From 307215471b50e1f27654819434fb08de4d003d82 Mon Sep 17 00:00:00 2001 From: "edan.binshtok" Date: Tue, 21 Nov 2017 20:06:04 +0200 Subject: Fix gitignore and missing files Due to bad gitignore some files were missing. Now .vault_passwords added and dirs under roles Issue-ID: VVP-32 Change-Id: I2b9b7afe305603b37fbfe184dc36156c8461bc85 Signed-off-by: edan.binshtok --- .../roles/ansible-vvp-templates/defaults/main.yml | 41 ++ .../files/configmaps/ci-configmap.yaml | 321 ++++++++++++++ .../files/configmaps/cms-configmap.yaml | 477 +++++++++++++++++++++ .../files/configmaps/em-configmap.yaml | 442 +++++++++++++++++++ .../files/configmaps/nginx-cms-configmap.yaml | 74 ++++ .../files/configmaps/nginx-em-configmap.yaml | 75 ++++ .../files/configmaps/portal-nginx-configmap.yaml | 66 +++ .../configmaps/postgresql-conf-configmap.yaml | 65 +++ .../configmaps/postgresql-initdb-configmap.yaml | 61 +++ .../files/deployments/30-cms-nginx-deployment.yaml | 70 +++ .../files/deployments/30-em-nginx-deployment.yaml | 70 +++ .../files/jobs/s3provision-job.yaml | 60 +++ .../files/services/ci-service.yaml | 52 +++ .../files/services/cms-service.yaml | 52 +++ .../files/services/cms-uwsgi-service.yaml | 52 +++ .../files/services/em-service.yaml | 52 +++ .../files/services/em-uwsgi-service.yaml | 52 +++ .../files/services/gitlab-service.yaml | 55 +++ .../files/services/imagescanner-service.yaml | 52 +++ .../files/services/jenkins-service.yaml | 52 +++ .../files/services/portal-service.yaml | 52 +++ .../files/services/postgresql-service.yaml | 52 +++ .../files/services/redis-service.yaml | 52 +++ ansible/roles/ansible-vvp-templates/tasks/main.yml | 42 ++ .../roles/ansible-vvp-templates/tasks/render.yml | 73 ++++ .../roles/ansible-vvp-templates/tasks/rerender.yml | 42 ++ .../configmaps/haproxy-cfg-configmap.yaml.j2 | 198 +++++++++ .../configmaps/s3provision-configmap.yaml.j2 | 86 ++++ .../deployments/10-gitlab-deployment.yaml.j2 | 108 +++++ .../deployments/10-postgresql-deployment.yaml.j2 | 108 +++++ .../templates/deployments/10-redis.yaml.j2 | 55 +++ .../deployments/20-ci-uwsgi-deployment.yaml.j2 | 165 +++++++ .../deployments/20-cms-uwsgi-deployment.yaml.j2 | 146 +++++++ .../deployments/20-em-uwsgi-deployment.yaml.j2 | 162 +++++++ .../templates/deployments/20-imagescanner.yaml.j2 | 107 +++++ .../deployments/20-jenkins-deployment.yaml.j2 | 89 ++++ .../deployments/30-portal-deployment.yaml.j2 | 70 +++ .../deployments/40-ext-haproxy-deployment.yaml.j2 | 95 ++++ .../deployments/40-int-haproxy-deployments.yaml.j2 | 89 ++++ .../templates/secrets/ceph-secret.yaml.j2 | 46 ++ .../templates/secrets/ci-secret.yaml.j2 | 48 +++ .../templates/secrets/cms-secret.yaml.j2 | 52 +++ .../templates/secrets/em-secret.yaml.j2 | 54 +++ .../templates/secrets/email-secret.yaml.j2 | 46 ++ .../secrets/gitlab-password-secret.yaml.j2 | 47 ++ .../templates/secrets/haproxy-auth-secret.yaml.j2 | 47 ++ .../secrets/imagescanner-ssh-secret.yaml.j2 | 50 +++ .../templates/secrets/jenkins-admin-secret.yaml.j2 | 47 ++ .../secrets/jenkins-deploykey-secret.yaml.j2 | 47 ++ .../templates/secrets/jenkins-ssh-secret.yaml.j2 | 51 +++ .../secrets/postgresql-passwords-secret.yaml.j2 | 50 +++ .../templates/secrets/site-crt-secret.yaml.j2 | 47 ++ .../templates/secrets/site-pem-secret.yaml.j2 | 46 ++ .../templates/secrets/slack-tokens-secret.yaml.j2 | 46 ++ .../templates/services/haproxy-service.yaml.j2 | 105 +++++ 55 files changed, 4861 insertions(+) create mode 100644 ansible/roles/ansible-vvp-templates/defaults/main.yml create mode 100644 ansible/roles/ansible-vvp-templates/files/configmaps/ci-configmap.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/configmaps/cms-configmap.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/configmaps/nginx-cms-configmap.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/configmaps/nginx-em-configmap.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/configmaps/portal-nginx-configmap.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/configmaps/postgresql-conf-configmap.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/configmaps/postgresql-initdb-configmap.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/deployments/30-cms-nginx-deployment.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/deployments/30-em-nginx-deployment.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/jobs/s3provision-job.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/services/ci-service.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/services/cms-service.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/services/cms-uwsgi-service.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/services/em-service.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/services/em-uwsgi-service.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/services/gitlab-service.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/services/imagescanner-service.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/services/jenkins-service.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/services/portal-service.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/services/postgresql-service.yaml create mode 100644 ansible/roles/ansible-vvp-templates/files/services/redis-service.yaml create mode 100644 ansible/roles/ansible-vvp-templates/tasks/main.yml create mode 100644 ansible/roles/ansible-vvp-templates/tasks/render.yml create mode 100644 ansible/roles/ansible-vvp-templates/tasks/rerender.yml create mode 100644 ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/configmaps/s3provision-configmap.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/10-redis.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/40-ext-haproxy-deployment.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/40-int-haproxy-deployments.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/secrets/ceph-secret.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/secrets/ci-secret.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/secrets/cms-secret.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/secrets/em-secret.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/secrets/gitlab-password-secret.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/secrets/haproxy-auth-secret.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/secrets/imagescanner-ssh-secret.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-admin-secret.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-deploykey-secret.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-ssh-secret.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/secrets/postgresql-passwords-secret.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/secrets/slack-tokens-secret.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/services/haproxy-service.yaml.j2 (limited to 'ansible/roles/ansible-vvp-templates') diff --git a/ansible/roles/ansible-vvp-templates/defaults/main.yml b/ansible/roles/ansible-vvp-templates/defaults/main.yml new file mode 100644 index 0000000..01d1be6 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/defaults/main.yml @@ -0,0 +1,41 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- + +livenessProbe_initialDelaySeconds: {} diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/ci-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/ci-configmap.yaml new file mode 100644 index 0000000..05c15d2 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/configmaps/ci-configmap.yaml @@ -0,0 +1,321 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: ci-settings + namespace: default +data: + uwsgi.ini: | + [uwsgi] + uwsgi-socket = :80 + http = :8282 + plugin = python + chdir = /app + module = web.wsgi:application + master = True + pidfile = /tmp/project-master.pid + vacuum = True + max-requests = 5000 + enable-threads = True + stats = 0.0.0.0:9000 + stats-http = True + __init__.py: | + import os + from datetime import datetime + + # With this file at web/settings/__init__.py, we need three applications of + # dirname() to find the project root. + PROJECT_PATH = os.path.realpath(os.path.dirname(os.path.dirname(os.path.dirname(__file__)))) + LOGS_PATH = os.path.join(PROJECT_PATH, "logs") + + ICE_ENVIRONMENT = os.environ['ICE_ENVIRONMENT'] + PROGRAM_NAME_URL_PREFIX = os.environ['PROGRAM_NAME_URL_PREFIX'] + + # See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/ + SECRET_KEY = os.environ["SECRET_KEY"] + + # https://docs.djangoproject.com/en/1.10/ref/settings/#allowed-hosts + # Anything in the Host header that does not match our expected domain should + # raise SuspiciousOperation exception. + ALLOWED_HOSTS = ['*'] + + if ICE_ENVIRONMENT == 'production': + DEBUG = False + + EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' + EMAIL_HOST = os.environ.get('ICE_EMAIL_HOST') + EMAIL_HOST_PASSWORD = os.environ['EMAIL_HOST_PASSWORD'] + EMAIL_HOST_USER = os.environ['EMAIL_HOST_USER'] + EMAIL_PORT = os.environ['EMAIL_PORT'] + else: + DEBUG = True + EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' + + + # Note: Only SSL email backends are allowed + EMAIL_USE_SSL = True + + REST_FRAMEWORK = { + 'DEFAULT_AUTHENTICATION_CLASSES': ( + 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', + ), + 'PAGE_SIZE': 10, + # Use Django's standard `django.contrib.auth` permissions, + # or allow read-only access for unauthenticated users. + 'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.IsAdminUser',), + } + APPEND_SLASH = False + + # Application definition + + INSTALLED_APPS = [ + + 'django.contrib.auth', + 'django.contrib.contenttypes', # required by d.c.admin + 'django.contrib.sessions', # required by d.c.admin + 'django.contrib.messages', # required by d.c.admin + 'django.contrib.staticfiles', + 'django.contrib.admin', # django admin site + 'rest_framework', + 'iceci.apps.IceCiConfig', + ] + + MIDDLEWARE_CLASSES = [ + 'django.middleware.security.SecurityMiddleware', + 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.middleware.common.CommonMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', + 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', + ] + + ROOT_URLCONF = 'web.urls' + + TEMPLATES = [ + { + 'BACKEND': 'django.template.backends.django.DjangoTemplates', + 'DIRS': [PROJECT_PATH + '/web/templates'], + 'APP_DIRS': True, + 'OPTIONS': { + 'context_processors': [ + 'django.template.context_processors.debug', + 'django.template.context_processors.request', + 'django.contrib.auth.context_processors.auth', # required by d.c.admin + 'django.contrib.messages.context_processors.messages', # required by d.c.admin + ], + }, + }, + ] + + WSGI_APPLICATION = 'web.wsgi.application' + + # Database + # https://docs.djangoproject.com/en/1.9/ref/settings/#databases + + DATABASES = { + 'default': { # CI DB details. + 'NAME': '/app/ice_ci_db.db' , + 'ENGINE': 'django.db.backends.sqlite3', + 'TEST_NAME': '/app/ice_ci_db.db', + }, + } + SINGLETONE_DB = { + 'default': { # CI DB details. + 'ENGINE': 'django.db.backends.postgresql', + 'NAME': os.environ.get('CI_DB_NAME', 'ice_ci_db'), + 'USER': os.environ.get('CI_DB_USER', 'iceci'), + 'PASSWORD': os.environ.get('CI_DB_PASSWORD', 'Aa123456'), + 'HOST': os.environ.get('CI_DB_HOST', 'localhost'), + 'PORT': os.environ.get('CI_DB_PORT', '5433'), + }, + 'em_db': { # ICE DB details. + 'ENGINE': 'django.db.backends.postgresql', + 'NAME': os.environ.get('EM_DB_NAME', 'icedb'), + 'USER': os.environ.get('EM_DB_USER', 'iceuser'), + 'PASSWORD': os.environ.get('EM_DB_PASSWORD', 'Aa123456'), + 'HOST': os.environ.get('EM_DB_HOST', 'localhost'), + 'PORT': os.environ.get('EM_DB_PORT', '5433'), + }, + 'cms_db': { # ICE CMS details. + 'ENGINE': 'django.db.backends.postgresql', + 'NAME': os.environ.get('CMS_DB_NAME', 'icecmsdb'), + 'USER': os.environ.get('CMS_DB_USER', 'icecmsuser'), + 'PASSWORD': os.environ.get('CMS_DB_PASSWORD', 'Aa123456'), + 'HOST': os.environ.get('CMS_DB_HOST', 'localhost'), + 'PORT': os.environ.get('CMS_DB_PORT', '5433'), + } + } + + # Password validation + # https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators + + AUTH_PASSWORD_VALIDATORS = [ + { + 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', + }, + ] + + + # Internationalization + # https://docs.djangoproject.com/en/1.9/topics/i18n/ + + LANGUAGE_CODE = 'en-us' + + TIME_ZONE = 'UTC' + + USE_I18N = True + + USE_L10N = True + + USE_TZ = False + + + # Static files (CSS, JavaScript, Images) + # https://docs.djangoproject.com/en/1.9/howto/static-files/ + STATIC_ROOT = os.environ['STATIC_ROOT'] + STATIC_URL = '/static/' + + LOGGING = { + 'version': 1, + 'disable_existing_loggers': False, + 'formatters': { # All possible attributes are: https://docs.python.org/3/library/logging.html#logrecord-attributes + 'verbose': { + 'format': '%(asctime)s %(levelname)s %(module)s %(filename)s:%(lineno)d %(process)d %(thread)d %(message)s' + }, + 'simple': { + 'format': '%(asctime)s %(levelname)s %(filename)s:%(lineno)d %(message)s' + }, + }, + 'handlers': { + 'console': { + 'class': 'logging.StreamHandler', + 'formatter': 'simple' + }, + 'file1': { + 'level': 'INFO', # handler will ignore DEBUG (only process INFO, WARN, ERROR, CRITICAL, FATAL) + 'class': 'logging.FileHandler', + 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-info.log', + 'formatter': 'verbose' + }, + 'file2': { + 'level': 'DEBUG', + 'class': 'logging.FileHandler', + 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-debug.log', + 'formatter': 'verbose' + }, + 'file3': { + 'level': 'ERROR', + 'class': 'logging.FileHandler', + 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-requests.log', + 'formatter': 'verbose' + }, + 'file4': { + 'level': 'ERROR', + 'class': 'logging.FileHandler', + 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-db.log', + 'formatter': 'verbose' + } + }, + 'loggers': { + 'vvp-ci.logger': { + 'handlers': ['file1', 'file2', 'file3', 'file4','console'], + 'level': os.getenv('ICE_ICE_LOGGER_LEVEL', 'DEBUG'), + }, + 'django': { + 'handlers': ['console'], + 'level': os.getenv('ICE_DJANGO_LOGGER_LEVEL', 'DEBUG'), + }, + 'django.request': { + 'handlers': ['file3'], + 'level': os.getenv('ICE_ICE_REQUESTS_LOGGER_LEVEL', 'ERROR'), + }, + 'django.db.backends': { + 'handlers': ['file4'], + 'level': os.getenv('ICE_ICE_DB_LOGGER_LEVEL', 'ERROR'), + } + } + } + + + ############################# + # ICE-CI Related Configuration + ############################# + ICE_CONTACT_FROM_ADDRESS = os.getenv('ICE_CONTACT_FROM_ADDRESS') + ICE_CONTACT_EMAILS = list(os.getenv('ICE_CONTACT_EMAILS') + ICE_CI_ENVIRONMENT_NAME = os.getenv('ICE_CI_ENVIRONMENT_NAME', 'Dev') # Dev / Docker / Staging + ICE_EM_URL = "{domain}/{prefix}".format(domain=os.environ['ICE_EM_DOMAIN_NAME'], prefix=PROGRAM_NAME_URL_PREFIX) + ICE_PORTAL_URL = os.environ['ICE_DOMAIN'] + EM_REST_URL = ICE_EM_URL + '/v1/engmgr/' + + #Number of test results presented in admin page. Illegal values: '0' or 'Null' + NUMBER_OF_TEST_RESULTS = int(os.getenv('NUMBER_OF_TEST_RESULTS', '30')) + ICE_BUILD_REPORT_NUM = os.getenv('ICE_BUILD_REPORT_NUM',"{:%Y-%m-%d-%H-%M-%S}".format(datetime.now())) + IS_JUMP_STATE=os.getenv('IS_JUMP_STATE', "True") + DATABASE_TYPE = 'sqlite' + + # FIXME: Does this authentication scheme actually gain us anything? What's the + # threat model + WEBHOOK_TOKEN = os.environ['SECRET_WEBHOOK_TOKEN'] + + # The authentication token and URL needed for us to issue requests to the GitLab API. + GITLAB_TOKEN = os.environ['SECRET_GITLAB_AUTH_TOKEN'] + GITLAB_URL = "http://gitlab/" + + JENKINS_URL = "http://jenkins:8080/" + JENKINS_USERNAME = "admin" + JENKINS_PASSWORD = os.environ['SECRET_JENKINS_PASSWORD'] + + AWS_S3_HOST = os.environ['S3_HOST'] + AWS_S3_PORT = int(os.environ['S3_PORT']) + AWS_S3_CUSTOM_DOMAIN = os.environ['S3_HOST'] + AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID'] + AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY'] diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/cms-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/cms-configmap.yaml new file mode 100644 index 0000000..4aedece --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/configmaps/cms-configmap.yaml @@ -0,0 +1,477 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: cms-settings + namespace: default +data: + uwsgi.ini: | + [uwsgi] + uwsgi-socket = :80 + plugin = python + chdir = /srv + module = cms.wsgi:application + master = True + pidfile = /tmp/project-master.pid + vacuum = True + max-requests = 5000 + enable-threads = True + stats = 0.0.0.0:9000 + stats-http = True + __init__.py: | + from __future__ import absolute_import, unicode_literals + import os + from cms.envbool import envbool + + from django import VERSION as DJANGO_VERSION + from django.utils.translation import ugettext_lazy as _ + from boto.s3.connection import OrdinaryCallingFormat + + + ###################### + # MEZZANINE SETTINGS # + ###################### + + # The following settings are already defined with default values in + # the ``defaults.py`` module within each of Mezzanine's apps, but are + # common enough to be put here, commented out, for conveniently + # overriding. Please consult the settings documentation for a full list + # of settings Mezzanine implements: + # http://mezzanine.jupo.org/docs/configuration.html#default-settings + + # Controls the ordering and grouping of the admin menu. + # + # ADMIN_MENU_ORDER = ( + # ("Content", ("pages.Page", "blog.BlogPost", + # "generic.ThreadedComment", (_("Media Library"), "media-library"),)), + # ("Site", ("sites.Site", "redirects.Redirect", "conf.Setting")), + # ("Users", ("auth.User", "auth.Group",)), + # ) + + # A three item sequence, each containing a sequence of template tags + # used to render the admin dashboard. + # + # DASHBOARD_TAGS = ( + # ("blog_tags.quick_blog", "mezzanine_tags.app_list"), + # ("comment_tags.recent_comments",), + # ("mezzanine_tags.recent_actions",), + # ) + + # A sequence of templates used by the ``page_menu`` template tag. Each + # item in the sequence is a three item sequence, containing a unique ID + # for the template, a label for the template, and the template path. + # These templates are then available for selection when editing which + # menus a page should appear in. Note that if a menu template is used + # that doesn't appear in this setting, all pages will appear in it. + + # PAGE_MENU_TEMPLATES = ( + # (1, _("Top navigation bar"), "pages/menus/dropdown.html"), + # (2, _("Left-hand tree"), "pages/menus/tree.html"), + # (3, _("Footer"), "pages/menus/footer.html"), + # ) + + # A sequence of fields that will be injected into Mezzanine's (or any + # library's) models. Each item in the sequence is a four item sequence. + # The first two items are the dotted path to the model and its field + # name to be added, and the dotted path to the field class to use for + # the field. The third and fourth items are a sequence of positional + # args and a dictionary of keyword args, to use when creating the + # field instance. When specifying the field class, the path + # ``django.models.db.`` can be omitted for regular Django model fields. + # + # EXTRA_MODEL_FIELDS = ( + # ( + # # Dotted path to field. + # "mezzanine.blog.models.BlogPost.image", + # # Dotted path to field class. + # "somelib.fields.ImageField", + # # Positional args for field class. + # (_("Image"),), + # # Keyword args for field class. + # {"blank": True, "upload_to": "blog"}, + # ), + # # Example of adding a field to *all* of Mezzanine's content types: + # ( + # "mezzanine.pages.models.Page.another_field", + # "IntegerField", # 'django.db.models.' is implied if path is omitted. + # (_("Another name"),), + # {"blank": True, "default": 1}, + # ), + # ) + + # Setting to turn on featured images for blog posts. Defaults to False. + # + # BLOG_USE_FEATURED_IMAGE = True + + # If True, the django-modeltranslation will be added to the + # INSTALLED_APPS setting. + USE_MODELTRANSLATION = False + + + ######################## + # MAIN DJANGO SETTINGS # + ######################## + + # Hosts/domain names that are valid for this site; required if DEBUG is False + # See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts + ALLOWED_HOSTS = ['*'] + + # Set UTC time zone: + TIME_ZONE = 'UTC' + USE_TZ = True + + # Local time zone for this installation. Choices can be found here: + # http://en.wikipedia.org/wiki/List_of_tz_zones_by_name + # although not all choices may be available on all operating systems. + # On Unix systems, a value of None will cause Django to use the same + # timezone as the operating system. + # If running in a Windows environment this must be set to the same as your + # system time zone. + TIME_ZONE = 'UTC' + + # If you set this to True, Django will use timezone-aware datetimes. + USE_TZ = True + + # Language code for this installation. All choices can be found here: + # http://www.i18nguy.com/unicode/language-identifiers.html + LANGUAGE_CODE = "en" + + # Supported languages + LANGUAGES = ( + ('en', _('English')), + ) + + ENVIRONMENT = os.environ['ENVIRONMENT'] + + # See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/ + SECRET_KEY = os.environ["SECRET_KEY"] + + # A boolean that turns on/off debug mode. When set to ``True``, stack traces + # are displayed for error pages. Should always be set to ``False`` in + # production. Best set to ``True`` in local_settings.py + DEBUG = envbool('DJANGO_DEBUG_MODE', False) + + # Note: Only SSL email backends are allowed + EMAIL_USE_SSL = True + + # Whether a user's session cookie expires when the Web browser is closed. + SESSION_EXPIRE_AT_BROWSER_CLOSE = True + + SITE_ID = 1 + + # If you set this to False, Django will make some optimizations so as not + # to load the internationalization machinery. + USE_I18N = False + + AUTHENTICATION_BACKENDS = ("mezzanine.core.auth_backends.MezzanineBackend",) + + # The numeric mode to set newly-uploaded files to. The value should be + # a mode you'd pass directly to os.chmod. + FILE_UPLOAD_PERMISSIONS = 0o644 + + + ############# + # DATABASES # + ############# + + DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.postgresql', + 'NAME': os.environ['PGDATABASE'], + 'USER': os.environ['PGUSER'], + 'PASSWORD': os.environ['PGPASSWORD'], + 'HOST': os.environ['PGHOST'], + 'PORT': os.environ['PGPORT'], + } + } + + + ######### + # PATHS # + ######### + + # Full filesystem path to the project. + PROJECT_APP_PATH = os.path.dirname(os.path.abspath(__file__)) + PROJECT_APP = os.path.basename(PROJECT_APP_PATH) + PROJECT_ROOT = BASE_DIR = os.path.dirname(PROJECT_APP_PATH) + + # Every cache key will get prefixed with this value - here we set it to + # the name of the directory the project is in to try and use something + # project specific. + CACHE_MIDDLEWARE_KEY_PREFIX = PROJECT_APP + + # Package/module name to import the root urlpatterns from for the project. + ROOT_URLCONF = 'cms.urls' + + TEMPLATES = [ + { + "BACKEND": "django.template.backends.django.DjangoTemplates", + "DIRS": [ + os.path.join(PROJECT_ROOT, "templates") + ], + "APP_DIRS": True, + "OPTIONS": { + "context_processors": [ + "django.contrib.auth.context_processors.auth", + "django.contrib.messages.context_processors.messages", + "django.template.context_processors.debug", + "django.template.context_processors.i18n", + "django.template.context_processors.static", + "django.template.context_processors.media", + "django.template.context_processors.request", + "django.template.context_processors.tz", + "mezzanine.conf.context_processors.settings", + "mezzanine.pages.context_processors.page", + ], + "builtins": [ + "mezzanine.template.loader_tags", + ], + }, + }, + ] + + if DJANGO_VERSION < (1, 9): + del TEMPLATES[0]["OPTIONS"]["builtins"] + + + ################ + # APPLICATIONS # + ################ + + INSTALLED_APPS = ( + "mezzanine_api", + "rest_framework", + "rest_framework_swagger", + "oauth2_provider", + "django.contrib.admin", + "django.contrib.auth", + "django.contrib.contenttypes", + "django.contrib.redirects", + "django.contrib.sessions", + "django.contrib.sites", + "django.contrib.sitemaps", + "django.contrib.staticfiles", + "mezzanine.boot", + "mezzanine.conf", + "mezzanine.core", + "mezzanine.generic", + "mezzanine.pages", + "mezzanine.blog", + "mezzanine.forms", + "mezzanine.galleries", + "mezzanine.twitter", + # "mezzanine.accounts", + # "mezzanine.mobile", + "cms" , + "storages", + ) + + # List of middleware classes to use. Order is important; in the request phase, + # these middleware classes will be applied in the order given, and in the + # response phase the middleware will be applied in reverse order. + MIDDLEWARE_CLASSES = ( + "mezzanine.core.middleware.UpdateCacheMiddleware", + "mezzanine_api.middleware.ApiMiddleware", + 'django.contrib.sessions.middleware.SessionMiddleware', + # Uncomment if using internationalisation or localisation + # 'django.middleware.locale.LocaleMiddleware', + 'django.middleware.common.CommonMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', + 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', + + "mezzanine.core.request.CurrentRequestMiddleware", + "mezzanine.core.middleware.RedirectFallbackMiddleware", + "mezzanine.core.middleware.TemplateForDeviceMiddleware", + "mezzanine.core.middleware.TemplateForHostMiddleware", + "mezzanine.core.middleware.AdminLoginInterfaceSelectorMiddleware", + "mezzanine.core.middleware.SitePermissionMiddleware", + "mezzanine.pages.middleware.PageMiddleware", + "mezzanine.core.middleware.FetchFromCacheMiddleware", + ) + + # Store these package names here as they may change in the future since + # at the moment we are using custom forks of them. + PACKAGE_NAME_FILEBROWSER = "filebrowser_safe" + PACKAGE_NAME_GRAPPELLI = "grappelli_safe" + + ######################### + # OPTIONAL APPLICATIONS # + ######################### + + # These will be added to ``INSTALLED_APPS``, only if available. + OPTIONAL_APPS = ( + "debug_toolbar", + "django_extensions", + "compressor", + PACKAGE_NAME_FILEBROWSER, + PACKAGE_NAME_GRAPPELLI, + ) + + ##################### + # REST API SETTINGS # + ##################### + try: + from mezzanine_api.settings import * + except ImportError: + pass + + + ################## + # LOCAL SETTINGS # + ################## + + # Allow any settings to be defined in local_settings.py which should be + # ignored in your version control system allowing for settings to be + # defined per ma chine. + + # Instead of doing "from .local_settings import *", we use exec so that + # local_settings has full access to everything defined in this module. + # Also force into sys.modules so it's visible to Django's autoreload. + + f = os.path.join(PROJECT_APP_PATH, "local_settings/__init__.py") + if os.path.exists(f): + import sys + import imp + module_name = "%s.local_settings" % PROJECT_APP + module = imp.new_module(module_name) + module.__file__ = f + sys.modules[module_name] = module + exec(open(f, "rb").read()) + + + #################### + # DYNAMIC SETTINGS # + #################### + + # set_dynamic_settings() will rewrite globals based on what has been + # defined so far, in order to provide some better defaults where + # applicable. We also allow this settings module to be imported + # without Mezzanine installed, as the case may be when using the + # fabfile, where setting the dynamic settings below isn't strictly + # required. + try: + from mezzanine.utils.conf import set_dynamic_settings + except ImportError: + pass + else: + set_dynamic_settings(globals()) + + # default settings for mezzanine + NEVERCACHE_KEY = os.getenv('CMS_NEVERCACHE_KEY', ''), + # Application User + CMS_APP_USER = os.getenv('CMS_APP_USER') + CMS_APP_USER_PASSWORD = os.getenv('CMS_APP_USER_PASSWORD') + CMS_APP_USER_MAIL = os.getenv('CMS_APP_USER_MAIL') + # Client App (EM) + CMS_APP_CLIENT_ID = os.getenv('CMS_APP_CLIENT_ID') + CMS_APP_CLIENT_SECRET = os.getenv('CMS_APP_CLIENT_SECRET') + CMS_APP_NAME = 'Engagement_Manager_App' + REST_FRAMEWORK['DEFAULT_RENDERER_CLASSES'] = ( + 'rest_framework.renderers.JSONRenderer', + ) + + # S3 configuration for static resources storage and media upload + + # used by our custom storage.py + MEDIA_BUCKET = "cms-media" + STATIC_BUCKET = "cms-static" + + # django-storages configuration + AWS_S3_HOST = os.environ['S3_HOST'] + AWS_S3_PORT = int(os.environ['S3_PORT']) + AWS_S3_CUSTOM_DOMAIN = os.environ['S3_HOST'] + AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID'] + AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY'] + AWS_AUTO_CREATE_BUCKET = True + AWS_PRELOAD_METADATA = True + + # Set by custom subclass. + # AWS_STORAGE_BUCKET_NAME = "em-static" + AWS_S3_CALLING_FORMAT = OrdinaryCallingFormat() + DEFAULT_FILE_STORAGE = 'cms.settings.storage.S3MediaStorage' + STATICFILES_STORAGE = 'cms.settings.storage.S3StaticStorage' + + # These seem to have no effect even when we don't override with custom_domain? + STATIC_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, STATIC_BUCKET) + MEDIA_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, MEDIA_BUCKET) + + STATIC_ROOT = os.environ['STATIC_ROOT'] + + storage.py: | + """ + storage.py + + In order to make Django store trusted static files and untrusted media + (user-uploaded) files in separate s3 buckets, we must create two different + storage classes. + + https://www.caktusgroup.com/blog/2014/11/10/Using-Amazon-S3-to-store-your-Django-sites-static-and-media-files/ + http://www.leehodgkinson.com/blog/my-mezzanine-s3-setup/ + + """ + + # FIXME this module never changes so might not need not be kept in a + # configmap. Also it is (almost) the same as what we use in em; that does + # not use S3BotoStorageMixin. + + # There is a newer storage based on boto3 but that doesn't support changing + # the HOST, as we need to for non-amazon s3 services. It does support an + # "endpoint"; setting AWS_S3_ENDPOINT_URL may cause it to work. + from storages.backends.s3boto import S3BotoStorage + from filebrowser_safe.storage import S3BotoStorageMixin + from django.conf import settings + + + # NOTE for some reason, collectstatic uploads to bucket/location but the + # urls constructed are domain/location + class S3StaticStorage(S3BotoStorage, S3BotoStorageMixin): + custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.STATIC_BUCKET) + bucket_name = settings.STATIC_BUCKET + # location = ... + + + class S3MediaStorage(S3BotoStorage, S3BotoStorageMixin): + custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.MEDIA_BUCKET) + bucket_name = settings.MEDIA_BUCKET + # location = ... diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml new file mode 100644 index 0000000..79ad7b2 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml @@ -0,0 +1,442 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: em-settings + namespace: default +data: + uwsgi.ini: | + [uwsgi] + uwsgi-socket = :80 + plugin = python + chdir = /srv + module = vvp.wsgi:application + master = True + pidfile = /tmp/project-master.pid + vacuum = True + max-requests = 5000 + enable-threads = True + stats = 0.0.0.0:9000 + stats-http = True + __init__.py: | + """ + Django settings for VVP project. + + Environment variables that must exist: + + ENVIRONMENT + SECRET_KEY + SECRET_WEBHOOK_TOKEN + SECRET_GITLAB_AUTH_TOKEN + SECRET_JENKINS_PASSWORD + SECRET_CMS_APP_CLIENT_ID + SECRET_CMS_APP_CLIENT_SECRET + + Environment variables that must exist in production: + + EMAIL_HOST + EMAIL_HOST_PASSWORD + EMAIL_HOST_USER + EMAIL_PORT + + """ + + import os + from vvp.settings.envbool import envbool + from corsheaders.defaults import default_headers + from boto.s3.connection import OrdinaryCallingFormat + import datetime + + # With this file at ice/settings/__init__.py, we need three applications of + # dirname() to find the project root. + import engagementmanager + PROJECT_PATH = os.path.dirname(os.path.dirname(engagementmanager.__file__)) + LOGS_PATH = os.path.join(PROJECT_PATH, "logs") + + ENVIRONMENT = os.environ['ENVIRONMENT'] + PROGRAM_NAME_URL_PREFIX = os.environ['PROGRAM_NAME_URL_PREFIX'] + + # See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/ + SECRET_KEY = os.environ["SECRET_KEY"] + + # https://docs.djangoproject.com/en/1.10/ref/settings/#allowed-hosts + # Anything in the Host header that does not match our expected domain should + # raise SuspiciousOperation exception. + ALLOWED_HOSTS = ['*'] + + DEBUG = envbool('DJANGO_DEBUG_MODE', False) + + if ENVIRONMENT == 'production': + EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' + EMAIL_HOST = os.environ['EMAIL_HOST'] + EMAIL_HOST_PASSWORD = os.environ['EMAIL_HOST_PASSWORD'] + EMAIL_HOST_USER = os.environ['EMAIL_HOST_USER'] + EMAIL_PORT = os.environ['EMAIL_PORT'] + else: + EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' + + # Note: Only SSL email backends are allowed + EMAIL_USE_SSL = True + + REST_FRAMEWORK = { + # Use Django's standard `django.contrib.auth` permissions, + # or allow read-only access for unauthenticated users. + 'EXCEPTION_HANDLER': 'engagementmanager.utils.exception_handler.ice_exception_handler', + 'PAGE_SIZE': 10, + 'DEFAULT_PERMISSION_CLASSES': ( + 'rest_framework.permissions.IsAuthenticated', + ), + 'DEFAULT_AUTHENTICATION_CLASSES': ( + 'rest_framework.authentication.SessionAuthentication', + 'rest_framework.authentication.BasicAuthentication', + 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', + ), + 'DEFAULT_PARSER_CLASSES': ( + 'engagementmanager.rest.parsers.XSSJSONParser', + 'engagementmanager.rest.parsers.XSSFormParser', + 'engagementmanager.rest.parsers.XSSMultiPartParser', + ) + } + + JWT_AUTH = { + 'JWT_AUTH_HEADER_PREFIX': 'token', + 'JWT_ALGORITHM': 'HS256', + 'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1), + 'JWT_DECODE_HANDLER': 'engagementmanager.utils.authentication.ice_jwt_decode_handler', + } + + APPEND_SLASH = False + + # Application definition + INSTALLED_APPS = [ + 'django.contrib.auth', # required by d.c.admin + 'corsheaders', + 'django.contrib.contenttypes', # required by d.c.admin + 'django.contrib.sessions', # required by d.c.admin + 'django.contrib.messages', # required by d.c.admin + 'django.contrib.staticfiles', + 'django.contrib.admin', # django admin site + 'rest_framework', + 'engagementmanager.apps.EngagementmanagerConfig', + 'validationmanager.apps.ValidationmanagerConfig', + ] + + MIDDLEWARE_CLASSES = [ + 'django.middleware.security.SecurityMiddleware', + 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.middleware.common.CommonMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', # required by d.c.admin + 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', + 'corsheaders.middleware.CorsMiddleware', + ] + + ROOT_URLCONF = 'vvp.urls' + + TEMPLATES = [ + { + 'BACKEND': 'django.template.backends.django.DjangoTemplates', + 'DIRS': [PROJECT_PATH + '/web/templates'], + 'APP_DIRS': True, + 'OPTIONS': { + 'context_processors': [ + 'django.template.context_processors.debug', + 'django.template.context_processors.request', + 'django.contrib.auth.context_processors.auth', # required by d.c.admin + 'django.contrib.messages.context_processors.messages', # required by d.c.admin + ], + }, + }, + ] + + WSGI_APPLICATION = 'vvp.wsgi.application' + + + # Database + # https://docs.djangoproject.com/en/1.9/ref/settings/#databases + DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.postgresql', + 'NAME': os.environ['PGDATABASE'], + 'USER': os.environ['PGUSER'], + 'PASSWORD': os.environ['PGPASSWORD'], + 'HOST': os.environ['PGHOST'], + 'PORT': os.environ['PGPORT'], + } + } + + + # Password validation + # https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators + AUTH_PASSWORD_VALIDATORS = [ + {'NAME': 'django.contrib.auth.password_validation.%s' % s} for s in [ + 'UserAttributeSimilarityValidator', + 'MinimumLengthValidator', + 'CommonPasswordValidator', + 'NumericPasswordValidator', + ]] + + + # Internationalization + # https://docs.djangoproject.com/en/1.9/topics/i18n/ + LANGUAGE_CODE = 'en-us' + TIME_ZONE = 'UTC' + USE_I18N = True + USE_L10N = True + USE_TZ = True + + CORS_ALLOW_HEADERS = default_headers + ('ICE-USER-ID',) + + # Static files (CSS, JavaScript, Images) + # https://docs.djangoproject.com/en/1.9/howto/static-files/ + STATIC_ROOT = os.environ['STATIC_ROOT'] + + + LOGGING = { + 'version': 1, + 'disable_existing_loggers': False, + 'formatters': { # All possible attributes are: https://docs.python.org/3/library/logging.html#logrecord-attributes + 'verbose': { + 'format': '%(asctime)s %(levelname)s %(name)s %(module)s %(lineno)d %(process)d %(thread)d %(message)s' + }, + 'simple': { + 'format': '%(asctime)s %(levelname)s %(name)s %(message)s' + }, + }, + 'handlers': { + 'console': { + 'class': 'logging.StreamHandler', + 'formatter': 'simple' + }, + 'vvp-info.log': { + 'level': 'INFO', # handler will ignore DEBUG (only process INFO, WARN, ERROR, CRITICAL, FATAL) + 'class': 'logging.FileHandler', + 'filename': os.path.join(LOGS_PATH, 'vvp-info.log'), + 'formatter': 'verbose' + }, + 'vvp-debug.log': { + 'level': 'DEBUG', + 'class': 'logging.FileHandler', + 'filename': os.path.join(LOGS_PATH, 'vvp-debug.log'), + 'formatter': 'verbose' + }, + 'vvp-requests.log': { + 'level': 'ERROR', + 'class': 'logging.FileHandler', + 'filename': os.path.join(LOGS_PATH, 'vvp-requests.log'), + 'formatter': 'verbose' + }, + 'vvp-db.log': { + 'level': 'ERROR', + 'class': 'logging.FileHandler', + 'filename': os.path.join(LOGS_PATH, 'vvp-db.log'), + 'formatter': 'verbose', + }, + }, + 'loggers': { + 'vvp.logger': { + 'handlers': ['vvp-info.log', 'vvp-debug.log', 'vvp-requests.log', 'vvp-db.log', 'console'], + 'level': 'DEBUG' if DEBUG else 'INFO', + }, + 'django': { + 'handlers': ['console'], + 'level': 'INFO' if DEBUG else 'ERROR', + }, + 'django.request': { + 'handlers': ['vvp-requests.log', 'console'], + 'level': 'INFO' if DEBUG else 'ERROR', + }, + 'django.db.backends': { + 'handlers': ['vvp-db.log', 'console'], + 'level': 'DEBUG' if DEBUG else 'ERROR', + 'propagate': False, + }, + # silence the hundred lines of useless "missing variable in template" + # complaints per admin pageview. + 'django.template': { + 'level': 'DEBUG', + 'handlers': ['vvp-info.log', 'vvp-debug.log', 'console'], + 'propagate': False, + }, + } + } + + + ############################# + # VVP Related Configuration + ############################# + CONTACT_FROM_ADDRESS = os.getenv('CONTACT_FROM_ADDRESS', 'dummy@example.com') + CONTACT_EMAILS = [s.strip() for s in os.getenv('CONTACT_EMAILS', 'dummy@example.com') + DOMAIN = os.getenv('EM_DOMAIN_NAME') + TOKEN_EXPIRATION_IN_HOURS = 48 + DAILY_SCHEDULED_JOB_HOUR = 20 + NUMBER_OF_POLLED_ACTIVITIES = 5 + TEMP_PASSWORD_EXPIRATION_IN_HOURS = 48 + # This is the DNS name pointing to the private-network ip of the host machine + # running (a haproxy that points to) (an nginx frontend for) this app + API_DOMAIN = 'em' + + # The authentication token needed by Jenkins or Gitlab to issue webhook updates + # to us. This is a "secret" shared by Jenkins and Django. It must be part of + # the URL path component for the Jenkins webhook in ValidationManager to accept + # a notification. It should be a set of random URL-path-safe characters, with + # no slash '/'. + # FIXME: Does this authentication scheme actually gain us anything? What's the + # threat model + WEBHOOK_TOKEN = os.environ['SECRET_WEBHOOK_TOKEN'] + + # The authentication token and URL needed for us to issue requests to the GitLab API. + GITLAB_TOKEN = os.environ['SECRET_GITLAB_AUTH_TOKEN'] + GITLAB_URL = "http://gitlab/" + + JENKINS_URL = "http://jenkins:8080/" + JENKINS_USERNAME = "admin" + JENKINS_PASSWORD = os.environ['SECRET_JENKINS_PASSWORD'] + + IS_CL_CREATED_ON_REVIEW_STATE = envbool('IS_CL_CREATED_ON_REVIEW_STATE', False) # Options: True, False + IS_SIGNAL_ENABLED = envbool('IS_SIGNAL_ENABLED', True) + RECENT_ENG_TTL = 3 # In days + CMS_URL = "http://cms/api/" + CMS_APP_CLIENT_ID = os.environ['SECRET_CMS_APP_CLIENT_ID'] + CMS_APP_CLIENT_SECRET = os.environ['SECRET_CMS_APP_CLIENT_SECRET'] + + # slack integration + SLACK_API_TOKEN = os.environ['SLACK_API_TOKEN'] + ENGAGEMENTS_CHANNEL = os.getenv('ENGAGEMENTS_CHANNEL', '') + ENGAGEMENTS_NOTIFICATIONS_CHANNEL = os.getenv('ENGAGEMENTS_NOTIFICATIONS_CHANNEL:', '') + DEVOPS_CHANNEL = os.getenv('DEVOPS_CHANNEL', '') + DEVOPS_NOTIFICATIONS_CHANNEL = os.getenv('DEVOPS_NOTIFICATIONS_CHANNEL', '') + + # S3 configuration for static resources storage and media upload + + # used by our custom storage.py + MEDIA_BUCKET = "em-media" + STATIC_BUCKET = "em-static" + + # django-storages configuration + AWS_S3_HOST = os.environ['S3_HOST'] + AWS_S3_PORT = int(os.environ['S3_PORT']) + AWS_S3_CUSTOM_DOMAIN = os.environ['S3_HOST'] + AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID'] + AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY'] + AWS_AUTO_CREATE_BUCKET = True + AWS_PRELOAD_METADATA = True + + # Set by custom subclass. + # AWS_STORAGE_BUCKET_NAME = "em-static" + AWS_S3_CALLING_FORMAT = OrdinaryCallingFormat() + DEFAULT_FILE_STORAGE = 'vvp.settings.storage.S3MediaStorage' + STATICFILES_STORAGE = 'vvp.settings.storage.S3StaticStorage' + + # These seem to have no effect even when we don't override with custom_domain? + STATIC_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, STATIC_BUCKET) + MEDIA_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, MEDIA_BUCKET) + + STATIC_ROOT = os.environ['STATIC_ROOT'] + + storage.py: | + """ + storage.py + + In order to make Django store trusted static files and untrusted media + (user-uploaded) files in separate s3 buckets, we must create two different + storage classes. + + https://www.caktusgroup.com/blog/2014/11/10/Using-Amazon-S3-to-store-your-Django-sites-static-and-media-files/ + http://www.leehodgkinson.com/blog/my-mezzanine-s3-setup/ + + """ + + # FIXME this module never changes so might not need not be kept in a + # configmap. Also it is (almost) the same as what we use in cms. + + # There is a newer storage based on boto3 but that doesn't support changing + # the HOST, as we need to for non-amazon s3 services. It does support an + # "endpoint"; setting AWS_S3_ENDPOINT_URL may cause it to work. + from storages.backends.s3boto import S3BotoStorage + from django.conf import settings + + + # NOTE for some reason, collectstatic uploads to bucket/location but the + # urls constructed are domain/location + class S3StaticStorage(S3BotoStorage): + custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.STATIC_BUCKET) + bucket_name = settings.STATIC_BUCKET + # location = ... + + + class S3MediaStorage(S3BotoStorage): + custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.MEDIA_BUCKET) + bucket_name = settings.MEDIA_BUCKET + # location = ... + + envbool.py: | + """ + envbool.py + + Return which environment is currently running on (to setting.py). + + """ + import os + + + def envbool(key, default=False, unknown=True): + """Return a boolean value based on that of an environment variable. + + Environment variables have no native boolean type. They are always strings, and may be empty or + unset (which differs from empty.) Furthermore, notions of what is "truthy" in shell script + differ from that of python. + + This function converts environment variables to python boolean True or False in + case-insensitive, expected ways to avoid pitfalls: + + "True", "true", and "1" become True + "False", "false", and "0" become False + unset or empty becomes False by default (toggle with 'default' parameter.) + any other value becomes True by default (toggle with 'unknown' parameter.) + + """ + return { + 'true': True, '1': True, # 't': True, + 'false': False, '0': False, # 'f': False. + '': default, + }.get(os.getenv(key, '').lower(), unknown) diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-cms-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-cms-configmap.yaml new file mode 100644 index 0000000..89adf32 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-cms-configmap.yaml @@ -0,0 +1,74 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: nginx-cms-conf + namespace: default +data: + nginx.conf: | + error_log /dev/stdout warn; + + http { + access_log /dev/stdout; + upstream cms_upstream { + server cms-uwsgi:80; + } + + server { + listen 80 ; + charset utf-8; + client_max_body_size 75M; # adjust to taste + + location / { + uwsgi_pass cms_upstream; + include /etc/nginx/uwsgi_params; + } + } + server { + listen 9000; + location /status { + stub_status; + } + } + } #http + events { + worker_connections 4096; ## Default: 1024 + } diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-em-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-em-configmap.yaml new file mode 100644 index 0000000..0d7b279 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/configmaps/nginx-em-configmap.yaml @@ -0,0 +1,75 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: nginx-em-conf + namespace: default +data: + nginx.conf: | + error_log /dev/stdout warn; + + http { + access_log /dev/stdout; + upstream em_upstream { + server em-uwsgi:80; + } + + server { + listen 80; + charset utf-8; + client_max_body_size 75M; # adjust to taste + + location / { + uwsgi_pass em_upstream; + include /etc/nginx/uwsgi_params; + } + } + + server { + listen 9000; + location /status { + stub_status; + } + } + } #http + events { + worker_connections 4096; ## Default: 1024 + } diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/portal-nginx-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/portal-nginx-configmap.yaml new file mode 100644 index 0000000..4d0e4e8 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/configmaps/portal-nginx-configmap.yaml @@ -0,0 +1,66 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: portal-nginx-config + namespace: default +data: + file: | + pid /nginx.pid; + error_log /dev/stdout warn; + + http { + access_log /dev/stdout; + server { + listen 0.0.0.0:8181; + + location / { + include /etc/nginx/mime.types; + root /usr/share/nginx/html/; + } + + } + + } + + events { + worker_connections 4096; + } diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/postgresql-conf-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/postgresql-conf-configmap.yaml new file mode 100644 index 0000000..999c1ca --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/configmaps/postgresql-conf-configmap.yaml @@ -0,0 +1,65 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: postgresql-conf + namespace: default +data: + postgresql.conf: | + # + # initdb defaults + # + listen_addresses = '*' # what IP address(es) to listen on; + max_connections = 100 # (change requires restart) + shared_buffers = 32MB # min 128kB + datestyle = 'iso, mdy' + lc_messages = 'en_US.UTF-8' # locale for system error message + lc_monetary = 'en_US.UTF-8' # locale for monetary formatting + lc_numeric = 'en_US.UTF-8' # locale for number formatting + lc_time = 'en_US.UTF-8' # locale for time formatting + default_text_search_config = 'pg_catalog.english' + log_line_prefix = 'user=%u,db=%d ' + # + # our customizations + # + dynamic_shared_memory_type = posix + log_timezone = 'UTC' + timezone = 'UTC' diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/postgresql-initdb-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/postgresql-initdb-configmap.yaml new file mode 100644 index 0000000..e6f272e --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/configmaps/postgresql-initdb-configmap.yaml @@ -0,0 +1,61 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: postgresql-initdb + namespace: default +data: + # docker-entrypoint.sh supports sql scripts but we need to expand variables. + cms_db.sh: | + # sourced, not executed, by docker-entrypoint.sh (/bin/bash) + + # defaults + : ${ICE_CMS_DB_USER:="icecmsuser"} + : ${ICE_CMS_DB_NAME:="icecmsdb"} + : ${ICE_CMS_DB_PASSWORD:="na"} + + psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<- EOF + CREATE USER ${ICE_CMS_DB_USER} WITH CREATEDB PASSWORD '${ICE_CMS_DB_PASSWORD}'; + CREATE DATABASE ${ICE_CMS_DB_NAME} WITH OWNER ${ICE_CMS_DB_USER} ENCODING 'utf-8'; + EOF + link_postgresql.sh: | + # sourced, not executed, by docker-entrypoint.sh (/bin/bash) + ln -sf /etc/postgresql/conf.d/postgresql.conf "${PGDATA}"/postgresql.conf diff --git a/ansible/roles/ansible-vvp-templates/files/deployments/30-cms-nginx-deployment.yaml b/ansible/roles/ansible-vvp-templates/files/deployments/30-cms-nginx-deployment.yaml new file mode 100644 index 0000000..55c4f64 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/deployments/30-cms-nginx-deployment.yaml @@ -0,0 +1,70 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: cms-nginx +spec: + replicas: 1 + template: + metadata: + labels: + run: nginx-cms + spec: + containers: + - name: nginx-cms + image: nginx:1.11.9-alpine + ports: + - containerPort: 80 + - containerPort: 9000 + command: ["nginx", "-g", "daemon off;", "-c", "/tmp/nginx/nginx.conf"] + volumeMounts: + - mountPath: /tmp/nginx + name: nginx-cms-conf + livenessProbe: + httpGet: + path: /status + port: 9000 + initialDelaySeconds: 120 + periodSeconds: 15 + volumes: + - name: nginx-cms-conf + configMap: + name: nginx-cms-conf diff --git a/ansible/roles/ansible-vvp-templates/files/deployments/30-em-nginx-deployment.yaml b/ansible/roles/ansible-vvp-templates/files/deployments/30-em-nginx-deployment.yaml new file mode 100644 index 0000000..7ae2815 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/deployments/30-em-nginx-deployment.yaml @@ -0,0 +1,70 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: em-nginx +spec: + replicas: 1 + template: + metadata: + labels: + run: nginx-em + spec: + containers: + - name: nginx-em + image: nginx:1.11.9-alpine + ports: + - containerPort: 80 + - containerPort: 9000 + command: ["nginx", "-g", "daemon off;", "-c", "/tmp/nginx/nginx.conf"] + volumeMounts: + - mountPath: /tmp/nginx + name: nginx-em-conf + livenessProbe: + httpGet: + path: /status + port: 9000 + initialDelaySeconds: 20 + periodSeconds: 15 + volumes: + - name: nginx-em-conf + configMap: + name: nginx-em-conf diff --git a/ansible/roles/ansible-vvp-templates/files/jobs/s3provision-job.yaml b/ansible/roles/ansible-vvp-templates/files/jobs/s3provision-job.yaml new file mode 100644 index 0000000..917d1f5 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/jobs/s3provision-job.yaml @@ -0,0 +1,60 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: s3provision +spec: + template: + metadata: + name: s3provision + spec: + containers: + - name: s3provision + image: python:2-alpine + command: ['/bin/sh', '/opt/configmaps/s3provision/entrypoint.sh'] + volumeMounts: + - name: s3provision + mountPath: /opt/configmaps/s3provision + volumes: + - name: s3provision + configMap: + name: s3provision + restartPolicy: Never diff --git a/ansible/roles/ansible-vvp-templates/files/services/ci-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/ci-service.yaml new file mode 100644 index 0000000..1dfadda --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/services/ci-service.yaml @@ -0,0 +1,52 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Service +metadata: + name: ci + labels: + run: ci +spec: + ports: + - port: 8282 + protocol: TCP + name: ci + selector: + run: ci-uwsgi diff --git a/ansible/roles/ansible-vvp-templates/files/services/cms-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/cms-service.yaml new file mode 100644 index 0000000..a9d02ad --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/services/cms-service.yaml @@ -0,0 +1,52 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Service +metadata: + name: cms + labels: + run: nginx +spec: + ports: + - port: 80 + protocol: TCP + name: web + selector: + run: nginx-cms diff --git a/ansible/roles/ansible-vvp-templates/files/services/cms-uwsgi-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/cms-uwsgi-service.yaml new file mode 100644 index 0000000..94d512c --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/services/cms-uwsgi-service.yaml @@ -0,0 +1,52 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Service +metadata: + name: cms-uwsgi + labels: + run: cms-uwsgi +spec: + ports: + - port: 80 + protocol: TCP + name: cms-uwsgi + selector: + run: cms-uwsgi diff --git a/ansible/roles/ansible-vvp-templates/files/services/em-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/em-service.yaml new file mode 100644 index 0000000..bffe2d2 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/services/em-service.yaml @@ -0,0 +1,52 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Service +metadata: + name: em + labels: + run: nginx +spec: + ports: + - port: 80 + protocol: TCP + name: web + selector: + run: nginx-em diff --git a/ansible/roles/ansible-vvp-templates/files/services/em-uwsgi-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/em-uwsgi-service.yaml new file mode 100644 index 0000000..ad95017 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/services/em-uwsgi-service.yaml @@ -0,0 +1,52 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Service +metadata: + name: em-uwsgi + labels: + run: em-uwsgi +spec: + ports: + - port: 80 + protocol: TCP + name: em-uwsgi + selector: + run: em-uwsgi diff --git a/ansible/roles/ansible-vvp-templates/files/services/gitlab-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/gitlab-service.yaml new file mode 100644 index 0000000..d6ff785 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/services/gitlab-service.yaml @@ -0,0 +1,55 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Service +metadata: + name: gitlab + labels: + run: gitlab +spec: + ports: + - port: 80 + protocol: TCP + name: web + - port: 22 + protocol: TCP + name: ssh + selector: + run: gitlab diff --git a/ansible/roles/ansible-vvp-templates/files/services/imagescanner-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/imagescanner-service.yaml new file mode 100644 index 0000000..8e6ae12 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/services/imagescanner-service.yaml @@ -0,0 +1,52 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Service +metadata: + name: imagescanner + labels: + run: imagescanner +spec: + ports: + - port: 80 + protocol: TCP + name: web + selector: + run: imagescanner diff --git a/ansible/roles/ansible-vvp-templates/files/services/jenkins-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/jenkins-service.yaml new file mode 100644 index 0000000..3014de5 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/services/jenkins-service.yaml @@ -0,0 +1,52 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Service +metadata: + name: jenkins + labels: + run: jenkins +spec: + ports: + - port: 8080 + protocol: TCP + name: jenkins + selector: + run: jenkins diff --git a/ansible/roles/ansible-vvp-templates/files/services/portal-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/portal-service.yaml new file mode 100644 index 0000000..72388d3 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/services/portal-service.yaml @@ -0,0 +1,52 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Service +metadata: + name: portal + labels: + run: portal +spec: + ports: + - port: 8181 + protocol: TCP + name: web + selector: + run: portal diff --git a/ansible/roles/ansible-vvp-templates/files/services/postgresql-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/postgresql-service.yaml new file mode 100644 index 0000000..41ed4ff --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/services/postgresql-service.yaml @@ -0,0 +1,52 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Service +metadata: + name: postgresql + labels: + run: postgresql +spec: + ports: + - port: 5432 + protocol: TCP + name: postgresql + selector: + run: postgresql diff --git a/ansible/roles/ansible-vvp-templates/files/services/redis-service.yaml b/ansible/roles/ansible-vvp-templates/files/services/redis-service.yaml new file mode 100644 index 0000000..4e58ffa --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/files/services/redis-service.yaml @@ -0,0 +1,52 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Service +metadata: + name: redis + labels: + run: redis +spec: + ports: + - port: 6379 + protocol: TCP + name: redis + selector: + run: redis diff --git a/ansible/roles/ansible-vvp-templates/tasks/main.yml b/ansible/roles/ansible-vvp-templates/tasks/main.yml new file mode 100644 index 0000000..a294829 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/tasks/main.yml @@ -0,0 +1,42 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +- include: render.yml + tags: + - render diff --git a/ansible/roles/ansible-vvp-templates/tasks/render.yml b/ansible/roles/ansible-vvp-templates/tasks/render.yml new file mode 100644 index 0000000..ec6900d --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/tasks/render.yml @@ -0,0 +1,73 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +- name: Create destination directories if they don't exist | Render + file: + path: "{{k8_config_dir}}/{{item}}" + state: directory + mode: 0700 + with_items: + - configmaps + - jobs + - deployments + - secrets + - services + +- name: Render Kubernetes Templates | Render + template: + src: "{{item}}" + dest: "{{k8_config_dir}}/{{item|dirname|basename}}/{{item|basename|splitext|first}}" + with_fileglob: + - ../templates/configmaps/* + - ../templates/jobs/* + - ../templates/deployments/* + - ../templates/secrets/* + - ../templates/services/* + +- name: Copy Kubernetes Manifests | Render + copy: + src: "{{item}}" + dest: "{{k8_config_dir}}/{{item|dirname|basename}}" + with_fileglob: + - configmaps/*.yaml + - jobs/*.yaml + - deployments/*.yaml + - secrets/*.yaml + - services/*.yaml + - jobs/*.yaml diff --git a/ansible/roles/ansible-vvp-templates/tasks/rerender.yml b/ansible/roles/ansible-vvp-templates/tasks/rerender.yml new file mode 100644 index 0000000..6e46f5b --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/tasks/rerender.yml @@ -0,0 +1,42 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +- name: Rerender Template + template: + src: "templates/{{template}}" + dest: "{{manifest}}" diff --git a/ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2 new file mode 100644 index 0000000..3fd9055 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2 @@ -0,0 +1,198 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: ext-haproxy-cfg + namespace: default +data: + file: | + resolvers dns + nameserver pod_dns "10.3.0.10:53" + resolve_retries 3 + timeout retry 1s + hold valid 30s + + defaults + mode http + timeout connect 5000ms + timeout client 50000ms + timeout server 50000ms + option httpclose + option redispatch + option abortonclose + option httplog + option dontlognull + default-server init-addr last,libc,none + + backend gitlab_ssh + mode tcp + option tcplog + timeout server 2h + server gitlabssh gitlab:22 resolvers dns + + frontend gitlab_ssh_frontend + mode tcp + option tcplog + timeout client 2h + bind 0.0.0.0:22 + acl is_ssh dst_port 22 + use_backend gitlab_ssh if is_ssh + + backend portal_backend + mode http + server ice_portal portal:8181 resolvers dns + + backend api + mode http + server engagement_manager em:80 resolvers dns + + backend s3 + mode http + balance roundrobin + option httpchk HEAD / +{% for host in rgws %} + server {{ host['name'] }} {{ host['ip'] }}:{{ hostvars[host['name']]['radosgw_civetweb_port'] }} check inter 10000ms +{% endfor %} + + frontend portal + mode http + redirect scheme https if !{ ssl_fc } + acl is_api_call path_beg -i /ice + acl is_s3 hdr_beg(host) s3. staging-s3. dev-s3. + use_backend api if is_api_call + use_backend s3 if is_s3 + bind 0.0.0.0:80 + bind 0.0.0.0:443 ssl crt /etc/haproxy/site.pem force-tlsv12 + default_backend portal_backend + + listen stats + bind 0.0.0.0:9001 + mode http + stats enable # Enable stats page + stats realm Haproxy\ Statistics + stats uri /haproxy_stats + stats auth "${HAPROXY_USER}:${HAPROXY_PASS}" + acl network_allowed src 10.252.0.0/16 127.0.0.1/32 10.2.0.0/16 + http-request deny if !network_allowed +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: int-haproxy-cfg + namespace: default +data: + file: | + resolvers dns + nameserver pod_dns "10.3.0.10:53" + resolve_retries 3 + timeout retry 1s + hold valid 30s + + defaults + mode http + timeout connect 5000ms + timeout client 50000ms + timeout server 50000ms + option httpclose + option redispatch + option abortonclose + option httplog + option dontlognull + default-server init-addr last,libc,none + + backend gitlab_web_backend + mode http + server gitlab_web_1 gitlab:80 resolvers dns + + frontend gitlab_web + mode http + bind 0.0.0.0:80 + + acl is_scanner path_beg /imagescanner + acl is_em_admin hdr_beg(host) em. staging-em. dev-em. + acl is_cms hdr_beg(host) cms. staging-cms. dev-cms. + acl is_ci_admin hdr_beg(host) staging-ci. dev-ci. + acl is_s3 hdr_beg(host) s3. staging-s3. dev-s3. + + use_backend imagescanner if is_em_admin is_scanner + use_backend cms if is_cms + use_backend api if is_em_admin + use_backend ci if is_ci_admin + use_backend s3 if is_s3 + + default_backend gitlab_web_backend + + backend s3 + mode http + balance roundrobin +{% for host in rgws %} + server {{ host['name'] }} {{ host['ip'] }}:{{ hostvars[host['name']]['radosgw_civetweb_port'] }} +{% endfor %} + + backend cms + mode http + server cms_server cms:80 resolvers dns + + backend api + mode http + server engagement_manager em:80 resolvers dns + + backend ci + mode http + server ci_test ci:8282 resolvers dns + + listen jenkins + bind 0.0.0.0:8080 + server jenkins jenkins:8080 resolvers dns + + backend imagescanner + mode http + server imagescanner imagescanner:80 resolvers dns + + listen stats + bind 0.0.0.0:9000 + mode http + stats enable # Enable stats page + stats realm Haproxy\ Statistics + stats uri /haproxy_stats + stats auth "${HAPROXY_USER}:${HAPROXY_PASS}" + acl network_allowed src 10.252.0.0/16 127.0.0.1/32 10.2.0.0/16 + block if !network_allowed diff --git a/ansible/roles/ansible-vvp-templates/templates/configmaps/s3provision-configmap.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/configmaps/s3provision-configmap.yaml.j2 new file mode 100644 index 0000000..6e30492 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/configmaps/s3provision-configmap.yaml.j2 @@ -0,0 +1,86 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: s3provision + namespace: default +data: + s3cmd.cfg: | + [default] + access_key = {{ vault_aws_access_key_id }} + host_base = {{ rgws[0]['ip'] }}:{{ hostvars[rgws[0]['name']]['radosgw_civetweb_port'] }} + host_bucket = + secret_key = {{ vault_aws_secret_access_key }} + use_https = False + verbosity = INFO + corsconf.xml: | + + + Allow GET and HEAD from our domain. + https://{{ domain }} + http://{{ cms_dns_name }} + http://{{ em_domain_name }} + GET + HEAD + Content-* + Host + ETag + 1800 + + + entrypoint.sh: | + #!/bin/sh + set -ex + echo Running $0 ... + s3cmd="s3cmd -c /opt/configmaps/s3provision/s3cmd.cfg" + corsconf="/opt/configmaps/s3provision/corsconf.xml" + + pip install s3cmd + + for bucket in em-static cms-static em-media cms-media; do + $s3cmd mb s3://$bucket + done + + for bucket in em-static cms-static; do + $s3cmd setcors $corsconf s3://$bucket + done + + echo $0 complete. diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 new file mode 100644 index 0000000..6771b1f --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 @@ -0,0 +1,108 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: gitlab +spec: + replicas: 1 + template: + metadata: + labels: + run: gitlab + spec: + containers: + - name: gitlab + image: {{container_uri}}rkt-gitlab:{{container_tag}} + ports: + - containerPort: 80 + - containerPort: 22 + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/opt/gitlab + name: gitlab + subPath: var/opt/gitlab + - mountPath: /etc/gitlab + name: gitlab + subPath: etc/gitlab + - mountPath: /var/log/gitlab + name: gitlab + subPath: var/log/gitlab + - mountPath: /tmp/deploykey + name: jenkins-deploykey + env: + - name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: gitlab-password + key: password + - name: AUTHENTICATION_TOKEN + valueFrom: + secretKeyRef: + name: gitlab-password + key: auth-token + - name: EXTERNAL_URL + value: "http://{{git_dns_name}}" +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: / + port: 80 + initialDelaySeconds: {{livenessProbe_initialDelaySeconds.gitlab | default(120)}} + periodSeconds: 15 +{% endif %} + volumes: + - name: gitlab + rbd: + monitors: +{% for ip in mon_ips %} + - "{{ ip }}" +{% endfor %} + pool: rbd + image: gitlab + user: admin + secretRef: + name: "ceph-secret" + fsType: xfs + readOnly: false + - name: jenkins-deploykey + secret: + secretName: jenkins-deploykey diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 new file mode 100644 index 0000000..e78bfc9 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 @@ -0,0 +1,108 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: postgresql +spec: + replicas: 1 + template: + metadata: + labels: + run: postgresql + spec: + containers: + - name: postgresql + image: {{container_uri}}rkt-postgresql:{{container_tag}} + ports: + - containerPort: 5432 + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: postgresql-data + - mountPath: /etc/postgresql/conf.d/ + name: postgresql-conf + - mountPath: /docker-entrypoint-initdb.d/ + name: postgresql-initdb + env: + - name: POSTGRES_DB + value: icedb + - name: ICE_CMS_DB_NAME + value: icecmsdb + - name: POSTGRES_USER + value: {{vault_em_postgresql_user}} + - name: ICE_CMS_DB_USER + value: {{vault_cms_postgresql_user}} + - name: ICE_CMS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: postgresql-passwords + key: cmsPassword + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: postgresql-passwords + key: emPassword +{% if enable_liveness_probes %} + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: {{livenessProbe_initialDelaySeconds.postgresql | default(120)}} + tcpSocket: + port: 5432 +{% endif %} + volumes: + - name: postgresql-data + rbd: + monitors: +{% for ip in mon_ips %} + - "{{ ip }}" +{% endfor %} + pool: rbd + image: em_postgresql + user: admin + secretRef: + name: "ceph-secret" + fsType: xfs + readOnly: false + - name: postgresql-conf + configMap: + name: postgresql-conf + - name: postgresql-initdb + configMap: + name: postgresql-initdb diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-redis.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-redis.yaml.j2 new file mode 100644 index 0000000..523504a --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-redis.yaml.j2 @@ -0,0 +1,55 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: redis +spec: + replicas: 1 + template: + metadata: + labels: + run: redis + spec: + containers: + - name: redis + image: redis:alpine + ports: + - containerPort: 6379 diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 new file mode 100644 index 0000000..98a04b5 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 @@ -0,0 +1,165 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +{% if ice_environment != 'production' %} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: ci-uwsgi +spec: + template: + spec: + volumes: + - name: ci-settings + configMap: + name: ci-settings + - name: site-crt + secret: + secretName: site-crt +{% if devenv is defined %} + - name: ci-rsync + hostPath: + path: /var/devenv/ice-ci/ +{% endif %} + containers: + - name: ci-uwsgi + image: {{container_uri}}rkt-ice-ci:{{container_tag}} + ports: + - containerPort: 80 + - containerPort: 8282 + - containerPort: 9000 + volumeMounts: + - name: ci-settings + mountPath: /opt/configmaps/settings/ + - name: site-crt + mountPath: /opt/secrets/site-crt/ +{% if devenv is defined %} + - name: ci-rsync + mountPath: /app +{% endif %} + env: + - name: ICE_ENVIRONMENT + value: "{{ice_environment}}" + - name: PROGRAM_NAME_URL_PREFIX + value: "ice" + - name: SECRET_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: key} + - name: EM_DB_HOST + value: postgresql + - name: EM_DB_PORT + value: "5432" + - name: EM_DB_NAME + value: icedb + - name: EM_DB_USER + value: "{{vault_em_postgresql_user}}" + - name: EM_DB_PASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: emPassword} + - name: CMS_DB_HOST + value: postgresql + - name: CMS_DB_PORT + value: "5432" + - name: CMS_DB_NAME + value: "{{cms_postgresql_db|default('icecmsdb')}}" + - name: CMS_DB_USER + value: "{{vault_cms_postgresql_user}}" + - name: CMS_DB_PASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: cmsPassword} + - name: CI_DB_HOST + value: postgresql + - name: CI_DB_PORT + value: "5432" + - name: CI_DB_NAME + value: icedb + - name: CI_DB_USER + value: "{{vault_em_postgresql_user}}" + - name: CI_DB_PASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: ciPassword} + - name: STATIC_ROOT + value: "/app/htdocs" + - name: ICE_CONTACT_FROM_ADDRESS + value: "{{vault_email_host_user}}" + - name: SECRET_WEBHOOK_TOKEN + valueFrom: + secretKeyRef: {name: em-secret, key: em_webhook_token} + - name: SECRET_GITLAB_AUTH_TOKEN + valueFrom: + secretKeyRef: {name: gitlab-password, key: auth-token} + - name: SECRET_JENKINS_PASSWORD + valueFrom: + secretKeyRef: {name: em-secret, key: jenkins_admin_password} + - name: ICE_DOMAIN + value: https://{{domain}} + - name: ICE_EM_DOMAIN_NAME + value: https://{{em_domain_name}} + - name: OAUTHLIB_INSECURE_TRANSPORT + value: "1" + - name: CI_ADMIN_USER + value: "{{vault_ci_admin_user}}" + - name: CI_ADMIN_MAIL + value: "{{vault_ci_admin_mail}}" + - name: CI_ADMIN_PASSWORD + valueFrom: + secretKeyRef: {name: ci-secret, key: admin_password} + - name: S3_HOST + value: "{{s3_dns_name}}" + - name: S3_PORT + value: "443" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: {name: em-secret, key: aws_access_key_id} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: aws_secret_access_key} +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: / + port: 9000 + initialDelaySeconds: 90 + periodSeconds: 15 +{% endif %} + command: ["/app/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", "--static-map", "/static=/app/htdocs" {% if devenv is defined %}, "--py-auto-reload" , "3"{% endif %}] + metadata: + labels: + run: ci-uwsgi +{% endif %} diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 new file mode 100644 index 0000000..8b601e9 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 @@ -0,0 +1,146 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: cms-uwsgi +spec: + template: + spec: + containers: + - name: cms-uwsgi + image: {{container_uri}}rkt-ice-cms:{{container_tag}} + ports: + - containerPort: 80 + - containerPort: 9000 + env: + - name: ENVIRONMENT + value: "{{ice_environment}}" + - name: SECRET_KEY + valueFrom: + secretKeyRef: {name: cms-secret, key: key} + - name: EMAIL_HOST + value: "{{vault_email_host}}" + - name: EMAIL_HOST_USER + value: "{{vault_email_host_user}}" + - name: EMAIL_PORT + value: "{{email_port|default(25)}}" + - name: EMAIL_HOST_PASSWORD + valueFrom: + secretKeyRef: {name: email-secret, key: password} + - name: PGHOST + value: postgresql + - name: PGPORT + value: "5432" + - name: PGDATABASE + value: "{{cms_postgresql_db|default('icecmsdb')}}" + - name: PGUSER + value: "{{vault_cms_postgresql_user}}" + - name: PGPASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: cmsPassword} + - name: ICE_CONTACT_FROM_ADDRESS + value: "{{vault_email_host_user}}" + - name: CMS_NEVERCACHE_KEY + valueFrom: + secretKeyRef: {name: cms-secret, key: nevercache_key} + - name: CMS_APP_USER + valueFrom: + secretKeyRef: {name: cms-secret, key: app_user} + - name: CMS_APP_USER_MAIL + valueFrom: + secretKeyRef: {name: cms-secret, key: app_user_mail} + - name: CMS_APP_USER_PASSWORD + valueFrom: + secretKeyRef: {name: cms-secret, key: app_user_password} + - name: CMS_APP_CLIENT_ID + valueFrom: + secretKeyRef: {name: cms-secret, key: app_client_id} + - name: CMS_APP_CLIENT_SECRET + valueFrom: + secretKeyRef: {name: cms-secret, key: app_client_secret} + - name: STATIC_ROOT + value: "/app/htdocs" + - name: DJANGO_DEBUG_MODE + value: "{{django_debug_mode}}" + - name: S3_HOST + value: "{{s3_dns_name}}" + - name: S3_PORT + value: "443" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: {name: em-secret, key: aws_access_key_id} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: aws_secret_access_key} +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: / + port: 9000 + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 10 +{% endif %} + command: ["/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", {% if devenv is defined %}"--py-auto-reload" , "3",{% endif %}"--static-map", "/static=/app/htdocs"] + volumeMounts: + - name: settings + mountPath: /opt/configmaps/settings/ + - name: site-crt + mountPath: /opt/secrets/site-crt/ +{% if devenv is defined %} + - name: cms-rsync + mountPath: /srv +{% endif %} + volumes: + - name: settings + configMap: + name: cms-settings + - name: site-crt + secret: + secretName: site-crt +{% if devenv is defined %} + - name: cms-rsync + hostPath: + path: /var/devenv/rkt-ice-cms/django +{% endif %} + metadata: + labels: + run: cms-uwsgi diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 new file mode 100644 index 0000000..8cedd29 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 @@ -0,0 +1,162 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: em-uwsgi +spec: + template: + spec: + volumes: +{% if devenv is defined %} + - name: em-rsync + hostPath: + path: /var/devenv/rkt-ice-engagementmgr/django +{% endif %} + - name: site-crt + secret: + secretName: site-crt + - name: em-settings + configMap: + name: em-settings + containers: + - name: em-uwsgi + image: {{container_uri}}rkt-engagementmgr:{{container_tag}} + ports: + - containerPort: 80 + - containerPort: 9000 + volumeMounts: +{% if devenv is defined %} + - name: em-rsync + mountPath: /srv +{% endif %} + - name: em-settings + mountPath: /opt/configmaps/settings/ + - name: site-crt + mountPath: /opt/secrets/site-crt/ + env: + - name: ENVIRONMENT + value: "{{ice_environment}}" + - name: PROGRAM_NAME_URL_PREFIX + value: "ice" + - name: SECRET_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: key} + - name: EMAIL_HOST + value: "{{vault_email_host}}" + - name: EMAIL_HOST_USER + value: "{{vault_email_host_user}}" + - name: EMAIL_PORT + value: "{{email_port|default(25)}}" + - name: EMAIL_HOST_PASSWORD + valueFrom: + secretKeyRef: {name: email-secret, key: password} + - name: PGHOST + value: postgresql + - name: PGPORT + value: "5432" + - name: PGDATABASE + value: icedb + - name: PGUSER + value: "{{vault_em_postgresql_user}}" + - name: PGPASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: emPassword} + - name: DOMAIN + value: https://{{domain}} + - name: ICE_EM_DOMAIN_NAME + value: https://{{em_domain_name}} + - name: CONTACT_FROM_ADDRESS + value: "{{vault_email_host_user}}" + - name: OAUTHLIB_INSECURE_TRANSPORT + value: "1" + - name: SECRET_WEBHOOK_TOKEN + valueFrom: + secretKeyRef: {name: em-secret, key: em_webhook_token} + - name: SECRET_GITLAB_AUTH_TOKEN + valueFrom: + secretKeyRef: {name: gitlab-password, key: auth-token} + - name: SECRET_JENKINS_PASSWORD + valueFrom: + secretKeyRef: {name: em-secret, key: jenkins_admin_password} + - name: SECRET_CMS_APP_CLIENT_ID + valueFrom: + secretKeyRef: {name: em-secret, key: cms_app_client_id} + - name: SECRET_CMS_APP_CLIENT_SECRET + valueFrom: + secretKeyRef: {name: em-secret, key: cms_app_client_secret} + - name: STATIC_ROOT + value: "/app/htdocs" + - name: DJANGO_DEBUG_MODE + value: "{{django_debug_mode}}" + - name: SLACK_API_TOKEN + valueFrom: + secretKeyRef: {name: em-secret, key: slack_api_token} + - name: ENGAGEMENTS_CHANNEL + value: "{{engagements_channel | default('')}}" + - name: ENGAGEMENTS_NOTIFICATIONS_CHANNEL + value: "{{engagements_notifications_channel | default('')}}" + - name: DEVOPS_CHANNEL + value: "{{devops_channel | default('')}}" + - name: DEVOPS_NOTIFICATIONS_CHANNEL + value: "{{devops_notifications_channel | default('')}}" + - name: S3_HOST + value: "{{s3_dns_name}}" + - name: S3_PORT + value: "443" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: {name: em-secret, key: aws_access_key_id} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: aws_secret_access_key} +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: / + port: 9000 + initialDelaySeconds: {{livenessProbe_initialDelaySeconds.em | default(90)}} + periodSeconds: 15 + timeoutSeconds: 10 +{% endif %} + command: ["/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", {% if devenv is defined %}"--py-auto-reload" , "3",{% endif %}"--static-map", "/static=/app/htdocs"] + metadata: + labels: + run: em-uwsgi diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 new file mode 100644 index 0000000..775d341 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 @@ -0,0 +1,107 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: imagescanner +spec: + template: + spec: + + containers: + - name: imagescanner-worker + image: {{container_uri}}ice-image-scanner:{{container_tag}} + command: ["/usr/local/bin/imagescanner-worker"] + securityContext: + privileged: true + volumeMounts: + - name: imagescanner-ssh + mountPath: /root/.ssh + - name: dev + mountPath: /dev + - name: logs + mountPath: /var/log/imagescanner + + - name: notifications-worker + image: {{container_uri}}ice-image-scanner:{{container_tag}} + command: ["/usr/local/bin/notifications-worker"] + securityContext: + privileged: true + env: + - name: SLACK_TOKEN + valueFrom: + secretKeyRef: {name: slack-tokens, key: notifications} + - name: DOMAIN + value: "{{em_internal_dns_name}}" + + - name: imagescanner-frontend + image: {{container_uri}}ice-image-scanner:{{container_tag}} + command: ["/usr/local/bin/imagescanner-frontend"] + {# + FIXME: No, the frontend does not require a privileged container. + However, it seems that if you run the frontend container without + this specification in the same pod as the worker, then the worker + loses its privileges! + -#} + securityContext: + privileged: true + ports: + - containerPort: 80 + volumeMounts: + - name: logs + mountPath: /var/log/imagescanner + env: + - name: DEFAULT_SLACK_CHANNEL + value: "#notifications" + + volumes: + - name: imagescanner-ssh + secret: + secretName: imagescanner-ssh + defaultMode: 0600 + - name: dev + hostPath: + path: /dev + - name: logs + emptyDir: {} + + metadata: + labels: + run: imagescanner diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 new file mode 100644 index 0000000..61504f1 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 @@ -0,0 +1,89 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: jenkins +spec: + template: + spec: + containers: + - name: jenkins + image: {{container_uri}}rkt-jenkins:{{container_tag}} + ports: + - containerPort: 8080 + volumeMounts: + - name: jenkins-home + mountPath: /var/jenkins_home + - name: jenkins-users-admin + mountPath: /var/jenkins_home/users/admin + - name: jenkins-ssh + mountPath: /var/jenkins_home/.ssh +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: /robots.txt + port: 8080 + initialDelaySeconds: 120 + periodSeconds: 15 +{% endif %} + volumes: + - name: jenkins-home + rbd: + monitors: +{% for ip in mon_ips %} + - "{{ ip }}" +{% endfor %} + pool: rbd + image: jenkins + user: admin + secretRef: + name: "ceph-secret" + fsType: xfs + readOnly: false + - name: jenkins-users-admin + secret: + secretName: jenkins-users-admin + - name: jenkins-ssh + secret: + secretName: jenkins-ssh + metadata: + labels: + run: jenkins diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 new file mode 100644 index 0000000..f3505e5 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 @@ -0,0 +1,70 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: portal +spec: + replicas: 1 + template: + metadata: + labels: + run: portal + spec: + containers: + - name: portal + image: {{container_uri}}rkt-ice-portal:{{container_tag}} + ports: + - containerPort: 8181 + command: ["nginx", "-g", "daemon off;", "-c", "/tmp/nginx.conf"] + volumeMounts: + - mountPath: /tmp/ + name: portal-nginx-config +{% if devenv is defined %} + - name: portal-rsync + mountPath: /usr/share/nginx/html +{% endif %} + volumes: + - name: portal-nginx-config + configMap: + name: portal-nginx-config + items: + - key: file + path: nginx.conf diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/40-ext-haproxy-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/40-ext-haproxy-deployment.yaml.j2 new file mode 100644 index 0000000..729f98c --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/40-ext-haproxy-deployment.yaml.j2 @@ -0,0 +1,95 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: ext-haproxy +spec: + replicas: 1 + template: + metadata: + labels: + run: ext-haproxy + spec: + containers: + - name: ext-haproxy + image: haproxy:1.7.2-alpine + ports: + - containerPort: 80 + - containerPort: 22 + - containerPort: 443 + - containerPort: 9001 + env: + - name: HAPROXY_USER + valueFrom: + secretKeyRef: + name: haproxy-auth + key: user + - name: HAPROXY_PASS + valueFrom: + secretKeyRef: + name: haproxy-auth + key: pass +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: /haproxy_stats + port: 9001 + httpHeaders: + - name: Authorization + value: Basic {{(vault_haproxy_user+":"+vault_haproxy_pass)|b64encode}} + initialDelaySeconds: 15 + periodSeconds: 15 +{% endif %} + volumeMounts: + - mountPath: /usr/local/etc/haproxy/ + name: ext-haproxy-cfg + - mountPath: /etc/haproxy/ + name: site-pem + volumes: + - name: ext-haproxy-cfg + configMap: + name: ext-haproxy-cfg + items: + - key: file + path: haproxy.cfg + - name: site-pem + secret: + secretName: site-pem diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/40-int-haproxy-deployments.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/40-int-haproxy-deployments.yaml.j2 new file mode 100644 index 0000000..bc23c01 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/40-int-haproxy-deployments.yaml.j2 @@ -0,0 +1,89 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: int-haproxy +spec: + replicas: 1 + template: + metadata: + labels: + run: int-haproxy + spec: + containers: + - name: int-haproxy + image: haproxy:1.7.2-alpine + ports: + - containerPort: 80 + - containerPort: 8080 + - containerPort: 9000 + env: + - name: HAPROXY_USER + valueFrom: + secretKeyRef: + name: haproxy-auth + key: user + - name: HAPROXY_PASS + valueFrom: + secretKeyRef: + name: haproxy-auth + key: pass +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: /haproxy_stats + port: 9000 + httpHeaders: + - name: Authorization + value: Basic {{(vault_haproxy_user+":"+vault_haproxy_pass)|b64encode}} + initialDelaySeconds: 15 + periodSeconds: 15 +{% endif %} + volumeMounts: + - mountPath: /usr/local/etc/haproxy/ + name: int-haproxy-cfg + volumes: + - name: int-haproxy-cfg + configMap: + name: int-haproxy-cfg + items: + - key: file + path: haproxy.cfg diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/ceph-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/ceph-secret.yaml.j2 new file mode 100644 index 0000000..a0480ec --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/ceph-secret.yaml.j2 @@ -0,0 +1,46 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Secret +metadata: + name: ceph-secret +type: "kubernetes.io/rbd" +data: + key: "{{ ceph_key | b64encode }}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/ci-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/ci-secret.yaml.j2 new file mode 100644 index 0000000..dae5191 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/ci-secret.yaml.j2 @@ -0,0 +1,48 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +{% if ice_environment != 'production' %} +--- +apiVersion: v1 +kind: Secret +metadata: + name: ci-secret +type: Opaque +data: + admin_password: "{{vault_ci_admin_password | b64encode}}" +{% endif %} \ No newline at end of file diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/cms-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/cms-secret.yaml.j2 new file mode 100644 index 0000000..38c528c --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/cms-secret.yaml.j2 @@ -0,0 +1,52 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Secret +metadata: + name: cms-secret +type: Opaque +data: + key: "{{ vault_cms_secret_key | b64encode }}" + app_user: "{{vault_cms_app_user | b64encode}}" + app_user_mail: "{{vault_cms_app_user_mail | b64encode}}" + app_user_password: "{{vault_cms_app_user_password | b64encode}}" + app_client_id: "{{vault_cms_app_client_id | b64encode}}" + app_client_secret: "{{vault_cms_app_client_secret | b64encode}}" + nevercache_key: "{{vault_cms_nevercache_key | b64encode}}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/em-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/em-secret.yaml.j2 new file mode 100644 index 0000000..56cbb30 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/em-secret.yaml.j2 @@ -0,0 +1,54 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Secret +metadata: + name: em-secret +type: Opaque +data: + key: "{{ vault_em_secret_key | b64encode }}" + em_webhook_token: "{{ vault_engagementmgr_webhook_token | b64encode }}" + gitlab_admin_password: "{{ vault_gitlab_admin_password | b64encode }}" + jenkins_admin_password: "{{ vault_jenkins_admin_password | b64encode }}" + cms_app_client_id: "{{vault_cms_app_client_id | b64encode}}" + cms_app_client_secret: "{{vault_cms_app_client_secret | b64encode}}" + slack_api_token: "{{( vault_slack_api_token | default('') ) | b64encode}}" + aws_access_key_id: "{{ vault_aws_access_key_id | b64encode }}" + aws_secret_access_key: "{{ vault_aws_secret_access_key | b64encode }}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2 new file mode 100644 index 0000000..29d1319 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2 @@ -0,0 +1,46 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Secret +metadata: + name: email-secret +type: Opaque +data: + password: "{{vault_email_host_password | b64encode }}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/gitlab-password-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/gitlab-password-secret.yaml.j2 new file mode 100644 index 0000000..3621b45 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/gitlab-password-secret.yaml.j2 @@ -0,0 +1,47 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Secret +metadata: + name: gitlab-password +type: Opaque +data: + password: "{{ vault_gitlab_admin_password | b64encode }}" + auth-token: "{{ vault_gitlab_authentication_token | b64encode }}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/haproxy-auth-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/haproxy-auth-secret.yaml.j2 new file mode 100644 index 0000000..c1a8fe1 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/haproxy-auth-secret.yaml.j2 @@ -0,0 +1,47 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Secret +metadata: + name: haproxy-auth +type: Opaque +data: + user: "{{ vault_haproxy_user | b64encode }}" + pass: "{{ vault_haproxy_pass | b64encode }}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/imagescanner-ssh-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/imagescanner-ssh-secret.yaml.j2 new file mode 100644 index 0000000..0028baf --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/imagescanner-ssh-secret.yaml.j2 @@ -0,0 +1,50 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +kind: Secret +apiVersion: v1 +metadata: + name: imagescanner-ssh + namespace: default +type: Opaque +data: + # FIXME the imagescanner really should have its own private key, but then we + # have to adjust the gitlab wrapper script to set two public keys as + # deploykeys. + id_ed25519: "{{vault_jenkins_deploy_key|b64encode}}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-admin-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-admin-secret.yaml.j2 new file mode 100644 index 0000000..c44d898 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-admin-secret.yaml.j2 @@ -0,0 +1,47 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +kind: Secret +apiVersion: v1 +metadata: + name: jenkins-users-admin + namespace: default +type: Opaque +data: + config.xml: "{{jenkins_admin_config_xml|b64encode}}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-deploykey-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-deploykey-secret.yaml.j2 new file mode 100644 index 0000000..4dee827 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-deploykey-secret.yaml.j2 @@ -0,0 +1,47 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +kind: Secret +apiVersion: v1 +metadata: + name: jenkins-deploykey + namespace: default +type: Opaque +data: + deploykey.pub: "{{vault_jenkins_deploy_key_pub|b64encode}}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-ssh-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-ssh-secret.yaml.j2 new file mode 100644 index 0000000..633e1ae --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-ssh-secret.yaml.j2 @@ -0,0 +1,51 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +kind: Secret +apiVersion: v1 +metadata: + name: jenkins-ssh + namespace: default +type: Opaque +data: + # .ssh/config isn't really a secret, but it's the easiest way to get it into + # the same directory as the key + config: > + SG9zdCAqClVzZXJLbm93bkhvc3RzRmlsZSAvZGV2L251bGwKU3RyaWN0SG9zdEtleUNoZWNraW5nIG5vCklkZW50aXR5RmlsZSAiL3Zhci9qZW5raW5zX2hvbWUvLnNzaC9pZF9lZDI1NTE5Igo= + id_ed25519: "{{vault_jenkins_deploy_key|b64encode}}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/postgresql-passwords-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/postgresql-passwords-secret.yaml.j2 new file mode 100644 index 0000000..03f1d9e --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/postgresql-passwords-secret.yaml.j2 @@ -0,0 +1,50 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Secret +metadata: + name: postgresql-passwords +type: Opaque +data: + emPassword: "{{ vault_em_postgresql_password | b64encode }}" + cmsPassword: "{{vault_cms_postgresql_password | b64encode}}" +{% if ice_environment != 'production' %} + ciPassword: "{{vault_ci_postgresql_password | b64encode}}" +{% endif %} diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2 new file mode 100644 index 0000000..f529dcf --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2 @@ -0,0 +1,47 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Secret +metadata: + name: site-crt +type: Opaque +data: + # the public part of the certificate, not actually a secret. + site.crt: "{{ site_pem_cert | b64encode }}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2 new file mode 100644 index 0000000..d045770 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2 @@ -0,0 +1,46 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Secret +metadata: + name: site-pem +type: Opaque +data: + site.pem: "{{ site_pem | b64encode }}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/slack-tokens-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/slack-tokens-secret.yaml.j2 new file mode 100644 index 0000000..ae9f29d --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/slack-tokens-secret.yaml.j2 @@ -0,0 +1,46 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Secret +metadata: + name: slack-tokens +type: Opaque +data: + notifications: "{{( vault_slack_tokens.notifications | default('') ) | b64encode}}" diff --git a/ansible/roles/ansible-vvp-templates/templates/services/haproxy-service.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/services/haproxy-service.yaml.j2 new file mode 100644 index 0000000..a1b6cd4 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/services/haproxy-service.yaml.j2 @@ -0,0 +1,105 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Service +metadata: + name: ext-haproxy + labels: + run: ext-haproxy +spec: + ports: + - port: 80 + protocol: TCP + name: web + - port: 443 + protocol: TCP + name: ssl + - port: 22 + protocol: TCP + name: ssh + - port: 9000 + protocol: TCP + name: stats + externalIPs: +{% for ip in external_ips %} + - "{{ ip }}" +{% endfor %} + selector: + run: ext-haproxy +--- +apiVersion: v1 +kind: Service +metadata: + name: int-haproxy + labels: + run: int-haproxy +spec: + ports: + - port: 80 + protocol: TCP + name: web + - port: 8080 + protocol: TCP + name: jenkins + - port: 9000 + protocol: TCP + name: stats + externalIPs: +{% for ip in internal_ips %} + - "{{ ip }}" +{% endfor %} + selector: + run: int-haproxy +--- +apiVersion: v1 +kind: Service +metadata: + name: ext-haproxy-stats + labels: + run: ext-haproxy-stats +spec: + ports: + - port: 9001 + protocol: TCP + name: stats + externalIPs: + - "{{ internal_ips[0] }}" + selector: + run: ext-haproxy -- cgit 1.2.3-korg