diff options
Diffstat (limited to 'kubernetes/pomba/charts')
13 files changed, 512 insertions, 423 deletions
diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties b/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties index 194ab1d414..41ec250ac8 100644 --- a/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties +++ b/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties @@ -28,6 +28,11 @@ server.tomcat.min-spare-threads=25 # AAI REST Client Configuration aai.serviceName={{ .Values.config.aaiServiceName }}.{{.Release.Namespace}} aai.servicePort={{ .Values.config.aaiPort }} +# AAI APIs authentication mode. Valid values: [basic_auth, client_cert] +aai.authentication=basic_auth +aai.trustStorePath=n/a +aai.keyStorePath=n/a +aai.keyStorePassword=n/a aai.username={{ .Values.config.aaiUsername }} aai.password={{ .Values.config.aaiPassword }} aai.httpProtocol={{ .Values.config.aaiHttpProtocol }} diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties index a59cf41b33..cccba6b7bc 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties +++ b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties @@ -31,6 +31,14 @@ server.tomcat.max-idle-time=60000 #Servlet context parameters server.context_parameters.p-name=value #context parameter with p-name as key and value as value. +#Enable HTTPS +server.port={{ .Values.config.serverSslPort }} +server.ssl.key-store={{ .Values.config.serverSslKeyStore }} +server.ssl.key-store-password={{ .Values.config.serverSslKeyStorePassword }} +server.ssl.client-auth={{ .Values.config.serverSslClientAuth }} +server.ssl.enabled={{ .Values.config.serverSslEnabled }} +server.ssl.enabled-protocols={{ .Values.config.serverSslEnabledProtocols }} + # Basic Authentication basicAuth.username={{ .Values.config.networkDiscoveryUserId }} basicAuth.password={{ .Values.config.networkDiscoveryPassword }} diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000000..9eec841aa2 --- /dev/null +++ b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/log/logback.xml b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/logback.xml index 1f00cbddce..0a4b616453 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/log/logback.xml +++ b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/logback.xml @@ -1,30 +1,31 @@ -<configuration>
- <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
- <property name="p_lvl" value="%level"/>
- <property name="p_log" value="%logger"/>
- <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
- <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <!-- tabs -->
- <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_thr" value="%thread"/>
- <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender name="FILE" class="ch.qos.logback.core.FileAppender">
- <file>output.log</file>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <logger level="INFO" name="org.onap.logging.ref.slf4j" additivity="false">
- <appender-ref ref="STDOUT" />
- <appender-ref ref="FILE" />
- </logger>
- <root level="INFO">
- <appender-ref ref="STDOUT" />
- </root>
-</configuration>
+<configuration > + <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/> + <property name="p_lvl" value="%level"/> + <property name="p_log" value="%logger"/> + <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/> + <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/> + <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/> + <!-- tabs --> + <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/> + <property name="p_thr" value="%thread"/> + <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${pattern}</pattern> + </encoder> + </appender> + <appender name="FILE" class="ch.qos.logback.core.FileAppender"> + <file>/opt/app/logs/EELF/output.log</file> + <encoder> + <pattern>${pattern}</pattern> + </encoder> + </appender> + <logger level="INFO" name="org.onap.logging.ref.slf4j" additivity="false"> + <appender-ref ref="STDOUT" /> + <appender-ref ref="FILE" /> + </logger> + <root level="info"> + <appender-ref ref="STDOUT" /> + <appender-ref ref="FILE" /> + </root> +</configuration> diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/configmap.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/configmap.yaml index 1e377b9b1e..3c8606a835 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/configmap.yaml +++ b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/configmap.yaml @@ -1,30 +1,29 @@ -# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
+# Copyright © 2018 Amdocs +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml index 91b4c5a254..0f980bb402 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml +++ b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml @@ -1,118 +1,127 @@ -# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ .Release.Name }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - mountPath: /opt/app/config/logback.xml
- name: {{ include "common.fullname" . }}-log-conf
- subPath: logback.xml
- - mountPath: /opt/app/config/application.properties
- name: {{ include "common.fullname" . }}-config
- subPath: application.properties
- readOnly: true
- - mountPath: /opt/app/config/auth/client-cert-onap.p12
- name: {{ include "common.fullname" . }}-auth-secret
- subPath: client-cert-onap.p12
- readOnly: true
-
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
-
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-log-conf
- configMap:
- name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- - name: {{ include "common.fullname" . }}-auth-secret
- secret:
- secretName: {{ include "common.fullname" . }}-auth
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ .Release.Name }}-pomba-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
-
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+# Copyright © 2018 Amdocs +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: {{ include "common.fullname" . }}-logs + mountPath: /opt/app/logs + readOnly: false + - mountPath: /opt/app/config/logback.xml + name: {{ include "common.fullname" . }}-log-conf + subPath: logback.xml + - mountPath: /opt/app/config/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + readOnly: true + - mountPath: /opt/app/config/auth/client-cert-onap.p12 + name: {{ include "common.fullname" . }}-auth-secret + subPath: client-cert-onap.p12 + readOnly: true + - mountPath: /opt/app/config/auth/tomcat_keystore + name: {{ include "common.fullname" . }}-auth-secret + subPath: tomcat_keystore + readOnly: true + - name: {{ include "common.fullname" . }}-logs-eelf + mountPath: /opt/app/logs/EELF + readOnly: false + + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: {{ include "common.fullname" . }}-logs + mountPath: /opt/app/logs + + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-auth-secret + secret: + secretName: {{ include "common.fullname" . }}-auth + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-pomba-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs-eelf + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml index 35369e7ba8..33eb2b82ed 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml +++ b/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml @@ -34,6 +34,15 @@ debugEnabled: false # Example: config: # Network Discovery Micro Service REST Client Configuration + + #Enable HTTPS + serverSslPort: 8443 + serverSslKeyStore: /opt/app/config/auth/tomcat_keystore + serverSslKeyStorePassword: password(OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10) + serverSslClientAuth: want + serverSslEnabled: true + serverSslEnabledProtocols: TLSv1.1,TLSv1.2 + # Basic Authorization credentials for Network Discovery Micro Service Rest Service networkDiscoveryUserId: admin networkDiscoveryPassword: OBF:1u2a1toa1w8v1tok1u30 @@ -77,8 +86,8 @@ service: #service being defined. type: NodePort name: pomba-networkdiscovery - externalPort: 8080 - internalPort: 8080 + externalPort: 8443 + internalPort: 8443 nodePort: 99 # nodePort: <replace with unused node port suffix eg. 23> # optional port name override - default can be defined in service.yaml diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml index 79c5f0bfb3..0a4b616453 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml +++ b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml @@ -1,236 +1,31 @@ -<configuration scan="true" scanPeriod="10 seconds" debug="false"> - <jmxConfigurator /> - <property file="/opt/app/config/application.properties" /> - <property name="logDirectory" value="/var/log/onap/pomba-networkdiscoveryctxbuilder" /> - <!-- Example evaluator filter applied against console appender --> - <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <!-- filter class="ch.qos.logback.classic.filter.LevelFilter"> <level>ERROR</level> - <onMatch>ACCEPT</onMatch> <onMismatch>DENY</onMismatch> </filter --> - <!-- deny all events with a level below INFO, that is TRACE and DEBUG --> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>INFO</level> - </filter> - <encoder> - <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n - </pattern> - </encoder> - </appender> - - <appender name="ERROR" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>INFO</level> - </filter> - <file>${logDirectory}/error.log</file> - <append>true</append> - <encoder> - <pattern>%date{"yyyy-MM-dd'T'HH:mm:ss,SSSXXX", UTC}|%X{RequestId}|%.20thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDescription}|%msg%n</pattern> - </encoder> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <maxIndex>10</maxIndex> - <FileNamePattern>${logDirectory}/error.%i.log.zip - </FileNamePattern> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>10MB</maxFileSize> - </triggeringPolicy> - </appender> - - <appender name="DEBUG" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/debug.log</file> - <append>true</append> - <encoder> - <pattern>%date{"yyyy-MM-dd'T'HH:mm:ss,SSSXXX",UTC}|%X{RequestId}|%.20thread|%.-5level|%logger{36}|%msg%n</pattern> - </encoder> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>5</maxHistory> - </rollingPolicy> - </appender> - - <appender name="AUDIT" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/audit.log</file> - <append>true</append> - <encoder> - <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n - </pattern> - </encoder> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <maxIndex>10</maxIndex> - <FileNamePattern>${logDirectory}/audit.%i.log.zip - </FileNamePattern> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>10MB</maxFileSize> - </triggeringPolicy> - </appender> - <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="AUDIT" /> - </appender> - - <appender name="METRIC" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/metric.log</file> - <append>true</append> - <encoder> - <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| - %msg%n</pattern> - </encoder> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <maxIndex>10</maxIndex> - <FileNamePattern>${logDirectory}/metric.%i.log.zip - </FileNamePattern> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>10MB</maxFileSize> - </triggeringPolicy> - </appender> - <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="METRIC" /> - </appender> - - <!-- SECURITY related loggers --> - <appender name="SECURITY" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/security.log</file> - <append>true</append> - <encoder> - <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n - </pattern> - </encoder> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <maxIndex>10</maxIndex> - <FileNamePattern>${logDirectory}/security.%i.log.zip - </FileNamePattern> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>10MB</maxFileSize> - </triggeringPolicy> - </appender> - <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="SECURITY" /> - </appender> - - <!-- CLDS related loggers --> - <logger name="org.onap.pomba.clds" level="INFO" additivity="true"> - <appender-ref ref="ERROR" /> - </logger> - - <!-- CLDS related loggers --> - <logger name="com.att.eelf.error" level="OFF" additivity="true"> - <appender-ref ref="ERROR" /> - </logger> - <!-- EELF related loggers --> - <logger name="com.att.eelf.audit" level="INFO" additivity="false"> - <appender-ref ref="asyncEELFAudit" /> - </logger> - <logger name="com.att.eelf.metrics" level="DEBUG" additivity="false"> - <appender-ref ref="asyncEELFMetrics" /> - </logger> - <logger name="com.att.eelf.security" level="DEBUG" additivity="false"> - <appender-ref ref="asyncEELFSecurity" /> - </logger> - - - <!-- Spring related loggers --> - <logger name="org.springframework" level="WARN" /> - <logger name="org.springframework.beans" level="WARN" /> - <logger name="org.springframework.web" level="WARN" /> - <logger name="com.blog.spring.jms" level="WARN" /> - - <!-- Other Loggers that may help troubleshoot --> - <logger name="net.sf" level="WARN" /> - <logger name="org.apache.commons.httpclient" level="WARN" /> - <logger name="org.apache.commons" level="WARN" /> - <logger name="org.apache.coyote" level="WARN" /> - <logger name="org.apache.jasper" level="WARN" /> - - <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. - May aid in troubleshooting) --> - <logger name="org.apache.camel" level="WARN" /> - <logger name="org.apache.cxf" level="WARN" /> - <logger name="org.apache.camel.processor.interceptor" level="WARN" /> - <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" /> - <logger name="org.apache.cxf.service" level="WARN" /> - <logger name="org.restlet" level="DEBUG" /> - <logger name="org.apache.camel.component.restlet" level="DEBUG" /> - - <!-- logback internals logging --> - <logger name="ch.qos.logback.classic" level="INFO" /> - <logger name="ch.qos.logback.core" level="INFO" /> - - <!-- logback jms appenders & loggers definition starts here --> - <!-- logback jms appenders & loggers definition starts here --> - <appender name="auditLogs" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - </filter> - <file>${logDirectory}/Audit.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <fileNamePattern>${logDirectory}/Audit.%i.log.zip - </fileNamePattern> - <minIndex>1</minIndex> - <maxIndex>9</maxIndex> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>5MB</maxFileSize> - </triggeringPolicy> - <encoder> - <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> - </encoder> - </appender> - <appender name="perfLogs" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - </filter> - <file>${logDirectory}/Perform.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <fileNamePattern>${logDirectory}/Perform.%i.log.zip - </fileNamePattern> - <minIndex>1</minIndex> - <maxIndex>9</maxIndex> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>5MB</maxFileSize> - </triggeringPolicy> - <encoder> - <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> - </encoder> - </appender> - <logger name="AuditRecord" level="INFO" additivity="FALSE"> - <appender-ref ref="auditLogs" /> - </logger> - <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE"> - <appender-ref ref="auditLogs" /> - </logger> - <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE"> - <appender-ref ref="perfLogs" /> - </logger> - <!-- logback jms appenders & loggers definition ends here --> - - <root level="WARN"> - <appender-ref ref="DEBUG" /> - <appender-ref ref="STDOUT" /> - </root> - +<configuration > + <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/> + <property name="p_lvl" value="%level"/> + <property name="p_log" value="%logger"/> + <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/> + <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/> + <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/> + <!-- tabs --> + <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/> + <property name="p_thr" value="%thread"/> + <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${pattern}</pattern> + </encoder> + </appender> + <appender name="FILE" class="ch.qos.logback.core.FileAppender"> + <file>/opt/app/logs/EELF/output.log</file> + <encoder> + <pattern>${pattern}</pattern> + </encoder> + </appender> + <logger level="INFO" name="org.onap.logging.ref.slf4j" additivity="false"> + <appender-ref ref="STDOUT" /> + <appender-ref ref="FILE" /> + </logger> + <root level="info"> + <appender-ref ref="STDOUT" /> + <appender-ref ref="FILE" /> + </root> </configuration> diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml index 462ee68563..ebb1d3783e 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml +++ b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml @@ -56,7 +56,8 @@ spec: name: localtime readOnly: true - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + mountPath: /opt/app/logs + readOnly: false - mountPath: /opt/app/config/logback.xml name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml @@ -64,6 +65,9 @@ spec: name: {{ include "common.fullname" . }}-config readOnly: true subPath: application.properties + - name: {{ include "common.fullname" . }}-logs-eelf + mountPath: /opt/app/logs/EELF + readOnly: false resources: {{ include "common.resources" . | indent 12 }} @@ -87,7 +91,7 @@ spec: - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + mountPath: /opt/app/logs volumes: - name: localtime @@ -106,7 +110,7 @@ spec: emptyDir: {} - name: {{ include "common.fullname" . }}-logs emptyDir: {} - - + - name: {{ include "common.fullname" . }}-logs-eelf + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml index ff1f6c86af..9e4a8807cb 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml +++ b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml @@ -52,7 +52,7 @@ config: # Network Discovery Micro Service REST Client Configuration networkDiscoveryServiceName: pomba-networkdiscovery networkDiscoveryPort: 9531 - networkDiscoveryHttpProtocol: http + networkDiscoveryHttpProtocol: https networkDiscoveryPath: /network-discovery/v1/network/resource # Wait for Network Discovery MicroService response in milliseconds networkDiscoveryTimeOutInMilliseconds: 60000 @@ -116,4 +116,4 @@ resources: requests: cpu: 200m memory: 800Mi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/application.properties b/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/application.properties index e9bd107d94..fcfe9dc412 100644 --- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/application.properties +++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/application.properties @@ -34,6 +34,11 @@ sdncCtxBuilder.password={{ .Values.config.sdncCtxBuilderPassword }} # AAI REST Client Configuration aai.serviceName={{ .Values.config.aaiServiceName }}.{{.Release.Namespace}} aai.servicePort={{ .Values.config.aaiPort }} +# AAI APIs authentication mode. Valid values: [basic_auth, client_cert] +aai.authentication=basic_auth +aai.trustStorePath=n/a +aai.keyStorePath=n/a +aai.keyStorePassword=n/a aai.username={{ .Values.config.aaiUsername }} aai.password={{ .Values.config.aaiPassword }} aai.httpProtocol={{ .Values.config.aaiHttpProtocol }} diff --git a/kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/application.properties b/kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/application.properties index 5b64f841e2..8c7d27cab0 100644 --- a/kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/application.properties +++ b/kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/application.properties @@ -34,6 +34,11 @@ basicAuth.password={{ .Values.config.serviceDecompositionPassword }} # AAI REST Client Configuration aai.serviceName={{ .Values.config.aaiServiceName }}.{{.Release.Namespace}} aai.servicePort={{ .Values.config.aaiPort }} +# AAI APIs authentication mode. Valid values: [basic_auth, client_cert] +aai.authentication=basic_auth +aai.trustStorePath=n/a +aai.keyStorePath=n/a +aai.keyStorePassword=n/a aai.username={{ .Values.config.aaiUsername }} aai.password={{ .Values.config.aaiPassword }} aai.httpProtocol={{ .Values.config.aaiHttpProtocol }} diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy b/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy index f74d832449..1dc97da288 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy +++ b/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy @@ -65,6 +65,90 @@ entity { attributes 'context-list.ndcb.vfList[*].vfModuleList[*].networkList[*]', 'context-list.aai.vfList[*].vfModuleList[*].networkList[*]' } + // SDNC-AAI comparison: Context level + useRule { + name 'SDNC-AAI-attribute-comparison' + attributes 'context-list.sdnc', 'context-list.aai' + } + + // SDNC-AAI comparison: Service entity + useRule { + name 'SDNC-AAI-attribute-comparison' + attributes 'context-list.sdnc.service', 'context-list.aai.service' + } + + // SDNC-AAI comparison: VF list + useRule { + name 'SDNC-AAI-attribute-comparison' + attributes 'context-list.sdnc.vfList[*]', 'context-list.aai.vfList[*]' + } + + // SDNC-AAI comparison: VF-Module list + useRule { + name 'SDNC-AAI-attribute-comparison' + attributes 'context-list.sdnc.vfList[*].vfModuleList[*]', 'context-list.aai.vfList[*].vfModuleList[*]' + } + + // SDNC-AAI comparison: VNFC list + useRule { + name 'SDNC-AAI-attribute-comparison' + attributes 'context-list.sdnc.vfList[*].vnfcList[*]', 'context-list.aai.vfList[*].vnfcList[*]' + } + + // SDNC-AAI comparison: VM list + useRule { + name 'SDNC-AAI-attribute-comparison' + attributes 'context-list.sdnc.vfList[*].vfModuleList[*].vmList[*]', 'context-list.aai.vfList[*].vfModuleList[*].vmList[*]' + } + + // SDNC-AAI comparison: Network list + useRule { + name 'SDNC-AAI-attribute-comparison' + attributes 'context-list.sdnc.vfList[*].vfModuleList[*].networkList[*]', 'context-list.aai.vfList[*].vfModuleList[*].networkList[*]' + } + + // SDNC-NDCB comparison: Context level + useRule { + name 'SDNC-NDCB-attribute-comparison' + attributes 'context-list.sdnc', 'context-list.ndcb' + } + + // SDNC-NDCB comparison: Service entity + useRule { + name 'SDNC-NDCB-attribute-comparison' + attributes 'context-list.sdnc.service', 'context-list.ndcb.service' + } + + // SDNC-NDCB comparison: VF list + useRule { + name 'SDNC-NDCB-attribute-comparison' + attributes 'context-list.sdnc.vfList[*]', 'context-list.ndcb.vfList[*]' + } + + // SDNC-NDCB comparison: VF-Module list + useRule { + name 'SDNC-NDCB-attribute-comparison' + attributes 'context-list.sdnc.vfList[*].vfModuleList[*]', 'context-list.ndcb.vfList[*].vfModuleList[*]' + } + + // SDNC-NDCB comparison: VNFC list + useRule { + name 'SDNC-NDCB-attribute-comparison' + attributes 'context-list.sdnc.vfList[*].vnfcList[*]', 'context-list.ndcb.vfList[*].vnfcList[*]' + } + + // SDNC-NDCB comparison: VM list + useRule { + name 'SDNC-NDCB-attribute-comparison' + attributes 'context-list.sdnc.vfList[*].vfModuleList[*].vmList[*]', 'context-list.ndcb.vfList[*].vfModuleList[*].vmList[*]' + } + + // SDNC-NDCB comparison: Network list + useRule { + name 'SDNC-NDCB-attribute-comparison' + attributes 'context-list.sdnc.vfList[*].vfModuleList[*].networkList[*]', 'context-list.ndcb.vfList[*].vfModuleList[*].networkList[*]' + } + // SDC-AAI VNFC type useRule { name 'SDC-AAI-vnfc-type' @@ -155,7 +239,7 @@ rule { name 'NDCB-AAI-attribute-comparison' category 'Attribute Mismatch' description 'Verify that all attributes in Network-Discovery are the same as in AAI' - errorText 'Error found with attribute "{0}"; value "{1}" does not exist in Network-Discovery' + errorText 'Error found with attribute "{0}"; Network-Discovery value does not match AAI value "{1}"' severity 'ERROR' attributes 'ndcbItems', 'aaiItems' validate ''' @@ -231,4 +315,169 @@ rule { } return new Tuple2(result, details) ''' -}
\ No newline at end of file +} + +rule { + name 'SDNC-AAI-attribute-comparison' + category 'Attribute Mismatch' + description 'Verify that all attributes in SDN-C are the same as in AAI' + errorText 'Error found with attribute "{0}"; SDN-C value does not match AAI value "{1}"' + severity 'ERROR' + attributes 'sdncItems', 'aaiItems' + validate ''' + Closure<java.util.Map> getAttributes = { parsedData -> + java.util.Map attributeMap = new java.util.HashMap() + + def isAttributeDataQualityOk = { attribute -> + attribute.findResult{ k, v -> if(k.equals("dataQuality") ) {return v.get("status")}}.equals("ok") + } + + def addToMap = { attrKey, attrValue -> + java.util.Set values = attributeMap.get("$attrKey") + if(values == null) { + values = new java.util.HashSet() + attributeMap.put("$attrKey", values) + } + values.add("$attrValue") + } + + def addAttributeToMap = { attribute -> + if(isAttributeDataQualityOk(attribute)) { + String key, value + attribute.each { k, v -> + if(k.equals("name")) {key = "$v"} + if(k.equals("value")) {value = "$v"} + } + addToMap("$key", "$value") + } + } + + def processKeyValue = { key, value -> + if(value instanceof java.util.ArrayList) { + if(key.equals("attributeList")) { + value.each { + addAttributeToMap(it) + } + } + } else if(!(value instanceof groovy.json.internal.LazyMap)) { + // only add key-value attributes, skip the rest + addToMap("$key", "$value") + } + } + + if(parsedData instanceof java.util.ArrayList) { + parsedData.each { + it.each { key, value -> processKeyValue(key, value) } + } + } else { + parsedData.each { key, value -> processKeyValue(key, value) } + } + return attributeMap + } + + def slurper = new groovy.json.JsonSlurper() + java.util.Map sdnc = getAttributes(slurper.parseText(sdncItems.toString())) + java.util.Map aai = getAttributes(slurper.parseText(aaiItems.toString())) + + boolean result = true + List<String> details = new ArrayList<>(); + sdnc.any{ sdncKey, sdncValueList -> + def aaiValueList = aai.get("$sdncKey") + aaiValueList.each{ aaiValue -> + if(!sdncValueList.any{ it == "$aaiValue" }) { + result = false + details.add("$sdncKey") + details.add("$aaiValue") + } + } + if(result == false) { + // break out of 'any' loop + return true + } + } + return new Tuple2(result, details) + ''' +} + + +rule { + name 'SDNC-NDCB-attribute-comparison' + category 'Attribute Mismatch' + description 'Verify that all attributes in SDN-C are the same as in Network Discovery' + errorText 'Error found with attribute "{0}"; SDN-C value does not match Network-Discovery value "{1}"' + severity 'ERROR' + attributes 'sdncItems', 'ndcbItems' + validate ''' + Closure<java.util.Map> getAttributes = { parsedData -> + java.util.Map attributeMap = new java.util.HashMap() + + def isAttributeDataQualityOk = { attribute -> + attribute.findResult{ k, v -> if(k.equals("dataQuality") ) {return v.get("status")}}.equals("ok") + } + + def addToMap = { attrKey, attrValue -> + java.util.Set values = attributeMap.get("$attrKey") + if(values == null) { + values = new java.util.HashSet() + attributeMap.put("$attrKey", values) + } + values.add("$attrValue") + } + + def addAttributeToMap = { attribute -> + if(isAttributeDataQualityOk(attribute)) { + String key, value + attribute.each { k, v -> + if(k.equals("name")) {key = "$v"} + if(k.equals("value")) {value = "$v"} + } + addToMap("$key", "$value") + } + } + + def processKeyValue = { key, value -> + if(value instanceof java.util.ArrayList) { + if(key.equals("attributeList")) { + value.each { + addAttributeToMap(it) + } + } + } else if(!(value instanceof groovy.json.internal.LazyMap)) { + // only add key-value attributes, skip the rest + addToMap("$key", "$value") + } + } + + if(parsedData instanceof java.util.ArrayList) { + parsedData.each { + it.each { key, value -> processKeyValue(key, value) } + } + } else { + parsedData.each { key, value -> processKeyValue(key, value) } + } + return attributeMap + } + + def slurper = new groovy.json.JsonSlurper() + java.util.Map sdnc = getAttributes(slurper.parseText(sdncItems.toString())) + java.util.Map ndcb = getAttributes(slurper.parseText(ndcbItems.toString())) + + boolean result = true + List<String> details = new ArrayList<>(); + sdnc.any{ sdncKey, sdncValueList -> + def ndcbValueList = ndcb.get("$sdncKey") + ndcbValueList.each{ ndcbValue -> + if(!sdncValueList.any{ it == "$ndcbValue" }) { + result = false + details.add("$sdncKey") + details.add("$ndcbValue") + } + } + if(result == false) { + // break out of 'any' loop + return true + } + } + return new Tuple2(result, details) + ''' +} |