diff options
Diffstat (limited to 'kubernetes')
38 files changed, 2544 insertions, 3 deletions
diff --git a/kubernetes/common/common/templates/_affinities.tpl b/kubernetes/common/common/templates/_affinities.tpl new file mode 100644 index 0000000000..f0802be29d --- /dev/null +++ b/kubernetes/common/common/templates/_affinities.tpl @@ -0,0 +1,109 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +# Copyright © 2020 Bitnami, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.matchLabels" (dict "dot" .context "matchLabels" (dict))) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + namespaces: + - {{ include "common.namespace" .context }} + topologyKey: kubernetes.io/hostname + weight: 1 +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.matchLabels" (dict "dot" .context "matchLabels" (dict))) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + namespaces: + - {{ include "common.namespace" .context }} + topologyKey: kubernetes.io/hostname +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index db7c9d2231..9f74986174 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -84,9 +84,9 @@ config: secret_domain: osdf aaf_ca_certs: /opt/app/ssl_cert/aaf_root_ca.cer # config db api - configDbUrl: http://config.db.url:8080 - configDbGetCellListUrl: 'SDNCConfigDBAPI/getCellList' - configDbGetNbrListUrl: 'SDNCConfigDBAPI/getNbrList' + configDbUrl: http://configdb:8080 + configDbGetCellListUrl: 'api/sdnc-config-db/v3/getCellList' + configDbGetNbrListUrl: 'api/sdnc-config-db/v3/getNbrList' #aai api aaiUrl: https://aai:8443 aaiGetLinksUrl: /aai/v16/network/logical-links diff --git a/kubernetes/robot b/kubernetes/robot deleted file mode 160000 -Subproject 85b5af5058bbda19b557add185d917f60c2188e diff --git a/kubernetes/robot/.gitignore b/kubernetes/robot/.gitignore new file mode 100644 index 0000000000..97a5360f8e --- /dev/null +++ b/kubernetes/robot/.gitignore @@ -0,0 +1,3 @@ +/.project +/.pydevproject +*.pyc
\ No newline at end of file diff --git a/kubernetes/robot/.helmignore b/kubernetes/robot/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/robot/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/robot/Chart.yaml b/kubernetes/robot/Chart.yaml new file mode 100644 index 0000000000..577d2abc34 --- /dev/null +++ b/kubernetes/robot/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: A helm Chart for kubernetes-ONAP Robot +name: robot +version: 7.0.0 diff --git a/kubernetes/robot/INFO.yaml b/kubernetes/robot/INFO.yaml new file mode 100644 index 0000000000..6f159134b7 --- /dev/null +++ b/kubernetes/robot/INFO.yaml @@ -0,0 +1,141 @@ +--- +project: 'testsuite/oom' +project_creation_date: '2017-02-15' +lifecycle_state: 'Incubation' +project_lead: &onap_integration_ptl + name: 'Morgan Richomme' + email: 'morgan.richomme@orange.com' + id: 'mrichomme' + company: 'Orange' + timezone: 'France/Paris' +primary_contact: *onap_integration_ptl +project_category: '' +issue_tracking: + type: 'jira' + url: 'https://jira.onap.org/projects/TEST' + key: 'TEST' +mailing_list: + type: 'groups.io' + url: 'lists.onap.org' + tag: '<[sub-project_name]>' +realtime_discussion: '' +meetings: + - type: 'zoom' + agenda: 'https://wiki.onap.org/display/DW/Integration+Meeting+Minutes' + url: 'https://wiki.onap.org/pages/viewpage.action?pageId=6593670' + server: 'n/a' + channel: 'n/a' + repeats: 'weekly' + time: '14:00 UTC' +repositories: + - 'testsuite/oom' +committers: + - <<: *onap_integration_ptl + - name: 'Christophe Closset' + email: 'cc697w@intl.att.com' + company: 'ATT' + id: 'ChrisC' + timezone: 'Belgium/Namur' + - name: 'Daniel Rose' + email: 'DR695H@att.com' + company: 'ATT' + id: 'DR695H' + timezone: 'America/New_York' + - name: 'Marco Platania' + email: 'platania@research.att.com' + company: 'ATT' + id: 'platania' + timezone: 'America/New_York' + - name: 'Chengli Wang' + email: 'wangchengli@chinamobile.com' + company: 'China Mobile' + id: 'wangchengli' + timezone: 'China/Beijing' + - name: 'Brian Freeman' + email: 'bf1936@att.com' + company: 'AT&T' + id: 'bdfreeman1421' + timezone: 'America/New_York' + - name: 'Morgan Richomme' + email: 'morgan.richomme@orange.com' + company: 'orange' + id: 'mrichomme' + timezone: 'France/Paris' + - name: 'Bartek Grzybowski' + email: 'b.grzybowski@partner.samsung.com' + company: 'samsung' + id: 'bgrzybowski' + timezone: 'Poland/Warsaw' + - name: 'Marcin Przybysz' + email: 'marcin.przybysz@nokia.com' + company: 'nokia' + id: 'mprzybys' + timezone: 'Poland/Warsaw' + - name: 'Krzysztof Kuzmicki' + email: 'krzysztof.kuzmicki@nokia.com' + company: 'nokia' + id: 'kkuzmick' + timezone: 'Europe/Warsaw' + - name: 'Pawel Wieczorek' + email: 'p.wieczorek2@samsung.com' + company: 'samsung' + id: 'pwieczorek' + timezone: 'Europe/Warsaw' + - name: 'Andreas Geissler' + email: 'andreas-geissler@telekom.de' + company: 'Deutsche Telekom' + id: 'andreasgeissler' + timezone: 'Europe/Berlin' + - name: 'Michal Jagiello' + email: 'Michal.Jagiello@t-mobile.pl' + company: 'T-Mobile' + id: 'MichalJagielloTMPL' + timezone: 'Europe/Warsaw' + - name: 'Lukasz Rajewski' + email: 'lukasz.rajewski@orange.com' + company: 'Orange' + id: 'rajewluk' + timezone: 'Europe/Warsaw' + - name: 'Thierry Hardy' + email: 'thierry.hardy@orange.com' + company: 'orange' + id: 'jardellos' + timezone: 'Europe/Paris' + - name: 'Lasse Kaihlavirta' + email: 'l.kaihlavirt@partner.samsung.com' + company: 'samsung' + id: 'kaihlavi' + timezone: 'Europe/Helsinki' +tsc: + approval: 'https://lists.onap.org/pipermail/onap-tsc' + changes: + - type: 'Addition' + name: 'Morgan Richomme' + link: 'https://wiki.onap.org/display/DW/TSC+2019-10-17' + - type: 'Deletion' + name: 'Xiaolong Kong, Hector Anapan-Lavalle' + link: 'https://lists.onap.org/g/onap-discuss/message/19277' + - type: 'Addition' + name: 'Bartek, Marcin, Eric' + link: 'https://wiki.onap.org/display/DW/Integration+Team' + - type: 'Addition' + name: 'Krzysztof Kuzmicki' + link: 'https://lists.onap.org/g/onap-tsc/message/6232' + - type: 'Addition' + name: 'Pawel Wieczorek' + link: 'https://lists.onap.org/g/onap-tsc/message/6341' + - type: 'Addition' + name: 'Andreas Geissler' + link: 'https://lists.onap.org/g/onap-tsc/message/6342' + - type: 'Addition' + name: 'Michal Jagiello' + link: 'https://lists.onap.org/g/onap-tsc/message/7102' + - type: 'Addition' + name: 'Lukasz Rajewski' + link: 'https://lists.onap.org/g/onap-tsc/message/7102' + - type: 'Addition' + name: 'Thierry Hardy' + link: 'https://lists.onap.org/g/onap-tsc/message/7102' + - type: 'Addition' + name: 'Lasse Kaihlavirta' + link: 'https://lists.onap.org/g/onap-tsc/message/7280' diff --git a/kubernetes/robot/demo-k8s.sh b/kubernetes/robot/demo-k8s.sh new file mode 100755 index 0000000000..5d8fed829c --- /dev/null +++ b/kubernetes/robot/demo-k8s.sh @@ -0,0 +1,235 @@ +#!/bin/bash +# Copyright (C) 2018 Amdocs, Bell Canada +# Modifications Copyright (C) 2019 Samsung +# Modifications Copyright (C) 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Execute tags built to support the hands-on demo +# +function usage +{ + echo "Usage: demo-k8s.sh <namespace> <command> [<parameters>] [execscript]" + echo " " + echo " demo-k8s.sh <namespace> init" + echo " - Execute both init_customer + distribute" + echo " " + echo " demo-k8s.sh <namespace> init_customer" + echo " - Create demo customer (Demonstration) and services, etc." + echo " " + echo " demo-k8s.sh <namespace> distribute [<prefix>]" + echo " - Distribute demo models (demoVFW and demoVLB)" + echo " " + echo " demo-k8s.sh <namespace> preload <vnf_name> <module_name>" + echo " - Preload data for VNF for the <module_name>" + echo " " + echo " demo-k8s.sh <namespace> appc <module_name>" + echo " - provide APPC with vFW module mount point for closed loop" + echo " " + echo " demo-k8s.sh <namespace> init_robot [ <etc_hosts_prefix> ]" + echo " - Initialize robot after all ONAP VMs have started" + echo " " + echo " demo-k8s.sh <namespace> instantiateVFW" + echo " - Instantiate vFW module for the demo customer (DemoCust<uuid>)" + echo " " + echo " demo-k8s.sh <namespace> instantiateVFWdirectso csar_filename" + echo " - Instantiate vFW module using direct SO interface using previously distributed model " + echo " that is in /tmp/csar in robot container" + echo " " + echo " demo-k8s.sh <namespace> instantiateVLB_CDS" + echo " - Instantiate vLB module using CDS with a preloaded CBA " + echo " " + echo " demo-k8s.sh <namespace> deleteVNF <module_name from instantiateVFW>" + echo " - Delete the module created by instantiateVFW" + echo " " + echo " demo-k8s.sh <namespace> vfwclosedloop <pgn-ip-address>" + echo " - vFWCL: Sets the packet generator to high and low rates, and checks whether the policy " + echo " kicks in to modulate the rates back to medium" + echo " " + echo " demo-k8s.sh <namespace> <command> [<parameters>] execscript" + echo " - Optional parameter to execute user custom scripts located in scripts/demoscript directory" + echo " " +} + +# Check if execscript flag is used and drop it from input arguments + +if [[ "${!#}" == "execscript" ]]; then + set -- "${@:1:$#-1}" + execscript=true +fi + +# Set the defaults + +echo "Number of parameters:" +echo $# + +if [ $# -lt 2 ];then + usage + exit +fi + +NAMESPACE=$1 +shift + +## +## if more than 1 tag is supplied, the must be provided with -i or -e +## +while [ $# -gt 0 ] +do + key="$1" + echo "KEY:" + echo $key + + case $key in + init_robot) + TAG="UpdateWebPage" + read -s -p "WEB Site Password for user 'test': " WEB_PASSWORD + if [ "$WEB_PASSWORD" = "" ]; then + echo "" + echo "WEB Password is required for user 'test'" + exit + fi + VARIABLES="$VARIABLES -v WEB_PASSWORD:$WEB_PASSWORD" + shift + if [ $# -eq 2 ];then + VARIABLES="$VARIABLES -v HOSTS_PREFIX:$1" + fi + shift + ;; + init) + TAG="InitDemo" + shift + ;; + vescollector) + TAG="vescollector" + shift + ;; + distribute_vcpe) + TAG="distributeVCPE" + shift + ;; + init_customer) + TAG="InitCustomer" + shift + ;; + distribute) + TAG="InitDistribution" + shift + if [ $# -eq 1 ];then + VARIABLES="$VARIABLES -v DEMO_PREFIX:$1" + fi + shift + ;; + preload) + TAG="PreloadDemo" + shift + if [ $# -ne 2 ];then + echo "Usage: demo-k8s.sh <namespace> preload <vnf_name> <module_name>" + exit + fi + VARIABLES="$VARIABLES -v VNF_NAME:$1" + shift + VARIABLES="$VARIABLES -v MODULE_NAME:$1" + shift + ;; + appc) + TAG="APPCMountPointDemo" + shift + if [ $# -ne 1 ];then + echo "Usage: demo-k8s.sh <namespace> appc <module_name>" + exit + fi + VARIABLES="$VARIABLES -v MODULE_NAME:$1" + shift + ;; + instantiateVFW) + TAG="instantiateVFW" + VARIABLES="$VARIABLES -v GLOBAL_BUILD_NUMBER:$$" + shift + ;; + instantiateVFWdirectso) + TAG="instantiateVFWdirectso" + shift + if [ $# -ne 1 ];then + echo "Usage: demo-k8s.sh <namespace> instantiateVFWdirectso <csar_filename>" + exit + fi + VARIABLES="$VARIABLES -v CSAR_FILE:$1 -v GLOBAL_BUILD_NUMBER:$$" + shift + ;; + instantiateVLB_CDS) + TAG="instantiateVLB_CDS" + VARIABLES="$VARIABLES -v GLOBAL_BUILD_NUMBER:$$" + shift + ;; + deleteVNF) + TAG="deleteVNF" + shift + if [ $# -ne 1 ];then + echo "Usage: demo-k8s.sh <namespace> deleteVNF <module_name from instantiateVFW>" + exit + fi + VARFILE=$1.py + VARIABLES="$VARIABLES -V /share/${VARFILE}" + shift + ;; + cds) + TAG="cds" + shift + ;; + distributeVFWNG) + TAG="distributeVFWNG" + shift + ;; + distributeDemoVFWDT) + TAG="DistributeDemoVFWDT" + shift + ;; + instantiateDemoVFWDT) + TAG="instantiateVFWDT" + shift + ;; + vfwclosedloop) + TAG="vfwclosedloop" + shift + VARIABLES="$VARIABLES -v PACKET_GENERATOR_HOST:$1 -v pkg_host:$1" + shift + ;; + *) + usage + exit + esac +done + +set -x + +POD=$(kubectl --namespace $NAMESPACE get pods | sed 's/ .*//'| grep robot) + +DIR=$(dirname "$0") +SCRIPTDIR=scripts/demoscript + +ETEHOME=/var/opt/ONAP + +if [ $execscript ]; then + for script in $(ls -1 "$DIR/$SCRIPTDIR"); do + [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script" + done +fi + +export GLOBAL_BUILD_NUMBER=$(kubectl --namespace $NAMESPACE exec ${POD} -- bash -c "ls -1q /share/logs/ | wc -l") +OUTPUT_FOLDER=$(printf %04d $GLOBAL_BUILD_NUMBER)_demo_$key +DISPLAY_NUM=$(($GLOBAL_BUILD_NUMBER + 90)) + +VARIABLEFILES="-V /share/config/robot_properties.py" + +kubectl --namespace $NAMESPACE exec ${POD} -- ${ETEHOME}/runTags.sh ${VARIABLEFILES} ${VARIABLES} -d /share/logs/${OUTPUT_FOLDER} -i ${TAG} --display $DISPLAY_NUM 2> ${TAG}.out diff --git a/kubernetes/robot/ete-k8s.sh b/kubernetes/robot/ete-k8s.sh new file mode 100755 index 0000000000..e3d05df0ef --- /dev/null +++ b/kubernetes/robot/ete-k8s.sh @@ -0,0 +1,106 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#!/bin/bash + +# +# Run the testsuite for the passed tag. Valid tags are listed in usage help +# Please clean up logs when you are done... +# +if [ "$1" == "" ] || [ "$2" == "" ]; then + echo "Usage: ete-k8s.sh [namespace] [tag] [execscript]" + echo "" + echo " List of test case tags (filename for intent: tag)" + echo "" + echo " cds.robot: cds" + echo "" + echo " clamp.robot: clamp" + echo "" + echo " demo.robot: InitDemo, InitCustomer, APPCCDTPreloadDemo, APPCMountPointDemo, DistributeDemoVFWDT, DistributeVFWNG," + echo " InitDistribution, PreloadDemo, deleteVNF, instantiateDemoVFWCL, instantiateVFW, " + echo " instantiateVFWCL, instantiateVFWDT, instantiateVFWCLDN" + echo "" + echo " health-check.robot: health, core, small, medium, 3rdparty, api, datarouter, externalapi, health-aaf, health-aai, health-appc," + echo " health-clamp, health-cli, health-dcae, health-dmaap, health-log, health-modeling, health-msb," + echo " health-multicloud, health-oof, health-policy, health-pomba, health-portal, health-sdc, health-sdnc," + echo " health-so, health-uui, health-vfc, health-vid, health-vnfsdk, healthdist, healthlogin, healthmr," + echo " healthportalapp, multicloud, oom" + echo "" + echo " hvves.robot: HVVES, ete" + echo "" + echo " model-distribution-vcpe.robot: distributevCPEResCust" + echo "" + echo " model-distribution.robot: distribute, distributeVFWDT, distributeVLB" + echo "" + echo " oof-*.robot: cmso, has, homing" + echo "" + echo " pnf-registration.robot: ete, pnf_registrate" + echo "" + echo " post-install-tests.robot: dmaapacl, postinstall" + echo "" + echo " sdc-dcae-d.robot: sdc-dcae-d" + echo "" + echo " security.robot: security" + echo "" + echo " update_onap_page.robot: UpdateWebPage" + echo "" + echo " vnf-orchestration-direct-so.robot: instantiateVFWdirectso" + echo "" + echo " vnf-orchestration.robot: instantiate, instantiateNoDelete, stability72hr" + echo "" + echo " [execscript] - optional parameter to execute user custom scripts located in scripts/etescript directory" + exit +fi + +set -x + +export NAMESPACE="$1" + +POD=$(kubectl --namespace $NAMESPACE get pods | sed 's/ .*//'| grep robot) + +TAGS="-i $2" + +DIR=$(dirname "$0") +SCRIPTDIR=scripts/etescript + +ETEHOME=/var/opt/ONAP + +if [[ "${!#}" == "execscript" ]]; then + for script in $(ls -1 "$DIR/$SCRIPTDIR"); do + [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script" + done +fi + +export GLOBAL_BUILD_NUMBER=$(kubectl --namespace $NAMESPACE exec ${POD} -- bash -c "ls -1q /share/logs/ | wc -l") +OUTPUT_FOLDER=$(printf %04d $GLOBAL_BUILD_NUMBER)_ete_$2 +DISPLAY_NUM=$(($GLOBAL_BUILD_NUMBER + 90)) + +VARIABLEFILES="-V /share/config/robot_properties.py" +VARIABLES="-v GLOBAL_BUILD_NUMBER:$$" + +case $2 in + security) + if [ -z "$NODEPORTS_FILE" ]; then + echo "Security tests require gathering additional information on ONAP cluster." + echo "It is unavailable from within Robot pod." + echo "" + echo "Rerun command with \"execscript\" argument, e.g." + echo "$ $0 onap security execscript" + exit + fi + VARIABLES="${VARIABLES} -v ACTUAL_NODEPORTS_FILE:${NODEPORTS_FILE}" + ;; +esac + +kubectl --namespace $NAMESPACE exec ${POD} -- ${ETEHOME}/runTags.sh ${VARIABLEFILES} ${VARIABLES} -d /share/logs/${OUTPUT_FOLDER} ${TAGS} --display $DISPLAY_NUM diff --git a/kubernetes/robot/eteHelm-k8s.sh b/kubernetes/robot/eteHelm-k8s.sh new file mode 100755 index 0000000000..9f8cbb2faf --- /dev/null +++ b/kubernetes/robot/eteHelm-k8s.sh @@ -0,0 +1,60 @@ +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#!/bin/bash + +# +# Run the health-check testsuites for the tags discovered by helm list +# Please clean up logs when you are done... +# +if [ "$1" == "" ] ; then + echo "Usage: eteHelm-k8s.sh [namespace] [execscript]" + echo " list projects via helm list and runs health-check with those tags except dev and dev-consul" + echo " [execscript] - optional parameter to execute user custom scripts located in scripts/helmscript directory" + exit +fi + +set -x + +export NAMESPACE="$1" + +POD=$(kubectl --namespace $NAMESPACE get pods | sed 's/ .*//'| grep robot) + +PROJECTS=$(helm list | tail -n +3 | grep '-' | cut -d' ' -f1 | sed -E 's/\w+-(\w+)/health-\1/g' | grep -v consul | grep -v nfs-provision) + +TAGS="" +for project in $PROJECTS ; +do +TAGS="$TAGS -i $project" +done + +DIR=$(dirname "$0") +SCRIPTDIR=scripts/helmscript + +ETEHOME=/var/opt/ONAP + +if [[ "${!#}" == "execscript" ]]; then + for script in $(ls -1 "$DIR/$SCRIPTDIR"); do + [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script" + done +fi + +export GLOBAL_BUILD_NUMBER=$(kubectl --namespace $NAMESPACE exec ${POD} -- bash -c "ls -1q /share/logs/ | wc -l") +OUTPUT_FOLDER=$(printf %04d $GLOBAL_BUILD_NUMBER)_ete_helmlist +DISPLAY_NUM=$(($GLOBAL_BUILD_NUMBER + 90)) + +VARIABLEFILES="-V /share/config/robot_properties.py" +VARIABLES="-v GLOBAL_BUILD_NUMBER:$$" + +kubectl --namespace $NAMESPACE exec ${POD} -- ${ETEHOME}/runTags.sh ${VARIABLEFILES} ${VARIABLES} -d /share/logs/${OUTPUT_FOLDER} ${TAGS} --display $DISPLAY_NUM diff --git a/kubernetes/robot/instantiate-k8s.sh b/kubernetes/robot/instantiate-k8s.sh new file mode 100755 index 0000000000..67fd403a12 --- /dev/null +++ b/kubernetes/robot/instantiate-k8s.sh @@ -0,0 +1,150 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" + +NAMESPACE= +FOLDER= +POLL=0 + +function check_required_parameter() { + # arg1 = parameter + # arg2 = parameter name + if [ -z "$1" ]; then + echo "$2 was not was provided. This parameter is required." + exit 1 + fi +} + +function check_optional_paramater() { + # arg1 = parameter + # arg2 = parameter name + if [ -z $1 ]; then + echo "$2" + else + echo "$1" + fi +} + +while test $# -gt 0; do + case "$1" in + -h|--help) + echo "./instantiate-k8s.sh [options]" + echo " " + echo "required:" + echo "-n, --namespace <namespace> namespace that robot pod is running under." + echo "-f, --folder <folder> path to folder containing heat templates, preloads, and vnf-details.json." + echo " " + echo "additional options:" + echo "-p, --poll some cloud environments (like azure) have a short time out value when executing" + echo " kubectl. If your shell exits before the testsuite finishes, using this option" + echo " will poll the testsuite logs every 30 seconds until the test finishes." + echo " " + echo "This script executes the VNF instantiation robot testsuite." + echo "- It copies the VNF folder to the robot container that is part of the ONAP deployment." + echo "- It models, distributes, and instantiates a heat-based VNF." + echo "- It copies the logs to an output directory, and creates a tarball for upload to the OVP portal." + echo "" + exit 0 + ;; + -n|--namespace) + shift + NAMESPACE=$1 + shift + ;; + -f|--folder) + shift + FOLDER=$1 + shift + ;; + -p|--poll) + shift + POLL=1 + ;; + *) + echo "Unknown Argument $1. Try running with --help." + exit 0 + ;; + esac +done + +check_required_parameter "$NAMESPACE" "--namespace" +check_required_parameter "$FOLDER" "--folder" + +TAG="instantiate_vnf_ovp" + +if [ ! -d "$FOLDER" ]; then + echo "VNF folder $FOLDER does not exist, exiting." + exit 1 +fi + +BUILDNUM="$$" +OUTPUT_DIRECTORY=/tmp/vnfdata.${BUILDNUM} + +set -x + +POD=$(kubectl --namespace $NAMESPACE get pods | sed 's/ .*//'| grep robot) +export GLOBAL_BUILD_NUMBER=$(kubectl --namespace $NAMESPACE exec ${POD} -- bash -c "ls -1q /share/logs/ | wc -l") +TAGS="-i $TAG" +ETEHOME=/var/opt/ONAP +OUTPUT_FOLDER=$(printf %04d $GLOBAL_BUILD_NUMBER)_ete_instantiate_vnf +DISPLAY_NUM=$(($GLOBAL_BUILD_NUMBER + 90)) +VARIABLEFILES="-V /share/config/robot_properties.py" +VARIABLES="$VARIABLES -v GLOBAL_BUILD_NUMBER:${BUILDNUM}" + +echo "Copying the VNF folder into robot pod..." +kubectl --namespace $NAMESPACE cp $FOLDER ${POD}:/tmp/vnfdata.${BUILDNUM} + + +echo "Executing instantiation..." + +if [ $POLL = 1 ]; then + kubectl --namespace $NAMESPACE exec ${POD} -- bash -c "${ETEHOME}/runTags.sh ${VARIABLEFILES} ${VARIABLES} -d /share/logs/${OUTPUT_FOLDER} ${TAGS} --listener ${ETEHOME}/testsuite/eteutils/robotframework-onap/listeners/OVPListener.py --display $DISPLAY_NUM > /tmp/vnf_instantiation.$BUILDNUM.log 2>&1 &" + + pid=`kubectl --namespace $NAMESPACE exec ${POD} -- bash -c "pgrep runTags.sh -n"` + + if [ -z "$pid" ]; then + echo "robot testsuite unable to start" + exit 1 + fi + + kubectl --namespace $NAMESPACE exec ${POD} -- bash -c "while ps -p \"$pid\" --no-headers | grep -v defunct; do echo \$'\n\n'; echo \"Testsuite still running \"\`date\`; echo \"LOG FILE: \"; tail -10 /tmp/vnf_instantiation.$BUILDNUM.log; sleep 30; done" + +else + kubectl --namespace $NAMESPACE exec ${POD} -- bash -c "${ETEHOME}/runTags.sh ${VARIABLEFILES} ${VARIABLES} -d /share/logs/${OUTPUT_FOLDER} ${TAGS} --listener ${ETEHOME}/testsuite/eteutils/robotframework-onap/listeners/OVPListener.py --display $DISPLAY_NUM" +fi + +set +x + +echo "testsuite has finished" + +mkdir -p "$OUTPUT_DIRECTORY" +echo "Copying Results from pod..." + +kubectl --namespace $NAMESPACE cp ${POD}:share/logs/$OUTPUT_FOLDER/summary/report.json "$OUTPUT_DIRECTORY"/report.json +kubectl --namespace $NAMESPACE cp ${POD}:share/logs/$OUTPUT_FOLDER/summary/stack_report.json "$OUTPUT_DIRECTORY"/stack_report.json +kubectl --namespace $NAMESPACE cp ${POD}:share/logs/$OUTPUT_FOLDER/summary/results.json "$OUTPUT_DIRECTORY"/results.json +kubectl --namespace $NAMESPACE cp ${POD}:share/logs/$OUTPUT_FOLDER/log.html "$OUTPUT_DIRECTORY"/log.html + +pushd . + +# echo -e "import hashlib\nwith open(\"README.md\", \"r\") as f: bytes = f.read()\nreadable_hash = hashlib.sha256(bytes).hexdigest()\nprint(readable_hash)" | python + +cd "$OUTPUT_DIRECTORY" +tar -czvf vnf_heat_results.tar.gz * + +popd + +echo "VNF test results: $OUTPUT_DIRECTORY/vnf_heat_results.tar.gz" diff --git a/kubernetes/robot/onap_dev.pvt b/kubernetes/robot/onap_dev.pvt new file mode 100644 index 0000000000..81e334a684 --- /dev/null +++ b/kubernetes/robot/onap_dev.pvt @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAylw4KKN/ljqnFBvP+blG5PNfsnM4MAuGPMsE5rkKmzcZWNaE +NGMXTFKlJ4YrUl7OUv8kbgFTmB8BoNpgrNtKACDaz/psQSOeOADCG/YrT4wrYKrR +NhFqOjJpxRmxweEsd14qBOxeFT7Ie42qbCMMzo260HvjLmtUxkOXeJ3xDkGmoJVy +yzxX7nO1m4WyWyukO6x6mX0XDsADF4A6AapcqinoisJ7pnXaNkcjU/JY2Jrwem7s ++ypzIp86O6gdLpLVU9ORR/UYNAk1h+Z6K5Rual4D9mrpC9IJNaYfIgLe7mC39ZLa +fiySNoGhei9P6pYvRJlQki69bid/EPAgX5YZIQIDAQABAoIBAQClDekkhI9ZqseC +qFjPuKaxsizZMg+faJb6WSHLSxzyk1OSWY6F6FklgLeC8HW/fuLNYZyGOYDEsG20 +lMqL02Wdiy7OutS3oOS5iyzIf9a90HfFJi706el6RIpvINETcaXCS0T8tQrcS1Rd +KqTaBRC6HXJGAPbBcvw3pwQSdskatU6a/Kt2a3x6DsqqinQcgEB/SbrDaJCUX9sb +F2HVUwdq7aZK1Lk0ozr1FID9mrhjwWuQ6XC+vjG0FqtyXeMpR5iaQ73hex3FXQ8z +OjkFbMwuHWSh1DSx70r5yFrrBqwQKnMsBqx4QDRf3fIENUnWviaL+n+gwcXA07af +4kaNUFUtAoGBAPuNNRAGhZnyZ9zguns9PM56nmeMUikV5dPN2DTbQb79cpfV+7pC +6PeSH/dTKFLz62d6qAM2EsNXQvewf8fipBVBRPsRqKOv+uepd01dHNy62I5B+zRm +be9Kbe+EN60qdzvyPM+2hV6CnvGv1dirimS9pu6RrxD2Rmz1ectnJE+rAoGBAM3w +UbSEemyZ6EKjck2RfdipzY0MNBnIZ2cUqHh8mmPXjdTLzpXb9vmPbHb01Qwo8MP+ +gMnTbTBOzyNAaHdIrCO9FHW6C85j3ot5Yzcr+EcBVcua+7KHU0Sgn44JNH8DisJ7 +Y63UP/1Xb4d1/QvHfxYy3WOvvRdVZ7pPo8JNX95jAoGAIe5CIg8/JizUZa7KeKUh +9pgDleQPkQsrHQ6/AyIwFBsLwf9THSS5V+uV9D57SfUs46Bf2U8J6N90YQSlt8iS +aWuManFPVgT+yxDIzt6obf2mCEpOIBtQ6N4ZRh2HhQwdWTCrkzkDdGQaHG+jYL6C +xGPwiG2ON7OAfGIAM7eN5lECgYEAhoRLWlaOgRGnHKAWsYQvZ67CjTdDcPPuVu6v +fMQnNMA/7JeTwV+E205L0wfpgZ/cZKmBBlQMJlnUA3q2wfO+PTnse1mjDJU/cGtB +22/lJLxChlQdxGeQhGtGzUhF+hEeOhrO6WSSx7CtMRZoy6Dr6lwfMFZCdVNcBd6v +YOOZk3ECgYEAseUKGb6E80XTVVNziyuiVbQCsI0ZJuRfqMZ2IIDQJU9u6AnGAway +itqHbkGsmDT+4HUz01+1JKnnw42RdSrHdU/LaOonD+RIGqe2x800QXzqASKLdCXr +y7RoiFqJtkdFQykzJemA+xOXvHLgKi/MXFsU90PCD0VJKLj8vwpX78Y= +-----END RSA PRIVATE KEY----- diff --git a/kubernetes/robot/requirements.yaml b/kubernetes/robot/requirements.yaml new file mode 100644 index 0000000000..cac9ba506f --- /dev/null +++ b/kubernetes/robot/requirements.yaml @@ -0,0 +1,22 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~7.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py new file mode 100644 index 0000000000..ef12c9a848 --- /dev/null +++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py @@ -0,0 +1,345 @@ +# Copyright (c) 2018 Amdocs, Bell Canada, and others +# Modifications Copyright (c) 2020 AT&T Intellectual Property +# Modifications Copyright (c) 2020 NOKIA Intellectual Property +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +GLOBAL_INJECTED_AAF_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "aaf-service") }}' +GLOBAL_INJECTED_AAI_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "aai") }}' +GLOBAL_INJECTED_APPC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "appc") }}' +GLOBAL_INJECTED_APPC_CDT_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "appc-cdt") }}' +GLOBAL_INJECTED_ARTIFACTS_VERSION = '{{.Values.demoArtifactsVersion}}' +GLOBAL_INJECTED_ARTIFACTS_REPO_URL = "{{ .Values.demoArtifactsRepoUrl }}" +GLOBAL_INJECTED_CLAMP_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "clamp") }}' +GLOBAL_INJECTED_CLI_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "cli") }}' +GLOBAL_INJECTED_CLOUD_ENV = 'openstack' +GLOBAL_INJECTED_DCAE_COLLECTOR_IP = "{{ .Values.dcaeCollectorIp }}" +GLOBAL_INJECTED_DCAE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-healthcheck") }}' +GLOBAL_INJECTED_DCAE_VES_HOST = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-ves-collector") }}' +GLOBAL_INJECTED_DMAAP_DR_PROV_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-prov") }}' +GLOBAL_INJECTED_DMAAP_DR_NODE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-node") }}' +GLOBAL_INJECTED_DNS_IP_ADDR = 'N/A' +GLOBAL_INJECTED_DOCKER_VERSION = '1.2-STAGING-latest' +GLOBAL_INJECTED_EXTERNAL_DNS = 'N/A' +GLOBAL_INJECTED_LOG_ELASTICSEARCH_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "log-es") }}' +GLOBAL_INJECTED_LOG_KIBANA_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "log-kibana") }}' +GLOBAL_INJECTED_LOG_LOGSTASH_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "log-ls-http") }}' +GLOBAL_INJECTED_POMBA_AAI_CONTEXT_BUILDER_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pomba-aaictxbuilder") }}' +GLOBAL_INJECTED_POMBA_SDC_CONTEXT_BUILDER_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pomba-sdcctxbuilder") }}' +GLOBAL_INJECTED_POMBA_NETWORK_DISC_CONTEXT_BUILDER_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pomba-networkdiscoveryctxbuilder") }}' +GLOBAL_INJECTED_POMBA_SERVICE_DECOMPOSITION_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pomba-servicedecomposition") }}' +GLOBAL_INJECTED_POMBA_SDNC_CTX_BUILDER_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pomba-sdncctxbuilder") }}' +GLOBAL_INJECTED_POMBA_NETWORKDISCOVERY_MICROSERVICE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pomba-networkdiscovery") }}' +GLOBAL_INJECTED_POMBA_VALIDATION_SERVICE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pomba-validation-service") }}' +GLOBAL_INJECTED_POMBA_KIBANA_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pomba-kibana") }}' +GLOBAL_INJECTED_POMBA_ELASTIC_SEARCH_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pomba-es") }}' +GLOBAL_INJECTED_POMBA_CONTEX_TAGGREGATOR_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pomba-contextaggregator") }}' +GLOBAL_INJECTED_KEYSTONE = '{{ .Values.openStackKeyStoneUrl }}' +GLOBAL_INJECTED_MR_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router") }}' +GLOBAL_INJECTED_BC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-bc") }}' +GLOBAL_INJECTED_MUSIC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "music") }}' +GLOBAL_INJECTED_NBI_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "nbi") }}' +GLOBAL_INJECTED_NETWORK = '{{ .Values.openStackPrivateNetId }}' +GLOBAL_INJECTED_NEXUS_DOCKER_REPO = '{{ include "common.repository" . }}' +GLOBAL_INJECTED_NEXUS_PASSWORD = 'docker' +GLOBAL_INJECTED_NEXUS_REPO ='https://nexus.onap.org/content/sites/raw' +GLOBAL_INJECTED_NEXUS_USERNAME = 'docker' +GLOBAL_INJECTED_OOF_IP_ADDR = 'N/A' +GLOBAL_INJECTED_OOF_HOMING_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "oof-has-api") }}' +GLOBAL_INJECTED_OOF_SNIRO_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "oof-osdf") }}' +GLOBAL_INJECTED_OOF_CMSO_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "oof-cmso") }}' +GLOBAL_INJECTED_MSB_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "msb-iag") }}' +GLOBAL_INJECTED_OPENSTACK_API_KEY = '{{ .Values.config.openStackEncryptedPasswordHere}}' +GLOBAL_INJECTED_OPENSTACK_TENANT_ID = '{{ .Values.openStackTenantId }}' +GLOBAL_INJECTED_OPENSTACK_USERNAME = '{{ .Values.openStackUserName }}' +GLOBAL_INJECTED_OPENSTACK_PROJECT_NAME = '{{ .Values.openStackProjectName }}' +GLOBAL_INJECTED_OPENSTACK_DOMAIN_ID = '{{ .Values.openStackDomainId }}' +GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN = '{{ .Values.openStackUserDomain }}' +GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION = '{{ .Values.openStackKeystoneAPIVersion }}' +GLOBAL_INJECTED_REGION_THREE = '{{ .Values.openStackRegionRegionThree }}' +GLOBAL_INJECTED_KEYSTONE_REGION_THREE = '{{ .Values.openStackKeyStoneUrlRegionThree }}' +GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION_REGION_THREE = '{{ .Values.openStackKeystoneAPIVersionRegionThree }}' +GLOBAL_INJECTED_OPENSTACK_USERNAME_REGION_THREE = '{{ .Values.openStackUserNameRegionThree }}' +GLOBAL_INJECTED_OPENSTACK_SO_ENCRYPTED_PASSWORD_REGION_THREE = '{{ .Values.openSackMsoEncryptdPasswordRegionThree }}' +GLOBAL_INJECTED_OPENSTACK_SO_ENCRYPTED_PASSWORD = '{{ .Values.config.openStackSoEncryptedPassword}}' +GLOBAL_INJECTED_OPENSTACK_TENANT_ID_REGION_THREE = '{{ .Values.openStackTenantIdRegionThree }}' +GLOBAL_INJECTED_OPENSTACK_PROJECT_DOMAIN_REGION_THREE = '{{ .Values.openStackProjectNameRegionThree }}' +GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN_REGION_THREE = '{{ .Values.openStackDomainIdRegionThree }}' +GLOBAL_INJECTED_OPENSTACK_OAM_NETWORK_CIDR_PREFIX = '{{ .Values.openStackOamNetworkCidrPrefix }}' +GLOBAL_INJECTED_OPENSTACK_OAM_NETWORK_3RD_OCTET = '{{ .Values.openStackOamNetwork3rdOctet}}' +GLOBAL_INJECTED_OPENSTACK_PUBLIC_NETWORK = '{{ .Values.openStackPublicNetworkName }}' +GLOBAL_INJECTED_OPENSTACK_SECURITY_GROUP = '{{ .Values.openStackSecurityGroup }}' +GLOBAL_INJECTED_OPENSTACK_PRIVATE_SUBNET_ID = "{{ .Values.openStackPrivateSubnetId }}" +GLOBAL_INJECTED_OPENSTACK_PRIVATE_NET_CIDR = "{{ .Values.openStackPrivateNetCidr }}" +GLOBAL_INJECTED_POLICY_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pdp") }}' +GLOBAL_INJECTED_POLICY_DROOLS_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "policy-drools-pdp") }}' +GLOBAL_INJECTED_PORTAL_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "portal-app") }}' +GLOBAL_INJECTED_POLICY_API_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "policy-api") }}' +GLOBAL_INJECTED_POLICY_PAP_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "policy-pap") }}' +GLOBAL_INJECTED_POLICY_DISTRIBUTION_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "policy-distribution") }}' +GLOBAL_INJECTED_POLICY_PDPX_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "policy-xacml-pdp") }}' +GLOBAL_INJECTED_POLICY_APEX_PDP_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "policy-apex-pdp") }}' +GLOBAL_INJECTED_PUBLIC_NET_ID = '{{ .Values.openStackPublicNetId }}' +GLOBAL_INJECTED_PRIVATE_KEY = "{{ .Files.Get .Values.vnfPrivateKey }}" +GLOBAL_INJECTED_PUBLIC_KEY = "{{ .Values.vnfPubKey }}" +GLOBAL_INJECTED_REGION = '{{ .Values.openStackRegion }}' +GLOBAL_INJECTED_SCRIPT_VERSION = '{{ .Values.scriptVersion }}' +GLOBAL_INJECTED_SDC_BE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "sdc-be") }}' +GLOBAL_INJECTED_SDC_BE_ONBOARD_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "sdc-onboarding-be") }}' +GLOBAL_INJECTED_SDC_FE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "sdc-fe") }}' +GLOBAL_INJECTED_SDC_DCAE_BE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "sdc-dcae-be") }}' +GLOBAL_INJECTED_SDC_IP_ADDR = 'N/A' +GLOBAL_INJECTED_SDNC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "sdnc") }}' +GLOBAL_INJECTED_SDNC_PORTAL_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "sdnc-portal") }}' +GLOBAL_INJECTED_SO_APIHAND_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so") }}' +GLOBAL_INJECTED_SO_SDCHAND_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-sdc-controller") }}' +GLOBAL_INJECTED_SO_BPMN_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-bpmn-infra") }}' +GLOBAL_INJECTED_SO_CATDB_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-catalog-db-adapter") }}' +GLOBAL_INJECTED_SO_OPENSTACK_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-openstack-adapter") }}' +GLOBAL_INJECTED_SO_REQDB_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-request-db-adapter") }}' +GLOBAL_INJECTED_SO_SDNC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-sdnc-adapter") }}' +GLOBAL_INJECTED_SO_VFC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-vfc-adapter") }}' +GLOBAL_INJECTED_SO_VNFM_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-vnfm-adapter") }}' +GLOBAL_INJECTED_SO_NSSMF_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-nssmf-adapter") }}' +GLOBAL_INJECTED_UBUNTU_1404_IMAGE = '{{ .Values.ubuntu14Image }}' +GLOBAL_INJECTED_UBUNTU_1604_IMAGE = '{{ .Values.ubuntu16Image }}' +GLOBAL_INJECTED_VM_IMAGE_NAME = '{{ .Values.ubuntu14Image }}' +GLOBAL_INJECTED_DANOS_IMAGE_NAME = '{{ .Values.danosImage }}' +GLOBAL_INJECTED_DANOS_FLAVOR = '{{ .Values.danosFlavor }}' +GLOBAL_INJECTED_VID_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "vid") }}' +GLOBAL_INJECTED_VM_FLAVOR = '{{ .Values.openStackFlavourMedium }}' +GLOBAL_INJECTED_VNFSDK_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "refrepo") }}' +GLOBAL_INJECTED_CCSDK_CDS_BLUEPRINT_PROCESSOR_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "cds-blueprints-processor-http") }}' + +# aaf info - everything is from the private oam network (also called onap private network) +GLOBAL_AAF_SERVER = 'https://{{include "robot.ingress.svchost" (dict "root" . "hostname" "aaf-service") }}:{{include "robot.ingress.port" (dict "root" . "hostname" "aaf-service" "port" 8100) }}' +GLOBAL_AAF_USERNAME = '{{ .Values.aafUsername }}' +GLOBAL_AAF_PASSWORD = '{{ .Values.aafPassword }}' +GLOBAL_AAF_AUTHENTICATION = [GLOBAL_AAF_USERNAME, GLOBAL_AAF_PASSWORD] +# aai info - everything is from the private oam network (also called onap private network) +GLOBAL_AAI_SERVER_PROTOCOL = "https" +GLOBAL_AAI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "aai" "port" 8443) }}' +GLOBAL_AAI_USERNAME = '{{ .Values.aaiUsername }}' +GLOBAL_AAI_PASSWORD = '{{ .Values.aaiPassword}}' +GLOBAL_AAI_AUTHENTICATION = [GLOBAL_AAI_USERNAME, GLOBAL_AAI_PASSWORD] +# appc info - everything is from the private oam network (also called onap private network) +GLOBAL_APPC_SERVER_PROTOCOL = "https" +GLOBAL_APPC_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "appc" "port" 8443) }}' +GLOBAL_APPC_USERNAME = '{{ .Values.appcUsername }}' +GLOBAL_APPC_PASSWORD = '{{ .Values.appcPassword }}' +GLOBAL_APPC_AUTHENTICATION = [GLOBAL_APPC_USERNAME, GLOBAL_APPC_PASSWORD] +GLOBAL_APPC_CDT_SERVER_PROTOCOL = "https" +GLOBAL_APPC_CDT_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "appc-cdt" "port" 18080) }}' +GLOBAL_APPC_CDT_USERNAME = "demo" +# sdc info - everything is from the private oam network (also called onap private network) +GLOBAL_SDC_SERVER_PROTOCOL = "https" +GLOBAL_SDC_FE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-fe" "port" 9443) }}' +GLOBAL_SDC_BE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-be" "port" 8443) }}' +GLOBAL_SDC_BE_ONBOARD_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-onboarding-be" "port" 8445) }}' +GLOBAL_SDC_DCAE_BE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-dcae-be" "port" 8444) }}' +GLOBAL_SDC_USERNAME = "beep" +GLOBAL_SDC_PASSWORD = "boop" +GLOBAL_SDC_AUTHENTICATION = [GLOBAL_SDC_USERNAME, GLOBAL_SDC_PASSWORD] +# clamp info - everything is from the private oam network (also called onap private network) +GLOBAL_CLAMP_SERVER_PROTOCOL = "https" +GLOBAL_CLAMP_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "clamp" "port" 8443) }}' +# nbi info - everything is from the private oam network (also called onap private network) +GLOBAL_NBI_SERVER_PROTOCOL = "https" +GLOBAL_NBI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "nbi" "port" 8443) }}' +# cli info - everything is from the private oam network (also called onap private network) +GLOBAL_CLI_SERVER_PROTOCOL = "https" +GLOBAL_CLI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "cli" "port" 443) }}' +# dcae info - everything is from the private oam network (also called onap private network) +GLOBAL_DCAE_SERVER_PROTOCOL = "http" +GLOBAL_DCAE_HEALTH_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-healthcheck" "port" 80) }}' +GLOBAL_DCAE_USERNAME = '{{ .Values.dcaeUsername }}' +GLOBAL_DCAE_PASSWORD = '{{ .Values.dcaePassword}}' +GLOBAL_DCAE_AUTHENTICATION = [GLOBAL_DCAE_USERNAME, GLOBAL_DCAE_PASSWORD] +# dcae hv-ves info +GLOBAL_DCAE_HVVES_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-hv-ves-collector") }}' +GLOBAL_DCAE_HVVES_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-hv-ves-collector" "port" 6061) }}' +# data router info - everything is from the private oam network (also called onap private network) +GLOBAL_DMAAP_DR_PROV_SERVER_PROTOCOL = "https" +GLOBAL_DMAAP_DR_PROV_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-dr-prov" "port" 443) }}' +GLOBAL_DMAAP_DR_NODE_SERVER_PROTOCOL = "https" +GLOBAL_DMAAP_DR_NODE_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmapp-dr-node" "port" 8443) }}' +# dmaap message router info +GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router") }}' +GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}' +# dmaap kafka info +GLOBAL_DMAAP_KAFKA_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router-kafka") }}' +GLOBAL_DMAAP_KAFKA_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router-kafka" "port" 9092) }}' +GLOBAL_DMAAP_KAFKA_JAAS_USERNAME = '{{ .Values.kafkaJaasUsername }}' +GLOBAL_DMAAP_KAFKA_JAAS_PASSWORD = '{{ .Values.kafkaJaasPassword }}' +# DROOL server port and credentials +GLOBAL_DROOLS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "policy-drools-pdp" "port" 9696) }}' +GLOBAL_DROOLS_USERNAME = '{{ .Values.droolsUsername }}' +GLOBAL_DROOLS_PASSWORD = '{{ .Values.droolsPassword }}' +GLOBAL_DROOLS_AUTHENTICATION = [GLOBAL_DROOLS_USERNAME, GLOBAL_DROOLS_PASSWORD] +# log server config - NOTE: no log server is run in HEAT; only on OOM +GLOBAL_LOG_SERVER_PROTOCOL = "http" +GLOBAL_LOG_ELASTICSEARCH_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "log-es" "port" 9200) }}' +GLOBAL_LOG_LOGSTASH_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "log-ls-http" "port" 9600) }}' +GLOBAL_LOG_KIBANA_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "log-kibana" "port" 5601) }}' +# pomba info - NOTE: no pomba is run in HEAT; only on OOM +GLOBAL_POMBA_SERVER_PROTOCOL_HTTP = "http" +GLOBAL_POMBA_SERVER_PROTOCOL_HTTPS = "https" +GLOBAL_POMBA_AAICONTEXTBUILDER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "pomba-aaictxbuilder" "port" 9530) }}' +GLOBAL_POMBA_SDCCONTEXTBUILDER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "pomba-sdcctxbuilder" "port" 9530) }}' +GLOBAL_POMBA_NETWORKDISCCONTEXTBUILDER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "pomba-networkdiscoveryctxbuilder" "port" 9530) }}' +GLOBAL_POMBA_SERVICEDECOMPOSITION_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "pomba-servicedecomposition" "port" 9532) }}' +GLOBAL_POMBA_SDNCCXTBUILDER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "pomba-sdncctxbuilder" "port" 9530) }}' +GLOBAL_POMBA_NETWORKDISCOVERY_MICROSERVICE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "pomba-networkdiscovery" "port" 9531) }}' +GLOBAL_POMBA_VALIDATIONSERVICE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "pomba-validation-service" "port" 9529) }}' +GLOBAL_POMBA_KIBANA_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "pomba-kibana" "port" 5601) }}' +GLOBAL_POMBA_ELASTICSEARCH_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "pomba-es" "port" 9200) }}' +GLOBAL_POMBA_CONTEXTAGGREGATOR_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "pomba-contextaggregator" "port" 9529) }}' + +# microservice bus info - everything is from the private oam network (also called onap private network) +GLOBAL_MSB_SERVER_PROTOCOL = "https" +GLOBAL_MSB_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "clamp" "port" 443) }}' +# message router info - everything is from the private oam network (also called onap private network) +GLOBAL_MR_SERVER_PROTOCOL = "http" +GLOBAL_MR_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}' +# bus controller info +GLOBAL_BC_SERVER_PROTOCOL = "https" +GLOBAL_BC_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-bc" "port" 8443) }}' +GLOBAL_BC_USERNAME = '{{ .Values.bcUsername }}' +GLOBAL_BC_PASSWORD = '{{ .Values.bcPassword }}' +# dcae inventory and deployment handler info +GLOBAL_INVENTORY_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "inventory") }}' +GLOBAL_INVENTORY_SERVER_PROTOCOL = "https" +GLOBAL_INVENTORY_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "inventory" "port" 8080) }}' +GLOBAL_DEPLOYMENT_HANDLER_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "deployment-handler") }}' +GLOBAL_DEPLOYMENT_HANDLER_SERVER_PROTOCOL = "https" +GLOBAL_DEPLOYMENT_HANDLER_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "deployment-handler" "port" 8443) }}' +# SO containers - everything is from the private oam network (also called onap private network) +GLOBAL_SO_APIHAND_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so" "port" 8080) }}' +GLOBAL_SO_SDCHAND_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-sdc-controller" "port" 8085) }}' +GLOBAL_SO_BPMN_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-bpmn-infra" "port" 8081) }}' +GLOBAL_SO_CATDB_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-catalog-db-adapter" "port" 8082) }}' +GLOBAL_SO_OPENSTACK_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-openstack-adapter" "port" 8087) }}' +GLOBAL_SO_REQDB_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-request-db-adapter" "port" 8083) }}' +GLOBAL_SO_SDNC_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-sdnc-adapter" "port" 8086) }}' +GLOBAL_SO_VFC_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-vfc-adapter" "port" 8084) }}' +GLOBAL_SO_VNFM_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-vnfm-adapter" "port" 9092) }}' +GLOBAL_SO_NSSMF_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-nssmf-adapter" "port" 8088) }}' +GLOBAL_SO_USERNAME = '{{ .Values.soUsername }}' +GLOBAL_SO_CATDB_USERNAME = '{{ .Values.soCatdbUsername }}' +# robot uses SO_PASSWORD for both SO and CATDB +GLOBAL_SO_PASSWORD = '{{ .Values.soPassword }}' +GLOBAL_SO_ENDPOINT = 'http://' + GLOBAL_INJECTED_SO_APIHAND_IP_ADDR + ':' + GLOBAL_SO_APIHAND_SERVER_PORT +GLOBAL_SO_APIHAND_ENDPOINT = GLOBAL_SO_ENDPOINT +GLOBAL_SO_SDCHAND_ENDPOINT = 'http://' + GLOBAL_INJECTED_SO_SDCHAND_IP_ADDR + ':' + GLOBAL_SO_SDCHAND_SERVER_PORT +GLOBAL_SO_BPMN_ENDPOINT = 'http://' + GLOBAL_INJECTED_SO_BPMN_IP_ADDR + ':' + GLOBAL_SO_BPMN_SERVER_PORT +GLOBAL_SO_CATDB_ENDPOINT = 'http://' + GLOBAL_INJECTED_SO_CATDB_IP_ADDR + ':' + GLOBAL_SO_CATDB_SERVER_PORT +GLOBAL_SO_OPENSTACK_ENDPOINT = 'http://' + GLOBAL_INJECTED_SO_OPENSTACK_IP_ADDR + ':' + GLOBAL_SO_OPENSTACK_SERVER_PORT +GLOBAL_SO_REQDB_ENDPOINT = 'http://' + GLOBAL_INJECTED_SO_REQDB_IP_ADDR + ':' + GLOBAL_SO_REQDB_SERVER_PORT +GLOBAL_SO_SDNC_ENDPOINT = 'http://' + GLOBAL_INJECTED_SO_SDNC_IP_ADDR + ':' + GLOBAL_SO_SDNC_SERVER_PORT +GLOBAL_SO_VFC_ENDPOINT = 'http://' + GLOBAL_INJECTED_SO_VFC_IP_ADDR + ':' + GLOBAL_SO_VFC_SERVER_PORT +GLOBAL_SO_VNFM_ENDPOINT = 'http://' + GLOBAL_INJECTED_SO_VNFM_IP_ADDR + ':' + GLOBAL_SO_VNFM_SERVER_PORT +GLOBAL_SO_NSSMF_ENDPOINT = 'http://' + GLOBAL_INJECTED_SO_NSSMF_IP_ADDR + ':' + GLOBAL_SO_NSSMF_SERVER_PORT +#GLOBAL_SO_VNFM_ENDPOINT = 'http://' + GLOBAL_INJECTED_SO_VNFM_IP_ADDR + ':' + GLOBAL_SO_VNFM_SERVER_PORT +# music info - everything is from the private oam network (also called onap private network) +GLOBAL_MUSIC_SERVER_PROTOCOL = "https" +GLOBAL_MUSIC_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "music" "port" 8443) }}' +# oof global info - everything is from the private oam network (also called onap private network) +GLOBAL_OOF_SERVER_PROTOCOL = "https" +# oof-homing info - everything is from the private oam network (also called onap private network) +GLOBAL_OOF_HOMING_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "oof-has-api" "port" 8091) }}' +GLOBAL_OOF_HOMING_USERNAME="{{ .Values.oofHomingUsername }}" +GLOBAL_OOF_HOMING_PASSWORD="{{ .Values.oofHomingPassword }}" +# oof-sniro info - everything is from the private oam network (also called onap private network) +GLOBAL_OOF_SNIRO_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "oof-osdf" "port" 8698) }}' +#oof user +GLOBAL_OOF_OSDF_USERNAME="{{ .Values.oofUsername }}" +GLOBAL_OOF_OSDF_PASSWORD="{{ .Values.oofPassword }}" +#oof pci user +GLOBAL_OOF_PCI_USERNAME="{{ .Values.oofOsdfPciOptUsername }}" +GLOBAL_OOF_PCI_PASSWORD="{{ .Values.oofOsdfPciOptPassword }}" +# oof cmso global info - everything is from the private oam network (also called onap private network) +GLOBAL_OOF_CMSO_PROTOCOL = "https" +GLOBAL_OOF_CMSO_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "oof-cmso" "port" 8080) }}' +GLOBAL_OOF_CMSO_USERNAME = "{{ .Values.oofCmsoUsername }}" +GLOBAL_OOF_CMSO_PASSWORD = "{{ .Values.oofCmsoPassword }}" +# openstack info - info to select right info in environment +# packet generate vnf info - everything is from the private oam network (also called onap private network) +GLOBAL_PACKET_GENERATOR_PORT = "8183" +GLOBAL_PACKET_GENERATOR_USERNAME = "admin" +GLOBAL_PACKET_GENERATOR_PASSWORD = "admin" +GLOBAL_PGN_PORT = "2831" +# policy info - everything is from the private oam network (also called onap private network) +GLOBAL_POLICY_SERVER_PROTOCOL = "https" +GLOBAL_POLICY_SERVER_PORT = "8081" +GLOBAL_POLICY_HEALTHCHECK_PORT = "6969" +GLOBAL_POLICY_AUTH = '{{ .Values.policyAuth}}' +GLOBAL_POLICY_CLIENTAUTH = '{{ .Values.policyClientAuth}}' +GLOBAL_POLICY_USERNAME = '{{ .Values.policyUsername }}' +GLOBAL_POLICY_PASSWORD = '{{ .Values.policyPassword }}' +GLOBAL_POLICY_HEALTHCHECK_USERNAME = '{{ .Values.policyComponentUsername }}' +GLOBAL_POLICY_HEALTHCHECK_PASSWORD = '{{ .Values.policyComponentPassword }}' +# portal info - everything is from the private oam network (also called onap private network) +GLOBAL_PORTAL_SERVER_PROTOCOL = "https" +GLOBAL_PORTAL_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "portal-app" "port" 8443) }}' +GLOBAL_PORTAL_USERNAME = '{{ .Values.portalUsername }}' +GLOBAL_PORTAL_PASSWORD = '{{ .Values.portalPassword }}' +# sdnc info - everything is from the private oam network (also called onap private network) +GLOBAL_SDNC_SERVER_PROTOCOL = "https" +GLOBAL_SDNC_REST_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdnc" "port" 8443) }}' +GLOBAL_SDNC_ADMIN_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdnc-portal" "port" 8443) }}' +GLOBAL_SDNC_USERNAME = '{{ .Values.sdncUsername }}' +GLOBAL_SDNC_PASSWORD = '{{ .Values.sdncPassword }}' +GLOBAL_SDNC_AUTHENTICATION = [GLOBAL_SDNC_USERNAME, GLOBAL_SDNC_PASSWORD] +# sms (AAF) info +GLOBAL_SMS_SERVER_PROTOCOL = "https" +GLOBAL_SMS_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "aaf-sms") }}' +GLOBAL_SMS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "aaf-sms" "port" 10443) }}' +# vid info - everything is from the private oam network (also called onap private network) +GLOBAL_VID_SERVER_PROTOCOL = '{{ .Values.vidServerProtocol }}' +GLOBAL_VID_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "clamp" "port" (.Values.vidServerPort | default 0 | int)) }}' +GLOBAL_VID_USERNAME = '{{ .Values.vidUsername }}' +GLOBAL_VID_PASSWORD = '{{ .Values.vidPassword}}' +GLOBAL_VID_HEALTH_USERNAME = '{{ .Values.vidHealthUsername }}' +GLOBAL_VID_HEALTH_PASSWORD = '{{ .Values.vidHealthPassword }}' +# vnfsdk info - everything is from the private oam network (also called onap private network) +GLOBAL_VNFSDK_SERVER_PROTOCOL = "https" +GLOBAL_VNFSDK_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "refrepo" "port" 8703) }}' + +GLOBAL_DCAE_VES_PROTOCOL = "http" +GLOBAL_DCAE_VES_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-ves-collector" "port" 8080) }}' +GLOBAL_DCAE_VES_HTTPS_PROTOCOL = "https" +GLOBAL_DCAE_VES_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-ves-collector-https" "port" 8443) }}' +GLOBAL_DCAE_VES_USERNAME = 'sample1' +GLOBAL_DCAE_VES_PASSWORD = 'sample1' + + +#global selenium info +GLOBAL_PROXY_WARNING_TITLE="" +GLOBAL_PROXY_WARNING_CONTINUE_XPATH="" +# dns info +GLOBAL_DNS_TRAFFIC_DURATION = "600" +# location where heat templates and data are loaded from +GLOBAL_HEAT_TEMPLATES_FOLDER = "/var/opt/ONAP/demo/heat" +GLOBAL_PRELOAD_DATA_FOLDER = "/var/opt/ONAP/demo/preload-data" +# location where TOSCA artifacts are loaded from +GLOBAL_TOSCA_ONBOARDING_PACKAGES_FOLDER = "/var/opt/ONAP/demo/tosca" + + +# cds info - everything is from the private oam network (also called onap private network) +GLOBAL_CCSDK_CDS_SERVER_PROTOCOL = "http" +GLOBAL_CCSDK_CDS_HEALTH_SERVER_PORT = "8080" +GLOBAL_CCSDK_CDS_USERNAME = 'ccsdkapps' +GLOBAL_CCSDK_CDS_PASSWORD = 'ccsdkapps' +GLOBAL_CCSDK_CDS_AUTHENTICATION = [GLOBAL_CCSDK_CDS_USERNAME, GLOBAL_CCSDK_CDS_PASSWORD] +GLOBAL_CDS_AUTH = "Y2NzZGthcHBzOmNjc2RrYXBwcw==" + diff --git a/kubernetes/robot/resources/config/lighttpd/authorization b/kubernetes/robot/resources/config/lighttpd/authorization new file mode 100644 index 0000000000..9d6ff7fc29 --- /dev/null +++ b/kubernetes/robot/resources/config/lighttpd/authorization @@ -0,0 +1 @@ +{{ .Values.config.robotWebUser }}:{{ .Values.config.robotWebPassword }} diff --git a/kubernetes/robot/resources/config/lighttpd/lighttpd.conf b/kubernetes/robot/resources/config/lighttpd/lighttpd.conf new file mode 100644 index 0000000000..6c781a240b --- /dev/null +++ b/kubernetes/robot/resources/config/lighttpd/lighttpd.conf @@ -0,0 +1,57 @@ +server.document-root = "/var/opt/ONAP/html/" + +server.port = 88 + +server.username = "www-data" +server.groupname = "www-data" +server.errorlog = "/var/log/lighttpd/error.log" +accesslog.filename = "/var/log/lighttpd/access.log" + + +$SERVER["socket"] == ":443" { + ssl.engine = "enable" + ssl.pemfile = "/etc/lighttpd/ssl/onap-robot.onap.pem" + # ssl.ca-file = "/etc/lighttpd/ssl/CA_issuing.crt" + server.name = "robot-onap.onap.org" + #server.document-root = "/var/opt/ONAP/html/" + #server.errorlog = "/var/log/lighttpd/robot_onap.onap.org.error.log" + #accesslog.filename = "/var/log/lighttpd/robot_onap.onap.org.access.log" +} + + + +dir-listing.activate = "disable" + +alias.url = ( "/logs/" => "/share/logs/" ) +$HTTP["url"] =~ "^/logs/" { + dir-listing.activate = "enable" +} + +mimetype.assign = ( + ".log" => "text/plain", + ".txt" => "text/plain", + ".png" => "image/png", + ".html" => "text/html", + ".xml" => "text/xml" +) + +static-file.exclude-extensions = ( ".fcgi", ".php", ".rb", "~", ".inc", ".cgi" ) +index-file.names = ( "index.html" ) + +server.modules += ( "mod_auth" ) +server.modules += ( "mod_alias" ) +server.modules += ( "mod_compress" ) +server.modules += ( "mod_accesslog" ) +auth.debug = 2 +auth.backend = "plain" +auth.backend.plain.userfile = "/etc/lighttpd/authorization" +auth.require = ( "/" => +( +"method" => "basic", +"realm" => "Password protected area", +"require" => "valid-user" +) +) + +compress.cache-dir = "/var/cache/lighttpd/compress/" +compress.filetype = ("application/x-javascript", "text/css", "text/html", "text/plain") diff --git a/kubernetes/robot/resources/config/lighttpd/ssl/README.TXT b/kubernetes/robot/resources/config/lighttpd/ssl/README.TXT new file mode 100644 index 0000000000..4a56cb5dfa --- /dev/null +++ b/kubernetes/robot/resources/config/lighttpd/ssl/README.TXT @@ -0,0 +1,13 @@ +The following self-signed certificates were created for testing only. +You can replace them with your own if appropriate using this process or official certificates using what ever process is appropriate. + + +# create key and csr +openssl req -new -newkey rsa:2048 -nodes -keyout onap-robot.onap.key -out onap-robot.onap.csr + +# sign csr +# 10 year self signed certificate +openssl x509 -req -days 3650 -in onap-robot.onap.csr -signkey onap-robot.onap.key -out onap-robot.onap.crt + +# create PEM for lighttpd server +cat onap-robot.onap.key onap-robot.onap.crt > onap-robot.onap.pem diff --git a/kubernetes/robot/resources/config/lighttpd/ssl/onap-robot.onap.crt b/kubernetes/robot/resources/config/lighttpd/ssl/onap-robot.onap.crt new file mode 100644 index 0000000000..e5db8b2abc --- /dev/null +++ b/kubernetes/robot/resources/config/lighttpd/ssl/onap-robot.onap.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDnzCCAocCFHlPuTueraFMC0IbbHUFBUlD/79aMA0GCSqGSIb3DQEBCwUAMIGL +MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCk1pZGRsZXRvd24x +DTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBXJvYm90MRwwGgYDVQQDDBNyb2JvdC1v +bmFwLm9uYXAub3JnMR0wGwYJKoZIhvcNAQkBFg5yb2JvdEBvbmFwLm9yZzAeFw0y +MDAzMzAxNDM5MzlaFw0zMDAzMjgxNDM5MzlaMIGLMQswCQYDVQQGEwJVUzELMAkG +A1UECAwCTkoxEzARBgNVBAcMCk1pZGRsZXRvd24xDTALBgNVBAoMBE9OQVAxDjAM +BgNVBAsMBXJvYm90MRwwGgYDVQQDDBNyb2JvdC1vbmFwLm9uYXAub3JnMR0wGwYJ +KoZIhvcNAQkBFg5yb2JvdEBvbmFwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALxJ/YnjSMMLyY+DoGXEOi57AuVMNWJ6L43FJoy4MUGlWw1BT/gM +0yXDlEYX7rFcP+/74CtK5VwL/T5WyGYehj4JanxeS+Debyx4iLR3Ge0So1TGVcLg +wSwvU2Yt3GIpWSDsui6fBJLaH9ka4phf0mu55WljoA8814pyd2HCu/4MdPuWGISE +PPeH6DzUDIQ8srUF3i9EkDwBtQtlj4XLSOeGaEo6DQNPABr5Ft8EkJ3jwi9uw92G +ofU+PQeXszWGUcHMN12yEJErqsmlGJEi9Fr9c3tyWk7LLj0NPtdaPKAE2R9AUvFW +1WmJ/Lb8lkHezj23V8+wlCbJJkcV8+E3c90CAwEAATANBgkqhkiG9w0BAQsFAAOC +AQEAIW7KCq4gqjVQQ5aFqSEmbS65pAeyrt58NQxj6UgOYrHe+IJ5EHLiKmRW6XGe +RbtYXSrBhj6E0wF7mWda5sd5r+GZuMjx3BkRKCo59yQnHKYheuuoXIFx1odkmBdl +uq8ccVsL3W+xoBuMdhW3E7Q83xvE+0lINki9rhrmdGItHee3y5KyBYopf0BjZtCS +EV601NnSBDktlMPSt4pFfptr4+lUh/6MDj548cygwk9NexFCwY7+YhjEAPfqH6p3 +BI3QlDYQslBCv8By4JtQqhFs3t6OAjSILfwQfxdS4OT2FK6NZyEBpd1mdbS3CyS7 +qke87AT49x1wbGgsSeldZShErg== +-----END CERTIFICATE----- diff --git a/kubernetes/robot/resources/config/lighttpd/ssl/onap-robot.onap.csr b/kubernetes/robot/resources/config/lighttpd/ssl/onap-robot.onap.csr new file mode 100644 index 0000000000..5e4cc9ff5c --- /dev/null +++ b/kubernetes/robot/resources/config/lighttpd/ssl/onap-robot.onap.csr @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIC0TCCAbkCAQAwgYsxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOSjETMBEGA1UE +BwwKTWlkZGxldG93bjENMAsGA1UECgwET05BUDEOMAwGA1UECwwFcm9ib3QxHDAa +BgNVBAMME3JvYm90LW9uYXAub25hcC5vcmcxHTAbBgkqhkiG9w0BCQEWDnJvYm90 +QG9uYXAub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEn9ieNI +wwvJj4OgZcQ6LnsC5Uw1YnovjcUmjLgxQaVbDUFP+AzTJcOURhfusVw/7/vgK0rl +XAv9PlbIZh6GPglqfF5L4N5vLHiItHcZ7RKjVMZVwuDBLC9TZi3cYilZIOy6Lp8E +ktof2RrimF/Sa7nlaWOgDzzXinJ3YcK7/gx0+5YYhIQ894foPNQMhDyytQXeL0SQ +PAG1C2WPhctI54ZoSjoNA08AGvkW3wSQnePCL27D3Yah9T49B5ezNYZRwcw3XbIQ +kSuqyaUYkSL0Wv1ze3JaTssuPQ0+11o8oATZH0BS8VbVaYn8tvyWQd7OPbdXz7CU +JskmRxXz4Tdz3QIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAJYVG3C4fgHb7Vip +aqsyRI6kQNjxFwwjnHY0AEwuzr1K+D2dGXXDtTP9RPZQIp3PZyvKrZNqs4O45290 +lvY+bytW1WLQ6h3cZqKgIUEXU2tycLITPQDz+Fu45R20a1RT65EWv523mpgzJoOY +61V9aVB1KKfPr4cddMHbq9fYvUKz2KVDTNBVQSYcO2125hv1xpUa1ZbZN15SJazH +JWW9FMTCSgWp6yYTBYKAl8S8WTNBeAKJq1ZVw1q/KhHpj+jqjm7rn6lgIQi9gTES +DNP4j5SBdL0O5HIk5KqW/3uhS0YlL9Yi9Cqxo35RAbMkUMKDdqtlTObU3tH/jtXC +2YPImm4= +-----END CERTIFICATE REQUEST----- diff --git a/kubernetes/robot/resources/config/lighttpd/ssl/onap-robot.onap.key b/kubernetes/robot/resources/config/lighttpd/ssl/onap-robot.onap.key new file mode 100644 index 0000000000..7bf9fc0c3a --- /dev/null +++ b/kubernetes/robot/resources/config/lighttpd/ssl/onap-robot.onap.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC8Sf2J40jDC8mP +g6BlxDouewLlTDViei+NxSaMuDFBpVsNQU/4DNMlw5RGF+6xXD/v++ArSuVcC/0+ +VshmHoY+CWp8Xkvg3m8seIi0dxntEqNUxlXC4MEsL1NmLdxiKVkg7LounwSS2h/Z +GuKYX9JrueVpY6APPNeKcndhwrv+DHT7lhiEhDz3h+g81AyEPLK1Bd4vRJA8AbUL +ZY+Fy0jnhmhKOg0DTwAa+RbfBJCd48IvbsPdhqH1Pj0Hl7M1hlHBzDddshCRK6rJ +pRiRIvRa/XN7clpOyy49DT7XWjygBNkfQFLxVtVpify2/JZB3s49t1fPsJQmySZH +FfPhN3PdAgMBAAECggEAXqbPRm60GCCnzXY8vou7N7xswznhKEUF/L2b2GeLk1V9 +hRdNDQPdbQF5WxcSzaPzHD/A++JllDUOtDTJ/tPfZfYzyptYh40p0/AvwJCSvuN8 +qdQeLp3vXbfYs+ff/pSMkomOOnuDwBLYqbnjKPgafj7v/V+wiZhrPdS3ALT07gsW +MKb4MjAYKwFCbENgMurb4VNL+LgwJFXJNvlRW3r1IO37aXdGiHO5XdrQ6aNDzfmR +ljaAndScwpleRwZorl4Gh0JPn46fpkJPQPNAcejKs1zzxbdjtd/xBS84DuOMryfT +hEfiyU0t5kfir4XufLxtUB9M0FkmpPUQ24Rt5x8/4QKBgQDjYCMbxRNw3o+p1jgR +TsWx2hExhvQJHKPT1MwFcOTqA+VoaPyMUsT5tdkVr2xdqyVjZDbUWQOd5hll6urL +thvYSJz09eGGPuHTMvsktwer/oW3FAIbkPEA0a7EHaNuGbacLVtPn79vJ9IyQl1B +J4DALDW3mU05FV83PWZwDQe1hQKBgQDT/iwnALH7P5IC6dLwSfqFZU8BJ3BrTMs0 +708Oak+iHOWWWkTEpR1PF3EPkM1sdrscLcV6IiqNNRIjOKTbNtloSGMPAyVAxDxb +NiJseP0a3w/XzDiO5H1x3HmYvf2tYLss9cjUKG5ikeVZhfgcUY3pypJ9BcCuCHjg +vkk0dtSIeQKBgQDcQLhBojoez7jij/xn56JhkhetnkiuuuuHu06WxrE4buW+qlRZ +qaPdMGZFN1UFt0/UY7MpJ8D1J3va2iDvjEyUymIgeD4qSKeAapYVDqeD2F225s7T +3SdX38Yne35gnM/joZweGWTbS/u1a8vh3V4+yZSPcRT5AtblL7kXOcgJ8QKBgDbH +nFMry9IX2DwmfdqX00O7LRIoRdWET5JLMIuSDyfd/bm/c7u4yv0QGqgiC+M2Px2F ++lyYDZTVnO07CuaWotFeuzI65tp4mvwa3gRXs1fJQkfKPuc1xfCxPz6oAbBWqadx +j8a69+NCvhhHFRkEPf6m2Pmzjdmq2MmCglorRrpJAoGBAMNRu3it7Pp+9xgj3aFe +IfcnVwd3vwzXyw2ABinHXOqSRx52Dm4J7QDY9d+vOrcbwZyEIt5QdBJesAREAuLf +GsM0FH2qi02kJ679P/fhnbq9B9dPYxpGFV5LlZWN/ulW74fFzIuVB3yPsS3POnm1 +xDhKSqihCH6X84ub/5Qz9boQ +-----END PRIVATE KEY----- diff --git a/kubernetes/robot/resources/config/lighttpd/ssl/onap-robot.onap.pem b/kubernetes/robot/resources/config/lighttpd/ssl/onap-robot.onap.pem new file mode 100644 index 0000000000..abf8f81c58 --- /dev/null +++ b/kubernetes/robot/resources/config/lighttpd/ssl/onap-robot.onap.pem @@ -0,0 +1,50 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC8Sf2J40jDC8mP +g6BlxDouewLlTDViei+NxSaMuDFBpVsNQU/4DNMlw5RGF+6xXD/v++ArSuVcC/0+ +VshmHoY+CWp8Xkvg3m8seIi0dxntEqNUxlXC4MEsL1NmLdxiKVkg7LounwSS2h/Z +GuKYX9JrueVpY6APPNeKcndhwrv+DHT7lhiEhDz3h+g81AyEPLK1Bd4vRJA8AbUL +ZY+Fy0jnhmhKOg0DTwAa+RbfBJCd48IvbsPdhqH1Pj0Hl7M1hlHBzDddshCRK6rJ +pRiRIvRa/XN7clpOyy49DT7XWjygBNkfQFLxVtVpify2/JZB3s49t1fPsJQmySZH +FfPhN3PdAgMBAAECggEAXqbPRm60GCCnzXY8vou7N7xswznhKEUF/L2b2GeLk1V9 +hRdNDQPdbQF5WxcSzaPzHD/A++JllDUOtDTJ/tPfZfYzyptYh40p0/AvwJCSvuN8 +qdQeLp3vXbfYs+ff/pSMkomOOnuDwBLYqbnjKPgafj7v/V+wiZhrPdS3ALT07gsW +MKb4MjAYKwFCbENgMurb4VNL+LgwJFXJNvlRW3r1IO37aXdGiHO5XdrQ6aNDzfmR +ljaAndScwpleRwZorl4Gh0JPn46fpkJPQPNAcejKs1zzxbdjtd/xBS84DuOMryfT +hEfiyU0t5kfir4XufLxtUB9M0FkmpPUQ24Rt5x8/4QKBgQDjYCMbxRNw3o+p1jgR +TsWx2hExhvQJHKPT1MwFcOTqA+VoaPyMUsT5tdkVr2xdqyVjZDbUWQOd5hll6urL +thvYSJz09eGGPuHTMvsktwer/oW3FAIbkPEA0a7EHaNuGbacLVtPn79vJ9IyQl1B +J4DALDW3mU05FV83PWZwDQe1hQKBgQDT/iwnALH7P5IC6dLwSfqFZU8BJ3BrTMs0 +708Oak+iHOWWWkTEpR1PF3EPkM1sdrscLcV6IiqNNRIjOKTbNtloSGMPAyVAxDxb +NiJseP0a3w/XzDiO5H1x3HmYvf2tYLss9cjUKG5ikeVZhfgcUY3pypJ9BcCuCHjg +vkk0dtSIeQKBgQDcQLhBojoez7jij/xn56JhkhetnkiuuuuHu06WxrE4buW+qlRZ +qaPdMGZFN1UFt0/UY7MpJ8D1J3va2iDvjEyUymIgeD4qSKeAapYVDqeD2F225s7T +3SdX38Yne35gnM/joZweGWTbS/u1a8vh3V4+yZSPcRT5AtblL7kXOcgJ8QKBgDbH +nFMry9IX2DwmfdqX00O7LRIoRdWET5JLMIuSDyfd/bm/c7u4yv0QGqgiC+M2Px2F ++lyYDZTVnO07CuaWotFeuzI65tp4mvwa3gRXs1fJQkfKPuc1xfCxPz6oAbBWqadx +j8a69+NCvhhHFRkEPf6m2Pmzjdmq2MmCglorRrpJAoGBAMNRu3it7Pp+9xgj3aFe +IfcnVwd3vwzXyw2ABinHXOqSRx52Dm4J7QDY9d+vOrcbwZyEIt5QdBJesAREAuLf +GsM0FH2qi02kJ679P/fhnbq9B9dPYxpGFV5LlZWN/ulW74fFzIuVB3yPsS3POnm1 +xDhKSqihCH6X84ub/5Qz9boQ +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDnzCCAocCFHlPuTueraFMC0IbbHUFBUlD/79aMA0GCSqGSIb3DQEBCwUAMIGL +MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCk1pZGRsZXRvd24x +DTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBXJvYm90MRwwGgYDVQQDDBNyb2JvdC1v +bmFwLm9uYXAub3JnMR0wGwYJKoZIhvcNAQkBFg5yb2JvdEBvbmFwLm9yZzAeFw0y +MDAzMzAxNDM5MzlaFw0zMDAzMjgxNDM5MzlaMIGLMQswCQYDVQQGEwJVUzELMAkG +A1UECAwCTkoxEzARBgNVBAcMCk1pZGRsZXRvd24xDTALBgNVBAoMBE9OQVAxDjAM +BgNVBAsMBXJvYm90MRwwGgYDVQQDDBNyb2JvdC1vbmFwLm9uYXAub3JnMR0wGwYJ +KoZIhvcNAQkBFg5yb2JvdEBvbmFwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALxJ/YnjSMMLyY+DoGXEOi57AuVMNWJ6L43FJoy4MUGlWw1BT/gM +0yXDlEYX7rFcP+/74CtK5VwL/T5WyGYehj4JanxeS+Debyx4iLR3Ge0So1TGVcLg +wSwvU2Yt3GIpWSDsui6fBJLaH9ka4phf0mu55WljoA8814pyd2HCu/4MdPuWGISE +PPeH6DzUDIQ8srUF3i9EkDwBtQtlj4XLSOeGaEo6DQNPABr5Ft8EkJ3jwi9uw92G +ofU+PQeXszWGUcHMN12yEJErqsmlGJEi9Fr9c3tyWk7LLj0NPtdaPKAE2R9AUvFW +1WmJ/Lb8lkHezj23V8+wlCbJJkcV8+E3c90CAwEAATANBgkqhkiG9w0BAQsFAAOC +AQEAIW7KCq4gqjVQQ5aFqSEmbS65pAeyrt58NQxj6UgOYrHe+IJ5EHLiKmRW6XGe +RbtYXSrBhj6E0wF7mWda5sd5r+GZuMjx3BkRKCo59yQnHKYheuuoXIFx1odkmBdl +uq8ccVsL3W+xoBuMdhW3E7Q83xvE+0lINki9rhrmdGItHee3y5KyBYopf0BjZtCS +EV601NnSBDktlMPSt4pFfptr4+lUh/6MDj548cygwk9NexFCwY7+YhjEAPfqH6p3 +BI3QlDYQslBCv8By4JtQqhFs3t6OAjSILfwQfxdS4OT2FK6NZyEBpd1mdbS3CyS7 +qke87AT49x1wbGgsSeldZShErg== +-----END CERTIFICATE----- diff --git a/kubernetes/robot/scripts/demoscript/README b/kubernetes/robot/scripts/demoscript/README new file mode 100644 index 0000000000..aad63f4b24 --- /dev/null +++ b/kubernetes/robot/scripts/demoscript/README @@ -0,0 +1 @@ +Directory contains scripts that will be run before 'demo' tests. diff --git a/kubernetes/robot/scripts/etescript/README b/kubernetes/robot/scripts/etescript/README new file mode 100644 index 0000000000..380787e16e --- /dev/null +++ b/kubernetes/robot/scripts/etescript/README @@ -0,0 +1 @@ +Directory contains scripts that will be run before 'ete' tests. diff --git a/kubernetes/robot/scripts/etescript/hvves-etescript.sh b/kubernetes/robot/scripts/etescript/hvves-etescript.sh new file mode 100755 index 0000000000..5d22c4b4fe --- /dev/null +++ b/kubernetes/robot/scripts/etescript/hvves-etescript.sh @@ -0,0 +1,77 @@ +# Copyright © 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#!/bin/bash + +# +# Generate HV-VES SSL related certs. +# Copy the stuff to HV-VES and Robot pods. +# + + +HVVESPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep hv-ves) + + +generate_ca_key_cert () { + openssl genrsa -out $1/ca.key 2048 + openssl req -new -x509 -days 36500 -key $1/ca.key -out $1/ca.pem -subj /CN=dcae-hv-ves-ca.onap +} + +generate_server_key_csr () { + openssl genrsa -out $1/server.key 2048 + openssl req -new -key $1/server.key -out $1/server.csr -subj /CN=dcae-hv-ves-collector.onap +} + +generate_client_key_csr () { + openssl genrsa -out $1/client.key 2048 + openssl req -new -key $1/client.key -out $1/client.csr -subj /CN=dcae-hv-ves-client.onap +} + +sign_server_and_client_cert () { + openssl x509 -req -days 36500 -in $1/server.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/server.pem -set_serial 00 + openssl x509 -req -days 36500 -in $1/client.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/client.pem -set_serial 00 +} + +create_pkcs12_ca_and_server () { + openssl pkcs12 -export -out $1/ca.p12 -inkey $1/ca.key -in $1/ca.pem -passout pass: + openssl pkcs12 -export -out $1/server.p12 -inkey $1/server.key -in $1/server.pem -passout pass: +} + +copy_server_certs_to_hvves () { + for f in {ca.p12,server.p12} + do + kubectl cp $1/$f $2/$3:$4 + done +} + +copy_client_certs_to_robot () { + for f in {ca.pem,client.key,client.pem} + do + kubectl cp $1/$f $2/$3:$4 + done +} + +cleanup () { + rm -f $1/{ca,server,client}.??? +} + + +generate_ca_key_cert "$DIR/$SCRIPTDIR" +generate_server_key_csr "$DIR/$SCRIPTDIR" +generate_client_key_csr "$DIR/$SCRIPTDIR" +sign_server_and_client_cert "$DIR/$SCRIPTDIR" +create_pkcs12_ca_and_server "$DIR/$SCRIPTDIR" +copy_server_certs_to_hvves "$DIR/$SCRIPTDIR" "$NAMESPACE" "$HVVESPOD" "/tmp" +copy_client_certs_to_robot "$DIR/$SCRIPTDIR" "$NAMESPACE" "$POD" "/tmp" +cleanup "$DIR/$SCRIPTDIR" diff --git a/kubernetes/robot/scripts/etescript/security-etescript.sh b/kubernetes/robot/scripts/etescript/security-etescript.sh new file mode 100755 index 0000000000..1cd911ca60 --- /dev/null +++ b/kubernetes/robot/scripts/etescript/security-etescript.sh @@ -0,0 +1,57 @@ +#!/usr/bin/env bash + +# Copyright 2019 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# Gather information on ONAP cluster required by security tests. +# Copy results to Robot pod. +# + + +TMPDIR='/tmp' +TMPTPL='onap_security' +CSV2JSON='import csv; import json; import sys; print(json.dumps({i[0]: i[1] for i in csv.reader(sys.stdin)}))' +FILTER="$(tr -d [:space:] <<TEMPLATE +{{range .items}} + {{range.spec.ports}} + {{if .nodePort}} + {{.nodePort}}{{','}}{{.name}}{{'\n'}} + {{end}} + {{end}} +{{end}} +TEMPLATE)" + + +setup () { + export NODEPORTS_FILE="$(mktemp -p ${TMPDIR} ${TMPTPL}XXX)" +} + +create_actual_nodeport_json () { + kubectl get svc -n $NAMESPACE -o go-template="$FILTER" | python3 -c "$CSV2JSON" > "$NODEPORTS_FILE" +} + +copy_actual_nodeport_json_to_robot () { + kubectl cp "$1" "$2/$3:$4" +} + +cleanup () { + rm "$NODEPORTS_FILE" +} + + +setup +create_actual_nodeport_json +copy_actual_nodeport_json_to_robot "$NODEPORTS_FILE" "$NAMESPACE" "$POD" "$TMPDIR" +cleanup diff --git a/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh b/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh new file mode 100755 index 0000000000..f1d39691bf --- /dev/null +++ b/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh @@ -0,0 +1,49 @@ +# SPDX-License-Identifier: Apache-2.0 + +#!/bin/bash + +# +# Create root certificate CA (Certificate Authority) and its private key. +# Create the package certificate issued by CA +# Copy the stuff to SDC ONBOARDING and Robot pods. +# + + + +SDCVALID=sdc-valid +SDCINVALID=sdc-invalid +ROBOTPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep robot ) +SDCONBOARDINGPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep sdc-onboarding-be | grep -v cassandra) + +generate_ca_key_cert_and_package_cert_issued_by_CA () { + openssl req -batch -new -nodes -x509 -days 36500 -keyout rootCA-private-robot-$1.key -out rootCA-robot-$1.cert + openssl req -batch -new -nodes -keyout package-private-robot-$1.key -out package-robot-$1.csr + openssl x509 -req -CA rootCA-robot-$1.cert -CAkey rootCA-private-robot-$1.key -CAcreateserial -in package-robot-$1.csr -out package-robot-$1.cert +} + + +copy_root_cert_to_sdc_onboarding () { + kubectl cp $1/rootCA-robot-$5.cert $2/$3:$4 +} + +copy_package_certs_to_robot () { + for f in package-robot-$5.cert package-private-robot-$5.key + do + kubectl cp $1/$f $2/$3:$4 + done +} + +mkdir "$DIR/$SCRIPTDIR/tmp" +cd "$DIR/$SCRIPTDIR/tmp" +if [[ -f rootCA-robot-$SDCVALID.cert && -f package-robot-$SDCVALID.cert && -f package-robot-$SDCINVALID.cert && -f package-private-robot-$SDCVALID.key && -f package-private-robot-$SDCINVALID.key ]]; then + echo "All files are present"; +else + generate_ca_key_cert_and_package_cert_issued_by_CA $SDCVALID + generate_ca_key_cert_and_package_cert_issued_by_CA $SDCINVALID + +fi +cd ../../.. +copy_root_cert_to_sdc_onboarding "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$SDCONBOARDINGPOD" "/var/lib/jetty/cert" $SDCVALID +copy_package_certs_to_robot "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$ROBOTPOD" "/tmp" $SDCVALID +copy_package_certs_to_robot "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$ROBOTPOD" "/tmp" $SDCINVALID + diff --git a/kubernetes/robot/scripts/helmscript/README b/kubernetes/robot/scripts/helmscript/README new file mode 100644 index 0000000000..7666bf5f02 --- /dev/null +++ b/kubernetes/robot/scripts/helmscript/README @@ -0,0 +1 @@ +Directory contains scripts that will be run before 'eteHelm' tests. diff --git a/kubernetes/robot/templates/NOTES.txt b/kubernetes/robot/templates/NOTES.txt new file mode 100644 index 0000000000..fe7c9313df --- /dev/null +++ b/kubernetes/robot/templates/NOTES.txt @@ -0,0 +1,25 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# This file is licensed under the CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE +# +# Full license text at https://creativecommons.org/licenses/by/4.0/legalcode + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/robot/templates/_ingress_svc_hostname.tpl b/kubernetes/robot/templates/_ingress_svc_hostname.tpl new file mode 100644 index 0000000000..160bfbf868 --- /dev/null +++ b/kubernetes/robot/templates/_ingress_svc_hostname.tpl @@ -0,0 +1,157 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + + +{{/* + For internal use only! + + Return true value if robot via ingress test is enabled + + The template takes two arguments: + - .parent: environment (.) + - .key: robot test component name +*/}} + +{{- define "robot.ingress.svchost._isen" -}} + {{- $key := .key -}} + {{- $master := .parent.Values.config.useIngressHost -}} + {{- if hasKey $master "enabled" -}} + {{- if (index $master "enabled") -}} + {{- if hasKey $master $key -}} + {{- $en_parent := (index $master $key) -}} + {{- if hasKey $en_parent "enabled" -}} + {{- default "" (index $en_parent "enabled") -}} + {{- else -}} + {{- "" -}} + {{- end -}} + {{- else -}} + {{- "" -}} + {{- end -}} + {{- else -}} + {{- "" -}} + {{- end -}} + {{- else -}} + {{- "" -}} + {{- end -}} +{{- end -}} + +{{/* + For internal use only! + + Return ingress alternative hotname if present + + The template takes two arguments: + - .parent: environment (.) + - .key: robot test component name +*/}} + +{{- define "robot.ingress.svchost._inghost" -}} + {{- $key := .key -}} + {{- $master := .parent.Values.config.useIngressHost -}} + {{- if hasKey $master $key -}} + {{- $h_parent := (index $master $key) -}} + {{- if hasKey $h_parent "hostname" -}} + {{- default "" (index $h_parent "hostname") -}} + {{- else -}} + {{- "" -}} + {{- end -}} + {{- else -}} + {{- "" -}} + {{- end -}} +{{- end -}} + +{{/* + For internal use only! + + Return robot target port depending on the robot test configuration + or default value if config is not available + + The template takes two arguments: + - .parent: environment (.) + - .key: robot test component name +*/}} +{{- define "robot.ingress.svchost._port" -}} + {{- $key := .key -}} + {{- $master := .parent.Values.config.useIngressHost -}} + {{- if hasKey $master $key -}} + {{- $https_parent := (index $master $key) -}} + {{- if hasKey $https_parent "https" -}} + {{- $ishttps := (index $https_parent "https") -}} + {{- ternary 443 80 $ishttps -}} + {{- else -}} + {{- 80 -}} + {{- end -}} + {{- else -}} + {{- 80 -}} + {{- end -}} +{{- end -}} + +{{/* + Return the hostname for tested compoment by robot + if the ingress is enabled it return cluster ingress + controller hostname. If the ingress controller in robot + test is disabled it returns the internal cluster hostname + + The template takes two arguments: + - .root: root environment (.) + - .hostname: basename of host + + Return string target hostname for robot test on particular component +*/}} +{{- define "robot.ingress.svchost" -}} + {{- $hostname := required "service hostname" .hostname -}} + {{- $tplhname := $hostname | replace "-" "_" -}} + {{- $ingress_enabled := include "robot.ingress.svchost._isen" (dict "parent" .root "key" $tplhname) -}} + {{- if $ingress_enabled -}} + {{- if .root.Values.global.ingress -}} + {{- if .root.Values.global.ingress.virtualhost -}} + {{- $domain := .root.Values.global.ingress.virtualhost.baseurl -}} + {{- $ihostname := default $hostname (include "robot.ingress.svchost._inghost" (dict "parent" .root "key" $tplhname)) -}} + {{- printf "%s.%s" $ihostname $domain -}} + {{- end -}} + {{- end -}} + {{- else -}} + {{- $domain := include "common.namespace" .root -}} + {{- printf "%s.%s" $hostname $domain -}} + {{- end -}} +{{- end -}} + + +{{/* + Return the target port for the robot testing purpose + if the ingress is enabled it return cluster ingress + controller port. If the target port doesn't exists + it return default port + + The template takes three arguments: + - .root: root environment (.) + - .hostname: basename of host + - .port Default target port + + Return target port for tested components +*/}} +{{- define "robot.ingress.port" -}} + {{- $hostname := required "service hostname" .hostname -}} + {{- $port := required "service port" .port -}} + {{- $tplhname := $hostname | replace "-" "_" -}} + {{- $ingress_enabled := include "robot.ingress.svchost._isen" (dict "parent" .root "key" $tplhname) -}} + {{- if $ingress_enabled -}} + {{- include "robot.ingress.svchost._port" (dict "parent" .root "key" $tplhname) -}} + {{- else -}} + {{- printf "%d" $port -}} + {{- end -}} +{{- end -}} + diff --git a/kubernetes/robot/templates/configmap.yaml b/kubernetes/robot/templates/configmap.yaml new file mode 100644 index 0000000000..5b41aa4176 --- /dev/null +++ b/kubernetes/robot/templates/configmap.yaml @@ -0,0 +1,52 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-eteshare-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/eteshare/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-lighttpd-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/lighttpd/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-lighttpd-ssl-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/lighttpd/ssl/*").AsConfig . | indent 2 }} diff --git a/kubernetes/robot/templates/deployment.yaml b/kubernetes/robot/templates/deployment.yaml new file mode 100644 index 0000000000..a466189c22 --- /dev/null +++ b/kubernetes/robot/templates/deployment.yaml @@ -0,0 +1,117 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }} + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + hostAliases: + - ip: {{ .Values.kubernetesExternalIp }} + hostnames: + - "portal.api.simpledemo.onap.org" + - "vid.api.simpledemo.onap.org" + - "sdc.api.fe.simpledemo.onap.org" + - "portal-sdk.simpledemo.onap.org" + - "policy.api.simpledemo.onap.org" + - "aai.api.sparky.simpledemo.onap.org" + - "aai.ui.simpledemo.onap.org" + - "cli.api.simpledemo.onap.org" + - "so-monitoring" + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - name: dshm + mountPath: /dev/shm + - name: localtime + mountPath: /etc/localtime + readOnly: true + - name: robot-eteshare + mountPath: /share/config + - name: robot-lighttpd + mountPath: /etc/lighttpd + - name: robot-lighttpd-ssl + mountPath: /etc/lighttpd/ssl + - name: robot-logs + mountPath: /share/logs + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + volumes: + {{- if .Values.persistence.enabled }} + - name: robot-logs + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }} + {{- else }} + emptyDir: {} + {{- end }} + - name: dshm + emptyDir: + medium: Memory + - name: localtime + hostPath: + path: /etc/localtime + - name: robot-eteshare + configMap: + name: {{ include "common.fullname" . }}-eteshare-configmap + defaultMode: 0755 + - name: robot-lighttpd + configMap: + name: {{ include "common.fullname" . }}-lighttpd-configmap + defaultMode: 0755 + - name: robot-lighttpd-ssl + configMap: + name: {{ include "common.fullname" . }}-lighttpd-ssl-configmap + defaultMode: 0600 + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/robot/templates/ingress.yaml b/kubernetes/robot/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/robot/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/robot/templates/pv.yaml b/kubernetes/robot/templates/pv.yaml new file mode 100644 index 0000000000..1226402372 --- /dev/null +++ b/kubernetes/robot/templates/pv.yaml @@ -0,0 +1,40 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if eq "True" (include "common.needPV" .) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: {{ include "common.release" . }} + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: "{{ include "common.fullname" . }}-data" + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} +{{- end -}} +{{- end -}} diff --git a/kubernetes/robot/templates/pvc.yaml b/kubernetes/robot/templates/pvc.yaml new file mode 100644 index 0000000000..6c18ca0628 --- /dev/null +++ b/kubernetes/robot/templates/pvc.yaml @@ -0,0 +1,39 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: {{ include "common.release" . }} + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: {{ include "common.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- end -}} diff --git a/kubernetes/robot/templates/service.yaml b/kubernetes/robot/templates/service.yaml new file mode 100644 index 0000000000..d1e3bec6b3 --- /dev/null +++ b/kubernetes/robot/templates/service.yaml @@ -0,0 +1,39 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName | default "http" }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName | default "http" }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml new file mode 100644 index 0000000000..bbc4a952de --- /dev/null +++ b/kubernetes/robot/values.yaml @@ -0,0 +1,453 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: # global defaults + nodePortPrefix: 302 + ubuntuInitRepository: registry.hub.docker.com + persistence: {} + +# application image +repository: nexus3.onap.org:10001 +image: onap/testsuite:1.7.2 +pullPolicy: Always + +ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + +# flag to enable debugging - application support required +debugEnabled: false + +################################################################# +# Application configuration defaults. +################################################################# +config: + useIngressHost: + enabled: false + aaf_service: + enabled: true + https: true + hostname: aafservice + aai: + enabled: true + https: true + hostname: aai.api.sparky + appc: + enabled: true + https: true + hostname: appc.api + appc_cdt: + enabled: true + https: true + hostname: appccdt + clamp: + enabled: true + https: true + cli: + enabled: true + https: true + dcae_healthcheck: + enabled: false + dcae_ves_collector: + enabled: false + dcae_ves_colector_https: + enabled: false + https: true + dmaap_dr_prov: + enabled: true + https: true + hostname: dmaapdrprov + dmaap_dr_node: + enabled: true + https: true + hostname: dmaapdrnode + log_es: + enabled: false + log_kibana: + enabled: false + log_ls_http: + enabled: false + pomba_aaictxbuilder: + enabled: false + pomba_sdctxbuilder: + enabled: false + pomba_networkdiscoveryctxbuilder: + enabled: false + pomba_servicedecomposition: + enabled: false + pomba_sdncctxbuilder: + enabled: false + pomba_networkdiscovery: + enabled: false + pomba_validation_service: + enabled: false + pomba_kibana: + enabled: false + pomba_es: + enabled: false + pomba_contextaggregator: + enabled: false + message_router: + enabled: false + https: true + dmaap_bc: + enabled: true + https: true + hostname: dmaapbc + music: + enabled: false + https: true + nbi: + enabled: false + https: true + oof_has_api: + enabled: true + https: true + oof_osdf: + enabled: true + https: true + hostname: oofsdf + oof_cmso: + enabled: false + https: true + msb_iag: + enabled: false + pdp: + enabled: false + drools: + enabled: false + policy_api: + enabled: false + policy_pap: + enabled: false + policy_distribution: + enabled: false + policy_xacml_pdp: + enabled: false + policy_apex_pdp: + enabled: false + policy_distribution: + enabled: false + portal_app: + enabled: false + https: true + hostname: portal.api + sdc_be: + enabled: true + https: true + sdc_onboarding_be: + enabled: false + https: true + sdc_fe: + enabled: true + hostname: sdc.api.fe + https: true + sdc_dcae_be: + enabled: false + https: true + sdnc: + enabled: false + https: true + sdnc_portal: + enabled: false + https: true + so: + enabled: true + hostname: so.api + so_sdc_controller: + enabled: false + so_pbmn_infra: + enabled: false + so_catalog_db_adapter: + enabled: false + so_openstack_adapter: + enabled: false + so_request_db_adapter: + enabled: false + so_sdnc_adapter: + enabled: false + so_vfc_adapter: + enabled: false + so_vnfm_adapter: + enabled: false + so_nssmf_adapter: + enabled: false + vid: + enabled: false + refrepo: + enabled: true + https: true + cds_blueprints_processor_http: + enabled: true + hostname: blueprintsprocessorhttp + dcae_hv_ves_collector: + enabled: false + message_router_kafka: + enabled: false + inventory: + enabled: false + https: true + deployment-handler: + enabled: false + https: true + aaf_sms: + enabled: false + https: true + +# for access to test logs + robotWebUser: "test" + robotWebPassword: "test" + +# openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment + openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" + openStackSoEncryptedPassword: "SAME_STRING_AS_SO_JAVA_ENCRYPTED_PASSWORD" + +# Demo configuration +# Nexus demo artifact version. Maps to GLOBAL_INJECTED_ARTIFACTS_VERSION +# 1.6.0 Frankfurt change or override for your release to match demo:vnfs/vFW/scripts/pom.xml version +demoArtifactsVersion: "1.7.0" +# Nexus demo artifact URL. +demoArtifactsRepoUrl: "https://nexus.onap.org/content/repositories/releases" +# Openstack medium sized flavour name. Maps GLOBAL_INJECTED_VM_FLAVOR +openStackFlavourMedium: "m1.medium" + +################# Openstack .RC Parameters ################################333 +# KEYSTONE Version 3 Required for Rocky and beyond +# Openstack Keystone API version. Valid values are [ v2.0, v3 ]. Maps to GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION +openStackKeystoneAPIVersion: "v2.0" + +# OS_AUTH_URL without the /v3 or /v2.0 from the openstack .RC file +# Openstack keystone URL. Maps to GLOBAL_INJECTED_KEYSTONE +openStackKeyStoneUrl: "http://1.2.3.4:5000" + +# OS_PROJECT_ID from the openstack .RC file +# Openstack tenant UUID where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_TENANT_ID +openStackTenantId: "47899782ed714295b1151681fdfd51f5" + +# OS_PROJECT_NAME from the openstack .RC file +# Project name of Openstack where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_PROJECT_NAME +openStackProjectName: "onap" + +# OS_USERNAME from the openstack .RC file +# username for Openstack tenant where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_USERNAME +openStackUserName: "tenantUsername" + +# OS_PROJECT_DOMAIN_ID from the openstack .RC file +# in some environments it is a string but in other environmens it may be a numeric +# Domain id of openstack where VNFs will be deployed. Maps to GLOBAL_INJECTED_OPENSTACK_DOMAIN_ID +openStackDomainId: "default" + +# OS_USER_DOMAIN from the openstack .RC file +# Use Domain of openstack where VNFs will be deployed. Maps to GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN +openStackUserDomain: "Default" + + +# UUID of the Openstack network that can assign floating ips. Maps to GLOBAL_INJECTED_PUBLIC_NET_ID +openStackPublicNetId: "e8f51958045716781ffc" +openStackPublicNetworkName: "public" +# Openstack region. Maps to GLOBAL_INJECTED_REGION +openStackRegion: "RegionOne" + + +# Values for second cloud instante for VNF instantiatioen testing and keystone v3 +openStackRegionRegionThree: "RegionThree" +openStackKeyStoneUrlRegionThree: "http://1.2.3.4:5000" +openStackKeystoneAPIVersionRegionThree: "v3" +openStackUserNameRegionThree: "demo" +# this is the java encrypted password that is needed for SO +openSackMsoEncryptdPasswordRegionThree: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" +openStackTenantIdRegionThree: "3583253e932845a09cd4c8ca2f31d095" +openStackProjectNameRegionThree: "Integration-SB-RegionThree" +openStackDomainIdRegionThree: "Default" +# +# Openstack glance image name for Ubuntu 14. Maps to GLOBAL_INJECTED_UBUNTU_1404_IMAGE +ubuntu14Image: "Ubuntu_14_trusty" +# Openstack glance image name for Ubuntu 16. Maps to GLOBAL_INJECTED_UBUNTU_1604_IMAGE +ubuntu16Image: "Ubuntu_16_xenial" +# DANOS image and flavor references +danosImage: "danos-ves-image" +danosFlavor: "danos" +# GLOBAL_INJECTED_SCRIPT_VERSION. Maps to GLOBAL_INJECTED_SCRIPT_VERSION +# 1.6.0 Frankfurt change or override for your release to match demo:vnfs/vFW/scripts/pom.xml version +scriptVersion: "1.7.0" +# Openstack network to which VNFs will bind their primary (first) interface. Maps to GLOBAL_INJECTED_NETWORK +openStackPrivateNetId: "e8f51956-00dd-4425-af36-045716781ffc" +# Openstack security group for instantiating VNFs +openStackSecurityGroup: "onap_sg" +# SDNC Preload configuration +# Openstack subnet UUID for the network defined by openStackPrivateNetId. Maps to onap_private_subnet_id +openStackPrivateSubnetId: "e8f51956-00dd-4425-af36-045716781ffc" +# CIDR notation for the Openstack private network where VNFs will be spawned. Maps to onap_private_net_cidr +openStackPrivateNetCidr: "10.0.0.0/8" +# The first 2 octets of the private Openstack subnet where VNFs will be spawned. +# Needed because sdnc preload templates hardcodes things like this 10.0.${ecompnet}.X +openStackOamNetworkCidrPrefix: "10.0" +# If you network allowed a /16 for the ONAP OAM then leave blank and robot will assign +# a random variable to be able to instantiate multple vFWCL, vLB etc in your environemtn +# if you only provided a /24 then provide the 3rd octet you use for your /24 +openStackOamNetwork3rdOctet: "" +# VID protocol/port until Selenium issue with SSL resolved +# https/8443 vs http/8080 +vidServerProtocol: "https" +vidServerPort: "8443" +# Override with Pub Key for access to VNF +vnfPubKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKXDgoo3+WOqcUG8/5uUbk81+yczgwC4Y8ywTmuQqbNxlY1oQ0YxdMUqUnhitSXs5S/yRuAVOYHwGg2mCs20oAINrP+mxBI544AMIb9itPjCtgqtE2EWo6MmnFGbHB4Sx3XioE7F4VPsh7japsIwzOjbrQe+Mua1TGQ5d4nfEOQaaglXLLPFfuc7WbhbJbK6Q7rHqZfRcOwAMXgDoBqlyqKeiKwnumddo2RyNT8ljYmvB6buz7KnMinzo7qB0uktVT05FH9Rg0CTWH5norlG5qXgP2aukL0gk1ph8iAt7uYLf1ktp+LJI2gaF6L0/qli9EmVCSLr1uJ38Q8CBflhkh imported-openssh-key" +# Override with Private Key for access to VNF +vnfPrivateKey: "onap_dev.yaml" +# Override with DCAE VES Collector external IP +dcaeCollectorIp: "FILL_IN_WITH_DCAE_VES_COLLECTOR_IP" +# kubernetes external IP for Portal GUI tests +kubernetesExternalIp: "10.0.0.14" + + +# Credentials for ONAP Component +# AAF +aafUsername: "demo@people.osaaf.org" +aafPassword: "demo123456!" +# AAI +aaiUsername: "aai@aai.onap.org" +aaiPassword: "demo123456!" +# APPC +appcUsername: "appc@appc.onap.org" +appcPassword: "demo123456!" +# DCAE +dcaeUsername: "dcae@dcae.onap.org" +dcaePassword: "demo123456!" +# DROOLS +droolsUsername: "demo@people.osaaf.org" +droolsPassword: "demo123456!" +# OOF +oofCmsoUsername: "oof@oof.onap.org" +oofCmsoPassword: "demo123456!" +# POLICY +policyAuth: "dGVzdHBkcDphbHBoYTEyMw==" +policyClientAuth: "cHl0aG9uOnRlc3Q=" +policyUsername: "demo@people.osaaf.org" +policyPassword: "demo123456!" +policyComponentUsername: "healthcheck" +policyComponentPassword: "zb!XztG34" +# PORTAL +portalUsername: "demo" +portalPassword: "Kp8bJ4SXszM0WXlhak3eHlcse" +# SO +soUsername: "InfraPortalClient" +soPassword: "password1$" +soCatdbUsername: "bpel" +soCatdbPassword: "password1$" +# SDNC +sdncUsername: "admin" +sdncPassword: "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" +# VID +vidUsername: "demo" +vidPassword: "Kp8bJ4SXszM0WX" +vidHealthUsername: "Default" +vidHealthPassword: "AppPassword!1" +# DMAAP BC +bcUsername: "dmaap-bc@dmaap-bc.onap.org" +bcPassword: "demo123456!" +# DMAAP KAFKA JAAS +kafkaJaasUsername: "admin" +kafkaJaasPassword: "admin_secret" + +#OOF +oofUsername: "oof@oof.onap.org" +oofPassword: "demo123456!" +cmsoUsername: "oof@oof.onap.org" +cmsoPassword: "demo123456!" +oofOsdfPciOptUsername: "oof@oof.onap.org" +oofOsdfPciOptPassword: "demo123456!" +oofHomingUsername: "admin1" +oofHomingPassword: "plan.15" + + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 500m + memory: 1Gi + large: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 1000m + memory: 2Gi + unlimited: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 180 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 180 + periodSeconds: 10 + +service: + name: robot + type: NodePort + portName: httpd + externalPort: 443 + internalPort: 443 + nodePort: "09" + +ingress: + enabled: false + service: + - baseaddr: "robot.api" + name: "robot" + port: 443 + config: + ssl: "redirect" + + +## Persist data to a persitent volume +persistence: + enabled: true + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + volumeReclaimPolicy: Retain + + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: <storageClass> + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + accessMode: ReadWriteOnce + size: 2Gi + mountPath: /dockerdata-nfs + mountSubPath: robot/logs diff --git a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml index 11128dd68c..b4bd316c03 100755 --- a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml @@ -303,6 +303,10 @@ sdnc: dmaap: host: http://message-router.{{ include "common.namespace" . }}:3904 timeout: 30000 + publisher: + topic: RAN-Slice-Mgmt + callback: + timeout: PT5M lcm: path: '/restconf/operations/LCM:' actionTimeout: 300000 diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl index cc22dc97c3..c5232e8f48 100644 --- a/kubernetes/so/components/soHelpers/templates/_certificates.tpl +++ b/kubernetes/so/components/soHelpers/templates/_certificates.tpl @@ -21,6 +21,8 @@ if [ "${EXIT_VALUE}" != "0" ] then echo "issue with password: $cadi_truststore_password" + ls -lh {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop + cat {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop exit $EXIT_VALUE else keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \ |