{{/* # # ============LICENSE_START======================================================= # org.onap.aai # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # Copyright (c) 2020 Nokia Intellectual Property. All rights reserved. # Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= # In ONAP, the following job will always be run on each installation # The following job will go through the latest oxm and # create properties based on the data type defined in the oxm # and create the required indexes for the appropriate properties # This can be run multiple times as the code if the index or property already exists # then the index or property won't be created again # NOTE - During the execution of the createSchema job, there should # be no other janusgraph connection to the graph as its the reason # that resources traversal and graphadmin wait until this job is done # If you are using an existing cassandra cluster not coming from oom # then it is your job to ensure that there are no connections to the database */}} {{- if .Values.global.jobs.migration.enabled }} --- apiVersion: batch/v1 kind: Job metadata: name: {{ include "common.fullname" . }}-migration namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }}-job chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} annotations: "helm.sh/hook": post-upgrade,post-rollback,post-install "helm.sh/hook-weight": "1" "helm.sh/hook-delete-policy": before-hook-creation spec: backoffLimit: 20 template: metadata: labels: app: {{ include "common.name" . }}-job release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} {{- if .Values.global.aafEnabled }} - command: - sh args: - -c - | echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar") export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop image: {{ include "repositoryGenerator.image.jetty" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-obfuscate volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} securityContext: runAsUser: {{ .Values.securityContext.user_id }} - command: - sh args: - -c - | echo "*** Set obfuscated Truststore and Keystore password into configuration file" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) cd /config-input for PFILE in `ls -1` do envsubst <${PFILE} >/config/${PFILE} done volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /config-input name: properties-input - mountPath: /config name: properties image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config {{- end }} - command: - /app/ready.py args: - --container-name {{- if .Values.global.cassandra.localCluster }} - aai-cassandra {{- else }} - cassandra {{- end }} - --container-name - aai-schema-service env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - command: - sh args: - -c - | bash docker-entrypoint.sh dataRestoreFromSnapshot.sh `ls -t /opt/app/aai-graphadmin/logs/data/dataSnapshots|head -1|awk -F".P" '{ print $1 }'` env: - name: LOCAL_USER_ID value: {{ .Values.securityContext.user_id | quote }} - name: LOCAL_GROUP_ID value: {{ .Values.securityContext.group_id | quote }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties name: config subPath: janusgraph-realtime.properties - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots name: snapshots - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties name: config subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties name: properties subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-GA name: logs - mountPath: /opt/app/aai-graphadmin/resources/logback.xml name: config subPath: logback.xml - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml name: config subPath: localhost-access-logback.xml - mountPath: /opt/app/aai-graphadmin/resources/application.properties name: properties subPath: application.properties image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-restore-backup containers: - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-perform-migration command: - sh args: - -c - | bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges ; {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }} env: - name: LOCAL_USER_ID value: {{ .Values.securityContext.user_id | quote }} - name: LOCAL_GROUP_ID value: {{ .Values.securityContext.group_id | quote }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties name: config subPath: janusgraph-realtime.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties name: config subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties name: properties subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-GA name: logs - mountPath: /opt/app/aai-graphadmin/resources/logback.xml name: config subPath: logback.xml - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml name: config subPath: localhost-access-logback.xml - mountPath: /opt/app/aai-graphadmin/resources/application.properties name: properties subPath: application.properties resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end }} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }} - name: {{ include "common.fullname" . }}-logs emptyDir: {} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }}-configmap - name: {{ include "common.fullname" . }}-snapshots persistentVolumeClaim: claimName: {{ include "common.fullname" . }}-migration - name: properties {{- if .Values.global.aafEnabled }} emptyDir: medium: Memory - name: properties-input {{- end }} configMap: name: {{ include "common.fullname" . }}-properties restartPolicy: Never imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" --- apiVersion: batch/v1 kind: Job metadata: name: {{ include "common.fullname" . }}-db-backup-job namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }}-db-backup-job release: {{ include "common.release" . }} heritage: {{ .Release.Service }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} annotations: "helm.sh/hook": pre-upgrade,pre-install "helm.sh/hook-weight": "2" "helm.sh/hook-delete-policy": before-hook-creation spec: backoffLimit: 20 template: metadata: labels: app: {{ include "common.name" . }}-db-backup-job release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} {{- if .Values.global.aafEnabled }} - command: - sh args: - -c - | echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar") export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop image: {{ include "repositoryGenerator.image.jetty" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-obfuscate volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} securityContext: runAsUser: {{ .Values.securityContext.user_id }} - command: - sh args: - -c - | echo "*** Set obfuscated Truststore and Keystore password into configuration file" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) cd /config-input for PFILE in `ls -1` do envsubst <${PFILE} >/config/${PFILE} done volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /config-input name: properties-input - mountPath: /config name: properties image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config {{- end }} {{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }} - command: - /bin/bash - -c - /app/ready.py --container-name aai-cassandra --timeout 1 || /app/ready.py --container-name cassandra env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-db-backup-readiness {{- end }} containers: - name: {{ include "common.name" . }}-db-backup-job image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - sh args: - -c - | bash docker-entrypoint.sh dataSnapshot.sh {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }} env: - name: LOCAL_USER_ID value: {{ .Values.securityContext.user_id | quote }} - name: LOCAL_GROUP_ID value: {{ .Values.securityContext.group_id | quote }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots name: snapshots - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties name: migration subPath: janusgraph-migration-real.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties name: migration subPath: janusgraph-migration-cached.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties name: properties subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-RES/ name: logs - mountPath: /opt/app/aai-graphadmin/resources/logback.xml name: config subPath: logback.xml - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml name: config subPath: localhost-access-logback.xml - mountPath: /opt/app/aai-graphadmin/resources/application.properties name: properties subPath: application.properties resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end }} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} volumes: {{ include "common.resources" . | nindent 10 }} - name: localtime hostPath: path: /etc/localtime - name: logs emptyDir: {} - name: config configMap: name: {{ include "common.fullname" . }} - name: properties-input configMap: name: {{ include "common.fullname" . }}-properties - name: properties emptyDir: medium: Memory - name: migration configMap: name: {{ include "common.fullname" . }}-migration - name: snapshots persistentVolumeClaim: claimName: {{ include "common.fullname" . }}-migration restartPolicy: Never imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" {{ end }}