From 94cd5f225d338f748d3134535e4160bd60c5b868 Mon Sep 17 00:00:00 2001 From: st782s Date: Tue, 9 Oct 2018 17:19:21 -0400 Subject: Updates to OOM Portal Issue-ID: PORTAL-429 Failed to access Policy GUI from Portal Change-Id: I01422d16507ce8d5369e50623c559a54a8dc7328 Signed-off-by: st782s --- .../resources/certs/keystoreONAP.keystore | Bin 2228 -> 0 bytes .../resources/certs/keystoreONAPPortal.jks | Bin 0 -> 3629 bytes .../charts/portal-app/resources/server/server.xml | 2 +- .../charts/portal-app/templates/configmap.yaml | 1 - .../charts/portal-app/templates/deployment.yaml | 11 ++- .../portal/charts/portal-app/templates/secret.yaml | 27 +++++++ .../resources/config/mariadb/oom_updates.sql | 82 ++++++++++----------- kubernetes/portal/values.yaml | 5 +- 8 files changed, 79 insertions(+), 49 deletions(-) delete mode 100644 kubernetes/portal/charts/portal-app/resources/certs/keystoreONAP.keystore create mode 100644 kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.jks create mode 100644 kubernetes/portal/charts/portal-app/templates/secret.yaml (limited to 'kubernetes') diff --git a/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAP.keystore b/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAP.keystore deleted file mode 100644 index ff0f0d76a4..0000000000 Binary files a/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAP.keystore and /dev/null differ diff --git a/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.jks b/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.jks new file mode 100644 index 0000000000..4b7e115d8c Binary files /dev/null and b/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.jks differ diff --git a/kubernetes/portal/charts/portal-app/resources/server/server.xml b/kubernetes/portal/charts/portal-app/resources/server/server.xml index 09c2f8405f..c87e6c377a 100644 --- a/kubernetes/portal/charts/portal-app/resources/server/server.xml +++ b/kubernetes/portal/charts/portal-app/resources/server/server.xml @@ -89,7 +89,7 @@ diff --git a/kubernetes/portal/charts/portal-app/templates/configmap.yaml b/kubernetes/portal/charts/portal-app/templates/configmap.yaml index d4ef698f71..28de588aa0 100644 --- a/kubernetes/portal/charts/portal-app/templates/configmap.yaml +++ b/kubernetes/portal/charts/portal-app/templates/configmap.yaml @@ -25,4 +25,3 @@ metadata: data: {{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTAL/*").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/certs/*").AsConfig . | indent 2 }} diff --git a/kubernetes/portal/charts/portal-app/templates/deployment.yaml b/kubernetes/portal/charts/portal-app/templates/deployment.yaml index 3fc2741556..fb9f35ba19 100644 --- a/kubernetes/portal/charts/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/charts/portal-app/templates/deployment.yaml @@ -59,11 +59,11 @@ spec: - name: javax.net.ssl.keyStore value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}} - name: javax.net.ssl.keyStorePassword - value: {{ .Values.global.keypass }} + value: {{ .Values.global.trustpass }} - name: javax.net.ssl.trustStore value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}} - name: javax.net.ssl.trustStorePassword - value: {{ .Values.global.keypass }} + value: {{ .Values.global.trustpass }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} @@ -106,10 +106,10 @@ spec: - name: properties-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml" subPath: server.xml - - name: properties-onapportal + - name: authz-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.keystoreFile}}" subPath: {{ .Values.global.keystoreFile}} - - name: properties-onapportal + - name: authz-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}" subPath: {{ .Values.global.truststoreFile}} - name: var-log-onap @@ -143,6 +143,9 @@ spec: configMap: name: {{ include "common.fullname" . }}-onapportal defaultMode: 0755 + - name: authz-onapportal + secret: + secretName: {{ include "common.fullname" . }}-authz-onapportal - name: filebeat-conf configMap: name: portal-filebeat diff --git a/kubernetes/portal/charts/portal-app/templates/secret.yaml b/kubernetes/portal/charts/portal-app/templates/secret.yaml new file mode 100644 index 0000000000..18f85c1698 --- /dev/null +++ b/kubernetes/portal/charts/portal-app/templates/secret.yaml @@ -0,0 +1,27 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-authz-onapportal + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql index 1dcf0d8606..6b9e8a957c 100644 --- a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql +++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql @@ -1,41 +1,41 @@ -/* -# Copyright © 2018 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -*/ - -USE portal; -/* -Any updates required by OOM to the portaldb are made here. -1. split up SDC-FE and SDC-BE. Originally both FE and BE point to the same IP -while the OOM K8s version has these service split up. -*/ --- app_url is the FE, app_rest_endpoint is the BE ---portal-sdk => TODO: doesn't open a node port yet -update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8990/ONAPPORTALSDK/api/v2' where app_name = 'xDemo App'; ---dmaap-bc => the dmaap-bc doesn't open a node port.. -update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl'; ---sdc-be => 8443:30204, 8080:30205 ---sdc-fe => 8181:30206, 9443:30207 -update fn_app set app_url = 'http://{{.Values.config.sdcFeHostName}}:{{.Values.config.sdcFePort}}/sdc1/portal', app_rest_endpoint = 'http://sdc-be:8080/api/v2' where app_name = 'SDC'; ---pap => 8443:30219 -update fn_app set app_url = 'http://{{.Values.config.papHostName}}:{{.Values.config.papPort}}/onap/policy', app_rest_endpoint = 'http://pap:8443/onap/api/v2' where app_name = 'Policy'; ---vid => 8080:30200 -update fn_app set app_url = 'https://{{.Values.config.vidHostName}}:{{.Values.config.vidPort}}/vid/welcome.htm', app_rest_endpoint = 'https://vid:8443/vid/api/v2' where app_name = 'Virtual Infrastructure Deployment'; ---sparky => TODO: sparky doesn't open a node port yet -update fn_app set app_url = 'http://{{.Values.config.aaiSparkyHostName}}:{{.Values.config.aaiSparkyPort}}/services/aai/webapp/index.html#/viewInspect', app_rest_endpoint = 'http://aai-sparky-be.{{.Release.Namespace}}:9517/api/v2' where app_name = 'A&AI UI'; ---cli => 8080:30260 -update fn_app set app_url = 'http://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI'; ---msb-discovery => 10081:30281 this is clearly incorrect -update fn_app set app_url = 'http://{{.Values.config.msbDiscoveryHostName}}:{{.Values.config.msbDiscoveryPort}}/iui/microservices/default.html' where app_name = 'MSB'; +/* +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +*/ + +USE portal; +/* +Any updates required by OOM to the portaldb are made here. +1. split up SDC-FE and SDC-BE. Originally both FE and BE point to the same IP +while the OOM K8s version has these service split up. +*/ +-- app_url is the FE, app_rest_endpoint is the BE +--portal-sdk => TODO: doesn't open a node port yet +update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8990/ONAPPORTALSDK/api/v2' where app_name = 'xDemo App'; +--dmaap-bc => the dmaap-bc doesn't open a node port.. +update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl'; +--sdc-be => 8443:30204, 8080:30205 +--sdc-fe => 8181:30206, 9443:30207 +update fn_app set app_url = 'http://{{.Values.config.sdcFeHostName}}:{{.Values.config.sdcFePort}}/sdc1/portal', app_rest_endpoint = 'http://sdc-be:8080/api/v2' where app_name = 'SDC'; +--pap => 8443:30219 +update fn_app set app_url = 'https://{{.Values.config.papHostName}}:{{.Values.config.papPort}}/onap/policy', app_rest_endpoint = 'https://pap:8443/onap/api/v2' where app_name = 'Policy'; +--vid => 8080:30200 +update fn_app set app_url = 'https://{{.Values.config.vidHostName}}:{{.Values.config.vidPort}}/vid/welcome.htm', app_rest_endpoint = 'https://vid:8443/vid/api/v2' where app_name = 'Virtual Infrastructure Deployment'; +--sparky => TODO: sparky doesn't open a node port yet +update fn_app set app_url = 'http://{{.Values.config.aaiSparkyHostName}}:{{.Values.config.aaiSparkyPort}}/services/aai/webapp/index.html#/viewInspect', app_rest_endpoint = 'http://aai-sparky-be.{{.Release.Namespace}}:9517/api/v2' where app_name = 'A&AI UI'; +--cli => 8080:30260 +update fn_app set app_url = 'http://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI'; +--msb-discovery => 10081:30281 this is clearly incorrect +update fn_app set app_url = 'http://{{.Values.config.msbDiscoveryHostName}}:{{.Values.config.msbDiscoveryPort}}/iui/microservices/default.html' where app_name = 'MSB'; diff --git a/kubernetes/portal/values.yaml b/kubernetes/portal/values.yaml index ecb7d5ecf6..719116b7dd 100644 --- a/kubernetes/portal/values.yaml +++ b/kubernetes/portal/values.yaml @@ -20,9 +20,10 @@ global: portalPort: "8989" # application's front end hostname. Must be resolvable on the client side environment portalHostName: "portal.api.simpledemo.onap.org" - keystoreFile: "keystoreONAP.keystore" - truststoreFile: "keystoreONAPall.jks" + keystoreFile: "keystoreONAPPortal.jks" + truststoreFile: "truststoreONAPall.jks" keypass: "changeit" + trustpass: "changeit" config: logstashServiceName: log-ls -- cgit 1.2.3-korg