.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2018 Amdocs, Bell Canada
+.. _master_index:
OOM Documentation Repository
.. International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2019 Amdocs, Bell Canada
+.. _oom_cloud_setup_guide:
.. Links
.. _Microsoft Azure: https://wiki.onap.org/display/DW/Cloud+Native+Deployment#CloudNativeDeployment-MicrosoftAzure
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| AAI/MODEL-LOADER | Yes | Yes | No | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.keyfile |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.p12 |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| SDC | Yes | No? | No? | kubernetes/sdc/resources/cert |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| SO | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2018 Amdocs, Bell Canada
+.. _oom_project_description:
ONAP Operations Manager Project
###############################
.. Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2019 Amdocs, Bell Canada
-
+.. _oom_quickstart_guide:
.. _quick-start-label:
OOM Quick Start Guide
where <BRANCH> can be an offical release tag, such as
4.0.0-ONAP for Dublin
5.0.1-ONAP for El Alto
+6.0.0-ONAP for Frankfurt
**Step 2.** Install Helm Plugins required to deploy ONAP::
d. Update the OpenStack parameters that will be used by robot, SO and APPC helm
charts or use an override file to replace them.
+ e. Add in the command line a value for the global master password (global.masterPassword).
c. Generating SO Encrypted Password:
The SO Encrypted Password uses a java based encryption utility since the
Java encryption library is not easy to integrate with openssl/python that
-ROBOT uses in Dublin.
+ROBOT uses in Dublin and upper versions.
.. note::
To generate SO ``openStackEncryptedPasswordHere`` and ``openStackSoEncryptedPassword``
d. Update the OpenStack parameters:
-There are assumptions in the demonstration VNF heat templates about the networking
-available in the environment. To get the most value out of these templates and the
-automation that can help confirm the setup is correct, please observe the following
+There are assumptions in the demonstration VNF heat templates about the networking
+available in the environment. To get the most value out of these templates and the
+automation that can help confirm the setup is correct, please observe the following
constraints.
+
``openStackPublicNetId:``
This network should allow heat templates to add interfaces.
This need not be an external network, floating IPs can be assigned to the ports on
setting but for the demonstration VNFs the ip asssignment strategy assumes 10.0 ip prefix.
-Example Keystone v2.0
+Example Keystone v2.0
.. literalinclude:: example-integration-override.yaml
:language: yaml
:language: yaml
-
**Step 4.** To setup a local Helm server to server up the ONAP charts::
> helm serve &
single command
.. note::
- The ``--timeout 900`` is currently required in Dublin to address long running initialization tasks
- for DMaaP and SO. Without this timeout value both applications may fail to deploy.
+ The ``--timeout 900`` is currently required in Dublin and up to address long
+ running initialization tasks for DMaaP and SO. Without this timeout value both
+ applications may fail to deploy.
+
+.. danger::
+ We've added the master password on the command line.
+ You shouldn't put it in a file for safety reason
+ please don't forget to change the value to something random
+
+ A space is also added in front of the command so "history" doesn't catch it.
+ This masterPassword is very sensitive, please be careful!
+
To deploy all ONAP applications use this command::
> cd oom/kubernetes
- > helm deploy dev local/onap --namespace onap -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900
+ > helm deploy dev local/onap --namespace onap --set global.masterPassword=myAwesomePasswordThatINeedToChange -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900
All override files may be customized (or replaced by other overrides) as per needs.
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2018 Amdocs, Bell Canada
+.. _oom_user_guide:
.. Links
.. _Curated applications for Kubernetes: https://github.com/kubernetes/charts
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2017 Bell Canada & Amdocs Intellectual Property. All rights
.. reserved.
+.. _release_notes:
.. Links
.. _release-notes-label:
* Automated rolling upgrades for applications
* In-place schema and data migrations
* Blue-Green deployment environment migration (e.g. Pre-prod to Prod)
- * Upgrades from embedded database instance into shared database instance
+ * Upgrades from embedded database instance into shared database instance
* Release-to-release upgrade support delivered for the following projects
* [`OOM-52 <https://jira.onap.org/browse/OOM-52>`_] - OOM ONAP Configuration Management - Parameterization of docker images
* [`OOM-53 <https://jira.onap.org/browse/OOM-53>`_] - OOM ONAP Configuration Management - Parameterization for Sizing
* [`OOM-63 <https://jira.onap.org/browse/OOM-63>`_] - Kubernetes cluster created by TOSCA description
-* [`OOM-85 <https://jira.onap.org/browse/OOM-85>`_] - Test the code in the “Lab” project environment
+* [`OOM-85 <https://jira.onap.org/browse/OOM-85>`_] - Test the code in the "Lab" project environment
* [`OOM-86 <https://jira.onap.org/browse/OOM-86>`_] - Monitoring the health status of ONAP components
* [`OOM-87 <https://jira.onap.org/browse/OOM-87>`_] - Configure TOSCA description via dashboard
* [`OOM-88 <https://jira.onap.org/browse/OOM-88>`_] - Deploy Holmes on K8S cluster by TOSCA description
-Subproject commit 9b27009ab70a2d4fccd43247f7dbb887cb944293
+Subproject commit 0c4cd899d53538202c23030ab278984897aede94
{{- default $name .Values.service.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
+{{/*
+ Resolve the prefix node port to use. We look at these different values in
+ order of priority (first found, first chosen)
+ - .Values.service.nodePortPrefixOverride: override value for nodePort which
+ will be use locally;
+ - .Values.global.nodePortPrefix : global value for nodePort which will
+ be used for all charts (unless
+ previous one is used);
+ - .Values.global.nodePortPrefixExt : global value for nodePort which will
+ be used for all charts (unless
+ previous one is used) if
+ useNodePortExt is set to true in
+ service or on port;
+ - .Values.service.nodePortPrefix : value used on a pert chart basis if
+ no other version exists.
+
+ The function takes two arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .useNodePortExt : does the port use the "extended" nodeport part or the
+ normal one?
+*/}}
+{{- define "common.nodePortPrefix" -}}
+{{- $dot := default . .dot -}}
+{{- $useNodePortExt := default false .useNodePortExt -}}
+{{- if or $useNodePortExt $dot.Values.service.useNodePortExt -}}
+{{ $dot.Values.service.nodePortPrefixOverride | default $dot.Values.global.nodePortPrefixExt | default $dot.Values.nodePortPrefix }}
+{{- else -}}
+{{ $dot.Values.service.nodePortPrefixOverride | default $dot.Values.global.nodePortPrefix | default $dot.Values.nodePortPrefix }}
+{{- end -}}
+{{- end -}}
+
{{/* Define the metadata of Service
The function takes from one to four arguments (inside a dictionary):
- .dot : environment (.)
name: {{ $port.name }}
{{- end }}
{{- if (eq $serviceType "NodePort") }}
- nodePort: {{ $dot.Values.global.nodePortPrefix | default $dot.Values.nodePortPrefix }}{{ $port.nodePort }}
+ nodePort: {{ include "common.nodePortPrefix" (dict "dot" $dot "portNodePortExt" $port.useNodePortExt) }}{{ $port.nodePort }}
{{- end }}
{{- else }}
- port: {{ default $port.port $port.plain_port }}
# application configuration
config:
# .mariadbRootPasswordExternalSecret: 'some-external-secret'
- mariadbRootPassword: secretpassword
+ # mariadbRootPassword: secretpassword
# .userCredentialsExternalSecret: 'some-external-secret'
userName: my-user
# userPassword: my-password
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.4
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.5
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.2
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.3
# Resource Limit flavor -By Default using small
flavor: small
-Dserver.ssl.key-store-password=$cadi_keystore_password_p12 \
-Djavax.net.ssl.trustStoreType=jks\
-Djava.security.egd=file:/dev/./urandom -Dserver.port=8443"
- {{- if eq "DEBUG" .Values.config.loglevel }}
- export JAVA_DEBUG="-Djavax.net.debug=all"
- {{- end }}
- exec java -XX:+UseContainerSupport $JAVA_DEBUG $JAVA_OPTS -jar /opt/onap/app.jar
+ exec java -XX:+UseContainerSupport $JAVA_OPTS -jar /opt/onap/app.jar
{{- end }}
{{ if .Values.liveness.enabled }}
livenessProbe:
value: {{ .Values.so_authorization }}
{{- end }}
- name: DMAAP_HOST
- value: "http://message-router.{{ include "common.namespace" . }}:3904"
+ value: "https://message-router.{{ include "common.namespace" . }}:3905"
- name: LOGGING_LEVEL_ORG_ONAP_NBI
value: {{ .Values.config.loglevel }}
- name: MSB_ENABLED
# application image
repository: nexus3.onap.org:10001
-image: onap/externalapi/nbi:6.0.1
+image: onap/externalapi/nbi:6.0.2
pullPolicy: IfNotPresent
sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=
aai_authorization: Basic QUFJOkFBSQ==
multicloud:
enabled: false
nbi:
- enabled: false
+ enabled: true
config:
# openstack configuration
openStackRegion: "Yolo"
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/bin/bash","-c"]
- args: ["nginx && /usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port=80 --die-on-term --exit-on-reload --logto /opt/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:80"]
+ args: ["nginx && /usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port=80 --die-on-term --exit-on-reload --logto /var/log/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:80"]
ports:
- containerPort: {{ .Values.liveness.periodSeconds }}
# disable liveness probe when breakpoints set in debugger
class=handlers.TimedRotatingFileHandler
level=NOTSET
formatter=generic
-args=('application.log','midnight', 1, 10)
+args=('/var/log/application.log','midnight', 1, 10)
[handler_audithand]
class=handlers.TimedRotatingFileHandler
level=INFO
formatter=audit
-args=('audit.log', 'midnight', 1, 10)
+args=('/var/log/audit.log', 'midnight', 1, 10)
[handler_metrichand]
class=handlers.TimedRotatingFileHandler
level=INFO
formatter=metric
-args=('metric.log','midnight', 1, 10)
+args=('/var/log/metric.log','midnight', 1, 10)
[handler_errhand]
class=handlers.TimedRotatingFileHandler
level=ERROR
formatter=error
-args=('error.log','midnight', 1, 10)
+args=('/var/log/error.log','midnight', 1, 10)
[handler_debughand]
class=handlers.TimedRotatingFileHandler
level=DEBUG
formatter=generic
-args=('debug.log','midnight', 1, 10)
+args=('/var/log/debug.log','midnight', 1, 10)
[formatters]
keys=generic,audit,metric,error
REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/
REST_PDP_ID=https://{{ .Values.global.pdp.nameOverride }}:{{.Values.config.pdpPort}}/pdp/
-PDP_HTTP_USER_ID=testpdp
-PDP_HTTP_PASSWORD=alpha123
-PDP_PAP_PDP_HTTP_USER_ID=testpap
-PDP_PAP_PDP_HTTP_PASSWORD=alpha123
+PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID}
+PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD}
+PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID}
+PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD}
M2_HOME=/usr/share/java/maven-3
snapshotRepositoryID=policy-nexus-snapshots
releaseRepositoryID=policy-nexus-releases
releaseRepositoryName=Releases
releaseRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases
-repositoryUsername=admin
-repositoryPassword=admin123
+repositoryUsername=${REPOSITORY_USERNAME}
+repositoryPassword=${REPOSITORY_PASSWORD}
UEB_URL=message-router
UEB_TOPIC=PDPD-CONFIGURATION
UEB_API_KEY=
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: JDBC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
+ - name: REPOSITORY_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
+ - name: REPOSITORY_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ volumeMounts:
+ - mountPath: /config-input
+ name: pe
+ - mountPath: /config
+ name: pe-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /root/ready.py
args:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: JDBC_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
+ - name: REPOSITORY_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
+ - name: REPOSITORY_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
+ volumeMounts:
ports:
- containerPort: {{ .Values.service.externalPort }}
{{- if eq .Values.liveness.enabled true }}
name: pe-brmsgw
subPath: brmsgw.conf
- mountPath: /tmp/policy-install/config/base.conf
- name: pe
+ name: pe-processed
subPath: base.conf
- mountPath: /tmp/policy-install/do-start.sh
name: pe-scripts
configMap:
name: {{ include "common.fullname" . }}-pe-configmap
defaultMode: 0755
+ - name: pe-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
nodePortPrefix: 302
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
+ envsubstImage: dibi/envsubst
#################################################################
# Secrets metaconfig
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
+ - uid: pdp-http-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
+ login: '{{ .Values.pdp.pdphttpuserid }}'
+ password: '{{ .Values.pdp.pdphttppassword }}'
+ passwordPolicy: required
+ - uid: pap-http-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
+ login: '{{ .Values.pap.pdppappdphttpuserid }}'
+ password: '{{ .Values.pap.pdppappdphttppassword }}'
+ passwordPolicy: required
+ - uid: nexus-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.nexus.nexusCredsExternalSecret) . }}'
+ login: '{{ .Values.nexus.repositoryUsername }}'
+ password: '{{ .Values.nexus.repositoryPassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.1
+image: onap/policy-pe:1.6.2
pullPolicy: Always
# flag to enable debugging - application support required
db:
user: policy_user
password: policy_user
+pdp:
+ pdphttpuserid: testpdp
+ pdphttppassword: alpha123
+pap:
+ pdppappdphttpuserid: testpap
+ pdppappdphttppassword: alpha123
+nexus:
+ repositoryUsername: admin
+ repositoryPassword: admin123
# default number of instances
replicaCount: 1
http.server.services.HEALTHCHECK.aaf=${envd:AAF:false}
http.server.services.HEALTHCHECK.serialization.provider=org.onap.policy.common.gson.JacksonHandler,org.onap.policy.common.endpoints.http.server.YamlJacksonHandler
-http.client.services=PAP
+http.client.services=PAP,PDP
http.client.services.PAP.host={{ .Values.global.pap.nameOverride }}
http.client.services.PAP.port=9091
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pdpd-cl:1.6.0
+image: onap/policy-pdpd-cl:1.6.1
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pap:2.2.0
+image: onap/policy-pap:2.2.1
pullPolicy: Always
# flag to enable debugging - application support required
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: JDBC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: pe
+ - mountPath: /config
+ name: pe-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /root/ready.py
args:
name: localtime
readOnly: true
- mountPath: /tmp/policy-install/config/base.conf
- name: pe
+ name: pe-processed
subPath: base.conf
- mountPath: /tmp/policy-install/config/pdp-tweaks.sh
name: pe-pdp
configMap:
name: {{ include "common.fullname" . }}-pe-configmap
defaultMode: 0755
+ - name: pe-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.1
+image: onap/policy-pe:1.6.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-apex-pdp:2.3.0
+image: onap/policy-apex-pdp:2.3.1
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-api:2.2.1
+image: onap/policy-api:2.2.2
pullPolicy: Always
# flag to enable debugging - application support required
JDBC_DRIVER=org.mariadb.jdbc.Driver
JDBC_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/onap_sdk?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
JDBC_LOG_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/log?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
-JDBC_USER={{ .Values.global.mariadb.config.userName }}
-JDBC_PASSWORD={{ .Values.global.mariadb.config.userPassword }}
+
+JDBC_USER=${JDBC_USER}
+JDBC_PASSWORD=${JDBC_PASSWORD}
site_name=site_1
fp_monitor_interval=30
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-distribution:2.3.0
+image: onap/policy-distribution:2.3.1
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-xacml-pdp:2.2.0
+image: onap/policy-xacml-pdp:2.2.1
pullPolicy: Always
# flag to enable debugging - application support required
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: JDBC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: pe
+ - mountPath: /config
+ name: pe-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /root/ready.py
args:
name: pe-pap
subPath: console.conf
- mountPath: /tmp/policy-install/config/base.conf
- name: pe
+ name: pe-processed
subPath: base.conf
- mountPath: /tmp/policy-install/do-start.sh
name: pe-scripts
configMap:
name: {{ include "common.fullname" . }}-pe-configmap
defaultMode: 0755
+ - name: pe-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- /dbcmd-config/db.sh
env:
- name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-secret
- key: db-root-password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 10 }}
- name: MYSQL_HOST
value: "{{ index .Values "mariadb-galera" "service" "name" }}"
- name: MYSQL_USER
- value: "{{ index .Values "mariadb-galera" "config" "userName" }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: MYSQL_PORT
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
restartPolicy: Never
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-secret
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-user-password: {{ index .Values "mariadb-galera" "config" "userPassword" | b64enc | quote }}
- db-root-password: {{ index .Values "mariadb-galera" "config" "mariadbRootPassword" | b64enc | quote }}
+{{ include "common.secretFast" . }}
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ envsubstImage: dibi/envsubst
ubuntuImage: ubuntu:16.04
pdp:
nameOverride: pdp
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
config: &mariadbConfig
- userName: policy_user
- userPassword: policy_user
- mariadbRootPassword: secret
mysqlDatabase: policyadmin
service: &mariadbService
name: policy-mariadb
portName: mysql-policy
internalPort: 3306
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-password
+ name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret"))}}'
+ password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}'
+ policy: generate
+ - uid: db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ passwordPolicy: generate
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.1
+image: onap/policy-pe:1.6.2
mariadb_image: library/mariadb:10
pullPolicy: Always
subChartsOnly:
enabled: true
+db: &dbSecretsHook
+ credsExternalSecret: *dbSecretName
+
pap:
nameOverride: pap
+ db: *dbSecretsHook
pdp:
nameOverride: pdp
+ db: *dbSecretsHook
drools:
nameOverride: drools
-brmwgw:
+ db: *dbSecretsHook
+brmsgw:
nameOverride: brmsgw
+ db: *dbSecretsHook
+policy-api:
+ db: *dbSecretsHook
+policy-xacml-pdp:
+ db: *dbSecretsHook
+
nexus:
nameOverride: nexus
mariadb-galera:
# mariadb-galera.config and global.mariadb.config must be equals
- config: *mariadbConfig
+ config:
+ <<: *mariadbConfig
+ userName: policy_user
+ mariadbRootPasswordExternalSecret: *dbRootPassSecretName
+ userCredentialsExternalSecret: *dbSecretName
nameOverride: policy-mariadb
# mariadb-galera.service and global.mariadb.service must be equals
service: *mariadbService
loggingImage: beats/filebeat:5.5.0
#AAF service
aafEnabled: true
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
#################################################################
# Application configuration defaults.
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-app:2.6.0
+image: onap/portal-app:3.2.0
pullPolicy: Always
#AAF local config
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-db:2.6.0
+image: onap/portal-db:3.2.0
pullPolicy: Always
readinessImage: readiness-check:2.0.0
persistence: {}
#AAF service
aafEnabled: true
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
#################################################################
# Application configuration defaults.
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-sdk:2.6.0
+image: onap/portal-sdk:3.2.0
pullPolicy: Always
#AAF local config
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-wms:2.6.0
+image: onap/portal-wms:3.2.0
pullPolicy: Always
# flag to enable debugging - application support required
-Subproject commit 7f37c3cd610edd911a8b68e2118212d9ec8149d6
+Subproject commit 431689c7879a92be54477f13f8e39908db5f07f2
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
sdnc.odl.user=${ODL_USER}
sdnc.odl.password=${ODL_PASSWORD}
-sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
sdnc.odl.user=${ODL_USER}
sdnc.odl.password=${ODL_PASSWORD}
-sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
--- /dev/null
+TransportType=HTTPNOAUTH
+Latitude =50.000000
+Longitude =-100.000000
+Version =1.0
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+Environment =TEST
+Partner =
+routeOffer=MR1
+SubContextPath =/
+Protocol =http
+MethodType =GET
+username =UNUSED
+password =UNUSED
+contenttype =application/json
+authKey=UNUSED
+authDate=UNUSED
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+topic=CM-NOTIFICATION
+group=users
+id=sdnc1
+timeout=15000
+limit=1000
+filter=
+AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler
+AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler
+AFT_DME2_REQ_TRACE_ON=true
+AFT_ENVIRONMENT=AFTUAT
+AFT_DME2_EP_CONN_TIMEOUT=15000
+AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000
+AFT_DME2_EP_READ_TIMEOUT_MS=50000
+sessionstickinessrequired=NO
+DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
+sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
--- /dev/null
+TransportType=HTTPNOAUTH
+Latitude =50.000000
+Longitude =-100.000000
+Version =1.0
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+Environment =TEST
+Partner =
+routeOffer=MR1
+SubContextPath =/
+Protocol =http
+MethodType =GET
+username =UNUSED
+password =UNUSED
+contenttype =application/json
+authKey=UNUSED
+authDate=UNUSED
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+topic=A1-P
+group=users
+id=sdnc1
+timeout=15000
+limit=1000
+filter=
+AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler
+AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler
+AFT_DME2_REQ_TRACE_ON=true
+AFT_ENVIRONMENT=AFTUAT
+AFT_DME2_EP_CONN_TIMEOUT=15000
+AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000
+AFT_DME2_EP_READ_TIMEOUT_MS=50000
+sessionstickinessrequired=NO
+DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
+sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
--- /dev/null
+TransportType=HTTPNOAUTH
+Latitude =50.000000
+Longitude =-100.000000
+Version =1.0
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+Environment =TEST
+Partner =
+routeOffer=MR1
+SubContextPath =/
+Protocol =http
+MethodType =GET
+username =UNUSED
+password =UNUSED
+contenttype =application/json
+authKey=UNUSED
+authDate=UNUSED
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+topic=SDNR-CL
+group=users
+id=sdnc1
+timeout=15000
+limit=1000
+filter=
+AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler
+AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler
+AFT_DME2_REQ_TRACE_ON=true
+AFT_ENVIRONMENT=AFTUAT
+AFT_DME2_EP_CONN_TIMEOUT=15000
+AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000
+AFT_DME2_EP_READ_TIMEOUT_MS=50000
+sessionstickinessrequired=NO
+DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
+sdnc.odl.user=$(ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
+sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
sdnc.odl.user=${ODL_USER}
sdnc.odl.password=${ODL_PASSWORD}
-sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file
- mountPath: {{ .Values.config.configDir }}/aai.properties
name: properties
subPath: aai.properties
+ - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-CMNotify.properties
+ name: properties
+ subPath: dmaap-consumer-CMNotify.properties
+ - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-a1Adapter-policy.properties
+ name: properties
+ subPath: dmaap-consumer-a1Adapter-policy.properties
+ - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-oofpcipoc.properties
+ name: properties
+ subPath: dmaap-consumer-oofpcipoc.properties
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-dmaap-listener-image:1.8.0
+image: onap/sdnc-dmaap-listener-image:1.8.1
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ansible-server-image:1.8.0
+image: onap/sdnc-ansible-server-image:1.8.1
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/admportal-sdnc-image:1.8.0
+image: onap/admportal-sdnc-image:1.8.1
config:
dbFabricDB: mysql
dbFabricUser: admin
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ueb-listener-image:1.8.0
+image: onap/sdnc-ueb-listener-image:1.8.1
pullPolicy: Always
# flag to enable debugging - application support required
# application images
repository: nexus3.onap.org:10001
pullPolicy: Always
-image: onap/sdnc-image:1.8.0
+image: onap/sdnc-image:1.8.1
# flag to enable debugging - application support required
pollTimeout: 7500
pollInterval: 15
mso:
+ adapters:
+ requestDb:
+ endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}}
logPath: ./logs/openstack
msb-ip: msb-iag.{{ include "common.namespace" . }}
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/gvnfmdriver:1.3.8
+image: onap/vfc/gvnfmdriver:1.3.9
pullPolicy: Always
#Istio sidecar injection policy
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nslcm:1.3.8
+image: onap/vfc/nslcm:1.3.9
pullPolicy: Always
#Istio sidecar injection policy
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnflcm:1.3.8
+image: onap/vfc/vnflcm:1.3.9
pullPolicy: Always
#Istio sidecar injection policy