summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docs/oom_quickstart_guide.rst14
-rw-r--r--docs/release-notes.rst1
-rw-r--r--kubernetes/onap/resources/overrides/environment.yaml225
-rw-r--r--kubernetes/onap/resources/overrides/onap-all.yaml2
-rw-r--r--kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py3
-rw-r--r--kubernetes/robot/values.yaml2
6 files changed, 236 insertions, 11 deletions
diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst
index 3c491b4447..ed71c97f10 100644
--- a/docs/oom_quickstart_guide.rst
+++ b/docs/oom_quickstart_guide.rst
@@ -129,20 +129,12 @@ single command
The --timeout 900 is currently required in Dublin to address long running initialization tasks
for DMaaP and SO. Without this timeout value both applications may fail to deploy.
- a. To deploy all ONAP applications use this command::
+ To deploy all ONAP applications use this command::
> cd oom/kubernetes
- > helm deploy dev local/onap --namespace onap -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/openstack.yaml --timeout 900
+ > helm deploy dev local/onap --namespace onap -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900
- b. If you are using a custom override (e.g. integration-override.yaml) use this command::
-
- > helm deploy dev local/onap -f /root/integration-override.yaml --namespace onap --timeout 900
-
-
- c. If you have a slower cloud environment you may want to use the public-cloud.yaml
- which has longer delay intervals on database updates.::
-
- > helm deploy dev local/onap -f /root/oom/kubernetes/onap/resources/environments/public-cloud.yaml -f /root/integration-override.yaml --namespace onap --timeout 900
+ All override files may be customized (or replaced by other overrides) as per needs.
**Step 9.** Commands to interact with the OOM installation
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 37d8b3f50a..dc10400dfb 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -55,6 +55,7 @@ Summary
* In default deployment OOM (consul-server-ui) exposes HTTP port 30270 outside of cluster. [`OJSI-134 <https://jira.onap.org/browse/OJSI-134>`_]
* Hard coded password used for all oom deployments [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
+* CVE-2019-12127 - OOM exposes unprotected API/UI on port 30270 [`OJSI-202 <https://jira.onap.org/browse/OJSI-202>`_]
*Known Vulnerabilities in Used Modules*
diff --git a/kubernetes/onap/resources/overrides/environment.yaml b/kubernetes/onap/resources/overrides/environment.yaml
new file mode 100644
index 0000000000..75ce8e529b
--- /dev/null
+++ b/kubernetes/onap/resources/overrides/environment.yaml
@@ -0,0 +1,225 @@
+# Copyright © 2017,2019 Amdocs, AT&T , Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+#
+# These overrides will affect all helm charts (ie. applications)
+# that are listed below and are 'enabled'.
+#
+#
+# This is specifically for the environments which take time to
+# deploy ONAP. This increase in timeouts prevents false restarting of
+# the pods during startup configuration.
+#
+# These timers have been tuned by the ONAP integration team. They
+# have been tested and validated in the ONAP integration lab (Intel/Windriver lab).
+# They are however indicative and may be adapted to your environment as they
+# depend on the performance of the infrastructure you are installing ONAP on.
+#
+# Please note that these timers must remain reasonable, in other words, if
+# your infrastructure is not performant enough, extending the timers to very
+# large value may not fix all installation issues on over subscribed hardware.
+#
+#################################################################
+aaf:
+ aaf-cs:
+ liveness:
+ initialDelaySeconds: 240
+ readiness:
+ initialDelaySeconds: 240
+ aaf-gui:
+ liveness:
+ initialDelaySeconds: 120
+ readiness:
+ initialDelaySeconds: 120
+ aaf-oauth:
+ liveness:
+ initialDelaySeconds: 300
+ readiness:
+ initialDelaySeconds: 300
+ aaf-service:
+ liveness:
+ initialDelaySeconds: 300
+ readiness:
+ initialDelaySeconds: 300
+aai:
+ liveness:
+ initialDelaySeconds: 120
+ aai-champ:
+ liveness:
+ initialDelaySeconds: 120
+ readiness:
+ initialDelaySeconds: 120
+ aai-data-router:
+ liveness:
+ initialDelaySeconds: 120
+ aai-sparky-be:
+ liveness:
+ initialDelaySeconds: 120
+ aai-spike:
+ liveness:
+ initialDelaySeconds: 120
+ aai-cassandra:
+ liveness:
+ periodSeconds: 120
+ readiness:
+ periodSeconds: 60
+appc:
+ mariadb-galera:
+ liveness:
+ initialDelaySeconds: 180
+ periodSeconds: 60
+cassandra:
+ liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 120
+ readiness:
+ initialDelaySeconds: 120
+ periodSeconds: 60
+clamp:
+ liveness:
+ initialDelaySeconds: 60
+ readiness:
+ initialDelaySeconds: 60
+dcaegen2:
+ dcae-cloudify-manager:
+ liveness:
+ initialDelaySeconds: 120
+ readiness:
+ initialDelaySeconds: 120
+dmaap:
+ dmaap-bus-controller:
+ liveness:
+ initialDelaySeconds: 120
+ readiness:
+ initialDelaySeconds: 120
+ message-router:
+ liveness:
+ initialDelaySeconds: 120
+ readiness:
+ initialDelaySeconds: 120
+ dmaap-dr-prov:
+ liveness:
+ initialDelaySeconds: 120
+ readiness:
+ initialDelaySeconds: 120
+ mariadb:
+ liveness:
+ initialDelaySeconds: 180
+ periodSeconds: 60
+ dmaap-dr-node:
+ liveness:
+ initialDelaySeconds: 120
+ readiness:
+ initialDelaySeconds: 120
+mariadb-galera:
+ liveness:
+ initialDelaySeconds: 180
+ periodSeconds: 60
+ mariadb-galera-server:
+ liveness:
+ initialDelaySeconds: 120
+ readiness:
+ initialDelaySeconds: 120
+modeling:
+ mariadb-galera:
+ liveness:
+ initialDelaySeconds: 180
+ periodSeconds: 60
+oof:
+ oof-has:
+ music:
+ music-cassandra:
+ liveness:
+ periodSeconds: 120
+ readiness:
+ periodSeconds: 60
+portal:
+ portal-app:
+ liveness:
+ initialDelaySeconds: 60
+ readiness:
+ initialDelaySeconds: 60
+ portal-cassandra:
+ liveness:
+ periodSeconds: 120
+ readiness:
+ periodSeconds: 60
+sdc:
+ sdc-be:
+ liveness:
+ initialDelaySeconds: 120
+ readiness:
+ initialDelaySeconds: 120
+ sdc-cs:
+ liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 120
+ readiness:
+ initialDelaySeconds: 120
+ periodSeconds: 60
+ sdc-es:
+ liveness:
+ initialDelaySeconds: 60
+ readiness:
+ initialDelaySeconds: 120
+ sdc-onboarding-be:
+ liveness:
+ initialDelaySeconds: 120
+ readiness:
+ initialDelaySeconds: 120
+sdnc:
+ liveness:
+ initialDelaySeconds: 60
+ readiness:
+ initialDelaySeconds: 60
+ dmaap-listener:
+ liveness:
+ initialDelaySeconds: 120
+ readiness:
+ initialDelaySeconds: 120
+ mariadb-galera:
+ liveness:
+ initialDelaySeconds: 180
+ periodSeconds: 60
+ sdnc-ansible-server:
+ readiness:
+ initialDelaySeconds: 120
+ sdnc-portal:
+ readiness:
+ initialDelaySeconds: 120
+ ueb-listener:
+ liveness:
+ initialDelaySeconds: 60
+ readiness:
+ initialDelaySeconds: 60
+so:
+ liveness:
+ initialDelaySeconds: 120
+ mariadb:
+ liveness:
+ initialDelaySeconds: 900
+ readiness:
+ initialDelaySeconds: 900
+uui:
+ uui-server:
+ liveness:
+ initialDelaySeconds: 120
+ readiness:
+ initialDelaySeconds: 120
+vfc:
+ mariadb-galera:
+ liveness:
+ initialDelaySeconds: 180
+ periodSeconds: 60
diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml
index 1716415b3e..04fbc97f54 100644
--- a/kubernetes/onap/resources/overrides/onap-all.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all.yaml
@@ -74,3 +74,5 @@ vid:
enabled: true
vnfsdk:
enabled: true
+modeling:
+ enabled: true
diff --git a/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py
index 69190638a7..1db75b0c18 100644
--- a/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py
+++ b/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py
@@ -130,6 +130,9 @@ GLOBAL_OOF_SNIRO_SERVER_PORT = "8698"
#oof user
GLOBAL_OOF_OSDF_USERNAME="{{ .Values.oofUsername }}"
GLOBAL_OOF_OSDF_PASSWORD="{{ .Values.oofPassword }}"
+#oof pci user
+GLOBAL_OOF_PCI_USERNAME="{{ .Values.oofOsdfPciOptUsername }}"
+GLOBAL_OOF_PCI_PASSWORD="{{ .Values.oofOsdfPciOptPassword }}"
# oof cmso global info - everything is from the private oam network (also called onap private network)
GLOBAL_OOF_CMSO_PROTOCOL = "https"
GLOBAL_OOF_CMSO_SERVER_PORT = "8080"
diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml
index 1bbe664def..65da947c95 100644
--- a/kubernetes/robot/values.yaml
+++ b/kubernetes/robot/values.yaml
@@ -156,6 +156,8 @@ oofUsername: "oof@oof.onap.org"
oofPassword: "demo123456!"
cmsoUsername: "oof@oof.onap.org"
cmsoPassword: "demo123456!"
+oofOsdfPciOptUsername: "oof@oof.onap.org"
+oofOsdfPciOptPassword: "demo123456!"
oofHomingUsername: "admin1"
oofHomingPassword: "plan.15"