name: {{ include "common.fullname" . }}-properties + subPath: application-oxm-override.properties + + - mountPath: /opt/app/sparky/config/application-oxm-schema-prod.properties + name: {{ include "common.fullname" . }}-properties + subPath: application-oxm-schema-prod.properties + + - mountPath: /opt/app/sparky/config/roles.config + name: {{ include "common.fullname" . }}-properties + subPath: roles.config + + - mountPath: /opt/app/sparky/config/users.config + name: {{ include "common.fullname" . }}-properties + subPath: users.config + + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: aai-sparky-filebeat + resources: +{{ include "common.resources" . }} + + volumes: + - name: localtime + hostPath: + path: /etc/localtime + + - name: {{ include "common.fullname" . }}-properties + configMap: + name: {{ include "common.fullname" . }}-prop + + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }} + + - name: {{ include "common.fullname" . }}-portal-config + configMap: + name: {{ include "common.fullname" . }}-portal + + - name: {{ include "common.fullname" . }}-portal-config-props + configMap: + name: {{ include "common.fullname" . }}-portal-props + + - name: {{ include "common.fullname" . }}-auth-config + secret: + secretName: {{ include "common.fullname" . }} + + - name: aai-common-aai-auth-mount + secret: + secretName: aai-common-aai-auth + + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: aai-sparky-filebeat + emptyDir: {} + - name: modeldir + emptyDir: {} + restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/charts/aai-sparky-be/templates/secret.yaml b/charts/aai-sparky-be/templates/secret.yaml new file mode 100644 index 0000000..6084ca3 --- /dev/null +++ b/charts/aai-sparky-be/templates/secret.yaml @@ -0,0 +1,27 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }} diff --git a/charts/aai-sparky-be/templates/service.yaml b/charts/aai-sparky-be/templates/service.yaml new file mode 100644 index 0000000..24ee69d --- /dev/null +++ b/charts/aai-sparky-be/templates/service.yaml @@ -0,0 +1,38 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} diff --git a/charts/aai-sparky-be/values.yaml b/charts/aai-sparky-be/values.yaml new file mode 100644 index 0000000..9755c8b --- /dev/null +++ b/charts/aai-sparky-be/values.yaml @@ -0,0 +1,111 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for sparky-be. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + aai: + serviceName: aai + aaiElasticsearch: + serviceName: aai-elasticsearch + gizmo: + serviceName: aai-gizmo + searchData: + serviceName: aai-search-data + +# application image +repository: nexus3.onap.org:10001 +image: onap/sparky-be:1.4-STAGING-latest +pullPolicy: Always +restartPolicy: Always +flavor: small +dockerhubRepository: registry.hub.docker.com +ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 +# application configuration +config: + elasticsearchHttpPort: 9200 + gerritBranch: 3.0.0-ONAP + gerritProject: http://gerrit.onap.org/r/aai/test-config + portalUsername: aaiui + portalPassword: OBF:1t2v1vfv1unz1vgz1t3b + portalCookieName: UserId + portalAppRoles: ui_view + aafUsername: aai@aai.onap.org + aafNamespace: org.onap.aai.aaiui + aafPassword: enc:xxYw1FqXU5UpianbPeH5Rezg0YfjzuwQrSiLcCmJGfz + cadiKeyFile: /opt/app/sparky/config/portal/keyFile + cadiTrustStore: /opt/app/sparky/config/auth/truststoreONAPall.jks + cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties + cadiTrustStorePassword: changeit + cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor + +# ONAP Cookie Processing - During initial development, the following flag, if true, will +# prevent the portal interface's login processing from searching for a user +# specific cookie, and will instead allow passage if a valid session cookie is discovered. + portalOnapEnabled: true +# + +# override chart name (sparky-be) to share a common namespace +# suffix with parent chart (aai) +nsSuffix: aai + + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: NodePort + portName: aai-sparky-be + internalPort: 8000 + nodePort: 20 + +ingress: + enabled: false + +# Configure resource requests and limits +# ref: http://kubernetes.io/docs/user-guide/compute-resources/ +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.25 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 0.5 + memory: 2Gi + unlimited: {} diff --git a/charts/aai-spike/Chart.yaml b/charts/aai-spike/Chart.yaml new file mode 100644 index 0000000..587b84c --- /dev/null +++ b/charts/aai-spike/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAI Spike microservice +name: aai-spike +version: 4.0.0
\ No newline at end of file diff --git a/charts/aai-spike/requirements.yaml b/charts/aai-spike/requirements.yaml new file mode 100644 index 0000000..8915b75 --- /dev/null +++ b/charts/aai-spike/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2018 Amdocs, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~4.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' diff --git a/charts/aai-spike/resources/config/auth/client-cert.p12 b/charts/aai-spike/resources/config/auth/client-cert.p12 Binary files differnew file mode 100644 index 0000000..d9fe86e --- /dev/null +++ b/charts/aai-spike/resources/config/auth/client-cert.p12 diff --git a/charts/aai-spike/resources/config/auth/tomcat_keystore b/charts/aai-spike/resources/config/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000..025f3c4 --- /dev/null +++ b/charts/aai-spike/resources/config/auth/tomcat_keystore diff --git a/charts/aai-spike/resources/config/edgeprops-ingest.properties b/charts/aai-spike/resources/config/edgeprops-ingest.properties new file mode 100644 index 0000000..b0a3150 --- /dev/null +++ b/charts/aai-spike/resources/config/edgeprops-ingest.properties @@ -0,0 +1,23 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# Copyright © 2018 Amdocs +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# + +# DB Edge Property files are copied here: +edgePropsDir=/opt/app/spike/config/model/edge_props diff --git a/charts/aai-spike/resources/config/logback.xml b/charts/aai-spike/resources/config/logback.xml new file mode 100644 index 0000000..e40ba13 --- /dev/null +++ b/charts/aai-spike/resources/config/logback.xml @@ -0,0 +1,194 @@ +<!-- + ============LICENSE_START======================================================= + org.onap.aai + ================================================================================ + Copyright © 2018 AT&T Intellectual Property. All rights reserved. + Copyright © 2018 Amdocs + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= +--> +<configuration scan="true" scanPeriod="3 seconds" debug="false"> + <!--<jmxConfigurator /> --> + <!-- directory path for all other type logs --> + + <property name="logDir" value="/var/log/onap" /> + + <!-- specify the component name + <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" --> + <property name="componentName" value="AAI-SPK" /> + + <!-- default eelf log file names --> + <property name="generalLogName" value="error" /> + <property name="metricsLogName" value="metrics" /> + <property name="auditLogName" value="audit" /> + <property name="debugLogName" value="debug" /> + + <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|Spike|%mdc{PartnerName}|%logger||%.-5level|%msg%n" /> + <property name="auditMetricPattern" value="%m%n" /> + + <property name="logDirectory" value="${logDir}/${componentName}" /> + + <!-- Example evaluator filter applied against console appender --> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + + <!-- ============================================================================ --> + <!-- EELF Appenders --> + <!-- ============================================================================ --> + + <!-- The EELFAppender is used to record events to the general application + log --> + + <appender name="EELF" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${generalLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender"> + <!-- deny all events with a level below INFO, that is TRACE and DEBUG --> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>INFO</level> + </filter> + <queueSize>256</queueSize> + <appender-ref ref="EELF" /> + </appender> + + <!-- EELF Audit Appender. This appender is used to record audit engine + related logging events. The audit logger and appender are specializations + of the EELF application root logger and appender. This can be used to segregate + Policy engine events from other components, or it can be eliminated to record + these events as part of the application root log. --> + + <appender name="EELFAudit" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${auditLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${auditMetricPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFAudit" /> + </appender> + + <appender name="EELFMetrics" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${metricsLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - + %msg%n"</pattern> --> + <pattern>${auditMetricPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFMetrics"/> + </appender> + + <appender name="EELFDebug" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${debugLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFDebug" /> + <includeCallerData>false</includeCallerData> + </appender> + + <!-- ============================================================================ --> + <!-- EELF loggers --> + <!-- ============================================================================ --> + <logger name="com.att.eelf" level="info" additivity="false"> + <appender-ref ref="asyncEELF" /> + <appender-ref ref="asyncEELFDebug" /> + </logger> + + <logger name="com.att.eelf.audit" level="info" additivity="false"> + <appender-ref ref="asyncEELFAudit" /> + </logger> + <logger name="com.att.eelf.metrics" level="info" additivity="false"> + <appender-ref ref="asyncEELFMetrics" /> + </logger> + + <!-- Spring related loggers --> + <logger name="org.springframework" level="WARN" /> + <logger name="org.springframework.beans" level="WARN" /> + <logger name="org.springframework.web" level="WARN" /> + <logger name="com.blog.spring.jms" level="WARN" /> + + <!-- Spike service loggers --> + <logger name="org.onap.aai.spike" level="INFO" /> + + <!-- Other Loggers that may help troubleshoot --> + <logger name="net.sf" level="WARN" /> + <logger name="org.apache" level="WARN" /> + <logger name="org.apache.commons.httpclient" level="WARN" /> + <logger name="org.apache.commons" level="WARN" /> + <logger name="org.apache.coyote" level="WARN" /> + <logger name="org.apache.jasper" level="WARN" /> + + <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. + May aid in troubleshooting) --> + <logger name="org.apache.camel" level="WARN" /> + <logger name="org.apache.cxf" level="WARN" /> + <logger name="org.apache.camel.processor.interceptor" level="WARN" /> + <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" /> + <logger name="org.apache.cxf.service" level="WARN" /> + <logger name="org.restlet" level="WARN" /> + <logger name="org.apache.camel.component.restlet" level="WARN" /> + + <!-- logback internals logging --> + <logger name="ch.qos.logback.classic" level="WARN" /> + <logger name="ch.qos.logback.core" level="WARN" /> + + <root> + <appender-ref ref="asyncEELF" /> + <!-- <appender-ref ref="asyncEELFDebug" /> --> + </root> + +</configuration> diff --git a/charts/aai-spike/resources/config/model/edge_props/edge_properties_v10.json b/charts/aai-spike/resources/config/model/edge_props/edge_properties_v10.json new file mode 100644 index 0000000..7cbddae --- /dev/null +++ b/charts/aai-spike/resources/config/model/edge_props/edge_properties_v10.json @@ -0,0 +1,10 @@ +{ + "isParent":"java.lang.Boolean", + "isParent-REV":"java.lang.Boolean", + "usesResource":"java.lang.Boolean", + "usesResource-REV":"java.lang.Boolean", + "SVC-INFRA":"java.lang.Boolean", + "SVC-INFRA-REV":"java.lang.Boolean", + "hasDelTarget":"java.lang.Boolean", + "hasDelTarget-REV":"java.lang.Boolean" +} diff --git a/charts/aai-spike/resources/config/model/edge_props/edge_properties_v11.json b/charts/aai-spike/resources/config/model/edge_props/edge_properties_v11.json new file mode 100644 index 0000000..8d00636 --- /dev/null +++ b/charts/aai-spike/resources/config/model/edge_props/edge_properties_v11.json @@ -0,0 +1,6 @@ +{ + "contains-other-v": "java.lang.String", + "delete-other-v": "java.lang.String", + "SVC-INFRA": "java.lang.String", + "prevent-delete": "java.lang.String" +}
\ No newline at end of file diff --git a/charts/aai-spike/resources/config/model/edge_props/edge_properties_v12.json b/charts/aai-spike/resources/config/model/edge_props/edge_properties_v12.json new file mode 100644 index 0000000..8d00636 --- /dev/null +++ b/charts/aai-spike/resources/config/model/edge_props/edge_properties_v12.json @@ -0,0 +1,6 @@ +{ + "contains-other-v": "java.lang.String", + "delete-other-v": "java.lang.String", + "SVC-INFRA": "java.lang.String", + "prevent-delete": "java.lang.String" +}
\ No newline at end of file diff --git a/charts/aai-spike/resources/config/model/edge_props/edge_properties_v13.json b/charts/aai-spike/resources/config/model/edge_props/edge_properties_v13.json new file mode 100644 index 0000000..8d00636 --- /dev/null +++ b/charts/aai-spike/resources/config/model/edge_props/edge_properties_v13.json @@ -0,0 +1,6 @@ +{ + "contains-other-v": "java.lang.String", + "delete-other-v": "java.lang.String", + "SVC-INFRA": "java.lang.String", + "prevent-delete": "java.lang.String" +}
\ No newline at end of file diff --git a/charts/aai-spike/resources/config/model/edge_props/edge_properties_v14.json b/charts/aai-spike/resources/config/model/edge_props/edge_properties_v14.json new file mode 100644 index 0000000..8d00636 --- /dev/null +++ b/charts/aai-spike/resources/config/model/edge_props/edge_properties_v14.json @@ -0,0 +1,6 @@ +{ + "contains-other-v": "java.lang.String", + "delete-other-v": "java.lang.String", + "SVC-INFRA": "java.lang.String", + "prevent-delete": "java.lang.String" +}
\ No newline at end of file diff --git a/charts/aai-spike/resources/config/model/edge_props/edge_properties_v15.json b/charts/aai-spike/resources/config/model/edge_props/edge_properties_v15.json new file mode 100644 index 0000000..8d00636 --- /dev/null +++ b/charts/aai-spike/resources/config/model/edge_props/edge_properties_v15.json @@ -0,0 +1,6 @@ +{ + "contains-other-v": "java.lang.String", + "delete-other-v": "java.lang.String", + "SVC-INFRA": "java.lang.String", + "prevent-delete": "java.lang.String" +}
\ No newline at end of file diff --git a/charts/aai-spike/resources/config/model/edge_props/edge_properties_v7.json b/charts/aai-spike/resources/config/model/edge_props/edge_properties_v7.json new file mode 100644 index 0000000..7cbddae --- /dev/null +++ b/charts/aai-spike/resources/config/model/edge_props/edge_properties_v7.json @@ -0,0 +1,10 @@ +{ + "isParent":"java.lang.Boolean", + "isParent-REV":"java.lang.Boolean", + "usesResource":"java.lang.Boolean", + "usesResource-REV":"java.lang.Boolean", + "SVC-INFRA":"java.lang.Boolean", + "SVC-INFRA-REV":"java.lang.Boolean", + "hasDelTarget":"java.lang.Boolean", + "hasDelTarget-REV":"java.lang.Boolean" +} diff --git a/charts/aai-spike/resources/config/model/edge_props/edge_properties_v8.json b/charts/aai-spike/resources/config/model/edge_props/edge_properties_v8.json new file mode 100644 index 0000000..7cbddae --- /dev/null +++ b/charts/aai-spike/resources/config/model/edge_props/edge_properties_v8.json @@ -0,0 +1,10 @@ +{ + "isParent":"java.lang.Boolean", + "isParent-REV":"java.lang.Boolean", + "usesResource":"java.lang.Boolean", + "usesResource-REV":"java.lang.Boolean", + "SVC-INFRA":"java.lang.Boolean", + "SVC-INFRA-REV":"java.lang.Boolean", + "hasDelTarget":"java.lang.Boolean", + "hasDelTarget-REV":"java.lang.Boolean" +} diff --git a/charts/aai-spike/resources/config/model/edge_props/edge_properties_v9.json b/charts/aai-spike/resources/config/model/edge_props/edge_properties_v9.json new file mode 100644 index 0000000..7cbddae --- /dev/null +++ b/charts/aai-spike/resources/config/model/edge_props/edge_properties_v9.json @@ -0,0 +1,10 @@ +{ + "isParent":"java.lang.Boolean", + "isParent-REV":"java.lang.Boolean", + "usesResource":"java.lang.Boolean", + "usesResource-REV":"java.lang.Boolean", + "SVC-INFRA":"java.lang.Boolean", + "SVC-INFRA-REV":"java.lang.Boolean", + "hasDelTarget":"java.lang.Boolean", + "hasDelTarget-REV":"java.lang.Boolean" +} diff --git a/charts/aai-spike/resources/config/schema-ingest.properties b/charts/aai-spike/resources/config/schema-ingest.properties new file mode 100644 index 0000000..1569761 --- /dev/null +++ b/charts/aai-spike/resources/config/schema-ingest.properties @@ -0,0 +1,65 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# Copyright © 2018 Amdocs +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# + +####################################### +# Schema Version Related Attributes +####################################### +schema.uri.base.path=/aai +# Lists all of the versions in the schema +schema.version.list=v10,v11,v12,v13,v14,v15 +# Specifies from which version should the depth parameter to default to zero +schema.version.depth.start=v10 +# Specifies from which version should the related link be displayed in response payload +schema.version.related.link.start=v10 +# Specifies from which version should the client see only the uri excluding host info +# Before this version server base will also be included +schema.version.app.root.start=v11 +# Specifies from which version should the namespace be changed +schema.version.namespace.change.start=v11 +# Specifies from which version should the client start seeing the edge label in payload +schema.version.edge.label.start=v12 +# Specifies the version that the application should default to +schema.version.api.default=v15 + +####################################### +# Schema Location Related Attributes +####################################### +schema.configuration.location=NA +schema.nodes.location=/opt/app/spike/bundleconfig/etc/onap/oxm +schema.edges.location=/opt/app/spike/bundleconfig/etc/onap/dbedgerules + +############################################################################### +# Schema Service Related Attributes +############################################################################### +# Specifies whether to use the schema service (schema-service) or local schema files (config) +schema.translator.list=config + +schema.service.base.url=https://<host>:8452/aai/schema-service/v1/ +schema.service.nodes.endpoint=nodes?version= +schema.service.edges.endpoint=edgerules?version= +schema.service.versions.endpoint=versions + +#Default rest client is the two-way-ssl +schema.service.client=two-way-ssl +#Replace the below with the A&AI client key store +schema.service.ssl.key-store=${CONFIG_HOME}/auth/client-cert.p12 +#Replace the below with the A&AI tomcat trust store +schema.service.ssl.trust-store=${CONFIG_HOME}/auth/tomcat_keystore diff --git a/charts/aai-spike/resources/config/spike-beans.xml b/charts/aai-spike/resources/config/spike-beans.xml new file mode 100644 index 0000000..50be8cb --- /dev/null +++ b/charts/aai-spike/resources/config/spike-beans.xml @@ -0,0 +1,62 @@ +<!-- + ============LICENSE_START======================================================= + org.onap.aai + ================================================================================ + Copyright © 2018 AT&T Intellectual Property. All rights reserved. + Copyright © 2018 Amdocs + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= +--> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:util="http://www.springframework.org/schema/util" + xsi:schemaLocation=" + http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/util + http://www.springframework.org/schema/util/spring-util.xsd"> + + <bean id="eventConsumer" class="org.onap.aai.event.client.DMaaPEventConsumer"> + <constructor-arg name="host" value="message-router.{{.Release.Namespace}}:{{.Values.event.port.dmaap}}" /> + <constructor-arg name="topic" value="{{.Values.event.consumer.topic}}" /> + <constructor-arg name="username" value="" /> + <constructor-arg name="password" value="" /> + <constructor-arg name="consumerGroup" value="spike" /> + <constructor-arg name="consumerId" value="spike" /> + <constructor-arg name="timeoutMs" value="1000" /> + <constructor-arg name="messageLimit" value="100" /> + <constructor-arg name="transportType" value="HTTPAUTH" /> + <constructor-arg name="protocol" value="{{.Values.event.protocol}}" /> + <constructor-arg name="filter"><null /></constructor-arg> + </bean> + + <bean id="eventPublisher" class="org.onap.aai.event.client.DMaaPEventPublisher" > + <constructor-arg name="host" value="message-router.{{.Release.Namespace}}:{{.Values.event.port.dmaap}}" /> + <constructor-arg name="topic" value="{{.Values.event.publisher.topic}}" /> + <constructor-arg name="username" value="" /> + <constructor-arg name="password" value="" /> + <constructor-arg name="maxBatchSize" value="100" /> + <constructor-arg name="maxAgeMs" value="250" /> + <constructor-arg name="delayBetweenBatchesMs" value="50" /> + <constructor-arg name="transportType" value="HTTPAUTH" /> + <constructor-arg name="protocol" value="{{.Values.event.protocol}}" /> + <constructor-arg name="contentType" value="application/json" /> + </bean> + + <bean id="spikeService" class="org.onap.aai.spike.service.SpikeService" init-method="startup"> + <constructor-arg ref="eventConsumer" /> + <constructor-arg ref="eventPublisher" /> + </bean> + +</beans> diff --git a/charts/aai-spike/resources/config/spike.properties b/charts/aai-spike/resources/config/spike.properties new file mode 100644 index 0000000..c3ba4a3 --- /dev/null +++ b/charts/aai-spike/resources/config/spike.properties @@ -0,0 +1,28 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# Copyright © 2018 Amdocs +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# + +# Spike configuration + +spike.event.poll.interval=30000 +spike.event.offset.period= 10000 +spike.event.queue.capacity=10000 +spike.event.queue.delay=10000 +spike.props.reserved=source-of-truth,last-mod-source-of-truth,aai-created-ts,aai-last-mod-ts diff --git a/charts/aai-spike/templates/configmap.yaml b/charts/aai-spike/templates/configmap.yaml new file mode 100644 index 0000000..ebd4fb0 --- /dev/null +++ b/charts/aai-spike/templates/configmap.yaml @@ -0,0 +1,39 @@ +# Copyright © 2018 Amdocs, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-edge-props-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/model/edge_props/*").AsConfig . | indent 2 }} diff --git a/charts/aai-spike/templates/deployment.yaml b/charts/aai-spike/templates/deployment.yaml new file mode 100644 index 0000000..c962f1d --- /dev/null +++ b/charts/aai-spike/templates/deployment.yaml @@ -0,0 +1,166 @@ +# Copyright © 2018 Amdocs, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + initContainers: + - command: + - /root/ready.py + args: + - --container-name + - message-router-kafka + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ .Chart.Name }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: CONFIG_HOME + value: /opt/app/spike/config + - name: KEY_STORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }}-pass + key: KEY_STORE_PASSWORD + - name: KEY_MANAGER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }}-pass + key: KEY_MANAGER_PASSWORD + - name: SERVICE_BEANS + value: /opt/app/spike/dynamic/conf + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/spike/config/auth + name: {{ include "common.fullname" . }}-secrets + - mountPath: /opt/app/spike/dynamic/conf/spike-beans.xml + name: {{ include "common.fullname" . }}-config + subPath: spike-beans.xml + - mountPath: /opt/app/spike/config/spike.properties + subPath: spike.properties + name: {{ include "common.fullname" . }}-config + - mountPath: /opt/app/spike/config/schema-ingest.properties + subPath: schema-ingest.properties + name: {{ include "common.fullname" . }}-config + - mountPath: /opt/app/spike/config/edgeprops-ingest.properties + subPath: edgeprops-ingest.properties + name: {{ include "common.fullname" . }}-config + - mountPath: /opt/app/spike/config/model/edge_props + name: {{ include "common.fullname" . }}-edge-props-config + - mountPath: /opt/app/spike/bundleconfig/etc/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: aai-filebeat + resources: +{{ include "common.resources" . }} + + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-secrets + secret: + secretName: {{ include "common.fullname" . }}-spike-secrets + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + items: + - key: spike.properties + path: spike.properties + - key: spike-beans.xml + path: spike-beans.xml + - key: schema-ingest.properties + path: schema-ingest.properties + - key: edgeprops-ingest.properties + path: edgeprops-ingest.properties + - key: logback.xml + path: logback.xml + - name: {{ include "common.fullname" . }}-edge-props-config + configMap: + name: {{ include "common.fullname" . }}-edge-props-configmap + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: aai-filebeat + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/charts/aai-spike/templates/secrets.yaml b/charts/aai-spike/templates/secrets.yaml new file mode 100644 index 0000000..510805d --- /dev/null +++ b/charts/aai-spike/templates/secrets.yaml @@ -0,0 +1,42 @@ +# Copyright © 2018 Amdocs, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-spike-secrets + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-pass + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }} + KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }} diff --git a/charts/aai-spike/templates/service.yaml b/charts/aai-spike/templates/service.yaml new file mode 100644 index 0000000..745c73b --- /dev/null +++ b/charts/aai-spike/templates/service.yaml @@ -0,0 +1,39 @@ +# Copyright © 2018 Amdocs, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort}} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort}} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} diff --git a/charts/aai-spike/values.yaml b/charts/aai-spike/values.yaml new file mode 100644 index 0000000..fbe09f7 --- /dev/null +++ b/charts/aai-spike/values.yaml @@ -0,0 +1,88 @@ +# Copyright © 2018 Amdocs, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + readinessImage: readiness-check:2.0.2 + loggingImage: beats/filebeat:5.5.0 + +################################################################# +# Application configuration defaults. +################################################################# + +# application image +image: onap/spike:1.4-STAGING-latest +flavor: small +# application configuration +config: + keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: false + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: NodePort + portName: spike + externalPort: 9518 + internalPort: 9518 + nodePort: 39 + +ingress: + enabled: false + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.5 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 1 + memory: 1536Mi + unlimited: {} + +# XML bean configuration +event: + port: + dmaap: 3905 + protocol: https + consumer: + topic: champRawEvents + publisher: + topic: spikeEvents diff --git a/charts/aai-traversal/.helmignore b/charts/aai-traversal/.helmignore new file mode 100644 index 0000000..daebc7d --- /dev/null +++ b/charts/aai-traversal/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/aai-traversal/Chart.yaml b/charts/aai-traversal/Chart.yaml new file mode 100644 index 0000000..0470d0a --- /dev/null +++ b/charts/aai-traversal/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAI traversal +name: aai-traversal +version: 4.0.0 diff --git a/charts/aai-traversal/resources/config/aaf/bath_config.csv b/charts/aai-traversal/resources/config/aaf/bath_config.csv new file mode 100644 index 0000000..60a8fb5 --- /dev/null +++ b/charts/aai-traversal/resources/config/aaf/bath_config.csv @@ -0,0 +1,33 @@ +# AAI -> aai@aai.onap.org +Basic QUFJOkFBSQ==,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# ModelLoader -> aai@aai.onap.org +Basic TW9kZWxMb2FkZXI6TW9kZWxMb2FkZXI=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# AaiUI -> aai@aai.onap.org, +Basic QWFpVUk6QWFpVUk=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# MSO -> so@so.onap.org +Basic TVNPOk1TTw==,Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1NiE=,2050-03-03 + +# SDNC -> sdnc@sdnc.onap.org +Basic U0ROQzpTRE5D,Basic c2RuY0BzZG5jLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03 + +# DCAE -> dcae@dcae.onap.org +Basic RENBRTpEQ0FF,Basic ZGNhZUBkY2FlLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03 + +# POLICY -> policy@policy.onap.org +Basic UE9MSUNZOlBPTElDWQ==,Basic cG9saWN5QHBvbGljeS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# ASDC -> sdc@sdc.onap.org +Basic QVNEQzpBU0RD,Basic c2RjQHNkYy5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# VID -> vid@vid.onap.org +Basic VklEOlZJRA==,Basic dmlkQHZpZC5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# APPC -> appc@appc.onap.org +Basic QVBQQzpBUFBD,Basic YXBwY0BhcHBjLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03 + +# OOF -> oof@oof.onap.org +Basic T09GOk9PRg==,Basic b29mQG9vZi5vbmFwLm9yZzpkZW1vMTIzNDQ2IQ==,2050-03-03 + diff --git a/charts/aai-traversal/resources/config/aaf/cadi.properties b/charts/aai-traversal/resources/config/aaf/cadi.properties new file mode 100644 index 0000000..9523367 --- /dev/null +++ b/charts/aai-traversal/resources/config/aaf/cadi.properties @@ -0,0 +1,8 @@ + +cadi_loglevel=INFO +cadi_prop_files=/opt/app/aai-traversal/resources/aaf/org.osaaf.location.props:/opt/app/aai-traversal/resources/aaf/org.onap.aai.props + +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + diff --git a/charts/aai-traversal/resources/config/aaf/org.onap.aai.keyfile b/charts/aai-traversal/resources/config/aaf/org.onap.aai.keyfile new file mode 100644 index 0000000..8721938 --- /dev/null +++ b/charts/aai-traversal/resources/config/aaf/org.onap.aai.keyfile @@ -0,0 +1,27 @@ +yf1wUdfxbhVQQq5UF8hzWB_01VVrRIkC8BaLT7NMTrmv30RsMj3lvlaX3_CnVC1emYgmiUfWnT7k +brk0m-URJAKM8Pm6PrnOyKlx3U7NS8HVcFdKpVm_bx0CFsA3eY2NGe-D0gd35V1MohCbABZ8G2a6 +AgE7QmToHCwclXW_goK5P7lmJX1HaMVAIydMreP1m9sSR4UboRlvkH6VsMM1H1Y9ZhhXF--RkWAM +EcIspNTQE4ef3ZvYtSzuWssGZP8Hjo4XJlXz1uCSkyczw0IR19n-lspF9S0cIMro6QqvJsyjyjRo +UdYgxdwmQ_st4P43TZ8YEBQyE8r7VUoh_EqUx9ldilxGA0kBOQcTdtd805Kf98grXiQXeT-8UD1L +02aLzbz8Md7f8foGS1oGLfoImdjYCzOOZs3qHmKSb6YoHY8VcBCxIEfCznYl8wLYLRsSZ0tV4SAM +qCM_KHOM0HOZrNfSSAW5ZVZb67U9NI9SLFRV8gkmqxMspfjSLJCyHhq0D6RMECSpeAeVgoh6SWDw +mBSXunY5ZWVzdUyEezjCcl3NqTahrlfMSV5xkfUmSNFe_WW9rIXF0vD6MHAEW62yA1OA8WoMUqp2 +VKkUzWGVGAdMvbU52D6hqmGXER44kxAHVgEwPdhQhqgk4BpjR2v9ozQ6E_xNGkSRnriNB-H6BSN0 +vZa0pNJfvmBCjwGeoyRbCJrN1grLoDHQ3_6g-IwsD3NugKp6SHxUgfiPAUMGz-J2ZdbAlU0SNQgM +8gn6_cOaXvhqHBwh9SfT4jXyuCJru0zw3pyOjuw6fLMezvJDPvFfIgWllzc2IQ7_bufMZgCr2yAe +O-nBzsXK8aqItzCti53sZLSM1YC6OuRaiIt2i0yTVa7koFYSFhyELqEco5cFKMs0c6SrgIxnRrBT +x0RPXIyLdiRr76uP2wxL8KDfJ1vbCKi1xkZRchvQfm3ssgpzXVz8lnZ-HxacEhhAfGdDV56ZgRhu +5UVQd2RdP9JVpnXRJPhVwlQeQlrIXWHp01efBPRMTZQd2lpaNqn5v5chzpi9bbM3P3-BLxnN2NID +dv1E9Ox7MH-m3IQT9yFUi-UrDxAId4dnpgeCvyxhfnc1HJ9B71x9wmryC9PJWiKs3K-T_eC9pR4o +eN5PUZZ7arwdMUmzqKPNAtyMqaJCWfD3GZ1KsC8OV5Ze0DRQZPeT3IHg2BUC1NGj2SdjcwaGP_zl +uytFZWN7kQjnI4brorkO_jzjf7SEPCO7Vy2Z2vikIv7O8bSWZWDGYCcxUoYigFYcjZFirRYr3Yvl +YZU-F_qh6ZvrVxStSpz6iYDAzPW9v4ZyLSHyWe5H2AN89uRdnvag1769KpjsmGVYbn5jabgCJFs8 +EL7rxymrXri5cKsGH8XC1E0a-kP6vvhdHJhx5eFsFmKJaWh3RCJ8_I5CSzSRsK8JvE1Z6nGFn_SI +dpeNjf66lbm4y68loUh5Q4BDce3YaCT1gHmluBzXnv1vFzuvJ2jcVyq-nUDjdTqvM9okW8Prmt7l +ttQ3MVZI4rd-tXJfV4lxaI6wF4LIwiMJmY2tiCHoJ5nbLfHvMG7G5K1NAbizPltQxURPiMPZeCDZ +15SXI9vdCR-FyQikzp1hUUMMqz231-6BDDTKMOXpicQRQ0CHpEfxY4Rq3mu0QmRi-EIs6JAzfuLi +ba7fbfHnkhl3GWkj0CVZD8uDbzJceSTHICqVt-3qECUSG3ZfsuebWAEWED_xQoXyAL7kK8fMOPwl +m6qEk4z7boiJSrcQ2ZIdyPs2bZNvlv4wYg0F3BhFf2HeCYwR3BKXQGlDXGOAD5GuRpHHBch9JfVa +iUbvCEF23mee633C_K4zCaaVR9UqXMefzqFxSsobMp3heo3eIcQzLhe2SL2xpI9TbsvN2N4c9UMk +_TnQBHiYBgPxtB_j8bnVu7C__lTTpPKYLpUPxgWEIzljZzbkF37QQ1XtAc2EzcOi2FT4qsjlNgPw +PbL6ZihWEYZrZUilTSLzzjcQDLzoaF6BL2LOOS-Uju-B7COhcSMc0JLYOob6RDBE9T6HUMuZ diff --git a/charts/aai-traversal/resources/config/aaf/org.onap.aai.p12 b/charts/aai-traversal/resources/config/aaf/org.onap.aai.p12 Binary files differnew file mode 100644 index 0000000..5737e48 --- /dev/null +++ b/charts/aai-traversal/resources/config/aaf/org.onap.aai.p12 diff --git a/charts/aai-traversal/resources/config/aaf/org.onap.aai.props b/charts/aai-traversal/resources/config/aaf/org.onap.aai.props new file mode 100644 index 0000000..0f27dbd --- /dev/null +++ b/charts/aai-traversal/resources/config/aaf/org.onap.aai.props @@ -0,0 +1,14 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# @copyright 2016, AT&T +############################################################ +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US +cadi_keyfile=/opt/app/aai-traversal/resources/aaf/org.onap.aai.keyfile +cadi_keystore=/opt/app/aai-traversal/resources/aaf/org.onap.aai.p12 +cadi_keystore_password=enc:nF3D1h00vVoLZkCnFtTCJAiH6maEiA3933rI3ctap9Ggjlm2SMg_dxk6ui9iiDwr +#cadi_key_password=enc:9xs_lJ9QQRDoMcHqLbGg40-gefGrw-sLMjWL40ejbyqdC7Jt_pQfY6ajBLGcbLuL +cadi_alias=aai@aai.onap.org +cadi_truststore=/opt/app/aai-traversal/resources/aaf/truststoreONAPall.jks +cadi_truststore_password=enc:8BxmWFFRI9wcf2jVixnfdK2GPI4veaXofZ65fcYThHv +cadi_loglevel=INFO +cadi_bath_convert=/opt/app/aai-traversal/resources/aaf/bath_config.csv diff --git a/charts/aai-traversal/resources/config/aaf/org.osaaf.location.props b/charts/aai-traversal/resources/config/aaf/org.osaaf.location.props new file mode 100644 index 0000000..132fb24 --- /dev/null +++ b/charts/aai-traversal/resources/config/aaf/org.osaaf.location.props @@ -0,0 +1,23 @@ +## +## org.osaaf.location.props +## +## Localized Machine Information +## +# Almeda California ? +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +# Locate URL (which AAF Env) +aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 + +# AAF URL +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 + +# AAF Environment Designation +aaf_env=DEV + +# OAuth2 Endpoints +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + + diff --git a/charts/aai-traversal/resources/config/aaf/permissions.properties b/charts/aai-traversal/resources/config/aaf/permissions.properties new file mode 100644 index 0000000..d4956f5 --- /dev/null +++ b/charts/aai-traversal/resources/config/aaf/permissions.properties @@ -0,0 +1,2 @@ +permission.type=org.onap.aai.traversal +permission.instance=*
\ No newline at end of file diff --git a/charts/aai-traversal/resources/config/aaiconfig.properties b/charts/aai-traversal/resources/config/aaiconfig.properties new file mode 100644 index 0000000..3859590 --- /dev/null +++ b/charts/aai-traversal/resources/config/aaiconfig.properties @@ -0,0 +1,81 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# + +aai.config.checktime=1000 + +# this could come from siteconfig.pl? +aai.config.nodename=AutomaticallyOverwritten + +aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/ +aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/ +aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/ + +{{ if .Values.global.config.basic.auth.enabled }} +aai.tools.enableBasicAuth=true +aai.tools.username={{ .Values.global.config.basic.auth.username }} +aai.tools.password={{ .Values.global.config.basic.auth.passwd }} +{{ end }} + +aai.truststore.filename={{ .Values.global.config.truststore.filename }} +aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }} +aai.keystore.filename={{ .Values.global.config.keystore.filename }} +aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }} + +aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} +aai.notificationEvent.default.status=UNPROCESSED +aai.notificationEvent.default.eventType={{ .Values.global.config.notification.eventType }} +aai.notificationEvent.default.domain={{ .Values.global.config.notification.domain }} +aai.notificationEvent.default.sourceName=aai +aai.notificationEvent.default.sequenceNumber=0 +aai.notificationEvent.default.severity=NORMAL +aai.notificationEvent.default.version={{ .Values.global.config.schema.version.api.default }} +# This one lets us enable/disable resource-version checking on updates/deletes +aai.resourceversion.enableflag=true +aai.logging.maxStackTraceEntries=10 +aai.default.api.version={{ .Values.global.config.schema.version.api.default }} + +# Used by Model-processing code +aai.model.delete.sleep.per.vtx.msec=500 +aai.model.query.resultset.maxcount=50 +aai.model.query.timeout.sec=90 + +aai.model.proc.max.levels=50 +aai.edgeTag.proc.max.levels=50 + +aai.logging.trace.enabled=true +aai.logging.trace.logrequest=false +aai.logging.trace.logresponse=false + +aai.transaction.logging=true +aai.transaction.logging.get=false +aai.transaction.logging.post=false + +aai.realtime.clients={{ .Values.global.config.realtime.clients }} + +#timeout for traversal enabled flag +aai.traversal.timeoutenabled={{ .Values.config.timeout.enabled }} + +#timeout app specific +aai.traversal.timeout.appspecific={{ .Values.config.timeout.appspecific }} + +#default timeout limit added for traversal if not overridden (in ms) +aai.traversal.timeoutlimit={{ .Values.config.timeout.limit | int }} diff --git a/charts/aai-traversal/resources/config/application.properties b/charts/aai-traversal/resources/config/application.properties new file mode 100644 index 0000000..a7c86b6 --- /dev/null +++ b/charts/aai-traversal/resources/config/application.properties @@ -0,0 +1,97 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# The following info parameters are being referenced by ajsc6 +info.build.artifact=aai-traversal +info.build.name=traversal +info.build.description=Traversal Microservice +info.build.version=1.3.0 + +spring.application.name=aai-traversal +spring.jersey.type=filter + +server.contextPath=/ +spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration + +spring.profiles.active={{ .Values.global.config.profiles.active }} +spring.jersey.application-path=${schema.uri.base.path} +#The max number of active threads in this pool +server.tomcat.max-threads=200 +#The minimum number of threads always kept alive +server.tomcat.min-Spare-Threads=25 +#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads +server.tomcat.max-idle-time=60000 + +# If you get an application startup failure that the port is already taken +# If thats not it, please check if the key-store file path makes sense +server.local.startpath=aai-traversal/src/main/resources/ +server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties + +server.port=8446 +server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 +server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} +server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) +server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} +server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +server.ssl.client-auth=want +server.ssl.key-store-type=JKS + +# JMS bind address host port +jms.bind.address=tcp://localhost:61647 +dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:3905 +dmaap.ribbon.transportType=https + +# Schema related attributes for the oxm and edges +# Any additional schema related attributes should start with prefix schema +schema.configuration.location=N/A +schema.source.name={{ .Values.global.config.schema.source.name }} +schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/ +schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/ +# Location of where the stored queries are +schema.queries.location=${server.local.startpath}/schema/${schema.source.name}/query/ + +schema.ingest.file=${server.local.startpath}/application.properties + +# Schema Version Related Attributes + +schema.uri.base.path={{ .Values.global.config.schema.uri.base.path }} +# Lists all of the versions in the schema +schema.version.list={{ .Values.global.config.schema.version.list }} +# Specifies from which version should the depth parameter to default to zero +schema.version.depth.start={{ .Values.global.config.schema.version.depth }} +# Specifies from which version should the related link be displayed in response payload +schema.version.related.link.start={{ .Values.global.config.schema.version.related.link }} + +# Specifies from which version should the client see only the uri excluding host info +# Before this version server base will also be included +schema.version.app.root.start={{ .Values.global.config.schema.version.app.root }} +# Specifies from which version should the namespace be changed +schema.version.namespace.change.start={{ .Values.global.config.schema.version.namespace.change }} +# Specifies from which version should the client start seeing the edge label in payload +schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.label }} +# Specifies the version that the application should default to +schema.version.api.default={{ .Values.global.config.schema.version.api.default }} + +schema.translator.list={{ .Values.global.config.schema.translator.list }} +schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ +schema.service.nodes.endpoint=nodes?version= +schema.service.edges.endpoint=edgerules?version= +schema.service.versions.endpoint=versions +schema.service.custom.queries.endpoint=stored-queries +schema.service.client={{ .Values.global.config.schema.service.client }} + +schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} +schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} +schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) +schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) diff --git a/charts/aai-traversal/resources/config/janusgraph-cached.properties b/charts/aai-traversal/resources/config/janusgraph-cached.properties new file mode 100644 index 0000000..9dc6636 --- /dev/null +++ b/charts/aai-traversal/resources/config/janusgraph-cached.properties @@ -0,0 +1,98 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# + +query.fast-property=true +query.smart-limit=false + +{{ if .Values.global.config.cluster.cassandra.dynamic }} + +storage.backend=cassandra +storage.hostname={{.Values.global.cassandra.serviceName}} +storage.cassandra.keyspace=aaigraph + +storage.cassandra.read-consistency-level=LOCAL_QUORUM +storage.cassandra.write-consistency-level=LOCAL_QUORUM +storage.cassandra.replication-factor={{.Values.global.cassandra.replicas}} +storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy + +{{ else }} + +{{ if .Values.global.config.storage }} + +storage.backend={{ .Values.global.config.storage.backend }} + +{{ if eq .Values.global.config.storage.backend "cassandra" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cassandra.keyspace={{ .Values.global.config.storage.name }} + +storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }} +storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }} +storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }} +storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }} +storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "cql" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cql.keyspace={{ .Values.global.config.storage.name }} + +storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }} + +storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }} +storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }} +storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "hbase" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.hbase.table={{ .Values.global.config.storage.name }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ end }} + +{{ end }} + +{{ end }} + +storage.lock.wait-time=300 +#caching on +cache.db-cache = true +cache.db-cache-clean-wait = 20 +cache.db-cache-time = 180000 +cache.db-cache-size = 0.3 + +#load graphson file on startup +load.snapshot.file=false diff --git a/charts/aai-traversal/resources/config/janusgraph-realtime.properties b/charts/aai-traversal/resources/config/janusgraph-realtime.properties new file mode 100644 index 0000000..8791a0b --- /dev/null +++ b/charts/aai-traversal/resources/config/janusgraph-realtime.properties @@ -0,0 +1,92 @@ +# +# ============LICENSE_START======================================================= +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# + +query.fast-property=true +query.smart-limit=false + +{{ if .Values.global.config.cluster.cassandra.dynamic }} + +storage.backend=cassandra +storage.hostname={{.Values.global.cassandra.serviceName}} +storage.cassandra.keyspace=aaigraph + +storage.cassandra.read-consistency-level=LOCAL_QUORUM +storage.cassandra.write-consistency-level=LOCAL_QUORUM +storage.cassandra.replication-factor={{.Values.global.cassandra.replicas}} +storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy + +{{ else }} + +{{ if .Values.global.config.storage }} + +storage.backend={{ .Values.global.config.storage.backend }} + +{{ if eq .Values.global.config.storage.backend "cassandra" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cassandra.keyspace={{ .Values.global.config.storage.name }} + +storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }} +storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }} +storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }} +storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }} +storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "cql" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cql.keyspace={{ .Values.global.config.storage.name }} + +storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }} + +storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }} +storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }} +storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "hbase" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.hbase.table={{ .Values.global.config.storage.name }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ end }} + +{{ end }} + +{{ end }} + +storage.lock.wait-time=300 +# Setting db-cache to false ensure the fastest propagation of changes across servers +cache.db-cache = false +#load graphson file on startup +load.snapshot.file=false diff --git a/charts/aai-traversal/resources/config/localhost-access-logback.xml b/charts/aai-traversal/resources/config/localhost-access-logback.xml new file mode 100644 index 0000000..4cf6c74 --- /dev/null +++ b/charts/aai-traversal/resources/config/localhost-access-logback.xml @@ -0,0 +1,63 @@ +<!--
+
+ ============LICENSE_START=======================================================
+ org.onap.aai
+ ================================================================================
+ Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ Modifications Copyright © 2018 Amdocs, Bell Canada
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+
+-->
+<configuration>
+ <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
+ <appender name="ACCESS"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
+ <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>
+ </encoder>
+ </appender>
+ <appender-ref ref="ACCESS" />
+</configuration>
+
+<!--
+%a - Remote IP address
+%A - Local IP address
+%b - Bytes sent, excluding HTTP headers, or '-' if no bytes were sent
+%B - Bytes sent, excluding HTTP headers
+%h - Remote host name
+%H - Request protocol
+%l - Remote logical username from identd (always returns '-')
+%m - Request method
+%p - Local port
+%q - Query string (prepended with a '?' if it exists, otherwise an empty string
+%r - First line of the request
+%s - HTTP status code of the response
+%S - User session ID
+%t - Date and time, in Common Log Format format
+%u - Remote user that was authenticated
+%U - Requested URL path
+%v - Local server name
+%I - current request thread name (can compare later with stacktraces)
+
+%z - Custom pattern that parses the cert for the subject
+%y - Custom pattern determines rest or dme2
+ -->
diff --git a/charts/aai-traversal/resources/config/logback.xml b/charts/aai-traversal/resources/config/logback.xml new file mode 100644 index 0000000..d466ccf --- /dev/null +++ b/charts/aai-traversal/resources/config/logback.xml @@ -0,0 +1,268 @@ +<!-- + ============LICENSE_START======================================================= + org.onap.aai + ================================================================================ + Copyright © 2017 AT&T Intellectual Property. All rights reserved. + Modifications Copyright © 2018 Amdocs, Bell Canada + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= + ECOMP is a trademark and service mark of AT&T Intellectual Property. +--> +<configuration scan="true" scanPeriod="60 seconds" debug="false"> + <statusListener class="ch.qos.logback.core.status.NopStatusListener" /> + <property resource="application.properties" /> + <property name="namespace" value="aai-traversal"/> + <property name="AJSC_HOME" value="${AJSC_HOME:-.}" /> + <jmxConfigurator /> + <property name="logDirectory" value="${AJSC_HOME}/logs" /> + <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{statusCode}|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> + <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{statusCode}|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> + <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%X{statusCode}|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> + <!-- <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> --> + <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> + <property name="eelfTransLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{statusCode}|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{partnerName}:%m%n"/> + <conversionRule conversionWord="clr" converterClass="org.springframework.boot.logging.logback.ColorConverter" /> + <conversionRule conversionWord="wex" converterClass="org.springframework.boot.logging.logback.WhitespaceThrowableProxyConverter" /> + <conversionRule conversionWord="wEx" converterClass="org.springframework.boot.logging.logback.ExtendedWhitespaceThrowableProxyConverter" /> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern> + %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx} + </pattern> + </encoder> + </appender> + <appender name="SANE" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/rest/sane.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/sane.log.%d{yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + <encoder> + <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n + </pattern> + </encoder> + </appender> + <appender name="asyncSANE" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="SANE" /> + </appender> + <appender name="METRIC" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>INFO</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <file>${logDirectory}/rest/metrics.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfMetricLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncMETRIC" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="METRIC" /> + </appender> + <appender name="DEBUG" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>DEBUG</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <file>${logDirectory}/rest/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/debug.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncDEBUG" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="DEBUG" /> + </appender> + <appender name="ERROR" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <file>${logDirectory}/rest/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/error.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfErrorLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncERROR" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="ERROR" /> + </appender> + <appender name="AUDIT" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/rest/audit.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/audit.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfAuditLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncAUDIT" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="AUDIT" /> + </appender> + <appender name="translog" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>DEBUG</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <file>${logDirectory}/rest/translog.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/rest/translog.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfTransLogPattern}</pattern> + </encoder> + </appender> + <appender name="asynctranslog" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="translog" /> + </appender> + <appender name="dmaapAAIEventConsumer" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <File>${logDirectory}/dmaapAAIEventConsumer/error.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + <appender name="dmaapAAIEventConsumerDebug" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>DEBUG</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <File>${logDirectory}/dmaapAAIEventConsumer/debug.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + <appender name="dmaapAAIEventConsumerMetric" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>INFO</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <File>${logDirectory}/dmaapAAIEventConsumer/metrics.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfMetricLogPattern}</pattern> + </encoder> + </appender> + <appender name="external" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <file>${logDirectory}/external/external.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/external/external.log.%d{yyyy-MM-dd} + </fileNamePattern> + </rollingPolicy> + <encoder class="org.onap.aai.logging.EcompEncoder"> + <pattern>${eelfLogPattern}</pattern> + </encoder> + </appender> + <logger name="org.onap.aai" level="DEBUG" additivity="false"> + <appender-ref ref="asyncDEBUG" /> + <appender-ref ref="asyncERROR" /> + <appender-ref ref="asyncMETRIC" /> + <appender-ref ref="asyncSANE" /> + <appender-ref ref="STDOUT" /> + </logger> + + <!-- Spring related loggers --> + <logger name="org.springframework" level="WARN" /> + <logger name="org.springframework.beans" level="WARN" /> + <logger name="org.springframework.web" level="WARN" /> + <logger name="com.blog.spring.jms" level="WARN" /> + <logger name="com.jayway.jsonpath" level="WARN" /> + + <logger name="ch.qos.logback.classic" level="WARN" /> + <logger name="ch.qos.logback.core" level="WARN" /> + <logger name="org.eclipse.jetty" level="WARN" /> + + <logger name="org.onap.aai.interceptors.post" level="DEBUG" + additivity="false"> + <appender-ref ref="asynctranslog" /> + </logger> + <logger name="org.onap.aai.interceptors.pre.SetLoggingContext" level="DEBUG"> + <appender-ref ref="asyncAUDIT"/> + </logger> + <logger name="org.onap.aai.interceptors.post.ResetLoggingContext" level="DEBUG"> + <appender-ref ref="asyncAUDIT"/> + </logger> + <logger name="org.onap.aai.dmaap" level="DEBUG" additivity="false"> + <appender-ref ref="dmaapAAIEventConsumer" /> + <appender-ref ref="dmaapAAIEventConsumerDebug" /> + <appender-ref ref="dmaapAAIEventConsumerMetric" /> + </logger> + <logger name="org.apache" level="OFF" /> + <logger name="org.zookeeper" level="OFF" /> + <logger name="com.thinkaurelius" level="WARN" /> + <logger name="com.att.aft.dme2" level="WARN" /> + <!-- ============================================================================ --> + <!-- General EELF logger --> + <!-- ============================================================================ --> + <logger name="com.att.eelf" level="WARN" additivity="false"> + <appender-ref ref="asyncDEBUG" /> + <appender-ref ref="asyncERROR" /> + <appender-ref ref="asyncMETRIC" /> + </logger> + <root level="DEBUG"> + <appender-ref ref="external" /> + {{if .Values.global.config.logback.console.enabled}} + <appender-ref ref="STDOUT" /> + {{ end }} + </root> +</configuration> diff --git a/charts/aai-traversal/resources/config/realm.properties b/charts/aai-traversal/resources/config/realm.properties new file mode 100644 index 0000000..0499b34 --- /dev/null +++ b/charts/aai-traversal/resources/config/realm.properties @@ -0,0 +1,37 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# format : username: password[,rolename ...] +# default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader... +AAI:OBF:1gfr1ev31gg7,admin +MSO:OBF:1jzx1lz31k01,admin +SDNC:OBF:1itr1i0l1i151isv,admin +DCAE:OBF:1g8u1f9d1f991g8w,admin +POLICY:OBF:1mk61i171ima1im41i0j1mko,admin +ASDC:OBF:1f991j0u1j001f9d,admin +VID:OBF:1jm91i0v1jl9,admin +APPC:OBF:1f991ksf1ksf1f9d,admin +ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin +AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin +OOF:OBF:1img1ke71ily,admin +aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin diff --git a/charts/aai-traversal/templates/configmap.yaml b/charts/aai-traversal/templates/configmap.yaml new file mode 100644 index 0000000..1a92199 --- /dev/null +++ b/charts/aai-traversal/templates/configmap.yaml @@ -0,0 +1,64 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-aaf-props + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/aaf/org.osaaf.location.props").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-aaf-keys + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }} diff --git a/charts/aai-traversal/templates/deployment.yaml b/charts/aai-traversal/templates/deployment.yaml new file mode 100644 index 0000000..b94389f --- /dev/null +++ b/charts/aai-traversal/templates/deployment.yaml @@ -0,0 +1,618 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + msb.onap.org/service-info: '[ + { + "serviceName": "_aai-generic-query", + "version": "v11", + "url": "/aai/v11/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v11/search/generic-query" + }, + { + "serviceName": "_aai-generic-query", + "version": "v12", + "url": "/aai/v12/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v12/search/generic-query" + }, + { + "serviceName": "_aai-generic-query", + "version": "v13", + "url": "/aai/v13/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v13/search/generic-query" + }, + { + "serviceName": "_aai-generic-query", + "version": "v14", + "url": "/aai/v14/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/search/generic-query" + }, + { + "serviceName": "_aai-generic-query", + "version": "v15", + "url": "/aai/v15/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v15/search/generic-query" + }, + { + "serviceName": "_aai-generic-query", + "version": "v16", + "url": "/aai/v16/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v16/search/generic-query" + }, + { + "serviceName": "_aai-nodes-query", + "version": "v11", + "url": "/aai/v11/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v11/search/nodes-query" + }, + { + "serviceName": "_aai-nodes-query", + "version": "v12", + "url": "/aai/v12/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v12/search/nodes-query" + }, + { + "serviceName": "_aai-nodes-query", + "version": "v13", + "url": "/aai/v13/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v13/search/nodes-query" + }, + { + "serviceName": "_aai-nodes-query", + "version": "v14", + "url": "/aai/v14/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/search/nodes-query" + }, + { + "serviceName": "_aai-nodes-query", + "version": "v15", + "url": "/aai/v15/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v15/search/nodes-query" + }, + { + "serviceName": "_aai-nodes-query", + "version": "v16", + "url": "/aai/v16/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v16/search/nodes-query" + }, + { + "serviceName": "_aai-query", + "version": "v11", + "url": "/aai/v11/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v11/query" + }, + { + "serviceName": "_aai-query", + "version": "v12", + "url": "/aai/v12/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v12/query" + }, + { + "serviceName": "_aai-query", + "version": "v13", + "url": "/aai/v13/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v13/query" + }, + { + "serviceName": "_aai-query", + "version": "v14", + "url": "/aai/v14/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/query" + }, + { + "serviceName": "_aai-query", + "version": "v15", + "url": "/aai/v15/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v15/query" + }, + { + "serviceName": "_aai-query", + "version": "v16", + "url": "/aai/v16/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v16/query" + }, + { + "serviceName": "_aai-named-query", + "url": "/aai/search", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/search" + }, + { + "serviceName": "aai-generic-query", + "version": "v11", + "url": "/aai/v11/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-generic-query", + "version": "v12", + "url": "/aai/v12/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-generic-query", + "version": "v13", + "url": "/aai/v13/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-generic-query", + "version": "v14", + "url": "/aai/v14/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-generic-query", + "version": "v15", + "url": "/aai/v15/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-generic-query", + "version": "v16", + "url": "/aai/v16/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-nodes-query", + "version": "v11", + "url": "/aai/v11/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-nodes-query", + "version": "v12", + "url": "/aai/v12/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-nodes-query", + "version": "v13", + "url": "/aai/v13/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-nodes-query", + "version": "v14", + "url": "/aai/v14/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-nodes-query", + "version": "v15", + "url": "/aai/v15/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-nodes-query", + "version": "v16", + "url": "/aai/v16/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-query", + "version": "v11", + "url": "/aai/v11/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-query", + "version": "v12", + "url": "/aai/v12/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-query", + "version": "v13", + "url": "/aai/v13/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-query", + "version": "v14", + "url": "/aai/v14/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-query", + "version": "v15", + "url": "/aai/v15/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-query", + "version": "v16", + "url": "/aai/v16/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-named-query", + "url": "/aai/search", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + } + ]' + spec: + hostname: aai-traversal + {{ if .Values.global.initContainers.enabled }} + initContainers: + - command: + {{ if .Values.global.jobs.migration.enabled }} + - /root/job_complete.py + args: + - --job-name + - {{ .Release.Name }}-aai-graphadmin-migration + {{ else if .Values.global.jobs.createSchema.enabled }} + - /root/job_complete.py + args: + - --job-name + - {{ .Release.Name }}-aai-graphadmin-create-db-schema + {{ else }} + - /root/ready.py + args: + - --container-name + {{- if .Values.global.cassandra.localCluster }} + - aai-cassandra + {{- else }} + - cassandra + {{- end }} + - --container-name + - aai-schema-service + {{ end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + {{ end }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: DISABLE_UPDATE_QUERY + value: {{ .Values.config.disableUpdateQuery | quote }} + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-realtime.properties + - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-cached.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-cached.properties + - mountPath: /opt/app/aai-traversal/resources/etc/appprops/aaiconfig.properties + name: {{ include "common.fullname" . }}-config + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-GQ + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/aai-traversal/resources/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /opt/app/aai-traversal/resources/localhost-access-logback.xml + name: {{ include "common.fullname" . }}-config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-traversal/resources/etc/auth/realm.properties + name: {{ include "common.fullname" . }}-config + subPath: realm.properties + - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.keyfile + name: {{ include "common.fullname" . }}-aaf-certs + subPath: org.onap.aai.keyfile + - mountPath: /opt/app/aai-traversal/resources/aaf/bath_config.csv + name: {{ include "common.fullname" . }}-aaf-certs + subPath: bath_config.csv + - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.props + name: {{ include "common.fullname" . }}-aaf-properties + subPath: org.onap.aai.props + - mountPath: /opt/app/aai-traversal/resources/aaf/org.osaaf.location.props + name: {{ include "common.fullname" . }}-aaf-properties + subPath: org.osaaf.location.props + - mountPath: /opt/app/aai-traversal/resources/aaf/permissions.properties + name: {{ include "common.fullname" . }}-aaf-properties + subPath: permissions.properties + - mountPath: /opt/app/aai-traversal/resources/cadi.properties + name: {{ include "common.fullname" . }}-aaf-properties + subPath: cadi.properties + - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.p12 + name: {{ include "common.fullname" . }}-aaf-certs + subPath: org.onap.aai.p12 + - mountPath: /opt/app/aai-traversal/resources/aaf/truststoreONAPall.jks + name: aai-common-aai-auth-mount + subPath: truststoreONAPall.jks + - mountPath: /opt/app/aai-traversal/resources/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-traversal/resources/etc/auth/{{ . }} + name: {{ include "common.fullname" $global }}-auth-truststore-sec + subPath: {{ . }} + {{ end }} + ports: + - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPort2 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: {{ include "common.fullname" . }}-filebeat + resources: +{{ include "common.resources" . }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-aaf-properties + configMap: + name: {{ include "common.fullname" . }}-aaf-props + - name: {{ include "common.fullname" . }}-aaf-certs + secret: + secretName: {{ include "common.fullname" . }}-aaf-keys + - name: aai-common-aai-auth-mount + secret: + secretName: aai-common-aai-auth + - name: {{ include "common.fullname" . }}-auth-truststore-sec + secret: + secretName: aai-common-truststore + items: + {{ range $job := .Values.global.config.auth.files }} + - key: {{ . }} + path: {{ . }} + {{ end }} + restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/charts/aai-traversal/templates/job.yaml b/charts/aai-traversal/templates/job.yaml new file mode 100644 index 0000000..31db068 --- /dev/null +++ b/charts/aai-traversal/templates/job.yaml @@ -0,0 +1,136 @@ +# Copyright © 2017-2018 AT&T +# Modifications Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ if .Values.global.jobs.updateQueryData.enabled }} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-update-query-data + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{ if .Values.global.jobs.migration.enabled }} + annotations: + "helm.sh/hook": post-upgrade,post-rollback,post-install + "helm.sh/hook-weight": "2" + "helm.sh/hook-delete-policy": before-hook-creation +{{ end }} +spec: + template: + metadata: + labels: + app: {{ include "common.name" . }}-job + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + spec: + initContainers: + - command: + - /root/ready.py + args: + - --container-name + - aai + {{ if eq .Values.global.aafEnabled true }} + - --container-name + - aaf-locate + {{ end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }}-job + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - bash + - "-c" + - | + set -x + mkdir -p /opt/aai/logroot/AAI-GQ/misc + until nc -w10 -z -v aai.{{.Release.Namespace}} 8443; do echo "Retrying to reach aai on port 8443"; done; + bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh + env: + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-realtime.properties + - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-cached.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-cached.properties + - mountPath: /opt/app/aai-traversal/resources/etc/appprops/aaiconfig.properties + name: {{ include "common.fullname" . }}-config + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-GQ/ + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/aai-traversal/resources/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /opt/app/aai-traversal/resources/localhost-access-logback.xml + name: {{ include "common.fullname" . }}-config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-traversal/resources/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-traversal/resources/etc/auth/{{ . }} + name: {{ include "common.fullname" $global }}-auth-truststore-sec + subPath: {{ . }} + {{ end }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + hostPath: + path: {{ .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}-update-query + - name: {{ include "common.fullname" . }}-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-auth-truststore-sec + secret: + secretName: aai-common-truststore + items: + {{ range $job := .Values.global.config.auth.files }} + - key: {{ . }} + path: {{ . }} + {{ end }} + restartPolicy: OnFailure + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ end }} diff --git a/charts/aai-traversal/templates/service.yaml b/charts/aai-traversal/templates/service.yaml new file mode 100644 index 0000000..d119912 --- /dev/null +++ b/charts/aai-traversal/templates/service.yaml @@ -0,0 +1,44 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + name: {{ .Values.service.portName2 }} + {{- else -}} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + clusterIP: None diff --git a/charts/aai-traversal/values.yaml b/charts/aai-traversal/values.yaml new file mode 100644 index 0000000..63e1444 --- /dev/null +++ b/charts/aai-traversal/values.yaml @@ -0,0 +1,95 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for traversal. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + + +# application image +repository: nexus3.onap.org:10001 +image: onap/aai-traversal:1.4-STAGING-latest +pullPolicy: Always +restartPolicy: Always +flavor: small +# application configuration +config: + + # Specifies timeout information such as application specific and limits + timeout: + # If set to true application will timeout for queries taking longer than limit + enabled: true + # Specifies which apps (X-FromAppId) header should get overridden and (-1) no timeout + appspecific: JUNITTESTAPP1,1|JUNITTESTAPP2,-1|DCAE-CCS,-1|DCAES,-1|AAI-FILEGEN-GFPIP,-1 + # Specifies how long should it wait before timing out the REST request + limit: 180000 + + # Disables the updateQueryData script to run as part of traversal + disableUpdateQuery: true + +persistence: + mountPath: /dockerdata-nfs + mountSubPath: aai/aai-traversal + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + periodSeconds: 60 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: false + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: ClusterIP + portName: aai-traversal-8446 + internalPort: 8446 + portName2: aai-traversal-5005 + internalPort2: 5005 + +ingress: + enabled: false + +# Configure resource requests and limits +# ref: http://kubernetes.io/docs/user-guide/compute-resources/ +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 3Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} diff --git a/requirements.yaml b/requirements.yaml new file mode 100644 index 0000000..24f69b2 --- /dev/null +++ b/requirements.yaml @@ -0,0 +1,28 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~4.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: cassandra + version: ~4.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + condition: global.cassandra.localCluster diff --git a/resources/config/aai/aai_keystore b/resources/config/aai/aai_keystore Binary files differnew file mode 100644 index 0000000..d50b33e --- /dev/null +++ b/resources/config/aai/aai_keystore diff --git a/resources/config/auth/truststoreONAPall.jks b/resources/config/auth/truststoreONAPall.jks Binary files differnew file mode 100644 index 0000000..ff844b1 --- /dev/null +++ b/resources/config/auth/truststoreONAPall.jks diff --git a/resources/config/fproxy/auth/client-cert.p12 b/resources/config/fproxy/auth/client-cert.p12 Binary files differnew file mode 100644 index 0000000..7a4979a --- /dev/null +++ b/resources/config/fproxy/auth/client-cert.p12 diff --git a/resources/config/fproxy/auth/fproxy_truststore b/resources/config/fproxy/auth/fproxy_truststore Binary files differnew file mode 100644 index 0000000..f6ebc75 --- /dev/null +++ b/resources/config/fproxy/auth/fproxy_truststore diff --git a/resources/config/fproxy/auth/tomcat_keystore b/resources/config/fproxy/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000..d68bf73 --- /dev/null +++ b/resources/config/fproxy/auth/tomcat_keystore diff --git a/resources/config/haproxy/aai.pem b/resources/config/haproxy/aai.pem new file mode 100644 index 0000000..e6dfd6a --- /dev/null +++ b/resources/config/haproxy/aai.pem @@ -0,0 +1,82 @@ +-----BEGIN CERTIFICATE----- +MIIFATCCA+mgAwIBAgIIWY+5kgf/UH8wDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE +BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp +bnRlcm1lZGlhdGVDQV85MB4XDTE5MDMyNjAzMjc1MloXDTIwMDMyNjAzMjc1Mlow +azERMA8GA1UEAwwIYWFpLm9uYXAxDzANBgkqhkiG9w0BCQEWADEZMBcGA1UECwwQ +YWFpQGFhaS5vbmFwLm9yZzEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAx +CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyZj +PvQrgB2bhyE3kpSH6OjXigs/+MfmV4eOrEwmMzQ1lWjItu2z5WY9xNGCky85G3Pr +qmCfT/qNPXd0W5kEujYlL0QnvrCa77WP3kSSu0kMKdUJV3S90Rp1SOhGFU/WroAQ +XvlzyBCunqQ9/F/L6mS8dLotUbkGIQlojAYOukWOT/+ogMMxzpxtb91QR+Wl4YeY +yzX//0rls/6nEKzCh2STHJuTkXqL0kod+KY08unpvMX2J/SEeHdWLS8Gsuus6oqM +r4bFyquua/U1ApxEMn0/agY58V75dF5CRPJRYrqqf9I6DBr0SntHv6pzMhokjewl +ukkrEsvIOkqEvIcE+QIDAQABo4IByzCCAccwCQYDVR0TBAIwADAOBgNVHQ8BAf8E +BAMCBeAwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMFQGA1UdIwRN +MEuAFIH3mVsQuciM3vNSXupOaaBDPqzdoTCkLjAsMQ4wDAYDVQQLDAVPU0FBRjEN +MAsGA1UECgwET05BUDELMAkGA1UEBhMCVVOCAQcwHQYDVR0OBBYEFFziBN1nFOnS +Sp7XkxOuzVNR1GFLMIIBEQYDVR0RBIIBCDCCAQSCCGFhaS5vbmFwghJhYWktc3Bh +cmt5LWJlLm9uYXCCG2FhaS5hcGkuc2ltcGxlZGVtby5vbmFwLm9yZ4IlYWFpLmVs +YXN0aWNzZWFyY2guc2ltcGxlZGVtby5vbmFwLm9yZ4IlYWFpLmdyZW1saW5zZXJ2 +ZXIuc2ltcGxlZGVtby5vbmFwLm9yZ4IdYWFpLmhiYXNlLnNpbXBsZWRlbW8ub25h +cC5vcmeCJWFhaS5zZWFyY2hzZXJ2aWNlLnNpbXBsZWRlbW8ub25hcC5vcmeCF2Fh +aS5zaW1wbGVkZW1vLm9uYXAub3JnghphYWkudWkuc2ltcGxlZGVtby5vbmFwLm9y +ZzANBgkqhkiG9w0BAQsFAAOCAQEAlqwzbZv/0uxVPmFJMB2t5B2nw3GNojLwxnHh +UVKzrLbDDpM36CkY8uX9kYAaf/Eg8eA5Jp0T9lGCheg0TNHM9OBqyyvDPjewZ5jO +N0xooRs7gh4bYtQaWIjCOg6bXg+mHkW4VVbpewMJYivGpJZQ76LauuHtg1OA688s +fy4SGrbC902OoPZ8zJlINOyljqSa+uNwvv6bg9Iqnuq/jUaFpKOYVUkMzw/ImVzy +3kXH/hY+nz4FNvMPlULgwxskOBRp90a5VWBC48cNzg4aNtanVz6lPAr/AVD1R6jt +ZDEd3Ww8nTlRKjUryxgoorqo8ThctZscWBpHMRW4B/LgGEYtRA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB +RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN +MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG +A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL +neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d +o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3 +nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV +v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO +15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw +gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV +M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q +ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl +u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+ ++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/ +QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht +8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX +kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3 +aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky +uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w +tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep +BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k= +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAuyZjPvQrgB2bhyE3kpSH6OjXigs/+MfmV4eOrEwmMzQ1lWjI +tu2z5WY9xNGCky85G3PrqmCfT/qNPXd0W5kEujYlL0QnvrCa77WP3kSSu0kMKdUJ +V3S90Rp1SOhGFU/WroAQXvlzyBCunqQ9/F/L6mS8dLotUbkGIQlojAYOukWOT/+o +gMMxzpxtb91QR+Wl4YeYyzX//0rls/6nEKzCh2STHJuTkXqL0kod+KY08unpvMX2 +J/SEeHdWLS8Gsuus6oqMr4bFyquua/U1ApxEMn0/agY58V75dF5CRPJRYrqqf9I6 +DBr0SntHv6pzMhokjewlukkrEsvIOkqEvIcE+QIDAQABAoIBAEe1OrvJZM2PCqOp +N5jjbnvwk32iN93EAl8xYppkBxMBgzJ/VsC4rYBNP4elWym4I2KAdSDwKrrDXtDZ +b20VYXlT+8VzkOMA2izU3Y4lqi82mwGATjcDVSPExoGr9gZ+c9yi1yL8478ZnT7N +4a5Mql5iQM9c8rZodY+9AiD8xTHbgXbaGmBsDhTxT/HPDsoacR/SHMh3XowbhAcs +eXAe+NdDtLcG6WOEqi/EhkagkWvsecIBoy888Ffbxa5h/DLEaCCoC3Dw1tWFX8KM +86sC9sQKDVRVKpKs2/9MGl9LoPi9jNDrOP6/Zx3T4k479ozGp/0G70LzmUcih72j +MUbr4f0CgYEA/AV0yOLZh0i2K53jpv3e8RDJkOBFuLb0ZZVdGkVYHncw9/WY070E +TJi0B51RAJtdSksAWa6o+1+VaJKQHtMZpABwMWDMRQUqdC+o+knONRpdCHwxXnSl +gvujFyYJhURKDr42z0xjbQrHaEZRuVJ6tzJQhFtE66G01ngREhDPbUsCgYEAvhrB +A/IOQpPaHcfU2ik80VE0KU9N4Ez50ZlheEbBDVTrMWzuFy8p9niNSfDKC7s5aqlP +DgDvTD80D8Zw6+yT/aDU5iEf5vMdKc1pnlr8jJoCNSvuyJZ40kDSehsBOKC+YN3g +b6xaYWIcH3mwwoLZO9XFsN5KAg/dSMJED8AGAEsCgYAduMMCIgbHdqLNWAyOGCif +w3wSEvEGDMWb6VaWj5EJ3sKuq48/gW4tXmD0+O+ho7EH3vqGmRuisa4cLBTFHd5L +QiX5HNJaXXaZRzmlcujXyGkqZAMqgZU3clfUlg7PYbNeM76hCgA7zuaffJOMyJZi +XpOyWFUzeNmr5XMV71eXKwKBgEtgzFvGJMVdXsUkMU/3vfe5XRdsLJLdssjbKnzI +gU/J9h/480caGmdyUYOaCGMyb4fNbl09HaV8AianJqtFeUC9/uzpAX9PsqaanmB9 +71nIz0tKCjpa/7lOnqZwAsHzasl58L4W9xdaEZChbecSfxRspSCGY44BwFpTPS2J +lFeVAoGAFOetqKStyEy+qruEOMk+lWwaKLGZ4hLk7qmFochxwrXgx7hcZ4Zrqkv9 +7qyQtbAalFiCHGmLBdSb+GLfD/1pPUA3wJoLo/I3f4g9c7cw7m7r8MdWPDXSL2Vk +vM97Syv92KQUBl8te7S3+bDBNklgb+KwRqSk3QRAl8ARWEjg8Kk= +-----END RSA PRIVATE KEY----- diff --git a/resources/config/haproxy/haproxy-pluggable-security.cfg b/resources/config/haproxy/haproxy-pluggable-security.cfg new file mode 100644 index 0000000..1c82050 --- /dev/null +++ b/resources/config/haproxy/haproxy-pluggable-security.cfg @@ -0,0 +1,138 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global + log /dev/log local0 + stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin + stats timeout 30s + user root + group root + daemon + ################################# + # Default SSL material locations# + ################################# + ca-base /etc/ssl/certs + crt-base /etc/ssl/private + + # Default ciphers to use on SSL-enabled listening sockets. + # For more information, see ciphers(1SSL). This list is from: + # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ + # An alternative list with additional directives can be obtained from + # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy + tune.ssl.default-dh-param 2048 + +defaults + log global + mode http + option httplog + option ssl-hello-chk + option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ== + default-server init-addr none +# option dontlognull +# errorfile 400 /etc/haproxy/errors/400.http +# errorfile 403 /etc/haproxy/errors/403.http +# errorfile 408 /etc/haproxy/errors/408.http +# errorfile 500 /etc/haproxy/errors/500.http +# errorfile 502 /etc/haproxy/errors/502.http +# errorfile 503 /etc/haproxy/errors/503.http +# errorfile 504 /etc/haproxy/errors/504.http + + option http-server-close + option forwardfor except 127.0.0.1 + retries 6 + option redispatch + maxconn 50000 + timeout connect 50000 + timeout client 480000 + timeout server 480000 + timeout http-keep-alive 30000 + + +frontend IST_8443 + mode http + bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem +# log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r + log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r" + option httplog + log global + option logasap + option forwardfor + capture request header Host len 100 + capture response header Host len 100 + option log-separate-errors + option forwardfor + http-request set-header X-Forwarded-Proto https if { ssl_fc } + http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used } + http-request set-header X-AAI-SSL %[ssl_fc] + http-request set-header X-AAI-SSL-Client-Verify %[ssl_c_verify] + http-request set-header X-AAI-SSL-Client-DN %{+Q}[ssl_c_s_dn] + http-request set-header X-AAI-SSL-Client-CN %{+Q}[ssl_c_s_dn(cn)] + http-request set-header X-AAI-SSL-Issuer %{+Q}[ssl_c_i_dn] + http-request set-header X-AAI-SSL-Client-NotBefore %{+Q}[ssl_c_notbefore] + http-request set-header X-AAI-SSL-Client-NotAfter %{+Q}[ssl_c_notafter] + http-request set-header X-AAI-SSL-ClientCert-Base64 %{+Q}[ssl_c_der,base64] + http-request set-header X-AAI-SSL-Client-OU %{+Q}[ssl_c_s_dn(OU)] + http-request set-header X-AAI-SSL-Client-L %{+Q}[ssl_c_s_dn(L)] + http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)] + http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)] + http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)] + reqadd X-Forwarded-Proto:\ https + reqadd X-Forwarded-Port:\ 8443 + +####################### +#ACLS FOR PORT 8446#### +####################### + + acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$ + acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$ + acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$ + acl is_named-query path_beg -i /aai/search/named-query + acl is_search-model path_beg -i /aai/search/model + use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model + + default_backend IST_Default_8447 + + +####################### +#DEFAULT BACKEND 847### +####################### + +backend IST_Default_8447 + balance roundrobin + http-request set-header X-Forwarded-Port %[src_port] + http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; + server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none + + +####################### +# BACKEND 8446######### +####################### + +backend IST_AAI_8446 + balance roundrobin + http-request set-header X-Forwarded-Port %[src_port] + http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; + server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none + +listen IST_AAI_STATS + mode http + bind *:8080 + stats uri /stats + stats enable + stats refresh 30s + stats hide-version + stats auth admin:admin + stats show-legends + stats show-desc IST AAI APPLICATION NODES + stats admin if TRUE diff --git a/resources/config/haproxy/haproxy.cfg b/resources/config/haproxy/haproxy.cfg new file mode 100644 index 0000000..8beae0e --- /dev/null +++ b/resources/config/haproxy/haproxy.cfg @@ -0,0 +1,138 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global + log /dev/log local0 + stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin + stats timeout 30s + user root + group root + daemon + ################################# + # Default SSL material locations# + ################################# + ca-base /etc/ssl/certs + crt-base /etc/ssl/private + + # Default ciphers to use on SSL-enabled listening sockets. + # For more information, see ciphers(1SSL). This list is from: + # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ + # An alternative list with additional directives can be obtained from + # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy + tune.ssl.default-dh-param 2048 + +defaults + log global + mode http + option httplog + option ssl-hello-chk + option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ QUFJOkFBSQ== + default-server init-addr none +# option dontlognull +# errorfile 400 /etc/haproxy/errors/400.http +# errorfile 403 /etc/haproxy/errors/403.http +# errorfile 408 /etc/haproxy/errors/408.http +# errorfile 500 /etc/haproxy/errors/500.http +# errorfile 502 /etc/haproxy/errors/502.http +# errorfile 503 /etc/haproxy/errors/503.http +# errorfile 504 /etc/haproxy/errors/504.http + + option http-server-close + option forwardfor except 127.0.0.1 + retries 6 + option redispatch + maxconn 50000 + timeout connect 50000 + timeout client 480000 + timeout server 480000 + timeout http-keep-alive 30000 + + +frontend IST_8443 + mode http + bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem +# log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r + log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r" + option httplog + log global + option logasap + option forwardfor + capture request header Host len 100 + capture response header Host len 100 + option log-separate-errors + option forwardfor + http-request set-header X-Forwarded-Proto https if { ssl_fc } + http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used } + http-request set-header X-AAI-SSL %[ssl_fc] + http-request set-header X-AAI-SSL-Client-Verify %[ssl_c_verify] + http-request set-header X-AAI-SSL-Client-DN %{+Q}[ssl_c_s_dn] + http-request set-header X-AAI-SSL-Client-CN %{+Q}[ssl_c_s_dn(cn)] + http-request set-header X-AAI-SSL-Issuer %{+Q}[ssl_c_i_dn] + http-request set-header X-AAI-SSL-Client-NotBefore %{+Q}[ssl_c_notbefore] + http-request set-header X-AAI-SSL-Client-NotAfter %{+Q}[ssl_c_notafter] + http-request set-header X-AAI-SSL-ClientCert-Base64 %{+Q}[ssl_c_der,base64] + http-request set-header X-AAI-SSL-Client-OU %{+Q}[ssl_c_s_dn(OU)] + http-request set-header X-AAI-SSL-Client-L %{+Q}[ssl_c_s_dn(L)] + http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)] + http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)] + http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)] + reqadd X-Forwarded-Proto:\ https + reqadd X-Forwarded-Port:\ 8443 + +####################### +#ACLS FOR PORT 8446#### +####################### + + acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$ + acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$ + acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$ + acl is_named-query path_beg -i /aai/search/named-query + acl is_search-model path_beg -i /aai/search/model + use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model + + default_backend IST_Default_8447 + + +####################### +#DEFAULT BACKEND 847### +####################### + +backend IST_Default_8447 + balance roundrobin + http-request set-header X-Forwarded-Port %[src_port] + http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; + server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none + + +####################### +# BACKEND 8446######### +####################### + +backend IST_AAI_8446 + balance roundrobin + http-request set-header X-Forwarded-Port %[src_port] + http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; + server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none + +listen IST_AAI_STATS + mode http + bind *:8080 + stats uri /stats + stats enable + stats refresh 30s + stats hide-version + stats auth admin:admin + stats show-legends + stats show-desc IST AAI APPLICATION NODES + stats admin if TRUE diff --git a/resources/config/log/filebeat/filebeat.yml b/resources/config/log/filebeat/filebeat.yml new file mode 100644 index 0000000..39cc6db --- /dev/null +++ b/resources/config/log/filebeat/filebeat.yml @@ -0,0 +1,55 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase diff --git a/resources/config/rproxy/auth/client-cert.p12 b/resources/config/rproxy/auth/client-cert.p12 Binary files differnew file mode 100644 index 0000000..dbf4fca --- /dev/null +++ b/resources/config/rproxy/auth/client-cert.p12 diff --git a/resources/config/rproxy/auth/org.onap.aai.p12 b/resources/config/rproxy/auth/org.onap.aai.p12 Binary files differnew file mode 100644 index 0000000..023e2ea --- /dev/null +++ b/resources/config/rproxy/auth/org.onap.aai.p12 diff --git a/resources/config/rproxy/auth/tomcat_keystore b/resources/config/rproxy/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000..99129c1 --- /dev/null +++ b/resources/config/rproxy/auth/tomcat_keystore diff --git a/resources/config/rproxy/security/keyfile b/resources/config/rproxy/security/keyfile new file mode 100644 index 0000000..3416d4a --- /dev/null +++ b/resources/config/rproxy/security/keyfile @@ -0,0 +1,27 @@ +2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf +jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm +4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe +moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf +GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT +74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh +iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb +p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt +3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW +hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7 +RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX +xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk +8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q +ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i +5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe +GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE +_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k +zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf +S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU +LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw +hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W +nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP +bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN +JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk +Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y +J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP +mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF
\ No newline at end of file diff --git a/templates/configmap.yaml b/templates/configmap.yaml new file mode 100644 index 0000000..651bf8d --- /dev/null +++ b/templates/configmap.yaml @@ -0,0 +1,103 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# this is a shared resource for subcharts +apiVersion: v1 +kind: ConfigMap +metadata: + name: aai-filebeat + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: aai-deployment-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ if .Values.global.installSidecarSecurity }} +{{ tpl (.Files.Glob "resources/config/haproxy/haproxy-pluggable-security.cfg").AsConfig . | indent 2 }} +{{ else }} +{{ tpl (.Files.Glob "resources/config/haproxy/haproxy.cfg").AsConfig . | indent 2 }} +{{ end }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: aai-haproxy-secret + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/haproxy/aai.pem").AsSecrets . | indent 2 }} +# This is a shared key for both resources and traversal +--- +apiVersion: v1 +kind: Secret +metadata: + name: aai-auth-truststore-secret + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: aai-fproxy-auth-certs + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/fproxy/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: aai-rproxy-auth-certs + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/rproxy/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: aai-rproxy-security-config + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/rproxy/security/*").AsSecrets . | indent 2 }} +{{ end }}
\ No newline at end of file diff --git a/templates/deployment.yaml b/templates/deployment.yaml new file mode 100644 index 0000000..8c10730 --- /dev/null +++ b/templates/deployment.yaml @@ -0,0 +1,131 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + name: {{ .Release.Name }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + spec: + initContainers: + - command: + - /root/ready.py + args: + - --container-name + - aai-resources + - --container-name + - aai-traversal + - --container-name + - aai-graphadmin + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }} + image: "{{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /dev/log + name: aai-service-log + - mountPath: /usr/local/etc/haproxy/haproxy.cfg + {{ if .Values.global.installSidecarSecurity }} + subPath: haproxy-pluggable-security.cfg + {{ else }} + subPath: haproxy.cfg + {{ end }} + name: haproxy-cfg + - mountPath: /etc/ssl/private/aai.pem + name: aai-pem + subPath: aai.pem + ports: + - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPort2 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort2 }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + httpGet: + path: /aai/util/echo + port: {{ .Values.service.internalPort2 }} + scheme: HTTPS + httpHeaders: + - name: X-FromAppId + value: OOM_ReadinessCheck + {{ if .Values.global.installSidecarSecurity }} + - name: Authorization + value: Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ== + {{ end }} + - name: X-TransactionId + value: {{ uuidv4 }} + - name: Accept + value: application/json + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: aai-service-log + hostPath: + path: "/dev/log" + - name: haproxy-cfg + configMap: + name: aai-deployment-configmap + - name: aai-pem + secret: + secretName: aai-haproxy-secret + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/templates/secret.yaml b/templates/secret.yaml new file mode 100644 index 0000000..f01f11d --- /dev/null +++ b/templates/secret.yaml @@ -0,0 +1,36 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: aai-common-aai-auth + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: aai-common-truststore + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }} diff --git a/templates/service.yaml b/templates/service.yaml new file mode 100644 index 0000000..91bdb2e --- /dev/null +++ b/templates/service.yaml @@ -0,0 +1,47 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + ports: + {{if eq .Values.service.type "NodePort" -}} + - name: {{ .Values.service.portName }} + port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + - name: {{ .Values.service.portName2 }} + port: {{ .Values.service.externalPort2 }} + targetPort: {{ .Values.service.internalPort2 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.externalPort2 }} + targetPort: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 }} + {{- end}} + type: {{ .Values.service.type }} + selector: + app: {{ include "common.name" . }} + clusterIP: {{ .Values.service.aaiServiceClusterIp }} diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..b2e17af --- /dev/null +++ b/values.yaml @@ -0,0 +1,376 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for aai. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + repository: nexus3.onap.org:10001 + dockerhubRepository: docker.io + busyboxImage: busybox + + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + + restartPolicy: Always + + installSidecarSecurity: false + aafEnabled: true + + fproxy: + name: forward-proxy + activeSpringProfiles: noHostVerification,cadi + image: onap/fproxy:2.1-STAGING-latest + port: 10680 + + rproxy: + name: reverse-proxy + activeSpringProfiles: noHostVerification,cadi + image: onap/rproxy:2.1-STAGING-latest + port: 10692 + + tproxyConfig: + name: init-tproxy-config + image: onap/tproxy-config:2.1-STAGING-latest + + # AAF server details. Only needed if the AAF DNS does not resolve from the pod + aaf: + serverIp: 10.12.6.214 + serverHostname: aaf.osaaf.org + serverPort: 30247 + + cassandra: + #This will instantiate AAI cassandra cluster, default:shared cassandra. + localCluster: false + + #Service Name of the cassandra cluster to connect to. + #Override it to aai-cassandra if localCluster is enabled. + serviceName: cassandra + + #This should be same as shared cassandra instance or if localCluster is enabled + #then it should be same as aai-cassandra replicaCount + replicas: 3 + + aai: + serviceName: aai + babel: + serviceName: aai-babel + champ: + serviceName: aai-champ + aaiElasticsearch: + serviceName: aai-elasticsearch + resources: + serviceName: aai-resources + sparkyBe: + serviceName: aai-sparky-be + dataRouter: + serviceName: aai-data-router + gizmo: + serviceName: aai-gizmo + modelloader: + serviceName: aai-modelloader + searchData: + serviceName: aai-search-data + traversal: + serviceName: aai-traversal + graphadmin: + serviceName: aai-graphadmin + spike: + serviceName: aai-spike + + initContainers: + enabled: true + # Specifies a list of jobs to be run + jobs: + # When enabled, it will create the schema based on oxm and edge rules + createSchema: + enabled: true + # When enabled, it will create the widget models via REST API to haproxy + updateQueryData: + enabled: true + #migration using helm hooks + migration: + enabled: false + remoteCassandra: + enabled: false + storage: + backend: cassandra + hostname: 10.10.10.10 + connectionTimeout: 100000 + cacheSize: 1000000 + keyConsistent: true + + #If backend is cql or cassandra it should be keyspace name + #else backend is hbase it should be hbase table name + name: aaigraph + + ## CQL driver specific properties for janusgraph + # cql: + # #Name of the Cassandra Cluster + # cluster: someclustername + # readConsistency: QUORUM + # writeConsistency: QUORUM + # replicationFactor: 3 + # localConsistencyForSysOps: true + + ## Cassandra driver specific properties for janusgraph + cassandra: + #Name of the Cassandra Cluster + clusterName: aai-cluster + localDataCenter: Pod lab + readConsistency: LOCAL_QUORUM + writeConsistency: LOCAL_QUORUM + replicationFactor: 3 + + #storage: + # backend: cassandra + # hostname: somehost1,somehost2,somehost3 + # connectionTimeout: 100000 + # cacheSize: 1000000 + # clusterName: someClusterName + # localDataCenter: someDataCenter + # keyConsistent: true + # #If backend is cql or cassandra it should be keyspace name + # #else backend is hbase it should be hbase table name + # name: your_hbase_table_or_keyspace_name + + ## CQL driver specific properties for janusgraph + # cql: + # #Name of the Cassandra Cluster + # cluster: someclustername + # readConsistency: QUORUM + # writeConsistency: QUORUM + # replicationFactor: 3 + # localConsistencyForSysOps: true + + ## Cassandra driver specific properties for janusgraph + # cassandra: + # #Name of the Cassandra Cluster + # cluster: someclustername + # readConsistency: LOCAL_QUORUM + # writeConsistency: LOCAL_QUORUM + # replicationFactor: 3 + + + # Common configuration for resources traversal and graphadmin + config: + # User information for the admin user in container + userId: 1000 + groupId: 1000 + + # Specifies that the cluster connected to a dynamic + # cluster being spinned up by kubernetes deployment + cluster: + cassandra: + dynamic: true + + # If cluster.cassandra.dynamic is set to false + # Then the following configuration should be uncommented + # This is if you are planning to connect to a existing + # Cassandra cluster instead of doing the deployment + #storage: + # backend: cassandra + # hostname: somehost1,somehost2,somehost3 + # connectionTimeout: 100000 + # cacheSize: 1000000 + # clusterName: someClusterName + # localDataCenter: someDataCenter + # keyConsistent: true + # # If backend is cql or cassandra it should be keyspace name + # # else backend is hbase it should be hbase table name + # name: your_hbase_table_or_keyspace_name + + # # CQL driver specific properties for janusgraph + # cql: + # # Name of the Cassandra Cluster + # cluster: someclustername + # readConsistency: QUORUM + # writeConsistency: QUORUM + # replicationFactor: 3 + # localConsistencyForSysOps: true + + # # Cassandra driver specific properties for janusgraph + # cassandra: + # # Name of the Cassandra Cluster + # cluster: someclustername + # readConsistency: LOCAL_QUORUM + # writeConsistency: LOCAL_QUORUM + # replicationFactor: 3 + + # Specifies if the basic authorization is enabled + basic: + auth: + enabled: true + username: AAI + passwd: AAI + + # Active spring profiles for the resources microservice + profiles: + active: production,dmaap,aaf-auth + + # Notification event specific properties + notification: + eventType: AAI-EVENT + domain: dev + + # Schema specific properties that include supported versions of api + schema: + # Specifies if the connection should be one way ssl, two way ssl or no auth + service: + client: one-way-ssl + # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service + translator: + list: schema-service + source: + # Specifies which folder to take a look at + name: onap + uri: + # Base URI Path of the application + base: + path: /aai + version: + # Current version of the REST API + api: + default: v16 + # Specifies which version the depth parameter is configurable + depth: v11 + # List of all the supported versions of the API + list: v11,v12,v13,v14,v15,v16 + # Specifies from which version related link should appear + related: + link: v11 + # Specifies from which version the app root change happened + app: + root: v11 + # Specifies from which version the xml namespace changed + namespace: + change: v12 + # Specifies from which version the edge label appeared in API + edge: + label: v12 + + # Keystore configuration password and filename + keystore: + filename: aai_keystore + passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 + + # Truststore configuration password and filename + truststore: + filename: aai_keystore + passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 + + # Specifies a list of files to be included in auth volume + auth: + files: + - aai_keystore + + # Specifies which clients should always default to realtime graph connection + realtime: + clients: SDNC,MSO,SO,robot-ete + + # Logback debug enabled + logback: + console: + # If enabled, container will print all logback to standard output + # This will make debugging much easier but it should only be done + # when debugging the issue and changed back as it can affect performance + # since when this is enabled, it prints a lot of information to console + enabled: false + +# application image +dockerhubRepository: registry.hub.docker.com +image: aaionap/haproxy:1.4.0 +pullPolicy: Always + +flavor: small + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +config: + logstashServiceName: log-ls + logstashPort: 5044 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +#This section is used when localCluster is enabled. AAI will create its own cassandra cluster for its specific use. +#Below command will instantiate the aai cassandra instances: +#helm deploy demo local/onap --version=4.0.0 --namespace onap --set aai.enabled=true \ +# --set aai.global.cassandra.localCluster=true \ +# --set aai.global.cassandra.serviceName=aai-cassandra +cassandra: + nameOverride: aai-cassandra + replicaCount: 3 + service: + name: aai-cassandra + persistence: + mountSubPath: aai/cassandra + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: NodePort + portName: aai + externalPort: 8080 + internalPort: 8080 + nodePort: 32 + portName2: aai-ssl + externalPort2: 8443 + internalPort2: 8443 + nodePort2: 33 + # POLICY hotfix - Note this must be temporary + # See https://jira.onap.org/browse/POLICY-510 + aaiServiceClusterIp: + +ingress: + enabled: false + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} |