[submodule "kubernetes/aai"]
path = kubernetes/aai
url = ../aai/oom
- branch = .
+ branch = master
ignore = dirty
[submodule "kubernetes/robot"]
path = kubernetes/robot
-Subproject commit 3efe1df6fdba4af4e22849bec220c8daa4a68a49
+Subproject commit 9d23a1c8a97d5878e2aafc871f17af007349c288
env:
# This sets the port that CDT will use to connect to the main appc container.
# The 11 is the node port suffix that is used in the main appc oom templates
- # for nodePort3. This value will be configured in appc main chart in appc-cdt section.
+ # for nodePort4. This value will be configured in appc main chart in appc-cdt section.
- name: CDT_PORT
- value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort3 }}"
+ value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort4 }}"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
# echo "Copying a working version of the logging configuration into the opendaylight etc folder"
# cp ${APPC_HOME}/data/org.ops4j.pax.logging.cfg ${ODL_HOME}/etc/org.ops4j.pax.logging.cfg
- echo "Starting OpenDaylight"
- ${ODL_HOME}/bin/start
echo "Waiting ${SLEEP_TIME} seconds for OpenDaylight to initialize"
sleep ${SLEEP_TIME}
fi
echo "Copying the aaa shiro configuration into opendaylight"
+ mkdir -p ${ODL_HOME}/etc/opendaylight/datastore/initial/config
if $ENABLE_AAF
then
cp ${APPC_HOME}/data/properties/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
cp ${APPC_HOME}/data/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
fi
- echo "Restarting OpenDaylight"
- ${ODL_HOME}/bin/stop
- checkRun () {
- running=0
- while read a b c d e f g h
- do
- if [ "$h" == "/bin/sh /opt/opendaylight/bin/karaf server" ]
- then
- running=1
- fi
- done < <(ps -eaf)
- echo $running
- }
-
- while [ $( checkRun ) == 1 ]
- do
- echo "Karaf is still running, waiting..."
- sleep 5s
- done
- echo "Karaf process has stopped"
- sleep 10s
-
- echo "Installed at `date`" > ${SDNC_HOME}/.installed
fi
# Move journal and snapshots directory to persistent storage
echo "Starting cdt-proxy-service jar, logging to ${APPC_HOME}/cdt-proxy-service/jar.log"
java -jar ${APPC_HOME}/cdt-proxy-service/cdt-proxy-service.jar > ${APPC_HOME}/cdt-proxy-service/jar.log &
-exec ${ODL_HOME}/bin/karaf server
+echo "Adding a property system.properties for AAF cadi.properties location"
+echo "" >> ${ODL_HOME}/etc/system.properties
+echo "cadi_prop_files=${APPC_HOME}/data/properties/cadi.properties" >> ${ODL_HOME}/etc/system.properties
+echo "" >> ${ODL_HOME}/etc/system.properties
+
+echo "Adding a value to property appc.asdc.env in appc.properties for appc-asdc-listener feature"
+echo "" >> $APPC_HOME/data/properties/appc.properties
+echo "appc.asdc.env=$DMAAP_TOPIC_ENV" >> $APPC_HOME/data/properties/appc.properties
+echo "" >> $APPC_HOME/data/properties/appc.properties
+
+echo "Copying jetty, keystore for https into opendalight"
+cp ${APPC_HOME}/data/jetty.xml ${ODL_HOME}/etc/jetty.xml
+cp ${APPC_HOME}/data/keystore ${ODL_HOME}/etc/keystore
+cp ${APPC_HOME}/data/custom.properties ${ODL_HOME}/etc/custom.properties
+echo "Copying a working version of the logging configuration into the opendaylight etc folder"
+cp ${APPC_HOME}/data/org.ops4j.pax.logging.cfg ${ODL_HOME}/etc/org.ops4j.pax.logging.cfg
+
+ODL_BOOT_FEATURES_EXTRA="odl-netconf-connector,odl-restconf-noauth,odl-netconf-clustered-topology,odl-mdsal-clustering"
+sed -i -e "\|featuresBoot[^a-zA-Z]|s|$|,${ODL_BOOT_FEATURES_EXTRA}|" $ODL_HOME/etc/org.apache.karaf.features.cfg
+
+exec ${APPC_HOME}/bin/dockerInstall.sh &
+echo "Starting OpenDaylight"
+exec ${ODL_HOME}/bin/karaf server
<urls>
<pair-key>/auth/**</pair-key>
<!-- <pair-value>authcBasic, roles[admin], dynamicAuthorization</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value>
+ <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value>
</urls>
<urls>
<pair-key>/restconf/config/aaa-cert-mdsal**</pair-key>
<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value>
+ <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value>
</urls>
<urls>
<pair-key>/restconf/operational/aaa-cert-mdsal**</pair-key>
<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value>
+ <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value>
</urls>
<urls>
<pair-key>/restconf/operations/aaa-cert-rpc**</pair-key>
<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value>
+ <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value>
</urls>
<urls>
<pair-key>/restconf/config/aaa-authn-model**</pair-key>
<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value>
+ <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value>
</urls>
<urls>
<pair-key>/restconf/operational/aaa-authn-model**</pair-key>
<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value>
+ <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value>
</urls>
<urls>
<pair-key>/restconf/operations/cluster-admin**</pair-key>
<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value>
+ <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value>
</urls>
<urls>
<pair-key>/**</pair-key>
<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value>
+ <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value>
</urls>
</shiro-configuration>
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: "{{ .Values.service.portName }}-8443"
+ name: "{{ .Values.service.portName }}-8282"
- port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: "{{ .Values.service.portName }}-1830"
+ name: "{{ .Values.service.portName }}-8443"
- port: {{ .Values.service.externalPort3 }}
targetPort: {{ .Values.service.internalPort3 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
+ name: "{{ .Values.service.portName }}-1830"
+ - port: {{ .Values.service.externalPort4 }}
+ targetPort: {{ .Values.service.internalPort4 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
name: "{{ .Values.service.portName }}-9090"
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}-8443
+ name: {{ .Values.service.portName }}-8282
- port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}-1830
+ name: {{ .Values.service.portName }}-8443
- port: {{ .Values.service.externalPort3 }}
targetPort: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.portName }}-1830
+ - port: {{ .Values.service.externalPort4 }}
+ targetPort: {{ .Values.service.internalPort4 }}
name: {{ .Values.service.portName }}-9090
{{- end}}
selector:
service:
name: appc-dgbuilder
-#passing value to cdt chart. value of nodePort3 will be same as appc.service.nodePort3.
+#passing value to cdt chart. value of nodePort4 will be same as appc.service.nodePort4.
appc-cdt:
- nodePort3: 11
+ nodePort4: 11
# default number of instances
replicaCount: 1
type: NodePort
name: appc
portName: appc
- #targetPort
- internalPort: 8443
- #port
- externalPort: 8443
- nodePort: 30
-
- externalPort2: 1830
- nodePort2: 31
+
+ internalPort: 8181
+ externalPort: 8282
+ nodePort: "08"
+
+ internalPort2: 8443
+ externalPort2: 8443
+ nodePort2: 30
+
+ externalPort3: 1830
+ nodePort3: 31
clusterPort: 2550
- internalPort3: 9191
- externalPort3: 9090
- nodePort3: 11
+ internalPort4: 9191
+ externalPort4: 9090
+ nodePort4: 11
## Persist data to a persitent volume
persistence:
blueprintsprocessor.blueprintWorkingPath=/opt/app/onap/blueprints/work
# Primary Database Configuration
-blueprintsprocessor.db.url=jdbc:mysql://db:3306/sdnctl
+blueprintsprocessor.db.url=jdbc:mysql://cds-db:3306/sdnctl
blueprintsprocessor.db.username=sdnctl
blueprintsprocessor.db.password=sdnctl
blueprintsprocessor.db.driverClassName=org.mariadb.jdbc.Driver
# AAI Data REST Client settings
blueprintsprocessor.restclient.aai-data.type=basic-auth
-blueprintsprocessor.restclient.aai-data.url=https://aai.onap:8443
+blueprintsprocessor.restclient.aai-data.url=https://aai:8443
blueprintsprocessor.restclient.aai-data.username=aai@aai.onap.org
blueprintsprocessor.restclient.aai-data.password=demo123456!
##ONAP Message Router Kafka Service##
blueprintsprocessor.messageclient.self-service-api.bootstrapServers=message-router-kafka:9092
-
blueprintsprocessor.messageclient.self-service-api.consumerTopic=cds-consumer
blueprintsprocessor.messageclient.self-service-api.groupId=cds-consumer-group
blueprintsprocessor.messageclient.self-service-api.clientId=cds-client
# Copyright (c) 2019 IBM, Bell Canada
#
-# Modifications Copyright (c) 2019 Bell Canada.
-#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-# Copyright © 2019 Bell Canada
+# Copyright © 2019 Orange, Bell Canada
+# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ persistence:
+ mountPath: /dockerdata-nfs
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application images
+repository: nexus3.onap.org:10001
+pullPolicy: Always
+
+
+subChartsOnly:
+ enabled: true
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+ingress:
+ enabled: false
+
+
mariadb-galera:
config:
userName: sdnctl
replicaCount: 1
persistence:
enabled: true
- mountSubPath: cds/data
\ No newline at end of file
+ mountSubPath: cds/data
+
+#Resource Limit flavor -By Default using small
+flavor: small
+#segregation for different envionment (Small and Large)
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
-# Copyright © 2017-2018 Amdocs, Bell Canada, AT&T
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-HEALTHCHECK_USER=demo@people.osaaf.org
-HEALTHCHECK_PASSWORD=demo123456!
+apiVersion: v1
+description: ONAP Clamp
+name: clamp-backend
+version: 5.0.0
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-CONTROLLER_ARTIFACT_ID=policy-management
-CONTROLLER_NAME=policy-management-controller
-CONTROLLER_PORT=9696
-RULES_ARTIFACT=not-used:not-used:1.0.0-SNAPSHOT
-UEB_TOPIC=policyengine-develop
+dependencies:
+ - name: common
+ version: ~5.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range .Values.ingress.hosts }}
export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
+ export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ echo "Visit https://127.0.0.1:8443 to use your application"
+ kubectl port-forward $POD_NAME 8443:{{ .Values.service.internalPort }}
{{- end }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+ spring_application_json: {{ tpl .Values.config.springApplicationJson . | quote }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-clamp-filebeat-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ initContainers:
+ - command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - mariadb
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ # side car containers
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - "-Dcom.att.eelf.logging.file=file:/opt/clamp/logback.xml"
+ - ""
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - mountPath: /opt/clamp/sdc-controllers-config.json
+ name: {{ include "common.fullname" . }}-config
+ subPath: sdc-controllers-config.json
+ - mountPath: /opt/clamp/logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: logback.xml
+ env:
+ - name: SPRING_APPLICATION_JSON
+ valueFrom:
+ configMapKeyRef:
+ name: {{ template "common.fullname" . }}
+ key: spring_application_json
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ items:
+ - key: sdc-controllers-config.json
+ path: sdc-controllers-config.json
+ - key: logback.xml
+ path: logback.xml
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-clamp-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018-2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global: # global defaults
+ nodePortPrefix: 302
+ repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ persistence: {}
+
+flavor: small
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/clamp-backend:4.1.1
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+config:
+ log:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+ mysqlPassword: strong_pitchou
+ dataRootDir: /dockerdata-nfs
+ springApplicationJson: >
+ {
+ "spring.datasource.cldsdb.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3",
+ "clamp.config.sdc.catalog.url": "http://sdc-be.{{ include "common.namespace" . }}:8080/sdc/v1/catalog/",
+ "clamp.config.sdc.hostUrl": "http://sdc-be.{{ include "common.namespace" . }}:8080/",
+ "clamp.config.sdc.serviceUrl": "http://sdc-be.{{ include "common.namespace" . }}:8080/sdc/v1/catalog/services",
+ "clamp.config.sdc.serviceUsername": "clamp",
+ "clamp.config.sdc.servicePassword": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981",
+ "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json",
+ "clamp.config.dcae.inventory.url": "https://inventory.{{ include "common.namespace" . }}:8080",
+ "clamp.config.dcae.dispatcher.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443",
+ "clamp.config.dcae.deployment.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443",
+ "clamp.config.dcae.deployment.userName": "none",
+ "clamp.config.dcae.deployment.password": "none",
+ "clamp.config.policy.api.url": "https4://policy-api.{{ include "common.namespace" . }}:6969",
+ "clamp.config.policy.api.userName": "healthcheck",
+ "clamp.config.policy.api.password": "zb!XztG34",
+ "clamp.config.policy.pap.url": "https4://policy-pap.{{ include "common.namespace" . }}:6969",
+ "clamp.config.policy.pap.userName": "healthcheck",
+ "clamp.config.policy.pap.password": "zb!XztG34",
+ "clamp.config.policy.pdpUrl1": "https://pdp.{{ include "common.namespace" . }}:8081/pdp/ , testpdp, alpha123",
+ "clamp.config.policy.pdpUrl2": "https://pdp.{{ include "common.namespace" . }}:8081/pdp/ , testpdp, alpha123",
+ "clamp.config.policy.papUrl": "https://pap.{{ include "common.namespace" . }}:9091/pap/ , testpap, alpha123",
+ "clamp.config.policy.clientKey": "dGVzdA==",
+ "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095",
+ "com.att.eelf.logging.path": "/opt/clamp",
+ "com.att.eelf.logging.file": "logback.xml"
+ }
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+
+service:
+ type: ClusterIP
+ name: clamp-backend
+ portName: clamp-backend
+ internalPort: 8443
+ externalPort: 443
+
+ingress:
+ enabled: false
+
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1.2Gi
+ requests:
+ cpu: 10m
+ memory: 800Mi
+ large:
+ limits:
+ cpu: 1
+ memory: 1.2Gi
+ requests:
+ cpu: 10m
+ memory: 800Mi
+ unlimited: {}
# Defaults to 9300-9400.
# More info:
transport.tcp.port: {{.Values.service.externalPort2}}
-
#xpack.graph.enabled: false
#Set to false to disable X-Pack graph features.
-
#xpack.ml.enabled: false
#Set to false to disable X-Pack machine learning features.
-
#xpack.monitoring.enabled: false
#Set to false to disable X-Pack monitoring features.
-#xpack.security.enabled: false
-#Set to false to disable X-Pack security features.
#xpack.watcher.enabled: false
#Set to false to disable Watcher.
+
+#xpack.license.self_generated.type: basic
+#xpack.security.enabled: false
+
+## Search Guard
+#
+searchguard.enterprise_modules_enabled: false
+searchguard.ssl.transport.keystore_filepath: sg/node-0-keystore.jks
+searchguard.ssl.transport.truststore_filepath: sg/truststore.jks
+searchguard.ssl.transport.enforce_hostname_verification: false
+
+searchguard.authcz.admin_dn:
+ - "CN=kirk,OU=client,O=client,l=tEst,C=De"
mountPath: /usr/share/elasticsearch/data/
containers:
- name: {{ include "common.name" . }}
- image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-elasticsearch:4.1.0
+image: onap/clamp-dashboard-elasticsearch:4.1.1
pullPolicy: Always
# flag to enable debugging - application support required
## Search Guard
#
-xpack.security.enabled: false
+#xpack.security.enabled: false
elasticsearch.username: {{.Values.config.elasticUSR}}
elasticsearch.password: {{.Values.config.elasticPWD}}
nodePortPrefix: 302
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
readinessRepository: oomk8s
- readinessImage: readiness-check:1.1.0
+ readinessImage: readiness-check:2.0.0
persistence: {}
flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-kibana:4.1.0
+image: onap/clamp-dashboard-kibana:4.1.1
pullPolicy: Always
# flag to enable debugging - application support required
nodePortPrefix: 302
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
readinessRepository: oomk8s
- readinessImage: readiness-check:1.1.0
+ readinessImage: readiness-check:2.0.0
persistence: {}
flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-logstash:4.1.0
+image: onap/clamp-dashboard-logstash:4.1.1
pullPolicy: Always
# flag to enable debugging - application support required
create table loop_logs (
id bigint not null,
+ log_component varchar(255) not null,
log_instant datetime(6) not null,
log_type varchar(255) not null,
message MEDIUMTEXT not null,
global_properties_json json,
last_computed_state varchar(255) not null,
model_properties_json json,
+ operational_policy_schema json,
svg_representation MEDIUMTEXT,
primary key (name)
) engine=InnoDB;
--- /dev/null
+server {
+
+ listen 443 default ssl;
+ ssl_protocols TLSv1.2;
+ ssl_certificate /etc/ssl/clamp.pem;
+ ssl_certificate_key /etc/ssl/clamp.key;
+ location /restservices/clds/ {
+ proxy_pass https://clamp-backend:443;
+ }
+
+ location / {
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+ try_files $uri $uri/ /index.html;
+ }
+
+ error_page 500 502 503 504 /50x.html;
+
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+
+}
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
- spring_application_json: {{ tpl .Values.config.springApplicationJson . | quote }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ .Release.Name }}-clamp-filebeat-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}
- /root/ready.py
args:
- --container-name
- - {{ .Values.mariadb.nameOverride }}
+ - clamp-backend
env:
- name: NAMESPACE
valueFrom:
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
- name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
+ mountPath: /var/log/nginx/
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- args:
- - "-Dcom.att.eelf.logging.file=file:/opt/clamp/logback.xml"
- - ""
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - mountPath: /opt/clamp/sdc-controllers-config.json
+ mountPath: /var/log/nginx/
+ - mountPath: /etc/nginx/conf.d/nginx.conf
name: {{ include "common.fullname" . }}-config
- subPath: sdc-controllers-config.json
- - mountPath: /opt/clamp/logback.xml
- name: {{ include "common.fullname" . }}-config
- subPath: logback.xml
- env:
- - name: SPRING_APPLICATION_JSON
- valueFrom:
- configMapKeyRef:
- name: {{ template "common.fullname" . }}
- key: spring_application_json
+ subPath: nginx.conf
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
configMap:
name: {{ include "common.fullname" . }}
items:
- - key: sdc-controllers-config.json
- path: sdc-controllers-config.json
- - key: logback.xml
- path: logback.xml
+ - key: nginx.conf
+ path: nginx.conf
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ .Release.Name }}-clamp-filebeat-configmap
apiVersion: v1
kind: Service
metadata:
- name: {{ include "common.servicename" . }}
+ name: {{ .Values.service.name }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
selector:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name2 }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type2 }}
+ ports:
+ {{if eq .Values.service.type2 "NodePort" -}}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.config.portName2 }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.config.portName2 }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
\ No newline at end of file
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018-2019 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp:4.1.0
+image: onap/clamp-frontend:4.1.1
pullPolicy: Always
# flag to enable debugging - application support required
log:
logstashServiceName: log-ls
logstashPort: 5044
- mysqlPassword: strong_pitchou
dataRootDir: /dockerdata-nfs
- springApplicationJson: >
- {
- "spring.datasource.cldsdb.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3",
- "clamp.config.sdc.catalog.url": "http://sdc-be.{{ include "common.namespace" . }}:8080/sdc/v1/catalog/",
- "clamp.config.sdc.hostUrl": "http://sdc-be.{{ include "common.namespace" . }}:8080/",
- "clamp.config.sdc.serviceUrl": "http://sdc-be.{{ include "common.namespace" . }}:8080/sdc/v1/catalog/services",
- "clamp.config.sdc.serviceUsername": "clamp",
- "clamp.config.sdc.servicePassword": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981",
- "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json",
- "clamp.config.dcae.inventory.url": "https://inventory.{{ include "common.namespace" . }}:8080",
- "clamp.config.dcae.dispatcher.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443",
- "clamp.config.dcae.deployment.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443",
- "clamp.config.dcae.deployment.userName": "none",
- "clamp.config.dcae.deployment.password": "none",
- "clamp.config.policy.api.url": "https4://policy-api.{{ include "common.namespace" . }}:6969",
- "clamp.config.policy.api.userName": "healthcheck",
- "clamp.config.policy.api.password": "zb!XztG34",
- "clamp.config.policy.pap.url": "https4://policy-pap.{{ include "common.namespace" . }}:6969",
- "clamp.config.policy.pap.userName": "healthcheck",
- "clamp.config.policy.pap.password": "zb!XztG34",
- "clamp.config.policy.pdpUrl1": "https://pdp.{{ include "common.namespace" . }}:8081/pdp/ , testpdp, alpha123",
- "clamp.config.policy.pdpUrl2": "https://pdp.{{ include "common.namespace" . }}:8081/pdp/ , testpdp, alpha123",
- "clamp.config.policy.papUrl": "https://pap.{{ include "common.namespace" . }}:9091/pap/ , testpap, alpha123",
- "clamp.config.policy.clientKey": "dGVzdA==",
- "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095",
- "com.att.eelf.logging.path": "/opt/clamp",
- "com.att.eelf.logging.file": "logback.xml"
- }
-
-# subchart configuration
-mariadb:
- nameOverride: clampdb
-
# default number of instances
replicaCount: 1
service:
type: NodePort
- name: clamp
- portName: clamp
- internalPort: 8443
- externalPort: 8443
+ name: clamp-external
+ portName: clamp-external
+ internalPort: 443
nodePort: 58
+
# as of 20180904 port 58 is reserved for clamp from log/logdemonode
# see https://wiki.onap.org/display/DW/OOM+NodePort+List
+ type2: ClusterIP
+ name2: clamp
+ portName2: clamp-internal
+ internalPort2: 443
+ externalPort2: 8443
ingress:
enabled: false
small:
limits:
cpu: 1
- memory: 1.2Gi
+ memory: 200Mi
requests:
cpu: 10m
- memory: 800Mi
+ memory: 50Mi
large:
limits:
cpu: 1
- memory: 1.2Gi
+ memory: 500Mi
requests:
cpu: 10m
- memory: 800Mi
+ memory: 50Mi
unlimited: {}
--- /dev/null
+#!/usr/bin/python
+import getopt
+import logging
+import os
+import sys
+import time
+
+from kubernetes import config
+from kubernetes.client import Configuration
+from kubernetes.client.apis import core_v1_api
+from kubernetes.client.rest import ApiException
+from kubernetes.stream import stream
+
+from kubernetes import client
+
+# extract env variables.
+namespace = os.environ['NAMESPACE']
+cert = os.environ['CERT']
+host = os.environ['KUBERNETES_SERVICE_HOST']
+token_path = os.environ['TOKEN']
+
+with open(token_path, 'r') as token_file:
+ token = token_file.read().replace('\n', '')
+
+# setup logging
+log = logging.getLogger(__name__)
+handler = logging.StreamHandler(sys.stdout)
+handler.setFormatter(logging.Formatter('%(asctime)s - %(levelname)s - %(message)s'))
+handler.setLevel(logging.INFO)
+log.addHandler(handler)
+log.setLevel(logging.INFO)
+
+configuration = client.Configuration()
+configuration.host = "https://" + host
+configuration.ssl_ca_cert = cert
+configuration.api_key['authorization'] = token
+configuration.api_key_prefix['authorization'] = 'Bearer'
+configuration.assert_hostname = False
+coreV1Api = client.CoreV1Api(client.ApiClient(configuration))
+api_instance = client.CoreV1Api(client.ApiClient(configuration))
+
+def run_command( pod_name, command ):
+ try:
+ exec_command = [
+ '/bin/sh',
+ '-c',
+ command]
+ resp = stream(api_instance.connect_get_namespaced_pod_exec, pod_name, namespace,
+ command=exec_command,
+ stderr=True, stdin=False,
+ stdout=True, tty=False)
+ except ApiException as e:
+ print("Exception when calling CoreV1Api->connect_get_namespaced_pod_exec: %s\n" % e)
+ return False
+ print(resp)
+ return True
+
+def find_pod(container_name,command,pods):
+ ready = False
+ try:
+ response = coreV1Api.list_namespaced_pod(namespace=namespace, watch=False)
+ for i in response.items:
+ # container_statuses can be None, which is non-iterable.
+ if i.status.container_statuses is None:
+ continue
+ for s in i.status.container_statuses:
+ if s.name == container_name:
+ if pods == True:
+ print (i.metadata.name)
+ else:
+ ready = run_command(i.metadata.name,command)
+ else:
+ continue
+ except Exception as e:
+ log.error("Exception when calling list_namespaced_pod: %s\n" % e)
+
+ return ready
+
+
+DESCRIPTION = "Kubernetes container readiness check utility"
+USAGE = "Usage: ready.py [-t <timeout>] -c <container_name> [-c <container_name> ...]\n" \
+ "where\n" \
+ "<container_name> - name of the container to wait for\n"
+
+def main(argv):
+ pods = False
+ command = ""
+ container_name = ""
+ try:
+ opts, args = getopt.getopt(argv, "ghp:c:", ["pod-container-name=", "command=", "help","getpods"])
+ for opt, arg in opts:
+ if opt in ("-h", "--help"):
+ print("%s\n\n%s" % (DESCRIPTION, USAGE))
+ sys.exit()
+ elif opt in ("-p", "--pod-container-name"):
+ container_name = arg
+ elif opt in ("-c", "--command"):
+ command = arg
+ elif opt in ("-g", "--getpods"):
+ pods = True
+ except (getopt.GetoptError, ValueError) as e:
+ print("Error parsing input parameters: %s\n" % e)
+ print(USAGE)
+ sys.exit(2)
+ if container_name.__len__() == 0:
+ print("Missing required input parameter(s)\n")
+ print(USAGE)
+ sys.exit(2)
+
+ if pods == False:
+ if command.__len__() == 0:
+ print("Missing required input parameter(s)\n")
+ print(USAGE)
+ sys.exit(2)
+ ready = find_pod(container_name,command,pods)
+ if ready == False:
+ sys.exit(2)
+
+if __name__ == "__main__":
+ main(sys.argv[1:])
+
+
--- /dev/null
+#!/bin/bash
+
+# Initialize variables
+ss_dir=""
+base_db_dir=""
+ss_name=""
+ss="snapshots"
+me=`basename $0`
+
+function find_target_table_name()
+{
+ dest_path=$1
+ keyspace_name=$2
+ src_table_name=$3
+ find_in_dir=$dest_path/$keyspace_name
+ tname_without_uuid=$(echo $src_table_name | cut -d '-' -f 1)
+ dest_table_name=$(ls -td -- $find_in_dir/$tname_without_uuid-* | head -n 1 | rev | cut -d'/' -f1 | rev)
+ printf $dest_table_name
+}
+
+function print_usage()
+{
+ echo "NAME"
+ echo " Script to restore Cassandra database from Nuvo/Cain snapshot"
+ echo "SYNOPSIS"
+ echo " $me [--help|-h] [--base_db_dir|-b] [--snapshot_dir|-s] [--keyspace|-k] [--tag|-t]"
+ echo " MUST OPTIONS: base_db_dir, snapshot_dir, keyspace_name"
+ echo "DESCRIPTION"
+ echo " --base_db_dir, -b"
+ echo " Location of running Cassandra database"
+ echo " --snapshot_dir, -s"
+ echo " Snapshot location of Cassandra database taken by Nuvo/Cain"
+ echo " --keyspace, -k"
+ echo " Name of the keyspace to restore"
+ echo "EXAMPLE"
+ echo " $me -b /var/lib/cassandra/data -s /root/data.ss -k DISCOVERY_SERVER -t 1234567"
+ exit
+}
+if [ $# -eq 0 ]
+then
+ print_usage
+fi
+
+while [[ $# -gt 0 ]]
+do
+key="$1"
+shift
+
+case $key in
+ -h|--help)
+ print_usage
+ ;;
+ -b|--base_db_dir)
+ base_db_dir="$1"
+ shift
+ ;;
+ -s|--snapshot_dir)
+ ss_dir="$1"
+ shift
+ ;;
+ -k|--keyspace)
+ keyspace_name="$1"
+ ;;
+ -t|--tag)
+ tag_name="$1"
+ ;;
+ --default)
+ DEFAULT=YES
+ shift
+ ;;
+ *)
+ # unknown option
+ ;;
+esac
+done
+
+# Validate inputs
+if [ "$base_db_dir" == "" ] || [ "$ss_dir" == "" ] || [ "$keyspace_name" == "" ]
+then
+ echo ""
+ echo ">>>>>>>>>>Not all inputs provided, please check usage >>>>>>>>>>"
+ echo ""
+ print_usage
+fi
+
+# Remove commit logs from current data dir
+#/var/lib/cassandra/commitlog/CommitLog*.log
+find $base_db_dir/../ -name "CommitLog*.log" -delete
+
+# Remove *.db from current data dir excluding skipped keyspaces
+find $base_db_dir/$keyspace_name -name "*.db" -delete
+
+# Copy snapshots to data dir
+echo "----------db files in snapshots--------------"
+dirs_to_be_restored=`ls $ss_dir`
+for i in ${dirs_to_be_restored}
+do
+ src_path=$ss_dir/$i/snapshots/$tag_name
+ # Find the destination
+ table_name=$i
+ dest_table=$(find_target_table_name $base_db_dir $keyspace_name $table_name)
+ dest_path=$base_db_dir/$keyspace_name/$dest_table
+ # Create keyspace/table directory if not exists
+ #if [ ! -d "$dest_path" ]; then
+ # mkdir -p $dest_path
+ #fi
+ db_files=$(ls $src_path/*.db 2> /dev/null | wc -l)
+ if [ $db_files -ne 0 ]
+ then
+ cp $src_path/*.db $dest_path
+ if [ $? -ne 0 ]
+ then
+ echo "=====ERROR: Unable to restore $src_path/*.db to $dest_path====="
+ exit 1
+ fi
+ echo "=======check $dest_path ==============="
+ ls $dest_path
+ fi
+done
--- /dev/null
+{{/*
+# Copyright © 2019 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.backup.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/restore.sh").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/exec.py").AsConfig . | indent 2 }}
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright © 2019 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.backup.enabled }}
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+ name: {{ include "common.fullname" . }}-backup
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ schedule: {{ .Values.backup.cron | quote }}
+ concurrencyPolicy: Forbid
+ startingDeadlineSeconds: 120
+ jobTemplate:
+ spec:
+ template:
+ spec:
+ restartPolicy: Never
+ initContainers:
+ - command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - {{ include "common.name" . }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ - name: "cassandra-backup-init"
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/bash
+ - -c
+ - |
+ clearSnapshot(){
+ curr_time=$1
+ echo "Clearing snapshots!!!"
+ command="nodetool clearsnapshot -t $curr_time"
+ /root/exec.py -p "cassandra" -c "$command"
+ }
+ {{ $root := . }}
+ curr_time=`date +%s`
+ pids=""
+ set -x
+
+ echo "Copying data"
+ {{ range $i, $e := until (int .Values.replicaCount) }}
+ target_dir=/backup/temp/cassandra-{{ $i }}
+ mkdir -p $target_dir
+ cp -Ra /onap-data/cassandra-{{ $i }}/data/ $target_dir/
+ {{- end }}
+
+ echo "Executing cleanup!!"
+ command="nodetool cleanup"
+ /root/exec.py -p "cassandra" -c "$command"
+ echo "Cleaned Node!! Backing up database now!!!"
+
+ command="nodetool snapshot -t $curr_time"
+ /root/exec.py -p "cassandra" -c "$command"
+ retCode=$?
+ if [ $retCode -ne 0 ]; then
+ echo "Backup Failed!!!"
+ rm -rf /backup/temp
+ clearSnapshot $curr_time
+ echo "Failed" > /backup/backup.log
+ exit 0
+ fi
+
+ backup_dir=/backup/temp
+ {{ range $i, $e := until (int .Values.replicaCount) }}
+ for d in $backup_dir/cassandra-{{ $i }}/data/*/ ; do
+ d=$(echo $d | sed 's:/*$::')
+ keyspace_name=$(echo "$d" | awk -F/ '{ print $NF }')
+ if [ 1 ] {{- range $t, $keyspace := $root.Values.backup.keyspacesToSkip }} && [ "{{ $keyspace.name }}" != "$keyspace_name" ] {{- end }}; then
+ /root/restore.sh -b $backup_dir/cassandra-{{ $i }}/data -s /onap-data/cassandra-{{ $i }}/data/$keyspace_name -k $keyspace_name -t $curr_time &
+ pids="$pids $!"
+ fi
+ done
+ {{- end }}
+
+ for p in $pids; do
+ wait $p
+ if [ $? -ne 0 ]; then
+ rm -rf /backup/temp
+ echo "Creation of Backup Failed!!!"
+ clearSnapshot $curr_time
+ echo "Failed" > /backup/backup.log
+ exit 0
+ fi
+ done
+
+ clearSnapshot $curr_time
+
+ exit_code=$?
+ if [ $exit_code -ne 0 ]; then
+ rm -rf /backup/temp
+ echo "Backup Failed!!!"
+ echo "Failed" > /backup/backup.log
+ exit 0
+ fi
+
+ mv /backup/temp /backup/backup-${curr_time}
+ echo "Success" > /backup/backup.log
+ echo "Cassandra Backup Succeeded"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /onap-data
+ name: data-dir
+ - mountPath: /backup
+ name: backup-dir
+ - name: scripts
+ mountPath: /root/restore.sh
+ subPath: restore.sh
+ - name: scripts
+ mountPath: /root/exec.py
+ subPath: exec.py
+ containers:
+ - name: cassandra-backup-validate
+ image: "{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/bash
+ - -c
+ - |
+ remove_dir(){
+ dirToRemove=$1
+ rm -rf $dirToRemove
+ }
+
+ backup_result=`cat /backup/backup.log`
+ rm -rf /backup/backup.log
+
+ if [ "$backup_result" == "Failed" ]; then
+ echo "Backup Failed!!! So Validation Failed!!!";
+ exit 0
+ fi
+
+ target_dir=$(ls -td -- /backup/*/ | head -n 1)
+ chown -R cassandra.cassandra $target_dir
+ {{- $root := . -}}
+ {{ range $i, $e := until (int .Values.replicaCount) }}
+ dbSize=$(du -ks $target_dir/cassandra-{{ $i }}/data|awk -F " " '{ printf $1 }')
+ minDbSize={{ (int $root.Values.backup.dbSize) }}
+ if [ $dbSize -lt $minDbSize ]; then
+ remove_dir $target_dir
+ echo "Validation Failed!!! dbSize ($dbSize) is less than minimum size (1)!!!"
+ exit 0
+ fi
+ rm -rf /var/lib/cassandra/*
+ cp -Ra $target_dir/cassandra-{{ $i }}/data /var/lib/cassandra
+ export CASSANDRA_LISTEN_ADDRESS="127.0.0.1"
+ /docker-entrypoint.sh -Dcassandra.ignore_dc=true -Dcassandra.ignore_rack=true &
+ CASS_PID=$!
+ sleep 45
+
+ for d in $target_dir/cassandra-{{ $i }}/data/*/; do
+ d=$(echo $d | sed 's:/*$::')
+ keyspace_name=$(echo "$d" | awk -F/ '{ print $NF }')
+ if [ 1 ] {{- range $t, $keyspace := $root.Values.backup.keyspacesToSkip }} && [ "{{ $keyspace.name }}" != "$keyspace_name" ] {{- end }}; then
+ echo "Verifying the data for $keyspace_name "
+ nodetool verify -e $keyspace_name
+ ret=$?
+ if [ $ret -ne 0 ]; then
+ remove_dir $target_dir
+ echo "Validation Failed!!!"
+ exit 0
+ fi
+ fi
+ done
+ kill -9 $CASS_PID
+ {{- end }}
+ echo "Validation Successful!!!"
+ cd /backup
+ totalFiles=`ls -t | grep "backup-" | wc -l`
+ if [ $totalFiles -gt {{ .Values.backup.retentionPeriod }} ]; then
+ filestoDelete=`expr $totalFiles - {{ .Values.backup.retentionPeriod }}`
+ ls -tr | grep backup | head -$filestoDelete | xargs rm -rf
+ fi
+ env:
+ - name: CASSANDRA_CLUSTER_NAME
+ value: {{ .Values.config.clusterName }}
+ - name: MAX_HEAP_SIZE
+ value: {{ .Values.config.heap.max }}
+ - name: HEAP_NEWSIZE
+ value: {{ .Values.config.heap.min }}
+ - name: HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ volumeMounts:
+ - name: backup-dir
+ mountPath: /backup
+ - name: localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: scripts
+ configMap:
+ name: {{ include "common.fullname" $ }}-configmap
+ defaultMode: 0755
+ - name: data-dir
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-db-data
+ - name: backup-dir
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-backup-data
+{{- end -}}
+
--- /dev/null
+{{/*
+# Copyright © 2019 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.backup.enabled }}
+{{ if .Values.persistence.enabled }}
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: {{ include "common.fullname" . }}-db-data
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: {{ .Release.Service }}
+ name: {{ include "common.fullname" . }}-db-data
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size }}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: {{ include "common.fullname" . }}-backup-data
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: {{ .Release.Service }}
+ name: {{ include "common.fullname" . }}-backup-data
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size }}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ hostPath:
+ path: {{ .Values.global.persistence.backup.mountPath | default .Values.persistence.backup.mountPath }}/{{ include "common.namespace" $ }}/{{ include "common.fullname" $ }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+{{ end }}
+{{- end -}}
+
--- /dev/null
+{{/*
+# Copyright © 2019 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.backup.enabled }}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-db-data
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-backup
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if .Values.persistence.annotations }}
+ annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}-db-data
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-backup-data
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-backup
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if .Values.persistence.annotations }}
+ annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}-backup-data
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end -}}
+{{- end -}}
# Declare variables to be passed into your templates.
global: # global defaults
nodePortPrefix: 302
-
+ persistence:
+ mountPath: /dockerdata-nfs
+ backup:
+ mountPath: /dockerdata-nfs/backup
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
# application image
repository: nexus3.onap.org:10001
mountSubPath: cassandra
storageType: local
storageClass: ""
+ backup:
+ mountPath: /dockerdata-nfs/backup
configOverrides: {}
# requests:
# cpu: 2
# memory: 4Gi
+backup:
+ enabled: false
+ cron: "00 00 * * *"
+ retentionPeriod: 3
+ dbSize: 1
+ keyspacesToSkip:
+ - name: system_traces
+ - name: system_auth
+ - name: system_distributed
--- /dev/null
+{{/*
+# Copyright © 2019 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.backup.enabled }}
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+ name: {{ include "common.fullname" . }}-backup
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ schedule: {{ .Values.backup.cron | quote }}
+ concurrencyPolicy: Forbid
+ startingDeadlineSeconds: 120
+ jobTemplate:
+ spec:
+ template:
+ spec:
+ restartPolicy: Never
+ initContainers:
+ - command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - {{ include "common.name" . }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ - name: mariadb-galera-backup-init
+ image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/bash
+ - -c
+ - |
+ remove_dir(){
+ dirToRemove=$1
+ rm -rf $dirToRemove
+ echo "Failed" > /backup/backup.log
+ echo "Backup failed!!!"
+ }
+
+ target_dir=/backup/backup-`date +%s`
+ mkdir -p $target_dir
+
+ mysqlhost={{ include "common.fullname" . }}-{{ sub .Values.replicaCount 1 }}.{{ .Values.service.name }}
+
+ mariabackup --backup --target-dir=$target_dir --user=root --password=$DB_PASS --host=$mysqlhost
+
+ ret_code=$?
+ if [ $ret_code -ne 0 ]; then
+ remove_dir $target_dir
+ exit 0
+ fi
+
+ echo "Starting Backup Preparation!!!"
+ mariabackup --prepare --target-dir=$target_dir
+ ret_code=$?
+ if [ $ret_code -ne 0 ]; then
+ remove_dir $target_dir
+ exit 0
+ fi
+ echo "Success" > /backup/backup.log
+ echo "Backup Successful!!!"
+ env:
+ - name: DB_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.fullname" . }}
+ key: db-root-password
+ volumeMounts:
+ - name: backup-data
+ mountPath: /backup
+ - name: db-data
+ mountPath: /var/lib/mysql
+ containers:
+ - name: mariadb-backup-validate
+ image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: MYSQL_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.fullname" . }}
+ key: db-root-password
+ command:
+ - /bin/bash
+ - -c
+ - |
+ remove_dir(){
+ dirToRemove=$1
+ rm -rf $dirToRemove
+ echo "Validation Failed!!!";
+ }
+
+ backup_result=`cat /backup/backup.log`
+ rm -rf /backup/backup.log
+
+ if [ "$backup_result" == "Failed" ]; then
+ echo "Backup Failed!!! So Validation Failed!!!";
+ exit 0
+ fi
+
+ target_dir=$(ls -td -- /backup/backup-* | head -n 1)
+ cp -Ra $target_dir/* /var/lib/mysql/
+
+ if [ ! "$(ls -A /var/lib/mysql)" ]; then
+ remove_dir $target_dir
+ exit 0
+ fi
+
+ /docker-entrypoint.sh mysqld &
+
+ count=0
+ until mysql --user=root --password=$MYSQL_ROOT_PASSWORD -e "SELECT 1";
+ do sleep 3;
+ count=`expr $count + 1`;
+ if [ $count -ge 30 ]; then
+ remove_dir $target_dir
+ exit 0;
+ fi;
+ done
+
+ mysqlcheck -A --user=root --password=$MYSQL_ROOT_PASSWORD > /tmp/output.log
+ error_lines=`cat /tmp/output.log| grep -v "OK" | wc -l`
+
+ cat /tmp/output.log
+
+ if [ $error_lines -gt 1 ];then
+ remove_dir $target_dir
+ else
+ echo "Validation successful!!!"
+ cd /backup
+ totalFiles=`ls -t | grep "backup-" | wc -l`
+ if [ $totalFiles -gt {{ .Values.backup.retentionPeriod }} ]; then
+ filestoDelete=`expr $totalFiles - {{ .Values.backup.retentionPeriod }}`
+ ls -tr | grep backup | head -$filestoDelete | xargs rm -rf
+ fi
+ fi
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: backup-data
+ mountPath: /backup
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: db-data
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-db-data
+ - name: backup-data
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-backup
+{{- end }}
--- /dev/null
+{{/*
+# Copyright © 2019 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.backup.enabled }}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-backup
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}-backup
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.global.persistence.backup.mountPath | default .Values.persistence.backup.mountPath }}/{{ include "common.namespace" . }}/{{include "common.name" . }}
+---
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-db-data
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}-db-data
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}{{ sub .Values.replicaCount 1 }}
+{{- end -}}
+{{- end -}}
+
--- /dev/null
+{{/*
+# Copyright © 2019 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.backup.enabled }}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-backup
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-backup
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if .Values.persistence.annotations }}
+ annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}-backup
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-db-data
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-db-data
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if .Values.persistence.annotations }}
+ annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}-db-data
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
#################################################################
global:
nodePortPrefix: 302
- persistence: {}
+ persistence:
+ mountPath: /dockerdata-nfs
+ backup:
+ mountPath: /dockerdata-nfs/backup
+
repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+
#################################################################
# Application configuration defaults.
#repository: mysql
repository: nexus3.onap.org:10001
image: adfinissygroup/k8s-mariadb-galera-centos:v002
+backupImage: library/mariadb:10.1.38
imageInit: busybox
pullPolicy: IfNotPresent
mountPath: /dockerdata-nfs
mountSubPath: "mariadb-galera/data"
mysqlPath: /var/lib/mysql
+ backup:
+ mountPath: /dockerdata-nfs/backup
service:
internalPort: 3306
# DNS name for mariadb-galera cluster - should be unique accross all projects other clusters
#dnsnameOverride: mariadb-galera
+
+backup:
+ enabled: false
+ cron: "00 00 * * *"
+ retentionPeriod: 3
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.6.2
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.6.3
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
# Use to override default setting in blueprints
componentImages:
- dashboard: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.1.0
holmes_rules: onap/holmes/rule-management:1.2.6
holmes_engine: onap/holmes/engine-management:1.2.5
tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.1.2
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-cleanup
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ "helm.sh/hook": pre-delete
+ "helm.sh/hook-delete-policy": hook-succeeded,hook-failed
+spec:
+ template:
+ metadata:
+ name: {{ include "common.fullname" . }}-cleanup
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ restartPolicy: Never
+ containers:
+ - name: dcae-cleanup
+ image: {{ include "common.repository" . }}/{{ .Values.cleanupImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
\ No newline at end of file
# image for init container to initialize shared ConfigMap
multisiteInitImage: onap/org.onap.dcaegen2.deployments.multisite-init-container:1.0.0
+# image for cleanup job container
+cleanupImage: onap/org.onap.dcaegen2.deployments.dcae-k8s-cleanup-container:1.0.0
+
# probe configuration parameters
liveness:
initialDelaySeconds: 10
value: "/opt/tls/cert.pem"
- name: HTTPS_KEY_PATH
value: "/opt/tls/key.pem"
- - name: TRUST_STORE_PATH
- value: "/opt/app/prh/etc/cert/trust.jks"
- - name: TRUST_STORE_PASS_PATH
- value: "/opt/app/prh/etc/cert/trust.pass"
- - name: KEY_STORE_PATH
- value: "/opt/app/prh/etc/cert/key.p12"
- - name: KEY_STORE_PASS_PATH
- value: "/opt/app/prh/etc/cert/key.pass"
- - name: {{ include "common.name" . }}-filebeat-onap
+ - name: {{ include "common.name" . }}-fb-onap
image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
+ - name: {{ include "common.fullname" . }}-fb-conf
mountPath: /usr/share/filebeat/filebeat.yml
subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
+ - name: {{ include "common.fullname" . }}-data-fb
mountPath: /usr/share/filebeat/data
- name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
+ mountPath: /var/log/onap/config-binding-service
{{ end }}
{{- if .Values.service.insecure.enabled }}
- name: {{ include "common.name" . }}-insecure
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - name: {{ include "common.fullname" . }}-logs-insecure
+ - name: {{ include "common.fullname" . }}-logs-i
mountPath: /opt/logs
env:
- name: CONSUL_HOST
value: consul.{{ include "common.namespace" . }}
- - name: {{ include "common.name" . }}-filebeat-onap-insecure
+ - name: {{ include "common.name" . }}-fb-onap-i
image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
+ - name: {{ include "common.fullname" . }}-fb-conf
mountPath: /usr/share/filebeat/filebeat.yml
subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat-insecure
+ - name: {{ include "common.fullname" . }}-data-fb-i
mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs-insecure
- mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-logs-i
+ mountPath: /var/log/onap/config-binding-service
{{ end }}
volumes:
- - name: {{ include "common.fullname" . }}-filebeat-conf
+ - name: {{ include "common.fullname" . }}-fb-conf
configMap:
name: {{ .Release.Name }}-cbs-filebeat-configmap
{{- if .Values.service.secure.enabled }}
- - name: {{ include "common.fullname" . }}-data-filebeat
+ - name: {{ include "common.fullname" . }}-data-fb
emptyDir: {}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
emptyDir: {}
{{ end }}
{{- if .Values.service.insecure.enabled }}
- - name: {{ include "common.fullname" . }}-data-filebeat-insecure
+ - name: {{ include "common.fullname" . }}-data-fb-i
emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs-insecure
+ - name: {{ include "common.fullname" . }}-logs-i
emptyDir: {}
{{ end }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.configbinding:2.5.1
+image: onap/org.onap.dcaegen2.platform.configbinding:2.5.2
pullPolicy: Always
# probe configuration parameters
imagePullPolicy: IfNotPresent
resources: {}
volumeMounts:
- - mountPath: /var/log/onap/deployment-handler
+ - mountPath: /var/log/onap/policy-handler
name: component-log
- mountPath: /usr/share/filebeat/data
name: filebeat-data
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-node:2.1.1
+image: onap/dmaap/datarouter-node:2.1.2
pullPolicy: Always
# flag to enable debugging - application support required
+++ /dev/null
-{
- "feedName": "bulk_pm_feed",
- "feedVersion": "m1.1",
- "feedDescription": "Default feed provisioned for PM File collector",
- "asprClassification" : "unclassified",
- "owner": "onap",
- "pubs": [
- {
- "dcaeLocationName" : "san-francisco",
- "username": "dradmin",
- "userpwd": "dradmin"
- }
-
- ],
- "subs": [
- {
- "dcaeLocationName": "san-francisco",
- "deliveryURL": "https://dcae-pm-mapper:8443/delivery",
- "feedId": "1",
- "owner": "dcae-pm-mapper",
- "status": "VALID",
- "subId": "1",
- "suspended": false,
- "use100": true,
- "username": "pmmapper",
- "userpwd": "pmmapper",
- "decompressData": true,
- "privilegedSubscriber": true
- }
- ]
-}
\ No newline at end of file
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-prov:2.1.1
+image: onap/dmaap/datarouter-prov:2.1.2
pullPolicy: Always
# flag to enable debugging - application support required
+++ /dev/null
-{
- "topicName": "PM_MAPPER",
- "topicDescription": "The PM Mapper will be publishing perf3gpp VES events to this topic",
- "owner": "pm-mapper",
- "txenabled": false,
- "clients": [{
- "dcaeLocationName": "san-francisco",
- "clientIdentity": "dcae@dcae.onap.org",
- "action": [
- "pub",
- "view"
- ]
- }]
-}
FLAGS="$(echo $FLAGS| sed -n 's/--verbose//p')"
VERBOSE="true"
fi
+ # determine if delay for deployment is enabled
+ DELAY="false"
+ if [[ $FLAGS = *"--delay"* ]]; then
+ FLAGS="$(echo $FLAGS| sed -n 's/--delay//p')"
+ DELAY="true"
+ fi
# determine if set-last-applied flag is enabled
SET_LAST_APPLIED="false"
if [[ $FLAGS = *"--set-last-applied"* ]]; then
> $LOG_FILE.log 2>&1
fi
fi
+ if [[ $DELAY == "true" ]]; then
+ echo sleep 3m
+ sleep 3m
+ fi
else
array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}"))
n=${#array[*]}
## GKE, AWS & OpenStack)
##
# storageClass: "-"
- accessMode: ReadWriteMany
+ accessMode: ReadWriteOnce
size: 2Gi
mountPath: /dockerdata-nfs
mountSubPath: modeling/genericparser
# application image
repository: nexus3.onap.org:10001
-image: onap/externalapi/nbi:5.0.0
+image: onap/externalapi/nbi:5.0.1
pullPolicy: Always
sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=
aai_authorization: Basic QUFJOkFBSQ==
sources:
- https://gerrit.onap.org/r/#/admin/projects/
icon: https://wiki.onap.org/download/thumbnails/1015829/onap_704x271%20copy.png?version=1&modificationDate=1488326334000&api=v2
+kubeVersion: ">=1.11.5-0"
version: ~5.x-0
repository: '@local'
condition: cassandra.enabled
+ - name: cds
+ version: ~5.x-0
+ repository: '@local'
+ condition: cds.enabled
- name: clamp
version: ~5.x-0
repository: '@local'
enabled: true
appc:
enabled: true
+cds:
+ enabled: true
clamp:
enabled: true
cli:
enabled: true
appc:
enabled: true
+cds:
+ enabled: true
clamp:
enabled: true
cli:
openStackEncryptedPassword: admin
cassandra:
enabled: false
+cds:
+ enabled: false
clamp:
enabled: false
cli:
commonConfigPrefix: onap-oof-has
image:
readiness: oomk8s/readiness-check:2.0.0
- optf_has: onap/optf-has:1.3.1
+ optf_has: onap/optf-has:1.3.2
filebeat: docker.elastic.co/beats/filebeat:5.5.0
pullPolicy: Always
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-osdf:1.3.2
+image: onap/optf-osdf:1.3.4
pullPolicy: Always
# flag to enable debugging - application support required
--- /dev/null
+#!/bin/bash
+# ============LICENSE_START=======================================================
+# ONAP
+# ================================================================================
+# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+
+docker-entrypoint.sh nexus
\ No newline at end of file
-# Copyright © 2017-2018 Amdocs, Bell Canada, AT&T
+# Copyright © 2017-2018 Amdocs, Bell Canada.
+# Modifications Copyright (C) 2018-2019 AT&T Intellectual Property.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# JVM options
-JVM_OPTIONS=-server -Xms1024m -Xmx2048m
+JVM_OPTIONS={{.Values.server.jvmOpts}}
# SYSTEM software configuration
POLICY_HOME=/opt/app/policy
POLICY_LOGS=/var/log/onap/policy/pdpd
JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk
-KEYSTORE_PASSWD=Pol1cy_0nap
-TRUSTSTORE_PASSWD=Pol1cy_0nap
# Telemetry credentials
TELEMETRY_PORT=9696
TELEMETRY_HOST=0.0.0.0
-TELEMETRY_USER=demo@people.osaaf.org
-TELEMETRY_PASSWORD=demo123456!
# nexus repository
SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots
-SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots/
+SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/
RELEASE_REPOSITORY_ID=policy-nexus-releases
-RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases/
-REPOSITORY_USERNAME=admin
-REPOSITORY_PASSWORD=admin123
+RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/
# Relational (SQL) DB access
SQL_HOST={{.Values.global.mariadb.nameOverride}}
-SQL_USER=policy_user
-SQL_PASSWORD=policy_user
# AAF
-AAF=true
+AAF={{.Values.aaf.enabled}}
AAF_NAMESPACE=org.onap.policy
AAF_HOST=aaf-locate.{{.Release.Namespace}}
PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION
PDPD_CONFIGURATION_SERVERS=message-router
-PDPD_CONFIGURATION_API_KEY=
-PDPD_CONFIGURATION_API_SECRET=
PDPD_CONFIGURATION_CONSUMER_GROUP=
PDPD_CONFIGURATION_CONSUMER_INSTANCE=
PDPD_CONFIGURATION_PARTITION_KEY=
# PAP-PDP configuration channel
POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP
-POLICY_PDP_PAP_API_KEY=
-POLICY_PDP_PAP_API_SECRET=
# PAP
PAP_HOST=policy-pap
-PAP_USERNAME=healthcheck
-PAP_PASSWORD=zb!XztG34
# PDP-X
PDP_HOST=policy-xacml-pdp
-PDP_USERNAME=healthcheck
-PDP_PASSWORD=zb!XztG34
-PDP_CLIENT_USERNAME=python
-PDP_CLIENT_PASSWORD=test
-PDP_ENVIRONMENT=TEST
# DCAE DMaaP
# AAI
AAI_URL=https://aai.{{.Release.Namespace}}:8443
-AAI_USERNAME=policy@policy.onap.org
-AAI_PASSWORD=demo123456!
# MSO
SO_URL=http://so.{{.Release.Namespace}}:8080/onap/so/infra
-SO_USERNAME=InfraPortalClient
-SO_PASSWORD=password1$
# VFC
VFC_URL=
-VFC_USERNAME=
-VFC_PASSWORD=
# SDNC
SDNC_URL=http://sdnc.{{.Release.Namespace}}:8282/restconf/operations
-SDNC_USERNAME=admin
-SDNC_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-# Copyright 2018 AT&T Intellectual Property. All rights reserved
-# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
--- /dev/null
+#!/bin/bash
+# ============LICENSE_START=======================================================
+# ONAP
+# ================================================================================
+# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+policy status
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#!/bin/bash
-
-if [ "$#" -ne 4 ]; then
- echo "Usage: $(basename $0) <k8s-host> <policy-pdp-node-port> <policy-drools-node-port> <resource-id>"
- exit 1
-fi
-
-K8S_HOST=$1
-POLICY_PDP_PORT=$2
-POLICY_DROOLS_PORT=$3
-RESOURCE_ID=$4
-
-echo
-echo
-echo "Removing the vFW Policy from PDP.."
-echo
-echo
-
-curl -v -k -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyComponent" : "PDP",
- "policyName": "com.BRMSParamvFirewall",
- "policyType": "BRMS_Param"
-}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/deletePolicy
-
-sleep 20
-
-echo
-
-echo
-echo "Updating vFW Operational Policy .."
-echo
-
-curl -v -k -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyConfigType": "BRMS_PARAM",
- "policyName": "com.BRMSParamvFirewall",
- "policyDescription": "BRMS Param vFirewall policy",
- "policyScope": "com",
- "attributes": {
- "MATCHING": {
- "controller": "amsterdam"
- },
- "RULE": {
- "templateName": "ClosedLoopControlName",
- "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a",
- "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+'${RESOURCE_ID}'%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
- }
- }
-}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/updatePolicy
-
-sleep 5
-
-echo
-echo
-echo "Pushing the vFW Policy .."
-echo
-echo
-
-curl -v -k --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.BRMSParamvFirewall",
- "policyType": "BRMS_Param"
-}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/pushPolicy
-
-sleep 20
-
-echo
-echo
-echo "Restarting PDP-D .."
-echo
-echo
-
-POD=$(kubectl --namespace {{ include "common.namespace" . }} get pods | sed 's/ .*//'| grep drools)
-kubectl --namespace {{ include "common.namespace" . }} exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 5 && policy start"
-
-sleep 20
-
-echo
-echo
-echo "PDP-D amsterdam maven coordinates .."
-echo
-echo
-
-curl -vvv -k --silent --user "demo@people.osaaf.org:demo123456!" -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools | python -m json.tool
-
-
-echo
-echo
-echo "PDP-D control loop updated .."
-echo
-echo
-
-curl -v -k --silent --user "demo@people.osaaf.org:demo123456!" -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params | python -m json.tool
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+KEYSTORE_PASSWD={{.Values.keystore.password}}
+TRUSTSTORE_PASSWD={{.Values.truststore.password}}
+
+TELEMETRY_USER={{.Values.telemetry.user}}
+TELEMETRY_PASSWORD={{.Values.telemetry.password}}
+
+REPOSITORY_USERNAME={{.Values.nexus.user}}
+REPOSITORY_PASSWORD={{.Values.nexus.password}}
+
+SQL_USER={{.Values.db.user}}
+SQL_PASSWORD={{.Values.db.password}}
+
+PDPD_CONFIGURATION_API_KEY={{.Values.dmaap.brmsgw.key}}
+PDPD_CONFIGURATION_API_SECRET={{.Values.dmaap.brmsgw.secret}}
+
+POLICY_PDP_PAP_API_KEY={{.Values.dmaap.pap.key}}
+POLICY_PDP_PAP_API_SECRET={{.Values.dmaap.pap.secret}}
+
+PAP_USERNAME={{.Values.pap.user}}
+PAP_PASSWORD={{.Values.pap.password}}
+
+PDP_USERNAME={{.Values.pdp.user}}
+PDP_PASSWORD={{.Values.pdp.password}}
+
+AAI_USERNAME={{.Values.aai.user}}
+AAI_PASSWORD={{.Values.aai.password}}
+
+SO_USERNAME={{.Values.so.user}}
+SO_PASSWORD={{.Values.so.password}}
+
+VFC_USERNAME={{.Values.vfc.user}}
+VFC_PASSWORD={{.Values.vfc.password}}
+
+SDNC_USERNAME={{.Values.sdnc.user}}
+SDNC_PASSWORD={{.Values.sdnc.password}}
+
+HEALTHCHECK_USER={{.Values.telemetry.user}}
+HEALTHCHECK_PASSWORD={{.Values.telemetry.password}}
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
data:
-{{ tpl (.Files.Glob "resources/config/opt/policy/config/drools/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/configmaps/*").AsConfig . | indent 2 }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018-2019 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
-data:
-{{ (.Files.Glob "resources/config/opt/policy/config/drools/keys/*").AsSecrets | indent 2 }}
type: Opaque
+data:
+{{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
+ {{ base $path }}: {{ tpl ($.Files.Get $path) $ | b64enc | quote }}
+{{- end }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /tmp/policy-install/config/feature-healthcheck.conf
+ {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
+ - mountPath: /tmp/policy-install/config/{{ base $path }}
name: drools-secret
- subPath: feature-healthcheck.conf
- - mountPath: /tmp/policy-install/config/feature-pooling-dmaap.conf
- name: drools-config
- subPath: feature-pooling-dmaap.conf
- - mountPath: /tmp/policy-install/config/base.conf
+ subPath: {{ base $path }}
+ {{- end }}
+ {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }}
+ - mountPath: /tmp/policy-install/config/{{ base $path }}
name: drools-config
- subPath: base.conf
+ subPath: {{ base $path }}
+ {{- end }}
- mountPath: /var/log/onap
name: policy-logs
resources:
configMap:
name: {{ include "common.fullname" . }}-configmap
items:
- - key: base.conf
- path: base.conf
- mode: 0755
- - key: feature-pooling-dmaap.conf
- path: feature-pooling-dmaap.conf
+ {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }}
+ - key: {{ base $path }}
+ path: {{ base $path }}
mode: 0755
+ {{- end }}
- name: drools-secret
secret:
secretName: {{ include "common.fullname" . }}-secret
items:
- - key: feature-healthcheck.conf
- path: feature-healthcheck.conf
+ {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
+ - key: {{ base $path }}
+ path: {{ base $path }}
mode: 0644
+ {{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
ubuntuImage: ubuntu:16.04
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pdpd-cl:1.5.1
+image: onap/policy-pdpd-cl:1.5.2
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- nexusPort: 8081
-
# default number of instances
replicaCount: 1
ingress:
enabled: false
+# Default installation values to be overridden
+
+server:
+ jvmOpts: -server -Xms1024m -Xmx2048m
+
+aaf:
+ enabled: "true"
+
+keystore:
+ password: Pol1cy_0nap
+
+truststore:
+ password: Pol1cy_0nap
+
+telemetry:
+ user: demo@people.osaaf.org
+ password: demo123456!
+
+nexus:
+ nexus: admin
+ password: admin123
+ port: 8081
+
+db:
+ user: policy_user
+ password: policy_user
+
+pap:
+ user: healthcheck
+ password: zb!XztG34
+
+pdp:
+ user: healthcheck
+ password: zb!XztG34
+
+aai:
+ user: policy@policy.onap.org
+ password: demo123456!
+
+so:
+ user: InfraPortalClient
+ password: password1$
+
+vfc:
+ user:
+ password:
+
+sdnc:
+ user: admin
+ password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+dmaap:
+ brmsgw:
+ key:
+ password:
+ pap:
+ key:
+ password:
+
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-apex-pdp:2.2.1
+image: onap/policy-apex-pdp:2.2.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-api:2.1.1
+image: onap/policy-api:2.1.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pap:2.1.1
+image: onap/policy-pap:2.1.2
pullPolicy: Always
# flag to enable debugging - application support required
"https": true,
"aaf": false
},
+ "policyApiParameters": {
+ "host": "policy-api",
+ "port": 6969,
+ "userName": "healthcheck",
+ "password": "zb!XztG34",
+ "https": true,
+ "aaf": false
+ },
"applicationPath": "/opt/app/policy/pdpx/apps",
"topicParameterGroup": {
"topicSources" : [{
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-xacml-pdp:2.1.1
+image: onap/policy-xacml-pdp:2.1.2
pullPolicy: Always
# flag to enable debugging - application support required
- ""
- -n
- ""
+ - -b
+ - "{{ .Values.global.env.tomcatDir }}"
env:
- name: CATALINA_OPTS
value: >
## GKE, AWS & OpenStack)
##
# storageClass: "-"
- accessMode: ReadWriteMany
+ accessMode: ReadWriteOnce
size: 2Gi
mountPath: /dockerdata-nfs
mountSubPath: portal/cassandra/data
# if command starts with an option, prepend mysqld
if [ "${1:0:1}" = '-' ]; then
- set -- mysqld "$@"
+ set -- mysqld "$@"
fi
# skip setup if they want an option that stops mysqld
wantHelp=
for arg; do
- case "$arg" in
- -'?'|--help|--print-defaults|-V|--version)
- wantHelp=1
- break
- ;;
- esac
+ case "$arg" in
+ -'?'|--help|--print-defaults|-V|--version)
+ wantHelp=1
+ break
+ ;;
+ esac
done
# usage: file_env VAR [DEFAULT]
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
- local var="$1"
- local fileVar="${var}_FILE"
- local def="${2:-}"
- if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
- echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
- exit 1
- fi
- local val="$def"
- if [ "${!var:-}" ]; then
- val="${!var}"
- elif [ "${!fileVar:-}" ]; then
- val="$(< "${!fileVar}")"
- fi
- export "$var"="$val"
- unset "$fileVar"
+ local var="$1"
+ local fileVar="${var}_FILE"
+ local def="${2:-}"
+ if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+ echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+ exit 1
+ fi
+ local val="$def"
+ if [ "${!var:-}" ]; then
+ val="${!var}"
+ elif [ "${!fileVar:-}" ]; then
+ val="$(< "${!fileVar}")"
+ fi
+ export "$var"="$val"
+ unset "$fileVar"
}
_check_config() {
- toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" )
- if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
- cat >&2 <<-EOM
-
- ERROR: mysqld failed while attempting to check config
- command was: "${toRun[*]}"
-
- $errors
- EOM
- exit 1
- fi
+ toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" )
+ if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
+ cat >&2 <<-EOM
+ ERROR: mysqld failed while attempting to check config
+ command was: "${toRun[*]}"
+ $errors
+ EOM
+ exit 1
+ fi
}
# Fetch value from server config
# We use mysqld --verbose --help instead of my_print_defaults because the
# latter only show values present in config files, and not server defaults
_get_config() {
- local conf="$1"; shift
- "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null | awk '$1 == "'"$conf"'" { print $2; exit }'
+ local conf="$1"; shift
+ "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
+ | awk '$1 == "'"$conf"'" && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
+ # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)"
}
# allow the container to be started with `--user`
if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then
- _check_config "$@"
- DATADIR="$(_get_config 'datadir' "$@")"
- mkdir -p "$DATADIR"
- find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
- exec gosu mysql "$BASH_SOURCE" "$@"
+ _check_config "$@"
+ DATADIR="$(_get_config 'datadir' "$@")"
+ mkdir -p "$DATADIR"
+ find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
+ exec gosu mysql "$BASH_SOURCE" "$@"
fi
if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
- # still need to check config, container may have started with --user
- _check_config "$@"
- # Get config
- DATADIR="$(_get_config 'datadir' "$@")"
-
- if [ ! -d "$DATADIR/mysql" ]; then
- file_env 'MYSQL_ROOT_PASSWORD'
- if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- echo >&2 'error: database is uninitialized and password option is not specified '
- echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
- exit 1
- fi
-
- mkdir -p "$DATADIR"
-
- echo 'Initializing database'
- # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
- mysql_install_db --datadir="$DATADIR" --rpm "${@:2}"
- echo 'Database initialized'
-
- SOCKET="$(_get_config 'socket' "$@")"
- "$@" --skip-networking --socket="${SOCKET}" &
- pid="$!"
-
- mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" )
-
- for i in {60..0}; do
- if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then
- break
- fi
- echo 'MySQL init process in progress...'
- sleep 1
- done
- if [ "$i" = 0 ]; then
- echo >&2 'MySQL init process failed.'
- exit 1
- fi
-
- if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
- # sed is for https://bugs.mysql.com/bug.php?id=20545
- mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
- fi
-
- if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
- echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
- fi
-
- rootCreate=
- # default root to listen for connections from anywhere
- file_env 'MYSQL_ROOT_HOST' '%'
- if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then
- # no, we don't care if read finds a terminating character in this heredoc
- # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
- read -r -d '' rootCreate <<-EOSQL || true
- CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
- GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
- EOSQL
- fi
-
- "${mysql[@]}" <<-EOSQL
- -- What's done in this file shouldn't be replicated
- -- or products like mysql-fabric won't work
- SET @@SESSION.SQL_LOG_BIN=0;
-
- DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
- SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
- GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
- ${rootCreate}
- DROP DATABASE IF EXISTS test ;
- FLUSH PRIVILEGES ;
- EOSQL
-
- if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
- mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
- fi
-
- file_env 'MYSQL_DATABASE'
- if [ "$MYSQL_DATABASE" ]; then
- echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
- mysql+=( "$MYSQL_DATABASE" )
- fi
-
- file_env 'MYSQL_USER'
- file_env 'MYSQL_PASSWORD'
- if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
- echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}"
-
- if [ "$MYSQL_DATABASE" ]; then
- echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
- fi
- fi
-
- echo
- for f in /docker-entrypoint-initdb.d/*; do
- case "$f" in
- *.sh) echo "$0: running $f"; . "$f" ;;
- *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;;
- *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;;
- *) echo "$0: ignoring $f" ;;
- esac
- echo
- done
-
- if ! kill -s TERM "$pid" || ! wait "$pid"; then
- echo >&2 'MySQL init process failed.'
- exit 1
- fi
-
- echo
- echo 'MySQL init process done. Ready for start up.'
- echo
- fi
+ # still need to check config, container may have started with --user
+ _check_config "$@"
+ # Get config
+ DATADIR="$(_get_config 'datadir' "$@")"
+
+ if [ ! -d "$DATADIR/mysql" ]; then
+ file_env 'MYSQL_ROOT_PASSWORD'
+ if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+ echo >&2 'error: database is uninitialized and password option is not specified '
+ echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
+ exit 1
+ fi
+
+ mkdir -p "$DATADIR"
+
+ echo 'Initializing database'
+ installArgs=( --datadir="$DATADIR" --rpm )
+ if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then
+ # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
+ # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
+ # (this flag doesn't exist in 10.0 and below)
+ installArgs+=( --auth-root-authentication-method=normal )
+ fi
+ # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
+ mysql_install_db "${installArgs[@]}" "${@:2}"
+ echo 'Database initialized'
+
+ SOCKET="$(_get_config 'socket' "$@")"
+ "$@" --skip-networking --socket="${SOCKET}" &
+ pid="$!"
+
+ mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" )
+
+ for i in {60..0}; do
+ if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then
+ break
+ fi
+ echo 'MySQL init process in progress...'
+ sleep 1
+ done
+ if [ "$i" = 0 ]; then
+ echo >&2 'MySQL init process failed.'
+ exit 1
+ fi
+
+ if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
+ # sed is for https://bugs.mysql.com/bug.php?id=20545
+ mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
+ fi
+
+ if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+ export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
+ echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
+ fi
+
+ rootCreate=
+ # default root to listen for connections from anywhere
+ file_env 'MYSQL_ROOT_HOST' '%'
+ if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then
+ # no, we don't care if read finds a terminating character in this heredoc
+ # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
+ read -r -d '' rootCreate <<-EOSQL || true
+ CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
+ GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
+ EOSQL
+ fi
+
+ "${mysql[@]}" <<-EOSQL
+ -- What's done in this file shouldn't be replicated
+ -- or products like mysql-fabric won't work
+ SET @@SESSION.SQL_LOG_BIN=0;
+ DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
+ SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
+ GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
+ ${rootCreate}
+ DROP DATABASE IF EXISTS test ;
+ FLUSH PRIVILEGES ;
+ EOSQL
+
+ if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
+ mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
+ fi
+
+ file_env 'MYSQL_DATABASE'
+ if [ "$MYSQL_DATABASE" ]; then
+ echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
+ mysql+=( "$MYSQL_DATABASE" )
+ fi
+
+ file_env 'MYSQL_USER'
+ file_env 'MYSQL_PASSWORD'
+ if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
+ echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}"
+
+ if [ "$MYSQL_DATABASE" ]; then
+ echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
+ fi
+ fi
+
+ echo
+ for f in /docker-entrypoint-initdb.d/*; do
+ case "$f" in
+ *.sh) echo "$0: running $f"; . "$f" ;;
+ *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;;
+ *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;;
+ *) echo "$0: ignoring $f" ;;
+ esac
+ echo
+ done
+
+ if ! kill -s TERM "$pid" || ! wait "$pid"; then
+ echo >&2 'MySQL init process failed.'
+ exit 1
+ fi
+
+ echo
+ echo 'MySQL init process done. Ready for start up.'
+ echo
+ fi
fi
exec "$@"
\ No newline at end of file
## GKE, AWS & OpenStack)
##
# storageClass: "-"
- accessMode: ReadWriteMany
+ accessMode: ReadWriteOnce
size: 2Gi
mountPath: /dockerdata-nfs
mountSubPath: portal/mariadb/data
global:
env:
- tomcatDir: "/opt/apache-tomcat-8.0.37"
+ tomcatDir: "/usr/local/tomcat"
# portal frontend port
portalPort: "8989"
portalFEPort: "30225"
-Subproject commit b6b5b0e6f8880e3a922a2fef97e95e5013475228
+Subproject commit db5b5ffbd1e2281664a42ea128cde83f3dd6c8ff
debugEnabled: false
config:
- javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=4000,server=y,suspend=n -Xmx1536m -Xms1536m"
+ javaOptions: "-Xmx1536m -Xms1536m"
cassandraSslEnabled: "false"
# default number of instances
## GKE, AWS & OpenStack)
##
# storageClass: "-"
- accessMode: ReadWriteMany
+ accessMode: ReadWriteOnce
size: 2Gi
mountPath: /dockerdata-nfs
mountSubPath: /sdc/sdc-cs/CS
## GKE, AWS & OpenStack)
##
# storageClass: "-"
- accessMode: ReadWriteMany
+ accessMode: ReadWriteOnce
size: 2Gi
mountPath: /dockerdata-nfs
mountSubPath: /sdc/sdc-es/ES
pullPolicy: Always
config:
- javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=6000,server=y,suspend=n -Xmx256m -Xms256m"
+ javaOptions: "-Xmx256m -Xms256m"
plugins:
dcae_discovery_url: "http://sdc-dcae-fe:8183/dcaed/#/home"
dcae_source_url: "http://sdc.dcae.plugin.simpledemo.onap.org:30263/dcaed/#/home"
debugEnabled: false
config:
- javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=4001,server=y,suspend=n -Xmx1g -Xms1g"
+ javaOptions: "-Xmx1g -Xms1g"
cassandraSslEnabled: "false"
# default number of instances
## GKE, AWS & OpenStack)
##
# storageClass: "-"
- accessMode: ReadWriteMany
+ accessMode: ReadWriteOnce
size: 2Gi
mountPath: /dockerdata-nfs
mountSubPath: /sdc/sdc-cs/CS
enabled: true
config:
- javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7001,server=y,suspend=n -Xmx1536m -Xms1536m"
+ javaOptions: "-Xmx1536m -Xms1536m"
cassandraAuthenticationEnabled: true
cassandraThriftClientPort: 9160
cassandraClientPort: 9042
debugEnabled: false
config:
- javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7000,server=y,suspend=n -Xmx256m -Xms256m"
+ javaOptions: "-Xmx256m -Xms256m"
backendServerURL: "http://sdc-wfd-be:8080"
isHttpsEnabled: true
type: NodePort
name: sdnc-portal
portName: sdnc-portal
- internalPort: 8843
- externalPort: 8843
+ internalPort: 8443
+ externalPort: 8443
nodePort: "01"
ingress:
- name: common
version: ~5.x-0
repository: '@local'
- - name: cds
- version: ~5.x-0
- repository: '@local'
- condition: cds.enabled
- name: network-name-gen
version: ~5.x-0
repository: '@local'
# dependency / sub-chart configuration
cds:
- enabled: true
+ enabled: false
dmaap-listener:
nameOverride: sdnc-dmaap-listener
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/bpmn-infra:1.5.1
+image: onap/so/bpmn-infra:1.5.2
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/catalog-db-adapter:1.5.1
+image: onap/so/catalog-db-adapter:1.5.2
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/so-monitoring:1.5.1
+image: onap/so/so-monitoring:1.5.2
pullPolicy: Always
replicaCount: 1
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.5.1
+image: onap/so/openstack-adapter:1.5.2
pullPolicy: Always
repository: nexus3.onap.org:10001
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/request-db-adapter:1.5.1
+image: onap/so/request-db-adapter:1.5.2
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdc-controller:1.5.1
+image: onap/so/sdc-controller:1.5.2
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdnc-adapter:1.5.1
+image: onap/so/sdnc-adapter:1.5.2
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vfc-adapter:1.5.1
+image: onap/so/vfc-adapter:1.5.2
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vnfm-adapter:1.5.1
+image: onap/so/vnfm-adapter:1.5.2
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/api-handler-infra:1.5.1
+image: onap/so/api-handler-infra:1.5.2
pullPolicy: Always
replicaCount: 1
# application image
repository: nexus3.onap.org:10001
-image: onap/vid:5.0.1
+image: onap/vid:5.0.2
pullPolicy: Always
# mariadb image for initializing
Code Review / oom.git / commitdiff