summaryrefslogtreecommitdiffstats
path: root/kubernetes/appc
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/appc')
-rw-r--r--kubernetes/appc/charts/appc-cdt/templates/deployment.yaml7
-rw-r--r--kubernetes/appc/charts/appc-cdt/values.yaml2
-rwxr-xr-xkubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh15
-rwxr-xr-xkubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh15
-rw-r--r--kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml120
-rw-r--r--kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties7
-rw-r--r--kubernetes/appc/templates/service.yaml7
-rw-r--r--kubernetes/appc/templates/statefulset.yaml13
-rw-r--r--kubernetes/appc/values.yaml12
9 files changed, 189 insertions, 9 deletions
diff --git a/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml b/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml
index 2226b75bbf..8ac5d3ed1f 100644
--- a/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml
+++ b/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml
@@ -21,6 +21,8 @@ spec:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /opt/startCdt.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.name }}
@@ -39,6 +41,11 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ # This sets the port that CDT will use to connect to the main appc container.
+ # The 11 is the node port suffix that is used in the main appc oom templates
+ # for nodePort3. This value will be configured in appc main chart in appc-cdt section.
+ - name: CDT_PORT
+ value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort3 }}"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/appc/charts/appc-cdt/values.yaml b/kubernetes/appc/charts/appc-cdt/values.yaml
index 123098cdd2..c29452de6c 100644
--- a/kubernetes/appc/charts/appc-cdt/values.yaml
+++ b/kubernetes/appc/charts/appc-cdt/values.yaml
@@ -9,7 +9,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/appc-cdt-image:1.3.0-SNAPSHOT-latest
+image: onap/appc-cdt-image:1.3.0
pullPolicy: Always
# application configuration
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh
new file mode 100755
index 0000000000..544358c1af
--- /dev/null
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh
@@ -0,0 +1,15 @@
+#!/bin/bash -x
+
+startODL_status=$(ps -e | grep startODL | wc -l)
+waiting_bundles=$(/opt/opendaylight/current/bin/client bundle:list | grep Waiting | wc -l)
+run_level=$(/opt/opendaylight/current/bin/client system:start-level)
+
+ if [ "$run_level" == "Level 100" ] && [ "$startODL_status" -lt "1" ] && [ "$waiting_bundles" -lt "1" ]
+ then
+ echo APPC is healthy.
+ else
+ echo APPC is not healthy.
+ exit 1
+ fi
+
+exit 0
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
index e13193f364..18a2783c5f 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
@@ -55,6 +55,9 @@ APPC_HOME=${APPC_HOME:-/opt/onap/appc}
SLEEP_TIME=${SLEEP_TIME:-120}
MYSQL_PASSWD=${MYSQL_PASSWD:-{{.Values.config.dbRootPassword}}}
ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false}
+ENABLE_AAF=${ENABLE_AAF:-false}
+AAF_EXT_IP=${AAF_EXT_IP:-{{.Values.config.aafExtIP}}}
+AAF_EXT_FQDN=${AAF_EXT_FQDN:-{{.Values.config.aafExtFQDN}}}
appcInstallStartTime=$(date +%s)
@@ -143,8 +146,13 @@ then
echo "" >> ${ODL_HOME}/etc/system.properties
echo "Copying the aaa shiro configuration into opendaylight"
- cp ${APPC_HOME}/data/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
-
+ if $ENABLE_AAF
+ then
+ echo "${AAF_EXT_IP} ${AAF_EXT_FQDN}" >> /etc/hosts
+ cp ${APPC_HOME}/data/properties/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
+ else
+ cp ${APPC_HOME}/data/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
+ fi
echo "Restarting OpenDaylight"
${ODL_HOME}/bin/stop
@@ -173,5 +181,8 @@ fi
appcInstallEndTime=$(date +%s)
echo "Total Appc install took $(expr $appcInstallEndTime - $appcInstallStartTime) seconds"
+echo "Starting cdt-proxy-service jar, logging to ${APPC_HOME}/cdt-proxy-service/jar.log"
+java -jar ${APPC_HOME}/cdt-proxy-service/cdt-proxy-service.jar > ${APPC_HOME}/cdt-proxy-service/jar.log &
+
exec ${ODL_HOME}/bin/karaf
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml
new file mode 100644
index 0000000000..31bc4e31de
--- /dev/null
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" ?>
+<!--
+###
+# ============LICENSE_START=======================================================
+# APPC
+# ================================================================================
+# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+ -->
+
+<shiro-configuration xmlns="urn:opendaylight:aaa:app:config">
+
+ <!--
+ ================================= TokenAuthRealm ==================================
+ = =
+ = Use org.onap.aaf.cadi.shiro.AAFRealm to enable AAF authentication =
+ = Use org.opendaylight.aaa.shiro.realm.TokenAuthRealm =
+ ===================================================================================
+ -->
+ <main>
+ <pair-key>tokenAuthRealm</pair-key>
+<!-- <pair-value>org.opendaylight.aaa.shiro.realm.TokenAuthRealm</pair-value> -->
+ <pair-value>org.onap.aaf.cadi.shiro.AAFRealm</pair-value>
+ </main>
+
+
+ <!-- add tokenAuthRealm as the only default realm -->
+ <main>
+ <pair-key>securityManager.realms</pair-key>
+ <pair-value>$tokenAuthRealm</pair-value>
+ </main>
+
+ <!-- Used to support OAuth2 use case. -->
+ <main>
+ <pair-key>authcBasic</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter</pair-value>
+ </main>
+
+ <!-- in order to track AAA challenge attempts -->
+ <main>
+ <pair-key>accountingListener</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.filters.AuthenticationListener</pair-value>
+ </main>
+ <main>
+ <pair-key>securityManager.authenticator.authenticationListeners</pair-key>
+ <pair-value>$accountingListener</pair-value>
+ </main>
+
+ <!-- Model based authorization scheme supporting RBAC for REST endpoints -->
+ <main>
+ <pair-key>dynamicAuthorization</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value>
+ </main>
+
+
+ <!--
+ ===================================================================================
+ = URLS =
+ = For AAF use <pair-value> authcBasic, roles[org.onap.appc.odl|odl-api\*] =
+ = org.onap.appc.odl|odl-api|* can be replaced with other AAF permissions =
+ = For default <pair-value> authcBasic, roles[admin] =
+ ===================================================================================
+ -->
+
+ <!-- restrict access to some endpoints by default -->
+ <urls>
+ <pair-key>/auth/**</pair-key>
+<!-- <pair-value>authcBasic, roles[admin], dynamicAuthorization</pair-value> -->
+ <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+ </urls>
+ <urls>
+ <pair-key>/restconf/config/aaa-cert-mdsal**</pair-key>
+<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
+ <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+ </urls>
+ <urls>
+ <pair-key>/restconf/operational/aaa-cert-mdsal**</pair-key>
+<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
+ <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+ </urls>
+ <urls>
+ <pair-key>/restconf/operations/aaa-cert-rpc**</pair-key>
+<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
+ <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+ </urls>
+ <urls>
+ <pair-key>/restconf/config/aaa-authn-model**</pair-key>
+<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
+ <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+ </urls>
+ <urls>
+ <pair-key>/restconf/operational/aaa-authn-model**</pair-key>
+<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
+ <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+ </urls>
+ <urls>
+ <pair-key>/restconf/operations/cluster-admin**</pair-key>
+<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
+ <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+ </urls>
+ <urls>
+ <pair-key>/**</pair-key>
+<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
+ <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value>
+ </urls>
+</shiro-configuration>
+
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties
index 007d0e15fe..6631da4029 100644
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties
@@ -33,7 +33,7 @@ appc.demo.threads.poolsize.max=2
appc.demo.provider.user=admin
appc.demo.provider.pass=admin
appc.demo.provider.url=http://localhost:8181/restconf/operations/appc-provider
-appc.provider.vfodl.url=http://admin:admin@appc-sdnhost.{{.Release.Namespace}}:8282/restconf/config/network-topology:network-topology/topology/topology-netconf/node/NODE_NAME/yang-ext:mount/sample-plugin:sample-plugin/pg-streams/
+appc.provider.vfodl.url=http://admin:admin@{{.Values.service.name}}:{{.Values.service.externalPort}}/restconf/config/network-topology:network-topology/topology/topology-netconf/node/NODE_NAME/yang-ext:mount/sample-plugin:sample-plugin/pg-streams/
# The properties right below are needed to properly call the Master DG to serve demo purposes
appc.service.logic.module.name=APPC
@@ -41,11 +41,11 @@ appc.topology.dg.method=topology-operation-all
appc.topology.dg.version=2.0.0
# TEMP - Properties that might be needed to make the AAI-APPC connection
-org.onap.appc.db.url.appcctl=jdbc:mysql://{{.Values.mysql.service.name}}.{{.Release.Namespace}}:3306/appcctl
+org.onap.appc.db.url.appcctl=jdbc:mysql://{{.Values.mysql.service.name}}:3306/appcctl
org.onap.appc.db.user.appcctl=appcctl
org.onap.appc.db.pass.appcctl=appcctl
-org.onap.appc.db.url.sdnctl=jdbc:mysql://{{.Values.mysql.service.name}}.{{.Release.Namespace}}:3306/sdnctl
+org.onap.appc.db.url.sdnctl=jdbc:mysql://{{.Values.mysql.service.name}}:3306/sdnctl
org.onap.appc.db.user.sdnctl=sdnctl
org.onap.appc.db.pass.sdnctl=gamma
@@ -81,6 +81,7 @@ appc.LCM.client.name=APPC-EVENT-LISTENER-TEST
appc.LCM.provider.user=admin
appc.LCM.provider.pass=admin
appc.LCM.provider.url=http://localhost:8181/restconf/operations/appc-provider-lcm
+appc.LCM.scopeOverlap.endpoint=http://localhost:8181/restconf/operations/interfaces-service:execute-service
# properties from appc-netconf-adapter-bundle, appc-dg-common, appc-dmaap-adapter-bundle
poolMembers=message-router.{{.Release.Namespace}}:3904
diff --git a/kubernetes/appc/templates/service.yaml b/kubernetes/appc/templates/service.yaml
index 6c85985854..733c4ca3be 100644
--- a/kubernetes/appc/templates/service.yaml
+++ b/kubernetes/appc/templates/service.yaml
@@ -31,6 +31,10 @@ spec:
- port: {{ .Values.service.externalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: "{{ .Values.service.portName }}-1830"
+ - port: {{ .Values.service.externalPort3 }}
+ targetPort: {{ .Values.service.internalPort3 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
+ name: "{{ .Values.service.portName }}-9090"
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
@@ -38,6 +42,9 @@ spec:
- port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName }}-1830
+ - port: {{ .Values.service.externalPort3 }}
+ targetPort: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.portName }}-9090
{{- end}}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/appc/templates/statefulset.yaml b/kubernetes/appc/templates/statefulset.yaml
index d2da2ec756..791d93393e 100644
--- a/kubernetes/appc/templates/statefulset.yaml
+++ b/kubernetes/appc/templates/statefulset.yaml
@@ -45,8 +45,9 @@ spec:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.externalPort2 }}
readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
+ exec:
+ command:
+ - /opt/appc/bin/health_check.sh
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
@@ -61,6 +62,8 @@ spec:
value: "{{ .Values.config.configDir }}"
- name: DMAAP_TOPIC_ENV
value: "{{ .Values.config.dmaapTopic }}"
+ - name: ENABLE_AAF
+ value: "{{ .Values.config.enableAAF }}"
- name: ENABLE_ODL_CLUSTER
value: "{{ .Values.config.enableClustering }}"
- name: APPC_REPLICAS
@@ -81,6 +84,9 @@ spec:
- mountPath: /opt/onap/appc/data/properties/aaiclient.properties
name: onap-appc-data-properties
subPath: aaiclient.properties
+ - mountPath: /opt/onap/appc/data/properties/aaa-app-config.xml
+ name: onap-appc-data-properties
+ subPath: aaa-app-config.xml
- mountPath: /opt/onap/appc/svclogic/config/svclogic.properties
name: onap-appc-svclogic-config
subPath: svclogic.properties
@@ -93,6 +99,9 @@ spec:
- mountPath: /opt/onap/appc/bin/installAppcDb.sh
name: onap-appc-bin
subPath: installAppcDb.sh
+ - mountPath: /opt/onap/appc/bin/health_check.sh
+ name: onap-appc-bin
+ subPath: health_check.sh
- mountPath: /opt/onap/ccsdk/data/properties/dblib.properties
name: onap-sdnc-data-properties
subPath: dblib.properties
diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml
index 79991f51a4..1c20977b90 100644
--- a/kubernetes/appc/values.yaml
+++ b/kubernetes/appc/values.yaml
@@ -29,7 +29,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/appc-image:1.3.0-SNAPSHOT-latest
+image: onap/appc-image:1.4.0-SNAPSHOT-latest
pullPolicy: Always
# flag to enable debugging - application support required
@@ -37,7 +37,10 @@ debugEnabled: false
# application configuration
config:
+ aafExtIP: 127.0.0.1
+ aafExtFQDN: aaf-onap-beijing-test.osaaf.org
dbRootPassword: openECOMP1.0
+ enableAAF: false
enableClustering: true
configDir: /opt/onap/appc/data/properties
dmaapTopic: SUCCESS
@@ -70,6 +73,9 @@ dgbuilder:
service:
name: appc-dgbuilder
+#passing value to cdt chart. value of nodePort3 will be same as appc.service.nodePort3.
+appc-cdt:
+ nodePort3: 11
# default number of instances
replicaCount: 1
@@ -103,6 +109,10 @@ service:
nodePort2: 31
clusterPort: 2550
+ internalPort3: 9191
+ externalPort3: 9090
+ nodePort3: 11
+
## Persist data to a persitent volume
persistence:
enabled: true