Age | Commit message (Collapse) | Author | Files | Lines |
|
Root keys of certificate should have 10 years validity.
Issue-ID: AAF-1175
Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com>
Change-Id: I0ff9ed6ff095baa0797a2af50eca740e9b4a5c6b
|
|
AAF SMS was hardcoding its certificates in the container.
This patch makes use of certInitializer in order to retrieve "fresh"
certificates.
In order to use certInitiliazer in a sub component, we had to move
charts to component and add the right requirements.
Issue-ID: AAF-1159
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6ec55eddffd54dd56b03cea1a6f0b437f8bfa299
(cherry picked from commit 0de302ad6212185c842ce7232319e19d994dd520)
|
|
This new micro service allow retrieval of certificates using CMPv2
protocol and relay the requests to CA server (such as EJBCA provided in
contrib folder).
Issue-ID: AAF-1083
Change-Id: Ib3acba3d071533ad933d043f067147e8406d8fa8
Signed-off-by: EmmettCox <emmett.cox@est.tech>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
(cherry picked from commit bca68e048a74ac3754e76ed738090402f7cbfd13)
|
|
Uplifting AAF to 2.1.23
Issue-ID: AAF-1127
Signed-off-by: ChrisC <christophe.closset@intl.att.com>
Change-Id: Ib7f76feb6d3adc622d4f198a1f954062d84a3ca2
|
|
|
|
Change-Id: I1be525c47862697aa26d757675a2933896e4e487
Signed-off-by: vrvarma <vikas.varma@att.com>
Issue-ID: OPTFRA-750
(cherry picked from commit 7344c288f326851595ecd2971e91ea912a1853de)
|
|
Update oof so callback credentials
Change-Id: I210c1fe8f89a486a740449b641f8ff94fd1d3a8e
Signed-off-by: vrvarma <vikas.varma@att.com>
Issue-ID: OPTFRA-756
(cherry picked from commit 26dbd2bb64f6489259fc46174d39cd67b3397cc4)
|
|
AAF locate may be long to start because of too small CPU limits.
Augmenting them in order to have a more reliable behavior
Issue-ID: OOM-2411
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iefcd79ee66be56570a5df83111cbb6559346371e
(cherry picked from commit 4aff7f0653121f7114d42eec3d09531ac13c1e27)
|
|
When using requests/limits, testCA jobs gets OOMKIilled.
Giving more RAM in order to make it work.
Issue-ID: OOM-2408
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I221cba103a939b77009aa8c04da2425ab8eeae82
(cherry picked from commit 6c2cbff30b28610826b1c63244ba96c18d3ed4d8)
|
|
|
|
set redirect to service providing SSL
add ingress for aaf-oauth
Issue-ID: OOM-2170
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iec05ec5798cc8240ca45d7d08c973bc3516f5e8f
|
|
Use the different "common" templates in order to create consistent and
v1.16+ compatible templates for the different resources of AAF
Issue-ID: AAF-1122
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iefc1391211a69b6584ea127066ce430d4f5eb389
|
|
Change ingress host to the required hostnames
Change-Id: Ic78c8821e2e23e00943d8abdf7b2183b4d940c72
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Issue-ID: OOM-2391
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
|
|
Use common secret template and init container to fill config files for
job that preloads secrets to SMS.
Init container is prepared for temporary workaround required by the
OOF team to encrypt passwords before storing them in sms.
The only thing that has to be done is to instead of just assigning for
example:
export AAI_PASS=${AAI_PASS_PLAIN};
do
export AAI_PASS=`awesomeEncryptCommand ${AAI_PASS_PLAIN}`
Issue-ID: OPTFRA-720
Change-Id: I0ada7de0aa8710580ccf51cb9ab0822b81b4f46a
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
Cleaned up up configs, JDK11 fixes, Hello and Agent works, now a model for Apps
non-root fix
Issue-ID: AAF-1081, AAF-1102
Signed-off-by: Instrumental <jgonap@stl.gathman.org>
Signed-off-by: ChrisC <christophe.closset@intl.att.com>
Change-Id: I4947075029db8abd7d2072b6b82064af8e2daa3e
|
|
Use 6.0.0 in preparation for Frankfurt release
Issue-ID: OOM-2320
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I8ad82dfdf48b56c38c0e85d640b18cc13c8d9e67
|
|
|
|
It should make the POD to start again
Issue-ID: AAF-1106
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I934a904ba7310e49bf2cfd3f372c402af3878efa
|
|
SMS requests/limits were set too low and thus it prevents start when on
small flavors
Issue-ID: AAF-1105
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib591c972ceaa4186dd16ca5cebd86b58c0288718
|
|
aaf-locate anf aaf-cm limits may have been a bit too stringent.
giving some space to these components
Issue-ID: OOM-2230
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Id295f3e42bd7220144e5990322e9e6043e087e0e
|
|
ONAP is too big to be deployed using helm install so we need to
use a custom helm plugin helm deploy. This script deloys onap
component by component instead of deploying evrything at
once. Unfortunately this script also modifies the helm release by
appending component name to it.
As a result of this behavior our objects are called for example:
onap-mariadb-galera-mariadb-galera-0
instead of just being called onap-mariadb-galera-0.
This patch simplifies this naming convention by replacing all direct
usages of .Release.Name with common.release macro which strips the
component specific part from the release name.
Issue-ID: OOM-2275
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ia8cead50d305adb00eef666d0a1ace74479b5183
|
|
https://gerrit.onap.org/r/c/oom/+/98938 forgot to remove selectors for
PVC and prevent it to work with storage class.
Issue-ID: OOM-1227
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ieb45ecbe8c046d6c3bc72e47776df3c9d64de2e5
|
|
|
|
|
|
OOM has now templates in order to create the needed PVC, using:
* a PV with a specific class when using a common nfs mount path between
nodes (sames as today use) --> is the default behavior today
* or a storage class if we want to use dynamic PV.
On this case, we use (in order of priority):
- persistence.storageClassOverride if set on the chart
- global.persistence.storageClass if set globally
- persistence.storageClass if set on the chart
I've also modified statefulset deployment so they can use their own PVC
instead of writing into a specific directory inside
I've also set to 'emptyDir' volumes when persistence is not enabled
(except for aaf-config-pvc and aaf-status-pvc, which means that AAF will
still not work when persistence is disabled).
Change-Id: I05f133f058ebd9678df9ac0b7ef32bb43689e94f
Issue-ID: OOM-1227
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
There were no resource limits on POD.
Setting them.
Change-Id: I1b57c3f1cd1b1dc71bbad4f7c307b1658d6e23e5
Issue-ID: OOM-2230
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
Change-Id: Ie69b9dac533ed2af80645e6d65318b6b4e81cbd3
Issue-ID: OOM-2170
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
|
|
Issue-ID: AAF-902
Change-Id: I3a83eee98dfeb7fb9751019faf618897dbc9d34f
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
Issue-ID: AAF-383
Change-Id: I3e2591ca73c8ba559fd39aa1250471b15d1189d2
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Updating all helm chart versions to 5.0.0 for the El Alto release.
Merge will be co-ordinated with the merge of a separate aai/oom patch.
Please do not merge until this coordination has completed.
Issue-ID: OOM-1980
Signed-off-by: Mike Elliott <mike.elliott@amdocs.com>
Change-Id: I31daaebeacea33565f13affd2fa28fb15fe948ba
|
|
SMS healthcheck breaks because of expired certificates
This patch fixes that issue.
Issue-ID: AAF-845
Change-Id: I2004e29e3271a829989e1f46ebcd7e07e1b6185a
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
Issue-ID: AAF-826
Change-Id: Ia8c23170ccaaa52c528d89417d95ddb3478ab00d
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
Also upped SMS/SSHSM versions
Issue-ID: AAF-823
Change-Id: I27de5079cd678d0206238873b81cb55b5612a67a
Signed-off-by: Gathman, Jonathan (jg1555) <jg1555@us.att.com>
|
|
Issue-ID: AAF-822
Change-Id: I3185d827f3f67cb177534f7c7f3281375b77c613
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
Change-Id: Ifa98f8610b0a96a28f3a3ded7cb65663e9455158
Issue-ID: INT-1042
Signed-off-by: Yang Xu <yang.xu3@huawei.com>
|
|
Nodeport exposes aaf-sms outside the cluster
which is a security risk without the proper
authentication systems in place.
We will add external access if needed in the
future.
Issue-ID: OOM-1739
Change-Id: Ibefbd1c5656262131f00a2e53dbf5804f2ead084
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
All charts are being bumped from 3.0.0 to 4.0.0 for the Dublin release.
In addition the requirement.yaml files have been updated to allow for
chart versions that include timestamp suffix. A following on patch will
take care of changes to the OOM Makefiles to support injection of the
timestamp versions.
Change-Id: Ie03d86fad2027e975e8b9106e3a828e4335037cb
Issue-ID: OOM-1642
Signed-off-by: Mike Elliott <mike.elliott@amdocs.com>
|
|
|
|
Issue-ID: OOM-1563
Change-Id: I383dbec29291ba5b13d613f60d8eb343b9c59dda
Signed-off-by: dkamdocs <devesh.kumar@amdocs.com>
|
|
Removed the nodeport usage for sms-db
Converted all multicloud-prometheus charts
to use ClusterIP for now. We can allocate
nodeports for them later on when the services
are requested by other services in multicloud.
Also, disabled the multicloud-prometheus charts from starting up by default.
Change once dependent charts or services are added.
Issue-ID: OOM-1555
Change-Id: I2dddc54015844de3abbbf786f95b8bb6eba92d86
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
Issue-ID: AAF-630
Change-Id: I26b61e5734a0a0249f66325594dc50e03b613727
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
Issue-ID: AAF-620
Change-Id: Iafdc20818e52dab4b6ab56a8053553d6dfe02e6a
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
Sync docker tags with the release manifest from integration
repo commit 1e16c7e67d1fdeadab3789b07d6d2f47b7d0ffd7.
Change-Id: If580d0000108ce9ff70ad128b9bc93bf4364376b
Issue-ID: INT-663
Signed-off-by: Gary Wu <gary.i.wu@huawei.com>
|
|
Issue-ID: AAF-609
Change-Id: Ia3735e269205425e66452701fa15909500e569f7
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
Issue-ID: OPTFRA-331
Change-Id: I4811511424c42aec0dc98d2dcdf3cce3cc2bd218
Signed-off-by: sandovalfrOAM <frank_sandoval@oamtechnologies.com>
Signed-off-by: Frank Sandoval <frank.sandoval@oamtechnologies.com>
|
|
Update SMS version to 3.0.1 to reflect latest image
Issue-ID: AAF-390
Change-Id: Ie4b6c45bf2dc3e8352810809b2c88523240b6d43
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
|
|
Helm charts updated for HAS with MUSIC v3.
Sync conductor.conf, added dependent containers for AAF.
Read config from values.yaml.
Disabled AAF authentication.
Updated resources for OSDF and HAS charts.
Removed hardcoded values for namespace
Change-Id: I683cd0b8c86a6cc9a4b4c4793051878e0d0e5b2f
Issue-ID: OPTFRA-363
Signed-off-by: Dileep Ranganathan <dileep.ranganathan@intel.com>
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
Issue-ID: AAF-571
Change-Id: I95f1f9c1604c36bc76eb556c7f35fdb8caceba57
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
Sync docker tags with the release manifest from integration
repo commit 90e136c83ec5434abaeb9939b995f86aa4089850.
Change-Id: I771393adb429087752dc52df2cd2812dc9ff6a11
Issue-ID: INT-663
Signed-off-by: Gary Wu <gary.i.wu@huawei.com>
|