From: Sylvain Desbureaux Date: Wed, 24 Feb 2021 07:23:48 +0000 (+0000) Subject: Merge "[OOF] Update image versions" X-Git-Tag: 8.0.0~98 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=78cc593c984532f336fac9ead3c444cfce2019c5;hp=3865d69d33f8f69f7d075d8597b4178e3a5c1442;p=oom.git Merge "[OOF] Update image versions" --- diff --git a/kubernetes/Makefile b/kubernetes/Makefile index 3c5254ca27..d994397269 100644 --- a/kubernetes/Makefile +++ b/kubernetes/Makefile @@ -20,7 +20,14 @@ OUTPUT_DIR := $(ROOT_DIR)/dist PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets HELM_BIN := helm -HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") + +# Helm v2 and helm v3 uses different version format so we first try in helm v3 format +# and if it fails then we fallback to helm v2 one +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}" 2>/dev/null) +ifneq "$(findstring v3,$(HELM_VER))" "v3" + HELM_VER := $(shell $(HELM_BIN) version -c --template "{{.Client.SemVer}}") +endif + # use this if you would like to push onap charts to repo with other name # WARNING: Helm v3+ only # WARNING: Make sure to edit also requirements files @@ -38,7 +45,7 @@ HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.) .PHONY: $(EXCLUDES) $(HELM_CHARTS) check-for-staging-images -all: $(COMMON_CHARTS_DIR) $(SUBMODS) $(HELM_CHARTS) helm-repo-update plugins +all: print_helm_bin $(COMMON_CHARTS_DIR) $(SUBMODS) $(HELM_CHARTS) helm-repo-update plugins $(COMMON_CHARTS): @echo "\n[$@]" @@ -59,6 +66,8 @@ submod-%: %/requirements.yaml: $(error Submodule $* needs to be retrieved from gerrit. See https://wiki.onap.org/display/DW/OOM+-+Development+workflow+after+code+transfer+to+tech+teams ); fi +print_helm_bin: + $(info Using Helm binary ${HELM_BIN} which is helm version ${HELM_VER}) make-%: @if [ -f $*/Makefile ]; then make -C $*; fi diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat index 3a61e77f40..88f2ffcd1b 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat @@ -6,10 +6,13 @@ aai@aai.onap.org|aai2|aaf|/Users/jf2512||mailto:|org.onap.aai|jf2512|60|{'aai.ap aai@aai.onap.org|aai|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|60|{'aai-search-data.onap', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'} aai@aai.onap.org|aai.onap|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12'} aai@aai.onap.org|mithrilcsp.sbc.com|local|/tmp/onap||mailto:|org.onap.aai|jg1555|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'pkcs12', 'script'} +aai-resources@aai-resources.onap.org|aai-resources|local|/opt/app/osaaf/local||mailto:|org.onap.aai-resources|root|30|{'aai-resources', 'aai-resources.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'} +aai-traversal@aai-traversal.onap.org|aai-traversal|local|/opt/app/osaaf/local||mailto:|org.onap.aai-traversal|root|30|{'aai-traversal', 'aai-traversal.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'} appc@appc.onap.org|appc|local|/opt/app/osaaf/local||mailto:|org.onap.appc|root|60|{'appc.api.simpledemo.onap.org', 'appc.onap', 'appc.simpledemo.onap.org'}|mmanager@osaaf.org|{'pkcs12'} appc-cdt@appc-cdt.onap.org|appc-cdt|local|/opt/app/osaaf/local||mailto:|org.onap.appc-cdt|root|30|{'appc-cdt', 'appc-cdt.api.simpledemo.onap.org', 'appc-cdt.onap'}|mmanager@osaaf.org|{'file', 'pkcs12', 'script'} clamp@clamp.onap.org|clamp|local|/opt/app/osaaf/local||mailto:|org.onap.clamp|root|30|{'clamp', 'clamp-onap', 'clamp.api.simpledemo.onap.org', 'clamp.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} clamp@clamp.onap.org|mithrilcsp.sbc.com|local|/tmp/onap||mailto:|org.onap.clamp|jg1555|30|{'clamp.api.simpledemo.onap.org', 'clamp.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'} +cli@cli.onap.org|cli|local|/opt/app/osaaf/local||mailto:|org.onap.cli|root|30|{'cli', 'cli.api.simpledemo.onap.org', 'cli.onap'}|mmanager@osaaf.org|{'file', 'pkcs12', 'jks'} dcae@dcae.onap.org|dcae|local|/opt/app/osaaf/local||mailto:|org.onap.dcae|root|60|{'bbs-event-processor', 'bbs-event-processor.onap', 'bbs-event-processor.onap.svc.cluster.local', 'config-binding-service', 'config-binding-service.onap', 'config-binding-service.onap.svc.cluster.local', 'dashboard', 'dashboard.onap', 'dashboard.onap.svc.cluster.local', 'dcae-cloudify-manager', 'dcae-cloudify-manager.onap', 'dcae-cloudify-manager.onap.svc.cluster.local', 'dcae-datafile-collector', 'dcae-datafile-collector.onap', 'dcae-datafile-collector.onap.svc.cluster.local', 'dcae-hv-ves-collector', 'dcae-hv-ves-collector.onap', 'dcae-hv-ves-collector.onap.svc.cluster.local', 'dcae-pm-mapper', 'dcae-pm-mapper.onap', 'dcae-pm-mapper.onap.svc.cluster.local', 'dcae-pmsh', 'dcae-pmsh.onap', 'dcae-pmsh.onap.svc.cluster.local', 'dcae-prh', 'dcae-prh.onap', 'dcae-prh.onap.svc.cluster.local', 'dcae-tca-analytics', 'dcae-tca-analytics.onap', 'dcae-tca-analytics.onap.svc.cluster.local', 'dcae-ves-collector', 'dcae-ves-collector.onap', 'dcae-ves-collector.onap.svc.cluster.local', 'deployment-handler', 'deployment-handler.onap', 'deployment-handler.onap.svc.cluster.local', 'holmes-engine-mgmt', 'holmes-engine-mgmt.onap', 'holmes-engine-mgmt.onap.svc.cluster.local', 'holmes-rule-mgmt', 'holmes-rules-mgmt.onap', 'holmes-rules-mgmt.onap.svc.cluster.local', 'inventory', 'inventory.onap', 'inventory.onap.svc.cluster.local', 'policy-handler', 'policy-handler.onap', 'policy-handler.onap.svc.cluster.local'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} dmaap-bc@dmaap-bc.onap.org|dmaap-bc|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap-bc|root|30|{'dmaap-bc', 'dmaap-bc.api.simpledemo.onap.org', 'dmaap-bc.onap'}|mmanager@osaaf.org|{'jks', 'pkcs12', 'script'} dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|dmaap-bc-mm-prov|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap-bc-mm-prov|root|30|{'dmaap-bc-mm-prov', 'dmaap-bc-mm-prov.api.simpledemo.onap.org', 'dmaap-bc-mm-prov.onap', 'onap.dmaap-bc-mm-prov'}|aaf_admin@osaaf.org|{'pkcs12', 'script'} diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat index 591f732551..5d3cff012d 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat @@ -4,8 +4,11 @@ aaf@aaf.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de3163 aaf-sms@aaf-sms.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aaf-sms|53344|| clamp@clamp.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.clamp|53344|| aai@aai.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai|53344|| +aai-resources@aai-resources.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai-resources|53344|| +aai-traversal@aai-traversal.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai-traversal|53344|| appc@appc.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.appc|53344|| appc-cdt@appc-cdt.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.appc-cdt|53344|| +cli@cli.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.cli|53344|| dcae@dcae.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dcae|53344|| oof@oof.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.oof|53344|| so@so.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.so|53344|| diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat index 223fe03afa..4b303a14d1 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat @@ -1,11 +1,14 @@ org.onap.aaf-sms||org.onap||3 org.onap.aai||org.onap||3 +org.onap.aai-resources||org.onap||3 +org.onap.aai-traversal||org.onap||3 org.onap.appc||org.onap||3 org.onap.appc-cdt||org.onap||3 org.onap.cds||org.onap||3 org.onap.clampdemo|Onap clamp demo NS|org.onap|2|2 org.onap.clamp||org.onap||3 org.onap.clamptest|Onap clamp test NS|org.onap|2|2 +org.onap.cli||org.onap||3 org.onap.dcae||org.onap||3 org.onap.dmaap-bc.api||org.onap.dmaap-bc||3 org.onap.dmaap-bc-mm-prov||org.onap||3 diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat index 10edaa596a..ad641292d4 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat @@ -14,6 +14,12 @@ org.onap.aai|resources|*|post||"{'org.onap.aai|resources_all'}" org.onap.aai|resources|*|put||"{'org.onap.aai|resources_all'}" org.onap.aai|traversal|*|advanced||"{'org.onap.aai|traversal_advanced'}" org.onap.aai|traversal|*|basic||"{'org.onap.aai|traversal_basic'}" +org.onap.aai-resources|access|*|*|AAF Namespace Write Access|"{'org.onap.aai-resources|admin', 'org.onap.aai-resources|service'}" +org.onap.aai-resources|access|*|read|AAF Namespace Read Access|"{'org.onap.aai-resources|owner'}" +org.onap.aai-resources|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}" +org.onap.aai-traversal|access|*|*|AAF Namespace Write Access|"{'org.onap.aai-traversal|admin', 'org.onap.aai-traversal|service'}" +org.onap.aai-traversal|access|*|read|AAF Namespace Read Access|"{'org.onap.aai-traversal|owner'}" +org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}" org.onap|access|*|*|Onap Write Access|{'org.onap.admin'} org.onap|access|*|read|Onap Read Access|{'org.onap.owner'} org.onap.appc|access|*|*|AAF Namespace Write Access|"{'org.onap.appc|admin', 'org.onap.appc|service'}" @@ -44,6 +50,9 @@ org.onap.clampdemo|access|*|*|ClampDemo Write Access|{'org.onap.clampdemo.admin' org.onap.clampdemo|access|*|read|ClampDemo Read Access|{'org.onap.clampdemo.owner'} org.onap.clamptest|access|*|*|Onap Write Access|{'org.onap.clamptest.admin'} org.onap.clamptest|access|*|read|Onap Read Access|{'org.onap.clamptest.owner'} +org.onap.cli|access|*|*|AAF Namespace Write Access|"{'org.onap.cli|admin', 'org.onap.cli|service'}" +org.onap.cli|access|*|read|AAF Namespace Read Access|"{'org.onap.cli|owner'}" +org.onap.cli|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}" org.onap.dcae|access|*|*|AAF Namespace Write Access|"{'org.onap.dcae|admin', 'org.onap.dmaap-bc-topic-mgr|admin', 'org.onap.dmaap-bc|admin'}" org.onap.dcae|access|*|read|AAF Namespace Read Access|"{'org.onap.dcae|owner'}" org.onap.dcae|certman|local|request,ignoreIPs,showpass||"{'org.onap.dcae|seeCerts', 'org.osaaf.aaf|deploy'}" diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat index bdacfaa6c3..0937ab61ed 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat @@ -10,6 +10,12 @@ org.onap.aai|resources_all|resources_all|"{'org.onap.aai|resources|*|delete', 'o org.onap.aai|resources_readonly|resources_readonly|"{'org.onap.aai|resources|*|get'}" org.onap.aai|traversal_advanced|traversal_advanced|"{'org.onap.aai|traversal|*|advanced'}" org.onap.aai|traversal_basic|traversal_basic|"{'org.onap.aai|traversal|*|basic'}" +org.onap.aai-resources|admin|AAF Namespace Administrators|"{'org.onap.aai-resources|access|*|*'}" +org.onap.aai-resources|owner|AAF Namespace Owners|"{'org.onap.aai-resources|access|*|read'}" +org.onap.aai-resources|service||"{'org.onapaai-resources|access|*|*'}" +org.onap.aai-traversal|admin|AAF Namespace Administrators|"{'org.onap.aai-traversal|access|*|*'}" +org.onap.aai-traversal|owner|AAF Namespace Owners|"{'org.onap.aai-traversal|access|*|read'}" +org.onap.aai-traversal|service||"{'org.onapaai-traversal|access|*|*'}" org.onap|admin|Onap Admins|"{'org.onap.access|*|*'}" org.onap.appc|admin|AAF Namespace Administrators|"{'org.onap.appc|access|*|*'}" org.onap.appc|apidoc||"{'org.onap.appc|apidoc|/apidoc/.*|ALL'}" @@ -34,6 +40,9 @@ org.onap.clamp|seeCerts||"{'org.onap.clamp|certman|local|request,ignoreIPs,showp org.onap.clamp|service||"{'org.onap.clamp|access|*|*', 'org.onap.clamp|clds.cl.manage|dev|*', 'org.onap.clamp|clds.cl|dev|*', 'org.onap.clamp|clds.filter.vf|dev|*', 'org.onap.clamp|clds.template|dev|*', 'org.onap.clamp|clds.tosca|dev|*'}" org.onap.clamptest|admin|Onap Clamp Test Admins|"{'org.onap.clamptest.access|*|*'}" org.onap.clamptest|owner|onap clamp Test Owners|"{'org.onap.clamptest.access|*|read'}" +org.onap.cli|admin|AAF Namespace Administrators|"{'org.onap.cli|access|*|*'}" +org.onap.cli|owner|AAF Namespace Owners|"{'org.onap.cli|access|*|read'}" +org.onap.cli|service||"{'org.onap.cli|access|*|*'}" org.onap.dcae|admin|AAF Namespace Administrators|"{'org.onap.dcae|access|*|*', 'org.onap.dmaap-bc|access|*|read'}" org.onap.dcae|owner|AAF Namespace Owners|"{'org.onap.dcae|access|*|read'}" org.onap.dcae|pmPublisher|| @@ -311,7 +320,7 @@ org.openecomp.dmaapBC|admin|AAF Admins|"{'org.openecomp.dmaapBC.access|*|*', 'or org.openecomp.dmaapBC|owner|AAF Owners|"{'org.openecomp.dmaapBC.access|*|read'}" org.openecomp|owner|OpenEcomp Owners|"{'org.openecomp.access|*|read'}" org.osaaf.aaf|admin|AAF Admins|"{'org.osaaf.aaf.access|*|*', 'org.osaaf.aaf|cache|all|clear', 'org.osaaf.aaf|cache|role|clear', 'org.osaaf.aaf|password|*|create,reset'}" -org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}" +org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}" org.osaaf.aaf|owner|AAF Owners|"{'org.osaaf.aaf.access|*|read,approve'}" org.osaaf.aaf|service||"{'org.osaaf.aaf|cache|*|clear'}" org.osaaf|admin|OSAAF Admins|"{'org.osaaf.access|*|*'}" diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat index a9dc752494..20f7bddbaa 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat @@ -2,6 +2,10 @@ mmanager@people.osaaf.org|org.onap.aaf-sms.admin|2020-11-26 12:31:54.000+0000|or mmanager@people.osaaf.org|org.onap.aaf-sms.owner|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|owner mmanager@people.osaaf.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin mmanager@people.osaaf.org|org.onap.aai.owner|2020-11-26 12:31:54.000+0000|org.onap.aai|owner +mmanager@people.osaaf.org|org.onap.aai-resources.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|admin +mmanager@people.osaaf.org|org.onap.aai-resources.owner|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|owner +mmanager@people.osaaf.org|org.onap.aai-traversal.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-traversal|admin +mmanager@people.osaaf.org|org.onap.aai-traversal.owner|2020-11-26 12:31:54.000+0000|org.onap.aai-traversal|owner mmanager@people.osaaf.org|org.onap.admin|2020-11-26 12:31:54.000+0000|org.onap|admin mmanager@people.osaaf.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin mmanager@people.osaaf.org|org.onap.appc.owner|2020-11-26 12:31:54.000+0000|org.onap.appc|owner @@ -11,6 +15,8 @@ mmanager@people.osaaf.org|org.onap.cds.admin|2020-11-26 12:31:54.000+0000|org.on mmanager@people.osaaf.org|org.onap.cds.owner|2020-11-26 12:31:54.000+0000|org.onap.cds|owner mmanager@people.osaaf.org|org.onap.clamp.admin|2020-11-26 12:31:54.000+0000|org.onap.clamp|admin mmanager@people.osaaf.org|org.onap.clamp.owner|2020-11-26 12:31:54.000+0000|org.onap.clamp|owner +mmanager@people.osaaf.org|org.onap.cli.admin|2020-11-26 12:31:54.000+0000|org.onap.cli|admin +mmanager@people.osaaf.org|org.onap.cli.owner|2020-11-26 12:31:54.000+0000|org.onap.cli|owner mmanager@people.osaaf.org|org.onap.dcae.admin|2020-11-26 12:31:54.000+0000|org.onap.dcae|admin mmanager@people.osaaf.org|org.onap.dcae.owner|2020-11-26 12:31:54.000+0000|org.onap.dcae|owner mmanager@people.osaaf.org|org.onap.dmaap.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap|admin @@ -86,6 +92,7 @@ mmanager@people.osaaf.org|org.onap.vid.owner|2020-11-26 12:31:54.000+0000|org.on mmanager@people.osaaf.org|org.osaaf.people.owner|2020-11-26 12:31:54.000+0000|org.osaaf.people|owner portal@portal.onap.org|org.onap.aaf-sms.admin|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|admin portal@portal.onap.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin +portal@portal.onap.org|org.onap.aai-resources.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|admin portal@portal.onap.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin portal@portal.onap.org|org.onap.appc.apidoc|2020-11-26 12:31:54.000+0000|org.onap.appc|apidoc portal@portal.onap.org|org.onap.appc.restconf|2020-11-26 12:31:54.000+0000|org.onap.appc|restconf @@ -187,12 +194,15 @@ pm0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-11-26 12:31:54.000+0000|org.ona ps0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-11-26 12:31:54.000+0000|org.onap.sdc|TESTOR aaf_admin@people.osaaf.org|org.onap.aaf-sms.admin|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|admin aaf_admin@people.osaaf.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin +aaf_admin@people.osaaf.org|org.onap.aai-resources.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|admin +aaf_admin@people.osaaf.org|org.onap.aai-traversal.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-traversal|admin aaf_admin@people.osaaf.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin aaf_admin@people.osaaf.org|org.onap.appc.apidoc|2020-11-26 12:31:54.000+0000|org.onap.appc|apidoc aaf_admin@people.osaaf.org|org.onap.appc.restconf|2020-11-26 12:31:54.000+0000|org.onap.appc|restconf aaf_admin@people.osaaf.org|org.onap.appc-cdt.admin|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|admin aaf_admin@people.osaaf.org|org.onap.cds.admin|2020-11-26 12:31:54.000+0000|org.onap.cds|admin aaf_admin@people.osaaf.org|org.onap.clamp.admin|2020-11-26 12:31:54.000+0000|org.onap.clamp|admin +aaf_admin@people.osaaf.org|org.onap.cli.admin|2020-11-26 12:31:54.000+0000|org.onap.cli|admin aaf_admin@people.osaaf.org|org.onap.dcae.admin|2020-11-26 12:31:54.000+0000|org.onap.dcae|admin aaf_admin@people.osaaf.org|org.onap.dmaap-bc.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc|admin aaf_admin@people.osaaf.org|org.onap.dmaap-bc.api.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc.api|admin @@ -246,6 +256,18 @@ aaf@aaf.osaaf.org|org.osaaf.aaf.service|2020-11-26 12:31:54.000+0000|org.osaaf.a aaf@aaf.osaaf.org|org.osaaf.people.admin|2020-11-26 12:31:54.000+0000|org.osaaf.people|admin osaaf@aaf.osaaf.org|org.osaaf.aaf.admin|2020-11-26 12:31:54.000+0000|org.osaaf.aaf|admin aaf-sms@aaf-sms.onap.org|org.onap.aaf-sms.service|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|service +aai@aai.onap.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin +aai@aai.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all +aai@aai.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced +aai-resources@aai-resources.onap.org|org.onap.aai-resources.service|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|service +aai-traversal@aai-traversal.onap.org|org.onap.aai-traversal.service|2020-11-26 12:31:54.000+0000|org.onap.aai-traversal|service +appc@appc.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all +appc@appc.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced +appc@appc.onap.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin +appc@appc.onap.org|org.onap.appc.odl|2020-11-26 12:31:54.000+0000|org.onap.appc|odl +appc@appc.onap.org|org.onap.appc.service|2020-11-26 12:31:54.000+0000|org.onap.appc|service +appc-cdt@appc-cdt.onap.org|org.onap.appc-cdt.service|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|service +cli@cli.onap.org|org.onap.cli.service|2020-11-26 12:31:54.000+0000|org.onap.cli|service clamp@clampdemo.onap.org|org.onap.clampdemo.owner|2020-11-26 12:31:54.000+0000|org.onap.clampdemo|owner clamp@clampdemo.onap.org|org.onap.clampdemo.service|2020-11-26 12:31:54.000+0000|org.onap.clampdemo|admin clamp@clamp.onap.org|org.onap.clamp.clds.admin.dev|2020-11-26 12:31:54.000+0000|org.onap.clamp|clds.admin.dev @@ -262,15 +284,6 @@ clamp@clamp.onap.org|org.onap.dmaap.mr.dgl000.subscriber|2020-11-26 12:31:54.000 clamp@clamp.osaaf.org|org.onap.clamp.service|2020-11-26 12:31:54.000+0000|org.onap.clamp|service clamp@clamptest.onap.org|org.onap.clamptest.owner|2020-11-26 12:31:54.000+0000|org.onap.clamptest|owner clamp@clamptest.onap.org|org.onap.clamptest.service|2020-11-26 12:31:54.000+0000|org.onap.clamptest|admin -aai@aai.onap.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin -aai@aai.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all -aai@aai.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced -appc@appc.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all -appc@appc.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced -appc@appc.onap.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin -appc@appc.onap.org|org.onap.appc.odl|2020-11-26 12:31:54.000+0000|org.onap.appc|odl -appc@appc.onap.org|org.onap.appc.service|2020-11-26 12:31:54.000+0000|org.onap.appc|service -appc-cdt@appc-cdt.onap.org|org.onap.appc-cdt.service|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|service dcae@dcae.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all dcae@dcae.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced dcae@dcae.onap.org|org.onap.dcae.pmPublisher|2020-11-26 12:31:54.000+0000|org.onap.dcae|pmPublisher diff --git a/kubernetes/aaf/resources/data/identities.dat b/kubernetes/aaf/resources/data/identities.dat index 2ddc273aa3..0cc492b003 100644 --- a/kubernetes/aaf/resources/data/identities.dat +++ b/kubernetes/aaf/resources/data/identities.dat @@ -52,8 +52,11 @@ aaf|AAF Application|AAF|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf aaf-sms|AAF SMS Application|AAF SMS|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin clamp|ONAP CLAMP Application|CLAMP|Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager aai|ONAP AAI Application|AAI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +aai-resources|ONAP AAI Resources Application|AAI Resources|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +aai-traversal|ONAP AAI Traversal Application|AAI Resources|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager appc|ONAP APPC Application|APPC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager appc-cdt|ONAP APPC CDT Application|APPC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +cli|ONAP CLI Application|SDNC-CDS|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager dcae|ONAP DCAE Application|CLAMP|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager oof|ONAP OOF Application|OOF|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager so|ONAP SO Application|SO|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager diff --git a/kubernetes/aai/components/aai-resources/requirements.yaml b/kubernetes/aai/components/aai-resources/requirements.yaml index 42641a2e5c..498f1b837d 100644 --- a/kubernetes/aai/components/aai-resources/requirements.yaml +++ b/kubernetes/aai/components/aai-resources/requirements.yaml @@ -21,6 +21,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: certInitializer + version: ~7.x-0 + repository: '@local' - name: repositoryGenerator version: ~7.x-0 repository: '@local' \ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.keyfile b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.keyfile deleted file mode 100644 index 4c14bc37f1..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.keyfile +++ /dev/null @@ -1,27 +0,0 @@ -VoVoSXQrAveX2NBnoAGs7p5q5Zn5vWkVXC81HQrzers30k7OzSy5rfCRSUVO13wuo-wzJQ4GGn4e -ZSOZrtTCenFwunUX6mirkIlip8W2TLNVH6O3VN-F7JS6t_6EFF5z1y7amr9MCWQ8p72Ig9uHMUWC -uPLjD6GUWAEw0BIGtCbXgJDs6v2EOCv0TV8Mq1uYSaiAOZgMlehwt1tWcE3iSRfZscjIp4Kjpe4e -QsZ9Bc5ATTnY3Tc5Mtmubc-1cwGDQQWFIo5k_cWfxhtpMAsNSidwp-zBjCKEWC465BKSSiUHwp4M -YW_6xrmN1FobnFqLCNoUEoXH3Mcgeze74dXmaN8_JyQ6T5pT1EtETsitnktrfFh-XsLKGf8vE1m8 -pfAtq4hPeq1jMdG0D8SRVGFxJlHa9VsmYpbUj_4I3GGsaBt_EBl9ZUtL0b3Vnx5fnqS1OZ1amL0z -94rQfQMf2UAnbI1j2j5oV6Hy2eBmSiLft2aNxs1VPmmZLQsm5dXDKF1eJ6twNmaZvzmQaSHTpN4b -YqPonSwlYK1ZARaKzx1SivpRWzRP-nqqFazfAnPlLdvCBpCK0g_SjwLvlifozVmH2j0Vd6E9F9XE -NzJSfUY6NsX6_7t10yDYtBKbFKID3jIKmSj7yn5PKNbEWBwmgvkBh4PIKTRij11udR8S8PnYsfTT -PyC52LH37LL5Me3Y443zOUXtYWwN6wfCi9H4pDQGmg7mcnpKV0Z-Iw59AuLKypTriG3-9DxYgMSa -_GCDiCIXhcWSEYieRV45qHoeVdgrPGN8iy9leO_JmikGsjcIKl0-mGrojsV0zHrqeP-fyvgpFD1x -NXLKeqErqSw_KMFOxCa0-cUQHgrVvrs5wDYeetZ4TRafKEYkojZhq6mbM5V2zScQTxU_VEHK0PIs -BJ6xHzcw9DLUjPTVtHXXbag9ly9ReoHXRLD5O9RZUvLH9pGRIkn_tMrVD1scMiS4ln9QplyGRF1_ -AAXysVgCna3-xuOIYo8zG74d29eNcuEpejPR8CiSWKiKNqp0zMYB5Jpv2dlf0XMucMne-6WV1-gg -EETogBbymFC6rcc31TjPwqnqyLY0XP7Gy1trJ47aI9zBXS3IZLmGaKW1d12ELDRsWctujcjHyt1_ -Vp3hrny5w7BNWD8SIueUzke3-OuEhOmu0o84TGvfHc6fmKCggRBn_oXee4OeCnt2HzNSlLvOV9AZ -g5e1UKuzl2dODQCZHNNdj-7f25LIVSV44m0SVNsDwboQ4s7T5HOTn3NM2KpklwBnB6w5ze2FFBzb -5XNzyXOpDgHEnszN1U90WrpoFvJ0LFJ5XeX8mH0q9lpcKZXbOqP383_dBXyEd237m2OF6WVG4VVm -4dqB98pBLiGpCR1K6ocdcZE6mAMQn-OdDaLIJLcXt77i1j2MNlODeax-MJnxMW8EjPAzNJzrdq5e -21spFMZJT9vthdl0qqiiduuTazaXGrmvnB85uvRCXVqJOesVG3HebubWrQuuuePxVTSL18R_PhId -0hmqho-MOZUHHTxGzqFDR0iOO8Y4hZfiAipHAd49IkkmYJUrEAb258in8W4__vJ5UcIdq2Rd8L9l -vtIzf7AKcFCyx7Woi95GpEJ2Kr_f6aG1_04hbFY_LHP3EHPcOxsDHjz-8FYreze_LUdsYx-fBMft -mcFmbFAblk8Jz7GYQ7c4XwULt2BbMr9rsuGuZHL3Ap6lX1eI0-6d8ZZ3DIXIWubTTqHG_mRNd5XW -b0x5nlEbnvw4t4DdjGsEONpQfllnnmkr25tPQBncPjlsA3oso6h5QM4psvkkKi8yd0N6t-yyLwra -w1B3p9YQFzK2hGA24Seo83baLRgIK6YvEsNnXdI7fmVEOetIslQue__6S6GupdqgUFx9xrtDLN-d -TbdxpezKWfkjCxEBxXyAhOttb3qqP0-jtZV7OEsZmmz0T9DG4hYnNfs-clD7rrD3Va7znzDru2sq -PtgpapahbNjM9pbx9_fU7M35aEYnGtEwG9BVGVxsWmIBMTc05ncru4qE0fLkjsDSnCMQ54e0 \ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.p12 b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.p12 deleted file mode 100644 index b2449c6a54..0000000000 Binary files a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.p12 and /dev/null differ diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props index d5a64750f4..f4bb9ee89c 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props +++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props @@ -1,15 +1,15 @@ ############################################################ # Properties Generated by AT&T Certificate Manager # @copyright 2016, AT&T +# Modifications Copyright © 2020 Orange ############################################################ cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US -cadi_keyfile=/opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile -cadi_keystore=/opt/app/aai-resources/resources/aaf/org.onap.aai.p12 -cadi_keystore_password=enc:dgVjUeXy3cuR7nJ3TFVrXFfAu19gn6rie-RsS96-0fmeZwMsXlNIgK_rHd2eRY_p +cadi_keyfile={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.keyfile +cadi_keystore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +cadi_keystore_password=${KEYSTORE_PASSWORD} -#cadi_key_password=enc:9xs_lJ9QQRDoMcHqLbGg40-gefGrw-sLMjWL40ejbyqdC7Jt_pQfY6ajBLGcbLuL cadi_alias=aai@aai.onap.org -cadi_truststore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -cadi_truststore_password=enc:nF3CZ7w_swzgWJX8CtEOsKWA50x-Da_HbiYlXPWrQym +cadi_truststore={{ .Values.certInitializer.credsPath }}/truststoreONAPall.jks +cadi_truststore_password=${TRUSTSTORE_ALL_PASSWORD} cadi_loglevel=INFO cadi_bath_convert=/opt/app/aai-resources/resources/aaf/bath_config.csv diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties index 70e8bec01a..0d51326f3b 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties @@ -4,6 +4,7 @@ # org.onap.aai # ================================================================================ # Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2020 Orange # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -47,10 +48,10 @@ aai.tools.username={{ .Values.global.config.basic.auth.username }} aai.tools.password={{ .Values.global.config.basic.auth.passwd }} {{ end }} -aai.truststore.filename={{ .Values.global.config.truststore.filename }} -aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }} -aai.keystore.filename={{ .Values.global.config.keystore.filename }} -aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }} +aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD} +aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +aai.keystore.passwd.x=${KEYSTORE_PASSWORD} aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} aai.notificationEvent.default.status=UNPROCESSED diff --git a/kubernetes/aai/components/aai-resources/resources/config/application.properties b/kubernetes/aai/components/aai-resources/resources/config/application.properties index 61410c551e..70ebd3ac54 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/application.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/application.properties @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -44,10 +45,10 @@ server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8447 server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 -server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} -server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) -server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} -server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +server.ssl.key-store-password=${KEYSTORE_PASSWORD} +server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} server.ssl.client-auth=want server.ssl.key-store-type=JKS @@ -92,7 +93,7 @@ schema.service.edges.endpoint=edgerules?version= schema.service.versions.endpoint=versions schema.service.client={{ .Values.global.config.schema.service.client }} -schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} -schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} -schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) -schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD} +schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} diff --git a/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml index 7f6a03168e..f5829a1dac 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml +++ b/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml @@ -25,22 +25,22 @@ --> */}} - - - ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log - - ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd} - - - - %a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D - - - + + + ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log + + ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd} + + + + %a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D + + + {{/* - -*/}} \ No newline at end of file +--> +*/}} + diff --git a/kubernetes/aai/components/aai-resources/resources/config/logback.xml b/kubernetes/aai/components/aai-resources/resources/config/logback.xml index df35aaa0ed..287b59f535 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/logback.xml +++ b/kubernetes/aai/components/aai-resources/resources/config/logback.xml @@ -11,7 +11,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, @@ -25,322 +25,322 @@ --> */}} - + - + - + - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + - - - - %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx} - - - + + + + %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx} + + + - - ${logDirectory}/rest/sane.log - - ${logDirectory}/rest/sane.log.%d{yyyy-MM-dd} - - - %d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n - - - + + ${logDirectory}/rest/sane.log + + ${logDirectory}/rest/sane.log.%d{yyyy-MM-dd} + + + %d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n + + + - - 1000 - true - - - - ${logDirectory}/rest/metrics.log - - ${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd} - - - ${metricPattern} - - + + 1000 + true + + + + ${logDirectory}/rest/metrics.log + + ${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd} + + + ${metricPattern} + + - - 1000 - true - - + + 1000 + true + + - - - DEBUG - ACCEPT - DENY - - ${logDirectory}/rest/debug.log - - ${logDirectory}/rest/debug.log.%d{yyyy-MM-dd} - - - ${debugPattern} - - + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/rest/debug.log + + ${logDirectory}/rest/debug.log.%d{yyyy-MM-dd} + + + ${debugPattern} + + - - 1000 - - true - - - ${logDirectory}/rest/error.log - - ${logDirectory}/rest/error.log.%d{yyyy-MM-dd} - - - WARN - - - ${errorPattern} - - + + 1000 + + true + + + ${logDirectory}/rest/error.log + + ${logDirectory}/rest/error.log.%d{yyyy-MM-dd} + + + WARN + + + ${errorPattern} + + - - 1000 - - + + 1000 + + - - ${logDirectory}/rest/audit.log - - ${logDirectory}/rest/audit.log.%d{yyyy-MM-dd} - - - - ${auditPattern} - - + + ${logDirectory}/rest/audit.log + + ${logDirectory}/rest/audit.log.%d{yyyy-MM-dd} + + + + ${auditPattern} + + - - 1000 - true - - + + 1000 + true + + - - - DEBUG - ACCEPT - DENY - - ${logDirectory}/rest/translog.log - - ${logDirectory}/rest/translog.log.%d{yyyy-MM-dd} - - - - ${transLogPattern} - - + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/rest/translog.log + + ${logDirectory}/rest/translog.log.%d{yyyy-MM-dd} + + + + ${transLogPattern} + + - - 1000 - true - - + + 1000 + true + + - - - WARN - - ${logDirectory}/dmaapAAIEventConsumer/error.log - - ${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd} - - - - ${errorPattern} - + + + WARN + + ${logDirectory}/dmaapAAIEventConsumer/error.log + + ${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd} + + + + ${errorPattern} + - + - - - DEBUG - ACCEPT - DENY - - ${logDirectory}/dmaapAAIEventConsumer/debug.log - - ${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd} - - - - ${debugPattern} - - - - - INFO - ACCEPT - DENY - - ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log - - ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd} - - - - ${auditPattern} - - - - - INFO - ACCEPT - DENY - - ${logDirectory}/dmaapAAIEventConsumer/metrics.log - - ${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd} - - - - ${metricPattern} - - - - - WARN - - ${logDirectory}/external/external.log - - ${logDirectory}/external/external.log.%d{yyyy-MM-dd} - - - - ${debugPattern} - - - - - DEBUG - - ${logDirectory}/auth/auth.log - - ${logDirectory}/auth/auth.log.%d{yyyy-MM-dd} - - - - %d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n - - - - 1000 - true - - - + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/debug.log + + ${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd} + + + + ${debugPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log + + ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd} + + + + ${auditPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/metrics.log + + ${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd} + + + + ${metricPattern} + + + + + WARN + + ${logDirectory}/external/external.log + + ${logDirectory}/external/external.log.%d{yyyy-MM-dd} + + + + ${debugPattern} + + + + + DEBUG + + ${logDirectory}/auth/auth.log + + ${logDirectory}/auth/auth.log.%d{yyyy-MM-dd} + + + + %d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n + + + + 1000 + true + + + - - + + - - + + - - - - - - - - - - - + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - + + + + - - - + + + - - - - + + + + diff --git a/kubernetes/aai/components/aai-resources/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/configmap.yaml index f173916104..99973565f8 100644 --- a/kubernetes/aai/components/aai-resources/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-resources/templates/configmap.yaml @@ -18,7 +18,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-configmap + name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index 6fbbf1c089..7dc79a774f 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -72,30 +72,28 @@ spec: {{- end }} spec: hostname: aai-resources - initContainers: - - command: - {{- if .Values.global.jobs.migration.enabled }} + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + - name: {{ include "common.name" . }}-readiness + command: - /app/ready.py args: + {{- if .Values.global.jobs.migration.enabled }} - --job-name - {{ include "common.release" . }}-aai-graphadmin-migration - {{- else }} - {{- if .Values.global.jobs.createSchema.enabled }} - - /app/ready.py - args: + {{- else }} + {{- if .Values.global.jobs.createSchema.enabled }} - --job-name - {{ include "common.release" . }}-aai-graphadmin-create-db-schema - {{- else }} - - /app/ready.py - args: + {{- else }} - --container-name - {{- if .Values.global.cassandra.localCluster }} + {{- if .Values.global.cassandra.localCluster }} - aai-cassandra - {{- else }} + {{- else }} - cassandra - {{- end }} + {{- end }} - --container-name - aai-schema-service + {{- end }} {{- end }} env: - name: NAMESPACE @@ -105,20 +103,29 @@ spec: fieldPath: metadata.namespace image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - -c + - | + echo "*** retrieve Truststore and Keystore password" + export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + echo "*** actual launch of AAI Resources" + /bin/bash /opt/app/aai-resources/docker-entrypoint.sh env: - name: LOCAL_USER_ID value: {{ .Values.global.config.userId | quote }} - name: LOCAL_GROUP_ID value: {{ .Values.global.config.groupId | quote }} - name: POST_JAVA_OPTS - value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword=changeit' - volumeMounts: + value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststoreAllPassword }}' + - name: TRUSTORE_ALL_PASSWORD + value: {{ .Values.certInitializer.truststoreAllPassword }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -142,9 +149,6 @@ spec: - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties name: {{ include "common.fullname" . }}-config subPath: realm.properties - - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile - name: {{ include "common.fullname" . }}-aaf-certs - subPath: org.onap.aai.keyfile - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv name: {{ include "common.fullname" . }}-aaf-certs subPath: bath_config.csv @@ -160,24 +164,12 @@ spec: - mountPath: /opt/app/aai-resources/resources/cadi.properties name: {{ include "common.fullname" . }}-aaf-properties subPath: cadi.properties - - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.p12 - name: {{ include "common.fullname" . }}-aaf-certs - subPath: org.onap.aai.p12 - - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks - name: aai-common-aai-auth-mount - subPath: truststoreONAPall.jks - mountPath: /opt/app/aai-resources/resources/application.properties name: {{ include "common.fullname" . }}-config subPath: application.properties - mountPath: /opt/app/aai-resources/resources/application-keycloak.properties name: {{ include "common.fullname" . }}-config subPath: application-keycloak.properties - {{- $global := . }} - {{- range $job := .Values.global.config.auth.files }} - - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }} - name: {{ include "common.fullname" $global }}-auth-truststore-sec - subPath: {{ . }} - {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} @@ -215,10 +207,7 @@ spec: - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-filebeat resources: {{ include "common.resources" . | nindent 12 }} - volumes: - - name: aai-common-aai-auth-mount - secret: - secretName: aai-common-aai-auth + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime @@ -231,21 +220,13 @@ spec: emptyDir: {} - name: {{ include "common.fullname" . }}-config configMap: - name: {{ include "common.fullname" . }}-configmap + name: {{ include "common.fullname" . }} - name: {{ include "common.fullname" . }}-aaf-properties configMap: name: {{ include "common.fullname" . }}-aaf-props - name: {{ include "common.fullname" . }}-aaf-certs secret: secretName: {{ include "common.fullname" . }}-aaf-keys - - name: {{ include "common.fullname" . }}-auth-truststore-sec - secret: - secretName: aai-common-truststore - items: - {{- range $job := .Values.global.config.auth.files }} - - key: {{ . }} - path: {{ . }} - {{- end }} restartPolicy: {{ .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-resources/templates/secret.yaml b/kubernetes/aai/components/aai-resources/templates/secret.yaml index d24149086e..a0d8629459 100644 --- a/kubernetes/aai/components/aai-resources/templates/secret.yaml +++ b/kubernetes/aai/components/aai-resources/templates/secret.yaml @@ -26,6 +26,6 @@ metadata: heritage: {{ .Release.Service }} type: Opaque data: -{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }} \ No newline at end of file +{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }} +--- +{{ include "common.secretFast" . }} diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml index 460e0d5b93..e4f84a963d 100644 --- a/kubernetes/aai/components/aai-resources/templates/service.yaml +++ b/kubernetes/aai/components/aai-resources/templates/service.yaml @@ -43,4 +43,3 @@ spec: selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} - clusterIP: None diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index 5210a249d2..ade5935808 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -24,9 +24,6 @@ global: # global defaults #Override it to aai-cassandra if localCluster is enabled. serviceName: cassandra - initContainers: - enabled: true - # Specifies a list of jobs to be run jobs: # When enabled, it will create the schema based on oxm and edge rules @@ -95,21 +92,6 @@ global: # global defaults edge: label: v12 - # Keystore configuration password and filename - keystore: - filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 - - # Truststore configuration password and filename - truststore: - filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 - - # Specifies a list of files to be included in auth volume - auth: - files: - - aai_keystore - # Specifies which clients should always default to realtime graph connection realtime: clients: SDNC,MSO,SO,robot-ete @@ -138,6 +120,38 @@ aai_enpoints: url: network - name: aai-externalSystem url: external-system +################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: aai-resources-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: aai-resources + fqi: aai-resources@aai-resources.onap.org + public_fqdn: aai-resources.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + fqi_namespace: org.onap.aai-resources + aaf_add_config: | + echo "*** retrieving password for keystore and trustore" + export $(/opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0) + if [ -z "$cadi_keystore_password_p12" ] + then + echo " /!\ certificates retrieval wasn't good" + exit 1 + else + echo "*** writing passwords into prop file" + echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop + echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R 1000 {{ .Values.credsPath }} + fi + truststoreAllPassword: changeit # application image image: onap/aai-resources:1.7.2 @@ -190,12 +204,6 @@ readiness: initialDelaySeconds: 60 periodSeconds: 10 -# application configuration -sidecar: - keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - service: type: ClusterIP portName: aai-resources-8447 diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index 04d5342955..5fe5b13d80 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -40,11 +40,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v21 + default: v23 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23 # Specifies from which version related link should appear related: link: v11 @@ -74,7 +74,7 @@ global: # global defaults - aai_keystore # application image -image: onap/aai-schema-service:1.7.13 +image: onap/aai-schema-service:1.8.5 pullPolicy: Always restartPolicy: Always flavorOverride: small diff --git a/kubernetes/aai/components/aai-traversal/requirements.yaml b/kubernetes/aai/components/aai-traversal/requirements.yaml index 42641a2e5c..498f1b837d 100644 --- a/kubernetes/aai/components/aai-traversal/requirements.yaml +++ b/kubernetes/aai/components/aai-traversal/requirements.yaml @@ -21,6 +21,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: certInitializer + version: ~7.x-0 + repository: '@local' - name: repositoryGenerator version: ~7.x-0 repository: '@local' \ No newline at end of file diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.keyfile b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.keyfile deleted file mode 100644 index 4c14bc37f1..0000000000 --- a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.keyfile +++ /dev/null @@ -1,27 +0,0 @@ -VoVoSXQrAveX2NBnoAGs7p5q5Zn5vWkVXC81HQrzers30k7OzSy5rfCRSUVO13wuo-wzJQ4GGn4e -ZSOZrtTCenFwunUX6mirkIlip8W2TLNVH6O3VN-F7JS6t_6EFF5z1y7amr9MCWQ8p72Ig9uHMUWC -uPLjD6GUWAEw0BIGtCbXgJDs6v2EOCv0TV8Mq1uYSaiAOZgMlehwt1tWcE3iSRfZscjIp4Kjpe4e -QsZ9Bc5ATTnY3Tc5Mtmubc-1cwGDQQWFIo5k_cWfxhtpMAsNSidwp-zBjCKEWC465BKSSiUHwp4M -YW_6xrmN1FobnFqLCNoUEoXH3Mcgeze74dXmaN8_JyQ6T5pT1EtETsitnktrfFh-XsLKGf8vE1m8 -pfAtq4hPeq1jMdG0D8SRVGFxJlHa9VsmYpbUj_4I3GGsaBt_EBl9ZUtL0b3Vnx5fnqS1OZ1amL0z -94rQfQMf2UAnbI1j2j5oV6Hy2eBmSiLft2aNxs1VPmmZLQsm5dXDKF1eJ6twNmaZvzmQaSHTpN4b -YqPonSwlYK1ZARaKzx1SivpRWzRP-nqqFazfAnPlLdvCBpCK0g_SjwLvlifozVmH2j0Vd6E9F9XE -NzJSfUY6NsX6_7t10yDYtBKbFKID3jIKmSj7yn5PKNbEWBwmgvkBh4PIKTRij11udR8S8PnYsfTT -PyC52LH37LL5Me3Y443zOUXtYWwN6wfCi9H4pDQGmg7mcnpKV0Z-Iw59AuLKypTriG3-9DxYgMSa -_GCDiCIXhcWSEYieRV45qHoeVdgrPGN8iy9leO_JmikGsjcIKl0-mGrojsV0zHrqeP-fyvgpFD1x -NXLKeqErqSw_KMFOxCa0-cUQHgrVvrs5wDYeetZ4TRafKEYkojZhq6mbM5V2zScQTxU_VEHK0PIs -BJ6xHzcw9DLUjPTVtHXXbag9ly9ReoHXRLD5O9RZUvLH9pGRIkn_tMrVD1scMiS4ln9QplyGRF1_ -AAXysVgCna3-xuOIYo8zG74d29eNcuEpejPR8CiSWKiKNqp0zMYB5Jpv2dlf0XMucMne-6WV1-gg -EETogBbymFC6rcc31TjPwqnqyLY0XP7Gy1trJ47aI9zBXS3IZLmGaKW1d12ELDRsWctujcjHyt1_ -Vp3hrny5w7BNWD8SIueUzke3-OuEhOmu0o84TGvfHc6fmKCggRBn_oXee4OeCnt2HzNSlLvOV9AZ -g5e1UKuzl2dODQCZHNNdj-7f25LIVSV44m0SVNsDwboQ4s7T5HOTn3NM2KpklwBnB6w5ze2FFBzb -5XNzyXOpDgHEnszN1U90WrpoFvJ0LFJ5XeX8mH0q9lpcKZXbOqP383_dBXyEd237m2OF6WVG4VVm -4dqB98pBLiGpCR1K6ocdcZE6mAMQn-OdDaLIJLcXt77i1j2MNlODeax-MJnxMW8EjPAzNJzrdq5e -21spFMZJT9vthdl0qqiiduuTazaXGrmvnB85uvRCXVqJOesVG3HebubWrQuuuePxVTSL18R_PhId -0hmqho-MOZUHHTxGzqFDR0iOO8Y4hZfiAipHAd49IkkmYJUrEAb258in8W4__vJ5UcIdq2Rd8L9l -vtIzf7AKcFCyx7Woi95GpEJ2Kr_f6aG1_04hbFY_LHP3EHPcOxsDHjz-8FYreze_LUdsYx-fBMft -mcFmbFAblk8Jz7GYQ7c4XwULt2BbMr9rsuGuZHL3Ap6lX1eI0-6d8ZZ3DIXIWubTTqHG_mRNd5XW -b0x5nlEbnvw4t4DdjGsEONpQfllnnmkr25tPQBncPjlsA3oso6h5QM4psvkkKi8yd0N6t-yyLwra -w1B3p9YQFzK2hGA24Seo83baLRgIK6YvEsNnXdI7fmVEOetIslQue__6S6GupdqgUFx9xrtDLN-d -TbdxpezKWfkjCxEBxXyAhOttb3qqP0-jtZV7OEsZmmz0T9DG4hYnNfs-clD7rrD3Va7znzDru2sq -PtgpapahbNjM9pbx9_fU7M35aEYnGtEwG9BVGVxsWmIBMTc05ncru4qE0fLkjsDSnCMQ54e0 \ No newline at end of file diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.p12 b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.p12 deleted file mode 100644 index b2449c6a54..0000000000 Binary files a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.p12 and /dev/null differ diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.props b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.props index ef78622641..b46defa6b7 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.props +++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.props @@ -1,15 +1,16 @@ ############################################################ # Properties Generated by AT&T Certificate Manager # @copyright 2016, AT&T +# Modifications Copyright (c) 2020 Orange ############################################################ cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US -cadi_keyfile=/opt/app/aai-traversal/resources/aaf/org.onap.aai.keyfile -cadi_keystore=/opt/app/aai-traversal/resources/aaf/org.onap.aai.p12 -cadi_keystore_password=enc:dgVjUeXy3cuR7nJ3TFVrXFfAu19gn6rie-RsS96-0fmeZwMsXlNIgK_rHd2eRY_p +cadi_keyfile={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.keyfile +cadi_keystore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +cadi_keystore_password=${KEYSTORE_PASSWORD} #cadi_key_password=enc:9xs_lJ9QQRDoMcHqLbGg40-gefGrw-sLMjWL40ejbyqdC7Jt_pQfY6ajBLGcbLuL cadi_alias=aai@aai.onap.org -cadi_truststore=/opt/app/aai-traversal/resources/aaf/truststoreONAPall.jks -cadi_truststore_password=enc:nF3CZ7w_swzgWJX8CtEOsKWA50x-Da_HbiYlXPWrQym +cadi_truststore={{ .Values.certInitializer.credsPath }}/truststoreONAPall.jks +cadi_truststore_password=${TRUSTSTORE_ALL_PASSWORD} cadi_loglevel=INFO cadi_bath_convert=/opt/app/aai-traversal/resources/aaf/bath_config.csv diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties index c7771e1133..843a90bbcd 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties @@ -4,6 +4,7 @@ # org.onap.aai # ================================================================================ # Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2020 Orange # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -37,10 +38,10 @@ aai.tools.username={{ .Values.global.config.basic.auth.username }} aai.tools.password={{ .Values.global.config.basic.auth.passwd }} {{ end }} -aai.truststore.filename={{ .Values.global.config.truststore.filename }} -aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }} -aai.keystore.filename={{ .Values.global.config.keystore.filename }} -aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }} +aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD} +aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +aai.keystore.passwd.x=${KEYSTORE_PASSWORD} aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} aai.notificationEvent.default.status=UNPROCESSED diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties index 31ed2be3fe..a5e92c5a61 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/application.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -44,10 +45,10 @@ server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8446 server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 -server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} -server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) -server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} -server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +server.ssl.key-store-password=${KEYSTORE_PASSWORD} +server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} server.ssl.client-auth=want server.ssl.key-store-type=JKS @@ -95,7 +96,7 @@ schema.service.versions.endpoint=versions schema.service.custom.queries.endpoint=stored-queries schema.service.client={{ .Values.global.config.schema.service.client }} -schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} -schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} -schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) -schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD} +schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} diff --git a/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml index 7f6a03168e..b801a7ae5f 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml +++ b/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml @@ -1,17 +1,16 @@ -{{/* - -*/}} - - - - ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log - - ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd} - - - - %a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D - - - - -{{/* - -*/}} \ No newline at end of file +-->*/}} \ No newline at end of file diff --git a/kubernetes/aai/components/aai-traversal/resources/config/logback.xml b/kubernetes/aai/components/aai-traversal/resources/config/logback.xml index df35aaa0ed..96bb197519 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/logback.xml +++ b/kubernetes/aai/components/aai-traversal/resources/config/logback.xml @@ -1,17 +1,16 @@ -{{/* - -*/}} - - +*/}} + - + - + - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx} - - - + + + - - ${logDirectory}/rest/sane.log - - ${logDirectory}/rest/sane.log.%d{yyyy-MM-dd} - - - %d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n - - - + + ${logDirectory}/rest/sane.log + + ${logDirectory}/rest/sane.log.%d{yyyy-MM-dd} + + + %d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n + + + - - 1000 - true - - - - ${logDirectory}/rest/metrics.log - - ${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd} - - - ${metricPattern} - - + + 1000 + true + + + + ${logDirectory}/rest/metrics.log + + ${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd} + + + ${metricPattern} + + - - 1000 - true - - + + 1000 + true + + - - - DEBUG - ACCEPT - DENY - - ${logDirectory}/rest/debug.log - - ${logDirectory}/rest/debug.log.%d{yyyy-MM-dd} - - - ${debugPattern} - - + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/rest/debug.log + + ${logDirectory}/rest/debug.log.%d{yyyy-MM-dd} + + + ${debugPattern} + + - - 1000 - - true - - - ${logDirectory}/rest/error.log - - ${logDirectory}/rest/error.log.%d{yyyy-MM-dd} - - - WARN - - - ${errorPattern} - - + + 1000 + + true + + + ${logDirectory}/rest/error.log + + ${logDirectory}/rest/error.log.%d{yyyy-MM-dd} + + + WARN + + + ${errorPattern} + + - - 1000 - - + + 1000 + + - - ${logDirectory}/rest/audit.log - - ${logDirectory}/rest/audit.log.%d{yyyy-MM-dd} - - - - ${auditPattern} - - + + ${logDirectory}/rest/audit.log + + ${logDirectory}/rest/audit.log.%d{yyyy-MM-dd} + + + + ${auditPattern} + + - - 1000 - true - - + + 1000 + true + + - - - DEBUG - ACCEPT - DENY - - ${logDirectory}/rest/translog.log - - ${logDirectory}/rest/translog.log.%d{yyyy-MM-dd} - - - - ${transLogPattern} - - + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/rest/translog.log + + ${logDirectory}/rest/translog.log.%d{yyyy-MM-dd} + + + + ${transLogPattern} + + - - 1000 - true - - + + 1000 + true + + - - - WARN - - ${logDirectory}/dmaapAAIEventConsumer/error.log - - ${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd} - - - - ${errorPattern} - + + + WARN + + ${logDirectory}/dmaapAAIEventConsumer/error.log + + ${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd} + + + + ${errorPattern} + - + - - - DEBUG - ACCEPT - DENY - - ${logDirectory}/dmaapAAIEventConsumer/debug.log - - ${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd} - - - - ${debugPattern} - - - - - INFO - ACCEPT - DENY - - ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log - - ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd} - - - - ${auditPattern} - - - - - INFO - ACCEPT - DENY - - ${logDirectory}/dmaapAAIEventConsumer/metrics.log - - ${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd} - - - - ${metricPattern} - - - - - WARN - - ${logDirectory}/external/external.log - - ${logDirectory}/external/external.log.%d{yyyy-MM-dd} - - - - ${debugPattern} - - - - - DEBUG - - ${logDirectory}/auth/auth.log - - ${logDirectory}/auth/auth.log.%d{yyyy-MM-dd} - - - - %d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n - - - - 1000 - true - - - + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/debug.log + + ${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd} + + + + ${debugPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log + + ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd} + + + + ${auditPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/metrics.log + + ${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd} + + + + ${metricPattern} + + + + + WARN + + ${logDirectory}/external/external.log + + ${logDirectory}/external/external.log.%d{yyyy-MM-dd} + + + + ${debugPattern} + + + + + DEBUG + + ${logDirectory}/auth/auth.log + + ${logDirectory}/auth/auth.log.%d{yyyy-MM-dd} + + + + %d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n + + + + 1000 + true + + + - - + + - - + + - - - - - - - - - - - + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - + + + + - - - + + + - - - - - + + + + + \ No newline at end of file diff --git a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml index 5c6dc7293d..c0bcb3b491 100644 --- a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,7 +18,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-configmap + name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -48,19 +49,3 @@ data: {{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-aaf-keys - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }} diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml index 6f5ac8263b..23621491e7 100644 --- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml @@ -91,31 +91,28 @@ spec: {{- end }} spec: hostname: aai-traversal - {{ if .Values.global.initContainers.enabled }} - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - command: - {{ if .Values.global.jobs.migration.enabled }} - /app/ready.py args: + {{- if .Values.global.jobs.migration.enabled }} - --job-name - {{ include "common.release" . }}-aai-graphadmin-migration - {{ else if .Values.global.jobs.createSchema.enabled }} - - /app/ready.py - args: + {{- else }} + {{- if .Values.global.jobs.createSchema.enabled }} - --job-name - {{ include "common.release" . }}-aai-graphadmin-create-db-schema - {{ else }} - - /app/ready.py - args: + {{- else }} - --container-name - {{- if .Values.global.cassandra.localCluster }} + {{- if .Values.global.cassandra.localCluster }} - aai-cassandra - {{- else }} + {{- else }} - cassandra - {{- end }} + {{- end }} - --container-name - aai-schema-service - {{ end }} + {{- end }} + {{- end }} env: - name: NAMESPACE valueFrom: @@ -125,19 +122,29 @@ spec: image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - {{ end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - -c + - | + echo "*** retrieve Truststore and Keystore password" + export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + echo "*** actual launch of AAI Resources" + /bin/bash /opt/app/aai-traversal/docker-entrypoint.sh env: + - name: TRUSTORE_ALL_PASSWORD + value: {{ .Values.certInitializer.truststoreAllPassword }} - name: DISABLE_UPDATE_QUERY value: {{ .Values.config.disableUpdateQuery | quote }} - name: LOCAL_USER_ID value: {{ .Values.global.config.userId | quote }} - name: LOCAL_GROUP_ID value: {{ .Values.global.config.groupId | quote }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -163,9 +170,6 @@ spec: - mountPath: /opt/app/aai-traversal/resources/etc/auth/realm.properties name: {{ include "common.fullname" . }}-config subPath: realm.properties - - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.keyfile - name: {{ include "common.fullname" . }}-aaf-certs - subPath: org.onap.aai.keyfile - mountPath: /opt/app/aai-traversal/resources/aaf/bath_config.csv name: {{ include "common.fullname" . }}-aaf-certs subPath: bath_config.csv @@ -181,21 +185,9 @@ spec: - mountPath: /opt/app/aai-traversal/resources/cadi.properties name: {{ include "common.fullname" . }}-aaf-properties subPath: cadi.properties - - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.p12 - name: {{ include "common.fullname" . }}-aaf-certs - subPath: org.onap.aai.p12 - - mountPath: /opt/app/aai-traversal/resources/aaf/truststoreONAPall.jks - name: aai-common-aai-auth-mount - subPath: truststoreONAPall.jks - mountPath: /opt/app/aai-traversal/resources/application.properties name: {{ include "common.fullname" . }}-config subPath: application.properties - {{ $global := . }} - {{ range $job := .Values.global.config.auth.files }} - - mountPath: /opt/app/aai-traversal/resources/etc/auth/{{ . }} - name: {{ include "common.fullname" $global }}-auth-truststore-sec - subPath: {{ . }} - {{ end }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} @@ -218,7 +210,7 @@ spec: {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} - {{- end -}} + {{- end }} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 8 }} @@ -238,7 +230,7 @@ spec: name: {{ include "common.fullname" . }}-filebeat resources: {{ include "common.resources" . }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime @@ -253,24 +245,16 @@ spec: emptyDir: {} - name: {{ include "common.fullname" . }}-config configMap: - name: {{ include "common.fullname" . }}-configmap + name: {{ include "common.fullname" . }} - name: {{ include "common.fullname" . }}-aaf-properties configMap: name: {{ include "common.fullname" . }}-aaf-props - name: {{ include "common.fullname" . }}-aaf-certs secret: - secretName: {{ include "common.fullname" . }}-aaf-keys + secretName: {{ include "common.fullname" . }}-aaf - name: aai-common-aai-auth-mount secret: secretName: aai-common-aai-auth - - name: {{ include "common.fullname" . }}-auth-truststore-sec - secret: - secretName: aai-common-truststore - items: - {{ range $job := .Values.global.config.auth.files }} - - key: {{ . }} - path: {{ . }} - {{ end }} restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml index 16e7022c0d..2eac7fe722 100644 --- a/kubernetes/aai/components/aai-traversal/templates/job.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml @@ -106,12 +106,6 @@ spec: - mountPath: /opt/app/aai-traversal/resources/application.properties name: {{ include "common.fullname" . }}-config subPath: application.properties - {{ $global := . }} - {{ range $job := .Values.global.config.auth.files }} - - mountPath: /opt/app/aai-traversal/resources/etc/auth/{{ . }} - name: {{ include "common.fullname" $global }}-auth-truststore-sec - subPath: {{ . }} - {{ end }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container volumes: @@ -129,15 +123,7 @@ spec: emptyDir: {} - name: {{ include "common.fullname" . }}-config configMap: - name: {{ include "common.fullname" . }}-configmap - - name: {{ include "common.fullname" . }}-auth-truststore-sec - secret: - secretName: aai-common-truststore - items: - {{ range $job := .Values.global.config.auth.files }} - - key: {{ . }} - path: {{ . }} - {{ end }} + name: {{ include "common.fullname" . }} restartPolicy: OnFailure imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-traversal/templates/secret.yaml b/kubernetes/aai/components/aai-traversal/templates/secret.yaml new file mode 100644 index 0000000000..8e022fe6b0 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/templates/secret.yaml @@ -0,0 +1,30 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-aaf + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }} \ No newline at end of file diff --git a/kubernetes/aai/components/aai-traversal/templates/service.yaml b/kubernetes/aai/components/aai-traversal/templates/service.yaml index 66dfd493dd..fad857bb41 100644 --- a/kubernetes/aai/components/aai-traversal/templates/service.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/service.yaml @@ -43,4 +43,3 @@ spec: selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} - clusterIP: None diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index 0242cedd0b..69222db8d8 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -26,8 +26,6 @@ global: # global defaults #Override it to aai-cassandra if localCluster is enabled. serviceName: cassandra - initContainers: - enabled: true # Specifies a list of jobs to be run jobs: # When enabled, it will create the schema based on oxm and edge rules @@ -104,25 +102,42 @@ global: # global defaults edge: label: v12 - # Keystore configuration password and filename - keystore: - filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 - - # Truststore configuration password and filename - truststore: - filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 - - # Specifies a list of files to be included in auth volume - auth: - files: - - aai_keystore - # Specifies which clients should always default to realtime graph connection realtime: clients: SDNC,MSO,SO,robot-ete +################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: aai-traversal-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: aai-traversal + fqi: aai-traversal@aai-traversal.onap.org + public_fqdn: aai-traversal.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + fqi_namespace: org.onap.aai-traversal + aaf_add_config: | + echo "*** retrieving password for keystore and trustore" + export $(/opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0) + if [ -z "$cadi_keystore_password_p12" ] + then + echo " /!\ certificates retrieval wasn't good" + exit 1 + else + echo "*** writing passwords into prop file" + echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop + echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R 1000 {{ .Values.credsPath }} + fi + truststoreAllPassword: changeit # application image image: onap/aai-traversal:1.7.2 diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 516dcc4d70..1e509bd48d 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -228,11 +228,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v21 + default: v23 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23 # Specifies from which version related link should appear related: link: v11 diff --git a/kubernetes/cli/requirements.yaml b/kubernetes/cli/requirements.yaml index 1e08aaf3cd..2050d85f07 100644 --- a/kubernetes/cli/requirements.yaml +++ b/kubernetes/cli/requirements.yaml @@ -19,6 +19,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: certInitializer + version: ~7.x-0 + repository: '@local' - name: repositoryGenerator version: ~7.x-0 repository: '@local' diff --git a/kubernetes/cli/resources/certificates/ocomp.pem b/kubernetes/cli/resources/certificates/ocomp.pem deleted file mode 100644 index 5321c65d21..0000000000 --- a/kubernetes/cli/resources/certificates/ocomp.pem +++ /dev/null @@ -1,49 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDIyIm/AvmgI0A -DDVZb6pe8Qlh9YHoGnm5I3S3dvu1YBT6jLvP7N1v1BAx6+xxg4RQ2v+WAxUwKgy3 -gSo2mhmBwPZGlhLX+IdbT+sb7Cl/xfB7kkegLsnWhlM4YEtlAQW8FYi9gMqssBiO -lk6zlWqVrShNC566vpEURQOjU1CanZWMhXtYzw4gbMBGlrC54EtRwmn6a7Gp/avA -FZ05c/7BQyfFq/jc7ttmaeNtYdFwPkuljdE/0h4ZtmZjY5hxrBkCHUXtf/obhxep -q5PzR16MA1zwis+OHoadqm4qP8w9Wo7KNQo62Sm6zB4gbQO+qA/ZwcSHlJNPAavt -7KB3lIN1AgMBAAECggEAcXtgJC3WOeGunkV7TRzchsREgZyGRNYIzftpqDxg27UZ -3i+0FZKZoKxCEtYyNj2W2HLTyojWbKE3rgxG4WQyyzvNvXUPVlwpU5ghkaaA59bU -KPkEAIrVRJXvlcyibAXxMNWRJSveMhli3qFY+aU+S/dchZnpYI7szk3odLZCHPfd -7KWMOlm3RYUGo4XIXY9nqAgsgg0ml3s5NUoLwVtxtZFocEiLTxTuvjsirE+IVYNx -kgGJ5EYpfCkAPQkNF+L27BHrrQpGdmQnCft3iqkGJa8+oPE0DY+TPoY1VNoPmKKg -CTDouuaJQHq62MvkSj2EauHBshzzrL6UhW5FpqybIQKBgQDl40/jhvZ3i64rXUB+ -3GXFnSJuhG6ys/bHQBP+rtHCdyYlfgEe3ZjSKq16HNFErgUBXiVjR+VvPS2m/r9R -zYCD9jJ9YYfAdcyo58kZZrut8atu94G0Un9hNz5nQ+hy9YNOsI8woJdCfw41jGcx -A1hP05fDxw5Ozi2uZBhwI39keQKBgQDZTVbuASj4tMgsHHgpqVt0j6nD3t4kG5h5 -333arMmklsWrX1nnEHE73S72JO/sz0GJtAu7EpjMNkZlTmZz+U5geuhfrTLEGrti -MG8o9VakLbxdZBVbpHznoY+bb6o5pW6jKyOR9jPuX5AhgAj8eeP5OOU5nHh/2wOG -HMZyDak/3QKBgFTBI5j9Dy0v4Dy4mqiq1RKwRht809sqolb/dt+00Dzj9Lpp5Dve -8xK5DVAyA61QgyPn89zQivQiGAyzaxHbs//y6tZy+LuqMpQrMGcfCx6sNMoqkjVL -HQ9YcLddv/tyLMD8My54Zovrj++KHhlh5FM57YAOiWXgedMLsD7Xt4XxAoGBAJk8 -X6vQp5rSqUHqBZajdfm5gWa9l/rwdtKilraJGFz3cYdK4zP9NUyYyhALtiFReg7o -J0mRcKy5LWUtJzRrPyjsI0es9Fqz2yX/r7O7ZpC6K9XTyPfqA6a4GHPtB6ZFEcMA -ncHFU5OqUhI9npikP+40f/jjbVoEEPUW/53YIl0FAoGAR7g3so9iKRttgfMTpA3G -U480A8tTxZpP3agmvGvOw8HuLXzjGU5P6cntFGNxg1fDOOi8Qf+726gowMDij2nK -ACewXgS8aix8l0U/kzoUL4yUuc4AwobOMyefhCJ89hFaLRZn1LNKZIuNKcWApekh -kxMQk6Ent5/OF/yYOsIzlLs= ------END PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDXTCCAkWgAwIBAgIJAITRlPCTLzArMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV -BAYTAklOMQswCQYDVQQIDAJLQTEMMAoGA1UEBwwDQkxSMQwwCgYDVQQKDANDTEkx -DTALBgNVBAMMBG9uYXAwHhcNMjAwMjIxMTAyOTM4WhcNNDcwNzA4MTAyOTM4WjBF -MQswCQYDVQQGEwJJTjELMAkGA1UECAwCS0ExDDAKBgNVBAcMA0JMUjEMMAoGA1UE -CgwDQ0xJMQ0wCwYDVQQDDARvbmFwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAwyMiJvwL5oCNAAw1WW+qXvEJYfWB6Bp5uSN0t3b7tWAU+oy7z+zdb9QQ -MevscYOEUNr/lgMVMCoMt4EqNpoZgcD2RpYS1/iHW0/rG+wpf8Xwe5JHoC7J1oZT -OGBLZQEFvBWIvYDKrLAYjpZOs5Vqla0oTQueur6RFEUDo1NQmp2VjIV7WM8OIGzA -RpawueBLUcJp+muxqf2rwBWdOXP+wUMnxav43O7bZmnjbWHRcD5LpY3RP9IeGbZm -Y2OYcawZAh1F7X/6G4cXqauT80dejANc8IrPjh6GnapuKj/MPVqOyjUKOtkpuswe -IG0DvqgP2cHEh5STTwGr7eygd5SDdQIDAQABo1AwTjAdBgNVHQ4EFgQUP0Dxq/ZI -TM5F62E87YD+09zk+7wwHwYDVR0jBBgwFoAUP0Dxq/ZITM5F62E87YD+09zk+7ww -DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAqPlrvhP2ah4z5sDw/z31 -5v/20VKfQVDDeq3MHXRC2QCD3GR32aZYXSdtTKsBAS+jFzV42+T8ry0XBKPR0gtg -O2oZzfUkTG3eyAmOE1PFUIf+JaQiYN1v5uFsIhDbMngzvB66F9SCD5zzsSVv++DG -5YDqJFgHadp8BmTOkiA8u6YnnKF8UgBYwfuZFsSgzIDOjyLYULase+nqJVG841UN -MMWQzqyhHmzIvXcY3kYBbtI7n0ryW0u1ZkomBZs/DbixZ2w6G1K3UONHgdIX6uf4 -hca+vTR3xZuPJ9dXhwNhZVfQZr3SfGW89Xmu/LOGx+lZoAxFXw5PdbA0LPi5k+wU -xg== ------END CERTIFICATE----- diff --git a/kubernetes/cli/resources/configuration/lighttpd.conf b/kubernetes/cli/resources/configuration/lighttpd.conf new file mode 100644 index 0000000000..0809868b35 --- /dev/null +++ b/kubernetes/cli/resources/configuration/lighttpd.conf @@ -0,0 +1,55 @@ +{{/* +# Copyright 2018 Huawei Technologies Co., Ltd. +# Copyright 2021 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +server.document-root = "/var/www-data/servers/open-cli/" +server.username = "www-data" +server.groupname = "www-data" +server.port = 443 +ssl.engine = "enable" +ssl.pemfile = "{{ .Values.certInitializer.credsPath }}/certs/fullchain.pem" + +mimetype.assign = ( + ".html" => "text/html", + ".txt" => "text/plain", + ".jpg" => "image/jpeg", + ".png" => "image/png" +) + +index-file.names = ( "index.html" ) +dir-listing.activate = "disable" + + +server.modules = ( + "mod_access", + "mod_proxy", + "mod_alias", + "mod_compress", + "mod_redirect", +# "mod_rewrite", +) + +#server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) +server.errorlog = "/var/log/lighttpd/error.log" +server.pid-file = "/var/run/lighttpd.pid" +#compress.cache-dir = "/var/cache/lighttpd/compress/" +#compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" ) + +# default listening port for IPv6 falls back to the IPv4 port +## Use ipv6 if available +#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port +#include_shell "/usr/share/lighttpd/create-mime.assign.pl" +#include_shell "/usr/share/lighttpd/include-conf-enabled.pl" \ No newline at end of file diff --git a/kubernetes/cli/templates/secrets.yaml b/kubernetes/cli/templates/configmap.yaml similarity index 76% rename from kubernetes/cli/templates/secrets.yaml rename to kubernetes/cli/templates/configmap.yaml index 213b709026..ae515a0ec5 100644 --- a/kubernetes/cli/templates/secrets.yaml +++ b/kubernetes/cli/templates/configmap.yaml @@ -1,11 +1,11 @@ {{/* -# Copyright 2020 Huawei Technologies Co., Ltd. +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, @@ -15,17 +15,14 @@ */}} apiVersion: v1 -kind: Secret +kind: ConfigMap metadata: - name: ocomp-pem + name: {{ include "common.fullname" . }}-lighttpd namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} -type: Opaque data: - ocomp.pem: -{{ tpl (.Files.Glob "resources/certificates/ocomp.pem").AsSecrets . | indent 2 }} - +{{ tpl (.Files.Glob "resources/configuration/*").AsConfig . | indent 2 }} \ No newline at end of file diff --git a/kubernetes/cli/templates/deployment.yaml b/kubernetes/cli/templates/deployment.yaml index 74b2d2df37..735308754f 100644 --- a/kubernetes/cli/templates/deployment.yaml +++ b/kubernetes/cli/templates/deployment.yaml @@ -35,6 +35,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -56,10 +57,10 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - - name: ocomp-pem - mountPath: "/etc/lighttpd/ocomp.pem" - subPath: ocomp.pem + volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 10 }} + - name: lighttpd + mountPath: "/etc/lighttpd/lighttpd.conf" + subPath: lighttpd.conf readOnly: true env: - name: OPEN_CLI_MODE @@ -74,9 +75,9 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: - - name: ocomp-pem - secret: - secretName: ocomp-pem + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + - name: lighttpd + configMap: + name: {{ include "common.fullname" . }}-lighttpd imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml index 6e711c51c0..85b18388b4 100644 --- a/kubernetes/cli/values.yaml +++ b/kubernetes/cli/values.yaml @@ -17,6 +17,53 @@ ################################################################# global: nodePortPrefix: 302 + +################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: cli-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: "cli" + app_ns: "org.osaaf.aaf" + fqi_namespace: "org.onap.cli" + fqi: "cli@cli.onap.org" + public_fqdn: "aaf.osaaf.org" + cadi_longitude: "0.0" + cadi_latitude: "0.0" + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** retrieving password for keystore and trustore" + export $(/opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0) + if [ -z "$cadi_keystore_password_p12" ] + then + echo " /!\ certificates retrieval failed" + exit 1 + else + echo "*** transform AAF certs into pem files" + mkdir -p {{ .Values.credsPath }}/certs + keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \ + -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \ + -alias ca_local_0 \ + -storepass $cadi_truststore_password + openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ + -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \ + -passin pass:$cadi_keystore_password_p12 \ + -passout pass:$cadi_keystore_password_p12 + echo "*** generating needed file" + cat {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \ + {{ .Values.credsPath }}/certs/cert.pem \ + {{ .Values.credsPath }}/certs/cacert.pem \ + > {{ .Values.credsPath }}/certs/fullchain.pem; + cat {{ .Values.credsPath }}/certs/fullchain.pem + echo "*** change ownership of certificates to targeted user" + chown -R 33 {{ .Values.credsPath }} + fi + + ################################################################# # Application configuration defaults. ################################################################# diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml index fbdf8e3e19..c3d22cedc0 100644 --- a/kubernetes/common/cassandra/values.yaml +++ b/kubernetes/common/cassandra/values.yaml @@ -55,8 +55,8 @@ affinity: {} # probe configuration parameters liveness: initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 3 + periodSeconds: 20 + timeoutSeconds: 10 successThreshold: 1 failureThreshold: 3 # necessary to disable liveness probe when setting breakpoints @@ -65,8 +65,8 @@ liveness: readiness: initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 3 + periodSeconds: 20 + timeoutSeconds: 10 successThreshold: 1 failureThreshold: 3 diff --git a/kubernetes/dcaegen2/Makefile b/kubernetes/dcaegen2/Makefile index bf20455a5f..fd059a9fad 100644 --- a/kubernetes/dcaegen2/Makefile +++ b/kubernetes/dcaegen2/Makefile @@ -1,4 +1,4 @@ -# Copyright © 2019 AT&T Intellectual Property. All rights reserved. +# Copyright © 2021 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,37 +11,41 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -HELM_BIN := helm - -make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler make-dcae-dashboard -make-dcae-bootstrap: - cd components && $(HELM_BIN) dep up dcae-bootstrap && $(HELM_BIN) lint dcae-bootstrap +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets -make-dcae-cloudify-manager: - cd components && $(HELM_BIN) dep up dcae-cloudify-manager && $(HELM_BIN) lint dcae-cloudify-manager +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -make-dcae-config-binding-service: - cd components && $(HELM_BIN) dep up dcae-config-binding-service && $(HELM_BIN) lint dcae-config-binding-service +.PHONY: $(EXCLUDES) $(HELM_CHARTS) -make-dcae-healthcheck: - cd components && $(HELM_BIN) dep up dcae-healthcheck && $(HELM_BIN) lint dcae-healthcheck +all: $(HELM_CHARTS) -make-dcae-servicechange-handler: - cd components && $(HELM_BIN) dep up dcae-servicechange-handler && $(HELM_BIN) lint dcae-servicechange-handler +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ -make-dcae-inventory-api: - cd components && $(HELM_BIN) dep up dcae-inventory-api && $(HELM_BIN) lint dcae-inventory-api +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi -make-dcae-deployment-handler: - cd components && $(HELM_BIN) dep up dcae-deployment-handler && $(HELM_BIN) lint dcae-deployment-handler +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi -make-dcae-policy-handler: - cd components && $(HELM_BIN) dep up dcae-policy-handler && $(HELM_BIN) lint dcae-policy-handler +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi -make-dcae-dashboard: - cd components && $(HELM_BIN) dep up dcae-dashboard && $(HELM_BIN) lint dcae-dashboard +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: - @find . -type f -name '*.tgz' -delete - @find . -type f -name '*.lock' -delete + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/dcaegen2/components/Makefile b/kubernetes/dcaegen2/components/Makefile new file mode 100644 index 0000000000..4ffaa330b9 --- /dev/null +++ b/kubernetes/dcaegen2/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2021 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: