From: Sylvain Desbureaux Date: Tue, 22 Jun 2021 14:04:52 +0000 (+0000) Subject: Merge "[APPC] Fix APPC charts to make SQL queries with GROUP BY work again" X-Git-Tag: 9.0.0~219 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=695bb3b7713bc170005bc765056ff406da1c3786;hp=e45e9fa722a46004fef04499e69d19c3d5ca9aa4;p=oom.git Merge "[APPC] Fix APPC charts to make SQL queries with GROUP BY work again" --- diff --git a/docs/master_nfs_node.sh b/docs/master_nfs_node.sh index 4a7a8dbc12..32574c9f29 100644 --- a/docs/master_nfs_node.sh +++ b/docs/master_nfs_node.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh usage () { echo "Usage:" @@ -23,7 +23,7 @@ sudo chown nobody:nogroup /dockerdata-nfs/ #Update the /etc/exports NFS_EXP="" for i in $@; do - NFS_EXP+="$i(rw,sync,no_root_squash,no_subtree_check) " + NFS_EXP="${NFS_EXP}$i(rw,sync,no_root_squash,no_subtree_check) " done echo "/dockerdata-nfs "$NFS_EXP | sudo tee -a /etc/exports diff --git a/docs/openstack-k8s-controlnode.sh b/docs/openstack-k8s-controlnode.sh index cd219aa56f..d1515a7e5f 100644 --- a/docs/openstack-k8s-controlnode.sh +++ b/docs/openstack-k8s-controlnode.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh DOCKER_VERSION=18.09.5 @@ -18,10 +18,10 @@ systemctl daemon-reload systemctl restart docker apt-mark hold docker-ce -IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'` -HOSTNAME=`hostname` +IP_ADDR=$(ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}') +HOST_NAME=$(hostname) -echo "$IP_ADDR $HOSTNAME" >> /etc/hosts +echo "$IP_ADDR $HOST_NAME" >> /etc/hosts docker login -u docker -p docker nexus3.onap.org:10001 diff --git a/docs/openstack-k8s-workernode.sh b/docs/openstack-k8s-workernode.sh index 3f32d050a9..8b1b9e41ee 100644 --- a/docs/openstack-k8s-workernode.sh +++ b/docs/openstack-k8s-workernode.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh DOCKER_VERSION=18.09.5 @@ -18,10 +18,10 @@ systemctl daemon-reload systemctl restart docker apt-mark hold docker-ce -IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'` -HOSTNAME=`hostname` +IP_ADDR=$(ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}') +HOST_NAME=$(hostname) -echo "$IP_ADDR $HOSTNAME" >> /etc/hosts +echo "$IP_ADDR $HOST_NAME" >> /etc/hosts docker login -u docker -p docker nexus3.onap.org:10001 diff --git a/docs/openstack-nfs-server.sh b/docs/openstack-nfs-server.sh index 1db04eaff6..395d04f27c 100644 --- a/docs/openstack-nfs-server.sh +++ b/docs/openstack-nfs-server.sh @@ -1,11 +1,11 @@ -#!/bin/bash +#!/bin/sh apt-get update -IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'` -HOSTNAME=`hostname` +IP_ADDR=$(ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}') +HOST_NAME=$(hostname) -echo "$IP_ADDR $HOSTNAME" >> /etc/hosts +echo "$IP_ADDR $HOST_NAME" >> /etc/hosts sudo apt-get install make -y diff --git a/kubernetes/aai/.helmignore b/kubernetes/aai/.helmignore new file mode 100644 index 0000000000..7ddbad7ef4 --- /dev/null +++ b/kubernetes/aai/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +components/ diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index d630647883..1297809658 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -122,7 +122,7 @@ spec: - name: LOCAL_GROUP_ID value: {{ .Values.global.config.groupId | quote }} - name: POST_JAVA_OPTS - value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}' + value: '-Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}' - name: TRUSTORE_ALL_PASSWORD value: {{ .Values.certInitializer.truststorePassword }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} diff --git a/kubernetes/appc/.helmignore b/kubernetes/appc/.helmignore index f0c1319444..7ddbad7ef4 100644 --- a/kubernetes/appc/.helmignore +++ b/kubernetes/appc/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +components/ diff --git a/kubernetes/cds/.helmignore b/kubernetes/cds/.helmignore index f0c1319444..7ddbad7ef4 100644 --- a/kubernetes/cds/.helmignore +++ b/kubernetes/cds/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +components/ diff --git a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh index 64c7daacbf..5f23a89867 100644 --- a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh +++ b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh @@ -1,4 +1,5 @@ #!/bin/bash + set -e # first arg is `-f` or `--some-option` @@ -71,7 +72,8 @@ if [ "$1" = 'cassandra' ]; then authenticator \ ; do var="CASSANDRA_${yaml^^}" - val="${!var}" + # eval presents no security issue here because of limited possible values of var + eval val=\$$var if [ "$val" ]; then _sed-in-place "$CASSANDRA_CONFIG/cassandra.yaml" \ -r 's/^(# )?('"$yaml"':).*/\2 '"$val"'/' @@ -80,7 +82,8 @@ if [ "$1" = 'cassandra' ]; then for rackdc in dc rack; do var="CASSANDRA_${rackdc^^}" - val="${!var}" + # eval presents no security issue here because of limited possible values of var + eval val=\$$var if [ "$val" ]; then _sed-in-place "$CASSANDRA_CONFIG/cassandra-rackdc.properties" \ -r 's/^('"$rackdc"'=).*/\1 '"$val"'/' diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index 4c77efc83f..ed9977acd9 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -86,9 +86,10 @@ service: ## type: ClusterIP headless: {} + internalPort: &dbPort 3306 ports: - name: mysql - port: 3306 + port: *dbPort headlessPorts: - name: galera port: 4567 diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh index fa4b007a5a..f130bb5118 100755 --- a/kubernetes/common/mariadb-init/resources/config/db_init.sh +++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh @@ -1,4 +1,5 @@ #!/bin/bash + {{/* # Copyright © 2019 Orange # Copyright © 2020 Samsung Electronics @@ -22,8 +23,15 @@ set -e while read DB ; do USER_VAR="MYSQL_USER_${DB^^}" PASS_VAR="MYSQL_PASSWORD_${DB^^}" - USER=${!USER_VAR} - PASS=`echo -n ${!PASS_VAR} | sed -e "s/'/''/g"` +{{/* + # USER=${!USER_VAR} + # PASS=`echo -n ${!PASS_VAR} | sed -e "s/'/''/g"` + # eval replacement of the bashism equivalents above might present a security issue here + # since it reads content from DB values filled by helm at the end of the script. + # These possible values has to be constrainted and/or limited by helm for a safe use of eval. +*/}} + eval USER=\$$USER_VAR + PASS=$(eval echo -n \$$PASS_VAR | sed -e "s/'/''/g") MYSQL_OPTS=( -h ${DB_HOST} -P ${DB_PORT} -uroot -p${MYSQL_ROOT_PASSWORD} ) echo "Creating database ${DB} and user ${USER}..." diff --git a/kubernetes/consul/.helmignore b/kubernetes/consul/.helmignore new file mode 100644 index 0000000000..7ddbad7ef4 --- /dev/null +++ b/kubernetes/consul/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +components/ diff --git a/kubernetes/dcaegen2-services/.helmignore b/kubernetes/dcaegen2-services/.helmignore index 50af031725..301d5b7d9e 100644 --- a/kubernetes/dcaegen2-services/.helmignore +++ b/kubernetes/dcaegen2-services/.helmignore @@ -20,3 +20,4 @@ .idea/ *.tmproj .vscode/ +components/ diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 0a97f9e0c0..82e8229408 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -104,7 +104,7 @@ mongo: disableNfsProvisioner: true # application image -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.4 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.2.0 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index 313ac9b34d..10fb4430ea 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -53,7 +53,7 @@ config: # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.deployments.cm-container:4.5.0 +image: onap/org.onap.dcaegen2.deployments.cm-container:4.6.0 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml index 521fac06a2..90bc0989d0 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -36,7 +36,7 @@ config: importK8S: plugin:k8splugin?version=>=3.5.1,<4.0.0 importPostgres: plugin:pgaas?version=1.3.0 importClamp: plugin:clamppolicyplugin?version=1.1.0 - importDMaaP: plugin:dmaap?version=1.5.0 + importDMaaP: plugin:dmaap?version=>=1.5.1,<2.0.0 useDmaapPlugin: false bpResourcesCpuLimit: 250m bpResourcesMemoryLimit: 128Mi diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_READY.json b/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_READY.json index 8f4cf8bd64..34197b948e 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_READY.json +++ b/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_READY.json @@ -2,7 +2,7 @@ "topicName": "PNF_READY", "topicDescription": "This topic will be used to publish the PNF_READY events generated by the PNF REgistration Handler service in the DCAE platform.", "owner": "PNFRegistrationHandler", - "txenabled": false, + "tnxEnabled": false, "clients": [ { "dcaeLocationName": "san-francisco", diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_REGISTRATION.json b/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_REGISTRATION.json index f0dd2c7829..e7325794a1 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_REGISTRATION.json +++ b/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_REGISTRATION.json @@ -2,7 +2,7 @@ "topicName": "PNF_REGISTRATION", "topicDescription": "the VES collector will be publishing pnfRegistration events in this topic", "owner": "VEScollector", - "txenabled": false, + "tnxEnabled": false, "clients": [ { "dcaeLocationName": "san-francisco", diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/topics/mirrormakeragent.json b/kubernetes/dmaap/components/dmaap-bc/resources/topics/mirrormakeragent.json index ff1a5732e2..fb2c54ed4b 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/topics/mirrormakeragent.json +++ b/kubernetes/dmaap/components/dmaap-bc/resources/topics/mirrormakeragent.json @@ -3,7 +3,7 @@ "topicDescription": "the topic used to provision the MM agent whitelist", "replicationCase": "REPLICATION_NONE", "owner": "dmaap", - "txenabled": false, + "tnxEnabled": false, "partitionCount": "1", "clients": [ { diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml index bfd0f1ebd3..65242b4a4f 100644 --- a/kubernetes/dmaap/components/dmaap-bc/values.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml @@ -40,7 +40,7 @@ secrets: pullPolicy: Always # application images -image: onap/dmaap/dmaap-bc:2.0.5 +image: onap/dmaap/dmaap-bc:2.0.6 # application configuration diff --git a/kubernetes/esr/.helmignore b/kubernetes/esr/.helmignore index f0c1319444..7ddbad7ef4 100644 --- a/kubernetes/esr/.helmignore +++ b/kubernetes/esr/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +components/ diff --git a/kubernetes/helm/plugins/deploy/deploy.sh b/kubernetes/helm/plugins/deploy/deploy.sh index ce8e80225f..4fec3984db 100755 --- a/kubernetes/helm/plugins/deploy/deploy.sh +++ b/kubernetes/helm/plugins/deploy/deploy.sh @@ -251,7 +251,7 @@ deploy() { fi if [ "$DELAY" = "true" ]; then echo sleep 3m - sleep 3m + sleep 180 fi else array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}")) diff --git a/kubernetes/helm/plugins/undeploy/undeploy.sh b/kubernetes/helm/plugins/undeploy/undeploy.sh index 790f84fda9..35fc4ca251 100755 --- a/kubernetes/helm/plugins/undeploy/undeploy.sh +++ b/kubernetes/helm/plugins/undeploy/undeploy.sh @@ -49,4 +49,4 @@ case "${1:-"help"}" in ;; esac -exit 0 \ No newline at end of file +exit 0 diff --git a/kubernetes/log/.helmignore b/kubernetes/log/.helmignore index f0c1319444..7ddbad7ef4 100644 --- a/kubernetes/log/.helmignore +++ b/kubernetes/log/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +components/ diff --git a/kubernetes/modeling/.helmignore b/kubernetes/modeling/.helmignore new file mode 100644 index 0000000000..7ddbad7ef4 --- /dev/null +++ b/kubernetes/modeling/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +components/ diff --git a/kubernetes/msb/.helmignore b/kubernetes/msb/.helmignore index f0c1319444..7ddbad7ef4 100644 --- a/kubernetes/msb/.helmignore +++ b/kubernetes/msb/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +components/ diff --git a/kubernetes/multicloud/.helmignore b/kubernetes/multicloud/.helmignore index f0c1319444..7ddbad7ef4 100644 --- a/kubernetes/multicloud/.helmignore +++ b/kubernetes/multicloud/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +components/ diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml index 08af62d844..2050fe676c 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml @@ -41,7 +41,7 @@ spec: - /app/ready.py args: - --container-name - - {{ .Values.config.db.container }} + - {{ include "common.mariadbService" . }} env: - name: NAMESPACE valueFrom: @@ -77,9 +77,9 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST - value: {{ .Values.config.db.host }}.{{.Release.Namespace}} + value: {{ include "common.mariadbService" . }}.{{.Release.Namespace}} - name: DB_PORT - value: {{ .Values.config.db.port | quote}} + value: {{ include "common.mariadbPort" . | quote}} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA @@ -99,9 +99,9 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST - value: {{ .Values.config.db.host }}.{{.Release.Namespace}} + value: {{ include "common.mariadbService" . }}.{{.Release.Namespace}} - name: DB_PORT - value: {{ .Values.config.db.port | quote}} + value: {{ include "common.mariadbPort" . | quote}} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml index c9de6546c2..3bee34aaa7 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml @@ -19,6 +19,7 @@ global: # global defaults nodePortPrefix: 302 readinessImage: onap/oom/readiness:3.0.1 + mariadbGalera: {} subChartsOnly: enabled: true @@ -85,6 +86,7 @@ service: # as of 20181022 port 23 is reserved for cmso # see https://wiki.onap.org/display/DW/OOM+NodePort+List +mariadb-galera: {} config: aaf: @@ -92,7 +94,6 @@ config: password: pass # userCredentialsExternalSecret: some-secret db: - port: 3306 # rootPassword: pass # rootPasswordExternalSecret: some secret user: cmso-admin diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml index 3fd0112928..d82040b17b 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml @@ -41,7 +41,7 @@ spec: - /app/ready.py args: - --container-name - - {{ .Values.config.db.container }} + - {{ include "common.mariadbService" . }} env: - name: NAMESPACE valueFrom: @@ -77,9 +77,9 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST - value: {{ .Values.config.db.host }}.{{.Release.Namespace}} + value: {{ include "common.mariadbService" . }}.{{.Release.Namespace}} - name: DB_PORT - value: {{ .Values.config.db.port | quote}} + value: {{ include "common.mariadbPort" . | quote}} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA @@ -113,9 +113,9 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST - value: {{ .Values.config.db.host }}.{{.Release.Namespace}} + value: {{ include "common.mariadbService" . }}.{{.Release.Namespace}} - name: DB_PORT - value: {{ .Values.config.db.port | quote}} + value: {{ include "common.mariadbPort" . | quote}} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml index 105163e95c..3eb94ead7b 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml @@ -18,6 +18,7 @@ ################################################################# global: # global defaults nodePortPrefix: 302 + mariadbGalera: {} subChartsOnly: enabled: true @@ -83,6 +84,7 @@ service: # as of 20181022 port 23 is reserved for cmso # see https://wiki.onap.org/display/DW/OOM+NodePort+List +mariadb-galera: {} config: aaf: @@ -90,7 +92,6 @@ config: password: pass # userCredentialsExternalSecret: some-secret db: - port: 3306 # rootPassword: pass # rootPasswordExternalSecret: some secret user: cmso-admin diff --git a/kubernetes/oof/components/oof-cmso/requirements.yaml b/kubernetes/oof/components/oof-cmso/requirements.yaml index 535a1e1696..30946c6a33 100644 --- a/kubernetes/oof/components/oof-cmso/requirements.yaml +++ b/kubernetes/oof/components/oof-cmso/requirements.yaml @@ -23,6 +23,7 @@ dependencies: - name: mariadb-galera version: ~8.x-0 repository: '@local' + condition: global.mariadbGalera.localCluster - name: mariadb-init version: ~8.x-0 repository: '@local' diff --git a/kubernetes/oof/components/oof-cmso/values.yaml b/kubernetes/oof/components/oof-cmso/values.yaml index c46fd0a33a..15aac51888 100644 --- a/kubernetes/oof/components/oof-cmso/values.yaml +++ b/kubernetes/oof/components/oof-cmso/values.yaml @@ -13,6 +13,19 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + commonConfigPrefix: "oof-cmso" + truststoreFile: "truststoreONAPall.jks" + keystoreFile: "org.onap.oof.jks" + truststorePassword: + authentication: aaf-auth + mariadbGalera: &mariadbGalera + #This flag allows OOF-CMSO to instantiate its own mariadb-galera cluster + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + ################################################################# # Secrets metaconfig ################################################################# @@ -42,7 +55,7 @@ secrets: login: '{{ .Values.config.aaf.user }}' password: '{{ .Values.config.aaf.password }}' -mariadb-galera: +mariadb-galera: &localMariadb replicaCount: 1 nameOverride: &dbName cmso-db nfsprovisionerPrefix: cmso @@ -56,19 +69,7 @@ mariadb-galera: serviceAccount: nameOverride: *dbName -global: - commonConfigPrefix: "oof-cmso" - truststoreFile: "truststoreONAPall.jks" - keystoreFile: "org.onap.oof.jks" - truststorePassword: - authentication: aaf-auth - mariadb-init: - mariadbGalera: - containerName: *dbName - serviceName: *dbName - servicePort: 3306 - userRootSecret: *rootPassword config: userCredentialsExternalSecret: *serviceDbCreds mysqlDatabase: cmso @@ -117,11 +118,10 @@ oof-cmso-service: certInitializer: << : *certInitConfig nameOverride: oof-cmso-service-cert-initializer + mariadb-galera: *localMariadb config: db: userCredentialsExternalSecret: *serviceDbCreds - host: *dbName - container: *dbName mysqlDatabase: cmso aaf: userCredentialsExternalSecret: *aafCreds @@ -131,12 +131,11 @@ oof-cmso-optimizer: certInitializer: << : *certInitConfig nameOverride: oof-cmso-optimizer-cert-initializer + mariadb-galera: *localMariadb config: enabled: true db: userCredentialsExternalSecret: *optimizerDbCreds - host: *dbName - container: *dbName mysqlDatabase: optimizer aaf: userCredentialsExternalSecret: *aafCreds diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh index ebc8ca0f40..65b9636891 100644 --- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh +++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh @@ -1,4 +1,5 @@ #!/bin/bash + set -eo pipefail shopt -s nullglob @@ -30,10 +31,15 @@ file_env() { mysql_error "Both $var and $fileVar are set (but are exclusive)" fi local val="$def" + # val="${!var}" + # val="$(< "${!fileVar}")" + # eval replacement of the bashism equivalents above presents no security issue here + # since var and fileVar variables contents are derived from the file_env() function arguments. + # This method is only called inside this script with a limited number of possible values. if [ "${!var:-}" ]; then - val="${!var}" + eval val=\$$var elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" + val="$(< "$(eval echo "\$$fileVar")")" fi export "$var"="$val" unset "$fileVar" @@ -105,7 +111,7 @@ docker_temp_server_start() { # so that it won't try to fill in a password file when it hasn't been set yet extraArgs=() if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - extraArgs+=( '--dont-use-mysql-root-password' ) + extraArgs=${extraArgs}( '--dont-use-mysql-root-password' ) fi if echo 'SELECT 1' |docker_process_sql "${extraArgs[@]}" --database=mysql >/dev/null 2>&1; then break @@ -155,7 +161,7 @@ docker_init_database_dir() { # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3 # (this flag doesn't exist in 10.0 and below) - installArgs+=( --auth-root-authentication-method=normal ) + installArgs=${installArgs}( --auth-root-authentication-method=normal ) fi # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here) mysql_install_db "${installArgs[@]}" "${@:2}" @@ -191,7 +197,7 @@ docker_setup_env() { docker_process_sql() { passfileArgs=() if [ '--dont-use-mysql-root-password' = "$1" ]; then - passfileArgs+=( "$1" ) + passfileArgs=${passfileArgs}( "$1" ) shift fi # args sent in can override this db, since they will be later in the command diff --git a/kubernetes/robot/demo-k8s.sh b/kubernetes/robot/demo-k8s.sh index 099f80ccff..5e4e216c95 100755 --- a/kubernetes/robot/demo-k8s.sh +++ b/kubernetes/robot/demo-k8s.sh @@ -222,7 +222,7 @@ ETEHOME=/var/opt/ONAP if [ $execscript ]; then for script in $(ls -1 "$DIR/$SCRIPTDIR"); do - [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script" + [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && . "$DIR/$SCRIPTDIR/$script" done fi diff --git a/kubernetes/robot/ete-k8s.sh b/kubernetes/robot/ete-k8s.sh index 15d07fb3ee..01cf0922fa 100755 --- a/kubernetes/robot/ete-k8s.sh +++ b/kubernetes/robot/ete-k8s.sh @@ -78,7 +78,7 @@ ETEHOME=/var/opt/ONAP if [ "${!#}" = "execscript" ]; then for script in $(ls -1 "$DIR/$SCRIPTDIR"); do - [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script" + [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && . "$DIR/$SCRIPTDIR/$script" done fi diff --git a/kubernetes/robot/eteHelm-k8s.sh b/kubernetes/robot/eteHelm-k8s.sh index d5e2fa41c3..8b74da77f8 100755 --- a/kubernetes/robot/eteHelm-k8s.sh +++ b/kubernetes/robot/eteHelm-k8s.sh @@ -46,7 +46,7 @@ ETEHOME=/var/opt/ONAP if [ "${!#}" = "execscript" ]; then for script in $(ls -1 "$DIR/$SCRIPTDIR"); do - [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script" + [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && . "$DIR/$SCRIPTDIR/$script" done fi diff --git a/kubernetes/sdc/components/sdc-helm-validator/values.yaml b/kubernetes/sdc/components/sdc-helm-validator/values.yaml index ede80a6af0..5c5c5995b0 100644 --- a/kubernetes/sdc/components/sdc-helm-validator/values.yaml +++ b/kubernetes/sdc/components/sdc-helm-validator/values.yaml @@ -18,7 +18,7 @@ global: pullPolicy: Always -image: onap/org.onap.sdc.sdc-helm-validator:1.2.0 +image: onap/org.onap.sdc.sdc-helm-validator:1.2.1 containerPort: &svc_port 8080 config: diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh index feb6662196..099103ca79 100755 --- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh @@ -1,6 +1,6 @@ #!/bin/bash -{{/* +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh index 94858339e7..05a17017ab 100755 --- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh @@ -1,6 +1,6 @@ -#!/bin/bash -{{/* +#!/bin/sh +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/kubernetes/sdnc/resources/geo/bin/switchVoting.sh b/kubernetes/sdnc/resources/geo/bin/switchVoting.sh index 65b76265fc..a276854d5c 100755 --- a/kubernetes/sdnc/resources/geo/bin/switchVoting.sh +++ b/kubernetes/sdnc/resources/geo/bin/switchVoting.sh @@ -1,6 +1,6 @@ -#!/bin/bash -{{/* +#!/bin/sh +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/kubernetes/uui/.helmignore b/kubernetes/uui/.helmignore index f0c1319444..7ddbad7ef4 100644 --- a/kubernetes/uui/.helmignore +++ b/kubernetes/uui/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +components/ diff --git a/kubernetes/vfc/.helmignore b/kubernetes/vfc/.helmignore new file mode 100644 index 0000000000..7ddbad7ef4 --- /dev/null +++ b/kubernetes/vfc/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +components/