diff options
| author |   Michal Ptacek <m.ptacek@partner.samsung.com> | 2019-01-28 13:03:16 +0000 |
|---|---|---|
| committer | Michal Ptacek <m.ptacek@partner.samsung.com> | 2019-02-06 08:24:39 +0000 |
| commit | 5a269d2e06be837377364111be9c238979260b78 (patch) | |
| tree | 024c52b6b215ab9e5e780b9289030e81d0d3339b | |
| parent | 1f264b4f471e3570b8b541af7be9a2d300f7c930 (diff) | |
Setting-up NPM registry for dgbuilder
This commit is showing-up how OOM patches must be handled in casablanca
release. In Dublin we would like to avoid this completely OOM-1610
so here we are just reproducing the same logic which was already
implemented in Beijing for bash offline installer.
In general it works in a way that OOM charts are patched during
offline platform build and values are configured in install time using
pre-install application role/hook.
Change-Id: I1a2425ef63edd6bc08dcecf0fcae7fd6e553d0ed
Issue-ID: OOM-1616
Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
| -rwxr-xr-x | build/fetch_and_patch_charts.sh | 69 | ||||
| -rwxr-xr-x | config/application_configuration.yml | 95 | ||||
| -rw-r--r-- | patches/casablanca_3.0.0.patch | 37 | ||||
| -rw-r--r-- | patches/offline-changes.patch | 616 | ||||
| -rw-r--r-- | patches/onap-casablanca-patch-role/tasks/main.yml | 24 |
5 files changed, 225 insertions, 616 deletions
diff --git a/build/fetch_and_patch_charts.sh b/build/fetch_and_patch_charts.sh new file mode 100755 index 00000000..5000dbf5 --- /dev/null +++ b/build/fetch_and_patch_charts.sh @@ -0,0 +1,69 @@ +#! /usr/bin/env bash + +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + +# This simple script should be used during build / packaging process +# and it should be referenced in BuildGuide. +# Patching of helm charts is the only way for OOM charts to be compatible +# with this offline installer. This will become obsolete once native +# solution is implemented in charts themselves and which is tracked +# in OOM-1610 + +# fail fast +set -e + +# colours +_R='\033[0;31;1m' #Red +_G='\033[0;32;1m' #Green +_Y='\033[0;33;1m' #Yellow +C_='\033[0m' #Color off + +usage () { + echo "Usage:" + echo -e "./$(basename $0) <helm charts repo> <commit/tag/branch> <patchfile> <target_dir>\n" + echo "Example: ./$(basename $0) https://gerrit.onap.org/r/oom 3.0.0-ONAP /root/offline-installer/patches/casablanca_3.0.0.patch /root/offline-installer/ansible/application/helm_charts" +} + +if [ "$#" -ne 4 ]; then + echo "This script should get exactly 4 arguments!" + echo -e "Wrong number of parameters provided\n" + usage + exit 1 +fi + +# main +# git and patch tools are preconditions for this to work +CURR=1 +TOTAL=5 + +echo -e "${_G}[Step $((CURR++))/${TOTAL} cloning repo with charts to be patched]${C_}" +git clone "${1}" "${4}" + +echo -e "${_G}[Step $((CURR++))/${TOTAL} setting working dir to ${4}]${C_}" +pushd "${4}" + +echo -e "${_G}[Step $((CURR++))/${TOTAL} git-checkout to correct base]${C_}" +git checkout "${2}" + +echo -e "${_G}[Step $((CURR++))/${TOTAL} patching charts]${C_}" +patch -p0 < "${3}" + +echo -e "${_G}[Step $((CURR++))/${TOTAL} returning to original working directory]${C_}" +popd + diff --git a/config/application_configuration.yml b/config/application_configuration.yml new file mode 100755 index 00000000..d8dffc82 --- /dev/null +++ b/config/application_configuration.yml @@ -0,0 +1,95 @@ +--- +################################### +# Resources configuration entries # +################################### + +# Resource host information + +# folder on resource host where tars with resources are present +resources_dir: /data + +# tarfile name within this folder with offline infrastructure sw +resources_filename: onap-offline-onap-full-3.0.0.resources.tar + +# Infra node specific information + +# offline solution source data binaries will be decompressed in following dir on infra +# e.g. app_data_path: /opt/onap +app_data_path: /opt/onap + +########################################## +# Offline Infrastructure specific params # +########################################## + +# information from which rootCA is created +# e.g. +# organization_name: Samsung +# state_or_province_name: Poland +# country_name: PL +# locality_name: Krakow +certificates: + organization_name: Samsung + state_or_province_name: Poland + country_name: PL + locality_name: Krakow + +# Offline solution is deploying app specific rpm repository and requires some name +# also for k8s cluster +# e.g. app_name: ONAP +app_name: ONAP + + +############################### +# Application specific params # +############################### + +# Project name to utilize same codebase +# e.g. project_configuration: onap-full +project_configuration: onap-full + +# App Helm charts dir. E.g. application/helm_charts/<xxx> where xxx is a charts folder name. +# Helm charts are expected to be inside SW package somewhere inside ./ansible/application +# those will be available for offline installer under /ansible/application/<helm_charts_name> +# for OOM project helm charts are usually within kubernetes sub-folder +# so the path for them can be: +# e.g app_helm_charts_install_directory: "/ansible/application/oom/kubernetes" +app_helm_charts_install_directory: "/ansible/application/helm_charts" + +# to specify target dir where helm charts should be copied into on infra node +# this should be directory with all charts and Makefile +# e.g. app_helm_charts_infra_directory: "{{ app_data_path }}/helm_charts" +app_helm_charts_infra_directory: "{{ app_data_path }}/helm_charts" + +# Main Helm chart to install +# e.g. app_helm_chart_name: onap +app_helm_chart_name: onap + +# Targets for helm charts repository build +# e.g. for ONAP Casablanca +# app_helm_build_targets: +# - all +# - onap +app_helm_build_targets: + - all + - onap + +# Directory with helm plugins +# It's an optional parameter used e.g. in OOM Casablanca +# app_helm_plugins_directory: "{{ app_helm_charts_infra_directory}}/kubernetes/helm/plugins/" +app_helm_plugins_directory: "{{ app_helm_charts_infra_directory}}/kubernetes/helm/plugins/" + +# Helm release name (visible in POD names) used by Helm +# e.g. app_helm_release_name: "{{ project_configuration }}" +app_helm_release_name: "{{ project_configuration }}" + +# Kubernetes namespace where application is installed +# e.g. app_kubernetes_namespace: onap +app_kubernetes_namespace: onap + +# Optional application custom Ansible roles name for pre and post install logic. +# Location of additional custom roles is defined in ansible.cfg with roles_path. +# e.g. application_pre_install_role: "{{ project_configuration }}-patch-role" +application_pre_install_role: onap-casablanca-patch-role +application_post_install_role: + +# any other application specific params can be specified in this file diff --git a/patches/casablanca_3.0.0.patch b/patches/casablanca_3.0.0.patch new file mode 100644 index 00000000..9a3bcabb --- /dev/null +++ b/patches/casablanca_3.0.0.patch @@ -0,0 +1,37 @@ +--- kubernetes/common/dgbuilder/templates/deployment.yaml 2019-01-28 13:01:35.017243076 +0100 ++++ kubernetes/common/dgbuilder/templates/deployment.yaml 2019-01-28 13:19:04.238712534 +0100 +@@ -49,8 +49,14 @@ + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +- command: ["/bin/bash"] +- args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"] ++ command: ++ - /bin/bash ++ - -c ++ - > ++ HOSTS_FILE_RECORD >> /etc/hosts; ++ NPM_REGISTRY_RECORD; ++ cd /opt/onap/ccsdk/dgbuilder/; ++ ./start.sh sdnc1.0 && wait + ports: + - containerPort: {{ .Values.service.internalPort }} + readinessProbe: +--- kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml 2019-01-28 13:01:35.087243698 +0100 ++++ kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml 2019-01-28 13:29:24.881069646 +0100 +@@ -49,8 +49,13 @@ + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }} +- command: ["/bin/bash"] +- args: ["-c", "cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh"] ++ command: ++ - /bin/bash ++ - -c ++ - > ++ HOSTS_FILE_RECORD >> /etc/hosts; ++ NPM_REGISTRY_RECORD; ++ cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: diff --git a/patches/offline-changes.patch b/patches/offline-changes.patch deleted file mode 100644 index 5238da42..00000000 --- a/patches/offline-changes.patch +++ /dev/null @@ -1,616 +0,0 @@ -diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml -index 1c20977..4b47c63 100644 ---- a/kubernetes/appc/values.yaml -+++ b/kubernetes/appc/values.yaml -@@ -29,7 +29,7 @@ global: - ################################################################# - # application image - repository: nexus3.onap.org:10001 --image: onap/appc-image:1.4.0-SNAPSHOT-latest -+image: onap/appc-image:1.3.0 - pullPolicy: Always - - # flag to enable debugging - application support required -@@ -37,10 +37,7 @@ debugEnabled: false - - # application configuration - config: -- aafExtIP: 127.0.0.1 -- aafExtFQDN: aaf-onap-beijing-test.osaaf.org - dbRootPassword: openECOMP1.0 -- enableAAF: false - enableClustering: true - configDir: /opt/onap/appc/data/properties - dmaapTopic: SUCCESS -diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml -index 328e058..b359526 100644 ---- a/kubernetes/common/dgbuilder/templates/deployment.yaml -+++ b/kubernetes/common/dgbuilder/templates/deployment.yaml -@@ -35,8 +35,14 @@ spec: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -- command: ["/bin/bash"] -- args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"] -+ command: -+ - /bin/bash -+ - -c -+ - > -+ UPDATE_HOSTS_FILE >> /etc/hosts; -+ UPDATE_NPM_REGISTRY; -+ cd /opt/onap/ccsdk/dgbuilder/; -+ ./start.sh sdnc1.0 && wait - ports: - - containerPort: {{ .Values.service.internalPort }} - readinessProbe: -@@ -94,3 +100,4 @@ spec: - defaultMode: 0755 - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" -+ -diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml -index acda520..8fa35f9 100644 ---- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml -+++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml -@@ -68,6 +68,8 @@ spec: - - mountPath: /etc/localtime - name: localtime - readOnly: true -+ - mountPath: /etc/pki/ca-trust/source/anchors -+ name: root-ca - securityContext: - privileged: True - lifecycle: -@@ -80,6 +82,8 @@ spec: - set -ex - mkdir -p /var/run/secrets/kubernetes.io/ - ln -s /secret /var/run/secrets/kubernetes.io/serviceaccount -+ echo -e '\nREQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-bundle.crt"' >> /etc/sysconfig/cloudify-restservice -+ update-ca-trust extract - volumes: - - name: {{ include "common.fullname" . }}-config - configMap: -@@ -93,5 +97,8 @@ spec: - - name: localtime - hostPath: - path: /etc/localtime -+ - name: root-ca -+ hostPath: -+ path: CERT_PATH - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" -diff --git a/kubernetes/dmaap/charts/message-router/templates/deployment.yaml b/kubernetes/dmaap/charts/message-router/templates/deployment.yaml -index 379fc24..4802f8b 100644 ---- a/kubernetes/dmaap/charts/message-router/templates/deployment.yaml -+++ b/kubernetes/dmaap/charts/message-router/templates/deployment.yaml -@@ -48,6 +48,12 @@ spec: - name: {{ include "common.name" . }}-readiness - containers: - - name: {{ include "common.name" . }} -+ command: -+ - /bin/sh -+ - -c -+ - > -+ UPDATE_HOSTS_FILE >> /etc/hosts; -+ ./startup.sh - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: -diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml -index b8f15e1..fadb56e 100644 ---- a/kubernetes/onap/values.yaml -+++ b/kubernetes/onap/values.yaml -@@ -39,7 +39,8 @@ global: - loggingRepository: docker.elastic.co - - # image pull policy -- pullPolicy: Always -+ #pullPolicy: Always -+ pullPolicy: IfNotPresent - - # default mount path root directory referenced - # by persistent volumes and log files -@@ -66,11 +67,11 @@ appc: - config: - openStackType: OpenStackProvider - openStackName: OpenStack -- openStackKeyStoneUrl: http://localhost:8181/apidoc/explorer/index.html -- openStackServiceTenantName: default -- openStackDomain: default -- openStackUserName: admin -- openStackEncryptedPassword: admin -+ openStackKeyStoneUrl: FILL-ME -+ openStackServiceTenantName: FILL-ME -+ openStackDomain: FILL-ME -+ openStackUserName: FILL-ME -+ openStackEncryptedPassword: FILL-ME - clamp: - enabled: true - cli: -@@ -97,8 +98,11 @@ nbi: - enabled: true - config: - # openstack configuration -- openStackRegion: "Yolo" -- openStackVNFTenantId: "1234" -+ openStackUserName: "FILL-ME" -+ openStackRegion: "FILL-ME" -+ openStackKeyStoneUrl: "FILL-ME" -+ openStackServiceTenantName: "FILL-ME" -+ openStackEncryptedPasswordHere: "FILL-ME" - policy: - enabled: true - portal: -@@ -112,7 +116,11 @@ sdnc: - - replicaCount: 1 - -+ config: -+ enableClustering: false -+ - mysql: -+ disableNfsProvisioner: true - replicaCount: 1 - so: - enabled: true -@@ -129,11 +137,11 @@ so: - # message router configuration - dmaapTopic: "AUTO" - # openstack configuration -- openStackUserName: "vnf_user" -- openStackRegion: "RegionOne" -- openStackKeyStoneUrl: "http://1.2.3.4:5000" -- openStackServiceTenantName: "service" -- openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" -+ openStackUserName: "FILL-ME" -+ openStackRegion: "FILL-ME" -+ openStackKeyStoneUrl: "FILL-ME" -+ openStackServiceTenantName: "FILL-ME" -+ openStackEncryptedPasswordHere: "FILL-ME" - - # configure embedded mariadb - mariadb: -diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh -index 72f7a74..f6b3478 100644 ---- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh -+++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh -@@ -114,7 +114,7 @@ else - url_release - fi - --wget "${APP_URL}" -O "${DOWNLOAD_DIR}"/apps-"${APP_NAME}".zip -+wget "${APP_URL}" -O "${DOWNLOAD_DIR}"/apps-"${APP_NAME}".zip --no-check-certificate - if [[ $? != 0 ]]; then - echo "ERROR: cannot download ${DOWNLOAD_DIR}/apps-${APP_NAME}.zip" - exit 1 -diff --git a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh -index a6c054d..9e48d55 100644 ---- a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh -+++ b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh -@@ -84,8 +84,8 @@ echo "Restarting PDP-D .." - echo - echo - --POD=$(kubectl --namespace onap-policy get pods | sed 's/ .*//'| grep drools) --kubectl --namespace onap-policy exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 5 && policy start" -+POD=$(kubectl --namespace onap get pods | sed 's/ .*//'| grep drools) -+kubectl --namespace onap exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 1 && policy start" - - sleep 20 - -diff --git a/kubernetes/policy/resources/config/pe/push-policies.sh b/kubernetes/policy/resources/config/pe/push-policies.sh -index dcd3afb..21b3171 100644 ---- a/kubernetes/policy/resources/config/pe/push-policies.sh -+++ b/kubernetes/policy/resources/config/pe/push-policies.sh -@@ -22,7 +22,7 @@ echo "Upload BRMS Param Template" - - sleep 2 - --wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl?h=beijing -+wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl?h=beijing --no-check-certificate - - sleep 2 - -diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml -index aea67c8..06dc17b 100644 ---- a/kubernetes/robot/values.yaml -+++ b/kubernetes/robot/values.yaml -@@ -39,49 +39,49 @@ config: - # Password of the lighthttpd server. Used for HTML auth for webpage access - lightHttpdPassword: robot - # gerrit branch where the latest heat code is checked in -- gerritBranch: 2.0.0-ONAP -+ gerritBranch: master - # gerrit project where the latest heat code is checked in - gerritProject: http://gerrit.onap.org/r/demo.git - - - # Demo configuration - # Nexus demo artifact version. Maps to GLOBAL_INJECTED_ARTIFACTS_VERSION --demoArtifactsVersion: "1.2.0-SNAPSHOT" -+demoArtifactsVersion: "1.3.0" - # Openstack medium sized flavour name. Maps GLOBAL_INJECTED_VM_FLAVOR - openStackFlavourMedium: "m1.medium" - # Openstack keystone URL. Maps to GLOBAL_INJECTED_KEYSTONE --openStackKeyStoneUrl: "http://1.2.3.4:5000" -+openStackKeyStoneUrl: "FILL-ME" - # UUID of the Openstack network that can assign floating ips. Maps to GLOBAL_INJECTED_PUBLIC_NET_ID --openStackPublicNetId: "e8f51958045716781ffc" -+openStackPublicNetId: "FILL-ME" - # password for Openstack tenant where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_PASSWORD --openStackPassword: "tenantPassword" -+openStackPassword: "FILL-ME" - # Openstack region. Maps to GLOBAL_INJECTED_REGION - openStackRegion: "RegionOne" - # Openstack tenant UUID where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_TENANT_ID --openStackTenantId: "47899782ed714295b1151681fdfd51f5" -+openStackTenantId: "FILL-ME" - # username for Openstack tenant where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_USERNAME --openStackUserName: "tenantUsername" -+openStackUserName: "FILL-ME" - # Openstack glance image name for Ubuntu 14. Maps to GLOBAL_INJECTED_UBUNTU_1404_IMAGE --ubuntu14Image: "Ubuntu_14_trusty" -+ubuntu14Image: "FILL-ME" - # Openstack glance image name for Ubuntu 16. Maps to GLOBAL_INJECTED_UBUNTU_1604_IMAGE --ubuntu16Image: "Ubuntu_16_xenial" -+ubuntu16Image: "FILL-ME" - # GLOBAL_INJECTED_SCRIPT_VERSION. Maps to GLOBAL_INJECTED_SCRIPT_VERSION --scriptVersion: "1.2.0-SNAPSHOT" -+scriptVersion: "1.2.1" - # Openstack network to which VNFs will bind their primary (first) interface. Maps to GLOBAL_INJECTED_NETWORK --openStackPrivateNetId: "e8f51956-00dd-4425-af36-045716781ffc" -+openStackPrivateNetId: "FILL-ME" - - # SDNC Preload configuration - # Openstack subnet UUID for the network defined by openStackPrivateNetId. Maps to onap_private_subnet_id --openStackPrivateSubnetId: "e8f51956-00dd-4425-af36-045716781ffc" -+openStackPrivateSubnetId: "FILL-ME" - # CIDR notation for the Openstack private network where VNFs will be spawned. Maps to onap_private_net_cidr --openStackPrivateNetCidr: "10.0.0.0/8" -+openStackPrivateNetCidr: "FILL-ME" - # The first 2 octets of the private Openstack subnet where VNFs will be spawned. - # Needed because sdnc preload templates hardcodes things like this 10.0.${ecompnet}.X - openStackOamNetworkCidrPrefix: "10.0" - # Override with Pub Key for access to VNF --vnfPubKey: "FILL_IN_WITH_PUB_KEY" --# Override with DCAE VES Collector external IP --dcaeCollectorIp: "FILL_IN_WITH_DCAE_VES_COLLECTOR_IP" -+vnfPubKey: "FILL-ME" -+# Override with DCAE VES Collector external IP -+dcaeCollectorIp: "FILL-ME" - - # default number of instances - replicaCount: 1 -@@ -156,4 +156,4 @@ persistence: - accessMode: ReadWriteMany - size: 2Gi - mountPath: /dockerdata-nfs -- mountSubPath: robot/logs -\ No newline at end of file -+ mountSubPath: robot/logs -diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml -index a19c33a..b49e2c4 100644 ---- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml -+++ b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml -@@ -47,8 +47,17 @@ spec: - name: {{ include "common.name" . }}-readiness - containers: - - name: {{ include "common.name" . }} -- command: ["/bin/bash"] -- args: ["-c", "cd /opt/onap/sdnc && ./startAnsibleServer.sh"] -+ command: -+ - bash -+ - "-c" -+ - | -+ pip install /root/ansible_pkg/*.whl -+ dpkg -i /root/ansible_pkg/*.deb -+ cp /etc/ansible/ansible.cfg /etc/ansible/ansible.cfg.orig -+ cat /etc/ansible/ansible.cfg.orig | sed -e 's/#host_key_checking/host_key_checking/' > /etc/ansible/ansible.cfg -+ touch /tmp/.ansible-server-installed -+ cd /opt/onap/sdnc -+ ./startAnsibleServer.sh - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: -@@ -74,6 +83,8 @@ spec: - - mountPath: {{ .Values.config.configDir }}/RestServer_config - name: config - subPath: RestServer_config -+ - mountPath: /root/ansible_pkg -+ name: ansible-pkg - resources: - {{ toYaml .Values.resources | indent 12 }} - {{- if .Values.nodeSelector }} -@@ -92,5 +103,9 @@ spec: - configMap: - name: {{ include "common.fullname" . }} - defaultMode: 0644 -+ - name: ansible-pkg -+ hostPath: -+ path: /root/ansible_pkg - imagePullSecrets: -- - name: "{{ include "common.namespace" . }}-docker-registry-key" -\ No newline at end of file -+ - name: "{{ include "common.namespace" . }}-docker-registry-key" -+ -diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml -index 87ed6aa..5da236d 100644 ---- a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml -+++ b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml -@@ -49,8 +49,13 @@ spec: - name: {{ include "common.name" . }}-readiness - containers: - - name: {{ include "common.name" . }} -- command: ["/bin/bash"] -- args: ["-c", "cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh"] -+ command: -+ - /bin/bash -+ - -c -+ - > -+ UPDATE_HOSTS_FILE >> /etc/hosts; -+ UPDATE_NPM_REGISTRY; -+ cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: -diff --git a/kubernetes/uui/charts/uui-server/templates/deployment.yaml b/kubernetes/uui/charts/uui-server/templates/deployment.yaml -index accdff9..fa83daf 100644 ---- a/kubernetes/uui/charts/uui-server/templates/deployment.yaml -+++ b/kubernetes/uui/charts/uui-server/templates/deployment.yaml -@@ -34,6 +34,12 @@ spec: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -+ command: -+ - /bin/bash -+ - -c -+ - > -+ chown -R mysql:mysql /var/lib/mysql /var/run/mysqld; -+ /home/uui/bin/run.sh - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger ---- oom/kubernetes/common/common/templates/_cacert.tpl 1970-01-01 00:00:00.000000000 +0000 -+++ onap-dev/install/onap-offline/resources/oom/kubernetes/common/common/templates/_cacert.tpl 2018-11-02 15:09:31.781688957 +0000 -@@ -0,0 +1,62 @@ -+#This template adds volume for access to ca certificate. -+#Template is ignored when cacert not set. -+{{- define "common.cacert-volume" }} -+{{- if .Values.global.cacert }} -+- name: cacert -+ configMap: -+ name: {{ include "common.namespace" . }}-root-ca-cert -+{{- end }} -+{{- end }} -+ -+#This template mounts the CA certificate in an ubuntu compatible way. -+#It is mounted to /usr/local/share/ca-certificates/cacert.crt. -+#Template is ignored if cacert not set. -+{{- define "common.cacert-mount-ubuntu" }} -+{{- if .Values.global.cacert }} -+- mountPath: "/usr/local/share/ca-certificates/cacert.crt" -+ name: cacert -+ subPath: certificate -+{{- end }} -+{{- end }} -+ -+#This template creates an empty volume used to store system certificates (includes java keystore). -+{{- define "common.system-ca-store-volume" }} -+{{- if .Values.global.cacert }} -+- name: system-ca-store -+ emptyDir: -+{{- end }} -+{{- end }} -+ -+#This template mounts system ca store volume to /etc/ssl/certs (ubuntu specific). -+#Template is ignored in case cacert is not given. -+{{- define "common.system-ca-store-mount-ubuntu" }} -+{{- if .Values.global.cacert }} -+- mountPath: "/etc/ssl/certs" -+ name: system-ca-store -+{{- end }} -+{{- end }} -+ -+#This template is a template for an init container. -+#This init container can be declared to update system's ca store for ubuntu containers. -+#It runs as root using the same image as the main one. -+#It expects /etc/ssl/certs to be mounted as a volume. -+#It has to be shared with the main container. -+#This template is ignored if cacert is not given as helm value. -+{{- define "common.update-system-ca-store-ubuntu" }} -+{{- if .Values.global.cacert }} -+- command: -+ - "/bin/bash" -+ - "-c" -+ - | -+ mkdir -p /etc/ssl/certs/java -+ update-ca-certificates -+ name: update-system-ca-store -+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -+ image: {{ include "common.repository" . }}/{{ .Values.image }} -+ securityContext: -+ runAsUser: 0 -+ volumeMounts: -+{{ include "common.cacert-mount-ubuntu" . | indent 2 }} -+{{ include "common.system-ca-store-mount-ubuntu" . | indent 2 }} -+{{- end }} -+{{- end }} ---- oom/kubernetes/onap/templates/configmap.yaml 1970-01-01 00:00:00.000000000 +0000 -+++ onap-dev/install/onap-offline/resources/oom/kubernetes/onap/templates/configmap.yaml 2018-11-02 15:09:31.804689107 +0000 -@@ -0,0 +1,15 @@ -+{{ if .Values.global.cacert -}} -+apiVersion: v1 -+kind: ConfigMap -+metadata: -+ name: {{ include "common.namespace" . }}-root-ca-cert -+ namespace: {{ include "common.namespace" . }} -+ labels: -+ app: {{ include "common.name" . }} -+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -+ release: {{ .Release.Name }} -+ heritage: {{ .Release.Service }} -+data: -+ certificate: | -+{{ .Values.global.cacert | indent 4 }} -+{{- end }} ---- oom/kubernetes/policy/charts/brmsgw/templates/deployment.yaml 2018-11-06 07:38:46.341849402 +0000 -+++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/brmsgw/templates/deployment.yaml 2018-11-02 15:09:31.808689133 +0000 -@@ -45,6 +45,7 @@ - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness -+{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }} - containers: - - command: - - /bin/bash -@@ -68,6 +69,8 @@ - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: -+{{ include "common.cacert-mount-ubuntu" . | indent 8 }} -+{{ include "common.system-ca-store-mount-ubuntu" . | indent 8 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true -@@ -94,6 +97,8 @@ - {{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: -+{{ include "common.cacert-volume" . | indent 8 }} -+{{ include "common.system-ca-store-volume" . | indent 8 }} - - name: localtime - hostPath: - path: /etc/localtime ---- oom/kubernetes/policy/charts/drools/templates/statefulset.yaml 2018-11-06 07:38:46.343849404 +0000 -+++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/drools/templates/statefulset.yaml 2018-11-02 15:09:31.810689146 +0000 -@@ -51,6 +51,8 @@ - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness -+{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }} -+{{ include "policy.update-policy-keystore" . | indent 6 }} - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" -@@ -78,6 +80,9 @@ - - name: REPLICAS - value: "{{ .Values.replicaCount }}" - volumeMounts: -+{{ include "common.cacert-mount-ubuntu" . | indent 10 }} -+{{ include "common.system-ca-store-mount-ubuntu" . | indent 10 }} -+{{ include "policy.keystore-mount" . | indent 10 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true -@@ -136,6 +141,9 @@ - {{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: -+{{ include "common.cacert-volume" . | indent 8 }} -+{{ include "common.system-ca-store-volume" . | indent 8 }} -+{{ include "policy.keystore-storage-volume" . | indent 8 }} - - name: localtime - hostPath: - path: /etc/localtime ---- oom/kubernetes/policy/charts/pdp/templates/statefulset.yaml 2018-11-06 07:38:46.345849405 +0000 -+++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/pdp/templates/statefulset.yaml 2018-11-02 15:09:31.812689159 +0000 -@@ -49,6 +49,7 @@ - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness -+{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }} - containers: - - command: - - /bin/bash -@@ -72,6 +73,8 @@ - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: -+{{ include "common.cacert-mount-ubuntu" . | indent 8 }} -+{{ include "common.system-ca-store-mount-ubuntu" . | indent 8 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true -@@ -121,6 +124,8 @@ - {{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: -+{{ include "common.cacert-volume" . | indent 6 }} -+{{ include "common.system-ca-store-volume" . | indent 6 }} - - name: localtime - hostPath: - path: /etc/localtime ---- oom/kubernetes/policy/charts/policy-common/templates/_keystore.tpl 1970-01-01 00:00:00.000000000 +0000 -+++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/policy-common/templates/_keystore.tpl 2018-11-02 15:09:31.812689159 +0000 -@@ -0,0 +1,43 @@ -+#This template creates a volume for storing policy-keystore with imported ca. -+#It is ignored if cacert was not given. -+{{- define "policy.keystore-storage-volume" }} -+{{- if .Values.global.cacert }} -+- name: keystore-storage -+ emptyDir: -+{{- end }} -+{{- end }} -+ -+#This template mounts policy-keystore in appropriate place for policy components to take it. -+#It is ignored if cacert is not given. -+{{- define "policy.keystore-mount" }} -+{{- if .Values.global.cacert }} -+- mountPath: "/tmp/policy-install/config/policy-keystore" -+ name: keystore-storage -+ subPath: policy-keystore -+{{- end }} -+{{- end }} -+ -+#This will extract a policy keystore and then import -+#the root cacert of offline nexus into it. -+#This template expects a volume named keystore-storage where policy-keystore will be put. -+#It also expects volume named cacert where the file "certificate" will contain the cert to import. -+#Template is ignored if ca certificate not given. -+{{- define "policy.update-policy-keystore" }} -+{{- if .Values.global.cacert }} -+- command: -+ - "/bin/bash" -+ - "-c" -+ - | -+ set -e -+ tar -xzf base-*.tar.gz etc/ssl/policy-keystore -+ cp etc/ssl/policy-keystore keystore-storage/ -+ keytool -import -keystore keystore-storage/policy-keystore -storepass "Pol1cy_0nap" -noprompt -file /usr/local/share/ca-certificates/cacert.crt -+ name: update-policy-keystore -+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -+ image: {{ include "common.repository" . }}/{{ .Values.image }} -+ volumeMounts: -+ - mountPath: "/tmp/policy-install/keystore-storage" -+ name: keystore-storage -+{{ include "common.cacert-mount-ubuntu" . | indent 2 }} -+{{- end }} -+{{- end }} ---- oom/kubernetes/policy/templates/deployment.yaml 2018-11-06 07:38:46.346849406 +0000 -+++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/templates/deployment.yaml 2018-11-02 15:09:31.813689166 +0000 -@@ -45,6 +45,7 @@ - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness -+{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }} - containers: - - command: - - /bin/bash -@@ -72,6 +73,8 @@ - - name: PRELOAD_POLICIES - value: "{{ .Values.config.preloadPolicies }}" - volumeMounts: -+{{ include "common.cacert-mount-ubuntu" . | indent 10 }} -+{{ include "common.system-ca-store-mount-ubuntu" . | indent 10 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true -@@ -136,6 +139,8 @@ - {{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: -+{{ include "common.cacert-volume" . | indent 8 }} -+{{ include "common.system-ca-store-volume" . | indent 8 }} - - name: localtime - hostPath: - path: /etc/localtime diff --git a/patches/onap-casablanca-patch-role/tasks/main.yml b/patches/onap-casablanca-patch-role/tasks/main.yml new file mode 100644 index 00000000..a7064b16 --- /dev/null +++ b/patches/onap-casablanca-patch-role/tasks/main.yml @@ -0,0 +1,24 @@ +--- +# This role contains patching logic for OOM charts +# and is valid until OOM-1610 is implemented +- name: Patch OOM - nexus domain resolving + lineinfile: + path: "{{ app_helm_charts_infra_directory }}/{{ item }}" + regexp: '^(.*)HOSTS_FILE_RECORD' + line: '\g<1>{{ cluster_ip }} {{ simulated_hosts.nexus | join(" ") }} >> /etc/hosts;' + backrefs: yes + state: present + with_items: + - common/dgbuilder/templates/deployment.yaml + - sdnc/charts/sdnc-portal/templates/deployment.yaml + +- name: Patch OOM - set npm registry + lineinfile: + path: "{{ app_helm_charts_infra_directory }}/{{ item }}" + regexp: '^(.*)NPM_REGISTRY_RECORD' + line: '\g<1>npm set registry "http://nexus.{{ ansible_nodename }}/repository/npm-private/";' + backrefs: yes + state: present + with_items: + - common/dgbuilder/templates/deployment.yaml + - sdnc/charts/sdnc-portal/templates/deployment.yaml |