summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docs/example-integration-override.yaml40
-rw-r--r--docs/helm-search.txt71
-rw-r--r--docs/oom_quickstart_guide.rst32
-rw-r--r--docs/oom_setup_kubernetes_rancher.rst47
m---------kubernetes/aai0
-rw-r--r--kubernetes/clamp/values.yaml5
-rw-r--r--kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml2
-rw-r--r--kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json6
-rw-r--r--kubernetes/dcaegen2/charts/dcae-policy-handler/values.yaml1
-rw-r--r--kubernetes/dmaap/components/dmaap-bc/values.yaml2
-rw-r--r--kubernetes/dmaap/values.yaml2
-rw-r--r--kubernetes/onap/resources/overrides/openstack.yaml18
-rw-r--r--kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf12
-rw-r--r--kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties53
-rw-r--r--kubernetes/policy/resources/config/pe/console.conf4
-rwxr-xr-xkubernetes/robot/ete-k8s.sh66
-rwxr-xr-xkubernetes/robot/eteHelm-k8s.sh7
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml38
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml6
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-fe/values.yaml15
20 files changed, 287 insertions, 140 deletions
diff --git a/docs/example-integration-override.yaml b/docs/example-integration-override.yaml
index 9c336d69ce..56699d921c 100644
--- a/docs/example-integration-override.yaml
+++ b/docs/example-integration-override.yaml
@@ -1,36 +1,46 @@
global:
repository: 10.12.5.2:5000
pullPolicy: IfNotPresent
+#################################################################
+# This override file configures openstack parameters for ONAP
+#################################################################
+appc:
+ config:
+ enableClustering: false
+ openStackType: "OpenStackProvider"
+ openStackName: "OpenStack"
+ openStackKeyStoneUrl: "http://10.12.25.2:5000/v2.0"
+ openStackServiceTenantName: "OPENSTACK_TENANTNAME_HERE"
+ openStackDomain: "Default"
+ openStackUserName: "OPENSTACK_USERNAME_HERE"
+ openStackEncryptedPassword: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_PASSWORD_HERE_XXXXXXXXXXXXXXXX"
robot:
- enabled: true
- flavor: large
appcUsername: "appc@appc.onap.org"
- appcPassword: "APPC_PASSWORD_HERE"
+ appcPassword: "demo123456!"
openStackKeyStoneUrl: "http://10.12.25.2:5000"
openStackPublicNetId: "971040b2-7059-49dc-b220-4fab50cb2ad4"
openStackTenantId: "09d8566ea45e43aa974cf447ed591d77"
openStackUserName: "OPENSTACK_USERNAME_HERE"
ubuntu14Image: "ubuntu-14-04-cloud-amd64"
ubuntu16Image: "ubuntu-16-04-cloud-amd64"
- openStackPrivateNetId: "d4ab89ff-c735-4ce4-93f6-cff445157b98"
- openStackPrivateSubnetId: "46c2391c-ed98-4fb0-8ab7-88678bc55b9f"
+ openStackPrivateNetId: "c7824f00-bef7-4864-81b9-f6c3afabd313"
+ openStackPrivateSubnetId: "2a0e8888-f93e-4615-8d28-fc3d4d087fc3"
openStackPrivateNetCidr: "10.0.0.0/16"
- openStackSecurityGroup: "3914301b-2996-414f-ba0a-da4b2275a753"
+ openStackSecurityGroup: "3a7a1e7e-6d15-4264-835d-fab1ae81e8b0"
openStackOamNetworkCidrPrefix: "10.0"
- dcaeCollectorIp: "10.12.5.46"
+ dcaeCollectorIp: "10.12.6.88"
vnfPubKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKXDgoo3+WOqcUG8/5uUbk81+yczgwC4Y8ywTmuQqbNxlY1oQ0YxdMUqUnhitSXs5S/yRuAVOYHwGg2mCs20oAINrP+mxBI544AMIb9itPjCtgqtE2EWo6MmnFGbHB4Sx3XioE7F4VPsh7japsIwzOjbrQe+Mua1TGQ5d4nfEOQaaglXLLPFfuc7WbhbJbK6Q7rHqZfRcOwAMXgDoBqlyqKeiKwnumddo2RyNT8ljYmvB6buz7KnMinzo7qB0uktVT05FH9Rg0CTWH5norlG5qXgP2aukL0gk1ph8iAt7uYLf1ktp+LJI2gaF6L0/qli9EmVCSLr1uJ38Q8CBflhkh"
- demoArtifactsVersion: "1.3.0"
+ demoArtifactsVersion: "1.4.0-SNAPSHOT"
demoArtifactsRepoUrl: "https://nexus.onap.org/content/repositories/releases"
- scriptVersion: "1.3.0"
- rancherIpAddress: "10.12.6.38"
+ scriptVersion: "1.4.0-SNAPSHOT"
+ rancherIpAddress: "10.12.5.127"
config:
- openStackEncryptedPasswordHere: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_ENCRYPTED_PASSWORD_HEREXXXXXXXXXXXXXXXX"
+ # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment
+ openStackEncryptedPasswordHere: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_ENCRYPTED_PASSWORD_HERE_XXXXXXXXXXXXXXXX"
so:
- enabled: true
+ # so server configuration
so-catalog-db-adapter:
config:
openStackUserName: "OPENSTACK_USERNAME_HERE"
openStackKeyStoneUrl: "http://10.12.25.2:5000/v2.0"
- openStackEncryptedPasswordHere: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_ENCRYPTED_PASSWORD_HEREXXXXXXXXXXXXXXXX"
-
-
+ openStackEncryptedPasswordHere: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_ENCRYPTED_PASSWORD_HERE_XXXXXXXXXXXXXXXX" \ No newline at end of file
diff --git a/docs/helm-search.txt b/docs/helm-search.txt
index db95e4f7d7..036ad036f2 100644
--- a/docs/helm-search.txt
+++ b/docs/helm-search.txt
@@ -1,31 +1,42 @@
NAME CHART VERSION APP VERSION DESCRIPTION
-local/onap 4.0.0 Dublin Open Network Automation Platform (ONAP)
-local/aaf 4.0.0 ONAP Application Authorization Framework
-local/aai 4.0.0 ONAP Active and Available Inventory
-local/cassandra 4.0.0 ONAP cassandra
-local/cds 4.0.0 ONAP Common Design Studio
-local/clamp 4.0.0 ONAP Clamp
-local/cli 4.0.0 ONAP Command Line Interface
-local/consul 4.0.0 ONAP Consul Agent
-local/contrib 4.0.0 ONAP optional tools
-local/dcaegen2 4.0.0 ONAP DCAE Gen2
-local/dmaap 4.0.1 ONAP DMaaP components
-local/esr 4.0.0 ONAP External System Register
-local/log 4.0.0 ONAP Logging ElasticStack
-local/msb 4.0.0 ONAP MicroServices Bus
-local/multicloud 4.0.0 ONAP multicloud broker
-local/nbi 4.0.0 ONAP Northbound Interface
-local/oof 4.0.0 ONAP Optimization Framework
-local/pnda 4.0.0 ONAP DCAE PNDA
-local/policy 4.0.0 ONAP Policy Administration Point
-local/pomba 4.0.0 ONAP Post Orchestration Model Based Audit
-local/portal 4.0.0 ONAP Web Portal
-local/postgres 4.0.0 ONAP Postgres Server
-local/robot 4.0.0 A helm Chart for kubernetes-ONAP Robot
-local/sdnc-prom 4.0.0 ONAP SDNC Policy Driven Ownership Management
-local/sniro-emulator 4.0.0 ONAP Mock Sniro Emulator
-local/so 4.0.0 ONAP Service Orchestrator
-local/uui 4.0.0 ONAP uui
-local/vfc 4.0.0 ONAP Virtual Function Controller (VF-C)
-local/vid 4.0.0 ONAP Virtual Infrastructure Deployment
-local/vnfsdk 4.0.0 ONAP VNF SDK
+local/onap 4.0.0 Dublin Open Network Automation Platform (ONAP)
+local/aaf 4.0.0 ONAP Application Authorization Framework
+local/aai 4.0.0 ONAP Active and Available Inventory
+local/appc 4.0.0 Application Controller
+local/cassandra 4.0.0 ONAP cassandra
+local/cds 4.0.0 ONAP Controller Design Studio (CDS)
+local/clamp 4.0.0 ONAP Clamp
+local/cli 4.0.0 ONAP Command Line Interface
+local/common 4.0.0 Common templates for inclusion in other charts
+local/consul 4.0.0 ONAP Consul Agent
+local/contrib 4.0.0 ONAP optional tools
+local/dcaegen2 4.0.0 ONAP DCAE Gen2
+local/dgbuilder 4.0.0 D.G. Builder application
+local/dmaap 4.0.1 ONAP DMaaP components
+local/esr 4.0.0 ONAP External System Register
+local/log 4.0.0 ONAP Logging ElasticStack
+local/mariadb-galera 4.0.0 Chart for MariaDB Galera cluster
+local/mongo 4.0.0 MongoDB Server
+local/msb 4.0.0 ONAP MicroServices Bus
+local/multicloud 4.0.0 ONAP multicloud broker
+local/music 4.0.0 MUSIC - Multi-site State Coordination Service
+local/mysql 4.0.0 MySQL Server
+local/nbi 4.0.0 ONAP Northbound Interface
+local/network-name-gen 4.0.0 Name Generation Micro Service
+local/nfs-provisioner 4.0.0 NFS provisioner
+local/oof 4.0.0 ONAP Optimization Framework
+local/pnda 4.0.0 ONAP DCAE PNDA
+local/policy 4.0.0 ONAP Policy Administration Point
+local/pomba 4.0.0 ONAP Post Orchestration Model Based Audit
+local/portal 4.0.0 ONAP Web Portal
+local/postgres 4.0.0 ONAP Postgres Server
+local/robot 4.0.0 A helm Chart for kubernetes-ONAP Robot
+local/sdc 4.0.0 Service Design and Creation Umbrella Helm charts
+local/sdnc 4.0.0 SDN Controller
+local/sdnc-prom 4.0.0 ONAP SDNC Policy Driven Ownership Management
+local/sniro-emulator 4.0.0 ONAP Mock Sniro Emulator
+local/so 4.0.0 ONAP Service Orchestrator
+local/uui 4.0.0 ONAP uui
+local/vfc 4.0.0 ONAP Virtual Function Controller (VF-C)
+local/vid 4.0.0 ONAP Virtual Infrastructure Deployment
+local/vnfsdk 4.0.0 ONAP VNF SDK \ No newline at end of file
diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst
index 20eb8fab79..501deda7e4 100644
--- a/docs/oom_quickstart_guide.rst
+++ b/docs/oom_quickstart_guide.rst
@@ -25,21 +25,25 @@ available), follow the following instructions to deploy ONAP.
> sudo cp -R ~/oom/kubernetes/helm/plugins/ ~/.helm
-**Step 3.** Customize the helm charts like onap.values.yaml or an override.yaml
-like integration-override.yaml file to suit your deployment with items like the
+**Step 3.** Customize the helm charts like oom/kubernetes/onap/values.yaml or an override
+file like onap-all.yaml, onap-vfw.yaml or openstack.yaml file to suit your deployment with items like the
OpenStack tenant information.
+.. note::
+ Standard and example override files (e.g. onap-all.yaml, openstack.yaml) can be found in
+ the oom/kubernetes/onap/resources/overrides/ directory.
+
a. You may want to selectively enable or disable ONAP components by changing
the `enabled: true/false` flags.
b. Encyrpt the OpenStack password using the shell tool for robot and put it in
- the robot helm charts or robot section of integration-override.yaml
+ the robot helm charts or robot section of openstack.yaml
c. Encrypt the OpenStack password using the java based script for SO helm charts
- or SO section of integration-override.yaml.
+ or SO section of openstack.yaml.
d. Update the OpenStack parameters that will be used by robot, SO and APPC helm
@@ -63,9 +67,9 @@ openssl algorithm that works with the python based Robot Framework.
.. note::
To generate ROBOT openStackEncryptedPasswordHere :
- ``root@olc-rancher:~# cd so/resources/config/mso/``
+ ``cd so/resources/config/mso/``
- ``root@olc-rancher:~/oom/kubernetes/so/resources/config/mso# echo -n "<openstack tenant password>" | openssl aes-128-ecb -e -K `cat encryption.key` -nosalt | xxd -c 256 -p``
+ ``/oom/kubernetes/so/resources/config/mso# echo -n "<openstack tenant password>" | openssl aes-128-ecb -e -K `cat encryption.key` -nosalt | xxd -c 256 -p``
c. Generating SO Encrypted Password:
The SO Encrypted Password uses a java based encryption utility since the
@@ -120,20 +124,24 @@ follows::
**Step 8.** Once the repo is setup, installation of ONAP can be done with a
single command
- a. If you updated the values directly use this command::
+.. note::
+ The --timeout 900 is currently required in Dublin to address long running initialization tasks
+ for DMaaP and SO. Without this timeout value both applications may fail to deploy.
- > helm deploy dev local/onap --namespace onap
+ a. To deploy all ONAP applications use this command::
+ > cd oom/kubernetes
+ > helm deploy dev local/onap --namespace onap -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/openstack.yaml --timeout 900
- b. If you are using an integration-override.yaml file use this command::
+ b. If you are using a custom override (e.g. integration-override.yaml) use this command::
- > helm deploy dev local/onap -f /root/integration-override.yaml --namespace onap
+ > helm deploy dev local/onap -f /root/integration-override.yaml --namespace onap --timeout 900
c. If you have a slower cloud environment you may want to use the public-cloud.yaml
which has longer delay intervals on database updates.::
- > helm deploy dev local/onap -f /root/oom/kubernetes/onap/resources/environments/public-cloud.yaml -f /root/integration-override.yaml --namespace onap
+ > helm deploy dev local/onap -f /root/oom/kubernetes/onap/resources/environments/public-cloud.yaml -f /root/integration-override.yaml --namespace onap --timeout 900
**Step 9.** Commands to interact with the OOM installation
@@ -141,7 +149,7 @@ single command
Use the following to monitor your deployment and determine when ONAP is
ready for use::
- > kubectl get pods --all-namespaces -o=wide
+ > kubectl get pods -n onap -o=wide
Undeploying onap can be done using the following command::
diff --git a/docs/oom_setup_kubernetes_rancher.rst b/docs/oom_setup_kubernetes_rancher.rst
index ebc44e6a96..3ccde8d418 100644
--- a/docs/oom_setup_kubernetes_rancher.rst
+++ b/docs/oom_setup_kubernetes_rancher.rst
@@ -23,6 +23,11 @@ This guide provides instructions on how to setup a Highly-Available Kubernetes C
For this, we are hosting our cluster on OpenStack VMs and using the Rancher Kubernetes Engine (RKE)
to deploy and manage our Kubernetes Cluster.
+.. contents::
+ :depth: 1
+ :local:
+..
+
The result at the end of this tutorial will be:
*1.* Creation of a Key Pair to use with Open Stack and RKE
@@ -42,11 +47,6 @@ The result at the end of this tutorial will be:
There are many ways one can execute the above steps. Including automation through the use of HEAT to setup the OpenStack VMs.
To better illustrate the steps involved, we have captured the manual creation of such an environment using the ONAP Wind River Open Lab.
-.. contents::
- :depth: 1
- :local:
-..
-
Create Key Pair
===============
A Key Pair is required to access the created OpenStack VMs and will be used by
@@ -63,9 +63,9 @@ For the purpose of this guide, we will assume a new local key called "onap-key"
has been downloaded and is copied into **~/.ssh/**, from which it can be referenced.
Example:
- $ mv onap-key ~/.ssh
+ > mv onap-key ~/.ssh
- $ chmod 600 ~/.ssh/onap-key
+ > chmod 600 ~/.ssh/onap-key
Create Kubernetes Control Plane VMs
@@ -252,11 +252,12 @@ Run RKE
-------
From within the same directory as the cluster.yml file, simply execute:
- $ rke up
+ > rke up
The output will look something like:
.. code-block::
+
INFO[0000] Initiating Kubernetes cluster
INFO[0000] [certificates] Generating admin certificates and kubeconfig
INFO[0000] Successfully Deployed state file at [./cluster.rkestate]
@@ -306,15 +307,16 @@ https://storage.googleapis.com/kubernetes-release/release/v1.13.5/bin/darwin/amd
Validate deployment
-------------------
- $ cp kube_config_cluster.yml ~/.kube/config.onap
+ > cp kube_config_cluster.yml ~/.kube/config.onap
- $ export KUBECONFIG=~/.kube/config.onap
+ > export KUBECONFIG=~/.kube/config.onap
- $ kubectl config use-context onap
+ > kubectl config use-context onap
- $ kubectl get nodes -o=wide
+ > kubectl get nodes -o=wide
.. code-block::
+
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
onap-control-1 Ready controlplane,etcd 3h53m v1.13.5 10.0.0.8 <none> Ubuntu 18.04 LTS 4.15.0-22-generic docker://18.9.5
onap-control-2 Ready controlplane,etcd 3h53m v1.13.5 10.0.0.11 <none> Ubuntu 18.04 LTS 4.15.0-22-generic docker://18.9.5
@@ -336,13 +338,22 @@ Validate deployment
Install Helm
============
- $ kubectl -n kube-system create serviceaccount tiller
+Example Helm client install on Linux:
+ > wget http://storage.googleapis.com/kubernetes-helm/helm-v2.12.3-linux-amd64.tar.gz
+
+ > tar -zxvf helm-v2.12.3-linux-amd64.tar.gz
+
+ > sudo mv linux-amd64/helm /usr/local/bin/helm
+
+Initialize Kubernetes Cluster for use by Helm
+---------------------------------------------
+ > kubectl -n kube-system create serviceaccount tiller
- $ kubectl create clusterrolebinding tiller --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
+ > kubectl create clusterrolebinding tiller --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
- $ helm init --service-account tiller
+ > helm init --service-account tiller
- $ kubectl -n kube-system  rollout status deploy/tiller-deploy
+ > kubectl -n kube-system  rollout status deploy/tiller-deploy
@@ -438,12 +449,12 @@ Click :download:`slave_nfs_node.sh <slave_nfs_node.sh>` to download the script.
The master_nfs_node.sh script runs in the NFS Master node and needs the list of
NFS Slave nodes as input, e.g.::
- $ sudo ./master_nfs_node.sh node1_ip node2_ip ... nodeN_ip
+ > sudo ./master_nfs_node.sh node1_ip node2_ip ... nodeN_ip
The slave_nfs_node.sh script runs in each NFS Slave node and needs the IP of
the NFS Master node as input, e.g.::
- $ sudo ./slave_nfs_node.sh master_node_ip
+ > sudo ./slave_nfs_node.sh master_node_ip
ONAP Deployment via OOM
diff --git a/kubernetes/aai b/kubernetes/aai
-Subproject 1b28e45136d5096ef4c07f4142c76b45224b3cf
+Subproject e67a94e6be333271c8237d6ebd5fb0f48940135
diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml
index 4534d6bd98..a806e77da8 100644
--- a/kubernetes/clamp/values.yaml
+++ b/kubernetes/clamp/values.yaml
@@ -56,8 +56,9 @@ config:
"clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json",
"clamp.config.dcae.inventory.url": "http://inventory.{{ include "common.namespace" . }}:8080",
"clamp.config.dcae.dispatcher.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443",
- "clamp.config.dcae.dispatcher.userName":"test",
- "clamp.config.dcae.dispatcher.password":"test",
+ "clamp.config.dcae.deployment.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443",
+ "clamp.config.dcae.deployment.userName": "none",
+ "clamp.config.dcae.deployment.password": "none",
"clamp.config.policy.api.url": "http4://policy-api.{{ include "common.namespace" . }}:6969",
"clamp.config.policy.api.userName": "healthcheck",
"clamp.config.policy.api.password": "zb!XztG34",
diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml
index 0dc99193eb..6c5bb9a3bd 100644
--- a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml
@@ -90,7 +90,7 @@ postgres:
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.4.15
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.4.16
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
diff --git a/kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json b/kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json
index 74abbb0664..1db11ad476 100644
--- a/kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json
+++ b/kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json
@@ -11,15 +11,15 @@
"interval": 600
},
"policy_engine": {
- "url": "https://{{ .Values.config.address.policy_pdp }}.{{include "common.namespace" . }}:8081",
- "path_decision": "/decision/v1",
+ "url": "https://{{ .Values.config.address.policy_xacml_pdp }}:6969",
+ "path_decision": "/policy/pdpx/v1/decision"
"path_notifications": "/pdp/notifications",
"path_api": "/pdp/api/",
"headers": {
"Accept": "application/json",
"Content-Type": "application/json",
"ClientAuth": "cHl0aG9uOnRlc3Q=",
- "Authorization": "Basic dGVzdHBkcDphbHBoYTEyMw==",
+ "Authorization": "Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0",
"Environment": "TEST"
},
"target_entity": "policy_engine",
diff --git a/kubernetes/dcaegen2/charts/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/charts/dcae-policy-handler/values.yaml
index fa52f6f784..3b15c55118 100644
--- a/kubernetes/dcaegen2/charts/dcae-policy-handler/values.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-policy-handler/values.yaml
@@ -40,6 +40,7 @@ config:
consul:
host: consul-server
port: 8500
+ policy_xacml_pdp: policy-xacml-pdp
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml
index 5406ade930..6b974141d0 100644
--- a/kubernetes/dmaap/components/dmaap-bc/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml
@@ -30,7 +30,7 @@ pullPolicy: Always
# application images
repository: nexus3.onap.org:10001
-image: onap/dmaap/dmaap-bc:1.1.4-STAGING-latest
+image: onap/dmaap/dmaap-bc:1.1.5
# application configuration
diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml
index 1c18bb2673..aa5165d443 100644
--- a/kubernetes/dmaap/values.yaml
+++ b/kubernetes/dmaap/values.yaml
@@ -22,7 +22,7 @@ global:
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
- clientImage: onap/dmaap/dbc-client:1.0.8-STAGING-latest
+ clientImage: onap/dmaap/dbc-client:1.0.9
# application configuration
config:
logstashServiceName: log-ls
diff --git a/kubernetes/onap/resources/overrides/openstack.yaml b/kubernetes/onap/resources/overrides/openstack.yaml
index a3c5867e15..a8294d249f 100644
--- a/kubernetes/onap/resources/overrides/openstack.yaml
+++ b/kubernetes/onap/resources/overrides/openstack.yaml
@@ -21,17 +21,17 @@ appc:
openStackType: "OpenStackProvider"
openStackName: "OpenStack"
openStackKeyStoneUrl: "http://10.12.25.2:5000/v2.0"
- openStackServiceTenantName: "Integration-OOM-Staging-Daily"
+ openStackServiceTenantName: "OPENSTACK_TENANTNAME_HERE"
openStackDomain: "Default"
- openStackUserName: "demo"
- openStackEncryptedPassword: "onapdemo"
+ openStackUserName: "OPENSTACK_USERNAME_HERE"
+ openStackEncryptedPassword: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_PASSWORD_HERE_XXXXXXXXXXXXXXXX"
robot:
appcUsername: "appc@appc.onap.org"
appcPassword: "demo123456!"
openStackKeyStoneUrl: "http://10.12.25.2:5000"
openStackPublicNetId: "971040b2-7059-49dc-b220-4fab50cb2ad4"
openStackTenantId: "09d8566ea45e43aa974cf447ed591d77"
- openStackUserName: "demo"
+ openStackUserName: "OPENSTACK_USERNAME_HERE"
ubuntu14Image: "ubuntu-14-04-cloud-amd64"
ubuntu16Image: "ubuntu-16-04-cloud-amd64"
openStackPrivateNetId: "c7824f00-bef7-4864-81b9-f6c3afabd313"
@@ -47,18 +47,14 @@ robot:
rancherIpAddress: "10.12.5.127"
config:
# openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment
- openStackEncryptedPasswordHere: "bbaef6cd76625ab9eb60deedeae7dbb9"
+ openStackEncryptedPasswordHere: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_ENCRYPTED_PASSWORD_HERE_XXXXXXXXXXXXXXXX"
so:
# so server configuration
so-catalog-db-adapter:
config:
- openStackUserName: "demo"
+ openStackUserName: "OPENSTACK_USERNAME_HERE"
openStackKeyStoneUrl: "http://10.12.25.2:5000/v2.0"
- openStackEncryptedPasswordHere: "1E82B3AF7ACF458C3A6058DF4DD5FD5E526FDAFAF163589C5F85F80CD7AEC09E034F375B"
- # configure embedded mariadb
- mariadb:
- config:
- mariadbRootPassword: password
+ openStackEncryptedPasswordHere: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_ENCRYPTED_PASSWORD_HERE_XXXXXXXXXXXXXXXX"
nbi:
config:
# openstack configuration
diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf
index 0e4ee0e94b..e7c6928b0a 100644
--- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf
+++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf
@@ -70,15 +70,15 @@ POLICY_PDP_PAP_API_SECRET=
# PAP
-PAP_HOST={{.Values.global.pap.nameOverride}}
-PAP_USERNAME=testpap
-PAP_PASSWORD=alpha123
+PAP_HOST=policy-pap
+PAP_USERNAME=healthcheck
+PAP_PASSWORD=zb!XztG34
# PDP-X
-PDP_HOST={{.Values.global.pdp.nameOverride}}
-PDP_USERNAME=testpdp
-PDP_PASSWORD=alpha123
+PDP_HOST=policy-xacml-pdp
+PDP_USERNAME=healthcheck
+PDP_PASSWORD=zb!XztG34
PDP_CLIENT_USERNAME=python
PDP_CLIENT_PASSWORD=test
PDP_ENVIRONMENT=TEST
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
new file mode 100644
index 0000000000..f4b4f93756
--- /dev/null
+++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
@@ -0,0 +1,53 @@
+#
+# Properties that the embedded PDP engine uses to configure and load
+#
+# Standard API Factories
+#
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
+#
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
+#
+# ONAP PDP Implementation Factories
+#
+xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory
+
+#
+# Use a root combining algorithm
+#
+xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides
+
+#
+# PIP Engine Definitions
+#
+count-recent-operations.classname=org.onap.policy.pdp.xacml.application.common.operationshistory.CountRecentOperationsPip
+count-recent-operations.issuer=urn:org:onap:xacml:guard:count-recent-operations
+count-recent-operations.name=CountRecentOperations
+count-recent-operations.description=Returns operation counts based on time window
+count-recent-operations.persistenceunit=OperationsHistoryPU
+
+get-operation-outcome.classname=org.onap.policy.pdp.xacml.application.common.operationshistory.GetOperationOutcomePip
+get-operation-outcome.issuer=urn:org:onap:xacml:guard:get-operation-outcome
+get-operation-outcome.name=GetOperationOutcome
+get-operation-outcome.description=Returns operation outcome
+get-operation-outcome.persistenceunit=OperationsHistoryPU
+
+#
+# Make pips available to finder
+#
+xacml.pip.engines=count-recent-operations,get-operation-outcome
+
+#
+# JPA Properties
+#
+javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
+javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.nameOverride }}:3306/operationshistory
+javax.persistence.jdbc.user=policy_user
+javax.persistence.jdbc.password=cG9saWN5X3VzZXI= \ No newline at end of file
diff --git a/kubernetes/policy/resources/config/pe/console.conf b/kubernetes/policy/resources/config/pe/console.conf
index 1cd9290379..85fda3549c 100644
--- a/kubernetes/policy/resources/config/pe/console.conf
+++ b/kubernetes/policy/resources/config/pe/console.conf
@@ -135,8 +135,8 @@ onap_application_name=
#-----------------------ONAP-PORTAL-Properties----------------------
-ONAP_REDIRECT_URL=https://portal-app.{{.Release.Namespace}}:30225/ONAPPORTAL/login.htm
-ONAP_REST_URL=https://portal-app:8443/ONAPPORTAL/auxapi
+ONAP_REDIRECT_URL=https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm
+ONAP_REST_URL=https://portal-app:30225/ONAPPORTAL/auxapi
ONAP_UEB_URL_LIST=
ONAP_PORTAL_INBOX_NAME=
ONAP_UEB_APP_KEY=ueb_key_5
diff --git a/kubernetes/robot/ete-k8s.sh b/kubernetes/robot/ete-k8s.sh
index a59e3b6a33..5d42f048cd 100755
--- a/kubernetes/robot/ete-k8s.sh
+++ b/kubernetes/robot/ete-k8s.sh
@@ -15,44 +15,43 @@
#!/bin/bash
#
-# Run the testsuite for the passed tag. Valid tags are ete, health, closedloop, instantiate
+# Run the testsuite for the passed tag. Valid tags are listed in usage help
# Please clean up logs when you are done...
-# Note: Do not run multiple concurrent ete.sh as the --display is not parameterized and tests will collide
#
if [ "$1" == "" ] || [ "$2" == "" ]; then
- echo "Usage: ete-k8s.sh [namespace] [ health | healthdist | distribute | instantiate | instantiateVFWCL | instantiateDemoVFWCL | | portal ]"
+ echo "Usage: ete-k8s.sh [namespace] [tag]"
+ echo ""
+ echo " List of test case tags (filename for intent: tag)"
+ echo ""
+ echo " cds.robot: cds"
+ echo ""
+ echo " clamp.robot: clamp"
+ echo ""
+ echo " demo.robot: InitDemo, InitCustomer, APPCCDTPreloadDemo, APPCMountPointDemo, DistributeDemoVFWDT, DistributeVFWNG,"
+ echo " InitDistribution, PreloadDemo, deleteVNF, heatbridge, instantiateDemoVFWCL, instantiateVFW, instantiateVFWCL, instantiateVFWDT"
+ echo ""
+ echo " health-check.robot: health, core, small, medium, 3rdparty, api, datarouter, externalapi, health-aaf, health-aai, health-appc,"
+ echo " health-clamp, health-cli, health-dcae, health-dmaap, health-log, health-modeling, health-msb,"
+ echo " health-multicloud, health-oof, health-policy, health-pomba, health-portal, health-sdc, health-sdnc,"
+ echo " health-so, health-uui, health-vfc, health-vid, health-vnfsdk, healthdist, healthlogin, healthmr,"
+ echo " healthportalapp, multicloud, oom"
+ echo ""
+ echo " hvves.robot: HVVES, ete"
+ echo ""
+ echo " model-distribution-vcpe.robot: distributevCPEResCust"
+ echo ""
+ echo " model-distribution.robot: distribute, distributeVFWDT, distributeVLB"
+ echo ""
+ echo " oof-*.robot: cmso, has, homing"
+ echo ""
+ echo " pnf-registration.robot: ete, pnf_registrate"
echo ""
- echo " List of test case tags (filename for intent: tag) "
- echo " "
- echo " cds.robot: cds "
- echo " "
- echo " clamp.robot: clamp "
- echo " "
- echo " demo.robot: InitDemo, InitCustomer , APPCCDTPreloadDemo, APPCMountPointDemo, DistributeDemoVFWDT, DistributeVFWNG, "
- echo " InitDistribution, PreloadDemo, deleteVNF, heatbridge, instantiateDemoVFWCL, instantiateVFW, instantiateVFWCL, instantiateVFWDT "
- echo " "
- echo " health-check.robot: health , core, small, medium, 3rdparty, api, datarouter, externalapi, health-aaf, health-aai, health-appc, "
- echo " health-clamp, health-cli, health-dcae, health-dmaap, health-log, health-modeling, health-msb, "
- echo " health-multicloud, health-oof, health-policy, health-pomba, health-portal, health-sdc, health-sdnc, "
- echo " health-so, health-uui, health-vfc, health-vid, health-vnfsdk, healthdist, healthlogin, healthmr, "
- echo " healthportalapp, multicloud, oom "
- echo " "
- echo " hvves.robot: :HVVES, ete "
- echo " "
- echo " model-distribution-vcpe.robot: distributevCPEResCust "
- echo " "
- echo " model-distribution.robot: distribute, distributeVFWDT, distributeVLB "
- echo " "
- echo " oof-*.robot: cmso , has, homing "
- echo " "
- echo " pnf-registration.robot: ete, pnf_registrate "
- echo " "
echo " post-install-tests.robot dmaapacl, postinstall"
- echo " "
- echo " update_onap_page.robot: UpdateWebPage "
- echo " "
- echo " vnf-orchestration-direct-so.robot: instantiateVFWdirectso "
- echo " "
+ echo ""
+ echo " update_onap_page.robot: UpdateWebPage"
+ echo ""
+ echo " vnf-orchestration-direct-so.robot: instantiateVFWdirectso"
+ echo ""
echo " vnf-orchestration.robot: instantiate, instantiateNoDelete, stability72hr"
exit
fi
@@ -63,7 +62,6 @@ export NAMESPACE="$1"
POD=$(kubectl --namespace $NAMESPACE get pods | sed 's/ .*//'| grep robot)
-
TAGS="-i $2"
ETEHOME=/var/opt/ONAP
diff --git a/kubernetes/robot/eteHelm-k8s.sh b/kubernetes/robot/eteHelm-k8s.sh
index 02b79f35d6..c58d8a8775 100755
--- a/kubernetes/robot/eteHelm-k8s.sh
+++ b/kubernetes/robot/eteHelm-k8s.sh
@@ -15,13 +15,12 @@
#!/bin/bash
#
-# Run the testsuite for the passed tag. Valid tags are ete, health, closedloop, instantiate
+# Run the health-check testsuites for the tags discovered by helm list
# Please clean up logs when you are done...
-# Note: Do not run multiple concurrent ete.sh as the --display is not parameterized and tests will collide
#
if [ "$1" == "" ] ; then
- echo "Usage: eteHelm-k8s.sh namespace "
- echo " list projects via helm list and runs health-check with those tags except dev and dev-consul "
+ echo "Usage: eteHelm-k8s.sh [namespace]"
+ echo " list projects via helm list and runs health-check with those tags except dev and dev-consul"
exit
fi
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
index c284f2dfd0..c1babf3063 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
@@ -70,7 +70,45 @@ spec:
value: {{ .Values.config.javaOptions }}
- name: BACKEND
value: {{ .Values.config.backendServerURL }}
+ - name: IS_HTTPS
+ value: "{{ .Values.config.isHttpsEnabled}}"
+ {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
+ - name: KEYSTORE_PASS
+ {{- if .Values.global.security.keysFromCa }}
+ valueFrom:
+ secretKeyRef:
+ name: mft-sdc
+ key: keystore-password.txt
+ {{ else }}
+ value: {{ .Values.global.security.keyStorePass}}
+ {{- end }}
+ - name: TRUSTSTORE_PASS
+ {{- if .Values.global.security.keysFromCa }}
+ valueFrom:
+ secretKeyRef:
+ name: mft-catruststore
+ key: keystore-password.txt
+ {{ else }}
+ value: {{ .Values.global.security.trustStorePass}}
+ {{- end }}
+ - name: TRUSTSTORE_PATH
+ value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}"
+ - name: KEYSTORE_PATH
+ value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}"
+ - name: TRUSTSTORE_TYPE
+ value: {{ .Values.security.truststore.type }}
+ - name: KEYSTORE_TYPE
+ value: {{ .Values.security.keystore.type }}
+ {{ end }}
volumeMounts:
+ {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
+ - name: {{ include "common.fullname" . }}-jetty-https-truststore
+ mountPath: /var/lib/jetty/{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}
+ subPath: {{ .Values.security.truststoreFilename }}
+ - name: {{ include "common.fullname" . }}-jetty-https-keystore
+ mountPath: /var/lib/jetty/etc/{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}
+ subPath: {{ .Values.security.keystoreFilename }}
+ {{ end }}
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml
index 2990de3f1a..87ca3607d7 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml
@@ -40,10 +40,16 @@ spec:
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName | default "http" }}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName2 | default "https" }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName | default "http" }}
+ - port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 | default "https" }}
{{- end}}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
index d0ff53718e..a217de5e4b 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
@@ -17,6 +17,7 @@
#################################################################
global:
nodePortPrefix: 302
+ nodePortPrefixExt: 304
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
@@ -36,6 +37,16 @@ debugEnabled: false
config:
javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7000,server=y,suspend=n -Xmx256m -Xms256m"
backendServerURL: "http://sdc-wfd-be:8080"
+ isHttpsEnabled: false
+
+# https relevant settings. Change in case you have other trust files then default ones.
+security:
+ isDefaultStore: true
+ truststoreType: "JKS"
+ keystoreType: "JKS"
+ truststoreFilename: "truststore"
+ keystoreFilename: "keystore"
+ storePath: "etc"
# default number of instances
replicaCount: 1
@@ -62,6 +73,10 @@ service:
externalPort: 8080
portName: sdc-wfd-fe
nodePort: "56"
+ portName2: sdc-wfd-fe2
+ internalPort2: 8443
+ externalPort2: 8443
+ nodePort2: "31"
ingress:
enabled: false