summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-01-22 12:24:44 +0000
committerGerrit Code Review <gerrit@onap.org>2020-01-22 12:24:44 +0000
commit7dc067bbca304601b56559cec5df56a2631d018c (patch)
tree3f73864cb2d189a8da2c63d2dcbb7530cc393659
parentc9126b7496f720d8295190983551cd5944e88025 (diff)
parentec7c75e84977916ae0262c10a0f4401d946e4dfd (diff)
Merge "aaf auto cert generation"
-rwxr-xr-xkubernetes/sdnc/resources/config/bin/startODL.sh21
-rw-r--r--kubernetes/sdnc/resources/env.yaml1
-rw-r--r--kubernetes/sdnc/templates/secret-aaf.yaml15
-rw-r--r--kubernetes/sdnc/templates/service.yaml5
-rw-r--r--kubernetes/sdnc/templates/statefulset.yaml55
-rw-r--r--kubernetes/sdnc/values.yaml14
6 files changed, 108 insertions, 3 deletions
diff --git a/kubernetes/sdnc/resources/config/bin/startODL.sh b/kubernetes/sdnc/resources/config/bin/startODL.sh
index 5586ebbca6..5f5f811fd0 100755
--- a/kubernetes/sdnc/resources/config/bin/startODL.sh
+++ b/kubernetes/sdnc/resources/config/bin/startODL.sh
@@ -120,6 +120,7 @@ SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin}
CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk}
ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false}
GEO_ENABLED=${GEO_ENABLED:-false}
+SDNC_AAF_ENABLED=${SDNC_AAF_ENABLED:-false}
SDNRWT=${SDNRWT:-false}
SDNRWT_BOOTFEATURES=${SDNRWT_BOOTFEATURES:-sdnr-wt-feature-aggregator}
export ODL_ADMIN_PASSWORD ODL_ADMIN_USERNAME
@@ -128,8 +129,24 @@ echo "Settings:"
echo " ENABLE_ODL_CLUSTER=$ENABLE_ODL_CLUSTER"
echo " SDNC_REPLICAS=$SDNC_REPLICAS"
echo " SDNRWT=$SDNRWT"
-
-
+echo " AAF_ENABLED=$SDNC_AAF_ENABLED"
+
+
+if $SDNC_AAF_ENABLED; then
+ export SDNC_STORE_DIR=/opt/app/osaaf/local
+ export SDNC_CONFIG_DIR=/opt/app/osaaf/local
+ export SDNC_KEYPASS=`cat /opt/app/osaaf/local/.pass`
+ export SDNC_KEYSTORE=org.onap.sdnc.p12
+ sed -i '/cadi_prop_files/d' $ODL_HOME/etc/system.properties
+ echo "cadi_prop_files=$SDNC_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties
+
+ sed -i '/org.ops4j.pax.web.ssl.keystore/d' $ODL_HOME/etc/custom.properties
+ sed -i '/org.ops4j.pax.web.ssl.password/d' $ODL_HOME/etc/custom.properties
+ sed -i '/org.ops4j.pax.web.ssl.keypassword/d' $ODL_HOME/etc/custom.properties
+ echo org.ops4j.pax.web.ssl.keystore=$SDNC_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
+ echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
+ echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
+fi
if [ ! -f ${SDNC_HOME}/.installed ]
then
diff --git a/kubernetes/sdnc/resources/env.yaml b/kubernetes/sdnc/resources/env.yaml
index 2ad42f79a6..6e38ae99d6 100644
--- a/kubernetes/sdnc/resources/env.yaml
+++ b/kubernetes/sdnc/resources/env.yaml
@@ -12,6 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+SDNC_AAF_ENABLED: "{{ .Values.global.aafEnabled }}"
SDNC_GEO_ENABLED: "{{ .Values.config.geoEnabled }}"
SDNC_IS_PRIMARY_CLUSTER: "{{ .Values.config.isPrimaryCluster }}"
SDNC_ODL_COUNT: "{{ .Values.replicaCount }}"
diff --git a/kubernetes/sdnc/templates/secret-aaf.yaml b/kubernetes/sdnc/templates/secret-aaf.yaml
new file mode 100644
index 0000000000..cd2e539b28
--- /dev/null
+++ b/kubernetes/sdnc/templates/secret-aaf.yaml
@@ -0,0 +1,15 @@
+{{ if .Values.global.aafEnabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-aaf
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+ aaf-password: {{ .Values.aaf_init.deploy_pass | b64enc | quote }}
+{{ end }}
diff --git a/kubernetes/sdnc/templates/service.yaml b/kubernetes/sdnc/templates/service.yaml
index db6d73a3c5..d2136ccb0b 100644
--- a/kubernetes/sdnc/templates/service.yaml
+++ b/kubernetes/sdnc/templates/service.yaml
@@ -40,6 +40,9 @@ spec:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
+ {{ if not .Values.global.aafEnabled }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+ {{ end }}
name: "{{ .Values.service.portName }}-8282"
- port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
@@ -50,7 +53,9 @@ spec:
name: "{{ .Values.service.portName }}-8280"
- port: {{ .Values.service.externalPort4 }}
targetPort: {{ .Values.service.internalPort4 }}
+ {{ if .Values.global.aafEnabled }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+ {{ end }}
name: "{{ .Values.service.portName }}-8443"
{{- else -}}
- port: {{ .Values.service.externalPort }}
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 4ab8d1ccfe..536eaaf552 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -47,6 +47,59 @@ spec:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ {{ if .Values.global.aafEnabled }}
+ - name: {{ include "common.name" . }}-aaf-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - aaf-locate
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-aaf
+ image: {{ .Values.global.repository }}/{{ .Values.aaf_init.agentImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ .Values.certpersistence.certPath }}
+ name: {{ include "common.fullname" . }}-certs
+ command:
+ - bash
+ - -c
+ - |
+ /opt/app/aaf_config/bin/agent.sh &&
+ cd /opt/app/osaaf/local &&
+ /opt/app/aaf_config/bin/agent.sh local showpass | grep cadi_keystore_password= | cut -d= -f 2 > /opt/app/osaaf/local/.pass 2>&1
+ env:
+ - name: APP_FQI
+ value: "{{ .Values.aaf_init.fqi }}"
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ .Release.Namespace}}:8095"
+ - name: aaf_locator_container
+ value: "oom"
+ - name: aaf_locator_container_ns
+ value: "{{ .Release.Namespace }}"
+ - name: aaf_locator_fqdn
+ value: "{{ .Values.aaf_init.fqdn }}"
+ - name: aaf_locator_app_ns
+ value: "{{ .Values.aaf_init.app_ns }}"
+ - name: DEPLOY_FQI
+ value: "{{ .Values.aaf_init.deploy_fqi }}"
+ - name: DEPLOY_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "common.fullname" .}}-aaf
+ key: aaf-password
+ - name: cadi_longitude
+ value: "{{ .Values.aaf_init.cadi_longitude }}"
+ - name: cadi_latitude
+ value: "{{ .Values.aaf_init.cadi_latitude }}"
+ {{ end }}
- name: {{ include "common.name" . }}-chown
image: "busybox"
command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} ; chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certpersistence.certPath }}"]
@@ -99,6 +152,8 @@ spec:
value: "{{ .Values.config.isPrimaryCluster }}"
- name: GEO_ENABLED
value: "{{ .Values.config.geoEnabled}}"
+ - name: SDNC_AAF_ENABLED
+ value: "{{ .Values.global.aafEnabled}}"
- name: SDNC_REPLICAS
value: "{{ .Values.replicaCount }}"
- name: MYSQL_HOST
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 555409f747..4447a7dfaa 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -25,6 +25,7 @@ global:
loggingImage: beats/filebeat:5.5.0
persistence:
mountPath: /dockerdata-nfs
+ aafEnabled: true
#################################################################
# Application configuration defaults.
@@ -102,6 +103,17 @@ config:
internalPort: 3306
# dependency / sub-chart configuration
+aaf_init:
+ agentImage: onap/aaf/aaf_agent:2.1.15
+ app_ns: "org.osaaf.aaf"
+ fqi: "sdnc@sdnc.onap.org"
+ fqdn: "sdnc"
+ public_fqdn: "sdnc.onap.org"
+ deploy_fqi: "deployer@people.osaaf.org"
+ deploy_pass: "demo123456!"
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+
cds:
enabled: false
@@ -250,7 +262,7 @@ certpersistence:
size: 50Mi
mountPath: /dockerdata-nfs
mountSubPath: sdnc/certs
- certPath: /opt/opendaylight/current/certs
+ certPath: /opt/app/osaaf
##storageClass: "manual"
ingress: