aboutsummaryrefslogtreecommitdiffstats
path: root/ansible/roles/ansible-vvp-templates
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/roles/ansible-vvp-templates')
-rw-r--r--ansible/roles/ansible-vvp-templates/files/configmaps/ci-configmap.yaml26
-rw-r--r--ansible/roles/ansible-vvp-templates/files/configmaps/cms-configmap.yaml20
-rw-r--r--ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml28
-rw-r--r--ansible/roles/ansible-vvp-templates/files/configmaps/imagescanner-configmap.yaml28
-rw-r--r--ansible/roles/ansible-vvp-templates/files/configmaps/nginx-cms-configmap.yaml8
-rw-r--r--ansible/roles/ansible-vvp-templates/files/configmaps/nginx-em-configmap.yaml10
-rw-r--r--ansible/roles/ansible-vvp-templates/files/configmaps/portal-nginx-configmap.yaml66
-rw-r--r--ansible/roles/ansible-vvp-templates/tasks/render.yml1
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j22
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/configmaps/portal-nginx-configmap.yaml.j239
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/configmaps/site-certificate-configmap.yaml.j230
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j24
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j24
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j214
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j26
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j214
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j252
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j24
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j211
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j25
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/onap-secret.yaml.j29
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j25
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j25
23 files changed, 253 insertions, 138 deletions
diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/ci-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/ci-configmap.yaml
index 05c15d2..c0559a2 100644
--- a/ansible/roles/ansible-vvp-templates/files/configmaps/ci-configmap.yaml
+++ b/ansible/roles/ansible-vvp-templates/files/configmaps/ci-configmap.yaml
@@ -43,20 +43,13 @@ metadata:
name: ci-settings
namespace: default
data:
- uwsgi.ini: |
- [uwsgi]
- uwsgi-socket = :80
- http = :8282
- plugin = python
- chdir = /app
- module = web.wsgi:application
- master = True
- pidfile = /tmp/project-master.pid
- vacuum = True
- max-requests = 5000
- enable-threads = True
- stats = 0.0.0.0:9000
- stats-http = True
+ gunicorn.ini: |
+ bind = ":8282"
+ chdir = '/app'
+ pidfile = '/tmp/ice-project-master.pid'
+ backlog = '5000'
+ errorlog = '-'
+ loglevel = 'info'
__init__.py: |
import os
from datetime import datetime
@@ -68,6 +61,9 @@ data:
ICE_ENVIRONMENT = os.environ['ICE_ENVIRONMENT']
PROGRAM_NAME_URL_PREFIX = os.environ['PROGRAM_NAME_URL_PREFIX']
+ SERVICE_PROVIDER = os.environ['SERVICE_PROVIDER']
+ PROGRAM_NAME = os.environ['PROGRAM_NAME']
+ SERVICE_PROVIDER_DOMAIN = os.environ['SERVICE_PROVIDER_DOMAIN']
# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
SECRET_KEY = os.environ["SECRET_KEY"]
@@ -290,7 +286,7 @@ data:
# ICE-CI Related Configuration
#############################
ICE_CONTACT_FROM_ADDRESS = os.getenv('ICE_CONTACT_FROM_ADDRESS')
- ICE_CONTACT_EMAILS = list(os.getenv('ICE_CONTACT_EMAILS')
+ ICE_CONTACT_EMAILS = list(os.getenv('ICE_CONTACT_EMAILS','user@example.com').split(','))
ICE_CI_ENVIRONMENT_NAME = os.getenv('ICE_CI_ENVIRONMENT_NAME', 'Dev') # Dev / Docker / Staging
ICE_EM_URL = "{domain}/{prefix}".format(domain=os.environ['ICE_EM_DOMAIN_NAME'], prefix=PROGRAM_NAME_URL_PREFIX)
ICE_PORTAL_URL = os.environ['ICE_DOMAIN']
diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/cms-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/cms-configmap.yaml
index 4aedece..00541af 100644
--- a/ansible/roles/ansible-vvp-templates/files/configmaps/cms-configmap.yaml
+++ b/ansible/roles/ansible-vvp-templates/files/configmaps/cms-configmap.yaml
@@ -43,19 +43,13 @@ metadata:
name: cms-settings
namespace: default
data:
- uwsgi.ini: |
- [uwsgi]
- uwsgi-socket = :80
- plugin = python
- chdir = /srv
- module = cms.wsgi:application
- master = True
- pidfile = /tmp/project-master.pid
- vacuum = True
- max-requests = 5000
- enable-threads = True
- stats = 0.0.0.0:9000
- stats-http = True
+ gunicorn.ini: |
+ bind = ":80"
+ chdir = '/srv'
+ pidfile = '/tmp/ice-project-master.pid'
+ backlog = '5000'
+ errorlog = '-'
+ loglevel = 'info'
__init__.py: |
from __future__ import absolute_import, unicode_literals
import os
diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml
index 79ad7b2..8068744 100644
--- a/ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml
+++ b/ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml
@@ -43,19 +43,14 @@ metadata:
name: em-settings
namespace: default
data:
- uwsgi.ini: |
- [uwsgi]
- uwsgi-socket = :80
- plugin = python
- chdir = /srv
- module = vvp.wsgi:application
- master = True
- pidfile = /tmp/project-master.pid
- vacuum = True
- max-requests = 5000
- enable-threads = True
- stats = 0.0.0.0:9000
- stats-http = True
+ gunicorn.ini: |
+ bind = ":80"
+ chdir = '/srv'
+ pidfile = '/tmp/ice-project-master.pid'
+ backlog = '5000'
+ errorlog = '-'
+ loglevel = 'info'
+
__init__.py: |
"""
Django settings for VVP project.
@@ -93,7 +88,10 @@ data:
ENVIRONMENT = os.environ['ENVIRONMENT']
PROGRAM_NAME_URL_PREFIX = os.environ['PROGRAM_NAME_URL_PREFIX']
-
+ SERVICE_PROVIDER = os.environ['SERVICE_PROVIDER']
+ PROGRAM_NAME = os.environ['PROGRAM_NAME']
+ SERVICE_PROVIDER_DOMAIN = os.environ['SERVICE_PROVIDER_DOMAIN']
+
# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
SECRET_KEY = os.environ["SECRET_KEY"]
@@ -305,7 +303,7 @@ data:
# VVP Related Configuration
#############################
CONTACT_FROM_ADDRESS = os.getenv('CONTACT_FROM_ADDRESS', 'dummy@example.com')
- CONTACT_EMAILS = [s.strip() for s in os.getenv('CONTACT_EMAILS', 'dummy@example.com')
+ CONTACT_EMAILS = [s.strip() for s in os.getenv('CONTACT_EMAILS', 'user@example.com').split(',') if s]
DOMAIN = os.getenv('EM_DOMAIN_NAME')
TOKEN_EXPIRATION_IN_HOURS = 48
DAILY_SCHEDULED_JOB_HOUR = 20
diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/imagescanner-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/imagescanner-configmap.yaml
new file mode 100644
index 0000000..23c2be8
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/configmaps/imagescanner-configmap.yaml
@@ -0,0 +1,28 @@
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: imagescanner-settings
+ namespace: default
+data:
+ imagescannerconfig.py: |
+ import os
+ from pathlib import Path
+ from awsauth import S3Auth
+ # A mapping from host names to Requests Authentication Objects; see
+ # http://docs.python-requests.org/en/master/user/authentication/
+ AUTHS = {}
+ if 'S3_HOST' in os.environ:
+ AUTHS[os.environ['S3_HOST']] = S3Auth(
+ os.environ['AWS_ACCESS_KEY_ID'],
+ os.environ['AWS_SECRET_ACCESS_KEY'],
+ service_url='https://%s/' % os.environ['S3_HOST']
+ )
+ LOGS_PATH = Path(os.environ['IMAGESCANNER_LOGS_PATH'])
+ STATUSFILE = LOGS_PATH/'status.txt'
+ # A dict passed as kwargs to jenkins.Jenkins constructor.
+ JENKINS = {
+ 'url': 'http://jenkins:8080',
+ 'username': 'admin',
+ 'password': os.environ['SECRET_JENKINS_PASSWORD'],
+ }
diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-cms-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-cms-configmap.yaml
index 89adf32..638d248 100644
--- a/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-cms-configmap.yaml
+++ b/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-cms-configmap.yaml
@@ -58,8 +58,12 @@ data:
client_max_body_size 75M; # adjust to taste
location / {
- uwsgi_pass cms_upstream;
- include /etc/nginx/uwsgi_params;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_set_header Host $http_host;
+ proxy_redirect off;
+
+ proxy_pass http://cms-uwsgi;
}
}
server {
diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-em-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-em-configmap.yaml
index 0d7b279..52e208e 100644
--- a/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-em-configmap.yaml
+++ b/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-em-configmap.yaml
@@ -56,10 +56,14 @@ data:
listen 80;
charset utf-8;
client_max_body_size 75M; # adjust to taste
-
+
location / {
- uwsgi_pass em_upstream;
- include /etc/nginx/uwsgi_params;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_set_header Host $http_host;
+ proxy_redirect off;
+
+ proxy_pass http://em_upstream;
}
}
diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/portal-nginx-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/portal-nginx-configmap.yaml
deleted file mode 100644
index 4d0e4e8..0000000
--- a/ansible/roles/ansible-vvp-templates/files/configmaps/portal-nginx-configmap.yaml
+++ /dev/null
@@ -1,66 +0,0 @@
-# -*- encoding: utf-8 -*-
-# ============LICENSE_START=======================================================
-# org.onap.vvp/engagementmgr
-# ===================================================================
-# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
-# ===================================================================
-#
-# Unless otherwise specified, all software contained herein is licensed
-# under the Apache License, Version 2.0 (the “License”);
-# you may not use this software except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-#
-#
-# Unless otherwise specified, all documentation contained herein is licensed
-# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
-# you may not use this documentation except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://creativecommons.org/licenses/by/4.0/
-#
-# Unless required by applicable law or agreed to in writing, documentation
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# ============LICENSE_END============================================
-#
-# ECOMP is a trademark and service mark of AT&T Intellectual Property.
----
-kind: ConfigMap
-apiVersion: v1
-metadata:
- name: portal-nginx-config
- namespace: default
-data:
- file: |
- pid /nginx.pid;
- error_log /dev/stdout warn;
-
- http {
- access_log /dev/stdout;
- server {
- listen 0.0.0.0:8181;
-
- location / {
- include /etc/nginx/mime.types;
- root /usr/share/nginx/html/;
- }
-
- }
-
- }
-
- events {
- worker_connections 4096;
- }
diff --git a/ansible/roles/ansible-vvp-templates/tasks/render.yml b/ansible/roles/ansible-vvp-templates/tasks/render.yml
index ec6900d..aed9593 100644
--- a/ansible/roles/ansible-vvp-templates/tasks/render.yml
+++ b/ansible/roles/ansible-vvp-templates/tasks/render.yml
@@ -55,7 +55,6 @@
dest: "{{k8_config_dir}}/{{item|dirname|basename}}/{{item|basename|splitext|first}}"
with_fileglob:
- ../templates/configmaps/*
- - ../templates/jobs/*
- ../templates/deployments/*
- ../templates/secrets/*
- ../templates/services/*
diff --git a/ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2
index 3fd9055..8b9012c 100644
--- a/ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2
+++ b/ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2
@@ -95,7 +95,7 @@ data:
frontend portal
mode http
redirect scheme https if !{ ssl_fc }
- acl is_api_call path_beg -i /ice
+ acl is_api_call path_beg -i /vvp
acl is_s3 hdr_beg(host) s3. staging-s3. dev-s3.
use_backend api if is_api_call
use_backend s3 if is_s3
diff --git a/ansible/roles/ansible-vvp-templates/templates/configmaps/portal-nginx-configmap.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/configmaps/portal-nginx-configmap.yaml.j2
new file mode 100644
index 0000000..34cc2d3
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/configmaps/portal-nginx-configmap.yaml.j2
@@ -0,0 +1,39 @@
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: portal-nginx-config
+ namespace: default
+data:
+ file: |
+ pid /nginx.pid;
+ error_log /dev/stdout warn;
+
+ http {
+ access_log /dev/stdout;
+ server {
+ listen 0.0.0.0:8181;
+
+ location / {
+ include /etc/nginx/mime.types;
+ root /usr/share/nginx/html/;
+ }
+
+ }
+
+ }
+
+ events {
+ worker_connections 4096;
+ }
+
+ service_provider.json: |
+ {
+ "serviceProvider": {
+ "name": "{{service_provider}}"
+ },
+ "program": {
+ "name": "{{program_name}}"
+ }
+ }
+
diff --git a/ansible/roles/ansible-vvp-templates/templates/configmaps/site-certificate-configmap.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/configmaps/site-certificate-configmap.yaml.j2
new file mode 100644
index 0000000..2d56741
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/configmaps/site-certificate-configmap.yaml.j2
@@ -0,0 +1,30 @@
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: site-certificate
+ namespace: default
+data:
+ site.crt: |
+ {{ site_pem_cert|indent }}
+ wrapper.sh: |
+ #!/bin/sh
+ # This script is meant to be used as a wrapper, so that it can be easily
+ # used with docker or kubernetes' container command specification.
+ #
+ # Kubernetes' volumeMount creates symlinks for configMapped files at the
+ # target directory.
+ # Alpine's update-ca-certificates ignores symlinks.
+ # So we must contrive to copy the contents of the mounted cert (a symlink)
+ # into place as a normal file.
+ dev_cert="${0%/*}/site.crt"
+ echo >&2 "$0: Checking for site CA certificate at $dev_cert..."
+ if [ -s "$dev_cert" ]; then
+ echo >&2 "$0: Updating container CA certificate bundle with site certificate..."
+ cp -L "$dev_cert" /usr/local/share/ca-certificates/
+ update-ca-certificates
+ else
+ echo >&2 "$0: No site CA certificate found."
+ fi
+ echo >&2 "$0: Launching command: $@"
+ exec "$@"
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2
index 6771b1f..8b14661 100644
--- a/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2
@@ -48,9 +48,11 @@ spec:
labels:
run: gitlab
spec:
+ imagePullSecrets:
+ - name: onapkey
containers:
- name: gitlab
- image: {{container_uri}}rkt-gitlab:{{container_tag}}
+ image: {{container_uri}}gitlab:{{container_tag}}
ports:
- containerPort: 80
- containerPort: 22
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2
index e78bfc9..bd5c10f 100644
--- a/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2
@@ -48,9 +48,11 @@ spec:
labels:
run: postgresql
spec:
+ imagePullSecrets:
+ - name: onapkey
containers:
- name: postgresql
- image: {{container_uri}}rkt-postgresql:{{container_tag}}
+ image: {{container_uri}}postgresql:{{container_tag}}
ports:
- containerPort: 5432
volumeMounts:
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2
index 98a04b5..44e78e1 100644
--- a/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2
@@ -57,9 +57,11 @@ spec:
hostPath:
path: /var/devenv/ice-ci/
{% endif %}
+ imagePullSecrets:
+ - name: onapkey
containers:
- name: ci-uwsgi
- image: {{container_uri}}rkt-ice-ci:{{container_tag}}
+ image: {{container_uri}}test-engine:{{container_tag}}
ports:
- containerPort: 80
- containerPort: 8282
@@ -77,7 +79,13 @@ spec:
- name: ICE_ENVIRONMENT
value: "{{ice_environment}}"
- name: PROGRAM_NAME_URL_PREFIX
- value: "ice"
+ value: "{{program_name_url_prefix}}"
+ - name: SERVICE_PROVIDER
+ value: "{{service_provider}}"
+ - name: PROGRAM_NAME
+ value: "{{program_name}}"
+ - name: SERVICE_PROVIDER_DOMAIN
+ value: "{{service_provider_domain}}"
- name: SECRET_KEY
valueFrom:
secretKeyRef: {name: em-secret, key: key}
@@ -158,7 +166,7 @@ spec:
initialDelaySeconds: 90
periodSeconds: 15
{% endif %}
- command: ["/app/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", "--static-map", "/static=/app/htdocs" {% if devenv is defined %}, "--py-auto-reload" , "3"{% endif %}]
+ command: ["/app/docker-entrypoint.sh", "/usr/local/bin/gunicorn", "-c", "/opt/configmaps/settings/gunicorn.ini", "web.wsgi:application", {% if devenv is defined %}"--reload"{% endif %}]
metadata:
labels:
run: ci-uwsgi
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2
index 8b601e9..01032d7 100644
--- a/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2
@@ -44,9 +44,11 @@ metadata:
spec:
template:
spec:
+ imagePullSecrets:
+ - name: onapkey
containers:
- name: cms-uwsgi
- image: {{container_uri}}rkt-ice-cms:{{container_tag}}
+ image: {{container_uri}}cms:{{container_tag}}
ports:
- containerPort: 80
- containerPort: 9000
@@ -119,7 +121,7 @@ spec:
periodSeconds: 15
timeoutSeconds: 10
{% endif %}
- command: ["/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", {% if devenv is defined %}"--py-auto-reload" , "3",{% endif %}"--static-map", "/static=/app/htdocs"]
+ command: ["/docker-entrypoint.sh", "/usr/local/bin/gunicorn", "-c", "/opt/configmaps/settings/gunicorn.ini", "cms.wsgi:application", {% if devenv is defined %}"--reload"{% endif %}]
volumeMounts:
- name: settings
mountPath: /opt/configmaps/settings/
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2
index 8cedd29..ceb24c4 100644
--- a/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2
@@ -56,9 +56,11 @@ spec:
- name: em-settings
configMap:
name: em-settings
+ imagePullSecrets:
+ - name: onapkey
containers:
- name: em-uwsgi
- image: {{container_uri}}rkt-engagementmgr:{{container_tag}}
+ image: {{container_uri}}engagementmgr:{{container_tag}}
ports:
- containerPort: 80
- containerPort: 9000
@@ -75,7 +77,13 @@ spec:
- name: ENVIRONMENT
value: "{{ice_environment}}"
- name: PROGRAM_NAME_URL_PREFIX
- value: "ice"
+ value: "{{program_name_url_prefix}}"
+ - name: SERVICE_PROVIDER
+ value: "{{service_provider}}"
+ - name: PROGRAM_NAME
+ value: "{{program_name}}"
+ - name: SERVICE_PROVIDER_DOMAIN
+ value: "{{service_provider_domain}}"
- name: SECRET_KEY
valueFrom:
secretKeyRef: {name: em-secret, key: key}
@@ -156,7 +164,7 @@ spec:
periodSeconds: 15
timeoutSeconds: 10
{% endif %}
- command: ["/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", {% if devenv is defined %}"--py-auto-reload" , "3",{% endif %}"--static-map", "/static=/app/htdocs"]
+ command: ["/docker-entrypoint.sh", "/usr/local/bin/gunicorn", "-c", "/opt/configmaps/settings/gunicorn.ini", "vvp.wsgi:application", {% if devenv is defined %}"--reload"{% endif %}]
metadata:
labels:
run: em-uwsgi
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2
index 775d341..b8f2f66 100644
--- a/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2
@@ -44,11 +44,16 @@ metadata:
spec:
template:
spec:
+ imagePullSecrets:
+ - name: onapkey
containers:
- name: imagescanner-worker
- image: {{container_uri}}ice-image-scanner:{{container_tag}}
- command: ["/usr/local/bin/imagescanner-worker"]
+ image: {{container_uri}}image-scanner:{{container_tag}}
+ command:
+ - "sh"
+ - "/opt/site-certificate/wrapper.sh"
+ - "/usr/local/bin/imagescanner-worker"
securityContext:
privileged: true
volumeMounts:
@@ -58,9 +63,30 @@ spec:
mountPath: /dev
- name: logs
mountPath: /var/log/imagescanner
+ - name: imagescanner-settings
+ mountPath: /opt/imagescanner-settings
+ - name: site-certificate
+ mountPath: /opt/site-certificate
+ env:
+ - name: PYTHONPATH
+ value: /opt/imagescanner-settings
+ - name: S3_HOST
+ value: "{{s3_dns_name}}"
+ - name: S3_PORT
+ value: "443"
+ - name: AWS_ACCESS_KEY_ID
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_access_key_id}
+ - name: AWS_SECRET_ACCESS_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_secret_access_key}
+ - name: SECRET_JENKINS_PASSWORD
+ value: ''
+ - name: REQUESTS_CA_BUNDLE
+ value: /etc/ssl/certs/ca-certificates.crt
- name: notifications-worker
- image: {{container_uri}}ice-image-scanner:{{container_tag}}
+ image: {{container_uri}}image-scanner:{{container_tag}}
command: ["/usr/local/bin/notifications-worker"]
securityContext:
privileged: true
@@ -70,9 +96,17 @@ spec:
secretKeyRef: {name: slack-tokens, key: notifications}
- name: DOMAIN
value: "{{em_internal_dns_name}}"
+ - name: PYTHONPATH
+ value: /opt/imagescanner-settings
+ - name: SECRET_JENKINS_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: jenkins_admin_password}
+ volumeMounts:
+ - name: imagescanner-settings
+ mountPath: /opt/imagescanner-settings
- name: imagescanner-frontend
- image: {{container_uri}}ice-image-scanner:{{container_tag}}
+ image: {{container_uri}}image-scanner:{{container_tag}}
command: ["/usr/local/bin/imagescanner-frontend"]
{#
FIXME: No, the frontend does not require a privileged container.
@@ -87,9 +121,13 @@ spec:
volumeMounts:
- name: logs
mountPath: /var/log/imagescanner
+ - name: imagescanner-settings
+ mountPath: /opt/imagescanner-settings
env:
- name: DEFAULT_SLACK_CHANNEL
value: "#notifications"
+ - name: SECRET_JENKINS_PASSWORD
+ value: ''
volumes:
- name: imagescanner-ssh
@@ -101,6 +139,12 @@ spec:
path: /dev
- name: logs
emptyDir: {}
+ - name: imagescanner-settings
+ configMap:
+ name: imagescanner-settings
+ - name: site-certificate
+ configMap:
+ name: site-certificate
metadata:
labels:
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2
index 61504f1..1b4289a 100644
--- a/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2
@@ -44,9 +44,11 @@ metadata:
spec:
template:
spec:
+ imagePullSecrets:
+ - name: onapkey
containers:
- name: jenkins
- image: {{container_uri}}rkt-jenkins:{{container_tag}}
+ image: {{container_uri}}jenkins:{{container_tag}}
ports:
- containerPort: 8080
volumeMounts:
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2
index f3505e5..5c898d3 100644
--- a/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2
@@ -48,9 +48,11 @@ spec:
labels:
run: portal
spec:
+ imagePullSecrets:
+ - name: onapkey
containers:
- name: portal
- image: {{container_uri}}rkt-ice-portal:{{container_tag}}
+ image: {{container_uri}}portal:{{container_tag}}
ports:
- containerPort: 8181
command: ["nginx", "-g", "daemon off;", "-c", "/tmp/nginx.conf"]
@@ -68,3 +70,10 @@ spec:
items:
- key: file
path: nginx.conf
+ - key: service_provider.json
+ path: service_provider.json
+{% if devenv is defined %}
+ - name: portal-rsync
+ hostPath:
+ path: /var/devenv/rkt-ice-portal/d2ice.att.io/app
+{% endif %}
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2
index 29d1319..41597d6 100644
--- a/ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2
@@ -37,10 +37,11 @@
#
# ECOMP is a trademark and service mark of AT&T Intellectual Property.
---
-apiVersion: v1
kind: Secret
+apiVersion: v1
metadata:
name: email-secret
+ namespace: default
type: Opaque
data:
- password: "{{vault_email_host_password | b64encode }}"
+ password: "{{vault_email_host_password|b64encode}}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/onap-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/onap-secret.yaml.j2
new file mode 100644
index 0000000..f253c3c
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/onap-secret.yaml.j2
@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: onapkey
+ namespace: default
+data:
+ .dockercfg: {{ dockerconfig|to_json|b64encode }}
+type: kubernetes.io/dockercfg
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2
index f529dcf..1f92c42 100644
--- a/ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2
@@ -37,11 +37,12 @@
#
# ECOMP is a trademark and service mark of AT&T Intellectual Property.
---
-apiVersion: v1
kind: Secret
+apiVersion: v1
metadata:
name: site-crt
+ namespace: default
type: Opaque
data:
# the public part of the certificate, not actually a secret.
- site.crt: "{{ site_pem_cert | b64encode }}"
+ site.crt: "{{site_pem_cert|b64encode}}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2
index d045770..7ed5e26 100644
--- a/ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2
@@ -37,10 +37,11 @@
#
# ECOMP is a trademark and service mark of AT&T Intellectual Property.
---
-apiVersion: v1
kind: Secret
+apiVersion: v1
metadata:
name: site-pem
+ namespace: default
type: Opaque
data:
- site.pem: "{{ site_pem | b64encode }}"
+ site.pem: "{{site_pem|b64encode}}"