Merge "redisable contrib/netbox chart"

diff --git a/kubernetes/aai/charts/aai-data-router/resources/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-data-router/resources/config/auth/tomcat_keystore
index 9eec841..de5325b 100644 (file)
Binary files a/kubernetes/aai/charts/aai-data-router/resources/config/auth/tomcat_keystore and b/kubernetes/aai/charts/aai-data-router/resources/config/auth/tomcat_keystore differ

diff --git a/kubernetes/aai/charts/aai-data-router/resources/config/log/logback.xml b/kubernetes/aai/charts/aai-data-router/resources/config/log/logback.xml
new file mode 100644 (file)
index 0000000..d7ff014
--- /dev/null
+++ b/kubernetes/aai/charts/aai-data-router/resources/config/log/logback.xml
@@ -0,0 +1,193 @@
+<!--
+    ============LICENSE_START=======================================================
+    org.onap.aai
+    ================================================================================
+    Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+    Copyright © 2018 Amdocs
+    ================================================================================
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+    ============LICENSE_END=========================================================
+-->
+<configuration scan="true" scanPeriod="3 seconds" debug="false">
+  <!--<jmxConfigurator /> -->
+  <!-- directory path for all other type logs -->
+
+  <property name="logDir"  value="/var/log/onap" />
+
+  <!--  specify the component name -->
+  <property name="componentName" value="AAI-DR" />
+
+  <!--  default eelf log file names -->
+  <property name="generalLogName" value="error" />
+  <property name="metricsLogName" value="metrics" />
+  <property name="auditLogName" value="audit" />
+  <property name="debugLogName" value="debug" />
+
+  <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|data-router|%mdc{PartnerName}|%logger||%.-5level|%msg%n" />
+  <property name="auditMetricPattern" value="%m%n" />
+
+  <property name="logDirectory" value="${logDir}/${componentName}" />
+
+  <!-- Example evaluator filter applied against console appender -->
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>${errorLogPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <!-- ============================================================================ -->
+  <!-- EELF Appenders -->
+  <!-- ============================================================================ -->
+
+  <!-- The EELFAppender is used to record events to the general application
+       log -->
+
+  <appender name="EELF"
+            class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${generalLogName}.log</file>
+    <rollingPolicy
+        class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip
+      </fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorLogPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+    <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>INFO</level>
+    </filter>
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELF" />
+  </appender>
+
+  <!-- EELF Audit Appender. This appender is used to record audit engine
+       related logging events. The audit logger and appender are specializations
+       of the EELF application root logger and appender. This can be used to segregate
+       Policy engine events from other components, or it can be eliminated to record
+       these events as part of the application root log. -->
+
+  <appender name="EELFAudit"
+            class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${auditLogName}.log</file>
+    <rollingPolicy
+        class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip
+      </fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${auditMetricPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFAudit" />
+  </appender>
+
+  <appender name="EELFMetrics"
+            class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${metricsLogName}.log</file>
+    <rollingPolicy
+        class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip
+      </fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
+           %msg%n"</pattern> -->
+      <pattern>${auditMetricPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFMetrics"/>
+  </appender>
+
+  <appender name="EELFDebug"
+            class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${debugLogName}.log</file>
+    <rollingPolicy
+        class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip
+      </fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorLogPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFDebug" />
+    <includeCallerData>false</includeCallerData>
+  </appender>
+
+  <!-- ============================================================================ -->
+  <!--  EELF loggers -->
+  <!-- ============================================================================ -->
+  <logger name="com.att.eelf" level="info" additivity="false">
+    <appender-ref ref="asyncEELF" />
+    <appender-ref ref="asyncEELFDebug" />
+  </logger>
+
+  <logger name="com.att.eelf.audit" level="info" additivity="false">
+    <appender-ref ref="asyncEELFAudit" />
+  </logger>
+  <logger name="com.att.eelf.metrics" level="info" additivity="false">
+    <appender-ref ref="asyncEELFMetrics" />
+  </logger>
+
+  <!-- Spring related loggers -->
+  <logger name="org.springframework" level="WARN" />
+  <logger name="org.springframework.beans" level="WARN" />
+  <logger name="org.springframework.web" level="WARN" />
+  <logger name="com.blog.spring.jms" level="WARN" />
+
+  <!-- Data Router service loggers -->
+  <logger name="org.onap.aai.data-router" level="INFO" />
+
+  <!-- Other Loggers that may help troubleshoot -->
+  <logger name="net.sf" level="WARN" />
+  <logger name="org.apache" level="WARN" />
+  <logger name="org.apache.commons.httpclient" level="WARN" />
+  <logger name="org.apache.commons" level="WARN" />
+  <logger name="org.apache.coyote" level="WARN" />
+  <logger name="org.apache.jasper" level="WARN" />
+
+  <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+       May aid in troubleshooting) -->
+  <logger name="org.apache.camel" level="WARN" />
+  <logger name="org.apache.cxf" level="WARN" />
+  <logger name="org.apache.camel.processor.interceptor" level="WARN" />
+  <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
+  <logger name="org.apache.cxf.service" level="WARN" />
+  <logger name="org.restlet" level="WARN" />
+  <logger name="org.apache.camel.component.restlet" level="WARN" />
+
+  <!-- logback internals logging -->
+  <logger name="ch.qos.logback.classic" level="WARN" />
+  <logger name="ch.qos.logback.core" level="WARN" />
+
+  <root>
+    <appender-ref ref="asyncEELF" />
+    <!-- <appender-ref ref="asyncEELFDebug" /> -->
+  </root>
+
+</configuration>

diff --git a/kubernetes/aai/charts/aai-data-router/resources/dynamic/conf/entity-event-policy.xml b/kubernetes/aai/charts/aai-data-router/resources/dynamic/conf/entity-event-policy.xml
index acfe0a5..60e71ec 100644 (file)
--- a/kubernetes/aai/charts/aai-data-router/resources/dynamic/conf/entity-event-policy.xml
+++ b/kubernetes/aai/charts/aai-data-router/resources/dynamic/conf/entity-event-policy.xml
@@ -34,9 +34,9 @@
     <property name="searchKeystore" value="tomcat_keystore" />
   </bean>
   
-  <bean id="consumerBeanEntityEvent" class="org.onap.aai.event.client.DMaaPEventConsumer " >
-    <constructor-arg name="host" value="message-router.{{.Release.Namespace}}:3904" />
-    <constructor-arg name="topic" value="AAI-EVENT" />
+  <bean id="consumerBeanEntityEvent" class="org.onap.aai.event.client.DMaaPEventConsumer" >
+    <constructor-arg name="host" value="message-router.{{.Release.Namespace}}:{{.Values.event.port.dmaap}}" />
+    <constructor-arg name="topic" value="{{.Values.event.consumer.topic}}" />
     <constructor-arg name="username" value="" />
     <constructor-arg name="password" value="" />
     <constructor-arg name="consumerGroup" value="datarouter" />
@@ -44,6 +44,8 @@
     <constructor-arg name="timeoutMs" value="1000" />
     <constructor-arg name="messageLimit" value="100" />
     <constructor-arg name="transportType" value="HTTPAUTH" />
+    <constructor-arg name="protocol" value="{{.Values.event.protocol}}" />
+    <constructor-arg name="contentType" value="application/json" />
   </bean>
 
   <bean id="entityEventPolicy" class="org.onap.aai.datarouter.policy.EntityEventPolicy" init-method="startup" >

diff --git a/kubernetes/aai/charts/aai-data-router/templates/configmap.yaml b/kubernetes/aai/charts/aai-data-router/templates/configmap.yaml
index 6cfc3be..23d3dbb 100644 (file)
--- a/kubernetes/aai/charts/aai-data-router/templates/configmap.yaml
+++ b/kubernetes/aai/charts/aai-data-router/templates/configmap.yaml
@@ -38,3 +38,29 @@ metadata:
 data:
 {{ tpl (.Files.Glob "resources/dynamic/routes/entity-event.route").AsConfig . | indent 2 }}
 {{ tpl (.Files.Glob "resources/dynamic/conf/entity-event-policy.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-log-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-filebeat-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}
\ No newline at end of file

diff --git a/kubernetes/aai/charts/aai-data-router/templates/deployment.yaml b/kubernetes/aai/charts/aai-data-router/templates/deployment.yaml
index 8ab2d33..83542da 100644 (file)
--- a/kubernetes/aai/charts/aai-data-router/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-data-router/templates/deployment.yaml
@@ -94,7 +94,10 @@ spec:
         - mountPath: /opt/app/data-router/dynamic/conf/entity-event-policy.xml
           subPath: entity-event-policy.xml
           name: {{ include "common.fullname" . }}-dynamic-policy
-        - mountPath: /logs/
+        - mountPath: /opt/app/data-router/bundleconfig/etc/logback.xml
+          name: {{ include "common.fullname" . }}-logback-config
+          subPath: logback.xml
+        - mountPath: /var/log/onap
           name: {{ include "common.fullname" . }}-logs
         ports:
         - containerPort: {{ .Values.service.internalPort }}
@@ -112,10 +115,28 @@ spec:
           periodSeconds: {{ .Values.readiness.periodSeconds }}
         resources:
 {{ include "common.resources" . | indent 12 }}
+
+      # side car containers
+      - name: filebeat-onap
+        image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - mountPath: /usr/share/filebeat/filebeat.yml
+          subPath: filebeat.yml
+          name: filebeat-conf
+        - mountPath: /var/log/onap
+          name: {{ include "common.fullname" . }}-logs
+        - mountPath: /usr/share/filebeat/data
+          name: aai-filebeat
       volumes:
       - name: localtime
         hostPath:
           path: /etc/localtime
+      - name: filebeat-conf
+        configMap:
+          name: aai-filebeat
+      - name: aai-filebeat
+        emptyDir: {}
       - name: {{ include "common.fullname" . }}-auth
         secret:
           secretName: {{ include "common.fullname" . }}
@@ -134,8 +155,13 @@ spec:
         configMap:
           name: {{ include "common.fullname" . }}-dynamic
       - name: {{ include "common.fullname" . }}-logs
-        hostPath:
-          path: {{ .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+        emptyDir: {}
+      - name: {{ include "common.fullname" . }}-logback-config
+        configMap:
+          name: {{ include "common.fullname" . }}-log-configmap
+          items:
+          - key: logback.xml
+            path: logback.xml
       restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"

diff --git a/kubernetes/aai/charts/aai-data-router/values.yaml b/kubernetes/aai/charts/aai-data-router/values.yaml
index ba42582..c1fa49f 100644 (file)
--- a/kubernetes/aai/charts/aai-data-router/values.yaml
+++ b/kubernetes/aai/charts/aai-data-router/values.yaml
@@ -17,7 +17,7 @@
 # Declare variables to be passed into your templates.
 global: # global defaults
   nodePortPrefix: 302
-
+  loggingImage: beats/filebeat:5.5.0
 
 # application image
 repository: nexus3.onap.org:10001
@@ -97,4 +97,12 @@ resources:
     requests:
       cpu: 4
       memory: 8Gi
-  unlimited: {}
\ No newline at end of file
+  unlimited: {}
+
+# Entity Event route configuration
+event:
+  port:
+    dmaap: 3905
+  protocol: https
+  consumer:
+    topic: AAI-EVENT

diff --git a/kubernetes/consul/resources/config/consul-agent-config/policy-health.json b/kubernetes/consul/resources/config/consul-agent-config/policy-health.json
index 62a6f31..9cad9dc 100644 (file)
--- a/kubernetes/consul/resources/config/consul-agent-config/policy-health.json
+++ b/kubernetes/consul/resources/config/consul-agent-config/policy-health.json
@@ -67,7 +67,7 @@
     "http": "https://drools:6969/healthcheck",
     "method": "GET",
     "header": {
-      "Authorization": ["Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0"],
+      "Authorization": ["Basic ZGVtb0BwZW9wbGUub3NhYWYub3JnOmRlbW8xMjM0NTYh"],
       "Cache-Control": ["no-cache"],
       "Content-Type": ["application/json"],
       "Accept": ["application/json"]

diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-datafile-collector-input.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml
similarity index 100%
rename from kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-datafile-collector-input.yaml
rename to kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml

diff --git a/kubernetes/nbi/charts/mariadb/values.yaml b/kubernetes/nbi/charts/mariadb/values.yaml
index dd93b92..dc5aa89 100644 (file)
--- a/kubernetes/nbi/charts/mariadb/values.yaml
+++ b/kubernetes/nbi/charts/mariadb/values.yaml
@@ -80,16 +80,16 @@ flavor: small
 resources:
   small:
     limits:
-      cpu: 2
-      memory: 4Gi
-    requests:
       cpu: 1
-      memory: 2Gi
+      memory: 500Mi
+    requests:
+      cpu: 10m
+      memory: 200Mi
   large:
     limits:
-      cpu: 4
-      memory: 8Gi
+      cpu: 1
+      memory: 1Gi
     requests:
-      cpu: 2
-      memory: 4Gi
+      cpu: 20m
+      memory: 400Mi
   unlimited: {}

diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf
index c5c35d8..898f2b8 100644 (file)
--- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf
+++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf
@@ -24,8 +24,8 @@ TRUSTSTORE_PASSWD=Pol1cy_0nap
 
 ENGINE_MANAGEMENT_PORT=9696
 ENGINE_MANAGEMENT_HOST=0.0.0.0
-ENGINE_MANAGEMENT_USER=@1b3rt
-ENGINE_MANAGEMENT_PASSWORD=31nst31n
+ENGINE_MANAGEMENT_USER=demo@people.osaaf.org
+ENGINE_MANAGEMENT_PASSWORD=demo123456!
 
 # nexus repository
 

diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf
index cbb45a5..20d8298 100644 (file)
--- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf
+++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf
@@ -1,4 +1,4 @@
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
+# Copyright © 2017-2018 Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,5 +12,5 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-HEALTHCHECK_USER=healthcheck
-HEALTHCHECK_PASSWORD=zb!XztG34
+HEALTHCHECK_USER=demo@people.osaaf.org
+HEALTHCHECK_PASSWORD=demo123456!

diff --git a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh
index e85449a..ff7a64b 100644 (file)
--- a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh
+++ b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh
@@ -95,7 +95,7 @@ echo "PDP-D amsterdam maven coordinates .."
 echo
 echo
 
-curl -vvv -k --silent --user @1b3rt:31nst31n -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools  | python -m json.tool
+curl -vvv -k --silent --user "demo@people.osaaf.org:demo123456!" -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools  | python -m json.tool
 
 
 echo
@@ -104,4 +104,4 @@ echo "PDP-D control loop updated .."
 echo
 echo
 
-curl -v -k --silent --user @1b3rt:31nst31n -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params  | python -m json.tool
+curl -v -k --silent --user "demo@people.osaaf.org:demo123456!" -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params  | python -m json.tool

diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/ndcb.properties b/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/ndcb.properties
index aa80aed..f07cb65 100755 (executable)
--- a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/ndcb.properties
+++ b/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/ndcb.properties
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-server.host={{ .Values.config.networkdiscoveryCtxBuilderHost }}
+server.host={{ .Values.global.networkdiscoveryCtxBuilderHost }}
 basicauth.username={{ .Values.config.networkdiscoveryCtxBuilderUsername }}
 basicauth.password={{ .Values.config.networkdiscoveryCtxBuilderPassword }}
 server.port={{ .Values.config.ctxBuilderExternalPort }}

diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/values.yaml b/kubernetes/pomba/charts/pomba-contextaggregator/values.yaml
index 905ea87..9535a7e 100755 (executable)
--- a/kubernetes/pomba/charts/pomba-contextaggregator/values.yaml
+++ b/kubernetes/pomba/charts/pomba-contextaggregator/values.yaml
@@ -40,7 +40,6 @@ config:
   sdncCtxBuilderHost: pomba-sdncctxbuilder
   sdncCtxBuilderUsername: admin
   sdncCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30
-  networkdiscoveryCtxBuilderHost: pomba-networkdiscoveryctxbuilder
   networkdiscoveryCtxBuilderUsername: admin
   networkdiscoveryCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30
   ctxBuilderExternalPort: 9530

diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/application.properties b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/application.properties
index f84906e..5317ab3 100644 (file)
--- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/application.properties
+++ b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/application.properties
@@ -31,6 +31,7 @@ server.tomcat.max-idle-time=60000
 
 # Network Discovery Context Builder REST Service
 networkDiscoveryCtxBuilder.httpProtocol={{ .Values.config.networkDiscoveryCtxBuilderHttpProtocol }}
+networkDiscoveryCtxBuilder.serviceName={{ .Values.global.networkdiscoveryCtxBuilderHost }}
 networkDiscoveryCtxBuilder.port={{ .Values.config.networkDiscoveryCtxBuilderPort }}
 # Basic Authorization credentials for Network Discovery Context Builder REST Service
 networkDiscoveryCtxBuilder.userId={{ .Values.config.networkDiscoveryCtxBuilderUserId }}

diff --git a/kubernetes/pomba/values.yaml b/kubernetes/pomba/values.yaml
index f0acaa5..04e89f0 100644 (file)
--- a/kubernetes/pomba/values.yaml
+++ b/kubernetes/pomba/values.yaml
@@ -22,6 +22,7 @@ global:
   loggingImage: beats/filebeat:5.5.0
   repository: nexus3.onap.org:10001
   dockerhubRepository: docker.io
+  networkdiscoveryCtxBuilderHost: pomba-networkdiscoveryctxbuilder
 
 # application configuration
 config:

diff --git a/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAP.keystore b/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAP.keystore
new file mode 100644 (file)
index 0000000..ff0f0d7
Binary files /dev/null and b/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAP.keystore differ

diff --git a/kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jks b/kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jks
new file mode 100644 (file)
index 0000000..ff844b1
Binary files /dev/null and b/kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jks differ

diff --git a/kubernetes/portal/charts/portal-app/resources/server/server.xml b/kubernetes/portal/charts/portal-app/resources/server/server.xml
new file mode 100644 (file)
index 0000000..09c2f84
--- /dev/null
+++ b/kubernetes/portal/charts/portal-app/resources/server/server.xml
@@ -0,0 +1,147 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" at this level.
+     Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+  <!-- Security listener. Documentation at /docs/config/listeners.html
+  <Listener className="org.apache.catalina.security.SecurityListener" />
+  -->
+  <!--APR library loader. Documentation at /docs/apr.html -->
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+  <!-- Global JNDI resources
+       Documentation at /docs/jndi-resources-howto.html
+  -->
+  <GlobalNamingResources>
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users
+    -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+              description="User database that can be updated and saved"
+              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+              pathname="conf/tomcat-users.xml" />
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" Note:  A "Service" is not itself a "Container",
+       so you may not define subcomponents such as "Valves" at this level.
+       Documentation at /docs/config/service.html
+   -->
+  <Service name="Catalina">
+
+    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+    <!--
+    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+        maxThreads="150" minSpareThreads="4"/>
+    -->
+
+
+    <!-- A "Connector" represents an endpoint by which requests are received
+         and responses are returned. Documentation at :
+         Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
+         Java AJP  Connector: /docs/config/ajp.html
+         APR (HTTP/AJP) Connector: /docs/apr.html
+         Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+    -->
+    <Connector port="8080" protocol="HTTP/1.1"
+               connectionTimeout="20000"
+               redirectPort="8443" />
+    <!-- A "Connector" using the shared thread pool-->
+    <!--
+    <Connector executor="tomcatThreadPool"
+               port="8080" protocol="HTTP/1.1"
+               connectionTimeout="20000"
+               redirectPort="8443" />
+    -->
+    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
+         This connector uses the NIO implementation that requires the JSSE
+         style configuration. When using the APR/native implementation, the
+         OpenSSL style configuration is required as described in the APR/native
+         documentation -->
+    <!--
+    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
+               clientAuth="false" sslProtocol="TLS" />
+    -->
+       
+        <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
+               keystoreFile="keystoreONAP.keystore" keystorePass="{{ .Values.global.keypass }}"
+               clientAuth="false" sslProtocol="TLS" />
+
+    <!-- Define an AJP 1.3 Connector on port 8009 -->
+    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
+
+
+    <!-- An Engine represents the entry point (within Catalina) that processes
+         every request.  The Engine implementation for Tomcat stand alone
+         analyzes the HTTP headers included with the request, and passes them
+         on to the appropriate Host (virtual host).
+         Documentation at /docs/config/engine.html -->
+
+    <!-- You should set jvmRoute to support load-balancing via AJP ie :
+    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+    -->
+    <Engine name="Catalina" defaultHost="localhost">
+
+      <!--For clustering, please take a look at documentation at:
+          /docs/cluster-howto.html  (simple how to)
+          /docs/config/cluster.html (reference documentation) -->
+      <!--
+      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+      -->
+
+      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+           via a brute-force attack -->
+      <Realm className="org.apache.catalina.realm.LockOutRealm">
+        <!-- This Realm uses the UserDatabase configured in the global JNDI
+             resources under the key "UserDatabase".  Any edits
+             that are performed against this UserDatabase are immediately
+             available for use by the Realm.  -->
+        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+               resourceName="UserDatabase"/>
+      </Realm>
+
+      <Host name="localhost"  appBase="webapps"
+            unpackWARs="true" autoDeploy="true">
+
+        <!-- SingleSignOn valve, share authentication between web applications
+             Documentation at: /docs/config/valve.html -->
+        <!--
+        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+        -->
+
+        <!-- Access log processes all example.
+             Documentation at: /docs/config/valve.html
+             Note: The pattern used is equivalent to using pattern="common" -->
+        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+               prefix="localhost_access_log" suffix=".txt"
+               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
+
+      </Host>
+    </Engine>
+  </Service>
+</Server>
\ No newline at end of file

diff --git a/kubernetes/portal/charts/portal-app/templates/configmap.yaml b/kubernetes/portal/charts/portal-app/templates/configmap.yaml
index 178e91c..d4ef698 100644 (file)
--- a/kubernetes/portal/charts/portal-app/templates/configmap.yaml
+++ b/kubernetes/portal/charts/portal-app/templates/configmap.yaml
@@ -24,3 +24,5 @@ metadata:
     heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTAL/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/certs/*").AsConfig . | indent 2 }}

diff --git a/kubernetes/portal/charts/portal-app/templates/deployment.yaml b/kubernetes/portal/charts/portal-app/templates/deployment.yaml
index 2ab570a..3fc2741 100644 (file)
--- a/kubernetes/portal/charts/portal-app/templates/deployment.yaml
+++ b/kubernetes/portal/charts/portal-app/templates/deployment.yaml
@@ -55,10 +55,20 @@ spec:
           - ""
           - -n
           - ""
+        env:
+          - name: javax.net.ssl.keyStore
+            value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}} 
+          - name: javax.net.ssl.keyStorePassword
+            value: {{ .Values.global.keypass }}
+          - name: javax.net.ssl.trustStore
+            value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
+          - name: javax.net.ssl.trustStorePassword
+            value: {{ .Values.global.keypass }}
         ports:
         - containerPort: {{ .Values.service.internalPort }}
         - containerPort: {{ .Values.service.internalPort2 }}
         - containerPort: {{ .Values.service.internalPort3 }}
+        - containerPort: {{ .Values.service.internalPort4 }}
         {{- if eq .Values.liveness.enabled true }}
         livenessProbe:
           tcpSocket:
@@ -93,8 +103,15 @@ spec:
         - name: properties-onapportal
           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/logback.xml"
           subPath: logback.xml
-        - name: portal-tomcat-logs
-          mountPath: "{{ .Values.global.env.tomcatDir }}/logs"
+        - name: properties-onapportal
+          mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml"
+          subPath: server.xml
+        - name: properties-onapportal
+          mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.keystoreFile}}"
+          subPath: {{ .Values.global.keystoreFile}}
+        - name: properties-onapportal
+          mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}"
+          subPath: {{ .Values.global.truststoreFile}}          
         - name: var-log-onap
           mountPath: /var/log/onap
         resources:

diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml
index a71e0c4..0aba001 100644 (file)
--- a/kubernetes/portal/charts/portal-app/values.yaml
+++ b/kubernetes/portal/charts/portal-app/values.yaml
@@ -63,6 +63,9 @@ service:
   externalPort3: 8010
   internalPort3: 8009
   nodePort3: 14
+  externalPort4: 8443
+  internalPort4: 8443
+  nodePort4: 16
 
 mariadb:
   service:

diff --git a/kubernetes/portal/values.yaml b/kubernetes/portal/values.yaml
index ac575b3..ecb7d5e 100644 (file)
--- a/kubernetes/portal/values.yaml
+++ b/kubernetes/portal/values.yaml
@@ -20,11 +20,14 @@ global:
   portalPort: "8989"
   # application's front end hostname.  Must be resolvable on the client side environment
   portalHostName: "portal.api.simpledemo.onap.org"
+  keystoreFile: "keystoreONAP.keystore"
+  truststoreFile: "keystoreONAPall.jks"
+  keypass: "changeit"
 
 config:
   logstashServiceName: log-ls
   logstashPort: 5044
-
+  
 portal-mariadb:
   nameOverride: portal-db
 

diff --git a/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py
index a3e25e7..ad09e44 100644 (file)
--- a/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py
+++ b/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py
@@ -57,8 +57,8 @@ GLOBAL_DMAAP_DR_NODE_SERVER_PROTOCOL = "http"
 GLOBAL_DMAAP_DR_NODE_SERVER_PORT = "8080"
 # DROOL server port and credentials
 GLOBAL_DROOLS_SERVER_PORT = "9696"
-GLOBAL_DROOLS_USERNAME = "@1b3rt"
-GLOBAL_DROOLS_PASSWORD = "31nst31n"
+GLOBAL_DROOLS_USERNAME = "demo@people.osaaf.org"
+GLOBAL_DROOLS_PASSWORD = "demo123456!"
 # log server config - NOTE: no log server is run in HEAT; only on OOM
 GLOBAL_LOG_SERVER_PROTOCOL = "http"
 GLOBAL_LOG_ELASTICSEARCH_PORT = "9200"
@@ -113,8 +113,8 @@ GLOBAL_POLICY_SERVER_PORT = "8081"
 GLOBAL_POLICY_HEALTHCHECK_PORT = "6969"
 GLOBAL_POLICY_AUTH = "dGVzdHBkcDphbHBoYTEyMw=="
 GLOBAL_POLICY_CLIENTAUTH = "cHl0aG9uOnRlc3Q="
-GLOBAL_POLICY_USERNAME = "healthcheck"
-GLOBAL_POLICY_PASSWORD = "zb!XztG34"
+GLOBAL_POLICY_USERNAME = "demo@people.osaaf.org"
+GLOBAL_POLICY_PASSWORD = "demo123456!"
 # portal info - everything is from the private oam network (also called onap private network)
 GLOBAL_PORTAL_SERVER_PROTOCOL = "http"
 GLOBAL_PORTAL_SERVER_PORT = "8989"