diff options
71 files changed, 1117 insertions, 92 deletions
diff --git a/docs/environments_onap_demo.yaml b/docs/environments_onap_demo.yaml index cbb8f01d22..9862ceab6c 100644 --- a/docs/environments_onap_demo.yaml +++ b/docs/environments_onap_demo.yaml @@ -44,6 +44,8 @@ cli: enabled: false consul: # Consul Health Check Monitoring enabled: false +cps: + enabled: false dcaegen2: enabled: false esr: diff --git a/docs/helm-search.txt b/docs/helm-search.txt index 4ec41fd6cd..774ea3490a 100644 --- a/docs/helm-search.txt +++ b/docs/helm-search.txt @@ -10,6 +10,7 @@ local/cli 7.0.0 ONAP Command Line Interface local/common 7.0.0 Common templates for inclusion in other charts local/consul 7.0.0 ONAP Consul Agent local/contrib 7.0.0 ONAP optional tools +local/cps 7.0.0 ONAP Configuration Persistene Service (CPS) local/dcaegen2 7.0.0 ONAP DCAE Gen2 local/dgbuilder 7.0.0 D.G. Builder application local/dmaap 7.0.0 ONAP DMaaP components diff --git a/kubernetes/a1policymanagement/requirements.yaml b/kubernetes/a1policymanagement/requirements.yaml index e570cb0b32..1872e91a0f 100644 --- a/kubernetes/a1policymanagement/requirements.yaml +++ b/kubernetes/a1policymanagement/requirements.yaml @@ -18,6 +18,9 @@ dependencies: - name: common version: ~7.x-0 repository: '@local' + - name: certInitializer + version: ~7.x-0 + repository: '@local' - name: repositoryGenerator version: ~7.x-0 repository: '@local'
\ No newline at end of file diff --git a/kubernetes/a1policymanagement/resources/config/application.yaml b/kubernetes/a1policymanagement/resources/config/application.yaml new file mode 100644 index 0000000000..37754ca00c --- /dev/null +++ b/kubernetes/a1policymanagement/resources/config/application.yaml @@ -0,0 +1,74 @@ +{{/* +# +# ============LICENSE_START======================================================= +# ONAP : ccsdk oran +# ================================================================================ +# Copyright (C) 2020 Nordix Foundation. All rights reserved. +# Copyright (C) 2021 Orange. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +# +*/}} +spring: + profiles: + active: prod + main: + allow-bean-definition-overriding: true + aop: + auto: false +management: + endpoints: + web: + exposure: + # Enabling of springboot actuator features. See springboot documentation. + include: "loggers,logfile,health,info,metrics,threaddump,heapdump" + +logging: + # Configuration of logging + level: + ROOT: DEBUG + org.springframework: DEBUG + org.springframework.data: DEBUG + org.springframework.web.reactive.function.client.ExchangeFunctions: DEBUG + org.onap.ccsdk.oran.a1policymanagementservice: DEBUG + file: + name: /var/log/policy-agent/application.log +server: + # Configuration of the HTTP/REST server. The parameters are defined and handeled by the springboot framework. + # See springboot documentation. + port: 8433 + http-port: 8081 + ssl: + key-store-type: PKCS12 + key-store-password: ${KEYSTORE_PASSWORD} + key-store: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 + key-password: ${KEYSTORE_PASSWORD} + key-alias: {{ .Values.certInitializer.fqi }} +app: + # Location of the component configuration file. The file will only be used if the Consul database is not used; + # configuration from the Consul will override the file. + filepath: /opt/app/policy-agent/data/application_configuration.json + webclient: + # Configuration of the trust store used for the HTTP client (outgoing requests) + # The file location and the password for the truststore is only relevant if trust-store-used == true + # Note that the same keystore as for the server is used. + trust-store-used: false + trust-store-password: ${TRUSTSORE_PASSWORD} + trust-store: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks + # Configuration of usage of HTTP Proxy for the southbound accesses. + # The HTTP proxy (if configured) will only be used for accessing NearRT RIC:s + http.proxy-host: + http.proxy-port: 0 diff --git a/kubernetes/a1policymanagement/templates/deployment.yaml b/kubernetes/a1policymanagement/templates/deployment.yaml index ce2e2732e6..43431f0a35 100644 --- a/kubernetes/a1policymanagement/templates/deployment.yaml +++ b/kubernetes/a1policymanagement/templates/deployment.yaml @@ -27,7 +27,7 @@ spec: metadata: labels: {{- include "common.labels" . | nindent 8 }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-bootstrap-config image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -35,13 +35,22 @@ spec: - sh args: - -c - - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; chmod o+w /config/${PFILE}; done" + - | + export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop\ + | xargs -0) + cd /config-input + for PFILE in `ls -1` + do + envsubst <${PFILE} >/config/${PFILE} + chmod o+w /config/${PFILE} + done + cat /config/application.yaml env: - name: A1CONTROLLER_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }} - name: A1CONTROLLER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /config-input name: {{ include "common.fullname" . }}-policy-conf-input - mountPath: /config @@ -86,11 +95,15 @@ spec: scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + - name: config + mountPath: /opt/app/policy-agent/data/application_configuration.json + subPath: application_configuration.json - name: config - mountPath: /opt/app/policy-agent/data + mountPath: /opt/app/policy-agent/config/application.yaml + subPath: application.yaml resources: {{ include "common.resources" . | nindent 10 }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-policy-conf-input configMap: name: {{ include "common.fullname" . }}-policy-conf diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml index a1602c569c..e118b35cfd 100644 --- a/kubernetes/a1policymanagement/values.yaml +++ b/kubernetes/a1policymanagement/values.yaml @@ -29,6 +29,44 @@ secrets: password: '{{ .Values.a1controller.password }}' passwordPolicy: required +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: a1p-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: a1p + fqi: a1p@a1p.onap.org + public_fqdn: a1p.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + fqi_namespace: org.onap.a1p + aaf_add_config: | + echo "*** changing them into shell safe ones" + export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** set key password as same password as keystore password" + keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \ + -keystore {{ .Values.fqi_namespace }}.p12 \ + -keypass "${cadi_keystore_password_p12}" \ + -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }} + echo "*** save the generated passwords" + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop + echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R 1000 . + image: onap/ccsdk-oran-a1policymanagementservice:1.0.1 userID: 1000 #Should match with image-defined user ID groupID: 999 #Should match with image-defined group ID diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat index 88f2ffcd1b..8f182033ec 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat @@ -1,6 +1,7 @@ +a1p@a1p.onap.org|a1p|local|/opt/app/osaaf/local||mailto:|org.onap.a1p|root|30|{'a1policymanagement.onap', 'a1policymanagement', 'a1policymanagement.api.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'pkcs12'} aaf@aaf.osaaf.org|aaf-hello|local|/opt/app/osaaf/local||mailto:|org.osaaf.aaf|root|30|{'aaf-hello', 'aaf-hello.api.simpledemo.onap.org', 'aaf-hello.onap', 'aaf.osaaf.org'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} aaf@aaf.osaaf.org|aaf|local|/opt/app/osaaf/local||mailto:|org.osaaf.aaf|root|30|{'aaf', 'aaf.api.simpledemo.onap.org', 'aaf.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'} -aaf-sms@aaf-sms.onap.org|aaf-sms|local|/opt/app/osaaf/local||mailto:|org.onap.aaf-sms|root|30|{'aaf-sms-db.onap', 'aaf-sms.api.simpledemo.onap.org', 'aaf-sms.onap', 'aaf-sms.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file'} +aaf-sms@aaf-sms.onap.org|aaf-sms|local|/opt/app/osaaf/local||mailto:|org.onap.aaf-sms|root|30|{'aaf-sms-db.onap', 'aaf-sms.api.simpledemo.onap.org', 'aaf-sms.onap', 'aaf-sms.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12', 'file'} aai@aai.onap.org|aai1|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12'} aai@aai.onap.org|aai2|aaf|/Users/jf2512||mailto:|org.onap.aai|jf2512|60|{'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.onap aai-sparky-be.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org aai1.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} aai@aai.onap.org|aai|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|60|{'aai-search-data.onap', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'} @@ -46,7 +47,7 @@ policy@policy.onap.org|policy|local|/opt/app/osaaf/local||mailto:|org.onap.polic policy@policy.onap.org|policy_onap|local|/opt/app/osaaf/local||mailto:|org.onap.policy|root|30|{'*.pdp', '*.pdp.onap.svc.cluster.local', 'brmsgw', 'brmsgw.onap', 'drools', 'drools.onap', 'pap', 'pap.onap', 'pdp', 'pdp.onap', 'policy', 'policy-apex-pdp', 'policy-apex-pdp.onap', 'policy-distribution', 'policy-distribution.onap', 'policy.api.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12'} pomba@pomba.onap.org|onap.pomba|local|/opt/app/osaaf/local||mailto:|org.onap.pomba|root|30|{'onap.pomba', 'onap_pomba', 'pomba', 'pomba.api.simpledemo.onap.org', 'pomba.onap', 'pomba_onap'}|aaf_admin@osaaf.org|{'jks', 'pkcs12', 'script'} portal@portal.onap.org|portal|local|/opt/app/osaaf/local||mailto:|org.onap.portal|root|30|{'onap.portal', 'onap_portal', 'portal', 'portal-app', 'portal.api.simpledemo.onap.org', 'portal.onap', 'portal_onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'} -sdc@sdc.onap.org|sdc-fe.onap|local|/opt/app/osaaf/local||mailto:|org.onap.sdc|root|30|{'sdc-fe.onap', 'sdc.api.simpledemo.onap.org', 'sdc.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'script'} +sdc@sdc.onap.org|sdc-fe.onap|local|/opt/app/osaaf/local||mailto:|org.onap.sdc|root|30|{'sdc-fe.onap', 'sdc.api.simpledemo.onap.org', 'sdc.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} sdc@sdc.onap.org|sdc|local|/opt/app/osaaf/local||mailto:|org.onap.sdc|root|60|{'*.onap', '*.onap.org', 'sdc', 'sdc-be.onap', 'sdc-dcae-be.onap', 'sdc-dcae-dt.onap', 'sdc-dcae-fe.onap', 'sdc-dcae-tosca-lab.onap', 'sdc-es.onap', 'sdc-fe.onap', 'sdc-kb.onap', 'sdc-onap.org', 'sdc-onboarding-be.onap', 'sdc-wfd-be.onap', 'sdc-wfd-fe.onap', 'sdc.api.fe.simpledemo.onap.org', 'sdc.api.simpledemo.onap.org', 'sdc.dcae.plugin.simpledemo.onap.org', 'sdc.workflow.plugin.simpledemo.onap.org', 'webseal.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} sdc@sdc.onap.org|sdc.onap|local|/opt/app/osaaf/local||mailto:|org.onap.sdc|root|60|{'*.onap', '*.onap.org', 'sdc', 'sdc-be.onap', 'sdc-dcae-be.onap', 'sdc-dcae-dt.onap', 'sdc-dcae-fe.onap', 'sdc-dcae-tosca-lab.onap', 'sdc-es.onap', 'sdc-fe.onap', 'sdc-kb.onap', 'sdc-onap.org', 'sdc-onboarding-be.onap', 'sdc-wfd-be.onap', 'sdc-wfd-fe.onap', 'sdc.api.fe.simpledemo.onap.org', 'sdc.api.simpledemo.onap.org', 'sdc.dcae.plugin.simpledemo.onap.org', 'sdc.workflow.plugin.simpledemo.onap.org', 'webseal.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} sdnc-cds@sdnc-cds.onap.org|sdnc-cds|local|/opt/app/osaaf/local||mailto:|org.onap.sdnc-cds|root|30|{'c1.vm1.sdnc-cds.simpledemo.onap', 'c2.vm1.sdnc-cds.simpledemo.onap', 'c3.vm1.sdnc-cds.simpledemo.onap', 'c4.vm1.sdnc-cds.simpledemo.onap', 'onap-sdnc-cds', 'onap-sdnc-cds.onap', 'sdnc-cds', 'sdnc-cds.api.simpledemo.onap.org', 'sdnc-cds.onap', 'vm1.sdnc-cds.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'pkcs12', 'script'} @@ -57,8 +58,8 @@ so@so.onap.org|aai-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|roo so@so.onap.org|bpmn-infra|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'bpmn-infra', 'bpmn-infra.onap'}|mmanager@osaaf.org|{'pkcs12'} so@so.onap.org|sdc-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'localhost', 'sdc-simulator'}|aaf_admin@osaaf.org|{'pkcs12'} so@so.onap.org|sdnc-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'localhost', 'sdnc-simulator'}|aaf_admin@osaaf.org|{'pkcs12'} -so@so.onap.org|so-apih|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30|{'mso-asdc-controller-svc', 'mso-bpmn-infra-svc', 'mso-catalog-db-adapter-svc', 'mso-openstack-adapter-svc', 'mso-request-db-adapter-svc', 'mso-sdnc-adapter-svc'}|mmanager@osaaf.org|{'file', 'jks', 'script'} -so@so.onap.org|so-client|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30||mmanager@osaaf.org|{'file', 'jks', 'script'} +so@so.onap.org|so-apih|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30|{'mso-asdc-controller-svc', 'mso-bpmn-infra-svc', 'mso-catalog-db-adapter-svc', 'mso-openstack-adapter-svc', 'mso-request-db-adapter-svc', 'mso-sdnc-adapter-svc'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} +so@so.onap.org|so-client|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30||mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} so@so.onap.org|so|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so.api.simpledemo.onap.org', 'so.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'} so@so.onap.org|so-vnfm-adapter|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so-vnfm-adapter', 'so-vnfm-adapter.onap'}|aaf_admin@osaaf.org|{'pkcs12'} so@so.onap.org|so-vnfm-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so-vnfm-simulator', 'so-vnfm-simulator.onap'}|aaf_admin@osaaf.org|{'pkcs12'} diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat index 5d3cff012d..bcbffdc3fa 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat @@ -1,5 +1,6 @@ portal@portal.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.portal|53344|| shi@shi.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.shi|53344|| +a1p@a1p.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.a1p|53344|| aaf@aaf.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.aaf|53344|| aaf-sms@aaf-sms.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aaf-sms|53344|| clamp@clamp.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.clamp|53344|| diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat index 4b303a14d1..7c5ee26f05 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat @@ -1,3 +1,4 @@ +org.onap.a1p||org.onap||3 org.onap.aaf-sms||org.onap||3 org.onap.aai||org.onap||3 org.onap.aai-resources||org.onap||3 diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat index ad641292d4..281133bc3d 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat @@ -1,6 +1,9 @@ org|access|*|*|Org Write Access|{'org.admin'} org|access|*|read,approve|Org Read Access|{'org.owner'} org|access|*|read|Org Read Access|{'org.owner'} +org.onap.a1p|access|*|*|AAF Namespace Write Access|"{'org.onap.a1p|admin', 'org.onap.a1p|service'}" +org.onap.a1p|access|*|read|AAF Namespace Read Access|"{'org.onap.a1p|owner'}" +org.onap.a1p|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}" org.onap.aaf-sms|access|*|*|AAF Namespace Write Access|"{'org.onap.aaf-sms|admin'}" org.onap.aaf-sms|access|*|read|AAF Namespace Read Access|"{'org.onap.aaf-sms|owner'}" org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}" diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat index 0937ab61ed..87a22747f8 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat @@ -1,4 +1,7 @@ org|admin|Org Admins|"{'org.access|*|*'}" +org.onap.a1p|admin|AAF Namespace Administrators|"{'org.onap.a1p|access|*|*'}" +org.onap.a1p|owner|AAF Namespace Owners|"{'org.onap.a1p|access|*|read'}" +org.onap.a1p|service||"{'org.onap.a1p|access|*|*'}" org.onap.aaf-sms|admin|AAF Namespace Administrators|"{'org.onap.aaf-sms|access|*|*'}" org.onap.aaf-sms|owner|AAF Namespace Owners|"{'org.onap.aaf-sms|access|*|read'}" org.onap.aaf-sms|service||"{'org.onap.aaf-sms|access|*|read'}" @@ -320,7 +323,7 @@ org.openecomp.dmaapBC|admin|AAF Admins|"{'org.openecomp.dmaapBC.access|*|*', 'or org.openecomp.dmaapBC|owner|AAF Owners|"{'org.openecomp.dmaapBC.access|*|read'}" org.openecomp|owner|OpenEcomp Owners|"{'org.openecomp.access|*|read'}" org.osaaf.aaf|admin|AAF Admins|"{'org.osaaf.aaf.access|*|*', 'org.osaaf.aaf|cache|all|clear', 'org.osaaf.aaf|cache|role|clear', 'org.osaaf.aaf|password|*|create,reset'}" -org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}" +org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.a1p|certman|local|request,ignoreIPs,showpass', 'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}" org.osaaf.aaf|owner|AAF Owners|"{'org.osaaf.aaf.access|*|read,approve'}" org.osaaf.aaf|service||"{'org.osaaf.aaf|cache|*|clear'}" org.osaaf|admin|OSAAF Admins|"{'org.osaaf.access|*|*'}" diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat index 20f7bddbaa..b849f8cc26 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat @@ -1,3 +1,5 @@ +mmanager@people.osaaf.org|org.onap.a1p.admin|2020-11-26 12:31:54.000+0000|org.onap.a1p|admin +mmanager@people.osaaf.org|org.onap.a1p.owner|2020-11-26 12:31:54.000+0000|org.onap.a1p|owner mmanager@people.osaaf.org|org.onap.aaf-sms.admin|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|admin mmanager@people.osaaf.org|org.onap.aaf-sms.owner|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|owner mmanager@people.osaaf.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin @@ -192,6 +194,7 @@ op0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-11-26 12:31:54.000+0000|org.ona gv0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-11-26 12:31:54.000+0000|org.onap.sdc|TESTOR pm0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-11-26 12:31:54.000+0000|org.onap.sdc|TESTOR ps0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-11-26 12:31:54.000+0000|org.onap.sdc|TESTOR +aaf_admin@people.osaaf.org|org.onap.a1p.admin|2020-11-26 12:31:54.000+0000|org.onap.a1p|admin aaf_admin@people.osaaf.org|org.onap.aaf-sms.admin|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|admin aaf_admin@people.osaaf.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin aaf_admin@people.osaaf.org|org.onap.aai-resources.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|admin @@ -255,6 +258,7 @@ aaf@aaf.osaaf.org|org.osaaf.aaf.admin|2020-11-26 12:31:54.000+0000|org.osaaf.aaf aaf@aaf.osaaf.org|org.osaaf.aaf.service|2020-11-26 12:31:54.000+0000|org.osaaf.aaf|service aaf@aaf.osaaf.org|org.osaaf.people.admin|2020-11-26 12:31:54.000+0000|org.osaaf.people|admin osaaf@aaf.osaaf.org|org.osaaf.aaf.admin|2020-11-26 12:31:54.000+0000|org.osaaf.aaf|admin +a1p@a1p.onap.org|org.onap.a1p.service|2020-11-26 12:31:54.000+0000|org.onap.a1p|service aaf-sms@aaf-sms.onap.org|org.onap.aaf-sms.service|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|service aai@aai.onap.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin aai@aai.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all diff --git a/kubernetes/aaf/resources/data/identities.dat b/kubernetes/aaf/resources/data/identities.dat index 0cc492b003..1b3f15d1a2 100644 --- a/kubernetes/aaf/resources/data/identities.dat +++ b/kubernetes/aaf/resources/data/identities.dat @@ -48,6 +48,7 @@ deployer|Deployer|Deployer|Depoyer|314-123-1234|deployer@people.osaaf.com|e|aaf_ portal_admin|Portal Admin|Portal|Admin|314-123-1234|portal_admin@people.osaaf.com|e|mmanager # ONAP App IDs +a1p|A1 Policy Mangement|A1P|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin aaf|AAF Application|AAF|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin aaf-sms|AAF SMS Application|AAF SMS|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin clamp|ONAP CLAMP Application|CLAMP|Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index 533826eb2c..63c668fb9e 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -118,7 +118,7 @@ global: # global defaults # application image -image: onap/aai-graphadmin:1.7.1 +image: onap/aai-graphadmin:1.8.0 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index ade5935808..37af7a7142 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -154,7 +154,7 @@ certInitializer: truststoreAllPassword: changeit # application image -image: onap/aai-resources:1.7.2 +image: onap/aai-resources:1.8.2 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index 5fe5b13d80..50bd6c38b8 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -74,7 +74,7 @@ global: # global defaults - aai_keystore # application image -image: onap/aai-schema-service:1.8.5 +image: onap/aai-schema-service:1.8.6 pullPolicy: Always restartPolicy: Always flavorOverride: small diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index 69222db8d8..1e3a9629f6 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -140,7 +140,7 @@ certInitializer: truststoreAllPassword: changeit # application image -image: onap/aai-traversal:1.7.2 +image: onap/aai-traversal:1.8.0 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml index 85b18388b4..c521fb8c84 100644 --- a/kubernetes/cli/values.yaml +++ b/kubernetes/cli/values.yaml @@ -68,7 +68,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/cli:6.0.0 +image: onap/cli:6.0.1 pullPolicy: Always flavor: small diff --git a/kubernetes/common/certInitializer/resources/retrieval_check.sh b/kubernetes/common/certInitializer/resources/retrieval_check.sh new file mode 100644 index 0000000000..f3af14b17a --- /dev/null +++ b/kubernetes/common/certInitializer/resources/retrieval_check.sh @@ -0,0 +1,26 @@ +{{/* +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +#!/bin/sh + +echo "*** retrieving passwords for certificates" +export $(/opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0) +if [ -z "${{ .Values.envVarToCheck }}" ] +then + echo " /!\ certificates retrieval failed" + exit 1 +fi +echo "*** password retrieval succeeded" diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index 5a8e84cd8c..414192e2bc 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -55,6 +55,9 @@ - mountPath: /opt/app/aaf_config/cert/truststoreONAP.p12.b64 name: aaf-agent-certs subPath: truststoreONAP.p12.b64 + - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} + mountPath: /opt/app/aaf_config/bin/retrieval_check.sh + subPath: retrieval_check.sh {{- if $initRoot.aaf_add_config }} - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh @@ -64,8 +67,8 @@ - sh - -c - | - #!/usr/bin/env bash /opt/app/aaf_config/bin/agent.sh + . /opt/app/aaf_config/bin/retrieval_check.sh {{- if $initRoot.aaf_add_config }} /opt/app/aaf_config/bin/aaf-add-config.sh {{- end }} @@ -174,13 +177,10 @@ configMap: name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }} defaultMode: 0700 - -{{- if $initRoot.aaf_add_config }} - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} configMap: name: {{ include "common.fullname" $subchartDot }}-add-config defaultMode: 0700 -{{- end -}} {{- if $dot.Values.global.importCustomCertsEnabled }} - name: updated-truststore emptyDir: {} diff --git a/kubernetes/common/certInitializer/templates/configmap.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml index 7eae899cc1..1e9254abef 100644 --- a/kubernetes/common/certInitializer/templates/configmap.yaml +++ b/kubernetes/common/certInitializer/templates/configmap.yaml @@ -14,12 +14,13 @@ # limitations under the License. */}} -{{ if .Values.aaf_add_config }} apiVersion: v1 kind: ConfigMap {{- $suffix := "add-config" }} metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} data: +{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} +{{ if .Values.aaf_add_config }} aaf-add-config.sh: | {{ tpl .Values.aaf_add_config . | indent 4 | trim }} {{- end }} diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml index e7a0a3f02e..52b2765329 100644 --- a/kubernetes/common/certInitializer/values.yaml +++ b/kubernetes/common/certInitializer/values.yaml @@ -54,6 +54,7 @@ importCustomCertsEnabled: false truststoreMountpath: "" truststoreOutputFileName: truststore.jks truststorePassword: changeit +envVarToCheck: cadi_keystore_password_p12 # This introduces implicit dependency on cert-wrapper # if you are using cert initializer cert-wrapper has to be also deployed. diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl index de2548562d..b38a7f1105 100644 --- a/kubernetes/common/common/templates/_pod.tpl +++ b/kubernetes/common/common/templates/_pod.tpl @@ -36,13 +36,13 @@ {{- $global := . }} {{- range $index, $port := $ports }} {{- if (include "common.needTLS" $global) }} -- containerPort: {{ $port.port }} +- containerPort: {{ default $port.port $port.internal_port }} {{- else }} -- containerPort: {{ default $port.port $port.plain_port }} +- containerPort: {{ default (default $port.port $port.internal_port) (default $port.plain_port $port.internal_plain_port) }} {{- end }} name: {{ $port.name }} {{- if (and $port.plain_port (and (include "common.needTLS" $global) $both_tls_and_plain)) }} -- containerPort: {{ $port.plain_port }} +- containerPort: {{ default $port.plain_port $port.internal_plain_port }} name: {{ $port.name }}-plain {{- end }} {{- end }} @@ -67,4 +67,3 @@ securityContext: privileged: false allowPrivilegeEscalation: false {{- end }} - diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index e39b8c4ca2..a343d4fce5 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -184,7 +184,7 @@ spec: fi cat /var/run/etcd/new_member_envs - source /var/run/etcd/new_member_envs + . /var/run/etcd/new_member_envs collect_member & diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml index f815847f06..07bb5c4eac 100644 --- a/kubernetes/common/postgres/values.yaml +++ b/kubernetes/common/postgres/values.yaml @@ -41,6 +41,9 @@ secrets: # Application configuration defaults. ################################################################# +# bitnami image doesn't support well single quote in password +passwordStrengthOverride: basic + pullPolicy: Always # application configuration diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl index 95de6ec29f..71201a1cc6 100644 --- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl +++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl @@ -67,6 +67,9 @@ - name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $namePart) (empty $namePart) }}-readiness image: {{ include "repositoryGenerator.image.readiness" $subchartDot }} imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} + securityContext: + runAsUser: {{ $subchartDot.Values.user }} + runAsGroup: {{ $subchartDot.Values.group }} command: - /app/ready.py args: diff --git a/kubernetes/common/readinessCheck/values.yaml b/kubernetes/common/readinessCheck/values.yaml index b15b1c2af3..128c5057cc 100644 --- a/kubernetes/common/readinessCheck/values.yaml +++ b/kubernetes/common/readinessCheck/values.yaml @@ -15,6 +15,9 @@ global: pullPolicy: Always +user: 100 +group: 65533 + limits: cpu: 100m memory: 100Mi diff --git a/kubernetes/cps/.helmignore b/kubernetes/cps/.helmignore new file mode 100644 index 0000000000..80b47d2723 --- /dev/null +++ b/kubernetes/cps/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +components/
\ No newline at end of file diff --git a/kubernetes/cps/Chart.yaml b/kubernetes/cps/Chart.yaml new file mode 100644 index 0000000000..c723baecc6 --- /dev/null +++ b/kubernetes/cps/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright (C) 2021 Pantheon.tech +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Configuration Persistance Service (CPS) +name: cps +version: 7.0.0 diff --git a/kubernetes/cps/README.md b/kubernetes/cps/README.md new file mode 100644 index 0000000000..4b578c41c2 --- /dev/null +++ b/kubernetes/cps/README.md @@ -0,0 +1,22 @@ +# ============LICENSE_START========================================== +# =================================================================== +# Copyright (C) 2021 Pantheon.tech +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#============LICENSE_END============================================ + +# Helm Chart for CPS Applications + +ONAP Configuration Persistence Service (CPS) includes the following Kubernetes services: + +1) Cps and xNF - Configuration Persistence Service together with Nf Configuration Persistence Service
\ No newline at end of file diff --git a/kubernetes/cps/requirements.yaml b/kubernetes/cps/requirements.yaml new file mode 100644 index 0000000000..ce06a4df3b --- /dev/null +++ b/kubernetes/cps/requirements.yaml @@ -0,0 +1,30 @@ +# Copyright (C) 2021 Pantheon.tech, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~7.x-0 + repository: '@local' + - name: postgres + version: ~7.x-0 + repository: '@local' + - name: readinessCheck + version: ~7.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local' + - name: serviceAccount + version: ~7.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/cps/resources/config/application.yml b/kubernetes/cps/resources/config/application.yml new file mode 100644 index 0000000000..983a75444b --- /dev/null +++ b/kubernetes/cps/resources/config/application.yml @@ -0,0 +1,68 @@ +{{/* + # Copyright (C) 2021 Pantheon.tech + # Modifications Copyright (C) 2020 Bell Canada. All rights reserved. + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. +*/}} +--- +server: + port: 8080 + +rest: + api: + cps-base-path: /cps/api + xnf-base-path: /cps-nf-proxy/api + +spring: + main: + banner-mode: "off" + jpa: + ddl-auto: create + open-in-view: false + properties: + hibernate: + enable_lazy_load_no_trans: true + dialect: org.hibernate.dialect.PostgreSQLDialect + + datasource: + url: jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }} + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driverClassName: org.postgresql.Driver + initialization-mode: always + + cache: + type: caffeine + cache-names: yangSchema + caffeine: + spec: maximumSize=10000,expireAfterAccess=10m +# Actuator +management: + endpoints: + web: + base-path: /manage + exposure: + include: info,health,loggers + endpoint: + health: + show-details: always + # kubernetes probes: liveness and readiness + probes: + enabled: true + loggers: + enabled: true + +logging: + level: + org: + springframework: {{ .Values.logging.level }} diff --git a/kubernetes/cps/resources/config/logback.xml b/kubernetes/cps/resources/config/logback.xml new file mode 100644 index 0000000000..56ffc88220 --- /dev/null +++ b/kubernetes/cps/resources/config/logback.xml @@ -0,0 +1,34 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2020 Bell Canada. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>%d - %highlight(%-5level) [%-20.20thread] %cyan(%logger{36}) - %msg%n</pattern> + </encoder> + </appender> + <appender name="AsyncSysOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <root level="INFO"> + <appender-ref ref="AsyncSysOut" /> + </root> + +</configuration> + diff --git a/kubernetes/cps/templates/NOTES.txt b/kubernetes/cps/templates/NOTES.txt new file mode 100644 index 0000000000..09d22dfa7c --- /dev/null +++ b/kubernetes/cps/templates/NOTES.txt @@ -0,0 +1,35 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + export SERVICE_PORT=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.spec.ports[0].port}') + echo http://$SERVICE_IP:$SERVICE_PORT +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export POD_PORT=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:$POD_PORT +{{- end }} diff --git a/kubernetes/cps/templates/configmap.yaml b/kubernetes/cps/templates/configmap.yaml new file mode 100644 index 0000000000..eeb057cbd8 --- /dev/null +++ b/kubernetes/cps/templates/configmap.yaml @@ -0,0 +1,20 @@ +{{/* +# Copyright (C) 2021 Pantheon.tech +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | nindent 2 }} diff --git a/kubernetes/cps/templates/deployment.yaml b/kubernetes/cps/templates/deployment.yaml new file mode 100644 index 0000000000..e15ae7103f --- /dev/null +++ b/kubernetes/cps/templates/deployment.yaml @@ -0,0 +1,96 @@ +{{/* +# Copyright (C) 2021 Pantheon.tech, Orange +# Modifications Copyright (C) 2020 Bell Canada. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + {{ include "common.podSecurityContext" . | indent 6 | trim}} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }} + initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }} + - name: {{ include "common.name" . }}-update-config + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: DB_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }} + volumeMounts: + - mountPath: /config-input + name: init-data-input + - mountPath: /config + name: init-data + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 10 }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + httpGet: + port: {{ .Values.liveness.port }} + path: {{ .Values.liveness.path }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + httpGet: + port: {{ .Values.readiness.port }} + path: {{ .Values.readiness.path }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: {{ include "common.resources" . | nindent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /app/resources/application.yml + subPath: application.yml + name: init-data + - mountPath: /app/resources/logback.xml + subPath: logback.xml + name: init-data + - mountPath: /tmp + name: init-temp + volumes: + - name: init-data-input + configMap: + name: {{ include "common.fullname" . }} + - name: init-data + emptyDir: + medium: Memory + - name: init-temp + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file diff --git a/kubernetes/cps/templates/ingress.yaml b/kubernetes/cps/templates/ingress.yaml new file mode 100644 index 0000000000..16f9440aba --- /dev/null +++ b/kubernetes/cps/templates/ingress.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright (C) 2021 Pantheon.tech +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.ingress" . }} diff --git a/kubernetes/cps/templates/secrets.yaml b/kubernetes/cps/templates/secrets.yaml new file mode 100644 index 0000000000..f25044d339 --- /dev/null +++ b/kubernetes/cps/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright (C) 2021 Pantheon.tech +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/cps/templates/service.yaml b/kubernetes/cps/templates/service.yaml new file mode 100644 index 0000000000..bfcaabc178 --- /dev/null +++ b/kubernetes/cps/templates/service.yaml @@ -0,0 +1,17 @@ +{{/* + # Copyright (C) 2021 Pantheon.tech, Orange + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + */}} + +{{ include "common.service" . }} diff --git a/kubernetes/cps/values.yaml b/kubernetes/cps/values.yaml new file mode 100644 index 0000000000..ee797a5f04 --- /dev/null +++ b/kubernetes/cps/values.yaml @@ -0,0 +1,143 @@ +# Copyright (C) 2021 Pantheon.tech, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Secrets. +################################################################# +secrets: + - uid: pg-root-pass + name: &pgRootPassSecretName '{{ include "common.release" . }}-cps-pg-root-pass' + type: password + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "cps-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' + password: '{{ .Values.postgres.config.pgRootpassword }}' + policy: generate + - uid: pg-user-creds + name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-pg-user-creds' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "cps-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' + login: '{{ .Values.postgres.config.pgUserName }}' + password: '{{ .Values.postgres.config.pgUserPassword }}' + passwordPolicy: generate + +################################################################# +# Global configuration defaults. +################################################################# + +# bitnami image doesn't support well single quote in password +passwordStrengthOverride: basic +global: + ingress: + virtualhost: + baseurl: "simpledemo.onap.org" + +image: onap/cps-and-nf-proxy:0.0.1 +containerPort: &svc_port 8080 + +service: + type: ClusterIP + name: cps + ports: + - name: &port http + port: *svc_port + +pullPolicy: Always +# flag to enable debugging - application support required +debugEnabled: false +nodeSelector: {} +affinity: {} +# Resource Limit flavor -By Default using small +flavor: small +# default number of instances +replicaCount: 1 +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 4Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 20 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + path: /manage/health + port: *port + +readiness: + initialDelaySeconds: 15 + periodSeconds: 15 + path: /manage/health + port: *port + +ingress: + enabled: true + service: + - baseaddr: "cps" + path: "/" + name: "cps" + port: *svc_port + +serviceAccount: + nameOverride: cps + roles: + - read + +securityContext: + user_id: 100 + group_id: 655533 + +################################################################# +# Application configuration defaults. +################################################################# +logging: + level: INFO + path: /tmp +################################################################# +# Postgres overriding defaults in the postgres +################################################################# +postgres: + nameOverride: &postgresName cps-postgres + service: + name: *postgresName + name2: cps-pg-primary + name3: cps-pg-replica + container: + name: + primary: cps-pg-primary + replica: cps-pg-replica + persistence: + mountSubPath: cps/data + mountInitPath: cps + config: + pgUserName: cps + pgDatabase: cpsdb + pgUserExternalSecret: *pgUserCredsSecretName + pgRootPasswordExternalSecret: *pgRootPassSecretName + +readinessCheck: + wait_for: + - cps-postgres
\ No newline at end of file diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 6412bf8ac4..458ec101dc 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -104,7 +104,7 @@ mongo: disableNfsProvisioner: true # application image -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.0 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.2 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json index c967774cb9..6018abe309 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json @@ -3,7 +3,7 @@ #================================================================================= # Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada -# Modifications (c) 2020 Nokia. All rights reserved. +# Modifications (c) 2020-2021 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -55,5 +55,9 @@ }, "cert_post_processor": { "image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}" + }, + "cmpv2_issuer": { + "enabled": "{{ .Values.global.CMPv2CertManagerIntegration }}", + "name": "{{ .Values.cmpv2issuer.name }}" } } diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index 9022f60b80..312eaa47fb 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -28,6 +28,11 @@ global: repositoryCred: user: docker password: docker + # Enabling CMPv2 with CertManager + CMPv2CertManagerIntegration: false + +cmpv2issuer: + name: cmpv2-issuer-onap secrets: - uid: 'cm-pass' @@ -50,7 +55,7 @@ config: # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.deployments.cm-container:4.3.1 +image: onap/org.onap.dcaegen2.deployments.cm-container:4.4.0 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/Chart.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/Chart.yaml new file mode 100644 index 0000000000..1ba7695a30 --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/Chart.yaml @@ -0,0 +1,21 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 Nokia. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP DCAE VES OpenApi Manager +name: dcae-ves-openapi-manager +version: 7.0.0 diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml new file mode 100644 index 0000000000..628b6d54cd --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml @@ -0,0 +1,26 @@ +#============LICENSE_START======================================================== +# Copyright (c) 2021 Nokia. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~7.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local' + - name: readinessCheck + version: ~7.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml new file mode 100644 index 0000000000..b244d91ff5 --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml @@ -0,0 +1,65 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 Nokia. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: 1 + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {{ include "common.resources" . | nindent 12 }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + httpGet: + path: {{ .Values.liveness.path }} + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + env: + - name: ASDC_ADDRESS + value: {{ .Values.externalServices.sdc_be_https }} + - name: SCHEMA_MAP_PATH + value: {{ .Values.schemaMap.directory }}/{{ .Values.schemaMap.filename }} + volumeMounts: + - name: schema-map + mountPath: {{ .Values.schemaMap.directory }}/{{ .Values.schemaMap.filename }} + subPath: {{ .Values.schemaMap.filename }} + volumes: + - name: schema-map + configMap: + name: dcae-external-repo-configmap-schema-map + defaultMode: 0755 + items: + - key: {{ .Values.schemaMap.filename }} + path: {{ .Values.schemaMap.filename }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml new file mode 100644 index 0000000000..66978bdc0f --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml @@ -0,0 +1,67 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2021 Nokia. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +# Global values +global: + pullPolicy: Always +image: onap/org.onap.dcaegen2.platform.ves-openapi-manager:1.0.1 +containerPort: &svc_port 8080 + +service: + ports: + - name: &port http + port: *svc_port + +externalServices: + sdc_be_https: "sdc-be:8443" + +schemaMap: + filename: "schema-map.json" + directory: "/app" + +liveness: + initialDelaySeconds: 30 + periodSeconds: 30 + path: /health + port: *port + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + # liveness not desirable for Cloudify Manager container + enabled: true + +readinessCheck: + wait_for: + - message-router + - sdc-be + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 1 + memory: 512Mi + large: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + unlimited: {}
\ No newline at end of file diff --git a/kubernetes/dcaegen2/requirements.yaml b/kubernetes/dcaegen2/requirements.yaml index bbdcb4815c..eaf9549af5 100644 --- a/kubernetes/dcaegen2/requirements.yaml +++ b/kubernetes/dcaegen2/requirements.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# Modifications Copyright © 2021 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -52,4 +53,7 @@ dependencies: version: ~7.x-0 repository: 'file://components/dcae-dashboard' condition: dcae-dashboard.enabled - + - name: dcae-ves-openapi-manager + version: ~7.x-0 + repository: 'file://components/dcae-ves-openapi-manager' + condition: dcae-ves-openapi-manager.enabled diff --git a/kubernetes/dcaegen2/resources/expected-components.json b/kubernetes/dcaegen2/resources/expected-components.json index d89203b070..6b3a221661 100644 --- a/kubernetes/dcaegen2/resources/expected-components.json +++ b/kubernetes/dcaegen2/resources/expected-components.json @@ -1,6 +1,6 @@ [ {{- $ctx := . }} -{{- $components := tuple "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-servicechange-handler" }} +{{- $components := tuple "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-servicechange-handler" "dcae-ves-openapi-manager" }} {{- range $i, $v := $components }} {{- if index $ctx.Values . "enabled" }} {{- if $i }},{{ end }} diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml index 232f8b45d5..340c159a2f 100644 --- a/kubernetes/dcaegen2/values.yaml +++ b/kubernetes/dcaegen2/values.yaml @@ -1,6 +1,7 @@ # Copyright © 2018 Amdocs, Bell Canada # Modifications Copyright © 2018-2019 AT&T # Modifications Copyright © 2020 Samsung Electronics +# Modifications Copyright © 2021 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -66,3 +67,5 @@ dcae-policy-handler: cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-servicechange-handler: enabled: true +dcae-ves-openapi-manager: + enabled: true
\ No newline at end of file diff --git a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml index 7fb611b348..c9e24fc07b 100644 --- a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml @@ -100,7 +100,7 @@ config: # application image flavor: small -image: onap/modeling/etsicatalog:1.0.9 +image: onap/modeling/etsicatalog:1.0.10 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml index 5c840ec9a4..a8ccc5ddfc 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml @@ -24,7 +24,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/k8s:0.7.0 +image: onap/multicloud/k8s:0.8.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index 158c0e9b0b..7b9c15083c 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -66,7 +66,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/externalapi/nbi:8.0.0 +image: onap/externalapi/nbi:8.0.1 pullPolicy: IfNotPresent sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU= aai_authorization: Basic QUFJOkFBSQ== diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml index 3e96bdf3ec..4f4696263c 100755 --- a/kubernetes/onap/requirements.yaml +++ b/kubernetes/onap/requirements.yaml @@ -54,6 +54,10 @@ dependencies: version: ~7.x-0 repository: '@local' condition: global.addTestingComponents + - name: cps + version: ~7.x-0 + repository: '@local' + condition: cps.enabled - name: dcaegen2 version: ~7.x-0 repository: '@local' diff --git a/kubernetes/onap/resources/environments/core-onap.yaml b/kubernetes/onap/resources/environments/core-onap.yaml index 027bc7b850..9932691b2d 100644 --- a/kubernetes/onap/resources/environments/core-onap.yaml +++ b/kubernetes/onap/resources/environments/core-onap.yaml @@ -67,6 +67,8 @@ consul: enabled: false contrib: enabled: false +cps: + enabled: false dcaegen2: enabled: false dmaap: diff --git a/kubernetes/onap/resources/environments/dev.yaml b/kubernetes/onap/resources/environments/dev.yaml index dd22d8fc75..84713498fa 100644 --- a/kubernetes/onap/resources/environments/dev.yaml +++ b/kubernetes/onap/resources/environments/dev.yaml @@ -71,6 +71,8 @@ consul: enabled: false contrib: enabled: false +cps: + enabled: false dcaegen2: enabled: false dmaap: diff --git a/kubernetes/onap/resources/environments/disable-allcharts.yaml b/kubernetes/onap/resources/environments/disable-allcharts.yaml index 27588fa4a8..c7dcdfc974 100644 --- a/kubernetes/onap/resources/environments/disable-allcharts.yaml +++ b/kubernetes/onap/resources/environments/disable-allcharts.yaml @@ -41,6 +41,8 @@ consul: enabled: false contrib: enabled: false +cps: + enabled: false dcaegen2: enabled: false dmaap: diff --git a/kubernetes/onap/resources/environments/minimal-onap.yaml b/kubernetes/onap/resources/environments/minimal-onap.yaml index 336e93788c..0186a9c0f7 100644 --- a/kubernetes/onap/resources/environments/minimal-onap.yaml +++ b/kubernetes/onap/resources/environments/minimal-onap.yaml @@ -62,6 +62,8 @@ consul: enabled: false contrib: enabled: false +cps: + enabled: false dcaegen2: enabled: false dmaap: diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml index be052996b7..2481623685 100644 --- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml +++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml @@ -94,6 +94,8 @@ consul: enabled: false contrib: enabled: false +cps: + enabled: false dcaegen2: enabled: false dmaap: diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml index 997bca9f4d..63a8a74c76 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml @@ -36,6 +36,8 @@ consul: enabled: true contrib: enabled: true +cps: + enabled: true dcaegen2: enabled: true dmaap: diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index 13b90ac45e..c8551cbf8e 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -44,6 +44,8 @@ contrib: enabled: *testing consul: enabled: true +cps: + enabled: true dcaegen2: enabled: true dcaemod: diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml index 796643171b..bd8ed9d9c5 100644 --- a/kubernetes/onap/resources/overrides/sm-onap.yaml +++ b/kubernetes/onap/resources/overrides/sm-onap.yaml @@ -66,10 +66,10 @@ consul: enabled: false contrib: enabled: false +cps: + enabled: false dcaegen2: enabled: false -dmaap: - enabled: true esr: enabled: false log: diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 0920222ad7..d5d3e109b1 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -301,6 +301,8 @@ consul: # addTestingComponents contrib: enabled: *testing +cps: + enabled: false dcaegen2: enabled: false dcaemod: diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml index 10c2a054e7..586f468334 100755 --- a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml @@ -71,7 +71,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["sh","-c"] args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \ - source {{ .Values.certInitializer.credsPath }}/.ci; fi;\ + . {{ .Values.certInitializer.credsPath }}/.ci; fi;\ /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"] ports: - containerPort: {{ .Values.service.externalPort }} diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py index 50117bd359..807f070aa0 100644 --- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py @@ -223,6 +223,22 @@ GLOBAL_INVENTORY_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "h GLOBAL_DEPLOYMENT_HANDLER_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "deployment-handler") }}' GLOBAL_DEPLOYMENT_HANDLER_SERVER_PROTOCOL = "https" GLOBAL_DEPLOYMENT_HANDLER_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "deployment-handler" "port" 8443) }}' +# dcae mod info +GLOBAL_DCAEMOD_ONBOARDING_API_SERVER_PROTOCOL = "http" +GLOBAL_DCAEMOD_ONBOARDING_API_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcaemod-onboarding-api" "port" 8080) }}' +GLOBAL_DCAEMOD_ONBOARDING_API_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcaemod-onboarding-api") }}' +GLOBAL_DCAEMOD_RUNTIME_API_SERVER_PROTOCOL = "http" +GLOBAL_DCAEMOD_RUNTIME_API_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcaemod-runtime-api" "port" 9090) }}' +GLOBAL_DCAEMOD_RUNTIME_API_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcaemod-runtime-api") }}' +GLOBAL_DCAEMOD_DISTRIBUTOR_API_SERVER_PROTOCOL = "http" +GLOBAL_DCAEMOD_DISTRIBUTOR_API_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcaemod-distributor-api" "port" 8080) }}' +GLOBAL_DCAEMOD_DISTRIBUTOR_API_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcaemod-distributor-api") }}' +GLOBAL_DCAEMOD_DESIGNTOOL_SERVER_PROTOCOL = "http" +GLOBAL_DCAEMOD_DESIGNTOOL_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcaemod-designtool" "port" 8080) }}' +GLOBAL_DCAEMOD_DESIGNTOOL_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcaemod-designtool") }}' +GLOBAL_DCAEMOD_NIFI_REGISTRY_PROTOCOL = "http" +GLOBAL_DCAEMOD_NIFI_REGISTRY_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcaemod-nifi-registry" "port" 18080) }}' +GLOBAL_DCAEMOD_NIFI_REGISTRY_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcaemod-nifi-registry") }}' # SO containers - everything is from the private oam network (also called onap private network) GLOBAL_SO_APIHAND_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so" "port" 8080) }}' GLOBAL_SO_SDCHAND_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-sdc-controller" "port" 8085) }}' diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor index 7eac9a3fd5..678b48cb84 100755 --- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor @@ -1,5 +1,6 @@ -#!/usr/bin/env python2 +#!/usr/bin/env python3 {{/* + # encoding: utf-8 # Copyright © 2018 Amdocs diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 5a4d204c58..802722f400 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -386,7 +386,7 @@ elasticsearch: # handles master and data node functionality dedicatednode: "no" nameOverride: *elasticSearchName - cluster_name: *elasticSearchName + cluster_name: sdnrdb-cluster # enable sdnc-web: enabled: true diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh index 72963d9efc..fc5f905df7 100755 --- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh @@ -36,7 +36,7 @@ EOF cd /docker-entrypoint-initdb.d/db-sql-scripts -mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_engine_7.10.0.sql || exit 1 -mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_identity_7.10.0.sql || exit 1 +mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_engine_7.14.0.sql || exit 1 +mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_identity_7.14.0.sql || exit 1 echo "Created camundabpmn database . . ." 1>>/tmp/mariadb-camundabpmn.log 2>&1 diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.10.0.sql b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.14.0.sql index 41377fb9eb..e0ae386119 100644 --- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.10.0.sql +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.14.0.sql @@ -1,8 +1,9 @@ -- --- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) --- --- Licensed under the Apache License, Version 2.0 (the "License"); --- you may not use this file except in compliance with the License. +-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH +-- under one or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information regarding copyright +-- ownership. Camunda licenses this file to you under the Apache License, +-- Version 2.0; you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 @@ -41,6 +42,12 @@ values ('history.cleanup.job.lock', '0', 1); insert into ACT_GE_PROPERTY values ('startup.lock', '0', 1); +insert into ACT_GE_PROPERTY +values ('telemetry.lock', '0', 1); + +insert into ACT_GE_PROPERTY +values ('installationId.lock', '0', 1); + create table ACT_GE_BYTEARRAY ( ID_ varchar(64), REV_ integer, @@ -56,10 +63,20 @@ create table ACT_GE_BYTEARRAY ( primary key (ID_) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; +create table ACT_GE_SCHEMA_LOG ( + ID_ varchar(64), + TIMESTAMP_ datetime(3), + VERSION_ varchar(255), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +insert into ACT_GE_SCHEMA_LOG +values ('0', CURRENT_TIMESTAMP, '7.14.0'); + create table ACT_RE_DEPLOYMENT ( ID_ varchar(64), NAME_ varchar(255), - DEPLOY_TIME_ timestamp(3), + DEPLOY_TIME_ datetime(3), SOURCE_ varchar(255), TENANT_ID_ varchar(64), primary key (ID_) @@ -93,7 +110,7 @@ create table ACT_RU_JOB ( ID_ varchar(64) NOT NULL, REV_ integer, TYPE_ varchar(255) NOT NULL, - LOCK_EXP_TIME_ timestamp(3) NULL, + LOCK_EXP_TIME_ datetime(3) NULL, LOCK_OWNER_ varchar(255), EXCLUSIVE_ boolean, EXECUTION_ID_ varchar(64), @@ -103,8 +120,10 @@ create table ACT_RU_JOB ( RETRIES_ integer, EXCEPTION_STACK_ID_ varchar(64), EXCEPTION_MSG_ varchar(4000), - DUEDATE_ timestamp(3) NULL, + FAILED_ACT_ID_ varchar(255), + DUEDATE_ datetime(3) NULL, REPEAT_ varchar(255), + REPEAT_OFFSET_ bigint DEFAULT 0, HANDLER_TYPE_ varchar(255), HANDLER_CFG_ varchar(4000), DEPLOYMENT_ID_ varchar(64), @@ -128,6 +147,7 @@ create table ACT_RU_JOBDEF ( SUSPENSION_STATE_ integer, JOB_PRIORITY_ bigint, TENANT_ID_ varchar(64), + DEPLOYMENT_ID_ varchar(64), primary key (ID_) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; @@ -167,7 +187,7 @@ create table ACT_RU_TASK ( ASSIGNEE_ varchar(255), DELEGATION_ varchar(64), PRIORITY_ integer, - CREATE_TIME_ timestamp(3), + CREATE_TIME_ datetime(3), DUE_DATE_ datetime(3), FOLLOW_UP_DATE_ datetime(3), SUSPENSION_STATE_ integer, @@ -194,14 +214,16 @@ create table ACT_RU_VARIABLE ( NAME_ varchar(255) not null, EXECUTION_ID_ varchar(64), PROC_INST_ID_ varchar(64), + PROC_DEF_ID_ varchar(64), CASE_EXECUTION_ID_ varchar(64), CASE_INST_ID_ varchar(64), TASK_ID_ varchar(64), + BATCH_ID_ varchar(64), BYTEARRAY_ID_ varchar(64), DOUBLE_ double, LONG_ bigint, - TEXT_ LONGBLOB, - TEXT2_ LONGBLOB, + TEXT_ varchar(4000), + TEXT2_ varchar(4000), VAR_SCOPE_ varchar(64) not null, SEQUENCE_COUNTER_ bigint, IS_CONCURRENT_LOCAL_ TINYINT, @@ -218,7 +240,7 @@ create table ACT_RU_EVENT_SUBSCR ( PROC_INST_ID_ varchar(64), ACTIVITY_ID_ varchar(255), CONFIGURATION_ varchar(255), - CREATED_ timestamp(3) not null, + CREATED_ datetime(3) not null, TENANT_ID_ varchar(64), primary key (ID_) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; @@ -226,11 +248,12 @@ create table ACT_RU_EVENT_SUBSCR ( create table ACT_RU_INCIDENT ( ID_ varchar(64) not null, REV_ integer not null, - INCIDENT_TIMESTAMP_ timestamp(3) not null, + INCIDENT_TIMESTAMP_ datetime(3) not null, INCIDENT_MSG_ varchar(4000), INCIDENT_TYPE_ varchar(255) not null, EXECUTION_ID_ varchar(64), ACTIVITY_ID_ varchar(255), + FAILED_ACTIVITY_ID_ varchar(255), PROC_INST_ID_ varchar(64), PROC_DEF_ID_ varchar(64), CAUSE_INCIDENT_ID_ varchar(64), @@ -250,6 +273,8 @@ create table ACT_RU_AUTHORIZATION ( RESOURCE_TYPE_ integer not null, RESOURCE_ID_ varchar(255), PERMS_ integer, + REMOVAL_TIME_ datetime(3), + ROOT_PROC_INST_ID_ varchar(64), primary key (ID_) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; @@ -269,7 +294,7 @@ create table ACT_RU_METER_LOG ( NAME_ varchar(64) not null, REPORTER_ varchar(255), VALUE_ bigint, - TIMESTAMP_ timestamp(3), + TIMESTAMP_ datetime(3), MILLISECONDS_ bigint DEFAULT 0, primary key (ID_) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; @@ -282,7 +307,7 @@ create table ACT_RU_EXT_TASK ( RETRIES_ integer, ERROR_MSG_ varchar(4000), ERROR_DETAILS_ID_ varchar(64), - LOCK_EXP_TIME_ timestamp(3) NULL, + LOCK_EXP_TIME_ datetime(3) NULL, SUSPENSION_STATE_ integer, EXECUTION_ID_ varchar(64), PROC_INST_ID_ varchar(64), @@ -318,13 +343,17 @@ create index ACT_IDX_EXEC_BUSKEY on ACT_RU_EXECUTION(BUSINESS_KEY_); create index ACT_IDX_EXEC_TENANT_ID on ACT_RU_EXECUTION(TENANT_ID_); create index ACT_IDX_TASK_CREATE on ACT_RU_TASK(CREATE_TIME_); create index ACT_IDX_TASK_ASSIGNEE on ACT_RU_TASK(ASSIGNEE_); +create index ACT_IDX_TASK_OWNER on ACT_RU_TASK(OWNER_); create index ACT_IDX_TASK_TENANT_ID on ACT_RU_TASK(TENANT_ID_); create index ACT_IDX_IDENT_LNK_USER on ACT_RU_IDENTITYLINK(USER_ID_); create index ACT_IDX_IDENT_LNK_GROUP on ACT_RU_IDENTITYLINK(GROUP_ID_); create index ACT_IDX_EVENT_SUBSCR_CONFIG_ on ACT_RU_EVENT_SUBSCR(CONFIGURATION_); create index ACT_IDX_EVENT_SUBSCR_TENANT_ID on ACT_RU_EVENT_SUBSCR(TENANT_ID_); + create index ACT_IDX_VARIABLE_TASK_ID on ACT_RU_VARIABLE(TASK_ID_); create index ACT_IDX_VARIABLE_TENANT_ID on ACT_RU_VARIABLE(TENANT_ID_); +create index ACT_IDX_VARIABLE_TASK_NAME_TYPE on ACT_RU_VARIABLE(TASK_ID_, NAME_, TYPE_); + create index ACT_IDX_ATHRZ_PROCEDEF on ACT_RU_IDENTITYLINK(PROC_DEF_ID_); create index ACT_IDX_INC_CONFIGURATION on ACT_RU_INCIDENT(CONFIGURATION_); create index ACT_IDX_INC_TENANT_ID on ACT_RU_INCIDENT(TENANT_ID_); @@ -498,6 +527,12 @@ alter table ACT_RU_BATCH foreign key (BATCH_JOB_DEF_ID_) references ACT_RU_JOBDEF (ID_); +create index ACT_IDX_BATCH_ID ON ACT_RU_VARIABLE(BATCH_ID_); +alter table ACT_RU_VARIABLE + add constraint ACT_FK_VAR_BATCH + foreign key (BATCH_ID_) + references ACT_RU_BATCH (ID_); + -- indexes for deadlock problems - https://app.camunda.com/jira/browse/CAM-2567 -- create index ACT_IDX_INC_CAUSEINCID on ACT_RU_INCIDENT(CAUSE_INCIDENT_ID_); create index ACT_IDX_INC_EXID on ACT_RU_INCIDENT(EXECUTION_ID_); @@ -521,11 +556,16 @@ create index ACT_IDX_EVENT_SUBSCR_EVT_NAME ON ACT_RU_EVENT_SUBSCR(EVENT_NAME_); create index ACT_IDX_PROCDEF_DEPLOYMENT_ID ON ACT_RE_PROCDEF(DEPLOYMENT_ID_); create index ACT_IDX_PROCDEF_TENANT_ID ON ACT_RE_PROCDEF(TENANT_ID_); create index ACT_IDX_PROCDEF_VER_TAG ON ACT_RE_PROCDEF(VERSION_TAG_); + +-- indices for history cleanup: https://jira.camunda.com/browse/CAM-11616 +create index ACT_IDX_AUTH_ROOT_PI on ACT_RU_AUTHORIZATION(ROOT_PROC_INST_ID_); +create index ACT_IDX_AUTH_RM_TIME on ACT_RU_AUTHORIZATION(REMOVAL_TIME_); -- --- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) --- --- Licensed under the Apache License, Version 2.0 (the "License"); --- you may not use this file except in compliance with the License. +-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH +-- under one or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information regarding copyright +-- ownership. Camunda licenses this file to you under the Apache License, +-- Version 2.0; you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 @@ -648,10 +688,11 @@ alter table ACT_RU_CASE_SENTRY_PART create index ACT_IDX_CASE_DEF_TENANT_ID on ACT_RE_CASE_DEF(TENANT_ID_); create index ACT_IDX_CASE_EXEC_TENANT_ID on ACT_RU_CASE_EXECUTION(TENANT_ID_); -- --- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) --- --- Licensed under the Apache License, Version 2.0 (the "License"); --- you may not use this file except in compliance with the License. +-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH +-- under one or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information regarding copyright +-- ownership. Camunda licenses this file to you under the Apache License, +-- Version 2.0; you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 @@ -706,10 +747,11 @@ create index ACT_IDX_DEC_DEF_TENANT_ID on ACT_RE_DECISION_DEF(TENANT_ID_); create index ACT_IDX_DEC_DEF_REQ_ID on ACT_RE_DECISION_DEF(DEC_REQ_ID_); create index ACT_IDX_DEC_REQ_DEF_TENANT_ID on ACT_RE_DECISION_REQ_DEF(TENANT_ID_); -- --- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) --- --- Licensed under the Apache License, Version 2.0 (the "License"); --- you may not use this file except in compliance with the License. +-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH +-- under one or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information regarding copyright +-- ownership. Camunda licenses this file to you under the Apache License, +-- Version 2.0; you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 @@ -759,7 +801,7 @@ create table ACT_HI_ACTINST ( CALL_CASE_INST_ID_ varchar(64), ACT_NAME_ varchar(255), ACT_TYPE_ varchar(255) not null, - ASSIGNEE_ varchar(64), + ASSIGNEE_ varchar(255), START_TIME_ datetime(3) not null, END_TIME_ datetime(3), DURATION_ bigint, @@ -820,8 +862,8 @@ create table ACT_HI_VARINST ( BYTEARRAY_ID_ varchar(64), DOUBLE_ double, LONG_ bigint, - TEXT_ LONGBLOB, - TEXT2_ LONGBLOB, + TEXT_ varchar(4000), + TEXT2_ varchar(4000), TENANT_ID_ varchar(64), STATE_ varchar(20), REMOVAL_TIME_ datetime(3), @@ -850,12 +892,13 @@ create table ACT_HI_DETAIL ( BYTEARRAY_ID_ varchar(64), DOUBLE_ double, LONG_ bigint, - TEXT_ LONGBLOB, - TEXT2_ LONGBLOB, + TEXT_ varchar(4000), + TEXT2_ varchar(4000), SEQUENCE_COUNTER_ bigint, TENANT_ID_ varchar(64), OPERATION_ID_ varchar(64), REMOVAL_TIME_ datetime(3), + INITIAL_ boolean, primary key (ID_) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; @@ -935,6 +978,9 @@ create table ACT_HI_OP_LOG ( NEW_VALUE_ varchar(4000), TENANT_ID_ varchar(64), REMOVAL_TIME_ datetime(3), + CATEGORY_ varchar(64), + EXTERNAL_TASK_ID_ varchar(64), + ANNOTATION_ varchar(4000), primary key (ID_) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; @@ -950,9 +996,11 @@ create table ACT_HI_INCIDENT ( INCIDENT_MSG_ varchar(4000), INCIDENT_TYPE_ varchar(255) not null, ACTIVITY_ID_ varchar(255), + FAILED_ACTIVITY_ID_ varchar(255), CAUSE_INCIDENT_ID_ varchar(64), ROOT_CAUSE_INCIDENT_ID_ varchar(64), CONFIGURATION_ varchar(255), + HISTORY_CONFIGURATION_ varchar(255), INCIDENT_STATE_ integer, TENANT_ID_ varchar(64), JOB_DEF_ID_ varchar(64), @@ -962,9 +1010,9 @@ create table ACT_HI_INCIDENT ( create table ACT_HI_JOB_LOG ( ID_ varchar(64) not null, - TIMESTAMP_ timestamp(3) not null, + TIMESTAMP_ datetime(3) not null, JOB_ID_ varchar(64) not null, - JOB_DUEDATE_ timestamp(3) NULL, + JOB_DUEDATE_ datetime(3) NULL, JOB_RETRIES_ integer, JOB_PRIORITY_ bigint NOT NULL DEFAULT 0, JOB_EXCEPTION_MSG_ varchar(4000), @@ -974,6 +1022,7 @@ create table ACT_HI_JOB_LOG ( JOB_DEF_TYPE_ varchar(255), JOB_DEF_CONFIGURATION_ varchar(255), ACT_ID_ varchar(255), + FAILED_ACT_ID_ varchar(255), ROOT_PROC_INST_ID_ varchar(64), EXECUTION_ID_ varchar(64), PROCESS_INSTANCE_ID_ varchar(64), @@ -982,6 +1031,7 @@ create table ACT_HI_JOB_LOG ( DEPLOYMENT_ID_ varchar(64), SEQUENCE_COUNTER_ bigint, TENANT_ID_ varchar(64), + HOSTNAME_ varchar(255), REMOVAL_TIME_ datetime(3), primary key (ID_) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; @@ -1036,7 +1086,7 @@ create index ACT_IDX_HI_PRO_INST_ROOT_PI on ACT_HI_PROCINST(ROOT_PROC_INST_ID_); create index ACT_IDX_HI_PRO_INST_RM_TIME on ACT_HI_PROCINST(REMOVAL_TIME_); create index ACT_IDX_HI_ACTINST_ROOT_PI on ACT_HI_ACTINST(ROOT_PROC_INST_ID_); -create index ACT_IDX_HI_ACT_INST_START on ACT_HI_ACTINST(START_TIME_); +create index ACT_IDX_HI_ACT_INST_START_END on ACT_HI_ACTINST(START_TIME_, END_TIME_); create index ACT_IDX_HI_ACT_INST_END on ACT_HI_ACTINST(END_TIME_); create index ACT_IDX_HI_ACT_INST_PROCINST on ACT_HI_ACTINST(PROC_INST_ID_, ACT_ID_); create index ACT_IDX_HI_ACT_INST_COMP on ACT_HI_ACTINST(EXECUTION_ID_, ACT_ID_, END_TIME_, ID_); @@ -1068,6 +1118,7 @@ create index ACT_IDX_HI_DETAIL_PROC_DEF_KEY on ACT_HI_DETAIL(PROC_DEF_KEY_); create index ACT_IDX_HI_DETAIL_BYTEAR on ACT_HI_DETAIL(BYTEARRAY_ID_); create index ACT_IDX_HI_DETAIL_RM_TIME on ACT_HI_DETAIL(REMOVAL_TIME_); create index ACT_IDX_HI_DETAIL_TASK_BYTEAR on ACT_HI_DETAIL(BYTEARRAY_ID_, TASK_ID_); +create index ACT_IDX_HI_DETAIL_VAR_INST_ID on ACT_HI_DETAIL(VAR_INST_ID_); create index ACT_IDX_HI_IDENT_LNK_ROOT_PI on ACT_HI_IDENTITYLINK(ROOT_PROC_INST_ID_); create index ACT_IDX_HI_IDENT_LNK_USER on ACT_HI_IDENTITYLINK(USER_ID_); @@ -1076,6 +1127,7 @@ create index ACT_IDX_HI_IDENT_LNK_TENANT_ID on ACT_HI_IDENTITYLINK(TENANT_ID_); create index ACT_IDX_HI_IDENT_LNK_PROC_DEF_KEY on ACT_HI_IDENTITYLINK(PROC_DEF_KEY_); create index ACT_IDX_HI_IDENT_LINK_TASK on ACT_HI_IDENTITYLINK(TASK_ID_); create index ACT_IDX_HI_IDENT_LINK_RM_TIME on ACT_HI_IDENTITYLINK(REMOVAL_TIME_); +create index ACT_IDX_HI_IDENT_LNK_TIMESTAMP on ACT_HI_IDENTITYLINK(TIMESTAMP_); create index ACT_IDX_HI_VARINST_ROOT_PI on ACT_HI_VARINST(ROOT_PROC_INST_ID_); create index ACT_IDX_HI_PROCVAR_PROC_INST on ACT_HI_VARINST(PROC_INST_ID_); @@ -1085,12 +1137,15 @@ create index ACT_IDX_HI_VAR_INST_TENANT_ID on ACT_HI_VARINST(TENANT_ID_); create index ACT_IDX_HI_VAR_INST_PROC_DEF_KEY on ACT_HI_VARINST(PROC_DEF_KEY_); create index ACT_IDX_HI_VARINST_BYTEAR on ACT_HI_VARINST(BYTEARRAY_ID_); create index ACT_IDX_HI_VARINST_RM_TIME on ACT_HI_VARINST(REMOVAL_TIME_); +create index ACT_IDX_HI_VAR_PI_NAME_TYPE on ACT_HI_VARINST(PROC_INST_ID_, NAME_, VAR_TYPE_); create index ACT_IDX_HI_INCIDENT_TENANT_ID on ACT_HI_INCIDENT(TENANT_ID_); create index ACT_IDX_HI_INCIDENT_PROC_DEF_KEY on ACT_HI_INCIDENT(PROC_DEF_KEY_); create index ACT_IDX_HI_INCIDENT_ROOT_PI on ACT_HI_INCIDENT(ROOT_PROC_INST_ID_); create index ACT_IDX_HI_INCIDENT_PROCINST on ACT_HI_INCIDENT(PROC_INST_ID_); create index ACT_IDX_HI_INCIDENT_RM_TIME on ACT_HI_INCIDENT(REMOVAL_TIME_); +create index ACT_IDX_HI_INCIDENT_CREATE_TIME on ACT_HI_INCIDENT(CREATE_TIME_); +create index ACT_IDX_HI_INCIDENT_END_TIME on ACT_HI_INCIDENT(END_TIME_); create index ACT_IDX_HI_JOB_LOG_ROOT_PI on ACT_HI_JOB_LOG(ROOT_PROC_INST_ID_); create index ACT_IDX_HI_JOB_LOG_PROCINST on ACT_HI_JOB_LOG(PROCESS_INSTANCE_ID_); @@ -1100,6 +1155,7 @@ create index ACT_IDX_HI_JOB_LOG_JOB_DEF_ID on ACT_HI_JOB_LOG(JOB_DEF_ID_); create index ACT_IDX_HI_JOB_LOG_PROC_DEF_KEY on ACT_HI_JOB_LOG(PROCESS_DEF_KEY_); create index ACT_IDX_HI_JOB_LOG_EX_STACK on ACT_HI_JOB_LOG(JOB_EXCEPTION_STACK_ID_); create index ACT_IDX_HI_JOB_LOG_RM_TIME on ACT_HI_JOB_LOG(REMOVAL_TIME_); +create index ACT_IDX_HI_JOB_LOG_JOB_CONF on ACT_HI_JOB_LOG(JOB_DEF_CONFIGURATION_); create index ACT_HI_BAT_RM_TIME on ACT_HI_BATCH(REMOVAL_TIME_); @@ -1117,6 +1173,9 @@ create index ACT_IDX_HI_OP_LOG_PROCDEF on ACT_HI_OP_LOG(PROC_DEF_ID_); create index ACT_IDX_HI_OP_LOG_TASK on ACT_HI_OP_LOG(TASK_ID_); create index ACT_IDX_HI_OP_LOG_RM_TIME on ACT_HI_OP_LOG(REMOVAL_TIME_); create index ACT_IDX_HI_OP_LOG_TIMESTAMP on ACT_HI_OP_LOG(TIMESTAMP_); +create index ACT_IDX_HI_OP_LOG_USER_ID on ACT_HI_OP_LOG(USER_ID_); +create index ACT_IDX_HI_OP_LOG_OP_TYPE on ACT_HI_OP_LOG(OPERATION_TYPE_); +create index ACT_IDX_HI_OP_LOG_ENTITY_TYPE on ACT_HI_OP_LOG(ENTITY_TYPE_); create index ACT_IDX_HI_COMMENT_TASK on ACT_HI_COMMENT(TASK_ID_); create index ACT_IDX_HI_COMMENT_ROOT_PI on ACT_HI_COMMENT(ROOT_PROC_INST_ID_); @@ -1129,10 +1188,11 @@ create index ACT_IDX_HI_ATTACHMENT_PROCINST on ACT_HI_ATTACHMENT(PROC_INST_ID_); create index ACT_IDX_HI_ATTACHMENT_TASK on ACT_HI_ATTACHMENT(TASK_ID_); create index ACT_IDX_HI_ATTACHMENT_RM_TIME on ACT_HI_ATTACHMENT(REMOVAL_TIME_); -- --- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) --- --- Licensed under the Apache License, Version 2.0 (the "License"); --- you may not use this file except in compliance with the License. +-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH +-- under one or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information regarding copyright +-- ownership. Camunda licenses this file to you under the Apache License, +-- Version 2.0; you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 @@ -1190,10 +1250,11 @@ create index ACT_IDX_HI_CAS_A_I_COMP on ACT_HI_CASEACTINST(CASE_ACT_ID_, END_TIM create index ACT_IDX_HI_CAS_A_I_CASEINST on ACT_HI_CASEACTINST(CASE_INST_ID_, CASE_ACT_ID_); create index ACT_IDX_HI_CAS_A_I_TENANT_ID on ACT_HI_CASEACTINST(TENANT_ID_); -- --- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) --- --- Licensed under the Apache License, Version 2.0 (the "License"); --- you may not use this file except in compliance with the License. +-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH +-- under one or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information regarding copyright +-- ownership. Camunda licenses this file to you under the Apache License, +-- Version 2.0; you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 @@ -1241,8 +1302,8 @@ create table ACT_HI_DEC_IN ( BYTEARRAY_ID_ varchar(64), DOUBLE_ double, LONG_ bigint, - TEXT_ LONGBLOB, - TEXT2_ LONGBLOB, + TEXT_ varchar(4000), + TEXT2_ varchar(4000), TENANT_ID_ varchar(64), CREATE_TIME_ datetime(3), ROOT_PROC_INST_ID_ varchar(64), @@ -1263,8 +1324,8 @@ create table ACT_HI_DEC_OUT ( BYTEARRAY_ID_ varchar(64), DOUBLE_ double, LONG_ bigint, - TEXT_ LONGBLOB, - TEXT2_ LONGBLOB, + TEXT_ varchar(4000), + TEXT2_ varchar(4000), TENANT_ID_ varchar(64), CREATE_TIME_ datetime(3), ROOT_PROC_INST_ID_ varchar(64), diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.10.0.sql b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.14.0.sql index 35cb979781..44bea24e2a 100644 --- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.10.0.sql +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.14.0.sql @@ -1,8 +1,9 @@ -- --- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) --- --- Licensed under the Apache License, Version 2.0 (the "License"); --- you may not use this file except in compliance with the License. +-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH +-- under one or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information regarding copyright +-- ownership. Camunda licenses this file to you under the Apache License, +-- Version 2.0; you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 @@ -38,7 +39,7 @@ create table ACT_ID_USER ( EMAIL_ varchar(255), PWD_ varchar(255), SALT_ varchar(255), - LOCK_EXP_TIME_ timestamp(3) NULL, + LOCK_EXP_TIME_ datetime(3) NULL, ATTEMPTS_ integer, PICTURE_ID_ varchar(64), primary key (ID_) @@ -43,3 +43,14 @@ deps = commands = gitlint +[testenv:autopep8] +deps = autopep8 +commands = + autopep8 --max-line-length 120 --in-place --recursive kubernetes/ TOSCA/ docs/ + +[testenv:pylint] +deps = pylint +whitelist_externals = find +commands = + find kubernetes/ TOSCA/ docs/ -name *.py -exec pylint --max-line-length=120 --disable=missing-docstring --method-rgx="(([a-z_][a-zA-Z0-9_]{2,})|(_[a-z0-9_]*)|(__[a-zA-Z][a-zA-Z0-9_]+__))$" --variable-rgx="[a-zA-Z_][a-zA-Z0-9_]{1,30}$" --reports=y --score=y --output-format=colorized \{\} + + |