Age | Commit message (Collapse) | Author | Files | Lines |
|
Update Cert Service version to 1.2.0 in order to allow creation
not existing subdirectories where certs will be located.
Issue-ID: DCAEGEN2-2252
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I83560e21a6894c8869201205000bb7c41956176a
|
|
Root keys of certificate should have 10 years validity.
Issue-ID: AAF-1175
Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com>
Change-Id: I0ff9ed6ff095baa0797a2af50eca740e9b4a5c6b
|
|
Certificates in AAF CertService expired
Repleace by new certificates
Issue-ID: AAF-1175
Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com>
Change-Id: Ic04e337adfbec2acb31b830cf4d5193b3a0a0e80
|
|
Change-Id: I9c5bf34516d32bedaf8314044d71d6aad401966c
Issue-ID: AAF-1152
Signed-off-by: kjaniak <kornel.janiak@nokia.com>
|
|
Allow use of OUTPUT_TYPE env in certservice client to define desired
certificates format (one of: P12, JKS, PEM)
Issue-ID: AAF-1152
Change-Id: I5065b659ae36d71209d643303896516042fabaa0
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
|
|
AAF SMS was hardcoding its certificates in the container.
This patch makes use of certInitializer in order to retrieve "fresh"
certificates.
In order to use certInitiliazer in a sub component, we had to move
charts to component and add the right requirements.
Issue-ID: AAF-1159
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6ec55eddffd54dd56b03cea1a6f0b437f8bfa299
|
|
|
|
Uplifting AAF to 2.1.23
Issue-ID: AAF-1127
Signed-off-by: ChrisC <christophe.closset@intl.att.com>
Change-Id: Ib7f76feb6d3adc622d4f198a1f954062d84a3ca2
|
|
This new micro service allow retrieval of certificates using CMPv2
protocol and relay the requests to CA server (such as EJBCA provided in
contrib folder).
Issue-ID: AAF-1083
Change-Id: Ib3acba3d071533ad933d043f067147e8406d8fa8
Signed-off-by: EmmettCox <emmett.cox@est.tech>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
This reverts commit 306fa85f8e97e1e7f95f8b429088f570f2926d39.
Since this patch, we're seeing a lot of errors on healtchecks and e2e
tests.
Reverting it in order to make master work again.
Issue-ID: AAF-1127
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie40559ef5a3da60457b0af306b802e7a81d968be
|
|
Uplifting AAF to 2.1.22 (Frankfurt)
Issue-ID: AAF-1127
Signed-off-by: ChrisC <christophe.closset@intl.att.com>
Change-Id: Ia371efeab9adbf99a8e0543d0c71adc028f6228e
|
|
Change-Id: I1be525c47862697aa26d757675a2933896e4e487
Signed-off-by: vrvarma <vikas.varma@att.com>
Issue-ID: OPTFRA-750
|
|
Update oof so callback credentials
Change-Id: I210c1fe8f89a486a740449b641f8ff94fd1d3a8e
Signed-off-by: vrvarma <vikas.varma@att.com>
Issue-ID: OPTFRA-756
|
|
AAF locate may be long to start because of too small CPU limits.
Augmenting them in order to have a more reliable behavior
Issue-ID: OOM-2411
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iefcd79ee66be56570a5df83111cbb6559346371e
|
|
When using requests/limits, testCA jobs gets OOMKIilled.
Giving more RAM in order to make it work.
Issue-ID: OOM-2408
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I221cba103a939b77009aa8c04da2425ab8eeae82
|
|
|
|
set redirect to service providing SSL
add ingress for aaf-oauth
Issue-ID: OOM-2170
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iec05ec5798cc8240ca45d7d08c973bc3516f5e8f
|
|
Use the different "common" templates in order to create consistent and
v1.16+ compatible templates for the different resources of AAF
Issue-ID: AAF-1122
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iefc1391211a69b6584ea127066ce430d4f5eb389
|
|
Change ingress host to the required hostnames
Change-Id: Ic78c8821e2e23e00943d8abdf7b2183b4d940c72
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Issue-ID: OOM-2391
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
|
|
Use common secret template and init container to fill config files for
job that preloads secrets to SMS.
Init container is prepared for temporary workaround required by the
OOF team to encrypt passwords before storing them in sms.
The only thing that has to be done is to instead of just assigning for
example:
export AAI_PASS=${AAI_PASS_PLAIN};
do
export AAI_PASS=`awesomeEncryptCommand ${AAI_PASS_PLAIN}`
Issue-ID: OPTFRA-720
Change-Id: I0ada7de0aa8710580ccf51cb9ab0822b81b4f46a
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
Cleaned up up configs, JDK11 fixes, Hello and Agent works, now a model for Apps
non-root fix
Issue-ID: AAF-1081, AAF-1102
Signed-off-by: Instrumental <jgonap@stl.gathman.org>
Signed-off-by: ChrisC <christophe.closset@intl.att.com>
Change-Id: I4947075029db8abd7d2072b6b82064af8e2daa3e
|
|
Use 6.0.0 in preparation for Frankfurt release
Issue-ID: OOM-2320
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I8ad82dfdf48b56c38c0e85d640b18cc13c8d9e67
|
|
|
|
It should make the POD to start again
Issue-ID: AAF-1106
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I934a904ba7310e49bf2cfd3f372c402af3878efa
|
|
SMS requests/limits were set too low and thus it prevents start when on
small flavors
Issue-ID: AAF-1105
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib591c972ceaa4186dd16ca5cebd86b58c0288718
|
|
aaf-locate anf aaf-cm limits may have been a bit too stringent.
giving some space to these components
Issue-ID: OOM-2230
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Id295f3e42bd7220144e5990322e9e6043e087e0e
|
|
ONAP is too big to be deployed using helm install so we need to
use a custom helm plugin helm deploy. This script deloys onap
component by component instead of deploying evrything at
once. Unfortunately this script also modifies the helm release by
appending component name to it.
As a result of this behavior our objects are called for example:
onap-mariadb-galera-mariadb-galera-0
instead of just being called onap-mariadb-galera-0.
This patch simplifies this naming convention by replacing all direct
usages of .Release.Name with common.release macro which strips the
component specific part from the release name.
Issue-ID: OOM-2275
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ia8cead50d305adb00eef666d0a1ace74479b5183
|
|
https://gerrit.onap.org/r/c/oom/+/98938 forgot to remove selectors for
PVC and prevent it to work with storage class.
Issue-ID: OOM-1227
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ieb45ecbe8c046d6c3bc72e47776df3c9d64de2e5
|
|
|
|
|
|
OOM has now templates in order to create the needed PVC, using:
* a PV with a specific class when using a common nfs mount path between
nodes (sames as today use) --> is the default behavior today
* or a storage class if we want to use dynamic PV.
On this case, we use (in order of priority):
- persistence.storageClassOverride if set on the chart
- global.persistence.storageClass if set globally
- persistence.storageClass if set on the chart
I've also modified statefulset deployment so they can use their own PVC
instead of writing into a specific directory inside
I've also set to 'emptyDir' volumes when persistence is not enabled
(except for aaf-config-pvc and aaf-status-pvc, which means that AAF will
still not work when persistence is disabled).
Change-Id: I05f133f058ebd9678df9ac0b7ef32bb43689e94f
Issue-ID: OOM-1227
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
There were no resource limits on POD.
Setting them.
Change-Id: I1b57c3f1cd1b1dc71bbad4f7c307b1658d6e23e5
Issue-ID: OOM-2230
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
Change-Id: Ie69b9dac533ed2af80645e6d65318b6b4e81cbd3
Issue-ID: OOM-2170
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
|
|
Issue-ID: AAF-902
Change-Id: I3a83eee98dfeb7fb9751019faf618897dbc9d34f
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
Issue-ID: AAF-383
Change-Id: I3e2591ca73c8ba559fd39aa1250471b15d1189d2
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Updating all helm chart versions to 5.0.0 for the El Alto release.
Merge will be co-ordinated with the merge of a separate aai/oom patch.
Please do not merge until this coordination has completed.
Issue-ID: OOM-1980
Signed-off-by: Mike Elliott <mike.elliott@amdocs.com>
Change-Id: I31daaebeacea33565f13affd2fa28fb15fe948ba
|
|
SMS healthcheck breaks because of expired certificates
This patch fixes that issue.
Issue-ID: AAF-845
Change-Id: I2004e29e3271a829989e1f46ebcd7e07e1b6185a
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
Issue-ID: AAF-826
Change-Id: Ia8c23170ccaaa52c528d89417d95ddb3478ab00d
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
Also upped SMS/SSHSM versions
Issue-ID: AAF-823
Change-Id: I27de5079cd678d0206238873b81cb55b5612a67a
Signed-off-by: Gathman, Jonathan (jg1555) <jg1555@us.att.com>
|
|
Issue-ID: AAF-822
Change-Id: I3185d827f3f67cb177534f7c7f3281375b77c613
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
Change-Id: Ifa98f8610b0a96a28f3a3ded7cb65663e9455158
Issue-ID: INT-1042
Signed-off-by: Yang Xu <yang.xu3@huawei.com>
|
|
Nodeport exposes aaf-sms outside the cluster
which is a security risk without the proper
authentication systems in place.
We will add external access if needed in the
future.
Issue-ID: OOM-1739
Change-Id: Ibefbd1c5656262131f00a2e53dbf5804f2ead084
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
All charts are being bumped from 3.0.0 to 4.0.0 for the Dublin release.
In addition the requirement.yaml files have been updated to allow for
chart versions that include timestamp suffix. A following on patch will
take care of changes to the OOM Makefiles to support injection of the
timestamp versions.
Change-Id: Ie03d86fad2027e975e8b9106e3a828e4335037cb
Issue-ID: OOM-1642
Signed-off-by: Mike Elliott <mike.elliott@amdocs.com>
|
|
|
|
Issue-ID: OOM-1563
Change-Id: I383dbec29291ba5b13d613f60d8eb343b9c59dda
Signed-off-by: dkamdocs <devesh.kumar@amdocs.com>
|
|
Removed the nodeport usage for sms-db
Converted all multicloud-prometheus charts
to use ClusterIP for now. We can allocate
nodeports for them later on when the services
are requested by other services in multicloud.
Also, disabled the multicloud-prometheus charts from starting up by default.
Change once dependent charts or services are added.
Issue-ID: OOM-1555
Change-Id: I2dddc54015844de3abbbf786f95b8bb6eba92d86
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
Issue-ID: AAF-630
Change-Id: I26b61e5734a0a0249f66325594dc50e03b613727
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
Issue-ID: AAF-620
Change-Id: Iafdc20818e52dab4b6ab56a8053553d6dfe02e6a
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
Sync docker tags with the release manifest from integration
repo commit 1e16c7e67d1fdeadab3789b07d6d2f47b7d0ffd7.
Change-Id: If580d0000108ce9ff70ad128b9bc93bf4364376b
Issue-ID: INT-663
Signed-off-by: Gary Wu <gary.i.wu@huawei.com>
|
|
Issue-ID: AAF-609
Change-Id: Ia3735e269205425e66452701fa15909500e569f7
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|