diff options
Diffstat (limited to 'kubernetes/appc')
9 files changed, 189 insertions, 9 deletions
diff --git a/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml b/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml index 2226b75bbf..8ac5d3ed1f 100644 --- a/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml +++ b/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml @@ -21,6 +21,8 @@ spec: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /opt/startCdt.sh ports: - containerPort: {{ .Values.service.internalPort }} name: {{ .Values.service.name }} @@ -39,6 +41,11 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: + # This sets the port that CDT will use to connect to the main appc container. + # The 11 is the node port suffix that is used in the main appc oom templates + # for nodePort3. This value will be configured in appc main chart in appc-cdt section. + - name: CDT_PORT + value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort3 }}" volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/appc/charts/appc-cdt/values.yaml b/kubernetes/appc/charts/appc-cdt/values.yaml index 123098cdd2..c29452de6c 100644 --- a/kubernetes/appc/charts/appc-cdt/values.yaml +++ b/kubernetes/appc/charts/appc-cdt/values.yaml @@ -9,7 +9,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/appc-cdt-image:1.3.0-SNAPSHOT-latest +image: onap/appc-cdt-image:1.3.0 pullPolicy: Always # application configuration diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh new file mode 100755 index 0000000000..544358c1af --- /dev/null +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh @@ -0,0 +1,15 @@ +#!/bin/bash -x + +startODL_status=$(ps -e | grep startODL | wc -l) +waiting_bundles=$(/opt/opendaylight/current/bin/client bundle:list | grep Waiting | wc -l) +run_level=$(/opt/opendaylight/current/bin/client system:start-level) + + if [ "$run_level" == "Level 100" ] && [ "$startODL_status" -lt "1" ] && [ "$waiting_bundles" -lt "1" ] + then + echo APPC is healthy. + else + echo APPC is not healthy. + exit 1 + fi + +exit 0 diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh index e13193f364..18a2783c5f 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh @@ -55,6 +55,9 @@ APPC_HOME=${APPC_HOME:-/opt/onap/appc} SLEEP_TIME=${SLEEP_TIME:-120} MYSQL_PASSWD=${MYSQL_PASSWD:-{{.Values.config.dbRootPassword}}} ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false} +ENABLE_AAF=${ENABLE_AAF:-false} +AAF_EXT_IP=${AAF_EXT_IP:-{{.Values.config.aafExtIP}}} +AAF_EXT_FQDN=${AAF_EXT_FQDN:-{{.Values.config.aafExtFQDN}}} appcInstallStartTime=$(date +%s) @@ -143,8 +146,13 @@ then echo "" >> ${ODL_HOME}/etc/system.properties echo "Copying the aaa shiro configuration into opendaylight" - cp ${APPC_HOME}/data/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml - + if $ENABLE_AAF + then + echo "${AAF_EXT_IP} ${AAF_EXT_FQDN}" >> /etc/hosts + cp ${APPC_HOME}/data/properties/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml + else + cp ${APPC_HOME}/data/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml + fi echo "Restarting OpenDaylight" ${ODL_HOME}/bin/stop @@ -173,5 +181,8 @@ fi appcInstallEndTime=$(date +%s) echo "Total Appc install took $(expr $appcInstallEndTime - $appcInstallStartTime) seconds" +echo "Starting cdt-proxy-service jar, logging to ${APPC_HOME}/cdt-proxy-service/jar.log" +java -jar ${APPC_HOME}/cdt-proxy-service/cdt-proxy-service.jar > ${APPC_HOME}/cdt-proxy-service/jar.log & + exec ${ODL_HOME}/bin/karaf diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml new file mode 100644 index 0000000000..31bc4e31de --- /dev/null +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml @@ -0,0 +1,120 @@ +<?xml version="1.0" ?> +<!-- +### +# ============LICENSE_START======================================================= +# APPC +# ================================================================================ +# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + --> + +<shiro-configuration xmlns="urn:opendaylight:aaa:app:config"> + + <!-- + ================================= TokenAuthRealm ================================== + = = + = Use org.onap.aaf.cadi.shiro.AAFRealm to enable AAF authentication = + = Use org.opendaylight.aaa.shiro.realm.TokenAuthRealm = + =================================================================================== + --> + <main> + <pair-key>tokenAuthRealm</pair-key> +<!-- <pair-value>org.opendaylight.aaa.shiro.realm.TokenAuthRealm</pair-value> --> + <pair-value>org.onap.aaf.cadi.shiro.AAFRealm</pair-value> + </main> + + + <!-- add tokenAuthRealm as the only default realm --> + <main> + <pair-key>securityManager.realms</pair-key> + <pair-value>$tokenAuthRealm</pair-value> + </main> + + <!-- Used to support OAuth2 use case. --> + <main> + <pair-key>authcBasic</pair-key> + <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter</pair-value> + </main> + + <!-- in order to track AAA challenge attempts --> + <main> + <pair-key>accountingListener</pair-key> + <pair-value>org.opendaylight.aaa.shiro.filters.AuthenticationListener</pair-value> + </main> + <main> + <pair-key>securityManager.authenticator.authenticationListeners</pair-key> + <pair-value>$accountingListener</pair-value> + </main> + + <!-- Model based authorization scheme supporting RBAC for REST endpoints --> + <main> + <pair-key>dynamicAuthorization</pair-key> + <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value> + </main> + + + <!-- + =================================================================================== + = URLS = + = For AAF use <pair-value> authcBasic, roles[org.onap.appc.odl|odl-api\*] = + = org.onap.appc.odl|odl-api|* can be replaced with other AAF permissions = + = For default <pair-value> authcBasic, roles[admin] = + =================================================================================== + --> + + <!-- restrict access to some endpoints by default --> + <urls> + <pair-key>/auth/**</pair-key> +<!-- <pair-value>authcBasic, roles[admin], dynamicAuthorization</pair-value> --> + <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value> + </urls> + <urls> + <pair-key>/restconf/config/aaa-cert-mdsal**</pair-key> +<!-- <pair-value>authcBasic, roles[admin]</pair-value> --> + <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value> + </urls> + <urls> + <pair-key>/restconf/operational/aaa-cert-mdsal**</pair-key> +<!-- <pair-value>authcBasic, roles[admin]</pair-value> --> + <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value> + </urls> + <urls> + <pair-key>/restconf/operations/aaa-cert-rpc**</pair-key> +<!-- <pair-value>authcBasic, roles[admin]</pair-value> --> + <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value> + </urls> + <urls> + <pair-key>/restconf/config/aaa-authn-model**</pair-key> +<!-- <pair-value>authcBasic, roles[admin]</pair-value> --> + <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value> + </urls> + <urls> + <pair-key>/restconf/operational/aaa-authn-model**</pair-key> +<!-- <pair-value>authcBasic, roles[admin]</pair-value> --> + <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value> + </urls> + <urls> + <pair-key>/restconf/operations/cluster-admin**</pair-key> +<!-- <pair-value>authcBasic, roles[admin]</pair-value> --> + <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value> + </urls> + <urls> + <pair-key>/**</pair-key> +<!-- <pair-value>authcBasic, roles[admin]</pair-value> --> + <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value> + </urls> +</shiro-configuration> + diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties index 007d0e15fe..6631da4029 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties @@ -33,7 +33,7 @@ appc.demo.threads.poolsize.max=2 appc.demo.provider.user=admin appc.demo.provider.pass=admin appc.demo.provider.url=http://localhost:8181/restconf/operations/appc-provider -appc.provider.vfodl.url=http://admin:admin@appc-sdnhost.{{.Release.Namespace}}:8282/restconf/config/network-topology:network-topology/topology/topology-netconf/node/NODE_NAME/yang-ext:mount/sample-plugin:sample-plugin/pg-streams/ +appc.provider.vfodl.url=http://admin:admin@{{.Values.service.name}}:{{.Values.service.externalPort}}/restconf/config/network-topology:network-topology/topology/topology-netconf/node/NODE_NAME/yang-ext:mount/sample-plugin:sample-plugin/pg-streams/ # The properties right below are needed to properly call the Master DG to serve demo purposes appc.service.logic.module.name=APPC @@ -41,11 +41,11 @@ appc.topology.dg.method=topology-operation-all appc.topology.dg.version=2.0.0 # TEMP - Properties that might be needed to make the AAI-APPC connection -org.onap.appc.db.url.appcctl=jdbc:mysql://{{.Values.mysql.service.name}}.{{.Release.Namespace}}:3306/appcctl +org.onap.appc.db.url.appcctl=jdbc:mysql://{{.Values.mysql.service.name}}:3306/appcctl org.onap.appc.db.user.appcctl=appcctl org.onap.appc.db.pass.appcctl=appcctl -org.onap.appc.db.url.sdnctl=jdbc:mysql://{{.Values.mysql.service.name}}.{{.Release.Namespace}}:3306/sdnctl +org.onap.appc.db.url.sdnctl=jdbc:mysql://{{.Values.mysql.service.name}}:3306/sdnctl org.onap.appc.db.user.sdnctl=sdnctl org.onap.appc.db.pass.sdnctl=gamma @@ -81,6 +81,7 @@ appc.LCM.client.name=APPC-EVENT-LISTENER-TEST appc.LCM.provider.user=admin appc.LCM.provider.pass=admin appc.LCM.provider.url=http://localhost:8181/restconf/operations/appc-provider-lcm +appc.LCM.scopeOverlap.endpoint=http://localhost:8181/restconf/operations/interfaces-service:execute-service # properties from appc-netconf-adapter-bundle, appc-dg-common, appc-dmaap-adapter-bundle poolMembers=message-router.{{.Release.Namespace}}:3904 diff --git a/kubernetes/appc/templates/service.yaml b/kubernetes/appc/templates/service.yaml index 6c85985854..733c4ca3be 100644 --- a/kubernetes/appc/templates/service.yaml +++ b/kubernetes/appc/templates/service.yaml @@ -31,6 +31,10 @@ spec: - port: {{ .Values.service.externalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} name: "{{ .Values.service.portName }}-1830" + - port: {{ .Values.service.externalPort3 }} + targetPort: {{ .Values.service.internalPort3 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} + name: "{{ .Values.service.portName }}-9090" {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} @@ -38,6 +42,9 @@ spec: - port: {{ .Values.service.externalPort2 }} targetPort: {{ .Values.service.internalPort2 }} name: {{ .Values.service.portName }}-1830 + - port: {{ .Values.service.externalPort3 }} + targetPort: {{ .Values.service.internalPort3 }} + name: {{ .Values.service.portName }}-9090 {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/appc/templates/statefulset.yaml b/kubernetes/appc/templates/statefulset.yaml index d2da2ec756..791d93393e 100644 --- a/kubernetes/appc/templates/statefulset.yaml +++ b/kubernetes/appc/templates/statefulset.yaml @@ -45,8 +45,9 @@ spec: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.externalPort2 }} readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} + exec: + command: + - /opt/appc/bin/health_check.sh initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: @@ -61,6 +62,8 @@ spec: value: "{{ .Values.config.configDir }}" - name: DMAAP_TOPIC_ENV value: "{{ .Values.config.dmaapTopic }}" + - name: ENABLE_AAF + value: "{{ .Values.config.enableAAF }}" - name: ENABLE_ODL_CLUSTER value: "{{ .Values.config.enableClustering }}" - name: APPC_REPLICAS @@ -81,6 +84,9 @@ spec: - mountPath: /opt/onap/appc/data/properties/aaiclient.properties name: onap-appc-data-properties subPath: aaiclient.properties + - mountPath: /opt/onap/appc/data/properties/aaa-app-config.xml + name: onap-appc-data-properties + subPath: aaa-app-config.xml - mountPath: /opt/onap/appc/svclogic/config/svclogic.properties name: onap-appc-svclogic-config subPath: svclogic.properties @@ -93,6 +99,9 @@ spec: - mountPath: /opt/onap/appc/bin/installAppcDb.sh name: onap-appc-bin subPath: installAppcDb.sh + - mountPath: /opt/onap/appc/bin/health_check.sh + name: onap-appc-bin + subPath: health_check.sh - mountPath: /opt/onap/ccsdk/data/properties/dblib.properties name: onap-sdnc-data-properties subPath: dblib.properties diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml index 79991f51a4..1c20977b90 100644 --- a/kubernetes/appc/values.yaml +++ b/kubernetes/appc/values.yaml @@ -29,7 +29,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/appc-image:1.3.0-SNAPSHOT-latest +image: onap/appc-image:1.4.0-SNAPSHOT-latest pullPolicy: Always # flag to enable debugging - application support required @@ -37,7 +37,10 @@ debugEnabled: false # application configuration config: + aafExtIP: 127.0.0.1 + aafExtFQDN: aaf-onap-beijing-test.osaaf.org dbRootPassword: openECOMP1.0 + enableAAF: false enableClustering: true configDir: /opt/onap/appc/data/properties dmaapTopic: SUCCESS @@ -70,6 +73,9 @@ dgbuilder: service: name: appc-dgbuilder +#passing value to cdt chart. value of nodePort3 will be same as appc.service.nodePort3. +appc-cdt: + nodePort3: 11 # default number of instances replicaCount: 1 @@ -103,6 +109,10 @@ service: nodePort2: 31 clusterPort: 2550 + internalPort3: 9191 + externalPort3: 9090 + nodePort3: 11 + ## Persist data to a persitent volume persistence: enabled: true |