kubernetes/dist/*
requirements.lock
**/charts/*.tgz
+*.orig
# AAI Schema
**/schema/*
# Mac OS
*DS_Store*
+
**Security Notes**
+*Fixed Security Issues*
+
+*Known Security Issues*
+
+* In default deployment OOM (consul-server-ui) exposes HTTP port 30270 outside of cluster. [`OJSI-134 <https://jira.onap.org/browse/OJSI-134>`_]
+* Hard coded password used for all oom deployments [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
+
+*Known Vulnerabilities in Used Modules*
+
OOM code has been formally scanned during build time using NexusIQ and no
Critical vulnerability was found.
# application image
repository: nexus3.onap.org:10001
-image: onap/appc-cdt-image:1.5.1
+image: onap/appc-cdt-image:1.5.2
pullPolicy: Always
# application configuration
if $ENABLE_ODL_CLUSTER
then
echo "Installing Opendaylight cluster features"
- ${ODL_HOME}/bin/client feature:install odl-mdsal-clustering
enable_odl_cluster
fi
fi
echo "Restarting OpenDaylight"
+ echo "Stopping OpenDaylight and waiting for it to stop"
${ODL_HOME}/bin/stop
- checkRun () {
- running=0
- while read a b c d e f g h
- do
- if [ "$h" == "/bin/sh /opt/opendaylight/bin/karaf server" ]
- then
- running=1
- fi
- done < <(ps -eaf)
- echo $running
- }
-
- while [ $( checkRun ) == 1 ]
- do
- echo "Karaf is still running, waiting..."
- sleep 5s
- done
+ #The karaf command will exit when odl shuts down. This is the most reliable way to wait for opendaylight to stop
+ #before exiting the docker container.
+ ${ODL_HOME}/bin/karaf
echo "Karaf process has stopped"
sleep 10s
cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US
cadi_keyfile=/opt/onap/appc/data/stores/org.onap.appc.keyfile
cadi_keystore=/opt/onap/appc/data/stores/org.onap.appc.p12
-cadi_keystore_password=enc:4DVUTKvRCCtebQrKskDsuKFIHLzOf2M9XxNOhVIK4xb
+cadi_keystore_password=enc:tQTHVtbdCuzqrQY1TBRt9SkFL9tCY3OzwbsfaVyAa2dOfZlI0krFOJSBnkm1WdGr
#cadi_key_password=enc:<KEY PASSWORD (optional if the same as KEYSTORE PASSWORD)>
cadi_alias=appc@appc.onap.org
cadi_truststore=/opt/onap/appc/data/stores/truststoreONAPall.jks
flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/appc-image:1.5.1
+image: onap/appc-image:1.5.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-blueprintsprocessor:0.4.4
+image: onap/ccsdk-blueprintsprocessor:0.4.5
pullPolicy: Always
# flag to enable debugging - application support required
# probe configuration parameters
liveness:
- initialDelaySeconds: 10
+ initialDelaySeconds: 120
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 10
+ initialDelaySeconds: 120
periodSeconds: 10
service:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-commandexecutor:0.4.4
+image: onap/ccsdk-commandexecutor:0.4.5
pullPolicy: Always
# application configuration
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-controllerblueprints:0.4.4
+image: onap/ccsdk-controllerblueprints:0.4.5
pullPolicy: Always
# flag to enable debugging - application support required
# probe configuration parameters
liveness:
- initialDelaySeconds: 10
+ initialDelaySeconds: 120
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 10
+ initialDelaySeconds: 120
periodSeconds: 10
service:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-sdclistener:0.4.4
+image: onap/ccsdk-sdclistener:0.4.5
name: sdc-listener
pullPolicy: Always
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-cds-ui-server:0.4.4
+image: onap/ccsdk-cds-ui-server:0.4.5
pullPolicy: Always
# application configuration
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-kibana:4.0.3
+image: onap/clamp-dashboard-kibana:4.0.5
pullPolicy: Always
# flag to enable debugging - application support required
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-logstash:4.0.3
+image: onap/clamp-dashboard-logstash:4.0.5
pullPolicy: Always
# flag to enable debugging - application support required
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp:4.0.3
+image: onap/clamp:4.0.5
pullPolicy: Always
# flag to enable debugging - application support required
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
successThreshold: {{ .Values.liveness.successThreshold }}
failureThreshold: {{ .Values.liveness.failureThreshold }}
- {{ end -}}
+ {{ end }}
readinessProbe:
exec:
command:
},
"policy_engine": {
"url": "https://{{ .Values.config.address.policy_xacml_pdp }}:6969",
- "path_decision": "/policy/pdpx/v1/decision"
+ "path_decision": "/policy/pdpx/v1/decision",
"path_notifications": "/pdp/notifications",
"path_api": "/pdp/api/",
"headers": {
# upgrade/install each "enabled" subchart
cd $CACHE_SUBCHART_DIR/
+ #“helm ls” is an expensive command in that it can take a long time to execute.
+ #So cache the results to prevent repeated execution.
+ ALL_HELM_RELEASES=$(helm ls -q)
for subchart in * ; do
SUBCHART_OVERRIDES=$CACHE_SUBCHART_DIR/$subchart/subchart-overrides.yaml
fi
fi
else
- array=($(helm ls -q | grep "${RELEASE}-${subchart}"))
+ array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}"))
n=${#array[*]}
for (( i = n-1; i >= 0; i-- )); do
helm del "${array[i]}" --purge
commonConfigPrefix: onap-oof-has
image:
readiness: oomk8s/readiness-check:2.0.0
- optf_has: onap/optf-has:1.3.0
+ optf_has: onap/optf-has:1.3.1
filebeat: docker.elastic.co/beats/filebeat:5.5.0
pullPolicy: Always
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-osdf:1.3.0
+image: onap/optf-osdf:1.3.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pdpd-cl:1.4.1
+image: onap/policy-pdpd-cl:1.4.2
pullPolicy: Always
# flag to enable debugging - application support required
# application image
repository: nexus3.onap.org:10001
-image: onap/testsuite:1.4.0
+image: onap/testsuite:1.4.1
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
# Demo configuration
# Nexus demo artifact version. Maps to GLOBAL_INJECTED_ARTIFACTS_VERSION
-demoArtifactsVersion: "1.4.0-SNAPSHOT"
+demoArtifactsVersion: "1.4.0"
# Nexus demo artifact URL.
demoArtifactsRepoUrl: "https://nexus.onap.org/content/repositories/releases"
# Openstack medium sized flavour name. Maps GLOBAL_INJECTED_VM_FLAVOR
# Openstack glance image name for Ubuntu 16. Maps to GLOBAL_INJECTED_UBUNTU_1604_IMAGE
ubuntu16Image: "Ubuntu_16_xenial"
# GLOBAL_INJECTED_SCRIPT_VERSION. Maps to GLOBAL_INJECTED_SCRIPT_VERSION
-scriptVersion: "1.4.0-SNAPSHOT"
+scriptVersion: "1.4.0"
# Openstack network to which VNFs will bind their primary (first) interface. Maps to GLOBAL_INJECTED_NETWORK
openStackPrivateNetId: "e8f51956-00dd-4425-af36-045716781ffc"
# Openstack security group for instantiating VNFs
- "/var/lib/ready-probe.sh"
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end }}
readinessProbe:
exec:
- "/var/lib/ready-probe.sh"
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
resources:
{{ include "common.resources" . | indent 12 }}
env:
liveness:
initialDelaySeconds: 60
periodSeconds: 10
+ timeoutSeconds: 5
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
initialDelaySeconds: 60
periodSeconds: 10
+ timeoutSeconds: 5
service:
type: NodePort
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-dmaap-listener-image:1.5.3
+image: onap/sdnc-dmaap-listener-image:1.5.4
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ansible-server-image:1.5.3
+image: onap/sdnc-ansible-server-image:1.5.4
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/admportal-sdnc-image:1.5.3
+image: onap/admportal-sdnc-image:1.5.4
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ueb-listener-image:1.5.3
+image: onap/sdnc-ueb-listener-image:1.5.4
pullPolicy: Always
# flag to enable debugging - application support required
# application images
repository: nexus3.onap.org:10001
pullPolicy: Always
-image: onap/sdnc-image:1.5.3
+image: onap/sdnc-image:1.5.4
# flag to enable debugging - application support required
debugEnabled: false
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/bpmn-infra:1.4.3
+image: onap/so/bpmn-infra:1.4.4
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/catalog-db-adapter:1.4.3
+image: onap/so/catalog-db-adapter:1.4.4
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/so-monitoring:1.4.3
+image: onap/so/so-monitoring:1.4.4
pullPolicy: Always
replicaCount: 1
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.4.3
+image: onap/so/openstack-adapter:1.4.4
pullPolicy: Always
repository: nexus3.onap.org:10001
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/request-db-adapter:1.4.3
+image: onap/so/request-db-adapter:1.4.4
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdc-controller:1.4.3
+image: onap/so/sdc-controller:1.4.4
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdnc-adapter:1.4.3
+image: onap/so/sdnc-adapter:1.4.4
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vfc-adapter:1.4.3
+image: onap/so/vfc-adapter:1.4.4
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vnfm-adapter:1.4.3
+image: onap/so/vnfm-adapter:1.4.4
pullPolicy: Always
replicaCount: 1
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:1.2.1
+image: onap/usecase-ui-server:2.0.1
pullPolicy: Always
# application configuration
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui:1.2.2
+image: onap/usecase-ui:2.0.1
pullPolicy: Always
# application configuration
# application image
repository: nexus3.onap.org:10001
-image: onap/vid:4.3.0
+image: onap/vid:4.3.1
pullPolicy: Always
# mariadb image for initializing
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/vnfsdk/refrepo:1.3.0
+image: onap/vnfsdk/refrepo:1.3.2
postgresRepository: crunchydata
postgresImage: crunchy-postgres:centos7-10.3-1.8.2
pullPolicy: Always
Code Review / oom.git / commitdiff