Age | Commit message (Collapse) | Author | Files | Lines |
|
1. Make changes in order to allow performing KUR/CR in EJBCA:
- Add Certificate Update Admin role
- Enable EndEntityAuthentication module
- Create and set CA with constant UID
- Add configuration for provider.
2. Update CertService, which provides with new certificate update
endpoint.
3. Update release-notes.
Issue-ID: OOM-2753
Issue-ID: OOM-2754
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I9cb0cb4d6d6939ad229a4ea254f2bc35d45a3d52
Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
|
|
Non-breaking spaces (0xa0) are interpreted differently than spaces,
what makes shell scripts debugging very tricky.
Issue-ID: OOM-264
Signed-off-by: guillaume.lambert <guillaume.lambert@orange.com>
Change-Id: Ica60bdc1274ae6f949c1df1cbef0836abd249654
|
|
|
|
Added the missing definition for imagePullSecrets in the
deployment.yaml of ejbca
to support the registryGenerator
Issue-ID: OOM-2791
Signed-off-by: andreas-geissler <andreas-geissler@telekom.de>
Change-Id: Ib5397889f7e1159c8cac472d2565065e90fcc83d
|
|
pointed out by checkbashisms.
Issue-ID: OOM-2643
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: I527f9b8dcad98a5dd9eb30390d26c95c1d918c09
|
|
|
|
Introduction of chartmuseum as internal repo for
ONAP components to push/pull charts post instantiation
+ Script to preload charts to this repo
Change-Id: I4880900548dfe1d3e47a67b3822f82a15314b5b7
Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>
Issue-ID: DCAEGEN2-2630
Issue-ID: OOM-2734
Issue-ID: INT-1895
Issue-ID: DCAEGEN2-2694
Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>
Signed-off-by: vv770d <vv770d@att.com>
|
|
pointed out by checkbashisms.
Issue-ID: OOM-2643
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: Ic9c4edc0fc6bd94a95bcb85d84379e868fb09930
|
|
pointed out by checkbashisms
$ mycmd=$(tox -e checkbashisms
| grep '(\[\[ foo \]\] should be \[ foo \])'
| sed -e "s@^[^.]*\(.[^ ]*\) line \([0-9]*\) .*@sed -i '\2s/\\\[\\\[\\\(
[^]]*\\\)\\\]\\\]/[\\\1]/g' \1;@")
$ eval $mycmd
plus fix manually quoting hells induced and bash specific regex
and multi-conditions
Issue-ID: OOM-2643
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: Ia9626256b5efc837ba12b25d351c8d8a0ba75fb4
|
|
Update ejbca version from 6.15.2.5 to 7.4.3.2
Issue-ID: OOM-2649
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I31929f6444e5a57b295d0664b2b1757992da8b8e
|
|
pointed out by checkbashisms.
$ mycmd=$(tox -e checkbashisms | grep "(should be 'b = a')" | sed -e
"s@^[^.]*\(.[^ ]*\) line \([0-9]*\) .*@sed -i -e '\2s/==/=/g' \1;@")
$ eval $mycmd
Issue-ID: OOM-2643
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: I9032130bc4717e111de11a73187c2f1052376e45
|
|
pointed out by checkbashisms.
$ tox -e checkbashisms |grep 'interpreter line' | cut -d' ' -f2
|xargs grep -lv '#!/bin/sh' | xargs sed -i -e '1i#!/bin/sh' -e '1i\\'
plus manual fixes
Issue-ID: OOM-2643
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: Ic41fec6ebadd162cecf889f2b119ac82551bd21d
|
|
Updating the documentation and bumping version to 8.0.0
Issue-ID: OOM-1
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6f942f1466fed64264c44fb8fc0e1ffc93a98f18
|
|
Add NGINX configuration so it can be run as non root.
Issue-ID: INT-1858
Signed-off-by: Othman Touijer <othman.touijer@soprasteria.com>
Change-Id: I8e313a49db0dfadf5c180c4415c7237ffd3635f9
|
|
This commit introduces a template for requesting a cert-manager certificate.
See: https://cert-manager.io.
It consist of the following parts:
- a template for creating certificate in commons component
- a definition of a certifcate object in sdnc component
Issue-ID: OOM-2568
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: If58b8f12eff075d058db5a0fee3b2db5c2c93a17
|
|
Mariadb DB Galera containers version is outdated and unmaintained. We
need them to move to a new image provider.
As new image provider is not compatible with our old templates, we
also update the templates (by reworking bitnami mariadb-galera chart).
An update of global mariadb image is also done in order to match mariadb
galera version.
Issue-ID: OOM-1720
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib9976227759e90022183d4f37fc655143be4d6ac
|
|
Helm 3.4 checks if every object have not empty name.
Created list have only one element and isn't described in k8s docs.
List should be removed.
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Change-Id: I60fa1920a347ca8061b9c644f992c53b0bc99514
Issue-ID: OOM-2562
|
|
Update cert service and cert service client to allow IPAddresses,
E-mails and URIs as SANs.
Update ejbca configuration with IPAddresses, E-mail and URIs.
Fix dcae bp inputs to use comma as SANs delimiter (from to allow
use of IPv6)
Issue-ID: OOM-2559
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I71bea7f63540eb5d345bce6867fa25e098353d6d
|
|
Update charts and requirements to 7.0.0.
Create release notes for Guilin
Update documentation
Issue-ID: OOM-2638
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I965ed6b6ebb7d74bfddaff73edd3dd55a657841c
|
|
This commit makes Contrib chart to use the new generator for repositories and
images.
As new templates doesn't work well with "sub charts", we move also
subcharts to components folder.
Issue-ID: OOM-2364
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I33ca36a2b25e67fd9f74ae408cd34f58405d6b80
|
|
|
|
Checking if images are in release repository.
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2616
Change-Id: Ibb4f7e51fb3a1afcebaecd04ca3e1a4bf62dd467
|
|
Having limits is important in order to have safe deployment.
EJBCA didn't had one so let's add them.
Issue-ID: OOM-2230
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I435afa6b0f065a66e180379b267227f4b8766478
|
|
|
|
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Change-Id: I56a2ed47aedadcbce02e4e41f246e1e4183a4235
Issue-ID: OOM-2562
|
|
components directory takes up a lot of
space and is included during helm package
Lets remove it using .helmignore
This is just a copy of idea showed in:
"[OOF] Add helmignore to ignore components"
by krishnaa96 <krishna.moorthy6@wipro.com>
Issue-ID: OOM-2534
Suggested-by: krishnaa96 <krishna.moorthy6@wipro.com>
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I25c82e79ba2c472b7761a63365573188ab8db56b
|
|
|
|
Helm is now called by HELM_BIN variable which by default is set to helm
and makefiles use helm from path. HELM_BIN can be overwritten so user
can have two version of helm in system and choose which one to use.
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2562
Change-Id: I0917796aafe234e87afa0ac3c4c15720296276d5
|
|
Set CSR Subject Organizational Unit and Locality to be optional
Issue-ID: OOM-2598
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: Ibb5f0fe7f75a1191906d26521eb96a6b991a295c
|
|
Moving from NodePort to ClusterIP has made a regression.
This patch solves it.
Issue-ID: OOM-2556
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6e2d87bf22bb8f25e6b25653f2954f04c1011800
|
|
|
|
This aims to fix the changes done in
https://gerrit.onap.org/r/c/oom/+/111509 which broke ejbca/netbox/awx
readiness image name pattern.
Change-Id: I65d2f19a96d43c61167d63eb047e960dc213c985
Issue-ID: OOM-2584
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
netbox is only used for testing purpose.
moving the service to ClusterIP is sufficient for that.
Issue-ID: REQ-364
Issue-ID: OOM-2556
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Id8d005a9bcb3fbb29cbf7e82d03a92e245deaaff
|
|
Add configuration to EJBCA that allows to create keystores with
extendedKeyUsage containing serverAuth.
Issue-ID: AAF-1121
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I6fc1d228acb4edc089be11d66186cfb5006e9ad1
|
|
Readiness container v3.x and up are now present in ONAP main repository.
They're also not using root user anymore and then script path has
changed.
Finally, "job_complete" script has been integrated in main "ready"
script.
As those changes are significant, we must upgrade all the components at
once.
Depends-On: I5afa83892043f4844afe12e61724a8d368a9f2e0
Issue-ID: OOM-2545
Signed-off-by: Grzegorz Lis <grzegorz.lis@nokia.com>
Change-Id: I0b4eb5dd86390273532d67d0a9696e1cfcadf110
|
|
Issue-ID: OOM-2452
Signed-off-by: Grzegorz Lis <grzegorz.lis@nokia.com>
Change-Id: I82aa47855716bb2647aea6aac29484b325d80ef0
|
|
Issue-ID: SDNC-1136
Change-Id: I863bd7b280701c503ba45af6ba8e85f48ea18cfb
Signed-off-by: egernug <gerard.nugent@est.tech>
|
|
netbox was using readiness image to run its job. This is not the
proper usage of this image and recently it started failing because
bash is no longer available in this image.
As the script does not containt bash-specific construcitons let's
change the image to curl one and just use whatever shell is there.
Issue-ID: OOM-2406
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I0cc99c6d8fe0dbe59ee982d255753d149fcdd3eb
|
|
postgres was not working with dynamic PV because of lost+found folder.
We changed the mount path to make it work.
Issue-ID: OOM-1227
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Id15fd089c56e339dbc5939cd28207b535e8ab86b
|
|
EJBCA Server is used to test that CMPv2 Certificate handling is well
done in ONAP.
Issue-ID: AAF-1083
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I5e2d25b68b5cd80d3c7bf282ce871dd81e711ff6
|
|
Instead of forcing installation of all contrib components, make the
installation of these components enabled with a toggle, so each person
can choose to install a subset, all or none.
Issue-ID: OOM-2352
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie112fe1f1864587b9ac69f18967a3c28d16bdbbe
|
|
Use 6.0.0 in preparation for Frankfurt release
Issue-ID: OOM-2320
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I8ad82dfdf48b56c38c0e85d640b18cc13c8d9e67
|
|
|
|
|
|
|
|
Extract ingress controller IP address which
is same as node where the metalLB is deployed
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Issue-ID: OOM-2289
Change-Id: I16e6d1704e54b679cb39caa3c720538a5ff60a60
|
|
If Ingress controller is exposed via NodePort
it listens on non standard port, so it can be
quite problematic. Exposing via LoadBalancer
doesn't work properly on bare metal Kubernetes
cluster, so external LB solution is needed.
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Change-Id: I9a2032e8501caca7c3a564f6bbcf969fdde31da2
Issue-ID: OOM-2346
|
|
Remove unneeded NLB annotation, because NLB
doesn't work correctly in the current version of
kurnetes switch to Metallb
Change-Id: I1111a39a639627892a74f12b428a2daa5ff5ff09
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Issue-ID: OOM-2341
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
|
|
Initial version of the script configures
ingress controller service as LoadBalancer
and switches it immediately to NodePort
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Issue-ID: OOM-2341
Change-Id: If741fd2413978ed76bf0678a83c42ac2905042ca
|
|
Underscore configuration should be true
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Issue-ID: PORTAL-806
Change-Id: I88b840e4b8ccd6c635c835ded6e783843aabc10c
|