summaryrefslogtreecommitdiffstats
path: root/patches/casablanca.patch
diff options
context:
space:
mode:
Diffstat (limited to 'patches/casablanca.patch')
-rw-r--r--patches/casablanca.patch428
1 files changed, 428 insertions, 0 deletions
diff --git a/patches/casablanca.patch b/patches/casablanca.patch
new file mode 100644
index 00000000..e0ea0ec5
--- /dev/null
+++ b/patches/casablanca.patch
@@ -0,0 +1,428 @@
+From 10656e7f8089e3c3a718a947fd10b1a728eeb8c6 Mon Sep 17 00:00:00 2001
+From: Milan Verespej <m.verespej@partner.samsung.com>
+Date: Wed, 6 Feb 2019 10:24:09 +0100
+Subject: [PATCH] Casablanca 3.0.0 offline patch
+
+---
+ .../templates/deployment.yaml | 12 ++-
+ .../common/common/templates/_cacert.tpl | 80 +++++++++++++++++++
+ .../dgbuilder/templates/deployment.yaml | 10 ++-
+ .../templates/deployment.yaml | 7 ++
+ kubernetes/onap/templates/configmap.yaml | 33 ++++++++
+ .../charts/brmsgw/templates/deployment.yaml | 5 ++
+ .../charts/drools/templates/statefulset.yaml | 8 ++
+ .../charts/pdp/templates/statefulset.yaml | 5 ++
+ .../policy-common/templates/_keystore.tpl | 61 ++++++++++++++
+ .../templates/deployment.yaml | 12 ++-
+ .../sdnc-portal/templates/deployment.yaml | 9 ++-
+ 11 files changed, 234 insertions(+), 8 deletions(-)
+ create mode 100644 kubernetes/common/common/templates/_cacert.tpl
+ create mode 100644 kubernetes/onap/templates/configmap.yaml
+ create mode 100644 kubernetes/policy/charts/policy-common/templates/_keystore.tpl
+
+diff --git a/kubernetes/appc/charts/appc-ansible-server/templates/deployment.yaml b/kubernetes/appc/charts/appc-ansible-server/templates/deployment.yaml
+index a7daa051..b7cdd9e6 100644
+--- a/kubernetes/appc/charts/appc-ansible-server/templates/deployment.yaml
++++ b/kubernetes/appc/charts/appc-ansible-server/templates/deployment.yaml
+@@ -47,8 +47,16 @@ spec:
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
+- command: ["/bin/bash"]
+- args: ["-c", "cd /opt/onap/ccsdk && ./startAnsibleServer.sh"]
++ command:
++ - /bin/bash
++ - -c
++ - >
++ pip install -i http://nexus3.onap.org/repository/pypi-private/simple/
++ --trusted-host nexus3.onap.org
++ PyMySQL cherrypy requests;
++ curl -s repo.infra-server/ubuntu/xenial/onap.list > /etc/apt/sources.list;
++ apt-get update;
++ cd /opt/onap/ccsdk && ./startAnsibleServer.sh
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+diff --git a/kubernetes/common/common/templates/_cacert.tpl b/kubernetes/common/common/templates/_cacert.tpl
+new file mode 100644
+index 00000000..4fb80964
+--- /dev/null
++++ b/kubernetes/common/common/templates/_cacert.tpl
+@@ -0,0 +1,80 @@
++# COPYRIGHT NOTICE STARTS HERE
++#
++# Copyright 2018 © Samsung Electronics Co., Ltd.
++#
++# Licensed under the Apache License, Version 2.0 (the "License");
++# you may not use this file except in compliance with the License.
++# You may obtain a copy of the License at
++#
++# http://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing, software
++# distributed under the License is distributed on an "AS IS" BASIS,
++# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++# See the License for the specific language governing permissions and
++# limitations under the License.
++#
++# COPYRIGHT NOTICE ENDS HERE
++
++#This template adds volume for access to ca certificate.
++#Template is ignored when cacert not set.
++{{- define "common.cacert-volume" }}
++{{- if .Values.global.cacert }}
++- name: cacert
++ configMap:
++ name: {{ include "common.namespace" . }}-root-ca-cert
++{{- end }}
++{{- end }}
++
++#This template mounts the CA certificate in an ubuntu compatible way.
++#It is mounted to /usr/local/share/ca-certificates/cacert.crt.
++#Template is ignored if cacert not set.
++{{- define "common.cacert-mount-ubuntu" }}
++{{- if .Values.global.cacert }}
++- mountPath: "/usr/local/share/ca-certificates/cacert.crt"
++ name: cacert
++ subPath: certificate
++{{- end }}
++{{- end }}
++
++#This template creates an empty volume used to store system certificates (includes java keystore).
++{{- define "common.system-ca-store-volume" }}
++{{- if .Values.global.cacert }}
++- name: system-ca-store
++ emptyDir:
++{{- end }}
++{{- end }}
++
++#This template mounts system ca store volume to /etc/ssl/certs (ubuntu specific).
++#Template is ignored in case cacert is not given.
++{{- define "common.system-ca-store-mount-ubuntu" }}
++{{- if .Values.global.cacert }}
++- mountPath: "/etc/ssl/certs"
++ name: system-ca-store
++{{- end }}
++{{- end }}
++
++#This template is a template for an init container.
++#This init container can be declared to update system's ca store for ubuntu containers.
++#It runs as root using the same image as the main one.
++#It expects /etc/ssl/certs to be mounted as a volume.
++#It has to be shared with the main container.
++#This template is ignored if cacert is not given as helm value.
++{{- define "common.update-system-ca-store-ubuntu" }}
++{{- if .Values.global.cacert }}
++- command:
++ - "/bin/bash"
++ - "-c"
++ - |
++ mkdir -p /etc/ssl/certs/java
++ update-ca-certificates
++ name: update-system-ca-store
++ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
++ image: {{ include "common.repository" . }}/{{ .Values.image }}
++ securityContext:
++ runAsUser: 0
++ volumeMounts:
++{{ include "common.cacert-mount-ubuntu" . | indent 2 }}
++{{ include "common.system-ca-store-mount-ubuntu" . | indent 2 }}
++{{- end }}
++{{- end }}
+diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml
+index 353c2314..2cb02d62 100644
+--- a/kubernetes/common/dgbuilder/templates/deployment.yaml
++++ b/kubernetes/common/dgbuilder/templates/deployment.yaml
+@@ -49,8 +49,14 @@ spec:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+- command: ["/bin/bash"]
+- args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"]
++ command:
++ - /bin/bash
++ - -c
++ - >
++ HOSTS_FILE_RECORD >> /etc/hosts;
++ NPM_REGISTRY_RECORD;
++ cd /opt/onap/ccsdk/dgbuilder/;
++ ./start.sh sdnc1.0 && wait
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ readinessProbe:
+diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
+index 79bd8962..8e807a9b 100644
+--- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
++++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
+@@ -70,6 +70,8 @@ spec:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
++ - mountPath: /etc/pki/ca-trust/source/anchors
++ name: root-ca
+ securityContext:
+ privileged: True
+ lifecycle:
+@@ -82,6 +84,8 @@ spec:
+ set -ex
+ mkdir -p /var/run/secrets/kubernetes.io/
+ ln -s /secret /var/run/secrets/kubernetes.io/serviceaccount
++ echo -e '\nREQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-bundle.crt"' >> /etc/sysconfig/cloudify-restservice
++ update-ca-trust extract
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+@@ -95,5 +99,8 @@ spec:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
++ - name: root-ca
++ hostPath:
++ path: /etc/pki/ca-trust/source/anchors
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+diff --git a/kubernetes/onap/templates/configmap.yaml b/kubernetes/onap/templates/configmap.yaml
+new file mode 100644
+index 00000000..b1804a36
+--- /dev/null
++++ b/kubernetes/onap/templates/configmap.yaml
+@@ -0,0 +1,33 @@
++# COPYRIGHT NOTICE STARTS HERE
++#
++# Copyright 2018 © Samsung Electronics Co., Ltd.
++#
++# Licensed under the Apache License, Version 2.0 (the "License");
++# you may not use this file except in compliance with the License.
++# You may obtain a copy of the License at
++#
++# http://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing, software
++# distributed under the License is distributed on an "AS IS" BASIS,
++# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++# See the License for the specific language governing permissions and
++# limitations under the License.
++#
++# COPYRIGHT NOTICE ENDS HERE
++
++{{ if .Values.global.cacert -}}
++apiVersion: v1
++kind: ConfigMap
++metadata:
++ name: {{ include "common.namespace" . }}-root-ca-cert
++ namespace: {{ include "common.namespace" . }}
++ labels:
++ app: {{ include "common.name" . }}
++ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
++ release: {{ .Release.Name }}
++ heritage: {{ .Release.Service }}
++data:
++ certificate: |
++{{ .Values.global.cacert | indent 4 }}
++{{- end }}
+diff --git a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml
+index 7535d541..bbd63c13 100644
+--- a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml
++++ b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml
+@@ -46,6 +46,7 @@ spec:
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
++{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }}
+ containers:
+ - command:
+ - /bin/bash
+@@ -69,6 +70,8 @@ spec:
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
++{{ include "common.cacert-mount-ubuntu" . | indent 8 }}
++{{ include "common.system-ca-store-mount-ubuntu" . | indent 8 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+@@ -95,6 +98,8 @@ spec:
+ {{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
++{{ include "common.cacert-volume" . | indent 8 }}
++{{ include "common.system-ca-store-volume" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+diff --git a/kubernetes/policy/charts/drools/templates/statefulset.yaml b/kubernetes/policy/charts/drools/templates/statefulset.yaml
+index 6564e798..53c8b600 100644
+--- a/kubernetes/policy/charts/drools/templates/statefulset.yaml
++++ b/kubernetes/policy/charts/drools/templates/statefulset.yaml
+@@ -52,6 +52,8 @@ spec:
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
++{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }}
++{{ include "policy.update-policy-keystore" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+@@ -79,6 +81,9 @@ spec:
+ - name: REPLICAS
+ value: "{{ .Values.replicaCount }}"
+ volumeMounts:
++{{ include "common.cacert-mount-ubuntu" . | indent 10 }}
++{{ include "common.system-ca-store-mount-ubuntu" . | indent 10 }}
++{{ include "policy.keystore-mount" . | indent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+@@ -137,6 +142,9 @@ spec:
+ {{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
++{{ include "common.cacert-volume" . | indent 8 }}
++{{ include "common.system-ca-store-volume" . | indent 8 }}
++{{ include "policy.keystore-storage-volume" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml
+index a3a8f6a9..4ae0ead5 100644
+--- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml
++++ b/kubernetes/policy/charts/pdp/templates/statefulset.yaml
+@@ -50,6 +50,7 @@ spec:
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
++{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }}
+ containers:
+ - command:
+ - /bin/bash
+@@ -75,6 +76,8 @@ spec:
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
++{{ include "common.cacert-mount-ubuntu" . | indent 8 }}
++{{ include "common.system-ca-store-mount-ubuntu" . | indent 8 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+@@ -114,6 +117,8 @@ spec:
+ - mountPath: /usr/share/filebeat/data
+ name: policy-data-filebeat
+ volumes:
++{{ include "common.cacert-volume" . | indent 6 }}
++{{ include "common.system-ca-store-volume" . | indent 6 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+diff --git a/kubernetes/policy/charts/policy-common/templates/_keystore.tpl b/kubernetes/policy/charts/policy-common/templates/_keystore.tpl
+new file mode 100644
+index 00000000..81ba09bc
+--- /dev/null
++++ b/kubernetes/policy/charts/policy-common/templates/_keystore.tpl
+@@ -0,0 +1,61 @@
++# COPYRIGHT NOTICE STARTS HERE
++#
++# Copyright 2018 © Samsung Electronics Co., Ltd.
++#
++# Licensed under the Apache License, Version 2.0 (the "License");
++# you may not use this file except in compliance with the License.
++# You may obtain a copy of the License at
++#
++# http://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing, software
++# distributed under the License is distributed on an "AS IS" BASIS,
++# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++# See the License for the specific language governing permissions and
++# limitations under the License.
++#
++# COPYRIGHT NOTICE ENDS HERE
++
++#This template creates a volume for storing policy-keystore with imported ca.
++#It is ignored if cacert was not given.
++{{- define "policy.keystore-storage-volume" }}
++{{- if .Values.global.cacert }}
++- name: keystore-storage
++ emptyDir:
++{{- end }}
++{{- end }}
++
++#This template mounts policy-keystore in appropriate place for policy components to take it.
++#It is ignored if cacert is not given.
++{{- define "policy.keystore-mount" }}
++{{- if .Values.global.cacert }}
++- mountPath: "/tmp/policy-install/config/policy-keystore"
++ name: keystore-storage
++ subPath: policy-keystore
++{{- end }}
++{{- end }}
++
++#This will extract a policy keystore and then import
++#the root cacert of offline nexus into it.
++#This template expects a volume named keystore-storage where policy-keystore will be put.
++#It also expects volume named cacert where the file "certificate" will contain the cert to import.
++#Template is ignored if ca certificate not given.
++{{- define "policy.update-policy-keystore" }}
++{{- if .Values.global.cacert }}
++- command:
++ - "/bin/bash"
++ - "-c"
++ - |
++ set -e
++ tar -xzf base-*.tar.gz etc/ssl/policy-keystore
++ cp etc/ssl/policy-keystore keystore-storage/
++ keytool -import -keystore keystore-storage/policy-keystore -storepass "Pol1cy_0nap" -noprompt -file /usr/local/share/ca-certificates/cacert.crt
++ name: update-policy-keystore
++ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
++ image: {{ include "common.repository" . }}/{{ .Values.image }}
++ volumeMounts:
++ - mountPath: "/tmp/policy-install/keystore-storage"
++ name: keystore-storage
++{{ include "common.cacert-mount-ubuntu" . | indent 2 }}
++{{- end }}
++{{- end }}
+diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml
+index 1f14dd31..18b579dd 100644
+--- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml
++++ b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml
+@@ -47,8 +47,16 @@ spec:
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
+- command: ["/bin/bash"]
+- args: ["-c", "cd /opt/onap/ccsdk && ./startAnsibleServer.sh"]
++ command:
++ - /bin/bash
++ - -c
++ - >
++ pip install -i http://nexus3.onap.org/repository/pypi-private/simple/
++ --trusted-host nexus3.onap.org
++ PyMySQL cherrypy requests;
++ curl -s repo.infra-server/ubuntu/xenial/onap.list > /etc/apt/sources.list;
++ apt-get update;
++ cd /opt/onap/ccsdk && ./startAnsibleServer.sh
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml
+index 35dffee5..18dd7cd4 100644
+--- a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml
++++ b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml
+@@ -49,8 +49,13 @@ spec:
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
+- command: ["/bin/bash"]
+- args: ["-c", "cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh"]
++ command:
++ - /bin/bash
++ - -c
++ - >
++ HOSTS_FILE_RECORD >> /etc/hosts;
++ NPM_REGISTRY_RECORD;
++ cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+--
+2.20.1
+