diff options
Diffstat (limited to 'kubernetes/sdnc')
-rw-r--r-- | kubernetes/sdnc/Makefile | 5 | ||||
-rw-r--r-- | kubernetes/sdnc/components/Makefile | 5 | ||||
-rw-r--r-- | kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties | 35 | ||||
-rw-r--r-- | kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml | 3 | ||||
-rw-r--r-- | kubernetes/sdnc/components/dmaap-listener/values.yaml | 2 | ||||
-rw-r--r-- | kubernetes/sdnc/components/sdnc-ansible-server/values.yaml | 2 | ||||
-rw-r--r-- | kubernetes/sdnc/components/sdnc-web/values.yaml | 2 | ||||
-rw-r--r-- | kubernetes/sdnc/components/ueb-listener/values.yaml | 2 | ||||
-rw-r--r-- | kubernetes/sdnc/resources/config/bin/startODL.oom.sh | 322 | ||||
-rwxr-xr-x | kubernetes/sdnc/resources/config/bin/startODL.sh | 1 | ||||
-rw-r--r-- | kubernetes/sdnc/resources/config/conf/setenv | 10 | ||||
-rw-r--r-- | kubernetes/sdnc/templates/service.yaml | 6 | ||||
-rw-r--r-- | kubernetes/sdnc/templates/statefulset.yaml | 57 | ||||
-rw-r--r-- | kubernetes/sdnc/values.yaml | 55 |
14 files changed, 491 insertions, 16 deletions
diff --git a/kubernetes/sdnc/Makefile b/kubernetes/sdnc/Makefile index e4b5dda95d..1518f3c3c6 100644 --- a/kubernetes/sdnc/Makefile +++ b/kubernetes/sdnc/Makefile @@ -20,6 +20,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -40,7 +41,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/sdnc/components/Makefile b/kubernetes/sdnc/components/Makefile index 4e737638a6..c38171c1e5 100644 --- a/kubernetes/sdnc/components/Makefile +++ b/kubernetes/sdnc/components/Makefile @@ -20,6 +20,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -40,7 +41,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties new file mode 100644 index 0000000000..f114a9c65b --- /dev/null +++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties @@ -0,0 +1,35 @@ +TransportType=HTTPNOAUTH +Latitude =50.000000 +Longitude =-100.000000 +Version =1.0 +ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events +Environment =TEST +Partner = +routeOffer=MR1 +SubContextPath =/ +Protocol =http +MethodType =GET +username =UNUSED +password =UNUSED +contenttype =application/json +authKey=UNUSED +authDate=UNUSED +host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +topic=RAN-Slice-Mgmt +group=users +id=sdnc1 +timeout=15000 +limit=1000 +filter= +AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler +AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler +AFT_DME2_REQ_TRACE_ON=true +AFT_ENVIRONMENT=AFTUAT +AFT_DME2_EP_CONN_TIMEOUT=15000 +AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 +AFT_DME2_EP_READ_TIMEOUT_MS=50000 +sessionstickinessrequired=NO +DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt +sdnc.odl.user=${ODL_USER} +sdnc.odl.password=${ODL_PASSWORD} +sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml index 4c288b2a6f..e3dfa869ee 100644 --- a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml @@ -104,6 +104,9 @@ spec: - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-oofpcipoc.properties name: properties subPath: dmaap-consumer-oofpcipoc.properties + - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-RANSlice.properties + name: properties + subPath: dmaap-consumer-RANSlice.properties resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml index 1a70926f4f..4c8ff3992a 100644 --- a/kubernetes/sdnc/components/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml @@ -55,7 +55,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-dmaap-listener-image:1.8.4 +image: onap/sdnc-dmaap-listener-image:2.0.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml index 7eb32b10e5..654867fcc8 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml @@ -55,7 +55,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ansible-server-image:1.8.4 +image: onap/sdnc-ansible-server-image:2.0.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml index bcf3cff752..9eb8495da6 100644 --- a/kubernetes/sdnc/components/sdnc-web/values.yaml +++ b/kubernetes/sdnc/components/sdnc-web/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: "onap/sdnc-web-image:1.8.3" +image: "onap/sdnc-web-image:2.0.1" pullPolicy: Always config: diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml index a8b7c13550..ad5cbda4f3 100644 --- a/kubernetes/sdnc/components/ueb-listener/values.yaml +++ b/kubernetes/sdnc/components/ueb-listener/values.yaml @@ -61,7 +61,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ueb-listener-image:1.8.4 +image: onap/sdnc-ueb-listener-image:2.0.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/resources/config/bin/startODL.oom.sh b/kubernetes/sdnc/resources/config/bin/startODL.oom.sh new file mode 100644 index 0000000000..721f3407d5 --- /dev/null +++ b/kubernetes/sdnc/resources/config/bin/startODL.oom.sh @@ -0,0 +1,322 @@ +#!/bin/bash + +### +# ============LICENSE_START======================================================= +# SDNC +# ================================================================================ +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Update by Copyright (C) 2020 highstreet technologies GmbH. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + +# Install SDN-C platform components if not already installed and start container + +# List of used constants, that are provided during container initialization + +ODL_HOME=${ODL_HOME:-/opt/opendaylight/current} +ODL_FEATURES_BOOT_FILE=$ODL_HOME/etc/org.apache.karaf.features.cfg +# +ODL_REMOVEIDMDB=${ODL_REMOVEIDMDB:-false} + +#ODL_CERT_DIR +ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME:-admin} +if $ODL_REMOVEIDMDB ; then + echo "Remove odl idmdb" + rm $ODL_HOME/data/idmlight.db.mv.db + ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-admin} +else + ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U} +fi + +export ODL_ADMIN_PASSWORD ODL_ADMIN_USERNAME + +SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc} +SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin} +CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk} + +#- ODL Cluster +ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false} +#SDNC_REPLICAS + +#- ODL GEO cluster +GEO_ENABLED=${GEO_ENABLED:-false} +#IS_PRIMARY_CLUSTER +#MY_ODL_CLUSTER +#PEER_ODL_CLUSTER + +#- AAF +SDNC_AAF_ENABLED=${SDNC_AAF_ENABLED:-false} + +#- SDN-R +SDNRWT=${SDNRWT:-false} +SDNRWT_BOOTFEATURES=${SDNRWT_BOOTFEATURES:-sdnr-wt-feature-aggregator} +SDNRDM=${SDNRDM:-false} +# Add devicemanager base and specific repositories +SDNRDM_BASE_REPO=${SDNRDM_BASE_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-feature-aggregator-devicemanager-base/$CCSDKFEATUREVERSION/xml/features} +SDNRDM_ONF_REPO=${SDNRDM_ONF_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-onf-feature/$CCSDKFEATUREVERSION/xml/features} +SDNRDM_ORAN_REPO=${SDNRDM_ORAN_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-oran-feature/$CCSDKFEATUREVERSION/xml/features} +SDNRDM_GRAN_REPO=${SDNRDM_GRAN_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-gran-feature/$CCSDKFEATUREVERSION/xml/features} +# Add devicemanager features +SDNRDM_SDM_LIST=${SDNRDM_SDM_LIST:-sdnr-wt-devicemanager-onf-feature, sdnr-wt-devicemanager-oran-feature, sdnr-wt-devicemanager-gran-feature} +SDNRDM_BOOTFEATURES=${SDNRDM_BOOTFEATURES:-sdnr-wt-feature-aggregator-devicemanager-base, ${SDNRDM_SDM_LIST}} +SDNRINIT=${SDNRINIT:-false} +SDNRONLY=${SDNRONLY:-false} +SDNRDBURL=${SDNRDBURL:-http://sdnrdb:9200} +#SDNRDBUSERNAME +#SDNRDBPASSWORD +#SDNRDBPARAMETER +SDNRDBCOMMAND=${SDNRDBCOMMAND:--c init -db $SDNRDBURL -dbu $SDNRDBUSERNAME -dbp $SDNRDBPASSWORD $SDNRDBPARAMETER} + +SDNR_NORTHBOUND=${SDNR_NORTHBOUND:-false} +SDNR_NORTHBOUND_BOOTFEATURES=${SDNR_NORTHBOUND_BOOTFEATURES:-sdnr-northbound-all} + +# Functions + +# Test if repository exists, like this mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-oran-feature/0.7.2/xml/features +# $1 repository +function isRepoExisting() { + REPO=$(echo $1 | sed -E "s#mvn:(.*)/xml/features\$#\1#") + OIFS="$IFS" + IFS='/' parts=($REPO) + IFS="$OIFS" + path="$ODL_HOME/system/"${parts[0]//./\/}"/"${parts[1]}"/"${parts[2]} + [ -d "$path" ] +} + +# Add features repository to karaf featuresRepositories configuration +# $1 repositories to be added +function addRepository() { + CFG=$ODL_FEATURES_BOOT_FILE + ORIG=$CFG.orig + if isRepoExisting "$1" ; then + echo "Add repository: $1" + sed -i "\|featuresRepositories|s|$|, $1|" $CFG + else + echo "Repo does not exist: $1" + fi +} + +# Append features to karaf boot feature configuration +# $1 additional feature to be added +# $2 repositories to be added (optional) +function addToFeatureBoot() { + CFG=$ODL_FEATURES_BOOT_FILE + ORIG=$CFG.orig + if [ -n "$2" ] ; then + addRepository $2 + fi + echo "Add boot feature: $1" + sed -i "\|featuresBoot *=|s|$|,$1|" $CFG +} + +# Append features to karaf boot feature configuration +# $1 search pattern +# $2 replacement +function replaceFeatureBoot() { + CFG=$ODL_FEATURES_BOOT_FILE + echo "Replace boot feature $1 with: $2" + sed -i "/featuresBoot/ s/$1/$2/g" $CFG +} + +# Remove all sdnc specific features +function cleanupFeatureBoot() { + echo "Remove northbound bootfeatures " + sed -i "/featuresBoot/ s/,ccsdk-sli-core-all.*$//g" $ODL_FEATURES_BOOT_FILE +} + +function initialize_sdnr() { + echo "SDN-R Database Initialization" + INITCMD="$JAVA_HOME/bin/java -jar " + INITCMD+="$ODL_HOME/system/org/onap/ccsdk/features/sdnr/wt/sdnr-wt-data-provider-setup/$CCSDKFEATUREVERSION/sdnr-dmt.jar " + INITCMD+="$SDNRDBCOMMAND" + echo "Execute: $INITCMD" + n=0 + until [ $n -ge 5 ] ; do + $INITCMD && break + n=$[$n+1] + sleep 15 + done + return $? +} + +function install_sdnrwt_features() { + # Repository setup provided via sdnc dockerfile + if $SDNRWT; then + addRepository $SDNRDM_BASE_REPO + addRepository $SDNRDM_ONF_REPO + addRepository $SDNRDM_ORAN_REPO + addRepository $SDNRDM_GRAN_REPO + + if $SDNRONLY; then + cleanupFeatureBoot + fi + if $SDNRDM; then + addToFeatureBoot "$SDNRDM_BOOTFEATURES" + else + addToFeatureBoot "$SDNRWT_BOOTFEATURES" + fi + fi +} + + +function install_sdnr_northbound_features() { + # Repository setup provided via sdnc dockerfile + addToFeatureBoot "$SDNR_NORTHBOUND_BOOTFEATURES" +} + +# Reconfigure ODL from default single node configuration to cluster + +function enable_odl_cluster(){ + if [ -z $SDNC_REPLICAS ]; then + echo "SDNC_REPLICAS is not configured in Env field" + exit + fi + + # ODL NETCONF setup + echo "Installing Opendaylight cluster features for mdsal and netconf" + + #Be sure to remove feature odl-netconf-connector-all from list + replaceFeatureBoot "odl-netconf-connector-all," + #Activate cluster + replaceFeatureBoot odl-netconf-topology odl-netconf-clustered-topology + replaceFeatureBoot odl-mdsal-all odl-mdsal-all,odl-mdsal-clustering + addToFeatureBoot odl-jolokia + + # ODL Cluster or Geo cluster configuration + + echo "Update cluster information statically" + fqdn=$(hostname -f) + echo "Get current fqdn ${fqdn}" + + # Extract node index using first digit after "-" + # Example 2 from "sdnr-2.logo.ost.das.r32.com" + node_index=($(echo ${fqdn} | sed -r 's/.*-([0-9]).*/\1/g')) + + if $GEO_ENABLED; then + echo "This is a Geo cluster" + + if [ -z $IS_PRIMARY_CLUSTER ] || [ -z $MY_ODL_CLUSTER ] || [ -z $PEER_ODL_CLUSTER ]; then + echo "IS_PRIMARY_CLUSTER, MY_ODL_CLUSTER and PEER_ODL_CLUSTER must all be configured in Env field" + return + fi + + member_offset=1 + if $IS_PRIMARY_CLUSTER; then + PRIMARY_NODE=${MY_ODL_CLUSTER} + SECONDARY_NODE=${PEER_ODL_CLUSTER} + else + PRIMARY_NODE=${PEER_ODL_CLUSTER} + SECONDARY_NODE=${MY_ODL_CLUSTER} + member_offset=4 + fi + + node_list="${PRIMARY_NODE} ${SECONDARY_NODE}" + $SDNC_BIN/configure_geo_cluster.sh $((node_index+member_offset)) ${node_list} + else + echo "This is a local cluster" + for ((i=0;i<${SDNC_REPLICAS};i++)); do + #assemble node list by replaceing node-index in hostname with "i" + node_name=$(echo ${fqdn} | sed -r "s/-[0-9]/-$i/g") + node_list="${node_list} $node_name" + done + echo "Node index: $((node_index+1)) list: ${node_list[@]}" + $ODL_HOME/bin/configure_cluster.sh $((node_index+1)) ${node_list} + fi +} + +# ----------------------- +# Main script starts here + +echo "Image path=${IMAGEPATH}" +echo "Image names=${IMAGENAMES}" +echo "Settings:" +echo " USER=$(whoami)" +echo " SDNC_BIN=$SDNC_BIN" +echo " SDNC_HOME=$SDNC_HOME" +echo " ODL_CERT_DIR=$ODL_CERT_DIR" +echo " CCSDKFEATUREVERSION=$CCSDKFEATUREVERSION" +echo " ENABLE_ODL_CLUSTER=$ENABLE_ODL_CLUSTER" +echo " ODL_REMOVEIDMDB=$ODL_REMOVEIDMDB" +echo " SDNC_REPLICAS=$SDNC_REPLICAS" +echo " SDNRWT=$SDNRWT" +echo " SDNRDM=$SDNRDM" +echo " SDNRONLY=$SDNRONLY" +echo " SDNRINIT=$SDNRINIT" +echo " SDNRDBURL=$SDNRDBURL" +echo " SDNRDBUSERNAME=$SDNRDBUSERNAME" +echo " SDNRDBPASSWORD=$SDNRDBPASSWORD" +echo " GEO_ENABLED=$GEO_ENABLED" +echo " IS_PRIMARY_CLUSTER=$IS_PRIMARY_CLUSTER" +echo " MY_ODL_CLUSTER=$MY_ODL_CLUSTER" +echo " PEER_ODL_CLUSTER=$PEER_ODL_CLUSTER" +echo " AAF_ENABLED=$SDNC_AAF_ENABLED" + +if $SDNC_AAF_ENABLED; then + export SDNC_AAF_STORE_DIR=/opt/app/osaaf/local + export SDNC_AAF_CONFIG_DIR=/opt/app/osaaf/local + export SDNC_KEYPASS=`cat /opt/app/osaaf/local/.pass` + export SDNC_KEYSTORE=org.onap.sdnc.p12 + sed -i '/cadi_prop_files/d' $ODL_HOME/etc/system.properties + echo "cadi_prop_files=$SDNC_AAF_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties + + sed -i '/org.ops4j.pax.web.ssl.keystore/d' $ODL_HOME/etc/custom.properties + sed -i '/org.ops4j.pax.web.ssl.password/d' $ODL_HOME/etc/custom.properties + sed -i '/org.ops4j.pax.web.ssl.keypassword/d' $ODL_HOME/etc/custom.properties + echo org.ops4j.pax.web.ssl.keystore=$SDNC_AAF_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties + echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties + echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties +fi + +if $SDNRINIT ; then + #One time intialization action + initialize_sdnr + init_result=$? + echo "Result of init script: $init_result" + if $SDNRWT ; then + echo "Proceed to initialize sdnr" + else + exit $init_result + fi +fi + +if [ ! -f ${SDNC_HOME}/.installed ] +then + echo "Installing SDN-C keyStore" + /bin/bash ${SDNC_HOME}/bin/addSdncKeyStore.sh + + if $ENABLE_ODL_CLUSTER ; then enable_odl_cluster ; fi + + if $SDNRWT ; then install_sdnrwt_features ; fi + + if $SDNR_NORTHBOUND ; then install_sdnr_northbound_features ; fi + + echo "Installed at `date`" > ${SDNC_HOME}/.installed +fi + +# Odl configuration done +ODL_FEATURES_BOOT=$(sed -n "/featuresBoot =/p" $ODL_FEATURES_BOOT_FILE) +export ODL_FEATURES_BOOT + +if [ -z "$ODL_CERT_DIR" ] ; then + echo "No certs provided. Skip installation." +else + echo "Start background cert installer" + nohup python ${SDNC_BIN}/installCerts.oom.py & +fi + +echo "Startup opendaylight" +echo $ODL_FEATURES_BOOT +exec ${ODL_HOME}/bin/karaf server diff --git a/kubernetes/sdnc/resources/config/bin/startODL.sh b/kubernetes/sdnc/resources/config/bin/startODL.sh index 6aa796a163..a83fc92890 100755 --- a/kubernetes/sdnc/resources/config/bin/startODL.sh +++ b/kubernetes/sdnc/resources/config/bin/startODL.sh @@ -162,6 +162,7 @@ then fi cp /opt/opendaylight/current/certs/* /tmp +cp /var/custom-certs/* /tmp nohup python ${SDNC_BIN}/installCerts.py & diff --git a/kubernetes/sdnc/resources/config/conf/setenv b/kubernetes/sdnc/resources/config/conf/setenv index 7476e6849a..52c9ff76b4 100644 --- a/kubernetes/sdnc/resources/config/conf/setenv +++ b/kubernetes/sdnc/resources/config/conf/setenv @@ -54,8 +54,8 @@ if [ "x$JAVA_MAX_MEM" = "x" ]; then export JAVA_MAX_MEM="2048m" fi -EXTRA_JAVA_OPTS: "-XX:+UseG1GC -XX:MaxGCPauseMillis={{.Values.config.odl.javaOptions.maxGCPauseMillis}} \ - -XX:ParallelGCThreads={{.Values.config.odl.javaOptions.parallelGCThreads}} -XX:+ParallelRefProcEnabled \ - -XX:+UseStringDeduplication -XX:+PrintGC -XX:+PrintGCDateStamps -XX:+PrintGCDetails \ - -XX:+PrintGCTimeStamps -XX:+UseGCLogFileRotation \ - -XX:NumberOfGCLogFiles={{.Values.config.odl.javaOptions.numberGGLogFiles}} -Xloggc:/var/log/onap/sdnc/gc-%t.log" +EXTRA_JAVA_OPTS=${EXTRA_JAVA_OPTS:-"-XX:+UseG1GC \ + -XX:MaxGCPauseMillis={{.Values.config.odl.javaOptions.maxGCPauseMillis}} \ + -XX:ParallelGCThreads={{.Values.config.odl.javaOptions.parallelGCThreads}} \ + -XX:+ParallelRefProcEnabled \ + -XX:+UseStringDeduplication {{.Values.config.odl.javaOptions.gcLogOptions}}"} diff --git a/kubernetes/sdnc/templates/service.yaml b/kubernetes/sdnc/templates/service.yaml index b434c4025f..e3be4bc46a 100644 --- a/kubernetes/sdnc/templates/service.yaml +++ b/kubernetes/sdnc/templates/service.yaml @@ -49,9 +49,9 @@ spec: targetPort: {{ .Values.service.internalPort4 }} {{ end }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }} - {{ if .Values.config.sdnr.enabled }} - Session Affinity: ClientIP - {{ end }} + {{ if .Values.config.sdnr.enabled }} + sessionAffinity: ClientIP + {{ end }} selector: app.kubernetes.io/name: {{ include "common.name" . }} app.kubernetes.io/instance: {{ include "common.release" . }} diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index d765197f13..8eec50e9ab 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH +# Copyright © 2020 Samsung Electronics # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -94,6 +94,48 @@ spec: {{ end -}} {{ include "common.certInitializer.initContainer" . | indent 6 }} + {{ if .Values.global.cmpv2Enabled }} + - name: certs-init + image: "{{ .Values.global.repository }}/{{ .Values.global.platform.certServiceClient.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: REQUEST_URL + value: {{ .Values.global.platform.certServiceClient.envVariables.requestURL }} + - name: REQUEST_TIMEOUT + value: "30000" + - name: OUTPUT_PATH + value: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }} + - name: CA_NAME + value: {{ .Values.global.platform.certServiceClient.envVariables.caName }} + - name: COMMON_NAME + value: {{ .Values.global.platform.certServiceClient.envVariables.common_name }} + - name: ORGANIZATION + value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Organization }} + - name: ORGANIZATION_UNIT + value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }} + - name: LOCATION + value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Location }} + - name: STATE + value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2State }} + - name: COUNTRY + value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Country }} + - name: KEYSTORE_PATH + value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePath }} + - name: KEYSTORE_PASSWORD + value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePassword }} + - name: TRUSTSTORE_PATH + value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePath }} + - name: TRUSTSTORE_PASSWORD + value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePassword }} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }} + name: certs + - mountPath: {{ .Values.global.platform.certServiceClient.secret.mountPath }} + name: certservice-tls-volume + {{ end }} + - name: {{ include "common.name" . }}-chown image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} command: @@ -160,6 +202,8 @@ spec: value: {{ include "common.mariadbService" . }} - name: JAVA_HOME value: "{{ .Values.config.javaHome}}" + - name: JAVA_OPTS + value: "-Xms{{.Values.config.odl.javaOptions.minMemory}} -Xmx{{.Values.config.odl.javaOptions.maxMemory}}" - name: KARAF_CONSOLE_LOG_LEVEL value: "{{ include "common.log.level" . }}" - name: SDNRWT @@ -189,6 +233,9 @@ spec: - mountPath: {{ .Values.config.binDir }}/startODL.sh name: bin subPath: startODL.sh + - mountPath: {{ .Values.config.binDir }}/startODL.oom.sh + name: bin + subPath: startODL.oom.sh - mountPath: {{ .Values.config.binDir }}/installSdncDb.sh name: bin subPath: installSdncDb.sh @@ -235,6 +282,8 @@ spec: - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-state-provider.properties name: properties subPath: mountpoint-state-provider.properties + - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }} + name: certs resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -285,6 +334,12 @@ spec: - name: properties emptyDir: medium: Memory + - name: certs + emptyDir: + medium: Memory + - name: certservice-tls-volume + secret: + secretName: {{ .Values.global.platform.certServiceClient.secret.name }} {{ if not .Values.persistence.enabled }} - name: {{ include "common.fullname" . }}-data emptyDir: {} diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index be4adf4bcd..52a21ea370 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -35,6 +35,31 @@ global: service: mariadb-galera internalPort: 3306 nameOverride: mariadb-galera + # Enabling CMPv2 + cmpv2Enabled: true + platform: + certServiceClient: + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.0.0 + secret: + name: oom-cert-service-client-tls-secret + mountPath: /etc/onap/oom/certservice/certs/ + envVariables: + # Certificate related + cert_path: /var/custom-certs + cmpv2Organization: "Linux-Foundation" + cmpv2OrganizationalUnit: "ONAP" + cmpv2Location: "San-Francisco" + cmpv2Country: "US" + # Client configuration related + caName: "RA" + common_name: "sdnc.simpledemo.onap.org" + requestURL: "https://oom-cert-service:8443/v1/certificate/" + requestTimeout: "30000" + keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks" + outputType: "P12" + keystorePassword: "secret" + truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks" + truststorePassword: "secret" ################################################################# # Secrets metaconfig @@ -110,7 +135,7 @@ secrets: # application images repository: nexus3.onap.org:10001 pullPolicy: Always -image: onap/sdnc-image:1.8.4 +image: onap/sdnc-image:2.0.1 busyboxRepository: docker.io busyboxImage: busybox:1.30 @@ -160,11 +185,12 @@ config: logstashPort: 5044 ansibleServiceName: sdnc-ansible-server ansiblePort: 8000 - javaHome: /usr/lib/jvm/java-1.8-openjdk + javaHome: /opt/java/openjdk odl: etcDir: /opt/opendaylight/etc binDir: /opt/opendaylight/bin + gcLogDir: /opt/opendaylight/data/log salConfigDir: /opt/opendaylight/system/org/opendaylight/controller/sal-clustering-config salConfigVersion: 1.9.1 akka: @@ -184,7 +210,12 @@ config: javaOptions: maxGCPauseMillis: 100 parallelGCThreads : 3 - numberGGLogFiles: 10 + numberGCLogFiles: 10 + minMemory: 512m + maxMemory: 2048m + gcLogOptions: "" + # Next line enables gc logging + # gcLogOptions: "-Xlog:gc=trace:file={{.Values.config.odl.gcLogDir}}/gc-%t.log}:time,level,tags:filecount={{.Values.config.odl.javaOptions.numberGCLogFiles}}" # enables sdnr functionality sdnr: enabled: true @@ -283,6 +314,8 @@ sdnc-ansible-server: dgbuilder: enabled: true nameOverride: sdnc-dgbuilder + certInitializer: + nameOverride: sdnc-dgbuilder-cert-initializer config: db: dbName: *sdncDbName @@ -404,6 +437,22 @@ persistence: mountSubPath: sdnc/mdsal mdsalPath: /opt/opendaylight/current/daexim +certpersistence: + enabled: true + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 50Mi + mountPath: /dockerdata-nfs + mountSubPath: sdnc/certs + certPath: /opt/app/osaaf + ##storageClass: "manual" + ingress: enabled: false service: |