diff options
| -rw-r--r-- | blueprints/DeploymentHandler.yaml-template | 2 | ||||
| -rw-r--r-- | blueprints/k8s-config_binding_service.yaml-template | 2 | ||||
| -rw-r--r-- | blueprints/k8s-deployment_handler.yaml-template | 7 | ||||
| -rw-r--r-- | blueprints/k8s-holmes-engine.yaml-template | 4 | ||||
| -rw-r--r-- | blueprints/k8s-holmes-rules.yaml-template | 5 | ||||
| -rw-r--r-- | blueprints/k8s-hv-ves.yaml-template | 73 | ||||
| -rw-r--r-- | blueprints/k8s-policy_handler.yaml-template | 5 | ||||
| -rw-r--r-- | blueprints/k8s-prh.yaml-template | 4 | ||||
| -rw-r--r-- | blueprints/k8s-snmptrap.yaml-template | 125 | ||||
| -rw-r--r-- | blueprints/k8s-tca.yaml-template | 4 | ||||
| -rw-r--r-- | blueprints/policy_handler.yaml-template | 2 | ||||
| -rw-r--r-- | input-templates/phinputs.yaml | 24 |
12 files changed, 228 insertions, 29 deletions
diff --git a/blueprints/DeploymentHandler.yaml-template b/blueprints/DeploymentHandler.yaml-template index ffdd25f..ebb7c83 100644 --- a/blueprints/DeploymentHandler.yaml-template +++ b/blueprints/DeploymentHandler.yaml-template @@ -44,7 +44,7 @@ inputs: deployment_handler_image: description: Docker image for deployment handler - default: '{{ ONAPTEMPLATE_DOCKERREGURL_org_onap_dcaegen2_releases }}/onap/org.onap.dcaegen2.platform.deployment-handler:3.0.1' + default: '{{ ONAPTEMPLATE_DOCKERREGURL_org_onap_dcaegen2_releases }}/onap/org.onap.dcaegen2.platform.deployment-handler:3.0.2' application_config: description: deployment handler application configuration (to override defaults) diff --git a/blueprints/k8s-config_binding_service.yaml-template b/blueprints/k8s-config_binding_service.yaml-template index 52cb457..1d52552 100644 --- a/blueprints/k8s-config_binding_service.yaml-template +++ b/blueprints/k8s-config_binding_service.yaml-template @@ -30,7 +30,7 @@ inputs: cbs_image: description: Docker image for config binding service - default: {{ ONAPTEMPLATE_DOCKERREGURL_org_onap_dcaegen2_releases }}/onap/org.onap.dcaegen2.platform.configbinding:2.1.5 + default: {{ ONAPTEMPLATE_DOCKERREGURL_org_onap_dcaegen2_releases }}/onap/org.onap.dcaegen2.platform.configbinding.app-app:2.2.3 replicas: description: Number of instances to launch type: integer diff --git a/blueprints/k8s-deployment_handler.yaml-template b/blueprints/k8s-deployment_handler.yaml-template index 97c2228..feaff0c 100644 --- a/blueprints/k8s-deployment_handler.yaml-template +++ b/blueprints/k8s-deployment_handler.yaml-template @@ -31,7 +31,7 @@ inputs: deployment_handler_image: description: Docker image for deployment handler - default: {{ ONAPTEMPLATE_DOCKERREGURL_org_onap_dcaegen2_releases }}/onap/org.onap.dcaegen2.platform.deployment-handler:3.0.1 + default: {{ ONAPTEMPLATE_DOCKERREGURL_org_onap_dcaegen2_releases }}/onap/org.onap.dcaegen2.platform.deployment-handler:3.0.2 application_config: description: deployment handler application configuration (to override defaults) default: {} @@ -62,7 +62,7 @@ node_templates: 8443 docker_config: healthcheck: - type: 'http' + type: 'https' interval: '300s' timeout: '5s' endpoint: '/' @@ -72,6 +72,9 @@ node_templates: version: 'v4' log_info: log_directory: '/opt/app/dh/log' + tls_info: + cert_directory: '/opt/app/dh/etc/cert/' + use_tls: true # Inject CM password through environment variable # so that it does not appear in Consul interfaces: diff --git a/blueprints/k8s-holmes-engine.yaml-template b/blueprints/k8s-holmes-engine.yaml-template index 0c4eacf..ebf0df1 100644 --- a/blueprints/k8s-holmes-engine.yaml-template +++ b/blueprints/k8s-holmes-engine.yaml-template @@ -70,6 +70,8 @@ node_templates: { get_attribute: [ pgaasvm, admin, user ] } MSB_ADDR: get_input: msb_hostname + ports: + - '9102:0' properties: name: 'holmes-engine-mgmt' dns_name: 'holmes-engine-mgmt' @@ -96,8 +98,6 @@ node_templates: interval: 15s timeout: 1s type: http - ports: - - 9102:0 image: { get_input: he_image } # need to use truncated name!! #service_component_type: dcae-analytics-holmes-engin-management diff --git a/blueprints/k8s-holmes-rules.yaml-template b/blueprints/k8s-holmes-rules.yaml-template index 9662a43..e1ded8a 100644 --- a/blueprints/k8s-holmes-rules.yaml-template +++ b/blueprints/k8s-holmes-rules.yaml-template @@ -59,6 +59,9 @@ node_templates: { get_attribute: [ pgaasvm, admin, user ] } MSB_ADDR: get_input: msb_hostname + ports: + - '9101:0' + - '9104:0' properties: name: 'holmes-rule-mgmt' dns_name: 'holmes-rule-mgmt' @@ -76,8 +79,6 @@ node_templates: interval: 15s timeout: 1s type: http - ports: - - 9101:0 image: { get_input: hr_image } #service_component_type: dcae-analytics-holmes-rule-management relationships: diff --git a/blueprints/k8s-hv-ves.yaml-template b/blueprints/k8s-hv-ves.yaml-template index 3a93c61..1f7cecf 100644 --- a/blueprints/k8s-hv-ves.yaml-template +++ b/blueprints/k8s-hv-ves.yaml-template @@ -20,31 +20,76 @@ tosca_definitions_version: cloudify_dsl_1_3 imports: - - "http://www.getcloudify.org/spec/cloudify/3.4/types.yaml" + - 'http://www.getcloudify.org/spec/cloudify/3.4/types.yaml' - {{ ONAPTEMPLATE_RAWREPOURL_org_onap_dcaegen2_platform_plugins_releases }}/k8splugin/1.4.3/k8splugin_types.yaml inputs: tag_version: type: string - default: "{{ ONAPTEMPLATE_DOCKERREGURL_org_onap_dcaegen2_releases }}/onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:latest" + default: '{{ ONAPTEMPLATE_DOCKERREGURL_org_onap_dcaegen2_releases }}/onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:latest' + hv_ves_name: + type: string + default: 'dcae-hv-ves-collector' replicas: type: integer description: number of instances - default: 1 + default: 1 + host_port: + type: integer + description: Network port that the platform service is expecting to expose on the host + default: 30222 + container_port: + type: integer + description: Network port that the platform service exposes in the container + default: 6061 + consul_host: + type: string + description: Consul endpoint address + default: 'consul-server.onap' + consul_port: + type: integer + description: Consul endpoint port + default: 8500 + kafka_bootstrap_servers: + type: string + default: 'message-router-kafka:9092' + hv_meas_domain: + type: string + default: 'HVMEAS' + hv_meas_kafka_topic: + type: string + default: 'HV_VES_MEASUREMENTS' node_templates: hv-ves: + interfaces: + cloudify.interfaces.lifecycle: + start: + inputs: + envs: + VESHV_CONFIG_URL: + { concat: [ 'http://', { get_input: consul_host }, ':', { get_input: consul_port }, '/v1/kv/', { get_input: hv_ves_name} ] } + VESHV_LISTEN_PORT: + { concat: [ { get_input: container_port }, '' ] } + VESHV_SSL_DISABLE: '' properties: - docker_config: - healthcheck: - endpoint: /health/ready - interval: 15s - timeout: 1s - type: http - image: - get_input: tag_version - replicas: {get_input: replicas} - name: 'dcae-hv-ves-collector' + application_config: + dmaap.kafkaBootstrapServers: { get_input: kafka_bootstrap_servers } + collector.routing: + - fromDomain: { get_input: hv_meas_domain } + toTopic: { get_input: hv_meas_kafka_topic } +# TODO: https://jira.onap.org/browse/DCAEGEN2-794 +# docker_config: +# healthcheck: +# endpoint: /health/ready +# interval: 15s +# timeout: 1s +# type: http + image: { get_input: tag_version } + replicas: { get_input: replicas } + name: { get_input: hv_ves_name } dns_name: 'dcae-hv-ves-collector' + container_port: { get_input: container_port } + host_port: { get_input: host_port } log_info: - log_directory: "/opt/app/HvVesCollector/logs" + log_directory: '/opt/app/HvVesCollector/logs' type: dcae.nodes.ContainerizedPlatformComponent diff --git a/blueprints/k8s-policy_handler.yaml-template b/blueprints/k8s-policy_handler.yaml-template index 62f605a..aea1ae9 100644 --- a/blueprints/k8s-policy_handler.yaml-template +++ b/blueprints/k8s-policy_handler.yaml-template @@ -32,7 +32,7 @@ inputs: policy_handler_image: description: Docker image for policy_handler - default: '{{ ONAPTEMPLATE_DOCKERREGURL_org_onap_dcaegen2_releases }}/onap/org.onap.dcaegen2.platform.policy-handler:4.2.0' + default: '{{ ONAPTEMPLATE_DOCKERREGURL_org_onap_dcaegen2_releases }}/onap/org.onap.dcaegen2.platform.policy-handler:4.4.0' application_config: description: policy handler application configuration - requires info on policy-engine @@ -55,3 +55,6 @@ node_templates: log_info: log_directory: '/opt/app/policy_handler/logs' container_port: 25577 + tls_info: + cert_directory: '/opt/app/policy_handler/etc/tls/certs/' + use_tls: true diff --git a/blueprints/k8s-prh.yaml-template b/blueprints/k8s-prh.yaml-template index f3a1c5a..17bea87 100644 --- a/blueprints/k8s-prh.yaml-template +++ b/blueprints/k8s-prh.yaml-template @@ -2,7 +2,7 @@ # # ============LICENSE_START==================================================== # ============================================================================= -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018 AT&T, NOKIA # ============================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -56,7 +56,7 @@ inputs: default: "admin" tag_version: type: string - default: "{{ ONAPTEMPLATE_DOCKERREGURL_org_onap_dcaegen2_releases }}/onap/org.onap.dcaegen2.services.prh.prh-app-server:latest" + default: "{{ ONAPTEMPLATE_DOCKERREGURL_org_onap_dcaegen2_releases }}/onap/org.onap.dcaegen2.services.prh.prh-app-server:1.0.0" replicas: type: integer description: number of instances diff --git a/blueprints/k8s-snmptrap.yaml-template b/blueprints/k8s-snmptrap.yaml-template new file mode 100644 index 0000000..b679761 --- /dev/null +++ b/blueprints/k8s-snmptrap.yaml-template @@ -0,0 +1,125 @@ +# -*- indent-tabs-mode: nil -*- # vi: set expandtab: +# +# ============LICENSE_START==================================================== +# ============================================================================= +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# ============================================================================= +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END====================================================== + +tosca_definitions_version: cloudify_dsl_1_3 + +imports: + - "http://www.getcloudify.org/spec/cloudify/3.4/types.yaml" + - {{ ONAPTEMPLATE_RAWREPOURL_org_onap_dcaegen2_platform_plugins_releases }}/k8splugin/1.4.3/k8splugin_types.yaml +inputs: + tag_version: + type: string + default: "{{ ONAPTEMPLATE_DOCKERREGURL_org_onap_dcaegen2_releases }}/onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0" + cache: + type: string + default: + dns_cache_ttl_seconds: 60 + files: + type: string + default: + arriving_traps_log: snmptrapd_arriving_traps.log + data_dir: data + eelf_audit: audit.log + eelf_base_dir: /opt/app/snmptrap/logs + eelf_debug: debug.log + eelf_error: error.log + eelf_metrics: metrics.log + log_dir: logs + minimum_severity_to_log: 2 + perm_status_file: snmptrapd_status.log + pid_dir: tmp + roll_frequency: day + runtime_base_dir: /opt/app/snmptrap + snmptrapd_diag: snmptrapd_prog_diag.log + traps_stats_log: snmptrapd_stats.csv + protocols: + type: string + default: + ipv4_interface: 0.0.0.0 + ipv4_port: 6162 + ipv6_interface: ::1 + ipv6_port: 6162 + publisher: + type: string + default: + http_milliseconds_between_retries: 750 + http_milliseconds_timeout: 1500 + http_peer_publisher: unavailable + http_primary_publisher: 'true' + http_retries: 3 + max_milliseconds_between_publishes: 10000 + max_traps_between_publishes: 10 + sec_fault_unsecure_topic: + type: string + default: "http://message-router.onap.svc.cluster.local:3904/events/unauthenticated.ONAP-COLLECTOR-SNMPTRAP" + snmptrapd: + type: string + default: + title: Collector for receiving SNMP traps and publishing to DMAAP/MR + version: 1.4.0 + replicas: + type: integer + description: number of instances + default: 1 + +node_templates: + snmptrap: + interfaces: + cloudify.interfaces.lifecycle: + start: + inputs: + ports: + - '6162:0' + properties: + application_config: + StormWatchPolicy: '' + cache: + get_input: cache + files: + get_input: files + protocols: + get_input: protocols + publisher: + get_input: publisher + services_calls: {} + snmptrapd: + get_input: snmptrapd + sw_interval_in_seconds: 60 + streams_publishes: + sec_fault_unsecure: + dmaap_info: + topic_url: + get_input: sec_fault_unsecure_topic + type: message_router + +# TBA under DCAEGEN2-796 +# docker_config: +# healthcheck: +# interval: 300s +# script: /opt/app/snmptrap/bin/snmptrapd.sh status +# timeout: 120s +# type: docker +# ports: +# - 6162/udp:162 + image: + get_input: tag_version + replicas: {get_input: replicas} + name: 'dcae-snmptrap-collector' + dns_name: 'dcae-snmptrap-collector' + type: dcae.nodes.ContainerizedPlatformComponent diff --git a/blueprints/k8s-tca.yaml-template b/blueprints/k8s-tca.yaml-template index 4771dc5..16ca4a3 100644 --- a/blueprints/k8s-tca.yaml-template +++ b/blueprints/k8s-tca.yaml-template @@ -97,8 +97,8 @@ node_templates: aaiEnrichmentIgnoreSSLCertificateErrors: 'true' aaiEnrichmentPortNumber: '8443' aaiEnrichmentProtocol: https - aaiEnrichmentUserName: DCAE - aaiEnrichmentUserPassword: DCAE + aaiEnrichmentUserName: dcae@dcae.onap.org + aaiEnrichmentUserPassword: demo123456! aaiVMEnrichmentAPIPath: /aai/v11/search/nodes-query aaiVNFEnrichmentAPIPath: /aai/v11/network/generic-vnfs/generic-vnf enableAAIEnrichment: diff --git a/blueprints/policy_handler.yaml-template b/blueprints/policy_handler.yaml-template index b897958..48302c4 100644 --- a/blueprints/policy_handler.yaml-template +++ b/blueprints/policy_handler.yaml-template @@ -39,7 +39,7 @@ inputs: policy_handler_image: description: Docker image for policy_handler - default: '{{ ONAPTEMPLATE_DOCKERREGURL_org_onap_dcaegen2_releases }}/onap/org.onap.dcaegen2.platform.policy-handler:4.2.0' + default: '{{ ONAPTEMPLATE_DOCKERREGURL_org_onap_dcaegen2_releases }}/onap/org.onap.dcaegen2.platform.policy-handler:4.4.0' application_config: description: policy handler application configuration - requires info on policy-engine diff --git a/input-templates/phinputs.yaml b/input-templates/phinputs.yaml index e23d051..50b90b2 100644 --- a/input-templates/phinputs.yaml +++ b/input-templates/phinputs.yaml @@ -47,7 +47,7 @@ application_config: # related to policy-engine itself. policy_engine : url : "http://{{ policy_ip_addr }}:8081" - path_pdp : "/pdp/" + path_notifications : "/pdp/notifications" path_api : "/pdp/api/" headers : Accept : "application/json" @@ -56,6 +56,18 @@ application_config: Authorization : "Basic dGVzdHBkcDphbHBoYTEyMw==" Environment : "TEST" target_entity : "policy_engine" + # optional tls_ca_mode specifies where to find the cacert.pem for tls + # can be one of these: + # "cert_directory" - use the cacert.pem stored locally in cert_directory. + # this is the default if cacert.pem file is found + # + # "os_ca_bundle" - use the public ca_bundle provided by linux system. + # this is the default if cacert.pem file not found + # + # "do_not_verify" - special hack to turn off the verification by cacert and hostname + tls_ca_mode : "cert_directory" + # optional tls_wss_ca_mode specifies the same for the tls based web-socket + tls_wss_ca_mode : "cert_directory" # deploy_handler config # changed from string "deployment_handler" in 2.3.1 to structure in 2.4.0 deploy_handler : @@ -71,3 +83,13 @@ application_config: # optionally specify the tenant name for the cloudify under deployment-handler # if not specified the "default_tenant" is used by the deployment-handler cfy_tenant_name : "default_tenant" + # optional tls_ca_mode specifies where to find the cacert.pem or skip tls verification + # can be one of these: + # "cert_directory" - use the cacert.pem stored locally in cert_directory. + # this is the default if cacert.pem file is found + # + # "os_ca_bundle" - use the public ca_bundle provided by linux system. + # this is the default if cacert.pem file not found + # + # "do_not_verify" - special hack to turn off the verification by cacert and hostname + tls_ca_mode : "cert_directory" |