diff options
69 files changed, 1418 insertions, 494 deletions
diff --git a/docs/oom_setup_kubernetes_rancher.rst b/docs/oom_setup_kubernetes_rancher.rst index 35ab88eb06..5159377386 100644 --- a/docs/oom_setup_kubernetes_rancher.rst +++ b/docs/oom_setup_kubernetes_rancher.rst @@ -72,7 +72,8 @@ new one to assign. Apply customization script for the Rancher VM --------------------------------------------- -Click :download:`openstack-rancher.sh <openstack-rancher.sh>` to download the script. +Click :download:`openstack-rancher.sh <openstack-rancher.sh>` to download the +script. .. literalinclude:: openstack-rancher.sh :language: bash @@ -134,8 +135,9 @@ The size of a Kubernetes host depends on the size of the ONAP deployment that will be installed. As of the Casablanca release a minimum 224GB will be needed to run a -full ONAP deployment (all components). It is recommended that more hosts are used -with fewer resources instead of only a few large hosts. For example 14 x 16GB hosts. +full ONAP deployment (all components). It is recommended that more hosts are +used with fewer resources instead of only a few large hosts. For example 14 x +16GB hosts. If a small subset of ONAP components are being deployed for testing purposes, then a single 16GB or 32GB host should suffice. @@ -216,7 +218,8 @@ node plays the role of NFS Master (indicated by the crown symbol). To properly set up an NFS share on Master and Slave nodes, the user can run the scripts below. -Click :download:`master_nfs_node.sh <master_nfs_node.sh>` to download the script. +Click :download:`master_nfs_node.sh <master_nfs_node.sh>` to download the +script. .. literalinclude:: master_nfs_node.sh :language: bash @@ -264,7 +267,8 @@ Add Kubernetes Environment to Rancher .. image:: Click_create.jpeg -6. Select the new named environment (ie. SB4) from the dropdown list (top left). +6. Select the new named environment (ie. SB4) from the dropdown list (top + left). Rancher is now waiting for a Kubernetes Host to be added. @@ -273,7 +277,8 @@ Rancher is now waiting for a Kubernetes Host to be added. Add Kubernetes Host ------------------- -1. If this is the first (or only) host being added - click on the "Add a host" link +1. If this is the first (or only) host being added - click on the "Add a host" + link .. image:: K8s-Assign_Floating_IP_for_external_access.jpeg @@ -285,7 +290,8 @@ otherwise select INFRASTRUCTURE→ Hosts and click on "Add Host" .. image:: otherwise_select_INFRASTRUCTURE_Hosts_and_click_on_Add_Host.jpg -2. Enter the management IP for the k8s VM (e.g. 10.0.0.4) that was just created. +2. Enter the management IP for the k8s VM (e.g. 10.0.0.4) that was just + created. 3. Click on “Copy to Clipboard” button @@ -469,5 +475,3 @@ documentation to get started: - :ref:`quick-start-label` - deploy ONAP on an existing cloud - :ref:`user-guide-label` - a guide for operators of an ONAP instance - - diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst index 99a9a474d1..f19924dd17 100644 --- a/docs/oom_user_guide.rst +++ b/docs/oom_user_guide.rst @@ -52,18 +52,22 @@ ONAP with a few simple commands. Pre-requisites -------------- -Your environment must have both the Kubernetes `kubectl` and Helm setup as a one time activity. +Your environment must have both the Kubernetes `kubectl` and Helm setup as a +one time activity. Install Kubectl ~~~~~~~~~~~~~~~ -Enter the following to install kubectl (on Ubuntu, there are slight differences on other O/Ss), the Kubernetes command line interface used to manage a Kubernetes cluster:: +Enter the following to install kubectl (on Ubuntu, there are slight differences +on other O/Ss), the Kubernetes command line interface used to manage a +Kubernetes cluster:: > curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.8.10/bin/linux/amd64/kubectl > chmod +x ./kubectl > sudo mv ./kubectl /usr/local/bin/kubectl > mkdir ~/.kube -Paste kubectl config from Rancher (see the :ref:`cloud-setup-guide-label` for alternative Kubernetes environment setups) into the `~/.kube/config` file. +Paste kubectl config from Rancher (see the :ref:`cloud-setup-guide-label` for +alternative Kubernetes environment setups) into the `~/.kube/config` file. Verify that the Kubernetes config is correct:: @@ -73,7 +77,8 @@ At this point you should see six Kubernetes pods running. Install Helm ~~~~~~~~~~~~ -Helm is used by OOM for package and configuration management. To install Helm, enter the following:: +Helm is used by OOM for package and configuration management. To install Helm, +enter the following:: > wget http://storage.googleapis.com/kubernetes-helm/helm-v2.9.1-linux-amd64.tar.gz > tar -zxvf helm-v2.9.1-linux-amd64.tar.gz @@ -89,7 +94,8 @@ Install the Helm Tiller application and initialize with:: Install the Helm Repo --------------------- -Once kubectl and Helm are setup, one needs to setup a local Helm server to server up the ONAP charts:: +Once kubectl and Helm are setup, one needs to setup a local Helm server to +server up the ONAP charts:: > helm install osn/onap @@ -117,7 +123,8 @@ To setup a local Helm server to server up the ONAP charts:: > helm init > helm serve & -Note the port number that is listed and use it in the Helm repo add as follows:: +Note the port number that is listed and use it in the Helm repo add as +follows:: > helm repo add local http://127.0.0.1:8879 @@ -149,7 +156,8 @@ Next, install Helm Plugins required to deploy the ONAP Casablanca release:: > cp -R helm/plugins/ ~/.helm -Once the repo is setup, installation of ONAP can be done with a single command:: +Once the repo is setup, installation of ONAP can be done with a single +command:: > helm deploy development local/onap --namespace onap @@ -361,8 +369,8 @@ blocks access to the ONAP Portal. To enable direct access to this Portal from a user's own environment (a laptop etc.) the portal application's port 8989 is exposed through a `Kubernetes LoadBalancer`_ object. -Typically, to be able to access the Kubernetes nodes publicly a public address is -assigned. In Openstack this is a floating IP address. +Typically, to be able to access the Kubernetes nodes publicly a public address +is assigned. In Openstack this is a floating IP address. When the `portal-app` chart is deployed a Kubernetes service is created that instantiates a load balancer. The LB chooses the private interface of one of @@ -408,10 +416,10 @@ https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm of the page .. note:: - Besides the ONAP Portal the Components can deliver additional user interfaces, + Besides the ONAP Portal the Components can deliver additional user interfaces, please check the Component specific documentation. -.. note:: +.. note:: | Alternatives Considered: @@ -451,7 +459,8 @@ to monitor the real-time health of an ONAP deployment: - a set of liveness probes which feed into the Kubernetes manager which are described in the Heal section. -Within ONAP, Consul is the monitoring system of choice and deployed by OOM in two parts: +Within ONAP, Consul is the monitoring system of choice and deployed by OOM in +two parts: - a three-way, centralized Consul server cluster is deployed as a highly available monitor of all of the ONAP components, and @@ -693,7 +702,8 @@ example:: > helm undeploy casablanca --dry-run -will display the outcome of deleting the 'casablanca' release from the deployment. +will display the outcome of deleting the 'casablanca' release from the +deployment. To completely delete a release and remove it from the internal store enter:: > helm undeploy casablanca --purge @@ -706,4 +716,4 @@ deployment enter:: will remove `so` as the configuration indicates it's no longer part of the deployment. This might be useful if a one wanted to replace just `so` by -installing a custom version. +installing a custom version. diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 3e8a1be1b7..82e4fb1c2f 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -1,6 +1,8 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. This work is licensed under a Creative Commons Attribution 4.0 International +.. License. .. http://creativecommons.org/licenses/by/4.0 -.. Copyright 2017 Bell Canada & Amdocs Intellectual Property. All rights reserved. +.. Copyright 2017 Bell Canada & Amdocs Intellectual Property. All rights +.. reserved. .. Links .. _release-notes-label: @@ -16,39 +18,57 @@ Version 3.0.0 Casablanca Release Summary ======= -The focus of this release was on incremental improvements in the following areas: -* Pluggable persistent storage with support for GlusterFS as the first storage class provisioner -* CPU and Memory limits in Helm Charts to improve Pod placement based on resource availablity in Kubernetes Cluster +The focus of this release was on incremental improvements in the following +areas: + +* Pluggable persistent storage with support for GlusterFS as the first storage + class provisioner + +* CPU and Memory limits in Helm Charts to improve Pod placement based on + resource availablity in Kubernetes Cluster + * Support of Node Selectors for Pod placement + * Common "shared" Helm Charts referencing common images + - mariadb-galera - postgres - cassandra - mysql - mongo + * Integration of ARK Backup and Restore solution -* Introduction of Helm deploy and undeploy plugins to better manage ONAP deployments + +* Introduction of Helm deploy and undeploy plugins to better manage ONAP + deployments **Security Notes** -OOM code has been formally scanned during build time using NexusIQ and no Critical vulnerability was found. +OOM code has been formally scanned during build time using NexusIQ and no +Critical vulnerability was found. Quick Links: - - `OOM project page <https://wiki.onap.org/display/DW/ONAP+Operations+Manager+Project>`_ - - `Passing Badge information for OOM <https://bestpractices.coreinfrastructure.org/en/projects/1631>`_ + - `OOM project page <https://wiki.onap.org/display/DW/ONAP+Operations+Manager+Project>`_ + + - `Passing Badge information for OOM <https://bestpractices.coreinfrastructure.org/en/projects/1631>`_ **Known Issues** -Problem: kubectl connections to pods (kubectl exec|logs) will fail after a while due to a known bug in Kubernetes (1.11.2) -Workaround: Restart of the kubelet daemons on the k8s hosts -Fix: Will be delivered in the next release via a new Kubernetes version (1.12) -- `K8S Bug Report <https://github.com/kubernetes/kubernetes/issues/67659>`_ -- `OOM-1532 <https://jira.onap.org/browse/OOM-1532>`_ -- `OOM-1516 <https://jira.onap.org/browse/OOM-1516>`_ -- `OOM-1520 <https://jira.onap.org/browse/OOM-1520>`_ + * **Problem**: kubectl connections to pods (kubectl exec|logs) will + fail after a while due to a known bug in Kubernetes (1.11.2) + + **Workaround**: Restart of the kubelet daemons on the k8s hosts + + **Fix**: Will be delivered in the next release via a new + Kubernetes version (1.12) + + - `K8S Bug Report <https://github.com/kubernetes/kubernetes/issues/67659>`_ + - `OOM-1532 <https://jira.onap.org/browse/OOM-1532>`_ + - `OOM-1516 <https://jira.onap.org/browse/OOM-1516>`_ + - `OOM-1520 <https://jira.onap.org/browse/OOM-1520>`_ Version 2.0.0 Beijing Release @@ -450,12 +470,13 @@ Sub-task **Security Notes** -OOM code has been formally scanned during build time using NexusIQ and no Critical vulnerability was found. +OOM code has been formally scanned during build time using NexusIQ and no +Critical vulnerability was found. Quick Links: - - `OOM project page <https://wiki.onap.org/display/DW/ONAP+Operations+Manager+Project>`_ + - `OOM project page <https://wiki.onap.org/display/DW/ONAP+Operations+Manager+Project>`_ - - `Passing Badge information for OOM <https://bestpractices.coreinfrastructure.org/en/projects/1631>`_ + - `Passing Badge information for OOM <https://bestpractices.coreinfrastructure.org/en/projects/1631>`_ Version: 1.1.0 -------------- @@ -464,34 +485,43 @@ Version: 1.1.0 **New Features** -The Amsterdam release is the first release of the ONAP Operations Manager (OOM). +The Amsterdam release is the first release of the ONAP Operations Manager +(OOM). The main goal of the Amsterdam release was to: - - Support Flexible Platform Deployment via Kubernetes of fully containerized ONAP components - on any type of environment. + - Support Flexible Platform Deployment via Kubernetes of fully + containerized ONAP components - on any type of environment. - Support State Management of ONAP platform components. - - Support full production ONAP deployment and any variation of component level deployment for development. + - Support full production ONAP deployment and any variation of component + level deployment for development. - Platform Operations Orchestration / Control Loop Actions. - Platform centralized logging with ELK stack. **Bug Fixes** - The full list of implemented user stories and epics is available on `JIRA <https://jira.onap.org/secure/RapidBoard.jspa?rapidView=41&view=planning.nodetail&epics=visible>`_ - This is the first release of OOM, the defects fixed in this release were raised during the course of the release. - Anything not closed is captured below under Known Issues. If you want to review the defects fixed in the Amsterdam release, refer to Jira link above. + The full list of implemented user stories and epics is available on + `JIRA <https://jira.onap.org/secure/RapidBoard.jspa?rapidView=41&view=planning.nodetail&epics=visible>`_ + This is the first release of OOM, the defects fixed in this release were + raised during the course of the release. + Anything not closed is captured below under Known Issues. If you want to + review the defects fixed in the Amsterdam release, refer to Jira link + above. **Known Issues** - `OOM-6 <https://jira.onap.org/browse/OOM-6>`_ Automated platform deployment on Docker/Kubernetes VFC, AAF, MSB minor issues. - Workaround: Manual configuration changes - however the reference vFirewall use case does not currently require these components. + Workaround: Manual configuration changes - however the reference + vFirewall use case does not currently require these components. - `OOM-10 <https://jira.onap.org/browse/OOM-10>`_ Platform configuration management. OOM ONAP Configuration Management - Handling of Secrets. - Workaround: Automated workaround to be able to pull from protected docker repositories. + Workaround: Automated workaround to be able to pull from protected + docker repositories. **Security Issues** diff --git a/kubernetes/aai/charts/aai-babel/resources/config/filter-types.properties b/kubernetes/aai/charts/aai-babel/resources/config/filter-types.properties deleted file mode 100644 index fcf139f644..0000000000 --- a/kubernetes/aai/charts/aai-babel/resources/config/filter-types.properties +++ /dev/null @@ -1 +0,0 @@ -AAI.instance-group-types=org.openecomp.groups.NetworkCollection,org.openecomp.groups.VfcInstanceGroup diff --git a/kubernetes/aai/charts/aai-babel/resources/config/tosca-mappings.json b/kubernetes/aai/charts/aai-babel/resources/config/tosca-mappings.json new file mode 100644 index 0000000000..9c3d0b4b27 --- /dev/null +++ b/kubernetes/aai/charts/aai-babel/resources/config/tosca-mappings.json @@ -0,0 +1,21 @@ +{ + "instanceGroupTypes": [ + "org.openecomp.groups.NetworkCollection", + "org.openecomp.groups.VfcInstanceGroup", + "org.openecomp.groups.ResourceInstanceGroup" + ], + "toscaToWidgetMappings": { + "org.openecomp.resource.vf.allottedResource": "AllotedResource", + "org.openecomp.resource.vfc.AllottedResource": "ProvidingService", + "org.openecomp.resource.vfc": "VServerWidget", + "org.openecomp.resource.cp": "LIntfWidget", + "org.openecomp.cp": "LIntfWidget", + "org.openecomp.resource.vl": "L3Network", + "org.openecomp.resource.vf": "VirtualFunction", + "org.openecomp.groups.vfmodule": "VfModule", + "org.openecomp.groups.VfModule": "VfModule", + "org.openecomp.resource.vfc.nodes.heat.cinder": "VolumeWidget", + "org.openecomp.nodes.PortMirroringConfiguration": "Configuration", + "org.openecomp.resource.cr.Kk1806Cr1": "CR" + } +} diff --git a/kubernetes/aai/charts/aai-babel/templates/deployment.yaml b/kubernetes/aai/charts/aai-babel/templates/deployment.yaml index 5ac0792a2a..4f0e9dd2c4 100644 --- a/kubernetes/aai/charts/aai-babel/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-babel/templates/deployment.yaml @@ -84,9 +84,9 @@ spec: - mountPath: /opt/app/babel/config/artifact-generator.properties name: {{ include "common.fullname" . }}-config subPath: artifact-generator.properties - - mountPath: /opt/app/babel/config/filter-types.properties + - mountPath: /opt/app/babel/config/tosca-mappings.json name: {{ include "common.fullname" . }}-config - subPath: filter-types.properties + subPath: tosca-mappings.json - mountPath: /opt/app/babel/config/babel-auth.properties name: {{ include "common.fullname" . }}-config subPath: babel-auth.properties @@ -204,8 +204,8 @@ spec: items: - key: artifact-generator.properties path: artifact-generator.properties - - key: filter-types.properties - path: filter-types.properties + - key: tosca-mappings.json + path: tosca-mappings.json - key: babel-auth.properties path: babel-auth.properties - key: logback.xml diff --git a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index f3ac0701a2..0000000000 --- a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index dbf4fcacec..0000000000 --- a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json index 2865e01cd6..ca34049ec2 100644 --- a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json +++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json @@ -82,18 +82,18 @@ "permissions": [ "test\\.auth\\.access\\|services\\|GET,PUT", "\\|services\\|GET" - ] + ] }, { "uri": "\/services\/inventory\/.*", "permissions": [ - "org\\.access\\|\\*\\|\\*" - ] + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] }, { - "uri": "\/services\/champ-service\/.*", - "permissions": [ - "org\\.access\\|\\*\\|\\*" - ] - } + "uri": "\/services\/champ-service\/.*", + "permissions": [ + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] + } ] diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/cadi.properties b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/cadi.properties index 33daa73b67..1878a4de70 100644 --- a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/cadi.properties +++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/cadi.properties @@ -9,13 +9,27 @@ #hostname=test.aic.cip.att.com cadi_loglevel=DEBUG -cadi_keyfile=/opt/app/rproxy/config/security/keyfile +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +# Locate URL (which AAF Env) +aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 + +# AAF URL +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 + +cadi_keyfile=/opt/app/rproxy/config/security/keyfile +cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12 +cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV +cadi_alias=aai@aai.onap.org cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 -# Configure AAF -aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}} aaf_env=DEV aaf_id=demo@people.osaaf.org diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/security/keyfile b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/security/keyfile deleted file mode 100644 index 6cd12fcfb4..0000000000 --- a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/security/keyfile +++ /dev/null @@ -1,27 +0,0 @@ -bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM -1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29 -xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK -BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm -6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99 -QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm -zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6 -x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf -8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz -FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz -UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r -banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv -6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG -yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB -xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB -lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq -ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE -fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v -1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5 -liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc -0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u -PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm -8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv -dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ --85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn -c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J -uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-champ/templates/deployment.yaml b/kubernetes/aai/charts/aai-champ/templates/deployment.yaml index aa9157fe47..537763a6db 100644 --- a/kubernetes/aai/charts/aai-champ/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-champ/templates/deployment.yaml @@ -31,12 +31,6 @@ spec: app: {{ include "common.name" . }} release: {{ .Release.Name }} spec: - {{ if .Values.global.installSidecarSecurity }} - hostAliases: - - ip: {{ .Values.global.aaf.serverIp }} - hostnames: - - {{ .Values.global.aaf.serverHostname }} - {{ end }} initContainers: - command: - /root/ready.py @@ -163,18 +157,18 @@ spec: - name: {{ include "common.fullname" . }}-rproxy-log-config mountPath: /opt/app/rproxy/config/logback-spring.xml subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs mountPath: /opt/app/rproxy/config/auth/tomcat_keystore subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs mountPath: /opt/app/rproxy/config/auth/client-cert.p12 subPath: client-cert.p12 + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 + subPath: org.onap.aai.p12 - name: {{ include "common.fullname" . }}-rproxy-auth-config mountPath: /opt/app/rproxy/config/auth/uri-authorization.json subPath: uri-authorization.json - #- name: {{ include "common.fullname" . }}-rproxy-auth-config - # mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks - # subPath: aaf_truststore.jks - name: {{ include "common.fullname" . }}-rproxy-security-config mountPath: /opt/app/rproxy/config/security/keyfile subPath: keyfile @@ -189,7 +183,9 @@ spec: - name: CONFIG_HOME value: "/opt/app/fproxy/config" - name: KEY_STORE_PASSWORD - value: {{ .Values.config.keyStorePassword }} + value: {{ .Values.config.keyStorePassword }} + - name: TRUST_STORE_PASSWORD + value: {{ .Values.config.trustStorePassword }} - name: spring_profiles_active value: {{ .Values.global.fproxy.activeSpringProfiles }} volumeMounts: @@ -199,10 +195,13 @@ spec: - name: {{ include "common.fullname" . }}-fproxy-log-config mountPath: /opt/app/fproxy/config/logback-spring.xml subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-fproxy-auth-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs mountPath: /opt/app/fproxy/config/auth/tomcat_keystore subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-fproxy-auth-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/fproxy_truststore + subPath: fproxy_truststore + - name: {{ include "common.fullname" . }}-fproxy-auth-certs mountPath: /opt/app/fproxy/config/auth/client-cert.p12 subPath: client-cert.p12 ports: @@ -251,18 +250,21 @@ spec: - name: {{ include "common.fullname" . }}-rproxy-auth-config secret: secretName: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + secret: + secretName: aai-rproxy-auth-certs - name: {{ include "common.fullname" . }}-rproxy-security-config secret: - secretName: {{ include "common.fullname" . }}-rproxy-security-config + secretName: aai-rproxy-security-config - name: {{ include "common.fullname" . }}-fproxy-config configMap: name: {{ include "common.fullname" . }}-fproxy-config - name: {{ include "common.fullname" . }}-fproxy-log-config configMap: name: {{ include "common.fullname" . }}-fproxy-log-config - - name: {{ include "common.fullname" . }}-fproxy-auth-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs secret: - secretName: {{ include "common.fullname" . }}-fproxy-auth-config + secretName: aai-fproxy-auth-certs {{ end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/charts/aai-champ/templates/secrets.yaml b/kubernetes/aai/charts/aai-champ/templates/secrets.yaml index a0a1519c26..b0a62f63f6 100644 --- a/kubernetes/aai/charts/aai-champ/templates/secrets.yaml +++ b/kubernetes/aai/charts/aai-champ/templates/secrets.yaml @@ -42,27 +42,9 @@ data: apiVersion: v1 kind: Secret metadata: - name: {{ include "common.fullname" . }}-fproxy-auth-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: name: {{ include "common.fullname" . }}-rproxy-auth-config namespace: {{ include "common.namespace" . }} type: Opaque data: {{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-security-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }} {{ end }}
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-champ/values.yaml b/kubernetes/aai/charts/aai-champ/values.yaml index b865b0050e..b1ce34dd1d 100644 --- a/kubernetes/aai/charts/aai-champ/values.yaml +++ b/kubernetes/aai/charts/aai-champ/values.yaml @@ -33,6 +33,7 @@ flavor: small config: keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 # default number of instances replicaCount: 1 diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index dbf4fcacec..0000000000 --- a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index 99129c145f..0000000000 --- a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json index e468b3d7bd..54d5de2721 100644 --- a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json @@ -82,18 +82,18 @@ "permissions": [ "test\\.auth\\.access\\|services\\|GET,PUT", "\\|services\\|GET" - ] + ] }, { "uri": "\/services\/inventory\/.*", "permissions": [ - "org\\.access\\|\\*\\|\\*" - ] + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] }, { "uri": "\/services\/gizmo\/.*", "permissions": [ - "org\\.access\\|\\*\\|\\*" - ] + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] } ] diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/cadi.properties b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/cadi.properties index a82e38caf6..51ac56a88d 100644 --- a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/cadi.properties +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/cadi.properties @@ -9,17 +9,31 @@ #hostname=test.aic.cip.att.com cadi_loglevel=DEBUG -cadi_keyfile=/opt/app/rproxy/config/security/keyfile +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +# Locate URL (which AAF Env) +aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 + +# AAF URL +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 + +cadi_keyfile=/opt/app/rproxy/config/security/keyfile +cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12 +cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV +cadi_alias=aai@aai.onap.org cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 -# Configure AAF -aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}} aaf_env=DEV aaf_id=demo@people.osaaf.org aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz # This is a colon separated list of client cert issuers -cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA +cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/security/keyfile b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/security/keyfile deleted file mode 100644 index 6cd12fcfb4..0000000000 --- a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/security/keyfile +++ /dev/null @@ -1,27 +0,0 @@ -bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM -1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29 -xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK -BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm -6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99 -QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm -zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6 -x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf -8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz -FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz -UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r -banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv -6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG -yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB -xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB -lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq -ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE -fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v -1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5 -liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc -0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u -PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm -8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv -dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ --85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn -c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J -uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml b/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml index 0a30388279..ba90fdc76b 100644 --- a/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml @@ -32,11 +32,6 @@ spec: release: {{ .Release.Name }} spec: {{ if .Values.global.installSidecarSecurity }} - hostAliases: - - ip: {{ .Values.global.aaf.serverIp }} - hostnames: - - {{ .Values.global.aaf.serverHostname }} - initContainers: - name: {{ .Values.global.tproxyConfig.name }} image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" @@ -154,18 +149,18 @@ spec: - name: {{ include "common.fullname" . }}-rproxy-log-config mountPath: /opt/app/rproxy/config/logback-spring.xml subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs mountPath: /opt/app/rproxy/config/auth/tomcat_keystore subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs mountPath: /opt/app/rproxy/config/auth/client-cert.p12 subPath: client-cert.p12 + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 + subPath: org.onap.aai.p12 - name: {{ include "common.fullname" . }}-rproxy-auth-config mountPath: /opt/app/rproxy/config/auth/uri-authorization.json subPath: uri-authorization.json - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks - subPath: aaf_truststore.jks - name: {{ include "common.fullname" . }}-rproxy-security-config mountPath: /opt/app/rproxy/config/security/keyfile subPath: keyfile @@ -181,6 +176,8 @@ spec: value: "/opt/app/fproxy/config" - name: KEY_STORE_PASSWORD value: {{ .Values.config.keyStorePassword }} + - name: TRUST_STORE_PASSWORD + value: {{ .Values.config.trustStorePassword }} - name: spring_profiles_active value: {{ .Values.global.fproxy.activeSpringProfiles }} volumeMounts: @@ -190,10 +187,13 @@ spec: - name: {{ include "common.fullname" . }}-fproxy-log-config mountPath: /opt/app/fproxy/config/logback-spring.xml subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-fproxy-auth-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs mountPath: /opt/app/fproxy/config/auth/tomcat_keystore subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-fproxy-auth-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/fproxy_truststore + subPath: fproxy_truststore + - name: {{ include "common.fullname" . }}-fproxy-auth-certs mountPath: /opt/app/fproxy/config/auth/client-cert.p12 subPath: client-cert.p12 ports: @@ -245,18 +245,21 @@ spec: - name: {{ include "common.fullname" . }}-rproxy-auth-config secret: secretName: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + secret: + secretName: aai-rproxy-auth-certs - name: {{ include "common.fullname" . }}-rproxy-security-config secret: - secretName: {{ include "common.fullname" . }}-rproxy-security-config + secretName: aai-rproxy-security-config - name: {{ include "common.fullname" . }}-fproxy-config configMap: name: {{ include "common.fullname" . }}-fproxy-config - name: {{ include "common.fullname" . }}-fproxy-log-config configMap: name: {{ include "common.fullname" . }}-fproxy-log-config - - name: {{ include "common.fullname" . }}-fproxy-auth-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs secret: - secretName: {{ include "common.fullname" . }}-fproxy-auth-config + secretName: aai-fproxy-auth-certs {{ end }} imagePullSecrets: diff --git a/kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml b/kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml index 7db76055d1..96c3424476 100644 --- a/kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml +++ b/kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml @@ -46,27 +46,9 @@ data: apiVersion: v1 kind: Secret metadata: - name: {{ include "common.fullname" . }}-fproxy-auth-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: name: {{ include "common.fullname" . }}-rproxy-auth-config namespace: {{ include "common.namespace" . }} type: Opaque data: {{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-security-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }} {{ end }} diff --git a/kubernetes/aai/charts/aai-gizmo/values.yaml b/kubernetes/aai/charts/aai-gizmo/values.yaml index 599bc5548f..420e59879e 100644 --- a/kubernetes/aai/charts/aai-gizmo/values.yaml +++ b/kubernetes/aai/charts/aai-gizmo/values.yaml @@ -29,6 +29,7 @@ flavor: small config: keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 # default number of instances replicaCount: 1 diff --git a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/resources/config/fproxy/auth/client-cert.p12 Binary files differindex 7a4979a7a3..7a4979a7a3 100644 --- a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/client-cert.p12 +++ b/kubernetes/aai/resources/config/fproxy/auth/client-cert.p12 diff --git a/kubernetes/aai/resources/config/fproxy/auth/fproxy_truststore b/kubernetes/aai/resources/config/fproxy/auth/fproxy_truststore Binary files differnew file mode 100644 index 0000000000..f6ebc75ed8 --- /dev/null +++ b/kubernetes/aai/resources/config/fproxy/auth/fproxy_truststore diff --git a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/resources/config/fproxy/auth/tomcat_keystore Binary files differindex 9eec841aa2..9eec841aa2 100644 --- a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/tomcat_keystore +++ b/kubernetes/aai/resources/config/fproxy/auth/tomcat_keystore diff --git a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/resources/config/rproxy/auth/client-cert.p12 Binary files differindex dbf4fcacec..dbf4fcacec 100644 --- a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/client-cert.p12 +++ b/kubernetes/aai/resources/config/rproxy/auth/client-cert.p12 diff --git a/kubernetes/aai/resources/config/rproxy/auth/org.onap.aai.p12 b/kubernetes/aai/resources/config/rproxy/auth/org.onap.aai.p12 Binary files differnew file mode 100644 index 0000000000..023e2eaac6 --- /dev/null +++ b/kubernetes/aai/resources/config/rproxy/auth/org.onap.aai.p12 diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/resources/config/rproxy/auth/tomcat_keystore Binary files differindex 99129c145f..99129c145f 100644 --- a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/tomcat_keystore +++ b/kubernetes/aai/resources/config/rproxy/auth/tomcat_keystore diff --git a/kubernetes/aai/resources/config/rproxy/security/keyfile b/kubernetes/aai/resources/config/rproxy/security/keyfile new file mode 100644 index 0000000000..3416d4a737 --- /dev/null +++ b/kubernetes/aai/resources/config/rproxy/security/keyfile @@ -0,0 +1,27 @@ +2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf +jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm +4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe +moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf +GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT +74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh +iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb +p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt +3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW +hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7 +RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX +xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk +8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q +ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i +5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe +GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE +_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k +zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf +S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU +LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw +hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W +nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP +bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN +JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk +Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y +J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP +mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF
\ No newline at end of file diff --git a/kubernetes/aai/templates/configmap.yaml b/kubernetes/aai/templates/configmap.yaml index a23ed5fdc7..651bf8dbba 100644 --- a/kubernetes/aai/templates/configmap.yaml +++ b/kubernetes/aai/templates/configmap.yaml @@ -72,4 +72,32 @@ type: Opaque data: {{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }} - +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: aai-fproxy-auth-certs + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/fproxy/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: aai-rproxy-auth-certs + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/rproxy/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: aai-rproxy-security-config + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/rproxy/security/*").AsSecrets . | indent 2 }} +{{ end }}
\ No newline at end of file diff --git a/kubernetes/appc/charts/appc-ansible-server/values.yaml b/kubernetes/appc/charts/appc-ansible-server/values.yaml index 93d4c56e27..66f39ecfb0 100644 --- a/kubernetes/appc/charts/appc-ansible-server/values.yaml +++ b/kubernetes/appc/charts/appc-ansible-server/values.yaml @@ -29,7 +29,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-ansible-server-image:0.3.2 +image: onap/ccsdk-ansible-server-image:0.3.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh index 6a36fdf37b..ed35de8f77 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh @@ -4,7 +4,7 @@ # ============LICENSE_START======================================================= # APPC # ================================================================================ -# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs,Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -26,6 +26,7 @@ # This script takes care of installing the SDNC & APPC platform components # if not already installed, and starts the APPC Docker Container # +#set -x function enable_odl_cluster(){ if [ -z $APPC_REPLICAS ]; then @@ -58,8 +59,6 @@ ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false} ENABLE_AAF=${ENABLE_AAF:-true} DBINIT_DIR=${DBINIT_DIR:-/opt/opendaylight/current/daexim} -appcInstallStartTime=$(date +%s) - # # Wait for database to init properly # @@ -86,16 +85,18 @@ END then echo "Installing SDNC database" ${SDNC_HOME}/bin/installSdncDb.sh - fi - appc_db_exists=$(mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p{{.Values.config.mariadbRootPassword}} mysql <<-END + appc_db_exists=$(mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p{{.Values.config.mariadbRootPassword}} mysql <<-END show databases like 'appcctl'; END ) - if [ "x${appc_db_exists}" == "x" ] - then - echo "Installing APPC database" - ${APPC_HOME}/bin/installAppcDb.sh + if [ "x${appc_db_exists}" == "x" ] + then + echo "Installing APPC database" + ${APPC_HOME}/bin/installAppcDb.sh + fi + else + sleep 30 fi echo "Installed at `date`" > ${DBINIT_DIR}/.installed @@ -107,19 +108,15 @@ then echo "Installing ODL Host Key" ${SDNC_HOME}/bin/installOdlHostKey.sh +# echo "Copying a working version of the logging configuration into the opendaylight etc folder" +# cp ${APPC_HOME}/data/org.ops4j.pax.logging.cfg ${ODL_HOME}/etc/org.ops4j.pax.logging.cfg + echo "Starting OpenDaylight" ${ODL_HOME}/bin/start echo "Waiting ${SLEEP_TIME} seconds for OpenDaylight to initialize" sleep ${SLEEP_TIME} - echo "Copying a working version of the logging configuration into the opendaylight etc folder" - cp ${APPC_HOME}/data/org.ops4j.pax.logging.cfg ${ODL_HOME}/etc/org.ops4j.pax.logging.cfg - echo "Copying a new version of aaf cadi shiro into the opendaylight deploy folder" - cp ${APPC_HOME}/data/aaf-shiro-aafrealm-osgi-bundle.jar ${ODL_HOME}/deploy/aaf-shiro-aafrealm-osgi-bundle.jar - - echo "Installing SDNC platform features" - ${SDNC_HOME}/bin/installFeatures.sh if [ -x ${SDNC_HOME}/svclogic/bin/install.sh ] then @@ -127,29 +124,18 @@ then ${SDNC_HOME}/svclogic/bin/install.sh fi - if $ENABLE_ODL_CLUSTER ; then echo "Installing Opendaylight cluster features" ; ${ODL_HOME}/bin/client feature:install odl-mdsal-clustering ; ${ODL_HOME}/bin/client feature:install odl-jolokia ; fi - - echo "Installing APPC platform features" - ${APPC_HOME}/bin/installFeatures.sh - - if [ -x ${APPC_HOME}/svclogic/bin/install.sh ] - then - echo "Installing APPC DGs using platform-logic" - ${APPC_HOME}/svclogic/bin/install.sh - fi - if [ -x ${APPC_HOME}/svclogic/bin/install-converted-dgs.sh ] then echo "Installing APPC JSON DGs converted to XML using dg-loader" ${APPC_HOME}/svclogic/bin/install-converted-dgs.sh fi - if $ENABLE_ODL_CLUSTER ; then enable_odl_cluster ; fi - - echo "Adding a property system.properties for AAF cadi.properties location" - echo "" >> ${ODL_HOME}/etc/system.properties - echo "cadi_prop_files=${APPC_HOME}/data/properties/cadi.properties" >> ${ODL_HOME}/etc/system.properties - echo "" >> ${ODL_HOME}/etc/system.properties + if $ENABLE_ODL_CLUSTER + then + echo "Installing Opendaylight cluster features" + ${ODL_HOME}/bin/client feature:install odl-mdsal-clustering + enable_odl_cluster + fi echo "Copying the aaa shiro configuration into opendaylight" if $ENABLE_AAF @@ -180,11 +166,32 @@ then done echo "Karaf process has stopped" sleep 10s + echo "Installed at `date`" > ${SDNC_HOME}/.installed fi - appcInstallEndTime=$(date +%s) - echo "Total Appc install took $(expr $appcInstallEndTime - $appcInstallStartTime) seconds" +# Move journal and snapshots directory to persistent storage + +hostdir=${ODL_HOME}/daexim/$(hostname -s) +if [ ! -d $hostdir ] +then + mkdir -p $hostdir + if [ -d ${ODL_HOME}/journal ] + then + mv ${ODL_HOME}/journal ${hostdir} + else + mkdir ${hostdir}/journal + fi + if [ -d ${ODL_HOME}/snapshots ] + then + mv ${ODL_HOME}/snapshots ${hostdir} + else + mkdir ${hostdir}/snapshots + fi +fi + +ln -s ${hostdir}/journal ${ODL_HOME}/journal +ln -s ${hostdir}/snapshots ${ODL_HOME}/snapshots echo "Starting cdt-proxy-service jar, logging to ${APPC_HOME}/cdt-proxy-service/jar.log" java -jar ${APPC_HOME}/cdt-proxy-service/cdt-proxy-service.jar > ${APPC_HOME}/cdt-proxy-service/jar.log & diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/templates/deployment.yaml index a26307d64b..a1adfa1dce 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/templates/deployment.yaml +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/templates/deployment.yaml @@ -49,6 +49,8 @@ spec: - msb-discovery
- --container-name
- kube2msb
+ - --container-name
+ - dcae-config-binding-service
- "-t"
- "15"
env:
diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml index 26067e0230..c44401168e 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml @@ -79,19 +79,16 @@ postgres: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.4.5 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.4.7 # DCAE component images to be deployed via Cloudify Manager # Use to override default setting in blueprints componentImages: - config_binding_service: onap/org.onap.dcaegen2.platform.configbinding.app-app:2.2.3 datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.1.1 deployment_handler: onap/org.onap.dcaegen2.platform.deployment-handler:3.1.0 holmes_rules: onap/holmes/rule-management:1.2.3 holmes_engine: onap/holmes/engine-management:1.2.2 - inventory: onap/org.onap.dcaegen2.platform.inventory-api:3.0.4 policy_handler: onap/org.onap.dcaegen2.platform.policy-handler:4.5.0 - service_change_handler: onap/org.onap.dcaegen2.platform.servicechange-handler:1.1.5 tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.1.0 ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.3.1 snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0 diff --git a/kubernetes/dcaegen2/charts/dcae-config-binding-service/Chart.yaml b/kubernetes/dcaegen2/charts/dcae-config-binding-service/Chart.yaml new file mode 100644 index 0000000000..fe04575cc6 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-config-binding-service/Chart.yaml @@ -0,0 +1,21 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP DCAE Config Binding Service +name: dcae-config-binding-service +version: 3.0.0
\ No newline at end of file diff --git a/kubernetes/dcaegen2/charts/dcae-config-binding-service/requirements.yaml b/kubernetes/dcaegen2/charts/dcae-config-binding-service/requirements.yaml new file mode 100644 index 0000000000..897df32ce0 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-config-binding-service/requirements.yaml @@ -0,0 +1,19 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~3.0.0 + repository: '@local' diff --git a/kubernetes/dcaegen2/charts/dcae-config-binding-service/resources/config/log/filebeat/filebeat.yml b/kubernetes/dcaegen2/charts/dcae-config-binding-service/resources/config/log/filebeat/filebeat.yml new file mode 100644 index 0000000000..1a3f693a12 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-config-binding-service/resources/config/log/filebeat/filebeat.yml @@ -0,0 +1,72 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase + +logging: + level: debug + + # enable file rotation with default configuration + to_files: true + + # do not log to syslog + to_syslog: false + + files: + path: /usr/share/filebeat/logs + name: mybeat.log + keepfiles: 7 diff --git a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/configmap.yaml b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/configmap.yaml new file mode 100644 index 0000000000..a150cbd336 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/configmap.yaml @@ -0,0 +1,26 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2019 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-cbs-filebeat-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} diff --git a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml new file mode 100644 index 0000000000..a968204575 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml @@ -0,0 +1,103 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: 1 + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - consul-server + - "-t" + - "15" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: +{{ include "common.resources" . | indent 12 }} + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + httpGet: + path: {{ .Values.readiness.path }} + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - name: {{ include "common.fullname" . }}-logs + mountPath: /opt/logs + env: + - name: CONSUL_HOST + value: consul.{{ include "common.namespace" . }} + + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap + volumes: + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-cbs-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml new file mode 100644 index 0000000000..088d381d50 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml @@ -0,0 +1,43 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.name }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.name }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + diff --git a/kubernetes/dcaegen2/charts/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/charts/dcae-config-binding-service/values.yaml new file mode 100644 index 0000000000..f6da1ef06c --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-config-binding-service/values.yaml @@ -0,0 +1,89 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + repositoryCred: + user: docker + password: docker + +config: + logstashServiceName: log-ls + logstashPort: 5044 + # Addresses of other ONAP entities + address: + consul: + host: consul-server + port: 8500 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/org.onap.dcaegen2.platform.configbinding.app-app:2.2.3 +pullPolicy: Always + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + # liveness not desirable for Cloudify Manager container + enabled: false + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + path: /healthcheck + +service: + type: ClusterIP + name: config-binding-service + externalPort: 10000 + internalPort: 10000 + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 4Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} +# Kubernetes namespace for components deployed via Cloudify manager +# If empty, use the common namespace +# dcae_ns: "dcae" diff --git a/kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml index 3c9936b1b1..307046138b 100644 --- a/kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml @@ -45,7 +45,7 @@ readiness: periodSeconds: 10 # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.2.1 +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.2.3 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/Chart.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/Chart.yaml new file mode 100644 index 0000000000..d4782e62de --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/Chart.yaml @@ -0,0 +1,21 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP DCAE Service Change Handler +name: dcae-servicechange-handler +version: 3.0.0
\ No newline at end of file diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/Chart.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/Chart.yaml new file mode 100644 index 0000000000..45402c8616 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/Chart.yaml @@ -0,0 +1,21 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP DCAE Inventory API Service +name: dcae-inventory-api +version: 3.0.0
\ No newline at end of file diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/requirements.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/requirements.yaml new file mode 100644 index 0000000000..376b7db549 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/requirements.yaml @@ -0,0 +1,22 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~3.0.0 + repository: '@local' + - name: postgres + version: ~3.0.0 + repository: '@local' diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/resources/config/config.json b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/resources/config/config.json new file mode 100644 index 0000000000..a8329f674b --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/resources/config/config.json @@ -0,0 +1,34 @@ +{ + "database": { + "driverClass": "org.postgresql.Driver", + "user": "{{ .Values.postgres.config.pgUserName }}", + "password": "{{ .Values.postgres.config.pgUserPassword }}", + "url": "jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }}", + "properties": { + "charSet": "UTF-8" + }, + "maxWaitForConnection": "1s", + "validationQuery": "/* MyService Health Check */ SELECT 1", + "minSize": 2, + "maxSize": 8, + "initialSize": 2, + "checkConnectionWhileIdle": false, + "evictionInterval": "10s", + "minIdleTime": "1 minute" + }, + "databusControllerConnection": { + "host": "databus-controller-hostname", + "port": 8443, + "mechId": null, + "password": null, + "required": false + }, + "httpClient": { + "minThreads": 1, + "maxThreads": 128, + "gzipEnabled": false, + "gzipEnabledForRequests": false, + "timeout": "5000milliseconds", + "connectionTimeout": "5000milliseconds" + } + }
\ No newline at end of file diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/configmap.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/configmap.yaml new file mode 100644 index 0000000000..9cda43c499 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/configmap.yaml @@ -0,0 +1,26 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2019 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/deployment.yaml new file mode 100644 index 0000000000..e49be94a79 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/deployment.yaml @@ -0,0 +1,94 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: 1 + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - {{ .Values.postgres.nameOverride }} + - "-t" + - "15" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}:{{ .Values.image_version }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["java"] + args: + - "-jar" + - "/opt/inventory-api-{{ .Values.image_version }}.jar" + - "server" + - "/opt/config.json" + resources: +{{ include "common.resources" . | indent 12 }} + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + httpGet: + path: {{ .Values.readiness.path }} + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - name: {{ include "common.fullname" . }}-inv-config + mountPath: /opt/config.json + subPath: config.json + env: + - name: CONSUL_HOST + value: consul.{{ include "common.namespace" . }} + volumes: + - name: {{ include "common.fullname" . }}-inv-config + configMap: + name: {{ include "common.fullname" . }}-configmap + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/service.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/service.yaml new file mode 100644 index 0000000000..088d381d50 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/service.yaml @@ -0,0 +1,43 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.name }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.name }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/values.yaml new file mode 100644 index 0000000000..5be3b34c4e --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/values.yaml @@ -0,0 +1,124 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + repositoryCred: + user: docker + password: docker + +config: + logstashServiceName: log-ls + logstashPort: 5044 + # Addresses of other ONAP entities + address: + consul: + host: consul-server + port: 8500 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/org.onap.dcaegen2.platform.inventory-api +# need the version to be separate because it's used in 2 places +image_version: 3.0.1 + +pullPolicy: Always + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + # liveness not desirable for Cloudify Manager container + enabled: false + +readiness: + initialDelaySeconds: 30 + periodSeconds: 30 + path: /dcae-service-types + +service: + type: ClusterIP + name: inventory + externalPort: 8080 + internalPort: 8080 + +# application configuration override for postgres +postgres: + nameOverride: dcae-inv-pg + service: + name: dcae-inv-postgres + name2: dcae-inv-pg-primary + name3: dcae-inv-pg-replica + container: + name: + primary: dcae-inv-pg-primary + replica: dcae-inv-pg-replica + config: + pgUserName: dcae_inv + pgDatabase: dcae_inventory + pgPrimaryPassword: onapdemodb + pgUserPassword: onapdemodb + pgRootPassword: onapdemodb + persistence: + mountSubPath: dcae-inv/data + mountInitPath: dcae-inv + pgpool: + nameOverride: dcae-inv-pgpool + service: + name: dcae-inv-pgpool + credentials: + pgusername: ddcae_inv + pgpassword: onapdemodb + container: + name: + primary: dcae-inv-pgpool-primary + replica: dcae-inv-pgpool-replica + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 4Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} +# Kubernetes namespace for components deployed via Cloudify manager +# If empty, use the common namespace +# dcae_ns: "dcae" diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/requirements.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/requirements.yaml new file mode 100644 index 0000000000..897df32ce0 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/requirements.yaml @@ -0,0 +1,19 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~3.0.0 + repository: '@local' diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/resources/config/config.json b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/resources/config/config.json new file mode 100644 index 0000000000..7ddc800817 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/resources/config/config.json @@ -0,0 +1,22 @@ +{ + "asdcDistributionClient": { + "asdcAddress": "{{ .Values.config.address.sdc }}.{{include "common.namespace" . }}:8443", + "asdcUri": "https://{{ .Values.config.address.sdc }}.{{include "common.namespace" . }}:8443", + "msgBusAddress": "{{ .Values.config.address.message_router }}.{{include "common.namespace" . }}", + "user": "{{ .Values.sdc.user }}", + "password": "{{ .Values.sdc.password }}", + "pollingInterval": 20, + "pollingTimeout": 20, + "consumerGroup": "dcae", + "consumerId": "dcae-sch", + "environmentName": "{{ .Values.sdc.environmentName }}", + "keyStorePath": null, + "keyStorePassword": null, + "activateServerTLSAuth": {{ .Values.sdc.useHttps }}, + "useHttpsWithDmaap": {{ .Values.dmaap.useHttps }}, + "isFilterInEmptyResources": false + }, + "dcaeInventoryClient": { + "uri": "http://inventory:8080" + } +} diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/configmap.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/configmap.yaml new file mode 100644 index 0000000000..9cda43c499 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/configmap.yaml @@ -0,0 +1,26 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2019 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/deployment.yaml new file mode 100644 index 0000000000..dc802a7892 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/deployment.yaml @@ -0,0 +1,95 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: 1 + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - "dcae-inventory-api" + - --container-name + - "message-router" + - --container-name + - "sdc-dcae-be" + - "-t" + - "45" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}:{{ .Values.image_version }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["java"] + args: + - "-jar" + - "/opt/servicechange-handler.jar" + - "prod" + - "/opt/config.json" + resources: +{{ include "common.resources" . | indent 12 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + exec: + command: [{{ .Values.liveness.script }}] + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + exec: + command: [{{ .Values.readiness.script }}] + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - name: {{ include "common.fullname" . }}-sch-config + mountPath: /opt/config.json + subPath: config.json + env: + - name: CONSUL_HOST + value: consul.{{ include "common.namespace" . }} + volumes: + - name: {{ include "common.fullname" . }}-sch-config + configMap: + name: {{ include "common.fullname" . }}-configmap + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/values.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/values.yaml new file mode 100644 index 0000000000..b92f41703f --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/values.yaml @@ -0,0 +1,97 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + repositoryCred: + user: docker + password: docker + +config: + logstashServiceName: log-ls + logstashPort: 5044 + address: + # Addresses of ONAP components + message_router: message-router + sdc: sdc-be +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/org.onap.dcaegen2.platform.servicechange-handler +# need the version to be separate because it's used in 2 places +image_version: 1.1.5 + +pullPolicy: Always + +# configuration for accessing SDC +sdc: + user: "dcae" + password: !!str Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + environmentName: "AUTO" + useHttps: false + +# configuration for accessing DMaaP +dmaap: + useHttps: false + +# probe configuration parameters +liveness: + initialDelaySeconds: 30 + periodSeconds: 30 + script: /opt/health.sh + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + # liveness not desirable for Cloudify Manager container + enabled: false + +readiness: + initialDelaySeconds: 30 + periodSeconds: 30 + script: /opt/health.sh + + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 4Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} +# Kubernetes namespace for components deployed via Cloudify manager +# If empty, use the common namespace +# dcae_ns: "dcae" diff --git a/kubernetes/dmaap/charts/dmaap-bus-controller/resources/config/dmaapbc.properties b/kubernetes/dmaap/charts/dmaap-bus-controller/resources/config/dmaapbc.properties index f2a6dd9648..faa19c6f4d 100644 --- a/kubernetes/dmaap/charts/dmaap-bus-controller/resources/config/dmaapbc.properties +++ b/kubernetes/dmaap/charts/dmaap-bus-controller/resources/config/dmaapbc.properties @@ -31,7 +31,7 @@ UseAAF: false csit: No # name of this DMaaP instance (deprecated) -DmaapName: demo +#DmaapName: demo ##################################################### # @@ -39,7 +39,7 @@ DmaapName: demo # ##################################################### # FQDN of DR Prov Server (deprecated) -DR.provhost: dcae-drps.domain.not.set +#DR.provhost: dcae-drps.domain.not.set # URI to retrieve dynamic DR configuration ProvisioningURI: /internal/prov @@ -99,7 +99,7 @@ MR.TopicFactoryNS: org.onap.dmaap.mr.topicFactory MR.TopicMgrRole: org.onap.dmaap-bc-topic-mgr.client # MR topic ProjectID (used in certain topic name generation formats) -MR.projectID: ONAP +MR.projectID: mr ##################################################### @@ -130,6 +130,9 @@ aaf.AdminUser: {{ .Values.adminUser }} # Admin Password aaf.AdminPassword: {{ .Values.adminPwd }} +# Identity that is owner of any created namespaces for topics +aaf.NsOwnerIdentity: {{ .Values.adminUser }} + # location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF CredentialCodeKeyfile: etc/LocalKey diff --git a/kubernetes/dmaap/charts/dmaap-bus-controller/templates/deployment.yaml b/kubernetes/dmaap/charts/dmaap-bus-controller/templates/deployment.yaml index 9cf147fdab..4d009e9698 100644 --- a/kubernetes/dmaap/charts/dmaap-bus-controller/templates/deployment.yaml +++ b/kubernetes/dmaap/charts/dmaap-bus-controller/templates/deployment.yaml @@ -31,6 +31,10 @@ spec: app: {{ include "common.name" . }} release: {{ .Release.Name }} spec: + hostAliases: + - ip: "10.12.6.214" + hostnames: + - "aaf-onap-test.osaaf.org" initContainers: - command: - /root/ready.py diff --git a/kubernetes/dmaap/charts/dmaap-bus-controller/values.yaml b/kubernetes/dmaap/charts/dmaap-bus-controller/values.yaml index 0483ce5db2..6d7b7c363d 100644 --- a/kubernetes/dmaap/charts/dmaap-bus-controller/values.yaml +++ b/kubernetes/dmaap/charts/dmaap-bus-controller/values.yaml @@ -31,12 +31,12 @@ pullPolicy: Always # application images repository: nexus3.onap.org:10001 -image: onap/dmaap/buscontroller:1.0.23 +image: onap/dmaap/buscontroller:1.0.25 # application configuration dmaapMessageRouterService: message-router -aafURL: https://aaf-authz/ +aafURL: https://aaf-onap-test.osaaf.org:8095/proxy/ topicMgrUser: dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org topicMgrPwd: demo123456! adminUser: aaf_admin@people.osaaf.org diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties b/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties index 41ec250ac8..790707914d 100644 --- a/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties +++ b/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties @@ -43,7 +43,7 @@ aai.readTimeout={{ .Values.config.aaiReadTimeout }} http.userId={{ .Values.config.httpUserId }} http.password={{ .Values.config.httpPassword }} -aai.searchNodeQuery=/aai/v11/search/nodes-query?search-node-type=service-instance&filter=service-instance-id:EQUALS: +aai.searchNodeQuery=/aai/v13/search/nodes-query?search-node-type=service-instance&filter=service-instance-id:EQUALS: #Servlet context parameters server.context_parameters.p-name=value #context parameter with p-name as key and value as value. diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/logback.xml b/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/logback.xml index 9991b8b1b0..0a4b616453 100644 --- a/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/logback.xml +++ b/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/logback.xml @@ -1,235 +1,31 @@ -<configuration scan="true" scanPeriod="10 seconds" debug="false"> - <jmxConfigurator /> - <property name="logDirectory" value="/var/log/onap/pomba-aaictxbuilder" /> - <!-- Example evaluator filter applied against console appender --> - <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <!-- filter class="ch.qos.logback.classic.filter.LevelFilter"> <level>ERROR</level> - <onMatch>ACCEPT</onMatch> <onMismatch>DENY</onMismatch> </filter --> - <!-- deny all events with a level below INFO, that is TRACE and DEBUG --> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>INFO</level> - </filter> - <encoder> - <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n - </pattern> - </encoder> - </appender> - - <appender name="ERROR" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>INFO</level> - </filter> - <file>${logDirectory}/error.log</file> - <append>true</append> - <encoder> - <pattern>%date{"yyyy-MM-dd'T'HH:mm:ss,SSSXXX", UTC}|%X{RequestId}|%.20thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDescription}|%msg%n</pattern> - </encoder> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <maxIndex>10</maxIndex> - <FileNamePattern>${logDirectory}/error.%i.log.zip - </FileNamePattern> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>10MB</maxFileSize> - </triggeringPolicy> - </appender> - - <appender name="DEBUG" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/debug.log</file> - <append>true</append> - <encoder> - <pattern>%date{"yyyy-MM-dd'T'HH:mm:ss,SSSXXX",UTC}|%X{RequestId}|%.20thread|%.-5level|%logger{36}|%msg%n</pattern> - </encoder> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>5</maxHistory> - </rollingPolicy> - </appender> - - <appender name="AUDIT" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/audit.log</file> - <append>true</append> - <encoder> - <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n - </pattern> - </encoder> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <maxIndex>10</maxIndex> - <FileNamePattern>${logDirectory}/audit.%i.log.zip - </FileNamePattern> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>10MB</maxFileSize> - </triggeringPolicy> - </appender> - <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="AUDIT" /> - </appender> - - <appender name="METRIC" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/metric.log</file> - <append>true</append> - <encoder> - <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| - %msg%n</pattern> - </encoder> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <maxIndex>10</maxIndex> - <FileNamePattern>${logDirectory}/metric.%i.log.zip - </FileNamePattern> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>10MB</maxFileSize> - </triggeringPolicy> - </appender> - <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="METRIC" /> - </appender> - - <!-- SECURITY related loggers --> - <appender name="SECURITY" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/security.log</file> - <append>true</append> - <encoder> - <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n - </pattern> - </encoder> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <maxIndex>10</maxIndex> - <FileNamePattern>${logDirectory}/security.%i.log.zip - </FileNamePattern> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>10MB</maxFileSize> - </triggeringPolicy> - </appender> - <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="SECURITY" /> - </appender> - - <!-- CLDS related loggers --> - <logger name="org.onap.pomba.clds" level="INFO" additivity="true"> - <appender-ref ref="ERROR" /> - </logger> - - <!-- CLDS related loggers --> - <logger name="com.att.eelf.error" level="OFF" additivity="true"> - <appender-ref ref="ERROR" /> - </logger> - <!-- EELF related loggers --> - <logger name="com.att.eelf.audit" level="INFO" additivity="false"> - <appender-ref ref="asyncEELFAudit" /> - </logger> - <logger name="com.att.eelf.metrics" level="DEBUG" additivity="false"> - <appender-ref ref="asyncEELFMetrics" /> - </logger> - <logger name="com.att.eelf.security" level="DEBUG" additivity="false"> - <appender-ref ref="asyncEELFSecurity" /> - </logger> - - - <!-- Spring related loggers --> - <logger name="org.springframework" level="WARN" /> - <logger name="org.springframework.beans" level="WARN" /> - <logger name="org.springframework.web" level="WARN" /> - <logger name="com.blog.spring.jms" level="WARN" /> - - <!-- Other Loggers that may help troubleshoot --> - <logger name="net.sf" level="WARN" /> - <logger name="org.apache.commons.httpclient" level="WARN" /> - <logger name="org.apache.commons" level="WARN" /> - <logger name="org.apache.coyote" level="WARN" /> - <logger name="org.apache.jasper" level="WARN" /> - - <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. - May aid in troubleshooting) --> - <logger name="org.apache.camel" level="WARN" /> - <logger name="org.apache.cxf" level="WARN" /> - <logger name="org.apache.camel.processor.interceptor" level="WARN" /> - <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" /> - <logger name="org.apache.cxf.service" level="WARN" /> - <logger name="org.restlet" level="DEBUG" /> - <logger name="org.apache.camel.component.restlet" level="DEBUG" /> - - <!-- logback internals logging --> - <logger name="ch.qos.logback.classic" level="INFO" /> - <logger name="ch.qos.logback.core" level="INFO" /> - - <!-- logback jms appenders & loggers definition starts here --> - <!-- logback jms appenders & loggers definition starts here --> - <appender name="auditLogs" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - </filter> - <file>${logDirectory}/Audit.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <fileNamePattern>${logDirectory}/Audit.%i.log.zip - </fileNamePattern> - <minIndex>1</minIndex> - <maxIndex>9</maxIndex> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>5MB</maxFileSize> - </triggeringPolicy> - <encoder> - <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> - </encoder> - </appender> - <appender name="perfLogs" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - </filter> - <file>${logDirectory}/Perform.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <fileNamePattern>${logDirectory}/Perform.%i.log.zip - </fileNamePattern> - <minIndex>1</minIndex> - <maxIndex>9</maxIndex> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>5MB</maxFileSize> - </triggeringPolicy> - <encoder> - <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> - </encoder> - </appender> - <logger name="AuditRecord" level="INFO" additivity="FALSE"> - <appender-ref ref="auditLogs" /> - </logger> - <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE"> - <appender-ref ref="auditLogs" /> - </logger> - <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE"> - <appender-ref ref="perfLogs" /> - </logger> - <!-- logback jms appenders & loggers definition ends here --> - - <root level="WARN"> - <appender-ref ref="DEBUG" /> - <appender-ref ref="STDOUT" /> - </root> - +<configuration > + <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/> + <property name="p_lvl" value="%level"/> + <property name="p_log" value="%logger"/> + <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/> + <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/> + <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/> + <!-- tabs --> + <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/> + <property name="p_thr" value="%thread"/> + <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${pattern}</pattern> + </encoder> + </appender> + <appender name="FILE" class="ch.qos.logback.core.FileAppender"> + <file>/opt/app/logs/EELF/output.log</file> + <encoder> + <pattern>${pattern}</pattern> + </encoder> + </appender> + <logger level="INFO" name="org.onap.logging.ref.slf4j" additivity="false"> + <appender-ref ref="STDOUT" /> + <appender-ref ref="FILE" /> + </logger> + <root level="info"> + <appender-ref ref="STDOUT" /> + <appender-ref ref="FILE" /> + </root> </configuration> diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/templates/deployment.yaml b/kubernetes/pomba/charts/pomba-aaictxbuilder/templates/deployment.yaml index 6d46e9de09..d8210b32fc 100644 --- a/kubernetes/pomba/charts/pomba-aaictxbuilder/templates/deployment.yaml +++ b/kubernetes/pomba/charts/pomba-aaictxbuilder/templates/deployment.yaml @@ -56,15 +56,20 @@ spec: name: localtime readOnly: true - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + mountPath: /opt/app/logs + readOnly: false - mountPath: /opt/app/config/logback.xml name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml + - name: {{ include "common.fullname" . }}-logs-eelf + mountPath: /opt/app/logs/EELF + readOnly: false - mountPath: /opt/app/config/application.properties name: {{ include "common.fullname" . }}-config subPath: application.properties readOnly: true + resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -87,7 +92,7 @@ spec: - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + mountPath: /opt/app/logs volumes: - name: localtime @@ -106,7 +111,8 @@ spec: emptyDir: {} - name: {{ include "common.fullname" . }}-logs emptyDir: {} - + - name: {{ include "common.fullname" . }}-logs-eelf + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/aai.properties b/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/aai.properties index 5d1e583370..db72a01a5e 100755 --- a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/aai.properties +++ b/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/aai.properties @@ -1,4 +1,4 @@ -# Copyright © 2018 Amdocs +# Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/application.properties b/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/application.properties index fcfe9dc412..991c77df7c 100644 --- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/application.properties +++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/application.properties @@ -53,9 +53,9 @@ aai.readTimeout={{ .Values.config.aaiReadTimeout }} aai.http.userId={{ .Values.config.aaiHttpUserId }} aai.http.password={{ .Values.config.aaiHttpPassword }} -aai.searchNodeQuery=/aai/v11/search/nodes-query?search-node-type=service-instance&filter=service-instance-id:EQUALS: -aai.customerQuery=/aai/v11/business/customers/customer/ -aai.serviceInstancePath=/aai/v11/business/customers/customer/{0}/service-subscriptions/service-subscription/{1}/service-instances/service-instance/{2} +aai.searchNodeQuery=/aai/v13/search/nodes-query?search-node-type=service-instance&filter=service-instance-id:EQUALS: +aai.customerQuery=/aai/v13/business/customers/customer/ +aai.serviceInstancePath=/aai/v13/business/customers/customer/{0}/service-subscriptions/service-subscription/{1}/service-instances/service-instance/{2} # SDNC REST Client Configuration sdnc.serviceName={{ .Values.config.sdncServiceName }}.{{.Release.Namespace}} @@ -66,6 +66,7 @@ sdnc.httpProtocol={{ .Values.config.sdncHttpProtocol }} sdnc.connectionTimeout={{ .Values.config.sdncConnectionTimeout }} sdnc.readTimeout={{ .Values.config.sdncReadTimeout }} sdnc.genericResourcePath=/restconf/config/GENERIC-RESOURCE-API:services/service/{0} +sdnc.portMirrorResourcePath=/restconf/config/GENERIC-RESOURCE-API:port-mirror-configurations/port-mirror-configuration/{0}/configuration-data/configuration-operation-information/port-mirror-configuration-request-input sdnc.vnfPath=/restconf/config/VNF-API:vnfs/vnf-list/{0} #Servlet context parameters diff --git a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml index a9eac31405..f9107ea22b 100755 --- a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml @@ -252,6 +252,9 @@ mso: callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/vnfAdapterNotify rollback: callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/vnfAdapterNotify + use: + qualified: + host: false global: dmaap: username: testuser @@ -259,8 +262,13 @@ mso: host: http://10.42.111.36:904 publisher: topic: replaceme + naming: + endpoint: http://naming.demo.onap.com:8081/web/service/v1/genNetworkElementName + auth: Basic bTA0NzY4QG5vbi1wcm9kLm1zby5lY29tcC5hdHQuY29tOkF0dG0wNDc2OExpZmUhQA== policy: auth: Basic dGVzdHBkcDphbHBoYTEyMw== + default: + disposition: Skip client: auth: Basic bTAzNzQzOnBvbGljeVIwY2sk endpoint: http://pdp.{{ include "common.namespace" . }}:8081/pdp/api/ @@ -310,7 +318,7 @@ server: spring: datasource: driver-class-name: org.mariadb.jdbc.Driver - url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/camundabpmn + jdbc-url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/camundabpmn username: ${DB_USERNAME} password: ${DB_PASSWORD} dbcp2: diff --git a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml index 98b0976314..b88149bc68 100755 --- a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml @@ -15,7 +15,7 @@ server: port: {{ index .Values.containerPort }} spring: datasource: - url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/catalogdb + jdbc-url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/catalogdb username: ${DB_ADMIN_USERNAME} password: ${DB_ADMIN_PASSWORD} driver-class-name: org.mariadb.jdbc.Driver diff --git a/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml index 2755f94f41..95726d4520 100755 --- a/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml @@ -26,7 +26,7 @@ mso: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 spring: datasource: - url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb + jdbc-url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb username: ${DB_USERNAME} password: ${DB_PASSWORD} driver-class-name: org.mariadb.jdbc.Driver @@ -60,6 +60,6 @@ management: context-path: /manage flyway: baseline-on-migrate: true - url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb + jdbc-url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb user: ${DB_ADMIN_USERNAME} password: ${DB_ADMIN_PASSWORD} diff --git a/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml index 370887ee00..9ac209fb3c 100755 --- a/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml @@ -17,7 +17,7 @@ server: port: {{ index .Values.containerPort }} spring: datasource: - url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/catalogdb + jdbc-url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/catalogdb username: ${DB_USERNAME} password: ${DB_PASSWORD} driver-class-name: org.mariadb.jdbc.Driver @@ -38,7 +38,7 @@ spring: role: ACTUATOR request: datasource: - url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb + jdbc-url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb username: ${DB_USERNAME} password: ${DB_PASSWORD} driver-class-name: org.mariadb.jdbc.Driver @@ -75,6 +75,7 @@ mso: pollingInterval: 60 pollingTimeout: 60 relevantArtifactTypes: HEAT,HEAT_ENV,HEAT_VOL + useHttpsWithDmaap: false activateServerTLSAuth: false keyStorePassword: keyStorePath: diff --git a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml index 74905d2df3..662b4d4ba4 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml @@ -83,6 +83,9 @@ org: activate: POST|285000|sdncurl8|sdnc-request-header|com:att:sdnctl:nbncapi assign: POST|285000|sdncurl8|sdnc-request-header|com:att:sdnctl:nbncapi delete: POST|285000|sdncurl8|sdnc-request-header|com:att:sdnctl:nbncapi + vnf-topology-aic-operation: + activate: POST|270000|sdncurl11|sdnc-request-header|com:att:sdnctl:vnftopologyaic + assign: POST|270000|sdncurl11|sdnc-request-header|com:att:sdnctl:vnftopologyaic tunnelxconn-topology-operation: activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource @@ -99,6 +102,20 @@ org: rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf bpelauth: 023A0244AB819A0DE0131DBC3AC5FAB4D8544E1CB1A7FE3CE60F6E3292AC0D93 bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService + gammainternet: + '': + query: GET|60000|sdncurl4|sdnc-request-header|com:att:sdnctl:firewallapi + service-configuration-operation: + activate: POST|90000|sdncurl1|sdnc-request-header|com:att:sdnctl:l3api + changeactivate: POST|60000|sdncurl1|sdnc-request-header|com:att:sdnctl:l3api + changedelete: POST|250000|sdncurl1|sdnc-request-header|com:att:sdnctl:l3api + changereserve: POST|60000|sdncurl1|sdnc-request-header|com:att:sdnctl:l3api + delete: POST|250000|sdncurl1|sdnc-request-header|com:att:sdnctl:l3api + reserve: POST|60000|sdncurl1|sdnc-request-header|com:att:sdnctl:l3api + turnup: POST|60000|sdncurl1|sdnc-request-header|com:att:sdnctl:l3api + svc-topology-operation: + assign: POST|60000|sdncurl1|sdnc-request-header|com:att:sdnctl:l3api + delete: POST|250000|sdncurl1|sdnc-request-header|com:att:sdnctl:l3api generic-resource: network-topology-operation: create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource @@ -143,6 +160,7 @@ org: sdncurl12: 'http://sdnc.{{ include "common.namespace" . }}:8282/' sdncurl5: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/config' sdncurl6: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNF-API:' + sdncurl7: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/L3UCPE-API:' sdncurl8: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NBNC-API:' sdncurl9: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NORTHBOUND-API:service-topology-operation' service: diff --git a/kubernetes/so/resources/config/overrides/override.yaml b/kubernetes/so/resources/config/overrides/override.yaml index 6adc2120fb..060a3067b8 100755 --- a/kubernetes/so/resources/config/overrides/override.yaml +++ b/kubernetes/so/resources/config/overrides/override.yaml @@ -59,7 +59,7 @@ mso: topic: com.att.ecomp.mso.operationalEnvironmentEvent spring: datasource: - url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/catalogdb + jdbc-url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/catalogdb username: ${DB_USERNAME} password: ${DB_PASSWORD} driver-class-name: org.mariadb.jdbc.Driver @@ -105,7 +105,7 @@ spring: role: ACTUATOR request: datasource: - url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb + jdbc-url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb username: ${DB_USERNAME} password: ${DB_PASSWORD} driver-class-name: org.mariadb.jdbc.Driver |