From: Alexis de Talhouƫt Date: Fri, 10 May 2019 17:19:00 +0000 (+0000) Subject: Merge "Use released version of ESR" X-Git-Tag: 4.0.0-ONAP~116 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=097f466da7029eca31530572cec3fb1a6ad768b6;hp=b332fb2723a7284e349cb565cd8a3b332e40243b;p=oom.git Merge "Use released version of ESR" --- diff --git a/kubernetes/aai b/kubernetes/aai index 1b28e45136..e67a94e6be 160000 --- a/kubernetes/aai +++ b/kubernetes/aai @@ -1 +1 @@ -Subproject commit 1b28e45136d5096ef4c07f4142c76b45224b3cf4 +Subproject commit e67a94e6be333271c8237d6ebd5fb0f489401350 diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml index 9b0c3469d6..1b383fb9f9 100644 --- a/kubernetes/cds/charts/cds-ui/values.yaml +++ b/kubernetes/cds/charts/cds-ui/values.yaml @@ -38,7 +38,7 @@ config: baseUrl: http://cds-controller-blueprints:8080/api/v1 authToken: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== processor: - baseUrl: http://cds-blueprints-processor:8080/api/v1 + baseUrl: http://cds-blueprints-processor-http:8080/api/v1 authToken: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== # default number of instances diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml index 0dc99193eb..6c5bb9a3bd 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml @@ -90,7 +90,7 @@ postgres: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.4.15 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.4.16 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager diff --git a/kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json b/kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json index 74abbb0664..1db11ad476 100644 --- a/kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json +++ b/kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json @@ -11,15 +11,15 @@ "interval": 600 }, "policy_engine": { - "url": "https://{{ .Values.config.address.policy_pdp }}.{{include "common.namespace" . }}:8081", - "path_decision": "/decision/v1", + "url": "https://{{ .Values.config.address.policy_xacml_pdp }}:6969", + "path_decision": "/policy/pdpx/v1/decision" "path_notifications": "/pdp/notifications", "path_api": "/pdp/api/", "headers": { "Accept": "application/json", "Content-Type": "application/json", "ClientAuth": "cHl0aG9uOnRlc3Q=", - "Authorization": "Basic dGVzdHBkcDphbHBoYTEyMw==", + "Authorization": "Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0", "Environment": "TEST" }, "target_entity": "policy_engine", diff --git a/kubernetes/dcaegen2/charts/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/charts/dcae-policy-handler/values.yaml index fa52f6f784..3b15c55118 100644 --- a/kubernetes/dcaegen2/charts/dcae-policy-handler/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-policy-handler/values.yaml @@ -40,6 +40,7 @@ config: consul: host: consul-server port: 8500 + policy_xacml_pdp: policy-xacml-pdp ################################################################# # Application configuration defaults. diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml index 5406ade930..6b974141d0 100644 --- a/kubernetes/dmaap/components/dmaap-bc/values.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml @@ -30,7 +30,7 @@ pullPolicy: Always # application images repository: nexus3.onap.org:10001 -image: onap/dmaap/dmaap-bc:1.1.4-STAGING-latest +image: onap/dmaap/dmaap-bc:1.1.5 # application configuration diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml index 1c18bb2673..aa5165d443 100644 --- a/kubernetes/dmaap/values.yaml +++ b/kubernetes/dmaap/values.yaml @@ -22,7 +22,7 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 - clientImage: onap/dmaap/dbc-client:1.0.8-STAGING-latest + clientImage: onap/dmaap/dbc-client:1.0.9 # application configuration config: logstashServiceName: log-ls diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties new file mode 100644 index 0000000000..f4b4f93756 --- /dev/null +++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties @@ -0,0 +1,53 @@ +# +# Properties that the embedded PDP engine uses to configure and load +# +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory +# +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +# +# ONAP PDP Implementation Factories +# +xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory + +# +# Use a root combining algorithm +# +xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides + +# +# PIP Engine Definitions +# +count-recent-operations.classname=org.onap.policy.pdp.xacml.application.common.operationshistory.CountRecentOperationsPip +count-recent-operations.issuer=urn:org:onap:xacml:guard:count-recent-operations +count-recent-operations.name=CountRecentOperations +count-recent-operations.description=Returns operation counts based on time window +count-recent-operations.persistenceunit=OperationsHistoryPU + +get-operation-outcome.classname=org.onap.policy.pdp.xacml.application.common.operationshistory.GetOperationOutcomePip +get-operation-outcome.issuer=urn:org:onap:xacml:guard:get-operation-outcome +get-operation-outcome.name=GetOperationOutcome +get-operation-outcome.description=Returns operation outcome +get-operation-outcome.persistenceunit=OperationsHistoryPU + +# +# Make pips available to finder +# +xacml.pip.engines=count-recent-operations,get-operation-outcome + +# +# JPA Properties +# +javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver +javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.nameOverride }}:3306/operationshistory +javax.persistence.jdbc.user=policy_user +javax.persistence.jdbc.password=cG9saWN5X3VzZXI= \ No newline at end of file diff --git a/kubernetes/robot/ete-k8s.sh b/kubernetes/robot/ete-k8s.sh index a59e3b6a33..5d42f048cd 100755 --- a/kubernetes/robot/ete-k8s.sh +++ b/kubernetes/robot/ete-k8s.sh @@ -15,44 +15,43 @@ #!/bin/bash # -# Run the testsuite for the passed tag. Valid tags are ete, health, closedloop, instantiate +# Run the testsuite for the passed tag. Valid tags are listed in usage help # Please clean up logs when you are done... -# Note: Do not run multiple concurrent ete.sh as the --display is not parameterized and tests will collide # if [ "$1" == "" ] || [ "$2" == "" ]; then - echo "Usage: ete-k8s.sh [namespace] [ health | healthdist | distribute | instantiate | instantiateVFWCL | instantiateDemoVFWCL | | portal ]" + echo "Usage: ete-k8s.sh [namespace] [tag]" + echo "" + echo " List of test case tags (filename for intent: tag)" + echo "" + echo " cds.robot: cds" + echo "" + echo " clamp.robot: clamp" + echo "" + echo " demo.robot: InitDemo, InitCustomer, APPCCDTPreloadDemo, APPCMountPointDemo, DistributeDemoVFWDT, DistributeVFWNG," + echo " InitDistribution, PreloadDemo, deleteVNF, heatbridge, instantiateDemoVFWCL, instantiateVFW, instantiateVFWCL, instantiateVFWDT" + echo "" + echo " health-check.robot: health, core, small, medium, 3rdparty, api, datarouter, externalapi, health-aaf, health-aai, health-appc," + echo " health-clamp, health-cli, health-dcae, health-dmaap, health-log, health-modeling, health-msb," + echo " health-multicloud, health-oof, health-policy, health-pomba, health-portal, health-sdc, health-sdnc," + echo " health-so, health-uui, health-vfc, health-vid, health-vnfsdk, healthdist, healthlogin, healthmr," + echo " healthportalapp, multicloud, oom" + echo "" + echo " hvves.robot: HVVES, ete" + echo "" + echo " model-distribution-vcpe.robot: distributevCPEResCust" + echo "" + echo " model-distribution.robot: distribute, distributeVFWDT, distributeVLB" + echo "" + echo " oof-*.robot: cmso, has, homing" + echo "" + echo " pnf-registration.robot: ete, pnf_registrate" echo "" - echo " List of test case tags (filename for intent: tag) " - echo " " - echo " cds.robot: cds " - echo " " - echo " clamp.robot: clamp " - echo " " - echo " demo.robot: InitDemo, InitCustomer , APPCCDTPreloadDemo, APPCMountPointDemo, DistributeDemoVFWDT, DistributeVFWNG, " - echo " InitDistribution, PreloadDemo, deleteVNF, heatbridge, instantiateDemoVFWCL, instantiateVFW, instantiateVFWCL, instantiateVFWDT " - echo " " - echo " health-check.robot: health , core, small, medium, 3rdparty, api, datarouter, externalapi, health-aaf, health-aai, health-appc, " - echo " health-clamp, health-cli, health-dcae, health-dmaap, health-log, health-modeling, health-msb, " - echo " health-multicloud, health-oof, health-policy, health-pomba, health-portal, health-sdc, health-sdnc, " - echo " health-so, health-uui, health-vfc, health-vid, health-vnfsdk, healthdist, healthlogin, healthmr, " - echo " healthportalapp, multicloud, oom " - echo " " - echo " hvves.robot: :HVVES, ete " - echo " " - echo " model-distribution-vcpe.robot: distributevCPEResCust " - echo " " - echo " model-distribution.robot: distribute, distributeVFWDT, distributeVLB " - echo " " - echo " oof-*.robot: cmso , has, homing " - echo " " - echo " pnf-registration.robot: ete, pnf_registrate " - echo " " echo " post-install-tests.robot dmaapacl, postinstall" - echo " " - echo " update_onap_page.robot: UpdateWebPage " - echo " " - echo " vnf-orchestration-direct-so.robot: instantiateVFWdirectso " - echo " " + echo "" + echo " update_onap_page.robot: UpdateWebPage" + echo "" + echo " vnf-orchestration-direct-so.robot: instantiateVFWdirectso" + echo "" echo " vnf-orchestration.robot: instantiate, instantiateNoDelete, stability72hr" exit fi @@ -63,7 +62,6 @@ export NAMESPACE="$1" POD=$(kubectl --namespace $NAMESPACE get pods | sed 's/ .*//'| grep robot) - TAGS="-i $2" ETEHOME=/var/opt/ONAP diff --git a/kubernetes/robot/eteHelm-k8s.sh b/kubernetes/robot/eteHelm-k8s.sh index 02b79f35d6..c58d8a8775 100755 --- a/kubernetes/robot/eteHelm-k8s.sh +++ b/kubernetes/robot/eteHelm-k8s.sh @@ -15,13 +15,12 @@ #!/bin/bash # -# Run the testsuite for the passed tag. Valid tags are ete, health, closedloop, instantiate +# Run the health-check testsuites for the tags discovered by helm list # Please clean up logs when you are done... -# Note: Do not run multiple concurrent ete.sh as the --display is not parameterized and tests will collide # if [ "$1" == "" ] ; then - echo "Usage: eteHelm-k8s.sh namespace " - echo " list projects via helm list and runs health-check with those tags except dev and dev-consul " + echo "Usage: eteHelm-k8s.sh [namespace]" + echo " list projects via helm list and runs health-check with those tags except dev and dev-consul" exit fi diff --git a/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py index c109892329..f2f2161e38 100644 --- a/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py @@ -50,11 +50,22 @@ GLOBAL_DCAE_SERVER_PROTOCOL = "http" GLOBAL_DCAE_HEALTH_SERVER_PORT = "80" GLOBAL_DCAE_USERNAME = '{{ .Values.dcaeUsername }}' GLOBAL_DCAE_PASSWORD = '{{ .Values.dcaePassword}}' +# dcae hv-ves info +GLOBAL_DCAE_HVVES_SERVER_NAME = 'dcae-hv-ves-collector.{{include "common.namespace" .}}' +GLOBAL_DCAE_HVVES_SERVER_PORT = "6061" # data router info - everything is from the private oam network (also called onap private network) GLOBAL_DMAAP_DR_PROV_SERVER_PROTOCOL = "http" GLOBAL_DMAAP_DR_PROV_SERVER_PORT = "8080" GLOBAL_DMAAP_DR_NODE_SERVER_PROTOCOL = "http" GLOBAL_DMAAP_DR_NODE_SERVER_PORT = "8080" +# dmaap message router info +GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_NAME = 'message-router.{{include "common.namespace" .}}' +GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_PORT = "3904" +# dmaap kafka info +GLOBAL_DMAAP_KAFKA_SERVER_NAME = 'message-router-kafka.{{include "common.namespace" .}}' +GLOBAL_DMAAP_KAFKA_SERVER_PORT = "9092" +GLOBAL_DMAAP_KAFKA_JAAS_USERNAME = '{{ .Values.kafkaJaasUsername }}' +GLOBAL_DMAAP_KAFKA_JAAS_PASSWORD = '{{ .Values.kafkaJaasPassword }}' # DROOL server port and credentials GLOBAL_DROOLS_SERVER_PORT = "9696" GLOBAL_DROOLS_USERNAME = '{{ .Values.droolsUsername }}' diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml index 4e2a1ed464..af6c26ba29 100755 --- a/kubernetes/robot/values.yaml +++ b/kubernetes/robot/values.yaml @@ -144,6 +144,9 @@ vidHealthPassword: "AppPassword!1" # DMAAP BC bcUsername: "dmaap-bc@dmaap-bc.onap.org" bcPassword: "demo123456!" +# DMAAP KAFKA JAAS +kafkaJaasUsername: "admin" +kafkaJaasPassword: "admin_secret" # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml index c284f2dfd0..c1babf3063 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml @@ -70,7 +70,45 @@ spec: value: {{ .Values.config.javaOptions }} - name: BACKEND value: {{ .Values.config.backendServerURL }} + - name: IS_HTTPS + value: "{{ .Values.config.isHttpsEnabled}}" + {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }} + - name: KEYSTORE_PASS + {{- if .Values.global.security.keysFromCa }} + valueFrom: + secretKeyRef: + name: mft-sdc + key: keystore-password.txt + {{ else }} + value: {{ .Values.global.security.keyStorePass}} + {{- end }} + - name: TRUSTSTORE_PASS + {{- if .Values.global.security.keysFromCa }} + valueFrom: + secretKeyRef: + name: mft-catruststore + key: keystore-password.txt + {{ else }} + value: {{ .Values.global.security.trustStorePass}} + {{- end }} + - name: TRUSTSTORE_PATH + value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}" + - name: KEYSTORE_PATH + value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}" + - name: TRUSTSTORE_TYPE + value: {{ .Values.security.truststore.type }} + - name: KEYSTORE_TYPE + value: {{ .Values.security.keystore.type }} + {{ end }} volumeMounts: + {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }} + - name: {{ include "common.fullname" . }}-jetty-https-truststore + mountPath: /var/lib/jetty/{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }} + subPath: {{ .Values.security.truststoreFilename }} + - name: {{ include "common.fullname" . }}-jetty-https-keystore + mountPath: /var/lib/jetty/etc/{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }} + subPath: {{ .Values.security.keystoreFilename }} + {{ end }} - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml index 2990de3f1a..87ca3607d7 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml @@ -40,10 +40,16 @@ spec: - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} name: {{ .Values.service.portName | default "http" }} + - port: {{ .Values.service.internalPort2 }} + nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort2 }} + name: {{ .Values.service.portName2 | default "https" }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} name: {{ .Values.service.portName | default "http" }} + - port: {{ .Values.service.externalPort2 }} + targetPort: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 | default "https" }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml index d0ff53718e..a217de5e4b 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml @@ -17,6 +17,7 @@ ################################################################# global: nodePortPrefix: 302 + nodePortPrefixExt: 304 readinessRepository: oomk8s readinessImage: readiness-check:2.0.2 loggingRepository: docker.elastic.co @@ -36,6 +37,16 @@ debugEnabled: false config: javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7000,server=y,suspend=n -Xmx256m -Xms256m" backendServerURL: "http://sdc-wfd-be:8080" + isHttpsEnabled: false + +# https relevant settings. Change in case you have other trust files then default ones. +security: + isDefaultStore: true + truststoreType: "JKS" + keystoreType: "JKS" + truststoreFilename: "truststore" + keystoreFilename: "keystore" + storePath: "etc" # default number of instances replicaCount: 1 @@ -62,6 +73,10 @@ service: externalPort: 8080 portName: sdc-wfd-fe nodePort: "56" + portName2: sdc-wfd-fe2 + internalPort2: 8443 + externalPort2: 8443 + nodePort2: "31" ingress: enabled: false diff --git a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml index 3ae042b48c..f8cfc4cffc 100755 --- a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml @@ -19,7 +19,7 @@ aai: workflowAaiDistributionDelay: PT30S pnfEntryNotificationTimeout: P14D cds: - endpoint: cds-blueprints-processor + endpoint: cds-blueprints-processor-grpc port: 9111 auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== timeout: 600 diff --git a/kubernetes/uui/charts/uui-server/templates/service.yaml b/kubernetes/uui/charts/uui-server/templates/service.yaml index 2abe7fd9f8..346c0370f9 100644 --- a/kubernetes/uui/charts/uui-server/templates/service.yaml +++ b/kubernetes/uui/charts/uui-server/templates/service.yaml @@ -27,7 +27,7 @@ metadata: { "serviceName": "usecaseui-server", "version": "v1", - "url": "/api/usecaseui/server/v1", + "url": "/api/usecaseui-server/v1", "protocol": "REST", "port": "{{.Values.service.internalPort}}", "visualRange":"1"