Age | Commit message (Collapse) | Author | Files | Lines |
|
Whole SDNC strongly depends on the assumption that it is using a
common mariadb-galera instance and that root password is secret
password. Also user and password to sdnc DB is hardcoded.
Let's start working on removing this assumption and component by
component add support for local and shared mariadb instance without
hardcoding any passwords to the database.
In this patch all passwords are still hardcoded in the helm chart to
not break other parts of SDNC. Those values will be removed in a final patch.
Issue-ID: OOM-2309
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Idb460e72301dd63082d7890d34fea923df3ac426
|
|
|
|
|
|
Improve usage of common secret template by removing all hardcoded
values and use common mariadb-galera instance.
Issue-ID: OOM-2249
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ia126a0b66d9e61c90114ff688cc52cc5fa4f5d58
|
|
|
|
|
|
Disabled by default. In order to enable cluster replicaCount
should be higher than 2 and useScriptCompileCache is set to false.
We need to disable script compile cache otherwise there is
issue with updating CBA when running multiple replicas of
blueprint processor.
Issue-ID: CCSDK-2011
Signed-off-by: Sebastien Premont-Tendland <sebastien.premont@bell.ca>
Change-Id: I6f6071556eb499832f9a765ba4c27100497c6e88
|
|
|
|
Use version 10.11 deployed by crunchydata scripts version 4.2.1.
this will:
* remove some CVEs (in particular CVE-2019-10164)
* use UTF-8 as default encoding
Issue-ID: OOM-2290
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6f6ca18b48c435f55f5ffcb88e4f2dc83b758b84
|
|
Each changes item needs its own list
this can be seen in the changed code
Also, remove other repositories.
Each repository in ONAP requires its own info file
and so we cannot include multiple repos in a single
info file
Issue-ID: CIMAN-33
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
Change-Id: Id23288f9a5bddd3f0a1f52d56d072ef90b8a8f9b
|
|
|
|
* Update kubernetes/aai from branch 'master'
to 23f076495d36081f34a367067918d15fcc5ada8d
- Merge "Add ingress controler support to AAI"
- Add ingress controler support to AAI
Issue-ID: OOM-2171
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Change-Id: I9afdae36aa9afd1f80f88b5bb3a15935f9335a93
|
|
|
|
Taken into account how "easy" it would be to modify the dgbuilder
which is written in JavaScript (which is not my mother tongue to say
the least) let's try to remove hardcoded passwords from config files
without modifying the application container itself.
In order to achieve this:
1) Remove createReleaseDir.sh script from the container as it is never
used and contains a ton of passwords
2) Replace all sensitive values in config files with references to
respective environment variables
3) Introduce init container that will run envsubst command on config
files and copy them from ConfigMap value to the new volume which is
backed by tmpfs so that the plain text passwords are never written to
the disk
For now all the hardcoded values are still there to minimize the risk
of breaking the deployment but step by step they will be removed in
next commits.
Issue-ID: OOM-2247
Change-Id: I5a428e3415713857084ba6aaa6be9b04a8eb8c0f
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
|
|
Remove all hardcoded credentials for mariadb and depend on common
secret template to generate all passwords at the deployment time.
Issue-ID: OOM-2292
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I54e57b317a8852469bcc11aabf6ddf0040ff5eb3
|
|
|
|
|
|
|
|
Testing ingress controller based on virtual hosts
requires a lot of entries in the /etc/hosts.
The better way is to create DNS server for testing purposes.
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Issue-ID: OOM-2289
Change-Id: I2ab104c7391e9634972931ac7e79bec5711d2b39
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
|
|
|
|
Let's use common secret template to generate user credentials for VID
DB and depend on mariadb-galera to generate secure enough root
password.
Issue-ID: OOM-2293
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ib474e202e9e35e6b2959d29648f542a89c87a4e5
|
|
|
|
Updating to include Krzysztof Opasiak as new commiter.
Issue-ID: OOM-1980
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ied757ed38935d87134286e474e67978e849e1fd2
|
|
The last line of the template rewrites PVC storage class and thus the
behavior is not the expected one.
This patch removes the faulty (and unecessary) line.
Issue-ID: OOM-1227
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ia0e2f6fbd7d40bbf0de719bbf35f0f0424e1a076
|
|
SO can handle keystone v3 but override file must be capable to handle
this.
If openStackKeystoneVersion is set to "KEYSTONE_V3" in
so-catalog-db-adapter config part, SO will be able to use keystone v3
for OpenStack
Issue-ID: OOM-2221
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I14db318d25842a08ef380f6edb708e26dae050ad
|
|
|
|
aaf-locate anf aaf-cm limits may have been a bit too stringent.
giving some space to these components
Issue-ID: OOM-2230
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Id295f3e42bd7220144e5990322e9e6043e087e0e
|
|
|
|
mariadb-init chart should play nicely with mariadb-galera as it
simplifies migration to common mariadb instance.
Unfortunately after adding the support for common secret template I
didn't pay enough attention to consistent naming convention and
mariadb-galera and mariadb-init chart ended up being incompatible. To
fix that let's just rename the mariadb-init chart config option to
match exactly the one used in mariadb-galera chart.
Issue-ID: OOM-2248
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I621804821292e2bd0b5b1dd3f010629d1cb5471f
|
|
|
|
* Update kubernetes/aai from branch 'master'
to 764cd8514707c1630dbfa6792b8d15953d5b9a59
- Use v1.6.4 of resources
Issue-ID: AAI-2796
Change-Id: I865ce2259fe7112c60ca9ab6ab6a6222b20f0527
Signed-off-by: Jimmy Forsyth <jf2512@att.com>
|
|
Remove unneeded dashboard inputs file
Prepend release name to filebeat configmap name
Issue-ID: DCAEGEN2-917
Issue-ID: DCAEGEN2-1923
Issue-ID: DCAEGEN2-1805
Signed-off-by: Jack Lucas <jflucas@research.att.com>
Change-Id: I53ef20046d7e16c4e0a2defd41c846d91af4ec09
|
|
|
|
|
|
Change-Id: I8602f2cbe425a061470e62d2a6fc490904f42256
Issue-ID: VFC-1601
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
|
|
|
|
|
|
|
|
* Update kubernetes/robot from branch 'master'
to 591bfdea4f1d833abee3c7e60f084da546d9082a
- Create INFO.yaml for testsuite/oom
same contributors than testsuite
Issue-ID: INT-1386
Signed-off-by: mrichomme <morgan.richomme@orange.com>
Change-Id: I37465c46dd5b025cf284157df4a12b140eb9d487
|
|
In commit:
e74ed5cd24d ("[APPC] Don't hardcode mariadb root password")
startOdl.sh script has been updated to take the root password from the
environment variable. Unfortunately there was a typo in variable name
which resulted in using empty string instead of password.
Issue-ID: APPC-1830
Fixes: e74ed5cd24d ("[APPC] Don't hardcode mariadb root password")
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I537e3e24ee4bbbc20d5ebc07dddd9f0d3cbe26d8
|
|
|
|
# Also, need to add ready check for aaf-cm
Change-Id: I757f56f5eaa79c1cbecec43aeb99f2701afd7fae
Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Issue-ID: DMAAP-1195
|
|
Let's use common secret template to generate user credentials for NBI
DB and depend on mariadb-galera to generate secure enough root
password.
BTW.
Don't be surprised for now mariadb-galera has a hardcoded root
password but as soon as we move all charts that use it to common
secret template it will be auto generated.
Issue-ID: OOM-2291
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I5d16f6c26aa63a46db98ba3dab3a76267b4049f1
|
|
It seems that pgpool is never thus there is no need to spend
time moving it to common secret template
Issue-ID: OOM-2250
Change-Id: I237f9e01cec80bd47ff47c7eb4db282471cfad07
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
Use common secret template for storing DB credentials
Issue-ID: OOM-2250
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ic640bba21a368cf3dd7d3a712abd13907b86a217
|
|
|
|
|
|
|
|
* Update kubernetes/robot from branch 'master'
to df719f4a3e63cff0d5d832945f0b8ba18230635c
- [ONAP-wide] Replace .Release.Name with common.release
ONAP is too big to be deployed using helm install so we need to
use a custom helm plugin helm deploy. This script deloys onap
component by component instead of deploying evrything at
once. Unfortunately this script also modifies the helm release by
appending component name to it.
As a result of this behavior our objects are called for example:
onap-mariadb-galera-mariadb-galera-0
instead of just being called onap-mariadb-galera-0.
This patch simplifies this naming convention by replacing all direct
usages of .Release.Name with common.release macro which strips the
component specific part from the release name.
Issue-ID: OOM-2275
Change-Id: I3384bf30c663764339b0b41527ca4eb7168f0d49
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|