diff options
| -rw-r--r-- | docs/oom_quickstart_guide.rst | 14 | ||||
| -rw-r--r-- | docs/release-notes.rst | 1 | ||||
| -rw-r--r-- | kubernetes/onap/resources/overrides/environment.yaml | 225 |
3 files changed, 229 insertions, 11 deletions
diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst index 3c491b4447..ed71c97f10 100644 --- a/docs/oom_quickstart_guide.rst +++ b/docs/oom_quickstart_guide.rst @@ -129,20 +129,12 @@ single command The --timeout 900 is currently required in Dublin to address long running initialization tasks for DMaaP and SO. Without this timeout value both applications may fail to deploy. - a. To deploy all ONAP applications use this command:: + To deploy all ONAP applications use this command:: > cd oom/kubernetes - > helm deploy dev local/onap --namespace onap -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/openstack.yaml --timeout 900 + > helm deploy dev local/onap --namespace onap -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900 - b. If you are using a custom override (e.g. integration-override.yaml) use this command:: - - > helm deploy dev local/onap -f /root/integration-override.yaml --namespace onap --timeout 900 - - - c. If you have a slower cloud environment you may want to use the public-cloud.yaml - which has longer delay intervals on database updates.:: - - > helm deploy dev local/onap -f /root/oom/kubernetes/onap/resources/environments/public-cloud.yaml -f /root/integration-override.yaml --namespace onap --timeout 900 + All override files may be customized (or replaced by other overrides) as per needs. **Step 9.** Commands to interact with the OOM installation diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 37d8b3f50a..dc10400dfb 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -55,6 +55,7 @@ Summary * In default deployment OOM (consul-server-ui) exposes HTTP port 30270 outside of cluster. [`OJSI-134 <https://jira.onap.org/browse/OJSI-134>`_] * Hard coded password used for all oom deployments [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_] +* CVE-2019-12127 - OOM exposes unprotected API/UI on port 30270 [`OJSI-202 <https://jira.onap.org/browse/OJSI-202>`_] *Known Vulnerabilities in Used Modules* diff --git a/kubernetes/onap/resources/overrides/environment.yaml b/kubernetes/onap/resources/overrides/environment.yaml new file mode 100644 index 0000000000..75ce8e529b --- /dev/null +++ b/kubernetes/onap/resources/overrides/environment.yaml @@ -0,0 +1,225 @@ +# Copyright © 2017,2019 Amdocs, AT&T , Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# +# These overrides will affect all helm charts (ie. applications) +# that are listed below and are 'enabled'. +# +# +# This is specifically for the environments which take time to +# deploy ONAP. This increase in timeouts prevents false restarting of +# the pods during startup configuration. +# +# These timers have been tuned by the ONAP integration team. They +# have been tested and validated in the ONAP integration lab (Intel/Windriver lab). +# They are however indicative and may be adapted to your environment as they +# depend on the performance of the infrastructure you are installing ONAP on. +# +# Please note that these timers must remain reasonable, in other words, if +# your infrastructure is not performant enough, extending the timers to very +# large value may not fix all installation issues on over subscribed hardware. +# +################################################################# +aaf: + aaf-cs: + liveness: + initialDelaySeconds: 240 + readiness: + initialDelaySeconds: 240 + aaf-gui: + liveness: + initialDelaySeconds: 120 + readiness: + initialDelaySeconds: 120 + aaf-oauth: + liveness: + initialDelaySeconds: 300 + readiness: + initialDelaySeconds: 300 + aaf-service: + liveness: + initialDelaySeconds: 300 + readiness: + initialDelaySeconds: 300 +aai: + liveness: + initialDelaySeconds: 120 + aai-champ: + liveness: + initialDelaySeconds: 120 + readiness: + initialDelaySeconds: 120 + aai-data-router: + liveness: + initialDelaySeconds: 120 + aai-sparky-be: + liveness: + initialDelaySeconds: 120 + aai-spike: + liveness: + initialDelaySeconds: 120 + aai-cassandra: + liveness: + periodSeconds: 120 + readiness: + periodSeconds: 60 +appc: + mariadb-galera: + liveness: + initialDelaySeconds: 180 + periodSeconds: 60 +cassandra: + liveness: + initialDelaySeconds: 120 + periodSeconds: 120 + readiness: + initialDelaySeconds: 120 + periodSeconds: 60 +clamp: + liveness: + initialDelaySeconds: 60 + readiness: + initialDelaySeconds: 60 +dcaegen2: + dcae-cloudify-manager: + liveness: + initialDelaySeconds: 120 + readiness: + initialDelaySeconds: 120 +dmaap: + dmaap-bus-controller: + liveness: + initialDelaySeconds: 120 + readiness: + initialDelaySeconds: 120 + message-router: + liveness: + initialDelaySeconds: 120 + readiness: + initialDelaySeconds: 120 + dmaap-dr-prov: + liveness: + initialDelaySeconds: 120 + readiness: + initialDelaySeconds: 120 + mariadb: + liveness: + initialDelaySeconds: 180 + periodSeconds: 60 + dmaap-dr-node: + liveness: + initialDelaySeconds: 120 + readiness: + initialDelaySeconds: 120 +mariadb-galera: + liveness: + initialDelaySeconds: 180 + periodSeconds: 60 + mariadb-galera-server: + liveness: + initialDelaySeconds: 120 + readiness: + initialDelaySeconds: 120 +modeling: + mariadb-galera: + liveness: + initialDelaySeconds: 180 + periodSeconds: 60 +oof: + oof-has: + music: + music-cassandra: + liveness: + periodSeconds: 120 + readiness: + periodSeconds: 60 +portal: + portal-app: + liveness: + initialDelaySeconds: 60 + readiness: + initialDelaySeconds: 60 + portal-cassandra: + liveness: + periodSeconds: 120 + readiness: + periodSeconds: 60 +sdc: + sdc-be: + liveness: + initialDelaySeconds: 120 + readiness: + initialDelaySeconds: 120 + sdc-cs: + liveness: + initialDelaySeconds: 120 + periodSeconds: 120 + readiness: + initialDelaySeconds: 120 + periodSeconds: 60 + sdc-es: + liveness: + initialDelaySeconds: 60 + readiness: + initialDelaySeconds: 120 + sdc-onboarding-be: + liveness: + initialDelaySeconds: 120 + readiness: + initialDelaySeconds: 120 +sdnc: + liveness: + initialDelaySeconds: 60 + readiness: + initialDelaySeconds: 60 + dmaap-listener: + liveness: + initialDelaySeconds: 120 + readiness: + initialDelaySeconds: 120 + mariadb-galera: + liveness: + initialDelaySeconds: 180 + periodSeconds: 60 + sdnc-ansible-server: + readiness: + initialDelaySeconds: 120 + sdnc-portal: + readiness: + initialDelaySeconds: 120 + ueb-listener: + liveness: + initialDelaySeconds: 60 + readiness: + initialDelaySeconds: 60 +so: + liveness: + initialDelaySeconds: 120 + mariadb: + liveness: + initialDelaySeconds: 900 + readiness: + initialDelaySeconds: 900 +uui: + uui-server: + liveness: + initialDelaySeconds: 120 + readiness: + initialDelaySeconds: 120 +vfc: + mariadb-galera: + liveness: + initialDelaySeconds: 180 + periodSeconds: 60 |