Age | Commit message (Collapse) | Author | Files | Lines |
|
Issue-ID: SECCOM-235
Change-Id: I9913d9a8f525b4b9582bf821008dd567258a719c
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: I8f9d4362da50a8b3f2aa1baf3633d818da2ed3a5
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
updated Postman collection for Dublin
Signed-off-by: Rene_Robert <rene.robert@orange.com>
Change-Id: I94b9180e86b96f75780854211da67d85acc90d48
|
|
This patch adds sample cluster.yml which is based on Dublin cluster
configuration file [1]. Main difference is in avoiding repetition by
using anchors and alias nodes.
Actual cluster creation provisioner is disabled by default because
'control' and 'worker' nodes might not be ready yet.
[1] https://docs.onap.org/en/dublin/_downloads/27934fe702048777f312d77dc30cd05a/cluster.yml
Issue-ID: SECCOM-235
Change-Id: Ibba0e754ba87e334cdaa61de83e48107f91083d9
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: I85efb88476cb1d6bfaee44b6bcd6275477e77ba5
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This not only makes testing easier, but also allows better control over
VM provisioning after its creation.
Issue-ID: SECCOM-235
Change-Id: I29ab3ed46976267e1043c2f61f56578f2c5d7a57
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: Iaeb4b3e621f09ea14b9576126223e4df4b8682f3
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch:
* removes remaining string interpolation (for future script reuse),
* makes DNS replacement provisioner always run.
This way VM definition is more concise and resilient.
Issue-ID: SECCOM-235
Change-Id: I382dae5e256b46577c4c8af3aa45ab4d64d1b2b9
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: If286ba074ee74c43705197a30c50322d5162e6fc
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Password for 'vagrant' user is now passed through exported environmental
variable.
This patch also:
* removes the assumption of having 'vagrant' user on cluster nodes (for
future scripts reuse),
* removes mixed string interpolation and passing shell variables,
* replaces '~' with '$HOME' for proper substitiution.
Issue-ID: SECCOM-235
Change-Id: Id9e7b6acccd902de4c414cd8a0f095ac135fee5a
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch intends to make virtual environment creation logs more
readable. Parameters were chosen in a way errors will still be shown the
operator.
This patch might also prove itself useful in other virtual environment
creation tools such as 'devtool' [1] (unless maintainers insist on
having full logs).
[1] https://git.onap.org/integration/devtool
Issue-ID: SECCOM-235
Change-Id: I5e07b1b1ed37d36470c18ba0cfe653e40eff300b
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch also extends in-file comment on scripts' requirements and
suggested usage.
Issue-ID: SECCOM-235
Change-Id: I0dddbad79fb3392ffe35c3e06d4006cd499d9923
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Node customization scripts do that for "ubuntu" user only (added by
default on OpenStack images). Vagrant boxes use "vagrant" user [1]
instead.
[1] https://www.vagrantup.com/docs/boxes/base.html#quot-vagrant-quot-user
Issue-ID: SECCOM-235
Change-Id: Ic4f832aa9a37230503e3c5bd29f8ae5fcd3883db
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Remove usage of binary files in pnfsimulator vcs
Issue-ID: INT-1134
Signed-off-by: Piotr Darosz <piotr.darosz@nokia.com>
Change-Id: I23b8f01a099b7e80542d258b2e0bcd34742d3684
|
|
Default cluster nodes customization scripts were extracted in the same
manner as those for Casablanca release [1]. Constraints still apply.
[1] SHA-1: ea8bc1a719a36c89e7eae42080b1835e5ef0c28d
(Change-Id: I57f9f3caac0e8b391e9ed480f6bebba98e006882)
Issue-ID: SECCOM-235
Change-Id: I54ada5fade3b984dedd1715f20579e3ce901faa3
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Vagrant VM definition no longer contains hardcoded values in cluster
definition.
Issue-ID: SECCOM-235
Change-Id: Id9f2d9878a7d788a62d5a12ccd47dfafe9f39fe3
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Default DNS addresses used in "generic/ubuntu1604" box (4.2.2.1,
4.2.2.2, 208.67.220.220) might not work properly in corporate
environment. To deal with this, host machine DNS configuration can be
used instead.
Issue-ID: SECCOM-235
Change-Id: Ic8a5553f01989e1a2b00228fa0449a680f11d452
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Additional info in README.md
Issue-ID: INT-1134
Signed-off-by: Wojciech Sliwka <wojciech.sliwka@nokia.com>
Change-Id: I06d41fd3f361b7a451b30b702882810e4136a129
|
|
Updating TOSCA.meta metadata Created-by key to Created-By
Issue-ID: SDC-2402
Change-Id: I15ce47d3d97b5809ad5baa34a366c0d10333cb00
Signed-off-by: bilal.iqbal <bilal.iqbal@est.tech>
|
|
modify the configuration in consul in order to support dfc
to fetch the merged configuration
Issue-ID: INT-1155
Change-Id: I6d73987183851ed38225796c9f426a1010376fd3
Signed-off-by: YongchaoWu <yongchao.wu@est.tech>
|
|
Issue-ID: INT-1155
Change-Id: I3c1ed2f6072655c4396e406ddfd490d3786fe4d6
Signed-off-by: BjornMagnussonXA <bjorn.magnusson@est.tech>
|
|
Issue-ID: EXTAPI-245
Signed-off-by: aosull01 <adrian.osullivan@huawei.com>
Change-Id: Ia60be462bf4980b341f54ad9797640dba549db91
|
|
Issue-ID: SECCOM-235
Change-Id: Iab0086634bcfaba772852352c72e03a3d6833801
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Kubernetes cluster deployment procedure changed with Dublin release
(Rancher to RKE). In order to prepare for further adjustments,
incompatible content will be moved to separate directories.
Once Casablanca becomes obsolete (by the time of El Alto), files
specific to that release will be removed completely.
Issue-ID: SECCOM-235
Change-Id: Iaa0fc2f6ad330ec09dcfdf8a2d27b8a4dc433a0f
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: DCAEGEN2-1660
Change-Id: Ib742755f6a924ee9c5babe8e411311e7fe0e6802
Signed-off-by: TamasBakai <tamas.bakai@est.tech>
|
|
Previously "clean" target failed if there were no build artifacts. Now
their absence is ignored.
Issue-ID: SECCOM-235
Change-Id: I47beb2754a893e8b7453611116b4da2e516cca90
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch also adds convenience target to the Makefile and updates
documentation on relevant dependencies.
Issue-ID: SECCOM-235
Change-Id: I57e00af3cd4c60af3128e3094607cc61bc1e5dbe
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
According to kube-apiserver documentation [1] and CIS guideline 1.1.4
option "--kubelet-https=" might be absent in API server configuration.
It has secure configuration (being set to "true") by default.
[1] https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/
Issue-ID: SECCOM-235
Change-Id: I604cdcace03f65185aab6a0b34d48cfec94277ab
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Apparently Linux AMD64 machines are not the only ones used for ONAP
development (author meant no harm).
Issue-ID: SECCOM-235
Change-Id: Ia78a02fb82dc5752d6b8fd2cef8e6ef583fd3ca6
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Having Rancher CLI proves itself useful on development machines as well.
Issue-ID: SECCOM-235
Change-Id: I0de3109e1236cf6dc9cbc825342593041dcfdf2c
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: I46e2f8d61c3a82613b665fb6d9b57431bb2a1868
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch adds simplified ONAP deployment environment (Kubernetes
cluster managed by Rancher). Its purpose is to provide cluster defaults
for inspection without the need to access actual ONAP application
deployment.
Default node customization scripts were extracted
("tools/get_customization_scripts.sh" run within "tools/imported/"
directory) from official documentation [1] and imported here in order
not to introduce runtime online dependencies.
This environment should probably be migrated in future to more
appropriate place like devtool [2] (or at least use the same Vagrant
boxes).
[1] https://docs.onap.org/en/casablanca/submodules/oom.git/docs/oom_setup_kubernetes_rancher.html
[2] https://git.onap.org/integration/devtool
Issue-ID: SECCOM-235
Change-Id: I57f9f3caac0e8b391e9ed480f6bebba98e006882
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections
regarding master node configuration are satisfied (1.1.6 and 1.1.7).
Issue-ID: SECCOM-235
Change-Id: I5f215a6642b177e85d7e1c70860ba0c7e558ec4e
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections
regarding master node configuration are satisfied (1.1.1 - 1.1.5, 1.1.8,
1.1.9, 1.1.20 and 1.1.23).
Issue-ID: SECCOM-235
Change-Id: Ib964b5111b616a891c3963ef9695af660810e8ba
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: I370636220151a5755f467055418f866afe11d5d9
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Signed-off-by: Yang Xu <yang.xu@futurewei.com>
Issue-ID: INT-847
Change-Id: I1158442cd73c6e0d943e9cc111cb12dae1381d36
|
|
This patch introduces Rancher queries using its CLI client. It depends
on having utility binary located in PATH and providing configuration
file prior first use.
Issue-ID: SECCOM-235
Change-Id: Idb011e27b4801c5700b4482656463849736298da
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Also rename various Integration tenants
Issue-ID: INT-1117
Signed-off-by: Gary Wu <gary.wu@futurewei.com>
Change-Id: I7422088bdcb9ae8fbbf76bab0517f466d1279df3
|
|
This patch introduces CLI utility for checking if Kubernetes cluster
follows security recommendations. Provided Makefile simplifies setup
process by setting appropriate environment variables for the build.
Further information can be found in README. Provided symlink allows
proper document rendering on VCS hosting site.
Issue-ID: SECCOM-235
Change-Id: I4a1337c9834322ee4fd742a9ccb979b9bc505f75
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Signed-off-by: Yang Xu <yang.xu@futurewei.com>
Issue-ID: INT-847
Change-Id: Ib5b0a547f1c228de4cee02f3526401028c10bff0
|
|
Change-Id: Ia8d369c978f3d1da0e98af91415cc50cd36b03a2
Issue-ID: INT-1101
Signed-off-by: AndyWalshe <andy.walshe@est.tech>
|
|
Issue-ID: INT-905 INT-904 INT-794
Signed-off-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com>
Change-Id: I45e5e09940378c8223ae36b8af3fc5e1b8b836bc
|
|
Issue-ID: INT-795
Change-Id: If06ef6faa69c942385e4fa1c15eb8f25c3d19f40
Signed-off-by: Haibin Huang <haibin.huang@intel.com>
|
|
Issue-ID: INT-905 INT-904 INT-794
Signed-off-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com>
Change-Id: I931289fffa5b9821259eff6f015adf3dd414aef8
|
|
-Added more files required to run this script
-Added a README file
-Added sample hpa polices
Issue-ID: INT-905 INT-904 INT-794
Signed-off-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com>
Change-Id: I5c77924863a9517ecaf7caaeb860c3c113a7b9d2
|
|
When nmap or other commands are not installed on the system
script fail silently without any information
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Change-Id: I599b987e223f88617aefa2c0de6cdcbbf3ff50b7
Issue-ID: SECCOM-231
|
|
Change-Id: I38fcd336e7eca90264590d4174c8cf65e89c60a1
Issue-ID: INT-795
Signed-off-by: Haibin Huang <haibin.huang@intel.com>
|
|
Change-Id: I127063df8261859b1a0f11a57e49ce3d337afcf5
Issue-ID: INT-795
Signed-off-by: Haibin Huang <haibin.huang@intel.com>
|
|
Attention, maybe you can't use it because we call internal SDC API
SDC PTL said that they will change internal SDC API without any
notice.
Change-Id: Ic1a34bb6f9d3a879f8d5580c803431059ca43c26
Issue-ID: INT-795
Signed-off-by: Haibin Huang <haibin.huang@intel.com>
|
|
Change-Id: I778bfd0b12afd929066a7dc5ccd8bcc5c1e0dafe
Issue-ID: INT-795
Signed-off-by: Haibin Huang <haibin.huang@intel.com>
|