From 9eb261c143810fca859f27770be766fef4e4a367 Mon Sep 17 00:00:00 2001 From: Michal Ptacek Date: Mon, 15 Oct 2018 15:40:30 +0200 Subject: Add onap specific artifacts lists for download This commit contains data lists of all onap artifacts - pkgs, npms,repos,docker images,maven files, ... needed for beijing onap offline deployment. It also contains patch of OOM repo needed for offline artifacts propagation during onap OOM deployment. Change-Id: I399a1cd7721de581b383dbf34977bd996aef0125 Signed-off-by: Michal Ptacek Signed-off-by: Samuli Silvius Issue-ID: INT-691 --- onap-offline/patches/offline-changes.patch | 372 +++++++++++++++++++++++++++++ 1 file changed, 372 insertions(+) create mode 100644 onap-offline/patches/offline-changes.patch (limited to 'onap-offline/patches/offline-changes.patch') diff --git a/onap-offline/patches/offline-changes.patch b/onap-offline/patches/offline-changes.patch new file mode 100644 index 0000000..b55e58a --- /dev/null +++ b/onap-offline/patches/offline-changes.patch @@ -0,0 +1,372 @@ +diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml +index 1c20977..4b47c63 100644 +--- a/kubernetes/appc/values.yaml ++++ b/kubernetes/appc/values.yaml +@@ -29,7 +29,7 @@ global: + ################################################################# + # application image + repository: nexus3.onap.org:10001 +-image: onap/appc-image:1.4.0-SNAPSHOT-latest ++image: onap/appc-image:1.3.0 + pullPolicy: Always + + # flag to enable debugging - application support required +@@ -37,10 +37,7 @@ debugEnabled: false + + # application configuration + config: +- aafExtIP: 127.0.0.1 +- aafExtFQDN: aaf-onap-beijing-test.osaaf.org + dbRootPassword: openECOMP1.0 +- enableAAF: false + enableClustering: true + configDir: /opt/onap/appc/data/properties + dmaapTopic: SUCCESS +diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml +index 328e058..b359526 100644 +--- a/kubernetes/common/dgbuilder/templates/deployment.yaml ++++ b/kubernetes/common/dgbuilder/templates/deployment.yaml +@@ -35,8 +35,14 @@ spec: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +- command: ["/bin/bash"] +- args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"] ++ command: ++ - /bin/bash ++ - -c ++ - > ++ UPDATE_HOSTS_FILE >> /etc/hosts; ++ UPDATE_NPM_REGISTRY; ++ cd /opt/onap/ccsdk/dgbuilder/; ++ ./start.sh sdnc1.0 && wait + ports: + - containerPort: {{ .Values.service.internalPort }} + readinessProbe: +@@ -94,3 +100,4 @@ spec: + defaultMode: 0755 + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" ++ +diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml +index acda520..8fa35f9 100644 +--- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml ++++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml +@@ -68,6 +68,8 @@ spec: + - mountPath: /etc/localtime + name: localtime + readOnly: true ++ - mountPath: /etc/pki/ca-trust/source/anchors ++ name: root-ca + securityContext: + privileged: True + lifecycle: +@@ -80,6 +82,8 @@ spec: + set -ex + mkdir -p /var/run/secrets/kubernetes.io/ + ln -s /secret /var/run/secrets/kubernetes.io/serviceaccount ++ echo -e '\nREQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-bundle.crt"' >> /etc/sysconfig/cloudify-restservice ++ update-ca-trust extract + volumes: + - name: {{ include "common.fullname" . }}-config + configMap: +@@ -93,5 +97,8 @@ spec: + - name: localtime + hostPath: + path: /etc/localtime ++ - name: root-ca ++ hostPath: ++ path: CERT_PATH + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +diff --git a/kubernetes/dmaap/charts/message-router/templates/deployment.yaml b/kubernetes/dmaap/charts/message-router/templates/deployment.yaml +index 379fc24..4802f8b 100644 +--- a/kubernetes/dmaap/charts/message-router/templates/deployment.yaml ++++ b/kubernetes/dmaap/charts/message-router/templates/deployment.yaml +@@ -48,6 +48,12 @@ spec: + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }} ++ command: ++ - /bin/sh ++ - -c ++ - > ++ UPDATE_HOSTS_FILE >> /etc/hosts; ++ ./startup.sh + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: +diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml +index b8f15e1..fadb56e 100644 +--- a/kubernetes/onap/values.yaml ++++ b/kubernetes/onap/values.yaml +@@ -39,7 +39,8 @@ global: + loggingRepository: docker.elastic.co + + # image pull policy +- pullPolicy: Always ++ #pullPolicy: Always ++ pullPolicy: IfNotPresent + + # default mount path root directory referenced + # by persistent volumes and log files +@@ -66,11 +67,11 @@ appc: + config: + openStackType: OpenStackProvider + openStackName: OpenStack +- openStackKeyStoneUrl: http://localhost:8181/apidoc/explorer/index.html +- openStackServiceTenantName: default +- openStackDomain: default +- openStackUserName: admin +- openStackEncryptedPassword: admin ++ openStackKeyStoneUrl: FILL-ME ++ openStackServiceTenantName: FILL-ME ++ openStackDomain: FILL-ME ++ openStackUserName: FILL-ME ++ openStackEncryptedPassword: FILL-ME + clamp: + enabled: true + cli: +@@ -97,8 +98,11 @@ nbi: + enabled: true + config: + # openstack configuration +- openStackRegion: "Yolo" +- openStackVNFTenantId: "1234" ++ openStackUserName: "FILL-ME" ++ openStackRegion: "FILL-ME" ++ openStackKeyStoneUrl: "FILL-ME" ++ openStackServiceTenantName: "FILL-ME" ++ openStackEncryptedPasswordHere: "FILL-ME" + policy: + enabled: true + portal: +@@ -112,7 +116,11 @@ sdnc: + + replicaCount: 1 + ++ config: ++ enableClustering: false ++ + mysql: ++ disableNfsProvisioner: true + replicaCount: 1 + so: + enabled: true +@@ -129,11 +137,11 @@ so: + # message router configuration + dmaapTopic: "AUTO" + # openstack configuration +- openStackUserName: "vnf_user" +- openStackRegion: "RegionOne" +- openStackKeyStoneUrl: "http://1.2.3.4:5000" +- openStackServiceTenantName: "service" +- openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" ++ openStackUserName: "FILL-ME" ++ openStackRegion: "FILL-ME" ++ openStackKeyStoneUrl: "FILL-ME" ++ openStackServiceTenantName: "FILL-ME" ++ openStackEncryptedPasswordHere: "FILL-ME" + + # configure embedded mariadb + mariadb: +diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh +index 72f7a74..f6b3478 100644 +--- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh ++++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh +@@ -114,7 +114,7 @@ else + url_release + fi + +-wget "${APP_URL}" -O "${DOWNLOAD_DIR}"/apps-"${APP_NAME}".zip ++wget "${APP_URL}" -O "${DOWNLOAD_DIR}"/apps-"${APP_NAME}".zip --no-check-certificate + if [[ $? != 0 ]]; then + echo "ERROR: cannot download ${DOWNLOAD_DIR}/apps-${APP_NAME}.zip" + exit 1 +diff --git a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh +index a6c054d..9e48d55 100644 +--- a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh ++++ b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh +@@ -84,8 +84,8 @@ echo "Restarting PDP-D .." + echo + echo + +-POD=$(kubectl --namespace onap-policy get pods | sed 's/ .*//'| grep drools) +-kubectl --namespace onap-policy exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 5 && policy start" ++POD=$(kubectl --namespace onap get pods | sed 's/ .*//'| grep drools) ++kubectl --namespace onap exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 1 && policy start" + + sleep 20 + +diff --git a/kubernetes/policy/resources/config/pe/push-policies.sh b/kubernetes/policy/resources/config/pe/push-policies.sh +index dcd3afb..21b3171 100644 +--- a/kubernetes/policy/resources/config/pe/push-policies.sh ++++ b/kubernetes/policy/resources/config/pe/push-policies.sh +@@ -22,7 +22,7 @@ echo "Upload BRMS Param Template" + + sleep 2 + +-wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl?h=beijing ++wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl?h=beijing --no-check-certificate + + sleep 2 + +diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml +index aea67c8..06dc17b 100644 +--- a/kubernetes/robot/values.yaml ++++ b/kubernetes/robot/values.yaml +@@ -39,49 +39,49 @@ config: + # Password of the lighthttpd server. Used for HTML auth for webpage access + lightHttpdPassword: robot + # gerrit branch where the latest heat code is checked in +- gerritBranch: 2.0.0-ONAP ++ gerritBranch: master + # gerrit project where the latest heat code is checked in + gerritProject: http://gerrit.onap.org/r/demo.git + + + # Demo configuration + # Nexus demo artifact version. Maps to GLOBAL_INJECTED_ARTIFACTS_VERSION +-demoArtifactsVersion: "1.2.0-SNAPSHOT" ++demoArtifactsVersion: "1.3.0" + # Openstack medium sized flavour name. Maps GLOBAL_INJECTED_VM_FLAVOR + openStackFlavourMedium: "m1.medium" + # Openstack keystone URL. Maps to GLOBAL_INJECTED_KEYSTONE +-openStackKeyStoneUrl: "http://1.2.3.4:5000" ++openStackKeyStoneUrl: "FILL-ME" + # UUID of the Openstack network that can assign floating ips. Maps to GLOBAL_INJECTED_PUBLIC_NET_ID +-openStackPublicNetId: "e8f51958045716781ffc" ++openStackPublicNetId: "FILL-ME" + # password for Openstack tenant where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_PASSWORD +-openStackPassword: "tenantPassword" ++openStackPassword: "FILL-ME" + # Openstack region. Maps to GLOBAL_INJECTED_REGION + openStackRegion: "RegionOne" + # Openstack tenant UUID where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_TENANT_ID +-openStackTenantId: "47899782ed714295b1151681fdfd51f5" ++openStackTenantId: "FILL-ME" + # username for Openstack tenant where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_USERNAME +-openStackUserName: "tenantUsername" ++openStackUserName: "FILL-ME" + # Openstack glance image name for Ubuntu 14. Maps to GLOBAL_INJECTED_UBUNTU_1404_IMAGE +-ubuntu14Image: "Ubuntu_14_trusty" ++ubuntu14Image: "FILL-ME" + # Openstack glance image name for Ubuntu 16. Maps to GLOBAL_INJECTED_UBUNTU_1604_IMAGE +-ubuntu16Image: "Ubuntu_16_xenial" ++ubuntu16Image: "FILL-ME" + # GLOBAL_INJECTED_SCRIPT_VERSION. Maps to GLOBAL_INJECTED_SCRIPT_VERSION +-scriptVersion: "1.2.0-SNAPSHOT" ++scriptVersion: "1.2.1" + # Openstack network to which VNFs will bind their primary (first) interface. Maps to GLOBAL_INJECTED_NETWORK +-openStackPrivateNetId: "e8f51956-00dd-4425-af36-045716781ffc" ++openStackPrivateNetId: "FILL-ME" + + # SDNC Preload configuration + # Openstack subnet UUID for the network defined by openStackPrivateNetId. Maps to onap_private_subnet_id +-openStackPrivateSubnetId: "e8f51956-00dd-4425-af36-045716781ffc" ++openStackPrivateSubnetId: "FILL-ME" + # CIDR notation for the Openstack private network where VNFs will be spawned. Maps to onap_private_net_cidr +-openStackPrivateNetCidr: "10.0.0.0/8" ++openStackPrivateNetCidr: "FILL-ME" + # The first 2 octets of the private Openstack subnet where VNFs will be spawned. + # Needed because sdnc preload templates hardcodes things like this 10.0.${ecompnet}.X + openStackOamNetworkCidrPrefix: "10.0" + # Override with Pub Key for access to VNF +-vnfPubKey: "FILL_IN_WITH_PUB_KEY" +-# Override with DCAE VES Collector external IP +-dcaeCollectorIp: "FILL_IN_WITH_DCAE_VES_COLLECTOR_IP" ++vnfPubKey: "FILL-ME" ++# Override with DCAE VES Collector external IP ++dcaeCollectorIp: "FILL-ME" + + # default number of instances + replicaCount: 1 +@@ -156,4 +156,4 @@ persistence: + accessMode: ReadWriteMany + size: 2Gi + mountPath: /dockerdata-nfs +- mountSubPath: robot/logs +\ No newline at end of file ++ mountSubPath: robot/logs +diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml +index a19c33a..b49e2c4 100644 +--- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml ++++ b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml +@@ -47,8 +47,17 @@ spec: + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }} +- command: ["/bin/bash"] +- args: ["-c", "cd /opt/onap/sdnc && ./startAnsibleServer.sh"] ++ command: ++ - bash ++ - "-c" ++ - | ++ pip install /root/ansible_pkg/*.whl ++ dpkg -i /root/ansible_pkg/*.deb ++ cp /etc/ansible/ansible.cfg /etc/ansible/ansible.cfg.orig ++ cat /etc/ansible/ansible.cfg.orig | sed -e 's/#host_key_checking/host_key_checking/' > /etc/ansible/ansible.cfg ++ touch /tmp/.ansible-server-installed ++ cd /opt/onap/sdnc ++ ./startAnsibleServer.sh + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: +@@ -74,6 +83,8 @@ spec: + - mountPath: {{ .Values.config.configDir }}/RestServer_config + name: config + subPath: RestServer_config ++ - mountPath: /root/ansible_pkg ++ name: ansible-pkg + resources: + {{ toYaml .Values.resources | indent 12 }} + {{- if .Values.nodeSelector }} +@@ -92,5 +103,9 @@ spec: + configMap: + name: {{ include "common.fullname" . }} + defaultMode: 0644 ++ - name: ansible-pkg ++ hostPath: ++ path: /root/ansible_pkg + imagePullSecrets: +- - name: "{{ include "common.namespace" . }}-docker-registry-key" +\ No newline at end of file ++ - name: "{{ include "common.namespace" . }}-docker-registry-key" ++ +diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml +index 87ed6aa..5da236d 100644 +--- a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml ++++ b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml +@@ -49,8 +49,13 @@ spec: + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }} +- command: ["/bin/bash"] +- args: ["-c", "cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh"] ++ command: ++ - /bin/bash ++ - -c ++ - > ++ UPDATE_HOSTS_FILE >> /etc/hosts; ++ UPDATE_NPM_REGISTRY; ++ cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: +diff --git a/kubernetes/uui/charts/uui-server/templates/deployment.yaml b/kubernetes/uui/charts/uui-server/templates/deployment.yaml +index accdff9..fa83daf 100644 +--- a/kubernetes/uui/charts/uui-server/templates/deployment.yaml ++++ b/kubernetes/uui/charts/uui-server/templates/deployment.yaml +@@ -34,6 +34,12 @@ spec: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ++ command: ++ - /bin/bash ++ - -c ++ - > ++ chown -R mysql:mysql /var/lib/mysql /var/run/mysqld; ++ /home/uui/bin/run.sh + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger -- cgit 1.2.3-korg From b61f538e0c907ab84501bda27ea62cc1bfcbe369 Mon Sep 17 00:00:00 2001 From: Michal Ptacek Date: Mon, 12 Nov 2018 07:14:52 +0000 Subject: Propagate rootCA to policy pods Fix distribution of rootCA certificate to relevant pods Change-Id: Icc4a42efffca62b388fb6b4cd081a9b4a830fa24 Signed-off-by: Michal Zegan Signed-off-by: Michal Ptacek Issue-ID: INT-718 --- onap-offline/bash/tools/common-functions.sh | 2 +- onap-offline/patches/offline-changes.patch | 244 ++++++++++++++++++++++++++++ 2 files changed, 245 insertions(+), 1 deletion(-) (limited to 'onap-offline/patches/offline-changes.patch') diff --git a/onap-offline/bash/tools/common-functions.sh b/onap-offline/bash/tools/common-functions.sh index 0a6e26f..53e8035 100755 --- a/onap-offline/bash/tools/common-functions.sh +++ b/onap-offline/bash/tools/common-functions.sh @@ -573,7 +573,7 @@ deploy_onap() { sleep 5 helm repo add local http://127.0.0.1:8879 make all - helm install local/onap -n dev --namespace onap + helm install local/onap -n dev --namespace onap --set "global.cacert=$(cat ${CERTS_TARGET_PATH}/rootCAcert.crt)" popd } diff --git a/onap-offline/patches/offline-changes.patch b/onap-offline/patches/offline-changes.patch index b55e58a..5238da4 100644 --- a/onap-offline/patches/offline-changes.patch +++ b/onap-offline/patches/offline-changes.patch @@ -370,3 +370,247 @@ index accdff9..fa83daf 100644 ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger +--- oom/kubernetes/common/common/templates/_cacert.tpl 1970-01-01 00:00:00.000000000 +0000 ++++ onap-dev/install/onap-offline/resources/oom/kubernetes/common/common/templates/_cacert.tpl 2018-11-02 15:09:31.781688957 +0000 +@@ -0,0 +1,62 @@ ++#This template adds volume for access to ca certificate. ++#Template is ignored when cacert not set. ++{{- define "common.cacert-volume" }} ++{{- if .Values.global.cacert }} ++- name: cacert ++ configMap: ++ name: {{ include "common.namespace" . }}-root-ca-cert ++{{- end }} ++{{- end }} ++ ++#This template mounts the CA certificate in an ubuntu compatible way. ++#It is mounted to /usr/local/share/ca-certificates/cacert.crt. ++#Template is ignored if cacert not set. ++{{- define "common.cacert-mount-ubuntu" }} ++{{- if .Values.global.cacert }} ++- mountPath: "/usr/local/share/ca-certificates/cacert.crt" ++ name: cacert ++ subPath: certificate ++{{- end }} ++{{- end }} ++ ++#This template creates an empty volume used to store system certificates (includes java keystore). ++{{- define "common.system-ca-store-volume" }} ++{{- if .Values.global.cacert }} ++- name: system-ca-store ++ emptyDir: ++{{- end }} ++{{- end }} ++ ++#This template mounts system ca store volume to /etc/ssl/certs (ubuntu specific). ++#Template is ignored in case cacert is not given. ++{{- define "common.system-ca-store-mount-ubuntu" }} ++{{- if .Values.global.cacert }} ++- mountPath: "/etc/ssl/certs" ++ name: system-ca-store ++{{- end }} ++{{- end }} ++ ++#This template is a template for an init container. ++#This init container can be declared to update system's ca store for ubuntu containers. ++#It runs as root using the same image as the main one. ++#It expects /etc/ssl/certs to be mounted as a volume. ++#It has to be shared with the main container. ++#This template is ignored if cacert is not given as helm value. ++{{- define "common.update-system-ca-store-ubuntu" }} ++{{- if .Values.global.cacert }} ++- command: ++ - "/bin/bash" ++ - "-c" ++ - | ++ mkdir -p /etc/ssl/certs/java ++ update-ca-certificates ++ name: update-system-ca-store ++ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ++ image: {{ include "common.repository" . }}/{{ .Values.image }} ++ securityContext: ++ runAsUser: 0 ++ volumeMounts: ++{{ include "common.cacert-mount-ubuntu" . | indent 2 }} ++{{ include "common.system-ca-store-mount-ubuntu" . | indent 2 }} ++{{- end }} ++{{- end }} +--- oom/kubernetes/onap/templates/configmap.yaml 1970-01-01 00:00:00.000000000 +0000 ++++ onap-dev/install/onap-offline/resources/oom/kubernetes/onap/templates/configmap.yaml 2018-11-02 15:09:31.804689107 +0000 +@@ -0,0 +1,15 @@ ++{{ if .Values.global.cacert -}} ++apiVersion: v1 ++kind: ConfigMap ++metadata: ++ name: {{ include "common.namespace" . }}-root-ca-cert ++ namespace: {{ include "common.namespace" . }} ++ labels: ++ app: {{ include "common.name" . }} ++ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} ++ release: {{ .Release.Name }} ++ heritage: {{ .Release.Service }} ++data: ++ certificate: | ++{{ .Values.global.cacert | indent 4 }} ++{{- end }} +--- oom/kubernetes/policy/charts/brmsgw/templates/deployment.yaml 2018-11-06 07:38:46.341849402 +0000 ++++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/brmsgw/templates/deployment.yaml 2018-11-02 15:09:31.808689133 +0000 +@@ -45,6 +45,7 @@ + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness ++{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }} + containers: + - command: + - /bin/bash +@@ -68,6 +69,8 @@ + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: ++{{ include "common.cacert-mount-ubuntu" . | indent 8 }} ++{{ include "common.system-ca-store-mount-ubuntu" . | indent 8 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true +@@ -94,6 +97,8 @@ + {{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: ++{{ include "common.cacert-volume" . | indent 8 }} ++{{ include "common.system-ca-store-volume" . | indent 8 }} + - name: localtime + hostPath: + path: /etc/localtime +--- oom/kubernetes/policy/charts/drools/templates/statefulset.yaml 2018-11-06 07:38:46.343849404 +0000 ++++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/drools/templates/statefulset.yaml 2018-11-02 15:09:31.810689146 +0000 +@@ -51,6 +51,8 @@ + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness ++{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }} ++{{ include "policy.update-policy-keystore" . | indent 6 }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" +@@ -78,6 +80,9 @@ + - name: REPLICAS + value: "{{ .Values.replicaCount }}" + volumeMounts: ++{{ include "common.cacert-mount-ubuntu" . | indent 10 }} ++{{ include "common.system-ca-store-mount-ubuntu" . | indent 10 }} ++{{ include "policy.keystore-mount" . | indent 10 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true +@@ -136,6 +141,9 @@ + {{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: ++{{ include "common.cacert-volume" . | indent 8 }} ++{{ include "common.system-ca-store-volume" . | indent 8 }} ++{{ include "policy.keystore-storage-volume" . | indent 8 }} + - name: localtime + hostPath: + path: /etc/localtime +--- oom/kubernetes/policy/charts/pdp/templates/statefulset.yaml 2018-11-06 07:38:46.345849405 +0000 ++++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/pdp/templates/statefulset.yaml 2018-11-02 15:09:31.812689159 +0000 +@@ -49,6 +49,7 @@ + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness ++{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }} + containers: + - command: + - /bin/bash +@@ -72,6 +73,8 @@ + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: ++{{ include "common.cacert-mount-ubuntu" . | indent 8 }} ++{{ include "common.system-ca-store-mount-ubuntu" . | indent 8 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true +@@ -121,6 +124,8 @@ + {{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: ++{{ include "common.cacert-volume" . | indent 6 }} ++{{ include "common.system-ca-store-volume" . | indent 6 }} + - name: localtime + hostPath: + path: /etc/localtime +--- oom/kubernetes/policy/charts/policy-common/templates/_keystore.tpl 1970-01-01 00:00:00.000000000 +0000 ++++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/policy-common/templates/_keystore.tpl 2018-11-02 15:09:31.812689159 +0000 +@@ -0,0 +1,43 @@ ++#This template creates a volume for storing policy-keystore with imported ca. ++#It is ignored if cacert was not given. ++{{- define "policy.keystore-storage-volume" }} ++{{- if .Values.global.cacert }} ++- name: keystore-storage ++ emptyDir: ++{{- end }} ++{{- end }} ++ ++#This template mounts policy-keystore in appropriate place for policy components to take it. ++#It is ignored if cacert is not given. ++{{- define "policy.keystore-mount" }} ++{{- if .Values.global.cacert }} ++- mountPath: "/tmp/policy-install/config/policy-keystore" ++ name: keystore-storage ++ subPath: policy-keystore ++{{- end }} ++{{- end }} ++ ++#This will extract a policy keystore and then import ++#the root cacert of offline nexus into it. ++#This template expects a volume named keystore-storage where policy-keystore will be put. ++#It also expects volume named cacert where the file "certificate" will contain the cert to import. ++#Template is ignored if ca certificate not given. ++{{- define "policy.update-policy-keystore" }} ++{{- if .Values.global.cacert }} ++- command: ++ - "/bin/bash" ++ - "-c" ++ - | ++ set -e ++ tar -xzf base-*.tar.gz etc/ssl/policy-keystore ++ cp etc/ssl/policy-keystore keystore-storage/ ++ keytool -import -keystore keystore-storage/policy-keystore -storepass "Pol1cy_0nap" -noprompt -file /usr/local/share/ca-certificates/cacert.crt ++ name: update-policy-keystore ++ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ++ image: {{ include "common.repository" . }}/{{ .Values.image }} ++ volumeMounts: ++ - mountPath: "/tmp/policy-install/keystore-storage" ++ name: keystore-storage ++{{ include "common.cacert-mount-ubuntu" . | indent 2 }} ++{{- end }} ++{{- end }} +--- oom/kubernetes/policy/templates/deployment.yaml 2018-11-06 07:38:46.346849406 +0000 ++++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/templates/deployment.yaml 2018-11-02 15:09:31.813689166 +0000 +@@ -45,6 +45,7 @@ + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness ++{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }} + containers: + - command: + - /bin/bash +@@ -72,6 +73,8 @@ + - name: PRELOAD_POLICIES + value: "{{ .Values.config.preloadPolicies }}" + volumeMounts: ++{{ include "common.cacert-mount-ubuntu" . | indent 10 }} ++{{ include "common.system-ca-store-mount-ubuntu" . | indent 10 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true +@@ -136,6 +139,8 @@ + {{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: ++{{ include "common.cacert-volume" . | indent 8 }} ++{{ include "common.system-ca-store-volume" . | indent 8 }} + - name: localtime + hostPath: + path: /etc/localtime -- cgit 1.2.3-korg