+++ /dev/null
-# Copyright © 2017-2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-HEALTHCHECK_USER=demo@people.osaaf.org
-HEALTHCHECK_PASSWORD=demo123456!
--- /dev/null
+#!/bin/bash
+# ============LICENSE_START=======================================================
+# ONAP
+# ================================================================================
+# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+
+docker-entrypoint.sh nexus
\ No newline at end of file
-# Copyright © 2017-2018 Amdocs, Bell Canada, AT&T
+# Copyright © 2017-2018 Amdocs, Bell Canada.
+# Modifications Copyright (C) 2018-2019 AT&T Intellectual Property.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# JVM options
-JVM_OPTIONS=-server -Xms1024m -Xmx2048m
+JVM_OPTIONS={{.Values.server.jvmOpts}}
# SYSTEM software configuration
POLICY_HOME=/opt/app/policy
POLICY_LOGS=/var/log/onap/policy/pdpd
JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk
-KEYSTORE_PASSWD=Pol1cy_0nap
-TRUSTSTORE_PASSWD=Pol1cy_0nap
# Telemetry credentials
TELEMETRY_PORT=9696
TELEMETRY_HOST=0.0.0.0
-TELEMETRY_USER=demo@people.osaaf.org
-TELEMETRY_PASSWORD=demo123456!
# nexus repository
SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots
-SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots/
+SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/
RELEASE_REPOSITORY_ID=policy-nexus-releases
-RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases/
-REPOSITORY_USERNAME=admin
-REPOSITORY_PASSWORD=admin123
+RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/
# Relational (SQL) DB access
SQL_HOST={{.Values.global.mariadb.nameOverride}}
-SQL_USER=policy_user
-SQL_PASSWORD=policy_user
# AAF
-AAF=true
+AAF={{.Values.aaf.enabled}}
AAF_NAMESPACE=org.onap.policy
AAF_HOST=aaf-locate.{{.Release.Namespace}}
PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION
PDPD_CONFIGURATION_SERVERS=message-router
-PDPD_CONFIGURATION_API_KEY=
-PDPD_CONFIGURATION_API_SECRET=
PDPD_CONFIGURATION_CONSUMER_GROUP=
PDPD_CONFIGURATION_CONSUMER_INSTANCE=
PDPD_CONFIGURATION_PARTITION_KEY=
# PAP-PDP configuration channel
POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP
-POLICY_PDP_PAP_API_KEY=
-POLICY_PDP_PAP_API_SECRET=
# PAP
PAP_HOST=policy-pap
-PAP_USERNAME=healthcheck
-PAP_PASSWORD=zb!XztG34
# PDP-X
PDP_HOST=policy-xacml-pdp
-PDP_USERNAME=healthcheck
-PDP_PASSWORD=zb!XztG34
-PDP_CLIENT_USERNAME=python
-PDP_CLIENT_PASSWORD=test
-PDP_ENVIRONMENT=TEST
# DCAE DMaaP
# AAI
AAI_URL=https://aai.{{.Release.Namespace}}:8443
-AAI_USERNAME=policy@policy.onap.org
-AAI_PASSWORD=demo123456!
# MSO
SO_URL=http://so.{{.Release.Namespace}}:8080/onap/so/infra
-SO_USERNAME=InfraPortalClient
-SO_PASSWORD=password1$
# VFC
VFC_URL=
-VFC_USERNAME=
-VFC_PASSWORD=
# SDNC
SDNC_URL=http://sdnc.{{.Release.Namespace}}:8282/restconf/operations
-SDNC_USERNAME=admin
-SDNC_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-# Copyright 2018 AT&T Intellectual Property. All rights reserved
-# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
+#!/bin/bash
+# ============LICENSE_START=======================================================
+# ONAP
+# ================================================================================
+# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+# ============LICENSE_END=========================================================
-CONTROLLER_ARTIFACT_ID=policy-management
-CONTROLLER_NAME=policy-management-controller
-CONTROLLER_PORT=9696
-RULES_ARTIFACT=not-used:not-used:1.0.0-SNAPSHOT
-UEB_TOPIC=policyengine-develop
+policy status
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#!/bin/bash
-
-if [ "$#" -ne 4 ]; then
- echo "Usage: $(basename $0) <k8s-host> <policy-pdp-node-port> <policy-drools-node-port> <resource-id>"
- exit 1
-fi
-
-K8S_HOST=$1
-POLICY_PDP_PORT=$2
-POLICY_DROOLS_PORT=$3
-RESOURCE_ID=$4
-
-echo
-echo
-echo "Removing the vFW Policy from PDP.."
-echo
-echo
-
-curl -v -k -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyComponent" : "PDP",
- "policyName": "com.BRMSParamvFirewall",
- "policyType": "BRMS_Param"
-}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/deletePolicy
-
-sleep 20
-
-echo
-
-echo
-echo "Updating vFW Operational Policy .."
-echo
-
-curl -v -k -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "policyConfigType": "BRMS_PARAM",
- "policyName": "com.BRMSParamvFirewall",
- "policyDescription": "BRMS Param vFirewall policy",
- "policyScope": "com",
- "attributes": {
- "MATCHING": {
- "controller": "amsterdam"
- },
- "RULE": {
- "templateName": "ClosedLoopControlName",
- "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a",
- "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+'${RESOURCE_ID}'%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
- }
- }
-}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/updatePolicy
-
-sleep 5
-
-echo
-echo
-echo "Pushing the vFW Policy .."
-echo
-echo
-
-curl -v -k --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
- "pdpGroup": "default",
- "policyName": "com.BRMSParamvFirewall",
- "policyType": "BRMS_Param"
-}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/pushPolicy
-
-sleep 20
-
-echo
-echo
-echo "Restarting PDP-D .."
-echo
-echo
-
-POD=$(kubectl --namespace {{ include "common.namespace" . }} get pods | sed 's/ .*//'| grep drools)
-kubectl --namespace {{ include "common.namespace" . }} exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 5 && policy start"
-
-sleep 20
-
-echo
-echo
-echo "PDP-D amsterdam maven coordinates .."
-echo
-echo
-
-curl -vvv -k --silent --user "demo@people.osaaf.org:demo123456!" -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools | python -m json.tool
-
-
-echo
-echo
-echo "PDP-D control loop updated .."
-echo
-echo
-
-curl -v -k --silent --user "demo@people.osaaf.org:demo123456!" -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params | python -m json.tool
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+KEYSTORE_PASSWD={{.Values.keystore.password}}
+TRUSTSTORE_PASSWD={{.Values.truststore.password}}
+
+TELEMETRY_USER={{.Values.telemetry.user}}
+TELEMETRY_PASSWORD={{.Values.telemetry.password}}
+
+REPOSITORY_USERNAME={{.Values.nexus.user}}
+REPOSITORY_PASSWORD={{.Values.nexus.password}}
+
+SQL_USER={{.Values.db.user}}
+SQL_PASSWORD={{.Values.db.password}}
+
+PDPD_CONFIGURATION_API_KEY={{.Values.dmaap.brmsgw.key}}
+PDPD_CONFIGURATION_API_SECRET={{.Values.dmaap.brmsgw.secret}}
+
+POLICY_PDP_PAP_API_KEY={{.Values.dmaap.pap.key}}
+POLICY_PDP_PAP_API_SECRET={{.Values.dmaap.pap.secret}}
+
+PAP_USERNAME={{.Values.pap.user}}
+PAP_PASSWORD={{.Values.pap.password}}
+
+PDP_USERNAME={{.Values.pdp.user}}
+PDP_PASSWORD={{.Values.pdp.password}}
+
+AAI_USERNAME={{.Values.aai.user}}
+AAI_PASSWORD={{.Values.aai.password}}
+
+SO_USERNAME={{.Values.so.user}}
+SO_PASSWORD={{.Values.so.password}}
+
+VFC_USERNAME={{.Values.vfc.user}}
+VFC_PASSWORD={{.Values.vfc.password}}
+
+SDNC_USERNAME={{.Values.sdnc.user}}
+SDNC_PASSWORD={{.Values.sdnc.password}}
+
+HEALTHCHECK_USER={{.Values.telemetry.user}}
+HEALTHCHECK_PASSWORD={{.Values.telemetry.password}}
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
data:
-{{ tpl (.Files.Glob "resources/config/opt/policy/config/drools/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/configmaps/*").AsConfig . | indent 2 }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018-2019 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
-data:
-{{ (.Files.Glob "resources/config/opt/policy/config/drools/keys/*").AsSecrets | indent 2 }}
type: Opaque
+data:
+{{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
+ {{ base $path }}: {{ tpl ($.Files.Get $path) $ | b64enc | quote }}
+{{- end }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /tmp/policy-install/config/feature-healthcheck.conf
+ {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
+ - mountPath: /tmp/policy-install/config/{{ base $path }}
name: drools-secret
- subPath: feature-healthcheck.conf
- - mountPath: /tmp/policy-install/config/feature-pooling-dmaap.conf
- name: drools-config
- subPath: feature-pooling-dmaap.conf
- - mountPath: /tmp/policy-install/config/base.conf
+ subPath: {{ base $path }}
+ {{- end }}
+ {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }}
+ - mountPath: /tmp/policy-install/config/{{ base $path }}
name: drools-config
- subPath: base.conf
+ subPath: {{ base $path }}
+ {{- end }}
- mountPath: /var/log/onap
name: policy-logs
resources:
configMap:
name: {{ include "common.fullname" . }}-configmap
items:
- - key: base.conf
- path: base.conf
- mode: 0755
- - key: feature-pooling-dmaap.conf
- path: feature-pooling-dmaap.conf
+ {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }}
+ - key: {{ base $path }}
+ path: {{ base $path }}
mode: 0755
+ {{- end }}
- name: drools-secret
secret:
secretName: {{ include "common.fullname" . }}-secret
items:
- - key: feature-healthcheck.conf
- path: feature-healthcheck.conf
+ {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
+ - key: {{ base $path }}
+ path: {{ base $path }}
mode: 0644
+ {{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
ubuntuImage: ubuntu:16.04
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pdpd-cl:1.5.1
+image: onap/policy-pdpd-cl:1.5.2
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- nexusPort: 8081
-
# default number of instances
replicaCount: 1
ingress:
enabled: false
+# Default installation values to be overridden
+
+server:
+ jvmOpts: -server -Xms1024m -Xmx2048m
+
+aaf:
+ enabled: "true"
+
+keystore:
+ password: Pol1cy_0nap
+
+truststore:
+ password: Pol1cy_0nap
+
+telemetry:
+ user: demo@people.osaaf.org
+ password: demo123456!
+
+nexus:
+ nexus: admin
+ password: admin123
+ port: 8081
+
+db:
+ user: policy_user
+ password: policy_user
+
+pap:
+ user: healthcheck
+ password: zb!XztG34
+
+pdp:
+ user: healthcheck
+ password: zb!XztG34
+
+aai:
+ user: policy@policy.onap.org
+ password: demo123456!
+
+so:
+ user: InfraPortalClient
+ password: password1$
+
+vfc:
+ user:
+ password:
+
+sdnc:
+ user: admin
+ password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+dmaap:
+ brmsgw:
+ key:
+ password:
+ pap:
+ key:
+ password:
+
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
Code Review / oom.git / commitdiff