diff options
Diffstat (limited to 'kubernetes')
105 files changed, 2068 insertions, 596 deletions
diff --git a/kubernetes/aai b/kubernetes/aai -Subproject 3efe1df6fdba4af4e22849bec220c8daa4a68a4 +Subproject 9d23a1c8a97d5878e2aafc871f17af007349c28 diff --git a/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml b/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml index 2192662d6a..fd29fbebfb 100644 --- a/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml +++ b/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml @@ -57,9 +57,9 @@ spec: env: # This sets the port that CDT will use to connect to the main appc container. # The 11 is the node port suffix that is used in the main appc oom templates - # for nodePort3. This value will be configured in appc main chart in appc-cdt section. + # for nodePort4. This value will be configured in appc main chart in appc-cdt section. - name: CDT_PORT - value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort3 }}" + value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort4 }}" volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh index ad135f863a..c52c6e3aa1 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh @@ -111,8 +111,6 @@ then # echo "Copying a working version of the logging configuration into the opendaylight etc folder" # cp ${APPC_HOME}/data/org.ops4j.pax.logging.cfg ${ODL_HOME}/etc/org.ops4j.pax.logging.cfg - echo "Starting OpenDaylight" - ${ODL_HOME}/bin/start echo "Waiting ${SLEEP_TIME} seconds for OpenDaylight to initialize" sleep ${SLEEP_TIME} @@ -137,6 +135,7 @@ then fi echo "Copying the aaa shiro configuration into opendaylight" + mkdir -p ${ODL_HOME}/etc/opendaylight/datastore/initial/config if $ENABLE_AAF then cp ${APPC_HOME}/data/properties/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml @@ -144,29 +143,6 @@ then cp ${APPC_HOME}/data/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml fi - echo "Restarting OpenDaylight" - ${ODL_HOME}/bin/stop - checkRun () { - running=0 - while read a b c d e f g h - do - if [ "$h" == "/bin/sh /opt/opendaylight/bin/karaf server" ] - then - running=1 - fi - done < <(ps -eaf) - echo $running - } - - while [ $( checkRun ) == 1 ] - do - echo "Karaf is still running, waiting..." - sleep 5s - done - echo "Karaf process has stopped" - sleep 10s - - echo "Installed at `date`" > ${SDNC_HOME}/.installed fi # Move journal and snapshots directory to persistent storage @@ -195,5 +171,27 @@ ln -s ${hostdir}/snapshots ${ODL_HOME}/snapshots echo "Starting cdt-proxy-service jar, logging to ${APPC_HOME}/cdt-proxy-service/jar.log" java -jar ${APPC_HOME}/cdt-proxy-service/cdt-proxy-service.jar > ${APPC_HOME}/cdt-proxy-service/jar.log & -exec ${ODL_HOME}/bin/karaf server +echo "Adding a property system.properties for AAF cadi.properties location" +echo "" >> ${ODL_HOME}/etc/system.properties +echo "cadi_prop_files=${APPC_HOME}/data/properties/cadi.properties" >> ${ODL_HOME}/etc/system.properties +echo "" >> ${ODL_HOME}/etc/system.properties + +echo "Adding a value to property appc.asdc.env in appc.properties for appc-asdc-listener feature" +echo "" >> $APPC_HOME/data/properties/appc.properties +echo "appc.asdc.env=$DMAAP_TOPIC_ENV" >> $APPC_HOME/data/properties/appc.properties +echo "" >> $APPC_HOME/data/properties/appc.properties + +echo "Copying jetty, keystore for https into opendalight" +cp ${APPC_HOME}/data/jetty.xml ${ODL_HOME}/etc/jetty.xml +cp ${APPC_HOME}/data/keystore ${ODL_HOME}/etc/keystore +cp ${APPC_HOME}/data/custom.properties ${ODL_HOME}/etc/custom.properties +echo "Copying a working version of the logging configuration into the opendaylight etc folder" +cp ${APPC_HOME}/data/org.ops4j.pax.logging.cfg ${ODL_HOME}/etc/org.ops4j.pax.logging.cfg + +ODL_BOOT_FEATURES_EXTRA="odl-netconf-connector,odl-restconf-noauth,odl-netconf-clustered-topology,odl-mdsal-clustering" +sed -i -e "\|featuresBoot[^a-zA-Z]|s|$|,${ODL_BOOT_FEATURES_EXTRA}|" $ODL_HOME/etc/org.apache.karaf.features.cfg + +exec ${APPC_HOME}/bin/dockerInstall.sh & +echo "Starting OpenDaylight" +exec ${ODL_HOME}/bin/karaf server diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml index 81834eaafc..de6e7e4742 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml @@ -80,42 +80,42 @@ <urls> <pair-key>/auth/**</pair-key> <!-- <pair-value>authcBasic, roles[admin], dynamicAuthorization</pair-value> --> - <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value> + <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value> </urls> <urls> <pair-key>/restconf/config/aaa-cert-mdsal**</pair-key> <!-- <pair-value>authcBasic, roles[admin]</pair-value> --> - <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value> + <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value> </urls> <urls> <pair-key>/restconf/operational/aaa-cert-mdsal**</pair-key> <!-- <pair-value>authcBasic, roles[admin]</pair-value> --> - <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value> + <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value> </urls> <urls> <pair-key>/restconf/operations/aaa-cert-rpc**</pair-key> <!-- <pair-value>authcBasic, roles[admin]</pair-value> --> - <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value> + <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value> </urls> <urls> <pair-key>/restconf/config/aaa-authn-model**</pair-key> <!-- <pair-value>authcBasic, roles[admin]</pair-value> --> - <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value> + <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value> </urls> <urls> <pair-key>/restconf/operational/aaa-authn-model**</pair-key> <!-- <pair-value>authcBasic, roles[admin]</pair-value> --> - <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value> + <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value> </urls> <urls> <pair-key>/restconf/operations/cluster-admin**</pair-key> <!-- <pair-value>authcBasic, roles[admin]</pair-value> --> - <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value> + <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value> </urls> <urls> <pair-key>/**</pair-key> <!-- <pair-value>authcBasic, roles[admin]</pair-value> --> - <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value> + <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value> </urls> </shiro-configuration> diff --git a/kubernetes/appc/templates/service.yaml b/kubernetes/appc/templates/service.yaml index fdd31a4ed0..a44214a611 100644 --- a/kubernetes/appc/templates/service.yaml +++ b/kubernetes/appc/templates/service.yaml @@ -41,23 +41,31 @@ spec: - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: "{{ .Values.service.portName }}-8443" + name: "{{ .Values.service.portName }}-8282" - port: {{ .Values.service.externalPort2 }} + targetPort: {{ .Values.service.internalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: "{{ .Values.service.portName }}-1830" + name: "{{ .Values.service.portName }}-8443" - port: {{ .Values.service.externalPort3 }} targetPort: {{ .Values.service.internalPort3 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} + name: "{{ .Values.service.portName }}-1830" + - port: {{ .Values.service.externalPort4 }} + targetPort: {{ .Values.service.internalPort4 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }} name: "{{ .Values.service.portName }}-9090" {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}-8443 + name: {{ .Values.service.portName }}-8282 - port: {{ .Values.service.externalPort2 }} targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName }}-1830 + name: {{ .Values.service.portName }}-8443 - port: {{ .Values.service.externalPort3 }} targetPort: {{ .Values.service.internalPort3 }} + name: {{ .Values.service.portName }}-1830 + - port: {{ .Values.service.externalPort4 }} + targetPort: {{ .Values.service.internalPort4 }} name: {{ .Values.service.portName }}-9090 {{- end}} selector: diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml index 578dbc7453..cfd118dae6 100644 --- a/kubernetes/appc/values.yaml +++ b/kubernetes/appc/values.yaml @@ -93,9 +93,9 @@ dgbuilder: service: name: appc-dgbuilder -#passing value to cdt chart. value of nodePort3 will be same as appc.service.nodePort3. +#passing value to cdt chart. value of nodePort4 will be same as appc.service.nodePort4. appc-cdt: - nodePort3: 11 + nodePort4: 11 # default number of instances replicaCount: 1 @@ -119,19 +119,22 @@ service: type: NodePort name: appc portName: appc - #targetPort - internalPort: 8443 - #port - externalPort: 8443 - nodePort: 30 - - externalPort2: 1830 - nodePort2: 31 + + internalPort: 8181 + externalPort: 8282 + nodePort: "08" + + internalPort2: 8443 + externalPort2: 8443 + nodePort2: 30 + + externalPort3: 1830 + nodePort3: 31 clusterPort: 2550 - internalPort3: 9191 - externalPort3: 9090 - nodePort3: 11 + internalPort4: 9191 + externalPort4: 9090 + nodePort4: 11 ## Persist data to a persitent volume persistence: diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties index 6cb952f460..c53b401bf9 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties @@ -48,7 +48,7 @@ blueprintsprocessor.blueprintArchivePath=/opt/app/onap/blueprints/archive blueprintsprocessor.blueprintWorkingPath=/opt/app/onap/blueprints/work # Primary Database Configuration -blueprintsprocessor.db.url=jdbc:mysql://db:3306/sdnctl +blueprintsprocessor.db.url=jdbc:mysql://cds-db:3306/sdnctl blueprintsprocessor.db.username=sdnctl blueprintsprocessor.db.password=sdnctl blueprintsprocessor.db.driverClassName=org.mariadb.jdbc.Driver @@ -91,7 +91,7 @@ blueprintsprocessor.restclient.config-data.password=Kp8bJ4SXszM0WXlhak3eHlcse2gA # AAI Data REST Client settings blueprintsprocessor.restclient.aai-data.type=basic-auth -blueprintsprocessor.restclient.aai-data.url=https://aai.onap:8443 +blueprintsprocessor.restclient.aai-data.url=https://aai:8443 blueprintsprocessor.restclient.aai-data.username=aai@aai.onap.org blueprintsprocessor.restclient.aai-data.password=demo123456! @@ -101,7 +101,6 @@ blueprintsprocessor.messageclient.self-service-api.type=kafka-basic-auth ##ONAP Message Router Kafka Service## blueprintsprocessor.messageclient.self-service-api.bootstrapServers=message-router-kafka:9092 - blueprintsprocessor.messageclient.self-service-api.consumerTopic=cds-consumer blueprintsprocessor.messageclient.self-service-api.groupId=cds-consumer-group blueprintsprocessor.messageclient.self-service-api.clientId=cds-client diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index 29eeb19477..03537e7106 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -1,7 +1,5 @@ # Copyright (c) 2019 IBM, Bell Canada # -# Modifications Copyright (c) 2019 Bell Canada. -# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml index cdede47d09..a0dc0e8fbe 100644 --- a/kubernetes/cds/values.yaml +++ b/kubernetes/cds/values.yaml @@ -1,4 +1,5 @@ -# Copyright © 2019 Bell Canada +# Copyright © 2019 Orange, Bell Canada +# Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,6 +13,57 @@ # See the License for the specific language governing permissions and # limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + persistence: + mountPath: /dockerdata-nfs + +################################################################# +# Application configuration defaults. +################################################################# +# application images +repository: nexus3.onap.org:10001 +pullPolicy: Always + + +subChartsOnly: + enabled: true + +# flag to enable debugging - application support required +debugEnabled: false + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +ingress: + enabled: false + + mariadb-galera: config: userName: sdnctl @@ -25,4 +77,25 @@ mariadb-galera: replicaCount: 1 persistence: enabled: true - mountSubPath: cds/data
\ No newline at end of file + mountSubPath: cds/data + +#Resource Limit flavor -By Default using small +flavor: small +#segregation for different envionment (Small and Large) + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf b/kubernetes/clamp/charts/clamp-backend/Chart.yaml index 20d8298472..a6aec46264 100644 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf +++ b/kubernetes/clamp/charts/clamp-backend/Chart.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017-2018 Amdocs, Bell Canada, AT&T +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,5 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -HEALTHCHECK_USER=demo@people.osaaf.org -HEALTHCHECK_PASSWORD=demo123456! +apiVersion: v1 +description: ONAP Clamp +name: clamp-backend +version: 5.0.0 diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/policy-management.conf b/kubernetes/clamp/charts/clamp-backend/requirements.yaml index c2ccefe4e3..05d49a8d7b 100644 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/policy-management.conf +++ b/kubernetes/clamp/charts/clamp-backend/requirements.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,8 +13,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -CONTROLLER_ARTIFACT_ID=policy-management -CONTROLLER_NAME=policy-management-controller -CONTROLLER_PORT=9696 -RULES_ARTIFACT=not-used:not-used:1.0.0-SNAPSHOT -UEB_TOPIC=policyengine-develop +dependencies: + - name: common + version: ~5.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' diff --git a/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml b/kubernetes/clamp/charts/clamp-backend/resources/config/log/filebeat/filebeat.yml index dab2e44f5e..dab2e44f5e 100644 --- a/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/clamp/charts/clamp-backend/resources/config/log/filebeat/filebeat.yml diff --git a/kubernetes/clamp/resources/config/logback.xml b/kubernetes/clamp/charts/clamp-backend/resources/config/logback.xml index 551ed34ee4..551ed34ee4 100644 --- a/kubernetes/clamp/resources/config/logback.xml +++ b/kubernetes/clamp/charts/clamp-backend/resources/config/logback.xml diff --git a/kubernetes/clamp/resources/config/sdc-controllers-config.json b/kubernetes/clamp/charts/clamp-backend/resources/config/sdc-controllers-config.json index 3adda95c11..3adda95c11 100644 --- a/kubernetes/clamp/resources/config/sdc-controllers-config.json +++ b/kubernetes/clamp/charts/clamp-backend/resources/config/sdc-controllers-config.json diff --git a/kubernetes/policy/charts/drools/templates/NOTES.txt b/kubernetes/clamp/charts/clamp-backend/templates/NOTES.txt index fa0aa7d258..e36d6a5bfb 100644 --- a/kubernetes/policy/charts/drools/templates/NOTES.txt +++ b/kubernetes/clamp/charts/clamp-backend/templates/NOTES.txt @@ -1,17 +1,16 @@ -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved +# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - 1. Get the application URL by running these commands: {{- if .Values.ingress.enabled }} {{- range .Values.ingress.hosts }} @@ -27,7 +26,7 @@ export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP:{{ .Values.service.externalPort }} {{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit https://127.0.0.1:8443 to use your application" + kubectl port-forward $POD_NAME 8443:{{ .Values.service.internalPort }} {{- end }} diff --git a/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml b/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml new file mode 100644 index 0000000000..21df037a8a --- /dev/null +++ b/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml @@ -0,0 +1,41 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} + spring_application_json: {{ tpl .Values.config.springApplicationJson . | quote }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-clamp-filebeat-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} diff --git a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml new file mode 100644 index 0000000000..6b6fcc7e56 --- /dev/null +++ b/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml @@ -0,0 +1,126 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + initContainers: + - command: + - /root/ready.py + args: + - --container-name + - mariadb + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + # side car containers + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + args: + - "-Dcom.att.eelf.logging.file=file:/opt/clamp/logback.xml" + - "" + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap + - mountPath: /opt/clamp/sdc-controllers-config.json + name: {{ include "common.fullname" . }}-config + subPath: sdc-controllers-config.json + - mountPath: /opt/clamp/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + env: + - name: SPRING_APPLICATION_JSON + valueFrom: + configMapKeyRef: + name: {{ template "common.fullname" . }} + key: spring_application_json + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }} + items: + - key: sdc-controllers-config.json + path: sdc-controllers-config.json + - key: logback.xml + path: logback.xml + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-clamp-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/charts/clamp-backend/templates/service.yaml b/kubernetes/clamp/charts/clamp-backend/templates/service.yaml new file mode 100644 index 0000000000..f1438a46c9 --- /dev/null +++ b/kubernetes/clamp/charts/clamp-backend/templates/service.yaml @@ -0,0 +1,40 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/charts/clamp-backend/values.yaml new file mode 100644 index 0000000000..27d284c582 --- /dev/null +++ b/kubernetes/clamp/charts/clamp-backend/values.yaml @@ -0,0 +1,130 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018-2019 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: # global defaults + nodePortPrefix: 302 + repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + persistence: {} + +flavor: small + +# application image +repository: nexus3.onap.org:10001 +image: onap/clamp-backend:4.1.1 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +################################################################# +# Application configuration defaults. +################################################################# +config: + log: + logstashServiceName: log-ls + logstashPort: 5044 + mysqlPassword: strong_pitchou + dataRootDir: /dockerdata-nfs + springApplicationJson: > + { + "spring.datasource.cldsdb.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3", + "clamp.config.sdc.catalog.url": "http://sdc-be.{{ include "common.namespace" . }}:8080/sdc/v1/catalog/", + "clamp.config.sdc.hostUrl": "http://sdc-be.{{ include "common.namespace" . }}:8080/", + "clamp.config.sdc.serviceUrl": "http://sdc-be.{{ include "common.namespace" . }}:8080/sdc/v1/catalog/services", + "clamp.config.sdc.serviceUsername": "clamp", + "clamp.config.sdc.servicePassword": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981", + "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json", + "clamp.config.dcae.inventory.url": "https://inventory.{{ include "common.namespace" . }}:8080", + "clamp.config.dcae.dispatcher.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443", + "clamp.config.dcae.deployment.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443", + "clamp.config.dcae.deployment.userName": "none", + "clamp.config.dcae.deployment.password": "none", + "clamp.config.policy.api.url": "https4://policy-api.{{ include "common.namespace" . }}:6969", + "clamp.config.policy.api.userName": "healthcheck", + "clamp.config.policy.api.password": "zb!XztG34", + "clamp.config.policy.pap.url": "https4://policy-pap.{{ include "common.namespace" . }}:6969", + "clamp.config.policy.pap.userName": "healthcheck", + "clamp.config.policy.pap.password": "zb!XztG34", + "clamp.config.policy.pdpUrl1": "https://pdp.{{ include "common.namespace" . }}:8081/pdp/ , testpdp, alpha123", + "clamp.config.policy.pdpUrl2": "https://pdp.{{ include "common.namespace" . }}:8081/pdp/ , testpdp, alpha123", + "clamp.config.policy.papUrl": "https://pap.{{ include "common.namespace" . }}:9091/pap/ , testpap, alpha123", + "clamp.config.policy.clientKey": "dGVzdA==", + "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095", + "com.att.eelf.logging.path": "/opt/clamp", + "com.att.eelf.logging.file": "logback.xml" + } + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 120 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + + +service: + type: ClusterIP + name: clamp-backend + portName: clamp-backend + internalPort: 8443 + externalPort: 443 + +ingress: + enabled: false + +#resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +resources: + small: + limits: + cpu: 1 + memory: 1.2Gi + requests: + cpu: 10m + memory: 800Mi + large: + limits: + cpu: 1 + memory: 1.2Gi + requests: + cpu: 10m + memory: 800Mi + unlimited: {} diff --git a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml index 996d218ada..26affe600c 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml +++ b/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml @@ -129,18 +129,26 @@ http.port: {{.Values.service.externalPort}} # Defaults to 9300-9400. # More info: transport.tcp.port: {{.Values.service.externalPort2}} - #xpack.graph.enabled: false #Set to false to disable X-Pack graph features. - #xpack.ml.enabled: false #Set to false to disable X-Pack machine learning features. - #xpack.monitoring.enabled: false #Set to false to disable X-Pack monitoring features. -#xpack.security.enabled: false -#Set to false to disable X-Pack security features. #xpack.watcher.enabled: false #Set to false to disable Watcher. + +#xpack.license.self_generated.type: basic +#xpack.security.enabled: false + +## Search Guard +# +searchguard.enterprise_modules_enabled: false +searchguard.ssl.transport.keystore_filepath: sg/node-0-keystore.jks +searchguard.ssl.transport.truststore_filepath: sg/truststore.jks +searchguard.ssl.transport.enforce_hostname_verification: false + +searchguard.authcz.admin_dn: + - "CN=kirk,OU=client,O=client,l=tEst,C=De" diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml index d1504e0c04..5070f24ba3 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml +++ b/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml @@ -58,7 +58,7 @@ spec: mountPath: /usr/share/elasticsearch/data/ containers: - name: {{ include "common.name" . }} - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}" + image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} diff --git a/kubernetes/clamp/charts/clamp-dash-es/values.yaml b/kubernetes/clamp/charts/clamp-dash-es/values.yaml index 33ea865b38..2d67048844 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-es/values.yaml @@ -32,7 +32,7 @@ busyboxImage: library/busybox:latest # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-elasticsearch:4.1.0 +image: onap/clamp-dashboard-elasticsearch:4.1.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml b/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml index 2173039252..55df82b0f1 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml +++ b/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml @@ -128,7 +128,7 @@ server.ssl.key: {{.Values.config.sslPemkeyFilePath}} ## Search Guard # -xpack.security.enabled: false +#xpack.security.enabled: false elasticsearch.username: {{.Values.config.elasticUSR}} elasticsearch.password: {{.Values.config.elasticPWD}} diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml index 276ac5d32a..a8225c0895 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml @@ -20,7 +20,7 @@ global: nodePortPrefix: 302 repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== readinessRepository: oomk8s - readinessImage: readiness-check:1.1.0 + readinessImage: readiness-check:2.0.0 persistence: {} flavor: small @@ -34,7 +34,7 @@ busyboxImage: library/busybox:latest # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-kibana:4.1.0 +image: onap/clamp-dashboard-kibana:4.1.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml b/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml index e7ab68fc5b..b798a44f7f 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml @@ -20,7 +20,7 @@ global: nodePortPrefix: 302 repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== readinessRepository: oomk8s - readinessImage: readiness-check:1.1.0 + readinessImage: readiness-check:2.0.0 persistence: {} flavor: small @@ -30,7 +30,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-logstash:4.1.0 +image: onap/clamp-dashboard-logstash:4.1.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql index 5d6f14f5c6..9b12b1804c 100644 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql +++ b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql @@ -20,6 +20,7 @@ create table loop_logs ( id bigint not null, + log_component varchar(255) not null, log_instant datetime(6) not null, log_type varchar(255) not null, message MEDIUMTEXT not null, @@ -36,6 +37,7 @@ global_properties_json json, last_computed_state varchar(255) not null, model_properties_json json, + operational_policy_schema json, svg_representation MEDIUMTEXT, primary key (name) ) engine=InnoDB; diff --git a/kubernetes/clamp/resources/config/nginx.conf b/kubernetes/clamp/resources/config/nginx.conf new file mode 100644 index 0000000000..ce94eff70f --- /dev/null +++ b/kubernetes/clamp/resources/config/nginx.conf @@ -0,0 +1,23 @@ +server { + + listen 443 default ssl; + ssl_protocols TLSv1.2; + ssl_certificate /etc/ssl/clamp.pem; + ssl_certificate_key /etc/ssl/clamp.key; + location /restservices/clds/ { + proxy_pass https://clamp-backend:443; + } + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + try_files $uri $uri/ /index.html; + } + + error_page 500 502 503 504 /50x.html; + + location = /50x.html { + root /usr/share/nginx/html; + } + +} diff --git a/kubernetes/clamp/templates/configmap.yaml b/kubernetes/clamp/templates/configmap.yaml index 21df037a8a..9186cd919a 100644 --- a/kubernetes/clamp/templates/configmap.yaml +++ b/kubernetes/clamp/templates/configmap.yaml @@ -25,17 +25,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - spring_application_json: {{ tpl .Values.config.springApplicationJson . | quote }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-clamp-filebeat-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} diff --git a/kubernetes/clamp/templates/deployment.yaml b/kubernetes/clamp/templates/deployment.yaml index 4e6d1d13a3..9585e1fe6c 100644 --- a/kubernetes/clamp/templates/deployment.yaml +++ b/kubernetes/clamp/templates/deployment.yaml @@ -36,7 +36,7 @@ spec: - /root/ready.py args: - --container-name - - {{ .Values.mariadb.nameOverride }} + - clamp-backend env: - name: NAMESPACE valueFrom: @@ -58,13 +58,10 @@ spec: - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + mountPath: /var/log/nginx/ - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - args: - - "-Dcom.att.eelf.logging.file=file:/opt/clamp/logback.xml" - - "" ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -83,19 +80,10 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap - - mountPath: /opt/clamp/sdc-controllers-config.json + mountPath: /var/log/nginx/ + - mountPath: /etc/nginx/conf.d/nginx.conf name: {{ include "common.fullname" . }}-config - subPath: sdc-controllers-config.json - - mountPath: /opt/clamp/logback.xml - name: {{ include "common.fullname" . }}-config - subPath: logback.xml - env: - - name: SPRING_APPLICATION_JSON - valueFrom: - configMapKeyRef: - name: {{ template "common.fullname" . }} - key: spring_application_json + subPath: nginx.conf resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -111,10 +99,8 @@ spec: configMap: name: {{ include "common.fullname" . }} items: - - key: sdc-controllers-config.json - path: sdc-controllers-config.json - - key: logback.xml - path: logback.xml + - key: nginx.conf + path: nginx.conf - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ .Release.Name }}-clamp-filebeat-configmap diff --git a/kubernetes/clamp/templates/service.yaml b/kubernetes/clamp/templates/service.yaml index f1438a46c9..3a08db01d5 100644 --- a/kubernetes/clamp/templates/service.yaml +++ b/kubernetes/clamp/templates/service.yaml @@ -16,7 +16,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "common.servicename" . }} + name: {{ .Values.service.name }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -38,3 +38,30 @@ spec: selector: app: {{ include "common.name" . }} release: {{ .Release.Name }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.name2 }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: +spec: + type: {{ .Values.service.type2 }} + ports: + {{if eq .Values.service.type2 "NodePort" -}} + - port: {{ .Values.service.internalPort2 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + name: {{ .Values.config.portName2 }} + {{- else -}} + - port: {{ .Values.service.externalPort2 }} + targetPort: {{ .Values.service.internalPort2 }} + name: {{ .Values.config.portName2 }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }}
\ No newline at end of file diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index 030460401f..ee89923ed5 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018-2019 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,7 +30,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp:4.1.0 +image: onap/clamp-frontend:4.1.1 pullPolicy: Always # flag to enable debugging - application support required @@ -43,41 +43,7 @@ config: log: logstashServiceName: log-ls logstashPort: 5044 - mysqlPassword: strong_pitchou dataRootDir: /dockerdata-nfs - springApplicationJson: > - { - "spring.datasource.cldsdb.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3", - "clamp.config.sdc.catalog.url": "http://sdc-be.{{ include "common.namespace" . }}:8080/sdc/v1/catalog/", - "clamp.config.sdc.hostUrl": "http://sdc-be.{{ include "common.namespace" . }}:8080/", - "clamp.config.sdc.serviceUrl": "http://sdc-be.{{ include "common.namespace" . }}:8080/sdc/v1/catalog/services", - "clamp.config.sdc.serviceUsername": "clamp", - "clamp.config.sdc.servicePassword": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981", - "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json", - "clamp.config.dcae.inventory.url": "https://inventory.{{ include "common.namespace" . }}:8080", - "clamp.config.dcae.dispatcher.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443", - "clamp.config.dcae.deployment.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443", - "clamp.config.dcae.deployment.userName": "none", - "clamp.config.dcae.deployment.password": "none", - "clamp.config.policy.api.url": "https4://policy-api.{{ include "common.namespace" . }}:6969", - "clamp.config.policy.api.userName": "healthcheck", - "clamp.config.policy.api.password": "zb!XztG34", - "clamp.config.policy.pap.url": "https4://policy-pap.{{ include "common.namespace" . }}:6969", - "clamp.config.policy.pap.userName": "healthcheck", - "clamp.config.policy.pap.password": "zb!XztG34", - "clamp.config.policy.pdpUrl1": "https://pdp.{{ include "common.namespace" . }}:8081/pdp/ , testpdp, alpha123", - "clamp.config.policy.pdpUrl2": "https://pdp.{{ include "common.namespace" . }}:8081/pdp/ , testpdp, alpha123", - "clamp.config.policy.papUrl": "https://pap.{{ include "common.namespace" . }}:9091/pap/ , testpap, alpha123", - "clamp.config.policy.clientKey": "dGVzdA==", - "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095", - "com.att.eelf.logging.path": "/opt/clamp", - "com.att.eelf.logging.file": "logback.xml" - } - -# subchart configuration -mariadb: - nameOverride: clampdb - # default number of instances replicaCount: 1 @@ -101,14 +67,19 @@ readiness: service: type: NodePort - name: clamp - portName: clamp - internalPort: 8443 - externalPort: 8443 + name: clamp-external + portName: clamp-external + internalPort: 443 nodePort: 58 + # as of 20180904 port 58 is reserved for clamp from log/logdemonode # see https://wiki.onap.org/display/DW/OOM+NodePort+List + type2: ClusterIP + name2: clamp + portName2: clamp-internal + internalPort2: 443 + externalPort2: 8443 ingress: enabled: false @@ -128,15 +99,15 @@ resources: small: limits: cpu: 1 - memory: 1.2Gi + memory: 200Mi requests: cpu: 10m - memory: 800Mi + memory: 50Mi large: limits: cpu: 1 - memory: 1.2Gi + memory: 500Mi requests: cpu: 10m - memory: 800Mi + memory: 50Mi unlimited: {} diff --git a/kubernetes/common/cassandra/resources/exec.py b/kubernetes/common/cassandra/resources/exec.py new file mode 100644 index 0000000000..5b3ae33371 --- /dev/null +++ b/kubernetes/common/cassandra/resources/exec.py @@ -0,0 +1,122 @@ +#!/usr/bin/python +import getopt +import logging +import os +import sys +import time + +from kubernetes import config +from kubernetes.client import Configuration +from kubernetes.client.apis import core_v1_api +from kubernetes.client.rest import ApiException +from kubernetes.stream import stream + +from kubernetes import client + +# extract env variables. +namespace = os.environ['NAMESPACE'] +cert = os.environ['CERT'] +host = os.environ['KUBERNETES_SERVICE_HOST'] +token_path = os.environ['TOKEN'] + +with open(token_path, 'r') as token_file: + token = token_file.read().replace('\n', '') + +# setup logging +log = logging.getLogger(__name__) +handler = logging.StreamHandler(sys.stdout) +handler.setFormatter(logging.Formatter('%(asctime)s - %(levelname)s - %(message)s')) +handler.setLevel(logging.INFO) +log.addHandler(handler) +log.setLevel(logging.INFO) + +configuration = client.Configuration() +configuration.host = "https://" + host +configuration.ssl_ca_cert = cert +configuration.api_key['authorization'] = token +configuration.api_key_prefix['authorization'] = 'Bearer' +configuration.assert_hostname = False +coreV1Api = client.CoreV1Api(client.ApiClient(configuration)) +api_instance = client.CoreV1Api(client.ApiClient(configuration)) + +def run_command( pod_name, command ): + try: + exec_command = [ + '/bin/sh', + '-c', + command] + resp = stream(api_instance.connect_get_namespaced_pod_exec, pod_name, namespace, + command=exec_command, + stderr=True, stdin=False, + stdout=True, tty=False) + except ApiException as e: + print("Exception when calling CoreV1Api->connect_get_namespaced_pod_exec: %s\n" % e) + return False + print(resp) + return True + +def find_pod(container_name,command,pods): + ready = False + try: + response = coreV1Api.list_namespaced_pod(namespace=namespace, watch=False) + for i in response.items: + # container_statuses can be None, which is non-iterable. + if i.status.container_statuses is None: + continue + for s in i.status.container_statuses: + if s.name == container_name: + if pods == True: + print (i.metadata.name) + else: + ready = run_command(i.metadata.name,command) + else: + continue + except Exception as e: + log.error("Exception when calling list_namespaced_pod: %s\n" % e) + + return ready + + +DESCRIPTION = "Kubernetes container readiness check utility" +USAGE = "Usage: ready.py [-t <timeout>] -c <container_name> [-c <container_name> ...]\n" \ + "where\n" \ + "<container_name> - name of the container to wait for\n" + +def main(argv): + pods = False + command = "" + container_name = "" + try: + opts, args = getopt.getopt(argv, "ghp:c:", ["pod-container-name=", "command=", "help","getpods"]) + for opt, arg in opts: + if opt in ("-h", "--help"): + print("%s\n\n%s" % (DESCRIPTION, USAGE)) + sys.exit() + elif opt in ("-p", "--pod-container-name"): + container_name = arg + elif opt in ("-c", "--command"): + command = arg + elif opt in ("-g", "--getpods"): + pods = True + except (getopt.GetoptError, ValueError) as e: + print("Error parsing input parameters: %s\n" % e) + print(USAGE) + sys.exit(2) + if container_name.__len__() == 0: + print("Missing required input parameter(s)\n") + print(USAGE) + sys.exit(2) + + if pods == False: + if command.__len__() == 0: + print("Missing required input parameter(s)\n") + print(USAGE) + sys.exit(2) + ready = find_pod(container_name,command,pods) + if ready == False: + sys.exit(2) + +if __name__ == "__main__": + main(sys.argv[1:]) + + diff --git a/kubernetes/common/cassandra/resources/restore.sh b/kubernetes/common/cassandra/resources/restore.sh new file mode 100644 index 0000000000..b9deb32316 --- /dev/null +++ b/kubernetes/common/cassandra/resources/restore.sh @@ -0,0 +1,119 @@ +#!/bin/bash + +# Initialize variables +ss_dir="" +base_db_dir="" +ss_name="" +ss="snapshots" +me=`basename $0` + +function find_target_table_name() +{ + dest_path=$1 + keyspace_name=$2 + src_table_name=$3 + find_in_dir=$dest_path/$keyspace_name + tname_without_uuid=$(echo $src_table_name | cut -d '-' -f 1) + dest_table_name=$(ls -td -- $find_in_dir/$tname_without_uuid-* | head -n 1 | rev | cut -d'/' -f1 | rev) + printf $dest_table_name +} + +function print_usage() +{ + echo "NAME" + echo " Script to restore Cassandra database from Nuvo/Cain snapshot" + echo "SYNOPSIS" + echo " $me [--help|-h] [--base_db_dir|-b] [--snapshot_dir|-s] [--keyspace|-k] [--tag|-t]" + echo " MUST OPTIONS: base_db_dir, snapshot_dir, keyspace_name" + echo "DESCRIPTION" + echo " --base_db_dir, -b" + echo " Location of running Cassandra database" + echo " --snapshot_dir, -s" + echo " Snapshot location of Cassandra database taken by Nuvo/Cain" + echo " --keyspace, -k" + echo " Name of the keyspace to restore" + echo "EXAMPLE" + echo " $me -b /var/lib/cassandra/data -s /root/data.ss -k DISCOVERY_SERVER -t 1234567" + exit +} +if [ $# -eq 0 ] +then + print_usage +fi + +while [[ $# -gt 0 ]] +do +key="$1" +shift + +case $key in + -h|--help) + print_usage + ;; + -b|--base_db_dir) + base_db_dir="$1" + shift + ;; + -s|--snapshot_dir) + ss_dir="$1" + shift + ;; + -k|--keyspace) + keyspace_name="$1" + ;; + -t|--tag) + tag_name="$1" + ;; + --default) + DEFAULT=YES + shift + ;; + *) + # unknown option + ;; +esac +done + +# Validate inputs +if [ "$base_db_dir" == "" ] || [ "$ss_dir" == "" ] || [ "$keyspace_name" == "" ] +then + echo "" + echo ">>>>>>>>>>Not all inputs provided, please check usage >>>>>>>>>>" + echo "" + print_usage +fi + +# Remove commit logs from current data dir +#/var/lib/cassandra/commitlog/CommitLog*.log +find $base_db_dir/../ -name "CommitLog*.log" -delete + +# Remove *.db from current data dir excluding skipped keyspaces +find $base_db_dir/$keyspace_name -name "*.db" -delete + +# Copy snapshots to data dir +echo "----------db files in snapshots--------------" +dirs_to_be_restored=`ls $ss_dir` +for i in ${dirs_to_be_restored} +do + src_path=$ss_dir/$i/snapshots/$tag_name + # Find the destination + table_name=$i + dest_table=$(find_target_table_name $base_db_dir $keyspace_name $table_name) + dest_path=$base_db_dir/$keyspace_name/$dest_table + # Create keyspace/table directory if not exists + #if [ ! -d "$dest_path" ]; then + # mkdir -p $dest_path + #fi + db_files=$(ls $src_path/*.db 2> /dev/null | wc -l) + if [ $db_files -ne 0 ] + then + cp $src_path/*.db $dest_path + if [ $? -ne 0 ] + then + echo "=====ERROR: Unable to restore $src_path/*.db to $dest_path=====" + exit 1 + fi + echo "=======check $dest_path ===============" + ls $dest_path + fi +done diff --git a/kubernetes/common/cassandra/templates/backup/configmap.yaml b/kubernetes/common/cassandra/templates/backup/configmap.yaml new file mode 100644 index 0000000000..e9e1012811 --- /dev/null +++ b/kubernetes/common/cassandra/templates/backup/configmap.yaml @@ -0,0 +1,30 @@ +{{/* +# Copyright © 2019 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.backup.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/restore.sh").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/exec.py").AsConfig . | indent 2 }} +{{- end -}} diff --git a/kubernetes/common/cassandra/templates/backup/cronjob.yaml b/kubernetes/common/cassandra/templates/backup/cronjob.yaml new file mode 100644 index 0000000000..630ac43ba3 --- /dev/null +++ b/kubernetes/common/cassandra/templates/backup/cronjob.yaml @@ -0,0 +1,242 @@ +{{/* +# Copyright © 2019 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.backup.enabled }} +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: {{ include "common.fullname" . }}-backup + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + schedule: {{ .Values.backup.cron | quote }} + concurrencyPolicy: Forbid + startingDeadlineSeconds: 120 + jobTemplate: + spec: + template: + spec: + restartPolicy: Never + initContainers: + - command: + - /root/ready.py + args: + - --container-name + - {{ include "common.name" . }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + - name: "cassandra-backup-init" + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/bash + - -c + - | + clearSnapshot(){ + curr_time=$1 + echo "Clearing snapshots!!!" + command="nodetool clearsnapshot -t $curr_time" + /root/exec.py -p "cassandra" -c "$command" + } + {{ $root := . }} + curr_time=`date +%s` + pids="" + set -x + + echo "Copying data" + {{ range $i, $e := until (int .Values.replicaCount) }} + target_dir=/backup/temp/cassandra-{{ $i }} + mkdir -p $target_dir + cp -Ra /onap-data/cassandra-{{ $i }}/data/ $target_dir/ + {{- end }} + + echo "Executing cleanup!!" + command="nodetool cleanup" + /root/exec.py -p "cassandra" -c "$command" + echo "Cleaned Node!! Backing up database now!!!" + + command="nodetool snapshot -t $curr_time" + /root/exec.py -p "cassandra" -c "$command" + retCode=$? + if [ $retCode -ne 0 ]; then + echo "Backup Failed!!!" + rm -rf /backup/temp + clearSnapshot $curr_time + echo "Failed" > /backup/backup.log + exit 0 + fi + + backup_dir=/backup/temp + {{ range $i, $e := until (int .Values.replicaCount) }} + for d in $backup_dir/cassandra-{{ $i }}/data/*/ ; do + d=$(echo $d | sed 's:/*$::') + keyspace_name=$(echo "$d" | awk -F/ '{ print $NF }') + if [ 1 ] {{- range $t, $keyspace := $root.Values.backup.keyspacesToSkip }} && [ "{{ $keyspace.name }}" != "$keyspace_name" ] {{- end }}; then + /root/restore.sh -b $backup_dir/cassandra-{{ $i }}/data -s /onap-data/cassandra-{{ $i }}/data/$keyspace_name -k $keyspace_name -t $curr_time & + pids="$pids $!" + fi + done + {{- end }} + + for p in $pids; do + wait $p + if [ $? -ne 0 ]; then + rm -rf /backup/temp + echo "Creation of Backup Failed!!!" + clearSnapshot $curr_time + echo "Failed" > /backup/backup.log + exit 0 + fi + done + + clearSnapshot $curr_time + + exit_code=$? + if [ $exit_code -ne 0 ]; then + rm -rf /backup/temp + echo "Backup Failed!!!" + echo "Failed" > /backup/backup.log + exit 0 + fi + + mv /backup/temp /backup/backup-${curr_time} + echo "Success" > /backup/backup.log + echo "Cassandra Backup Succeeded" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /onap-data + name: data-dir + - mountPath: /backup + name: backup-dir + - name: scripts + mountPath: /root/restore.sh + subPath: restore.sh + - name: scripts + mountPath: /root/exec.py + subPath: exec.py + containers: + - name: cassandra-backup-validate + image: "{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/bash + - -c + - | + remove_dir(){ + dirToRemove=$1 + rm -rf $dirToRemove + } + + backup_result=`cat /backup/backup.log` + rm -rf /backup/backup.log + + if [ "$backup_result" == "Failed" ]; then + echo "Backup Failed!!! So Validation Failed!!!"; + exit 0 + fi + + target_dir=$(ls -td -- /backup/*/ | head -n 1) + chown -R cassandra.cassandra $target_dir + {{- $root := . -}} + {{ range $i, $e := until (int .Values.replicaCount) }} + dbSize=$(du -ks $target_dir/cassandra-{{ $i }}/data|awk -F " " '{ printf $1 }') + minDbSize={{ (int $root.Values.backup.dbSize) }} + if [ $dbSize -lt $minDbSize ]; then + remove_dir $target_dir + echo "Validation Failed!!! dbSize ($dbSize) is less than minimum size (1)!!!" + exit 0 + fi + rm -rf /var/lib/cassandra/* + cp -Ra $target_dir/cassandra-{{ $i }}/data /var/lib/cassandra + export CASSANDRA_LISTEN_ADDRESS="127.0.0.1" + /docker-entrypoint.sh -Dcassandra.ignore_dc=true -Dcassandra.ignore_rack=true & + CASS_PID=$! + sleep 45 + + for d in $target_dir/cassandra-{{ $i }}/data/*/; do + d=$(echo $d | sed 's:/*$::') + keyspace_name=$(echo "$d" | awk -F/ '{ print $NF }') + if [ 1 ] {{- range $t, $keyspace := $root.Values.backup.keyspacesToSkip }} && [ "{{ $keyspace.name }}" != "$keyspace_name" ] {{- end }}; then + echo "Verifying the data for $keyspace_name " + nodetool verify -e $keyspace_name + ret=$? + if [ $ret -ne 0 ]; then + remove_dir $target_dir + echo "Validation Failed!!!" + exit 0 + fi + fi + done + kill -9 $CASS_PID + {{- end }} + echo "Validation Successful!!!" + cd /backup + totalFiles=`ls -t | grep "backup-" | wc -l` + if [ $totalFiles -gt {{ .Values.backup.retentionPeriod }} ]; then + filestoDelete=`expr $totalFiles - {{ .Values.backup.retentionPeriod }}` + ls -tr | grep backup | head -$filestoDelete | xargs rm -rf + fi + env: + - name: CASSANDRA_CLUSTER_NAME + value: {{ .Values.config.clusterName }} + - name: MAX_HEAP_SIZE + value: {{ .Values.config.heap.max }} + - name: HEAP_NEWSIZE + value: {{ .Values.config.heap.min }} + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + volumeMounts: + - name: backup-dir + mountPath: /backup + - name: localtime + mountPath: /etc/localtime + readOnly: true + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: scripts + configMap: + name: {{ include "common.fullname" $ }}-configmap + defaultMode: 0755 + - name: data-dir + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-db-data + - name: backup-dir + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-backup-data +{{- end -}} + diff --git a/kubernetes/common/cassandra/templates/backup/pv.yaml b/kubernetes/common/cassandra/templates/backup/pv.yaml new file mode 100644 index 0000000000..332dc95e05 --- /dev/null +++ b/kubernetes/common/cassandra/templates/backup/pv.yaml @@ -0,0 +1,57 @@ +{{/* +# Copyright © 2019 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.backup.enabled }} +{{ if .Values.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ include "common.fullname" . }}-db-data + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: {{ .Release.Service }} + name: {{ include "common.fullname" . }}-db-data +spec: + capacity: + storage: {{ .Values.persistence.size }} + accessModes: + - {{ .Values.persistence.accessMode }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ include "common.fullname" . }}-backup-data + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: {{ .Release.Service }} + name: {{ include "common.fullname" . }}-backup-data +spec: + capacity: + storage: {{ .Values.persistence.size }} + accessModes: + - {{ .Values.persistence.accessMode }} + hostPath: + path: {{ .Values.global.persistence.backup.mountPath | default .Values.persistence.backup.mountPath }}/{{ include "common.namespace" $ }}/{{ include "common.fullname" $ }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} +{{ end }} +{{- end -}} + diff --git a/kubernetes/common/cassandra/templates/backup/pvc.yaml b/kubernetes/common/cassandra/templates/backup/pvc.yaml new file mode 100644 index 0000000000..1f848c3315 --- /dev/null +++ b/kubernetes/common/cassandra/templates/backup/pvc.yaml @@ -0,0 +1,80 @@ +{{/* +# Copyright © 2019 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.backup.enabled }} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-db-data + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-backup + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + name: {{ include "common.fullname" . }}-db-data + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-backup-data + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-backup + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + name: {{ include "common.fullname" . }}-backup-data + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml index f5fe589309..f078bd17ce 100644 --- a/kubernetes/common/cassandra/values.yaml +++ b/kubernetes/common/cassandra/values.yaml @@ -17,7 +17,13 @@ # Declare variables to be passed into your templates. global: # global defaults nodePortPrefix: 302 - + persistence: + mountPath: /dockerdata-nfs + backup: + mountPath: /dockerdata-nfs/backup + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 # application image repository: nexus3.onap.org:10001 @@ -115,6 +121,8 @@ persistence: mountSubPath: cassandra storageType: local storageClass: "" + backup: + mountPath: /dockerdata-nfs/backup configOverrides: {} @@ -136,3 +144,12 @@ resources: {} # requests: # cpu: 2 # memory: 4Gi +backup: + enabled: false + cron: "00 00 * * *" + retentionPeriod: 3 + dbSize: 1 + keyspacesToSkip: + - name: system_traces + - name: system_auth + - name: system_distributed diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml new file mode 100644 index 0000000000..7d3ec75c00 --- /dev/null +++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml @@ -0,0 +1,178 @@ +{{/* +# Copyright © 2019 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.backup.enabled }} +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: {{ include "common.fullname" . }}-backup + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + schedule: {{ .Values.backup.cron | quote }} + concurrencyPolicy: Forbid + startingDeadlineSeconds: 120 + jobTemplate: + spec: + template: + spec: + restartPolicy: Never + initContainers: + - command: + - /root/ready.py + args: + - --container-name + - {{ include "common.name" . }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + - name: mariadb-galera-backup-init + image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/bash + - -c + - | + remove_dir(){ + dirToRemove=$1 + rm -rf $dirToRemove + echo "Failed" > /backup/backup.log + echo "Backup failed!!!" + } + + target_dir=/backup/backup-`date +%s` + mkdir -p $target_dir + + mysqlhost={{ include "common.fullname" . }}-{{ sub .Values.replicaCount 1 }}.{{ .Values.service.name }} + + mariabackup --backup --target-dir=$target_dir --user=root --password=$DB_PASS --host=$mysqlhost + + ret_code=$? + if [ $ret_code -ne 0 ]; then + remove_dir $target_dir + exit 0 + fi + + echo "Starting Backup Preparation!!!" + mariabackup --prepare --target-dir=$target_dir + ret_code=$? + if [ $ret_code -ne 0 ]; then + remove_dir $target_dir + exit 0 + fi + echo "Success" > /backup/backup.log + echo "Backup Successful!!!" + env: + - name: DB_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.fullname" . }} + key: db-root-password + volumeMounts: + - name: backup-data + mountPath: /backup + - name: db-data + mountPath: /var/lib/mysql + containers: + - name: mariadb-backup-validate + image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.fullname" . }} + key: db-root-password + command: + - /bin/bash + - -c + - | + remove_dir(){ + dirToRemove=$1 + rm -rf $dirToRemove + echo "Validation Failed!!!"; + } + + backup_result=`cat /backup/backup.log` + rm -rf /backup/backup.log + + if [ "$backup_result" == "Failed" ]; then + echo "Backup Failed!!! So Validation Failed!!!"; + exit 0 + fi + + target_dir=$(ls -td -- /backup/backup-* | head -n 1) + cp -Ra $target_dir/* /var/lib/mysql/ + + if [ ! "$(ls -A /var/lib/mysql)" ]; then + remove_dir $target_dir + exit 0 + fi + + /docker-entrypoint.sh mysqld & + + count=0 + until mysql --user=root --password=$MYSQL_ROOT_PASSWORD -e "SELECT 1"; + do sleep 3; + count=`expr $count + 1`; + if [ $count -ge 30 ]; then + remove_dir $target_dir + exit 0; + fi; + done + + mysqlcheck -A --user=root --password=$MYSQL_ROOT_PASSWORD > /tmp/output.log + error_lines=`cat /tmp/output.log| grep -v "OK" | wc -l` + + cat /tmp/output.log + + if [ $error_lines -gt 1 ];then + remove_dir $target_dir + else + echo "Validation successful!!!" + cd /backup + totalFiles=`ls -t | grep "backup-" | wc -l` + if [ $totalFiles -gt {{ .Values.backup.retentionPeriod }} ]; then + filestoDelete=`expr $totalFiles - {{ .Values.backup.retentionPeriod }}` + ls -tr | grep backup | head -$filestoDelete | xargs rm -rf + fi + fi + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: backup-data + mountPath: /backup + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: db-data + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-db-data + - name: backup-data + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-backup +{{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/backup/pv.yaml b/kubernetes/common/mariadb-galera/templates/backup/pv.yaml new file mode 100644 index 0000000000..2972191563 --- /dev/null +++ b/kubernetes/common/mariadb-galera/templates/backup/pv.yaml @@ -0,0 +1,59 @@ +{{/* +# Copyright © 2019 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.backup.enabled }} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-backup + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }}-backup +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.backup.mountPath | default .Values.persistence.backup.mountPath }}/{{ include "common.namespace" . }}/{{include "common.name" . }} +--- +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-db-data + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }}-db-data +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}{{ sub .Values.replicaCount 1 }} +{{- end -}} +{{- end -}} + diff --git a/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml b/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml new file mode 100644 index 0000000000..a983c8af98 --- /dev/null +++ b/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml @@ -0,0 +1,81 @@ +{{/* +# Copyright © 2019 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.backup.enabled }} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-backup + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-backup + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + name: {{ include "common.fullname" . }}-backup + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-db-data + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-db-data + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + name: {{ include "common.fullname" . }}-db-data + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} +{{- end -}} + diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index 6b1e186e8b..a662b1e04a 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -17,9 +17,16 @@ ################################################################# global: nodePortPrefix: 302 - persistence: {} + persistence: + mountPath: /dockerdata-nfs + backup: + mountPath: /dockerdata-nfs/backup + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + ################################################################# # Application configuration defaults. @@ -28,6 +35,7 @@ global: #repository: mysql repository: nexus3.onap.org:10001 image: adfinissygroup/k8s-mariadb-galera-centos:v002 +backupImage: library/mariadb:10.1.38 imageInit: busybox pullPolicy: IfNotPresent @@ -82,6 +90,8 @@ persistence: mountPath: /dockerdata-nfs mountSubPath: "mariadb-galera/data" mysqlPath: /var/lib/mysql + backup: + mountPath: /dockerdata-nfs/backup service: internalPort: 3306 @@ -139,3 +149,8 @@ nameOverride: mariadb-galera # DNS name for mariadb-galera cluster - should be unique accross all projects other clusters #dnsnameOverride: mariadb-galera + +backup: + enabled: false + cron: "00 00 * * *" + retentionPeriod: 3 diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml index 90508e4619..3b1d210d80 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml @@ -95,13 +95,12 @@ postgres: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.6.2 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.6.3 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager # Use to override default setting in blueprints componentImages: - dashboard: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.1.0 holmes_rules: onap/holmes/rule-management:1.2.6 holmes_engine: onap/holmes/engine-management:1.2.5 tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.1.2 diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/job.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/job.yaml new file mode 100644 index 0000000000..bd0ea517f6 --- /dev/null +++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/job.yaml @@ -0,0 +1,42 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-cleanup + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded,hook-failed +spec: + template: + metadata: + name: {{ include "common.fullname" . }}-cleanup + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + restartPolicy: Never + containers: + - name: dcae-cleanup + image: {{ include "common.repository" . }}/{{ .Values.cleanupImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml index 70504efd75..d8db056f96 100644 --- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml @@ -53,6 +53,9 @@ multisiteConfigMapName: multisite-kubeconfig-configmap # image for init container to initialize shared ConfigMap multisiteInitImage: onap/org.onap.dcaegen2.deployments.multisite-init-container:1.0.0 +# image for cleanup job container +cleanupImage: onap/org.onap.dcaegen2.deployments.dcae-k8s-cleanup-container:1.0.0 + # probe configuration parameters liveness: initialDelaySeconds: 10 diff --git a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml index 5496aee2cb..c3e63fb968 100644 --- a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml +++ b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml @@ -104,25 +104,17 @@ spec: value: "/opt/tls/cert.pem" - name: HTTPS_KEY_PATH value: "/opt/tls/key.pem" - - name: TRUST_STORE_PATH - value: "/opt/app/prh/etc/cert/trust.jks" - - name: TRUST_STORE_PASS_PATH - value: "/opt/app/prh/etc/cert/trust.pass" - - name: KEY_STORE_PATH - value: "/opt/app/prh/etc/cert/key.p12" - - name: KEY_STORE_PASS_PATH - value: "/opt/app/prh/etc/cert/key.pass" - - name: {{ include "common.name" . }}-filebeat-onap + - name: {{ include "common.name" . }}-fb-onap image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf + - name: {{ include "common.fullname" . }}-fb-conf mountPath: /usr/share/filebeat/filebeat.yml subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-data-filebeat + - name: {{ include "common.fullname" . }}-data-fb mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + mountPath: /var/log/onap/config-binding-service {{ end }} {{- if .Values.service.insecure.enabled }} - name: {{ include "common.name" . }}-insecure @@ -149,29 +141,29 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - name: {{ include "common.fullname" . }}-logs-insecure + - name: {{ include "common.fullname" . }}-logs-i mountPath: /opt/logs env: - name: CONSUL_HOST value: consul.{{ include "common.namespace" . }} - - name: {{ include "common.name" . }}-filebeat-onap-insecure + - name: {{ include "common.name" . }}-fb-onap-i image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf + - name: {{ include "common.fullname" . }}-fb-conf mountPath: /usr/share/filebeat/filebeat.yml subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-data-filebeat-insecure + - name: {{ include "common.fullname" . }}-data-fb-i mountPath: /usr/share/filebeat/data - - name: {{ include "common.fullname" . }}-logs-insecure - mountPath: /var/log/onap + - name: {{ include "common.fullname" . }}-logs-i + mountPath: /var/log/onap/config-binding-service {{ end }} volumes: - - name: {{ include "common.fullname" . }}-filebeat-conf + - name: {{ include "common.fullname" . }}-fb-conf configMap: name: {{ .Release.Name }}-cbs-filebeat-configmap {{- if .Values.service.secure.enabled }} - - name: {{ include "common.fullname" . }}-data-filebeat + - name: {{ include "common.fullname" . }}-data-fb emptyDir: {} - name: {{ include "common.fullname" . }}-logs emptyDir: {} @@ -179,9 +171,9 @@ spec: emptyDir: {} {{ end }} {{- if .Values.service.insecure.enabled }} - - name: {{ include "common.fullname" . }}-data-filebeat-insecure + - name: {{ include "common.fullname" . }}-data-fb-i emptyDir: {} - - name: {{ include "common.fullname" . }}-logs-insecure + - name: {{ include "common.fullname" . }}-logs-i emptyDir: {} {{ end }} diff --git a/kubernetes/dcaegen2/charts/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/charts/dcae-config-binding-service/values.yaml index c7db0d5518..8cff544d93 100644 --- a/kubernetes/dcaegen2/charts/dcae-config-binding-service/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-config-binding-service/values.yaml @@ -45,7 +45,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.configbinding:2.5.1 +image: onap/org.onap.dcaegen2.platform.configbinding:2.5.2 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaegen2/charts/dcae-policy-handler/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-policy-handler/templates/deployment.yaml index a6b87bf3eb..8c1c8741aa 100644 --- a/kubernetes/dcaegen2/charts/dcae-policy-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/charts/dcae-policy-handler/templates/deployment.yaml @@ -131,7 +131,7 @@ spec: imagePullPolicy: IfNotPresent resources: {} volumeMounts: - - mountPath: /var/log/onap/deployment-handler + - mountPath: /var/log/onap/policy-handler name: component-log - mountPath: /usr/share/filebeat/data name: filebeat-data diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index 872482b3d6..b5e459b6b9 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -24,7 +24,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-node:2.1.1 +image: onap/dmaap/datarouter-node:2.1.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/feeds/DefaultPM.json b/kubernetes/dmaap/components/dmaap-dr-prov/resources/feeds/DefaultPM.json deleted file mode 100644 index 994f9c9845..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/feeds/DefaultPM.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "feedName": "bulk_pm_feed", - "feedVersion": "m1.1", - "feedDescription": "Default feed provisioned for PM File collector", - "asprClassification" : "unclassified", - "owner": "onap", - "pubs": [ - { - "dcaeLocationName" : "san-francisco", - "username": "dradmin", - "userpwd": "dradmin" - } - - ], - "subs": [ - { - "dcaeLocationName": "san-francisco", - "deliveryURL": "https://dcae-pm-mapper:8443/delivery", - "feedId": "1", - "owner": "dcae-pm-mapper", - "status": "VALID", - "subId": "1", - "suspended": false, - "use100": true, - "username": "pmmapper", - "userpwd": "pmmapper", - "decompressData": true, - "privilegedSubscriber": true - } - ] -}
\ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index aca2c83adb..195bcb47be 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -23,7 +23,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-prov:2.1.1 +image: onap/dmaap/datarouter-prov:2.1.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/dmaap/components/message-router/resources/topics/PM_MAPPER.json b/kubernetes/dmaap/components/message-router/resources/topics/PM_MAPPER.json deleted file mode 100644 index d2910b8398..0000000000 --- a/kubernetes/dmaap/components/message-router/resources/topics/PM_MAPPER.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "topicName": "PM_MAPPER", - "topicDescription": "The PM Mapper will be publishing perf3gpp VES events to this topic", - "owner": "pm-mapper", - "txenabled": false, - "clients": [{ - "dcaeLocationName": "san-francisco", - "clientIdentity": "dcae@dcae.onap.org", - "action": [ - "pub", - "view" - ] - }] -} diff --git a/kubernetes/helm/plugins/deploy/deploy.sh b/kubernetes/helm/plugins/deploy/deploy.sh index 3416a02596..1622689386 100755 --- a/kubernetes/helm/plugins/deploy/deploy.sh +++ b/kubernetes/helm/plugins/deploy/deploy.sh @@ -109,6 +109,12 @@ deploy() { FLAGS="$(echo $FLAGS| sed -n 's/--verbose//p')" VERBOSE="true" fi + # determine if delay for deployment is enabled + DELAY="false" + if [[ $FLAGS = *"--delay"* ]]; then + FLAGS="$(echo $FLAGS| sed -n 's/--delay//p')" + DELAY="true" + fi # determine if set-last-applied flag is enabled SET_LAST_APPLIED="false" if [[ $FLAGS = *"--set-last-applied"* ]]; then @@ -238,6 +244,10 @@ deploy() { > $LOG_FILE.log 2>&1 fi fi + if [[ $DELAY == "true" ]]; then + echo sleep 3m + sleep 3m + fi else array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}")) n=${#array[*]} diff --git a/kubernetes/modeling/charts/modeling-genericparser/values.yaml b/kubernetes/modeling/charts/modeling-genericparser/values.yaml index 37f4c427ba..467d7315b5 100644 --- a/kubernetes/modeling/charts/modeling-genericparser/values.yaml +++ b/kubernetes/modeling/charts/modeling-genericparser/values.yaml @@ -76,7 +76,7 @@ persistence: ## GKE, AWS & OpenStack) ## # storageClass: "-" - accessMode: ReadWriteMany + accessMode: ReadWriteOnce size: 2Gi mountPath: /dockerdata-nfs mountSubPath: modeling/genericparser diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index aef2e599fa..494cf7372d 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -28,7 +28,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/externalapi/nbi:5.0.0 +image: onap/externalapi/nbi:5.0.1 pullPolicy: Always sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU= aai_authorization: Basic QUFJOkFBSQ== diff --git a/kubernetes/onap/Chart.yaml b/kubernetes/onap/Chart.yaml index fa2ed65617..640efa6719 100644 --- a/kubernetes/onap/Chart.yaml +++ b/kubernetes/onap/Chart.yaml @@ -21,3 +21,4 @@ home: https://www.onap.org/ sources: - https://gerrit.onap.org/r/#/admin/projects/ icon: https://wiki.onap.org/download/thumbnails/1015829/onap_704x271%20copy.png?version=1&modificationDate=1488326334000&api=v2 +kubeVersion: ">=1.11.5-0" diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml index 1d1dd8b7a5..8b186c01d6 100755 --- a/kubernetes/onap/requirements.yaml +++ b/kubernetes/onap/requirements.yaml @@ -33,6 +33,10 @@ dependencies: version: ~5.x-0 repository: '@local' condition: cassandra.enabled + - name: cds + version: ~5.x-0 + repository: '@local' + condition: cds.enabled - name: clamp version: ~5.x-0 repository: '@local' diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx.yaml index ee27269564..07861444e7 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx.yaml @@ -26,6 +26,8 @@ aai: enabled: true appc: enabled: true +cds: + enabled: true clamp: enabled: true cli: diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index 04fbc97f54..c93f2c44f7 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -26,6 +26,8 @@ aai: enabled: true appc: enabled: true +cds: + enabled: true clamp: enabled: true cli: diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index c0095049b5..672ae2ef9e 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -77,6 +77,8 @@ appc: openStackEncryptedPassword: admin cassandra: enabled: false +cds: + enabled: false clamp: enabled: false cli: diff --git a/kubernetes/oof/charts/oof-has/values.yaml b/kubernetes/oof/charts/oof-has/values.yaml index e53c3422e9..0a003b68da 100755 --- a/kubernetes/oof/charts/oof-has/values.yaml +++ b/kubernetes/oof/charts/oof-has/values.yaml @@ -25,7 +25,7 @@ global: commonConfigPrefix: onap-oof-has image: readiness: oomk8s/readiness-check:2.0.0 - optf_has: onap/optf-has:1.3.1 + optf_has: onap/optf-has:1.3.2 filebeat: docker.elastic.co/beats/filebeat:5.5.0 pullPolicy: Always diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index d72b1f0457..a9b2b2a9c5 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -26,7 +26,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/optf-osdf:1.3.2 +image: onap/optf-osdf:1.3.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/policy-keystore b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/policy-keystore Binary files differdeleted file mode 100644 index ab25c3a341..0000000000 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/policy-keystore +++ /dev/null diff --git a/kubernetes/policy/charts/drools/resources/configmaps/amsterdam.pre.sh b/kubernetes/policy/charts/drools/resources/configmaps/amsterdam.pre.sh new file mode 100644 index 0000000000..5949db4dc4 --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/configmaps/amsterdam.pre.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + + +docker-entrypoint.sh nexus
\ No newline at end of file diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf b/kubernetes/policy/charts/drools/resources/configmaps/base.conf index e7c6928b0a..ba39b0b5ad 100644 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf +++ b/kubernetes/policy/charts/drools/resources/configmaps/base.conf @@ -1,4 +1,5 @@ -# Copyright © 2017-2018 Amdocs, Bell Canada, AT&T +# Copyright © 2017-2018 Amdocs, Bell Canada. +# Modifications Copyright (C) 2018-2019 AT&T Intellectual Property. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,41 +15,33 @@ # JVM options -JVM_OPTIONS=-server -Xms1024m -Xmx2048m +JVM_OPTIONS={{.Values.server.jvmOpts}} # SYSTEM software configuration POLICY_HOME=/opt/app/policy POLICY_LOGS=/var/log/onap/policy/pdpd JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk -KEYSTORE_PASSWD=Pol1cy_0nap -TRUSTSTORE_PASSWD=Pol1cy_0nap # Telemetry credentials TELEMETRY_PORT=9696 TELEMETRY_HOST=0.0.0.0 -TELEMETRY_USER=demo@people.osaaf.org -TELEMETRY_PASSWORD=demo123456! # nexus repository SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots -SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots/ +SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/ RELEASE_REPOSITORY_ID=policy-nexus-releases -RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases/ -REPOSITORY_USERNAME=admin -REPOSITORY_PASSWORD=admin123 +RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/ # Relational (SQL) DB access SQL_HOST={{.Values.global.mariadb.nameOverride}} -SQL_USER=policy_user -SQL_PASSWORD=policy_user # AAF -AAF=true +AAF={{.Values.aaf.enabled}} AAF_NAMESPACE=org.onap.policy AAF_HOST=aaf-locate.{{.Release.Namespace}} @@ -56,8 +49,6 @@ AAF_HOST=aaf-locate.{{.Release.Namespace}} PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION PDPD_CONFIGURATION_SERVERS=message-router -PDPD_CONFIGURATION_API_KEY= -PDPD_CONFIGURATION_API_SECRET= PDPD_CONFIGURATION_CONSUMER_GROUP= PDPD_CONFIGURATION_CONSUMER_INSTANCE= PDPD_CONFIGURATION_PARTITION_KEY= @@ -65,23 +56,14 @@ PDPD_CONFIGURATION_PARTITION_KEY= # PAP-PDP configuration channel POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP -POLICY_PDP_PAP_API_KEY= -POLICY_PDP_PAP_API_SECRET= # PAP PAP_HOST=policy-pap -PAP_USERNAME=healthcheck -PAP_PASSWORD=zb!XztG34 # PDP-X PDP_HOST=policy-xacml-pdp -PDP_USERNAME=healthcheck -PDP_PASSWORD=zb!XztG34 -PDP_CLIENT_USERNAME=python -PDP_CLIENT_PASSWORD=test -PDP_ENVIRONMENT=TEST # DCAE DMaaP @@ -96,23 +78,15 @@ DMAAP_SERVERS=message-router # AAI AAI_URL=https://aai.{{.Release.Namespace}}:8443 -AAI_USERNAME=policy@policy.onap.org -AAI_PASSWORD=demo123456! # MSO SO_URL=http://so.{{.Release.Namespace}}:8080/onap/so/infra -SO_USERNAME=InfraPortalClient -SO_PASSWORD=password1$ # VFC VFC_URL= -VFC_USERNAME= -VFC_PASSWORD= # SDNC SDNC_URL=http://sdnc.{{.Release.Namespace}}:8282/restconf/operations -SDNC_USERNAME=admin -SDNC_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/feature-pooling-dmaap.conf b/kubernetes/policy/charts/drools/resources/configmaps/feature-pooling-dmaap.conf index 7b95e79b4d..44d0bf18ce 100644 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/feature-pooling-dmaap.conf +++ b/kubernetes/policy/charts/drools/resources/configmaps/feature-pooling-dmaap.conf @@ -1,5 +1,5 @@ -# Copyright 2018 AT&T Intellectual Property. All rights reserved -# Modifications Copyright © 2018 Amdocs, Bell Canada +# Copyright 2018-2019 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/policy/charts/drools/resources/configmaps/status.post.sh b/kubernetes/policy/charts/drools/resources/configmaps/status.post.sh new file mode 100644 index 0000000000..e2d7381689 --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/configmaps/status.post.sh @@ -0,0 +1,20 @@ +#!/bin/bash +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +policy status diff --git a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh deleted file mode 100644 index ff7a64bdb9..0000000000 --- a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh +++ /dev/null @@ -1,107 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#!/bin/bash - -if [ "$#" -ne 4 ]; then - echo "Usage: $(basename $0) <k8s-host> <policy-pdp-node-port> <policy-drools-node-port> <resource-id>" - exit 1 -fi - -K8S_HOST=$1 -POLICY_PDP_PORT=$2 -POLICY_DROOLS_PORT=$3 -RESOURCE_ID=$4 - -echo -echo -echo "Removing the vFW Policy from PDP.." -echo -echo - -curl -v -k -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyComponent" : "PDP", - "policyName": "com.BRMSParamvFirewall", - "policyType": "BRMS_Param" -}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/deletePolicy - -sleep 20 - -echo - -echo -echo "Updating vFW Operational Policy .." -echo - -curl -v -k -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamvFirewall", - "policyDescription": "BRMS Param vFirewall policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller": "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+'${RESOURCE_ID}'%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/updatePolicy - -sleep 5 - -echo -echo -echo "Pushing the vFW Policy .." -echo -echo - -curl -v -k --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamvFirewall", - "policyType": "BRMS_Param" -}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/pushPolicy - -sleep 20 - -echo -echo -echo "Restarting PDP-D .." -echo -echo - -POD=$(kubectl --namespace {{ include "common.namespace" . }} get pods | sed 's/ .*//'| grep drools) -kubectl --namespace {{ include "common.namespace" . }} exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 5 && policy start" - -sleep 20 - -echo -echo -echo "PDP-D amsterdam maven coordinates .." -echo -echo - -curl -vvv -k --silent --user "demo@people.osaaf.org:demo123456!" -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools | python -m json.tool - - -echo -echo -echo "PDP-D control loop updated .." -echo -echo - -curl -v -k --silent --user "demo@people.osaaf.org:demo123456!" -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params | python -m json.tool diff --git a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf b/kubernetes/policy/charts/drools/resources/secrets/credentials.conf new file mode 100644 index 0000000000..36d3c3b376 --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/secrets/credentials.conf @@ -0,0 +1,56 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +KEYSTORE_PASSWD={{.Values.keystore.password}} +TRUSTSTORE_PASSWD={{.Values.truststore.password}} + +TELEMETRY_USER={{.Values.telemetry.user}} +TELEMETRY_PASSWORD={{.Values.telemetry.password}} + +REPOSITORY_USERNAME={{.Values.nexus.user}} +REPOSITORY_PASSWORD={{.Values.nexus.password}} + +SQL_USER={{.Values.db.user}} +SQL_PASSWORD={{.Values.db.password}} + +PDPD_CONFIGURATION_API_KEY={{.Values.dmaap.brmsgw.key}} +PDPD_CONFIGURATION_API_SECRET={{.Values.dmaap.brmsgw.secret}} + +POLICY_PDP_PAP_API_KEY={{.Values.dmaap.pap.key}} +POLICY_PDP_PAP_API_SECRET={{.Values.dmaap.pap.secret}} + +PAP_USERNAME={{.Values.pap.user}} +PAP_PASSWORD={{.Values.pap.password}} + +PDP_USERNAME={{.Values.pdp.user}} +PDP_PASSWORD={{.Values.pdp.password}} + +AAI_USERNAME={{.Values.aai.user}} +AAI_PASSWORD={{.Values.aai.password}} + +SO_USERNAME={{.Values.so.user}} +SO_PASSWORD={{.Values.so.password}} + +VFC_USERNAME={{.Values.vfc.user}} +VFC_PASSWORD={{.Values.vfc.password}} + +SDNC_USERNAME={{.Values.sdnc.user}} +SDNC_PASSWORD={{.Values.sdnc.password}} + +HEALTHCHECK_USER={{.Values.telemetry.user}} +HEALTHCHECK_PASSWORD={{.Values.telemetry.password}} diff --git a/kubernetes/policy/charts/drools/templates/configmap.yaml b/kubernetes/policy/charts/drools/templates/configmap.yaml index 1f9503130c..7daf473db2 100644 --- a/kubernetes/policy/charts/drools/templates/configmap.yaml +++ b/kubernetes/policy/charts/drools/templates/configmap.yaml @@ -19,4 +19,4 @@ metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} data: -{{ tpl (.Files.Glob "resources/config/opt/policy/config/drools/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/configmaps/*").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/charts/drools/templates/secrets.yaml b/kubernetes/policy/charts/drools/templates/secrets.yaml index e21084fe5d..31ba543c0e 100644 --- a/kubernetes/policy/charts/drools/templates/secrets.yaml +++ b/kubernetes/policy/charts/drools/templates/secrets.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018-2019 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,6 +23,8 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -data: -{{ (.Files.Glob "resources/config/opt/policy/config/drools/keys/*").AsSecrets | indent 2 }} type: Opaque +data: +{{- range $path, $bytes := .Files.Glob "resources/secrets/*" }} + {{ base $path }}: {{ tpl ($.Files.Get $path) $ | b64enc | quote }} +{{- end }} diff --git a/kubernetes/policy/charts/drools/templates/statefulset.yaml b/kubernetes/policy/charts/drools/templates/statefulset.yaml index beacbabd06..bb21ae14aa 100644 --- a/kubernetes/policy/charts/drools/templates/statefulset.yaml +++ b/kubernetes/policy/charts/drools/templates/statefulset.yaml @@ -78,15 +78,16 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /tmp/policy-install/config/feature-healthcheck.conf + {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }} + - mountPath: /tmp/policy-install/config/{{ base $path }} name: drools-secret - subPath: feature-healthcheck.conf - - mountPath: /tmp/policy-install/config/feature-pooling-dmaap.conf - name: drools-config - subPath: feature-pooling-dmaap.conf - - mountPath: /tmp/policy-install/config/base.conf + subPath: {{ base $path }} + {{- end }} + {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }} + - mountPath: /tmp/policy-install/config/{{ base $path }} name: drools-config - subPath: base.conf + subPath: {{ base $path }} + {{- end }} - mountPath: /var/log/onap name: policy-logs resources: @@ -125,18 +126,19 @@ spec: configMap: name: {{ include "common.fullname" . }}-configmap items: - - key: base.conf - path: base.conf - mode: 0755 - - key: feature-pooling-dmaap.conf - path: feature-pooling-dmaap.conf + {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }} + - key: {{ base $path }} + path: {{ base $path }} mode: 0755 + {{- end }} - name: drools-secret secret: secretName: {{ include "common.fullname" . }}-secret items: - - key: feature-healthcheck.conf - path: feature-healthcheck.conf + {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }} + - key: {{ base $path }} + path: {{ base $path }} mode: 0644 + {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml index 21f9169462..74e0fe8e1c 100644 --- a/kubernetes/policy/charts/drools/values.yaml +++ b/kubernetes/policy/charts/drools/values.yaml @@ -23,21 +23,18 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 ubuntuImage: ubuntu:16.04 + ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pdpd-cl:1.5.1 +image: onap/policy-pdpd-cl:1.5.2 pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false -# application configuration -config: - nexusPort: 8081 - # default number of instances replicaCount: 1 @@ -71,6 +68,65 @@ service: ingress: enabled: false +# Default installation values to be overridden + +server: + jvmOpts: -server -Xms1024m -Xmx2048m + +aaf: + enabled: "true" + +keystore: + password: Pol1cy_0nap + +truststore: + password: Pol1cy_0nap + +telemetry: + user: demo@people.osaaf.org + password: demo123456! + +nexus: + nexus: admin + password: admin123 + port: 8081 + +db: + user: policy_user + password: policy_user + +pap: + user: healthcheck + password: zb!XztG34 + +pdp: + user: healthcheck + password: zb!XztG34 + +aai: + user: policy@policy.onap.org + password: demo123456! + +so: + user: InfraPortalClient + password: password1$ + +vfc: + user: + password: + +sdnc: + user: admin + password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + +dmaap: + brmsgw: + key: + password: + pap: + key: + password: + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/policy/charts/policy-apex-pdp/values.yaml b/kubernetes/policy/charts/policy-apex-pdp/values.yaml index 381c825311..1dd1d18409 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-apex-pdp/values.yaml @@ -29,7 +29,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-apex-pdp:2.2.1 +image: onap/policy-apex-pdp:2.2.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml index bace88fe70..3a55227d81 100644 --- a/kubernetes/policy/charts/policy-api/values.yaml +++ b/kubernetes/policy/charts/policy-api/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-api:2.1.1 +image: onap/policy-api:2.1.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-pap/values.yaml b/kubernetes/policy/charts/policy-pap/values.yaml index e3cb999af1..bcf08f20e8 100644 --- a/kubernetes/policy/charts/policy-pap/values.yaml +++ b/kubernetes/policy/charts/policy-pap/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pap:2.1.1 +image: onap/policy-pap:2.1.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json index 5635c05efa..4483a1b51a 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json +++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json @@ -25,6 +25,14 @@ "https": true, "aaf": false }, + "policyApiParameters": { + "host": "policy-api", + "port": 6969, + "userName": "healthcheck", + "password": "zb!XztG34", + "https": true, + "aaf": false + }, "applicationPath": "/opt/app/policy/pdpx/apps", "topicParameterGroup": { "topicSources" : [{ diff --git a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml index 0f61c03939..161722b585 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-xacml-pdp:2.1.1 +image: onap/policy-xacml-pdp:2.1.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/portal/charts/portal-app/templates/deployment.yaml b/kubernetes/portal/charts/portal-app/templates/deployment.yaml index 5503328df4..dc27fdb6db 100644 --- a/kubernetes/portal/charts/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/charts/portal-app/templates/deployment.yaml @@ -55,6 +55,8 @@ spec: - "" - -n - "" + - -b + - "{{ .Values.global.env.tomcatDir }}" env: - name: CATALINA_OPTS value: > diff --git a/kubernetes/portal/charts/portal-cassandra/values.yaml b/kubernetes/portal/charts/portal-cassandra/values.yaml index c46ca4238c..e08f59b971 100644 --- a/kubernetes/portal/charts/portal-cassandra/values.yaml +++ b/kubernetes/portal/charts/portal-cassandra/values.yaml @@ -69,7 +69,7 @@ persistence: ## GKE, AWS & OpenStack) ## # storageClass: "-" - accessMode: ReadWriteMany + accessMode: ReadWriteOnce size: 2Gi mountPath: /dockerdata-nfs mountSubPath: portal/cassandra/data diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh index f00bf8b71d..28fcee1551 100644 --- a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh +++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh @@ -4,18 +4,18 @@ shopt -s nullglob # if command starts with an option, prepend mysqld if [ "${1:0:1}" = '-' ]; then - set -- mysqld "$@" + set -- mysqld "$@" fi # skip setup if they want an option that stops mysqld wantHelp= for arg; do - case "$arg" in - -'?'|--help|--print-defaults|-V|--version) - wantHelp=1 - break - ;; - esac + case "$arg" in + -'?'|--help|--print-defaults|-V|--version) + wantHelp=1 + break + ;; + esac done # usage: file_env VAR [DEFAULT] @@ -23,168 +23,174 @@ done # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of # "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" } _check_config() { - toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) - if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then - cat >&2 <<-EOM - - ERROR: mysqld failed while attempting to check config - command was: "${toRun[*]}" - - $errors - EOM - exit 1 - fi + toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) + if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then + cat >&2 <<-EOM + ERROR: mysqld failed while attempting to check config + command was: "${toRun[*]}" + $errors + EOM + exit 1 + fi } # Fetch value from server config # We use mysqld --verbose --help instead of my_print_defaults because the # latter only show values present in config files, and not server defaults _get_config() { - local conf="$1"; shift - "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null | awk '$1 == "'"$conf"'" { print $2; exit }' + local conf="$1"; shift + "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \ + | awk '$1 == "'"$conf"'" && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }' + # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)" } # allow the container to be started with `--user` if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then - _check_config "$@" - DATADIR="$(_get_config 'datadir' "$@")" - mkdir -p "$DATADIR" - find "$DATADIR" \! -user mysql -exec chown mysql '{}' + - exec gosu mysql "$BASH_SOURCE" "$@" + _check_config "$@" + DATADIR="$(_get_config 'datadir' "$@")" + mkdir -p "$DATADIR" + find "$DATADIR" \! -user mysql -exec chown mysql '{}' + + exec gosu mysql "$BASH_SOURCE" "$@" fi if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then - # still need to check config, container may have started with --user - _check_config "$@" - # Get config - DATADIR="$(_get_config 'datadir' "$@")" - - if [ ! -d "$DATADIR/mysql" ]; then - file_env 'MYSQL_ROOT_PASSWORD' - if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then - echo >&2 'error: database is uninitialized and password option is not specified ' - echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD' - exit 1 - fi - - mkdir -p "$DATADIR" - - echo 'Initializing database' - # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here) - mysql_install_db --datadir="$DATADIR" --rpm "${@:2}" - echo 'Database initialized' - - SOCKET="$(_get_config 'socket' "$@")" - "$@" --skip-networking --socket="${SOCKET}" & - pid="$!" - - mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" ) - - for i in {60..0}; do - if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then - break - fi - echo 'MySQL init process in progress...' - sleep 1 - done - if [ "$i" = 0 ]; then - echo >&2 'MySQL init process failed.' - exit 1 - fi - - if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then - # sed is for https://bugs.mysql.com/bug.php?id=20545 - mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql - fi - - if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then - export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)" - echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" - fi - - rootCreate= - # default root to listen for connections from anywhere - file_env 'MYSQL_ROOT_HOST' '%' - if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then - # no, we don't care if read finds a terminating character in this heredoc - # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151 - read -r -d '' rootCreate <<-EOSQL || true - CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; - GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ; - EOSQL - fi - - "${mysql[@]}" <<-EOSQL - -- What's done in this file shouldn't be replicated - -- or products like mysql-fabric won't work - SET @@SESSION.SQL_LOG_BIN=0; - - DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ; - SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ; - GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ; - ${rootCreate} - DROP DATABASE IF EXISTS test ; - FLUSH PRIVILEGES ; - EOSQL - - if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then - mysql+=( -p"${MYSQL_ROOT_PASSWORD}" ) - fi - - file_env 'MYSQL_DATABASE' - if [ "$MYSQL_DATABASE" ]; then - echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}" - mysql+=( "$MYSQL_DATABASE" ) - fi - - file_env 'MYSQL_USER' - file_env 'MYSQL_PASSWORD' - if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then - echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}" - - if [ "$MYSQL_DATABASE" ]; then - echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" - fi - fi - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; - *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - if ! kill -s TERM "$pid" || ! wait "$pid"; then - echo >&2 'MySQL init process failed.' - exit 1 - fi - - echo - echo 'MySQL init process done. Ready for start up.' - echo - fi + # still need to check config, container may have started with --user + _check_config "$@" + # Get config + DATADIR="$(_get_config 'datadir' "$@")" + + if [ ! -d "$DATADIR/mysql" ]; then + file_env 'MYSQL_ROOT_PASSWORD' + if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then + echo >&2 'error: database is uninitialized and password option is not specified ' + echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD' + exit 1 + fi + + mkdir -p "$DATADIR" + + echo 'Initializing database' + installArgs=( --datadir="$DATADIR" --rpm ) + if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then + # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password + # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3 + # (this flag doesn't exist in 10.0 and below) + installArgs+=( --auth-root-authentication-method=normal ) + fi + # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here) + mysql_install_db "${installArgs[@]}" "${@:2}" + echo 'Database initialized' + + SOCKET="$(_get_config 'socket' "$@")" + "$@" --skip-networking --socket="${SOCKET}" & + pid="$!" + + mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" ) + + for i in {60..0}; do + if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then + break + fi + echo 'MySQL init process in progress...' + sleep 1 + done + if [ "$i" = 0 ]; then + echo >&2 'MySQL init process failed.' + exit 1 + fi + + if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then + # sed is for https://bugs.mysql.com/bug.php?id=20545 + mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql + fi + + if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then + export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)" + echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" + fi + + rootCreate= + # default root to listen for connections from anywhere + file_env 'MYSQL_ROOT_HOST' '%' + if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then + # no, we don't care if read finds a terminating character in this heredoc + # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151 + read -r -d '' rootCreate <<-EOSQL || true + CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; + GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ; + EOSQL + fi + + "${mysql[@]}" <<-EOSQL + -- What's done in this file shouldn't be replicated + -- or products like mysql-fabric won't work + SET @@SESSION.SQL_LOG_BIN=0; + DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ; + SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ; + GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ; + ${rootCreate} + DROP DATABASE IF EXISTS test ; + FLUSH PRIVILEGES ; + EOSQL + + if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then + mysql+=( -p"${MYSQL_ROOT_PASSWORD}" ) + fi + + file_env 'MYSQL_DATABASE' + if [ "$MYSQL_DATABASE" ]; then + echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}" + mysql+=( "$MYSQL_DATABASE" ) + fi + + file_env 'MYSQL_USER' + file_env 'MYSQL_PASSWORD' + if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then + echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}" + + if [ "$MYSQL_DATABASE" ]; then + echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" + fi + fi + + echo + for f in /docker-entrypoint-initdb.d/*; do + case "$f" in + *.sh) echo "$0: running $f"; . "$f" ;; + *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done + + if ! kill -s TERM "$pid" || ! wait "$pid"; then + echo >&2 'MySQL init process failed.' + exit 1 + fi + + echo + echo 'MySQL init process done. Ready for start up.' + echo + fi fi exec "$@"
\ No newline at end of file diff --git a/kubernetes/portal/charts/portal-mariadb/values.yaml b/kubernetes/portal/charts/portal-mariadb/values.yaml index e00f0fcebb..8869b94467 100644 --- a/kubernetes/portal/charts/portal-mariadb/values.yaml +++ b/kubernetes/portal/charts/portal-mariadb/values.yaml @@ -111,7 +111,7 @@ persistence: ## GKE, AWS & OpenStack) ## # storageClass: "-" - accessMode: ReadWriteMany + accessMode: ReadWriteOnce size: 2Gi mountPath: /dockerdata-nfs mountSubPath: portal/mariadb/data diff --git a/kubernetes/portal/values.yaml b/kubernetes/portal/values.yaml index f8eccf7b27..9dbdd7cfd9 100644 --- a/kubernetes/portal/values.yaml +++ b/kubernetes/portal/values.yaml @@ -15,7 +15,7 @@ global: env: - tomcatDir: "/opt/apache-tomcat-8.0.37" + tomcatDir: "/usr/local/tomcat" # portal frontend port portalPort: "8989" portalFEPort: "30225" diff --git a/kubernetes/robot b/kubernetes/robot -Subproject b6b5b0e6f8880e3a922a2fef97e95e501347522 +Subproject db5b5ffbd1e2281664a42ea128cde83f3dd6c8f diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml index b20288072b..928252d334 100644 --- a/kubernetes/sdc/charts/sdc-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-be/values.yaml @@ -36,7 +36,7 @@ pullPolicy: Always debugEnabled: false config: - javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=4000,server=y,suspend=n -Xmx1536m -Xms1536m" + javaOptions: "-Xmx1536m -Xms1536m" cassandraSslEnabled: "false" # default number of instances diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/charts/sdc-cs/values.yaml index 49e5ac05f6..fdad3fe16a 100644 --- a/kubernetes/sdc/charts/sdc-cs/values.yaml +++ b/kubernetes/sdc/charts/sdc-cs/values.yaml @@ -85,7 +85,7 @@ persistence: ## GKE, AWS & OpenStack) ## # storageClass: "-" - accessMode: ReadWriteMany + accessMode: ReadWriteOnce size: 2Gi mountPath: /dockerdata-nfs mountSubPath: /sdc/sdc-cs/CS diff --git a/kubernetes/sdc/charts/sdc-es/values.yaml b/kubernetes/sdc/charts/sdc-es/values.yaml index 4c0a6cc768..31386333fb 100644 --- a/kubernetes/sdc/charts/sdc-es/values.yaml +++ b/kubernetes/sdc/charts/sdc-es/values.yaml @@ -89,7 +89,7 @@ persistence: ## GKE, AWS & OpenStack) ## # storageClass: "-" - accessMode: ReadWriteMany + accessMode: ReadWriteOnce size: 2Gi mountPath: /dockerdata-nfs mountSubPath: /sdc/sdc-es/ES diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml index fba4c568f0..d3ea244368 100644 --- a/kubernetes/sdc/charts/sdc-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-fe/values.yaml @@ -32,7 +32,7 @@ image: onap/sdc-frontend:1.5.1 pullPolicy: Always config: - javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=6000,server=y,suspend=n -Xmx256m -Xms256m" + javaOptions: "-Xmx256m -Xms256m" plugins: dcae_discovery_url: "http://sdc-dcae-fe:8183/dcaed/#/home" dcae_source_url: "http://sdc.dcae.plugin.simpledemo.onap.org:30263/dcaed/#/home" diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml index 32b8cdb18d..fac4dd0502 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml @@ -36,7 +36,7 @@ pullPolicy: Always debugEnabled: false config: - javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=4001,server=y,suspend=n -Xmx1g -Xms1g" + javaOptions: "-Xmx1g -Xms1g" cassandraSslEnabled: "false" # default number of instances @@ -85,7 +85,7 @@ persistence: ## GKE, AWS & OpenStack) ## # storageClass: "-" - accessMode: ReadWriteMany + accessMode: ReadWriteOnce size: 2Gi mountPath: /dockerdata-nfs mountSubPath: /sdc/sdc-cs/CS diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml index 73eea4af7e..691963733f 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml @@ -39,7 +39,7 @@ initJob: enabled: true config: - javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7001,server=y,suspend=n -Xmx1536m -Xms1536m" + javaOptions: "-Xmx1536m -Xms1536m" cassandraAuthenticationEnabled: true cassandraThriftClientPort: 9160 cassandraClientPort: 9042 diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml index 639c811b08..09fe3291e0 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml @@ -35,7 +35,7 @@ pullPolicy: Always debugEnabled: false config: - javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7000,server=y,suspend=n -Xmx256m -Xms256m" + javaOptions: "-Xmx256m -Xms256m" backendServerURL: "http://sdc-wfd-be:8080" isHttpsEnabled: true diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml index 31575ca40f..0637c040c0 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml @@ -64,8 +64,8 @@ service: type: NodePort name: sdnc-portal portName: sdnc-portal - internalPort: 8843 - externalPort: 8843 + internalPort: 8443 + externalPort: 8443 nodePort: "01" ingress: diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml index 913fed12ba..c3b757ae14 100644 --- a/kubernetes/sdnc/requirements.yaml +++ b/kubernetes/sdnc/requirements.yaml @@ -16,10 +16,6 @@ dependencies: - name: common version: ~5.x-0 repository: '@local' - - name: cds - version: ~5.x-0 - repository: '@local' - condition: cds.enabled - name: network-name-gen version: ~5.x-0 repository: '@local' diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 2df38b74e7..0cde728e67 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -103,7 +103,7 @@ config: # dependency / sub-chart configuration cds: - enabled: true + enabled: false dmaap-listener: nameOverride: sdnc-dmaap-listener diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/charts/so-bpmn-infra/values.yaml index d004b12aa3..89b0eb4183 100755 --- a/kubernetes/so/charts/so-bpmn-infra/values.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/bpmn-infra:1.5.1 +image: onap/so/bpmn-infra:1.5.2 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml index 863d0318db..57b7fe50b2 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/catalog-db-adapter:1.5.1 +image: onap/so/catalog-db-adapter:1.5.2 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/charts/so-monitoring/values.yaml index f0b273c01c..7539e47af9 100644 --- a/kubernetes/so/charts/so-monitoring/values.yaml +++ b/kubernetes/so/charts/so-monitoring/values.yaml @@ -32,7 +32,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/so-monitoring:1.5.1 +image: onap/so/so-monitoring:1.5.2 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-openstack-adapter/values.yaml b/kubernetes/so/charts/so-openstack-adapter/values.yaml index 792fab90fc..c570f5eb45 100755 --- a/kubernetes/so/charts/so-openstack-adapter/values.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/values.yaml @@ -26,7 +26,7 @@ global: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/openstack-adapter:1.5.1 +image: onap/so/openstack-adapter:1.5.2 pullPolicy: Always repository: nexus3.onap.org:10001 diff --git a/kubernetes/so/charts/so-request-db-adapter/values.yaml b/kubernetes/so/charts/so-request-db-adapter/values.yaml index b440a0af8f..028d123a31 100755 --- a/kubernetes/so/charts/so-request-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-request-db-adapter/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/request-db-adapter:1.5.1 +image: onap/so/request-db-adapter:1.5.2 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-sdc-controller/values.yaml b/kubernetes/so/charts/so-sdc-controller/values.yaml index a6be6c5734..1259435ec9 100755 --- a/kubernetes/so/charts/so-sdc-controller/values.yaml +++ b/kubernetes/so/charts/so-sdc-controller/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/sdc-controller:1.5.1 +image: onap/so/sdc-controller:1.5.2 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-sdnc-adapter/values.yaml b/kubernetes/so/charts/so-sdnc-adapter/values.yaml index c0ae22324f..e48c9c93e2 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/sdnc-adapter:1.5.1 +image: onap/so/sdnc-adapter:1.5.2 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-vfc-adapter/values.yaml b/kubernetes/so/charts/so-vfc-adapter/values.yaml index 4bf6051a9f..1663fb350c 100755 --- a/kubernetes/so/charts/so-vfc-adapter/values.yaml +++ b/kubernetes/so/charts/so-vfc-adapter/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/vfc-adapter:1.5.1 +image: onap/so/vfc-adapter:1.5.2 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-vnfm-adapter/values.yaml index 445154f717..d29bff28aa 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/values.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/values.yaml @@ -26,7 +26,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/vnfm-adapter:1.5.1 +image: onap/so/vnfm-adapter:1.5.2 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 9750efe265..ae126fa78e 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -43,7 +43,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/api-handler-infra:1.5.1 +image: onap/so/api-handler-infra:1.5.2 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index 6d365a4493..c74f4177c9 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -27,7 +27,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/vid:5.0.1 +image: onap/vid:5.0.2 pullPolicy: Always # mariadb image for initializing |