aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2020-02-21[SDNC] Use common secret template in dmaap-listenerKrzysztof Opasiak6-17/+85
Whole SDNC strongly depends on the assumption that it is using a common mariadb-galera instance and that root password is secret password. Also user and password to sdnc DB is hardcoded. Let's start working on removing this assumption and component by component add support for local and shared mariadb instance without hardcoding any passwords to the database. In this patch all passwords are still hardcoded in the helm chart to not break other parts of SDNC. Those values will be removed in a final patch. Issue-ID: OOM-2309 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I3280f9d7ff4933d4e50b94ca248676ed9aa6688d
2020-02-20Merge "[COMMON] Use common mariadb-galera instance in network-name-gen"Sylvain Desbureaux3-15/+39
2020-02-20Merge "[OOF] Use common secret template for mariadb credentials"Sylvain Desbureaux8-54/+152
2020-02-19[COMMON] Use common mariadb-galera instance in network-name-genKrzysztof Opasiak3-15/+39
Improve usage of common secret template by removing all hardcoded values and use common mariadb-galera instance. Issue-ID: OOM-2249 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ia126a0b66d9e61c90114ff688cc52cc5fa4f5d58
2020-02-19Merge "[COMMON] Use common secret template in dgbuilder"Sylvain Desbureaux7-204/+119
2020-02-19Merge "[OOM] Bump postgresql version"Sylvain Desbureaux1-1/+1
2020-02-18Cluster Distributed lock service integration with OOM.Sebastien Premont-Tendland4-0/+107
Disabled by default. In order to enable cluster replicaCount should be higher than 2 and useScriptCompileCache is set to false. We need to disable script compile cache otherwise there is issue with updating CBA when running multiple replicas of blueprint processor. Issue-ID: CCSDK-2011 Signed-off-by: Sebastien Premont-Tendland <sebastien.premont@bell.ca> Change-Id: I6f6071556eb499832f9a765ba4c27100497c6e88
2020-02-18Merge "Fix yamllint error in info file"Mike Elliott1-5/+3
2020-02-18[OOM] Bump postgresql versionSylvain Desbureaux1-1/+1
Use version 10.11 deployed by crunchydata scripts version 4.2.1. this will: * remove some CVEs (in particular CVE-2019-10164) * use UTF-8 as default encoding Issue-ID: OOM-2290 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6f6ca18b48c435f55f5ffcb88e4f2dc83b758b84
2020-02-18Fix yamllint error in info fileAric Gardner1-5/+3
Each changes item needs its own list this can be seen in the changed code Also, remove other repositories. Each repository in ONAP requires its own info file and so we cannot include multiple repos in a single info file Issue-ID: CIMAN-33 Signed-off-by: Aric Gardner <agardner@linuxfoundation.org> Change-Id: Id23288f9a5bddd3f0a1f52d56d072ef90b8a8f9b
2020-02-18Merge "[SO] Enable use of Keystone v3"Krzysztof Opasiak3-2/+8
2020-02-18Update git submodulesJames Forsyth1-0/+0
* Update kubernetes/aai from branch 'master' to 23f076495d36081f34a367067918d15fcc5ada8d - Merge "Add ingress controler support to AAI" - Add ingress controler support to AAI Issue-ID: OOM-2171 Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com> Change-Id: I9afdae36aa9afd1f80f88b5bb3a15935f9335a93
2020-02-18Merge "[SDC] Change default access mode for cert PVC"Krzysztof Opasiak1-1/+1
2020-02-18[COMMON] Use common secret template in dgbuilderKrzysztof Opasiak7-204/+119
Taken into account how "easy" it would be to modify the dgbuilder which is written in JavaScript (which is not my mother tongue to say the least) let's try to remove hardcoded passwords from config files without modifying the application container itself. In order to achieve this: 1) Remove createReleaseDir.sh script from the container as it is never used and contains a ton of passwords 2) Replace all sensitive values in config files with references to respective environment variables 3) Introduce init container that will run envsubst command on config files and copy them from ConfigMap value to the new volume which is backed by tmpfs so that the plain text passwords are never written to the disk For now all the hardcoded values are still there to minimize the risk of breaking the deployment but step by step they will be removed in next commits. Issue-ID: OOM-2247 Change-Id: I5a428e3415713857084ba6aaa6be9b04a8eb8c0f Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-18Merge "Removed use of vfc-redis from etsicatalog component"Sylvain Desbureaux2-4/+0
2020-02-17[OOF] Use common secret template for mariadb credentialsKrzysztof Opasiak8-54/+152
Remove all hardcoded credentials for mariadb and depend on common secret template to generate all passwords at the deployment time. Issue-ID: OOM-2292 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I54e57b317a8852469bcc11aabf6ddf0040ff5eb3
2020-02-17Merge "[DMaaP MR] Remove "lost+found" in kafka PVC"Krzysztof Opasiak1-0/+1
2020-02-17Merge "DNS test server for ingress controller"Krzysztof Opasiak10-0/+407
2020-02-17Merge "[COMMON] fix primary PVC for postgres template"Krzysztof Opasiak1-1/+0
2020-02-17DNS test server for ingress controllerLucjan Bryndza10-0/+407
Testing ingress controller based on virtual hosts requires a lot of entries in the /etc/hosts. The better way is to create DNS server for testing purposes. Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com> Issue-ID: OOM-2289 Change-Id: I2ab104c7391e9634972931ac7e79bec5711d2b39 Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
2020-02-17Merge "[VID] Don't hardcode mariadb-galera password"Sylvain Desbureaux4-44/+25
2020-02-15[VID] Don't hardcode mariadb-galera passwordKrzysztof Opasiak4-44/+25
Let's use common secret template to generate user credentials for VID DB and depend on mariadb-galera to generate secure enough root password. Issue-ID: OOM-2293 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ib474e202e9e35e6b2959d29648f542a89c87a4e5
2020-02-14Merge "[AAF] Loosen the limits for some AAF Components"Morgan Richomme3-4/+4
2020-02-14Add new committer to INFO.yamlSylvain Desbureaux1-1/+6
Updating to include Krzysztof Opasiak as new commiter. Issue-ID: OOM-1980 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ied757ed38935d87134286e474e67978e849e1fd2
2020-02-14[COMMON] fix primary PVC for postgres templateSylvain Desbureaux1-1/+0
The last line of the template rewrites PVC storage class and thus the behavior is not the expected one. This patch removes the faulty (and unecessary) line. Issue-ID: OOM-1227 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ia0e2f6fbd7d40bbf0de719bbf35f0f0424e1a076
2020-02-13[SO] Enable use of Keystone v3Sylvain Desbureaux3-2/+8
SO can handle keystone v3 but override file must be capable to handle this. If openStackKeystoneVersion is set to "KEYSTONE_V3" in so-catalog-db-adapter config part, SO will be able to use keystone v3 for OpenStack Issue-ID: OOM-2221 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I14db318d25842a08ef380f6edb708e26dae050ad
2020-02-13Merge "Fix external secret name in mariadb-init"Sylvain Desbureaux2-3/+3
2020-02-13[AAF] Loosen the limits for some AAF ComponentsSylvain Desbureaux3-4/+4
aaf-locate anf aaf-cm limits may have been a bit too stringent. giving some space to these components Issue-ID: OOM-2230 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Id295f3e42bd7220144e5990322e9e6043e087e0e
2020-02-13Merge "Fix the wrong MSB_PROTO env value"Sylvain Desbureaux4-4/+4
2020-02-13Fix external secret name in mariadb-initKrzysztof Opasiak2-3/+3
mariadb-init chart should play nicely with mariadb-galera as it simplifies migration to common mariadb instance. Unfortunately after adding the support for common secret template I didn't pay enough attention to consistent naming convention and mariadb-galera and mariadb-init chart ended up being incompatible. To fix that let's just rename the mariadb-init chart config option to match exactly the one used in mariadb-galera chart. Issue-ID: OOM-2248 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I621804821292e2bd0b5b1dd3f010629d1cb5471f
2020-02-13Merge "Fix multicloud logging issue"Sylvain Desbureaux1-0/+4
2020-02-12Update git submodulesjimmy1-0/+0
* Update kubernetes/aai from branch 'master' to 764cd8514707c1630dbfa6792b8d15953d5b9a59 - Use v1.6.4 of resources Issue-ID: AAI-2796 Change-Id: I865ce2259fe7112c60ca9ab6ab6a6222b20f0527 Signed-off-by: Jimmy Forsyth <jf2512@att.com>
2020-02-12Pick up new tls init containerJack Lucas17-51/+34
Remove unneeded dashboard inputs file Prepend release name to filebeat configmap name Issue-ID: DCAEGEN2-917 Issue-ID: DCAEGEN2-1923 Issue-ID: DCAEGEN2-1805 Signed-off-by: Jack Lucas <jflucas@research.att.com> Change-Id: I53ef20046d7e16c4e0a2defd41c846d91af4ec09
2020-02-12Merge "Make use msb iag with https"Morgan Richomme33-2/+84
2020-02-12Merge "Enable underscore in headers in nginx config"Sylvain Desbureaux1-0/+2
2020-02-12Make use msb iag with httpsyangyan33-2/+84
Change-Id: I8602f2cbe425a061470e62d2a6fc490904f42256 Issue-ID: VFC-1601 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2020-02-12Merge "These OOM changes are related AAF Integration"Sylvain Desbureaux33-124/+510
2020-02-12Merge "Sync up the properties file with current CDS version."Sylvain Desbureaux1-1/+9
2020-02-10Merge "[APPC] Fix APPC health check failure"Morgan Richomme1-1/+1
2020-02-10Update git submodulesmrichomme1-0/+0
* Update kubernetes/robot from branch 'master' to 591bfdea4f1d833abee3c7e60f084da546d9082a - Create INFO.yaml for testsuite/oom same contributors than testsuite Issue-ID: INT-1386 Signed-off-by: mrichomme <morgan.richomme@orange.com> Change-Id: I37465c46dd5b025cf284157df4a12b140eb9d487
2020-02-10[APPC] Fix APPC health check failureKrzysztof Opasiak1-1/+1
In commit: e74ed5cd24d ("[APPC] Don't hardcode mariadb root password") startOdl.sh script has been updated to take the root password from the environment variable. Unfortunately there was a typo in variable name which resulted in using empty string instead of password. Issue-ID: APPC-1830 Fixes: e74ed5cd24d ("[APPC] Don't hardcode mariadb root password") Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I537e3e24ee4bbbc20d5ebc07dddd9f0d3cbe26d8
2020-02-10Merge "Bump dmaap-dr image versions"Sylvain Desbureaux4-2/+6
2020-02-09Bump dmaap-dr image versionsefiacor4-2/+6
# Also, need to add ready check for aaf-cm Change-Id: I757f56f5eaa79c1cbecec43aeb99f2701afd7fae Signed-off-by: efiacor <fiachra.corcoran@est.tech> Issue-ID: DMAAP-1195
2020-02-07[NBI] Don't hardcode mariadb-galera passwordKrzysztof Opasiak3-9/+34
Let's use common secret template to generate user credentials for NBI DB and depend on mariadb-galera to generate secure enough root password. BTW. Don't be surprised for now mariadb-galera has a hardcoded root password but as soon as we move all charts that use it to common secret template it will be auto generated. Issue-ID: OOM-2291 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I5d16f6c26aa63a46db98ba3dab3a76267b4049f1
2020-02-07[COMMON] Remove pgpoolKrzysztof Opasiak13-1056/+0
It seems that pgpool is never thus there is no need to spend time moving it to common secret template Issue-ID: OOM-2250 Change-Id: I237f9e01cec80bd47ff47c7eb4db282471cfad07 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-07[COMMON] Use common secret template in postgresKrzysztof Opasiak4-29/+88
Use common secret template for storing DB credentials Issue-ID: OOM-2250 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ic640bba21a368cf3dd7d3a712abd13907b86a217
2020-02-07Merge "[COMMON] Share deployment configuration in Postgres"Sylvain Desbureaux3-246/+146
2020-02-07Merge "[OOF] fix secret names for mariadb-galera"Sylvain Desbureaux2-9/+9
2020-02-07Merge "update DMaaP MR docker image version to 1.1.17"Sylvain Desbureaux1-1/+1
2020-02-07Update git submodulesKrzysztof Opasiak1-0/+0
* Update kubernetes/robot from branch 'master' to df719f4a3e63cff0d5d832945f0b8ba18230635c - [ONAP-wide] Replace .Release.Name with common.release ONAP is too big to be deployed using helm install so we need to use a custom helm plugin helm deploy. This script deloys onap component by component instead of deploying evrything at once. Unfortunately this script also modifies the helm release by appending component name to it. As a result of this behavior our objects are called for example: onap-mariadb-galera-mariadb-galera-0 instead of just being called onap-mariadb-galera-0. This patch simplifies this naming convention by replacing all direct usages of .Release.Name with common.release macro which strips the component specific part from the release name. Issue-ID: OOM-2275 Change-Id: I3384bf30c663764339b0b41527ca4eb7168f0d49 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>