diff options
| author |   Areli, Fuss (af732p) <af732p@att.com> | 2018-05-24 11:24:40 +0300 |
|---|---|---|
| committer | Areli, Fuss (af732p) <af732p@att.com> | 2018-05-24 13:27:31 +0300 |
| commit | f000e1cad7775e37da61b71773d60b40b9254478 (patch) | |
| tree | 3f342cb71f58b43c47bcfb1bbbc6e919d17c5806 | |
| parent | 61bb1d8b6a20fec9235ca5b5af0174ad1c85aa67 (diff) | |
Alignment of VVP devkit
Alignment of VVP devkit
include replacement of the uWsgi
with gunicorn
Change-Id: I9c42783c9965c5f6f005615e88899a301d334e22
Issue-ID: VVP-60
Signed-off-by: Areli, Fuss (af732p) <af732p@att.com>
39 files changed, 464 insertions, 258 deletions
@@ -1,9 +1,15 @@ ``` -# update your hosts file with the line -# 10.252.0.12 coreos-01.development.vvp.example.com -. setenv -# select the envirionment yout want from the list -vagrant up -watch -n5 "kubectl get po -n kube-system" -# once all pods are running status -`bin/vvp-deploy` +Add the following line into your local hosts file: + 10.252.0.12 coreos-01.development.vvp.example.com + +Select the required environment from the list when requested: +$ . ./setenv + +$ vagrant up + +Wait till all pods will be at running status (This might take few minutes) +$ watch -n5 "kubectl get po -n kube-system" + +$ bin/vvp-deploy + +```
\ No newline at end of file diff --git a/ansible/library/kubectl_apply_manifest.py b/ansible/library/kubectl_apply_manifest.py index dce93c6..517fdbf 100644 --- a/ansible/library/kubectl_apply_manifest.py +++ b/ansible/library/kubectl_apply_manifest.py @@ -1,6 +1,6 @@ #!/usr/bin/python # -*- encoding: utf-8 -*- -# ============LICENSE_START=============================================== +# ============LICENSE_START========================================== # org.onap.vvp/engagementmgr # =================================================================== # Copyright © 2017 AT&T Intellectual Property. All rights reserved. diff --git a/ansible/requirements.yml b/ansible/requirements.yml index ea1e8d0..9797b05 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -37,7 +37,7 @@ # # ECOMP is a trademark and service mark of AT&T Intellectual Property. - src: https://github.com/ceph/ansible-ceph-common.git - version: v2.2.10 + version: v2.2.12 name: ceph.ceph-common - src: https://github.com/ceph/ansible-ceph-docker-common.git @@ -45,13 +45,13 @@ name: ceph.ceph-docker-common - src: https://github.com/ceph/ansible-ceph-rgw.git - version: v2.2.10 + version: v2.2.12 name: ceph.ceph-rgw - src: https://github.com/ceph/ansible-ceph-mon.git - version: v2.2.10 + version: v2.2.12 name: ceph.ceph-mon - src: https://github.com/ceph/ansible-ceph-osd.git - version: v2.2.10 + version: v2.2.12 name: ceph.ceph-osd diff --git a/ansible/roles/ansible-vvp-bootstrap/README.md b/ansible/roles/ansible-vvp-bootstrap/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/ansible/roles/ansible-vvp-bootstrap/tasks/main.yml b/ansible/roles/ansible-vvp-bootstrap/tasks/main.yml index 48b545e..81a3f1f 100644 --- a/ansible/roles/ansible-vvp-bootstrap/tasks/main.yml +++ b/ansible/roles/ansible-vvp-bootstrap/tasks/main.yml @@ -115,6 +115,18 @@ with_items: - 443 - 80 + +# dnsmask prereq - Allow ping between all hosts +- name: Allow Ping from Outside to Inside + shell: | + iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT + iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT + +- name: Allow Ping from Inside to Outside + shell: | + iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT + iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT + - name: Drop INPUT shell: iptables -P INPUT DROP tags: diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/dnsmasq.conf.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/dnsmasq.conf.j2 index 2908165..86fa4c5 100644 --- a/ansible/roles/ansible-vvp-bootstrap/templates/dnsmasq.conf.j2 +++ b/ansible/roles/ansible-vvp-bootstrap/templates/dnsmasq.conf.j2 @@ -53,19 +53,19 @@ dhcp-option=#{{ops_management_interface}},6 enable-tftp tftp-root=/var/lib/tftpboot {% if pxe_boot %} - {% if pxe_chainload %} +{% if pxe_chainload %} dhcp-userclass=set:iceundi,ICEPXE dhcp-boot=tag:coreos,tag:#iceundi,iceundionly.kpxe - {% else %} +{% else %} dhcp-userclass=set:iceundi,iPXE dhcp-boot=tag:coreos,tag:#iceundi,undionly.kpxe - {% endif %} +{% endif %} dhcp-boot=tag:iceundi,http://{{ops_management_ip}}:8080/boot.ipxe {% endif %} {% for host in hosts %} - {% for config in host.dnsmasq_config %} +{% for config in host.dnsmasq_config %} dhcp-host={{config}} - {% endfor %} +{% endfor %} {% endfor %} dhcp-ignore=tag:#known log-queries diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/ignition/controller.yaml.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/ignition/controller.yaml.j2 index ff8e0b8..bf01435 100644 --- a/ansible/roles/ansible-vvp-bootstrap/templates/ignition/controller.yaml.j2 +++ b/ansible/roles/ansible-vvp-bootstrap/templates/ignition/controller.yaml.j2 @@ -182,7 +182,8 @@ systemd: --pod-manifest-path=/etc/kubernetes/manifests \ --hostname-override={{.domain_name}} \ --cluster_dns={{.k8s_dns_service_ip}} \ - --cluster_domain=cluster.local + --cluster_domain=cluster.local \ + --pod-infra-container-image="docker.io/kubernetes/pause" ExecStop=-/usr/bin/rkt stop --uuid-file=/var/run/kubelet-pod.uuid Restart=always RestartSec=10 @@ -354,13 +355,14 @@ storage: - --service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem - --runtime-config=extensions/v1beta1/networkpolicies=true - --anonymous-auth=false + - --storage-backend=etcd2 livenessProbe: httpGet: host: 127.0.0.1 - port: 8080 + port: 10253 path: /healthz - initialDelaySeconds: 15 - timeoutSeconds: 15 + initialDelaySeconds: 15000 + timeoutSeconds: 1500 ports: - containerPort: {{.k8s_controller_port}} hostPort: {{.k8s_controller_port}} diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/ignition/worker.yaml.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/ignition/worker.yaml.j2 index 701559b..e9823c7 100644 --- a/ansible/roles/ansible-vvp-bootstrap/templates/ignition/worker.yaml.j2 +++ b/ansible/roles/ansible-vvp-bootstrap/templates/ignition/worker.yaml.j2 @@ -1,43 +1,41 @@ -{# --*- encoding: utf-8 -*- -============LICENSE_START======================================================= -org.onap.vvp/engagementmgr -=================================================================== -Copyright © 2017 AT&T Intellectual Property. All rights reserved. -=================================================================== - -Unless otherwise specified, all software contained herein is licensed -under the Apache License, Version 2.0 (the “License”); -you may not use this software except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - - - -Unless otherwise specified, all documentation contained herein is licensed -under the Creative Commons License, Attribution 4.0 Intl. (the “License”); -you may not use this documentation except in compliance with the License. -You may obtain a copy of the License at - - https://creativecommons.org/licenses/by/4.0/ - -Unless required by applicable law or agreed to in writing, documentation -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -============LICENSE_END============================================ - - ECOMP is a trademark and service mark of AT&T Intellectual Property. -#} +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. --- {% raw %} systemd: diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/ci-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/ci-configmap.yaml index 05c15d2..c0559a2 100644 --- a/ansible/roles/ansible-vvp-templates/files/configmaps/ci-configmap.yaml +++ b/ansible/roles/ansible-vvp-templates/files/configmaps/ci-configmap.yaml @@ -43,20 +43,13 @@ metadata: name: ci-settings namespace: default data: - uwsgi.ini: | - [uwsgi] - uwsgi-socket = :80 - http = :8282 - plugin = python - chdir = /app - module = web.wsgi:application - master = True - pidfile = /tmp/project-master.pid - vacuum = True - max-requests = 5000 - enable-threads = True - stats = 0.0.0.0:9000 - stats-http = True + gunicorn.ini: | + bind = ":8282" + chdir = '/app' + pidfile = '/tmp/ice-project-master.pid' + backlog = '5000' + errorlog = '-' + loglevel = 'info' __init__.py: | import os from datetime import datetime @@ -68,6 +61,9 @@ data: ICE_ENVIRONMENT = os.environ['ICE_ENVIRONMENT'] PROGRAM_NAME_URL_PREFIX = os.environ['PROGRAM_NAME_URL_PREFIX'] + SERVICE_PROVIDER = os.environ['SERVICE_PROVIDER'] + PROGRAM_NAME = os.environ['PROGRAM_NAME'] + SERVICE_PROVIDER_DOMAIN = os.environ['SERVICE_PROVIDER_DOMAIN'] # See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/ SECRET_KEY = os.environ["SECRET_KEY"] @@ -290,7 +286,7 @@ data: # ICE-CI Related Configuration ############################# ICE_CONTACT_FROM_ADDRESS = os.getenv('ICE_CONTACT_FROM_ADDRESS') - ICE_CONTACT_EMAILS = list(os.getenv('ICE_CONTACT_EMAILS') + ICE_CONTACT_EMAILS = list(os.getenv('ICE_CONTACT_EMAILS','user@example.com').split(',')) ICE_CI_ENVIRONMENT_NAME = os.getenv('ICE_CI_ENVIRONMENT_NAME', 'Dev') # Dev / Docker / Staging ICE_EM_URL = "{domain}/{prefix}".format(domain=os.environ['ICE_EM_DOMAIN_NAME'], prefix=PROGRAM_NAME_URL_PREFIX) ICE_PORTAL_URL = os.environ['ICE_DOMAIN'] diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/cms-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/cms-configmap.yaml index 4aedece..00541af 100644 --- a/ansible/roles/ansible-vvp-templates/files/configmaps/cms-configmap.yaml +++ b/ansible/roles/ansible-vvp-templates/files/configmaps/cms-configmap.yaml @@ -43,19 +43,13 @@ metadata: name: cms-settings namespace: default data: - uwsgi.ini: | - [uwsgi] - uwsgi-socket = :80 - plugin = python - chdir = /srv - module = cms.wsgi:application - master = True - pidfile = /tmp/project-master.pid - vacuum = True - max-requests = 5000 - enable-threads = True - stats = 0.0.0.0:9000 - stats-http = True + gunicorn.ini: | + bind = ":80" + chdir = '/srv' + pidfile = '/tmp/ice-project-master.pid' + backlog = '5000' + errorlog = '-' + loglevel = 'info' __init__.py: | from __future__ import absolute_import, unicode_literals import os diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml index 79ad7b2..8068744 100644 --- a/ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml +++ b/ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml @@ -43,19 +43,14 @@ metadata: name: em-settings namespace: default data: - uwsgi.ini: | - [uwsgi] - uwsgi-socket = :80 - plugin = python - chdir = /srv - module = vvp.wsgi:application - master = True - pidfile = /tmp/project-master.pid - vacuum = True - max-requests = 5000 - enable-threads = True - stats = 0.0.0.0:9000 - stats-http = True + gunicorn.ini: | + bind = ":80" + chdir = '/srv' + pidfile = '/tmp/ice-project-master.pid' + backlog = '5000' + errorlog = '-' + loglevel = 'info' + __init__.py: | """ Django settings for VVP project. @@ -93,7 +88,10 @@ data: ENVIRONMENT = os.environ['ENVIRONMENT'] PROGRAM_NAME_URL_PREFIX = os.environ['PROGRAM_NAME_URL_PREFIX'] - + SERVICE_PROVIDER = os.environ['SERVICE_PROVIDER'] + PROGRAM_NAME = os.environ['PROGRAM_NAME'] + SERVICE_PROVIDER_DOMAIN = os.environ['SERVICE_PROVIDER_DOMAIN'] + # See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/ SECRET_KEY = os.environ["SECRET_KEY"] @@ -305,7 +303,7 @@ data: # VVP Related Configuration ############################# CONTACT_FROM_ADDRESS = os.getenv('CONTACT_FROM_ADDRESS', 'dummy@example.com') - CONTACT_EMAILS = [s.strip() for s in os.getenv('CONTACT_EMAILS', 'dummy@example.com') + CONTACT_EMAILS = [s.strip() for s in os.getenv('CONTACT_EMAILS', 'user@example.com').split(',') if s] DOMAIN = os.getenv('EM_DOMAIN_NAME') TOKEN_EXPIRATION_IN_HOURS = 48 DAILY_SCHEDULED_JOB_HOUR = 20 diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/imagescanner-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/imagescanner-configmap.yaml new file mode 100644 index 0000000..23c2be8 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/configmaps/imagescanner-configmap.yaml @@ -0,0 +1,28 @@ +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: imagescanner-settings + namespace: default +data: + imagescannerconfig.py: | + import os + from pathlib import Path + from awsauth import S3Auth + # A mapping from host names to Requests Authentication Objects; see + # http://docs.python-requests.org/en/master/user/authentication/ + AUTHS = {} + if 'S3_HOST' in os.environ: + AUTHS[os.environ['S3_HOST']] = S3Auth( + os.environ['AWS_ACCESS_KEY_ID'], + os.environ['AWS_SECRET_ACCESS_KEY'], + service_url='https://%s/' % os.environ['S3_HOST'] + ) + LOGS_PATH = Path(os.environ['IMAGESCANNER_LOGS_PATH']) + STATUSFILE = LOGS_PATH/'status.txt' + # A dict passed as kwargs to jenkins.Jenkins constructor. + JENKINS = { + 'url': 'http://jenkins:8080', + 'username': 'admin', + 'password': os.environ['SECRET_JENKINS_PASSWORD'], + } diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-cms-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-cms-configmap.yaml index 89adf32..638d248 100644 --- a/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-cms-configmap.yaml +++ b/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-cms-configmap.yaml @@ -58,8 +58,12 @@ data: client_max_body_size 75M; # adjust to taste location / { - uwsgi_pass cms_upstream; - include /etc/nginx/uwsgi_params; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Host $http_host; + proxy_redirect off; + + proxy_pass http://cms-uwsgi; } } server { diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-em-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-em-configmap.yaml index 0d7b279..52e208e 100644 --- a/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-em-configmap.yaml +++ b/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-em-configmap.yaml @@ -56,10 +56,14 @@ data: listen 80; charset utf-8; client_max_body_size 75M; # adjust to taste - + location / { - uwsgi_pass em_upstream; - include /etc/nginx/uwsgi_params; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Host $http_host; + proxy_redirect off; + + proxy_pass http://em_upstream; } } diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/portal-nginx-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/portal-nginx-configmap.yaml deleted file mode 100644 index 4d0e4e8..0000000 --- a/ansible/roles/ansible-vvp-templates/files/configmaps/portal-nginx-configmap.yaml +++ /dev/null @@ -1,66 +0,0 @@ -# -*- encoding: utf-8 -*- -# ============LICENSE_START======================================================= -# org.onap.vvp/engagementmgr -# =================================================================== -# Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# =================================================================== -# -# Unless otherwise specified, all software contained herein is licensed -# under the Apache License, Version 2.0 (the “License”); -# you may not use this software except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -# -# Unless otherwise specified, all documentation contained herein is licensed -# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); -# you may not use this documentation except in compliance with the License. -# You may obtain a copy of the License at -# -# https://creativecommons.org/licenses/by/4.0/ -# -# Unless required by applicable law or agreed to in writing, documentation -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# ============LICENSE_END============================================ -# -# ECOMP is a trademark and service mark of AT&T Intellectual Property. ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: portal-nginx-config - namespace: default -data: - file: | - pid /nginx.pid; - error_log /dev/stdout warn; - - http { - access_log /dev/stdout; - server { - listen 0.0.0.0:8181; - - location / { - include /etc/nginx/mime.types; - root /usr/share/nginx/html/; - } - - } - - } - - events { - worker_connections 4096; - } diff --git a/ansible/roles/ansible-vvp-templates/tasks/render.yml b/ansible/roles/ansible-vvp-templates/tasks/render.yml index ec6900d..aed9593 100644 --- a/ansible/roles/ansible-vvp-templates/tasks/render.yml +++ b/ansible/roles/ansible-vvp-templates/tasks/render.yml @@ -55,7 +55,6 @@ dest: "{{k8_config_dir}}/{{item|dirname|basename}}/{{item|basename|splitext|first}}" with_fileglob: - ../templates/configmaps/* - - ../templates/jobs/* - ../templates/deployments/* - ../templates/secrets/* - ../templates/services/* diff --git a/ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2 index 3fd9055..8b9012c 100644 --- a/ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2 +++ b/ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2 @@ -95,7 +95,7 @@ data: frontend portal mode http redirect scheme https if !{ ssl_fc } - acl is_api_call path_beg -i /ice + acl is_api_call path_beg -i /vvp acl is_s3 hdr_beg(host) s3. staging-s3. dev-s3. use_backend api if is_api_call use_backend s3 if is_s3 diff --git a/ansible/roles/ansible-vvp-templates/templates/configmaps/portal-nginx-configmap.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/configmaps/portal-nginx-configmap.yaml.j2 new file mode 100644 index 0000000..34cc2d3 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/configmaps/portal-nginx-configmap.yaml.j2 @@ -0,0 +1,39 @@ +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: portal-nginx-config + namespace: default +data: + file: | + pid /nginx.pid; + error_log /dev/stdout warn; + + http { + access_log /dev/stdout; + server { + listen 0.0.0.0:8181; + + location / { + include /etc/nginx/mime.types; + root /usr/share/nginx/html/; + } + + } + + } + + events { + worker_connections 4096; + } + + service_provider.json: | + { + "serviceProvider": { + "name": "{{service_provider}}" + }, + "program": { + "name": "{{program_name}}" + } + } + diff --git a/ansible/roles/ansible-vvp-templates/templates/configmaps/site-certificate-configmap.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/configmaps/site-certificate-configmap.yaml.j2 new file mode 100644 index 0000000..2d56741 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/configmaps/site-certificate-configmap.yaml.j2 @@ -0,0 +1,30 @@ +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: site-certificate + namespace: default +data: + site.crt: | + {{ site_pem_cert|indent }} + wrapper.sh: | + #!/bin/sh + # This script is meant to be used as a wrapper, so that it can be easily + # used with docker or kubernetes' container command specification. + # + # Kubernetes' volumeMount creates symlinks for configMapped files at the + # target directory. + # Alpine's update-ca-certificates ignores symlinks. + # So we must contrive to copy the contents of the mounted cert (a symlink) + # into place as a normal file. + dev_cert="${0%/*}/site.crt" + echo >&2 "$0: Checking for site CA certificate at $dev_cert..." + if [ -s "$dev_cert" ]; then + echo >&2 "$0: Updating container CA certificate bundle with site certificate..." + cp -L "$dev_cert" /usr/local/share/ca-certificates/ + update-ca-certificates + else + echo >&2 "$0: No site CA certificate found." + fi + echo >&2 "$0: Launching command: $@" + exec "$@" diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 index 6771b1f..8b14661 100644 --- a/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 @@ -48,9 +48,11 @@ spec: labels: run: gitlab spec: + imagePullSecrets: + - name: onapkey containers: - name: gitlab - image: {{container_uri}}rkt-gitlab:{{container_tag}} + image: {{container_uri}}gitlab:{{container_tag}} ports: - containerPort: 80 - containerPort: 22 diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 index e78bfc9..bd5c10f 100644 --- a/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 @@ -48,9 +48,11 @@ spec: labels: run: postgresql spec: + imagePullSecrets: + - name: onapkey containers: - name: postgresql - image: {{container_uri}}rkt-postgresql:{{container_tag}} + image: {{container_uri}}postgresql:{{container_tag}} ports: - containerPort: 5432 volumeMounts: diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 index 98a04b5..44e78e1 100644 --- a/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 @@ -57,9 +57,11 @@ spec: hostPath: path: /var/devenv/ice-ci/ {% endif %} + imagePullSecrets: + - name: onapkey containers: - name: ci-uwsgi - image: {{container_uri}}rkt-ice-ci:{{container_tag}} + image: {{container_uri}}test-engine:{{container_tag}} ports: - containerPort: 80 - containerPort: 8282 @@ -77,7 +79,13 @@ spec: - name: ICE_ENVIRONMENT value: "{{ice_environment}}" - name: PROGRAM_NAME_URL_PREFIX - value: "ice" + value: "{{program_name_url_prefix}}" + - name: SERVICE_PROVIDER + value: "{{service_provider}}" + - name: PROGRAM_NAME + value: "{{program_name}}" + - name: SERVICE_PROVIDER_DOMAIN + value: "{{service_provider_domain}}" - name: SECRET_KEY valueFrom: secretKeyRef: {name: em-secret, key: key} @@ -158,7 +166,7 @@ spec: initialDelaySeconds: 90 periodSeconds: 15 {% endif %} - command: ["/app/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", "--static-map", "/static=/app/htdocs" {% if devenv is defined %}, "--py-auto-reload" , "3"{% endif %}] + command: ["/app/docker-entrypoint.sh", "/usr/local/bin/gunicorn", "-c", "/opt/configmaps/settings/gunicorn.ini", "web.wsgi:application", {% if devenv is defined %}"--reload"{% endif %}] metadata: labels: run: ci-uwsgi diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 index 8b601e9..01032d7 100644 --- a/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 @@ -44,9 +44,11 @@ metadata: spec: template: spec: + imagePullSecrets: + - name: onapkey containers: - name: cms-uwsgi - image: {{container_uri}}rkt-ice-cms:{{container_tag}} + image: {{container_uri}}cms:{{container_tag}} ports: - containerPort: 80 - containerPort: 9000 @@ -119,7 +121,7 @@ spec: periodSeconds: 15 timeoutSeconds: 10 {% endif %} - command: ["/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", {% if devenv is defined %}"--py-auto-reload" , "3",{% endif %}"--static-map", "/static=/app/htdocs"] + command: ["/docker-entrypoint.sh", "/usr/local/bin/gunicorn", "-c", "/opt/configmaps/settings/gunicorn.ini", "cms.wsgi:application", {% if devenv is defined %}"--reload"{% endif %}] volumeMounts: - name: settings mountPath: /opt/configmaps/settings/ diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 index 8cedd29..ceb24c4 100644 --- a/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 @@ -56,9 +56,11 @@ spec: - name: em-settings configMap: name: em-settings + imagePullSecrets: + - name: onapkey containers: - name: em-uwsgi - image: {{container_uri}}rkt-engagementmgr:{{container_tag}} + image: {{container_uri}}engagementmgr:{{container_tag}} ports: - containerPort: 80 - containerPort: 9000 @@ -75,7 +77,13 @@ spec: - name: ENVIRONMENT value: "{{ice_environment}}" - name: PROGRAM_NAME_URL_PREFIX - value: "ice" + value: "{{program_name_url_prefix}}" + - name: SERVICE_PROVIDER + value: "{{service_provider}}" + - name: PROGRAM_NAME + value: "{{program_name}}" + - name: SERVICE_PROVIDER_DOMAIN + value: "{{service_provider_domain}}" - name: SECRET_KEY valueFrom: secretKeyRef: {name: em-secret, key: key} @@ -156,7 +164,7 @@ spec: periodSeconds: 15 timeoutSeconds: 10 {% endif %} - command: ["/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", {% if devenv is defined %}"--py-auto-reload" , "3",{% endif %}"--static-map", "/static=/app/htdocs"] + command: ["/docker-entrypoint.sh", "/usr/local/bin/gunicorn", "-c", "/opt/configmaps/settings/gunicorn.ini", "vvp.wsgi:application", {% if devenv is defined %}"--reload"{% endif %}] metadata: labels: run: em-uwsgi diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 index 775d341..b8f2f66 100644 --- a/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 @@ -44,11 +44,16 @@ metadata: spec: template: spec: + imagePullSecrets: + - name: onapkey containers: - name: imagescanner-worker - image: {{container_uri}}ice-image-scanner:{{container_tag}} - command: ["/usr/local/bin/imagescanner-worker"] + image: {{container_uri}}image-scanner:{{container_tag}} + command: + - "sh" + - "/opt/site-certificate/wrapper.sh" + - "/usr/local/bin/imagescanner-worker" securityContext: privileged: true volumeMounts: @@ -58,9 +63,30 @@ spec: mountPath: /dev - name: logs mountPath: /var/log/imagescanner + - name: imagescanner-settings + mountPath: /opt/imagescanner-settings + - name: site-certificate + mountPath: /opt/site-certificate + env: + - name: PYTHONPATH + value: /opt/imagescanner-settings + - name: S3_HOST + value: "{{s3_dns_name}}" + - name: S3_PORT + value: "443" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: {name: em-secret, key: aws_access_key_id} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: aws_secret_access_key} + - name: SECRET_JENKINS_PASSWORD + value: '' + - name: REQUESTS_CA_BUNDLE + value: /etc/ssl/certs/ca-certificates.crt - name: notifications-worker - image: {{container_uri}}ice-image-scanner:{{container_tag}} + image: {{container_uri}}image-scanner:{{container_tag}} command: ["/usr/local/bin/notifications-worker"] securityContext: privileged: true @@ -70,9 +96,17 @@ spec: secretKeyRef: {name: slack-tokens, key: notifications} - name: DOMAIN value: "{{em_internal_dns_name}}" + - name: PYTHONPATH + value: /opt/imagescanner-settings + - name: SECRET_JENKINS_PASSWORD + valueFrom: + secretKeyRef: {name: em-secret, key: jenkins_admin_password} + volumeMounts: + - name: imagescanner-settings + mountPath: /opt/imagescanner-settings - name: imagescanner-frontend - image: {{container_uri}}ice-image-scanner:{{container_tag}} + image: {{container_uri}}image-scanner:{{container_tag}} command: ["/usr/local/bin/imagescanner-frontend"] {# FIXME: No, the frontend does not require a privileged container. @@ -87,9 +121,13 @@ spec: volumeMounts: - name: logs mountPath: /var/log/imagescanner + - name: imagescanner-settings + mountPath: /opt/imagescanner-settings env: - name: DEFAULT_SLACK_CHANNEL value: "#notifications" + - name: SECRET_JENKINS_PASSWORD + value: '' volumes: - name: imagescanner-ssh @@ -101,6 +139,12 @@ spec: path: /dev - name: logs emptyDir: {} + - name: imagescanner-settings + configMap: + name: imagescanner-settings + - name: site-certificate + configMap: + name: site-certificate metadata: labels: diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 index 61504f1..1b4289a 100644 --- a/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 @@ -44,9 +44,11 @@ metadata: spec: template: spec: + imagePullSecrets: + - name: onapkey containers: - name: jenkins - image: {{container_uri}}rkt-jenkins:{{container_tag}} + image: {{container_uri}}jenkins:{{container_tag}} ports: - containerPort: 8080 volumeMounts: diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 index f3505e5..5c898d3 100644 --- a/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 @@ -48,9 +48,11 @@ spec: labels: run: portal spec: + imagePullSecrets: + - name: onapkey containers: - name: portal - image: {{container_uri}}rkt-ice-portal:{{container_tag}} + image: {{container_uri}}portal:{{container_tag}} ports: - containerPort: 8181 command: ["nginx", "-g", "daemon off;", "-c", "/tmp/nginx.conf"] @@ -68,3 +70,10 @@ spec: items: - key: file path: nginx.conf + - key: service_provider.json + path: service_provider.json +{% if devenv is defined %} + - name: portal-rsync + hostPath: + path: /var/devenv/rkt-ice-portal/d2ice.att.io/app +{% endif %} diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2 index 29d1319..41597d6 100644 --- a/ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2 +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2 @@ -37,10 +37,11 @@ # # ECOMP is a trademark and service mark of AT&T Intellectual Property. --- -apiVersion: v1 kind: Secret +apiVersion: v1 metadata: name: email-secret + namespace: default type: Opaque data: - password: "{{vault_email_host_password | b64encode }}" + password: "{{vault_email_host_password|b64encode}}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/onap-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/onap-secret.yaml.j2 new file mode 100644 index 0000000..f253c3c --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/onap-secret.yaml.j2 @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: onapkey + namespace: default +data: + .dockercfg: {{ dockerconfig|to_json|b64encode }} +type: kubernetes.io/dockercfg diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2 index f529dcf..1f92c42 100644 --- a/ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2 +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2 @@ -37,11 +37,12 @@ # # ECOMP is a trademark and service mark of AT&T Intellectual Property. --- -apiVersion: v1 kind: Secret +apiVersion: v1 metadata: name: site-crt + namespace: default type: Opaque data: # the public part of the certificate, not actually a secret. - site.crt: "{{ site_pem_cert | b64encode }}" + site.crt: "{{site_pem_cert|b64encode}}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2 index d045770..7ed5e26 100644 --- a/ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2 +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2 @@ -37,10 +37,11 @@ # # ECOMP is a trademark and service mark of AT&T Intellectual Property. --- -apiVersion: v1 kind: Secret +apiVersion: v1 metadata: name: site-pem + namespace: default type: Opaque data: - site.pem: "{{ site_pem | b64encode }}" + site.pem: "{{site_pem|b64encode}}" diff --git a/boxes/vvp-empty/0.0.0/virtualbox/box.ovf b/boxes/vvp-empty/0.0.0/virtualbox/box.ovf index 1cbc01e..da677ab 100644 --- a/boxes/vvp-empty/0.0.0/virtualbox/box.ovf +++ b/boxes/vvp-empty/0.0.0/virtualbox/box.ovf @@ -1,41 +1,3 @@ -# -*- encoding: utf-8 -*- -# ============LICENSE_START======================================================= -# org.onap.vvp/engagementmgr -# =================================================================== -# Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# =================================================================== -# -# Unless otherwise specified, all software contained herein is licensed -# under the Apache License, Version 2.0 (the “License”); -# you may not use this software except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -# -# Unless otherwise specified, all documentation contained herein is licensed -# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); -# you may not use this documentation except in compliance with the License. -# You may obtain a copy of the License at -# -# https://creativecommons.org/licenses/by/4.0/ -# -# Unless required by applicable law or agreed to in writing, documentation -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# ============LICENSE_END============================================ -# -# ECOMP is a trademark and service mark of AT&T Intellectual Property. <?xml version="1.0"?> <Envelope ovf:version="1.0" xml:lang="en-US" xmlns="http://schemas.dmtf.org/ovf/envelope/1" xmlns:ovf="http://schemas.dmtf.org/ovf/envelope/1" xmlns:rasd="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ResourceAllocationSettingData" xmlns:vssd="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_VirtualSystemSettingData" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:vbox="http://www.virtualbox.org/ovf/machine"> <References> @@ -36,13 +36,21 @@ # ============LICENSE_END============================================ # # ECOMP is a trademark and service mark of AT&T Intellectual Property. + +# An Option to force update of requirements in case of updated version +ARG=$1 +if [ "$1" = "-f" ]; then + echo "Param: $1" + force_option="--force" +fi + # Get the current devkit directory -pushd $(dirname $BASH_SOURCE[0]) > /dev/null -export DEVKIT_DIR=`pwd -P` -popd > /dev/null +#pushd $(dirname $BASH_SOURCE[0]) > /dev/null export DEVKIT_DIR=`pwd -P` +#popd > /dev/null +#export DEVKIT_DIR=`pwd -P` echo $DEVKIT_DIR -echo "DEVKIT DIR ^^" +#echo "DEVKIT DIR ^^" echo "# Make sure we have ansible installed" REQUIREMENTS="ansible vagrant" for req in $REQUIREMENTS @@ -69,6 +77,6 @@ done # Grab ansible requirements echo "Installing devkit's required ansible roles" echo $DEVKIT_DIR -ansible-galaxy install -r ${DEVKIT_DIR}/ansible/requirements.yml +ansible-galaxy install ${force_option} -r ${DEVKIT_DIR}/ansible/requirements.yml echo "Devkit zone setup complete" diff --git a/vagrant/pxe/Vagrantfile b/vagrant/pxe/Vagrantfile index 864c056..8aad897 100644 --- a/vagrant/pxe/Vagrantfile +++ b/vagrant/pxe/Vagrantfile @@ -103,14 +103,14 @@ Vagrant.configure("2") do |config| conf.vm.network :private_network, :adapter => 2, :ip => box["ips"][0], - :mac => box["macs"][0], - :nic_type => "virtio" + :mac => box["macs"][0] ####, + ####:nic_type => "virtio" conf.vm.network :private_network, :adapter => 3, :ip => box["ips"][1], :mac => box["macs"][1], - :nic_type => "virtio", + ####:nic_type => "virtio", :type => :static if box["groups"].include? "centos" then diff --git a/vagrant/pxe/single_node_config.yml b/vagrant/pxe/single_node_config.yml index 17ff408..f48e22f 100644 --- a/vagrant/pxe/single_node_config.yml +++ b/vagrant/pxe/single_node_config.yml @@ -40,12 +40,13 @@ boxen: - name: ops-01 box: centos/7 ips: ['10.252.0.2', "10.220.220.2"] - macs: [] + macs: ["08002767736a" , "0800278a5a17"] cpus: 1 cpu: "50" memory: "1024" groups: ["bootstrap", "centos",] vagrant_ssh_port: 2502 + nic_type: 82540EM - name: ceph-01 box: centos/7 @@ -56,6 +57,7 @@ boxen: macs: ["0800276695A1","0800276695A2"] groups: ["ceph", "osds", "mons", "rgws", "rbdhost", "centos"] vagrant_ssh_port: 2521 + nic_type: 82540EM - name: coreos-01 box: vvp-empty @@ -66,6 +68,7 @@ boxen: ips: ["10.252.0.12", "10.220.220.12"] groups: ["coreos", "container-hosts", "fleetctl-host"] vagrant_ssh_port: 2512 + nic_type: "virtio" hosts: diff --git a/zones/development/inventory/group_vars/all/all.yml b/zones/development/inventory/group_vars/all/all.yml index 905d7f6..deaf2f8 100644 --- a/zones/development/inventory/group_vars/all/all.yml +++ b/zones/development/inventory/group_vars/all/all.yml @@ -86,3 +86,10 @@ rgws: - name: ceph-01 ip: 10.252.0.21 radosgw_civetweb_port: "8080" + +dockerconfig: + nexus3.onap.org:10001: + username: "{{ vault_onap_user }}" + password: "{{ vault_onap_password }}" + email: "{{ vault_onap_email }}" + diff --git a/zones/development/inventory/group_vars/all/unencrypted_vault.yml b/zones/development/inventory/group_vars/all/unencrypted_vault.yml index d967071..7283019 100644 --- a/zones/development/inventory/group_vars/all/unencrypted_vault.yml +++ b/zones/development/inventory/group_vars/all/unencrypted_vault.yml @@ -39,12 +39,58 @@ --- # cert for secure https # https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl#10176685 -# site_pem_cert: -# site_pem_key: -# site_pem: | -# {{site_pem_cert}} -# {{site_pem_key}} -site_pem: +site_pem_cert: | + -----BEGIN CERTIFICATE----- + MIIDEDCCAfgCCQDhahVKE9/eUjANBgkqhkiG9w0BAQsFADBKMRAwDgYDVQQKDAdF + eGFtcGxlMRAwDgYDVQQLDAdleGFtcGxlMSQwIgYDVQQDDBtkZXZlbG9wbWVudC52 + dnAuZXhhbXBsZS5jb20wHhcNMTcxMjI0MTUzOTA3WhcNMTgxMjI0MTUzOTA3WjBK + MRAwDgYDVQQKDAdFeGFtcGxlMRAwDgYDVQQLDAdleGFtcGxlMSQwIgYDVQQDDBtk + ZXZlbG9wbWVudC52dnAuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB + DwAwggEKAoIBAQCkvNGXe+bdvL2kvrP2L3WABt2WCFoZ2Pn8Px0eEsRiJHVD0eWz + rgJYHFJu0C0cK9NYSKxVVI8LnKH7Ny5MFfM4Tqyr3UEOLs+fSwaAqM5tSyZU/tEK + ractA7bi9fDk2lkcs+LLuZMqGPZ37UZcZwsUQ0BONHP668LqkWqT9hNLIN4ejInr + 32WA3Y7hPNd8Cj+AaLt1x2cXYzi9hrE5l3h9ofkOpXsgDzeIHlp4jJ6kXXQf8UM5 + 1viqa2CWXHBHEG+5eftLSaeE6LAlNt5IJ6LcWEZgNtXr2es4LJC3FjXrv0gc04Cp + U2OfizpbhT11cLGaeXOq1cUCXNIb4FcJApoXAgMBAAEwDQYJKoZIhvcNAQELBQAD + ggEBAFGPDG9iurAhUKbFkY97xLA443U01bdwi7eAT5T9qo/RzOwcbuKWXVm1k5HK + CQO81nlLqLQwhI1+uTTmR41epuJxyGIaDgUySB+8fLzyRSIFaxKD+UeVPgipDNZs + h0sKSKrO6MoWzMLUYvdZRw6VIc+UpSCqPY+FKUBUHZtMpSFLnhHjRvVkiP4VvFXj + b7jQzHughzeITygws42fKK/MK7wQ6byaMVRbPbQKPAXNxd/UrSPeX+RzKRWOZ6R8 + Ulyp7dezXCP77UaTZTsxwlurPQIZNMshDxE/SbWt0Q1g28rj5KfAjoZs5Tg/gmQ8 + LLKI/b1OvKohaANGZ6We5U+ceeU= + -----END CERTIFICATE----- +site_pem_key: | + -----BEGIN PRIVATE KEY----- + MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCkvNGXe+bdvL2k + vrP2L3WABt2WCFoZ2Pn8Px0eEsRiJHVD0eWzrgJYHFJu0C0cK9NYSKxVVI8LnKH7 + Ny5MFfM4Tqyr3UEOLs+fSwaAqM5tSyZU/tEKractA7bi9fDk2lkcs+LLuZMqGPZ3 + 7UZcZwsUQ0BONHP668LqkWqT9hNLIN4ejInr32WA3Y7hPNd8Cj+AaLt1x2cXYzi9 + hrE5l3h9ofkOpXsgDzeIHlp4jJ6kXXQf8UM51viqa2CWXHBHEG+5eftLSaeE6LAl + Nt5IJ6LcWEZgNtXr2es4LJC3FjXrv0gc04CpU2OfizpbhT11cLGaeXOq1cUCXNIb + 4FcJApoXAgMBAAECggEAfiunkw/waA+wZ8cvafQ7WAzqFYjcCUPnYsyr7maNRmWJ + 8qGF/jHd1cILWJfUlOjz+3/djZUv4cLbRN6kdN2y5INNOGxC8SvlFKmPl2ayg361 + Iw/u5vDNQ2q+3eFj2MNq0NLtdv7wuaNY0c1GwGqjT6eaTstZsOp05Nbu+9fSOwz8 + prE9EqSailpc0ZH03ToBCcViLPQ7DCyi3wD/LqZYyjnsJvpVV1FWjZMdMB5BLyP5 + vZH9BMbCA/kf+P5XV0mQOkqi79StlHGsmbwp9c5DRvbPvwMgluJjT4Q5veusmcZ3 + QxdjWUZKyvTSl6BaUWKfJLa0hOXtuQpyTxa067KTMQKBgQDSkSQs8hhgaXLARC1e + ql1+oY5ScrLUowAlrh5v1F9sq024I+EtOkwTdvdl3SB84nhrD5YCbaqyVF/n4TZA + h2vdPulgzNOAOAHyn42jznBndqkjit+uHNQPVV07o5ph957NCOnW4QOgMHxXkl4s + YQ99UbBfNgpL/OcCT9hEnywwzQKBgQDISD/Wjh0Vw6gtUyTr1T2T4KqsKOGMsHgX + mejFBgAZhy3RA4qJpKZGO9e2+Eo1dR7Q+V239xZW/VtFCrgKaCD6oDXQP3H+p/wV + oEz3l2h1dkJlXIWugVTcNn8cGyMSR/A1A2pUP6C0E2jI1WYDiOePvqRU6is18tf0 + Cp27g5NmcwKBgFHE/1Fc6k52ZJN5Zkz+x7PnNQebdwrQCbyYM0WmKTBgDZxWgpk3 + rFdauZQbHQSiRbT9pnlm8QSzc1LuyEyiyiZuyd5HbFK8bTU09KIKBuiG0gP1aAuL + MmaJ9dy1Gby1ljt1HKnPU8MfUQoI0v1U69j0ohM3PyRnH6ZsL0Xmshh5AoGAYOKK + dykCKuAeP+bDqo3aHuoExgl0qpFHVutuLbksXS0GXeDfqJwMj1ctj+ZmR5vjj2XC + D1co6GXhO/Hme6pJodPUlGvMokry6CdGdFM7Be9ySQRL6tHHkkuOi7MY8SP5sDt5 + uU2aWOI2w0hv8+/LTL8FUcqBorRaAUUNboNEz78CgYEAqtmr4bbXydg4ZErF9sfV + Hx5HYt40yMPj2kGxRZonAv/ipphzB4TWffErGB6X/w3gQjekfzKjE5NkHeo3+DB+ + o1jsPrIxkpYXK02vSV7tYvyZs0AXiFrnldPdK9a4tmXxadD0fmNJLfSHpwKU5wPj + NGe3PnkOZLRT80uOZEi1Lxg= + -----END PRIVATE KEY----- +site_pem: | + {{site_pem_cert}} + {{site_pem_key}} # EM database vault_em_postgresql_user: em_postgresuser @@ -61,8 +107,13 @@ vault_em_secret_key: "#91e__w3k=781@y(e_#6hu6t&h254#u)&bj+m9thx%k!6^*06r" # Information for sending email from the platform vault_email_host: 'localhost' -vault_email_host_user: -vault_email_host_password: +vault_email_host_user: example +vault_email_host_password: EXAMPLE + +vault_onap_user: "docker" +vault_onap_password: "docker" +vault_onap_email: "email@email.com" + # pwgen -1 32 vault_engagementmgr_webhook_token: Aip7ohx1eiHaeshoh9shailu9eex7tha diff --git a/zones/development/inventory/group_vars/bootstrap.yml b/zones/development/inventory/group_vars/bootstrap.yml index e1b4d77..3dfb61c 100644 --- a/zones/development/inventory/group_vars/bootstrap.yml +++ b/zones/development/inventory/group_vars/bootstrap.yml @@ -38,7 +38,7 @@ # ECOMP is a trademark and service mark of AT&T Intellectual Property. coreos_channel: "stable" coreos_version: "1409.7.0" -k8s_version: "v1.5.2_coreos.2" +k8s_version: "v1.6.13_coreos.0" container_runtime: docker ops_public_interface: eth2 ops_management_interface: eth1 diff --git a/zones/development/inventory/group_vars/local.yml b/zones/development/inventory/group_vars/local.yml index 5e42769..e4a329c 100644 --- a/zones/development/inventory/group_vars/local.yml +++ b/zones/development/inventory/group_vars/local.yml @@ -37,8 +37,8 @@ # # ECOMP is a trademark and service mark of AT&T Intellectual Property. enable_liveness_probes: false -container_uri: example.com/vvp -container_tag: develop +container_uri: nexus3.onap.org:10001/openecomp/vvp/ +container_tag: latest k8_config_dir: "{{inventory_dir}}/../k8" external_ips: - 10.220.220.12 @@ -70,3 +70,7 @@ jenkins_admin_config_xml: | </hudson.security.HudsonPrivateSecurityRealm_-Details> </properties> </user> +program_name_url_prefix: vvp +service_provider: NA +service_provider_domain: na.com +program_name: VVP |