diff options
Diffstat (limited to 'kubernetes')
24 files changed, 461 insertions, 33 deletions
diff --git a/kubernetes/aai/charts/aai-data-router/resources/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-data-router/resources/config/auth/tomcat_keystore Binary files differindex 9eec841aa2..de5325b4aa 100644 --- a/kubernetes/aai/charts/aai-data-router/resources/config/auth/tomcat_keystore +++ b/kubernetes/aai/charts/aai-data-router/resources/config/auth/tomcat_keystore diff --git a/kubernetes/aai/charts/aai-data-router/resources/config/log/logback.xml b/kubernetes/aai/charts/aai-data-router/resources/config/log/logback.xml new file mode 100644 index 0000000000..d7ff0143a1 --- /dev/null +++ b/kubernetes/aai/charts/aai-data-router/resources/config/log/logback.xml @@ -0,0 +1,193 @@ +<!-- + ============LICENSE_START======================================================= + org.onap.aai + ================================================================================ + Copyright © 2018 AT&T Intellectual Property. All rights reserved. + Copyright © 2018 Amdocs + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= +--> +<configuration scan="true" scanPeriod="3 seconds" debug="false"> + <!--<jmxConfigurator /> --> + <!-- directory path for all other type logs --> + + <property name="logDir" value="/var/log/onap" /> + + <!-- specify the component name --> + <property name="componentName" value="AAI-DR" /> + + <!-- default eelf log file names --> + <property name="generalLogName" value="error" /> + <property name="metricsLogName" value="metrics" /> + <property name="auditLogName" value="audit" /> + <property name="debugLogName" value="debug" /> + + <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|data-router|%mdc{PartnerName}|%logger||%.-5level|%msg%n" /> + <property name="auditMetricPattern" value="%m%n" /> + + <property name="logDirectory" value="${logDir}/${componentName}" /> + + <!-- Example evaluator filter applied against console appender --> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + + <!-- ============================================================================ --> + <!-- EELF Appenders --> + <!-- ============================================================================ --> + + <!-- The EELFAppender is used to record events to the general application + log --> + + <appender name="EELF" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${generalLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender"> + <!-- deny all events with a level below INFO, that is TRACE and DEBUG --> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>INFO</level> + </filter> + <queueSize>256</queueSize> + <appender-ref ref="EELF" /> + </appender> + + <!-- EELF Audit Appender. This appender is used to record audit engine + related logging events. The audit logger and appender are specializations + of the EELF application root logger and appender. This can be used to segregate + Policy engine events from other components, or it can be eliminated to record + these events as part of the application root log. --> + + <appender name="EELFAudit" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${auditLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${auditMetricPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFAudit" /> + </appender> + + <appender name="EELFMetrics" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${metricsLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - + %msg%n"</pattern> --> + <pattern>${auditMetricPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFMetrics"/> + </appender> + + <appender name="EELFDebug" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${debugLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFDebug" /> + <includeCallerData>false</includeCallerData> + </appender> + + <!-- ============================================================================ --> + <!-- EELF loggers --> + <!-- ============================================================================ --> + <logger name="com.att.eelf" level="info" additivity="false"> + <appender-ref ref="asyncEELF" /> + <appender-ref ref="asyncEELFDebug" /> + </logger> + + <logger name="com.att.eelf.audit" level="info" additivity="false"> + <appender-ref ref="asyncEELFAudit" /> + </logger> + <logger name="com.att.eelf.metrics" level="info" additivity="false"> + <appender-ref ref="asyncEELFMetrics" /> + </logger> + + <!-- Spring related loggers --> + <logger name="org.springframework" level="WARN" /> + <logger name="org.springframework.beans" level="WARN" /> + <logger name="org.springframework.web" level="WARN" /> + <logger name="com.blog.spring.jms" level="WARN" /> + + <!-- Data Router service loggers --> + <logger name="org.onap.aai.data-router" level="INFO" /> + + <!-- Other Loggers that may help troubleshoot --> + <logger name="net.sf" level="WARN" /> + <logger name="org.apache" level="WARN" /> + <logger name="org.apache.commons.httpclient" level="WARN" /> + <logger name="org.apache.commons" level="WARN" /> + <logger name="org.apache.coyote" level="WARN" /> + <logger name="org.apache.jasper" level="WARN" /> + + <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. + May aid in troubleshooting) --> + <logger name="org.apache.camel" level="WARN" /> + <logger name="org.apache.cxf" level="WARN" /> + <logger name="org.apache.camel.processor.interceptor" level="WARN" /> + <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" /> + <logger name="org.apache.cxf.service" level="WARN" /> + <logger name="org.restlet" level="WARN" /> + <logger name="org.apache.camel.component.restlet" level="WARN" /> + + <!-- logback internals logging --> + <logger name="ch.qos.logback.classic" level="WARN" /> + <logger name="ch.qos.logback.core" level="WARN" /> + + <root> + <appender-ref ref="asyncEELF" /> + <!-- <appender-ref ref="asyncEELFDebug" /> --> + </root> + +</configuration> diff --git a/kubernetes/aai/charts/aai-data-router/resources/dynamic/conf/entity-event-policy.xml b/kubernetes/aai/charts/aai-data-router/resources/dynamic/conf/entity-event-policy.xml index acfe0a5933..60e71ecfb0 100644 --- a/kubernetes/aai/charts/aai-data-router/resources/dynamic/conf/entity-event-policy.xml +++ b/kubernetes/aai/charts/aai-data-router/resources/dynamic/conf/entity-event-policy.xml @@ -34,9 +34,9 @@ <property name="searchKeystore" value="tomcat_keystore" /> </bean> - <bean id="consumerBeanEntityEvent" class="org.onap.aai.event.client.DMaaPEventConsumer " > - <constructor-arg name="host" value="message-router.{{.Release.Namespace}}:3904" /> - <constructor-arg name="topic" value="AAI-EVENT" /> + <bean id="consumerBeanEntityEvent" class="org.onap.aai.event.client.DMaaPEventConsumer" > + <constructor-arg name="host" value="message-router.{{.Release.Namespace}}:{{.Values.event.port.dmaap}}" /> + <constructor-arg name="topic" value="{{.Values.event.consumer.topic}}" /> <constructor-arg name="username" value="" /> <constructor-arg name="password" value="" /> <constructor-arg name="consumerGroup" value="datarouter" /> @@ -44,6 +44,8 @@ <constructor-arg name="timeoutMs" value="1000" /> <constructor-arg name="messageLimit" value="100" /> <constructor-arg name="transportType" value="HTTPAUTH" /> + <constructor-arg name="protocol" value="{{.Values.event.protocol}}" /> + <constructor-arg name="contentType" value="application/json" /> </bean> <bean id="entityEventPolicy" class="org.onap.aai.datarouter.policy.EntityEventPolicy" init-method="startup" > diff --git a/kubernetes/aai/charts/aai-data-router/templates/configmap.yaml b/kubernetes/aai/charts/aai-data-router/templates/configmap.yaml index 6cfc3bef7a..23d3dbbcb9 100644 --- a/kubernetes/aai/charts/aai-data-router/templates/configmap.yaml +++ b/kubernetes/aai/charts/aai-data-router/templates/configmap.yaml @@ -38,3 +38,29 @@ metadata: data: {{ tpl (.Files.Glob "resources/dynamic/routes/entity-event.route").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/dynamic/conf/entity-event-policy.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-filebeat-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-data-router/templates/deployment.yaml b/kubernetes/aai/charts/aai-data-router/templates/deployment.yaml index 8ab2d3383a..83542dabe5 100644 --- a/kubernetes/aai/charts/aai-data-router/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-data-router/templates/deployment.yaml @@ -94,7 +94,10 @@ spec: - mountPath: /opt/app/data-router/dynamic/conf/entity-event-policy.xml subPath: entity-event-policy.xml name: {{ include "common.fullname" . }}-dynamic-policy - - mountPath: /logs/ + - mountPath: /opt/app/data-router/bundleconfig/etc/logback.xml + name: {{ include "common.fullname" . }}-logback-config + subPath: logback.xml + - mountPath: /var/log/onap name: {{ include "common.fullname" . }}-logs ports: - containerPort: {{ .Values.service.internalPort }} @@ -112,10 +115,28 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} resources: {{ include "common.resources" . | indent 12 }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: aai-filebeat volumes: - name: localtime hostPath: path: /etc/localtime + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: aai-filebeat + emptyDir: {} - name: {{ include "common.fullname" . }}-auth secret: secretName: {{ include "common.fullname" . }} @@ -134,8 +155,13 @@ spec: configMap: name: {{ include "common.fullname" . }}-dynamic - name: {{ include "common.fullname" . }}-logs - hostPath: - path: {{ .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} + emptyDir: {} + - name: {{ include "common.fullname" . }}-logback-config + configMap: + name: {{ include "common.fullname" . }}-log-configmap + items: + - key: logback.xml + path: logback.xml restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/charts/aai-data-router/values.yaml b/kubernetes/aai/charts/aai-data-router/values.yaml index ba4258257a..c1fa49f3f0 100644 --- a/kubernetes/aai/charts/aai-data-router/values.yaml +++ b/kubernetes/aai/charts/aai-data-router/values.yaml @@ -17,7 +17,7 @@ # Declare variables to be passed into your templates. global: # global defaults nodePortPrefix: 302 - + loggingImage: beats/filebeat:5.5.0 # application image repository: nexus3.onap.org:10001 @@ -97,4 +97,12 @@ resources: requests: cpu: 4 memory: 8Gi - unlimited: {}
\ No newline at end of file + unlimited: {} + +# Entity Event route configuration +event: + port: + dmaap: 3905 + protocol: https + consumer: + topic: AAI-EVENT diff --git a/kubernetes/consul/resources/config/consul-agent-config/policy-health.json b/kubernetes/consul/resources/config/consul-agent-config/policy-health.json index 62a6f31223..9cad9dc1d5 100644 --- a/kubernetes/consul/resources/config/consul-agent-config/policy-health.json +++ b/kubernetes/consul/resources/config/consul-agent-config/policy-health.json @@ -67,7 +67,7 @@ "http": "https://drools:6969/healthcheck", "method": "GET", "header": { - "Authorization": ["Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0"], + "Authorization": ["Basic ZGVtb0BwZW9wbGUub3NhYWYub3JnOmRlbW8xMjM0NTYh"], "Cache-Control": ["no-cache"], "Content-Type": ["application/json"], "Accept": ["application/json"] diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-datafile-collector-input.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml index ce7aa1e998..ce7aa1e998 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-datafile-collector-input.yaml +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml diff --git a/kubernetes/nbi/charts/mariadb/values.yaml b/kubernetes/nbi/charts/mariadb/values.yaml index dd93b924ae..dc5aa89e7d 100644 --- a/kubernetes/nbi/charts/mariadb/values.yaml +++ b/kubernetes/nbi/charts/mariadb/values.yaml @@ -80,16 +80,16 @@ flavor: small resources: small: limits: - cpu: 2 - memory: 4Gi - requests: cpu: 1 - memory: 2Gi + memory: 500Mi + requests: + cpu: 10m + memory: 200Mi large: limits: - cpu: 4 - memory: 8Gi + cpu: 1 + memory: 1Gi requests: - cpu: 2 - memory: 4Gi + cpu: 20m + memory: 400Mi unlimited: {} diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf index c5c35d84b9..898f2b8fb6 100644 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf +++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf @@ -24,8 +24,8 @@ TRUSTSTORE_PASSWD=Pol1cy_0nap ENGINE_MANAGEMENT_PORT=9696 ENGINE_MANAGEMENT_HOST=0.0.0.0 -ENGINE_MANAGEMENT_USER=@1b3rt -ENGINE_MANAGEMENT_PASSWORD=31nst31n +ENGINE_MANAGEMENT_USER=demo@people.osaaf.org +ENGINE_MANAGEMENT_PASSWORD=demo123456! # nexus repository diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf index cbb45a5828..20d8298472 100644 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf +++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf @@ -1,4 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T +# Copyright © 2017-2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,5 +12,5 @@ # See the License for the specific language governing permissions and # limitations under the License. -HEALTHCHECK_USER=healthcheck -HEALTHCHECK_PASSWORD=zb!XztG34 +HEALTHCHECK_USER=demo@people.osaaf.org +HEALTHCHECK_PASSWORD=demo123456! diff --git a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh index e85449a6da..ff7a64bdb9 100644 --- a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh +++ b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh @@ -95,7 +95,7 @@ echo "PDP-D amsterdam maven coordinates .." echo echo -curl -vvv -k --silent --user @1b3rt:31nst31n -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools | python -m json.tool +curl -vvv -k --silent --user "demo@people.osaaf.org:demo123456!" -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools | python -m json.tool echo @@ -104,4 +104,4 @@ echo "PDP-D control loop updated .." echo echo -curl -v -k --silent --user @1b3rt:31nst31n -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params | python -m json.tool +curl -v -k --silent --user "demo@people.osaaf.org:demo123456!" -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params | python -m json.tool diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/ndcb.properties b/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/ndcb.properties index aa80aed310..f07cb65c31 100755 --- a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/ndcb.properties +++ b/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/ndcb.properties @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -server.host={{ .Values.config.networkdiscoveryCtxBuilderHost }} +server.host={{ .Values.global.networkdiscoveryCtxBuilderHost }} basicauth.username={{ .Values.config.networkdiscoveryCtxBuilderUsername }} basicauth.password={{ .Values.config.networkdiscoveryCtxBuilderPassword }} server.port={{ .Values.config.ctxBuilderExternalPort }} diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/values.yaml b/kubernetes/pomba/charts/pomba-contextaggregator/values.yaml index 905ea87efa..9535a7ebd5 100755 --- a/kubernetes/pomba/charts/pomba-contextaggregator/values.yaml +++ b/kubernetes/pomba/charts/pomba-contextaggregator/values.yaml @@ -40,7 +40,6 @@ config: sdncCtxBuilderHost: pomba-sdncctxbuilder sdncCtxBuilderUsername: admin sdncCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30 - networkdiscoveryCtxBuilderHost: pomba-networkdiscoveryctxbuilder networkdiscoveryCtxBuilderUsername: admin networkdiscoveryCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30 ctxBuilderExternalPort: 9530 diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/application.properties b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/application.properties index f84906e9ef..5317ab353c 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/application.properties +++ b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/application.properties @@ -31,6 +31,7 @@ server.tomcat.max-idle-time=60000 # Network Discovery Context Builder REST Service networkDiscoveryCtxBuilder.httpProtocol={{ .Values.config.networkDiscoveryCtxBuilderHttpProtocol }} +networkDiscoveryCtxBuilder.serviceName={{ .Values.global.networkdiscoveryCtxBuilderHost }} networkDiscoveryCtxBuilder.port={{ .Values.config.networkDiscoveryCtxBuilderPort }} # Basic Authorization credentials for Network Discovery Context Builder REST Service networkDiscoveryCtxBuilder.userId={{ .Values.config.networkDiscoveryCtxBuilderUserId }} diff --git a/kubernetes/pomba/values.yaml b/kubernetes/pomba/values.yaml index f0acaa5b88..04e89f07b3 100644 --- a/kubernetes/pomba/values.yaml +++ b/kubernetes/pomba/values.yaml @@ -22,6 +22,7 @@ global: loggingImage: beats/filebeat:5.5.0 repository: nexus3.onap.org:10001 dockerhubRepository: docker.io + networkdiscoveryCtxBuilderHost: pomba-networkdiscoveryctxbuilder # application configuration config: diff --git a/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAP.keystore b/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAP.keystore Binary files differnew file mode 100644 index 0000000000..ff0f0d76a4 --- /dev/null +++ b/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAP.keystore diff --git a/kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jks b/kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jks Binary files differnew file mode 100644 index 0000000000..ff844b109d --- /dev/null +++ b/kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jks diff --git a/kubernetes/portal/charts/portal-app/resources/server/server.xml b/kubernetes/portal/charts/portal-app/resources/server/server.xml new file mode 100644 index 0000000000..09c2f8405f --- /dev/null +++ b/kubernetes/portal/charts/portal-app/resources/server/server.xml @@ -0,0 +1,147 @@ +<?xml version='1.0' encoding='utf-8'?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!-- Note: A "Server" is not itself a "Container", so you may not + define subcomponents such as "Valves" at this level. + Documentation at /docs/config/server.html + --> +<Server port="8005" shutdown="SHUTDOWN"> + <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> + <!-- Security listener. Documentation at /docs/config/listeners.html + <Listener className="org.apache.catalina.security.SecurityListener" /> + --> + <!--APR library loader. Documentation at /docs/apr.html --> + <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> + <!-- Prevent memory leaks due to use of particular java/javax APIs--> + <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> + <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> + <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> + + <!-- Global JNDI resources + Documentation at /docs/jndi-resources-howto.html + --> + <GlobalNamingResources> + <!-- Editable user database that can also be used by + UserDatabaseRealm to authenticate users + --> + <Resource name="UserDatabase" auth="Container" + type="org.apache.catalina.UserDatabase" + description="User database that can be updated and saved" + factory="org.apache.catalina.users.MemoryUserDatabaseFactory" + pathname="conf/tomcat-users.xml" /> + </GlobalNamingResources> + + <!-- A "Service" is a collection of one or more "Connectors" that share + a single "Container" Note: A "Service" is not itself a "Container", + so you may not define subcomponents such as "Valves" at this level. + Documentation at /docs/config/service.html + --> + <Service name="Catalina"> + + <!--The connectors can use a shared executor, you can define one or more named thread pools--> + <!-- + <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" + maxThreads="150" minSpareThreads="4"/> + --> + + + <!-- A "Connector" represents an endpoint by which requests are received + and responses are returned. Documentation at : + Java HTTP Connector: /docs/config/http.html (blocking & non-blocking) + Java AJP Connector: /docs/config/ajp.html + APR (HTTP/AJP) Connector: /docs/apr.html + Define a non-SSL/TLS HTTP/1.1 Connector on port 8080 + --> + <Connector port="8080" protocol="HTTP/1.1" + connectionTimeout="20000" + redirectPort="8443" /> + <!-- A "Connector" using the shared thread pool--> + <!-- + <Connector executor="tomcatThreadPool" + port="8080" protocol="HTTP/1.1" + connectionTimeout="20000" + redirectPort="8443" /> + --> + <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 + This connector uses the NIO implementation that requires the JSSE + style configuration. When using the APR/native implementation, the + OpenSSL style configuration is required as described in the APR/native + documentation --> + <!-- + <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" + maxThreads="150" SSLEnabled="true" scheme="https" secure="true" + clientAuth="false" sslProtocol="TLS" /> + --> + + <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" + maxThreads="150" SSLEnabled="true" scheme="https" secure="true" + keystoreFile="keystoreONAP.keystore" keystorePass="{{ .Values.global.keypass }}" + clientAuth="false" sslProtocol="TLS" /> + + <!-- Define an AJP 1.3 Connector on port 8009 --> + <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> + + + <!-- An Engine represents the entry point (within Catalina) that processes + every request. The Engine implementation for Tomcat stand alone + analyzes the HTTP headers included with the request, and passes them + on to the appropriate Host (virtual host). + Documentation at /docs/config/engine.html --> + + <!-- You should set jvmRoute to support load-balancing via AJP ie : + <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> + --> + <Engine name="Catalina" defaultHost="localhost"> + + <!--For clustering, please take a look at documentation at: + /docs/cluster-howto.html (simple how to) + /docs/config/cluster.html (reference documentation) --> + <!-- + <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> + --> + + <!-- Use the LockOutRealm to prevent attempts to guess user passwords + via a brute-force attack --> + <Realm className="org.apache.catalina.realm.LockOutRealm"> + <!-- This Realm uses the UserDatabase configured in the global JNDI + resources under the key "UserDatabase". Any edits + that are performed against this UserDatabase are immediately + available for use by the Realm. --> + <Realm className="org.apache.catalina.realm.UserDatabaseRealm" + resourceName="UserDatabase"/> + </Realm> + + <Host name="localhost" appBase="webapps" + unpackWARs="true" autoDeploy="true"> + + <!-- SingleSignOn valve, share authentication between web applications + Documentation at: /docs/config/valve.html --> + <!-- + <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> + --> + + <!-- Access log processes all example. + Documentation at: /docs/config/valve.html + Note: The pattern used is equivalent to using pattern="common" --> + <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" + prefix="localhost_access_log" suffix=".txt" + pattern="%h %l %u %t "%r" %s %b" /> + + </Host> + </Engine> + </Service> +</Server>
\ No newline at end of file diff --git a/kubernetes/portal/charts/portal-app/templates/configmap.yaml b/kubernetes/portal/charts/portal-app/templates/configmap.yaml index 178e91c5fc..d4ef698f71 100644 --- a/kubernetes/portal/charts/portal-app/templates/configmap.yaml +++ b/kubernetes/portal/charts/portal-app/templates/configmap.yaml @@ -24,3 +24,5 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTAL/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/certs/*").AsConfig . | indent 2 }} diff --git a/kubernetes/portal/charts/portal-app/templates/deployment.yaml b/kubernetes/portal/charts/portal-app/templates/deployment.yaml index 2ab570aab2..3fc2741556 100644 --- a/kubernetes/portal/charts/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/charts/portal-app/templates/deployment.yaml @@ -55,10 +55,20 @@ spec: - "" - -n - "" + env: + - name: javax.net.ssl.keyStore + value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}} + - name: javax.net.ssl.keyStorePassword + value: {{ .Values.global.keypass }} + - name: javax.net.ssl.trustStore + value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}} + - name: javax.net.ssl.trustStorePassword + value: {{ .Values.global.keypass }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} - containerPort: {{ .Values.service.internalPort3 }} + - containerPort: {{ .Values.service.internalPort4 }} {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: @@ -93,8 +103,15 @@ spec: - name: properties-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/logback.xml" subPath: logback.xml - - name: portal-tomcat-logs - mountPath: "{{ .Values.global.env.tomcatDir }}/logs" + - name: properties-onapportal + mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml" + subPath: server.xml + - name: properties-onapportal + mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.keystoreFile}}" + subPath: {{ .Values.global.keystoreFile}} + - name: properties-onapportal + mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}" + subPath: {{ .Values.global.truststoreFile}} - name: var-log-onap mountPath: /var/log/onap resources: diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml index a71e0c4da3..0aba001fa4 100644 --- a/kubernetes/portal/charts/portal-app/values.yaml +++ b/kubernetes/portal/charts/portal-app/values.yaml @@ -63,6 +63,9 @@ service: externalPort3: 8010 internalPort3: 8009 nodePort3: 14 + externalPort4: 8443 + internalPort4: 8443 + nodePort4: 16 mariadb: service: diff --git a/kubernetes/portal/values.yaml b/kubernetes/portal/values.yaml index ac575b3c30..ecb7d5ecf6 100644 --- a/kubernetes/portal/values.yaml +++ b/kubernetes/portal/values.yaml @@ -20,11 +20,14 @@ global: portalPort: "8989" # application's front end hostname. Must be resolvable on the client side environment portalHostName: "portal.api.simpledemo.onap.org" + keystoreFile: "keystoreONAP.keystore" + truststoreFile: "keystoreONAPall.jks" + keypass: "changeit" config: logstashServiceName: log-ls logstashPort: 5044 - + portal-mariadb: nameOverride: portal-db diff --git a/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py index a3e25e7418..ad09e444d8 100644 --- a/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py @@ -57,8 +57,8 @@ GLOBAL_DMAAP_DR_NODE_SERVER_PROTOCOL = "http" GLOBAL_DMAAP_DR_NODE_SERVER_PORT = "8080" # DROOL server port and credentials GLOBAL_DROOLS_SERVER_PORT = "9696" -GLOBAL_DROOLS_USERNAME = "@1b3rt" -GLOBAL_DROOLS_PASSWORD = "31nst31n" +GLOBAL_DROOLS_USERNAME = "demo@people.osaaf.org" +GLOBAL_DROOLS_PASSWORD = "demo123456!" # log server config - NOTE: no log server is run in HEAT; only on OOM GLOBAL_LOG_SERVER_PROTOCOL = "http" GLOBAL_LOG_ELASTICSEARCH_PORT = "9200" @@ -113,8 +113,8 @@ GLOBAL_POLICY_SERVER_PORT = "8081" GLOBAL_POLICY_HEALTHCHECK_PORT = "6969" GLOBAL_POLICY_AUTH = "dGVzdHBkcDphbHBoYTEyMw==" GLOBAL_POLICY_CLIENTAUTH = "cHl0aG9uOnRlc3Q=" -GLOBAL_POLICY_USERNAME = "healthcheck" -GLOBAL_POLICY_PASSWORD = "zb!XztG34" +GLOBAL_POLICY_USERNAME = "demo@people.osaaf.org" +GLOBAL_POLICY_PASSWORD = "demo123456!" # portal info - everything is from the private oam network (also called onap private network) GLOBAL_PORTAL_SERVER_PROTOCOL = "http" GLOBAL_PORTAL_SERVER_PORT = "8989" |