| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
Instead of mandating to provide custom certificates before creation of
helm packages, let's propose to include certificates from a known
secret or configmap.
The current implementation will first search for secret and if not
provided will look for configmap.
Issue-ID: OOM-2731
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If2f90adc18efe59c0516db9409964a236bd17a66
|
|
Some components are http based but want to be usable from outside world.
Instead of dealing with TLS part on the component itself, let's use
certInitializer to generate a secret with the certs which will be usable
by Ingress
Issue-ID: SO-3078
Issue-ID: SO-3237
Issue-ID: CPS-281
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If166716d159586b1eb94c111e9d3d82a54c2fd6e
|
|
Instead of long initial delay on readiness and liveness probes, use
startup probes and be more aggressive on readiness and liveness.
Issue-ID: OOM-2741
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If60f345fd1e11fd1419cee58efb7d53e56dc5c79
|
|
As retrieving values is now done via a generic script, let's clean a
little bit cert retrieval in order to remove unneeded part.
Issue-ID: OOM-2688
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I9da14ac5079b2888352bccb8eae984c8421d900f
|
|
Template enhanced to include policy sidecar
support for DCAE components
Issue-ID: DCAEGEN2-2689
Change-Id: Ida7eeadbcc2df2af9579fdda939d0427a7963b63
Signed-off-by: vv770d <vv770d@att.com>
|
|
|
|
|
|
Camunda has given a guide in order to configure camunda
(https://docs.camunda.org/manual/latest/user-guide/process-engine/database/mariadb-galera-configuration/).
Applying it to ONAP camunda configuration.
gitlint-ignore: B1, body-max-line-length
Issue-ID: INT-1883
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie0cb1c70e4271496ffd5e51ce1d816785f88689f
|
|
Utilize Cert-Manager to secure communication between
Cert-Service and its clients, adjust templates and
configs.
Issue-ID: OOM-2712
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I96426b1a184b4d254575e76d29214d9deda08cce
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
|
|
|
|
pointed out by checkbashisms.
$ mycmd=$(tox -e checkbashisms | grep "(should be 'b = a')" | sed -e
"s@^[^.]*\(.[^ ]*\) line \([0-9]*\) .*@sed -i -e '\2s/==/=/g' \1;@")
$ eval $mycmd
Issue-ID: OOM-2643
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: I9032130bc4717e111de11a73187c2f1052376e45
|
|
pointed out by checkbashisms.
$ mycmd=$(tox -e checkbashisms | grep "^possible .*'function' is useless
" | sed -e "s@^[^.]*\(.[^ ]*\) line \([0-9]*\) .*@sed -i -e '\2s/functio
n \\\([^ ()]*\\\) *(\\\?)\\\?/\\\1 ()/\' -e '\2s/(){/() {/' \1;@")
$ eval $mycmd
Issue-ID: OOM-2643
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: Ic41c8ba8288b7a90db9f5775cd601c09ff2ab663
|
|
|
|
%s should be used instead of %d to printf strings.
Even though with %d everything works perfectly fine (as we just need
any string) let's fix this.
Issue-ID: OOM-2328
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I338c47b0f2a82c698c44579737f698b1f19ade38
|
|
pointed out by checkbashisms.
$ tox -e checkbashisms |grep 'interpreter line' | cut -d' ' -f2
|xargs grep -lv '#!/bin/sh' | xargs sed -i -e '1i#!/bin/sh' -e '1i\\'
plus manual fixes
Issue-ID: OOM-2643
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: Ic41fec6ebadd162cecf889f2b119ac82551bd21d
|
|
|
|
Bump versions of CCSDK (including CDS) and SDNC images for
SDNC Honolulu release.
Fixed issues found in CDS command-executor and py-executor
pods.
Added missing env variable settings.
Issue-ID: CCSDK-3125
Issue-ID: SDNC-1473
Issue-ID: CCSDK-3192
Issue-ID: CCSDK-3197
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: Id3bbe696313c568dc9ffb328715a7fc572330411
|
|
Currently if we want to scale message router kafka and zookeeper
we need to do manual changes in charts to make it work. With this patch
all can be done with override files.
Issue-ID: OOM-2613
Signed-off-by: Marat Salakhutdinov <marat.salakhutdinov@bell.ca>
Change-Id: I1782dca26f964f33c250520ee2e187619cee0e5e
|
|
|
|
Set the newest version of crunchy-postgres image.
In this image python 2.x was replaced by python 3.x.
The crunchy-postgres image is used in few projects in the ONAP,
not only in vnfsdk.
Change-Id: I1799b6be66312d2418878533775c741b286bec61
Issue-ID: VNFSDK-647
Signed-off-by: Tomasz Pietruszkiewicz <tomasz.pietruszkiewicz@nokia.com>
|
|
Updating the documentation and bumping version to 8.0.0
Issue-ID: OOM-1
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6f942f1466fed64264c44fb8fc0e1ffc93a98f18
|
|
|
|
This changes fixes postgres data lost that occurs when postgres pods
are restarting.
When crunchy data postgres image starts, it runs /opt/cpm/bin/setenv.sh
script to set PGDATA folder. This script contains:
--
export PGDATA=/pgdata/$HOSTNAME
if [[ -v PGDATA_PATH_OVERRIDE ]]; then
export PGDATA=/pgdata/$PGDATA_PATH_OVERRIDE
fi
--
Since postgres is now a deployment (commit 0b243b600), its pod name is
different on each startup, hence HOSTNAME and PGDATA are also
different each time.
This change is leveraging crunchy data PGDATA_PATH_OVERRIDE environment
variable to set PGDATA to a fixed path. By default, this path is set to
/pgdata/data.
Issue-ID: CPS-271
Change-Id: Icc0f05d64230a98bc21d8f2a74c12c6661e05482
Signed-off-by: Bruno Sakoto <bruno.sakoto@bell.ca>
|
|
|
|
CPS Helm charts added
Issue-ID: CPS-7
Co-authored-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca>
Co-authored-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Co-authored-by: Bruno Sakoto <bruno.sakoto@bell.ca>
Signed-off-by: Claudio David Gasparini <claudio.gasparini@pantheon.tech>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Signed-off-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca>
Signed-off-by: Bruno Sakoto <bruno.sakoto@bell.ca>
Change-Id: I027e5e4b3eec78ce889168f8796d55e6f9fd9be6
Signed-off-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca>
|
|
readiness check can be launched in a lot of various situation.
Especially, it can be runned on deployments / statefulsets where the
user and group are fixed.
But python code underneath can work only when user is set to "onap" as
requirements are installed only for this specific user.
This patch forces the user and group to the desired one.
Issue-ID: OOM-2694
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie70f8e851c30f530fd7a0d6e34ee5bda9274e874
|
|
|
|
The built-in command source is a bashism.
Profiles script must be dotted and not sourced when possible.
Issue-ID: OOM-2688 OOM-2158
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: Id7cad0d499129fa3b7ea020e906748243b1b3ace
|
|
|
|
Instead of having the exact same port number for service and container,
let's allow to use an internal port (usually > 1024) and a service port
(usually 80 or 443).
Issue-ID: OOM-2674
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib90073fc8b069fceed7666778ae0c7b8a8ffcdca
|
|
Current script that retrieve certificates can fail but exit code will be
0. We then add a check in the script in order to avoid such issue
Issue-ID: OOM-2688
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib41c66a4de46db8752f68ef35a2bfb67ca575246
|
|
As for main cassandra chart, with Azure and also some internal
deployments, `nodepool status` takes more than 3 seconds and so
cassandra is not coming up or quite randomly.
This patch gives more room to `nodepool status` to answer.
Issue-ID: OOM-2687
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If6a148a432ed3d83a1e89d38f20fe87e89ab0f57
|
|
With Azure and also some internal deployments, `nodepool status` takes
more than 3 seconds (it can go up to 6 seconds) and so cassandra is not
coming up or quite randomly.
This patch gives more room to `nodepool status` to answer.
Issue-ID: OOM-2687
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I98b0adc751e3cd4fa8710f88567cd8896db548eb
|
|
- correct cmpv2Certificate to take outputType from 'certificates'
- add postStart hook for CertManagerIntegration to make cert dir writable
- add setting ODL_CERT_DIR env
Issue-ID: SDNC-1477
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I4531392cc4f113b173d10a27b98b1fe97d6faa4d
|
|
|
|
Fix so that the useNodePortExt flag is honored when
creating a k8s Service with the service template.
Issue-ID: OOM-2679
Signed-off-by: Jack Lucas <jflos@sonoris.net>
Change-Id: I40ff3ab6df28ee1f9c582dff35a5360f632accbd
|
|
In order to make cassandra behaving smoothly on service mesh, we must
make it listen to 127.0.0.1 but broadcasting the real IP address.
This patch does it.
Issue-ID: OOM-2252
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I2c494a987a7d2d72ddce84ac7fab15bcadbc8cf4
|
|
|
|
Make music to use cert manager to generate
and load the certificates
Issue-ID: OOM-2673
Signed-off-by: Krishna Moorthy <krishna.moorthy6@wipro.com>
Change-Id: I3c655107bebb969f317bcbe87cfc6a55a1821533
|
|
- Create certManagerCertificate chart for Certificate template
- Change default values for duration and renewBefore
- Add creation Secret with keystore password
- Use template in SDNC (add volumes and volumesMounts)
Issue-ID: OOM-2568
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: Ib70d91b599fa6813ed0a6d5b96206508f2fdafcf
|
|
|
|
|
|
Enhance CertServiceAPI response (include CMP server error messages)
Fix KeyUsage extension sent to CMPv2 server
Issue-ID: OOM-2658
Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
Change-Id: Ic2c68b85fce08d20e423b316a3234e6f00799a42
|
|
|
|
New TLS part of Ingress templating was broken. This commit fixes it.
Issue-ID: OOM-2609
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I0b9b41e052911ef0064696ac7cf6ca8a274ae1dd
|
|
|
|
Current startup script of etcd checks whether all assumed other nodes
are already running, before proceeding. This check, however, also
includes checking localhost, but due to using headless service
statefulset pod DNS discovery, it doesnt succeed immediately.
In some deployments k8s DNS server may be laggy, thus failing startup
script to finish before liveness check. This patch fixes such failures
of 1 pod etcd clusters, and improves startup time for any size ones.
Signed-off-by: Konrad Bańka <k.banka@samsung.com>
Issue-ID: OOM-2668
Change-Id: I2f9263a0f4964b0a495631775d0cbbceef25e85b
|
Krzysztof Opasiak
Sylvain Desbureaux
vv770d
Piotr Marcinkiewicz
Guillaume Lambert
Dan Timoney
Marat Salakhutdinov
Tomasz Pietruszkiewicz
Bruno Sakoto
puthuparambil.aditya
Jack Lucas
krishnaa96
Joanna Jeremicz
Konrad Bańka