Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Instead of using hardcoded certificates, let's use certInitializer in
order to retrieve them.
Issue-ID: OOM-2696
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6ed12dda660647cd0990c34f51e6c05ed533774a
|
|
- OSDF: 3.0.4
- Fixed NST selection response
- HAS: 2.1.4
- Fixed SDC interface
- Fixed weak cryptography issues
- CMSO: 2.3.2
- Fixed weak cryptography issues
Chart changes
- Remove encrypted password from
CMSO and move it to k8s secret
Issue-ID: OPTFRA-917
Signed-off-by: Krishna Moorthy <krishna.moorthy6@wipro.com>
Change-Id: I1cf272f66f76412d5042fdf3ed3bcf1d461ab254
|
|
Current limits makes vault to throttle and at the end it's not able to
start.
This patch relaxes the CPU limit value so it should be better at start.
Issue-ID: OOM-2230
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I4dc49dc7f0d03ba4140367d985264b7337b52417
|
|
Instead of using hardcoded certificates in the container, let's retrieve
them automatically.
Issue-ID: OOM-2681
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If08469469fecdc8bf86d080980f221e5941a2329
|
|
Current script that retrieve certificates can fail but exit code will be
0. We then add a check in the script in order to avoid such issue
Issue-ID: OOM-2688
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib41c66a4de46db8752f68ef35a2bfb67ca575246
|
|
Use Certinitializer in order to retrieve needed certificates.
Issue-ID: OOM-2680
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I1ec295d863f8f6c0d11e64173b474e82f63e6b17
|
|
Use Certinitializer in order to retrieve needed certificates.
Issue-ID: OOM-2655
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie05936be0f513c76ea4dce31b8a460056b79a4b0
|
|
Instead of having hardocoded certificates, use certManager in order to
retrieve them.
Issue-ID: OOM-2684
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I20df713b7552b27392407db985fd402c259874e4
|
|
Instead of using hardcoded certificates in container, use
certInitializer in order to retrieve them.
Issue-ID: OOM-2682
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I93b7a1a0bddf2540e222ec4406d0cfd12f6f5e5e
|
|
MSB is currently using an hardcoded certificate. In order to follow
SECOMMON requirements, let's use a freshly generated certificate instead
Issue-ID: MSB-521
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I157e44a6e30391c36c0142acfa08604c37b79cc4
|
|
Today, `identities.dat` is put on cassandra deployment. But this file is
actually needed by "working" deployments (at least certman and service)
and not by cassandra.
This patch removes it from cassandra deployments and add it to the other
ones form "authz" family.
Issue-ID: OOM-2678
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I2a4b68f73797cd6c369060481e169525829a4217
|
|
Instead of using an harcoded certificate for AAI Haproxy, let's use
certInitializer in order to have a fresh one.
Issue-ID: OOM-2654
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Id07af4084ae714bc7ba7132b218434229a0ba866
|
|
Instead of keep initialization data into the docker image, we move them
to the chart.
This will simplify adding / removing certificates as no image release
will be necessary, but only a change in OOM which can be directly
tested.
This reverts commit aa950d2ea4afa900c69eb622a776c8830a1c4e33.
Reason for revert: Changed the initial commit in order to make it really
work.
Issue-ID: OOM-2586
Change-Id: I1091d8940a8499503c72bd92ded9a54f08091ee3
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
This commit introduces a template for requesting a cert-manager certificate.
See: https://cert-manager.io.
It consist of the following parts:
- a template for creating certificate in commons component
- a definition of a certifcate object in sdnc component
Issue-ID: OOM-2568
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: If58b8f12eff075d058db5a0fee3b2db5c2c93a17
|
|
Update charts and requirements to 7.0.0.
Create release notes for Guilin
Update documentation
Issue-ID: OOM-2638
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I965ed6b6ebb7d74bfddaff73edd3dd55a657841c
|
|
|
|
This reverts commit a8c57a9bdb75a6778cae512ae83710ad8af361e4.
Reason for revert: AAF on master is broken
Issue-ID: OOM-2586
Change-Id: I0c1cfb2c7be0a8884ca003523d847c3cf0c3ab20
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
|
|
|
|
This commit makes aaf chart to use the new generator for repositories and
images.
As new templates doesn't work well with "sub charts", we move also
subcharts to components folder.
Issue-ID: OOM-2364
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Idcb67c5c96438efd7cee4b0fa3238d5762339b3e
|
|
`registry.hub.docker.com` needs authentication now, in contrary to
previous behavior.
As OOM deployments is unauthenticated when using docker hib repository,
all OOM deployments is broken.
`docker.io` seems to be still OK with unauthenticated requests so let's
move to this endpoint.
Issue-ID: OOM-2636
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iea81b882d347124af22b0a9c408081706b1c6c6d
|
|
The initialization data appear as resources to the chart.
The templates were modified to define ConfigMaps and
Deployment to mount them to the aaf-cass container
when it starts. The existing aaf-cass initialization
script in the image will load the database from these files.
Issue-ID: OOM-2586
Signed-off-by: John J. Franey <john.franey@att.com>
Change-Id: I6be0d4c6739cedfbca5df4ddb527eee2583f74a7
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
|
|
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Change-Id: Id9157f3332870a79575b20ff89558ea875626484
Issue-ID: OOM-2562
|
|
components directory takes up a lot of
space and is included during helm package
Lets remove it using .helmignore
This is just a copy of idea showed in:
"[OOF] Add helmignore to ignore components"
by krishnaa96 <krishna.moorthy6@wipro.com>
Issue-ID: OOM-2534
Suggested-by: krishnaa96 <krishna.moorthy6@wipro.com>
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I25c82e79ba2c472b7761a63365573188ab8db56b
|
|
Helm is now called by HELM_BIN variable which by default is set to helm
and makefiles use helm from path. HELM_BIN can be overwritten so user
can have two version of helm in system and choose which one to use.
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2562
Change-Id: I0917796aafe234e87afa0ac3c4c15720296276d5
|
|
|
|
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2562
Change-Id: I11f83a4716b5039e6396a63707f52268db013490
|
|
|
|
|
|
|
|
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Change-Id: Ied19470d1e8f499ba55a08d3753f8a5b1592ffc6
Issue-ID: OOM-2562
|
|
End of if statement end to early and not contains nodeLabel values
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Change-Id: If945f9a15d059118b4d11781df1687db249f67da
Issue-ID: OOM-2562
|
|
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Change-Id: I88585d84d43fb7678e0837a40fc432641bd60d8e
Issue-ID: OOM-2562
|
|
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2562
Change-Id: I14bfe09787b59b366472778a5ca5bdc50c3f83f7
|
|
aaf-cert-service has been renamed to oom-cert-service and moved from oom/kubernetes/aaf/components to oom/kubernetes/platform/components.
All aaf-cert-service references have been replaced with oom-cert-service.
Issue-ID: OOM-2526
Change-Id: I70ef4bf3ee7085a5ef7075bde68eb0ea0a95ebf7
Signed-off-by: Maciej Malewski <maciej.malewski@nokia.com>
|
|
Readiness container v3.x and up are now present in ONAP main repository.
They're also not using root user anymore and then script path has
changed.
Finally, "job_complete" script has been integrated in main "ready"
script.
As those changes are significant, we must upgrade all the components at
once.
Depends-On: I5afa83892043f4844afe12e61724a8d368a9f2e0
Issue-ID: OOM-2545
Signed-off-by: Grzegorz Lis <grzegorz.lis@nokia.com>
Change-Id: I0b4eb5dd86390273532d67d0a9696e1cfcadf110
|
|
Issue-ID: OOM-2446
Signed-off-by: Grzegorz Lis <grzegorz.lis@nokia.com>
Change-Id: Ia0d503b510fbc5681b9b3aa46a6187d3ba623603
|
|
Update Cert Service version to 1.2.0 in order to allow creation
not existing subdirectories where certs will be located.
Issue-ID: DCAEGEN2-2252
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I83560e21a6894c8869201205000bb7c41956176a
|
|
Root keys of certificate should have 10 years validity.
Issue-ID: AAF-1175
Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com>
Change-Id: I0ff9ed6ff095baa0797a2af50eca740e9b4a5c6b
|
|
Certificates in AAF CertService expired
Repleace by new certificates
Issue-ID: AAF-1175
Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com>
Change-Id: Ic04e337adfbec2acb31b830cf4d5193b3a0a0e80
|
|
Change-Id: I9c5bf34516d32bedaf8314044d71d6aad401966c
Issue-ID: AAF-1152
Signed-off-by: kjaniak <kornel.janiak@nokia.com>
|
|
Allow use of OUTPUT_TYPE env in certservice client to define desired
certificates format (one of: P12, JKS, PEM)
Issue-ID: AAF-1152
Change-Id: I5065b659ae36d71209d643303896516042fabaa0
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
|
|
AAF SMS was hardcoding its certificates in the container.
This patch makes use of certInitializer in order to retrieve "fresh"
certificates.
In order to use certInitiliazer in a sub component, we had to move
charts to component and add the right requirements.
Issue-ID: AAF-1159
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6ec55eddffd54dd56b03cea1a6f0b437f8bfa299
|
|
|
|
Uplifting AAF to 2.1.23
Issue-ID: AAF-1127
Signed-off-by: ChrisC <christophe.closset@intl.att.com>
Change-Id: Ib7f76feb6d3adc622d4f198a1f954062d84a3ca2
|
|
This new micro service allow retrieval of certificates using CMPv2
protocol and relay the requests to CA server (such as EJBCA provided in
contrib folder).
Issue-ID: AAF-1083
Change-Id: Ib3acba3d071533ad933d043f067147e8406d8fa8
Signed-off-by: EmmettCox <emmett.cox@est.tech>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
This reverts commit 306fa85f8e97e1e7f95f8b429088f570f2926d39.
Since this patch, we're seeing a lot of errors on healtchecks and e2e
tests.
Reverting it in order to make master work again.
Issue-ID: AAF-1127
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie40559ef5a3da60457b0af306b802e7a81d968be
|
|
Uplifting AAF to 2.1.22 (Frankfurt)
Issue-ID: AAF-1127
Signed-off-by: ChrisC <christophe.closset@intl.att.com>
Change-Id: Ia371efeab9adbf99a8e0543d0c71adc028f6228e
|