-Subproject commit 5ae975da2bc5c09318465405a343146a56b42a3a
+Subproject commit 2d6141ab8bd7bfe58f5da0483e578032226e7ebb
# It seems that the DB name is hardcoded.
dbName: appcctl
userName: appcctl
- password: appcctl
+ # password: appcctl
# userCredsExternalSecret: some secret
sdncdb:
# Warning: changing this config option may not work.
# It seems that the DB name is hardcoded.
dbName: sdnctl
userName: sdnctl
- password: gamma
+ # password: gamma
# userCredsExternalSecret: some secret
odlUid: 100
odlGid: 101
blueprintprocessor.netconfExecutor.enabled=true
blueprintprocessor.restConfExecutor.enabled=true
blueprintprocessor.remoteScriptCommand.enabled=true
+blueprintsprocessor.remote-script-command.response.log.enabled=false
# Command executor
blueprintsprocessor.grpcclient.remote-python.type=token-auth
# Self Service Response Kafka Message Producer
blueprintsprocessor.messageproducer.self-service-api.bootstrapServers=message-router-kafka:9092
+# Kafka Audit Service Configurations
+blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable=false
+
# Executor Options
blueprintsprocessor.resourceResolution.enabled=true
blueprintsprocessor.netconfExecutor.enabled=true
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- # side car containers
- # - name: filebeat-onap
- # image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- # imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- # volumeMounts:
- # - mountPath: /usr/share/filebeat/filebeat.yml
- # name: filebeat-conf
- # subPath: filebeat.yml
- # - mountPath: /home/esr/works/logs
- # name: esr-server-logs
- # - mountPath: /usr/share/filebeat/data
- # name: esr-server-filebeat
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- # - name: filebeat-conf
- # configMap:
- # name: {{ include "common.fullname" . }}-esr-filebeat
- # - name: esr-server-logs
- # emptyDir: {}
- # - name: esr-server-filebeat
- # emptyDir: {}
- # - name: esrserver-log
- # configMap:
- # name: {{ include "common.fullname" . }}-esr-esrserver-log
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
spring_application_json: {{ tpl .Values.config.springApplicationJson . | quote }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-clamp-filebeat-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}
+
+{{ include "common.log.configMap" . }}
name: {{ include "common.name" . }}-readiness
containers:
# side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
+ # main container
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
+ - name: logs
+ mountPath: {{ .Values.log.path }}
- mountPath: /opt/clamp/sdc-controllers-config.json
name: {{ include "common.fullname" . }}-config
subPath: sdc-controllers-config.json
items:
- key: sdc-controllers-config.json
path: sdc-controllers-config.json
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-clamp-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs
+ - name: logs
emptyDir: {}
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# flag to enable debugging - application support required
debugEnabled: false
+# log configuration
+log:
+ path: /var/log/onap
+
#################################################################
# Application configuration defaults.
#################################################################
discovery.seed_hosts: []
# # Breaking change in 7.0
# # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes
-cluster.initial_master_nodes:
+cluster.initial_master_nodes:
- cldash-es-node1
# - docker-test-node-1
# ---------------------------------- Various -----------------------------------
opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
cluster.routing.allocation.disk.threshold_enabled: false
node.max_local_storage_nodes: 3
-######## End OpenDistro for Elasticsearch Security Demo Configuration ########
\ No newline at end of file
+######## End OpenDistro for Elasticsearch Security Demo Configuration ########
if [http_request_failure] or [@metadata][code] != 200 {
mutate {
- add_tag => [ "error" ]
+ add_tag => [ "error" ]
}
}
clones => [ "event-cl-aggs" ]
add_tag => [ "event-cl-aggs" ]
}
-
+
if "event-cl-aggs" in [@metadata][request][tags]{
#
# we only need a few fields for aggregations; remove all fields from clone except :
prune {
whitelist_names => ["^@.*$","^topic$","^type$","^tags$","^flagFinalFailure$","^flagAbated$","^locationState$","^locationCity$","^vmName$","^vnfName$","^vnfType$","^requestID$","^closedLoopAlarmStart$","^closedLoopControlName$","^closedLoopAlarmEnd$","^target$","^target_type$","^triggerSourceName$","^policyScope$","^policyName$","^policyVersion$"]
}
-
+
}
}
}
# limitations under the License.
# ============LICENSE_END============================================
# ===================================================================
-#
+#
###
mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < /docker-entrypoint-initdb.d/bulkload/create-db.sql
-## New model creation
+## New model creation
mysql -uroot -p$MYSQL_ROOT_PASSWORD -f cldsdb4 < /docker-entrypoint-initdb.d/bulkload/create-tables.sql
--- /dev/null
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+ #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+ paths:
+ - /var/log/onap/*/*/*/*.log
+ - /var/log/onap/*/*/*.log
+ - /var/log/onap/*/*.log
+ #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+ ignore_older: 48h
+ # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+ clean_inactive: 96h
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+
+
+output.logstash:
+ #List of logstash server ip addresses with port number.
+ #But, in our case, this will be the loadbalancer IP address.
+ #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
+ hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"]
+ #If enable will do load balancing among availabe Logstash, automatically.
+ loadbalance: true
+
+ #The list of root certificates for server verifications.
+ #If certificate_authorities is empty or not set, the trusted
+ #certificate authorities of the host system are used.
+ #ssl.certificate_authorities: $ssl.certificate_authorities
+
+ #The path to the certificate for SSL client authentication. If the certificate is not specified,
+ #client authentication is not available.
+ #ssl.certificate: $ssl.certificate
+
+ #The client certificate key used for client authentication.
+ #ssl.key: $ssl.key
+
+ #The passphrase used to decrypt an encrypted key stored in the configured key file
+ #ssl.key_passphrase: $ssl.key_passphrase
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{ include "common.log.configMap" . }}
name: {{ include "common.name" . }}-readiness
containers:
# side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/nginx/
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
+ # main container
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/nginx/
+ - name: logs
+ mountPath: {{ .Values.log.path }}
- mountPath: /etc/nginx/conf.d/default.conf
name: {{ include "common.fullname" . }}-config
subPath: default.conf
items:
- key: default.conf
path: default.conf
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-clamp-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs
+ - name: logs
emptyDir: {}
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ centralizedLoggingEnabled: false
subChartsOnly:
enabled: true
# flag to enable debugging - application support required
debugEnabled: false
+# log configuration
+log:
+ path: /var/log/nginx/
+
#################################################################
# Application configuration defaults.
#################################################################
- uid: 'db-root-password'
type: password
externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
- password: '{{ .Values.config.dbRootPassword }}'
+ password: '{{ .Values.config.db.rootPassword }}'
- uid: 'db-user-creds'
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
login: '{{ .Values.config.db.userName }}'
- password: '{{ .Values.config.dbSdnctlPassword }}'
+ password: '{{ .Values.config.db.userPassword }}'
- uid: 'http-user-creds'
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.httpCredsExternalSecret) . }}'
restconfPassword: admin
# restconfCredsExternalSecret: some secret
- dbRootPassword: openECOMP1.0
- dbSdnctlPassword: gamma
dbPodName: mysql-db
dbServiceName: sdnc-dbhost
# MD5 hash of dguser password ( default: test123 )
--- /dev/null
+#!/bin/bash
+#
+# Adfinis SyGroup AG
+# openshift-mariadb-galera: mysql setup script
+#
+
+set -eox pipefail
+
+echo 'Running mysql_install_db ...'
+mysql_install_db --datadir=/var/lib/mysql
+echo 'Finished mysql_install_db'
+
+mysqld --skip-networking --socket=/var/lib/mysql/mysql-init.sock --wsrep_on=OFF &
+pid="$!"
+
+mysql=( mysql --protocol=socket -uroot -hlocalhost --socket=/var/lib/mysql/mysql-init.sock )
+
+for i in {30..0}; do
+ if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then
+ break
+ fi
+ echo 'MySQL init process in progress...'
+ sleep 1
+done
+if [ "$i" = 0 ]; then
+ echo >&2 'MySQL init process failed.'
+ exit 1
+fi
+
+if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
+ # sed is for https://bugs.mysql.com/bug.php?id=20545
+ mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
+fi
+
+function prepare_password {
+ echo -n $1 | sed -e "s/'/''/g"
+}
+
+mysql_root_password=`prepare_password $MYSQL_ROOT_PASSWORD`
+# add MariaDB root user
+"${mysql[@]}" <<-EOSQL
+-- What's done in this file shouldn't be replicated
+-- or products like mysql-fabric won't work
+SET @@SESSION.SQL_LOG_BIN=0;
+
+DELETE FROM mysql.user ;
+CREATE USER 'root'@'%' IDENTIFIED BY '${mysql_root_password}' ;
+GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ;
+DROP DATABASE IF EXISTS test ;
+FLUSH PRIVILEGES ;
+EOSQL
+
+# add root password for subsequent calls to mysql
+if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
+ mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
+fi
+
+# add users require for Galera
+# TODO: make them somehow configurable
+"${mysql[@]}" <<-EOSQL
+CREATE USER 'xtrabackup_sst'@'localhost' IDENTIFIED BY 'xtrabackup_sst' ;
+GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO 'xtrabackup_sst'@'localhost' ;
+CREATE USER 'readinessProbe'@'localhost' IDENTIFIED BY 'readinessProbe';
+EOSQL
+
+if [ "$MYSQL_DATABASE" ]; then
+ echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
+ mysql+=( "$MYSQL_DATABASE" )
+fi
+
+if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
+ mysql_password=`prepare_password $MYSQL_PASSWORD`
+ echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$mysql_password' ;" | "${mysql[@]}"
+
+ if [ "$MYSQL_DATABASE" ]; then
+ echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
+ fi
+
+ echo 'FLUSH PRIVILEGES ;' | "${mysql[@]}"
+fi
+
+if ! kill -s TERM "$pid" || ! wait "$pid"; then
+ echo >&2 'MySQL init process failed.'
+ exit 1
+fi
+
+echo
+echo 'MySQL init process done. Ready for start up.'
+echo
{{/*
# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
data:
my_extra.cnf: |
{{ .Values.externalConfig | indent 4 }}
-{{- end -}}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
configMap:
name: {{ include "common.fullname" . }}-external-config
{{- end}}
+ - name: init-script
+ configMap:
+ name: {{ include "common.fullname" . }}
+ defaultMode: 0755
- name: localtime
hostPath:
path: /etc/localtime
- mountPath: /etc/localtime
name: localtime
readOnly: true
+ - mountPath: /usr/share/container-scripts/mysql/configure-mysql.sh
+ subPath: configure-mysql.sh
+ name: init-script
{{- if .Values.persistence.enabled }}
- mountPath: /var/lib/mysql
name: {{ include "common.fullname" . }}-data
- sh
- -exec
- |
+ rm -rf '/var/lib/kafka/data/lost+found';
chown -R 1000:0 /var/lib/kafka/data;
image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
--- /dev/null
+# Copyright 2020 Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# This override file is used to deploy a core configuration. It is based on
+# minimal-onap.yaml and Orange accomplishments [1][2][3].
+# It includes the following components:
+# AAI, DMAAP, SDC, SDNC, SO (+ Cassandra)
+#
+# Minimal resources are also reviewed for the various containers
+# AAI: no override => to be fixed
+# DMAAP: no override # SO: no override
+# SDC: new values
+# SDNC: no override
+#
+# Replicas are set to:
+# AAI Cassandra: 1
+# Cassandra: 3 (to allow reaching quorum)
+#
+# In addition, some parameters are set to limit the memory footprint.
+#
+# It overrides the default ONAP parent chart behaviour to deploy
+# all of ONAP.
+#
+# helm deploy core local/onap --namespace onap -f core-onap.yaml
+#
+# [1] https://gitlab.com/Orange-OpenSource/lfn/onap/onap_oom_automatic_installation
+# [2] https://wiki.lfnetworking.org/display/LN/Call%20for%20ONAP%20DDF%20Topics%20-%20Prague%202020#CallforONAPDDFTopics-Prague2020-OOM-IntroductionofServicemesh
+# [3] https://wiki.lfnetworking.org/download/attachments/25364127/OOM%20Service%20Mesh%20Prague.pptx
+
+#######################
+# Core ONAP deployment
+#######################
+global:
+ aafEnabled: false
+aai:
+ enabled: true
+ global:
+ cassandra:
+ replicas: 1
+ aai-cassandra:
+ replicaCount: 1
+aaf:
+ enabled: false
+appc:
+ enabled: false
+cassandra:
+ enabled: true
+ replicaCount: 3
+clamp:
+ enabled: false
+cli:
+ enabled: false
+consul:
+ enabled: false
+contrib:
+ enabled: false
+dcaegen2:
+ enabled: false
+dmaap:
+ enabled: true
+esr:
+ enabled: false
+log:
+ enabled: false
+mariadb-galera:
+ enabled: true
+msb:
+ enabled: false
+multicloud:
+ enabled: false
+nbi:
+ enabled: false
+oof:
+ enabled: false
+policy:
+ enabled: false
+pomba:
+ enabled: false
+portal:
+ enabled: false
+robot:
+ enabled: false
+sdc:
+ enabled: true
+ sdc-be:
+ config:
+ javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=4000,server=y,suspend=n -Xmx512m -Xms256m"
+ sdc-fe:
+ resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 2Gi
+ requests:
+ cpu: 10m
+ memory: 500Mi
+ sdc-cs:
+ config:
+ maxHeapSize: "512M"
+ heapNewSize: "256M"
+sdnc:
+ enabled: true
+sniro-emulator:
+ enabled: false
+so:
+ enabled: true
+ config:
+ # openstack configuration
+ openStackUserName: "$OPENSTACK_USER_NAME"
+ openStackRegion: "$OPENSTACK_REGION"
+ openStackKeyStoneUrl: "$OPENSTACK_KEYSTONE_URL"
+ openStackServiceTenantName: "$OPENSTACK_TENANT_NAME"
+ openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD"
+uui:
+ enabled: false
+vid:
+ enabled: false
+vfc:
+ enabled: false
+vnfsdk:
+ enabled: false
+cds:
+ enabled: true
+dmaap:
+ enabled: true
+ dmaap-bc:
+ enabled: false
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
env:
- name: JDBC_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: PDP_PAP_PDP_HTTP_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
volumeMounts:
- - mountPath: /config-input
+ - mountPath: /config-input/pe
+ name: pe-input
+ - mountPath: /config-input/pe-pdp
+ name: pe-pdp-input
+ - mountPath: /config/pe
name: pe
- - mountPath: /config
- name: pe-processed
+ - mountPath: /config/pe-pdp
+ name: pe-pdp
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: JDBC_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
- - name: PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
resources:
{{ include "common.resources" . | indent 12 }}
ports:
name: localtime
readOnly: true
- mountPath: /tmp/policy-install/config/base.conf
- name: pe-processed
+ name: pe
subPath: base.conf
- mountPath: /tmp/policy-install/config/pdp-tweaks.sh
- name: pe-pdp
+ name: pe-pdp-input
subPath: pdp-tweaks.sh
- mountPath: /tmp/policy-install/config/pdplp.conf
name: pe-pdp
- name: policy-logback
configMap:
name: {{ include "common.fullname" . }}-log-configmap
- - name: pe
+ - name: pe-input
configMap:
name: {{ include "common.release" . }}-pe-configmap
defaultMode: 0755
configMap:
name: {{ include "common.release" . }}-pe-scripts-configmap
defaultMode: 0777
- - name: pe-pdp
+ - name: pe-pdp-input
configMap:
name: {{ include "common.fullname" . }}-pe-configmap
defaultMode: 0755
- - name: pe-processed
+ - name: pe
+ emptyDir:
+ medium: Memory
+ - name: pe-pdp
emptyDir:
medium: Memory
imagePullSecrets:
"restServerParameters": {
"host": "0.0.0.0",
"port": 6969,
- "userName": "healthcheck",
- "password": "zb!XztG34",
+ "userName": "${RESTSERVER_USER}",
+ "password": "${RESTSERVER_PASSWORD}",
"https": true,
"aaf": false
},
"policyApiParameters": {
"host": "policy-api",
"port": 6969,
- "userName": "healthcheck",
- "password": "zb!XztG34",
+ "userName": "${API_USER}",
+ "password": "${API_PASSWORD}",
"https": true,
"aaf": false
},
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
+ - name: API_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }}
+ - name: API_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: pdpxconfig
+ - mountPath: /config
+ name: pdpxconfig-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
name: localtime
readOnly: true
- mountPath: /opt/app/policy/pdpx/etc/mounted
- name: pdpxconfig
+ name: pdpxconfig-processed
+ emptyDir:
+ medium: Memory
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
configMap:
name: {{ include "common.fullname" . }}-configmap
defaultMode: 0755
+ - name: pdpxconfig-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
#################################################################
global:
persistence: {}
+ envsubstImage: dibi/envsubst
#################################################################
# Secrets metaconfig
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
+ - uid: restserver-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
+ - uid: api-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.apiServer.credsExternalSecret) . }}'
+ login: '{{ .Values.apiServer.user }}'
+ password: '{{ .Values.apiServer.password }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
db:
user: policy_user
password: policy_user
+restServer:
+ user: healthcheck
+ password: zb!XztG34
+apiServer:
+ user: healthcheck
+ password: zb!XztG34
# default number of instances
replicaCount: 1
*/
-- app_url is the FE, app_rest_endpoint is the BE
--portal-sdk => TODO: doesn't open a node port yet
-update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
+update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
--dmaap-bc => the dmaap-bc doesn't open a node port..
update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
--sdc-be => 8443:30204
-Subproject commit 431689c7879a92be54477f13f8e39908db5f07f2
+Subproject commit c81062626b69160145baac5e6a5d670cb67211fa
mountPath: /config-input/
- name: sdc-environments-output
mountPath: /config-output/
+ - name: volume-permissions
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert
+ securityContext:
+ runAsUser: 0
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-cert-storage
+ mountPath: "/onboard/cert"
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
volumeReclaimPolicy: Retain
mountSubPath: /sdc/onbaording/cert
+securityContext:
+ fsGroup: 35953
+ runAsUser: 352070
ingress:
enabled: false
wf_external_user_password: S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==
ubuntuInitRepository: oomk8s
ubuntuInitImage: ubuntu-init:1.0.0
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:latest
cassandra:
#This flag allows SDC to instantiate its own cluster, serviceName
#should be sdc-cs if this flag is enabled
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: so-nssmf-adapter
+version: 6.0.0
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+aai:
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+logging:
+ path: logs
+spring:
+ datasource:
+ jdbc-url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ jpa:
+ show-sql: false
+ hibernate:
+ dialect: org.hibernate.dialect.MySQL5Dialect
+ ddl-auto: validate
+ naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy
+ enable-lazy-load-no-trans: true
+ security:
+ usercredentials:
+ - username: ${BPEL_USERNAME}
+ password: ${BPEL_PASSWORD}
+ role: BPEL-Client
+ - username: ${ACTUATOR_USERNAME}
+ password: ${ACTUATOR_PASSWORD}
+ role: ACTUATOR
+server:
+ port: {{ index .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+
+mso:
+ site-name: localSite
+ logPath: ./logs/nssmf
+ msb-ip: msb-iag.{{ include "common.namespace" . }}
+ msb-port: 80
+ adapters:
+ requestDb:
+ endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+#Actuator
+management:
+ endpoints:
+ web:
+ base-path: /manage
+ exposure:
+ include: "*"
+ metrics:
+ se-global-registry: false
+ export:
+ prometheus:
+ enabled: true # Whether exporting of metrics to Prometheus is enabled.
+ step: 1m # Step size (i.e. reporting frequency) to use.
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /root/job_complete.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-so-mariadb-config-job
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; ./start-app.sh
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
+ env:
+ - name: DB_HOST
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.host
+ - name: DB_PORT
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.port
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }}
+ - name: TRUSTSTORE
+ value: {{ .Values.global.client.certs.truststore }}
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: BPEL_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-bpel-creds" "key" "login") | indent 14 }}
+ - name: BPEL_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-bpel-creds" "key" "password") | indent 14 }}
+ - name: ACTUATOR_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }}
+ - name: ACTUATOR_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }}
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: KEYSTORE
+ value: {{ .Values.global.client.certs.keystore }}
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-env
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-truststore
+ mountPath: /app/client
+ readOnly: true
+ livenessProbe:
+ httpGet:
+ path: {{ index .Values.livenessProbe.path}}
+ port: {{ index .Values.containerPort }}
+ scheme: {{ index .Values.livenessProbe.scheme}}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-truststore
+ secret:
+ secretName: {{ include "common.release" . }}-so-truststore-secret
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ persistence:
+ mountPath: /dockerdata-nfs
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+ - uid: server-bpel-creds
+ name: '{{ include "common.release" . }}-so-server-bpel-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.bpelCredsExternalSecret) . }}'
+ login: '{{ .Values.server.bpel.username }}'
+ password: '{{ .Values.server.bpel.password }}'
+ passwordPolicy: required
+ - uid: server-actuator-creds
+ name: '{{ include "common.release" . }}-so-server-actuator-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
+ login: '{{ .Values.server.actuator.username }}'
+ password: '{{ .Values.server.actuator.password }}'
+ passwordPolicy: required
+
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+repository: nexus3.onap.org:10001
+image: onap/so/nssmf-adapter:1.6.0
+pullPolicy: Always
+
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+server:
+ actuator:
+ username: mso_admin
+ password: password1$
+ bpel:
+ username: bpel
+ password: password1$
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: 8088
+logPath: ./logs/nssmf/
+app: nssmf-adapter
+service:
+ type: ClusterIP
+ ports:
+ - name: api
+ port: 8088
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ port: 8088
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+nodeSelector: {}
+tolerations: []
+affinity: {}
--- /dev/null
+<configuration scan="false" debug="true">
+ <!--<jmxConfigurator /> -->
+ <!-- directory path for all other type logs -->
+ <property name="logDir" value="/var/log/onap" />
+ <!-- directory path for debugging type logs -->
+ <property name="debugDir" value="/var/log/onap" />
+ <!-- specify the component name
+ <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
+ <property name="componentName" value="MSO"></property>
+ <property name="subComponentName" value="nssmfadapter"></property>
+ <!-- log file names -->
+ <property name="errorLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+
+ <property name="errorPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n" />
+ <property name="debugPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%msg%n" />
+
+ <property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" />
+ <property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" />
+ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
+ <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+
+ <!-- The EELFAppender is used to record events to the general application
+ log -->
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+ <appender name="EELFAudit"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}${jboss.server.name}.log.%d</fileNamePattern>
+ <!--<maxHistory>30</maxHistory>-->
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+
+ <appender name="EELFMetrics"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${metricsLogName}${jboss.server.name}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}${jboss.server.name}.log.%d</fileNamePattern>
+ <!--<maxHistory>30</maxHistory>-->
+ </rollingPolicy>
+ <encoder>
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
+ %msg%n"</pattern> -->
+ <pattern>${metricPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFMetrics"/>
+ </appender>
+
+ <appender name="EELFError"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${errorLogName}${jboss.server.name}.log.%d</fileNamePattern>
+ <!--<maxHistory>30</maxHistory>-->
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFError"/>
+ </appender>
+
+ <appender name="EELFDebug"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log.%d</fileNamePattern>
+ <!--<maxHistory>30</maxHistory>-->
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>true</includeCallerData>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+
+ <logger name="com.att.eelf.audit" level="info" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+
+ <logger name="com.att.eelf.metrics" level="info" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+
+ <logger name="com.att.eelf.error" level="debug" additivity="false">
+ <appender-ref ref="asyncEELFError" />
+ </logger>
+ <root level="INFO">
+ <appender-ref ref="asyncEELFDebug" />
+ </root>
+
+</configuration>
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
+so-nssmf-adapter:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
+ aaf:
+ auth:
+ username: so@so.onap.org
+ password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA
+ aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.nssmfAdapterPerm
+ noAuthn: /manage/health
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+
so-vnfm-adapter:
certSecret: *so-certs
aaf:
Code Review / oom.git / commitdiff