aboutsummaryrefslogtreecommitdiffstats
path: root/ansible/roles/ansible-vvp-templates
diff options
context:
space:
mode:
authoredan.binshtok <eb578m@intl.att.com>2017-11-21 20:06:04 +0200
committeredan.binshtok <eb578m@intl.att.com>2017-11-21 20:09:14 +0200
commit307215471b50e1f27654819434fb08de4d003d82 (patch)
tree36e07c3fe747d17a6d1e7d2642f2afd567a7d4b9 /ansible/roles/ansible-vvp-templates
parenteb123edb162afc20da8d618df1e77d73b8236f6d (diff)
Fix gitignore and missing files
Due to bad gitignore some files were missing. Now .vault_passwords added and dirs under roles Issue-ID: VVP-32 Change-Id: I2b9b7afe305603b37fbfe184dc36156c8461bc85 Signed-off-by: edan.binshtok <eb578m@intl.att.com>
Diffstat (limited to 'ansible/roles/ansible-vvp-templates')
-rw-r--r--ansible/roles/ansible-vvp-templates/defaults/main.yml41
-rw-r--r--ansible/roles/ansible-vvp-templates/files/configmaps/ci-configmap.yaml321
-rw-r--r--ansible/roles/ansible-vvp-templates/files/configmaps/cms-configmap.yaml477
-rw-r--r--ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml442
-rw-r--r--ansible/roles/ansible-vvp-templates/files/configmaps/nginx-cms-configmap.yaml74
-rw-r--r--ansible/roles/ansible-vvp-templates/files/configmaps/nginx-em-configmap.yaml75
-rw-r--r--ansible/roles/ansible-vvp-templates/files/configmaps/portal-nginx-configmap.yaml66
-rw-r--r--ansible/roles/ansible-vvp-templates/files/configmaps/postgresql-conf-configmap.yaml65
-rw-r--r--ansible/roles/ansible-vvp-templates/files/configmaps/postgresql-initdb-configmap.yaml61
-rw-r--r--ansible/roles/ansible-vvp-templates/files/deployments/30-cms-nginx-deployment.yaml70
-rw-r--r--ansible/roles/ansible-vvp-templates/files/deployments/30-em-nginx-deployment.yaml70
-rw-r--r--ansible/roles/ansible-vvp-templates/files/jobs/s3provision-job.yaml60
-rw-r--r--ansible/roles/ansible-vvp-templates/files/services/ci-service.yaml52
-rw-r--r--ansible/roles/ansible-vvp-templates/files/services/cms-service.yaml52
-rw-r--r--ansible/roles/ansible-vvp-templates/files/services/cms-uwsgi-service.yaml52
-rw-r--r--ansible/roles/ansible-vvp-templates/files/services/em-service.yaml52
-rw-r--r--ansible/roles/ansible-vvp-templates/files/services/em-uwsgi-service.yaml52
-rw-r--r--ansible/roles/ansible-vvp-templates/files/services/gitlab-service.yaml55
-rw-r--r--ansible/roles/ansible-vvp-templates/files/services/imagescanner-service.yaml52
-rw-r--r--ansible/roles/ansible-vvp-templates/files/services/jenkins-service.yaml52
-rw-r--r--ansible/roles/ansible-vvp-templates/files/services/portal-service.yaml52
-rw-r--r--ansible/roles/ansible-vvp-templates/files/services/postgresql-service.yaml52
-rw-r--r--ansible/roles/ansible-vvp-templates/files/services/redis-service.yaml52
-rw-r--r--ansible/roles/ansible-vvp-templates/tasks/main.yml42
-rw-r--r--ansible/roles/ansible-vvp-templates/tasks/render.yml73
-rw-r--r--ansible/roles/ansible-vvp-templates/tasks/rerender.yml42
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2198
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/configmaps/s3provision-configmap.yaml.j286
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2108
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2108
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/10-redis.yaml.j255
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2165
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2146
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2162
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2107
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j289
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j270
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/40-ext-haproxy-deployment.yaml.j295
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/40-int-haproxy-deployments.yaml.j289
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/ceph-secret.yaml.j246
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/ci-secret.yaml.j248
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/cms-secret.yaml.j252
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/em-secret.yaml.j254
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j246
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/gitlab-password-secret.yaml.j247
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/haproxy-auth-secret.yaml.j247
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/imagescanner-ssh-secret.yaml.j250
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-admin-secret.yaml.j247
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-deploykey-secret.yaml.j247
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-ssh-secret.yaml.j251
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/postgresql-passwords-secret.yaml.j250
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j247
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j246
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/slack-tokens-secret.yaml.j246
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/services/haproxy-service.yaml.j2105
55 files changed, 4861 insertions, 0 deletions
diff --git a/ansible/roles/ansible-vvp-templates/defaults/main.yml b/ansible/roles/ansible-vvp-templates/defaults/main.yml
new file mode 100644
index 0000000..01d1be6
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/defaults/main.yml
@@ -0,0 +1,41 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+
+livenessProbe_initialDelaySeconds: {}
diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/ci-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/ci-configmap.yaml
new file mode 100644
index 0000000..05c15d2
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/configmaps/ci-configmap.yaml
@@ -0,0 +1,321 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: ci-settings
+ namespace: default
+data:
+ uwsgi.ini: |
+ [uwsgi]
+ uwsgi-socket = :80
+ http = :8282
+ plugin = python
+ chdir = /app
+ module = web.wsgi:application
+ master = True
+ pidfile = /tmp/project-master.pid
+ vacuum = True
+ max-requests = 5000
+ enable-threads = True
+ stats = 0.0.0.0:9000
+ stats-http = True
+ __init__.py: |
+ import os
+ from datetime import datetime
+
+ # With this file at web/settings/__init__.py, we need three applications of
+ # dirname() to find the project root.
+ PROJECT_PATH = os.path.realpath(os.path.dirname(os.path.dirname(os.path.dirname(__file__))))
+ LOGS_PATH = os.path.join(PROJECT_PATH, "logs")
+
+ ICE_ENVIRONMENT = os.environ['ICE_ENVIRONMENT']
+ PROGRAM_NAME_URL_PREFIX = os.environ['PROGRAM_NAME_URL_PREFIX']
+
+ # See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
+ SECRET_KEY = os.environ["SECRET_KEY"]
+
+ # https://docs.djangoproject.com/en/1.10/ref/settings/#allowed-hosts
+ # Anything in the Host header that does not match our expected domain should
+ # raise SuspiciousOperation exception.
+ ALLOWED_HOSTS = ['*']
+
+ if ICE_ENVIRONMENT == 'production':
+ DEBUG = False
+
+ EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+ EMAIL_HOST = os.environ.get('ICE_EMAIL_HOST')
+ EMAIL_HOST_PASSWORD = os.environ['EMAIL_HOST_PASSWORD']
+ EMAIL_HOST_USER = os.environ['EMAIL_HOST_USER']
+ EMAIL_PORT = os.environ['EMAIL_PORT']
+ else:
+ DEBUG = True
+ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+
+
+ # Note: Only SSL email backends are allowed
+ EMAIL_USE_SSL = True
+
+ REST_FRAMEWORK = {
+ 'DEFAULT_AUTHENTICATION_CLASSES': (
+ 'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
+ ),
+ 'PAGE_SIZE': 10,
+ # Use Django's standard `django.contrib.auth` permissions,
+ # or allow read-only access for unauthenticated users.
+ 'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.IsAdminUser',),
+ }
+ APPEND_SLASH = False
+
+ # Application definition
+
+ INSTALLED_APPS = [
+
+ 'django.contrib.auth',
+ 'django.contrib.contenttypes', # required by d.c.admin
+ 'django.contrib.sessions', # required by d.c.admin
+ 'django.contrib.messages', # required by d.c.admin
+ 'django.contrib.staticfiles',
+ 'django.contrib.admin', # django admin site
+ 'rest_framework',
+ 'iceci.apps.IceCiConfig',
+ ]
+
+ MIDDLEWARE_CLASSES = [
+ 'django.middleware.security.SecurityMiddleware',
+ 'django.contrib.sessions.middleware.SessionMiddleware',
+ 'django.middleware.common.CommonMiddleware',
+ 'django.middleware.csrf.CsrfViewMiddleware',
+ 'django.contrib.auth.middleware.AuthenticationMiddleware',
+ 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
+ 'django.contrib.messages.middleware.MessageMiddleware',
+ 'django.middleware.clickjacking.XFrameOptionsMiddleware',
+ ]
+
+ ROOT_URLCONF = 'web.urls'
+
+ TEMPLATES = [
+ {
+ 'BACKEND': 'django.template.backends.django.DjangoTemplates',
+ 'DIRS': [PROJECT_PATH + '/web/templates'],
+ 'APP_DIRS': True,
+ 'OPTIONS': {
+ 'context_processors': [
+ 'django.template.context_processors.debug',
+ 'django.template.context_processors.request',
+ 'django.contrib.auth.context_processors.auth', # required by d.c.admin
+ 'django.contrib.messages.context_processors.messages', # required by d.c.admin
+ ],
+ },
+ },
+ ]
+
+ WSGI_APPLICATION = 'web.wsgi.application'
+
+ # Database
+ # https://docs.djangoproject.com/en/1.9/ref/settings/#databases
+
+ DATABASES = {
+ 'default': { # CI DB details.
+ 'NAME': '/app/ice_ci_db.db' ,
+ 'ENGINE': 'django.db.backends.sqlite3',
+ 'TEST_NAME': '/app/ice_ci_db.db',
+ },
+ }
+ SINGLETONE_DB = {
+ 'default': { # CI DB details.
+ 'ENGINE': 'django.db.backends.postgresql',
+ 'NAME': os.environ.get('CI_DB_NAME', 'ice_ci_db'),
+ 'USER': os.environ.get('CI_DB_USER', 'iceci'),
+ 'PASSWORD': os.environ.get('CI_DB_PASSWORD', 'Aa123456'),
+ 'HOST': os.environ.get('CI_DB_HOST', 'localhost'),
+ 'PORT': os.environ.get('CI_DB_PORT', '5433'),
+ },
+ 'em_db': { # ICE DB details.
+ 'ENGINE': 'django.db.backends.postgresql',
+ 'NAME': os.environ.get('EM_DB_NAME', 'icedb'),
+ 'USER': os.environ.get('EM_DB_USER', 'iceuser'),
+ 'PASSWORD': os.environ.get('EM_DB_PASSWORD', 'Aa123456'),
+ 'HOST': os.environ.get('EM_DB_HOST', 'localhost'),
+ 'PORT': os.environ.get('EM_DB_PORT', '5433'),
+ },
+ 'cms_db': { # ICE CMS details.
+ 'ENGINE': 'django.db.backends.postgresql',
+ 'NAME': os.environ.get('CMS_DB_NAME', 'icecmsdb'),
+ 'USER': os.environ.get('CMS_DB_USER', 'icecmsuser'),
+ 'PASSWORD': os.environ.get('CMS_DB_PASSWORD', 'Aa123456'),
+ 'HOST': os.environ.get('CMS_DB_HOST', 'localhost'),
+ 'PORT': os.environ.get('CMS_DB_PORT', '5433'),
+ }
+ }
+
+ # Password validation
+ # https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators
+
+ AUTH_PASSWORD_VALIDATORS = [
+ {
+ 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
+ },
+ {
+ 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+ },
+ {
+ 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+ },
+ {
+ 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+ },
+ ]
+
+
+ # Internationalization
+ # https://docs.djangoproject.com/en/1.9/topics/i18n/
+
+ LANGUAGE_CODE = 'en-us'
+
+ TIME_ZONE = 'UTC'
+
+ USE_I18N = True
+
+ USE_L10N = True
+
+ USE_TZ = False
+
+
+ # Static files (CSS, JavaScript, Images)
+ # https://docs.djangoproject.com/en/1.9/howto/static-files/
+ STATIC_ROOT = os.environ['STATIC_ROOT']
+ STATIC_URL = '/static/'
+
+ LOGGING = {
+ 'version': 1,
+ 'disable_existing_loggers': False,
+ 'formatters': { # All possible attributes are: https://docs.python.org/3/library/logging.html#logrecord-attributes
+ 'verbose': {
+ 'format': '%(asctime)s %(levelname)s %(module)s %(filename)s:%(lineno)d %(process)d %(thread)d %(message)s'
+ },
+ 'simple': {
+ 'format': '%(asctime)s %(levelname)s %(filename)s:%(lineno)d %(message)s'
+ },
+ },
+ 'handlers': {
+ 'console': {
+ 'class': 'logging.StreamHandler',
+ 'formatter': 'simple'
+ },
+ 'file1': {
+ 'level': 'INFO', # handler will ignore DEBUG (only process INFO, WARN, ERROR, CRITICAL, FATAL)
+ 'class': 'logging.FileHandler',
+ 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-info.log',
+ 'formatter': 'verbose'
+ },
+ 'file2': {
+ 'level': 'DEBUG',
+ 'class': 'logging.FileHandler',
+ 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-debug.log',
+ 'formatter': 'verbose'
+ },
+ 'file3': {
+ 'level': 'ERROR',
+ 'class': 'logging.FileHandler',
+ 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-requests.log',
+ 'formatter': 'verbose'
+ },
+ 'file4': {
+ 'level': 'ERROR',
+ 'class': 'logging.FileHandler',
+ 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-db.log',
+ 'formatter': 'verbose'
+ }
+ },
+ 'loggers': {
+ 'vvp-ci.logger': {
+ 'handlers': ['file1', 'file2', 'file3', 'file4','console'],
+ 'level': os.getenv('ICE_ICE_LOGGER_LEVEL', 'DEBUG'),
+ },
+ 'django': {
+ 'handlers': ['console'],
+ 'level': os.getenv('ICE_DJANGO_LOGGER_LEVEL', 'DEBUG'),
+ },
+ 'django.request': {
+ 'handlers': ['file3'],
+ 'level': os.getenv('ICE_ICE_REQUESTS_LOGGER_LEVEL', 'ERROR'),
+ },
+ 'django.db.backends': {
+ 'handlers': ['file4'],
+ 'level': os.getenv('ICE_ICE_DB_LOGGER_LEVEL', 'ERROR'),
+ }
+ }
+ }
+
+
+ #############################
+ # ICE-CI Related Configuration
+ #############################
+ ICE_CONTACT_FROM_ADDRESS = os.getenv('ICE_CONTACT_FROM_ADDRESS')
+ ICE_CONTACT_EMAILS = list(os.getenv('ICE_CONTACT_EMAILS')
+ ICE_CI_ENVIRONMENT_NAME = os.getenv('ICE_CI_ENVIRONMENT_NAME', 'Dev') # Dev / Docker / Staging
+ ICE_EM_URL = "{domain}/{prefix}".format(domain=os.environ['ICE_EM_DOMAIN_NAME'], prefix=PROGRAM_NAME_URL_PREFIX)
+ ICE_PORTAL_URL = os.environ['ICE_DOMAIN']
+ EM_REST_URL = ICE_EM_URL + '/v1/engmgr/'
+
+ #Number of test results presented in admin page. Illegal values: '0' or 'Null'
+ NUMBER_OF_TEST_RESULTS = int(os.getenv('NUMBER_OF_TEST_RESULTS', '30'))
+ ICE_BUILD_REPORT_NUM = os.getenv('ICE_BUILD_REPORT_NUM',"{:%Y-%m-%d-%H-%M-%S}".format(datetime.now()))
+ IS_JUMP_STATE=os.getenv('IS_JUMP_STATE', "True")
+ DATABASE_TYPE = 'sqlite'
+
+ # FIXME: Does this authentication scheme actually gain us anything? What's the
+ # threat model
+ WEBHOOK_TOKEN = os.environ['SECRET_WEBHOOK_TOKEN']
+
+ # The authentication token and URL needed for us to issue requests to the GitLab API.
+ GITLAB_TOKEN = os.environ['SECRET_GITLAB_AUTH_TOKEN']
+ GITLAB_URL = "http://gitlab/"
+
+ JENKINS_URL = "http://jenkins:8080/"
+ JENKINS_USERNAME = "admin"
+ JENKINS_PASSWORD = os.environ['SECRET_JENKINS_PASSWORD']
+
+ AWS_S3_HOST = os.environ['S3_HOST']
+ AWS_S3_PORT = int(os.environ['S3_PORT'])
+ AWS_S3_CUSTOM_DOMAIN = os.environ['S3_HOST']
+ AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID']
+ AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY']
diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/cms-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/cms-configmap.yaml
new file mode 100644
index 0000000..4aedece
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/configmaps/cms-configmap.yaml
@@ -0,0 +1,477 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: cms-settings
+ namespace: default
+data:
+ uwsgi.ini: |
+ [uwsgi]
+ uwsgi-socket = :80
+ plugin = python
+ chdir = /srv
+ module = cms.wsgi:application
+ master = True
+ pidfile = /tmp/project-master.pid
+ vacuum = True
+ max-requests = 5000
+ enable-threads = True
+ stats = 0.0.0.0:9000
+ stats-http = True
+ __init__.py: |
+ from __future__ import absolute_import, unicode_literals
+ import os
+ from cms.envbool import envbool
+
+ from django import VERSION as DJANGO_VERSION
+ from django.utils.translation import ugettext_lazy as _
+ from boto.s3.connection import OrdinaryCallingFormat
+
+
+ ######################
+ # MEZZANINE SETTINGS #
+ ######################
+
+ # The following settings are already defined with default values in
+ # the ``defaults.py`` module within each of Mezzanine's apps, but are
+ # common enough to be put here, commented out, for conveniently
+ # overriding. Please consult the settings documentation for a full list
+ # of settings Mezzanine implements:
+ # http://mezzanine.jupo.org/docs/configuration.html#default-settings
+
+ # Controls the ordering and grouping of the admin menu.
+ #
+ # ADMIN_MENU_ORDER = (
+ # ("Content", ("pages.Page", "blog.BlogPost",
+ # "generic.ThreadedComment", (_("Media Library"), "media-library"),)),
+ # ("Site", ("sites.Site", "redirects.Redirect", "conf.Setting")),
+ # ("Users", ("auth.User", "auth.Group",)),
+ # )
+
+ # A three item sequence, each containing a sequence of template tags
+ # used to render the admin dashboard.
+ #
+ # DASHBOARD_TAGS = (
+ # ("blog_tags.quick_blog", "mezzanine_tags.app_list"),
+ # ("comment_tags.recent_comments",),
+ # ("mezzanine_tags.recent_actions",),
+ # )
+
+ # A sequence of templates used by the ``page_menu`` template tag. Each
+ # item in the sequence is a three item sequence, containing a unique ID
+ # for the template, a label for the template, and the template path.
+ # These templates are then available for selection when editing which
+ # menus a page should appear in. Note that if a menu template is used
+ # that doesn't appear in this setting, all pages will appear in it.
+
+ # PAGE_MENU_TEMPLATES = (
+ # (1, _("Top navigation bar"), "pages/menus/dropdown.html"),
+ # (2, _("Left-hand tree"), "pages/menus/tree.html"),
+ # (3, _("Footer"), "pages/menus/footer.html"),
+ # )
+
+ # A sequence of fields that will be injected into Mezzanine's (or any
+ # library's) models. Each item in the sequence is a four item sequence.
+ # The first two items are the dotted path to the model and its field
+ # name to be added, and the dotted path to the field class to use for
+ # the field. The third and fourth items are a sequence of positional
+ # args and a dictionary of keyword args, to use when creating the
+ # field instance. When specifying the field class, the path
+ # ``django.models.db.`` can be omitted for regular Django model fields.
+ #
+ # EXTRA_MODEL_FIELDS = (
+ # (
+ # # Dotted path to field.
+ # "mezzanine.blog.models.BlogPost.image",
+ # # Dotted path to field class.
+ # "somelib.fields.ImageField",
+ # # Positional args for field class.
+ # (_("Image"),),
+ # # Keyword args for field class.
+ # {"blank": True, "upload_to": "blog"},
+ # ),
+ # # Example of adding a field to *all* of Mezzanine's content types:
+ # (
+ # "mezzanine.pages.models.Page.another_field",
+ # "IntegerField", # 'django.db.models.' is implied if path is omitted.
+ # (_("Another name"),),
+ # {"blank": True, "default": 1},
+ # ),
+ # )
+
+ # Setting to turn on featured images for blog posts. Defaults to False.
+ #
+ # BLOG_USE_FEATURED_IMAGE = True
+
+ # If True, the django-modeltranslation will be added to the
+ # INSTALLED_APPS setting.
+ USE_MODELTRANSLATION = False
+
+
+ ########################
+ # MAIN DJANGO SETTINGS #
+ ########################
+
+ # Hosts/domain names that are valid for this site; required if DEBUG is False
+ # See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
+ ALLOWED_HOSTS = ['*']
+
+ # Set UTC time zone:
+ TIME_ZONE = 'UTC'
+ USE_TZ = True
+
+ # Local time zone for this installation. Choices can be found here:
+ # http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
+ # although not all choices may be available on all operating systems.
+ # On Unix systems, a value of None will cause Django to use the same
+ # timezone as the operating system.
+ # If running in a Windows environment this must be set to the same as your
+ # system time zone.
+ TIME_ZONE = 'UTC'
+
+ # If you set this to True, Django will use timezone-aware datetimes.
+ USE_TZ = True
+
+ # Language code for this installation. All choices can be found here:
+ # http://www.i18nguy.com/unicode/language-identifiers.html
+ LANGUAGE_CODE = "en"
+
+ # Supported languages
+ LANGUAGES = (
+ ('en', _('English')),
+ )
+
+ ENVIRONMENT = os.environ['ENVIRONMENT']
+
+ # See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
+ SECRET_KEY = os.environ["SECRET_KEY"]
+
+ # A boolean that turns on/off debug mode. When set to ``True``, stack traces
+ # are displayed for error pages. Should always be set to ``False`` in
+ # production. Best set to ``True`` in local_settings.py
+ DEBUG = envbool('DJANGO_DEBUG_MODE', False)
+
+ # Note: Only SSL email backends are allowed
+ EMAIL_USE_SSL = True
+
+ # Whether a user's session cookie expires when the Web browser is closed.
+ SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+
+ SITE_ID = 1
+
+ # If you set this to False, Django will make some optimizations so as not
+ # to load the internationalization machinery.
+ USE_I18N = False
+
+ AUTHENTICATION_BACKENDS = ("mezzanine.core.auth_backends.MezzanineBackend",)
+
+ # The numeric mode to set newly-uploaded files to. The value should be
+ # a mode you'd pass directly to os.chmod.
+ FILE_UPLOAD_PERMISSIONS = 0o644
+
+
+ #############
+ # DATABASES #
+ #############
+
+ DATABASES = {
+ 'default': {
+ 'ENGINE': 'django.db.backends.postgresql',
+ 'NAME': os.environ['PGDATABASE'],
+ 'USER': os.environ['PGUSER'],
+ 'PASSWORD': os.environ['PGPASSWORD'],
+ 'HOST': os.environ['PGHOST'],
+ 'PORT': os.environ['PGPORT'],
+ }
+ }
+
+
+ #########
+ # PATHS #
+ #########
+
+ # Full filesystem path to the project.
+ PROJECT_APP_PATH = os.path.dirname(os.path.abspath(__file__))
+ PROJECT_APP = os.path.basename(PROJECT_APP_PATH)
+ PROJECT_ROOT = BASE_DIR = os.path.dirname(PROJECT_APP_PATH)
+
+ # Every cache key will get prefixed with this value - here we set it to
+ # the name of the directory the project is in to try and use something
+ # project specific.
+ CACHE_MIDDLEWARE_KEY_PREFIX = PROJECT_APP
+
+ # Package/module name to import the root urlpatterns from for the project.
+ ROOT_URLCONF = 'cms.urls'
+
+ TEMPLATES = [
+ {
+ "BACKEND": "django.template.backends.django.DjangoTemplates",
+ "DIRS": [
+ os.path.join(PROJECT_ROOT, "templates")
+ ],
+ "APP_DIRS": True,
+ "OPTIONS": {
+ "context_processors": [
+ "django.contrib.auth.context_processors.auth",
+ "django.contrib.messages.context_processors.messages",
+ "django.template.context_processors.debug",
+ "django.template.context_processors.i18n",
+ "django.template.context_processors.static",
+ "django.template.context_processors.media",
+ "django.template.context_processors.request",
+ "django.template.context_processors.tz",
+ "mezzanine.conf.context_processors.settings",
+ "mezzanine.pages.context_processors.page",
+ ],
+ "builtins": [
+ "mezzanine.template.loader_tags",
+ ],
+ },
+ },
+ ]
+
+ if DJANGO_VERSION < (1, 9):
+ del TEMPLATES[0]["OPTIONS"]["builtins"]
+
+
+ ################
+ # APPLICATIONS #
+ ################
+
+ INSTALLED_APPS = (
+ "mezzanine_api",
+ "rest_framework",
+ "rest_framework_swagger",
+ "oauth2_provider",
+ "django.contrib.admin",
+ "django.contrib.auth",
+ "django.contrib.contenttypes",
+ "django.contrib.redirects",
+ "django.contrib.sessions",
+ "django.contrib.sites",
+ "django.contrib.sitemaps",
+ "django.contrib.staticfiles",
+ "mezzanine.boot",
+ "mezzanine.conf",
+ "mezzanine.core",
+ "mezzanine.generic",
+ "mezzanine.pages",
+ "mezzanine.blog",
+ "mezzanine.forms",
+ "mezzanine.galleries",
+ "mezzanine.twitter",
+ # "mezzanine.accounts",
+ # "mezzanine.mobile",
+ "cms" ,
+ "storages",
+ )
+
+ # List of middleware classes to use. Order is important; in the request phase,
+ # these middleware classes will be applied in the order given, and in the
+ # response phase the middleware will be applied in reverse order.
+ MIDDLEWARE_CLASSES = (
+ "mezzanine.core.middleware.UpdateCacheMiddleware",
+ "mezzanine_api.middleware.ApiMiddleware",
+ 'django.contrib.sessions.middleware.SessionMiddleware',
+ # Uncomment if using internationalisation or localisation
+ # 'django.middleware.locale.LocaleMiddleware',
+ 'django.middleware.common.CommonMiddleware',
+ 'django.middleware.csrf.CsrfViewMiddleware',
+ 'django.contrib.auth.middleware.AuthenticationMiddleware',
+ 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
+ 'django.contrib.messages.middleware.MessageMiddleware',
+ 'django.middleware.clickjacking.XFrameOptionsMiddleware',
+
+ "mezzanine.core.request.CurrentRequestMiddleware",
+ "mezzanine.core.middleware.RedirectFallbackMiddleware",
+ "mezzanine.core.middleware.TemplateForDeviceMiddleware",
+ "mezzanine.core.middleware.TemplateForHostMiddleware",
+ "mezzanine.core.middleware.AdminLoginInterfaceSelectorMiddleware",
+ "mezzanine.core.middleware.SitePermissionMiddleware",
+ "mezzanine.pages.middleware.PageMiddleware",
+ "mezzanine.core.middleware.FetchFromCacheMiddleware",
+ )
+
+ # Store these package names here as they may change in the future since
+ # at the moment we are using custom forks of them.
+ PACKAGE_NAME_FILEBROWSER = "filebrowser_safe"
+ PACKAGE_NAME_GRAPPELLI = "grappelli_safe"
+
+ #########################
+ # OPTIONAL APPLICATIONS #
+ #########################
+
+ # These will be added to ``INSTALLED_APPS``, only if available.
+ OPTIONAL_APPS = (
+ "debug_toolbar",
+ "django_extensions",
+ "compressor",
+ PACKAGE_NAME_FILEBROWSER,
+ PACKAGE_NAME_GRAPPELLI,
+ )
+
+ #####################
+ # REST API SETTINGS #
+ #####################
+ try:
+ from mezzanine_api.settings import *
+ except ImportError:
+ pass
+
+
+ ##################
+ # LOCAL SETTINGS #
+ ##################
+
+ # Allow any settings to be defined in local_settings.py which should be
+ # ignored in your version control system allowing for settings to be
+ # defined per ma chine.
+
+ # Instead of doing "from .local_settings import *", we use exec so that
+ # local_settings has full access to everything defined in this module.
+ # Also force into sys.modules so it's visible to Django's autoreload.
+
+ f = os.path.join(PROJECT_APP_PATH, "local_settings/__init__.py")
+ if os.path.exists(f):
+ import sys
+ import imp
+ module_name = "%s.local_settings" % PROJECT_APP
+ module = imp.new_module(module_name)
+ module.__file__ = f
+ sys.modules[module_name] = module
+ exec(open(f, "rb").read())
+
+
+ ####################
+ # DYNAMIC SETTINGS #
+ ####################
+
+ # set_dynamic_settings() will rewrite globals based on what has been
+ # defined so far, in order to provide some better defaults where
+ # applicable. We also allow this settings module to be imported
+ # without Mezzanine installed, as the case may be when using the
+ # fabfile, where setting the dynamic settings below isn't strictly
+ # required.
+ try:
+ from mezzanine.utils.conf import set_dynamic_settings
+ except ImportError:
+ pass
+ else:
+ set_dynamic_settings(globals())
+
+ # default settings for mezzanine
+ NEVERCACHE_KEY = os.getenv('CMS_NEVERCACHE_KEY', ''),
+ # Application User
+ CMS_APP_USER = os.getenv('CMS_APP_USER')
+ CMS_APP_USER_PASSWORD = os.getenv('CMS_APP_USER_PASSWORD')
+ CMS_APP_USER_MAIL = os.getenv('CMS_APP_USER_MAIL')
+ # Client App (EM)
+ CMS_APP_CLIENT_ID = os.getenv('CMS_APP_CLIENT_ID')
+ CMS_APP_CLIENT_SECRET = os.getenv('CMS_APP_CLIENT_SECRET')
+ CMS_APP_NAME = 'Engagement_Manager_App'
+ REST_FRAMEWORK['DEFAULT_RENDERER_CLASSES'] = (
+ 'rest_framework.renderers.JSONRenderer',
+ )
+
+ # S3 configuration for static resources storage and media upload
+
+ # used by our custom storage.py
+ MEDIA_BUCKET = "cms-media"
+ STATIC_BUCKET = "cms-static"
+
+ # django-storages configuration
+ AWS_S3_HOST = os.environ['S3_HOST']
+ AWS_S3_PORT = int(os.environ['S3_PORT'])
+ AWS_S3_CUSTOM_DOMAIN = os.environ['S3_HOST']
+ AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID']
+ AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY']
+ AWS_AUTO_CREATE_BUCKET = True
+ AWS_PRELOAD_METADATA = True
+
+ # Set by custom subclass.
+ # AWS_STORAGE_BUCKET_NAME = "em-static"
+ AWS_S3_CALLING_FORMAT = OrdinaryCallingFormat()
+ DEFAULT_FILE_STORAGE = 'cms.settings.storage.S3MediaStorage'
+ STATICFILES_STORAGE = 'cms.settings.storage.S3StaticStorage'
+
+ # These seem to have no effect even when we don't override with custom_domain?
+ STATIC_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, STATIC_BUCKET)
+ MEDIA_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, MEDIA_BUCKET)
+
+ STATIC_ROOT = os.environ['STATIC_ROOT']
+
+ storage.py: |
+ """
+ storage.py
+
+ In order to make Django store trusted static files and untrusted media
+ (user-uploaded) files in separate s3 buckets, we must create two different
+ storage classes.
+
+ https://www.caktusgroup.com/blog/2014/11/10/Using-Amazon-S3-to-store-your-Django-sites-static-and-media-files/
+ http://www.leehodgkinson.com/blog/my-mezzanine-s3-setup/
+
+ """
+
+ # FIXME this module never changes so might not need not be kept in a
+ # configmap. Also it is (almost) the same as what we use in em; that does
+ # not use S3BotoStorageMixin.
+
+ # There is a newer storage based on boto3 but that doesn't support changing
+ # the HOST, as we need to for non-amazon s3 services. It does support an
+ # "endpoint"; setting AWS_S3_ENDPOINT_URL may cause it to work.
+ from storages.backends.s3boto import S3BotoStorage
+ from filebrowser_safe.storage import S3BotoStorageMixin
+ from django.conf import settings
+
+
+ # NOTE for some reason, collectstatic uploads to bucket/location but the
+ # urls constructed are domain/location
+ class S3StaticStorage(S3BotoStorage, S3BotoStorageMixin):
+ custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.STATIC_BUCKET)
+ bucket_name = settings.STATIC_BUCKET
+ # location = ...
+
+
+ class S3MediaStorage(S3BotoStorage, S3BotoStorageMixin):
+ custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.MEDIA_BUCKET)
+ bucket_name = settings.MEDIA_BUCKET
+ # location = ...
diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml
new file mode 100644
index 0000000..79ad7b2
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml
@@ -0,0 +1,442 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: em-settings
+ namespace: default
+data:
+ uwsgi.ini: |
+ [uwsgi]
+ uwsgi-socket = :80
+ plugin = python
+ chdir = /srv
+ module = vvp.wsgi:application
+ master = True
+ pidfile = /tmp/project-master.pid
+ vacuum = True
+ max-requests = 5000
+ enable-threads = True
+ stats = 0.0.0.0:9000
+ stats-http = True
+ __init__.py: |
+ """
+ Django settings for VVP project.
+
+ Environment variables that must exist:
+
+ ENVIRONMENT
+ SECRET_KEY
+ SECRET_WEBHOOK_TOKEN
+ SECRET_GITLAB_AUTH_TOKEN
+ SECRET_JENKINS_PASSWORD
+ SECRET_CMS_APP_CLIENT_ID
+ SECRET_CMS_APP_CLIENT_SECRET
+
+ Environment variables that must exist in production:
+
+ EMAIL_HOST
+ EMAIL_HOST_PASSWORD
+ EMAIL_HOST_USER
+ EMAIL_PORT
+
+ """
+
+ import os
+ from vvp.settings.envbool import envbool
+ from corsheaders.defaults import default_headers
+ from boto.s3.connection import OrdinaryCallingFormat
+ import datetime
+
+ # With this file at ice/settings/__init__.py, we need three applications of
+ # dirname() to find the project root.
+ import engagementmanager
+ PROJECT_PATH = os.path.dirname(os.path.dirname(engagementmanager.__file__))
+ LOGS_PATH = os.path.join(PROJECT_PATH, "logs")
+
+ ENVIRONMENT = os.environ['ENVIRONMENT']
+ PROGRAM_NAME_URL_PREFIX = os.environ['PROGRAM_NAME_URL_PREFIX']
+
+ # See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
+ SECRET_KEY = os.environ["SECRET_KEY"]
+
+ # https://docs.djangoproject.com/en/1.10/ref/settings/#allowed-hosts
+ # Anything in the Host header that does not match our expected domain should
+ # raise SuspiciousOperation exception.
+ ALLOWED_HOSTS = ['*']
+
+ DEBUG = envbool('DJANGO_DEBUG_MODE', False)
+
+ if ENVIRONMENT == 'production':
+ EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+ EMAIL_HOST = os.environ['EMAIL_HOST']
+ EMAIL_HOST_PASSWORD = os.environ['EMAIL_HOST_PASSWORD']
+ EMAIL_HOST_USER = os.environ['EMAIL_HOST_USER']
+ EMAIL_PORT = os.environ['EMAIL_PORT']
+ else:
+ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+
+ # Note: Only SSL email backends are allowed
+ EMAIL_USE_SSL = True
+
+ REST_FRAMEWORK = {
+ # Use Django's standard `django.contrib.auth` permissions,
+ # or allow read-only access for unauthenticated users.
+ 'EXCEPTION_HANDLER': 'engagementmanager.utils.exception_handler.ice_exception_handler',
+ 'PAGE_SIZE': 10,
+ 'DEFAULT_PERMISSION_CLASSES': (
+ 'rest_framework.permissions.IsAuthenticated',
+ ),
+ 'DEFAULT_AUTHENTICATION_CLASSES': (
+ 'rest_framework.authentication.SessionAuthentication',
+ 'rest_framework.authentication.BasicAuthentication',
+ 'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
+ ),
+ 'DEFAULT_PARSER_CLASSES': (
+ 'engagementmanager.rest.parsers.XSSJSONParser',
+ 'engagementmanager.rest.parsers.XSSFormParser',
+ 'engagementmanager.rest.parsers.XSSMultiPartParser',
+ )
+ }
+
+ JWT_AUTH = {
+ 'JWT_AUTH_HEADER_PREFIX': 'token',
+ 'JWT_ALGORITHM': 'HS256',
+ 'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1),
+ 'JWT_DECODE_HANDLER': 'engagementmanager.utils.authentication.ice_jwt_decode_handler',
+ }
+
+ APPEND_SLASH = False
+
+ # Application definition
+ INSTALLED_APPS = [
+ 'django.contrib.auth', # required by d.c.admin
+ 'corsheaders',
+ 'django.contrib.contenttypes', # required by d.c.admin
+ 'django.contrib.sessions', # required by d.c.admin
+ 'django.contrib.messages', # required by d.c.admin
+ 'django.contrib.staticfiles',
+ 'django.contrib.admin', # django admin site
+ 'rest_framework',
+ 'engagementmanager.apps.EngagementmanagerConfig',
+ 'validationmanager.apps.ValidationmanagerConfig',
+ ]
+
+ MIDDLEWARE_CLASSES = [
+ 'django.middleware.security.SecurityMiddleware',
+ 'django.contrib.sessions.middleware.SessionMiddleware',
+ 'django.middleware.common.CommonMiddleware',
+ 'django.contrib.auth.middleware.AuthenticationMiddleware', # required by d.c.admin
+ 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
+ 'django.contrib.messages.middleware.MessageMiddleware',
+ 'django.middleware.clickjacking.XFrameOptionsMiddleware',
+ 'corsheaders.middleware.CorsMiddleware',
+ ]
+
+ ROOT_URLCONF = 'vvp.urls'
+
+ TEMPLATES = [
+ {
+ 'BACKEND': 'django.template.backends.django.DjangoTemplates',
+ 'DIRS': [PROJECT_PATH + '/web/templates'],
+ 'APP_DIRS': True,
+ 'OPTIONS': {
+ 'context_processors': [
+ 'django.template.context_processors.debug',
+ 'django.template.context_processors.request',
+ 'django.contrib.auth.context_processors.auth', # required by d.c.admin
+ 'django.contrib.messages.context_processors.messages', # required by d.c.admin
+ ],
+ },
+ },
+ ]
+
+ WSGI_APPLICATION = 'vvp.wsgi.application'
+
+
+ # Database
+ # https://docs.djangoproject.com/en/1.9/ref/settings/#databases
+ DATABASES = {
+ 'default': {
+ 'ENGINE': 'django.db.backends.postgresql',
+ 'NAME': os.environ['PGDATABASE'],
+ 'USER': os.environ['PGUSER'],
+ 'PASSWORD': os.environ['PGPASSWORD'],
+ 'HOST': os.environ['PGHOST'],
+ 'PORT': os.environ['PGPORT'],
+ }
+ }
+
+
+ # Password validation
+ # https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators
+ AUTH_PASSWORD_VALIDATORS = [
+ {'NAME': 'django.contrib.auth.password_validation.%s' % s} for s in [
+ 'UserAttributeSimilarityValidator',
+ 'MinimumLengthValidator',
+ 'CommonPasswordValidator',
+ 'NumericPasswordValidator',
+ ]]
+
+
+ # Internationalization
+ # https://docs.djangoproject.com/en/1.9/topics/i18n/
+ LANGUAGE_CODE = 'en-us'
+ TIME_ZONE = 'UTC'
+ USE_I18N = True
+ USE_L10N = True
+ USE_TZ = True
+
+ CORS_ALLOW_HEADERS = default_headers + ('ICE-USER-ID',)
+
+ # Static files (CSS, JavaScript, Images)
+ # https://docs.djangoproject.com/en/1.9/howto/static-files/
+ STATIC_ROOT = os.environ['STATIC_ROOT']
+
+
+ LOGGING = {
+ 'version': 1,
+ 'disable_existing_loggers': False,
+ 'formatters': { # All possible attributes are: https://docs.python.org/3/library/logging.html#logrecord-attributes
+ 'verbose': {
+ 'format': '%(asctime)s %(levelname)s %(name)s %(module)s %(lineno)d %(process)d %(thread)d %(message)s'
+ },
+ 'simple': {
+ 'format': '%(asctime)s %(levelname)s %(name)s %(message)s'
+ },
+ },
+ 'handlers': {
+ 'console': {
+ 'class': 'logging.StreamHandler',
+ 'formatter': 'simple'
+ },
+ 'vvp-info.log': {
+ 'level': 'INFO', # handler will ignore DEBUG (only process INFO, WARN, ERROR, CRITICAL, FATAL)
+ 'class': 'logging.FileHandler',
+ 'filename': os.path.join(LOGS_PATH, 'vvp-info.log'),
+ 'formatter': 'verbose'
+ },
+ 'vvp-debug.log': {
+ 'level': 'DEBUG',
+ 'class': 'logging.FileHandler',
+ 'filename': os.path.join(LOGS_PATH, 'vvp-debug.log'),
+ 'formatter': 'verbose'
+ },
+ 'vvp-requests.log': {
+ 'level': 'ERROR',
+ 'class': 'logging.FileHandler',
+ 'filename': os.path.join(LOGS_PATH, 'vvp-requests.log'),
+ 'formatter': 'verbose'
+ },
+ 'vvp-db.log': {
+ 'level': 'ERROR',
+ 'class': 'logging.FileHandler',
+ 'filename': os.path.join(LOGS_PATH, 'vvp-db.log'),
+ 'formatter': 'verbose',
+ },
+ },
+ 'loggers': {
+ 'vvp.logger': {
+ 'handlers': ['vvp-info.log', 'vvp-debug.log', 'vvp-requests.log', 'vvp-db.log', 'console'],
+ 'level': 'DEBUG' if DEBUG else 'INFO',
+ },
+ 'django': {
+ 'handlers': ['console'],
+ 'level': 'INFO' if DEBUG else 'ERROR',
+ },
+ 'django.request': {
+ 'handlers': ['vvp-requests.log', 'console'],
+ 'level': 'INFO' if DEBUG else 'ERROR',
+ },
+ 'django.db.backends': {
+ 'handlers': ['vvp-db.log', 'console'],
+ 'level': 'DEBUG' if DEBUG else 'ERROR',
+ 'propagate': False,
+ },
+ # silence the hundred lines of useless "missing variable in template"
+ # complaints per admin pageview.
+ 'django.template': {
+ 'level': 'DEBUG',
+ 'handlers': ['vvp-info.log', 'vvp-debug.log', 'console'],
+ 'propagate': False,
+ },
+ }
+ }
+
+
+ #############################
+ # VVP Related Configuration
+ #############################
+ CONTACT_FROM_ADDRESS = os.getenv('CONTACT_FROM_ADDRESS', 'dummy@example.com')
+ CONTACT_EMAILS = [s.strip() for s in os.getenv('CONTACT_EMAILS', 'dummy@example.com')
+ DOMAIN = os.getenv('EM_DOMAIN_NAME')
+ TOKEN_EXPIRATION_IN_HOURS = 48
+ DAILY_SCHEDULED_JOB_HOUR = 20
+ NUMBER_OF_POLLED_ACTIVITIES = 5
+ TEMP_PASSWORD_EXPIRATION_IN_HOURS = 48
+ # This is the DNS name pointing to the private-network ip of the host machine
+ # running (a haproxy that points to) (an nginx frontend for) this app
+ API_DOMAIN = 'em'
+
+ # The authentication token needed by Jenkins or Gitlab to issue webhook updates
+ # to us. This is a "secret" shared by Jenkins and Django. It must be part of
+ # the URL path component for the Jenkins webhook in ValidationManager to accept
+ # a notification. It should be a set of random URL-path-safe characters, with
+ # no slash '/'.
+ # FIXME: Does this authentication scheme actually gain us anything? What's the
+ # threat model
+ WEBHOOK_TOKEN = os.environ['SECRET_WEBHOOK_TOKEN']
+
+ # The authentication token and URL needed for us to issue requests to the GitLab API.
+ GITLAB_TOKEN = os.environ['SECRET_GITLAB_AUTH_TOKEN']
+ GITLAB_URL = "http://gitlab/"
+
+ JENKINS_URL = "http://jenkins:8080/"
+ JENKINS_USERNAME = "admin"
+ JENKINS_PASSWORD = os.environ['SECRET_JENKINS_PASSWORD']
+
+ IS_CL_CREATED_ON_REVIEW_STATE = envbool('IS_CL_CREATED_ON_REVIEW_STATE', False) # Options: True, False
+ IS_SIGNAL_ENABLED = envbool('IS_SIGNAL_ENABLED', True)
+ RECENT_ENG_TTL = 3 # In days
+ CMS_URL = "http://cms/api/"
+ CMS_APP_CLIENT_ID = os.environ['SECRET_CMS_APP_CLIENT_ID']
+ CMS_APP_CLIENT_SECRET = os.environ['SECRET_CMS_APP_CLIENT_SECRET']
+
+ # slack integration
+ SLACK_API_TOKEN = os.environ['SLACK_API_TOKEN']
+ ENGAGEMENTS_CHANNEL = os.getenv('ENGAGEMENTS_CHANNEL', '')
+ ENGAGEMENTS_NOTIFICATIONS_CHANNEL = os.getenv('ENGAGEMENTS_NOTIFICATIONS_CHANNEL:', '')
+ DEVOPS_CHANNEL = os.getenv('DEVOPS_CHANNEL', '')
+ DEVOPS_NOTIFICATIONS_CHANNEL = os.getenv('DEVOPS_NOTIFICATIONS_CHANNEL', '')
+
+ # S3 configuration for static resources storage and media upload
+
+ # used by our custom storage.py
+ MEDIA_BUCKET = "em-media"
+ STATIC_BUCKET = "em-static"
+
+ # django-storages configuration
+ AWS_S3_HOST = os.environ['S3_HOST']
+ AWS_S3_PORT = int(os.environ['S3_PORT'])
+ AWS_S3_CUSTOM_DOMAIN = os.environ['S3_HOST']
+ AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID']
+ AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY']
+ AWS_AUTO_CREATE_BUCKET = True
+ AWS_PRELOAD_METADATA = True
+
+ # Set by custom subclass.
+ # AWS_STORAGE_BUCKET_NAME = "em-static"
+ AWS_S3_CALLING_FORMAT = OrdinaryCallingFormat()
+ DEFAULT_FILE_STORAGE = 'vvp.settings.storage.S3MediaStorage'
+ STATICFILES_STORAGE = 'vvp.settings.storage.S3StaticStorage'
+
+ # These seem to have no effect even when we don't override with custom_domain?
+ STATIC_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, STATIC_BUCKET)
+ MEDIA_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, MEDIA_BUCKET)
+
+ STATIC_ROOT = os.environ['STATIC_ROOT']
+
+ storage.py: |
+ """
+ storage.py
+
+ In order to make Django store trusted static files and untrusted media
+ (user-uploaded) files in separate s3 buckets, we must create two different
+ storage classes.
+
+ https://www.caktusgroup.com/blog/2014/11/10/Using-Amazon-S3-to-store-your-Django-sites-static-and-media-files/
+ http://www.leehodgkinson.com/blog/my-mezzanine-s3-setup/
+
+ """
+
+ # FIXME this module never changes so might not need not be kept in a
+ # configmap. Also it is (almost) the same as what we use in cms.
+
+ # There is a newer storage based on boto3 but that doesn't support changing
+ # the HOST, as we need to for non-amazon s3 services. It does support an
+ # "endpoint"; setting AWS_S3_ENDPOINT_URL may cause it to work.
+ from storages.backends.s3boto import S3BotoStorage
+ from django.conf import settings
+
+
+ # NOTE for some reason, collectstatic uploads to bucket/location but the
+ # urls constructed are domain/location
+ class S3StaticStorage(S3BotoStorage):
+ custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.STATIC_BUCKET)
+ bucket_name = settings.STATIC_BUCKET
+ # location = ...
+
+
+ class S3MediaStorage(S3BotoStorage):
+ custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.MEDIA_BUCKET)
+ bucket_name = settings.MEDIA_BUCKET
+ # location = ...
+
+ envbool.py: |
+ """
+ envbool.py
+
+ Return which environment is currently running on (to setting.py).
+
+ """
+ import os
+
+
+ def envbool(key, default=False, unknown=True):
+ """Return a boolean value based on that of an environment variable.
+
+ Environment variables have no native boolean type. They are always strings, and may be empty or
+ unset (which differs from empty.) Furthermore, notions of what is "truthy" in shell script
+ differ from that of python.
+
+ This function converts environment variables to python boolean True or False in
+ case-insensitive, expected ways to avoid pitfalls:
+
+ "True", "true", and "1" become True
+ "False", "false", and "0" become False
+ unset or empty becomes False by default (toggle with 'default' parameter.)
+ any other value becomes True by default (toggle with 'unknown' parameter.)
+
+ """
+ return {
+ 'true': True, '1': True, # 't': True,
+ 'false': False, '0': False, # 'f': False.
+ '': default,
+ }.get(os.getenv(key, '').lower(), unknown)
diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-cms-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-cms-configmap.yaml
new file mode 100644
index 0000000..89adf32
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-cms-configmap.yaml
@@ -0,0 +1,74 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: nginx-cms-conf
+ namespace: default
+data:
+ nginx.conf: |
+ error_log /dev/stdout warn;
+
+ http {
+ access_log /dev/stdout;
+ upstream cms_upstream {
+ server cms-uwsgi:80;
+ }
+
+ server {
+ listen 80 ;
+ charset utf-8;
+ client_max_body_size 75M; # adjust to taste
+
+ location / {
+ uwsgi_pass cms_upstream;
+ include /etc/nginx/uwsgi_params;
+ }
+ }
+ server {
+ listen 9000;
+ location /status {
+ stub_status;
+ }
+ }
+ } #http
+ events {
+ worker_connections 4096; ## Default: 1024
+ }
diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-em-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-em-configmap.yaml
new file mode 100644
index 0000000..0d7b279
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-em-configmap.yaml
@@ -0,0 +1,75 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: nginx-em-conf
+ namespace: default
+data:
+ nginx.conf: |
+ error_log /dev/stdout warn;
+
+ http {
+ access_log /dev/stdout;
+ upstream em_upstream {
+ server em-uwsgi:80;
+ }
+
+ server {
+ listen 80;
+ charset utf-8;
+ client_max_body_size 75M; # adjust to taste
+
+ location / {
+ uwsgi_pass em_upstream;
+ include /etc/nginx/uwsgi_params;
+ }
+ }
+
+ server {
+ listen 9000;
+ location /status {
+ stub_status;
+ }
+ }
+ } #http
+ events {
+ worker_connections 4096; ## Default: 1024
+ }
diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/portal-nginx-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/portal-nginx-configmap.yaml
new file mode 100644
index 0000000..4d0e4e8
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/configmaps/portal-nginx-configmap.yaml
@@ -0,0 +1,66 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: portal-nginx-config
+ namespace: default
+data:
+ file: |
+ pid /nginx.pid;
+ error_log /dev/stdout warn;
+
+ http {
+ access_log /dev/stdout;
+ server {
+ listen 0.0.0.0:8181;
+
+ location / {
+ include /etc/nginx/mime.types;
+ root /usr/share/nginx/html/;
+ }
+
+ }
+
+ }
+
+ events {
+ worker_connections 4096;
+ }
diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/postgresql-conf-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/postgresql-conf-configmap.yaml
new file mode 100644
index 0000000..999c1ca
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/configmaps/postgresql-conf-configmap.yaml
@@ -0,0 +1,65 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: postgresql-conf
+ namespace: default
+data:
+ postgresql.conf: |
+ #
+ # initdb defaults
+ #
+ listen_addresses = '*' # what IP address(es) to listen on;
+ max_connections = 100 # (change requires restart)
+ shared_buffers = 32MB # min 128kB
+ datestyle = 'iso, mdy'
+ lc_messages = 'en_US.UTF-8' # locale for system error message
+ lc_monetary = 'en_US.UTF-8' # locale for monetary formatting
+ lc_numeric = 'en_US.UTF-8' # locale for number formatting
+ lc_time = 'en_US.UTF-8' # locale for time formatting
+ default_text_search_config = 'pg_catalog.english'
+ log_line_prefix = 'user=%u,db=%d '
+ #
+ # our customizations
+ #
+ dynamic_shared_memory_type = posix
+ log_timezone = 'UTC'
+ timezone = 'UTC'
diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/postgresql-initdb-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/postgresql-initdb-configmap.yaml
new file mode 100644
index 0000000..e6f272e
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/configmaps/postgresql-initdb-configmap.yaml
@@ -0,0 +1,61 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: postgresql-initdb
+ namespace: default
+data:
+ # docker-entrypoint.sh supports sql scripts but we need to expand variables.
+ cms_db.sh: |
+ # sourced, not executed, by docker-entrypoint.sh (/bin/bash)
+
+ # defaults
+ : ${ICE_CMS_DB_USER:="icecmsuser"}
+ : ${ICE_CMS_DB_NAME:="icecmsdb"}
+ : ${ICE_CMS_DB_PASSWORD:="na"}
+
+ psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<- EOF
+ CREATE USER ${ICE_CMS_DB_USER} WITH CREATEDB PASSWORD '${ICE_CMS_DB_PASSWORD}';
+ CREATE DATABASE ${ICE_CMS_DB_NAME} WITH OWNER ${ICE_CMS_DB_USER} ENCODING 'utf-8';
+ EOF
+ link_postgresql.sh: |
+ # sourced, not executed, by docker-entrypoint.sh (/bin/bash)
+ ln -sf /etc/postgresql/conf.d/postgresql.conf "${PGDATA}"/postgresql.conf
diff --git a/ansible/roles/ansible-vvp-templates/files/deployments/30-cms-nginx-deployment.yaml b/ansible/roles/ansible-vvp-templates/files/deployments/30-cms-nginx-deployment.yaml
new file mode 100644
index 0000000..55c4f64
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/deployments/30-cms-nginx-deployment.yaml
@@ -0,0 +1,70 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: cms-nginx
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ run: nginx-cms
+ spec:
+ containers:
+ - name: nginx-cms
+ image: nginx:1.11.9-alpine
+ ports:
+ - containerPort: 80
+ - containerPort: 9000
+ command: ["nginx", "-g", "daemon off;", "-c", "/tmp/nginx/nginx.conf"]
+ volumeMounts:
+ - mountPath: /tmp/nginx
+ name: nginx-cms-conf
+ livenessProbe:
+ httpGet:
+ path: /status
+ port: 9000
+ initialDelaySeconds: 120
+ periodSeconds: 15
+ volumes:
+ - name: nginx-cms-conf
+ configMap:
+ name: nginx-cms-conf
diff --git a/ansible/roles/ansible-vvp-templates/files/deployments/30-em-nginx-deployment.yaml b/ansible/roles/ansible-vvp-templates/files/deployments/30-em-nginx-deployment.yaml
new file mode 100644
index 0000000..7ae2815
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/deployments/30-em-nginx-deployment.yaml
@@ -0,0 +1,70 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: em-nginx
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ run: nginx-em
+ spec:
+ containers:
+ - name: nginx-em
+ image: nginx:1.11.9-alpine
+ ports:
+ - containerPort: 80
+ - containerPort: 9000
+ command: ["nginx", "-g", "daemon off;", "-c", "/tmp/nginx/nginx.conf"]
+ volumeMounts:
+ - mountPath: /tmp/nginx
+ name: nginx-em-conf
+ livenessProbe:
+ httpGet:
+ path: /status
+ port: 9000
+ initialDelaySeconds: 20
+ periodSeconds: 15
+ volumes:
+ - name: nginx-em-conf
+ configMap:
+ name: nginx-em-conf
diff --git a/ansible/roles/ansible-vvp-templates/files/jobs/s3provision-job.yaml b/ansible/roles/ansible-vvp-templates/files/jobs/s3provision-job.yaml
new file mode 100644
index 0000000..917d1f5
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/jobs/s3provision-job.yaml
@@ -0,0 +1,60 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: s3provision
+spec:
+ template:
+ metadata:
+ name: s3provision
+ spec:
+ containers:
+ - name: s3provision
+ image: python:2-alpine
+ command: ['/bin/sh', '/opt/configmaps/s3provision/entrypoint.sh']
+ volumeMounts:
+ - name: s3provision
+ mountPath: /opt/configmaps/s3provision
+ volumes:
+ - name: s3provision
+ configMap:
+ name: s3provision
+ restartPolicy: Never
diff --git a/ansible/roles/ansible-vvp-templates/files/services/ci-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/ci-service.yaml
new file mode 100644
index 0000000..1dfadda
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/services/ci-service.yaml
@@ -0,0 +1,52 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: ci
+ labels:
+ run: ci
+spec:
+ ports:
+ - port: 8282
+ protocol: TCP
+ name: ci
+ selector:
+ run: ci-uwsgi
diff --git a/ansible/roles/ansible-vvp-templates/files/services/cms-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/cms-service.yaml
new file mode 100644
index 0000000..a9d02ad
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/services/cms-service.yaml
@@ -0,0 +1,52 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: cms
+ labels:
+ run: nginx
+spec:
+ ports:
+ - port: 80
+ protocol: TCP
+ name: web
+ selector:
+ run: nginx-cms
diff --git a/ansible/roles/ansible-vvp-templates/files/services/cms-uwsgi-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/cms-uwsgi-service.yaml
new file mode 100644
index 0000000..94d512c
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/services/cms-uwsgi-service.yaml
@@ -0,0 +1,52 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: cms-uwsgi
+ labels:
+ run: cms-uwsgi
+spec:
+ ports:
+ - port: 80
+ protocol: TCP
+ name: cms-uwsgi
+ selector:
+ run: cms-uwsgi
diff --git a/ansible/roles/ansible-vvp-templates/files/services/em-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/em-service.yaml
new file mode 100644
index 0000000..bffe2d2
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/services/em-service.yaml
@@ -0,0 +1,52 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: em
+ labels:
+ run: nginx
+spec:
+ ports:
+ - port: 80
+ protocol: TCP
+ name: web
+ selector:
+ run: nginx-em
diff --git a/ansible/roles/ansible-vvp-templates/files/services/em-uwsgi-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/em-uwsgi-service.yaml
new file mode 100644
index 0000000..ad95017
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/services/em-uwsgi-service.yaml
@@ -0,0 +1,52 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: em-uwsgi
+ labels:
+ run: em-uwsgi
+spec:
+ ports:
+ - port: 80
+ protocol: TCP
+ name: em-uwsgi
+ selector:
+ run: em-uwsgi
diff --git a/ansible/roles/ansible-vvp-templates/files/services/gitlab-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/gitlab-service.yaml
new file mode 100644
index 0000000..d6ff785
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/services/gitlab-service.yaml
@@ -0,0 +1,55 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: gitlab
+ labels:
+ run: gitlab
+spec:
+ ports:
+ - port: 80
+ protocol: TCP
+ name: web
+ - port: 22
+ protocol: TCP
+ name: ssh
+ selector:
+ run: gitlab
diff --git a/ansible/roles/ansible-vvp-templates/files/services/imagescanner-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/imagescanner-service.yaml
new file mode 100644
index 0000000..8e6ae12
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/services/imagescanner-service.yaml
@@ -0,0 +1,52 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: imagescanner
+ labels:
+ run: imagescanner
+spec:
+ ports:
+ - port: 80
+ protocol: TCP
+ name: web
+ selector:
+ run: imagescanner
diff --git a/ansible/roles/ansible-vvp-templates/files/services/jenkins-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/jenkins-service.yaml
new file mode 100644
index 0000000..3014de5
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/services/jenkins-service.yaml
@@ -0,0 +1,52 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: jenkins
+ labels:
+ run: jenkins
+spec:
+ ports:
+ - port: 8080
+ protocol: TCP
+ name: jenkins
+ selector:
+ run: jenkins
diff --git a/ansible/roles/ansible-vvp-templates/files/services/portal-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/portal-service.yaml
new file mode 100644
index 0000000..72388d3
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/services/portal-service.yaml
@@ -0,0 +1,52 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: portal
+ labels:
+ run: portal
+spec:
+ ports:
+ - port: 8181
+ protocol: TCP
+ name: web
+ selector:
+ run: portal
diff --git a/ansible/roles/ansible-vvp-templates/files/services/postgresql-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/postgresql-service.yaml
new file mode 100644
index 0000000..41ed4ff
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/services/postgresql-service.yaml
@@ -0,0 +1,52 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: postgresql
+ labels:
+ run: postgresql
+spec:
+ ports:
+ - port: 5432
+ protocol: TCP
+ name: postgresql
+ selector:
+ run: postgresql
diff --git a/ansible/roles/ansible-vvp-templates/files/services/redis-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/redis-service.yaml
new file mode 100644
index 0000000..4e58ffa
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/services/redis-service.yaml
@@ -0,0 +1,52 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: redis
+ labels:
+ run: redis
+spec:
+ ports:
+ - port: 6379
+ protocol: TCP
+ name: redis
+ selector:
+ run: redis
diff --git a/ansible/roles/ansible-vvp-templates/tasks/main.yml b/ansible/roles/ansible-vvp-templates/tasks/main.yml
new file mode 100644
index 0000000..a294829
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/tasks/main.yml
@@ -0,0 +1,42 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+- include: render.yml
+ tags:
+ - render
diff --git a/ansible/roles/ansible-vvp-templates/tasks/render.yml b/ansible/roles/ansible-vvp-templates/tasks/render.yml
new file mode 100644
index 0000000..ec6900d
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/tasks/render.yml
@@ -0,0 +1,73 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+- name: Create destination directories if they don't exist | Render
+ file:
+ path: "{{k8_config_dir}}/{{item}}"
+ state: directory
+ mode: 0700
+ with_items:
+ - configmaps
+ - jobs
+ - deployments
+ - secrets
+ - services
+
+- name: Render Kubernetes Templates | Render
+ template:
+ src: "{{item}}"
+ dest: "{{k8_config_dir}}/{{item|dirname|basename}}/{{item|basename|splitext|first}}"
+ with_fileglob:
+ - ../templates/configmaps/*
+ - ../templates/jobs/*
+ - ../templates/deployments/*
+ - ../templates/secrets/*
+ - ../templates/services/*
+
+- name: Copy Kubernetes Manifests | Render
+ copy:
+ src: "{{item}}"
+ dest: "{{k8_config_dir}}/{{item|dirname|basename}}"
+ with_fileglob:
+ - configmaps/*.yaml
+ - jobs/*.yaml
+ - deployments/*.yaml
+ - secrets/*.yaml
+ - services/*.yaml
+ - jobs/*.yaml
diff --git a/ansible/roles/ansible-vvp-templates/tasks/rerender.yml b/ansible/roles/ansible-vvp-templates/tasks/rerender.yml
new file mode 100644
index 0000000..6e46f5b
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/tasks/rerender.yml
@@ -0,0 +1,42 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+- name: Rerender Template
+ template:
+ src: "templates/{{template}}"
+ dest: "{{manifest}}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2
new file mode 100644
index 0000000..3fd9055
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2
@@ -0,0 +1,198 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: ext-haproxy-cfg
+ namespace: default
+data:
+ file: |
+ resolvers dns
+ nameserver pod_dns "10.3.0.10:53"
+ resolve_retries 3
+ timeout retry 1s
+ hold valid 30s
+
+ defaults
+ mode http
+ timeout connect 5000ms
+ timeout client 50000ms
+ timeout server 50000ms
+ option httpclose
+ option redispatch
+ option abortonclose
+ option httplog
+ option dontlognull
+ default-server init-addr last,libc,none
+
+ backend gitlab_ssh
+ mode tcp
+ option tcplog
+ timeout server 2h
+ server gitlabssh gitlab:22 resolvers dns
+
+ frontend gitlab_ssh_frontend
+ mode tcp
+ option tcplog
+ timeout client 2h
+ bind 0.0.0.0:22
+ acl is_ssh dst_port 22
+ use_backend gitlab_ssh if is_ssh
+
+ backend portal_backend
+ mode http
+ server ice_portal portal:8181 resolvers dns
+
+ backend api
+ mode http
+ server engagement_manager em:80 resolvers dns
+
+ backend s3
+ mode http
+ balance roundrobin
+ option httpchk HEAD /
+{% for host in rgws %}
+ server {{ host['name'] }} {{ host['ip'] }}:{{ hostvars[host['name']]['radosgw_civetweb_port'] }} check inter 10000ms
+{% endfor %}
+
+ frontend portal
+ mode http
+ redirect scheme https if !{ ssl_fc }
+ acl is_api_call path_beg -i /ice
+ acl is_s3 hdr_beg(host) s3. staging-s3. dev-s3.
+ use_backend api if is_api_call
+ use_backend s3 if is_s3
+ bind 0.0.0.0:80
+ bind 0.0.0.0:443 ssl crt /etc/haproxy/site.pem force-tlsv12
+ default_backend portal_backend
+
+ listen stats
+ bind 0.0.0.0:9001
+ mode http
+ stats enable # Enable stats page
+ stats realm Haproxy\ Statistics
+ stats uri /haproxy_stats
+ stats auth "${HAPROXY_USER}:${HAPROXY_PASS}"
+ acl network_allowed src 10.252.0.0/16 127.0.0.1/32 10.2.0.0/16
+ http-request deny if !network_allowed
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: int-haproxy-cfg
+ namespace: default
+data:
+ file: |
+ resolvers dns
+ nameserver pod_dns "10.3.0.10:53"
+ resolve_retries 3
+ timeout retry 1s
+ hold valid 30s
+
+ defaults
+ mode http
+ timeout connect 5000ms
+ timeout client 50000ms
+ timeout server 50000ms
+ option httpclose
+ option redispatch
+ option abortonclose
+ option httplog
+ option dontlognull
+ default-server init-addr last,libc,none
+
+ backend gitlab_web_backend
+ mode http
+ server gitlab_web_1 gitlab:80 resolvers dns
+
+ frontend gitlab_web
+ mode http
+ bind 0.0.0.0:80
+
+ acl is_scanner path_beg /imagescanner
+ acl is_em_admin hdr_beg(host) em. staging-em. dev-em.
+ acl is_cms hdr_beg(host) cms. staging-cms. dev-cms.
+ acl is_ci_admin hdr_beg(host) staging-ci. dev-ci.
+ acl is_s3 hdr_beg(host) s3. staging-s3. dev-s3.
+
+ use_backend imagescanner if is_em_admin is_scanner
+ use_backend cms if is_cms
+ use_backend api if is_em_admin
+ use_backend ci if is_ci_admin
+ use_backend s3 if is_s3
+
+ default_backend gitlab_web_backend
+
+ backend s3
+ mode http
+ balance roundrobin
+{% for host in rgws %}
+ server {{ host['name'] }} {{ host['ip'] }}:{{ hostvars[host['name']]['radosgw_civetweb_port'] }}
+{% endfor %}
+
+ backend cms
+ mode http
+ server cms_server cms:80 resolvers dns
+
+ backend api
+ mode http
+ server engagement_manager em:80 resolvers dns
+
+ backend ci
+ mode http
+ server ci_test ci:8282 resolvers dns
+
+ listen jenkins
+ bind 0.0.0.0:8080
+ server jenkins jenkins:8080 resolvers dns
+
+ backend imagescanner
+ mode http
+ server imagescanner imagescanner:80 resolvers dns
+
+ listen stats
+ bind 0.0.0.0:9000
+ mode http
+ stats enable # Enable stats page
+ stats realm Haproxy\ Statistics
+ stats uri /haproxy_stats
+ stats auth "${HAPROXY_USER}:${HAPROXY_PASS}"
+ acl network_allowed src 10.252.0.0/16 127.0.0.1/32 10.2.0.0/16
+ block if !network_allowed
diff --git a/ansible/roles/ansible-vvp-templates/templates/configmaps/s3provision-configmap.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/configmaps/s3provision-configmap.yaml.j2
new file mode 100644
index 0000000..6e30492
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/configmaps/s3provision-configmap.yaml.j2
@@ -0,0 +1,86 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: s3provision
+ namespace: default
+data:
+ s3cmd.cfg: |
+ [default]
+ access_key = {{ vault_aws_access_key_id }}
+ host_base = {{ rgws[0]['ip'] }}:{{ hostvars[rgws[0]['name']]['radosgw_civetweb_port'] }}
+ host_bucket =
+ secret_key = {{ vault_aws_secret_access_key }}
+ use_https = False
+ verbosity = INFO
+ corsconf.xml: |
+ <CORSConfiguration>
+ <CORSRule>
+ <ID>Allow GET and HEAD from our domain.</ID>
+ <AllowedOrigin>https://{{ domain }}</AllowedOrigin>
+ <AllowedOrigin>http://{{ cms_dns_name }}</AllowedOrigin>
+ <AllowedOrigin>http://{{ em_domain_name }}</AllowedOrigin>
+ <AllowedMethod>GET</AllowedMethod>
+ <AllowedMethod>HEAD</AllowedMethod>
+ <AllowedHeader>Content-*</AllowedHeader>
+ <AllowedHeader>Host</AllowedHeader>
+ <ExposeHeader>ETag</ExposeHeader>
+ <MaxAgeSeconds>1800</MaxAgeSeconds>
+ </CORSRule>
+ </CORSConfiguration>
+ entrypoint.sh: |
+ #!/bin/sh
+ set -ex
+ echo Running $0 ...
+ s3cmd="s3cmd -c /opt/configmaps/s3provision/s3cmd.cfg"
+ corsconf="/opt/configmaps/s3provision/corsconf.xml"
+
+ pip install s3cmd
+
+ for bucket in em-static cms-static em-media cms-media; do
+ $s3cmd mb s3://$bucket
+ done
+
+ for bucket in em-static cms-static; do
+ $s3cmd setcors $corsconf s3://$bucket
+ done
+
+ echo $0 complete.
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2
new file mode 100644
index 0000000..6771b1f
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2
@@ -0,0 +1,108 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: gitlab
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ run: gitlab
+ spec:
+ containers:
+ - name: gitlab
+ image: {{container_uri}}rkt-gitlab:{{container_tag}}
+ ports:
+ - containerPort: 80
+ - containerPort: 22
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - mountPath: /var/opt/gitlab
+ name: gitlab
+ subPath: var/opt/gitlab
+ - mountPath: /etc/gitlab
+ name: gitlab
+ subPath: etc/gitlab
+ - mountPath: /var/log/gitlab
+ name: gitlab
+ subPath: var/log/gitlab
+ - mountPath: /tmp/deploykey
+ name: jenkins-deploykey
+ env:
+ - name: ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: gitlab-password
+ key: password
+ - name: AUTHENTICATION_TOKEN
+ valueFrom:
+ secretKeyRef:
+ name: gitlab-password
+ key: auth-token
+ - name: EXTERNAL_URL
+ value: "http://{{git_dns_name}}"
+{% if enable_liveness_probes %}
+ livenessProbe:
+ httpGet:
+ path: /
+ port: 80
+ initialDelaySeconds: {{livenessProbe_initialDelaySeconds.gitlab | default(120)}}
+ periodSeconds: 15
+{% endif %}
+ volumes:
+ - name: gitlab
+ rbd:
+ monitors:
+{% for ip in mon_ips %}
+ - "{{ ip }}"
+{% endfor %}
+ pool: rbd
+ image: gitlab
+ user: admin
+ secretRef:
+ name: "ceph-secret"
+ fsType: xfs
+ readOnly: false
+ - name: jenkins-deploykey
+ secret:
+ secretName: jenkins-deploykey
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2
new file mode 100644
index 0000000..e78bfc9
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2
@@ -0,0 +1,108 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: postgresql
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ run: postgresql
+ spec:
+ containers:
+ - name: postgresql
+ image: {{container_uri}}rkt-postgresql:{{container_tag}}
+ ports:
+ - containerPort: 5432
+ volumeMounts:
+ - mountPath: /var/lib/postgresql/data
+ name: postgresql-data
+ - mountPath: /etc/postgresql/conf.d/
+ name: postgresql-conf
+ - mountPath: /docker-entrypoint-initdb.d/
+ name: postgresql-initdb
+ env:
+ - name: POSTGRES_DB
+ value: icedb
+ - name: ICE_CMS_DB_NAME
+ value: icecmsdb
+ - name: POSTGRES_USER
+ value: {{vault_em_postgresql_user}}
+ - name: ICE_CMS_DB_USER
+ value: {{vault_cms_postgresql_user}}
+ - name: ICE_CMS_DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: postgresql-passwords
+ key: cmsPassword
+ - name: POSTGRES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: postgresql-passwords
+ key: emPassword
+{% if enable_liveness_probes %}
+ livenessProbe:
+ timeoutSeconds: 1
+ initialDelaySeconds: {{livenessProbe_initialDelaySeconds.postgresql | default(120)}}
+ tcpSocket:
+ port: 5432
+{% endif %}
+ volumes:
+ - name: postgresql-data
+ rbd:
+ monitors:
+{% for ip in mon_ips %}
+ - "{{ ip }}"
+{% endfor %}
+ pool: rbd
+ image: em_postgresql
+ user: admin
+ secretRef:
+ name: "ceph-secret"
+ fsType: xfs
+ readOnly: false
+ - name: postgresql-conf
+ configMap:
+ name: postgresql-conf
+ - name: postgresql-initdb
+ configMap:
+ name: postgresql-initdb
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-redis.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-redis.yaml.j2
new file mode 100644
index 0000000..523504a
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-redis.yaml.j2
@@ -0,0 +1,55 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: redis
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ run: redis
+ spec:
+ containers:
+ - name: redis
+ image: redis:alpine
+ ports:
+ - containerPort: 6379
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2
new file mode 100644
index 0000000..98a04b5
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2
@@ -0,0 +1,165 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+{% if ice_environment != 'production' %}
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: ci-uwsgi
+spec:
+ template:
+ spec:
+ volumes:
+ - name: ci-settings
+ configMap:
+ name: ci-settings
+ - name: site-crt
+ secret:
+ secretName: site-crt
+{% if devenv is defined %}
+ - name: ci-rsync
+ hostPath:
+ path: /var/devenv/ice-ci/
+{% endif %}
+ containers:
+ - name: ci-uwsgi
+ image: {{container_uri}}rkt-ice-ci:{{container_tag}}
+ ports:
+ - containerPort: 80
+ - containerPort: 8282
+ - containerPort: 9000
+ volumeMounts:
+ - name: ci-settings
+ mountPath: /opt/configmaps/settings/
+ - name: site-crt
+ mountPath: /opt/secrets/site-crt/
+{% if devenv is defined %}
+ - name: ci-rsync
+ mountPath: /app
+{% endif %}
+ env:
+ - name: ICE_ENVIRONMENT
+ value: "{{ice_environment}}"
+ - name: PROGRAM_NAME_URL_PREFIX
+ value: "ice"
+ - name: SECRET_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: key}
+ - name: EM_DB_HOST
+ value: postgresql
+ - name: EM_DB_PORT
+ value: "5432"
+ - name: EM_DB_NAME
+ value: icedb
+ - name: EM_DB_USER
+ value: "{{vault_em_postgresql_user}}"
+ - name: EM_DB_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: postgresql-passwords, key: emPassword}
+ - name: CMS_DB_HOST
+ value: postgresql
+ - name: CMS_DB_PORT
+ value: "5432"
+ - name: CMS_DB_NAME
+ value: "{{cms_postgresql_db|default('icecmsdb')}}"
+ - name: CMS_DB_USER
+ value: "{{vault_cms_postgresql_user}}"
+ - name: CMS_DB_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: postgresql-passwords, key: cmsPassword}
+ - name: CI_DB_HOST
+ value: postgresql
+ - name: CI_DB_PORT
+ value: "5432"
+ - name: CI_DB_NAME
+ value: icedb
+ - name: CI_DB_USER
+ value: "{{vault_em_postgresql_user}}"
+ - name: CI_DB_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: postgresql-passwords, key: ciPassword}
+ - name: STATIC_ROOT
+ value: "/app/htdocs"
+ - name: ICE_CONTACT_FROM_ADDRESS
+ value: "{{vault_email_host_user}}"
+ - name: SECRET_WEBHOOK_TOKEN
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: em_webhook_token}
+ - name: SECRET_GITLAB_AUTH_TOKEN
+ valueFrom:
+ secretKeyRef: {name: gitlab-password, key: auth-token}
+ - name: SECRET_JENKINS_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: jenkins_admin_password}
+ - name: ICE_DOMAIN
+ value: https://{{domain}}
+ - name: ICE_EM_DOMAIN_NAME
+ value: https://{{em_domain_name}}
+ - name: OAUTHLIB_INSECURE_TRANSPORT
+ value: "1"
+ - name: CI_ADMIN_USER
+ value: "{{vault_ci_admin_user}}"
+ - name: CI_ADMIN_MAIL
+ value: "{{vault_ci_admin_mail}}"
+ - name: CI_ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: ci-secret, key: admin_password}
+ - name: S3_HOST
+ value: "{{s3_dns_name}}"
+ - name: S3_PORT
+ value: "443"
+ - name: AWS_ACCESS_KEY_ID
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_access_key_id}
+ - name: AWS_SECRET_ACCESS_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_secret_access_key}
+{% if enable_liveness_probes %}
+ livenessProbe:
+ httpGet:
+ path: /
+ port: 9000
+ initialDelaySeconds: 90
+ periodSeconds: 15
+{% endif %}
+ command: ["/app/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", "--static-map", "/static=/app/htdocs" {% if devenv is defined %}, "--py-auto-reload" , "3"{% endif %}]
+ metadata:
+ labels:
+ run: ci-uwsgi
+{% endif %}
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2
new file mode 100644
index 0000000..8b601e9
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2
@@ -0,0 +1,146 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: cms-uwsgi
+spec:
+ template:
+ spec:
+ containers:
+ - name: cms-uwsgi
+ image: {{container_uri}}rkt-ice-cms:{{container_tag}}
+ ports:
+ - containerPort: 80
+ - containerPort: 9000
+ env:
+ - name: ENVIRONMENT
+ value: "{{ice_environment}}"
+ - name: SECRET_KEY
+ valueFrom:
+ secretKeyRef: {name: cms-secret, key: key}
+ - name: EMAIL_HOST
+ value: "{{vault_email_host}}"
+ - name: EMAIL_HOST_USER
+ value: "{{vault_email_host_user}}"
+ - name: EMAIL_PORT
+ value: "{{email_port|default(25)}}"
+ - name: EMAIL_HOST_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: email-secret, key: password}
+ - name: PGHOST
+ value: postgresql
+ - name: PGPORT
+ value: "5432"
+ - name: PGDATABASE
+ value: "{{cms_postgresql_db|default('icecmsdb')}}"
+ - name: PGUSER
+ value: "{{vault_cms_postgresql_user}}"
+ - name: PGPASSWORD
+ valueFrom:
+ secretKeyRef: {name: postgresql-passwords, key: cmsPassword}
+ - name: ICE_CONTACT_FROM_ADDRESS
+ value: "{{vault_email_host_user}}"
+ - name: CMS_NEVERCACHE_KEY
+ valueFrom:
+ secretKeyRef: {name: cms-secret, key: nevercache_key}
+ - name: CMS_APP_USER
+ valueFrom:
+ secretKeyRef: {name: cms-secret, key: app_user}
+ - name: CMS_APP_USER_MAIL
+ valueFrom:
+ secretKeyRef: {name: cms-secret, key: app_user_mail}
+ - name: CMS_APP_USER_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: cms-secret, key: app_user_password}
+ - name: CMS_APP_CLIENT_ID
+ valueFrom:
+ secretKeyRef: {name: cms-secret, key: app_client_id}
+ - name: CMS_APP_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef: {name: cms-secret, key: app_client_secret}
+ - name: STATIC_ROOT
+ value: "/app/htdocs"
+ - name: DJANGO_DEBUG_MODE
+ value: "{{django_debug_mode}}"
+ - name: S3_HOST
+ value: "{{s3_dns_name}}"
+ - name: S3_PORT
+ value: "443"
+ - name: AWS_ACCESS_KEY_ID
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_access_key_id}
+ - name: AWS_SECRET_ACCESS_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_secret_access_key}
+{% if enable_liveness_probes %}
+ livenessProbe:
+ httpGet:
+ path: /
+ port: 9000
+ initialDelaySeconds: 30
+ periodSeconds: 15
+ timeoutSeconds: 10
+{% endif %}
+ command: ["/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", {% if devenv is defined %}"--py-auto-reload" , "3",{% endif %}"--static-map", "/static=/app/htdocs"]
+ volumeMounts:
+ - name: settings
+ mountPath: /opt/configmaps/settings/
+ - name: site-crt
+ mountPath: /opt/secrets/site-crt/
+{% if devenv is defined %}
+ - name: cms-rsync
+ mountPath: /srv
+{% endif %}
+ volumes:
+ - name: settings
+ configMap:
+ name: cms-settings
+ - name: site-crt
+ secret:
+ secretName: site-crt
+{% if devenv is defined %}
+ - name: cms-rsync
+ hostPath:
+ path: /var/devenv/rkt-ice-cms/django
+{% endif %}
+ metadata:
+ labels:
+ run: cms-uwsgi
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2
new file mode 100644
index 0000000..8cedd29
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2
@@ -0,0 +1,162 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: em-uwsgi
+spec:
+ template:
+ spec:
+ volumes:
+{% if devenv is defined %}
+ - name: em-rsync
+ hostPath:
+ path: /var/devenv/rkt-ice-engagementmgr/django
+{% endif %}
+ - name: site-crt
+ secret:
+ secretName: site-crt
+ - name: em-settings
+ configMap:
+ name: em-settings
+ containers:
+ - name: em-uwsgi
+ image: {{container_uri}}rkt-engagementmgr:{{container_tag}}
+ ports:
+ - containerPort: 80
+ - containerPort: 9000
+ volumeMounts:
+{% if devenv is defined %}
+ - name: em-rsync
+ mountPath: /srv
+{% endif %}
+ - name: em-settings
+ mountPath: /opt/configmaps/settings/
+ - name: site-crt
+ mountPath: /opt/secrets/site-crt/
+ env:
+ - name: ENVIRONMENT
+ value: "{{ice_environment}}"
+ - name: PROGRAM_NAME_URL_PREFIX
+ value: "ice"
+ - name: SECRET_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: key}
+ - name: EMAIL_HOST
+ value: "{{vault_email_host}}"
+ - name: EMAIL_HOST_USER
+ value: "{{vault_email_host_user}}"
+ - name: EMAIL_PORT
+ value: "{{email_port|default(25)}}"
+ - name: EMAIL_HOST_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: email-secret, key: password}
+ - name: PGHOST
+ value: postgresql
+ - name: PGPORT
+ value: "5432"
+ - name: PGDATABASE
+ value: icedb
+ - name: PGUSER
+ value: "{{vault_em_postgresql_user}}"
+ - name: PGPASSWORD
+ valueFrom:
+ secretKeyRef: {name: postgresql-passwords, key: emPassword}
+ - name: DOMAIN
+ value: https://{{domain}}
+ - name: ICE_EM_DOMAIN_NAME
+ value: https://{{em_domain_name}}
+ - name: CONTACT_FROM_ADDRESS
+ value: "{{vault_email_host_user}}"
+ - name: OAUTHLIB_INSECURE_TRANSPORT
+ value: "1"
+ - name: SECRET_WEBHOOK_TOKEN
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: em_webhook_token}
+ - name: SECRET_GITLAB_AUTH_TOKEN
+ valueFrom:
+ secretKeyRef: {name: gitlab-password, key: auth-token}
+ - name: SECRET_JENKINS_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: jenkins_admin_password}
+ - name: SECRET_CMS_APP_CLIENT_ID
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: cms_app_client_id}
+ - name: SECRET_CMS_APP_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: cms_app_client_secret}
+ - name: STATIC_ROOT
+ value: "/app/htdocs"
+ - name: DJANGO_DEBUG_MODE
+ value: "{{django_debug_mode}}"
+ - name: SLACK_API_TOKEN
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: slack_api_token}
+ - name: ENGAGEMENTS_CHANNEL
+ value: "{{engagements_channel | default('')}}"
+ - name: ENGAGEMENTS_NOTIFICATIONS_CHANNEL
+ value: "{{engagements_notifications_channel | default('')}}"
+ - name: DEVOPS_CHANNEL
+ value: "{{devops_channel | default('')}}"
+ - name: DEVOPS_NOTIFICATIONS_CHANNEL
+ value: "{{devops_notifications_channel | default('')}}"
+ - name: S3_HOST
+ value: "{{s3_dns_name}}"
+ - name: S3_PORT
+ value: "443"
+ - name: AWS_ACCESS_KEY_ID
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_access_key_id}
+ - name: AWS_SECRET_ACCESS_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_secret_access_key}
+{% if enable_liveness_probes %}
+ livenessProbe:
+ httpGet:
+ path: /
+ port: 9000
+ initialDelaySeconds: {{livenessProbe_initialDelaySeconds.em | default(90)}}
+ periodSeconds: 15
+ timeoutSeconds: 10
+{% endif %}
+ command: ["/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", {% if devenv is defined %}"--py-auto-reload" , "3",{% endif %}"--static-map", "/static=/app/htdocs"]
+ metadata:
+ labels:
+ run: em-uwsgi
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2
new file mode 100644
index 0000000..775d341
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2
@@ -0,0 +1,107 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: imagescanner
+spec:
+ template:
+ spec:
+
+ containers:
+ - name: imagescanner-worker
+ image: {{container_uri}}ice-image-scanner:{{container_tag}}
+ command: ["/usr/local/bin/imagescanner-worker"]
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - name: imagescanner-ssh
+ mountPath: /root/.ssh
+ - name: dev
+ mountPath: /dev
+ - name: logs
+ mountPath: /var/log/imagescanner
+
+ - name: notifications-worker
+ image: {{container_uri}}ice-image-scanner:{{container_tag}}
+ command: ["/usr/local/bin/notifications-worker"]
+ securityContext:
+ privileged: true
+ env:
+ - name: SLACK_TOKEN
+ valueFrom:
+ secretKeyRef: {name: slack-tokens, key: notifications}
+ - name: DOMAIN
+ value: "{{em_internal_dns_name}}"
+
+ - name: imagescanner-frontend
+ image: {{container_uri}}ice-image-scanner:{{container_tag}}
+ command: ["/usr/local/bin/imagescanner-frontend"]
+ {#
+ FIXME: No, the frontend does not require a privileged container.
+ However, it seems that if you run the frontend container without
+ this specification in the same pod as the worker, then the worker
+ loses its privileges!
+ -#}
+ securityContext:
+ privileged: true
+ ports:
+ - containerPort: 80
+ volumeMounts:
+ - name: logs
+ mountPath: /var/log/imagescanner
+ env:
+ - name: DEFAULT_SLACK_CHANNEL
+ value: "#notifications"
+
+ volumes:
+ - name: imagescanner-ssh
+ secret:
+ secretName: imagescanner-ssh
+ defaultMode: 0600
+ - name: dev
+ hostPath:
+ path: /dev
+ - name: logs
+ emptyDir: {}
+
+ metadata:
+ labels:
+ run: imagescanner
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2
new file mode 100644
index 0000000..61504f1
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2
@@ -0,0 +1,89 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: jenkins
+spec:
+ template:
+ spec:
+ containers:
+ - name: jenkins
+ image: {{container_uri}}rkt-jenkins:{{container_tag}}
+ ports:
+ - containerPort: 8080
+ volumeMounts:
+ - name: jenkins-home
+ mountPath: /var/jenkins_home
+ - name: jenkins-users-admin
+ mountPath: /var/jenkins_home/users/admin
+ - name: jenkins-ssh
+ mountPath: /var/jenkins_home/.ssh
+{% if enable_liveness_probes %}
+ livenessProbe:
+ httpGet:
+ path: /robots.txt
+ port: 8080
+ initialDelaySeconds: 120
+ periodSeconds: 15
+{% endif %}
+ volumes:
+ - name: jenkins-home
+ rbd:
+ monitors:
+{% for ip in mon_ips %}
+ - "{{ ip }}"
+{% endfor %}
+ pool: rbd
+ image: jenkins
+ user: admin
+ secretRef:
+ name: "ceph-secret"
+ fsType: xfs
+ readOnly: false
+ - name: jenkins-users-admin
+ secret:
+ secretName: jenkins-users-admin
+ - name: jenkins-ssh
+ secret:
+ secretName: jenkins-ssh
+ metadata:
+ labels:
+ run: jenkins
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2
new file mode 100644
index 0000000..f3505e5
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2
@@ -0,0 +1,70 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: portal
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ run: portal
+ spec:
+ containers:
+ - name: portal
+ image: {{container_uri}}rkt-ice-portal:{{container_tag}}
+ ports:
+ - containerPort: 8181
+ command: ["nginx", "-g", "daemon off;", "-c", "/tmp/nginx.conf"]
+ volumeMounts:
+ - mountPath: /tmp/
+ name: portal-nginx-config
+{% if devenv is defined %}
+ - name: portal-rsync
+ mountPath: /usr/share/nginx/html
+{% endif %}
+ volumes:
+ - name: portal-nginx-config
+ configMap:
+ name: portal-nginx-config
+ items:
+ - key: file
+ path: nginx.conf
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/40-ext-haproxy-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/40-ext-haproxy-deployment.yaml.j2
new file mode 100644
index 0000000..729f98c
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/40-ext-haproxy-deployment.yaml.j2
@@ -0,0 +1,95 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: ext-haproxy
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ run: ext-haproxy
+ spec:
+ containers:
+ - name: ext-haproxy
+ image: haproxy:1.7.2-alpine
+ ports:
+ - containerPort: 80
+ - containerPort: 22
+ - containerPort: 443
+ - containerPort: 9001
+ env:
+ - name: HAPROXY_USER
+ valueFrom:
+ secretKeyRef:
+ name: haproxy-auth
+ key: user
+ - name: HAPROXY_PASS
+ valueFrom:
+ secretKeyRef:
+ name: haproxy-auth
+ key: pass
+{% if enable_liveness_probes %}
+ livenessProbe:
+ httpGet:
+ path: /haproxy_stats
+ port: 9001
+ httpHeaders:
+ - name: Authorization
+ value: Basic {{(vault_haproxy_user+":"+vault_haproxy_pass)|b64encode}}
+ initialDelaySeconds: 15
+ periodSeconds: 15
+{% endif %}
+ volumeMounts:
+ - mountPath: /usr/local/etc/haproxy/
+ name: ext-haproxy-cfg
+ - mountPath: /etc/haproxy/
+ name: site-pem
+ volumes:
+ - name: ext-haproxy-cfg
+ configMap:
+ name: ext-haproxy-cfg
+ items:
+ - key: file
+ path: haproxy.cfg
+ - name: site-pem
+ secret:
+ secretName: site-pem
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/40-int-haproxy-deployments.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/40-int-haproxy-deployments.yaml.j2
new file mode 100644
index 0000000..bc23c01
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/40-int-haproxy-deployments.yaml.j2
@@ -0,0 +1,89 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: int-haproxy
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ run: int-haproxy
+ spec:
+ containers:
+ - name: int-haproxy
+ image: haproxy:1.7.2-alpine
+ ports:
+ - containerPort: 80
+ - containerPort: 8080
+ - containerPort: 9000
+ env:
+ - name: HAPROXY_USER
+ valueFrom:
+ secretKeyRef:
+ name: haproxy-auth
+ key: user
+ - name: HAPROXY_PASS
+ valueFrom:
+ secretKeyRef:
+ name: haproxy-auth
+ key: pass
+{% if enable_liveness_probes %}
+ livenessProbe:
+ httpGet:
+ path: /haproxy_stats
+ port: 9000
+ httpHeaders:
+ - name: Authorization
+ value: Basic {{(vault_haproxy_user+":"+vault_haproxy_pass)|b64encode}}
+ initialDelaySeconds: 15
+ periodSeconds: 15
+{% endif %}
+ volumeMounts:
+ - mountPath: /usr/local/etc/haproxy/
+ name: int-haproxy-cfg
+ volumes:
+ - name: int-haproxy-cfg
+ configMap:
+ name: int-haproxy-cfg
+ items:
+ - key: file
+ path: haproxy.cfg
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/ceph-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/ceph-secret.yaml.j2
new file mode 100644
index 0000000..a0480ec
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/ceph-secret.yaml.j2
@@ -0,0 +1,46 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: ceph-secret
+type: "kubernetes.io/rbd"
+data:
+ key: "{{ ceph_key | b64encode }}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/ci-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/ci-secret.yaml.j2
new file mode 100644
index 0000000..dae5191
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/ci-secret.yaml.j2
@@ -0,0 +1,48 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+{% if ice_environment != 'production' %}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: ci-secret
+type: Opaque
+data:
+ admin_password: "{{vault_ci_admin_password | b64encode}}"
+{% endif %} \ No newline at end of file
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/cms-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/cms-secret.yaml.j2
new file mode 100644
index 0000000..38c528c
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/cms-secret.yaml.j2
@@ -0,0 +1,52 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: cms-secret
+type: Opaque
+data:
+ key: "{{ vault_cms_secret_key | b64encode }}"
+ app_user: "{{vault_cms_app_user | b64encode}}"
+ app_user_mail: "{{vault_cms_app_user_mail | b64encode}}"
+ app_user_password: "{{vault_cms_app_user_password | b64encode}}"
+ app_client_id: "{{vault_cms_app_client_id | b64encode}}"
+ app_client_secret: "{{vault_cms_app_client_secret | b64encode}}"
+ nevercache_key: "{{vault_cms_nevercache_key | b64encode}}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/em-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/em-secret.yaml.j2
new file mode 100644
index 0000000..56cbb30
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/em-secret.yaml.j2
@@ -0,0 +1,54 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: em-secret
+type: Opaque
+data:
+ key: "{{ vault_em_secret_key | b64encode }}"
+ em_webhook_token: "{{ vault_engagementmgr_webhook_token | b64encode }}"
+ gitlab_admin_password: "{{ vault_gitlab_admin_password | b64encode }}"
+ jenkins_admin_password: "{{ vault_jenkins_admin_password | b64encode }}"
+ cms_app_client_id: "{{vault_cms_app_client_id | b64encode}}"
+ cms_app_client_secret: "{{vault_cms_app_client_secret | b64encode}}"
+ slack_api_token: "{{( vault_slack_api_token | default('') ) | b64encode}}"
+ aws_access_key_id: "{{ vault_aws_access_key_id | b64encode }}"
+ aws_secret_access_key: "{{ vault_aws_secret_access_key | b64encode }}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2
new file mode 100644
index 0000000..29d1319
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2
@@ -0,0 +1,46 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: email-secret
+type: Opaque
+data:
+ password: "{{vault_email_host_password | b64encode }}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/gitlab-password-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/gitlab-password-secret.yaml.j2
new file mode 100644
index 0000000..3621b45
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/gitlab-password-secret.yaml.j2
@@ -0,0 +1,47 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: gitlab-password
+type: Opaque
+data:
+ password: "{{ vault_gitlab_admin_password | b64encode }}"
+ auth-token: "{{ vault_gitlab_authentication_token | b64encode }}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/haproxy-auth-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/haproxy-auth-secret.yaml.j2
new file mode 100644
index 0000000..c1a8fe1
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/haproxy-auth-secret.yaml.j2
@@ -0,0 +1,47 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: haproxy-auth
+type: Opaque
+data:
+ user: "{{ vault_haproxy_user | b64encode }}"
+ pass: "{{ vault_haproxy_pass | b64encode }}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/imagescanner-ssh-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/imagescanner-ssh-secret.yaml.j2
new file mode 100644
index 0000000..0028baf
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/imagescanner-ssh-secret.yaml.j2
@@ -0,0 +1,50 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: imagescanner-ssh
+ namespace: default
+type: Opaque
+data:
+ # FIXME the imagescanner really should have its own private key, but then we
+ # have to adjust the gitlab wrapper script to set two public keys as
+ # deploykeys.
+ id_ed25519: "{{vault_jenkins_deploy_key|b64encode}}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-admin-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-admin-secret.yaml.j2
new file mode 100644
index 0000000..c44d898
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-admin-secret.yaml.j2
@@ -0,0 +1,47 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: jenkins-users-admin
+ namespace: default
+type: Opaque
+data:
+ config.xml: "{{jenkins_admin_config_xml|b64encode}}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-deploykey-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-deploykey-secret.yaml.j2
new file mode 100644
index 0000000..4dee827
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-deploykey-secret.yaml.j2
@@ -0,0 +1,47 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: jenkins-deploykey
+ namespace: default
+type: Opaque
+data:
+ deploykey.pub: "{{vault_jenkins_deploy_key_pub|b64encode}}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-ssh-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-ssh-secret.yaml.j2
new file mode 100644
index 0000000..633e1ae
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-ssh-secret.yaml.j2
@@ -0,0 +1,51 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: jenkins-ssh
+ namespace: default
+type: Opaque
+data:
+ # .ssh/config isn't really a secret, but it's the easiest way to get it into
+ # the same directory as the key
+ config: >
+ SG9zdCAqClVzZXJLbm93bkhvc3RzRmlsZSAvZGV2L251bGwKU3RyaWN0SG9zdEtleUNoZWNraW5nIG5vCklkZW50aXR5RmlsZSAiL3Zhci9qZW5raW5zX2hvbWUvLnNzaC9pZF9lZDI1NTE5Igo=
+ id_ed25519: "{{vault_jenkins_deploy_key|b64encode}}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/postgresql-passwords-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/postgresql-passwords-secret.yaml.j2
new file mode 100644
index 0000000..03f1d9e
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/postgresql-passwords-secret.yaml.j2
@@ -0,0 +1,50 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: postgresql-passwords
+type: Opaque
+data:
+ emPassword: "{{ vault_em_postgresql_password | b64encode }}"
+ cmsPassword: "{{vault_cms_postgresql_password | b64encode}}"
+{% if ice_environment != 'production' %}
+ ciPassword: "{{vault_ci_postgresql_password | b64encode}}"
+{% endif %}
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2
new file mode 100644
index 0000000..f529dcf
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2
@@ -0,0 +1,47 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: site-crt
+type: Opaque
+data:
+ # the public part of the certificate, not actually a secret.
+ site.crt: "{{ site_pem_cert | b64encode }}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2
new file mode 100644
index 0000000..d045770
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2
@@ -0,0 +1,46 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: site-pem
+type: Opaque
+data:
+ site.pem: "{{ site_pem | b64encode }}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/slack-tokens-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/slack-tokens-secret.yaml.j2
new file mode 100644
index 0000000..ae9f29d
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/slack-tokens-secret.yaml.j2
@@ -0,0 +1,46 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: slack-tokens
+type: Opaque
+data:
+ notifications: "{{( vault_slack_tokens.notifications | default('') ) | b64encode}}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/services/haproxy-service.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/services/haproxy-service.yaml.j2
new file mode 100644
index 0000000..a1b6cd4
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/services/haproxy-service.yaml.j2
@@ -0,0 +1,105 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: ext-haproxy
+ labels:
+ run: ext-haproxy
+spec:
+ ports:
+ - port: 80
+ protocol: TCP
+ name: web
+ - port: 443
+ protocol: TCP
+ name: ssl
+ - port: 22
+ protocol: TCP
+ name: ssh
+ - port: 9000
+ protocol: TCP
+ name: stats
+ externalIPs:
+{% for ip in external_ips %}
+ - "{{ ip }}"
+{% endfor %}
+ selector:
+ run: ext-haproxy
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: int-haproxy
+ labels:
+ run: int-haproxy
+spec:
+ ports:
+ - port: 80
+ protocol: TCP
+ name: web
+ - port: 8080
+ protocol: TCP
+ name: jenkins
+ - port: 9000
+ protocol: TCP
+ name: stats
+ externalIPs:
+{% for ip in internal_ips %}
+ - "{{ ip }}"
+{% endfor %}
+ selector:
+ run: int-haproxy
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: ext-haproxy-stats
+ labels:
+ run: ext-haproxy-stats
+spec:
+ ports:
+ - port: 9001
+ protocol: TCP
+ name: stats
+ externalIPs:
+ - "{{ internal_ips[0] }}"
+ selector:
+ run: ext-haproxy