diff options
117 files changed, 1148 insertions, 946 deletions
diff --git a/docs/slave_nfs_node.sh b/docs/slave_nfs_node.sh index fb2e230b7a..1035ff5ad6 100644 --- a/docs/slave_nfs_node.sh +++ b/docs/slave_nfs_node.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh usage () { echo "Usage:" diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat index 84bd723aad..298274ed0f 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat @@ -62,7 +62,7 @@ so@so.onap.org|sdc-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|roo so@so.onap.org|sdnc-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'localhost', 'sdnc-simulator'}|aaf_admin@osaaf.org|{'pkcs12'} so@so.onap.org|so-apih|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30|{'mso-asdc-controller-svc', 'mso-bpmn-infra-svc', 'mso-catalog-db-adapter-svc', 'mso-openstack-adapter-svc', 'mso-request-db-adapter-svc', 'mso-sdnc-adapter-svc'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} so@so.onap.org|so-client|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30||mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} -so@so.onap.org|so|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so.api.simpledemo.onap.org', 'so.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'} +so@so.onap.org|so|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so.api.simpledemo.onap.org', 'so.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12', 'script'} so@so.onap.org|so-vnfm-adapter|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so-vnfm-adapter', 'so-vnfm-adapter.onap'}|aaf_admin@osaaf.org|{'pkcs12'} so@so.onap.org|so-vnfm-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so-vnfm-simulator', 'so-vnfm-simulator.onap'}|aaf_admin@osaaf.org|{'pkcs12'} tester1@test.portal.onap.org|tester1|aaf|/||mailto:|org.onap.portal.test|root|30||@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index 74c79ec05e..14a2993c2a 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -24,7 +24,7 @@ global: {} ################################################################# # application image -image: onap/babel:1.8.0 +image: onap/babel:1.9.1 flavor: small flavorOverride: small diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index 89c4b024d6..cdbef0dd8a 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -78,11 +78,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v21 + default: v24 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24 # Specifies from which version related link should appear related: link: v11 @@ -119,7 +119,7 @@ global: # global defaults # application image -image: onap/aai-graphadmin:1.8.0 +image: onap/aai-graphadmin:1.9.1 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml index c0806fea0d..96780757c0 100644 --- a/kubernetes/aai/components/aai-modelloader/values.yaml +++ b/kubernetes/aai/components/aai-modelloader/values.yaml @@ -21,7 +21,7 @@ global: # global defaults # application image -image: onap/model-loader:1.8.0 +image: onap/model-loader:1.9.1 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/components/aai-resources/resources/config/application.properties b/kubernetes/aai/components/aai-resources/resources/config/application.properties index 2891e0385f..78a07f2a0f 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/application.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/application.properties @@ -27,8 +27,9 @@ spring.jersey.type=filter spring.main.allow-bean-definition-overriding=true server.servlet.context-path=/ -spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration -spring.profiles.active={{ .Values.global.config.profiles.active }}{{ .Values.global.aafEnabled | ternary ",aaf-auth" "" }} +spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration + +spring.profiles.active={{ .Values.global.config.profiles.active }}{{ .Values.global.aafEnabled | ternary ",aaf-auth" "" }} spring.jersey.application-path=${schema.uri.base.path} #The max number of active threads in this pool server.tomcat.max-threads=200 diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index e244e76753..42692dd544 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -77,11 +77,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v21 + default: v24 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24 # Specifies from which version related link should appear related: link: v11 @@ -157,7 +157,7 @@ certInitializer: chown -R 1000 {{ .Values.credsPath }} # application image -image: onap/aai-resources:1.8.2 +image: onap/aai-resources:1.9.1 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index 8a7d17f8dc..18ef89f1fd 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -40,11 +40,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v23 + default: v24 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24 # Specifies from which version related link should appear related: link: v11 @@ -74,7 +74,7 @@ global: # global defaults - aai_keystore # application image -image: onap/aai-schema-service:1.8.6 +image: onap/aai-schema-service:1.9.1 pullPolicy: Always restartPolicy: Always flavorOverride: small diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties index 54bb1c4afd..24a5241fe2 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/application.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties @@ -27,8 +27,7 @@ spring.jersey.type=filter spring.main.allow-bean-definition-overriding=true server.servlet.context-path=/ -spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration - +spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration spring.profiles.active={{ .Values.global.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }} spring.jersey.application-path=${schema.uri.base.path} #The max number of active threads in this pool diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index fc4ff7a983..70f3e9e6a7 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -84,11 +84,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v21 + default: v24 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24 # Specifies from which version related link should appear related: link: v11 @@ -140,7 +140,7 @@ certInitializer: chown -R 1000 {{ .Values.credsPath }} # application image -image: onap/aai-traversal:1.8.0 +image: onap/aai-traversal:1.9.1 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 684e592d30..1122d63dab 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -230,11 +230,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v23 + default: v24 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24 # Specifies from which version related link should appear related: link: v11 diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh index f2675b0404..424074aa8c 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh @@ -1,4 +1,5 @@ -#!/bin/bash -x +#!/bin/sh -x + {{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh index 97df772ba7..789f1b38a1 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh @@ -1,6 +1,6 @@ -#!/bin/bash -x -{{/* +#!/bin/sh -x +{{/* ### # ============LICENSE_START======================================================= # APPC diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh index 29761a0200..7257d186e6 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh @@ -1,4 +1,5 @@ -#!/bin/bash +#!/bin/sh + {{/* ### diff --git a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh index 2d30f2e068..4dcebc8883 100644 --- a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh +++ b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh set -e diff --git a/kubernetes/common/cassandra/resources/restore.sh b/kubernetes/common/cassandra/resources/restore.sh index 7f271d262f..0df2d79fc6 100644 --- a/kubernetes/common/cassandra/resources/restore.sh +++ b/kubernetes/common/cassandra/resources/restore.sh @@ -20,25 +20,25 @@ find_target_table_name () print_usage () { - echo "NAME" - echo " Script to restore Cassandra database from Nuvo/Cain snapshot" - echo "SYNOPSIS" - echo " $me [--help|-h] [--base_db_dir|-b] [--snapshot_dir|-s] [--keyspace|-k] [--tag|-t]" - echo " MUST OPTIONS: base_db_dir, snapshot_dir, keyspace_name" - echo "DESCRIPTION" - echo " --base_db_dir, -b" - echo " Location of running Cassandra database" - echo " --snapshot_dir, -s" - echo " Snapshot location of Cassandra database taken by Nuvo/Cain" - echo " --keyspace, -k" - echo " Name of the keyspace to restore" - echo "EXAMPLE" - echo " $me -b /var/lib/cassandra/data -s /root/data.ss -k DISCOVERY_SERVER -t 1234567" - exit + echo "NAME" + echo " Script to restore Cassandra database from Nuvo/Cain snapshot" + echo "SYNOPSIS" + echo " $me [--help|-h] [--base_db_dir|-b] [--snapshot_dir|-s] [--keyspace|-k] [--tag|-t]" + echo " MUST OPTIONS: base_db_dir, snapshot_dir, keyspace_name" + echo "DESCRIPTION" + echo " --base_db_dir, -b" + echo " Location of running Cassandra database" + echo " --snapshot_dir, -s" + echo " Snapshot location of Cassandra database taken by Nuvo/Cain" + echo " --keyspace, -k" + echo " Name of the keyspace to restore" + echo "EXAMPLE" + echo " $me -b /var/lib/cassandra/data -s /root/data.ss -k DISCOVERY_SERVER -t 1234567" + exit } if [ $# -eq 0 ] then - print_usage + print_usage fi while [ $# -gt 0 ] @@ -47,40 +47,40 @@ key="$1" shift case $key in - -h|--help) - print_usage - ;; - -b|--base_db_dir) - base_db_dir="$1" - shift - ;; - -s|--snapshot_dir) - ss_dir="$1" - shift - ;; - -k|--keyspace) - keyspace_name="$1" - ;; - -t|--tag) - tag_name="$1" - ;; - --default) - DEFAULT=YES - shift - ;; - *) - # unknown option - ;; + -h|--help) + print_usage + ;; + -b|--base_db_dir) + base_db_dir="$1" + shift + ;; + -s|--snapshot_dir) + ss_dir="$1" + shift + ;; + -k|--keyspace) + keyspace_name="$1" + ;; + -t|--tag) + tag_name="$1" + ;; + --default) + DEFAULT=YES + shift + ;; + *) + # unknown option + ;; esac done # Validate inputs if [ "$base_db_dir" = "" ] || [ "$ss_dir" = "" ] || [ "$keyspace_name" = "" ] then - echo "" - echo ">>>>>>>>>>Not all inputs provided, please check usage >>>>>>>>>>" - echo "" - print_usage + echo "" + echo ">>>>>>>>>>Not all inputs provided, please check usage >>>>>>>>>>" + echo "" + print_usage fi # Remove commit logs from current data dir diff --git a/kubernetes/common/certInitializer/templates/job.yaml b/kubernetes/common/certInitializer/templates/job.yaml index 331a58c310..2acb423511 100644 --- a/kubernetes/common/certInitializer/templates/job.yaml +++ b/kubernetes/common/certInitializer/templates/job.yaml @@ -20,12 +20,13 @@ kind: Job {{- $suffix := "set-tls-secret" }} metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} spec: + backoffLimit: 20 template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: {{ include "common.certInitializer.initContainer" (dict "dot" . "initRoot" .Values) | nindent 6 }} containers: - - name: create tls secret + - name: create-tls-secret command: - /ingress/onboard.sh image: {{ include "repositoryGenerator.image.kubectl" . }} @@ -41,4 +42,5 @@ spec: configMap: name: {{ include "common.fullname" . }}-ingress defaultMode: 0777 + restartPolicy: Never {{- end}} diff --git a/kubernetes/common/common/templates/_secret.tpl b/kubernetes/common/common/templates/_secret.tpl index 2490debffb..9d284de500 100644 --- a/kubernetes/common/common/templates/_secret.tpl +++ b/kubernetes/common/common/templates/_secret.tpl @@ -193,7 +193,7 @@ type: Opaque {{- $entry := dict }} {{- $uid := tpl (default "" $secret.uid) $global }} {{- $keys := keys $secret }} - {{- range $key := (without $keys "annotations" "filePaths" )}} + {{- range $key := (without $keys "annotations" "filePaths" "envs" )}} {{- $_ := set $entry $key (tpl (index $secret $key) $global) }} {{- end }} {{- if $secret.annotations }} @@ -213,12 +213,21 @@ type: Opaque {{- $_ := set $entry "filePaths" $secret.filePaths }} {{- end }} {{- end }} + {{- if $secret.envs }} + {{- $envsCache := (list) }} + {{- range $env := $secret.envs }} + {{- $tplValue := tpl (default "" $env.value) $global }} + {{- $envsCache = append $envsCache (dict "name" $env.name "policy" $env.policy "value" $tplValue) }} + {{- end }} + {{- $_ := set $entry "envs" $envsCache }} + {{- end }} {{- $realName := default (include "common.secret.genNameFast" (dict "global" $global "uid" $uid "name" $entry.name) ) $entry.externalSecret }} {{- $_ := set $entry "realName" $realName }} {{- $_ := set $secretCache $uid $entry }} {{- end }} {{- $_ := set $global.Values "_secretsCache" $secretCache }} {{- end }} + {{- end -}} {{/* diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml index 9227e182b6..bb3af76115 100644 --- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml +++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml @@ -1,5 +1,6 @@ {{/* -# Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2018 Amdocs +# Copyright © 2018,2021 Bell Canada # Copyright © 2019 Samsung Electronics # Copyright © 2019-2020 Orange # Copyright © 2020 Bitnami @@ -202,14 +203,20 @@ spec: httpGet: path: /metrics port: metrics - initialDelaySeconds: 30 - timeoutSeconds: 5 + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} readinessProbe: httpGet: path: /metrics port: metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} {{ include "common.containerSecurityContext" . | indent 10 | trim }} resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index ed9977acd9..bc9273f41f 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -1,4 +1,5 @@ -# Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2018 Amdocs +# Copyright © 2018,2021 Bell Canada # Copyright © 2019 Samsung Electronics # Copyright © 2020 Bitnami, Orange # @@ -560,6 +561,23 @@ metrics: requests: cpu: 0.5 memory: 256Mi + ## MariaDB Galera metrics container's liveness and readiness probes + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 ## MySQL Prometheus exporter service parameters ## service: diff --git a/kubernetes/common/music/resources/config/startup.sh b/kubernetes/common/music/resources/config/startup.sh index e3cee36f1f..eb84b084d0 100755 --- a/kubernetes/common/music/resources/config/startup.sh +++ b/kubernetes/common/music/resources/config/startup.sh @@ -1,6 +1,6 @@ -#!/bin/bash +#!/bin/sh + {{/* -# # ============LICENSE_START========================================== # org.onap.music # =================================================================== diff --git a/kubernetes/common/timescaledb/resources/init/init-schema.sh b/kubernetes/common/timescaledb/resources/init/init-schema.sh index ab83cffae2..9cc0f5ff9f 100644 --- a/kubernetes/common/timescaledb/resources/init/init-schema.sh +++ b/kubernetes/common/timescaledb/resources/init/init-schema.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # ============LICENSE_START======================================================= # Copyright (c) 2021 Bell Canada. diff --git a/kubernetes/config/prepull_docker.sh b/kubernetes/config/prepull_docker.sh index efd0bd14d3..596ace6ad5 100755 --- a/kubernetes/config/prepull_docker.sh +++ b/kubernetes/config/prepull_docker.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh #function to provide help #desc: this function provide help menu @@ -110,7 +110,7 @@ do #remove attional prefix and postfix imageNameFinal=`echo "$imageName" | sed -e 's/^"//' -e 's/"$//' ` - #check if line contain Version as a subtag in lines if yes then call docker pull with version + #check if line contain Version as a subtag in lines if yes then call docker pull with version if echo $line | grep -q $IMAGE_VERSION_TEXT ; then echo docker pull "$imageNameWithVersion":"$imageNameFinal" docker pull $imageNameWithVersion:$imageNameFinal & diff --git a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh index 2c672e2f07..94c95d6c30 100755 --- a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh +++ b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh waitForEjbcaToStart() { until $(curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth --output /dev/null --silent --head --fail) diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh index 460c046632..3c66feeb46 100755 --- a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh @@ -1,4 +1,4 @@ -#!/bin/bash -e +#!/bin/sh -e # Copyright 2020 Samsung Electronics Co., Ltd. # @@ -24,23 +24,24 @@ SPATH="$( dirname "$( which "$0" )" )" usage() { cat << ==usage $0 [cluster_domain] [lb_ip] [helm_chart_args] ... - [cluster_domain] Default value simpledemo.onap.org - [lb_ip] Default value LoadBalancer IP - [helm_chart_args] ... Optional arguments passed to helm install command + [cluster_domain] Default value simpledemo.onap.org + [lb_ip] Default value LoadBalancer IP + [helm_chart_args] ... Optional arguments passed to helm install command $0 --help This message $0 --info Display howto configure target machine ==usage } -target_machine_notice_info() { +target_machine_notice_info() +{ cat << ==infodeploy Extra DNS server already deployed: 1. You can add the DNS server to the target machine using following commands: - sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT - sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT - sudo sysctl -w net.ipv4.conf.all.route_localnet=1 - sudo sysctl -w net.ipv4.ip_forward=1 + sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT + sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT + sudo sysctl -w net.ipv4.conf.all.route_localnet=1 + sudo sysctl -w net.ipv4.ip_forward=1 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine ==infodeploy } @@ -48,51 +49,51 @@ Extra DNS server already deployed: list_node_with_external_addrs() { - local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}') - for worker in $WORKER_NODES; do - local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') - local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }') - if [ $internal_ip != $external_ip ]; then - echo $external_ip - break - fi - done + local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}') + for worker in $WORKER_NODES; do + local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') + local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }') + if [ $internal_ip != $external_ip ]; then + echo $external_ip + break + fi + done } ingress_controller_ip() { - local metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system) - if [ -z $metal_ns ]; then - echo $CLUSTER_IP - else - list_node_with_external_addrs - fi + local metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system) + if [ -z $metal_ns ]; then + echo $CLUSTER_IP + else + list_node_with_external_addrs + fi } deploy() { - local ingress_ip=$(ingress_controller_ip) - initdir = $(pwd) - cd $SPATH/bind9dns - if [ $# -eq 0 ]; then - local cl_domain="simpledemo.onap.org" - else - local cl_domain=$1 - shift - fi - if [ $# -ne 0 ]; then - ingress_ip=$1 - shift - fi - helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@ - cd $initdir - target_machine_notice_info + local ingress_ip=$(ingress_controller_ip) + initdir = $(pwd) + cd $SPATH/bind9dns + if [ $# -eq 0 ]; then + local cl_domain="simpledemo.onap.org" + else + local cl_domain=$1 + shift + fi + if [ $# -ne 0 ]; then + ingress_ip=$1 + shift + fi + helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@ + cd $initdir + target_machine_notice_info } if [ $# -eq 1 ] && [ "$1" = "-h" ]; then - usage + usage elif [ $# -eq 1 ] && [ "$1" = "--help" ]; then - usage + usage elif [ $# -eq 1 ] && [ "$1" = "--info" ]; then target_machine_notice_info else - deploy $@ + deploy $@ fi diff --git a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh index bf2bc121a7..c62e2a51bd 100755 --- a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh +++ b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh @@ -1,4 +1,5 @@ -#!/bin/bash -e +#!/bin/sh -e + # # Copyright 2020 Samsung Electronics Co., Ltd. # @@ -15,7 +16,8 @@ # limitations under the License. # -usage() { +usage() +{ cat << ==usage $0 Automatic configuration using external addresess from nodes $0 --help This message @@ -27,14 +29,14 @@ $0 [cluster_ip1] ... [cluster_ipn] Cluster address or ip ranges find_nodes_with_external_addrs() { - local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}') - for worker in $WORKER_NODES; do - local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') - local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }') - if [ $internal_ip != $external_ip ]; then - echo $external_ip - fi - done + local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}') + for worker in $WORKER_NODES; do + local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') + local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }') + if [ $internal_ip != $external_ip ]; then + echo $external_ip + fi + done } generate_config_map() @@ -56,32 +58,32 @@ CNFEOF } generate_config_from_single_addr() { - generate_config_map "$1 - $1" + generate_config_map "$1 - $1" } install_metallb() { - kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/namespace.yaml - kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/metallb.yaml - # Only when install - kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)" + kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/namespace.yaml + kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/metallb.yaml + # Only when install + kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)" } automatic_configuration() { - install_metallb - generate_config_from_single_addr $(find_nodes_with_external_addrs) + install_metallb + generate_config_from_single_addr $(find_nodes_with_external_addrs) } manual_configuration() { - install_metallb - generate_config_map $@ + install_metallb + generate_config_map $@ } if [ $# -eq 1 ] && [ "$1" = "-h" ]; then - usage + usage if [ $# -eq 1 ] && [ "$1" = "--help" ]; then - usage + usage elif [ $# -eq 0 ]; then - automatic_configuration + automatic_configuration else - manual_configuration $@ + manual_configuration $@ fi diff --git a/kubernetes/contrib/tools/check-for-staging-images.sh b/kubernetes/contrib/tools/check-for-staging-images.sh index 543e918cfa..9705ee6ea8 100755 --- a/kubernetes/contrib/tools/check-for-staging-images.sh +++ b/kubernetes/contrib/tools/check-for-staging-images.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # Copyright © 2020 Samsung Electronics # diff --git a/kubernetes/contrib/tools/rke/rke_setup.sh b/kubernetes/contrib/tools/rke/rke_setup.sh index 2ee123b36a..a8938a96ee 100755 --- a/kubernetes/contrib/tools/rke/rke_setup.sh +++ b/kubernetes/contrib/tools/rke/rke_setup.sh @@ -1,4 +1,5 @@ -#!/bin/bash +#!/bin/sh + ############################################################################# # Copyright © 2019 Bell. # diff --git a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml index f181b82fec..0bc7d5bccb 100644 --- a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml +++ b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml @@ -16,25 +16,7 @@ # limitations under the License. */}} -server: - port: 8080 - -rest: - api: - cps-base-path: /cps/api - xnf-base-path: /cps-nf-proxy/api - spring: - main: - banner-mode: "off" - jpa: - ddl-auto: create - open-in-view: false - properties: - hibernate: - enable_lazy_load_no_trans: true - dialect: org.hibernate.dialect.PostgreSQLDialect - datasource: url: jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }} username: ${DB_USERNAME} @@ -42,46 +24,32 @@ spring: driverClassName: org.postgresql.Driver initialization-mode: always - cache: - type: caffeine - cache-names: yangSchema - caffeine: - spec: maximumSize=10000,expireAfterAccess=10m - liquibase: change-log: classpath:changelog/changelog-master.yaml labels: {{ .Values.config.liquibaseLabels }} security: - # comma-separated uri patterns which do not require authorization - permit-uri: /manage/health/**,/manage/info,/swagger-ui/**,/swagger-resources/**,/v3/api-docs - auth: - username: ${CPS_USERNAME} - password: ${CPS_PASSWORD} - -# Actuator -management: - endpoints: - web: - base-path: /manage - exposure: - include: info,health,loggers - endpoint: - health: - show-details: always - # kubernetes probes: liveness and readiness - probes: - enabled: true - loggers: - enabled: true - + # comma-separated uri patterns which do not require authorization + permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/api-docs + auth: + username: ${CPS_USERNAME} + password: ${CPS_PASSWORD} logging: level: org: springframework: {{ .Values.logging.level }} +dmi: + auth: + username: ${DMI_USERNAME} + password: ${DMI_PASSWORD} + +{{- if .Values.config.eventPublisher }} +{{ toYaml .Values.config.eventPublisher | nindent 2 }} +{{- end }} + {{- if .Values.config.additional }} {{ toYaml .Values.config.additional | nindent 2 }} {{- end }} - # Last empty line is required otherwise the last property will be missing from application.yml file in the pod. + diff --git a/kubernetes/cps/components/cps-core/templates/deployment.yaml b/kubernetes/cps/components/cps-core/templates/deployment.yaml index 2047a39497..e6ee161feb 100644 --- a/kubernetes/cps/components/cps-core/templates/deployment.yaml +++ b/kubernetes/cps/components/cps-core/templates/deployment.yaml @@ -21,6 +21,12 @@ kind: Deployment metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: replicas: {{ .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} selector: {{- include "common.selectors" . | nindent 4 }} template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} @@ -47,6 +53,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }} - name: CPS_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }} + - name: DMI_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "login") | indent 12 }} + - name: DMI_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "password") | indent 12 }} + volumeMounts: - mountPath: /config-input name: init-data-input diff --git a/kubernetes/cps/README.md b/kubernetes/cps/components/cps-core/templates/serviceMonitor.yaml index 876da2ca57..a49a662aed 100644 --- a/kubernetes/cps/README.md +++ b/kubernetes/cps/components/cps-core/templates/serviceMonitor.yaml @@ -1,22 +1,23 @@ -# ============LICENSE_START========================================== -# =================================================================== -# Copyright (C) 2021 Pantheon.tech -# +{{/* +# ============LICENSE_START======================================================= +# Copyright (c) 2021 Bell Canada +# ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# + +# http://www.apache.org/licenses/LICENSE-2.0 + # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -#============LICENSE_END============================================ - -# Helm Chart for CPS Applications - -ONAP Configuration Persistence Service (CPS) includes the following Kubernetes services: +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} -1) cps-core - Configuration Persistence Service together with Nf Configuration Persistence Service
\ No newline at end of file +{{- if .Values.prometheus.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml index ae8bccd2a8..4f788e7977 100644 --- a/kubernetes/cps/components/cps-core/values.yaml +++ b/kubernetes/cps/components/cps-core/values.yaml @@ -17,15 +17,15 @@ ################################################################# secrets: - uid: pg-root-pass - name: &pgRootPassSecretName '{{ include "common.release" . }}-cps-pg-root-pass' + name: &pgRootPassSecretName '{{ include "common.release" . }}-cps-core-pg-root-pass' type: password - externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "cps-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "cps-core-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' password: '{{ .Values.postgres.config.pgRootpassword }}' policy: generate - uid: pg-user-creds - name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-pg-user-creds' + name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-core-pg-user-creds' type: basicAuth - externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "cps-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "cps-core-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' login: '{{ .Values.postgres.config.pgUserName }}' password: '{{ .Values.postgres.config.pgUserPassword }}' passwordPolicy: generate @@ -35,6 +35,12 @@ secrets: login: '{{ .Values.config.appUserName }}' password: '{{ .Values.config.appUserPassword }}' passwordPolicy: generate + - uid: dmi-plugin-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.dmiPluginUserExternalSecret) . }}' + login: '{{ .Values.config.dmiPluginUserName }}' + password: '{{ .Values.config.dmiPluginUserPassword }}' + passwordPolicy: generate ################################################################# # Global configuration defaults. @@ -47,8 +53,9 @@ global: virtualhost: baseurl: "simpledemo.onap.org" -image: onap/cps-and-nf-proxy:1.0.1 +image: onap/cps-and-ncmp:2.0.0 containerPort: &svc_port 8080 +managementPort: &mgt_port 8081 service: type: ClusterIP @@ -56,6 +63,24 @@ service: ports: - name: &port http port: *svc_port + - name: management + port: *mgt_port + targetPort: *mgt_port + +prometheus: + enabled: true + +metrics: + serviceMonitor: + enabled: true + port: management + ## specify target port if name is not given to the port in the service definition + ## + # targetPort: 8080 + path: /manage/prometheus + interval: 60s + basicAuth: + enabled: false pullPolicy: Always # flag to enable debugging - application support required @@ -91,13 +116,13 @@ liveness: # in debugger so K8s doesn't restart unresponsive container enabled: true path: /manage/health - port: *port + port: *mgt_port readiness: initialDelaySeconds: 15 periodSeconds: 15 path: /manage/health - port: *port + port: *mgt_port ingress: enabled: true @@ -130,13 +155,31 @@ config: spring: profile: helm #appUserPassword: - + dmiPluginUserName: dmiuser # Any new property can be added in the env by setting in overrides in the format mentioned below # All the added properties must be in "key: value" format insead of yaml. # additional: # spring.config.max-size: 200 # spring.config.min-size: 10 + eventPublisher: + spring.kafka.bootstrap-servers: message-router-kafka:9092 + spring.kafka.security.protocol: SASL_PLAINTEXT + spring.kafka.properties.sasl.mechanism: PLAIN + spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=admin_secret; + spring.kafka.producer.client-id: cps-core + + additional: + notification.data-updated.enabled: true + notification.data-updated.topic: cps.data-updated-events + notification.data-updated.filters.enabled-dataspaces: "" + notification.async.enabled: false + notification.async.executor.core-pool-size: 2 + notification.async.executor.max-pool-size: 1 + notification.async.executor.queue-capacity: 500 + notification.async.executor.wait-for-tasks-to-complete-on-shutdown: true + notification.async.executor.thread-name-prefix: Async- + logging: level: INFO path: /tmp @@ -145,18 +188,18 @@ logging: # Postgres overriding defaults in the postgres ################################################################# postgres: - nameOverride: &postgresName cps-postgres + nameOverride: &postgresName cps-core-postgres service: name: *postgresName - name2: cps-pg-primary - name3: cps-pg-replica + name2: cps-core-pg-primary + name3: cps-core-pg-replica container: name: - primary: cps-pg-primary - replica: cps-pg-replica + primary: cps-core-pg-primary + replica: cps-core-pg-replica persistence: - mountSubPath: cps/data - mountInitPath: cps + mountSubPath: cps-core/data + mountInitPath: cps-core config: pgUserName: cps pgDatabase: cpsdb @@ -165,4 +208,10 @@ postgres: readinessCheck: wait_for: - - cps-postgres + - *postgresName + +minReadySeconds: 10 +updateStrategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 diff --git a/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml b/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml index 6654b26556..32ae51b51a 100644 --- a/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml +++ b/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml @@ -23,23 +23,18 @@ spring: url: jdbc:postgresql://{{ .Values.timescaledb.service.name }}:5432/{{ .Values.timescaledb.config.pgDatabase }} username: ${DB_USERNAME} password: ${DB_PASSWORD} - kafka: - bootstrap-servers: [{{ .Values.config.kafka.service }}:{{ .Values.config.kafka.port }}] - security: - protocol: {{ .Values.config.kafka.protocol }} - consumer: - group-id: {{ .Values.config.kafka.consumerGroupId }} security: auth: username: ${APP_USERNAME} password: ${APP_PASSWORD} -app: - listener: - data-updated: - topic: {{ .Values.config.kafka.listenerTopic }} +# Event consumption properties (kafka) +{{- if .Values.config.eventConsumption }} +{{ toYaml .Values.config.eventConsumption | nindent 2 }} +{{- end }} +# Additional properties {{- if .Values.config.additional }} {{ toYaml .Values.config.additional | nindent 2 }} {{- end }} diff --git a/kubernetes/cps/components/cps-temporal/values.yaml b/kubernetes/cps/components/cps-temporal/values.yaml index 6874fa2ff0..da055d0242 100644 --- a/kubernetes/cps/components/cps-temporal/values.yaml +++ b/kubernetes/cps/components/cps-temporal/values.yaml @@ -140,19 +140,20 @@ config: profile: helm #appUserPassword: + # Event consumption (kafka) properties + # All Kafka properties must be in "key: value" format instead of yaml. + eventConsumption: + spring.kafka.bootstrap-servers: message-router-kafka:9092 + spring.kafka.security.protocol: PLAINTEXT + spring.kafka.consumer.group-id: cps-temporal-group + app.listener.data-updated.topic: cps.data-updated-events + # Any new property can be added in the env by setting in overrides in the format mentioned below # All the added properties must be in "key: value" format instead of yaml. # additional: # spring.config.max-size: 200 # spring.config.min-size: 10 - kafka: - service: message-router-kafka - port: 9092 - listenerTopic: cps.cfg-state-events - consumerGroupId: cps-temporal-group - protocol: PLAINTEXT - logging: level: INFO path: /tmp diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml index d388823f9e..2e5018807c 100644 --- a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml +++ b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml @@ -18,19 +18,19 @@ # ============LICENSE_END========================================================= */}} -server: - port: 8080 +dmi: + service: + name: {{ .Values.config.dmiServiceName }} cps-core: - baseUrl: http://${CPS_CORE_HOST:cps}:${CPS_CORE_PORT:8080} - dmiRegistrationUrl : /cps-ncmp/api/ncmp-dmi/v1/ch + baseUrl: {{ .Values.config.cpsCore.url }} auth: username: ${CPS_CORE_USERNAME} password: ${CPS_CORE_PASSWORD} sdnc: - baseUrl: http://${SDNC_HOST:sdnc}:${SDNC_PORT:8181} - topologyId: ${SDNC_TOPOLOGY_ID:topology-netconf} + baseUrl: {{ .Values.config.sdnc.url }} + topologyId: {{ .Values.config.sdnc.topologyId }} auth: username: ${SDNC_USERNAME} password: ${SDNC_PASSWORD} diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/logback.xml b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/logback.xml deleted file mode 100644 index 2a62c86e77..0000000000 --- a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/logback.xml +++ /dev/null @@ -1,36 +0,0 @@ -<!-- - ============LICENSE_START======================================================= - Copyright (C) 2021 Nordix Foundation - ================================================================================ - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - SPDX-License-Identifier: Apache-2.0 - ============LICENSE_END========================================================= ---> - -<configuration scan="true" scanPeriod="30 seconds" debug="false"> - - <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <encoder> - <pattern>%d - %highlight(%-5level) [%-20.20thread] %cyan(%logger{36}) - %msg%n</pattern> - </encoder> - </appender> - <appender name="AsyncSysOut" class="ch.qos.logback.classic.AsyncAppender"> - <appender-ref ref="STDOUT" /> - </appender> - - <root level="INFO"> - <appender-ref ref="AsyncSysOut" /> - </root> - -</configuration> - diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/NOTES.txt b/kubernetes/cps/components/ncmp-dmi-plugin/templates/NOTES.txt deleted file mode 100644 index 66f5302a11..0000000000 --- a/kubernetes/cps/components/ncmp-dmi-plugin/templates/NOTES.txt +++ /dev/null @@ -1,39 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - export SERVICE_PORT=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.spec.ports[0].port}') - echo http://$SERVICE_IP:$SERVICE_PORT -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export POD_PORT=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:$POD_PORT -{{- end }} diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml index d2fd5c9c49..3d154dba64 100644 --- a/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml +++ b/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml @@ -23,18 +23,18 @@ kind: Deployment metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: replicas: {{ .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} selector: {{- include "common.selectors" . | nindent 4 }} template: metadata: labels: app.kubernetes.io/name: {{ include "common.name" . }} app.kubernetes.io/instance: {{ include "common.release" . }} - {{- if .Values.prometheus.enabled }} - annotations: - prometheus.io/scrape: "true" - prometheus.io/path: 'manage/prometheus' - prometheus.io/port: {{ .Values.managementPort | quote }} - {{- end }} spec: {{ include "common.podSecurityContext" . | indent 6 | trim}} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }} @@ -49,17 +49,17 @@ spec: - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: DMI_PLUGIN_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "user-creds" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }} - name: DMI_PLUGIN_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "user-creds" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }} - name: SDNC_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "login") | indent 12 }} - name: SDNC_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "password") | indent 12 }} - name: CPS_CORE_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "core-creds" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-core-creds" "key" "login") | indent 12 }} - name: CPS_CORE_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "core-creds" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-core-creds" "key" "password") | indent 12 }} volumeMounts: - mountPath: /config-input name: init-data-input @@ -101,9 +101,6 @@ spec: - mountPath: /app/resources/application-helm.yml subPath: application-helm.yml name: init-data - - mountPath: /app/resources/logback.xml - subPath: logback.xml - name: init-data - mountPath: /tmp name: init-temp volumes: diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/serviceMonitor.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/templates/serviceMonitor.yaml new file mode 100644 index 0000000000..a49a662aed --- /dev/null +++ b/kubernetes/cps/components/ncmp-dmi-plugin/templates/serviceMonitor.yaml @@ -0,0 +1,23 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (c) 2021 Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{- if .Values.prometheus.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml index 245a5d7048..3f40a79b84 100644 --- a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml +++ b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml @@ -20,7 +20,7 @@ # Secrets. ################################################################# secrets: - - uid: user-creds + - uid: app-user-creds type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}' login: '{{ .Values.config.appUserName }}' @@ -29,14 +29,14 @@ secrets: - uid: sdnc-creds type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}' - login: '{{ .Values.config.sdncUser }}' - password: '{{ .Values.config.sdncPassword }}' + login: '{{ .Values.config.sdnc.username }}' + password: '{{ .Values.config.sdnc.password }}' passwordPolicy: required - - uid: core-creds + - uid: cps-core-creds type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.coreCredsExternalSecret) . }}' - login: '{{ .Values.config.coreUser }}' - password: '{{ .Values.config.corePassword }}' + externalSecret: '{{ tpl (default "" .Values.config.cpsCore.credsExternalSecret) . }}' + login: '{{ .Values.config.cpsCore.username }}' + password: '{{ .Values.config.cpsCore.password }}' passwordPolicy: generate ################################################################# @@ -53,11 +53,10 @@ managementPort: &mgt_port 8081 prometheus: enabled: true - interval: 60s service: type: ClusterIP - name: ncmp-dmi-plugin + name: &svc_name ncmp-dmi-plugin ports: - name: &port http port: *svc_port @@ -65,6 +64,18 @@ service: port: *mgt_port targetPort: *mgt_port +metrics: + serviceMonitor: + enabled: true + port: management + ## specify target port if name is not given to the port in the service definition + ## + # targetPort: 8080 + path: /manage/prometheus + interval: 60s + basicAuth: + enabled: false + pullPolicy: IfNotPresent # flag to enable debugging - application support required debugEnabled: false @@ -112,7 +123,7 @@ ingress: service: - baseaddr: "ncmp-dmi-plugin" path: "/" - name: "ncmp-dmi-plugin" + name: *svc_name port: *svc_port serviceAccount: @@ -132,14 +143,20 @@ config: # REST API basic authentication credentials (passsword is generated if not provided) appUserName: ncmpuser + #appUserPassword: spring: profile: helm - #appUserPassword: - sdncUser: admin - sdncPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U - - coreUser: cpsuser + dmiServiceName: http://*svc_name:*svc_port + sdnc: + url: http://sdnc:8181 + username: admin + password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + topologyId: topology-netconf + cpsCore: + url: http://cps-core:8080 + username: cpsuser + #password: # Any new property can be added in the env by setting in overrides in the format mentioned below # All the added properties must be in "key: value" format insead of yaml. @@ -154,4 +171,10 @@ logging: readinessCheck: wait_for: - - cps-postgres + - cps-core + +minReadySeconds: 10 +updateStrategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 diff --git a/kubernetes/cps/values.yaml b/kubernetes/cps/values.yaml index cda726d0d3..6093fa72fa 100755 --- a/kubernetes/cps/values.yaml +++ b/kubernetes/cps/values.yaml @@ -23,6 +23,13 @@ secrets: login: '{{ .Values.config.coreUserName }}' password: '{{ .Values.config.coreUserPassword }}' passwordPolicy: generate + - uid: dmi-plugin-user-creds + name: &dmi-plugin-creds-secret '{{ include "common.release" . }}-cps-dmi-plugin-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.dmiPluginUserExternalSecret) . }}' + login: '{{ .Values.config.dmiPluginUserName }}' + password: '{{ .Values.config.dmiPluginUserPassword }}' + passwordPolicy: generate passwordStrengthOverride: basic global: @@ -32,12 +39,14 @@ global: config: coreUserName: cpsuser + dmiPluginUserName: dmiuser # Enable all CPS components by default cps-core: enabled: true config: appUserExternalSecret: *core-creds-secret + dmiPluginUserExternalSecret: *dmi-plugin-creds-secret cps-temporal: enabled: true @@ -45,4 +54,6 @@ cps-temporal: ncmp-dmi-plugin: enabled: true config: - coreCredsExternalSecret: *core-creds-secret + appUserExternalSecret: *dmi-plugin-creds-secret + cpsCore: + credsExternalSecret: *core-creds-secret diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml index 2eb3e5ae00..9815bf7ed6 100644 --- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml @@ -55,7 +55,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.components.bbs-event-processor:2.1.0 +image: onap/org.onap.dcaegen2.services.components.bbs-event-processor:2.1.1 pullPolicy: Always # Log directory where logging sidecar should look for log files diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml index d092b83937..faff44cc56 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml @@ -49,7 +49,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.datalakeadminui:1.1.0 +image: onap/org.onap.dcaegen2.services.datalakeadminui:1.1.1 # Log directory where logging sidecar should look for log files # if absent, no sidecar will be deployed diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml index 09637c5cfc..8847f298e8 100644 --- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml @@ -56,7 +56,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.heartbeat:2.2.0 +image: onap/org.onap.dcaegen2.services.heartbeat:2.3.1 pullPolicy: Always # Log directory where logging sidecar should look for log files diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml index 425016878c..802c830005 100644 --- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml @@ -49,7 +49,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.components.kpi-ms:1.0.0 +image: onap/org.onap.dcaegen2.services.components.kpi-ms:1.0.1 pullPolicy: Always # Log directory where logging sidecar should look for log files @@ -66,6 +66,11 @@ certDirectory: /opt/app/kpims/etc/cert/ tlsServer: true enable_tls: true +dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 +policies: + policyID: | + '["com.Config_KPIMS_CONFIG_POLICY"]' + # Dependencies readinessCheck: wait_for: diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml index 5e1a678bdf..0dff427f49 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml @@ -54,7 +54,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.pm-mapper:1.7.1 +image: onap/org.onap.dcaegen2.services.pm-mapper:1.7.2 pullPolicy: Always # Log directory where logging sidecar should look for log files diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml index 0efcf2eb3d..512bd2643a 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml @@ -56,7 +56,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.pmsh:1.3.1 +image: onap/org.onap.dcaegen2.services.pmsh:1.3.2 pullPolicy: Always # Log directory where logging sidecar should look for log files diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml index 35d108d000..5974d80e81 100644 --- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml @@ -56,7 +56,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.0.4 +image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.0.6 # Log directory where logging sidecar should look for log files # if absent, no sidecar will be deployed diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml index 31c6b46e95..a0ab079e1d 100644 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml @@ -56,7 +56,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.son-handler:2.1.3 +image: onap/org.onap.dcaegen2.services.son-handler:2.1.4 pullPolicy: Always # Log directory where logging sidecar should look for log files diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml index cceed6289c..778f6c94ed 100644 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml @@ -94,8 +94,7 @@ service: # policyRelease: "onap" # policyID: | # '["onap.vfirewall.tca","onap.vdns.tca"]' -# filter: | -# '["DCAE.Config_vfirewall_.*"]' + aaiCreds: user: DCAE diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 3bb09f0330..f3e6c29d53 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -104,7 +104,7 @@ mongo: disableNfsProvisioner: true # application image -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.3.4 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.3.5 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml index 63f96044fa..1d421427c3 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml @@ -36,7 +36,7 @@ config: # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.platform.configbinding:2.5.3 +image: onap/org.onap.dcaegen2.platform.configbinding:2.5.4 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml index 0972e6b6b9..233f6e4651 100644 --- a/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml index bd2766f6db..556ac90e02 100644 --- a/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml @@ -84,5 +84,6 @@ spec: value: {{ .Values.config.nifiJarsIndexURL }} - name: NIFI_DCAE_DISTRIBUTOR_API_URL value: {{ .Values.config.distributorAPIURL }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml index 74c7bdb223..86aad57b1b 100644 --- a/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml @@ -90,3 +90,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcaemod-designtool + roles: + - read diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml index b242fbf51d..268442616b 100644 --- a/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml index 696b43a536..f36c2af002 100644 --- a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml @@ -72,5 +72,6 @@ spec: - name : ONBOARDING_API_URL value: {{ .Values.config.onboardingAPIURL }} resources: {{ include "common.resources" . | nindent 12 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml index 541f239d77..61ccfdef79 100644 --- a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml @@ -89,3 +89,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcaemod-distributor-api + roles: + - read diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml index b242fbf51d..268442616b 100644 --- a/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml index 40b0f3edc4..26f6586688 100644 --- a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml @@ -72,6 +72,7 @@ spec: - mountPath: /www/data name: genprocessor-data readOnly: true + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: genprocessor-data persistentVolumeClaim: diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml index 4b79525c83..81c5888f10 100644 --- a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml @@ -96,3 +96,9 @@ resources: memory: 2Gi unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: dcaemod-genprocessor + roles: + - read + diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml index 0697ceb1d6..3762a2acea 100644 --- a/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml index 0eaa2296bb..f46dc5f287 100644 --- a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml @@ -58,6 +58,7 @@ spec: value: {{ include "common.namespace" . }} - name: HELM_RELEASE value: {{ include "common.release" . }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-expected-components configMap: diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml index 6a4fd542e7..bbc72a5b08 100644 --- a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml @@ -64,4 +64,9 @@ resources: memory: 2Gi unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: dcaemod-healthcheck + roles: + - read diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml index b242fbf51d..268442616b 100644 --- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml index 90561ac231..53f1de59bc 100644 --- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml @@ -69,6 +69,7 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dbsecret" "key" "login") | indent 12 }} - name: NIFI_REGISTRY_DB_PASS {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dbsecret" "key" "password") | indent 12 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: flow-storage persistentVolumeClaim: diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml index 25b3b9e318..a0bbacc7ef 100644 --- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml @@ -88,3 +88,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcaemod-nifi-registry + roles: + - read diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml index 7416c8cf4f..9320cd04ca 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml @@ -25,3 +25,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml index b795f6b736..5c7d1b6d0d 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml @@ -78,5 +78,6 @@ spec: value: "5432" - name: PG_DB_NAME value: dcae_onboarding_db + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml index 9401bf5340..c36e9b7129 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml @@ -114,3 +114,9 @@ resources: memory: 2Gi unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: dcaemod-onboarding-api + roles: + - read + diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml index b242fbf51d..268442616b 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml index 42f596db1e..d5c37e9858 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml @@ -71,6 +71,7 @@ spec: value: {{ .Values.config.bpResourcesCpuLimit }} - name: BP_RESOURCES_MEMORY_LIMIT value: {{ .Values.config.bpResourcesMemoryLimit }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml index 22c4cdb3b2..e54608b30e 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -93,3 +93,9 @@ resources: memory: 2Gi unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: dcaemod-runtime-api + roles: + - read + diff --git a/kubernetes/helm/plugins/deploy/deploy.sh b/kubernetes/helm/plugins/deploy/deploy.sh index 2182dde1d6..5820e77521 100755 --- a/kubernetes/helm/plugins/deploy/deploy.sh +++ b/kubernetes/helm/plugins/deploy/deploy.sh @@ -22,13 +22,13 @@ You can specify the '--values'/'-f' flag multiple times. The priority will be gi last (right-most) file specified. For example, if both myvalues.yaml and override.yaml contained a key called 'Test', the value set in override.yaml would take precedence: - $ helm deploy demo ./onap --namespace onap -f openstack.yaml -f overrides.yaml + $ helm deploy demo ./onap --namespace onap -f openstack.yaml -f overrides.yaml You can specify the '--set' flag multiple times. The priority will be given to the last (right-most) set specified. For example, if both 'bar' and 'newbar' values are set for a key called 'foo', the 'newbar' value would take precedence: - $ helm deploy demo local/onap --namespace onap -f overrides.yaml --set log.enabled=false --set vid.enabled=false + $ helm deploy demo local/onap --namespace onap -f overrides.yaml --set log.enabled=false --set vid.enabled=false Usage: helm deploy [RELEASE] [CHART] [flags] @@ -242,17 +242,17 @@ deploy() { else echo "release \"${RELEASE}-${subchart}\" deployed" fi - # Add annotation last-applied-configuration if set-last-applied flag is set + # Add annotation last-applied-configuration if set-last-applied flag is set if [ "$SET_LAST_APPLIED" = "true" ]; then helm get manifest "${RELEASE}-${subchart}" \ | kubectl apply set-last-applied --create-annotation -n onap -f - \ - > $LOG_FILE.log 2>&1 + > $LOG_FILE.log 2>&1 fi fi - if [ "$DELAY" = "true" ]; then - echo sleep 3m - sleep 180 - fi + if [ "$DELAY" = "true" ]; then + echo sleep 3m + sleep 180 + fi else array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}")) n=${#array[*]} diff --git a/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh b/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh index cbcbf7a8bf..18692d8afa 100755 --- a/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh +++ b/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh @@ -1,16 +1,11 @@ +#!/bin/sh + #!/usr/bin/dumb-init /bin/sh +# As of docker 1.13, using docker run --init achieves the same outcome than dumb-init. + set -e set -x -# Note above that we run dumb-init as PID 1 in order to reap zombie processes -# as well as forward signals to all processes in its session. Normally, sh -# wouldn't do either of these functions so we'd leak zombies as well as do -# unclean termination of all our sub-processes. -# As of docker 1.13, using docker run --init achieves the same outcome. - -# You can set CONSUL_BIND_INTERFACE to the name of the interface you'd like to -# bind to and this will look up the IP and pass the proper -bind= option along -# to Consul. CONSUL_BIND= if [ -n "$CONSUL_BIND_INTERFACE" ]; then CONSUL_BIND_ADDRESS=$(ip -o -4 addr list $CONSUL_BIND_INTERFACE | head -n1 | awk '{print $4}' | cut -d/ -f1) @@ -48,7 +43,7 @@ CONSUL_CONFIG_DIR=/consul/config # You can also set the CONSUL_LOCAL_CONFIG environemnt variable to pass some # Consul configuration JSON without having to bind any volumes. if [ -n "$CONSUL_LOCAL_CONFIG" ]; then - echo "$CONSUL_LOCAL_CONFIG" > "$CONSUL_CONFIG_DIR/local.json" + echo "$CONSUL_LOCAL_CONFIG" > "$CONSUL_CONFIG_DIR/local.json" fi # If the user is trying to run Consul directly with some arguments, then diff --git a/kubernetes/msb/components/msb-discovery/values.yaml b/kubernetes/msb/components/msb-discovery/values.yaml index 994e84b722..e981bbd091 100644 --- a/kubernetes/msb/components/msb-discovery/values.yaml +++ b/kubernetes/msb/components/msb-discovery/values.yaml @@ -21,7 +21,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/msb/msb_discovery:1.2.6 +image: onap/msb/msb_discovery:1.2.7 pullPolicy: Always istioSidecar: true diff --git a/kubernetes/msb/components/msb-eag/values.yaml b/kubernetes/msb/components/msb-eag/values.yaml index 3629eb43ec..0a343cf925 100644 --- a/kubernetes/msb/components/msb-eag/values.yaml +++ b/kubernetes/msb/components/msb-eag/values.yaml @@ -52,7 +52,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/msb/msb_apigateway:1.2.7 +image: onap/msb/msb_apigateway:1.2.8 pullPolicy: Always istioSidecar: true diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml index b95a11914d..baf2bec4bc 100644 --- a/kubernetes/msb/components/msb-iag/values.yaml +++ b/kubernetes/msb/components/msb-iag/values.yaml @@ -52,7 +52,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/msb/msb_apigateway:1.2.7 +image: onap/msb/msb_apigateway:1.2.8 pullPolicy: Always istioSidecar: true diff --git a/kubernetes/oof/components/oof-has/resources/config/healthy.sh b/kubernetes/oof/components/oof-has/resources/config/healthy.sh index 21296ff22a..5495e4271b 100755 --- a/kubernetes/oof/components/oof-has/resources/config/healthy.sh +++ b/kubernetes/oof/components/oof-has/resources/config/healthy.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh {{/* # Copyright © 2017 Amdocs, Bell Canada diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json index 66a42f0171..0c9d6a504f 100755 --- a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json +++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json @@ -5,7 +5,8 @@ "port": 6969, "userName": "${RESTSERVER_USER}", "password": "${RESTSERVER_PASSWORD}", - "https": true + "https": true, + "prometheus": true }, "pdpStatusParameters":{ "pdpGroup": "defaultGroup", diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/config.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/config.json deleted file mode 100755 index d6bd17f65b..0000000000 --- a/kubernetes/policy/components/policy-apex-pdp/resources/config/config.json +++ /dev/null @@ -1,66 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2018 Ericsson. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} -{ - "javaProperties" : [ - ["javax.net.ssl.trustStore", "/opt/app/policy/apex-pdp/etc/ssl/policy-truststore"], - ["javax.net.ssl.trustStorePassword", "${TRUSTSTORE_PASSWORD_BASE64}"] - ], - "engineServiceParameters": { - "name": "MyApexEngine", - "version": "0.0.1", - "id": 45, - "instanceCount": 4, - "deploymentPort": 12345, - "policyModelFileName": "examples/models/SampleDomain/SamplePolicyModelJAVASCRIPT.json", - "engineParameters": { - "executorParameters": { - "JAVASCRIPT": { - "parameterClassName": "org.onap.policy.apex.plugins.executor.javascript.JavascriptExecutorParameters" - } - } - } - }, - "eventOutputParameters": { - "FirstProducer": { - "carrierTechnologyParameters": { - "carrierTechnology": "FILE", - "parameters": { - "standardIo": true - } - }, - "eventProtocolParameters": { - "eventProtocol": "JSON" - } - } - }, - "eventInputParameters": { - "FirstConsumer": { - "carrierTechnologyParameters": { - "carrierTechnology": "FILE", - "parameters": { - "standardIo": true - } - }, - "eventProtocolParameters": { - "eventProtocol": "JSON" - } - } - } -} diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index eb6292a039..3983d932a0 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-apex-pdp:2.5.2 +image: onap/policy-apex-pdp:2.6.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-api/resources/config/config.json b/kubernetes/policy/components/policy-api/resources/config/config.json index 729eea87ff..ce59965521 100755 --- a/kubernetes/policy/components/policy-api/resources/config/config.json +++ b/kubernetes/policy/components/policy-api/resources/config/config.json @@ -25,7 +25,8 @@ "userName":"${RESTSERVER_USER}", "password":"${RESTSERVER_PASSWORD}", "https": true, - "aaf": false + "aaf": false, + "prometheus": true }, "databaseProviderParameters": { "name": "PolicyProviderParameterGroup", diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index 36eb5c4899..87ddd73adf 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -78,7 +78,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-api:2.4.2 +image: onap/policy-api:2.5.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-distribution/resources/config/config.json b/kubernetes/policy/components/policy-distribution/resources/config/config.json index ae31633843..615afc6351 100755 --- a/kubernetes/policy/components/policy-distribution/resources/config/config.json +++ b/kubernetes/policy/components/policy-distribution/resources/config/config.json @@ -2,6 +2,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2020 AT&T Intellectual Property. +# Modifications Copyright (C) 2021 Bell Canada. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,7 +26,8 @@ "port":6969, "userName":"${RESTSERVER_USER}", "password":"${RESTSERVER_PASSWORD}", - "https":true + "https":true, + "prometheus": true }, "receptionHandlerParameters":{ "SDCReceptionHandler":{ @@ -69,8 +71,8 @@ ], "consumerGroup": "policy-group", "environmentName": "AUTO", - "keystorePath": "null", - "keystorePassword": "null", + "keyStorePath": "null", + "keyStorePassword": "null", "activeserverTlsAuth": false, "isFilterinEmptyResources": true, "isUseHttpsWithDmaap": true @@ -91,18 +93,21 @@ "parameterClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiForwarderParameters", "parameters":{ "apiParameters": { - "hostName": "policy-api", - "port": 6969, - "userName": "${API_USER}", - "password": "${API_PASSWORD}" - }, + "clientName": "policy-api", + "hostname": "policy-api", + "port": 6969, + "userName": "${API_USER}", + "password": "${API_PASSWORD}", + "useHttps": true + }, "papParameters": { - "hostName": "policy-pap", - "port": 6969, - "userName": "${PAP_USER}", - "password": "${PAP_PASSWORD}" + "clientName": "policy-pap", + "hostname": "policy-pap", + "port": 6969, + "userName": "${PAP_USER}", + "password": "${PAP_PASSWORD}", + "useHttps": true }, - "isHttps": true, "deployPolicies": true } } diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index fb6ef6e039..1614bd840e 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -67,7 +67,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/policy-distribution:2.5.2 +image: onap/policy-distribution:2.6.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf index ec8d119fa6..ff532ab5c1 100755 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf @@ -1,6 +1,7 @@ {{/* # Copyright © 2017-2018 Amdocs, Bell Canada. # Modifications Copyright (C) 2018-2020 AT&T Intellectual Property. +# Modifications Copyright (C) 2021 Bell Canada. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -40,6 +41,7 @@ REPOSITORY_OFFLINE={{.Values.nexus.offline}} # Relational (SQL) DB access SQL_HOST={{ .Values.db.name }} +SQL_PORT=3306 # AAF @@ -47,6 +49,11 @@ AAF={{.Values.aaf.enabled}} AAF_NAMESPACE=org.onap.policy AAF_HOST=aaf-locate.{{.Release.Namespace}} +# HTTP Servers + +HTTP_SERVER_HTTPS=true +PROMETHEUS=true + # PDP-D DMaaP configuration channel PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION @@ -85,6 +92,7 @@ DCAE_CONSUMER_GROUP=dcae.policy.shared # Open DMaaP DMAAP_SERVERS=message-router +DMAAP_HTTPS=true # AAI diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/engine-system.properties b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/engine-system.properties new file mode 100644 index 0000000000..c7cca2b03a --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/engine-system.properties @@ -0,0 +1,45 @@ +# +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# + +# system properties set within the application + +java.net.preferIPv4Stack=true + +# jmx + +com.sun.management.jmxremote.port=9991 +com.sun.management.jmxremote.authenticate=false +com.sun.management.jmxremote.ssl=false + +# certs + +javax.net.ssl.trustStore=${envd:TRUSTSTORE:/opt/app/policy/etc/ssl/policy-truststore} +javax.net.ssl.trustStorePassword=${envd:TRUSTSTORE_PASSWD} + +javax.net.ssl.keyStore=${envd:KEYSTORE} +javax.net.ssl.keyStorePassword=${envd:KEYSTORE_PASSWD} + +# kie + +kie.maven.offline.force=${envd:REPOSITORY_OFFLINE:false} + +# symmetric key for sensitive configuration data + +engine.symm.key=${envd:SYMM_KEY} diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml index 7173d80e57..2fc08e4e5d 100755 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml @@ -80,7 +80,7 @@ <maxHistory>30</maxHistory> <totalSizeCap>10GB</totalSizeCap> </rollingPolicy> - <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" /> + <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" /> <encoder> <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> </encoder> @@ -98,7 +98,7 @@ <maxHistory>30</maxHistory> <totalSizeCap>10GB</totalSizeCap> </rollingPolicy> - <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" /> + <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" /> <encoder> <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> </encoder> @@ -119,7 +119,7 @@ </appender> <appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender"> - <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" /> + <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" /> <encoder> <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> </encoder> @@ -130,7 +130,7 @@ </appender> <appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender"> - <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" /> + <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" /> <encoder> <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> </encoder> diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 38d398998c..678cce74ee 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs +# Copyright © 2017, 2021 Bell Canada # Modifications Copyright © 2018-2021 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -34,7 +35,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pdpd-cl:1.8.2 +image: onap/policy-pdpd-cl:1.9.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-pap/resources/config/config.json b/kubernetes/policy/components/policy-pap/resources/config/config.json index 0b30a27535..e5cbd22105 100755 --- a/kubernetes/policy/components/policy-pap/resources/config/config.json +++ b/kubernetes/policy/components/policy-pap/resources/config/config.json @@ -1,6 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (C) 2019 Nordix Foundation. +# Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,7 +26,8 @@ "userName":"${RESTSERVER_USER}", "password":"${RESTSERVER_PASSWORD}", "https": true, - "aaf": false + "aaf": false, + "prometheus": true }, "pdpParameters": { "heartBeatMs": 120000, @@ -47,6 +49,7 @@ "databasePassword": "${SQL_PASSWORD}", "persistenceUnit": "PolicyMariaDb" }, + "savePdpStatisticsInDb": true, "topicParameterGroup": { "topicSources" : [{ "topic" : "POLICY-PDP-PAP", @@ -54,6 +57,15 @@ "useHttps": true, "fetchTimeout": 15000, "topicCommInfrastructure" : "dmaap" + }, + { + "topic" : "POLICY-HEARTBEAT", + "effectiveTopic": "POLICY-PDP-PAP", + "consumerGroup": "policy-pap", + "servers" : [ "message-router" ], + "useHttps": true, + "fetchTimeout": 15000, + "topicCommInfrastructure" : "dmaap" }], "topicSinks" : [{ "topic" : "POLICY-PDP-PAP", diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 3c4c3e5ec6..c373e04cf2 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -92,7 +92,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pap:2.4.2 +image: onap/policy-pap:2.5.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json index a626a046a5..19b4d9c03b 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json @@ -27,17 +27,20 @@ "userName": "${RESTSERVER_USER}", "password": "${RESTSERVER_PASSWORD}", "https": true, - "aaf": false + "aaf": false, + "prometheus": true }, "policyApiParameters": { - "host": "policy-api", + "hostname": "policy-api", "port": 6969, "userName": "${API_USER}", "password": "${API_PASSWORD}", - "https": true, + "useHttps": true, "aaf": false }, - "applicationPath": "/opt/app/policy/pdpx/apps", + "applicationParameters": { + "applicationPath": "/opt/app/policy/pdpx/apps" + }, "topicParameterGroup": { "topicSources" : [{ "topic" : "POLICY-PDP-PAP", diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 9eda53ee9b..91984cc81b 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -83,7 +83,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-xacml-pdp:2.4.2 +image: onap/policy-xacml-pdp:2.5.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/resources/config/db.sh b/kubernetes/policy/resources/config/db.sh index 90c987984f..7b9437217d 100755 --- a/kubernetes/policy/resources/config/db.sh +++ b/kubernetes/policy/resources/config/db.sh @@ -18,10 +18,10 @@ mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; }; -for db in support onap_sdk log migration operationshistory10 pooling policyadmin policyclamp operationshistory +for db in migration pooling policyadmin policyclamp operationshistory do - mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};" - mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;" + mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};" + mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;" done mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;" diff --git a/kubernetes/policy/resources/config/db_migrator_policy_init.sh b/kubernetes/policy/resources/config/db_migrator_policy_init.sh new file mode 100644 index 0000000000..d1cc108fec --- /dev/null +++ b/kubernetes/policy/resources/config/db_migrator_policy_init.sh @@ -0,0 +1,21 @@ +#!/bin/sh +{{/* +# Copyright (C) 2021 Nordix Foundation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB} +/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o upgrade +rc=$? +/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o report +exit $rc diff --git a/kubernetes/policy/templates/configmap.yaml b/kubernetes/policy/templates/configmap.yaml index 7809c746bb..17558f86ea 100755 --- a/kubernetes/policy/templates/configmap.yaml +++ b/kubernetes/policy/templates/configmap.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018, 2020 AT&T Intellectual Property +# Modifications Copyright (C) 2021 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,4 +27,4 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/db.sh").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/*.sh").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index 72c94f30c5..d781a634ae 100755 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada # Modifications Copyright © 2020 AT&T Intellectual Property +# Modifications Copyright (C) 2021 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -47,7 +48,6 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - containers: - name: {{ include "common.release" . }}-policy-galera-config image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadb.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -71,6 +71,32 @@ spec: value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" resources: {{ include "common.resources" . }} + containers: + - name: {{ include "common.release" . }}-policy-galera-db-migrator + image: {{ .Values.repository }}/{{ .Values.dbmigrator.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /dbcmd-config/db_migrator_policy_init.sh + name: {{ include "common.fullname" . }}-config + subPath: db_migrator_policy_init.sh + command: + - /bin/sh + args: + - -x + - /dbcmd-config/db_migrator_policy_init.sh + env: + - name: SQL_HOST + value: "{{ index .Values "mariadb-galera" "service" "name" }}" + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: SQL_DB + value: {{ .Values.dbmigrator.schema }} + - name: POLICY_HOME + value: {{ .Values.dbmigrator.policy_home }} + resources: +{{ include "common.resources" . }} restartPolicy: Never serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: @@ -80,3 +106,5 @@ spec: items: - key: db.sh path: db.sh + - key: db_migrator_policy_init.sh + path: db_migrator_policy_init.sh diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 92344dd2fe..5478e5baa8 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2020 AT&T Intellectual Property +# Modifications Copyright (C) 2021 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -84,6 +85,11 @@ pullPolicy: Always mariadb: image: mariadb:10.5.8 +dbmigrator: + image: onap/policy-db-migrator:2.3.0 + schema: policyadmin + policy_home: "/opt/app/policy" + subChartsOnly: enabled: true diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh index f5dcbff6bf..a363ab3bb0 100644 --- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh +++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh @@ -5,18 +5,18 @@ shopt -s nullglob # logging functions mysql_log() { - local type="$1"; shift - printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*" + local type="$1"; shift + printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*" } mysql_note() { - mysql_log Note "$@" + mysql_log Note "$@" } mysql_warn() { - mysql_log Warn "$@" >&2 + mysql_log Warn "$@" >&2 } mysql_error() { - mysql_log ERROR "$@" >&2 - exit 1 + mysql_log ERROR "$@" >&2 + exit 1 } # usage: file_env VAR [DEFAULT] @@ -24,170 +24,170 @@ mysql_error() { # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of # "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - mysql_error "Both $var and $fileVar are set (but are exclusive)" - fi - local val="$def" - # val="${!var}" - # val="$(< "${!fileVar}")" - # eval replacement of the bashism equivalents above presents no security issue here - # since var and fileVar variables contents are derived from the file_env() function arguments. - # This method is only called inside this script with a limited number of possible values. - if [ "${!var:-}" ]; then - eval val=\$$var - elif [ "${!fileVar:-}" ]; then - val="$(< "$(eval echo "\$$fileVar")")" - fi - export "$var"="$val" - unset "$fileVar" + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + mysql_error "Both $var and $fileVar are set (but are exclusive)" + fi + local val="$def" + # val="${!var}" + # val="$(< "${!fileVar}")" + # eval replacement of the bashism equivalents above presents no security issue here + # since var and fileVar variables contents are derived from the file_env() function arguments. + # This method is only called inside this script with a limited number of possible values. + if [ "${!var:-}" ]; then + eval val=\$$var + elif [ "${!fileVar:-}" ]; then + val="$(< "$(eval echo "\$$fileVar")")" + fi + export "$var"="$val" + unset "$fileVar" } # check to see if this file is being run or sourced from another script _is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] } # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* # process initializer files, based on file extensions docker_process_init_files() { - # mysql here for backwards compatibility "${mysql[@]}" - mysql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - mysql_note "$0: running $f" - "$f" - else - mysql_note "$0: sourcing $f" - . "$f" - fi - ;; - *.sql) mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;; - *.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *) mysql_warn "$0: ignoring $f" ;; - esac - echo - done + # mysql here for backwards compatibility "${mysql[@]}" + mysql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + mysql_note "$0: running $f" + "$f" + else + mysql_note "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;; + *.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *) mysql_warn "$0: ignoring $f" ;; + esac + echo + done } mysql_check_config() { - local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors - if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then - mysql_error "$(printf 'mysqld failed while attempting to check config\n\tcommand was: ')${toRun[*]}$(printf'\n\t')$errors" - fi + local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors + if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then + mysql_error "$(printf 'mysqld failed while attempting to check config\n\tcommand was: ')${toRun[*]}$(printf'\n\t')$errors" + fi } # Fetch value from server config # We use mysqld --verbose --help instead of my_print_defaults because the # latter only show values present in config files, and not server defaults mysql_get_config() { - local conf="$1"; shift - "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \ - | awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }' - # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)" + local conf="$1"; shift + "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \ + | awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }' + # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)" } # Do a temporary startup of the MySQL server, for init purposes docker_temp_server_start() { - "$@" --skip-networking --socket="${SOCKET}" & - mysql_note "Waiting for server startup" - local i - for i in $(seq 30 -1 0); do - # only use the root password if the database has already been initializaed - # so that it won't try to fill in a password file when it hasn't been set yet - extraArgs="" - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - extraArgs=${extraArgs}" --dont-use-mysql-root-password" - fi - if echo 'SELECT 1' |docker_process_sql ${extraArgs} --database=mysql >/dev/null 2>&1; then - break - fi - sleep 1 - done - if [ "$i" = 0 ]; then - mysql_error "Unable to start server." - fi + "$@" --skip-networking --socket="${SOCKET}" & + mysql_note "Waiting for server startup" + local i + for i in $(seq 30 -1 0); do + # only use the root password if the database has already been initializaed + # so that it won't try to fill in a password file when it hasn't been set yet + extraArgs="" + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + extraArgs=${extraArgs}" --dont-use-mysql-root-password" + fi + if echo 'SELECT 1' |docker_process_sql ${extraArgs} --database=mysql >/dev/null 2>&1; then + break + fi + sleep 1 + done + if [ "$i" = 0 ]; then + mysql_error "Unable to start server." + fi } # Stop the server. When using a local socket file mysqladmin will block until # the shutdown is complete. docker_temp_server_stop() { - if ! mysqladmin --defaults-extra-file=<( _mysql_passfile ) shutdown -uroot --socket="${SOCKET}"; then - mysql_error "Unable to shut down server." - fi + if ! mysqladmin --defaults-extra-file=<( _mysql_passfile ) shutdown -uroot --socket="${SOCKET}"; then + mysql_error "Unable to shut down server." + fi } # Verify that the minimally required password settings are set for new databases. docker_verify_minimum_env() { - if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then - mysql_error "$(printf'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD')" - fi + if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then + mysql_error "$(printf'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD')" + fi } # creates folders for the database # also ensures permission for user mysql of run as root docker_create_db_directories() { - local user; user="$(id -u)" + local user; user="$(id -u)" - # TODO other directories that are used by default? like /var/lib/mysql-files - # see https://github.com/docker-library/mysql/issues/562 - mkdir -p "$DATADIR" + # TODO other directories that are used by default? like /var/lib/mysql-files + # see https://github.com/docker-library/mysql/issues/562 + mkdir -p "$DATADIR" - if [ "$user" = "0" ]; then - # this will cause less disk access than `chown -R` - find "$DATADIR" \! -user mysql -exec chown mysql '{}' + - fi + if [ "$user" = "0" ]; then + # this will cause less disk access than `chown -R` + find "$DATADIR" \! -user mysql -exec chown mysql '{}' + + fi } # initializes the database directory docker_init_database_dir() { - mysql_note "Initializing database files" - installArgs=" --datadir=$DATADIR --rpm " - if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then - # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password - # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3 - # (this flag doesn't exist in 10.0 and below) - installArgs=${installArgs}" --auth-root-authentication-method=normal" - fi - # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here) - mysql_install_db ${installArgs} "$(echo ${@} | sed 's/^ *[^ ]* *//')" - mysql_note "Database files initialized" + mysql_note "Initializing database files" + installArgs=" --datadir=$DATADIR --rpm " + if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then + # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password + # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3 + # (this flag doesn't exist in 10.0 and below) + installArgs=${installArgs}" --auth-root-authentication-method=normal" + fi + # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here) + mysql_install_db ${installArgs} "$(echo ${@} | sed 's/^ *[^ ]* *//')" + mysql_note "Database files initialized" } # Loads various settings that are used elsewhere in the script # This should be called after mysql_check_config, but before any other functions docker_setup_env() { - # Get config - declare -g DATADIR SOCKET - DATADIR="$(mysql_get_config 'datadir' "$@")" - SOCKET="$(mysql_get_config 'socket' "$@")" - - # Initialize values that might be stored in a file - file_env 'MYSQL_ROOT_HOST' '%' - file_env 'MYSQL_DATABASE' - file_env 'MYSQL_USER' - file_env 'MYSQL_PASSWORD' - file_env 'MYSQL_ROOT_PASSWORD' - file_env 'PORTAL_DB_TABLES' - - declare -g DATABASE_ALREADY_EXISTS - if [ -d "$DATADIR/mysql" ]; then - DATABASE_ALREADY_EXISTS='true' - fi + # Get config + declare -g DATADIR SOCKET + DATADIR="$(mysql_get_config 'datadir' "$@")" + SOCKET="$(mysql_get_config 'socket' "$@")" + + # Initialize values that might be stored in a file + file_env 'MYSQL_ROOT_HOST' '%' + file_env 'MYSQL_DATABASE' + file_env 'MYSQL_USER' + file_env 'MYSQL_PASSWORD' + file_env 'MYSQL_ROOT_PASSWORD' + file_env 'PORTAL_DB_TABLES' + + declare -g DATABASE_ALREADY_EXISTS + if [ -d "$DATADIR/mysql" ]; then + DATABASE_ALREADY_EXISTS='true' + fi } # Execute sql script, passed via stdin @@ -195,178 +195,178 @@ docker_setup_env() { # ie: docker_process_sql --database=mydb <<<'INSERT ...' # ie: docker_process_sql --dont-use-mysql-root-password --database=mydb <my-file.sql docker_process_sql() { - passfileArgs="" - if [ '--dont-use-mysql-root-password' = "$1" ]; then - passfileArgs=${passfileArgs}" $1" - shift - fi - # args sent in can override this db, since they will be later in the command - if [ -n "$MYSQL_DATABASE" ]; then - set -- --database="$MYSQL_DATABASE" "$@" - fi - - mysql --defaults-extra-file=<( _mysql_passfile ${passfileArgs}) --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@" + passfileArgs="" + if [ '--dont-use-mysql-root-password' = "$1" ]; then + passfileArgs=${passfileArgs}" $1" + shift + fi + # args sent in can override this db, since they will be later in the command + if [ -n "$MYSQL_DATABASE" ]; then + set -- --database="$MYSQL_DATABASE" "$@" + fi + + mysql --defaults-extra-file=<( _mysql_passfile ${passfileArgs}) --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@" } # Initializes database with timezone info and root password, plus optional extra db/user docker_setup_db() { - # Load timezone info into database - if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then - { - # Aria in 10.4+ is slow due to "transactional" (crash safety) - # https://jira.mariadb.org/browse/MDEV-23326 - # https://github.com/docker-library/mariadb/issues/262 - local tztables=( time_zone time_zone_leap_second time_zone_name time_zone_transition time_zone_transition_type ) - for table in "${tztables[@]}"; do - echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=0 */;" - done - - # sed is for https://bugs.mysql.com/bug.php?id=20545 - mysql_tzinfo_to_sql /usr/share/zoneinfo \ - | sed 's/Local time zone must be set--see zic manual page/FCTY/' - - for table in "${tztables[@]}"; do - echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=1 */;" - done - } | docker_process_sql --dont-use-mysql-root-password --database=mysql - # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is not set yet - fi - # Generate random root password - if [ -n "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then - export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)" - mysql_note "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" - fi - # Sets root password and creates root users for non-localhost hosts - local rootCreate= - # default root to listen for connections from anywhere - if [ -n "$MYSQL_ROOT_HOST" ] && [ "$MYSQL_ROOT_HOST" != 'localhost' ]; then - # no, we don't care if read finds a terminating character in this heredoc - # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151 - read -r -d '' rootCreate <<-EOSQL || true - CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; - GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ; - EOSQL - fi - - # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is just now being set - docker_process_sql --dont-use-mysql-root-password --database=mysql <<-EOSQL - -- What's done in this file shouldn't be replicated - -- or products like mysql-fabric won't work - SET @@SESSION.SQL_LOG_BIN=0; - - DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mariadb.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ; - SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ; - -- 10.1: https://github.com/MariaDB/server/blob/d925aec1c10cebf6c34825a7de50afe4e630aff4/scripts/mysql_secure_installation.sh#L347-L365 - -- 10.5: https://github.com/MariaDB/server/blob/00c3a28820c67c37ebbca72691f4897b57f2eed5/scripts/mysql_secure_installation.sh#L351-L369 - DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' ; - - GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ; - FLUSH PRIVILEGES ; - ${rootCreate} - DROP DATABASE IF EXISTS test ; - EOSQL - - # Creates a custom database and user if specified - if [ -n "$MYSQL_DATABASE" ]; then - mysql_note "Creating database ${MYSQL_DATABASE}" - echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" |docker_process_sql --database=mysql - fi - - if [ -n "$MYSQL_USER" ] && [ -n "$MYSQL_PASSWORD" ]; then - mysql_note "Creating user ${MYSQL_USER}" - echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" |docker_process_sql --database=mysql - - if [ -n "$MYSQL_DATABASE" ]; then - mysql_note "Giving user ${MYSQL_USER} access to schema ${MYSQL_DATABASE}" - echo "GRANT ALL ON \`$(echo $MYSQL_DATABASE | sed 's@_@\\_@g')\`.* TO '$MYSQL_USER'@'%' ;" | docker_process_sql --database=mysql - fi - - echo "FLUSH PRIVILEGES ;" | docker_process_sql --database=mysql - fi + # Load timezone info into database + if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then + { + # Aria in 10.4+ is slow due to "transactional" (crash safety) + # https://jira.mariadb.org/browse/MDEV-23326 + # https://github.com/docker-library/mariadb/issues/262 + local tztables=( time_zone time_zone_leap_second time_zone_name time_zone_transition time_zone_transition_type ) + for table in "${tztables[@]}"; do + echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=0 */;" + done + + # sed is for https://bugs.mysql.com/bug.php?id=20545 + mysql_tzinfo_to_sql /usr/share/zoneinfo \ + | sed 's/Local time zone must be set--see zic manual page/FCTY/' + + for table in "${tztables[@]}"; do + echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=1 */;" + done + } | docker_process_sql --dont-use-mysql-root-password --database=mysql + # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is not set yet + fi + # Generate random root password + if [ -n "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then + export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)" + mysql_note "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" + fi + # Sets root password and creates root users for non-localhost hosts + local rootCreate= + # default root to listen for connections from anywhere + if [ -n "$MYSQL_ROOT_HOST" ] && [ "$MYSQL_ROOT_HOST" != 'localhost' ]; then + # no, we don't care if read finds a terminating character in this heredoc + # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151 + read -r -d '' rootCreate <<-EOSQL || true + CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; + GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ; +EOSQL + fi + + # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is just now being set + docker_process_sql --dont-use-mysql-root-password --database=mysql <<-EOSQL + -- What's done in this file shouldn't be replicated + -- or products like mysql-fabric won't work + SET @@SESSION.SQL_LOG_BIN=0; + + DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mariadb.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ; + SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ; + -- 10.1: https://github.com/MariaDB/server/blob/d925aec1c10cebf6c34825a7de50afe4e630aff4/scripts/mysql_secure_installation.sh#L347-L365 + -- 10.5: https://github.com/MariaDB/server/blob/00c3a28820c67c37ebbca72691f4897b57f2eed5/scripts/mysql_secure_installation.sh#L351-L369 + DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' ; + + GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ; + FLUSH PRIVILEGES ; + ${rootCreate} + DROP DATABASE IF EXISTS test ; +EOSQL + + # Creates a custom database and user if specified + if [ -n "$MYSQL_DATABASE" ]; then + mysql_note "Creating database ${MYSQL_DATABASE}" + echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" |docker_process_sql --database=mysql + fi + + if [ -n "$MYSQL_USER" ] && [ -n "$MYSQL_PASSWORD" ]; then + mysql_note "Creating user ${MYSQL_USER}" + echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" |docker_process_sql --database=mysql + + if [ -n "$MYSQL_DATABASE" ]; then + mysql_note "Giving user ${MYSQL_USER} access to schema ${MYSQL_DATABASE}" + echo "GRANT ALL ON \`$(echo $MYSQL_DATABASE | sed 's@_@\\_@g')\`.* TO '$MYSQL_USER'@'%' ;" | docker_process_sql --database=mysql + fi + + echo "FLUSH PRIVILEGES ;" | docker_process_sql --database=mysql + fi } _mysql_passfile() { - # echo the password to the "file" the client uses - # the client command will use process substitution to create a file on the fly - # ie: --defaults-extra-file=<( _mysql_passfile ) - if [ '--dont-use-mysql-root-password' != "$1" ] && [ -n "$MYSQL_ROOT_PASSWORD" ]; then - cat <<-EOF - [client] - password="${MYSQL_ROOT_PASSWORD}" - EOF - fi + # echo the password to the "file" the client uses + # the client command will use process substitution to create a file on the fly + # ie: --defaults-extra-file=<( _mysql_passfile ) + if [ '--dont-use-mysql-root-password' != "$1" ] && [ -n "$MYSQL_ROOT_PASSWORD" ]; then + cat <<-EOF + [client] + password="${MYSQL_ROOT_PASSWORD}" +EOF + fi } # check arguments for an option that would cause mysqld to stop # return true if there is one _mysql_want_help() { - local arg - for arg; do - case "$arg" in - -'?'|--help|--print-defaults|-V|--version) - return 0 - ;; - esac - done - return 1 + local arg + for arg; do + case "$arg" in + -'?'|--help|--print-defaults|-V|--version) + return 0 + ;; + esac + done + return 1 } _main() { - # if command starts with an option, prepend mysqld - if echo "$1" | grep '^-' >/dev/null; then - set -- mysqld "$@" - fi - - # skip setup if they aren't running mysqld or want an option that stops mysqld - if [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then - mysql_note "Entrypoint script for MySQL Server ${MARIADB_VERSION} started." - - mysql_check_config "$@" - # Load various environment variables - docker_setup_env "$@" - docker_create_db_directories - - # If container is started as root user, restart as dedicated mysql user - if [ "$(id -u)" = "0" ]; then - mysql_note "Switching to dedicated user 'mysql'" - exec gosu mysql "$0" "$@" - fi - - # there's no database, so it needs to be initialized - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir "$@" - - mysql_note "Starting temporary server" - docker_temp_server_start "$@" - mysql_note "Temporary server started." - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - for i in $(echo $PORTAL_DB_TABLES | sed "s/,/ /g") - do - echo "Granting portal user ALL PRIVILEGES for table $i" - echo "GRANT ALL ON \`$i\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" - done - - mysql_note "Stopping temporary server" - docker_temp_server_stop - mysql_note "Temporary server stopped" - - echo - mysql_note "MySQL init process done. Ready for start up." - echo - fi - fi - exec "$@" + # if command starts with an option, prepend mysqld + if echo "$1" | grep '^-' >/dev/null; then + set -- mysqld "$@" + fi + + # skip setup if they aren't running mysqld or want an option that stops mysqld + if [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then + mysql_note "Entrypoint script for MySQL Server ${MARIADB_VERSION} started." + + mysql_check_config "$@" + # Load various environment variables + docker_setup_env "$@" + docker_create_db_directories + + # If container is started as root user, restart as dedicated mysql user + if [ "$(id -u)" = "0" ]; then + mysql_note "Switching to dedicated user 'mysql'" + exec gosu mysql "$0" "$@" + fi + + # there's no database, so it needs to be initialized + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir "$@" + + mysql_note "Starting temporary server" + docker_temp_server_start "$@" + mysql_note "Temporary server started." + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + for i in $(echo $PORTAL_DB_TABLES | sed "s/,/ /g") + do + echo "Granting portal user ALL PRIVILEGES for table $i" + echo "GRANT ALL ON \`$i\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" + done + + mysql_note "Stopping temporary server" + docker_temp_server_stop + mysql_note "Temporary server stopped" + + echo + mysql_note "MySQL init process done. Ready for start up." + echo + fi + fi + exec "$@" } # If we are sourced from elsewhere, don't perform any further actions if ! _is_sourced; then - _main "$@" + _main "$@" fi diff --git a/kubernetes/robot/demo-k8s.sh b/kubernetes/robot/demo-k8s.sh index 0d30557220..439390525f 100755 --- a/kubernetes/robot/demo-k8s.sh +++ b/kubernetes/robot/demo-k8s.sh @@ -1,4 +1,5 @@ -#!/bin/bash +#!/bin/sh + # Copyright (C) 2018 Amdocs, Bell Canada # Modifications Copyright (C) 2019 Samsung # Modifications Copyright (C) 2020 Nokia @@ -19,46 +20,46 @@ # usage () { - echo "Usage: demo-k8s.sh <namespace> <command> [<parameters>] [execscript]" - echo " " - echo " demo-k8s.sh <namespace> init" - echo " - Execute both init_customer + distribute" - echo " " - echo " demo-k8s.sh <namespace> init_customer" - echo " - Create demo customer (Demonstration) and services, etc." - echo " " - echo " demo-k8s.sh <namespace> distribute [<prefix>]" - echo " - Distribute demo models (demoVFW and demoVLB)" - echo " " - echo " demo-k8s.sh <namespace> preload <vnf_name> <module_name>" - echo " - Preload data for VNF for the <module_name>" - echo " " - echo " demo-k8s.sh <namespace> appc <module_name>" - echo " - provide APPC with vFW module mount point for closed loop" - echo " " - echo " demo-k8s.sh <namespace> init_robot [ <etc_hosts_prefix> ]" - echo " - Initialize robot after all ONAP VMs have started" - echo " " - echo " demo-k8s.sh <namespace> instantiateVFW" - echo " - Instantiate vFW module for the demo customer (DemoCust<uuid>)" - echo " " - echo " demo-k8s.sh <namespace> instantiateVFWdirectso csar_filename" - echo " - Instantiate vFW module using direct SO interface using previously distributed model " + echo "Usage: demo-k8s.sh <namespace> <command> [<parameters>] [execscript]" + echo " " + echo " demo-k8s.sh <namespace> init" + echo " - Execute both init_customer + distribute" + echo " " + echo " demo-k8s.sh <namespace> init_customer" + echo " - Create demo customer (Demonstration) and services, etc." + echo " " + echo " demo-k8s.sh <namespace> distribute [<prefix>]" + echo " - Distribute demo models (demoVFW and demoVLB)" + echo " " + echo " demo-k8s.sh <namespace> preload <vnf_name> <module_name>" + echo " - Preload data for VNF for the <module_name>" + echo " " + echo " demo-k8s.sh <namespace> appc <module_name>" + echo " - provide APPC with vFW module mount point for closed loop" + echo " " + echo " demo-k8s.sh <namespace> init_robot [ <etc_hosts_prefix> ]" + echo " - Initialize robot after all ONAP VMs have started" + echo " " + echo " demo-k8s.sh <namespace> instantiateVFW" + echo " - Instantiate vFW module for the demo customer (DemoCust<uuid>)" + echo " " + echo " demo-k8s.sh <namespace> instantiateVFWdirectso csar_filename" + echo " - Instantiate vFW module using direct SO interface using previously distributed model " echo " that is in /tmp/csar in robot container" - echo " " + echo " " echo " demo-k8s.sh <namespace> instantiateVLB_CDS" echo " - Instantiate vLB module using CDS with a preloaded CBA " echo " " - echo " demo-k8s.sh <namespace> deleteVNF <module_name from instantiateVFW>" - echo " - Delete the module created by instantiateVFW" - echo " " - echo " demo-k8s.sh <namespace> vfwclosedloop <pgn-ip-address>" + echo " demo-k8s.sh <namespace> deleteVNF <module_name from instantiateVFW>" + echo " - Delete the module created by instantiateVFW" + echo " " + echo " demo-k8s.sh <namespace> vfwclosedloop <pgn-ip-address>" echo " - vFWCL: Sets the packet generator to high and low rates, and checks whether the policy " echo " kicks in to modulate the rates back to medium" - echo " " - echo " demo-k8s.sh <namespace> <command> [<parameters>] execscript" - echo " - Optional parameter to execute user custom scripts located in scripts/demoscript directory" - echo " " + echo " " + echo " demo-k8s.sh <namespace> <command> [<parameters>] execscript" + echo " - Optional parameter to execute user custom scripts located in scripts/demoscript directory" + echo " " } # Check if execscript flag is used and drop it from input arguments @@ -74,8 +75,8 @@ echo "Number of parameters:" echo $# if [ $# -lt 2 ];then - usage - exit + usage + exit fi NAMESPACE=$1 @@ -86,80 +87,80 @@ shift ## while [ $# -gt 0 ] do - key="$1" + key="$1" echo "KEY:" echo $key - case $key in - init_robot) - TAG="UpdateWebPage" - echo "WEB Site Password for user 'test': " - stty -echo - read WEB_PASSWORD - stty echo - if [ "$WEB_PASSWORD" = "" ]; then - echo "" - echo "WEB Password is required for user 'test'" - exit - fi - VARIABLES="$VARIABLES -v WEB_PASSWORD:$WEB_PASSWORD" - shift - if [ $# -eq 2 ];then - VARIABLES="$VARIABLES -v HOSTS_PREFIX:$1" - fi - shift - ;; - init) - TAG="InitDemo" - shift - ;; - vescollector) - TAG="vescollector" - shift - ;; + case $key in + init_robot) + TAG="UpdateWebPage" + echo "WEB Site Password for user 'test': " + stty -echo + read WEB_PASSWORD + stty echo + if [ "$WEB_PASSWORD" = "" ]; then + echo "" + echo "WEB Password is required for user 'test'" + exit + fi + VARIABLES="$VARIABLES -v WEB_PASSWORD:$WEB_PASSWORD" + shift + if [ $# -eq 2 ];then + VARIABLES="$VARIABLES -v HOSTS_PREFIX:$1" + fi + shift + ;; + init) + TAG="InitDemo" + shift + ;; + vescollector) + TAG="vescollector" + shift + ;; distribute_vcpe) - TAG="distributeVCPE" - shift - ;; - init_customer) - TAG="InitCustomer" - shift - ;; - distribute) - TAG="InitDistribution" - shift - if [ $# -eq 1 ];then - VARIABLES="$VARIABLES -v DEMO_PREFIX:$1" - fi - shift - ;; - preload) - TAG="PreloadDemo" - shift - if [ $# -ne 2 ];then - echo "Usage: demo-k8s.sh <namespace> preload <vnf_name> <module_name>" - exit - fi - VARIABLES="$VARIABLES -v VNF_NAME:$1" - shift - VARIABLES="$VARIABLES -v MODULE_NAME:$1" - shift - ;; - appc) - TAG="APPCMountPointDemo" - shift - if [ $# -ne 1 ];then - echo "Usage: demo-k8s.sh <namespace> appc <module_name>" - exit - fi - VARIABLES="$VARIABLES -v MODULE_NAME:$1" - shift - ;; - instantiateVFW) - TAG="instantiateVFW" - VARIABLES="$VARIABLES -v GLOBAL_BUILD_NUMBER:$$" - shift - ;; + TAG="distributeVCPE" + shift + ;; + init_customer) + TAG="InitCustomer" + shift + ;; + distribute) + TAG="InitDistribution" + shift + if [ $# -eq 1 ];then + VARIABLES="$VARIABLES -v DEMO_PREFIX:$1" + fi + shift + ;; + preload) + TAG="PreloadDemo" + shift + if [ $# -ne 2 ];then + echo "Usage: demo-k8s.sh <namespace> preload <vnf_name> <module_name>" + exit + fi + VARIABLES="$VARIABLES -v VNF_NAME:$1" + shift + VARIABLES="$VARIABLES -v MODULE_NAME:$1" + shift + ;; + appc) + TAG="APPCMountPointDemo" + shift + if [ $# -ne 1 ];then + echo "Usage: demo-k8s.sh <namespace> appc <module_name>" + exit + fi + VARIABLES="$VARIABLES -v MODULE_NAME:$1" + shift + ;; + instantiateVFW) + TAG="instantiateVFW" + VARIABLES="$VARIABLES -v GLOBAL_BUILD_NUMBER:$$" + shift + ;; instantiateVFWdirectso) TAG="instantiateVFWdirectso" shift @@ -175,21 +176,21 @@ do VARIABLES="$VARIABLES -v GLOBAL_BUILD_NUMBER:$$" shift ;; - deleteVNF) - TAG="deleteVNF" - shift - if [ $# -ne 1 ];then - echo "Usage: demo-k8s.sh <namespace> deleteVNF <module_name from instantiateVFW>" - exit - fi - VARFILE=$1.py - VARIABLES="$VARIABLES -V /share/${VARFILE}" - shift - ;; - cds) - TAG="cds" - shift - ;; + deleteVNF) + TAG="deleteVNF" + shift + if [ $# -ne 1 ];then + echo "Usage: demo-k8s.sh <namespace> deleteVNF <module_name from instantiateVFW>" + exit + fi + VARFILE=$1.py + VARIABLES="$VARIABLES -V /share/${VARFILE}" + shift + ;; + cds) + TAG="cds" + shift + ;; distributeVFWNG) TAG="distributeVFWNG" shift @@ -208,10 +209,10 @@ do VARIABLES="$VARIABLES -v PACKET_GENERATOR_HOST:$1 -v pkg_host:$1" shift ;; - *) - usage - exit - esac + *) + usage + exit + esac done set -x diff --git a/kubernetes/robot/ete-k8s.sh b/kubernetes/robot/ete-k8s.sh index 01cf0922fa..4ef8f462f0 100755 --- a/kubernetes/robot/ete-k8s.sh +++ b/kubernetes/robot/ete-k8s.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # Copyright © 2018 Amdocs, Bell Canada # diff --git a/kubernetes/robot/eteHelm-k8s.sh b/kubernetes/robot/eteHelm-k8s.sh index 8b74da77f8..1b31c16e81 100755 --- a/kubernetes/robot/eteHelm-k8s.sh +++ b/kubernetes/robot/eteHelm-k8s.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. # diff --git a/kubernetes/robot/instantiate-k8s.sh b/kubernetes/robot/instantiate-k8s.sh index 623870b9f3..aef812b143 100755 --- a/kubernetes/robot/instantiate-k8s.sh +++ b/kubernetes/robot/instantiate-k8s.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # Copyright 2019 AT&T Intellectual Property. All rights reserved. # diff --git a/kubernetes/robot/scripts/etescript/hvves-etescript.sh b/kubernetes/robot/scripts/etescript/hvves-etescript.sh index 63e90cdec6..16fec57b15 100755 --- a/kubernetes/robot/scripts/etescript/hvves-etescript.sh +++ b/kubernetes/robot/scripts/etescript/hvves-etescript.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # Copyright © 2019 Nokia # @@ -24,46 +24,46 @@ HVVESPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:m generate_ca_key_cert () { - openssl genrsa -out $1/ca.key 2048 - openssl req -new -x509 -days 36500 -key $1/ca.key -out $1/ca.pem -subj /CN=dcae-hv-ves-ca.onap + openssl genrsa -out $1/ca.key 2048 + openssl req -new -x509 -days 36500 -key $1/ca.key -out $1/ca.pem -subj /CN=dcae-hv-ves-ca.onap } generate_server_key_csr () { - openssl genrsa -out $1/server.key 2048 - openssl req -new -key $1/server.key -out $1/server.csr -subj /CN=dcae-hv-ves-collector.onap + openssl genrsa -out $1/server.key 2048 + openssl req -new -key $1/server.key -out $1/server.csr -subj /CN=dcae-hv-ves-collector.onap } generate_client_key_csr () { - openssl genrsa -out $1/client.key 2048 - openssl req -new -key $1/client.key -out $1/client.csr -subj /CN=dcae-hv-ves-client.onap + openssl genrsa -out $1/client.key 2048 + openssl req -new -key $1/client.key -out $1/client.csr -subj /CN=dcae-hv-ves-client.onap } sign_server_and_client_cert () { - openssl x509 -req -days 36500 -in $1/server.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/server.pem -set_serial 00 - openssl x509 -req -days 36500 -in $1/client.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/client.pem -set_serial 00 + openssl x509 -req -days 36500 -in $1/server.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/server.pem -set_serial 00 + openssl x509 -req -days 36500 -in $1/client.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/client.pem -set_serial 00 } create_pkcs12_ca_and_server () { - openssl pkcs12 -export -out $1/ca.p12 -inkey $1/ca.key -in $1/ca.pem -passout pass: - openssl pkcs12 -export -out $1/server.p12 -inkey $1/server.key -in $1/server.pem -passout pass: + openssl pkcs12 -export -out $1/ca.p12 -inkey $1/ca.key -in $1/ca.pem -passout pass: + openssl pkcs12 -export -out $1/server.p12 -inkey $1/server.key -in $1/server.pem -passout pass: } copy_server_certs_to_hvves () { - for f in ca.p12 server.p12 - do - kubectl cp $1/$f $2/$3:$4 - done + for f in ca.p12 server.p12 + do + kubectl cp $1/$f $2/$3:$4 + done } copy_client_certs_to_robot () { - for f in ca.pem client.key client.pem - do + for f in ca.pem client.key client.pem + do kubectl cp $1/$f $2/$3:$4 done } cleanup () { - rm -f $1/ca.??? $1/server.??? s$1/client.??? + rm -f $1/ca.??? $1/server.??? s$1/client.??? } diff --git a/kubernetes/robot/scripts/etescript/security-etescript.sh b/kubernetes/robot/scripts/etescript/security-etescript.sh index 1cd911ca60..a114cf59ea 100755 --- a/kubernetes/robot/scripts/etescript/security-etescript.sh +++ b/kubernetes/robot/scripts/etescript/security-etescript.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # Copyright 2019 Samsung Electronics Co., Ltd. # @@ -25,29 +25,29 @@ TMPTPL='onap_security' CSV2JSON='import csv; import json; import sys; print(json.dumps({i[0]: i[1] for i in csv.reader(sys.stdin)}))' FILTER="$(tr -d [:space:] <<TEMPLATE {{range .items}} - {{range.spec.ports}} - {{if .nodePort}} - {{.nodePort}}{{','}}{{.name}}{{'\n'}} - {{end}} - {{end}} + {{range.spec.ports}} + {{if .nodePort}} + {{.nodePort}}{{','}}{{.name}}{{'\n'}} + {{end}} + {{end}} {{end}} TEMPLATE)" setup () { - export NODEPORTS_FILE="$(mktemp -p ${TMPDIR} ${TMPTPL}XXX)" + export NODEPORTS_FILE="$(mktemp -p ${TMPDIR} ${TMPTPL}XXX)" } create_actual_nodeport_json () { - kubectl get svc -n $NAMESPACE -o go-template="$FILTER" | python3 -c "$CSV2JSON" > "$NODEPORTS_FILE" + kubectl get svc -n $NAMESPACE -o go-template="$FILTER" | python3 -c "$CSV2JSON" > "$NODEPORTS_FILE" } copy_actual_nodeport_json_to_robot () { - kubectl cp "$1" "$2/$3:$4" + kubectl cp "$1" "$2/$3:$4" } cleanup () { - rm "$NODEPORTS_FILE" + rm "$NODEPORTS_FILE" } diff --git a/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh b/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh index a93f109085..e23e5ed83b 100755 --- a/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh +++ b/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # SPDX-License-Identifier: Apache-2.0 diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh index fa76a9ee40..6d7ada618d 100755 --- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh @@ -1,6 +1,6 @@ -#!/bin/bash -{{/* +#!/bin/sh +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/kubernetes/sdnc/resources/config/bin/createLinks.sh b/kubernetes/sdnc/resources/config/bin/createLinks.sh index 52c40723f9..d8a2025bea 100755 --- a/kubernetes/sdnc/resources/config/bin/createLinks.sh +++ b/kubernetes/sdnc/resources/config/bin/createLinks.sh @@ -4,8 +4,7 @@ # ============LICENSE_START======================================================= # ONAP : SDN-C # ================================================================================ -# Copyright (C) 2017 AT&T Intellectual Property. All rights -# reserved. +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -42,7 +41,7 @@ then if [ -d $JOURNAL_PATH ] then mv $JOURNAL_PATH/* $MDSAL_PATH/journal - rm -f $JOURNAL_PATH + rm -f $JOURNAL_PATH fi ln -s $MDSAL_PATH/journal $JOURNAL_PATH fi @@ -52,7 +51,7 @@ then if [ -d $SNAPSHOTS_PATH ] then mv $SNAPSHOTS_PATH/* $MDSAL_PATH/snapshots - rm -f $SNAPSHOTS_PATH + rm -f $SNAPSHOTS_PATH fi ln -s $MDSAL_PATH/snapshots $SNAPSHOTS_PATH fi diff --git a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh index 42abf54444..2406a48c37 100755 --- a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh +++ b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh @@ -1,12 +1,11 @@ -#!/bin/bash -{{/* +#!/bin/sh +{{/* ### # ============LICENSE_START======================================================= # ONAP : SDN-C # ================================================================================ -# Copyright (C) 2017 AT&T Intellectual Property. All rights -# reserved. +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh index 7b88055078..33c4b32146 100755 --- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh @@ -27,7 +27,7 @@ echo "Creating so user . . ." 1>/tmp/mariadb-so-user.log 2>&1 prepare_password() { - echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" } DB_PASSWORD=`prepare_password $DB_PASSWORD` diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh index 5296748c50..069556f51c 100755 --- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh @@ -27,7 +27,7 @@ echo "Creating so admin user . . ." 1>/tmp/mariadb-so-admin.log 2>&1 prepare_password() { - echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" } DB_ADMIN_PASSWORD=`prepare_password $DB_ADMIN_PASSWORD` diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml index 938a6f9d00..2417d2553c 100755 --- a/kubernetes/so/components/soHelpers/values.yaml +++ b/kubernetes/so/components/soHelpers/values.yaml @@ -34,11 +34,11 @@ certInitializer: fqdn: so fqi: so@so.onap.org public_fqdn: so.onap.org + fqi_namespace: org.onap.so cadi_longitude: '0.0' cadi_latitude: '0.0' app_ns: org.osaaf.aaf credsPath: /opt/app/osaaf/local - qi_namespace: org.onap.so aaf_add_config: | echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop diff --git a/kubernetes/so/requirements.yaml b/kubernetes/so/requirements.yaml index f2fc70c1f9..af95ab85ce 100755 --- a/kubernetes/so/requirements.yaml +++ b/kubernetes/so/requirements.yaml @@ -18,6 +18,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: certInitializer + version: ~8.x-0 + repository: '@local' - name: readinessCheck version: ~8.x-0 repository: '@local' diff --git a/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh b/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh index 3a9ef84834..5bbd187b05 100755 --- a/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh +++ b/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh @@ -22,10 +22,10 @@ fi #Start the chef-solo if mso-docker.json contains some data. if [ -s /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker.json ] then - echo "mso-docker.json has some configuration, replay the recipes." - chef-solo -c /var/berks-cookbooks/${CHEF_REPO_NAME}/solo.rb -o recipe[mso-config::apih],recipe[mso-config::bpmn],recipe[mso-config::jra] + echo "mso-docker.json has some configuration, replay the recipes." + chef-solo -c /var/berks-cookbooks/${CHEF_REPO_NAME}/solo.rb -o recipe[mso-config::apih],recipe[mso-config::bpmn],recipe[mso-config::jra] else - echo "mso-docker.json is empty, do not replay the recipes." + echo "mso-docker.json is empty, do not replay the recipes." fi JBOSS_PIDFILE=/tmp/jboss-standalone.pid diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index ca2fe07b22..064415927f 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -151,6 +151,24 @@ aaf: trustore: org.onap.so.trust.jks ################################################################# +# AAF part for Ingress +################################################################# +certInitializer: + nameOverride: so-tls-cert + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: so + fqi: so@so.onap.org + public_fqdn: so.onap.org + fqi_namespace: org.onap.so + cadi_longitude: '0.0' + cadi_latitude: '0.0' + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + ingressTlsSecret: '{{ include "common.release" . }}-so-ingress-certs' + +################################################################# # Application configuration defaults. ################################################################# @@ -263,7 +281,8 @@ ingress: name: 'so' port: 8080 config: - ssl: 'none' + tls: + secret: '{{ include "common.release" . }}-so-ingress-certs' mso: adapters: @@ -4,6 +4,7 @@ envlist = docs, docs-linkcheck, gitlint, + checkbashisms, skipsdist=true [doc8] @@ -52,7 +53,7 @@ commands = sh -c 'which checkbashisms>/dev/null || sudo yum install devscripts-minimal || sudo apt-get install devscripts \ || (echo "checkbashisms command not found - please install it (e.g. sudo apt-get install devscripts | \ yum install devscripts-minimal )" >&2 && exit 1)' - find . -not -path '*/\.*' -name *.sh -exec checkbashisms -f \{\} + + find . -not -path '*/\.*' -name *.sh -exec checkbashisms \{\} + [testenv:autopep8] deps = autopep8 |