Age | Commit message (Collapse) | Author | Files | Lines |
|
pointed out by checkbashisms.
Note this kind of indirections can only be replaced directly in POSIX
by commands using eval.
Security risks must be evaluated for each context where eval is called.
For a safe use, the context must ensure that only a limited number of
possible constrainted values are passed to eval.
https://mywiki.wooledge.org/Bashism#Parameter_Expansions
https://mywiki.wooledge.org/BashFAQ/006#Indirection
Issue-ID: OOM-264
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: Id27f3ffd1ddb092a9c038d3a45d9e3278720eb62
|
|
|
|
As part of removing GPLv3 license, policy components have moved from
bash to sh. This change is required in import-custom-certs script so
that custom certificates can be imported into components that try to
import them. Without this change, the init containers of the
components will just fail.
Change-Id: I6c5028428d4cd7c8baf3e96cb16a3cd91db57f9e
Issue-ID: POLICY-3232
Signed-off-by: a.sreekumar <ajith.sreekumar@bell.ca>
|
|
Generic change for all common services by adding ipFamilyPolicy field.
Dual Stack service exposure will be provided depending on k8s version (v1.20+).
Signed-off-by: Magdalena Biernacka <magdalena.1.biernacka@nokia.com>
Issue-ID: OOM-2749
Change-Id: Ia7236705010e625c19a22e42ec9a02c9f75a0ec5
|
|
Instead of long initial delay on readiness and liveness probes, use
startup probes and be more aggressive on readiness and liveness.
Also, decrease number of replicas from 3 to 1
Issue-ID: OOM-2742
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ideb0ede251332e182b975ff18ca5a75bcbff2351
|
|
|
|
|
|
Instead of creating all roles every time with service account chart,
let's just create the specific ones for a chart and point to default one
for the three default roles.
In order to lighten serviceAccount chart, whole logic for default role
creation is in `roles-wrapper`.
Issue-ID: OOM-2729
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib4d6a2669ca7d747320a4bccb65aac863eb60956
|
|
|
|
|
|
- Add mounting certificates in pem format.
- Add comment description to certificates in dcae values
Issue-ID: DCAEGEN2-2688
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I546292c33e25e36376b98d42e08a3c4ffa95de64
|
|
|
|
|
|
Add support for CMPv2 certificates in dcaegen2-services-common
template
Add CMPv2 certificates to HV-VES and VES charts
Issue-ID: DCAEGEN2-2688
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I6ade2c24f240872e78df92ca31b30c779f86e38b
|
|
|
|
|
|
Instead of long initial delay on readiness and liveness probes, use
startup probes and be more aggressive on readiness and liveness.
Issue-ID: OOM-2740
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I86015a4a0c4ab313929c5bd103dedced1df88ec3
|
|
After 3 monthes, usage of Cassandra disk is 8Gi.
Moving PVC Claim to 10Gi in order to satisfy this.
Issue-ID: OOM-1
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If8de6fecdbbc49d588e4234a62f91f319531fca4
|
|
Update common.mariadbService definition under _mariadb.tpl to use the
proper name of DB in case of local installation
Issue-ID: OOM-2736
Signed-off-by: Mahmoud Abdelhamid <mahmoud.abdelhamid@orange.com>
Change-Id: I454915d493f692076eadbf6ccd69c2d93f36ffc4
|
|
|
|
|
|
|
|
With stability tests, we see that mariadb gets OOM killed and has some
CPU throttling.
Putting higher limits in order to make it no happen.
Scaling also replicas from VFC and APPC db from 3 to 1.
Issue-ID: INT-1883
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I2699b34ac5fcaa805c6fc01592c5a5f607b17fae
|
|
Instead of mandating to provide custom certificates before creation of
helm packages, let's propose to include certificates from a known
secret or configmap.
The current implementation will first search for secret and if not
provided will look for configmap.
Issue-ID: OOM-2731
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If2f90adc18efe59c0516db9409964a236bd17a66
|
|
Some components are http based but want to be usable from outside world.
Instead of dealing with TLS part on the component itself, let's use
certInitializer to generate a secret with the certs which will be usable
by Ingress
Issue-ID: SO-3078
Issue-ID: SO-3237
Issue-ID: CPS-281
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If166716d159586b1eb94c111e9d3d82a54c2fd6e
|
|
Instead of long initial delay on readiness and liveness probes, use
startup probes and be more aggressive on readiness and liveness.
Issue-ID: OOM-2741
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If60f345fd1e11fd1419cee58efb7d53e56dc5c79
|
|
As retrieving values is now done via a generic script, let's clean a
little bit cert retrieval in order to remove unneeded part.
Issue-ID: OOM-2688
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I9da14ac5079b2888352bccb8eae984c8421d900f
|
|
Template enhanced to include policy sidecar
support for DCAE components
Issue-ID: DCAEGEN2-2689
Change-Id: Ida7eeadbcc2df2af9579fdda939d0427a7963b63
Signed-off-by: vv770d <vv770d@att.com>
|
|
|
|
|
|
Camunda has given a guide in order to configure camunda
(https://docs.camunda.org/manual/latest/user-guide/process-engine/database/mariadb-galera-configuration/).
Applying it to ONAP camunda configuration.
gitlint-ignore: B1, body-max-line-length
Issue-ID: INT-1883
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie0cb1c70e4271496ffd5e51ce1d816785f88689f
|
|
Utilize Cert-Manager to secure communication between
Cert-Service and its clients, adjust templates and
configs.
Issue-ID: OOM-2712
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I96426b1a184b4d254575e76d29214d9deda08cce
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
|
|
Instead of creating a truststore nobody is using when using AAF, let's
reuse AAF truststore and onboard certs in it.
Issue-ID: OOM-2730
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Idb1af0357e286d9536c5d16f592068b61f885b0a
|
|
|
|
pointed out by checkbashisms.
$ mycmd=$(tox -e checkbashisms | grep "(should be 'b = a')" | sed -e
"s@^[^.]*\(.[^ ]*\) line \([0-9]*\) .*@sed -i -e '\2s/==/=/g' \1;@")
$ eval $mycmd
Issue-ID: OOM-2643
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: I9032130bc4717e111de11a73187c2f1052376e45
|
|
pointed out by checkbashisms.
$ mycmd=$(tox -e checkbashisms | grep "^possible .*'function' is useless
" | sed -e "s@^[^.]*\(.[^ ]*\) line \([0-9]*\) .*@sed -i -e '\2s/functio
n \\\([^ ()]*\\\) *(\\\?)\\\?/\\\1 ()/\' -e '\2s/(){/() {/' \1;@")
$ eval $mycmd
Issue-ID: OOM-2643
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: Ic41c8ba8288b7a90db9f5775cd601c09ff2ab663
|
|
|
|
%s should be used instead of %d to printf strings.
Even though with %d everything works perfectly fine (as we just need
any string) let's fix this.
Issue-ID: OOM-2328
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I338c47b0f2a82c698c44579737f698b1f19ade38
|
|
pointed out by checkbashisms.
$ tox -e checkbashisms |grep 'interpreter line' | cut -d' ' -f2
|xargs grep -lv '#!/bin/sh' | xargs sed -i -e '1i#!/bin/sh' -e '1i\\'
plus manual fixes
Issue-ID: OOM-2643
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: Ic41fec6ebadd162cecf889f2b119ac82551bd21d
|
|
|
|
Bump versions of CCSDK (including CDS) and SDNC images for
SDNC Honolulu release.
Fixed issues found in CDS command-executor and py-executor
pods.
Added missing env variable settings.
Issue-ID: CCSDK-3125
Issue-ID: SDNC-1473
Issue-ID: CCSDK-3192
Issue-ID: CCSDK-3197
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: Id3bbe696313c568dc9ffb328715a7fc572330411
|
|
Currently if we want to scale message router kafka and zookeeper
we need to do manual changes in charts to make it work. With this patch
all can be done with override files.
Issue-ID: OOM-2613
Signed-off-by: Marat Salakhutdinov <marat.salakhutdinov@bell.ca>
Change-Id: I1782dca26f964f33c250520ee2e187619cee0e5e
|
|
|
|
Set the newest version of crunchy-postgres image.
In this image python 2.x was replaced by python 3.x.
The crunchy-postgres image is used in few projects in the ONAP,
not only in vnfsdk.
Change-Id: I1799b6be66312d2418878533775c741b286bec61
Issue-ID: VNFSDK-647
Signed-off-by: Tomasz Pietruszkiewicz <tomasz.pietruszkiewicz@nokia.com>
|
|
Updating the documentation and bumping version to 8.0.0
Issue-ID: OOM-1
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6f942f1466fed64264c44fb8fc0e1ffc93a98f18
|
|
|
|
This changes fixes postgres data lost that occurs when postgres pods
are restarting.
When crunchy data postgres image starts, it runs /opt/cpm/bin/setenv.sh
script to set PGDATA folder. This script contains:
--
export PGDATA=/pgdata/$HOSTNAME
if [[ -v PGDATA_PATH_OVERRIDE ]]; then
export PGDATA=/pgdata/$PGDATA_PATH_OVERRIDE
fi
--
Since postgres is now a deployment (commit 0b243b600), its pod name is
different on each startup, hence HOSTNAME and PGDATA are also
different each time.
This change is leveraging crunchy data PGDATA_PATH_OVERRIDE environment
variable to set PGDATA to a fixed path. By default, this path is set to
/pgdata/data.
Issue-ID: CPS-271
Change-Id: Icc0f05d64230a98bc21d8f2a74c12c6661e05482
Signed-off-by: Bruno Sakoto <bruno.sakoto@bell.ca>
|
|
|
|
CPS Helm charts added
Issue-ID: CPS-7
Co-authored-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca>
Co-authored-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Co-authored-by: Bruno Sakoto <bruno.sakoto@bell.ca>
Signed-off-by: Claudio David Gasparini <claudio.gasparini@pantheon.tech>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Signed-off-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca>
Signed-off-by: Bruno Sakoto <bruno.sakoto@bell.ca>
Change-Id: I027e5e4b3eec78ce889168f8796d55e6f9fd9be6
Signed-off-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca>
|
|
readiness check can be launched in a lot of various situation.
Especially, it can be runned on deployments / statefulsets where the
user and group are fixed.
But python code underneath can work only when user is set to "onap" as
requirements are installed only for this specific user.
This patch forces the user and group to the desired one.
Issue-ID: OOM-2694
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie70f8e851c30f530fd7a0d6e34ee5bda9274e874
|