diff options
27 files changed, 314 insertions, 83 deletions
diff --git a/.ci/check-bashisms.sh b/.ci/check-bashisms.sh new file mode 100755 index 0000000000..0dae2255b7 --- /dev/null +++ b/.ci/check-bashisms.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +if ! which checkbashisms >/dev/null && ! sudo yum install devscripts-minimal && ! sudo apt-get install devscripts +then + printf "checkbashisms command not found - please install it \n\ + (e.g. sudo apt-get install devscripts | yum install devscripts-minimal )\n" >&2 + exit 2 +fi +find . -not -path '*/.*' -name '*.sh' -exec checkbashisms {} + || exit 3 +find . -not -path '*/.*' -name '*.failover' -exec checkbashisms -f \{\} + || exit 4 +! find . -not -path '*/.*' -name '*.sh' -exec grep 'local .*=' {} + || exit 5 +! find . -not -path '*/.*' -name '*.failover' -exec grep 'local .*=' {} + || exit 6 +exit 0 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6bfce7af6c..980093a7a5 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -6,7 +6,7 @@ repos: - id: trailing-whitespace #exclude: '^ordmodels/' - repo: https://github.com/jorisroovers/gitlint - rev: v0.15.1 + rev: v0.17.0 hooks: - id: gitlint stages: [commit-msg] diff --git a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh index 4dcebc8883..f9f62739f2 100644 --- a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh +++ b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh @@ -29,7 +29,8 @@ _ip_address() { # "sed -i", but without "mv" (which doesn't work on a bind-mounted file, for example) _sed_in_place() { - local filename="$1"; shift + local filename + filename="$1"; shift local tempFile tempFile="$(mktemp)" sed "$@" "$filename" > "$tempFile" diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index ecd7129567..b1e85c00cc 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -84,12 +84,19 @@ env: - name: APP_FQI value: "{{ $initRoot.fqi }}" + {{- if $initRoot.aaf_namespace }} - name: aaf_locate_url - value: "https://aaf-locate.{{ $dot.Release.Namespace}}:8095" - - name: aaf_locator_container - value: "oom" + value: "https://aaf-locate.{{ $initRoot.aaf_namespace }}:8095" + - name: aaf_locator_container_ns + value: "{{ $initRoot.aaf_namespace }}" + {{- else }} + - name: aaf_locate_url + value: "https://aaf-locate.{{ $dot.Release.Namespace }}:8095" - name: aaf_locator_container_ns value: "{{ $dot.Release.Namespace }}" + {{- end }} + - name: aaf_locator_container + value: "oom" - name: aaf_locator_fqdn value: "{{ $initRoot.fqdn }}" - name: aaf_locator_app_ns diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index bc9273f41f..769c9b7946 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -50,7 +50,7 @@ global: clusterDomain: cluster.local metrics: {} -image: bitnami/mariadb-galera:10.5.8 +image: bitnami/mariadb-galera:10.6.5 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml index 11602054e8..e156db27db 100644 --- a/kubernetes/common/mongo/templates/statefulset.yaml +++ b/kubernetes/common/mongo/templates/statefulset.yaml @@ -39,6 +39,23 @@ spec: {{ include "common.podSecurityContext" . | indent 6 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" + initContainers: + # we shouldn't need this but for unknown reason, it's fsGroup is not + # applied + - name: fix-permission + command: + - /bin/sh + args: + - -c + - | + chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /data + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + runAsUser: 0 + volumeMounts: + - name: {{ include "common.fullname" . }}-data + mountPath: /data containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} @@ -72,7 +89,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - name: {{ include "common.fullname" . }}-data - mountPath: /var/lib/mongo + mountPath: /data/db resources: {{ include "common.resources" . | nindent 12 }} {{ include "common.containerSecurityContext" . | indent 10 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/common/mongo/values.yaml b/kubernetes/common/mongo/values.yaml index ee1d8c72fa..caab71890d 100644 --- a/kubernetes/common/mongo/values.yaml +++ b/kubernetes/common/mongo/values.yaml @@ -24,7 +24,7 @@ global: # Application configuration defaults. ################################################################# -image: library/mongo:4.0.8 +image: library/mongo:4.4.10 pullPolicy: Always # application configuration diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl index 71201a1cc6..90c278e4c5 100644 --- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl +++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl @@ -83,10 +83,14 @@ {{- end }} env: - name: NAMESPACE + {{- if $subchartDot.Values.namespace }} + value: {{ $subchartDot.Values.namespace }} + {{- else }} valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- end }} resources: limits: cpu: {{ $subchartDot.Values.limits.cpu }} diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index e2fe1ffbdb..ee56577c63 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -32,7 +32,7 @@ global: jreImage: onap/integration-java11:7.1.0 kubectlImage: bitnami/kubectl:1.19 loggingImage: beats/filebeat:5.5.0 - mariadbImage: bitnami/mariadb:10.5.8 + mariadbImage: bitnami/mariadb:10.6.5 nginxImage: bitnami/nginx:1.18-debian-10 postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 readinessImage: onap/oom/readiness:3.0.1 diff --git a/kubernetes/config/prepull_docker.sh b/kubernetes/config/prepull_docker.sh index 596ace6ad5..bfd679bf3e 100755 --- a/kubernetes/config/prepull_docker.sh +++ b/kubernetes/config/prepull_docker.sh @@ -27,8 +27,15 @@ EOF #calling syntax: parse_yaml <yaml_file_name> parse_yaml () { - local prefix=$2 - local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034') + local prefix + prefix=$2 + local s + s='[[:space:]]*' + local w + w='[a-zA-Z0-9_]*' + local fs + fs=$(echo @|tr @ '\034') + sed -ne "s|^\($s\):|\1|" \ -e "s|^\($s\)\($w\)$s:$s[\"']\(.*\)[\"']$s\$|\1$fs\2$fs\3|p" \ -e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" $1 | diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh index 3c66feeb46..294ae0a55e 100755 --- a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh @@ -49,10 +49,13 @@ Extra DNS server already deployed: list_node_with_external_addrs() { - local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}') + local WORKER_NODES + WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}') for worker in $WORKER_NODES; do - local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') - local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }') + local external_ip + external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') + local internal_ip + internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }') if [ $internal_ip != $external_ip ]; then echo $external_ip break @@ -61,7 +64,8 @@ list_node_with_external_addrs() } ingress_controller_ip() { - local metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system) + local metal_ns + metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system) if [ -z $metal_ns ]; then echo $CLUSTER_IP else @@ -70,13 +74,16 @@ ingress_controller_ip() { } deploy() { - local ingress_ip=$(ingress_controller_ip) + local ingress_ip + ingress_ip=$(ingress_controller_ip) initdir = $(pwd) cd $SPATH/bind9dns if [ $# -eq 0 ]; then - local cl_domain="simpledemo.onap.org" + local cl_domain + cl_domain="simpledemo.onap.org" else - local cl_domain=$1 + local cl_domain + cl_domain=$1 shift fi if [ $# -ne 0 ]; then diff --git a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh index c62e2a51bd..495d540905 100755 --- a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh +++ b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh @@ -29,10 +29,13 @@ $0 [cluster_ip1] ... [cluster_ipn] Cluster address or ip ranges find_nodes_with_external_addrs() { - local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}') + local WORKER_NODES + WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}') for worker in $WORKER_NODES; do - local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') - local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }') + local external_ip + external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') + local internal_ip + internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }') if [ $internal_ip != $external_ip ]; then echo $external_ip fi diff --git a/kubernetes/contrib/tools/registry-initialize.sh b/kubernetes/contrib/tools/registry-initialize.sh index 75b36bbc52..45ee44f3c5 100755 --- a/kubernetes/contrib/tools/registry-initialize.sh +++ b/kubernetes/contrib/tools/registry-initialize.sh @@ -21,9 +21,9 @@ usage() { - echo "Chart Base directory must be provided as input!!" + echo "Chart Base directory or helm chart from local repo must be provided as input!!" echo "Usage: registry-initialize.sh -d chartdirectory \ -<-n namespace override> <-r helmrelease override>" +<-n namespace override> <-r helmrelease override> <-p chart name prefix> | <-h helm charts from local repo>" exit 1 } @@ -36,8 +36,10 @@ NAMESPACE=onap RLS_NAME=onap LOGIN="" PASSWORD="" +PREF="" +HELM_REPO=local -while getopts ":d:n:r:" opt; do +while getopts ":d:n:r:p:h:c:" opt; do case $opt in d) BASEDIR="$OPTARG" ;; @@ -45,20 +47,52 @@ while getopts ":d:n:r:" opt; do ;; r) RLS_NAME="$OPTARG" ;; + p) PREF="$OPTARG" + ;; + h) HELM_CHART="$OPTARG" + ;; + c) HELM_REPO="$OPTARG" + ;; \?) echo "Invalid option -$OPTARG" >&2 usage ;; esac done -if [ -z "$BASEDIR" ]; then - exit "Chart base directory provided $BASEDIR is empty" + +if [ -z "$BASEDIR" ] && [ -z "$HELM_CHART" ] ; then + echo "Chart base directory provided $BASEDIR and helm chart from local repo is empty" + exit +fi + +if [ -n "$BASEDIR" ] && [ -n "$HELM_CHART" ] ; then + echo "Both chart base directory $BASEDIR and helm chart from local repo $HELM_CHART cannot be used at the same time " + exit +fi + +if [ -n "$BASEDIR" ]; then + if [ "$(find $BASEDIR -maxdepth 1 -name '*tgz' -print -quit)" ]; then + echo "$BASEDIR valid" + else + echo "No chart package on $BASEDIR provided" + exit + fi +fi + +if [ -n "$HELM_CHART" ]; then + tmp_location=$(mktemp -d) + helm pull $HELM_REPO/$HELM_CHART -d $tmp_location + if [ $? -eq 0 ]; then + echo "Helm chart $HELM_CHART has been pulled out from in $HELM_REPO repo" + BASEDIR=$tmp_location + else + echo "No chart package $HELM_CHART on $HELM_REPO repo" + exit + fi fi -if [ "$(find $BASEDIR -maxdepth 1 -name '*tgz' -print -quit)" ]; then - echo "$BASEDIR valid" -else - exit "No chart package on $BASEDIR provided" +if [ -z "$PREF" ] && [ -z "$HELM_CHART" ] ; then + PREF=dcae fi LOGIN=$(kubectl -n "$NAMESPACE" get secret \ @@ -77,7 +111,7 @@ fi # Expose cluster port via port-forwarding kubectl -n $NAMESPACE port-forward service/chart-museum 27017:80 & if [ $? -ne 0 ]; then - echo "Error in portforwarding; registry cannot be added!!" + echo "Error in port forwarding; registry cannot be added!!" exit 1 fi @@ -96,7 +130,7 @@ fi # Initial scope is pushing only dcae charts # can be expanded to include all onap charts if required -for file in $BASEDIR/dcae*tgz; do +for file in $BASEDIR/$PREF*tgz; do # use helm plugin to push charts helm push $file k8s-registry if [ $? -eq 0 ]; then diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index aac0f4b3a9..5ba7d2977a 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -229,10 +229,12 @@ policies: {{- $policy := default dict .Values.policies -}} {{- $policyRls := default $commonRelease $policy.policyRelease -}} {{- $drFeedConfig := default "" .Values.drFeedConfig -}} - +{{- $dcaeName := print (include "common.fullname" .) }} +{{- $dcaeLabel := (dict "dcaeMicroserviceName" $dcaeName) -}} +{{- $dot := . -}} apiVersion: apps/v1 kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "labels" $dcaeLabel) | nindent 2 }} spec: replicas: 1 selector: {{- include "common.selectors" . | nindent 4 }} diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml index 2b3ab328b5..4a51c7f9d8 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml @@ -59,6 +59,8 @@ spec: value: {{ include "common.namespace" . }} - name: HELM_RELEASE value: {{ include "common.release" . }} + - name: DEPLOY_LABEL + value: {{ .Values.deployLabel }} volumes: - name: {{ include "common.fullname" . }}-expected-components configMap: diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml index 58ae706e0a..3b47e7f70e 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml @@ -31,6 +31,11 @@ service: - port: 8080 name: http +# Label on DCAE microservice deployments +# (Used by healthcheck code to find deployments +# created after initial DCAE installation) +deployLabel: dcaeMicroserviceName + # probe configuration parameters liveness: initialDelaySeconds: 10 @@ -43,7 +48,7 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 # application image -image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.3.0 +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml index 1e60d24d7a..54dcda831e 100644 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml @@ -38,6 +38,11 @@ secrets: login: '{{ .Values.aafCreds.identity }}' password: '{{ .Values.aafCreds.password }}' passwordPolicy: required + - uid: &cpsCredsUID cpscreds + type: basicAuth + login: '{{ .Values.cpsCreds.identity }}' + password: '{{ .Values.cpsCreds.password }}' + passwordPolicy: required - uid: &pgUserCredsSecretUid pg-user-creds name: &pgUserCredsSecretName '{{ include "common.release" . }}-sonhms-pg-user-creds' type: basicAuth @@ -70,7 +75,7 @@ certDirectory: /opt/app/sonhms/etc/certs # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: true +tlsServer: false # Policy configuraiton properties # if present, policy-sync side car will be deployed @@ -92,7 +97,7 @@ readiness: periodSeconds: 15 timeoutSeconds: 1 path: /healthcheck - scheme: HTTPS + scheme: HTTP port: 8080 # Service Configuration @@ -108,6 +113,9 @@ service: aafCreds: identity: dcae@dcae.onap.org password: demo123456! +cpsCreds: + identity: cps + password: cpsr0cks! credentials: - name: AAF_IDENTITY @@ -116,6 +124,12 @@ credentials: - name: AAF_PASSWORD uid: *aafCredsUID key: password +- name: CPS_IDENTITY + uid: *cpsCredsUID + key: login +- name: CPS_PASSWORD + uid: *cpsCredsUID + key: password - name: PG_USERNAME uid: *pgUserCredsSecretUid key: login @@ -130,6 +144,8 @@ applicationConfig: postgres.port: 5432 postgres.username: ${PG_USERNAME} postgres.password: ${PG_PASSWORD} + cps.username: ${CPS_IDENTITY} + cps.password: ${CPS_PASSWORD} sonhandler.pollingInterval: 20 sonhandler.pollingTimeout: 60 cbsPollingInterval: 60 @@ -145,6 +161,12 @@ applicationConfig: sonhandler.bufferTime: 60 sonhandler.cg: sonhms-cg sonhandler.cid: sonhms-cid + sonhandler.clientType: cps + cps.service.url: http://cps-tbdmt:8080 + cps.get.celldata: execute/cps-ran-schemaset/get-cell-data + cps.get.nbr.list.url: execute/cps-ran-schemaset/get-nbr-list + cps.get.pci.url: execute/ran-network-schemaset/get-pci + cps.get.pnf.url: execute/ran-network-schemaset/get-pnf sonhandler.configDb.service: http://configdb:8080 sonhandler.oof.service: https://oof-osdf:8698 sonhandler.oof.endpoint: /api/oof/v1/pci diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml index 8134e0df9d..67312d73a0 100644 --- a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml @@ -42,7 +42,7 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 # application image -image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.3.0 +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml index bbc72a5b08..73661ac843 100644 --- a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml @@ -42,7 +42,7 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 # application image -image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.2.0 +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql index 81998453e4..e5eecb1a5a 100644 --- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql +++ b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql @@ -22,12 +22,10 @@ CREATE ROLE ${JDBC_USERNAME} with PASSWORD '${JDBC_PASSWORD}' LOGIN; \encoding UTF8; -/******************DELETE OLD TABLE AND CREATE NEW***************************/ +/******************CREATE NEW TABLE***************************/ \c ${DB_NAME}; -DROP TABLE IF EXISTS ALARM_INFO; - -CREATE TABLE ALARM_INFO ( +CREATE TABLE IF NOT EXISTS ALARM_INFO ( EVENTID VARCHAR(150) NOT NULL, EVENTNAME VARCHAR(150) NOT NULL, ALARMISCLEARED SMALLINT NOT NULL, @@ -36,7 +34,8 @@ CREATE TABLE ALARM_INFO ( LASTEPOCHMICROSEC BIGINT NOT NULL, SOURCEID VARCHAR(150) NOT NULL, SOURCENAME VARCHAR(150) NOT NULL, - PRIMARY KEY (EVENTID) + SEQUENCE SMALLINT NOT NULL, + PRIMARY KEY (EVENTID, SEQUENCE, SOURCENAME) ); CREATE TABLE IF NOT EXISTS ENGINE_ENTITY ( diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 133e59fb01..aecac0f71a 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -97,7 +97,7 @@ global: loggingImage: beats/filebeat:5.5.0 # mariadb client image - mariadbImage: bitnami/mariadb:10.5.8 + mariadbImage: bitnami/mariadb:10.6.5 # nginx server image nginxImage: bitnami/nginx:1.18-debian-10 diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh index a363ab3bb0..ddaf099bdf 100644 --- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh +++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh @@ -5,7 +5,8 @@ shopt -s nullglob # logging functions mysql_log() { - local type="$1"; shift + local type + type="$1"; shift printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*" } mysql_note() { @@ -24,13 +25,17 @@ mysql_error() { # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of # "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" + local var + var="$1" + local fileVar + fileVar="${var}_FILE" + local def + def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then mysql_error "Both $var and $fileVar are set (but are exclusive)" fi - local val="$def" + local val + val="$def" # val="${!var}" # val="$(< "${!fileVar}")" # eval replacement of the bashism equivalents above presents no security issue here @@ -45,13 +50,6 @@ file_env() { unset "$fileVar" } -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -85,7 +83,9 @@ docker_process_init_files() { } mysql_check_config() { - local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors + local toRun + local errors + toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then mysql_error "$(printf 'mysqld failed while attempting to check config\n\tcommand was: ')${toRun[*]}$(printf'\n\t')$errors" fi @@ -95,7 +95,8 @@ mysql_check_config() { # We use mysqld --verbose --help instead of my_print_defaults because the # latter only show values present in config files, and not server defaults mysql_get_config() { - local conf="$1"; shift + local conf + conf="$1"; shift "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \ | awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }' # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)" @@ -141,7 +142,8 @@ docker_verify_minimum_env() { # creates folders for the database # also ensures permission for user mysql of run as root docker_create_db_directories() { - local user; user="$(id -u)" + local user + user="$(id -u)" # TODO other directories that are used by default? like /var/lib/mysql-files # see https://github.com/docker-library/mysql/issues/562 @@ -216,7 +218,8 @@ docker_setup_db() { # Aria in 10.4+ is slow due to "transactional" (crash safety) # https://jira.mariadb.org/browse/MDEV-23326 # https://github.com/docker-library/mariadb/issues/262 - local tztables=( time_zone time_zone_leap_second time_zone_name time_zone_transition time_zone_transition_type ) + local tztables + tztables=( time_zone time_zone_leap_second time_zone_name time_zone_transition time_zone_transition_type ) for table in "${tztables[@]}"; do echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=0 */;" done @@ -237,7 +240,8 @@ docker_setup_db() { mysql_note "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" fi # Sets root password and creates root users for non-localhost hosts - local rootCreate= + local rootCreate + rootCreate= # default root to listen for connections from anywhere if [ -n "$MYSQL_ROOT_HOST" ] && [ "$MYSQL_ROOT_HOST" != 'localhost' ]; then # no, we don't care if read finds a terminating character in this heredoc @@ -367,6 +371,7 @@ _main() { } # If we are sourced from elsewhere, don't perform any further actions -if ! _is_sourced; then +# https://stackoverflow.com/questions/2683279/how-to-detect-if-a-script-is-being-sourced/2942183#2942183 +if [ "$(basename $0)" = "docker-entrypoint.sh" ]; then _main "$@" fi diff --git a/kubernetes/robot/demo-k8s.sh b/kubernetes/robot/demo-k8s.sh index 439390525f..3cbfb76646 100755 --- a/kubernetes/robot/demo-k8s.sh +++ b/kubernetes/robot/demo-k8s.sh @@ -23,11 +23,32 @@ usage () echo "Usage: demo-k8s.sh <namespace> <command> [<parameters>] [execscript]" echo " " echo " demo-k8s.sh <namespace> init" - echo " - Execute both init_customer + distribute" + echo " - Execute both init_customer + distribute + registrySynch" echo " " echo " demo-k8s.sh <namespace> init_customer" echo " - Create demo customer (Demonstration) and services, etc." echo " " + echo " demo-k8s.sh <namespace> registrySynch [ repo <chart name> | path [ <path to helm charts> ]" + echo " [ <chart prefix> ] ]" + echo " - Synchronize chart museum inside of onap k8s cluster with" + echo " onap helm charts git repository (OOM)" + echo " By default following charts are synchronized:" + echo " - oom/kubernetes/dcaegen2-services/charts/," + echo " - oom/kubernetes/common/common/charts," + echo " - oom/kubernetes/common/postgres/charts/," + echo " - oom/kubernetes/common/repositoryGenerator/charts/," + echo " - oom/kubernetes/common/readinessCheck/charts/," + echo " User is able also to synchronize custom helm charts by providing" + echo " flag 'path' and path to charts into command and chart name/s prefix for example:" + echo " demo-k8s.sh onap registrySynch /home/ubuntu/oom/kubernetes/common/postgres/charts/ postgres" + echo " - Synchronize chart museum inside of onap k8s cluster with" + echo " onap installation server 'local' helm charts repository" + echo " By default following charts are synchronized:" + echo " - local/certInitializer" + echo " User is able also to synchronize custom helm charts by providing" + echo " flag 'repo' and chart name in 'local' repo into command for example:" + echo " demo-k8s.sh onap registrySynch repo certInitializer" + echo " " echo " demo-k8s.sh <namespace> distribute [<prefix>]" echo " - Distribute demo models (demoVFW and demoVLB)" echo " " @@ -45,17 +66,17 @@ usage () echo " " echo " demo-k8s.sh <namespace> instantiateVFWdirectso csar_filename" echo " - Instantiate vFW module using direct SO interface using previously distributed model " - echo " that is in /tmp/csar in robot container" + echo " that is in /tmp/csar in robot container" + echo " " + echo " demo-k8s.sh <namespace> instantiateVLB_CDS" + echo " - Instantiate vLB module using CDS with a preloaded CBA " echo " " - echo " demo-k8s.sh <namespace> instantiateVLB_CDS" - echo " - Instantiate vLB module using CDS with a preloaded CBA " - echo " " echo " demo-k8s.sh <namespace> deleteVNF <module_name from instantiateVFW>" echo " - Delete the module created by instantiateVFW" echo " " echo " demo-k8s.sh <namespace> vfwclosedloop <pgn-ip-address>" - echo " - vFWCL: Sets the packet generator to high and low rates, and checks whether the policy " - echo " kicks in to modulate the rates back to medium" + echo " - vFWCL: Sets the packet generator to high and low rates, and checks whether the policy " + echo " kicks in to modulate the rates back to medium" echo " " echo " demo-k8s.sh <namespace> <command> [<parameters>] execscript" echo " - Optional parameter to execute user custom scripts located in scripts/demoscript directory" @@ -74,7 +95,7 @@ fi echo "Number of parameters:" echo $# -if [ $# -lt 2 ];then +if [ $# -lt 2 ]; then usage exit fi @@ -112,6 +133,7 @@ do ;; init) TAG="InitDemo" + dcaeRegistrySynch=true shift ;; vescollector) @@ -209,6 +231,26 @@ do VARIABLES="$VARIABLES -v PACKET_GENERATOR_HOST:$1 -v pkg_host:$1" shift ;; + registrySynch) + dcaeRegistrySynch=true + echo $dcaeRegistrySynch + shift + echo $1 + if [ "$1" = "path" ]; then + shift + customHelmChartsPath=$1 + shift + customHelmChartsPref=$1 + shift + elif [ "$1" = "repo" ]; then + shift + customHelmChartFromLocalRepo=$1 + echo $customHelmChartFromLocalRepo + shift + else + echo "demo-k8s.sh <namespace> registrySynch { repo <chart name> | path [ <path to helm charts> ] [ <chart prefix> ] }" + fi + ;; *) usage exit @@ -218,6 +260,7 @@ done set -x POD=$(kubectl --namespace $NAMESPACE get pods | sed 's/ .*//'| grep robot) +HELM_RELEASE=$(kubectl --namespace onap get pods | sed 's/ .*//' | grep robot | sed 's/-.*//') DIR=$(dirname "$0") SCRIPTDIR=scripts/demoscript @@ -234,6 +277,29 @@ export GLOBAL_BUILD_NUMBER=$(kubectl --namespace $NAMESPACE exec ${POD} -- bas OUTPUT_FOLDER=$(printf %04d $GLOBAL_BUILD_NUMBER)_demo_$key DISPLAY_NUM=$(($GLOBAL_BUILD_NUMBER + 90)) -VARIABLEFILES="-V /share/config/robot_properties.py" +if [ $dcaeRegistrySynch ]; then + CURRENT_DIR=$PWD + PARENT_PATH=${0%/*} + cd $PARENT_PATH + cd ../contrib/tools + if [ -n "$customHelmChartsPath" ]; then + ./registry-initialize.sh -d $customHelmChartsPath -n $NAMESPACE -r $HELM_RELEASE -p customHelmChartsPref + elif [ -n "$customHelmChartFromLocalRepo" ]; then + ./registry-initialize.sh -h $customHelmChartFromLocalRepo -n $NAMESPACE -r $HELM_RELEASE + else + ./registry-initialize.sh -d ../../dcaegen2-services/charts/ -n $NAMESPACE -r $HELM_RELEASE + ./registry-initialize.sh -d ../../dcaegen2-services/charts/ -n $NAMESPACE -r $HELM_RELEASE -p common + ./registry-initialize.sh -h certInitializer -n $NAMESPACE -r $HELM_RELEASE + ./registry-initialize.sh -h repositoryGenerator -n $NAMESPACE -r $HELM_RELEASE + ./registry-initialize.sh -h readinessCheck -n $NAMESPACE -r $HELM_RELEASE + ./registry-initialize.sh -h dcaegen2-services-common -n $NAMESPACE -r $HELM_RELEASE + ./registry-initialize.sh -h postgres -n $NAMESPACE -r $HELM_RELEASE + ./registry-initialize.sh -h serviceAccount -n $NAMESPACE -r $HELM_RELEASE + fi + cd $CURRENT_DIR +fi -kubectl --namespace $NAMESPACE exec ${POD} -- ${ETEHOME}/runTags.sh ${VARIABLEFILES} ${VARIABLES} -d /share/logs/${OUTPUT_FOLDER} -i ${TAG} --display $DISPLAY_NUM 2> ${TAG}.out +if [ -n "$TAG" ]; then + VARIABLEFILES="-V /share/config/robot_properties.py" + kubectl --namespace $NAMESPACE exec ${POD} -- ${ETEHOME}/runTags.sh ${VARIABLEFILES} ${VARIABLES} -d /share/logs/${OUTPUT_FOLDER} -i ${TAG} --display $DISPLAY_NUM 2> ${TAG}.out +fi
\ No newline at end of file diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py index 5b51b70bfc..9076a1f9f9 100644 --- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py @@ -230,6 +230,16 @@ GLOBAL_INVENTORY_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "h GLOBAL_DEPLOYMENT_HANDLER_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "deployment-handler") }}' GLOBAL_DEPLOYMENT_HANDLER_SERVER_PROTOCOL = "https" GLOBAL_DEPLOYMENT_HANDLER_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "deployment-handler" "port" 8443) }}' +GLOBAL_K8S_CHART_REPOSTORY_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "chart-museum") }}' +GLOBAL_K8S_CHART_REPOSTORY_SERVER_PROTOCOL = "http" +GLOBAL_K8S_CHART_REPOSTORY_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "chart-museum" "port" 80) }}' +GLOBAL_K8S_CHART_REPOSTORY_SERVER_USERNAME = '{{ .Values.k8sChartRepoUsername }}' +GLOBAL_K8S_CHART_REPOSTORY_SERVER_PASSWORD = '{{ .Values.k8sChartRepoPassword }}' +# consul info +GLOBAL_CONSUL_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "consul-server-ui") }}' +GLOBAL_CONSUL_SERVER_PROTOCOL = "http" +GLOBAL_CONSUL_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "consul-server-ui" "port" 8500) }}' + # dcae mod info GLOBAL_DCAEMOD_ONBOARDING_API_SERVER_PROTOCOL = "http" GLOBAL_DCAEMOD_ONBOARDING_API_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcaemod-onboarding-api" "port" 8080) }}' diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml index 087fc853d0..89d83c85a3 100644 --- a/kubernetes/robot/values.yaml +++ b/kubernetes/robot/values.yaml @@ -375,6 +375,10 @@ oofOsdfPciOptPassword: "demo123456!" oofHomingUsername: "admin1" oofHomingPassword: "plan.15" +#K8S chart repository - ChartMuseum +k8sChartRepoUsername: "onapinitializer" +k8sChartRepoPassword: "demo123456!" + # default number of instances replicaCount: 1 diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover index d9133e8477..1a74c1edce 100755 --- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh {{/* # Copyright © 2018 Amdocs @@ -30,7 +30,7 @@ fi APP_BIN=/app/bin debugLog(){ - if [ "$enableDebugLogging" == true ]; then + if [ "$enableDebugLogging" = true ]; then if [ $# -eq 0 ]; then echo "" >> $LOGFILE else @@ -41,7 +41,7 @@ debugLog(){ EXC_SIMPLE_FAILOVER=`${APP_BIN}/switchVoting.sh` -if [ "$EXC_SIMPLE_FAILOVER" == "success" ]; then +if [ "$EXC_SIMPLE_FAILOVER" = "success" ]; then debugLog "Simple failover success. SDNC failover completed." else # Simple failover failed. Trying catastrophic failover ... @@ -57,14 +57,17 @@ commands = [testenv:checkbashisms] deps = -whitelist_externals = sh - find - checkbashisms +whitelist_externals = + {toxinidir}/.ci/check-bashisms.sh commands = - sh -c 'which checkbashisms>/dev/null || sudo yum install devscripts-minimal || sudo apt-get install devscripts \ - || (echo "checkbashisms command not found - please install it (e.g. sudo apt-get install devscripts | \ - yum install devscripts-minimal )" >&2 && exit 1)' - find . -not -path '*/\.*' -name *.sh -exec checkbashisms \{\} + + {toxinidir}/.ci/check-bashisms.sh + +[testenv:shellcheck] +basepython = python3 +deps = shellcheck-py +whitelist_externals = find +commands = + find . -not -path '*/\.*' -name *.sh -exec shellcheck \{\} + [testenv:autopep8] deps = @@ -109,3 +112,9 @@ commands = # As a result, the line above is always skipped in jenkins CI since there cannot be a .git/COMMIT_EDITMSG file. # A dedicated gitlint profile for CI is proposed above. Also to behave fine locally, this profile must have access # to the HOME variable so that Gitlint can retrieve Git user settings. + +[testenv:pre-commit-autoupdate] +basepython = python3 +deps = pre-commit +commands = + pre-commit autoupdate |