Age | Commit message (Collapse) | Author | Files | Lines |
|
With the introduction of common secret template many of ONAP passwords
started being automatically generated.
The algorithm that we use for this purpose allows to choose the
complexity of generated password. By default we use "long" which
contains special characters. Unfortunately this turns out to often
cause some issue. To make our deployment more stable and user friendly
lets allow the deployer to choose the desired password complexity.
Issue-ID: OOM-2328
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ib7a412e19f6b44f20c8ac388393936cf5d967d4e
(cherry picked from commit f5ee1c5aa533c47f93b091eafb366c4185b4ab49)
|
|
Fix both clamp and common mariadb-galera instances to make sure that
special characters in passwords are escaped properly.
Issue-ID: OOM-2328
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Iee48523d36d404ad7b21515f0d205f2f60a507ed
(cherry picked from commit 7860146d73472e3b2ff9f7390638ae608c9f9d0f)
|
|
Add hard coded certificate for CCSDK dgbuilder (design time tool)
Issue-ID: CCSDK-2541
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: I9fe61a1bdf17cbdf22a3d518ded27582e86c2c07
|
|
' is one of characters that are placed in passwords by our default
password generation algorith. As ' is a special character in SQL
we need to escape it before concatenating it with SQL command.
Let's also add set -e to fail if any of databases has not been created
Issue-ID: OOM-2436
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ida8c75639eaa4049e3f874d30666f1fe4dc02e12
(cherry picked from commit c5dac87fa301247928211d5944be22ae14bcd534)
|
|
This reverts commit f5993cdff9c9d873966d24e7987094fee4d13f0d.
Reason for revert: upgrade script is not working well in all situations
Issue-ID: INT-1633
Change-Id: Ic743f36fac73315eb10189e82cda80aa60e49af8
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
When upgrading from a version to another, it may be impossible to do it
"simply" because of changes in immutable properties of statefulsets. We
change that here by creating a temporary deployment which will hold the
whole databases during the time the old statefulset gets destroyed and
the new one gets created.
Issue-ID: OOM-2316
Signed-off-by: tringuyen <tri.nguyen@tatacommunications.com>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I318d72830d5002f50597e23e0753e292f8b47c53
(cherry picked from commit eb9eb59171a43d25fb012aaad0a1d37ca86bc2bf)
|
|
Not all components declare repository in the global section which may
lead to some error when processing just a single component instead of
whole onap. To avoid this let's make sure that cerInitializer sets
repository url internally.
Issue-ID: OOM-2416
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I4fd2a235b188c7ee09d0173dbaa873141187a077
(cherry picked from commit 1b6861577c9b0a67e14ce70b1ddecc2e70db88ca)
|
|
Update versions for SDNC and CCSDK dockers to reflect Frankfurt RC2
versions.
Issue-ID: SDNC-1171
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: Iaf34379550d148a164341dac6c44fa20926b8ccb
(cherry picked from commit 830b85f4e37b11136e473182f64ed5612e5edb72)
|
|
Instead of copy-pasting code around aaf_agent usage let's use a common
template that automates this.
Issue-ID: AAF-1134
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I9b3c7aab73186c0bf1dfaa5fe21cf2f001ca8619
|
|
One of reasons why certInitializer is a proper chart that you need to
put in your requirements.yaml is to avoid copy-pasting the same global
values among different charts. As it turned out in tests we've been
not "mangling" global values properly while creating
$subchartDot. This patch fixes the issue.
Issue-ID: AAF-1134
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I630154c4eedd7192ebb1881e5899c8df495d988b
|
|
By mistage aaf-agent-certs volume was created only if aaf_add_config
option was set. This is incorrect as it should be created always.
Issue-ID: AAF-1134
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I6172d2cbb781db4a26e09b7c4c324e985978b31e
(cherry picked from commit 108483cae4831bb99e11d0c7df9dad8621b202ff)
|
|
aaf_agent image currently contains hardcoded truststores in order to
be able to connect to certman to retrieve certificate for given
component.
The goal is to remove hardcoded truststore from aaf_agent immage but
first we need to be sure that all its users are able to provide the
truststore to the pod as a configmap.
Issue-ID: AAF-1134
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ibe9de6ad7264c05aeca2af858918fc2b4d3a772b
(cherry picked from commit 95a5f84069703c583e49028b37003c73c03cc07d)
|
|
|
|
' is one of characters that are placed in passwords by our default
password generation algorith. As ' is a special character in SQL files
we need to escape it before substituting environment variables in .sql file.
Issue-ID: OOM-2317
Reported-by: Fiachra Corcoran <fiachra.corcoran@est.tech>
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I970eaf03fbcbfa8cb68df4a06ee27503d02d896a
(cherry picked from commit b0a2d3b3628166dc2dba34a6984cc36b8f821fe0)
|
|
Changes requested by Yuriy. Moved policy password to secrets.
Issue-ID: CCSDK-1307
Signed-off-by: bt2983 <bt2983@att.com>
Change-Id: Ibec80f147ad1f7623b5915afd0072f7add76ef9f
(cherry picked from commit 91566f00ca5ad9d76ff658f05fc8596ab481287a)
|
|
Changes requested by Yuriy. Updated Policy URL.
Issue-ID: CCSDK-1307
Signed-off-by: bt2983 <bt2983@att.com>
Change-Id: I8880fdc5a3a3611f036b3277991c5880f250f3f7
(cherry picked from commit 06961eb7abf0b71206f414e8a2456e0801e32ed0)
|
|
into frankfurt
|
|
Issue-ID: OOM-2250
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ibad1e8d523d2a182d2f43e1ae2b46fff07c11e01
(cherry picked from commit b51ee37db0bf164fb24961c5f1146e22ea245dfa)
|
|
After we upgraded our helm version we started getting below issues
with emails:
Warning: Merging destination map for chart 'curator'.
Overwriting table item 'image', with non table value:
onap/sdnc-image:1.8.2
To fix this let's just use "" instead of () for our daily operations.
Issue-ID: OOM-2412
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I5f2c215c281036a7eb921d6a805527c807a4aca9
(cherry picked from commit 8953675506f4b3807502a3be73b846ab5fe79c67)
|
|
ONAP is built using plain makefile rules. List of targets is generated
using wildcard function. Based on make changelog:
http://git.savannah.gnu.org/cgit/make.git/tree/NEWS
since version 3.82 wildcard is not going to sort its results which
means that charts are being processed in an arbitrary order which may
lead to build failure due to missing dependencies.
Since version 4.3 make started sorting the wildcard results once again
which may lead to build issues.
To avoid that and make our builds predictible independently from
Makefile version let's make sure that we always sort wildcard results.
Addinally let's use 'file://' instead of '@local' for charts in common
to resolve dependencies between them.
Issue-ID: OOM-2399
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Iacb02dcdbd577ce0e9ca1078dd0586d296ec9375
(cherry picked from commit aae2da91becf5f1f56329d49656c1ad634917cba)
|
|
|
|
|
|
Update helm charts to use RC1 version of CCSDK dockers
Issue-ID: CCSDK-2358
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: Id247bdf3442084d724b84ed752956d08868c7ddf
|
|
Add new template that can be used to obtain certificate by
component. Make also a PoC with NBI.
Strongly based on aaf-config template.
Issue-ID: AAF-1134
Change-Id: I10cb2a7b36a8dc436be337518cc15431aabbbc5d
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
Removal of tomcat and zookeeper as per latest music version..
Replaced with cassandra only and spring boot version of music,
adding support for https and running the music container under
a non-root user
Update oof-has music-api configuration, use https
Switch to music-api-springboot for all the ready.py
Issue-ID: MUSIC-572
Signed-off-by: Tschaen, Brendan <ctschaen@att.com>
Change-Id: Idbfac29cb5e9808787b5994e2575f055c292a146
Signed-off-by: vrvarma <vikas.varma@att.com>
|
|
ingress template is needed to create ingress.
Issue-ID: OOM-2173
Issue-ID: OOM-2188
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ia957cb25f3f76658affabd148aaa4118b2d7ea0c
|
|
Use the different "common" templates in order to create consistent and
v1.16+ compatible templates for the different resources of AAF
Issue-ID: AAF-1122
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iefc1391211a69b6584ea127066ce430d4f5eb389
|
|
Add Ingress for dgbuilder in common and update SDNC and APPC in order to
use proper configuration.
Issue-ID: OOM-2173
Issue-ID: OOM-2188
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib810ce3f4b3ff2ff3297c39be352d246aef6d7f1
|
|
|
|
derivePassword which we use to generate our passwords includes ' in
set of special characters that can be used in passwords.
Current implementation of bitnami configure-mysql.sh simply
concatenates password surrounded with '' rest of SQL query. This
causes issues if password contains ' as it creates invalid SQL statement.
To fix this issue we just patch the script and escape the special '
character in password.
Issue-ID: OOM-2246
Reported-by: Mateusz Pilat <m.pilat@partner.samsung.com>
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I3d2150760755e55558e2045cbb7ca5693c8ab71f
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
While working on password removal we added a new configuration
node (config.db) which should be used for passing db credentials. Now
when all user are switched to use new config options we can remove
backward compatibility layer and start using new options.
Issue-ID: OOM-2247
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I77876fbfc0a4af18fa36f0e8c5813a5e393a7e09
|
|
|
|
Add three templates:
* one for creating the sidecar
* one for creating the configmap
* one for creating the volumes
Issue-ID: OOM-2370
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I34ac35a30b3ab892622431ee7c70277bc7b1f41d
|
|
|
|
|
|
Add elasticdb as common chart to oom
Issue-ID: SDNC-1061
Signed-off-by: Alexander Dehn <alexander.dehn@highstreet-technologies.com>
Change-Id: Id8c48113b8d4193d7f13991296f0307a29724c01
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
Change-Id: I287b830f86da0fe0adc440cf9e645f8d244aefe1
Issue-ID: OOM-2368
Signed-off-by: afenner <andrew.fenner@est.tech>
|
|
Use the different "common" templates in order to create consistent and
v1.16+ compatible templates for the different resources of DMaaP DR
Node.
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I399b168882d09bd8f08148758a0f683e15ac141c
|
|
|
|
OOM uses two node port prefix.
Templates were not able to use the second one.
This patch allows templates to use the second node port prefix and also
to override on a per chart basis the value of the node port prefix.
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I05f43e3dad93d6f0fbf575657ea41082e7c91053
|
|
The time has come! All ONAP charts use now common secret template at
least for the mariadb-galera root password (and most of them also for
user part). This means that it should be now safe to remove hardcoded
mariadb-galera root password and depend on common secret template to
generate it for every deployment.
No more secretpassword!:D
Issue-ID: OOM-2342
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ib9d8bbcc45bfd85a4d762c716c03dba23d901009
|
|
|
|
|
|
"index" function is bad in term of performance in Helm.
Reworked the templates in order to avoid it.
as certificates are retrieved at every boot (and as already present
certs are deleted before), we don't need persistent storage
Also set aafImage as a global variable in order to have a consistent use
accross ONAP
Issue-ID: EXTAPI-375
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie3f5ae5c2a37d816afc42d2c67ebe8e40e749c79
|
|
Update image versions for SDNC and CCSDK to use Frankfurt
M4 versions
Updated CDS versions to use repaired version 0.7.1
Reverted naming service to El Alto version (0.6.3) as
workaround while startup issue is investigated.
Issue-ID: SDNC-1110
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: Ie76466dd65a3a3dfb0df2aaa13f14c298bbc7c11
|
|
Use 6.0.0 in preparation for Frankfurt release
Issue-ID: OOM-2320
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I8ad82dfdf48b56c38c0e85d640b18cc13c8d9e67
|
|
1. Add the possibility to specify a suffix and a specific persistence
information path.
This is useful when a deployment has several PVC
2. Create a template for Volume Claim Templates in Statefulset
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I0ed47818e8f5a73b54f95cb82615adaa03bf8ce8
|
|
Keep HTTP port reachable from inside the server.
Issue-ID: OJSI-101
Change-Id: I0468697d8f3d0192a5d8e102501db0d14633fa86
Signed-off-by: gummar <raj.gumma@est.tech>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
filePaths comes as a list and we didn't "fully support" passing this
variable as a reference to other variable like we do in all other
cases.
Let's fix that and allow both constructs:
secrets:
- name: construct 1
type: generic
filePaths:
- file1
- file2
- name: construct 2
type: generic
filePaths: '{{ .Values.fpaths }}'
fpaths: |
- file1
- file2
- '{{ include "templateThatGeneratesFileName" . }}
Please note the | after : in fpaths. It means that from yaml point of
view this is is a string. We need to do it this way because we pass
this to tpl function and then we need to collect a proper list from it.
Issue-ID: SO-2730
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I5a6b475366bfea4cd0995a7e530bf88cb8ad639e
|
|
|