aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/appc/values.yaml9
-rwxr-xr-xkubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml11
-rw-r--r--kubernetes/cds/charts/cds-ui/templates/deployment.yaml22
-rw-r--r--kubernetes/common/dgbuilder/values.yaml12
-rwxr-xr-xkubernetes/common/mariadb-galera/resources/config/configure-mysql.sh89
-rw-r--r--kubernetes/common/mariadb-galera/templates/configmap.yaml16
-rw-r--r--kubernetes/common/mariadb-galera/templates/statefulset.yaml7
-rw-r--r--kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf4
-rw-r--r--kubernetes/policy/charts/brmsgw/templates/deployment.yaml24
-rw-r--r--kubernetes/policy/charts/brmsgw/values.yaml2
-rw-r--r--kubernetes/policy/charts/drools/values.yaml2
-rw-r--r--kubernetes/policy/charts/pap/values.yaml2
-rw-r--r--kubernetes/policy/charts/pdp/values.yaml2
-rw-r--r--kubernetes/policy/charts/policy-api/values.yaml2
-rw-r--r--kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh15
-rw-r--r--kubernetes/policy/resources/config/pe/push-policies.sh485
-rw-r--r--kubernetes/policy/templates/deployment.yaml3
-rw-r--r--kubernetes/policy/values.yaml2
-rwxr-xr-xkubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties17
-rw-r--r--kubernetes/portal/charts/portal-app/templates/deployment.yaml2
-rw-r--r--kubernetes/portal/charts/portal-app/values.yaml2
-rw-r--r--kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql2
-rwxr-xr-xkubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties17
-rw-r--r--kubernetes/portal/charts/portal-sdk/templates/deployment.yaml2
-rw-r--r--kubernetes/portal/charts/portal-sdk/values.yaml2
m---------kubernetes/robot0
-rw-r--r--kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml13
-rw-r--r--kubernetes/sdc/charts/sdc-onboarding-be/values.yaml3
-rw-r--r--kubernetes/sdc/values.yaml2
-rw-r--r--kubernetes/sdnc/values.yaml9
-rwxr-xr-xkubernetes/so/charts/so-nssmf-adapter/Chart.yaml18
-rwxr-xr-xkubernetes/so/charts/so-nssmf-adapter/resources/config/overrides/override.yaml66
-rwxr-xr-xkubernetes/so/charts/so-nssmf-adapter/templates/configmap.yaml26
-rwxr-xr-xkubernetes/so/charts/so-nssmf-adapter/templates/deployment.yaml131
-rw-r--r--kubernetes/so/charts/so-nssmf-adapter/templates/secret.yaml15
-rwxr-xr-xkubernetes/so/charts/so-nssmf-adapter/templates/service.yaml15
-rwxr-xr-xkubernetes/so/charts/so-nssmf-adapter/values.yaml136
-rw-r--r--kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jksbin963 -> 2344 bytes
-rwxr-xr-xkubernetes/so/resources/config/log/logback.nssmf.xml132
-rwxr-xr-xkubernetes/so/values.yaml22
40 files changed, 775 insertions, 566 deletions
diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml
index f80bba6948..45a9b4cfa1 100644
--- a/kubernetes/appc/values.yaml
+++ b/kubernetes/appc/values.yaml
@@ -143,6 +143,15 @@ dgbuilder:
service:
name: appc-dgbuilder
+ ingress:
+ enabled: false
+ service:
+ - baseaddr: "appc-dgbuilder"
+ name: "appc-dgbuilder"
+ port: 3000
+ config:
+ ssl: "redirect"
+
#passing value to cdt chart. value of nodePort3 will be same as appc.service.nodePort3.
appc-cdt:
nodePort3: 11
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml
index ab7245e56a..ac0e9c5f80 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml
+++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml
@@ -85,6 +85,17 @@ spec:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - name: fix-permission
+ command:
+ - chown
+ - -R
+ - 100:101
+ - /opt/app/onap/blueprints/deploy
+ image: busybox:latest
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.deployedBlueprint }}
+ name: {{ include "common.fullname" . }}-blueprints
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
diff --git a/kubernetes/cds/charts/cds-ui/templates/deployment.yaml b/kubernetes/cds/charts/cds-ui/templates/deployment.yaml
index 79cffd16da..d7aad4d0c3 100644
--- a/kubernetes/cds/charts/cds-ui/templates/deployment.yaml
+++ b/kubernetes/cds/charts/cds-ui/templates/deployment.yaml
@@ -85,31 +85,9 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- # side car containers
- # - name: filebeat-onap
- # image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- # imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- # volumeMounts:
- # - mountPath: /usr/share/filebeat/filebeat.yml
- # name: filebeat-conf
- # subPath: filebeat.yml
- # - mountPath: /home/esr/works/logs
- # name: esr-server-logs
- # - mountPath: /usr/share/filebeat/data
- # name: esr-server-filebeat
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- # - name: filebeat-conf
- # configMap:
- # name: {{ include "common.fullname" . }}-esr-filebeat
- # - name: esr-server-logs
- # emptyDir: {}
- # - name: esr-server-filebeat
- # emptyDir: {}
- # - name: esrserver-log
- # configMap:
- # name: {{ include "common.fullname" . }}-esr-esrserver-log
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml
index 105facf2b9..6586573f9f 100644
--- a/kubernetes/common/dgbuilder/values.yaml
+++ b/kubernetes/common/dgbuilder/values.yaml
@@ -52,12 +52,12 @@ secrets:
- uid: 'db-root-password'
type: password
externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
- password: '{{ .Values.config.dbRootPassword }}'
+ password: '{{ .Values.config.db.rootPassword }}'
- uid: 'db-user-creds'
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
login: '{{ .Values.config.db.userName }}'
- password: '{{ .Values.config.dbSdnctlPassword }}'
+ password: '{{ .Values.config.db.userPassword }}'
- uid: 'http-user-creds'
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.httpCredsExternalSecret) . }}'
@@ -118,8 +118,6 @@ config:
restconfPassword: admin
# restconfCredsExternalSecret: some secret
- dbRootPassword: openECOMP1.0
- dbSdnctlPassword: gamma
dbPodName: mysql-db
dbServiceName: sdnc-dbhost
# MD5 hash of dguser password ( default: test123 )
@@ -154,6 +152,12 @@ service:
ingress:
enabled: false
+ service:
+ - baseaddr: "dgbuilder"
+ name: "dgbuilder"
+ port: 3000
+ config:
+ ssl: "redirect"
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
diff --git a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh
new file mode 100755
index 0000000000..42c5c89726
--- /dev/null
+++ b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh
@@ -0,0 +1,89 @@
+#!/bin/bash
+#
+# Adfinis SyGroup AG
+# openshift-mariadb-galera: mysql setup script
+#
+
+set -eox pipefail
+
+echo 'Running mysql_install_db ...'
+mysql_install_db --datadir=/var/lib/mysql
+echo 'Finished mysql_install_db'
+
+mysqld --skip-networking --socket=/var/lib/mysql/mysql-init.sock --wsrep_on=OFF &
+pid="$!"
+
+mysql=( mysql --protocol=socket -uroot -hlocalhost --socket=/var/lib/mysql/mysql-init.sock )
+
+for i in {30..0}; do
+ if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then
+ break
+ fi
+ echo 'MySQL init process in progress...'
+ sleep 1
+done
+if [ "$i" = 0 ]; then
+ echo >&2 'MySQL init process failed.'
+ exit 1
+fi
+
+if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
+ # sed is for https://bugs.mysql.com/bug.php?id=20545
+ mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
+fi
+
+function prepare_password {
+ echo -n $1 | sed -e "s/'/''/g"
+}
+
+mysql_root_password=`prepare_password $MYSQL_ROOT_PASSWORD`
+# add MariaDB root user
+"${mysql[@]}" <<-EOSQL
+-- What's done in this file shouldn't be replicated
+-- or products like mysql-fabric won't work
+SET @@SESSION.SQL_LOG_BIN=0;
+
+DELETE FROM mysql.user ;
+CREATE USER 'root'@'%' IDENTIFIED BY '${mysql_root_password}' ;
+GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ;
+DROP DATABASE IF EXISTS test ;
+FLUSH PRIVILEGES ;
+EOSQL
+
+# add root password for subsequent calls to mysql
+if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
+ mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
+fi
+
+# add users require for Galera
+# TODO: make them somehow configurable
+"${mysql[@]}" <<-EOSQL
+CREATE USER 'xtrabackup_sst'@'localhost' IDENTIFIED BY 'xtrabackup_sst' ;
+GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO 'xtrabackup_sst'@'localhost' ;
+CREATE USER 'readinessProbe'@'localhost' IDENTIFIED BY 'readinessProbe';
+EOSQL
+
+if [ "$MYSQL_DATABASE" ]; then
+ echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
+ mysql+=( "$MYSQL_DATABASE" )
+fi
+
+if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
+ mysql_password=`prepare_password $MYSQL_PASSWORD`
+ echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$mysql_password' ;" | "${mysql[@]}"
+
+ if [ "$MYSQL_DATABASE" ]; then
+ echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
+ fi
+
+ echo 'FLUSH PRIVILEGES ;' | "${mysql[@]}"
+fi
+
+if ! kill -s TERM "$pid" || ! wait "$pid"; then
+ echo >&2 'MySQL init process failed.'
+ exit 1
+fi
+
+echo
+echo 'MySQL init process done. Ready for start up.'
+echo
diff --git a/kubernetes/common/mariadb-galera/templates/configmap.yaml b/kubernetes/common/mariadb-galera/templates/configmap.yaml
index e7bb701930..a7064d7ce4 100644
--- a/kubernetes/common/mariadb-galera/templates/configmap.yaml
+++ b/kubernetes/common/mariadb-galera/templates/configmap.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -28,4 +29,17 @@ metadata:
data:
my_extra.cnf: |
{{ .Values.externalConfig | indent 4 }}
-{{- end -}}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
index 7157e3390b..855d50e5ea 100644
--- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml
+++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
@@ -47,6 +47,10 @@ spec:
configMap:
name: {{ include "common.fullname" . }}-external-config
{{- end}}
+ - name: init-script
+ configMap:
+ name: {{ include "common.fullname" . }}
+ defaultMode: 0755
- name: localtime
hostPath:
path: /etc/localtime
@@ -104,6 +108,9 @@ spec:
- mountPath: /etc/localtime
name: localtime
readOnly: true
+ - mountPath: /usr/share/container-scripts/mysql/configure-mysql.sh
+ subPath: configure-mysql.sh
+ name: init-script
{{- if .Values.persistence.enabled }}
- mountPath: /var/lib/mysql
name: {{ include "common.fullname" . }}-data
diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf
index 1598a8ff3f..90248b8836 100644
--- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf
+++ b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf
@@ -63,5 +63,5 @@ BRMS_UEB_API_KEY=
BRMS_UEB_API_SECRET=
#Dependency.json file version
-BRMS_DEPENDENCY_VERSION=1.6.0
-BRMS_MODELS_DEPENDENCY_VERSION=2.2.2
+BRMS_DEPENDENCY_VERSION=1.6.3
+BRMS_MODELS_DEPENDENCY_VERSION=2.2.5
diff --git a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml
index 95446b24bb..8d9863784f 100644
--- a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml
+++ b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml
@@ -36,7 +36,7 @@ spec:
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
env:
- name: JDBC_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
@@ -55,10 +55,14 @@ spec:
- name: REPOSITORY_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
volumeMounts:
- - mountPath: /config-input
+ - mountPath: /config-input/pe
+ name: pe-input
+ - mountPath: /config-input/pe-brmsgw
+ name: pe-brmsgw-input
+ - mountPath: /config/pe
name: pe
- - mountPath: /config
- name: pe-processed
+ - mountPath: /config/pe-brmsgw
+ name: pe-brmsgw
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
@@ -101,7 +105,6 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
- name: REPOSITORY_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
- volumeMounts:
ports:
- containerPort: {{ .Values.service.externalPort }}
{{- if eq .Values.liveness.enabled true }}
@@ -127,7 +130,7 @@ spec:
name: pe-brmsgw
subPath: brmsgw.conf
- mountPath: /tmp/policy-install/config/base.conf
- name: pe-processed
+ name: pe
subPath: base.conf
- mountPath: /tmp/policy-install/do-start.sh
name: pe-scripts
@@ -146,7 +149,7 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
- - name: pe
+ - name: pe-input
configMap:
name: {{ include "common.release" . }}-pe-configmap
defaultMode: 0755
@@ -154,11 +157,14 @@ spec:
configMap:
name: {{ include "common.release" . }}-pe-scripts-configmap
defaultMode: 0777
- - name: pe-brmsgw
+ - name: pe-brmsgw-input
configMap:
name: {{ include "common.fullname" . }}-pe-configmap
defaultMode: 0755
- - name: pe-processed
+ - name: pe
+ emptyDir:
+ medium: Memory
+ - name: pe-brmsgw
emptyDir:
medium: Memory
imagePullSecrets:
diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml
index ee47b4a4c3..b906e46468 100644
--- a/kubernetes/policy/charts/brmsgw/values.yaml
+++ b/kubernetes/policy/charts/brmsgw/values.yaml
@@ -56,7 +56,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.2
+image: onap/policy-pe:1.6.3
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml
index 05f7c1b0a8..0126c6e06b 100644
--- a/kubernetes/policy/charts/drools/values.yaml
+++ b/kubernetes/policy/charts/drools/values.yaml
@@ -40,7 +40,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pdpd-cl:1.6.1
+image: onap/policy-pdpd-cl:1.6.3
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/charts/pap/values.yaml
index ca0c84f3c9..630b2055fa 100644
--- a/kubernetes/policy/charts/pap/values.yaml
+++ b/kubernetes/policy/charts/pap/values.yaml
@@ -58,7 +58,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pap:2.2.1
+image: onap/policy-pap:2.2.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml
index 0b2f92bc80..fa6c141c1c 100644
--- a/kubernetes/policy/charts/pdp/values.yaml
+++ b/kubernetes/policy/charts/pdp/values.yaml
@@ -51,7 +51,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.2
+image: onap/policy-pe:1.6.3
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml
index 48eb689778..906e86ad38 100644
--- a/kubernetes/policy/charts/policy-api/values.yaml
+++ b/kubernetes/policy/charts/policy-api/values.yaml
@@ -46,7 +46,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-api:2.2.2
+image: onap/policy-api:2.2.3
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh
index 0e473105a2..ee427af678 100644
--- a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh
+++ b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh
@@ -1,4 +1,7 @@
+#!/bin/bash
+
# Copyright © 2017 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,7 +15,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-#!/bin/bash
# Script to configure and start the Policy components that are to run in the designated container,
# It is intended to be used as the entrypoint in the Dockerfile, so the last statement of the
@@ -65,7 +67,7 @@ else
fi
if [[ -f config/policy-truststore ]]; then
- cp -f config/policy-truststore $[POLICY_HOME]/etc/ssl
+ cp -f config/policy-truststore $POLICY_HOME/etc/ssl
fi
if [[ -f config/$container-tweaks.sh ]] ; then
@@ -95,13 +97,4 @@ else
fi
policy.sh start
-
-# on pap, wait for pap, pdp, brmsgw, nexus and drools up,
-# then push the initial default policies
-if [[ $container == pap ]]; then
- # wait addional 1 minute for all processes to get fully initialized and synched up
- sleep 60
- bash -xv config/push-policies.sh
-fi
-
sleep 1000d
diff --git a/kubernetes/policy/resources/config/pe/push-policies.sh b/kubernetes/policy/resources/config/pe/push-policies.sh
deleted file mode 100644
index ec8c914c17..0000000000
--- a/kubernetes/policy/resources/config/pe/push-policies.sh
+++ /dev/null
@@ -1,485 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2018-2019 AT&T. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#! /bin/bash
-
-# forked from https://gerrit.onap.org/r/gitweb?p=policy/docker.git;a=blob;f=config/pe/push-policies.sh;h=555ab357e6b4f54237bf07ef5e6777d782564bc0;hb=refs/heads/amsterdam and adapted for OOM
-
-#########################################Upload BRMS Param Template##########################################
-
-echo "Upload BRMS Param Template"
-
-sleep 2
-
-wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl
-
-sleep 2
-
-curl -k -v --silent -X POST --header 'Content-Type: multipart/form-data' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -F "file=@cl-amsterdam-template.drl" -F "importParametersJson={\"serviceName\":\"ClosedLoopControlName\",\"serviceType\":\"BRMSPARAM\"}" 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/policyEngineImport'
-
-echo "PRELOAD_POLICIES is $PRELOAD_POLICIES"
-
-if [ "$PRELOAD_POLICIES" == "false" ]; then
- exit 0
-fi
-
-#########################################Create BRMS Param policies##########################################
-
-echo "Create BRMSParam Operational Policies"
-
-sleep 2
-
-echo "Create BRMSParamvFirewall Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyConfigType": "BRMS_PARAM",
- "policyName": "com.BRMSParamvFirewall",
- "policyDescription": "BRMS Param vFirewall policy",
- "policyScope": "com",
- "attributes": {
- "MATCHING": {
- "controller" : "amsterdam"
- },
- "RULE": {
- "templateName": "ClosedLoopControlName",
- "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a",
- "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+Eace933104d443b496b8.nodes.heat.vpg%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create BRMSParamvDNS Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyConfigType": "BRMS_PARAM",
- "policyName": "com.BRMSParamvDNS",
- "policyDescription": "BRMS Param vDNS policy",
- "policyScope": "com",
- "attributes": {
- "MATCHING": {
- "controller" : "amsterdam"
- },
- "RULE": {
- "templateName": "ClosedLoopControlName",
- "closedLoopControlName": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3",
- "controlLoopYaml": "controlLoop%3A%0A++version%3A+2.0.0%0A++controlLoopName%3A+ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3%0A++trigger_policy%3A+unique-policy-id-1-scale-up%0A++timeout%3A+1200%0A++abatement%3A+false%0Apolicies%3A%0A++-+id%3A+unique-policy-id-1-scale-up%0A++++name%3A+Create+a+new+VF+Module%0A++++description%3A%0A++++actor%3A+SO%0A++++recipe%3A+VF+Module+Create%0A++++target%3A%0A++++++type%3A+VNF%0A++++payload%3A%0A++++++requestParameters%3A+%27%7B%22usePreload%22%3Atrue%2C%22userParams%22%3A%5B%5D%7D%27%0A++++++configurationParameters%3A+%27%5B%7B%22ip-addr%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B9%5D%22%2C%22oam-ip-addr%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B16%5D%22%2C%22enabled%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B23%5D%22%7D%5D%27%0A++++retry%3A+0%0A++++timeout%3A+1200%0A++++success%3A+final_success%0A++++failure%3A+final_failure%0A++++failure_timeout%3A+final_failure_timeout%0A++++failure_retries%3A+final_failure_retries%0A++++failure_exception%3A+final_failure_exception%0A++++failure_guard%3A+final_failure_guard"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create BRMSParamVOLTE Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyConfigType": "BRMS_PARAM",
- "policyName": "com.BRMSParamVOLTE",
- "policyDescription": "BRMS Param VOLTE policy",
- "policyScope": "com",
- "attributes": {
- "MATCHING": {
- "controller" : "amsterdam"
- },
- "RULE": {
- "templateName": "ClosedLoopControlName",
- "closedLoopControlName": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b",
- "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b%0D%0A++trigger_policy%3A+unique-policy-id-1-restart%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-restart%0D%0A++++name%3A+Restart+the+VM%0D%0A++++description%3A%0D%0A++++actor%3A+VFC%0D%0A++++recipe%3A+Restart%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create BRMSParamvCPE Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyConfigType": "BRMS_PARAM",
- "policyName": "com.BRMSParamvCPE",
- "policyDescription": "BRMS Param vCPE policy",
- "policyScope": "com",
- "attributes": {
- "MATCHING": {
- "controller" : "amsterdam"
- },
- "RULE": {
- "templateName": "ClosedLoopControlName",
- "closedLoopControlName": "ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e",
- "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e%0D%0A++trigger_policy%3A+unique-policy-id-1-restart%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+true%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-restart%0D%0A++++name%3A+Restart+the+VM%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+Restart%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create BRMSParamvPCI Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyConfigType": "BRMS_PARAM",
- "policyName": "com.BRMSParamvPCI",
- "policyDescription": "BRMS Param vPCI policy",
- "policyScope": "com",
- "attributes": {
- "MATCHING": {
- "controller" : "casablanca"
- },
- "RULE": {
- "templateName": "ClosedLoopControlName",
- "closedLoopControlName": "ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459",
- "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+3.0.0%0D%0A++controlLoopName%3A+ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459%0D%0A++trigger_policy%3A+unique-policy-id-123-modifyconfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-123-modifyconfig%0D%0A++++name%3A+modify+PCI+config%0D%0A++++description%3A%0D%0A++++actor%3A+SDNR%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+These+fields+are+not+used%0D%0A++++++resourceID%3A+Eace933104d443b496b8.nodes.heat.vpg%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create BRMSParamCCVPN Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyConfigType": "BRMS_PARAM",
- "policyName": "com.BRMSParamCCVPN",
- "policyDescription": "BRMS Param CCVPN policy",
- "policyScope": "com",
- "attributes": {
- "MATCHING": {
- "controller" : "amsterdam"
- },
- "RULE": {
- "templateName": "ClosedLoopControlName",
- "closedLoopControlName": "ControlLoop-CCVPN-2179b738-fd36-4843-a71a-a8c24c70c66b",
- "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-CCVPN-2179b738-fd36-4843-a71a-a8c24c70c66b%0D%0A++trigger_policy%3A+unique-policy-id-16-Reroute%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-16-Reroute%0D%0A++++name%3A+Connectivity Reroute%0D%0A++++description%3A%0D%0A++++actor%3A+SDNC%0D%0A++++recipe%3A+Reroute%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-#########################################Create Micro Service Config policies##########################################
-
-echo "Create MicroService Config Policies"
-
-sleep 2
-
-echo "Create MicroServicevFirewall Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevFirewall\", \"description\": \"MicroService vFirewall Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vFirewallBroadcastPackets\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 300, \"direction\": \"LESS_OR_EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ONSET\" }, { \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 700, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" } ] }] } } }",
- "policyConfigType": "MicroService",
- "policyName": "com.MicroServicevFirewall",
- "onapName": "DCAE"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-
-sleep 2
-
-echo "Create MicroServicevDNS Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevDNS\", \"description\": \"MicroService vDNS Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vLoadBalancer\", \"controlLoopSchemaType\": \"VM\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 300, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" }] }] } } }",
- "policyConfigType": "MicroService",
- "policyName": "com.MicroServicevDNS",
- "onapName": "DCAE"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-
-sleep 2
-
-echo "Create MicroServicevCPE Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevCPE\", \"description\": \"MicroService vCPE Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"Measurement_vGMUX\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value\", \"thresholdValue\": 0, \"direction\": \"EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ABATED\" }, { \"closedLoopControlName\": \"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value\", \"thresholdValue\": 0, \"direction\": \"GREATER\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" }] }] } } }",
- "policyConfigType": "MicroService",
- "policyName": "com.MicroServicevCPE",
- "onapName": "DCAE"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-#########################################Create SDNC Naming Policies##########################################
-
-echo "Create Generic SDNC Naming Policy for VNF"
-
-sleep 2
-
-echo "Create SDNC vFW Naming Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "configBody": "{ \"service\": \"SDNC-GenerateName\", \"version\": \"CSIT\", \"content\": { \"policy-instance-name\": \"ONAP_VNF_NAMING_TIMESTAMP\", \"naming-models\": [ { \"naming-properties\": [ { \"property-name\": \"AIC_CLOUD_REGION\" }, { \"property-name\": \"CONSTANT\", \"property-value\": \"ONAP-NF\" }, { \"property-name\": \"TIMESTAMP\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" } ], \"naming-type\": \"VNF\", \"naming-recipe\": \"AIC_CLOUD_REGION|DELIMITER|CONSTANT|DELIMITER|TIMESTAMP\" }, { \"naming-properties\": [ { \"property-name\": \"VNF_NAME\" }, { \"property-name\": \"SEQUENCE\", \"increment-sequence\": { \"max\": \"zzz\", \"scope\": \"ENTIRETY\", \"start-value\": \"001\", \"length\": \"3\", \"increment\": \"1\", \"sequence-type\": \"alpha-numeric\" } }, { \"property-name\": \"NFC_NAMING_CODE\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" } ], \"naming-type\": \"VNFC\", \"naming-recipe\": \"VNF_NAME|DELIMITER|NFC_NAMING_CODE|DELIMITER|SEQUENCE\" }, { \"naming-properties\": [ { \"property-name\": \"VNF_NAME\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" }, { \"property-name\": \"VF_MODULE_LABEL\" }, { \"property-name\": \"VF_MODULE_TYPE\" }, { \"property-name\": \"SEQUENCE\", \"increment-sequence\": { \"max\": \"zzz\", \"scope\": \"PRECEEDING\", \"start-value\": \"01\", \"length\": \"3\", \"increment\": \"1\", \"sequence-type\": \"alpha-numeric\" } } ], \"naming-type\": \"VF-MODULE\", \"naming-recipe\": \"VNF_NAME|DELIMITER|VF_MODULE_LABEL|DELIMITER|VF_MODULE_TYPE|DELIMITER|SEQUENCE\" } ] } }",
- "policyName": "SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP",
- "policyConfigType": "MicroService",
- "onapName": "SDNC",
- "riskLevel": "4",
- "riskType": "test",
- "guard": "false",
- "priority": "4",
- "description": "ONAP_VNF_NAMING_TIMESTAMP"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-#########################################Creating OOF PCI Policies##########################################
-sleep 2
-
-echo "Create MicroServicevPCI Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation_pci\", \"uuid\": \"test_pci\", \"policyName\": \"MicroServicevPCI\", \"description\": \"MicroService vPCI Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vFirewallBroadcastPackets\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.executePolicy\", \"thresholdValue\": 1, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ONSET\" } ] }] } } }",
- "policyConfigType": "MicroService",
- "policyName": "com.MicroServicevPCI",
- "onapName": "DCAE"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create PCI MS Config Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyName": "com.PCIMS_CONFIG_POLICY",
- "configBody": "{ \"PCI_NEIGHBOR_CHANGE_CLUSTER_TIMEOUT_IN_SECS\":60, \"PCI_MODCONFIG_POLICY_NAME\":\"ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"PCI_OPTMIZATION_ALGO_CATEGORY_IN_OOF\":\"OOF-PCI-OPTIMIZATION\", \"PCI_SDNR_TARGET_NAME\":\"SDNR\" }",
- "policyType": "Config",
- "attributes" : { "matching" : { "key1" : "value1" } },
- "policyConfigType": "Base",
- "onapName": "DCAE",
- "configName": "PCIMS_CONFIG_POLICY",
- "configBodyType": "JSON"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create OOF Config Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyName": "com.OOF_PCI_CONFIG_POLICY",
- "configBody": "{ \"ALGO_CATEGORY\":\"OOF-PCI-OPTIMIZATION\", \"PCI_OPTMIZATION_ALGO_NAME\":\"OOF-PCI-OPTIMIZATION-LEVEL1\", \"PCI_OPTIMIZATION_NW_CONSTRAINT\":\"MAX5PCICHANGESONLY\", \"PCI_OPTIMIZATION_PRIORITY\": 2, \"PCI_OPTIMIZATION_TIME_CONSTRAINT\":\"ONLYATNIGHT\" }",
- "attributes" : { "matching" : { "key1" : "value1" } },
- "policyType": "Config",
- "policyConfigType": "Base",
- "onapName": "DCAE",
- "configName": "OOF_PCI_CONFIG_POLICY",
- "configBodyType": "JSON"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-#########################################Creating Decision Guard policies#########################################
-
-sleep 2
-
-echo "Creating Decision Guard policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyClass": "Decision",
- "policyName": "com.AllPermitGuard",
- "policyDescription": "Testing all Permit YAML Guard Policy",
- "onapName": "PDPD",
- "ruleProvider": "GUARD_YAML",
- "attributes": {
- "MATCHING": {
- "actor": ".*",
- "recipe": ".*",
- "targets": ".*",
- "clname": ".*",
- "limit": "10",
- "timeWindow": "1",
- "timeUnits": "minute",
- "guardActiveStart": "00:00:01-05:00",
- "guardActiveEnd": "23:59:59-05:00"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Creating Decision vDNS Guard - Frequency Limiter policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyClass": "Decision",
- "policyName": "com.vDNS_Frequency",
- "policyDescription": "Limit vDNS Scale Up over time period",
- "onapName": "PDPD",
- "ruleProvider": "GUARD_YAML",
- "attributes": {
- "MATCHING": {
- "actor": "SO",
- "recipe": "scaleOut",
- "targets": ".*",
- "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3",
- "limit": "1",
- "timeWindow": "10",
- "timeUnits": "minute",
- "guardActiveStart": "00:00:01-05:00",
- "guardActiveEnd": "23:59:59-05:00"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Creating Decision vDNS Guard - Min/Max policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyClass": "Decision",
- "policyName": "com.vDNS_MinMax",
- "policyDescription": "Ensure number of instances within a range",
- "onapName": "SampleDemo",
- "ruleProvider": "GUARD_MIN_MAX",
- "attributes": {
- "MATCHING": {
- "actor": "SO",
- "recipe": "scaleOut",
- "targets": ".*",
- "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3",
- "min": "1",
- "max": "5",
- "guardActiveStart": "00:00:01-05:00",
- "guardActiveEnd": "23:59:59-05:00"
- }
- }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-#########################################Push Decision policy#########################################
-
-sleep 2
-
-echo "Push Decision policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.AllPermitGuard",
- "policyType": "DECISION"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "Push Decision policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.vDNS_Frequency",
- "policyType": "DECISION"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "Push Decision policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.vDNS_MinMax",
- "policyType": "DECISION"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-#########################################Pushing BRMS Param policies##########################################
-
-echo "Pushing BRMSParam Operational policies"
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamvFirewall"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.BRMSParamvFirewall",
- "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamvDNS"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.BRMSParamvDNS",
- "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamVOLTE"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.BRMSParamVOLTE",
- "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamvCPE"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.BRMSParamvCPE",
- "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamvPCI"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.BRMSParamvPCI",
- "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamCCVPN"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.BRMSParamCCVPN",
- "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-#########################################Pushing MicroService Config policies##########################################
-
-echo "Pushing MicroService Config policies"
-
-sleep 2
-
-echo "pushPolicy : PUT : com.MicroServicevFirewall"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.MicroServicevFirewall",
- "policyType": "MicroService"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 10
-
-echo "pushPolicy : PUT : com.MicroServicevDNS"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.MicroServicevDNS",
- "policyType": "MicroService"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 10
-
-echo "pushPolicy : PUT : com.MicroServicevCPE"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.MicroServicevCPE",
- "policyType": "MicroService"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-#########################################Pushing SDNC Naming Policies##########################################
-echo "Pushing SDNC Naming Policies"
-
-sleep 2
-
-echo "pushPolicy : PUT : SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP",
- "policyType": "MicroService"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-#########################################Pushing OOF PCI Policies##########################################
-sleep 10
-
-echo "pushPolicy : PUT : com.MicroServicevPCI"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.MicroServicevPCI",
- "policyType": "MicroService"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 10
-
-echo "pushPolicy : PUT : com.PCIMS_CONFIG_POLICY"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.PCIMS_CONFIG_POLICY",
- "policyType": "Base"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 10
-
-echo "pushPolicy : PUT : com.OOF_PCI_CONFIG_POLICY"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.OOF_PCI_CONFIG_POLICY",
- "policyType": "Base"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
diff --git a/kubernetes/policy/templates/deployment.yaml b/kubernetes/policy/templates/deployment.yaml
index 7f96888ec8..fec565fb59 100644
--- a/kubernetes/policy/templates/deployment.yaml
+++ b/kubernetes/policy/templates/deployment.yaml
@@ -96,9 +96,6 @@ spec:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /tmp/policy-install/config/push-policies.sh
- name: pe-pap
- subPath: push-policies.sh
- mountPath: /tmp/policy-install/config/pap-tweaks.sh
name: pe-pap
subPath: pap-tweaks.sh
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index d4371d5d10..f283d9042f 100644
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -67,7 +67,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.2
+image: onap/policy-pe:1.6.3
mariadb_image: library/mariadb:10
pullPolicy: Always
diff --git a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
index 63348f02d6..aeef85e54c 100755
--- a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
+++ b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
@@ -115,13 +115,12 @@ external_system_notification_url= https://jira.onap.org/browse/
#cookie domain
cookie_domain = onap.org
-{{- if .Values.global.aafEnabled }}
-# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
-ext_central_access_user_name = aaf_admin@people.osaaf.org
-ext_central_access_password = thiswillbereplacedatruntime
-ext_central_access_url = {{ .Values.aafURL }}/authz/
-ext_central_access_user_domain = @people.osaaf.org
-
# External Central Auth system access
-remote_centralized_system_access = true
-{{- end }}
+remote_centralized_system_access = {{.Values.global.aafEnabled}}
+
+# External Access System Basic Auth Credentials & Rest endpoint
+# The credentials are placeholders as these are replaced by AAF X509 identity at runtime
+ext_central_access_user_name = portal@portal.onap.org
+ext_central_access_password = thisfakepasswordwillbereplacedbythex509cert
+ext_central_access_url = {{.Values.aafURL}}
+ext_central_access_user_domain = @people.osaaf.org \ No newline at end of file
diff --git a/kubernetes/portal/charts/portal-app/templates/deployment.yaml b/kubernetes/portal/charts/portal-app/templates/deployment.yaml
index 14bbd3c7f6..af00b5ff89 100644
--- a/kubernetes/portal/charts/portal-app/templates/deployment.yaml
+++ b/kubernetes/portal/charts/portal-app/templates/deployment.yaml
@@ -60,7 +60,7 @@ spec:
-Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
/start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"]
env:
- - name: _CATALINA_OPTS
+ - name: CATALINA_OPTS
value: >
-Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
-Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml
index beca45e6d7..8d18fd0dbd 100644
--- a/kubernetes/portal/charts/portal-app/values.yaml
+++ b/kubernetes/portal/charts/portal-app/values.yaml
@@ -37,7 +37,7 @@ pullPolicy: Always
#AAF local config
-aafURL: https://aaf-service:8100/
+aafURL: https://aaf-service:8100/authz/
aafConfig:
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
index 7baf85f6c1..13b319c76a 100644
--- a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
+++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
@@ -23,7 +23,7 @@ while the OOM K8s version has these service split up.
*/
-- app_url is the FE, app_rest_endpoint is the BE
--portal-sdk => TODO: doesn't open a node port yet
-update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
+update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
--dmaap-bc => the dmaap-bc doesn't open a node port..
update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
--sdc-be => 8443:30204
diff --git a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
index 063ba3d122..45ea9b70ca 100755
--- a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
+++ b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
@@ -82,13 +82,12 @@ authenticate_user_server=http://{{.Values.global.portalHostName}}:8383/openid-co
#cookie domain
cookie_domain = onap.org
-{{- if .Values.global.aafEnabled }}
-# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
-ext_central_access_user_name = aaf_admin@people.osaaf.org
-ext_central_access_password = thiswillbereplacedatruntime
-ext_central_access_url = {{ .Values.aafURL }}/authz/
-ext_central_access_user_domain = @people.osaaf.org
-
# External Central Auth system access
-remote_centralized_system_access = true
-{{- end }} \ No newline at end of file
+remote_centralized_system_access = {{.Values.global.aafEnabled}}
+
+# External Access System Basic Auth Credentials & Rest endpoint
+# The credentials are placeholders as these are replaced by AAF X509 identity at runtime
+ext_central_access_user_name = portal@portal.onap.org
+ext_central_access_password = thisfakepasswordwillbereplacedbythex509cert
+ext_central_access_url = {{.Values.aafURL}}
+ext_central_access_user_domain = @people.osaaf.org \ No newline at end of file
diff --git a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml
index 2de9a1bd24..b78ef34fa1 100644
--- a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml
+++ b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml
@@ -60,7 +60,7 @@ spec:
-Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
env:
- - name: _CATALINA_OPTS
+ - name: CATALINA_OPTS
value: >
-Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
-Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
diff --git a/kubernetes/portal/charts/portal-sdk/values.yaml b/kubernetes/portal/charts/portal-sdk/values.yaml
index 7318d3f5aa..02104414d6 100644
--- a/kubernetes/portal/charts/portal-sdk/values.yaml
+++ b/kubernetes/portal/charts/portal-sdk/values.yaml
@@ -37,7 +37,7 @@ image: onap/portal-sdk:3.2.0
pullPolicy: Always
#AAF local config
-aafURL: https://aaf-service:8100/
+aafURL: https://aaf-service:8100/authz/
aafConfig:
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
diff --git a/kubernetes/robot b/kubernetes/robot
-Subproject b73d77ca2e9df3d7300ca85b5593d89a9271d13
+Subproject c81062626b69160145baac5e6a5d670cb67211f
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
index 3db3685b86..108c781f54 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
@@ -70,6 +70,19 @@ spec:
mountPath: /config-input/
- name: sdc-environments-output
mountPath: /config-output/
+ - name: volume-permissions
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert
+ securityContext:
+ runAsUser: 0
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-cert-storage
+ mountPath: "/onboard/cert"
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
index 946cb3491f..4cfebbf72f 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
@@ -103,6 +103,9 @@ cert:
volumeReclaimPolicy: Retain
mountSubPath: /sdc/onbaording/cert
+securityContext:
+ fsGroup: 35953
+ runAsUser: 352070
ingress:
enabled: false
diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml
index 5701a91f27..2694b5de80 100644
--- a/kubernetes/sdc/values.yaml
+++ b/kubernetes/sdc/values.yaml
@@ -28,6 +28,8 @@ global:
wf_external_user_password: S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==
ubuntuInitRepository: oomk8s
ubuntuInitImage: ubuntu-init:1.0.0
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:latest
cassandra:
#This flag allows SDC to instantiate its own cluster, serviceName
#should be sdc-cs if this flag is enabled
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 96100d5079..f0d70e2c33 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -289,6 +289,15 @@ dgbuilder:
name: sdnc-dgbuilder
nodePort: "03"
+ ingress:
+ enabled: false
+ service:
+ - baseaddr: "sdnc-dgbuilder"
+ name: "sdnc-dgbuilder"
+ port: 3000
+ config:
+ ssl: "redirect"
+
# local elasticsearch cluster
localElasticCluster: true
elasticsearch:
diff --git a/kubernetes/so/charts/so-nssmf-adapter/Chart.yaml b/kubernetes/so/charts/so-nssmf-adapter/Chart.yaml
new file mode 100755
index 0000000000..b3311d1c8c
--- /dev/null
+++ b/kubernetes/so/charts/so-nssmf-adapter/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: so-nssmf-adapter
+version: 6.0.0 \ No newline at end of file
diff --git a/kubernetes/so/charts/so-nssmf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-nssmf-adapter/resources/config/overrides/override.yaml
new file mode 100755
index 0000000000..10741b75e7
--- /dev/null
+++ b/kubernetes/so/charts/so-nssmf-adapter/resources/config/overrides/override.yaml
@@ -0,0 +1,66 @@
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+aai:
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+logging:
+ path: logs
+spring:
+ datasource:
+ jdbc-url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ jpa:
+ show-sql: false
+ hibernate:
+ dialect: org.hibernate.dialect.MySQL5Dialect
+ ddl-auto: validate
+ naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy
+ enable-lazy-load-no-trans: true
+ security:
+ usercredentials:
+ - username: ${BPEL_USERNAME}
+ password: ${BPEL_PASSWORD}
+ role: BPEL-Client
+ - username: ${ACTUATOR_USERNAME}
+ password: ${ACTUATOR_PASSWORD}
+ role: ACTUATOR
+server:
+ port: {{ index .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+
+mso:
+ site-name: localSite
+ logPath: ./logs/nssmf
+ msb-ip: msb-iag.{{ include "common.namespace" . }}
+ msb-port: 80
+ adapters:
+ requestDb:
+ endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+#Actuator
+management:
+ endpoints:
+ web:
+ base-path: /manage
+ exposure:
+ include: "*"
+ metrics:
+ se-global-registry: false
+ export:
+ prometheus:
+ enabled: true # Whether exporting of metrics to Prometheus is enabled.
+ step: 1m # Step size (i.e. reporting frequency) to use.
diff --git a/kubernetes/so/charts/so-nssmf-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-nssmf-adapter/templates/configmap.yaml
new file mode 100755
index 0000000000..85d00fddf3
--- /dev/null
+++ b/kubernetes/so/charts/so-nssmf-adapter/templates/configmap.yaml
@@ -0,0 +1,26 @@
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/so/charts/so-nssmf-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-nssmf-adapter/templates/deployment.yaml
new file mode 100755
index 0000000000..8d1eaf8ea4
--- /dev/null
+++ b/kubernetes/so/charts/so-nssmf-adapter/templates/deployment.yaml
@@ -0,0 +1,131 @@
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /root/job_complete.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-so-mariadb-config-job
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; ./start-app.sh
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
+ env:
+ - name: DB_HOST
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.host
+ - name: DB_PORT
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.port
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }}
+ - name: TRUSTSTORE
+ value: {{ .Values.global.client.certs.truststore }}
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: BPEL_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-bpel-creds" "key" "login") | indent 14 }}
+ - name: BPEL_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-bpel-creds" "key" "password") | indent 14 }}
+ - name: ACTUATOR_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }}
+ - name: ACTUATOR_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }}
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: KEYSTORE
+ value: {{ .Values.global.client.certs.keystore }}
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-env
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-truststore
+ mountPath: /app/client
+ readOnly: true
+ livenessProbe:
+ httpGet:
+ path: {{ index .Values.livenessProbe.path}}
+ port: {{ index .Values.containerPort }}
+ scheme: {{ index .Values.livenessProbe.scheme}}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-truststore
+ secret:
+ secretName: {{ include "common.release" . }}-so-truststore-secret
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/so/charts/so-nssmf-adapter/templates/secret.yaml b/kubernetes/so/charts/so-nssmf-adapter/templates/secret.yaml
new file mode 100644
index 0000000000..a39363ffdd
--- /dev/null
+++ b/kubernetes/so/charts/so-nssmf-adapter/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-nssmf-adapter/templates/service.yaml b/kubernetes/so/charts/so-nssmf-adapter/templates/service.yaml
new file mode 100755
index 0000000000..cf08482ad2
--- /dev/null
+++ b/kubernetes/so/charts/so-nssmf-adapter/templates/service.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
diff --git a/kubernetes/so/charts/so-nssmf-adapter/values.yaml b/kubernetes/so/charts/so-nssmf-adapter/values.yaml
new file mode 100755
index 0000000000..44536a8a33
--- /dev/null
+++ b/kubernetes/so/charts/so-nssmf-adapter/values.yaml
@@ -0,0 +1,136 @@
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ persistence:
+ mountPath: /dockerdata-nfs
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+ - uid: server-bpel-creds
+ name: '{{ include "common.release" . }}-so-server-bpel-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.bpelCredsExternalSecret) . }}'
+ login: '{{ .Values.server.bpel.username }}'
+ password: '{{ .Values.server.bpel.password }}'
+ passwordPolicy: required
+ - uid: server-actuator-creds
+ name: '{{ include "common.release" . }}-so-server-actuator-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
+ login: '{{ .Values.server.actuator.username }}'
+ password: '{{ .Values.server.actuator.password }}'
+ passwordPolicy: required
+
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+repository: nexus3.onap.org:10001
+image: onap/so/nssmf-adapter:1.6.0
+pullPolicy: Always
+
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+server:
+ actuator:
+ username: mso_admin
+ password: password1$
+ bpel:
+ username: bpel
+ password: password1$
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: 8088
+logPath: ./logs/nssmf/
+app: nssmf-adapter
+service:
+ type: ClusterIP
+ ports:
+ - name: api
+ port: 8088
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ port: 8088
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+nodeSelector: {}
+tolerations: []
+affinity: {}
diff --git a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks
index 96931ce168..9ebe9a8041 100644
--- a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks
+++ b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks
Binary files differ
diff --git a/kubernetes/so/resources/config/log/logback.nssmf.xml b/kubernetes/so/resources/config/log/logback.nssmf.xml
new file mode 100755
index 0000000000..b3117ee7a0
--- /dev/null
+++ b/kubernetes/so/resources/config/log/logback.nssmf.xml
@@ -0,0 +1,132 @@
+<configuration scan="false" debug="true">
+ <!--<jmxConfigurator /> -->
+ <!-- directory path for all other type logs -->
+ <property name="logDir" value="/var/log/onap" />
+ <!-- directory path for debugging type logs -->
+ <property name="debugDir" value="/var/log/onap" />
+ <!-- specify the component name
+ <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
+ <property name="componentName" value="MSO"></property>
+ <property name="subComponentName" value="nssmfadapter"></property>
+ <!-- log file names -->
+ <property name="errorLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+
+ <property name="errorPattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n" />
+ <property name="debugPattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}|%X{RequestId}|%msg%n" />
+
+ <property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" />
+ <property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" />
+ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
+ <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+
+ <!-- The EELFAppender is used to record events to the general application
+ log -->
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+ <appender name="EELFAudit"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}${jboss.server.name}.log.%d</fileNamePattern>
+ <!--<maxHistory>30</maxHistory>-->
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+
+ <appender name="EELFMetrics"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${metricsLogName}${jboss.server.name}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}${jboss.server.name}.log.%d</fileNamePattern>
+ <!--<maxHistory>30</maxHistory>-->
+ </rollingPolicy>
+ <encoder>
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
+ %msg%n"</pattern> -->
+ <pattern>${metricPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFMetrics"/>
+ </appender>
+
+ <appender name="EELFError"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${errorLogName}${jboss.server.name}.log.%d</fileNamePattern>
+ <!--<maxHistory>30</maxHistory>-->
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFError"/>
+ </appender>
+
+ <appender name="EELFDebug"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log.%d</fileNamePattern>
+ <!--<maxHistory>30</maxHistory>-->
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>true</includeCallerData>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+
+ <logger name="com.att.eelf.audit" level="info" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+
+ <logger name="com.att.eelf.metrics" level="info" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+
+ <logger name="com.att.eelf.error" level="debug" additivity="false">
+ <appender-ref ref="asyncEELFError" />
+ </logger>
+ <root level="INFO">
+ <appender-ref ref="asyncEELFDebug" />
+ </root>
+
+</configuration>
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index 61f8a0a011..feb0017979 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -407,6 +407,28 @@ so-vfc-adapter:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
+so-nssmf-adapter:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
+ aaf:
+ auth:
+ username: so@so.onap.org
+ password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA
+ aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.nssmfAdapterPerm
+ noAuthn: /manage/health
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+
so-vnfm-adapter:
certSecret: *so-certs
aaf: